Palo Alto Networks, Inc.

Palo Alto Networks, Inc.

$364.58
6.39 (0%)
NASDAQ Global Select
USD, US
Software - Infrastructure

Palo Alto Networks, Inc. (PANW) Q3 2021 Earnings Call Transcript

Published at 2021-05-20 22:24:07
Operator
Good afternoon and thank you for joining us for today’s conference call to discuss Palo Alto Networks' Fiscal Third Quarter 2021 Financial Results. I am Walter Pritchard, Senior Vice President of Investor Relations and Corporate Development. This call is being broadcast live over the web and can be accessed on the Investors section of our website at investors.paloaltonetworks.com. With me on today’s call are Nikesh Arora, our Chairman and Chief Executive Officer; Dipak Golechha, our Chief Financial Officer; and Lee Klarich, our Chief Product Officer. This afternoon, we issued a press release announcing our results for the fiscal third quarter ended April 30, 2021. If you would like a copy of the release, you can access it online on our website. We would like to remind you that during the course of this conference call, management will make forward-looking statements, including statements regarding the impact of COVID-19 and the SolarWinds attack on our business, our customers, the enterprise and cybersecurity industry, and global economic conditions; our belief that cyber-attacks will continue to escalate, our expectations regarding the single equity structure, our expectations related to financial guidance, operating metrics, and modeling points for the fiscal fourth quarter and fiscal year 2021; our expectations regarding our business strategy, our competitive position and the demand and market opportunity for our products and subscriptions, benefits and timing of new products, features, subscription offerings, as well as other financial and operating trends. These forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. These forward-looking statements apply as of today. You should not rely on them as representing our views in the future, and we undertake no obligation to update these statements after this call. For a more detailed description of these factors that could cause actual results to differ, please refer to our quarterly report on Form 10-Q filed with the SEC on February 23, 2021, and our earnings release posted a few minutes ago on our website and filed with the SEC on Form 8-K. Also please note that certain financial measures we use on this call are expressed on a non-GAAP basis and have been adjusted to exclude certain charges. For historical periods, we have provided reconciliations of these non-GAAP financial measures to our GAAP financial measures in the supplemental financial information that can be found in the Investors section of our website located at investors.paloaltonetworks.com. And finally, once we have completed our formal remarks, we will be posting them to our Investor Relations website under the Quarterly Results section. We’d also like to inform you that we’ll be virtually participating in the JPMorgan 49th Annual Global Technology, Media and Telecommunications Conference on May 24 and the BofA Securities 2021 Global Technology Conference at June 8. Please also see the Investors section of our website for additional information about conferences that we may be participating in. And with that, I’d like to turn the call over to Nikesh.
Nikesh Arora
Thank you, Walter. Good afternoon and thank you for joining us today for our earnings call. Let me begin with the current cybersecurity landscape. After the December SolarStorm attack, we saw an acceleration in attacks throughout our third quarter and after the quarter closed. These range from software supply chain attacks like SolarWinds and Codecov to ransomware attacks like Colonial Pipeline. Ransomware especially has been in the spotlight recently and data from our own Unit 42 shows that the average ransom paid in 2020 tripled from 2019 and in 2021 it's more than doubled again. The highest demand we’ve seen is $50 million, up from $30 million in 2020, with organized groups with near nation state discipline perpetrating coordinated attacks. The targets are not only corporations where healthcare and pharma is a focus with the pandemic, but also government organizations and shared infrastructure. The reason for this vulnerability is deep seated. Organizations run their operations on technology that is decades old, sometimes predating the internet. They continually bolt on new technologies to automate facilities, and make them compatible with the modern internet, but those platforms are inherently insecure. At the same time, cyber defenses are fragmented, making it very challenging to block sophisticated attacks and lengthening meantime to discovery and repair. Lastly, more and more businesses and consumers are coming online without a baseline of productive protection. In such a scenario, it is imperative that customers focus on securing their most critical assets, while also focusing on reducing the fragmentation and leveraging new technologies like artificial intelligence, machine learning and using those approaches. With that backdrop, let's focus on our results. Overall, we saw continued strong demand environment and our own continued execution drove Q3 billings revenue and EPS side of guidance. We saw billings growth accelerated 27% in Q3 ahead of our 24% revenue growth forecast with growing ratable revenue contribution. I want to