This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
Palo Alto Networks, Inc.
8/19/2024
Good day, everyone, and welcome to Palo Alto Network's Fiscal Fourth Quarter 2024 Earnings Conference Call. I'm Walter Pritchard, Senior Vice President of Investor Relations and Corporate Development. Please note that this call is being recorded today, Monday, August 19, 2024, at 1.30 p.m. Pacific Time. With me on today's call to discuss fourth quarter results are Nikesh Arora, our Chairman and Chief Executive Officer, and Deepak Galecha, our Chief Financial Officer. Following our prepared remarks, Lee Klarich, our Chief Product Officer, will join us for the question and answer portion. You can find the press release and other information to supplement today's discussion on our website at investors.paloaltonetworks.com. While there, please click on the link for quarterly results to find the Q4 2024 supplemental information and the Q4 2024 earnings presentations. During the course of today's call, we will make forward-looking statements and projections regarding the company's business operations and financial performance. These statements made today are subject to a number of risks and uncertainties that could cause our actual results to differ from those forward-looking statements. Please review our press release and recent SEC filings for a description of these risks and uncertainties. We assume no obligation to update any forward-looking statements made in the presentation today. We will also refer to non-GAAP financial measures. These measures should not be considered a substitute for financial measures prepared in accordance with GAAP. The most directly comparable GAAP financial metrics and reconciliations are in the press release and the appendix of the investor presentation. Unless specifically noted otherwise, all results and comparisons are on a fiscal year-over-year basis. We also note that management is scheduled to participate in both the Goldman Sachs Communicopia and Technology Conference and the Citi Global TMT Conference in September. I will now turn the call over to Nikesh.
Thank you, Walter. Good afternoon, everybody, and thank you for joining us today for our earnings call. As most of you are aware, the intensity around technology reliance, connectedness, and as a consequence, cybersecurity continues to accelerate. Supply chains and interconnected systems have become the norm for bad actors to target. By most metrics, cyber incidents and their impact continue to be on the rise. And we saw it in spades in Q4, notably the large-scale breaches. A growing number of technology and business trends are further complicating the situation, creating additional challenges. The combination of these is getting further C-suite attention and focusing on cybersecurity. Organizations increasingly rely on their IT system, and nothing makes this more evident than a significant outage or security breach. Over the last six months, financial damages from an individual breach topped a billion dollars. In another case, the impact on business was existential and required significant work dedicated to system recovery and rebuilding. Our Unit 42 group is being called into customer crisis situations. We see a wide variation in breach situations, but ransomware remains a significant threat, tying many together. The relatively new phenomena of public ransomware extortion is raising the profile's challenge, as organizations need to deal with the pressures of public disclosure before they have had time to do an early assessment. In addition, the time customers have to address an issue before damages escalate is shrinking. In fact, our research has found that in nearly half of cases, attackers can exfiltrate customer data in less than a single day of compromise. Geopolitical tensions remain at high levels, as evidenced by multiple regional conflicts in the news. Cybersecurity activity is often elevated in these environments, and we see multiple non-government agencies impacted by this nation-state activity. We have seen this trend building for a number of years. Customer environments have been more complex with the adoption of capabilities such as Work From Anywhere, Public Cloud, and more recently, AI. This complexity is additive with old technologies that have not been retired. Meanwhile, a multitude of uncoordinated security defenses are simply layered on. The sprawling interconnectedness of business through their IT systems is multiplying the impact of a breach. Instead of breach impacts being isolated to a single company, we're seeing customers, suppliers, partners, and others in the ecosystem being severely impacted. This has been most prevalent in the healthcare and retail industries, but this could happen anywhere. A recent high-profile outage involving security tools has elevated the cybersecurity conversation further. In addition to wanting to better understand the security risks, the C-suite and boards are also now digging deeper into the technologies being deployed to mitigate these risks. Meanwhile, AI continues to generate significant excitement in the market, and many organizations are starting to scale transformative use cases that can enable new sources of revenue and or drive substantial efficiencies. AI adoption is proceeding at a rapid pace, faster than honestly I've seen any other new technology. However, it is following a typical pattern. Innovation is driving the speed of adoption, while security might be an afterthought. At the same time, adversaries are leveraging AI capabilities to broaden attacks, better target organizations, and scale their malicious activity beyond the capabilities of defenses that rely solely on humans. This environment paired with an ever more challenging threat landscape and a complex set of point products that are not well integrated or even coordinated is driving a growing need for platformization. We saw this translate into an acceleration in our bookings in the second half of the year following the role of our platformization strategy in fiscal year 2024. We're delighted with our Q4 results. We drove the top line ahead of the overall cybersecurity market and delivered improved profitability and strong cash generation. They exceeded our guidance range for quarterly revenue and EPS, while exceeding our original annual guidance ranges for operating margin and free cash flow. We also grew RPO 20%. We saw strong growth in our next-generation security offerings, and we exceeded our next-generation security ARR guidance significantly, surpassing the $4 billion milestone in Q4. We grew NGS ARR 43% with strong contributions across the portfolio. And yet another milestone, with $4.2 billion in NGSAR to close out the year, is more than half our fiscal year 2024 revenue. Remember, six years ago when I started, this was zero. We completed the year by expanding operating margins by 320 basis points and achieving nearly 39% free cash flow margin, generating well over $3 billion in free cash flow. We also continue to deliver healthy gap profitability. I know there was significant consternation around our platformization strategy six months ago. All I want to say is I wish we had started down that path sooner. The amount of interest and activity around it has certainly been heartening and shows promise. After a strong addition of approximately 65 new platformizations in Q3, we added over 90 new platformizations in Q4 and now have well over 1,000 total platformizations amongst our 5,000 largest customers as we exit F5.24. Beyond the number of platformization, we saw something interesting. We saw a sequential increase in average ARR per platformized customer in Q4. For perspective, our average ARR per platformization is up over 10% since Q1. This effectively means as we convert our customers to platform customers and single platform customers to multi-platform customers, we see an uplift in ARR. This is an exciting development. Representing the rise in interest around platformization, senior-level customer meetings increased 70% year-over-year in the second half of the year and grew even faster in Q4. This engagement is key to aligning the customer's senior team with our platformization strategy and its benefits. We have a growing team of our executives and sales leaders focused on these engagements worldwide. We expect platformization to be a key driver toward achieving our goal of $15 billion in NGSAR in fiscal year 2030, and our Q4 performance bolsters our confidence and our ability to reach this goal. You heard from a customer in