Palo Alto Networks, Inc.

Palo Alto Networks, Inc.

$364.58
6.39 (0%)
NASDAQ Global Select
USD, US
Software - Infrastructure

Palo Alto Networks, Inc. (PANW) Q4 2020 Earnings Call Transcript

Published at 2020-08-25 10:24:13
David Niederman
Good afternoon, and thank you for joining us on today's conference call to discuss Palo Alto Networks' fiscal fourth-quarter and fiscal-year 2020 financial results. I'm David Niederman, Vice President, Investor Relations. This call is being broadcast live over the web and can be accessed on the Investors section of our website at investors.paloaltonetworks.com. With me on today's call are Nikesh Arora, our Chairman and Chief Executive Officer; Luis Visoso, our Chief Financial Officer; and Lee Klarich, our Chief Product Officer. This afternoon, we issued a press release announcing our results for the fiscal fourth quarter ended July 31, 2020. If you'd like a copy of the release, you can access it online on our website. We would like to remind you that during the course of this conference call, management will make forward-looking statements, including statements regarding the duration that impacts of COVID-19 in our business, our customers, the enterprise and cybersecurity, industry and global economic conditions, our financial guidance and modeling points for the fiscal first-quarter 2021, our expectations with regard to certain financial results and operating metrics for fiscal-year 2021, our competitive position and the demand and market opportunity for our products and subscriptions, benefits and timing of new products, features and subscription offerings, including those from our proposed acquisition of The Crypsis Group, ARR and various billing run rates, as well as other financial and operating trends. These forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. These forward-looking statements apply as of today. You should not rely on them as representing our views in the future, and we undertake no obligation to update these statements after this call. For a more detailed description of factors that could cause actual results to differ, please refer to our quarterly report on Form 10-Q filed with the SEC on May 22, 2020, and our earnings release posted a few minutes ago on our website and filed with the SEC on Form 8-K. Also, please note that certain financial measures we use on this call are expressed on a non-GAAP basis and have been adjusted to exclude certain charges. For historical periods, we have provided reconciliations of these non-GAAP financial measures to GAAP financial measures in the supplemental financial information that can be found in the Investors section of our website located at investors.paloaltonetworks.com. And finally, once we have completed our formal remarks, we will be posting them to our Investor Relations website under the quarterly results section. We'd also like to inform you that we will be virtually participating in the Citi 2020 Global Technology Conference on September 8 and the Deutsche Bank's Technology Conference on September 14. And with that, I will turn the call over to Nikesh.
Nikesh Arora
Thank you, David. Good afternoon, everyone, and thank you for joining us today for our fiscal fourth-quarter and full-year 2020 results. I hope you enjoyed the video we showed you before, our employees made that to celebrate how Palo Alto Networks has responded over the course of the year. I thought it would be a fitting start to everything we're talking about today. As you can probably tell, we're delighted with our results this quarter and extremely thankful for the resilience that the team at Palo Alto Networks has shown in navigating the current environment. I cannot appreciate their efforts enough. I also want to acknowledge the challenges that people are experiencing globally as a result of COVID-19. This is a difficult time and we need to pull our strengths and find empathy to get through it. Before we talk about the quarter, I wanted to go back and remind you of the journey over the last two years. Two years ago, and my first and subsequent earnings calls, I've shared my observations about the cybersecurity industry. I talked about the need for integrated platform, need for setting platform with industry leading solutions. I also talked about the need for us to become more relevant in emerging cloud security and the need to focus on AI, ML and automation. Two years later, we are well on our way to transforming from a single product category company to a three-platform company, a company that secures the network with Strata, secures the cloud with Prisma and a platform for AI/ML applications in automation with Cortex. We have been building products and acquiring new businesses to make progress toward our vision of providing integrated solutions. We are in early stages of our journey, but excited about the progress we've been able to achieve so far. The success of our transformation has strengthened our results to double down on the growth areas in cybersecurity and aspire to be the cybersecurity partner of choice; the partner, providing integrated, comprehensive and industry-leading solutions to our customers. We've had several conversations over the last two years around our M&A approach. As you have seen, successful M&A is an integral part of our approach. We have honed a disciplined framework to ensure that the companies require our productive investment and that they fit well within our long-term strategy. We look for industry-leading solutions that prepare us for tomorrow, and we focus on integration and retaining key talent, talent that has beat all odds and build solutions designed for tomorrow. We have been able to unlock value by activating our go-to-market and customer success machines with incremental technologies to accelerate the acquired businesses. When we analyze the performance of our acquired companies, we see that we are achieving our stated goal of increasing a given target company's internal business plan by 30% to 40% in the first 12 months of bringing them into the Palo Alto Networks family. We recently reviewed the M&A history of follow the networks with our Board. I'm delighted to report that the aggregate annual run rate of all businesses that we have acquired is 4 times what it was pre-acquisition. Just as important, we've also been able to retain the key talent that had helped build the acquired company. Let's look at some of the financial highlights from this quarter, starting with NGS. Two years ago, these collective offerings made up approximately 8% of our total billings. We closed FY 2020 with $928 million in NGS billings representing approximately 20% of the total. Additionally, NGS ARR was approximately $650 million in Q4 2020. Two years ago, we didn't have products that address the automation of cloud security markets. Today, we're doing