Palo Alto Networks, Inc.

Palo Alto Networks, Inc.

$383.36
-14.34 (-3.61%)
NASDAQ Global Select
USD, US
Software - Infrastructure

Palo Alto Networks, Inc. (PANW) Q3 2018 Earnings Call Transcript

Published at 2018-06-05 10:33:08
Executives
Amber Ossman – Director-Investor Relations Mark McLaughlin – Chairman and Chief Executive Officer Nikesh Arora – Succeeding Chairman and Chief Executive Officer Kathy Bonanno – Chief Financial Officer Mark Anderson – President
Analysts
Keith Weiss – Morgan Stanley Phil Winslow – Wells Fargo Matt Hedberg – RBC Capital Markets Andrew Nowinski – Piper Jaffray Jonathan Ho – William Blair Gabriela Borges – Goldman Sachs Saket Kalia – Barclays Capital Ken Talanian – Evercore ISI Walter Pritchard – Citi Shaul Eyal – Oppenheimer Michael Turits – Raymond James Rob Owens – KeyBanc Capital Markets
Operator
Good day, everyone, and welcome to the Palo Alto Networks Fiscal Third Quarter 2018 Earnings Conference Call. Today's conference is being recorded. At this time, I'd like to turn the conference to Amber Ossman, Director of Investor Relations. Please go ahead, ma'am.
Amber Ossman
Good morning, and thank you for joining us on today's conference call to discuss Palo Alto Networks fiscal third quarter 2018 financial results. This call is being broadcast live over the web and can be accessed on the Investors section of our website at investors.paloaltonetworks.com. With me on today's call are Mark McLaughlin, our Chairman and Chief Executive Officer; Kathy Bonanno, our Chief Financial Officer; Mark Anderson, our President; and Nikesh Arora, Palo Alto Networks newly appointed Chief Executive Officer. This morning, we issued a press release announcing our results for the fiscal third quarter ended April 30, 2018. If you would like a copy of the release, you can access it online on our website. We would like to remind you that during the course of this conference call, management will make forward-looking statements, including statements regarding our financial guidance and modeling points for the fiscal fourth quarter and full fiscal year 2018. Our competitive position and the demand and market opportunity for our products and subscriptions; benefits and timing of new products and subscription offerings; and trends in certain financial results, operating metrics, mixed shift and seasonality. These forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. These forward-looking statements apply as of today, and you should not rely on them as representing our views in the future, and we undertake no obligation to update these statements after this call. For a more detailed description of factors that could cause actual results to differ, please refer to our quarterly report on Form 10-Q filed with the SEC on February 27, 2018, and our earnings release posted a few minutes ago on our website and filed with the SEC on Form 8-K. Also, please note that certain financial measures we use on this call are expressed on a non-GAAP basis and have been adjusted to exclude certain charges. For historical periods, we've provided reconciliations of these non-GAAP financial measures to GAAP financial measures in the supplemental financial information that can be found in the Investors section of our website located at investors.paloaltonetworks.com. We would also like to inform you that we will be participating in the Bank of America 2018 Global Technology Conference on Wednesday, June 6, in San Francisco; and the 2018 William Blair Growth Stock Conference on Wednesday, June 13, in Chicago. And finally, once we have completed our formal remarks, we will be posting them to our Investor Relations website under Quarterly Results. And with that, I will turn the call over to Mark.
Mark McLaughlin
Thank you, Amber, and thank you, everyone, for joining us this morning for our fiscal third quarter 2018 results. Before getting to the results for the quarter, I'd like to start by welcoming Nikesh, who will succeed me as Chairman and CEO of the company this week. I've been working with the Board of Directors over the past several quarters on a succession plan after having had the incredible privilege of leading the team here for nearly 7 years. I'm immensely proud of all the team has accomplished in that time, and the company is on very strong footing and well positioned for the future. In Nikesh, we found a leader who's ideally suited to take the company on the next leg of its journey of rapid market share gains with our security operating platform. His experience at Google as the Chief Business Officer as well as his experience as the President of SoftBank brings demonstrated abilities to scale at rapid rates and run very large and fast-growing global organizations. I'll be working with Nikesh over the coming months to assist in the transition, and I'll remain with the company as Vice Chairman of the Board of Directors supporting Nikesh and the team with our mission of protecting our way of life in the digital age. Welcome to the team, Nikesh, and congratulations.
Nikesh Arora
Thanks, Mark. This is Day minus 2 for me on the job, so all I can talk about are my impressions. I've had the pleasure and privilege of getting to know the Palo Alto team, the board, and the company over the last few months. The more time I spend, the more excited I get about the space, about the company, and the people. It is clear to me that we're still in the very early stages of the cloud revolution for enterprises. I was fortunate enough to see it early at Google and participate in the growth and scaling there. I think we have a very, very similar opportunity here. I think cybersecurity is one of the most exciting spaces out there. For me, even more exciting is to be able to see firsthand what Nir, you, and the team here have built. This company, for me, is truly unique. Your growth is testament of the quality of the offering, your customer centricity, as well as the execution capability that you have built over the last seven years. For me, great companies are built by collecting great people, motivating them towards a common mission with the right set of values, and it's evident to me that the members of the Palo Alto Networks team are those people. I couldn't be more excited and honored to become part of the Palo Alto Networks team and work with the leadership to continue to build on the good work that you have done and cement the company's position as a leader in the security space.
