Palo Alto Networks Inc Q2 FY2023 Earnings Call

Good day, everyone, and welcome to Palo Alto Networks Fiscal Second Quarter 2023 Earnings Conference Call. I am Clay Bilby, Head of Palo Alto Networks Investor Relations. Please note that this call is being recorded today, Tuesday, February 21, 2023, at 1:30 PM Pacific Time. With me on today's call are Nikesh Arora, our Chairman and Chief Executive Officer; and Dipak Golechha, our Chief Financial Officer. Our Chief Product Officer, Lee Klarich, will join us in the Q&A session following the prepared remarks. You can find the press release and information to supplement today's discussion on our website at investors.paloaltonetworks.com. While there, please click on the link for Events and Presentations where you will find the investor presentation and supplemental information. During the course of today's call, we will make forward-looking statements and projections regarding the company's business operations and financial performance. These statements made today are subject to risks and uncertainties. We assume no obligation to update them. Please review the press release and our recent SEC filings to see these risks and uncertainties. We will also refer to non-GAAP financial measures. These measures should not be considered as a substitute for financial measures prepared in accordance with GAAP. The most directly comparable GAAP financial metrics and reconciliations are in the press release and the appendix of the investor presentation. All results and comparisons are on a fiscal year-over-year basis, unless specifically noted otherwise. We would also like to note that management is scheduled to participate in the Morgan Stanley TMT Conference and JMP Securities Technology Conference in March. I will now turn the call over to Nikesh.