highlight one dynamic regarding our billings to help you better understand the drivers. During COVID, some customers were asking for annual billing plans to meet their needs. We noted to you that we saw success with larger, more strategic transactions in Q3. Along with these deals, we saw an uptick in annual billings plans. Normalizing for this, our billings would have grown greater than 28%, nearly two points higher than we reported, which is the highest billing growth we have seen in the third quarter since Q3 of fiscal year 2018. Last year, we saw billings plan have an approximate one point impact along with billings. We also saw 38% growth in our remaining performance obligations. This metric is growing faster than both revenue and deferred revenue, and will be a source of consistent revenue growth in the future. Within the strong performance, we also saw 71% growth in ARR or annualized recurring revenue from our next generation security offerings, where we finished our third quarter at $970 million up from $840 million in Q2. These ARR, billing and RPO trends drove 24% year-over-year growth in our reported revenue. It's worth noting, given your attention to NGS ARR, that in the very first week, in the first day of Q4, we transacted one of our largest next generation security deals in the history of Palo Alto Networks, with a Fortune 30 manufacturer, which brought in $7 million in NGS ARR. So we're already at $980 million on the first day of this quarter. With the acceleration and incremental NGS ARR in Q3 and trends we see in the business, we continue to have confidence in our Q4 targets of $1.15 billion in [ending] (ph) NGS ARR. As part of the strong Q3 performance, we saw notable momentum in large transactions with 901 customers having spent $1 million Palo Alto Networks in the last four quarters. This cohort of customers was up 29% year-over-year growing ahead of our overall revenue and billings growth. This growth in active [indiscernible] customers has accelerated in recent quarters. As part of this large deal performance, our business is benefiting from growing adoption of multiple Palo Alto Network security platforms across startup [indiscernible]. In Q3, 70% of our global 2000 customers have purchased products from more than one of these platforms and 41% have purchased all three platforms. This is up from 58% and 25% two years ago. Turning to our product areas, earlier this year we started the dialogue around network security and cloud and AI and shared additional financial metrics to give you more transparency. Having these two product areas under the common umbrella of our world class R&D and go-to-market organization is key to our strategy being the largest cybersecurity company in the world. Starting with the network security side of our business, we are the leader in this business. Our strategy of selling customers leading firewall platform delivered to hardware, software or as a service form factor underpins our success in this market. This has resulted in the business that is 28% larger than our next peer on a revenue basis in Q3. Also if we look at leading indicators that include deferred revenue and RPO, our scale comes through even further, we are 40% to 50% larger. On this leading balance sheet metrics, we’re growing faster than our next peer. Three years ago, when I joined Palo Alto Networks, we were hardware based Firewall Company. We had a vision of a hybrid world where the enterprise and data centers would remain predominantly hardware oriented, growing adoption of software form factors like our VM series firewalls. Meanwhile, the remote access and remote office work, this opportunity has been transformed by cloud adoption and work-from-home trends to feel secure access service edge or SASE adoption. The reception to our strategy of delivering a firewall and multiple form factors has enabled the accelerating Firewall as a Platform growth rates we just showed you. Within our Firewall as Platform billings, we’re seeing a distinct mix shift towards software. The software mix, which includes our VMs and SASE business, now makes a 40% of Firewall as a Platform, up 21 percentage points from a year ago. We saw seven figure transactions for our software firewall capability, including VM and CN-Series with a U.S. government agency, a Fortune 30 manufacturer, and a diversified financial services company. While, we have seen the significant transition and form factors, one driver of growth in value in our business, our attach subscription support have grown at a steady rate over the last several quarters on a revenue basis. We expect the software mix to continue to increase in the medium-term, although along with this, we expect to continue to see attach subscription as a key growth driver. We’re showing you for the first time here, the NetSec annualized recurring revenue, which was 2.66 billion at the end of Q3 and grew 25%. As a reminder, this does not include our hardware business, which continues to be significant. This recurring revenue business is a key driver to strong cash generation, which we have guided to 42% for NetSec in FY 2021. We believe this high degree of recurring revenue and strong cash flow generated by NetSec is something that should be more clear now, given this incremental disclosure over the last two quarters. Now, turning to innovation and focusing first on Prisma SaaS, back at the beginning of the pandemic, we