multimillion-dollar deals in these areas, creating a strong foundation for our future growth. This is one of my favorite slides. NGS is growing faster than any of the single product newer public companies in the space. Let's take a deeper look in the piece parts of NGS. Turning to Cortex. We drove incredible innovation during 2020. We established a new category by transforming EDR to XDR, delivering detection and response across not just endpoints but also firewalls and cloud assets. In November, we introduced XDR 2.0, which featured a unified management UI, powerful new endpoint features and ingestion of third-party data and alerts. XDR is rapidly gaining transaction -- traction, sorry, and is the fastest-growing product within NGS 2 in 1,000 customers. We recently added Managed Threat Hunting, industry's first threat hunting service, operating across integrated endpoint network and cloud data. Cortex XDR's momentum continues to accelerate, including a seven-figure deal with a major energy company that chose Palo Alto Network as a key partner in their digital transformation journey. Cortex XDR helped them drive down the complexity of security operations by standardizing independent detection and response tools onto one superior platform. Through Cortex XDR, they were able to significantly reduce the number of alerts that needed to be triaged and investigated by their security analysts, all while gaining holistic visibility across the enterprise. As security products get more real time, it becomes more important to manage outcomes and respond rapidly. To aid our customers, we believe it is important to have a team of trained expert professionals to support them. To that end, we announced earlier today our intention to acquire The Crypsis Group, a fast-growing cyber consulting and incident response company. This acquisition allows us to serve current and new customers across a broad order set of their cybersecurity needs. Once the transaction closes, Crypsis will bring strong incident response, forensics and consulting capabilities to our XDR portfolio. They have served more than 1,700 organizations across the healthcare, financial services, retail, e-commerce and energy industries. In addition to being able to predict and prevent cyber attacks, Cortex will also now be able to mitigate the impact of any breach that our customers may face, thus strengthening Palo Alto Networks' position as a cybersecurity partner of choice for its customers. The Crypsis team, including the CEO, will join the Cortex speedboat. Let's turn to Cortex XSOAR. XSOAR is the industry's first extended SOAR platform with native threat intelligence management. XSOAR more than doubled their customers and billings over the last year, making it one of two leading solutions in the market. With the most recent launch of the XSOAR Marketplace, we are opening up the platform to both our partners and customers to enable automation for their security solutions. One of the key wins I'm most proud to highlight for Q4 was an eight-figure Cortex XSOAR deal, with a United States government agency. Cortex XSOAR was chosen as the cornerstone of their global SOC transformation initiative, resulting in a 75% reduction in their mean time to respond by automating key security processes across the organization. COVID further put XSOAR's real-time elaboration capability into focus, allowing the agency to rapidly shift their security operations to an entirely remote model, enabling them to defend the organization without any on-site personnel. Let's shift gears to Prisma. Prisma Cloud has come a long way this past year. We started with cloud security posture management and expanded our capabilities into cloud workload protection with container security and serverless security. Prisma Cloud, has by now acquired over 1,800 customers and boast 14% of the Global 2000 list. Our integrated platform approach in cloud security is working. We signed a seven-figure deal with a Fortune 10 company who will be using Prisma Cloud for both cloud security posture management and cloud workload protection. Several Prisma Cloud customers are consolidating multiple solutions with our unified cloud security platform. Today, a third of our customers are using both these modules. We will shortly launch new cloud security modules in data security, network security and IAM security. These modules will allow us to continue to execute on our vision of creating a fully integrated cloud security platform. Prisma Cloud continues to benefit from the overall global shift to cloud computing and the customer preference for platforms. We intend to work with our customers to continue to evolve this platform to serve their cloud security needs. Let's talk about Prisma Access. Prisma Access has been through an amazing journey in the last year. Combined with our recent CloudGenix acquisition, this is the most comprehensive SASE solution in the market. Prisma Access has been a powerful security tool as our customers go through a network transformation and create robust solutions for work from home for the long term. This is showing up in our numbers, with the combination of Prisma Access and CloudGenix nearly doubling their customer accounts over the past two years and achieving $90 million in billings in our fiscal fourth quarter. We are very excited to sign a nearly eight-figure deal with a major healthcare provider for Prisma Access in the fourth quarter, winning against a competitor by providing clear evidence that our solution provides the most effective security for their needs. Additionally, we saw very strong conversion of Prisma Access trials that were launched in response to COVID and work from home. A notable example is a major enterprise that called us on the first Friday of COVID lockdown because their data center lacked sufficient bandwidth for all of their remote employees. By Monday, they had 1,000 users up and running. And by Wednesday, they have shifted enough users as pressure on data center relieved. This quickly became their secure work-from-home solution, and they are now looking to extend Prisma Access out to all branch offices replacing their existing provider. We have many more similar examples of customers converting from Prisma Access trials, and we're delighted to have been able to help companies and the people remaining productive during this challenging time. While NGS is an important part of our go-forward strategy, we are equally proud of our progress and success of our firewall business. Recognized as an eight-time Gartner Magic Quadrant leader, we continue to relentlessly innovate to stay ahead of the pack. We continue to believe that firewall capability is essential and needs to evolve to deliver capability across all customer needs. Hence, we've been offering a consistent approach in our hardware, software