Palo Alto Networks, Inc. (PANW) Q3 2019 Earnings Call Transcript
Published at 2019-05-29 22:30:05
Good day, and welcome to the Palo Alto Networks Fiscal Third Quarter 2019 Earnings Call. Today's conference is being recorded. At this time, I would like to turn the conference over to David Niederman, Vice President, Investor Relations. Please go ahead.
Good afternoon, and thank you for joining us today on today's conference call to discuss Palo Alto Networks' fiscal third quarter 2019 financial results. This call is being broadcast live over the web and can be accessed on the Investors section of our website at investors.paloaltonetworks.com. With me on today's call are Nikesh Arora, our Chairman and Chief Executive Officer; Kathy Bonanno, our Chief Financial Officer; and Lee Klarich, our Chief Product Officer. This afternoon, we issued a press release announcing our results for the fiscal third quarter ended April 30, 2019. If you would like a copy of the release, you can access it online on our website. We'd like to remind you that during the course of this conference call, management will make forward-looking statements, including statements regarding our financial guidance and modeling points for the fiscal fourth quarter and full fiscal year 2019; our competitive position and the demand and market opportunity for our products and subscriptions; benefits to us and our customers and timing of new products and subscription offerings, including those from our proposed acquisitions of Twistlock and PureSec; continued investment in our products; our ability to drive outsized growth rates; and trends in certain financial results, operating metrics, mixed shift and seasonality. These forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. These forward-looking statements apply as of today, and you should not rely on them as representing our views in the future. And we undertake no obligation to update these statements after this call. For a more detailed description of factors that could cause actual results to differ, please refer to our quarterly report on Form 10-Q filed with the SEC on February 27, 2019, and our earnings release posted a few minutes ago on our website and filed with the SEC on Form 8-K. Also, please note that certain financial measures we use on this call are expressed on a non-GAAP basis and have been adjusted to exclude certain charges. For historical periods, we provided reconciliations of these non-GAAP financial measures to GAAP financial measures in the supplemental financial information that can be found in the Investors section of our website located at investors.paloaltonetworks.com. And with that, I will turn the call over to Nikesh.
Thanks, David, and thank you, everyone, for joining us this afternoon for our fiscal third quarter 2019 results. I'm very excited to be here with you today. This call marks my fourth earnings call as CEO and brings me close to my 1 year anniversary with the company. We've accomplished a great deal this year, furthering our leadership in cybersecurity and also setting the foundation for our future growth. When I joined Palo Alto Networks, my primary impression was how cybersecurity was poised to increase in importance to organizations globally, and also how the cloud revolution was set to impact the industry. The key themes in my first call were integration, cloud and more automation. I am pleased to report that after nearly a year on the job, my confidence in these trends is stronger than ever. Moreover, I'm delighted that we have made progress across all these imperatives and will continue to do so. On today's call, I will briefly go through our financials and then provide an update on our 3 strategic focus areas, securing the enterprise, securing the cloud, which is where I will spend most of my time given our announcements in this area today; and finally, securing the future with Cortex. Starting with our financials. I'm pleased to report that as we continue our transformation, the team continues to deliver. We had yet another solid quarter. Fiscal Q3 revenues of $727 million represents year-over-year growth of 28%, and non-GAAP earnings per share increased by 26% to $1.31. Diving into the details of our three focus areas. Let's first talk about securing the enterprise. We continue to see success around the world with our next-generation firewall offerings. Network security remains a top priority for companies and c-servs, and we continue to outperform this aspect of the market. Our new products introduced last quarter are performing well, and we've had a number of significant wins this quarter. Here's a couple I'd like to highlight. We signed an 8 figure deal with a U.S. government agency. This is one of the 10 largest deals in the history of Palo Alto Networks, and contributed to our strength in product revenues this quarter. We expanded our footprint more than $5 million each with 10 existing customers, many of whom bought a combination of new use cases and also hardware refreshes. This includes deals with one of the best-known brands in the world, a Fortune 50 technology company and a Fortune 500 consumer finance company. And finally, we introduced DNS security service, a new attached subscription to our next-generation firewalls. DNS is already quickly gaining traction. And while it's early days to share metrics around this offering, I can safely say that if DNS were an independent start-up company, it would be getting a lot of attention. We're excited about its early success and optimistic for its future prospects. Our core business continues to be strong with customers becoming more security aware and looking for simplicity in their infrastructure. We continue to make it easier to deploy more services from our firewalls in the most secure way, and you should expect us to add more capability here. Now let's talk about securing the cloud. We continue to be highly focused on delivering technology that enables our customers in the cloud journey. We plan to enable this by delivering a comprehensive set of security capabilities across a broad set of clouds and cloud configurations. This focus and our speedboat approach has led to tremendous progress over the past year. With this, we are delighted to introduce Prisma. Prisma, announced this morning, brings our industry-leading cloud solutions within a single suite to help our customers in their cloud journey. Whether you want to connect your mobile users or branch offices to the cloud, protect your application and data in the