saw customers look to significantly expand remote access capability, while not compromising security or user experience. We’ve met that demand with free remote access trials and broad proof-of-concepts, enabling customers to see that value in Prisma Access, as well as supporting the network transformation as they move to the cloud. We’re seeing these efforts as well as momentum generated for the 2.0 launch, driving strong initial purchases and [indiscernible] expansions. This quarter, we saw a number of large Prisma Access transactions including a global technology company, a large manufacturer, and a Fortune 10 healthcare company, all eight figures or greater. Additionally over 25% of our Prisma Access new customers in Q3 were [net new] (ph) to Palo Alto Networks. Lastly, we're seeing early traction in our service provider partners for Prisma Access, including Comcast, Verizon, Orange Business Services. These relationships are part of broader initiatives to serve providers that we see as a significant growth opportunity. Just yesterday, we announced a significant release in network security focused around a comprehensive approach to Zero Trust. This is timed well and last week's executive order out of the White House that defines Zero Trust in a way that is very consistent with the Palo Alto Networks strategy. There has been a lot of noise in the industry around Zero Trust Network Access, a solution continue to be fragmented around either remote users, access control, or enterprise apps. Our approach covers all users and devices, all locations, all apps and the Internet applying consistent access control and security. Our new PAN-OS 10.1 release brings cloud based identity controls, integrated CASB and enhancements to our URL and DNS Security Services. Palo Alto Networks position across appliance, software and [SASE] (ph) is unique, and these new innovations are applicable to all our customers across all form factors. This is one of the most significant innovation releases for our next core, next generation firewall franchise, and gives us confidence in continued NetSec growth as we look forward. Now, moving on to cloud and AI, On the Prisma Cloud front, we continue to build on our early leadership position in Cloud Security Posture Management, Cloud Workload Protection capability, a marketplace delivered virtual firewalls, where we are the largest player across this opportunity set. Our strategy is to stay ahead of customer demand as they adopt cloud native security services across hyperscalars. We believe we've staked out a leadership position in cloud native security this business. We've achieved over $250 million in ARR across Prisma Cloud in our marketplace VM-Series. Fueling this growth is 39% growth in total customers and 38% growth in global 2,000 customers across Prisma Cloud. Our unique consumption model in Prisma Cloud based on credits, enables customers to use any of our modules across the cloud deployed workloads, including using multiple capabilities for workloads. We're seeing strong growth in credit consumption, with over 100% growth year-over-year in Q3. Despite our strong position with Prisma Cloud, targeting an early opportunity, we see the next big challenge in security at the developer level, or shift left security. We recently addressed this with our acquisition of Bridgecrew completed in Q3. Traditionally, security issues in code pose a challenge for the CCEL organization. And we're seeing leading companies drive a collaborative approach between the CCEL organizations to address this. Shift Left integrate security into the DevOps process to catch these issues upfront, where they are easy and quick to fix. It's a win for developers and a win for security. Bridgecrew has as an open source product; Checkov, this product delivers significant value to developers to a free download. Post the acquisition close on the release of 2.0 of Checkov, we our Bridgecrew download accelerate was also seeing strong momentum and speed customers, including a six figure customer in Q3. We're only in the very early stages of cross selling between Bridgecrew software and Prisma Cloud our cortex product area, we continue to focus on delivering significant volumes of innovation to XDR XOR, and our recently acquired expense product. In Q3, we deliver a new release of XDR, which expands endpoint query capability and improved visibility into network activity, XOR we significantly expand our market based partner integrations to increase the set of automation and security playbooks that customers can deploy. Seeing this result in steady cortex customer additions to XDR and extra customers, there were 2,400 customers starting from essentially scratch two years ago. Focus in innovation has been validated by the market as well. We were particularly proud of this validation where Cortex XDR in Q3 were regarded the best overall results in round three testing provider. Also in the recently released Forrester Wave, bring endpoint security software as a service market, named a leader. Source across 100 partner contributed content packs, and now has over 650 content packs in the marketplace. Our expanse offering was featured in Tim Jr.'s keynote this week at RSA, where research uncovered that one-third of leading organizations attack surface is susceptible to exposure and are the main avenue for ransomware. No other leading security company has the degree of