Thank you, Clay. Good afternoon, and thank you, everyone, for joining us today for our earnings call. I'm pleased to report that we had another strong quarter with the balance of top-line growth, significant expansion in non-GAAP operating margin, and strong free cash flow. Billings and revenue each grew 26% year-over-year. Our RPO grew 39% as we continue to sign large multiyear deals with our customers. We also delivered an acceleration in our operating leverage in Q2 as we focused on driving profitable growth. Our non-GAAP operating income grew 55% year-over-year, supported by a non-GAAP operating margin, which exceeded 22% for the quarter, up over 440 basis points year-over-year. This translated to another quarter of profitability on a GAAP basis. We have now been GAAP profitable on a cumulative basis over the last four quarters. In addition, our strong free cash flow generation this quarter also puts us on track to outperform prior guidance. I know many of you are wondering about the macro environment, so I want to start with an update there. There's clearly a tougher macro environment emerging as the Fed continues on its crusade to tame inflation. The changing macro environment is making business leaders more cautious. Some of our customers are seeing signs of a slight slowdown while others are less impacted. I, however, feel that we're not done yet. And while not expecting shocks, I do think we will see more cautious activity over the next few quarters. Clearly, caution is abundant, driving more scrutiny, making customers demand more value from their partners. We've seen some projects get delayed or descoped, though most continue on track. We've always maintained that we expect cybersecurity to be resilient, and we continue to see evidence of that. On the large deal front, this behavior is definitely widespread. For us, this has meant we need to get ahead of this and work closely with our CIO and CSO partners. Not just that, it's creating more conversations around payment terms, discounts, and the scope of deals with purchasing teams, something we've been working with our customers on as well. I'm delighted that based on our field teams getting ahead of this problem, earlier this quarter, we did not see any major deals slip from the quarter. Our deal cadence quality was consistent with the same quarter last year. On an equally positive note, this environment drives the need for consolidation, not just to generate clear security outcomes, but also to reduce the security vendor sprawl that has been prevalent in our customers' infrastructure and the need for a long-term security strategy based on total cost of ownership and value. We feel fortunate that with our portfolio, we are best positioned to deliver this to our customers. Within our own business, two things have happened. First, we have become more focused on efficiency from early this year. For example, our headcount growth this year is likely to be lower than any of the last three years. At the same time, we do not anticipate slowing down the pace of our development or business outcomes. Dipak and his team have been rigorously inspecting our cost structures across our portfolio to ensure we are set up to deliver consistent gross margins in all areas. This has been one of the major drivers of our improved operating margin, and we hope to continue to improve as we scale. Secondly, as anticipated, supply chain challenges in product have abated significantly versus six months ago. While this is evident in our product gross margins and our overall profitability, there are some lingering impacts that we expect to further abate through the end of this year. Let's also take a moment to discuss hardware growth. Over the last 12 months, a lot of factors have impacted hardware growth, including supply constraints and uneven demand, given supply chain impacts and backlog. Additionally, we have noticed our customers continue to be more focused on their cloud, network, and security operations and transformations and are willing to extend the lifecycle of their hardware assets. Underlying all this, we still believe that the industry hardware growth rate is in the low to mid-single digits. As these extraneous factors mitigate over the next few months, we will see the long-term growth gravitate back to those levels. So what does this mean for the second half of this year and beyond? Somewhat counter to the market, we're raising guidance both on top-line metrics and profitability. Of course, this requires the current demand to sustain and for us to maintain a continued focus on execution. We have a unique opportunity in this environment to strengthen our position in the market. Hence, we are investing with an eye towards disciplined growth and positioning ourselves to be the partner of choice for customers looking to consolidate. You'll hear more about this from Dipak, but we are raising guidance on billings and next-generation security based on the strength in our software-based and cloud-delivered capabilities. In our hardware pipeline, we're seeing specific transactions that are on track for Q4, which has caused us to shift some forecasted revenue from Q3 to Q4 while maintaining our annual guidance. With all I've said about efficiency and better operations, we're now guiding to 21.5% to 22% operating margin for fiscal year 2023. Additionally, we're also increasing our cash flow guidance. Consolidation continues to be a key theme with our customers. Of course, customers are not willing to compromise on quality and cybersecurity. Given our market leadership in 13 categories, we are fortunate to be engaged in many such conversations. Those conversations are driving business, and many customers are on a long-term transformation path with us. The number of deals we closed over $1 million grew nearly 20% year-over-year, and the value of these transactions grew nearly 60%. Similarly, the number of greater-than-$5-million deals grew 84%, and the number of greater-than-$10-million deals grew over 140%. We saw deal values in these cohorts grow significantly. This continued momentum is critical to us being able to drive platform consolidation. Time and again, we see early millionaire customers becoming an onboarding ramp to help us drive more cybersecurity value to our customers. Almost all of our $10 million deals involved multiple platforms on an underlying transformation driving vendor consolidation. Let's take a look at some of the ways we are driving consolidation. First, with Zero Trust transformations, we're helping customers standardize their appliance and software firewalls with a broad line of security subscriptions. A life sciences customer signed an eight-figure deal to standardize their operations using our next-generation firewalls, virtual machines, and security subscriptions. In other cases, we're helping customers adopt SASE and software firewalls, consolidating their security stack across our consistent set of offerings, driven by hybrid work and securing SaaS apps. A financial service firm recently signed an eight-figure deal with us because they wanted to transform their network and reduce both operational challenges and cost of ownership. They chose us over pure-play SASE competitors because of the breadth of our offerings in our comprehensive Zero Trust network. Secondly, trial cloud transformations, we're using our Prisma Cloud and Prisma Access capabilities to help customers adopt hyperscale cloud and Software as a Service. Another financial services firm with a mandate to run over 90% of the apps in the cloud signed a high eight-figure deal to standardize in both Prisma Access and Prisma Cloud. Lastly, in SOC transformations, we're using our Cortex platform with XSIAM to help customers transform their security operations center and retool around high-fidelity data sources, AI, and automation. A retail company started a relationship with us around Unit 42 incident response with an Expanse trial and a small XDR deployment. They expanded the relationship with a high seven-figure deal to standardize on XDR and XSOAR. These strategic customer relationships and transformations would not have been possible without us building a new security industry paradigm, a paradigm around constant innovation. Our success is driven by investments in innovation, and it's becoming increasingly clear to us that there is a flywheel at play here. This starts with R&D investment, where we have the largest budget of all dedicated cybersecurity companies, approximately $1 billion in non-GAAP spending on a trailing four-quarter basis. This is two to five times as much as our pure-play peers. Our scale also allows us to spread this budget across a larger revenue base and the shared needs of our three platforms. R&D investments then translate into a record number of product releases. Our first-half major release is number 35, up 59% from the first half of last year. Some of the key releases in the first half included our flagship PAN-OS 11.0 Nova, our third advanced subscription, Advanced Wildfire, our new AI-based SOC platform XSIAM, and new modules and updates in Prisma Cloud. This constant innovation is causing industry analysts to take notice. We recently received recognition for leadership in the Cloud-Native Application Protection Platform (CNAPP) category, bringing our total number of active leadership recognitions to 13, which compares to nine a year ago. All these leadership positions have helped us grow our NGS ARR by 63%. We still believe there is a large untapped Total Addressable Market (TAM) for many of these services given the robust adoption of advanced software services that we have launched, which are all cloud-delivered and put us in the early part of the SASE cloud lifecycle. We feel confident in our future ability to drive NGS ARR. Let's take a deeper look at some of the highlights. I'll start with my personal favorite, our network security business. We launched our first SASE capability, Prisma Access, at the end of fiscal year 2019. In the first year, we booked less than $100 million in business. Over the last six quarters, we booked about $1 billion, with our largest deal last quarter being a total contract value deal for $40 million for SASE. We now have over 4,000 customers and are growing ARR approximately 