public cloud, protect your SaaS applications, or are worried about upcoming trends in container security and service computing, Prisma has a solution. Prisma is our approach to deliver industry leading cloud security products in an integrated fashion. It will address SaaS, API-based, and inline cloud security across all vectors. We will continue to build on Prisma over the coming quarters and years to make it the industry leading platform for the journey to the cloud. We believe Prisma is already the number one suite of cloud security product in the world. This quarter, Prisma surpassed $0.25 billion billings run rate and has approximately 9,000 customers. The products that comprise Prisma are already industry-leading in their own right. Take the VM series, we believe we deliver the most VMs across the public cloud landscape, with more than 60 six figure or higher deals this last quarter alone. RedLock, which forms the basis of Prisma public cloud surpassed $100 million billings run rate this quarter. What is even more exciting is that we won more than 10 RedLock deals, each over $0.5 million, in the third quarter with over half of them in the Global 2000. This is a rare feat, to acquire a company, transform its revenue and its profile and trajectory in 6 months is unheard of. Additionally, we're very excited about the new enhancements for our GlobalProtect Cloud Service. The next version includes cloud onboarding and management interface, and will be available in the Google Cloud platform shortly. In this quarter, we continued our success on GPCS by securing 40,000 mobile users at the biggest car company in their category, 27,000 mobile users at a leading global consumer brand, and 25,000 mobile users at one of the largest high-tech companies in the world. The success of RedLock is a key factor in making us #1 in cloud security and gives us the confidence that our introduction of the Prisma suite will bolster our ability to keep winning in this space. In addition, today's announcement of our intent to acquire Twistlock, which is the best in its category for container security, will bring best-of-breed products into the Prisma suite. Containers are one of the fastest-growing segments of both private and public cloud workloads, and we're looking forward to offering container security to our customers. We also announced our intent to acquire PureSec, a leading provider of serverless security. These proposed acquisitions will further enhance our cloud security suite. Other examples of our ability to acquire companies and accelerate their performance is Demisto, which brings me to the third key focus area, securing the future with Cortex. We closed the acquisition of Demisto at the end of March, and in our first month operating together, I'm pleased to report that sales are already doing exceptionally well. Demisto's multi-vendor orchestration capability, analytics, and playbooks are unique. They help our customers further automate their security operations and allow them to focus on solving the most complex threat. This quarter was also notable for the introduction of Cortex XDR at the end of February. In its first quarter of availability, we closed over 50 deals, and the pipeline is strong. XDR is the successor of EDR. XDR enables teams to stop sophisticated attacks and adapt their defenses to prevent future threats by integrating network, endpoint and cloud data to reduce the signal to noise ratio plaguing security analysts. In fact, earlier today, MITRE released test results validating the capabilities of Traps and Cortex XDR. The result from MITRE's ATT&CK testing confirmed that Traps and Cortex XDR provides the broadest coverage against different attack techniques with the fewest missed attacks out of all 10 vendors recently evaluated. We also had some notable Cortex XDR wins this quarter, including a 7-figure deal with a U.S. health insurance care organization with over 26,000 employees; a win at a major Asia-based airline, and a win with one of the largest cities in the world. To wrap up, we had a solid quarter of enterprise execution with strong progress on the cloud and with the initial rollout of Cortex. We continue to see the opportunity to expand our market leadership to be one of the platforms for both today's security needs and to those tomorrow. As my first year comes to an end, I would like to make a few observations and reiterate a few things. One, we will continue to expand our leader - lead as the number one cybersecurity company in the world, one that provides simple, integrated, and leading products help our customers. The company I walked into had done a great job in building the world's best firewall and expanding their ability to secure the enterprise. Over the last year, in addition to strengthening our firewall business, we have made tremendous progress in areas, which will become equally, if not more important, the cloud and automation. My year here has convinced me that we have the right strategy and the right team, and we're making the right moves. Transitions take time. This one will also take time. But there is no team better prepared than us to make this happen. The new products and delivery mechanisms are more SaaS-based and have a different consumption model. In that, many cloud customers purchase annual subscriptions rather than multi-year deals. The brilliance of a SaaS model though is the annual recurring revenue stream. As we evolve our business, maximizing this recurring revenue stream will be our primary focus. While this may impact total billings, we would expect to see better margin performance. And most importantly, underlying this trend is a going demand for our products, which is what matters. Reading some of your notes, I know that you're watching the internal management moves we are making. You should know that any leadership moves that we're making are being made in a thoughtful manner and for the right reasons. Rest assured, while I might not have spent time in cybersecurity, I know how to build great teams. This is an area me and the team are extremely vigilant and focused on. I am confident that one year out, we are stronger, we are better focused, a more robust product roadmap, and our teams are poised to win. This is a time to believe in our plans and our ability to execute and our strategy to win the increasing addressable market in our industry and our quest to increase our lead as the number one enterprise security company in the world. And with that, I'll turn the call over to Kathy.