visibility to identify and prevent today's most pernicious attack vector. Within Cortex, we are starting to see an uptick in large customer signings, such as a seven-figure transaction with the financial service firm, which included XRD Pro and XR. Last during Q3, we formed the new unit 42 under the leadership of Wendy Whitmore, who comes to Palo Alto Networks after building successful security services businesses. Our new team is a combination of two of the most capable teams in cybersecurity. The sepsis team is laser focused on the mission of conducting world class data breach investigations. Pas unit 42 team has focused on rapidly building threat intelligence and Developer Network products. This new unit 42 has completed over 1300 engagements in calendar, 2020, bringing to bear the power 140 consultants and responds to solar winds rant and ransomware attacks, Microsoft data breaches and other tax immobilizer consultants and rapid response engagements, which help customers through these difficult times. As we look forward, we're focused on using services to become an even more strategic partner to our customers. As I've reviewed with you here and should be evident innocuous results, we're seeing broad strength in our business across geographies and product areas. We see strength in our pipeline, and continued demand tailwind to remain strong, leading us to raise our FY 2021 guidance. I also want to update you on our plans we discussed in Q2 around exploring an equity structure for ClaiSec. We continue to focus on providing transparency for each part of our business. You'll notice the error for NetSec, which we've highlighted this quarter, we believe this has helped investors gain better insight into our overall financial profile, and especially understanding both sides of the business with a different growth and free cash flow characteristics. We have finished all the work required to file any form of equity on ClaiSec. However, given the state of the market, and offering extensive conditional shareholders we have decided at this point is best to continue with a single equity structure, and an integrated P&L postponing a decision to list ClaiSec equity. Lastly, we're excited to welcome Aparna Bawa, Chief Operating Officer at Zoom to Palo Alto Networks Board of Directors. She brings deep operational, financial and legal expertise, having served in diverse roles and rapidly growing tech companies such as Zoom, Magento and Nimble. Her addition comes off as February appointment of Dr. Helene Gayle to our Board. We continue to have a strong commitment to diversity at Palo Alto Networks, including at the most senior levels of governance in our company. With that, I'll turn the call over to Dipak Golechha, our CFO. We're excited to have Dipak step into the CFO role, enables smooth transition within our organization. He brings world-class experience. We're already seeing him bring someone's experience to bear in driving improvements. Over to you Dipak.
Dipak Golechha
Thanks, Nikesh. I'm excited and humbled to be part of this world-class leadership team. I look forward to driving total shareholder return. As Nikesh indicated, we have a strong third quarter as we continue to deliver winning innovation, while simultaneously adding new customers of pace. The strength gives us confidence to raise guidance for the year. We delivered billings of $1.3 billion, up 27% year-over-year, with strong growth across the Board and ahead of our guidance of 20% to 22% growth. We’ve continued to see some customers ask for billing plans. Many involving larger transactions as we become a more strategic partner to our customers. We’ve also use our Palo Alto Networks financial services financing capability here. The dollar-weighted contract duration for new subscriptions and support billings in the quarter were consistent year-over-year and remained at approximately three years. We added approximately 2,400 new customers in the quarter. Total deferred revenue at the end of Q3 was $4.4 billion, an increase a 30% year-over-year. Remaining performance obligation or RPO was $4.9 billion, an increase of 38% year-over-year. We continue to see these metrics is becoming more meaningful, as we drive growth from our ratable business. Our revenue of $1.07 billion grew 24% year-over-year ahead of our guidance of 21% to 22% growth driven by via billings and broad business strengths and amidst an increase in our audible subscription revenue. We remain focus on driving this high quality revenue with all new product offerings being pure or substantially all subscription in nature. Looking at growth by geography, the Americas grew 24%, EMEA grew 23% and APAC grew 25% showing broad executional excellence across the world. Q3 product revenue of $289 million increased 3% compared to prior year. Q3 subscription revenue of $474 million increased 34%. Support revenue of $311 million, increased 33%. In total, subscription and support revenue of $785 million increased 33% and accounted for 73% of total revenue. Our Q3 non-GAAP gross margin was 74.6%, which is down 60 basis points compared to last year, driven by product mix, which are less mature. Q3 non-GAAP operating margin was 17%, an increase of 60 basis points year-over-year. There are several factors driving our operating margins. We have revenue upside, lower travel and event expenses, due to COVID and some shift in spending out of Q3. At the same