50%. In Q2, we saw a healthy number of large competitive wins in SASE, and SASE has one of our strongest pipelines looking 12 months out. Beyond the top-line traction, we're also seeing improving economics in the business. Two years ago, we showed you how the five-year revenue from a SASE customer compares to an appliance customer. At that time, SASE was about two times higher. Since then, we've added additional value to SASE. We launched autonomous digital experience management in FY 2022, followed by AIOps and SaaS security posture management this year. AI has the power to transform SASE. Our integrated security services are now all powered by AI to detect and prevent even zero-day attacks. And we'll soon be introducing additional AI-driven capabilities to transform the user experience on the platform. We now expect our five-year revenue from a SASE customer to be more than 2.5 times that of an appliance customer. We've also seen some improvements in our SASE gross margins over this period, as we have scaled to become more efficient. If you go to the other side of our network security portfolio, our software firewall business is going strong. This includes the broadest deployment options for customers, including VM-Series and CM series, which can run in their data centers or be purchased in the cloud marketplaces, and the first-to-market integrated cloud next-generation firewall offerings for hyperscale clouds. We have the highest market share of any company in this market, which we believe is more than three times that of our closest competitor. The current macro environment is causing more customers to watch their CapEx budgets. This shift, along with the fact that customers are transforming their data centers and moving to the cloud, is leading more of them to adopt software firewalls. In Q2, the number of deals over $1 million for our software firewall nearly doubled, and six of our top eight deals in Q2 included software firewalls in our offering. Moving onto our cloud security business, we continue to make steady progress with Prisma Cloud. Platform enhancements are important to our growth. We released the new API risk profiling capability to enhance our web application security module. This capability helps security teams assess their API attack surface quickly based on more than 200 risk factors, including misconfigurations, exposure to sensitive data, and access privileges. This helps teams prioritize the most significant risks and take preventive measures to address them. We also continue to shift left and focus on securing workloads as they are developed, solving our customers' application security challenges. To that end, we closed the acquisition of Cider and have brought their team under common leadership with our cloud code security team to help bring Cider's CICD security capability to our platform. After releasing Cloud Core Security a year ago, over 15% of our customer base has adopted these capabilities. Our cloud core security customers in Q2 grew 30% over Q1. Our new secret management module launched in December scans code repositories used by developers for hard-coded secrets like passwords and API keys to make sure this information is not exposed and used as a vector for an attack. We continue to see these new capabilities and enhancements drive an increase in customer module adoption. For example, our customers with two or more modules grew over 40%, and customers with four or more modules more than doubled. Credit consumption of Prisma Cloud increased 48% year-over-year. This growth is being driven by new customer additions, customers increasing their cloud footprints, and customers consuming additional modules. While there has been discussion about moderation in cloud consumption in the market, we believe the relatively early stage of cloud security adoption has and will continue to shelter us from this headwind. Before I move on to Cortex and talk about continuing signs of optimism I see in that category, I feel compelled to take a detour towards AI. Clearly, AI has been on everyone's mind given the continued conversation in the tech industry. Most of you know the story of arrival with Palo Alto Networks. I talked about fragmentation and the need for a solution there, which we have talked a lot about. I also talked about automation and AI. The challenges you all know is that AI has been a data problem and continues to be so. Unlike consumer AI, where we can talk about the creative capabilities of tools like ChatGPT and the revolution that is going to drive in search and advertising, its ability to summarize data and inform us, the demands from AI in enterprise are far more exacting and so are the returns. An enterprise AI needs to be clean. It has to have comprehensive data. And in security, especially, it needs to be real-time. So not only do you need to have the best data to create great security outcomes, you also need to be positioned ready to block threats. Let me make a case why, with petabytes of data from trillions of events, billions of sessions, hundreds of millions of URLs, and tens of millions of files flowing through our products across cloud, network, and endpoints daily, we are best positioned to deliver security outcomes using AI and machine learning. Palo Alto Networks' next-generation firewalls broke through the firewall industry in the early days because of our ability to deliver next-generation security. These services were driven by expansive data collection capabilities and enhanced application logs. We have since applied that capability across our entire network security stack. We estimate that this network security data is just under half the valuable security data that is needed for any AI-driven outcome. We have over 60,000 customers where we can help them use this data. As we conceived with Cortex, we built XDR to ensure we collected the best endpoint data across the industry. We acquired and deployed the largest security automation footprint at XSOAR, but we're not stopping there. We then acquired and integrated Expanse, which looked at vulnerability data from a different and unique perspective. These formed the fundamental building blocks for XSIAM. With our leadership position in automation, analytics, and attack surface management, again, we're driving an AI-based SOC transformation. With our 4,500 Cortex customers, we are able to bring what we believe is the next largest set of security data that is useful for AI. We applied the same thought and rigor as we built Prisma Cloud, integrating data from all hyperscalers and shift-left data from developers. Slowly and steadily, the Prisma Cloud integration is being built on a stronger foundation of security data. Cloud is becoming an increasingly important contributor to AI, and our 2,000 customers will benefit from it. We have delivered unique AI-based outcomes, including blocking unknown yet malicious websites, command-and-control domains, and files at scale. Also, we have shown in our own security operations center that we can reduce the mean time to detection to seconds and the mean time to respond to minutes. These are all outcomes that cannot be achieved without the data we have and the AI/machine learning expertise we apply. Let's take a look into how we believe this has made us more excited and encouraged us around XSIAM. In Q2, as part of the Cortex and XSIAM platform, we released important new capabilities, including SaaS-enabled XSOAR, delivering a cloud-based interface, and Expanse active attack surface management allowing our customers to remediate issues discovered using XSIAM. We launched XSIAM and GA at the end of Q1. So far, we've closed approximately $30 million in business and have a growing pipeline of customers looking to transform their security operations with the new platform. I think XSIAM is going to pave the way for us to drive AI-driven security transformation outcomes. We will continue to work hard with our early customers to drive evolution and success in XSIAM. I'm extremely positive, perhaps cautiously optimistic about XSIAM. Its early relevance, product-market fit, and with the concurrent discussion on AI, it makes me hopeful that this could be the fastest ramp of any security product. We see our first milestone to getting to $100 million in bookings faster than Cortex, SASE, or Prisma Cloud in our portfolio. Before I turn the floor to Dipak, I want to put all this together and talk about where we're focused as we enter the second half of our fiscal year and beyond. We see a clear roadmap ahead of us. We intend to put our head down and execute. Right now, we're in the process of transforming our business to software-based and cloud delivery offerings. Our revenue, which is increasingly driven by our next-generation security capabilities, is becoming more recurring in nature, and we have an opportunity to own a greater share of our customers' cybersecurity budget. This should allow us to sustain high revenue growth for longer. Over the last couple of years, we set in motion a plan to expand our operating margin, including driving scale in our faster-growing businesses. Over the last six months, we’ve listened to investors who have encouraged us to focus on profitable growth and accelerate incremental leverage in our business, and we made good progress in Q2. We're now well positioned for the second half of the year. We are appreciably raising our margin target for FY 2023 up 200 basis points from our prior guidance and 250 basis points from our initial FY 2023 guidance. We believe we can continue to build on this into fiscal year 2024 and beyond, putting us three years ahead of our profitability targets we offered at our last Analyst Day in September 2021. As Dipak will describe, we believe the combination of sustaining higher top-line growth and focus on efficiency sets us up well to build on this base of higher profitability and grow EPS ahead of revenue. I want to emphasize that achieving GAAP profitability is an important milestone for our company. In support of this, we're actively focused on managing our stock-based compensation to continue bringing this down as a percent of our revenue. With that, I'll turn the floor over to Dipak to take you through the details of our results and guidance, and then we'll take questions.