Thank you, Nikesh. Before I start, I'd like to note that except for revenue and billings figures, all financial figures are non-GAAP, and growth rates are compared to the prior year period unless stated otherwise. All current and prior periods financials discussed are reflected under ASC 606 as we adopted the new standard as of August 1, 2018. In the third quarter, we continued to add new customers at a healthy clip and further expand our existing base. We did this while balancing investments in our recently acquired businesses and maintaining a focus on profitability. In Q3, total revenue grew 28% to a record $726.6 million. Looking at growth by geography. The Americas grew 28%, EMEA grew 26% and APAC grew 29%. Q3 product revenue of $278.4 million grew 28% compared to the prior year. Our SaaS-based subscription revenue of $258.8 million increased 35%. Support revenue of $189.4 million increased 20%. In total, subscription and support revenue of $448.2 million increased 28% and accounted for 62% share of total revenue. Turning to billings. Q3 total billings of $821.9 million increased 13%. Q3 current billings were $799.5 million net of acquired deferred revenue, up 25% year-over-year. The dollar weighted contract duration for new subscription and support billings in the quarter remains at approximately 3 years, but declined by 4 months year-over-year due to the strength of our cloud business and fewer multi-year deals. Total deferred revenue at the end of Q3 was $2.6 billion, an increase of 27%. In addition to robust new customer acquisition, we continue to increase our wallet share with existing customers. Our top 25 customers, all of which made a purchase this quarter, spent a minimum of $38.7 million in lifetime value in Q3, a 35% increase over the $28.7 million in Q3 of fiscal '18. Q3 gross margin was 76.5%, which was up 30 basis points compared to last year. Q3 operating margin was 20.9%, a decline of 50 basis points year-over-year and includes a headwind of approximately $7 million of net expense associated with our recent acquisitions. We ended the third quarter with 6,503 employees. On a GAAP basis for the third quarter, net loss declined by 50% to $20.2 million or $0.21 per basic and diluted share. Non-GAAP net income for the third quarter grew 30% to $130.1 million or $1.31 per diluted share. Our non-GAAP effective tax rate for Q3 was 22%. Turning to cash flows and balance sheet items. We finished April with cash, cash equivalents and investments of $3.7 billion. Q3 cash flow from operations of $296.4 million increased 23%. Free cash flow was $276.1 million, up 30% at a margin of 38%. Adjusting for cash charges associated with our headquarters in Santa Clara, free cash flow in the quarter was $279.8 million, up 27% at a margin of 38.5%. Capital expenditures in the quarter were $20.3 million. DSO was 51 days, a decline of 6 days during the prior year period. Turning now to guidance and modeling points. For fiscal Q4 '19, we expect revenue to be in the range of $795 million to $805 million, an increase of 21% to 22% year-over-year. We expect Q4 '19 non-GAAP EPS to be in the range of $1.41 to $1.42, which includes expenses related to the Demisto acquisition and the proposed acquisitions of Twistlock and PureSec using approximately 100 million to 102 million shares. Before I conclude, I'd like to provide some additional modeling points. We expect full year billings to grow approximately 21% year-over-year, which includes the impact of shorter contract lengths. Our Q4 non-GAAP EPS guidance includes approximately $15 million of net expense or $0.12 per share, attributable to a full quarter run rate of our Demisto acquisition and the proposed acquisitions of Twistlock and PureSec. Our Q4 EPS guidance also includes an expected $0.02 impact attributable to U.S. tariffs on Chinese origin goods. Excluding these acquisition and tariff expenses, we would expect non-GAAP EPS to be in the range of $1.55 to $1.56. We expect our Q4 non-GAAP effective tax rate to remain at 22%. CapEx in Q4 will be approximately $35 million to $40 million with approximately $20 million related to our headquarters in Santa Clara. Finally, turning to free cash flow. For the full year, we continue to expect an adjusted free cash flow margin of approximately 36%. The adjustments include onetime items such as the expected settlement of our 2019 convertible debt and cash flow associated with the additional investment in our headquarters in Santa Clara. You can review these adjustments to free cash flow in our supplemental financial information document, which is posted on our Investor Relations website. With that, I'd like to open the call for questions. Operator, please poll for questions.
Thank you. [Operator Instructions] We'll go first to Keith Weiss with Morgan Stanley.
Excellent. Thank you guys for taking the question. And really solid quarter. Nikesh, I think you might be understating sort of operating well through transition with 27% product revenue growth against a really tough comp. That's a truly impressive number. I wanted to ask you one question and one to Kathy. The question for you is on the M&A strategy. One of the things I think investors have been looking for, for a while is somebody who could effectively consolidate demand within security. It sounds like the individual companies are doing - or individual solutions that you bought, like RedLock, are doing really well. Could you talk to us about the progress that you've made in sort of creating a suite or getting people to buy across the portfolio, and where the new acquisitions kind of fit into that suite and sort of how you expect to sort of catalyze that activity across the board? And then, for Kathy, in terms of the shorter duration, can you give us some kind of indications on sort of where that impacted? Was it across the board for both sort of new subscriptions as well as maintenance or is that just focused on kind of just the newer stuff?
Thank you, Keith. Thank you for your comment, and thank you for the question. Let me start talking - answering your question around the acquisitions and the launch of Prisma today. As you know, about a year ago we started talking about how there is going to be a big move to the cloud, and we were getting ready for it. We owned Evident, Evident only worked in AWS. We felt we needed to complement that with more capabilities, so we acquired RedLock. RedLock had de minimis revenue 6 months ago. And just the sheer success of RedLock that we've seen the last 6 months where we've seen customers close deals within a week, I think that's unheard of in the cybersecurity space. You walk in. You show the customer a solution, and a week later you walk out with a purchase order. So that's emboldened us with this notion that there's not enough cloud security solutions being offered to customers who are making this journey to the cloud. And if you look at the customers 2 years ago, they were talking about public cloud. Today, they're talking about containers. And if you looked in the market, there are only 2 players, and Twistlock was by far the leader. And talking to customers, they still want to buy best of breed. So, our team made the decision that it's important for us to acquire Twistlock and integrate that with RedLock as soon as possible. So you will see us integrating both RedLock and Twistlock. And then, the next conversation people want to talk about is serverless, and we looked at the market, and PureSec, by far, is the leader in serverless computing. Serverless security have decided to acquire it at the same time. We intend to integrate this as soon as possible thereby offering a fully sort of integrated public cloud security suite where customers don't have to buy piece products on containers or private cloud, public cloud, on-prem, SaaS, or serverless. And that's where we see the consolidation from a cloud security perspective. We've also integrated pieces of [indiscernible] for a cloud service with Aperture so you can see in-line SaaS security as opposed just API, which Aperture offers. So we are driving hard and fast to try and keep trading integrations so customers don't have to buy a piece product and spend time integrating. The problem with the cybersecurity industry has been, for a $140 billion industry, with $80 billion in services and $60 billion in products. That $80 billion is spent integrating the $60 billion product, and we want to make sure that we don't make this mistake going into cloud and that's kind of what underpins our acquisition strategy as it relates to consolidating these products and as it relates to providing a platform for cloud security. Kathy?