time, we continue to aggressively invest the growth largely in the areas of sale capacity and R&D investments. With health conditions improving and geographies of many of our facilities, including our Santa Clara, headquarters. We're seeing more employees look to return to the office. We expect this trend will continue to gain steam in Q4, reversing some of the savings we've seen in the last few quarters in our OpEx. Non-GAAP net income for the third quarter increased 22% to $140 million, or $1.38 per diluted share. Our non-GAAP effective tax rate for Q3 was 22%, the EPS expansion was driven by revenue growth and operating expense leverage with an undertone of strong investments of growths. On a GAAP basis for this quarter, net loss increased $140 million, or $1.50 per basic and diluted share. We ended the third quarter with 9,715 employees, including 39 from the Bridgecrew, at the close of acquisition. Turning to the balance sheet and cash flow statement, we finished April with cash, cash equivalents and investments of $3.8 billion. Q3 cash flow from operations $278 million, increased by 64% year-over-year. Free cash flow was $251 million, up to 100% at a margin of 23.4%. Our DSO was 60 days, a decrease from three days from the prior year period and flat from second quarter. Our Firewall as a Platform, or FWaaP, had another strong quarter, as we continue to grow faster than the market. FWaaP billings grew 26% in Q3, and we continue our transition from hardware and software and SaaS form factors as Nikesh highlighted. Our next generation security or NGS continues to expand, and now represents 27% of our total billings of $346 million, growing at 70% year-over-year. In the third quarter, we added $133 million in new NGS, ARR, reaching $973 million. The acquisition of Bridgecrew, added an immaterial amount to this number, and we remain confident in our plan to achieving $1.15 billion in NGS, ARR exiting fiscal year 2021. Turning now to guidance and modeling points. For the fourth quarter of 2021, we expect billings to be in the range of $1.695 billion to $1.715 billion, an increase of 22% to 23% year-over-year. We expect revenues to be in the range of $1.165 billion to $1.175 billion, an increase of 23% to 24% year-over-year. We expect non-GAAP ups to be in the range of $142 to $144, using 101 to 103 million shares. Additionally, I'd like to provide some modeling points. We expect our Q4 non-GAAP effective tax rate to remain at 22% and our CapEx in Q4 to be approximately $30 million to $35 million. As Nikesh indicated, we're seeing broad drivers across our business in Q3, driven by foundation of innovation and strong sales execution along with trends we see in our pipeline and the long trail demand tailwinds that remain strong, we're raising our fiscal year 2021 guidance. We expect billings to be in the range of $5.28 billion to $5.3 billion, an increase of 23% year-over-year. We continue to expect next generation security, ARR, to be approximately $1.15 billion, an increase of 77% year over year. We expect revenue to be in the range of $4.2 billion to $4.21 billion, an increase of 23% -- 24% year over year. We expect product revenue growth of 1% to 2% year over year. We expect operating margins to improve by 50%, 50 basis points year over year. We expect non-GAAP EPS to be in the range of $597, $599, using $99 to $101 million shares. We expect regarding free cash flow for the full year, we expect an adjusted free cash flow margin of approximately 30%. Now let's review our fiscal year projections for NetSec and ClaiSec. Overall, we are confirming our ClaiSec projections, while raising NetSec billings by 300 basis points and revenue by 100 basis points, given the strong performance of SASE, VM-Series and subscription business overall within that NetSec. Moving on to adjusted free cash flow. We expect Network Security will deliver a free cash flow margin of 42% in fiscal year ’21, up from 38% in fiscal year ’20. We continue to expect Cloud and AI free cash flow margin of minus 43% in fiscal year ’21 an improvement from negative 59% in fiscal year 20. While we are focused on growth investments in Cloud and AI, overtime we expect Cloud and AI to -- to achieve growth, operating and free capital margins in line with industry benchmarks as we gain scale, our customer base matures and we become more efficient. In Q3 we repurchase $350 million in our own stock at an average price of $322. As of April 30, 2021, we have $652 million remaining available for repurchases. This is part of a broader capital allocation strategy focused on balancing priorities and maximizing total shareholder return. We start with fueling organic investments and managing priorities across innovation and go to market to set the foundation for sustainable growth the Palo Alto Networks. Second, we deploy capital for targeted acquisitions which accelerate this growth opportunity. We rigorously evaluate targets, focused on acquiring leading technology, retaining key members of the team and following through with integrating these acquisitions into our businesses. Finally, we work to optimize our capital structure using the options available to us in this dynamic market that includes deploying debts, using stock for M&A consideration and also buying back their own stock when we see it representing the good value. With that, let's move on to the Q&A portion of the call. Walter over to you.