the intro video, and I wanted to give you some more stories to dimensionalize our success of platformization in Q4. As you saw in the video, he signed a high eight-figure deal. In fact, a very high eight-figure deal, ish number J, that started with executive engagement in our briefing center earlier in the year. They are an existing firewall and XOR customer. As part of the platformization, we expanded our firewall footprint, added Prisma Access and moving them closer to a zero-trust network security implementation. Additionally, we added Prisma Cloud for cloud security, replacing an incumbent cloud security competitor. We also agreed to transfer their SIEM, replacing two distinct SIEM offerings with our AI-powered next-generation SIEM, XIM. They are now one of our marquee customers platformized across all three. He had a mid-eight-figure platformization deal with a global semiconductor manufacturer, building on a five-year relationship. He worked with the customer on a project to reduce their costs and achieve a more consistent security outcome. This led to a discussion on transforming their network security to zero trust. Additionally, the customer agreed to deploy our Cortex platform. This approach was deemed more comprehensive and superior to a solution that was proposed, which comprised various point products from competitors which would have to be stitched together. Third, we platformized a global media company across all three of our network security form factors. The customer prioritized and focused on driving zero-trust network transformation for an increasingly mobile workforce while under significant cost pressures and dealing with the complexities of integration. The customer is also leveraging XO and Xpans to improve automation and better understand their attack surface. Our team ultimately converted this lengthy sales cycle into a nine-figure deal. Lastly, a U.S. financial services firm is moving 90% of its applications to the public cloud, significantly reducing its data center footprint. In that process, they're looking to consolidate point solutions and simplify the management of their security environment. This customer expanded from its existing Cortex-XDR and XOR footprint to add XIM, replacing, again, two incumbent SIMs. Additionally, the customer added firewall capacity and Prisma Cloud for cloud-native applications to deploy a comprehensive cloud security solution to secure their move to the cloud. Now I'll highlight the drivers of our momentum and key innovations across our three product platforms as we look towards fiscal 2025 and beyond. Over the last five years, we have driven a significant transition as an industry around more software-driven network security. Our strategy to deliver a comprehensive approach towards network security with hardware software form factors for both on-prem and cloud and an industry-leading SASE solution is working. Not just that, our comprehensive set of software subscriptions work consistently across all these form factors. We continue to see our firewall as a platform. Billings growth growing in a healthy manner, up 17% in the fiscal year 2024. While there is slower appliance growth around the industry, our net set growth has been driven by SASE and the software firewall business. Our firewalls and platform billings are now two-thirds the total, up from just over 40% two years ago. This year, our VM and SASE business grew 40%, propelling this next shift. Our software-based virtual firewall business continues to show strong results, with bookings accelerating the second half, helping to drive this to double our cloud next-generation firewall business, which runs natively on top of the four hyperscalers. Along with Cloud Next Generation Firewall, we're seeing an inflection of software firewall business as about 70% of the business this quarter was being used to protect the public cloud. These customers choose Apollo Auto Firewall instead of the firewall from the cloud service provider. Our customer momentum in SASE remains strong, with customers growing by over 20%. Once again, in FY24, more than one-third of our new SASE customers continue to be new to Apollo Auto Networks. This is encouraging. We're effectively landing in network security with all three of our product families, allowing us to eventually drive platformization and move these customers to a zero-trust platform. Our natively integrated enterprise browser has attracted more attention to our SASE offerings since the talent acquisition. Not only is it now an integral part of SASE, we're also able to provide the customers an ability to protect the AI usage of their employees, both in our SASE and browser products. Beyond our software and SASE form factors, our cloud-based subscriptions are driving steady network security growth. A significant driver is the advanced versions of four of our core subscriptions, modernized to be fully cloud-delivered like newer subscriptions such as IoT and DLP. We have seen strong adoption of our first three advanced subscriptions, which carry a higher price point than our original subscriptions. Advanced URL filtering, our first, has been adopted by over half of our customers after three years in the market. We just launched advanced DNS in Q4 and are excited to see it ramp as well. More broadly, we have seen the overall subscription attach rate per customer increase from 2.6 at the end of fiscal year 2022 to 3.5 today. We have 10 subscriptions that run across all of our network security offerings. Customers can buy these on our firewalls one by one, in bundles packaged for a specific network security use case, or as an enterprise license agreement to cover the entire state. Beyond the strong network security momentum, We are innovating to ensure we can continue to lead the network security market as software and SASE further drive the scope. Some of the most important highlights are Prisma Access Browser. Following the acquisition of Talon in Q2, we launched the industry's first and only enterprise browser, nearly integrated with SASE this month. Leading up to the launch, we saw strong interest in this technology with over 100 customers adopting our Talon-powered Prisma Access Browser. The browser is available to our existing and new SASE customers. We have seen success with our autonomous digital experience management capability integrated with SASE, which helps customers proactively identify sources of downtime and ensure network availability for the hybrid worker and branch office. We followed that up by adding this capability to our firewall and have seen strong initial interest. He launched our AI access offering, enabling our organization's workforce to use AI tools with confidence while giving security teams full visibility, robust controls, data protection, and proactive threat prevention measures. AI access can easily be turned on for our over 5,000 Prisma Access customers. Following our early access program in July, we have now seen interest from over 1,000 customers to deploy AI access. Finally, leveraging our industry-leading virtual firewall capability, our AI runtime offering is experiencing strong interest from Prisma Cloud and network security customers looking to protect their AI applications, models, and data from threats. As we look forward, the direction of the network security market is as clear to us as it's ever been. They're focused on driving the benefits of platformization through our three network security form factors and getting our customers to a true zero-trust architecture that delivers the best security with the lowest cost to operators. Turning to Prisma Cloud, the enterprise adoption of a public cloud is a generational change in IT that has been underway for at least half a decade. More recently, this has been fueled by the adoption of AI services in the public cloud. The public cloud must be secured differently than on-premise environments, and we recognized this more than five years ago. In this highly competitive market, we have not only established ourselves the largest pure-play cybersecurity cloud security business, being the first to $700 million in ARR, we also have the broadest footprint of cloud security capabilities in the market. As a great confirmation of our leadership and innovation capability, leading SaaS players have chosen Prisma Cloud to secure their production environments. We have CRM, HR, and collaboration leaders who all signed significant deals with us in fiscal year 2024. These players are amongst the most sophisticated users of public