Yeah. And Keith, on the contract length question. As you mentioned, we did see a decline in contract length -- or as we mentioned, of 4 months year-over-year. And there are a couple of things driving that. One is that we had very strong performance in our cloud products. The mix of our Prisma public cloud this quarter was very strong. We saw terrific growth as Nikesh mentioned in his prepared remarks. So we're really excited about the trajectory of that business and the opportunity for us there. Additionally, we are focusing more on doing - making sure that we have good annual recurring revenue in our contracts, and that's our primary focus this year. And so some of it is customer preference. Some of it is us trying to structure deals to maximize that annual recurring revenue stream. And so both of those, the combination of those things are driving the average contract length down, and we think both of those things are really terrific for our business, and we're very pleased with the results.
We'll go next to Gur Talpaz with Stifel.
Great, thanks for taking my question. I have a question here on Twistlock. And Nikesh, I was hoping you could expand a bit on the strategy. So what I want to understand is, do you view container ecosystems as a natural extension of existing networking environments, i.e., do you see this is as kind of a natural fit alongside what you already did from a policy management standpoint? And then taking it one step further, can you talk about how you plan to attack the DevSecOps environments where Twistlock currently plays?
So Gur, I have always known that I should try and give only two, three sentence answer to your question, and then Lee jump in because I know you're going to throw it to me technically, otherwise. But I will tell you that the cloud world is different. In the cloud world, you have to shift left. We have to go DevSecOps and that's where Twistlock plays because it goes to the entire bill, run and deploy process. And that's why I think Twistlock is important. That’s why we think DevSecOps is important. Twistlock has an on-prem solution. RedLock has a SaaS solution. You can logically expect us to be present in both environments, because this allows us to look at both public cloud and private cloud. How am I doing so far, Gur? So far, so good?
You're doing great. Yes. So far, so good.
Now I'm going to take the high ground and hand it over to Lee.
I appreciate that. I think maybe the way to think about this is, with cloud applications, they're increasingly being architected with multiple different sort of cloud services underpinning them. And whether that's PaaS services, Infrastructure-as-a-Service, VMs, increasingly containers are a foundational component of these architectures. Serverless is emerging as one of the key elements. And being able to combine all of those together into a single cloud security suite integrated together that allows the customer to see from the shift left at the bill stage all the way to run time, the entirety of their application, how it's designed, architected and secured, is a very powerful capability that we're able to bring together with Twistlock as a core component of that, but also PureSec for serverless and, of course, RedLock from a cloud platform perspective.
That's super helpful Lee. I appreciate it. Nice job Nikesh. Thank you.
We'll go next to Walter Pritchard with Citi.
Hi, thanks. Just a question for you, Nikesh. On the product side, I guess one concern that may arise here. You've done a lot of M&A, it feels like your cloud strategy is largely inorganic. How do you remain convinced and seat-building the culture of building products organically to either - should I keep these products going into the future? Or be able to address some of the new needs that come up down the road without having to spend this kind of money on M&A?
I think, Walter, that's a fair question. But if you look at our core business of firewalls, we're doing really, really good in firewalls. Our teams are innovating. We had a DNS security as-a-service, as a subscription. We are working on some more interesting things. Hopefully, we shall be able to share more about them in upcoming quarters. But there is innovation going on for sure in our core business where our firewall capabilities and other capabilities around it are developing. That's where we have strength. We have hundreds of engineers, if not thousands, working on our core networking capability and firewall security capability. We also had bills capability around endpoint with Traps and Secdo, which as I mentioned, we are rated best in the number of unmissed attack vectors as far as MITRE's test was concerned. So clearly, we have that core capability. Cloud was an area where all of you are asking the question, how will Palo Alto networks make the transition to cloud? Do we have the core capability. I think it's fair to say we have used the RedLock contingent and the evident team to create the core for the cloud, but at the same time, we didn't want to wait. With Twistlock having ordered 250 customers who are using them for container security, we didn't want to wait. We also, at the same time, launching a vulnerability scanning capability in RedLock, which is the early steps towards containers. But our customers want the entire thing. They want the full capability for container security. They want best-of-breed. So it became incumbent and imperative that we create this combination of RedLock and Twistlock. And honestly, if you go back and think, the price we paid for RedLock versus the fact that it crossed $100 million run rate this quarter means we must have done a good deal because in two quarters, we're able to take that product and deploy it to our -- across our entire sales force. Yes, we have cloud capability. We have it in our sales force. We have it in our RedLock team. We have it in our Twistlock team. We should be able to put the RedLock, and Twistlock, and PureSec capability together, and use our core team and our cloud sales teams to be able to go and create more revenue in this product. Because I think right now, there is a TAM of over $2 billion in cloud security, which is unserved. There are not enough products. There are not enough salespeople going out and demonstrating the product of to those customers. So right now, it's really a question of sort of a land grab, going out there and demonstrating the product to the customer, being able to deploy in their enterprise, and being able to have people who understand these products well enough to be able to solve them.
Great. And then, Kathy, maybe a follow-up just on the duration side. Is it as simple as sort of us thinking about the unattached products are going to kind of go to a 1 year duration over time versus the subscriptions that are attached to the firewalls are going to be 3 year? And as we kind of model out this to revenue streams, we would see the duration go as that mix goes?
Yeah. Walter, I think you're correct that over time, as our business becomes more cloud-based and more SaaS subscription-based, we will see our customers wanting to buy the way they buy other SaaS products, and that tends to be more towards the 1 year duration. So over time, I do think that, that shift will happen. In this quarter, though, and this year, we've also been very focused on the rest of the business and just making sure that we're doing deals that preserve that annual recurring revenue stream, and Nikesh is raising his hand. He wants to jump in.