Operator
Thanks. [Operator Instructions]. Our first question comes from Brian Essex from Goldman Sachs with Fatima Boolani from UBS on deck.
Brian Essex
Hey. Hi, thank you. Good afternoon and thank you for taking the question. Maybe for unit cash, we've seen a lot of solid outperformance relative expectations on a network security side. And nice performance this quarter with respect to Cloud and AI ARR growth. Wanted to get a better understanding, given that the outperformance has been on the network security side, how confident are you in your ability to hit that $1.150 billion guide for the full year? How do we think about, you know, how that business is performed relative to your expectations so far this year?
Nikesh Arora
Brian, remember, two or three years ago when we set out targets for next generation security business, we didn't have the muscle [indiscernible] networks to figure out how we can get out of the firewall business and have that sales force go out and actually go sell Cloud and AI. The good news is over the last two and a half years we're building muscle, we're learning how the market operates. It's kind of interesting, every one of these markets operate slightly differently. If you look at NGS, it's a combination of SASE, Prisma Cloud and Cortex. Now SASE's characteristic are a lot of the free trials we gave a few quarters ago and this whole push to work from home is forcing customers to think hard about their security stack and it's no longer, you can access half the apps, half the time, you need to be access -- able to access everything from wherever you are. So we're seeing network transformations and that's what's driving the success on SASE and some of the huge wins you had on Prisma access. As I mentioned one of the deals, which we closed and shipped on the first of this month is our largest SASE deal ever, which gave us $7 million of NGS ARR, so you can see approximately the quantum of that deal. So we're seeing a lot of traction on the access front and the SASE front, so that's good. Cortex is an interesting space, because we compete there with people like CrowdStrike and SentinelOne and the others. We're great on the product front as we've showed you the Forrester Wave and the MITRE results. We're trying to create more muscle around being able to do those deals. Those deals are typically, you got to -- because it's a competitive market, you got to do a whole bunch of deals there, and they all range in the $1 million to $5 million range with the higher end and the smaller below that. So you don't get lumpy deals as you have to do a lot more deals, so that's what we're doing on the Cortex front. Last, but not the least, on the cloud front, we got 2,250 customers, but there the deals end up being large deals that are slightly lumpy, and they have very high variability in duration and consumption. So some deals have moved in the cloud, how to buy credit to the next three years, how many credits do I need. They suddenly find their deployment is slower because they haven't deployed fully on GCP or AWS or Azure. Others, you'll say, they've been customers last three years. They're upping because they moved all their workloads to the cloud and their workload ramp is increased. So, all three of them have slightly different characteristics. That's why we end up in a portfolio situation. You saw this quarter we added about $133 million in net new NGS ARR, I just told you about seven more, because I felt you guys are extremely curious in NGS and I don't want you guys to go out thinking we're not confident on 1150. So right now we all feel that we'll get to 1150 on NGS ARR, and it's going to end up being a portfolio call in terms of some things extremely doing extremely well something doing normal.