cloud technology, and hundreds of thousands of organizations trust them to operate a secure enterprise-grade SaaS offering. We are proud to be able to showcase them as customers. Highlighting the comprehensiveness of our platform, we had a number of key innovations in Q4 that show our ability to stay in the lead in this competitive market. For example, we released our 13th Prisma Cloud module, Data Security Posture Management, based on the acquisition of DIG Security. The DIG team has moved quickly, not only releasing this module, but also helping to integrate data security comprehensively within Prisma Cloud. An important use case for securing data in the cloud is securing cloud-native LLM-based applications. To address this need, we released AI Security Posture Management, our 14th module. Lastly, we released cloud detection response capabilities, leveraging the best of Prisma Cloud and Cortex. CTR gives the stock full visibility into security events in the cloud, as well as real-time threat detection and remediation. With an increasing frequency and scale of breaches targeting cloud environments, CDR capabilities become a critical differentiator in a comprehensive cloud security platform. As we close out the year, along with the overall acceleration we saw in our second half business, our large deal business at Prisma Cloud was up with strong growth in new and expanded business in Q4. As we look forward, we will ensure Prisma Cloud stays ahead of the CNAP market with new capabilities. We will bring new real-time capabilities to the cloud and enable full cloud security integration to the soft. These will be essential for our customers as public cloud and AI adoption broaden. Last but not the least, Cortex. Fiscal year 2024 was a watershed year for Cortex. We firmly established XIAM as the transformation platform for security operations and continue to innovate across the broader Cortex portfolio. We also expanded the Cortex customer base, bringing us future opportunities for XIAM and maintain ARR growth on a significantly increased scale. XIM achieved approximately $500 million in bookings in FY24 alone, up more than 2X versus our fiscal year 2023. Our active customers are up four times over the same time period. We finished the year with over 30 customers north of $1 million in XIM ARR. Customers are seeing the security outcomes that XIM can deliver, namely a dramatic reduction in the time to discover and immediate security events. This is important in identifying signs of breach and stopping the activity before significant business interruption occurs. Our ability to deliver the substantial outcomes unlike any product we have sold since the introduction of our original next-generation firewall more than 15 years ago. And the growth of XIAM is following a similar path. Beyond XIAM, our momentum in Cortex continues with the business passing $900 million in ARR this year. The focus of our platformization efforts for Cortex is with XIAM. Having closed out fiscally at 2024, with well north of 100 XIAM customers, we have seen some amazing outcomes with deployed customers. More than 50% have achieved a median time resolution for security incidents of under 10 minutes, coming from days. After the first quarter deployment, these customers have then seen an additional 2x improvement in their median time per media. Looking forward, we have increased conviction that we can lead the transformation of any organization security operations center with XIM. We see a growing list of customers with an appetite for the outcome we can deliver, and we believe the market is at a point that is ripe for disruption. We have a strategy of delivering additional value to our Cortex-XDR, XO, and Xpans customers by enabling them to platformize with XIM. We also see a significant opportunity to provide real-time capabilities in cloud security where cloud detection response capabilities can help drive this opportunity. Lastly, we expect to close the IBM Creator SaaS assets acquisition by the end of September. We're excited to work with our colleagues at IBM to bring XIM to their customers. It doesn't stop with XIAM platformization. We are also equally excited about our newest launch, XIAM for Cloud. This allows organizations to comprehensively address cloud security issues as part of their security operations. Additionally, we are partnering with many service providers and system integrators to build capability together to continue accelerating our XIAM opportunity. And finally, a quick note on the recent widespread outages in the industry. I want to reiterate, our product uses an approach that deploys a 1-3% wide sample test cohort to ensure no issues, and then we release content updates in a phased manner. We have additionally enabled controls so customers can manage the update process and control it. The recent outage has caused a number of customers to re-evaluate their options. They have initiated conversations with us around XTR and XIM. This, plus our industry-leading Cortex technology, is appealing to everyone we have talked to so far, and we think it has potential to further drive our Cortex momentum. When I came to Palo Alto Networks, we articulated a clear strategy that for our continued success, we needed to ensure our products were constantly improving. We were solving problems for our customers the best way possible, and also we were solving new problems. In other words, our success would depend on our product portfolio and product quality. I continue to be excited by our continued growing leadership position in cybersecurity categories. With our products, customers adopt a best-of-breed offering and eventually evolve to a platform approach. The results of our innovation are evident in the broad analyst recognition of our leadership position across 24 categories. This quarter, we added a new recognition in incident response services, a testament to our industry-leading capabilities in breach response and recovery. We also added a leadership recognition in data security posture management, our eighth for Prisma Cloud. One last area to highlight. We continue to believe in the opportunity around AI. We think we are in the very early innings and AI will be both a threat and opportunity. I'm particularly proud of our teams who stepped up and delivered this comprehensive suite of AI security solutions for our customers. We also continue to infuse AI into our platforms, allowing us to bring leading solutions to our customers. These AI solutions are off to a good start. We surpassed $200 million in AI RR to close out the year, underscoring the traction of the AI-first products we have had in the market, such as XRM and AIOps. In May, we announced our suite of AI security offerings and launched our Precision AI campaign, featuring the TV ad with Keanu Reeves. Over the last several weeks, we have released the announced products, namely AI Access, AI Firewall, or Runtime Security, and AI Security Posture Management. We believe this makes us the first to market with a comprehensive portfolio for secure AI-byte designs. Before I hand over the call to Deepak, I want to reflect on our journey and set some context as we discuss fiscal year 2025. Throughout fiscal year 2024, we saw a backdrop helping trade interests and demand for enhanced cybersecurity. This helped to accelerate our bookings the second half of the year. It is also reflected in our new platformization as we close the year with strong momentum and our strong NGSARR. FY24 marked a seminal moment in our history. I feel our innovation engine is now leading the market, be it by showing enhancements to our SASE portfolio, our cloud security efforts, or in the SOC. We have new integrated solutions for our customers. Take AI. We believe we are the only scaled cybersecurity player to lead the market in a comprehensive suite of AI solutions. We feel comfortable that we are on track towards our target of making Palo Alto Networks the first $15 billion ARR security business. We have made decisions on how we run our business to maximize long-term ARR, which aligns well with growing shareholder value. A select club of enterprise companies has scaled an ARR business in front of us, and we intend to join the club. Deepak will cover in detail how we will evolve our external metrics in line with this. We closed the year with strong top-line growth, expanded our operating margins, and drove best-in-class cash conversion, and we are confident we can continue this in fiscal year 2025 and beyond. With that, I will hand over to Deepak.