Mark McLaughlin
Thanks again, Nikesh. Welcome again. With that, let's turn to the quarter. I'm very pleased with the strong results we delivered on our third quarter. On a year-over-year basis, Q3 revenue grew 31% to $567.1 million. Billings were up 33% to $721 million. Non-GAAP operating margin was 20.3% and we delivered non-GAAP earnings per share of $0.99. We are seeing strong global demand for our security operating platform due to the ever-accelerating and rapidly evolving threat landscape and the resulting significant consequences to businesses that lose the trust of their customers. As our results show, our competitive advantage is increasingly evident. The ecosystem leverage of our platform is growing rapidly, and we continue to capture market share at high rates and at very large scale. We had another strong quarter of new customer additions and are pleased to now serve approximately 51,000 customers around the world. In addition to robust new customer acquisition, we also continue to rapidly increase our wallet share in existing customers. Our top 25 customers, all of which made a purchase this quarter, spent a minimum of $28.7 million in lifetime value in Q3, a 43% increase over the $20.1 million in Q3 of fiscal 2017. Some examples of customer wins and competitive displacements in the quarter include beating Cisco to become the security standard in both a global leader in the hospitality and entertainment industry as well as a leading cloud-based provider of benefits and HR solutions; a Check Point replacement in the data center at one of EMEA's largest defense system manufacturers and a competitive win against both Check Point and Cisco to become the public cloud security standard for one of the largest U.S. health care providers; also competitive wins against Symantec to become the endpoint security vendor on tens of thousands of workstations to secure a U.S. statewide education system as well as Zscaler with our new GlobalProtect cloud service to secure more than 1,500 stores of a large U.S.-based retailer. Customer and prospect interest and engagement in our security operating platform is very high. We were pleased to host a record crowd of over 4,000 customers and partners recently at our annual Ignite User Conference in Anaheim. At Ignite, we showcased the continued strong momentum around our platform capabilities, including the third evolution, which is the Application Framework. The Application Framework fundamentally changes the entire consumption model in security, and we were delighted to have over 30 companies, such as Microsoft, ServiceNow, and Proofpoint as well as leading, highly innovative startups like Phantom, which Splunk just acquired, previewed their applications. The Application Framework marries security innovation and ease of consumption, which is a compelling value proposition for our customer base and is helping to drive purchases of the foundational elements of our security operating platform in the network, on endpoints and in the cloud. In the network, the introduction of PAN-OS 8.1, in addition to the new hardware delivered over the past 15 months, including the most recent PA-3200 series, the PA-5280 and the ruggedized PA-220, allows us to reach new customers while driving expansion sales and opening new use cases in existing customers. These appliances offer customers increased SSL decryption capabilities, higher performance and capacity, and superior price performance, and they serve as critical sensors for log collection and enforcement points for the Application Framework. And on endpoints, we were pleased to announce the release of Traps version 5.0 in March, which brings a new level of functionality to our Advanced Endpoint Protection offering. Customers can now utilize our cloud-delivered management service, which allows for easier deployment and day-to-day management. Also, with the addition of Linux support, Traps now plays a major role in securing cloud applications. We continue to see strong momentum with Traps and are receiving market validation as a leading endpoint security vendor. In April NSS Labs' independent evaluation of Advanced Endpoint Protection offerings, Traps garnered a recommended rating. Their report evaluated 20 different vendors looking specifically at protection against a variety of malware, exploits, blended threats and evasions. Traps blocked 100% of evasions and exploits with zero false positives, and the report identified Traps as having the most favorable rating when weighing overall effectiveness and total cost of ownership. We also announced the acquisition of Secdo in April. Secdo brings leading endpoint detection response capabilities to Traps. Secdo's unique thread level approach to data collection and visualization goes beyond traditional EDR methods and will also feed into our Logging Service, giving applications running in the Application Framework greater precision to detect and stop cyberattacks across our entire platform. For cloud security, we have shown that you must protect all applications and all platforms through the combination of inline, host and API-based security, which we do through our VM-Series, Traps and Aperture offerings. And we're excited in the quarter to acquire Evident.io, a leader in public cloud infrastructure security. With Evident, we now provide continuous monitoring of public cloud deployments, cloud storage protection and compliance validation and reporting. Customers can now better understand how applications are being deployed and used in our cloud environments, produce detailed compliance reporting and achieve an overall superior security posture for cloud deployments. We will also be able to leverage the data collected from Evident's consistent monitoring to enhance the effectiveness of other applications in the Application Framework. We've seen very good traction already with Evident, both in terms of customer interest and pipeline. We are helping our customers solve their most pressing security needs and drive digital transformation through security transformation. As we head into the end of our fiscal 2018, we're excited about the significant and growing total addressable market for security, our leading position in the market and the growing competitive advantages we are driving through our security operating platform. I want to once again thank our team and partners for their ongoing hard work and dedication to our mission of protecting our way of life in the digital age and our customers who place their trust in us every day. And with that, I'll turn the call over to Kathy. Kathy?