I'm going to jump in, Walter. I think, look, I know you guys are all getting excited about the billings number. And trust me, we stated it left, right and center to make sure that we were not missing anything in the billings number. I will tell you the underlying fundamentals of our business continue to be strong. We like the customer interest, we like the fact that they want to buy more security services from us. The two effects that are happening, one is clearly the unattached product effect, which is we're seeing better-than-expected growth and you're seeing shorter duration that those. And then, second is, to be honest, we are trying to do more new business and less business of going to our existing customers and doing multi-year bundle deals with large discounts. We've told the sales force that we like them to go out and get new business. As a consequence, we're not doing that many - as many, not that many, as many long deals with large discounts that we used to do in the past. And I think I said that I can't be more explicit than saying, we expect, over time, that our margins should do better as a consequence of that. And it will have an impact in the way you look at -- as the way billings mechanically calculate themselves.
And we'll go next to Sterling Auty with JPMorgan.
Boy, I had a different question lined up, but after that answer, it really begs the question if everything does start to triangulate towards more of an annual contract versus a 3 year deal, shouldn't that just weigh on your cash flow growth until you succeed in kind of transitioning through that process?
Look, if everything happened overnight, yes. I think there's going to be an orderly transition over time as the proportion of our non-attached business rises and as we continue to manage our long-term core business. So yes, will our cash flow profile change? Yes. Will it improve our margins? Yes. And that's how you transition from a business, which has been a very hardware-focused business, to a business that becomes a long-term subscription and SaaS-oriented business.
But I'll just add that the reason we're focused on doing this is because that we believe it's ultimately better for us in the long run financially and will improve our cash flows.
Sterling, every analyst I talked to in the last month - 9 months, has asked me this question saying, when will Palo Alto Networks become a ratable business? When will you become a SaaS business so you can enjoy the multiples that does SaaS businesses enjoy? Well SaaS businesses enjoy a multiple and have a certain financial profile. So you can't have your cake and eat it too. You want me to transition to that, it's going to involve a transition.
That's fair enough. One follow-up in terms of the business in the quarter. Looking at that support revenue growth, one question that pops to mind is, how was the linearity in the quarter? And was things just more back-end loaded and perhaps that caused a lower support revenue just on the timing and some of the product revenue that you were able to close?
Well, support revenue growth, 20%, was pretty strong year-over-year. And one thing to just keep in mind about support is, well, there are a couple of things to keep in mind. One, it includes professional services, which can vary from year-to-year and quarter-to-quarter. And then the other thing is that as we continue to grow our subscription business, which we've got a lot of our billings now coming from non-attached and revenue now coming from non-attached, those don't have the same concept of support attached to those offerings. So that's just another thing to keep in mind when you consider support.
And we'll go next to Ken Talanian from Evercore ISI.
Hi, thanks for taking the question. So we are happy to see you move to a more ratable business, but how should we think about the pace at which you move to more ratable sales over the next year or so, given the additional non-attached subscriptions you're getting from these acquisitions? And like how soon may we see subscription surpass 50% of your billings?
Well, Ken, we're not going to give you forward guidance on those topics. But all I will tell you is you can see the way our cloud security business is beginning to perform. I think we said Prisma has already gone over a $250 million run rate billings run rate this quarter. And it's growing at very, very robust growth rates, way ahead of the company growth rate, as you can imagine. We hope that those growth rates continue, which overtime will create the mix shift that is required to make a higher proportion of our business more and more ratable, which will have the impact of shorter duration in terms of impacting billing, which will have the cash flow profile changes associated with it. But I don't expect this to happen in the short order. I think this is going to take us a reasonable amount of time. But hopefully, that time that we take happens at the growth rate that we're enjoying overall as a company. And clearly, if you're growing roughly 2.5 times the rate of the growth of the industry, you must be taking share from other people in this process.
Understood. And have you made any changes to the pricing, packaging, or the go-to-market for the cloud-focused products with the launch of the Prisma branding?
Yes. Look, as I mentioned, we had, very early in this process, introduced this notion of speedboats. And the notion of speedboats was to have dedicated people across the organization and across functional basis to make sure that we have people focused on making our customer successful by having a dedicated customer success team, by having specialists who can go ahead and sell cloud and partner with our core sales team and accounts to make sure that the focus is not lost on our non-SaaS services, which is what has been paying dividends. We continue on that track. We have dedicated teams. We have now consolidated our GPCS and public cloud speedboats into the Prisma speedboat. We've learned from the last year that Prisma, as the customers who are going to make this journey to the cloud are looking at all these products as a combined suite of products. So we are driving the same degree of acceleration that we have on the public cloud speedboat on the rest of our Prisma products, and put them all into one speedboat, which is led by the same people who were at the public cloud speedboat. So yes, we have made changes on go-to-market side and from a focus perspective, because we don't want the smaller, faster, growing business to get lost in the large expense of our core business.
Understood. Thanks very much.
And we'll go next to Andrew Nowinski with Piper Jaffray.
Great. Thank you for taking the question. So maybe from a geographic perspective, I know you made some sales leadership changes in the US, yet your growth in the US remained relatively unchanged. However, growth in EMEA did slow. So just wondering if you can provide any more color on the slowdown in EMEA as well as any changes the new sales leadership team in North America has made.