Thank you, Mikesh, and good afternoon, everyone. To maximize our time spent on Q&A, I will provide you with highlights of Q4. You can review the results in our press release and the supplemental financial information on our website. In Q4, total revenue was $2.19 billion and grew 12%, above the high end of our guidance. Within revenue, product revenue declined 5%, while total services revenue grew 18%. Drilling into services revenue, subscription revenue grew 23% and support revenue grew 10%. It is worth noting the product revenue grew 24% a year ago as the supply chain normalized, resulting in growth above our underlying demand in that period. Despite the tough Q4 comparison due to supply chain constraint reversals in the second half, fiscal 24, the second half of 23, fiscal 24 product revenue grew in the low single digit range, which is in line with our expectations. The firewall appliance market demand was stable in Q4, and we continue to expect growth of 0% to 5%, as we have previously discussed. Moving on to geographies, we saw revenue growth across all theaters, with the Americas growing 11%, EMEA up 14%, and JPAC growing 15%. We saw strength across all of our geographic theaters. Total RPO, a metric that better represents our top-line growth than billings, grew 20% to $12.7 billion. Our current RPO grew 17% to $5.9 billion. The average duration of our new contracts remained at approximately three years, in line with our third quarter. As Nikesh mentioned, our NGS ARR grew well past the $4 billion mark, ending the year at $4.22 billion and growing 43%. Strength in NGS ARR was broad-based across our three security platforms. We reported Q4 billings above the high end of our guidance, driven primarily by double-digit booking growth and higher volumes transacted on PANFS. On our balance sheet, you will see that our debt balance came down by $199 million and is now under $1 billion. Like in Q3, this reduction was driven by the early conversion of our convertible debt, which occurred at the option of the debt holders and was settled for us in cash and equity. Our remaining debt matures in June 2025, although we may continue to see early conversions. We did not repurchase any shares in Q4, and our buyback strategy remains opportunistic. Our board of directors approved an additional $500 million buyback authorization, such that we now have $1 billion in authorization remaining through December 2025. I wanted to give you some context around our NGS ARR, RPO, Billings, and Total Services revenue metrics. You can see the relatively steady trends in RPO and NGS ARR, which closely match the trend in Total Services revenue, while we have seen more volatility in Billings. We've talked for a year now about the factors that impact our Billings. Over a year ago, we began to see the impact of rising interest rates on how customers perceive the cost of money in procurement situations. This was causing many to ask for payments to be spread over multiple years instead of an upfront payment. In response, we leveraged programs such as annual billings and our Pan-FS financing capability. The impact on billings varied based upon which program the customer chose and how the deal was structured. Also, during this fiscal year, we rolled out our platformization strategy and we offered customers more flexibility in payment terms when making large strategic commitments. This has had a further impact on our billings. In both of these situations, we found ourselves facing the choice of maximizing billings or focusing on NGS-ARR, and we want to have all of the incentives aligned to the latter. RPO and revenue are both important to understanding our business momentum. Revenue gives you the near-term view of our growth. Our RPO helps you understand the longer-term trend and the scale of our book of business that will drive revenue. This aggregate measure is driven by contracts we sign each quarter, and the long-term growth in RPO influences our revenue growth over time and gives you visibility into the future trend. As a reminder, the contracts included in our RPO are all non-cancellable and non-refundable in nature. We aspire to continue to grow RPO ahead of our target forward revenue growth rate, as that helps us build confidence in these growth rates. Now, focusing further on NGS ARR. As a reminder, NGS ARR is an important metric for us as it shows the return on the significant investments we've been making in the next generation areas of our cybersecurity market that are also growing the fastest. We expect these offerings will disproportionately drive our growth as we transform our revenue. Our recent rollout of platformization has sharpened our focus on maximizing ARR. For example, we started the account review process early in fiscal year 2024 to identify white space amongst the largest organizations globally and maximize ARR. As we followed up with the rollout of our platformization strategy, we focused not only on the total deal value or the cash collected up front, but also on an exit ARR and profitability of the recurring revenue stream. We can accommodate customer points of friction while maximizing this recurring revenue as we structure deals with customers to encourage their strategic adoption. These friction points include the challenge of replacing multiple products simultaneously and the issues around double paying while working through complex contract terms. In making these short-term concessions to billings, we ensure a valuable long-term relationship with a deal that meets our and the customer's needs. I talked to you about how NGS ARR and RPO are becoming more prominent in our focus as we drive our platformization strategy. The shortcomings related to billings have become significant over the last 12 to 18 months and are further increasing as we drive our platformization strategy. In evolving our metrics, we solicited the input of some of our largest shareholders and looked at how our peer companies are giving guidance. Investor feedback was that quarter-to-quarter billing volatility is merely a distraction, and it does not impact our assessment of the shareholder value we can create over the medium and long term. We've seen a number of companies disclose ARR and adopt an RPO-related metric to help investors better understand the business trajectory. Some of those companies include Adobe, Salesforce, ServiceNow, and WorkBit. As a result, beginning this quarter, we will focus on NGS ARR as our key top-line guidance metric, in addition to revenue. We will provide NGS ARR guidance both quarterly and annually. We will also provide total RPO guidance quarterly and annually this year to help investors understand the size of our book of committed contracts compared to their future expectations for our revenues. Since we know this is a change for you after many years of guiding billings, I wanted to help provide a one-time bridge back to what we would expect our billings to look like if we were not to change any of the practices in our business that impacts billings. If we were to keep the mix between our PAN-FS and billing programs in fiscal year 2025 in line with what we had in fiscal year 2024, we would expect this to drive 12% growth in our billings