Kathy Bonanno
Thank you, Mark, and welcome, Nikesh. Before I start, I'd like to note that except for revenue and billing, all financial figures are non-GAAP and growth rates are compared to the prior year periods unless stated otherwise. In the third quarter, we drove robust top line growth with both new and existing customers adopting offerings across the full breadth of our security operating platform. We once again delivered market-leading revenue growth in combination with year-over-year operating margin expansion and earnings per share growth. I'm pleased with our results. And as we look to the remainder of fiscal '18, we are well positioned to deliver a strong finish to the year. In Q3 2018, total revenue grew 31% to $567.1 million. By geography, Q3 revenue grew 29% in the Americas, 35% in EMEA and 37% in APAC. Q3 product revenue of $215.2 million grew 31% compared to the prior year. Q3 SaaS-based subscription revenue of $192.5 million, increased 38%. Support revenue of $159.4 million increased 25%. In total, subscription and support revenue of $351.9 million increased 32% year-over-year and accounted for a 62% share of total revenue. Turning to billings, Q3 total billings of $721 million increased 33%. The recently announced acquisitions were not material for revenue and billings in the quarter. Total deferred revenue at the end of Q3 was $2.2 billion, an increase of 34%. Gross margin was 76.2%, a decline of 20 basis points compared to last year. Q3 operating expenses were $316.6 million or 55.9% of revenue, which is a 210 basis point improvement year-over-year driven primarily by ongoing increasing leverage in sales and marketing. Operating margin was 20.3%, an increase of 190 basis points year-over-year and includes approximately $3 million of operating expense related to M&A. We ended the third quarter at 5,121 employees. Non-GAAP net income for the third quarter grew 67% to $95.1 million or $0.99 per diluted share. On a GAAP basis for the third quarter, net loss declined 23% to $46.7 million or $0.51 per basic and diluted share. This includes a loss of $23.8 million due to updated sublease estimates associated with the company's former headquarters and $13.3 million in acquisition-related expenses. Turning to cash flows and balance sheet items. We finished April with cash and cash equivalents and investments of $2.2 billion, which takes into account approximately $375 million of cash consideration for acquisitions during the quarter. Q3 cash flow from operations of $241.3 million increased 14%. Free cash flow was $212.5 million, up 31% at a margin of 37.5%. These numbers include approximately $10.6 million of operating cash outflow related to M&A for acquisition-related costs and ongoing operating expenses. Capital expenditures in the quarter were $28.8 million. DSO was 58 days, a decline of 20 days from the prior year period. Turning now to guidance and modeling points. Please remember, this guidance includes the type of forward-looking information that Amber referred to earlier. For the fiscal Q4 2018, we expect revenue to be in the range of $625 million to $635 million, an increase of 23% to 25% year-over-year; product revenue to be in the range of $246 million to $249 million, an increase of 16% to 17% year-over-year; billings to be in the range of $815 million to $830 million, an increase of 22% to 24% year-over-year. We plan to invest between $10 million to $12 million or $0.08 to $0.10 per share related to our recent acquisitions. With this investment, we expect fourth quarter non-GAAP EPS to be in the range of $1.15 to $1.17 using approximately 97 million to 99 million shares. For the full year fiscal 2018, we expect revenue to be in the range of $2.240 billion to $2.250 billion, representing growth of 27% to 28% year-over-year; product revenue to be in the range of $850 million to $853 million, representing growth of approximately 20% year-over-year; billings to be in the range of $2.807 billion to $2.822 billion, representing growth between 22% and 23% year-over-year; non-GAAP EPS to be in the range of $3.86 to $3.89 using 95 million to 96 million shares, which includes our acquisition-related investments in the fourth quarter. And we continue to expect capital expenditures to be approximately $100 million. Before I conclude, I'd like to provide some additional modeling points. Our non-GAAP EPS guidance includes the impact of our recent acquisitions and assumes that we will be at the lower end of our gross margin range. Our Q4 non-GAAP effective tax rate will be 22%, and our full year non-GAAP effective tax rate is expected to be approximately 24%. And we expect fiscal year free cash flow margins to be in the range of 39% to 40%, which includes approximately $30 million of cash expenditures associated with acquisitions. Excluding the acquisitions, we expect full year fiscal 2018 free cash flow margin of between 40% to 41%. With that, I'd like to open the call for questions. Operator, please poll for questions.
Operator
[Operator Instructions] Our first question will come from Keith Weiss with Morgan Stanley.
Keith Weiss
Excellent, thank you guys. Very nice quarter. Mark, it's been a pleasure working with you and sorry to see you go. But it does seem like you guys got a really solid replacement in Nikesh, and welcome onboard. I guess, a high-level question on the performance in the quarter. 31% product growth is something we haven't seen from Palo Alto in a while. But even more so, it's something we're not really seeing across the board in terms of your peers who seem to be struggling to sort of sustain any real type of growth in their core markets. Can you talk to us a little bit about sort of what's kind of creating that separation between you and your peers, and how durable you think that is on a going-forward basis, and to what degree the messaging around security operating platform is playing into that separation?
Mark McLaughlin
Sure. Thanks, Keith, and thanks for the kind words. I appreciate that. Well, as you can see, the product growth is very strong. Platform growth is very strong. And I think it's really important for us to understand inside the company, outside the company as well, the whole concept of security operating platform is resonating very well. As we've talked about before with the three evolutions, with the Application Framework being the third one right now, the customers that we speak with, the prospects we speak with almost unanimously across the board really resonate with that. It's an answer to a significant, significant problem about how do you get more automation and how do you get less complexity in their environments. They like it a lot. Now they realize as well that in order to do that or achieve the most value from that, it will become increasingly important that they, in essence, standardize on Palo Alto Networks in all the positions for data centers and enforcement points, which is in the network, on the endpoint and in the cloud. And of course, we need to every single day of the week be the very best at all those positions as well on a – I'll call them a stand-alone basis, which we're very confident. And you can see that from the release of the hardware, the operating system releases, the new version of Traps, the Evident acquisition, things we're doing at every one of the positions to make sure we win head to head across. But I would say that it seems that to me, and I think the team here who spends a lot of time with customers, the concept of the Application Framework, the third evolution and getting consistency across the entire platform is working very well and driving purchases of all the underlying aspects.
Keith Weiss
Got it. And if I could sneak in one follow-up. Nikesh, although definitely has a great background as a leader, not a traditional security pick. Maybe Mark, as your new position as Vice Chairman of the Board, if you could give us some visibility into how the – how the board got comfort in sort of having a nontraditional security leader be leading up what is still a very much a security-focused company.