and now containerized firewalls, and are also able to deliver them in the cloud with Prisma Access. We introduced our new PAN-OS 10.0 that features the industry's first machine learning-based powered next-generation firewall with advanced telemetry capabilities, the ability to secure containers, simplified decryption and many more groundbreaking features. To truly enable the firewall platform, we have worked on services that work seamlessly apart of our platform. The launch of IoT security subscription is our most recent example. In the last 18 months, we have doubled our subscription offerings from four to eight. DNS Security, which was launched in Q3 2019, has been our fastest-growing subscription with over 15% attach rate and now over 3,000 customers. Our software and next-generation firewalls continue to shine. VM-Series continues to capture new customers at a rapid rate with over 9,000 customers now using VM-Series, many of which are consumed through cloud marketplaces. And with the introduction of CN-Series, we can now apply next-generation firewall capabilities to containerize environments on-prem or in the cloud with consistent security and policy. Turning to the topic of COVID-19 and its impact on both the global economy and our business. When we met with you to review our fiscal Q3 results in May, the pandemic was still in early stages. As we speak with our customers, we hear and see a range of impact and feedback. Many companies are becoming more cost and cash conscious. Companies are also adapting to the new environment by accelerating investment in technologies to ensure the more dispersed work is secured. I believe that we are in the very early stages of this acceleration and that the next several years present significant opportunities for cybersecurity as an industry and Palo Alto Networks in particular. For our own old employees, the second half of our fiscal 2020 was indelibly marked by COVID-19. We responded quickly, taking rapid action to ensure the safety of our employees by establishing protocols and tools to work from home. We quickly gather our early efforts and named it FLEXWORK, recognizing that we were in the early stages. Today, I'm delighted to announce that we're launching the next phase of FLEXWORK to help our employees maintain health while being in productivity during COVID-19. The FLEXWORK program includes a broad range of initiatives, including FLEXbenefits and FLEXlearn. These initiatives will ensure that our people can choose benefits that make most sense for their working family environments and follow personalized learning paths designed to help them do their jobs and manage team remotely. We plan to give our employees an additional allowance of $1,000, the choice of various flexible benefits, and over time, we intend to individualize benefits, making them an employee choice. Even with all the challenges presented by COVID, the Palo Alto Networks teams have been able to adapt and maintain focus, allowing us to post some great results. I know we cannot sit on the progress achieved so far and need to focus on what is ahead. As I mentioned, we are pleased with our progress so far. Yet, we have a lot of work ahead of us. The macro environment, while better than we anticipated, is still uncertain. Here's what you can expect from us in 2021. We will continue to invest in our next-generation security and security subscriptions, both through organic and inorganic means to continue our transformation journey. We will do so in a financially prudent manner as we have been able to demonstrate. You can expect us to manage our organic operating margin in line with what was achieved this year. The work-from-home transition has created a challenge in the industry around hardware, and we expect this trend to continue. We have been shifting our customers to software delivered security and we plan to continue to do so. We expect most of our growth to come from software and services. While there are some cost savings due to COVID, we are planning to reinvest those savings toward our employees. We'll be more generous over the coming years to drive this transition to a FLEXWORK environment. In the words of my friend, Mark Benioff, we will be responsive to and support all of our stakeholders, not just our shareholders, because we believe that is how true value is created in the long term. I want to thank our amazing employees and partners for their contributions. Our success is only possible through our combined efforts. Now I want to take the opportunity to welcome Luis to Palo Alto Networks. Luis joined us almost two months ago from Amazon's AWS division and has been rapidly learning all things cybersecurity. We're extremely fortunate to have an executive Luis' caliber to lead our CFO organization. With that, I will turn the call over to Luis.
Luis Visoso
Thank you, Nikesh, for a warm welcome. When I wasn't here for the first two years of the transformation, I can clearly see that it is working, and we're only getting started. I'm encouraged by the value that Palo Alto Networks can create going forward. And I look forward meeting you in the upcoming events. Moving on to our results. I'd like to note that except for revenue and billings, our financial figures are non-GAAP and growth rates are compared to the prior-year periods unless stated otherwise. As Nikesh indicated, we had an extremely strong finish to our fiscal year, with fiscal Q4 billings of $1.39 billion, an increase of 32% year over year. Our Next-Generation Security business is performing strongly, with NGN billings of $357 million, which grew 86% year over year. Firewall as a Platform billings, which includes physical firewalls, VM, Prisma Access and CloudGenix grew 19%. In the fourth quarter, we beat our guidance across all guided metrics. Total revenue grew 18% to $950.4 million. For the fiscal year, we reported total revenue of $3.4 billion, an 18% increase year over year. Looking at growth by geography, Q4 revenue in the Americas grew 18%, EMEA grew 20% and APAC grew 16%. Q4 product revenue of $305.6 million was flat compared to the prior year. Q4 subscription revenue of $389.8 million increased 33%. Support revenue of $255 million increased 23%. In total, subscriptions and support revenue of $644.8 million increased 29% and accounted for 68% of total revenue. Turning to billings. Q4 total billings of $1.39 billion, net of acquired deferred revenue, increased 32%, driven by strong execution across the company, work-from-home tailwinds and continued success in Next-Generation Security. The dollar-weighted contract duration for new subscriptions and support billings in the quarter remained at approximately three years, flat year over year. We closed five additional Palo Alto Networks Financial Services deal, enabling our business by offering greater flexibility to