in fiscal year 2025. Before I get to detailed guidance, I want to give investors some additional color on the drivers of our cash flow, as that is an area that we continue to receive questions on. First and foremost, our improving operating margins have been the most important driver of our free cash flow margin. We have seen our operating margins improve by over 800 basis points since fiscal year 21, when we began a more intensive focus on profitable growth. This higher operating margin has helped us put a higher floor under our free cash flow margins. We continue to see ample opportunity to expand our operating margins, supporting our free cash flow. Beyond improvements in our operating profitability, the timing of customer cash payments can impact our free cash flow. Over the last four years, we have gradually absorbed an increase in customer preference for payments over time. increasing this proportion of our bookings from 6% in fiscal year 2020 to 30% as of the most recent quarter, while maintaining or even increasing our free cash flow margins. I'm happy that we've been able to do this, and we have confidence we can continue this gradual transition within the business and sustain our free cash flow margins at 37% plus through fiscal year 2026. I also wanted to update you on the pending transaction with IBM. We continue to expect the deal to close by the end of September, depending on the timing of regulatory approvals and other customary closing conditions. At this point, we've included several tens of millions in acquired revenue from legacy QRadar SaaS products in our fiscal year 2025 revenue guidance, with this number decreasing over time based on the speed at which we migrate QRadar customers to XIM. We have also embedded the ongoing expenses in our operating margin, cash flow margin, and EPS guidance. Now moving on to guidance. For the fiscal year 2025, we expect NGS ARR to be in the range of $5.42 to $5.47 billion, an increase of 28% to 30%. Remaining performance obligation of $15.2 to $15.3 billion represents an increase of 19% to 20%. Revenue to be in the range of $9.10 to $9.15 billion, an increase of 13% to 14%. Operating margins to be in the range of 27.5% to 28%. Non-GAAP EPS to be in the range of $6.18 to $6.31, an increase of 9% to 11%. And adjusted free cash flow margin to be 37% to 38%. For the first fiscal quarter of 2025, we expect NGS ARR to be in the range of $4.33 to $4.38 billion, an increase of 34% to 36%, remaining performance obligation of $12.4 to $12.5 billion, an increase of 19% to 20%, Revenue to be in the range of $2.10 to $2.13 billion, an increase of 12% to 13%, and non-GAAP EPS to be in the range of $1.47 to $1.49, an increase of 7% to 8%. Since we know this is a change for you all after many years of guiding billings, I wanted to remind you of the one-time bridge back, which I talked about before. Finally, we included our typical modeling points in the presentation for you to review. With that, we're going to play one more customer video, and then we'll move to the Q&A portion of the call.
I'm responsible for cybersecurity for this great company, Grupo Bimbo, worldwide. It's a great responsibility, I need to say, but with the right tools, I am able to do that. We are not a security company. We are a banking company. So it was a challenge to find the right tools for a company this size. So I started to look around and see what security tools will perform as a platform, not as individual solutions, but as a whole. Our goal is to feed a better world, and for that we need to be on business all the time. We cannot interrupt the supply chain of our products. We deliver billions of products every day, so we need to have the downtime as low as we can. Palo Alto platform, it's perfect. It's a lot of Palo Alto products that work together seamlessly and allow us to automate most of the response. We have lowered the cost, we have improved the response, and the time to respond is immediately, almost.
Thank you, Deepak. To allow for broad participation, I would ask that each of our participants only ask one question. The first question will come from Saket Khalia from Barclays with Hamza Farallon from Morgan Stanley on deck. Go ahead, Saket.
Okay, great. Hey, guys, thanks for taking my question and my consent of the year. Nikesh, maybe for you, it's been a great start to the platformization strategy. I guess the question is, as you look at those top 5,000 customers that we're targeting as part of that 2,500 to 3,500 goal, how much of that is white space versus competitive takeout? And maybe related to that, when we started thinking about the platformization strategy, you talked about giving customers more flexibility as they transitioned off of legacy solutions. How is that additional flexibility helping with these platformization wins?
Well, first of all, Sake, thank you. You always seem to manage to get the first question in, so congratulations. As I said, very, very positively excited by the response to platformization. We've literally had customers reach out. Most recently, a customer, we were about to close a deal. The customer said, no, no, no, I don't want to do this one deal. I actually want to sit down with the whole platformization discussion. We might do it next quarter, but let's not go two-point solutions at a time. So these are these anecdotes, these are these moments where it gets really exciting for us and our sales teams. In terms of the question about where are they coming from, as we mentioned, a third of our customers in SASE are net new to the company. So when we platformize them on SASE or Zero Trust Network Security, they're new to the company. There's a lot of existing customers that are highlighted in our four of our largest deals where they already were parallel to customers, but they used the opportunity to go embrace the larger platform because they saw the vision and they participated and they bought into it. And this is where it is really helpful where they say, listen, I really like the platformization idea. I have two parts of the puzzle. But my third part of the puzzle, I need another 12 months for the other vendor to expire so that I can go embrace follow-up. And I'm like, don't worry about it. You have to start implementing the third and we'll turn on our economics the moment the other vendor is done. Now, what that does, as I've said in the past, it takes away the execution risk, but they're not worried that they'll stop paying, they'll start paying as then, and they have to worry if it's going to work or not. At the same time, it also creates that economic bridge for them. But for us, it's amazing because I have a very simple view. This goes back to the days of when, you know, CRM was not a platform or, you know, Ticketing management IT infrastructure was not a platform. At that point in time, you had four or five applications doing this. But once you bought one that did all five things, you never went back and deployed four different things to solve the problem. So we believe we have a unique opportunity in the platforms we offer. And as I said, I wish we'd gone there earlier than later. So I firmly believe this is what's going to help us get to the $15 billion number faster.