Mark McLaughlin
Well, sure. And security will continue to be our focus, so let me be clear about that, and thanks for the question. Yes, as I was talking with the board over the last several quarters about succession planning – it's been amazing to run the company for the past seven years or so. I said we would want to make a change at the right time. There's no hurry for this. I was basically saying if we find the right person at the right time, we would do it. That had us thinking, of course, about what does the future look like. When we look at the company, we have 5,000-plus security professionals in the company. They're best in the world, starting with Nir and Lee and other folks in the team. We have some of the best operating executives in René and Mark Anderson and folks who are very committed to the company, which is fantastic. So security is something we know genetically and from a DNA perspective. So we start to think about where the company's going to look like in five years from today. I would garner to say that it's more of the security operating platform I just laid out. It’s got a lot to do with massive datasets with analytics, with the infrastructure required to support those, the cloud, SaaS. It’s very clear that security is heading in that direction and that we’re forcing it in that direction as a company. So that really informed our pick for the succession planning, which should be a great, accomplished business leader, somebody who’s a culturally great fit and somebody who also has experience ideally with large-scale platforms that have those kind of characteristics. There’s not a lot of those platforms in the world. There’s not a lot of people who have that kind of experience. We’re fortunate to find Nikesh and spend the last few months with him to make sure that we had alignment across all those variables I just laid out. So that was really the thought process, Keith.
Operator
Our next question will come from Phil Winslow with Wells Fargo.
Phil Winslow
Hey guys, thanks for taking my question. Mark, my congrats again for your move-up to Vice Chairman. I have known you since back at VeriSign. You not only been a super impressive executive, but a real gentleman. So it’s been fun, and congrats on your new role.
Mark McLaughlin
Thank you, Phil. I’ll try to continue to be a gentleman. Yes.
Phil Winslow
Pulled it off well. All right. Yes, just a question on the quarter. Obviously, you noted several competitive displacements and wins sort of across the portfolio. When you think about just the competitive environment out there, particularly from a pricing perspective, there’s been a lot of conversation about that, just sort of what have you seen out there? Any changes that you’d highlight sort of across the platform?
Mark McLaughlin
Yes, sure. Let me take that first, and I think Mark probably have some good commentary as well. He spends a massive amount of time in the field with the customers. What we’re seeing from a pricing perspective is no change in the sense of it’s a very competitive market. The competition has always been competitive in pricing. I think they increasingly go to the price card out of desperation in a lot of cases. And what we’ve seen in our business is being able to sell value first, the security operating platform as being very unique. Nobody can match that. And the third, in doing that and perhaps interestingly, as we have done a very nice job discipline-wise by having discounting improve – quarter-over-quarter improved again sequentially and year-over-year. So in the face of all that strong competitive pricing pressure, we continue to sell the value of the platform. Mark do you have any comments?
Mark Anderson
Yes. Hey Phil, it’s Mark Anderson here. So with the last 18 months of product announcements, the hundreds of features that we brought into the platforms that we’ve – the hardware platforms that we’ve replaced, I think price performance-wise, we’ve got very compelling offers there. But I think most importantly, when customers get a sense for where we’re taking security with the third evolution, the Application Framework, I think the kind of future proof nature of us being able to help them distill security innovation into consumable form factors on the Palo Alto Networks kit, I think, is a very compelling value proposition. And I think that’s something that every customer I talk to takes into consideration when they’re making a decision for paying 2 or 3 times for Palo Alto Networks what our desperate competitors are charging for their stuff.
Phil Winslow
Got it. And just actually a follow-up on the App Framework for my next question here. Wondering if you could give us sort of, I guess, a grade of sort of where you stand so far in the development. And what milestone should we, from the outside looking in, point toward for sort of success there?
Mark McLaughlin
Yes. It’s a great question, Phil. So first, let me start with where it is. The Application Framework is very real today. We announced it about a year ago, and over the course of the last year have made a lot of progress on a number of things. One is making sure that from an App Framework perspective, the third parties can create apps easily into the framework. The second thing was the development release, and so far very successful launch of the Logging Service, which allows all the data to be collected there. We just had Ignite User Conference last week, and we had over 4,000 folks there and there was 30 companies who were previewing their applications, which was fantastic right there in the demo floor. We really, really liked that the customers saw not only their applications, but also workflow between the applications as well. And we highlighted a number of them on stage just to give a sense of that. We also announced that the Application Framework could be production-ready in August. So very soon, we’ll be able to actually use that with customers, so lots of good traction. I would say and people have asked me this before, how do you think about it in the future, let’s say, the definitions of success in the Application Framework, which you’re driving towards, would be a lot of applications in that framework. And I think somebody said onetime that a real platform is successful when there’s more value driven across the top of the platform than the platform itself. So we would expect that over time, customers will get a lot of value from the applications running on top of the framework.
Operator
We’ll go next to Matt Hedberg with RBC Capital Markets.
Matt Hedberg
Hey guys, thanks for taking my questions. I’ll offer my congrats to you, Mark, as well. It’s certainly been great working with you over the years. And Nikesh, congratulations on the role, excited to see what you bring to the company. Maybe I’ll start with Nikesh. Obviously, you mentioned that it’s Day minus two. But your ability to scale businesses at Google was certainly impressive. You mentioned there are some similarities. I’m curious when you did your due diligence, what are some of those similarities you came away with? And any insights in how you think Palo Alto is well positioned to thrive in a public cloud environment?
Nikesh Arora
Thank you, Matt, for asking the question and thank you for your congratulations. As I said, it’s Day minus two, so anything I say is subject to change. So I think the early impressions are, I think there’s no question in anybody’s mind that we’re still early in the cloud revolution, and in the next few decades, we will see almost every company out there having to make that transition. And I think Palo Alto Networks’ mission on sort of preserving our digital life and keeping it safe is going to – in line with that cloud transition. As we go to that transition, huge amounts of datasets are going to be created, people are going to have to keep track a lot of data, we have to apply a lot of AI, machine learning. And just this notion that Mark talked about of sort of migrating or transitioning to an Application Framework where we can bring a best-of-breed and help people to sort of participate with Palo Alto Networks being sort of the one who brings this solution to the end customer is extremely empowering and extremely powerful. I think that’s sort of my early impression that being able to take the company along that path with the team that is working on those product areas is going to be fundamentally exciting.