Thank you, Nikesh, and good afternoon, everyone. For Q2, revenue of $1.66 billion grew 26%. Product revenue grew 15%, whilst total service revenue grew 29%, with subscription revenue growing 32% and support revenue growing 25%. Moving on to geographies, we saw revenue growth across all theaters, with the Americas growing 22%, EMEA up 35%, and JPAC growing 32%. The strength of our next-generation security capabilities continues to drive our results, with NGS ARR of $2.3 billion, growing 63%. Strength was broad-based across all three of our platforms: Network security, cloud security, and security operations. We delivered total billings of $2.03 billion, up 26%, and above the high end of our guidance range. Total deferred revenue in Q2 was $7.6 billion, an increase of 39%. Remaining performance obligation (RPO) was $8.8 billion, increasing 39%, with current RPO representing about half of our RPO, similar to recent quarters. Our non-GAAP earnings per share was significantly ahead of our guidance, and this metric, as well as our trailing 12-month adjusted free cash flow, accelerated. Non-GAAP EPS of $1.05 grew 81% year-over-year, while trailing 12-month adjusted free cash flow of $2.7 billion grew 76% year-over-year. Moving on to the rest of the financial highlights. Non-GAAP gross margin of 75.5% was up 150 basis points year-over-year, driven mainly by an increase in our software mix. On a quarter-over-quarter basis, we saw less pressure from incremental costs related to the supply chain. We've made significant progress in driving leverage. This is something that we articulated at our Analyst Day in September 2021 and kicked off in fiscal year 2022. We have accelerated this in fiscal year 2023 with a focus on profitable growth as evidenced by our Q2 performance. Our operating margin of 22.8% increased 440 basis points year-over-year. This result was driven by improving gross margins and a slower level of headcount additions. We expect to see ongoing improvements in our operational efficiency. As a result, we are raising our fiscal year 2023 operating margin guidance. Non-GAAP net income for the second quarter grew 79% to $332 million, or $1.05 per diluted share. Our non-GAAP effective tax rate was 22%. Delivering fiscal year GAAP profitability is another milestone in our balance of driving growth and profitability. For the quarter, GAAP net income was $84 million or $0.28 per basic share and $0.25 per diluted share. This was our third consecutive quarter of GAAP profitability. As Nikesh noted, we have now been profitable on a cumulative basis for the last four quarters. We believe we now meet the criteria for inclusion in the S&P 500. Turning now to the balance sheet and cash flow statement. We ended Q2 with cash equivalents and investments of $6.2 billion. Our average duration for new contracts increased slightly year-over-year, driven by deals with strategic customers. It remains at approximately three years, where it has been historically. Q2 cash flow from operations was $695 million, with total adjusted free cash flow of $685 million this quarter. Our strong free cash flow in Q2 was driven by increased operating profitability, higher interest income, and improvement in billings linearity due to improving supply chain conditions. During Q2, we repurchased approximately 1.8 million shares in the open market at an average price of approximately $139 per share for a total consideration of $250 million. As a reminder, our share repurchase program is opportunistic, and we are committed to this method of returning cash to shareholders over the medium term. Stock-based compensation ticked up 20 basis points as a percent of revenue sequentially, related to the issuance of our annual grants and the impact from the Cider acquisition. On a year-over-year basis, stock-based compensation was down 350 basis points as a percent of revenue. Before I get to guidance, I wanted to cover my thoughts on operating margin. We have continued to drive improvements in the profitability of our fastest-growing businesses as they have gained scale. Additionally, over the last six months, we have developed and executed detailed plans to accelerate our operating leverage. This includes raising the bar around the return on investment we expect as well as remaining prudent in our hiring. We've also spent a lot of time looking at our peer group and studying benchmark data. As we look towards the second half of the year and into fiscal year 2024, we believe we can continue to execute against our plans and drive higher operating margins. We expect that this will translate into us growing our EPS faster than our revenue growth rates. Now moving on to guidance. We're offering guidance for Q3 and also Q4 to make this explicit and then offering updated annual guidance. You'll see we're maintaining our annual revenue guidance and giving explicit guidance for Q3 to Q4 based on what we see in our pipeline for product revenue. For the third quarter of 2023, we expect billings to be in the range of $2.20 billion to $2.25 billion, an increase of 22% to 25%. We expect revenue to be in the range of $1.695 billion to $1.725 billion, an increase of 22% to 24%. We expect non-GAAP EPS to be in the range of $0.90 to $0.94, an increase of 50% to 57%. For the fourth quarter of the year, we expect billings to be in the range of $3.12 billion to $3.17 billion, an increase of 16% to 18%. We expect revenue to be in the range of $1.937 billion to $1.967 billion, an increase of 25% to 27%. We expect non-GAAP EPS to be in the range of $1.18 to $1.22 per share, an increase of 48% to 53%. For the fiscal year, we expect billings to be in the range of $9.1 billion to $9.2 billion, an increase of 22% to 23%. We expect NGS ARR to be in the range of $2.75 billion to $2.8 billion, an increase of 45% to 48%. We expect revenue to be in the range of $6.85 billion to $6.91 billion, an increase of 25% to 26%. We continue to expect product revenue growth in the range of 10% for the full fiscal year. For fiscal year 2023, we're expecting our operating margins to be in the range of 21.5% to 22%. We expect our non-GAAP EPS to be in the range of $3.97 to $4.03, an increase of 57% to 60%. We expect our adjusted free cash flow margin to be between 36.5% to 37.5%, and we expect to be GAAP profitable each quarter and for the fiscal year 2023. Additionally, please consider the following modeling points. We expect our non-GAAP tax rate to remain at 22% for Q3 and fiscal year 2023, subject to the outcome of future tax legislation. For Q3 and Q4, we expect net interest income and other income of $45 million to $49 million. We expect Q3 diluted shares outstanding of 321 million to 327 million shares. We expect Q4 diluted shares outstanding of 326 million to 332 million. We expect fiscal year 2023 diluted shares outstanding of 320 million to 326 million. We expect Q3 capital expenditures of $35 million to $40 million, with full-year capital expenditures of $165 million to $170 million. With that, I will turn the call back over to Clay for the Q&A part of the call.