customers. Our fiscal 2020 total billings were $4.3 billion, up 23% year over year. Product billing's were $1.07 billion, a decrease of 3% year over year and represent 25% of total billings. Support billings were $1.21 billion, up 28% and represented 28% of total billings. And subscription support -- sorry, and subscription billings were $2.02 billion, an increase of 40% year over year and represented 47% of total billings. Total deferred revenue at the end of Q4 was $3.8 billion, an increase of 32% year over year. In the fourth quarter, we continued to add new customers at a healthy clip, adding approximately 2,400 new customers in the quarter. We also continue to increase our share of wallet of existing customers. Our top 25 customers, all of which made a purchase this quarter, spent a minimum of $55.3 million in lifetime value through the end of fiscal Q4 2020, a 35% increase over the $40.9 million in the comparable prior-year period. Q4 gross margin was 74.3%, which was down 320 basis points compared to last year, as some of our fastest-growing products are still gaining the scale required to have the right cost structure and higher freight costs associated with COVID. We expect these headwinds to continue into fiscal-year 2021. Q4 operating margin was 19.8%, a decline of 180 basis points year over year and includes the impact of approximately $14 million of net expense associated with our recent acquisitions. For full fiscal-year 2020, operating margin was 17.6%, a decrease of 440 basis points year over year, compared to fiscal-year 2019 operating margin of 22%, and includes the impact of approximately $23 million of net expense associated with our recent acquisitions. We ended the fourth quarter with 8,014 employees. On a GAAP basis, for the fourth quarter, net loss increased 182% year over year to $58.9 million or $0.61 per basic and diluted share. For the full fiscal-year 2020, GAAP net loss increased 226% year over year to $267 million or $2.76 per basic and diluted share. Non-GAAP net income for the fourth quarter decreased 1% year over year to $144.9 million or $1.48 per diluted share. For the full fiscal-year 2020, non-GAAP net income decreased 10% year over year to $484.6 million or $4.88 per diluted share. Our non-GAAP effective tax rate for Q4 was 22%. Turning to cash flow and balance sheet items. We finished July with cash, cash equivalents and investments of $4.3 billion. This includes net cash of approximately $2 billion raised through the June 2020 offering of convertible senior notes due in 2025. Q4 cash flow from operations of $333.7 million increased by 44% year over year. Free cash flow was $301.9 million, up 69% at a margin of 31.8%. Capital expenditure in the quarter was $31.8 million. DSO was 81 days, an increase 26 days from the prior-year period, reflecting strong billings at the end of the quarter that will be collected in 2021. Lastly, in fiscal Q4, we completed a $1 billion accelerated share repurchase transaction announced in February, where we retired a total of 5.2 million shares. For the first fiscal quarter of 2021, we expect billings to be in the range of $1.03 billion to $1.05 billion, an increase of 15% to 17% year over year. We expect revenue to be in the range of $915 million to $925 million, an increase of 19% to 20% year over year. We expect noncash EPS in the range of $1.32 to $1.35 using 99 million to 101 million shares. We do not expect Crypsis to have a material impact to Q1 results. Additionally, I would like to provide some additional modeling points. We expect non-GAAP effective tax rate to remain at 22%. Capex will be approximately $35 million to $40 million. Turning to the full fiscal-year 2021, I would like to provide a few markers on how we expect to perform. We expect billings to grow in the mid-teens and revenue to grow the high teens, with product revenue flat to slightly down year over year. As Nikesh mentioned, we expect flat organic operating margins as we continue to invest in NGS and our employees during COVID times. EPS is expected to grow in the low to mid-teens as we face headwinds from lower interest income. Lastly, we expect our annual free cash flow margin to be consistent with 2020 margins. To note, we expect Q1 free cash flow margin to be higher than the year due to strong Q4 '20 billings. With that, I'd like to open the call for questions. David, please poll for questions. A - David Niederman: Thanks, Luis. [Operator instructions] Our first question will come from Saket Kalia from Barclays. And our second question will come from Keith Weiss from Morgan Stanley.
Saket Kalia
OK. Great. Hey, guys. Thanks for taking my question here. And welcome, Luis. Look forward to working with you. Nikesh, a lot to talk about on the next-gen security side. But maybe just to get it out of the way and touch on the core firewall business, can you just talk about what you saw this quarter in terms of customers' appetite for appliances? And which attached subscriptions perhaps maybe surprised you to the upside?
Nikesh Arora
Well, Saket, thank you very much for your question. Look, as we've been talking about the macro environment for a while now, and a lot of customers are not in their offices. When customers are not in their office, it's very hard for hardware to be delivered or POCs to happen. So we are calling that hardware is going to continue to be a tough business in the next 12 months. We saw appetite from existing customers who are expanding their state who are getting more firewalls because they need more capacity. You don't see as much new firewall business out there or new hardware business out there. So we have to be very careful and cautious around it, but we are seeing that being supplemented by a lot more software-based solutions. So you saw the success and strength in Prisma Access. You all success in our VMs. So we are seeing people step up and solve that problem using our software solutions more and more. And in cases where they need more capacity for more VPNs or more remote users, they are expanding capacity of firewalls or if they are going to a cycle where there are some firewalls getting end of life, they are doing a refresh in those cases. But in terms of subscriptions, I have to say, as I highlighted, DNS, which we launched in Q3 2019, has hit 3,000 customers mark. We are in the process of allowing subscription capability in the future on software firewall format. So you will see us continue to drive the subscription thing with early priority, but we have a lot of expectation of IoT because we believe that's an important need from the enterprise perspective. So we have launched B1 with our most recent MLR firewall, and we hope to be able to add more enhancements to IoT and make a success of that as well. This is hardware, I can see myself. I'm used to doing this on the earnings call.