Matt Hedberg
That’s great. And then maybe as a follow-up. We continue to hear good things about GlobalProtect. And Mark, you called it out in your prepared remarks, a nice win there. Could you talk a little bit more about the competitive landscape there? Are there some even – some legacy competitors that you’re seeing there? And I guess, just a better sense on pricing for GlobalProtect would be helpful. Thank you.
Mark McLaughlin
Yes, sure. And Matt, we do – as you know, we have GlobalProtect – I mean, GlobalProtect cloud service as well, and it’s all part of the platform, of course. And over time, what you’ve seen us do is ensure that customers can use our security operating platform with the appropriate form factor for the appropriate use case, right? So we have hardware in some cases, big hardware, small hardware. We have agents on the endpoint. We have virtual machines in the cloud, API hooks for SaaS applications. And with GlobalProtect cloud service, you have the ability for what we would traditionally call network security to just point it at the cloud and have the full-on next-gen firewall capabilities as well. That’s important for branch offices, mobile users and places where you want to reduce your MPLS costs, and customers are reacting very well at that. From a pricing perspective, we’re competitive price-wise. As we are with everything in our platform, we can be because we think it’s best on a head-to-head basis. And also the value of it being consistent across the platform helps as well, and we’ve seen really good early success with GlobalProtect cloud service.
Operator
Our next question will come from Andrew Nowinski with Piper Jaffray.
Andrew Nowinski
All right, thanks. Congratulation, Nikesh, on your appointment. And Mark, it’s been a real pleasure working with you over the years. Just a question on – maybe on virtual firewalls. There’s always been a view in the market that the move to the cloud is somewhat bad for security. Can you just give us any color on the demand trends you’re seeing on the Virtual firewall side and how they’re maybe driving some larger deals?
Mark McLaughlin
Yes, sure. It’s a really good question. And as Nikesh mentioned a little earlier, the move to the cloud is inevitable. When you look at the amount of IT spend and how much of it is in the cloud today, it’s actually pretty small. So I think we’re in the early innings of this. And we’ve seen in our business, again back to the right form factor for the right use case, that the VM-Series is going very well at the inline portion for protection and protecting offerings in the cloud. And that’s going very well. That’s been, we think, additive to the business so far. We’d expect that to be the case into the future because we see existing customers not only buying VM-Series, but most everything else in the platform along the way, which is fantastic. And we would expect that, that part of our business is going to continue to grow as people continue to – as well.
Andrew Nowinski
Okay, got it. And then I know it’s – the platform and automation, as you said, were driving a lot of the product revenue growth this quarter. But could you maybe give us just an update on where you think we’re at with regard to a refresh cycle given the new 3200 Series out in February and you had the 5200 last year? A lot of new appliances in the market, just wondering how much of that’s contributing just specifically from the refresh cycle. Thanks.
Mark McLaughlin
Yes. Great question. As you can see from the about 51,000 customers we’re serving today, the size of the customer base continues to grow very nicely over time quarter-over-quarter, so the cohorts keep growing over time. As we’ve said in the past, as these cohorts get bigger and as in the latter years the refresh cycle becomes an increasingly large contributor to the business, we’d expect that would continue into the future. And by giving customers new capability sets not only in the hardware, but also the operating system, and reasons to refresh if they’re already a customer or come to us if they’re not are very important. The drivers in the hardware side of our business, I think, really fall into three categories. The first and I think the most prevalent today is the expansion opportunity with so many customers who are – where you can see the lifetime value creation goes up very significantly, we think that’s the biggest driver. We also have net new customer acquisitions. It’s very high. As you can see again from the quarter, that certainly helps. And then the third is refresh, which is performing very well for us. We think that’s going to continue to be the case and will continue to grow as a contributor over time.
Andrew Nowinski
Great. Thanks Mark.
Mark McLaughlin
Thanks, Andrew.
Operator
We’ll go next to Jonathan Ho with William Blair.
Jonathan Ho
Let me echo my congratulations as well. I just wanted to start out with the Application Framework and maybe some of the commonalities that you’re seeing with some of the new customers that have signed up and maybe how you think about that from a revenue opportunity as well.
Mark McLaughlin
Yes. Jonathan, great question. I described this since we started with the Application Framework as what we inevitably would see as a push-pull on the right. And the push aspect of it is going to be, over time, how much value these applications deliver over top of the Application Framework. And perhaps someday, we would monetize this. We don’t have a plan to do that right now. We think our main focus there should be just growing a very healthy ecosystem of developers, and then we’ll see how that transpires over time. The flip of it with the pull, I think, is very evident already for us, which is customers really resonate with the ability to reduce the complexity of their footprint in their – in all of the network, including cloud and also the simplicity of working with less vendors through a platform, right? And that is driving purchases of all the foundational aspects, which we view as not only fantastic security capabilities themselves, but also data collectors and enforcement positions. So that’s in the network, that’s on the cloud, it’s on the endpoint, and all those are growing very nicely for us.
Jonathan Ho
Got it. And then relative to Traps 5.0 and the Secdo acquisition, can you talk a little bit about what new capabilities you’re adding here and maybe what challenges you’re addressing with that acquisition?
Mark McLaughlin
Sure, yes. I think there’s two ways to think about that, Jonathan. The first and the most probably evident one is that Secdo brings EDR capabilities to Traps. That’s an important capability to customers, definitely, one. So our ability to have that is important. We believe that the way that Secdo does EDR is very unique with some very unique thread-level capabilities and visualizations. You’ll see that come back into Traps early in the calendar fiscal 2019 – I’m sorry, early calendar 2019, and that’s what we’re going to do with that capability. In addition to that, and I don’t know if you were at Ignite or had somebody there, but we also talked about taking the Secdo EDR capability and applying it across the entire platform, so not just endpoints, but also network and cloud as well. This concept we call XDR, meaning across the entire platform, so that you can get the best EDR capabilities everywhere from a security perspective not just on endpoints. We think that’s going to be an unmatched capability simply because of the size of the deployments we have in all the data locations.