Makes sense. Thanks, guys.
Thanks.
Thanks, Doc. Next up, Hamza Farvala from Morgan Stanley, followed by Brian Essex from Deegan Morgan. Go ahead, Hamza.
Thank you, and congrats on a strong finish to the year. And Deepak, thank you for all the helpful guidance and modeling points. Nikesh, I really appreciate the disclosure on the AI security error. I think over 200 million of error are there already. There's two parts of that. There's the AI for security operations, which has been Cortex-XIM, which has been the fastest growing product I think you guys have had in Palo Alto's history. And then the other part is securing AI, which when we talk to CISOs, it seems to be a really big problem. It's coming up more and more in all the various industry conferences. So I'm curious, I know it's early days. You just announced some of these products, but based on the pipeline you're seeing today, How fast of a product cycle do you think this could be? Because it seems like an entirely new category altogether.
That's a great question. Thank you, Hamza. So I think, as you know, the XIM product is excellent in its own regard. We've shown you we did $500 million bookings this year, which I think the second year of the product is spectacular by all means. And that helped us drive the $900 million in ARR and Cortex. And we're seeing super little results from a median time to immediate. I just reviewed a bunch of business morning. We've got some customers down to under 10 minutes. So it's really exciting. And that does form a part of the ARR. There's a very reasonable part of that AR that comes from our network security business, where we actually deployed AI operations into our firewalls, which is what I call infusing AI into network security. So that allows us to actually anticipate when the customer might run out of capacity, anticipate firewall issues. So that's part of it. Not a lot of that revenue is coming from the product we just launched. We launched all of our three products pretty much this year, not even last year. Literally, they started launching on July 20th through August 16th. So all of our AI security suite is then. But as I mentioned, about 1,000 customers are interested in AI access, which is the thing they're most interested in. There is a financial services organization, which you might know. It's the first time in our history that the entire security team literally walk up to the screen and say, wait, what are you doing here? Yes, we want to talk to you about that. So early days, exciting. And the reason it's exciting, as I said, it's seminal for me because it's very rare that you'd expect a large cybersecurity player to show up with innovation ahead of the market. And now that we can deploy AI access to all of our 5,000, 6,000 Prisma Access customers, or we can deploy AI firewalls against all of our virtual firewall customers, it's interesting because all they have to do is turn on a switch, and they don't have to deploy new instances or new agents. It's just going to work. So 30 days, exciting, and I'm pretty sure these products will go through multiple versions as they get more and more robust. Thank you.
Great. Thanks a lot, Hamza. Next up is Brian Essex from J.P. Morgan, followed by Andy Nowinski from Wells Fargo. Brian, go ahead.
Hey, thank you, Walter, and thank you for taking the question. Yeah, maybe to catch – you mentioned on the call about, you know, the outage in July and how that impacted, you know, some of the demand on your platform. But what are you hearing from CISOs, or what did you see in the quarter – One in terms of like follow through from the pipeline for the quarter. You know, was there a pause in the catch up? And then maybe an adjacent question. How are how might this be changing the way that, you know, some CEOs are looking at the exposure that they may have to one vendor, one type of technology? And I know, Sarah, that you highlighted the difference in the way that you roll out the updates. We're just looking for more higher level one vendors. deal experience and then two, CIO thought process as they approach, you know, next-gen technology.
Well, you know, Brian, as I've said publicly as well, look, that was a tough event. It simultaneously impacted tens of millions of users, which is unfortunate. I appreciate the way Crystrike handled it. At the same time, it caused two things to happen. One, customers are asking us, you have the same product, how do you deploy it? And as I highlighted to you, we have a fundamentally different way in which we do content updates and have been doing it for a very long time. So we were able to articulate that. Funnily enough, some of the customers were busy remediating that issue while we're trying to get our deals done with them. So it's kind of interesting. They were saying, I'm so busy fixing that. So we had to sort of drag our deals, kicking and screaming in some cases. So that was kind of interesting. But I think what it did do is, like you said, it caused customers to step back and say, wait a minute. I need to make sure that I'm evaluating things. all the XDR opportunity in the market. And for us, who is not the number one player in the market, we're in top four, I think, in that market, hopefully trending towards three. It's exciting because customers are willing to give us consideration on the XDR space. It's no longer a slam dunk for some other players in the market, which is helpful for us, helpful for our sales team. And I think we can build on that, coupled with our XIM capability and opportunity that we just talked about. I think it gives us comfort that is going to keep helping us drive momentum in Cortex. It's helpful. Thank you.
Great. Thanks a lot, Brian. Next one from Andy Nowinski at Wells Fargo, followed by Gabriella Borges from Goldman Sachs. Go ahead, Andy.
Okay, good afternoon. Thank you very much for the question. So, Nikesh, it seemed like one of the common factors of those platformization deals that you talked about on the call involved consolidation on the SIN side. You know, so maybe once the deal with IBM closes, do you think your platformization deals could possibly accelerate if SIM conversion is actually a core driver or impetus of these deals?
I'm going to have Lee answer, otherwise he doesn't come with these calls.