David Niederman
Great. Our next question comes from Keith from Morgan Stanley.
Keith Weiss
Thank you, guys, for taking the question. And a very nice quarter. Really impressive overall billings, as well as those next-gen security billings really sustaining a ton of momentum. I wanted to tack on to Saket's question. And better understand, when we think about the kind of the overall firewall platform billings growing 19%, that's a very impressive number. Is there a substitution effect going on? And is there any way that you could quantify that in terms of people taking Prisma Cloud versus taking firewalls and maybe some substitution of dollars going from one side of the equation to the other versus product revenues?
Nikesh Arora
Yeah. Thanks, Keith, for the question. I think yeah, there is substitution going on. If you look at the example I highlighted in the call, where one of our customers was running out of capacity in their data center to be able to remote secure access and we went and deployed Prisma Access. They got 1,000 people live and -- over the weekend. They got more people live by the end next -- the following week, and now they're going to go put Prisma Access is across the entire state, across all their offices, and that would have been a box sale. Two years ago, that will mean more boxes in data center running VPN. So there's clear substitution going on. Prisma Access is substituting hardware. Now I like it because: A, it's a software form factor, which means we can update and upgrade that software on a more regular basis in hardware. So the customer has to do the updates and upgrades, and which is where the security risk comes in. So for us, having software form factors out there is a long-term amazing total cost of ownership benefit, not just for us, but our customers, allow us to keep updating security as we go on. So yes, the substitution is happening. It's happening from the hardware format to the software format in the case of Prisma Access. Or take the case when a customer says, as we at Palo Alto Networks, we have significantly shrunk our data center capacity. We basically shifted all of our own compute to Google Cloud or to AWS. And when that happens, we're not deploying more hardware in our data centers, we're actually buying more cloud from the public cloud providers. And to protect ourselves in those situations, we're putting our VM-Series firewalls or our CN-Series firewalls in the future against our cloud incident. So that's, again, because we're moving to the cloud, we're substituting our own hardware purchases or our own hardware deployment with what is a containerized or a VM firewall. So in both cases, you're seeing the substitution happen. That's why we've been talking about this Firewall as a Platform number for the last year and a half, saying, look, pay attention to that number because when these substitutions happen, some vendors or some partners or some industry players have some of those solutions, not all of them. And the virtue of us having all three form factors, whether a cloud-based firewall or a firewall that can operate in the hardware form factor or to Prisma Access or against the public cloud instance that allows us consistency and allows us to pitch the right firewall for the right situation.
David Niederman
Our next question will come from Phil Winslow from Wells Fargo. Then we'll have Walt Pritchard from Citigroup.
Phil Winslow
Great. Thanks for taking my question, and congrats on a strong quarter. Wanted to focus in on just the go-to-market effort. Wondering if you can give us an update heading into this fiscal year, how do you feel about sales productivity, sales capacity and also just the incentive structure? And anything that you're changing this year, any priority focuses for fiscal '21?
Nikesh Arora
Well, we're going to make sure that we don't do what we did two years ago, that's your question. I don't want to use the word unprecedented because I think it's been used too often. But launching it -- right now, we're going through our sales kickoff. We've gone from a three-day event, which used to be physical last year in Vegas, and I'm not missing Vegas, but is turning to a six-week learning journey, and we're instrumented everything online, where people have to go through the learning process, and they're going to upload their video pitches up into a platform and each of them are going to rate each other and critic other. So we are all learning with the times in terms of how to go sort of initialize a sales force and new fiscal year. And I think our teams are doing a really good job of making that happen. So from that perspective, I am not concerned about our ability to go out there and create the opportunities from our sales teams. I think the real question going into next year is how do we continue to maintain the momentum. And as I've said, we intend to keep investing in our transformation that we've done so far with next generation security. We're all very pleased. If you'd asked me at the Analyst Day two years ago, what did -- one year ago, what did I think were the biggest risk was? My biggest risk was can we get to $805 million of billings for Next-Generation Security because they're all sort of somewhat fledgling businesses we bought, we were going to integrate them. We're going to go and convince customers that this is the right way to go buy cybersecurity. And $928 million of billings, just was a welcome surprise also for us in a good way. Our teams love the products. Our customers are loving the product. So we're just going to try and keep that momentum going into next year. All of our sales tweaks or commission tweaks or go-to-market weeks that we make are going to be aligned toward meeting the objectives that we set out to ourselves. So we're hoping not to make any major shifts yet keep doing and investing in the direction that the teams have shown success in so far.
Phil Winslow
Great. Thanks, Nikesh. And should we expect Nir to drop an electronic flute this coming fiscal year?
Nikesh Arora
You know what? That video was sent to me by an employee two days ago, and it was very sort of amazing that they put it together, we thought it was a worthwhile thing to show. And I don't even know where or when Nir was caught playing the electric flute. My son trying to jump on my back while working on, so -- David?