Jonathan Ho
Thank you.
Mark McLaughlin
Thanks, Jonathan.
Operator
Gabriela Borges with Goldman Sachs has our next question.
Gabriela Borges
Good morning and thanks for taking the questions and congratulations to the team. Maybe for Mark Anderson and maybe Kathy as well. The last time we saw 30%-plus-type product growth were back in 2016, and that was subsequently followed by a little bit of a slowdown. So the question is how you’re thinking about managing through tougher comps at a high level going into next year. And a follow-up for Kathy. Just on the incremental investments that you discussed in the prepared remarks in the acquisitions, just a little more on what you’re investing in. Thank you.
Kathy Bonanno
Thanks for the question. Yes, we’re very excited about our product growth this quarter, obviously, very strong number. The platform, as Mark mentioned, is resonating with customers, and the security operating platform is experiencing a lot of interest from customers, both push and the pull side, as Mark mentioned. So we’re really happy with the performance of products. We think that we still have a lot of market share opportunity, and we’ve been growing into that share year after year after year. So we think there’s still a lot of opportunity for us to grow, and that growth can be sustainable for years to come. In terms of incremental investments that we’re making, we’re obviously integrating the newly acquired technology in the case of Secdo into our platform, so that’s coming off of the market. And we’re working on that integration now. For Evident and Secdo alike, we are working on operationalizing, making sure that we have a great go-to-market plan for both of those product offerings and just overall making sure that we have the right marketing messages, integration and operational plan for those services.
Mark Anderson
Gabriela, it's Mark Anderson. here. So I think a couple of things. Our field sales team is really quite disciplined in going after business, both with expansion opportunities with existing customers as well as propositions for new customers, especially ones that are embarking on their own digital transformation journey. I think we provide a consultative type of approach, but it's really a subject matter expert with regards to security in that journey. And it gives us the opportunity to show them how important being able to future proof their investments with, again, access to the Application Framework, like I mentioned earlier. I think also, just hardware cycles come and go. But I think by and large, customers are telling us that our approach to security to provide consistent security everywhere at the endpoint, in the cloud and on-prem in customers perimeters is really differentiated from what our competitors are doing, either by providing an architecture that is just unrivaled out there.
Gabriela Borges
That’s helpful color. Thank you.
Operator
We'll go next to Saket Kalia with Barclays Capital.
Saket Kalia
Hi, thanks for taking question. And congrats to both of you on your new opportunities. Maybe for you, Mark, I believe several other parts of the Application Framework are going to be generally available here starting in August. Maybe related to Jonathan's questions, can you give us any broad brushes on how the pricing here might work and what you're seeing initially from customers on accepting that different consumption model?
Mark McLaughlin
Saket, that's very good question. And yes, probably the best thing to just clarify when we say the Application Framework is production-ready come April, what that means is that third-party applications will be available through the framework. From a pricing perspective, today, the relationship or – that is between the application provider – I'm sorry, I said April, I meant August. 10 people give me notes to correct that. In August, I'm sorry. The relationship from a pricing perspective will be through the customer right with the application provider themselves. So that's what it will look like on the beginning, meaning we don't have an intent right now to try to monetize that. From our perspective perhaps over time, like you said, when we're driving a lot of value, we'll be in the position to do that. What we're definitely seeing right now in the business, though, is the pull aspect, which is because of the compelling nature of the idea of being able to actually have a lot of innovation in the market but not have to deploy form factor after form factor to collect data to get one more feature, customers like that a lot. And I think they will standardize on Palo Alto Networks. I think they are standardizing on Palo Alto Networks, and the network increasing, the endpoints and the cloud as well, so that's a driver of our business. I think it's been a driver for the last year. There's lots of other drivers as well, but I think that's a driver that's happening, and I think we're going to see that continue into the future.
Saket Kalia
That's helpful. Maybe for my follow-up for you, Kathy. You talked to the impact of that Evident and Secdo we're having here from the EPS perspective in the fourth quarter. Can you give us any broad brushes on any billings or revenue impact it might have either in the quarter or maybe on an annual basis?
Kathy Bonanno
Yes. On the quarter, the billings and revenue impact was immaterial. Going forward, obviously, we're working on our plans and our go-to-market plans, and we're certainly hoping that we have good revenue and billings performance from both of them. We see a lot of opportunity with both of those products given the demand for cloud, security, and as well the EDR capabilities are going to be a great addition to our endpoint service offering.
Saket Kalia
That’s very helpful. Thank you.
Operator
Our next question comes from Ken Talanian with Evercore ISI.
Ken Talanian
Hi, thanks for taking the question. Nikesh, I realized it's early, but could you provide some of your initial thoughts on M&A and general thoughts for the potential for consolidation within the security sector?
Nikesh Arora
Thank you, Kenneth for the question. I think it's inappropriate for me to have thoughts on M&A until I fully understand the entire product offering of Palo Alto Networks, which I do to some extent, but I'm going to spend a lot of time in the early part understanding the company, our priorities and make sure that we continue to execute on the rhythm and pace that Mark has set and what you guys have gotten used to because that's got like a stake on the table that I need to make sure I maintain. And then we'll hopefully, over the future quarters, have more substantive conversation with a lot of you about where we see the opportunity and if we need to do anything or not.
Ken Talanian
Great. And I guess, as a follow-up, just to circle back around GlobalProtect cloud. Is the primary use case there branch office applications? Or are you seeing broader interest in using the solutions instead of hardware?