Great. Thank you, Dipak. The first question will be from Brian Essex of JPMorgan, followed by Hamza Fodderwala. Brian, you may ask your question.

Great. Thank you, Clay, and congratulations to everyone on some excellent results. Really strong work here. Thanks for taking the question. Nikesh, I have a question about SASE. Could you provide some insights into the competitive dynamics in that area? How beneficial is it for the platform to have a comprehensive end-to-end SASE? I notice many private vendors are developing full end-to-end SASE platforms. Is this primarily a transformational push, or is it a combination of both? Thank you.

Hey, thanks for the question. Look, the SASE market, I think traditionally was a market which was focused on internet access. Customers used that as a proxy-based way to onboard internet access and was fine. I think the pandemic really flipped the switch, coupled with the whole cloud transformations that are going on, our customers, especially larger ones, want to create a first-class citizen for any user who's not sitting in the office or in the campus, and they want to get to Zero Trust. So, I think the confluence of Zero Trust, the confluence of the cloud transformation, and the application of a full security stack opened the door for full SASE deployments and network transformations, coupled with the fact that people are trying to get away from large wide-area network-type architectures and SD-WAN. So, I think our confidence on all of these things created a real spurt in the SASE market. We have over 60,000 customers who use our firewalls. Now, we're showing them a path to migrate from a firewall-based, campus-based, data center-based architecture to a Zero Trust architecture that spans hardware, software, and any kind of remote access and campus solutions. So, I think that's what's driving that for us. And whilst your brains move faster than our ability to execute sometimes, it's only been three years. I could challenge anybody out in the market. Everybody reads the same Gartner Magic Quadrant on SASE. I want to see how many vendors can claim that over the last six quarters, they sold $1 billion in SASE, and who just had a $40 million deal in SASE last quarter. So, I think that's our execution, our ability to work with existing customers, and our constant listening to customers to evolve our products that are allowing us to get here. It's a competitive market, but I think we're down to two or two and a half vendors in this market who we see at every customer now.

All right. Our next question from Hamza Fodderwala with Morgan Stanley with Fatima to follow. Go ahead, Hamza.

Hey, good afternoon. Thank you for taking my question. Maybe for Nikesh and Lee Klarich. Just curious about the early customer conversations around AI as customers look to automate their security operations. To what extent is that aiding the conversation toward consolidation for Palo Alto Networks?

That's a great question, Hamza. I have fluctuated in how to moderate my excitement about this space. While traveling to India for a convocation, I experienced ChatGPT for the first time and ended up rewriting my speech, declaring it a significant development for security, enterprise, and consumer sectors. I believe we are at a pivotal moment. Not long ago, customers didn't inquire about AI, but now they are eager to know if we are integrating AI into our security products. It’s encouraging, which is why we addressed this in the earnings call to explain our long-standing efforts in this regard. Discussions are increasingly focused on how to better utilize data. Previously, the approach in the security industry was primarily offline and reactive data analysis. Now, customers are seeking real-time, proactive solutions that thwart threats, which aligns well with our strengths. The dialogue is just beginning. Regarding XSIAM, no deal falls below $1 million, and I haven’t seen any similar security product launch at this entry-level price point. In the past 12 to 16 weeks, we have generated $30 million in business while our teams are still receiving training. We anticipate that around 70% to 80% of our product developers need to refine the remaining aspects based on customer feedback. Thus, I am cautiously optimistic. I believe this will set the stage for AI deployment. This marks our first outcome-based product, enabling us to promise reductions in mean time to respond and detect threats. Previously, we could suggest this product is beneficial, but its value would only become evident in a crisis. In the case of XSIAM, I can showcase efficiency and a decreased cost of ownership. I am very hopeful but urge patience; it will take some time. We would be pleased if we could achieve $100 million faster than any prior product. I hope this leads to another growth avenue for Palo Alto, contributing to sustained revenue growth in the long term.

All right. Our next question from Fatima Boolani of Citigroup with Brad Zelnick likely to follow. Go ahead.

Good afternoon. Thanks for taking my questions. Nikesh, this one's for you. You were pretty explicit that you are having realistic conversations with customers about payment terms and extensions and financial circumstances as most organizations focus maybe more on cash flow preservation than they had in the past. So maybe to specifically ask, it's not very apparent in your numbers that you're having those types of conversations. So a, how are you managing to circumvent a lot of that? And how is Palo Alto Financial Services as a financing vehicle maybe helping you drive a lot of those conversations that's not apparent to us?

Good. It means we are doing a good job of managing our cash flow margins and making sure our customers are happy. Very rarely do I get to make both shareholders and customers happy at the same time. It’s one of those moments. Look, on a more serious note, yes, you're right. We are having those conversations. Dipak and his team are doing a phenomenal job in making sure that our sales teams are supportive when the customer is talking about payment terms, annual billing plans, or specifically using PANFS. So I'm going to pass this over to Dipak and explain how he's walking the tightrope and making sure that we're doing this effectively with our customers. I will say we’re blessed because, as Dipak highlighted, we have $6.2 billion of cash on our balance sheet, giving us the capacity to be able to do this for our customers. But Dipak?

Yes. No, I think I would just say that it’s been very selective and very purposeful looking at the actual customer interactions. We have a whole team that is very experienced at this. We brought a lot of people in with external experience. It really is a case-by-case piece here, but that's how you keep it very selective and strategic. And that's the only time we really use it.

All right. Great. Our next question is from Brad Zelnick of Deutsche Bank, followed by Tal Liani. Go ahead, Brad.

Great. Thank you very much, and congrats, Nikesh and team. Great job. Nikesh, Palo Alto Networks is far more than a hardware company. And that's...

Oh, my God, Brad. You're reminding me of the meeting we had four and a half years ago in my office. Go on.