Phil Winslow
Awesome. Well, thanks, guys.
David Niederman
Great. Can we go to Walt from Citigroup, please? Walt?
Walt Pritchard
Hi. Thanks. Yes. I'm here. So just a question on margins. I guess you took on pretty significant margin dilution in fiscal 2020. Could you help us understand the puts and takes around margins as we head into '21? And especially, you've seen that revenue on those acquisitions, it sounds like ramp quite a bit and take care of some of that dilution. Can you help us understand where the incremental investments are going relative to keeping those margins flat?
Nikesh Arora
Yeah. Well, I think if you think about the success in NGS, so what we did was we deployed a speedboat model, which was we created a dedicated sales team that was helping us sell Prisma Cloud and helping us sell Cortex and Cortex XSOAR. And now what we're doing is we're trying to, a, keep that momentum. You saw that we grew that number 105%. And that requires us to make sure we continue to invest in the sales team, which can actually go compete with some of the other players in the market. And go into hand-to-hand combat for some of the larger deals. What we've also done is we're deploying that capability across our entire core sales team, what they are able to take the products and done with it. So we track very carefully how people are spending time and how much of our new products they're able to sell. So we're glad that the proportion of our sales teams that are able to sell Next-Generation Security continues to rise, which is a good thing. But we continue to hope to make investments in that direction. The other part, which Luis alluded to, is that as we see ramp-up in next-generation security because there's a significant amount of deployment expense and consulting expense, which is a one-time expense that happens early in the life cycle of us deploying this product, you see that we have some compression in the first year of the margin, both on the gross margin, the operating margin both sides when we deploy the services. So it's really -- you're seeing the margin impact of the significant ramp-up of our growth in Next-Generation Security. Luis, do you want to add something?
Luis Visoso
No. I think you covered it well, Nikesh. Nothing to add.
Walt Pritchard
Thank you.
David Niederman
Great. Our next question will come from Fatima Boolani from UBS and following Fatima, we'll have Sterling Auty from JP Morgan.
Fatima Boolani
Great. Good afternoon, everyone. Thanks for taking my question. Either for Nikesh or Luis, nice to meet you. I wanted to drill into your fiscal '21 outlook, appreciate sort of the high level trajectory of the key metrics in the business. But as I triangulate between a near triple-digit growth in your NGS portfolio, which is now a fifth of the mix. As I think about the software business contribution accelerating and even substituting hardware, I'm wondering what's may be underpinning some of your conservatism on a mid-teens outlook. Would love to get some of your puts and takes and your thought process behind that outlook relative to the 32% you did this quarter?
Luis Visoso
Yeah. Thank you for the question, and nice to meet you. I think there -- we should take to account two factors. One is the strong performance of Palo Alto Networks, right? So we're performing very strongly, and you see that in our Q4 results, and you see that in our guidance. But we -- there is still a lot of uncertainty out there, and we want to be prudent as we give guidance for the year or as we set our framework for the full year. So we just want to be prudent as we think about it, just given the uncertainty.
David Niederman
Great. Our next question comes from Sterling Auty from J.P. Morgan.
Sterling Auty
Yeah. Thanks. Hi, guys. So I want to drill into the acquisition of Crypsis. So we're watching FireEye actually separate their product business from their services business. And I just want to make sure, is there an intention with this acquisition to have the incident response actually drive follow through purchasing of products. Is that what you're looking to accomplish with it? Or is it a different strategy in terms of the acquisition?
Nikesh Arora
Sterling, that's a great question, and I would not comment on FireEye. But we have noticed when it comes to XDR, the customers are both excited about having a managed capability around it, as well as we've noticed that in the case of incident response, typically, if you have a good set of products, and those products help you protect in that or help you diagnose during that incident, the customers are reasonably keen on deploying those products on a larger scale. We've experienced that with XDR even without having incident response team. We've been called in by many of our large customers in certain cases where we've gone on sort of -- on a partnership basis, gone and help them in the case of an incident or in the case of a breach. And almost all times, invariably, the customers have actually embraced XDR and deployed it in large numbers. So we've noticed that, and we believe that if we had a team that was being sort of canvassed and asked to come in and do -- help in this case, Crypsis has done 1,700 such responses from an incident perspective, we think the upsell or cross-sell possibility for XDR, if it's the right product, in that instance, is huge. So we think -- I think this will significantly allow us to amplify our success in XDR in the future.
David Niederman
Our next question will come from Catharine Trebnick from Colliers, and then we'll have Patrick Colville from Deutsche Bank.
Catharine Trebnick
All right. Nice quarter, gentlemen, and thank you for taking my question. During the quarter, several of the IT executives they spoke to, attacked a lot about Microsoft and the native firewall. Could you drill down for us on your capabilities versus theirs of where you think they are in achieving growth through their native firewall? Thank you.
Nikesh Arora
Well, thank you for asking the question. And I was hoping that there'll be a question whether I can point to Lee because he is wearing his nice cream shirt today. So Lee?
Lee Klarich
Thank you, Nikesh. Good question, Catharine. What we have seen relative to the cloud providers is they -- it's very important to them to have a set of security capabilities that helps remove certain obstacles for getting customers to consume more and more cloud, but not necessarily going to the level of true enterprise class. And I think that's the underpinning of our success with VM-Series and just recently released CN-Series, Prisma Cloud as well. We're really focused on bringing the enterprise-class capabilities that our customers expect in a much more tightly integrated fashion, and being able to then take those capabilities and go multi-cloud, as well as hybrid cloud. And so one of the key differences in our approach is our ability to support our larger customers as they have multi-cloud strategies, whereas the cloud providers themselves are almost by definition, going to be single cloud in their solutions.