Look, I think I was trying to figure out where the correlation you're going to draw was. We've made a change there, and nothing changed. We didn't make a change there, and things got worse. So I'm not sure what the implication is. Look, Europe had a seasonal third quarter like third quarters across the board seem to be challenged. There was a seasonal slowdown, vis-a-vis, EMEA. We -- the team there feels confident that they will continue marching towards their annual targets. So hopefully, they will make up for what they were not able to do this quarter in the upcoming quarter. In terms of the U.S., we have hired a lot more people in the last quarter, which we expect to ramp up in Q4 and next year because part of the opportunity we had was we felt that we were not knocking enough doors. And as I mentioned, the focus on more new business. The team is strong. The team is motivated. We don't think that the leadership change in the Americas has had much of an impact in terms of the performance of the team, except for the fact that they continue to be excited and motivated to keep delivering quarters.
I think - I guess I was just asking the changes you made obviously had a fairly positive effect in the U.S. I'm wondering is there any changes needed in EMEA? Or is there any abnormality in EMEA to their growth sector link?
I hope our Head of Europe is listening to this call.
We intend to make no changes in Europe. He's strong. He's going to make sure he delivers this quarter and retain his growth rate in the upcoming quarters.
We'll go next to Karl Keirstead with Deutsche Bank.
Thank you. I've got two questions for Kathy. Kathy, if billings, as Nikesh was just describing, might be a less useful measure of the fundamental health of Palo Alto Networks, do you think that your backlog or RPO number might have more value? And would you mind disclosing it? I think you disclosed it in your last couple of Qs.
Yes. It's not a massive number for us, and it will be disclosed in our Q again this quarter. And you can do the math on the difference between deferred revenue and that number. The number that we provided on the earnings call is the current billings number, which grew nicely at 25% year-over-year. And that's a metric that I think most analysts have been monitoring for a number of years and have been asking us about over the years. And so I think that continuing to focus on that number is important, along with our revenue growth, obviously.
Got it. Okay. Great. And then, just as a second question, Kathy. Just on the adjusted free cash flow margin guidance of 36% for the full year. I think through the first 9 months of this fiscal year, that adjusted free cash flow margin would average out to be close to 39%. So to end up at 36% for the full year, you would need your fourth quarter free cash flow margin to dip quite a bit, maybe even to below 30%. And I'm just wondering if you could touch on why that would be? Thanks.
Yes. We did talk about the adjustments that we're making in the quarter. So the adjustments will be particular to the Q4 number. But additionally, we tend to have more expense in that quarter, more commissions expense in that quarter. And so we're comfortable with the full year guidance of 36%.
And we'll go next to Rob Owens with KeyBanc Capital Markets.
Great. And thanks for taking my question. If you look at the strength that you saw in product revenue yet again, can you kind of paint what the landscape looks like? I mean Q1 in general was a little weaker for most security vendors, and you continue to put up impressive results on the product side. So just curious in terms of sales cycles, what the demand landscape looks like, and also what kind of levels you're seeing of discounting out there? Thanks.
Yeah. So we did see a really strong product growth number, and we're obviously very thrilled with that. The new products that we have introduced over time remain very competitive in the market. And our sales teams, as we mentioned, are doing a good job selling those products. We're seeing some improvement, as Nikesh said, in terms of sales cycles for the cloud products that we're selling. There seems to be a lot of demand for that, and it doesn't take a lot of convincing. But overall, I wouldn't say that there's been significant change in terms of our sales cycle for selling the vast majority of the products that we sell.
And we'll go next to Saket Kalia with Barclays Capital.
Great, thanks for taking my questions here. Kathy, maybe for you on the product revenue number. We touched on some customer examples of refresh. And I think it's very clear that you're optimizing kind of the attached subscription. But can you just talk a little bit about the health of firewall refresh more broadly in the quarter, and how you're sort of thinking about that trend going forward?
Yes. Well, when people talk about refresh, they tend to talk about it in 2 different ways. So I'll just talk about both. One is the just general market refresh, and that is going on all of the time, right? That's how we get most of our new firewall customers if somebody is refreshing their - on a firewall refresh, and they are replacing old firewalls with new firewalls. And that's how we go in and take market share and continue to land-and-expand, right? The other refresh that people talk about is our own internal refresh. So our own customers having sort of reached a 5, 7 year life as their firewalls, and they are replacing those firewalls. And that is a question that we get asked a lot about is that driving our growth in the quarter And certainly, it contributes every quarter, but as we've said for a number of quarters, we think that, that opportunity is more in front of us than behind us because the number of cohorts - the cohort sizes just get larger and larger over time. And we have a portion of refresh in our numbers in this quarter, a portion in last quarter, but it's not the primary driver of our growth. Yet we still are very focused on that opportunity. We think it's a great opportunity for us in the future. And we don't -- we're very encouraged and are focused on getting that refresh opportunity, both the general market refresh opportunity as we continue to take share and our own internal refresh opportunity.
Got it. Got it. Maybe a follow-up for you, Nikesh. I know in the beginning of the quarter, in early February, there were some changes in the channel program. I think some sort of adjustments or different models for RedLock and different models for partners that sort of sell the broader portfolio. Can you just talk a little bit about how, if at all, those sort of impacted in the quarter? And what's been the feedback from the channel as you wrapped up this April quarter?
Look, I think we evaluated various possibilities of the channel, which is where there was a bit of noise, not this quarter, but it's the prior quarter. And where we landed is a happy place both to the channel and for us. If you understand these cloud products, these SaaS products actually end up having to be sold not just to our current channels but also through our future channels, which is basically the marketplaces of AWS, Azure and GCP because when customers go deploy public cloud capabilities. They go to the marketplaces off the public cloud providers to find other tools and accessories and products. And we have to be present there, which requires a different model from an activation and deployment and sales perspective. So we enabled that. We made room for our channel to be able to refer customers to that marketplace. As a result, they continued to get their economics and referral way as opposed to the way they've been used to be in the past, which is more hardware process. And I think things are stable, things are happy. We're selling product. The channel's making money. And customers are able to buy it, whichever way they want to consume it.