I'm glad to hear that I made a good impression on you, Nikesh. However, I'm still waiting for that specific word you mentioned. If you look behind me, you'll see that while I'm in front of the building, it seems a bit empty. It's good to see you. Today, Palo Alto Networks is much more than just a hardware company, and that's clear. However, you've lowered your expectations for industry hardware growth compared to what you shared last quarter. Previously, you indicated a growth rate of 5% to 8%, and now you're suggesting low to mid-single digits. I'm not sure if that's a significant change, but I did notice it. Has anything changed in your market perspective? How do you expect your hardware business to perform in relation to the market? Lastly, what would you say to someone who is skeptical that much of the success in your next-gen offerings is contingent on the hardware sales made by your sales team? How much of your business is developing independently from hardware that we should take into account? Thank you.

So, Brad, I think it's important to understand that we have a very large installed base. We have 62,000 customers who deploy Palo Alto firewalls. In my four and a half years at Palo Alto, I don't know any customer that has decommissioned us yet. So, I think that the solution of the hardware is not being deployed or not being used is not true. There is hardware and customers using our products. Even though somebody may not be buying hardware, a lot of our subscription growth, our ELA growth is driven by the fact that people have hardware, which they are extending the software capabilities on and buying more software capabilities from us. So it's not just that a salesperson shows up only to sell hardware; they actually show up to deploy more security capabilities on the software front. And couple that in the case of SASE, if you look at our large pipeline, it's clearly driven by a customer of Palo Alto who is a firewall customer or a potential SASE customer who's saying, listen, I know your security services, I know your Zero Trust policies, I want to be able to expand into it and deploy a full end-to-end SASE solution or a Zero Trust solution for you. So, I guess I’m trying to say is that our success in software is not hardware-dependent. All I'm highlighting is that I believe that the market was very confused last year with supply chain issues. You couldn't get chips, orders were being made, and customers were getting jittery, saying, I have capacities, I might need more hardware. So a whole bunch of conflation of effects happened in hardware. I have constantly maintained that hardware grows. The industry grows at low to mid-single digits. You noticed that perhaps a slight downtick in my expectations, and that's probably fair. You're perceptive. But I don't think it changes the overall outcome for us as a company. I do worry about people who are purely hardware-focused, who don't have the ability to position a solution that includes software. I'll give you an example: A large retailer comes to us and says, I'd like to deploy a SASE solution across my entire retail base. I want to upgrade. I want to do AR, VR for my store and get more bandwidth. Technically, there are multiple ways to solve the problem. What you do is sell firewalls and say, hey, put a bigger firewall in your store. And I can deliver SASE because I have security capability. I can say, put an SD-WAN box in there, go deploy a lot of bandwidth over a software-based SASE implementation. A, it's going to be much easier to replace software in there, upgrade software. I take care of that for you. B, it's more secure because you have the most recent upgraded software available right away. Three, it's scalable; you can improve your bandwidth and security requirements over time. And; D, for me, it's great because it's 2.5 times more valuable for me to have you deploy SASE than put a box, which I'd have to keep sending a truck every year to try and upgrade this offer.

Great. Next question from Tal Liani of BofA, followed by Keith Bachman. Go ahead, Tal.

I wanted to ask you about the difference between revenue growth, billing, and deferred revenue. You increased the guidance for deferred and billings that are very strong. We see less of an increase in revenue. What are the dynamics going forward?

I'm going to let Dipak answer, but I will recommend you to try Dali. You might be able to create a parallel poster of ours, and we'll have to figure out who did which one.

Yeah. Look, Tal, I think at the end of the day, we are an enterprise company. As you see in our guidance, we have a large Q4 guidance with a lot of customers sweating assets, as Nikesh mentioned in our script. I think we're just trying to reflect that in our latest forecast, which is what drives the guidance. If you have people sweating assets, we don't know exactly what will fall in which quarter, and that drives the revenue.

Yeah. Well, I think just to ensure that we don't mix the forest from the trees, we are seeing better growth across our business on a total contract value basis across our customers. That's driving the billings growth, which obviously then falls into revenue, both short-term and long-term and deferred. I think what you're seeing is the higher mix of software in our expectations going forward, which makes it more ratable over time. It gives us more predictability, hence the revenue looks consistent with expectations, and you see the software part that is sitting in deferred grow faster.

Certainly on SASE, that is the most...

All right. Great. Our next question is from Keith Bachman of BMO, followed by Patrick Colville. Go ahead, Keith.

Many thanks. Good afternoon, good evening. I wanted to ask you, Nikesh, about Cortex, if I could, more broadly, and I'll break it into two parts. The Cortex journey, the results have been solid, not just this quarter, but for some period of time now. And A, on the competitive front, we've been hearing a lot of discussion from some of the leading vendors that pricing has become much more material in winning share of the CrowdStrikes or what have you. It doesn't appear that that's the case at all in your results from the growth rates and profitability. So I just want to hear a little bit about pricing. And then more broadly on B, just the competitive dynamics on your results, and you mentioned a $100 million run rate on XSIAM. How has the portfolio helped shape this outcome as you look out over the next number of quarters in Cortex?