David Niederman
Great. Now we'll have Patrick Colville from Deutsche Bank.
Patrick Colville
Thank you for taking my question, and congrats on a great quarter. Can we just talk about the products, fiscal '21 kind of color you gave. I appreciate the world is changing. We're going to more software-driven world, nonetheless hardware. But the guidance you gave is suggestive of kind of market share bleed to Fortinet and Check Point. And so just any thoughts around does that matter? Are you guys now more focused on the kind of software components? Just help us, I guess, get your thinking around the hardware side and what used to be the core business.
Nikesh Arora
Yeah. I think, Patrick, thank you for the question. I don't get to the same conclusion. So the way we think about the firewall platform, as you see, we consider a situation where we sell Prisma Access could have been a hardware situation. And if you sold Prisma Access with CloudGenix and SD-WAN solution, we think that's a like-for-like deal where we're not losing market share. And the reason we've been talking about Firewall as a Platform last half and a year or so is when we look at market share from the firewall perspective and say, am I selling more firewalling capability than the industry growth rate. I think the industry growth of firewalls is in the low single-digit range. And if we can deliver Firewall as a Platform growth rates in the high teens, that's a good outcome for us. So we grew Firewall as a Platform at 19% industry probably grew 3%, 4%. We think we took share. I took share with software, which I think is in the long term, much better outcome for us, that could allows us to leave our customers in a better situation. And also, it's not a hardware dependent business where there's more risk. So we don't -- you don't get to the same conclusion on loss of market share. As long as I'm growing Firewall as a Platform in the ranges that we have, I think, we're taking share. We may be shifting share, to the earlier question, from hardware to software, but we don't have an intention of losing any share to anybody in the market. Hopefully, we intend to gain share in the market. And I think you have to look at it more holistically across what Zscaler is doing, what Check Point is doing, what Microsoft firewalls are doing, what our firewalls are doing. If you look at that as a total firewall market, we want to be growing that share of that pie. And even the current environment, as I've said, it's very hard to go deploy hardware or sell hardware customers because many of them are not there in the office to take delivery and do proof of concept even. So we're delighted that we have software form factors to be able to sell them in this environment and deploy them remotely because that's what the customers are looking for right now.
Patrick Colville
Thanks for the color.
David Niederman
Our next question comes from Rob Owens from Piper Sandler, and then we'll Brian Essex from Goldman Sachs.
Rob Owens
Great. Thanks for taking my question. Wanted to drill down a little bit more into Prisma Cloud and some of the newer offerings that you guys discussed relative to data security, network security and IAM. Are those products going to be from Palo Alto exclusively? Would we expect you to partner with some of the other vendors in the market? Any incremental color in terms of timing or functionality be appreciated. Thanks.
Nikesh Arora
So I'm going to give you a perspective, and I'm going to ask Lee to jump in and talk about the margin. Look, one of the points of view we have taken as we deploy our next-generation of products, whether it's cloud security or Cortex, we have tried to make sure that we give the customers the best-of-breed integrated solution for cloud security. So when we bought RedLock, we bought Twistlock and PureSec and Aporeto, we made sure they were integrated into one platform. The way we sell it is we go to a customer and say, buy credits. Our customers buy credits to use our products. And we keep introducing these new modules within our product and as the customers experience their product, they start exploring these new modules and start using them, which keeps decrementing credit. So we're trying to create scale from a go-to-market perspective and provide them the best capabilities. So toward that end, the 1,800 customers we have for Prisma Cloud, these customers barring on-prem versus cloud versions, they will have the opportunity of experiencing every one of our modules without having to come out and buy it from us. They would already have it as part of the product. And if they choose to use it, they will decrement their credits faster. So that's our strategy. And toward that end, we believe that the true benefit for the security solution of the customer, as well as for us economically is if we don't have to go do a sort of a sales role every time that we are launching a new module because we believe cloud security is not fully developed as a platform. So we will have seven modules sometime later today, and I'll let Lee talk about the future functionality.
Lee Klarich
Yeah. So one of the very strong points of feedback we're hearing from our customers with Prisma Cloud is our ability to give them both breadth of capability, as well as depth in those capabilities is really resonating. They like the strategy of an integrated platform, delivering increasingly comprehensive set of cloud security capabilities that they need. So with that in mind, these three new modules that will be coming out, we expect this fiscal quarter are really exciting. The first one is data security. So this is effectively applying both DOP, as well as malware scanning to cloud storage. Cloud storage -- basically, data breaches is one of the big challenges a lot of customers deal with. And this module will aim to address and fix that. Second is a module focused on web application and API security. So this will play in the sort of the WAF and RASP market categories. And fully integrated, leveraging the exact same agent that our customers have already deployed when using us to do container and serverless security. And then IAM security, which is focused on the cloud credentials that customers have and a really big challenge around overprovisioning and permissioning of those credentials. And so this will give visibility, as well as security around how to lock those down with the right security policy and then tying this back to what cash as these new modules are available, our Prisma Cloud customers will simply be able to start using them, and decrementing the capacity they've already purchased from, is making the -- turning on and using these new modules super simple.