And we'll go next to Phil Winslow with Wells Fargo.
Hey, guys thank for taking my question. Congrats on a strong start to the year, particularly on the product - sorry, particularly on the product side. Just wanted to focus on Cortex. We've spent a lot of time on product and Prisma, but wondering if you could give us an update on Cortex, particularly if you look at the Cortex hub, how you're feeling about the progression there of applications. And then also just usage and call it hydration of the data lake?
Well, as I mentioned, look, right now, there are two very clear parts of Cortex. One is the Cortex XDR combination, which requires the data lake, which includes Traps as we -- last quarter we announced that we're going to make Traps an integral part of our XDR offering. We felt this, but it got validated this morning, coincidentally. We believe XDR is now the leading product in the market, and it beats any EDR product hands-down. So many of those you know have been displacing the traditional legacy vendors in the market, we believe we have not just a competitive product, but a better product. And we're seeing that in the pipeline growth, we're seeing that in the deals that we've done. We've done over 50 deals for our Cortex XDR in about 6 weeks since we announced it and deployed it in the market. We have a very healthy pipeline going to Q4. We are applying a speedboat concept to Cortex XDR, just so we did - the way we did to public cloud and Prisma. So we have lots of hopes from Cortex XDR and every Cortex XDR deal, every deal to deploy Traps requires the Cortex data lake, and the Cortex data lake is being deployed in those cases. In addition to that, Demisto is part of Cortex now because customers look at automation from a SOAR perspective, even though we only had Demisto in our numbers for only about a month this past quarter, it has surpassed any business plan they had prepared at their own end. Just by sheer fact that our core team is really excited about Demisto, and every one of our customers got excited about Demisto. And we expect that trend to continue going into Q4. So generally, on Cortex, we are bullish, both from a Cortex XDR, data lake, Cortex hub perspective as well as the Demisto perspective. Many of the Prisma integrated capabilities that we are launching this quarter actually use the Cortex hub to create the integrations between some of our products, whether it's VM and Aperture or some of the integrated reporting.
And we will go next to Michael Turits with Raymond James.
Hey guys, good evening. Obviously, everything looks really strong from a top line revenue current billings product. But as we look into next year, what should we think of first on the EBIT margin side, since I would assume that we have a lot of dilution coming from these acquisitions? And then, what should we think of as the trajectory for cash flow margins declining before they begin to bottom?
Well, look, we'll provide guidance at that point when we're ready to do so. We've provided guidance for the full year, which takes into account the contract length issue that we discussed earlier. So we're not ready to provide long-term guidance on either one of those metrics. But on the operating margin, you can see, this year, we've been operating within the framework. We've improved margins despite the fact that, well, on an organic basis, which is what our framework has been about. And so we're very focused on continuing to ensure that we're working towards bottom line profitability, at the same time, that we're focused on growing the top line. And I wouldn't expect that to change.
And then, Nikesh, I wanted to ask about GlobalProtect Cloud Services, and to be fairly specific about it, competition with Zscaler. How do you see that competition? And do you feel that with them potentially moving to certain firewall applications, it's necessary, perhaps, for you to do more in the proxy area in order to make sure you're competing on an even basis?
I'm going to defer this question to my friend, Lee, even though I'm sure I can butcher the answer, but I'd rather let him do it.
Yes. We - look, we've been very consistent, we talked about GlobalProtect Cloud Service, which is now Prisma Access. We believe that, fundamentally, you need to be able to secure all applications. And the way to do that is with a next-gen firewall foundation in the service, which is something that, clearly, we have a unique and distinct advantage of and is fundamental to how Prisma Access is architected and how it works. As we mentioned in the launch announcement today with Prisma, there are a couple of key enhancements coming to Prisma Access. Number one is we are going to be supporting GCP as a public cloud foundation in the near future. That will extend Prisma Access out to 100-plus locations around the world. So from a pure network latency performance perspective, we believe we'll be the best at the performance side of service. And second, we announced that we will soon have a cloud management service to go along with it, such that for customers who want the entire service to be done through the cloud, we'll be able to support that from onboarding, to configuration management to monitoring.
And we'll go next to John DiFucci with Jefferies.
Thank you. My questions have largely been answered. I just had a follow-up for Kathy. Kathy, really appreciate your guidance that focus on current billings, which makes total sense to us and not to really worry about RPO a lot. Just trying to get ahead of any differences we might see going ahead. It seems to me that we might see a little more volatility in current billings because previously, long-term deferred revenue would have sort of smoothly flowed into current billings every quarter, whereas that might now be a little more lumpy upon annual renewals. And I don't want to get too cute about all this, but the current billings trend should remain the same as they would have been maybe just a little more lumpy and sort of smooths out over time, as more sales are billed annually. Does that at all make sense?
Yeah. I think that, that makes sense. The changes in mix are happening gradually over time. We did see really great strength in our cloud products this quarter, which was a great thing for us, obviously. And so we're continue to expect strength there, and we've guided assuming that strength. But for the rest of it, I think you're absolutely right that it's not going to be an overnight transition. It'll happen gradually over time.
Great, okay. Thank you very much.
And we'll go next to Fatima Boolani with UBS.
Good afternoon. Thank you for taking the question. Nikesh, I had a question for you regarding Prisma. It makes a ton of sense to amalgamate your four pillars on the cloud, the security front. But given each solution within the Prisma portfolio has different pricing models and potentially go-to-market models, I'm wondering if you can clarify if Prisma purchased a sort of an all or nothing. And to the extent that's sort of an all deal, how are you going about pricing the offering given the diversity of revenue models within that portfolio? And then I have a follow-up for Kathy.