Mark McLaughlin
Yes. We’re seeing a few use cases, primarily, again, early on, one is branch, also second is mobile users as well. So I think both of those are drivers. We expect those to continue to be drivers in the future.
Ken Talanian
Great. Thanks very much.
Operator
We’ll go next to Walter Pritchard with Citi.
Walter Pritchard
Hi, thanks. Mark, as well congrats on finding a successor here that looks to fill your shoes at least mostly. On – a few questions for Kathy. One, just on – as we think about going into Q1, I know you’re not providing guidance for next year. But seasonality has been a bit moving around as the business has evolved. And I’m wondering what you could tell us about how you think about the shape of the year into next year with Q1. And then just had one follow-up question on the subscription side.
Kathy Bonanno
Sure. Thanks, Walter. Yes, we have definitely seen seasonality become a bigger factor in our business, and we are seeing pretty normal seasonality patterns with our strongest quarters sequentially in terms of sequential growth being Q2s and Q4s. And that continues to be the case, and I would expect that to continue into Q1.
Walter Pritchard
Great. And then on the subscription side, I’m wondering, you have two pieces there. One, I think is pretty easy for us to model with the – attaching to appliances. You’re seeing a continuation, it looks like, in three-year attach there. And then on the unattached side, you just have a number of new products, some acquired, some products you had for some time. Can you help us understand how the subscription side is splitting out and maybe relative growth rates between the attached and nonattached?
Kathy Bonanno
Sure. The nonattached business we mentioned at Analyst Day was on a $240 million run rate, growing very fast, growing at about 85% year-over-year. And so while it remains about – getting close to about 10% of our overall business, still a relatively small portion of our business, but growing much faster than the rest of the business because it’s newer and obviously a smaller portion of our business. And so just in terms of law of large numbers, growing much faster. We’re obviously adding more and more subscription offerings that are nonattached, and you’ll see that in the Application Framework as well. And so we do expect that the nonattached business will continue to become a bigger part of our business and will continue to grow very fast. The rest of the business is also growing very well. As you saw, our services billings growth rate was over 30% this quarter. And so the rest of the business continues to grow very fast. And the attached business, because it’s – nonattached business, because it’s a relatively small portion, doesn’t influence the overall growth rate to a significant degree at this point.
Mark McLaughlin
Yes. If I could just make one other point. Kathy said at the end of Q2, we’ve given out the billings contribution run rate at about $240 million, growing very quickly. As you can see, that continues to go up over time. And I think probably the interesting thing about that is with that approaching 10% of the billings run rate, which is good, it’s against a very large base as well. And that base is continuing to grow very well. So if you think about the network security business and particularly the SaaS security services associated with it, that’s a large business growing very well in itself, right? So the level of contribution takes time for the nonattached to grow simply because it’s being matched against a large – very fast growing business as well.
Walter Pritchard
Great. Thank you.
Operator
Our next question comes from Shaul Eyal with Oppenheimer.
Shaul Eyal
Thank you. Good morning guys, congrats on the strong quarter and outlook. Nikesh, welcome onboard. Mark, we still have you onboard literally, so not saying goodbye here. One for Mark, one for Nikesh. Mark, on Europe, another strong quarter, up 35% year-over-year. Talk to us a little bit about the different dynamics you’re seeing in Europe than there was in the U.S., maybe how this GDPR in that context play into the equation.
Mark McLaughlin
Yes, sure. So I’ll take the beginning. I’ll hand it over to Mark. He just came back from over there a little while ago. GDPR, this is a big picture, is driving a lot of interest in how do you use what we term state-of-the-art capabilities, particularly GDPR has a requirement – or avoiding liability that folks using state-of-the-art capabilities for cybersecurity. Of course, there's a definition to that, which is probably the right thing to do for regulators. But it raises a lot of questions for customers, which are positive for us, which is how would you do that, that state-of-the-art capabilities. And we think everything that we provide, plus the platform, fits very uniquely here. Mark, can you just?
Mark Anderson
Yes. I think you nailed it, Mark. I think, for us, legislation like GDPR just heightens awareness of customers to do something different than what they've been doing for the last two decades. And I think I would highlight that and also highlight the fact that government over there, the EU as well as each of the individual countries in the EU, have never been more open to working with thought leaders like Palo Alto Networks to do things like share threat intelligence, have bilateral threat sharing agreements. So I think our relevance in Europe, because of maybe a little more conservative group of countries, has really ramped in the last four or five quarters, and you've seen that in the performance. We get invited to the do a lot more.
Shaul Eyal
Nikesh, you're coming from SoftBank, invested heavily in security in recent years, I think the big $100 million check for cyber reason just about, I think, less than 18 months ago. Google appears to be eyeing security from afar, who knows what they might be doing down the road. It seems that security software requires a bit of a different DNA. I think Mark also – I think, phrased that point. And second, before you plunge into the security software arena, if you could share with us your thoughts as to how security is being observed by the big tech company, the Google, the Amazon, the Microsoft. They haven't done a lot so much, so it could be a great opportunity on your end. So maybe just the second – the world is becoming crazy for you with Palo Alto. Just share with us maybe how the big tech behemoths view security.
Nikesh Arora
I think it's fair to say I had the privilege of working with the Google Enterprise team, which was a part, when I was at Google. And for the first time, as you see in the history of innovation, cloud came to the consumer first in a big way and is now slowly making it to the back of the enterprise. And Google's realized that, Microsoft's realized that, Amazon realized that. So they're all charging ahead with trying to address the cloud opportunity into the enterprises. I think that's great. Having said that, given that they're all, to some degree, offering proprietary solutions to people where you can have one or the other, there's an important need for independent security team to look at it and see how we can take these massive amounts of data across multiple cloud offerings, provide a solution around it comprehensively to the end customer and have somebody who they can trust to be the arbiter between all these different offerings that they have. So I think that's the big opportunity out there. Given that we're all going towards the cloud, given that these huge amounts of datasets are going to be created, we need to make sure we understand their aspirations and set our aspirations vis-à-vis them and provide the solution to the end customer. I think that's where the opportunity is.