But I think our ability to land customers on any of the three platforms and expand is fundamental to how we can approach this with customers. With that being said, XIM this past year has been a bit of a revelation to see our ability to innovate with a new platform, launch it, and quickly get some of the world's largest companies to adopt it and adopt it as a large-scale stock transformation. And you're seeing that with the results of that with the medium time to resolution, driving down from days to minutes, less than 10 minutes is world class. And so to see some of these large customers of ours achieve that so quickly is phenomenal. I believe that. Once we have that position in the SOC, that will help to drive the other platforms because the other platforms will be able to show where good data sources are and less valuable data sources are and actually help our customers walk through an ongoing security transformation based on the insights that XIM is able to glean from seeing all of the security data in one place. Thank you.
Great. Thanks, Andy. Next up, Gabriella Borges from Goldman Sachs, followed by Fatima Bulani from Citi. Gabriella, go ahead with your question.
Good afternoon. Thank you. In the Cash Fiber for you or for Deepak, you've talked in the past about some of your own internal uses of AI to drive operating efficiencies within your business. Give us a little bit of an update on how that's going. Where do you feel you are in that roadmap of being able to implement AI to, for example, save in your customer operations center and things like that? And a little bit maybe on what you've learned from the last year in adopting AI for yourselves in-house. Thank you.
Great question. So, you know, there are two parts, three parts, as I said. One, we've infused AI in our products, and we talked about that at length just now. The second part is using generative AI to create customer-helpful AI co-pilots, as well as AI co-pilots for our customer support teams, because they can also use them. And then the third part is just driving internal efficiencies. Let me start with the third part first. We had approximately, give or take, 300 people who were involved in solving employee tickets for our employees, about 2% of our 15,000 people. We had just launched last week what we call the internal AI employee experience that has allowed us to reduce that headcount by 50%. And we think that can go down to 80% because we've been able to automate a lot of the tasks and also use generative AI to answer employees' questions. So you can think about 200 people odd, which we don't need, either our own employees or third-party contractors, because it's boring work. It's horrible work to have to go keep solving IT problems that have been solved a million times before. Now we've automated a bunch of them, used AI to fix it. So that's one project. We've got some early results. Some of our best developers are 40% better in coding than who have used our internal coding co-pilot. It certainly is. We expect that we should be able to deploy that capability across 3,000 of them. Now, remember, coding is only a third of their job because they do other things for the other two-thirds of their job. But even in the third, if my best person is 40% better, an average person is 20% to 25% better, there's opportunities for better code, and we can do more. So those are sort of the two internal efforts, if you will. On the customer support side, again, the most fascinating discovery for us was we have an internal customer support co-pilot, which is consistent with our co-pilots we are sharing with our customers across Cortex, Prisma, and Strata. And those customer support people, the best one, is equally productive irrespective of tenure after three months. So I can hire a net new person, have them solve customer problems, and three months in, they're as good as somebody who's been here for three, four years. So these are all very promising signs. There's a lot of work that we're doing. But part of our philosophy is if we don't go through the trials and tribulations and, you know, try it ourselves, we're not going to get to be a great company using AI. So early days, but very excited.
Thanks for the data points.
Great. Thanks, Gabriella. Next up, Fatima Gulani from Citi, followed by Tal Liani from B of A. Go ahead, Fatima.
Thank you, and thank you for taking my question. Nikesh, I wanted to zero in on some of your Prisma Cloud prepared remarks. You talked about a business acceleration in the back half, and your tone suggested a material improvement in that pillar. maybe a little bit more of a proverbial pep in your step in that segment of the business, especially when I think about last year when you did allude to some irrational market behavior, market participant dynamics and activity. So I wanted to get to the bottom of what's underpinning some of that back half acceleration and some of the more sanguine kind of outlook on the Prisma Cloud franchise from here.
I'll have to go back and listen to the sentiment analyzer on my own call afterwards. But reacting to your pep in my step, like last year, as I said to you prior, that because of the aggressive new players, they cut prices down 30%, 40%. So whilst we saw the volume increases, pricing was impacted in the industry, causing effectively our growth rate not to be as exciting as we wanted it to be. That is stabilized for sure. We also took some remedial steps in turning our business into an ACB business for Prisma Cloud, unlike the rest of our business, because we wanted our sales team to act in a similar fashion as the market was seeing. We made a bunch of product improvements, and we actually went to our biggest customers and ensured our products were effective for them. And I said, coupled with that, what has also happened is, as I mentioned, that some part of, you know, most of our customers are now using many modules which are oriented towards network security in the cloud. We run on all four hyperscalers natively, which is most, you know, which is in addition to CNAP, it's also our network security part and our real-time cloud security part. So given the 14 modules we have from a comprehensiveness perspective, we found some of the customers where we can uniquely solve their use cases, allowing us to do those large deals And in a way the platformization helps. And then like with Humber J, you know, they bought all three, right? So it wasn't a separate decision for them to go buy Cortex from us and cloud from somebody else and network security from somebody else. So that ability to drive a platform also helps drive our cloud security business.
Thank you. I appreciate that.
Great. Thanks, Fatima. Next up, Tal Ianni from B of A, followed by Patrick Covill from Scotiabank. Go ahead, Tal.
I guess. You spoke in the past about shorter contract duration. What are the implications on free cash flow generation? Are there any short-term or long-term implications? And then in general, can you talk about, you know, free cash flow improved so dramatically over the last few years. Can you talk about the long-term outlook for free cash flow margin? Thanks.
Sure, I'll take that one. Just to start off with, I think I said in my prepared remarks, our contract lengths actually did not shrink. They've been roughly consistent at three years for our new deals, and they've been actually relatively constant for quite a while now. So you do have some areas where the contract lengths may be shorter. You have others like platformization deals where they're more strategic in nature, but on average it ends up being shorter. being that much. I think in terms of the ability to generate free cash flow, frankly, I think the most important part about our free cash flow is really the operating margins. I mentioned in my prepared remarks that since fiscal year 21, we've actually improved our operating margin by 800 basis points. That really is the biggest buttress to to what has happened. And we've been able to absorb the change in the amount of deferred payments going from 6% to 30% in the last quarter, like over that same time period. So I think we've proven that we've been able to deliver strong cash flow, like whilst being able to absorb all of these deferred payments, we feel very confident that we'll be able to continue to do that in the future. Thanks.