Thanks for the question, Fatima. Look, you're right that the cloud journey has different aspects, and there have been individual products that customers have gone and bought to enable different parts of the journey whether it's the GPCS competitors when it goes towards remote branches and new offices or whether it's the public cloud scenario or whether it's your CASB scenario. And part of our thesis is that you shouldn't have to have multiple products because there are interdependencies between these products, which creates security for yourself. Whilst we haven't alighted on the exact pricing because we're still - we just announced the acquisition of Twistlock and PureSec this morning, you can expect us to not distinguish in terms of how customers deploy their application, whether it's private cloud, public cloud, containers, serverless, public cloud because we think that there should be consistency, and it should be purely based on the amount of volume you transfer to the cloud as opposed to the different ways you do it. So you should expect to see some cohesity in pricing. Having said that, given the realities of the market, we will still make our products available in their individual forms to compete directly with people in the market because we believe our products are very competitive and better in most - in all cases. But obviously, the integrated product will have a lot more benefits than just buying the individual piece for us.
Fair enough. And Kathy, for you, just two financial ones. We have an understanding of the OpEx impact from the recent acquisitions, but I'm wondering if you can speak to the totality of the revenue in billings contribution from recent acquisitions as well as the above seasonal jump in the sales and marketing expense this quarter. And that's it for me? Thank you.
Yeah. We do have, as I mentioned in the prepared remarks, increase in our expense associated with the acquisition and our guidance for EPS, and our guidance for revenue reflects both top line and bottom line impacts of those, although we haven't called them out explicitly. On the - sorry, what was the second part of your question?
Higher than seasonal sales and marketing jump in the quarter…
Yeah. Our sales and marketing teams, as Nikesh mentioned, I don't really think that it reflects any sort of big change in the business that we have been hiring sales in Americas in particular to drive more coverage. And so it takes a while for those expenses to actually result in top line revenue in particular, right? So as we see those reps ramp and as we cover the math and get more -- get that Americas number up even higher, hopefully, we'll see that change over time, again.
And our final question comes from Matt Hedberg with RBC Capital Markets.
Hi, guys. Thanks for squeezing me in. One for Nikesh. Your firewall momentum and results remained strong, clearly, versus peers. But as you continue to expand your cloud-based product portfolio, can you talk about some of the steps you're taking to over - to avoid over rotating sort of the general sales motion from that core firewall base?
I'm sorry. Can you clarify what do you mean by over rotating away or...
Well, yes, I guess, you've got a lot of exciting products on the cloud side. And I know there's a lot of overlay themes. But are there things that you can do to sort of maintain the momentum in core firewall despite sort of all the new shiny toys that I'm sure a lot of customers are probably yearning for?
Look, whilst we're not going to disclose, but we added a lot of quota-carrying reps in the last quarter, purely for us to be able to drive more coverage and more, more -- cover more accounts in our core business. This is not for cloud. This is not for Prisma. This not for Cortex. This is to drive more coverage across our existing core business. As I think - I don't remember who said it, but one of you guys said that you have seen us show strong product growth across every quarter, 28% product growth this quarter. So clearly, we're not taking our eye off the ball. We understand what pays the bills. We understand where the money comes from. And we are seeing traction out in the market. It's not like people are not buying firewalls. The rumors of the firewalls being dead are overstated. So we think that is still continuing - still a continuing strong trend on the firewall. We continue to hire reps. We continue to try and penetrate more accounts from a firewall perspective. We also are working, as you know, to add more capability in our firewalls. So the average price per firewall goes up for us, for our customer, because they can do more things in the firewall not just less. So we understand that to maintain the growth rates we have in the industry, it's not going to happen just by adding more product and growing them rapidly. It requires us to maintain a solid growth rate in our core business, and we are focused on that.
That's super helpful. And then maybe just one last one on XDR in particular. 50 deals in the quarter is great. Can you talk about where those deals are coming from? I assume a lot of them are maybe some of the legacy players. But are you able -- also able to take share from some of the next-gen EDR vendors?
Look, what's happening is that customers understand -- the one good thing what has happened is that the EDR vendors have paved the way in the minds of the customers that endpoints need an evolution, and the evolution needs to come in the form of not just endpoint protection, but being able to do behavior analytics, non-signature-based capability at the endpoint itself in being able to process stuff in the cloud and being able to triage alarms between endpoints and network. So this is all about reducing the signal to noise ratio that comes out into your slot. And XDR takes it one level up and says, if you are bought into this vision of reducing the signal noise ration from an endpoint perspective, guess what, the next revolution has to being able to triage across your firewall [Technical Difficulty] Now the EDR vendors are paving the way for us in terms of opening the door and saying, hey, please, come on in Palo Alto Networks. Tell them about the virtues of not just EDR, but also how EDR networks work together. We have thousands of Traps customers. They are natural candidates for us to go to and say, look, you're already Traps customers. You're already firewall customers. You should be deploying XDR capability, which will make the life of your softs easier. I think we announced - we integrated our Cortex XDR APIs into Demisto very well this quarter. So even that is happening. So we are beginning to integrate more and more. So yes, we are -- the door is opening for us vis-à-vis existing EDR vendors, and you can expect us to put more acceleration and more focus in trying to compete with them in hand-to-hand combat.
At this time, I would like to hand the call back over to Nikesh Arora for any additional or closing comments.
Well, all I want to do is say thank you very much for your time this afternoon. As a reminder, we will be hosting over 4,000 customers and partners next week at Ignite this year in Austin, Texas. I look forward to meeting more of you in the months ahead. I also want to give a shout-out to all of our employees who work really hard this quarter and say thank you for all your hard work. And let's keep going, we have Q4 to do. Thanks, everyone.
That does conclude today's conference. We thank you for your participation.