Shaul Eyal
Thanks.
Operator
Our next question will come from Michael Turits with Raymond James.
Michael Turits
Hey guys thank you very much. Mark, thanks for everything in many years. Nikesh, welcome. I'll come back to the M&A question and then I have a follow-up for Kathy. On M&A, and let's just maybe say strategically products in general, Mark, there's still some very large areas of security that you're not in, email, DLT, identity. How are you thinking about those given the fact that you have done so much in terms of expanding in the last quarter or so?
Mark McLaughlin
Yes. Great question, Michael. When we look at security, we think in terms of outcomes, meaning that if you're the CIO or the CISO for an enterprise, if you put technologies aside for a second, they have to solve for various outcomes. And in those – there might be eight or 10 of those depending on how broadly you define those, and they're not technical when you think about them. The outcome that we're solving for customers is to stop all known threats and ideally stop all unknown threats or at least detect them very quickly and limit the damage, right? And that's a very, very large outcome statement and very important. That lives alongside other outcomes, like making sure you can withstand a massive denial of service attack, for example. And we've been particularly focused over the years in ensuring that whatever outcomes we choose to solve for our customers, that we bring something unique to the table in a highly competitive way. Now those outcomes blend over time as well, and that's why we've done a lot of very strong partnerships in the identity space, for example, something you just mentioned; on the messaging security space with Proofpoint, something you just mentioned as well, so that we can make sure that the customer using the best capabilities from the vendors who are solving these outcomes doesn't have to be the back-end systems integrator themselves for that. And they really appreciate that. But bringing that holistic picture to the table and solving those outcomes for customers is very important.
Michael Turits
Great, thanks. And then for Kathy, thanks for detailing the impact on expenses and cash flow, the acquisitions in this quarter. How do those acquisitions – [and those have been particularly], again, very strong investment. How do those acquisitions impact margin expansion next year? You've talked in the framework about 150 to 250 basis points. Are we on track to that even with these acquisitions?
Kathleen Bonanno
Yes. We have talked about organic operating margin expansion of 150 basis points to 250 basis points. The Q4 guidance that we've given is that we plan to invest between $10 million to $12 million, and that equates to $0.08 to $0.10 per share on our recent acquisitions, outside of the organic operating margin expansion that we are working towards for the full fiscal year.
Michael Turits
Okay. No early thoughts on next year, though?
Mark McLaughlin
Yes, it's pretty early.
Kathleen Bonanno
Yes. We're still working on our planning, obviously. But we have been obviously committed to that framework, and growth and profitability remain very important to the company.
Operator
Our final question will come from Rob Owens with KeyBanc Capital Markets.
Rob Owens
Well, under the wire. Thanks guys for taking my question. With regard to products revenue and the five quarters of acceleration that you've seen – [indiscernible] suppose, I guess, where are your competitors are, and we've actually seen meaningful deceleration. Can you talk about your win rates and whether or not you think those are ticking up? Or is your success more a function of ASPs at this point? And then number two, Mark Anderson mentioned hardware cycles come and hardware cycles go, which begs the question, do we think one's coming? Or do we think we're going at this point? And were one to come, how could that possibly be reflected in customer acquisition and those numbers you're showing there? Thanks.
Mark McLaughlin
Maybe you can take them in reverse, and I'll do the cycle racing [ph].
Mark Anderson
Yes.
Mark McLaughlin
Everybody is saying Mark here [ph].
Mark Anderson
So I think on the cycle one, Rob, over time, if you take a snapshot back of 10, 15 years long period of time, you see the cycles in 4 or 7 years, it's a little hard to nail that down of buying patterns here. What I think what Mark was saying is that regardless of what cycle they're in, Palo Alto Networks continues to outperform everybody in the market. You can see that in all through the last 10 years as a matter of fact and including very recently the last four quarters as well. Our job, we think, is to make sure that we have the most competitive offering in the market, and we'll always be taking market share. And we're very confident we'll be able to do that.
Mark McLaughlin
Just big picture, Rob, we've got low double-digit market share or we prosecute low double-digit market share in about a $20 billion total addressable market. So I think both in terms of new customer opportunities, if customers want to -- if they're going to make a change for security, they're going to look to the thought leader. And for existing customer expansion, we're just starting to hit the veins of significant customer sizes from the cohorts that we saw big customer growth in the last 5 or 6 years. So I think both give us tremendous opportunities to grow the business, and I think that's what gives us the confidence that's embedded into our guide.
Rob Owens
Then the long competitive win rate lines.
Mark Anderson
Competitive win rates, like I said it earlier, I think I feel bad sometimes for our competitors because they're trying to sell either stitched together acquisitions that look like Frankenstein's monster or they're trying to sell point products against an architecture. And I think we've developed this platform over the last dozen years organically, primarily with some small technology tuck-ins that really drive the automation that's needed in the digital age.
Mark McLaughlin
Yes. And we've seen win rates be very consistently high, Rob, against all competitors [ph].
Rob Owens
Great. Thanks guys and cheers, Mark.
Mark McLaughlin
Thank you very much. I appreciate that. Okay, I think that was our last question. So I'd like to close off, I want to thank everybody here, all the employees of Palo Alto Networks, our customers and our partners for the privilege of working with you. For me, it's been a really amazing experience. I want to thank everybody for their time this morning for the call. We look forward to seeing a lot of you in the upcoming future. Take care.
Operator
That does conclude today's conference. Thank you all for your participation. You may now disconnect.