Rob Owens
Thanks.
David Niederman
Next question is from Brian Essex from Goldman Sachs.
Brian Essex
Great. Thank you. Thank you for taking the question. Nikesh, I just had a quick question on OS 10 and saw that you released it a few weeks ago. And I was wondering how meaningful that cycle should be relative to other releases. Is that something that customers are going to get automatically with their subscription? And how might we expect this to be rolled out throughout your installed base?
Nikesh Arora
So the -- obviously, super excited about the release and all of the capabilities, the ML powered next-gen firewall really just infusing machine learning into the core of the product. I'd say to begin with any of our customers who have a hardware device or a software form factor able to use it. However, they need to be on some of the newer hardware platforms. So this will incent some customers who are still on older generation of hardware to want to upgrade in order to get these capabilities. Second, this is the release that will unlock some of the newer subscriptions we talked about, including IoT security. And so there will be added incentive for our customers to get to 10.0 in order to take advantage of those new subscriptions.
Brian Essex
Great. Thank you very much.
David Niederman
Our next question will come from Brent Thill from Jefferies. Following Brent, we'll have Jonathan Ho from William Blair.
Brent Thill
Great. Nikesh, over the last year, you're now approximating well north of $800 million in M&A. We appreciate the payback that you gave us, but kind of just maybe give us a sense, do you expect this pace to continue? Or do you feel like you need to digest what you have now and you've got the core pieces to achieve would you like go forward at this point?
Nikesh Arora
Brent, as we highlighted in the prepared remarks, we have followed a very disciplined approach. We look at -- we're constantly looking at new cybersecurity capabilities in the industry. As you know that as soon as Antidote is found toward a cyber breach tactic, the hackers start working the next way to try and figure out how to hack the customers. So we have to be constantly on the lookout. And we've taken a very, very proactive point of view that we don't want our customers have to go integrate these solutions themselves, which is what causes the chaos in cybersecurity. So we've stepped up and said, we're going to become more and more comprehensive player in areas where we believe we can add value. So we're not going to -- we don't see value in going after old red oceans where there's enough players in the market. And we're not trying to create a place to get everything. We're trying to get to a place where the product that we deliver or the platform we deliver has all comprehensive capability. And as I've said, cloud security is not fully evolved because we are all moving to the cloud and discovering across the entire process. And our customers are having to integrate some solutions. That's why we've chosen to acquire some companies but also build these next few modules that Lee highlighted internally organically because we believe the cost of integration will be higher than doing organic development ourselves. So we're just -- we're constantly on the lookout to make sure that we are solving the problem with the customer. We will continue to stay on the lookout, Brent. And all we're trying to highlight is that we're not -- we're very thoughtful when we do M&A. We look at it both from an economic and a product perspective. And so far, our track record has shown that we are able to significantly accelerate the capabilities once we acquire these companies, both from a go-to-market perspective or a product perspective, and we're going to continue looking at the market from that lens.
David Niederman
Jonathan Ho, William Blair.
Jonathan Ho
Great. Just with Strata, can you talk a little bit about whether -- where you're seeing the fastest growth in terms of that product set? And digital transformation maybe create a second wave of security investment around the CN-Series and some of the other products in Strata?
Lee Klarich
Jonathan, so to your first question, where we're seeing the fastest growth. I mean I think, obviously, as you've seen, we're seeing great growth across the platform. [Indiscernible] Firewall as a Platform and inclusive of Prisma Access and the newly integrate CloudGenix, Prisma Cloud, certainly with the recent acceleration of the shift to cloud, Prisma Cloud has been a fantastic cloud security platform available for our customers to help them in that shift. And Cortex is really gaining traction both around XSOAR and XDR.
David Niederman
Great. Our next question comes from Brad Zelnick, Credit Suisse. And this will be our final question.
Brad Zelnick
Thanks so much for fitting me in, and congratulations on the momentum into Q4, very impressive. I got an easy one for you guys. I just wanted to ask about the spike in DSOs. So it's completely natural to understand why this quarter you would see the month of July being so heavily back-end weighted. But if you were to normalize and assume a more normal linearity to this Q4, how much of this is because of extending payment terms, if at all? And what are you seeing with customers and their need to spread out payments? Thank you.
Luis Visoso
Yeah. That's an easy question, as you said. No, we do not expect any -- from any structural changes. We do expect to get back to a normal level in Q1. [Indiscernible] this is how our billings came in Q4, but we don't expect this to be an issue going forward.
David Niederman
That concludes the Q&A portion of our call. Thank you for all your questions. Back to Nikesh for closing remarks.
Nikesh Arora
Thank you, again, everyone, for joining us today. Palo Alto Networks remains committed to helping our employees, partners and customers navigate the challenges posed by global pandemic in every way we can. We're striving to empathize with those suffering from the worst impacts and then help in our communities and networks where possible. I'm encouraged by the positive attitude and teamwork I see on display from our committed employees, and this helps fuel our drive to continue our mission of making each day safer and more secure than ever before. We look forward to connect virtually with all of you at one of the many upcoming investor calls. Be safe and stay healthy. Thank you again for joining our call. Have a great evening.
David Niederman
You can now disconnect.