That's an excellent question, Keith. I've been reluctant to share my own analogy, but I won't go into that. It's important for me to be clear about our Cortex business. I've always believed that opportunities in the security market arise during inflection points. The endpoint industry experienced such a shift a few years ago with the rise of EDR and XDR players, leading to what I would describe as a normalization among pure endpoint antivirus providers. If we look at the evolution, the number of endpoint players has increased significantly, but we are now seeing a convergence back to just two or three key players. I believe we are among those three growing XDR vendors chosen by customers. We stand out with one of the best proof of concept results in the market compared to other competitors. Today, if you're seeking an XDR solution, there are likely only two or three vendors actively engaged, a significant change from three or two years ago. We're pleased with our position. XDR operates as a pipeline business since it is fairly consistent, and regarding pricing, deal sizes are typically within a set range, necessitating a substantial number of deals to build a robust pipeline and achieve conversions. Our cloud and SASE opportunities are substantial; for example, I currently have $40 million in cloud deals and $40 million in SASE deals, but I don't have any $40 million XDR deals. These types of deals coexist and can be interchanged. We see steady growth, and I believe our unique advantage lies in the fact that XSIAM works exclusively with XDR. Interestingly, in the past 12 weeks, we have acquired 15 XSIAM customers, all of whom are exceeding $1 million. Early signs indicate a growing interest in XSIAM, with the stipulation that it is only available alongside XDR purchases. There is a demand for outcome-driven XSIAM. As I mentioned previously, we must not rush this transition within the industry. We believe that our long-term success with XDR will stem from producing the best security outcomes in the SOC for our customers, recognizing that they require quality data. The only way to secure that data is through Palo Alto's XDR, which enables us to deliver the desired security outcomes through XSIAM. Our strategy remains focused on diligently developing our pipeline and securing deals. Our ultimate aim is to capture significant XSIAM business by integrating and seeding XDR within our customer base. For us, pricing XDR is less contentious; it is more crucial to find the right customers. We intentionally operate in a specific segment of the market and do not target the lower to mid-market segments for XDR. We prefer customers with larger user bases, like those with 10,000 or 15,000 users, as we believe they will more easily transition to XSIAM in the future. We have consistently aimed to build this customer base in preparation for when XSIAM is ready, encouraging our customers to transition from XDR to XSIAM.

Next is Patrick Colville of Scotiabank, followed by Matt Hedberg. Go ahead, Pat.

Hi, guys. Thank you for taking my question. It's good to be back. I want to ask about margin. It’s really impressive to see what you guys printed in margin. I mean, looking at the numbers for fiscal second quarter, to me, the two most important levers were the product gross margin and the sales and marketing costs that were moderated. As we think about the remainder of the year, how should we model out those two levers? So should we continue to expect less incremental pressure from supply chain costs on the product GMs? And how far can this sales and marketing efficiency go?

Well, I think, Patrick, first of all, is Dipak made your life easier by giving you an operating margin guidance for the year. So you don’t have to worry about the component parts. So you can just look at the total and have a wonderful time. Save you some modeling at Palo Alto. So that notwithstanding, I think between Dipak and I, we’ve both said that I contemplated putting this in our earnings script. I had a meeting with an investor. Dipak and I had a meeting for hours about six months to seven months ago. They took us through the brute force of profitability, margins, expansion, and long-term EPS for Palo Alto. The other day, Dipak and I looked at each other and said, you know what, growth is important, but profitable growth is even more important. There’s a series of programs that Dipak has been running over the last six months, which include looking at gross margin across all of our products, looking at our spend across categories, looking at headcount. This is a sustained program we have in place. We’re going to moderate our way through it to ensure that we don’t impact our ability to generate the right amount of growth and the right amount of profitable growth. The thing I’ll leave you with is that we’ve given guidance for the full year for operating margin and how it’s going to evolve. We think it's a very good place compared to where we were expecting to be right now. We also have given you hope that we don’t believe this is the end. We believe we can keep improving from here. So for now, that’s all we’re going to say.

All right. Next, we've got Matt Hedberg of RBC followed by Jonathan Ho. Go ahead, Matt.

Cool. Thanks, guys. Congrats from me as well. Nikesh, I have to go back to SASE. I mean the 50% growth in ARR off of a large base is impressive. You guys took a different approach this year in terms of integrating your core firewall and your SASE sales force. Can you talk about the strides in those conversations into the other sort of 50,000 firewall customers that aren’t SASE customers? How does that discussion go? Just because it feels like such a marriage that makes so much sense from a cross-sell perspective?

Yes, Matt, I believe a satisfied firewall customer is one who feels positive about Palo Alto. If they have implemented our security services, their satisfaction increases, as they understand how those security features operate. We are collaborating with these clients to help them develop their Zero Trust strategies. SASE typically involves a lengthy discussion because it encompasses more than just security. An important aspect that can be overlooked is that with SASE, I take responsibility for your network. I manage the traffic from your laptop to GCP and route it accordingly. Consequently, I become part of your essential operational capabilities, which requires a robust network, low latency, and high availability. These are not standard concerns for traditional security firms, as they aren't accustomed to managing networks. That's why I'm surprised to hear that there are seven other vendors working on SASE solutions. I wish them luck; they need to learn how to operate a network. We chose not to manage the network ourselves; instead, we rely on AWS and GCP, as they excel in that area with their cloud capabilities and low latency. Our SASE stack currently operates concurrently on both GCP and AWS, enabling us to provide higher availability than either platform could offer alone. We are optimistic about our SASE pipeline and our entry strategy. Although the deals may be large and varied, there's a clear product-market fit, and we are experiencing success.

All right. And our next question from Jonathan Ho of William Blair, followed by Saket Kalia. Go ahead, Jonathan.

Congratulations. Just wanted to maybe start out, you've seen some tremendous large deal success this quarter. In terms of the platform consolidation discussions with customers, what are you seeing? Is there evidence of customers maybe standardizing on Palo Alto across multiple areas? What could drive that sort of trend over time? Thank you.

So, William, the reason we showcased the millionaire customers, the $5 million deals, and the $10 million deal slide is that there's a journey here. I’m going to send you a Palo Alto shirt, so you can at least wear that in this meeting. You can wear that other one other times. But anyway, so we showed you a slide of $1 million, $5 million, and $10 million deals because customers go through a journey. It is very rarely that you walk into a fresh customer and convince them to go spend tens of millions of dollars with us. It's usually an evolutionary process where we've become their firewall vendor of choice. They go with us on SASE. They work on cloud, they see the convergence of cloud and SASE. They get XDR. They want to get to XSIAM. So slowly and steadily, we are showing them the benefits of consolidation. I’ll tell you, our largest deal this quarter is north of $75 million.