Brian Essex
Got it. Got it. Thank you for that. And then maybe a follow-up with Dipak. Appreciate the commentary on the improving operating efficiency or potential to improve the operating efficiency of cloud and AI. And I think that's one of the things that investors kind of struggle with when I think we've all looked at this business on the sum of the parts basis and the performance of each on its own, in the challenge with cloud AI that its burning cash at the rate that it is, what do you think about the term -- the timeline for improving profitability and cash flow generation from that business, because I think that might be a trigger for investors to maybe look at that business on a standalone basis and assign it a little bit more value?
Dipak Golechha
Yeah. So, maybe if I answered in two different ways. I mean, we look at what other companies have done as they've kind of like grown through there -- they've scaled over time. And we often benchmark ourselves versus where were they at this time and are there things that we can do to be able to get there. But at the same time, we're not shy from like making the right investments, if we see the opportunity there. So that's why I don't want to really box ourselves into a timeframe. It really is a question of what opportunities are out there at the time, so we have a base plan that's constantly improving, but we're also reflecting on the fact that this is a dynamic market, and sometimes you need to lean in, if it makes sense for the long-term.
Nikesh Arora
Yeah. If I can add to that.
Brian Essex
Great. Thanks. Oh, go ahead.
Nikesh Arora
Yeah. There are two parts one, as Dipak, highlighted. We continue to work hard towards getting gross margin efficiency on those products because the product development is in our control, and Lee who's sitting to my right, he and his team work hard at trying to make sure that we optimize the gross margin part. The rest of it honestly is the question of how much do we want to invest in sales capacity to be able to drive those? Don't forget, in each of those areas, we are dealing with extremely competitive situation. In the case of XDR we deal with dedicated salespeople from CrowdStrike, they outflank us 8:1 on the number of salespeople. So we have to look hard at how much investment we want to make on the sales side. We do get leverage with the Palo Alto sales people, eventually end up with hand to hand combat. On the Prisma Cloud side, I'd say we were doing fine and we are doing fine. But suddenly the equity of the venture markets have gone and provided phenomenal valuations and dumped a lot of cash in some very early stage companies who are not dangling large paychecks to our sales people [indiscernible] got the most qualified cloud security sales. And so, that's why I think Dipak is right in saying that, we're going to watch the market carefully. But again, we just told you another number. $250 million in ARR in cloud security, VMs and public cloud security. That's a number which is -- outflanks our next competitor by probably 25 times.
Brian Essex
Super helpful color. Thank you.
Operator
Great, Thanks. So just a reminder, let's limit to one question. So next up is Fatima Boolani and on deck is Keith Weiss from Morgan Stanley.
Fatima Boolani
Thanks Walter. Nikesh, maybe I'll start with you very quickly. You talked through a lot of the areas of strength from a product pillar perspective. But in terms of just zooming back, can you stock rank for us what specific product areas in the NGS portfolio really were the drivers of billings acceleration in the quarter? And then I have a quick follow up for Dipak, please.
Nikesh Arora
Yeah. As I highlighted, SASE is strong. Dipak highlighted the subscriptions are strong. We're pleased with the way Cortex is evolving and cloud ends up being lumpy. So some quarters we’ll get some very large deals, and then make up the billing. Some quarters they push. But across the board, the portfolio is performing in line with our expectations or slightly ahead, as we said, we hit 973 or 980, depending on how you count it.
Fatima Boolani
Very good. Dipak, nice to meet you.
Operator
Well, we’re just going to go to -- let's just go one question. Let's -- we're going to move on next to Keith Weiss with Sterling Auty from JPMorgan on deck.
Keith Weiss
Excellent, thank you guys; Very nice quarter and thanks for taking the question. I think, you guys are doing a very good job of illustrating the -- there's a difference between firewall appliances and more generally firewalling capabilities. And you're seeing that firewall is a platform growth, sustained really well, actually accelerating in recent quarters. And I think that's probably one of the key areas that investors are most cautious on, is the durability of growth and firewalling. Can you talk to us a little bit about where you're seeing that strength from? Do you believe it to be durable over the next couple of years, and is there anything that we should be watching out for in terms of tough compares or any one-time items from a year ago period that might upset that that growth trend that you've been seeing in firewall as a platform?