Great. Thanks, Tal. Next question, Patrick Colville from Scotiabank, followed by Roger Boyd from UBS. Go ahead, Patrick.
Thank you, Walter. I mean, the question, Deepak. The financial discoloration you guys give us is terrific. You give us a huge amount of metrics. But the metric I want to focus on is the new RPO guide. So RPO rose 20% in 4Q. And the guide implies, I think, a 19.5% at the midpoint in fiscal 25. So I guess what gives you the confidence that – There's going to be no deceleration over the next 12 months. Is it specific business lines or is it IBM Q Radar acquisition or hiring? Can you just kind of look on that, please?
Well, I think Patrick's a combination of factors. As I mentioned, we've seen the pipeline. We've seen the acceleration in the second half. If you look at our first half versus second half, implied bookings have gone up. We see the pipeline for next year. Obviously, the IBM business is part of that. Obviously, the strength we're seeing next time is part of that. Our platformization efforts are part of that. And this year, we have tried to anticipate that with making sure we have resources in place for the coverage we need to deliver those numbers.
Thank you. Keep up the good work. Thank you.
Thanks, Patrick. Next up, Roger Boyd from UBS, followed by Matt Hedberg from RBC. Roger, go ahead.
Great. Thanks for taking the question. Maybe just a follow-up to Deepak's comments a question ago on annualized billings. But you noted, Deepak, that 12% would be kind of the bridge to a billings guide this year if you maintain a similar mix of financing and annual billings. Given the shift towards RPO and ARR guidance, is it fair to assume that that mix will probably not be that similar to what you saw last year, as well as probably additional factors around the industry environment? Just any thoughts on what you might see from the mix of financing and annualized billings?
Yeah, look, I think we'll see a mix more towards annualized billings and away from financing. I think the simplest way to think about it is if you do financing, it's another piece of paperwork. It's a loan document at the end of the day. It does create more work out in the field. And so in line with our platformization strategy, we're all about financing. You know, like figuring out where all the friction points are and trying to eliminate them where we can and continue to do the best thing for the shareholder. So that's really what we're driving here, and that's what I would expect.
I think it's good for that. It will look very different because we may not be doing as many PAN-FS deals because they contribute to billing, but they don't change RPO. They don't change cash flow. So if you don't have too many PAN-FS deals, it saves time for the bill. That's right.
Great. Thanks for the question. Next up is Matt Hedberg, followed by our last question will be Keith Buckman for BMO. Go ahead, Matt.
Thanks, guys. Congrats on the quarter and big fan of the new guidance philosophy. I think it really does tie to the business. Nakash, a question for you. You know, with the election coming up and you guys have historically had a really strong federal business, I'm just sort of curious about how you're thinking about U.S. Fed in one cue and sort of what could that mean for, you know, kind of, it seems like there's a lot of kinds of demand there on the federal side. I'm just sort of curious on on your outlook there.
Yeah, man, I've learned in my life never try and foreshadow the government. Usually, it's not a winning strategy. Don't predict institutions, don't predict budgets, don't predict elections. So, we're all over the punches. We have people, clearly, we know there's business that we have to renew because they have our follow-up capabilities and products and working hard and getting all that done. There's a bunch of new ideas and new projects that we're working on. We'll keep powering through them. As the elections transpire, depending on what administration comes into place, it's going to impact a bunch of the budgets. But as I said, we had significantly de-risked our federal expectations, as we told you earlier, in this calendar year. So we're going with a muted set of expectations into the election to make sure that we don't see any bad surprises.
Thanks a lot. Great. Thanks for that question, Matt. The last one will be Keith Bachman from BMO. Go ahead, Keith.
All right. Thank you, Walter. Good evening. I wanted to ask about XIM a bit and break it into two parts. In your slide deck, you noted that your active customer count is up 4X, and I just wanted to hear a little bit about where those customers are coming from. And what I mean by that is are these displacements, are you sitting side-by-side, Um, just wanted to hear a little bit more about that. And then Deepak for you and my discussions with IBM, I thought the QR radar business was running about a hundred million, a little bit less than that in ARR. And you said tens of millions. So I just, I wasn't sure what is being included when you, you think about the guidance there on what QR may add on a prospective basis over the next 12 months or so. Thanks very much.
So, um, Oh, almost every one of the XIM sales is replacing an existing SIN. And in some cases, multiples. As I mentioned, in case of Schlumberger, we replaced two. In case of the other eight-figure deals, we replaced two others. For the most part, if you looked at the market share of existing SINs in the market, our acquisitions to north of 100 customers would be a representation of us taking the same amount of share from each of those people.
Right.
And if you look at the people out there, I think there's a bunch of people who's been around for 15, 17 years who have shares in the market. Those will be the people we'll be replacing for the most part. So there's no net new SIM. I don't think there's starting net new companies out there that scale will require, you know, 10, 20, $30 million SIM deal. So usually we're replacing the people who are out there. I will let Deepak answer the IBM question.
Just to keep things very simple, Keith, and we can follow up with you in more detail offline, there are certain contracts that will be part of an IBM ELA or something like that. We won't be able to recognize the revenue of just the way that the accounting treatment works, and there will also be some contracts that require consent from IBM. So those are the kinds of things. We do expect over time things to move to, you know, XIM. Like our intention was never to, you know, do things in that much more ratable revenue anyhow.
So it just takes some time to get those customers transferred over. Yep, fair enough. Okay.
The three others are real interested in converting them to XIM, as you'd appreciate. That's right. Yep. All right. Thanks, Keith. Thanks for your call. Where's that logo from? Keith, where's that logo from?
It's a golf course in New Jersey.
All right. See, it's not that hard. You ask me hard questions. I ask you an easy one. All right.
Well, with that, we'll conclude the Q&A portion of the call. I'll turn it back over to the cast for his closing remarks.
You know, I want to use the opportunity to thank all of you for supporting us and for joining our call. I also want to thank all of our customers, partners, and entire ecosystem for supporting our business. And last but most importantly, all of our employees who worked really hard to deliver these results. Thank you very much.