All right. Our next question is from Saket Kalia of Barclays, followed by Joe Gallo. Go ahead, Saket.

Okay, great. Hey guys, thanks for fitting me in. Numbers speak for themselves, Nikesh. Maybe a question for you. A lot of excitement around XSIAM. Some interesting wins you called out as well in your AI section. But maybe a strategic question for you. As you think ahead, maybe the next couple of years for XSIAM, how do you think that will start to disrupt the SIM market, either from a tech or a pricing perspective? And maybe just to flip that on its head a little bit, is it possible that tools like XSIAM may help expand the SIM market?

So I think, Saket, the SIM market doesn't have a pricing problem. It has a value problem. I spend a lot of money, and I don’t get enough value. If you ask some of the customers out there how they use SIM, SIM is used post-breach or post-event to figure out what happened. SIM is not doing on-the-fly real-time blocking. So when SolarWinds happens, or Log4j happens, you can go to your SIM and look at where it happened, figure out, and trace it back to block the entire attack. What it won't do for you is stop it mid-flight. That's a paradigm shift as far as security is concerned. The only way you can do that and stop it mid-flight is analyzing data as it's being created. To us, the reason we call XSIAM not SIM is that we watch the data in flow. We watch it coming from the endpoint. We cross-correlate mid-flight with firewall data. We go and triage it and automate some of the noise away. We’re looking at real incidents between triage, which are not being put in some large data lake and then running query language against it to see how to solve the problem. They’re already doing it in the back end. Of course, with the availability of new LLMs out there, they can analyze data to highlight what is anomalous and off-pattern. If you can figure that out, then what do you have to do? You have to go ahead and remediate it. You need to be a firewall to remediate on the network, and as an endpoint, to remediate the endpoint. To remediate it in the cloud, you need Prisma Cloud. I think XSIAM is going to bring real-time capability in the SOC, or real-time capability in security. It’s early days. Again, I'm going to keep repeating that we should not get ahead of ourselves. This is where we're heading. If you can picture ChatGPT 10 years from now, picture AI and security 10 years from now. You will not have humans trying to analyze because it'd be too hard for a security analyst to analyze petabytes of data. Already, the data in an organization is too much for a security analyst to analyze.

All right. Great. Next question from Joe Gallo of Jefferies, followed by Ben Bollin of Cleveland. Go ahead, Joe.

Hey, guys. Thanks for the question. Can you just comment on the execution in cloud security despite the backdrop of hyperscaler growth moderation? And then maybe more importantly, where customers are in the journey to cloud security consolidation? It still feels like the Wild West of a lot of disparate products in that category. When does that market merge, which I’d imagine benefits you?

Thanks, Joe. So two quick answers. One, we’re the largest player with north of 2,000 customers in cloud security. I don't know if you explicitly called it out, but our largest cloud security deal was $40 million this past quarter. I don't know any other vendor in the cloud security space who's doing half of that in a quarter in one deal. Yes, there are many small players out there, but we’ve seen a bit of churn in the market where some small players have been acquired and gone. Does that mean we’ll be the only player? No, there will be other players in the medium term, but we feel comfortable that there are people who are consolidating. It feels like the Wild West because customers are still not fully in the total cloud security platform mode, so they haven't fully embraced the necessity to have all those things connected. It's a matter of time and demonstration that it will happen. The cloud security market is a few billion dollars. The hyperscale market is hundreds of billions. The difference is when you commit to a hyperscaler, you commit to transition and spend a lot of money, and a lot of that stuff sits in deferred revenue because they are not fully deployed or customers haven't fully consumed. Cloud security applies to stuff that you consume. If you haven't consumed it or aren't ready, you won’t be buying cloud security. I just think we have a little bit of a gap in terms of when people commit to when they deploy, to when they take cloud security. I think we should see steady continued growth for Prisma Cloud.

Our last question today is from Ben Bollin of Cleveland Research. Go ahead, Ben.

Good afternoon, everyone. Thank you for taking the question. Nikesh, you've talked about some GSI opportunities in the past. I'm interested in how you see that channel developing? What type of tailwinds do you see there? How meaningful is your platform becoming for those partners? Thanks.

Thanks, Ben. I used to say that about a year ago, I’ve had more CIO conversations in a quarter than I did in many years. I now say that about GSIs. In the last six months, I’ve had more GSI conversations than I had in the first five years of Palo Alto. The reason is GSIs are interested in transformation. They’re interested in where they can go into a customer and deploy a much better security outcome for them. We were not relevant as a firewall company with SASE, with cloud security, and with now XSIAM. They see a real opportunity to go in and do some transformation for their customers. Transformation for them means revenue, and solid products in the back. Most GSIs are still early in their journey to build a full cybersecurity competency across the board, so they’d rather deal with fewer vendors than more. Us being leaders in certain categories plays into our strength and our ability to partner with them. We are already involved without calling out deals; there are many deals where we partner with GSIs, they are the front, we work with them as part of a larger transformation project, and we’re seeing more and more of that.

With that, we conclude the Q&A portion of our call today. I'll turn it back over to Nikesh for his final remarks.

Look, first of all, I want to thank all of you for joining our call. I also want to thank our employees, who work really hard towards delivering these results. I have to say, six months ago, when we started to see warning signs, we pivoted hard. We made sure that our teams got ahead of it, and they have delivered. I want to thank all of them for their contribution. As I said, this is a challenging macro environment out there. The only way we’re going to get through this at Palo Alto Networks is to keep our heads down and execute. And that’s what we intend to do. Once again, thank you, guys, and see you next quarter.