Nikesh Arora
Well, I’ll gave -- I’ll make two comments, Keith. One is, is there are situations where the customers are looking for, like you say, firewalling capability. We can walk in and say we can solve this problem with software or we can go deploy tons of hardware to solve the same problem. So take a large retailer, then go deploy 1,200 firewalls in each of their stores; if they choose to go down the hardware route, which is more costly to deploy, harder to maintain, harder to upgrade over time; or we can go in and say, let's do that with Prisma SASE, which is a software dependent solution, which has lower cost of ownership, easier deployment, easier to solve. So you're seeing us create some degree of substitution in our customer base. So if you compare us like-to-like with some of the leading hardware firewall businesses, which don't have that strength in that software capability, they cannot deal that substitution capability, which we think is better for the long term, because we just point to the ARPU. So look, we can grow ARPU at 38%. That just means we have future revenue coming down the pike on the FwaaP front, which is going to be harder to hunt and kill on a quarterly basis, if you were hardware only business. So I actually think there's more resilience in our network security business than most hardware develop -- dependent businesses. The second piece, I would say, in that context is what was proxy based architectures is now full firewall in the cloud. We’re seeing that in space and Prisma SASE, people are stepping back and saying, okay, let me understand this, how do I get my trading system to be accessible from an employee's home, you can do that with proxy based architecture. We talked about that [indiscernible] and we're seeing that really bear out in the success we're seeing in Prisma SASE. My fellow colleagues Walter and Dipak will not let me throw out more stats in that area, but I'll just say I'm extremely delighted with the progress we've made in SASE from where we came. 2.5 years ago, there used to be a product called GPCS, and we would shudder, like you said the onetime items. There was one deal when I came to Palo Alto, we sweated the entire year to see how we left that in the following quarter. Now we do six of those in the quarter. And we've got tons and tons lined up in our pipe going forward. So SASE is strong, which should give us continued strength. I think the network transformation is in a very, very early stage. If you think about it, if you see AWS, GCP, Azure clipping $40 billion, $50 billion of billing in a quarter, all those customers are going to stand up and realize wait I'm relying on MPLS based architectures to go back to my data center, now I don't need to go there, I need to go to a public cloud. And to do that, you got to go SASE. Right now, we firmly believe we have the best SASE solution in the market. We firmly believe that we have the most deployed customers out there at scale.
Operator
Great, Thanks. Next question from Sterling Auty and Saket Kalia from Barclays on deck.
Sterling Auty
Hi. Thanks. It's fun to see Walter on the other side trying to keep us to one question after all these years. I want to follow up on Keith’s question as well on FWaaP. Help us understand what are the metrics that we should look at in terms of and you gave a little bit of this last quarter, but when look at your install base of the on-premise appliances, as some of that starts to transition to FWaaP, is that happening? And if it does, how is the dollar-for-dollar comparison? In other words, do your customers still end up spending more, does they are still expanding under FWaaP versus their traditional clients? Is it smaller or the same?
Nikesh Arora
I'm going to bring in my colleague Lee Klarich, who spends a lot of his time making sure that these transitions work, and we see these transitions happen, Lee.
Lee Klarich
Yes. Thank you, Nikesh. Good question, and actually last quarter we provided some insight into this, if you remember. There's effectively two transitions that we see play out. One transition has to do with movement of applications from data centers to the cloud, where the form factor often is changing from a hardware form factor to software form factors, VM series etcetera. The other transition is from -- based on how the employees and users are moving increasingly obviously, moving off the network and soon moving to more of a hybrid state where, in that case, it often is moving from hardware to hardware plus cloud-delivered SASE architectures. And so as you think about those, the net effect of all of it is positive for us in terms of the overall spend from customers. There's some puts and takes, hardware going to VM-Series and the cloud is relatively similar, hardware going through SASE is actually typically an uptick in overall spend because it's not just like-for-like, it's actually SASE includes network as a service. And a lot of the networking components, global network reach etcetera and so the overall spend envelope becomes larger as more of the capabilities actually get integrated into the service that we're delivering to customers. So overall, positive and we've been now tracking this and have history of this for a few years to be able to actually see how that plays out.
Sterling Auty
Great, thank you.
Operator
Great, thanks. Next question from Saket Kalia from Barclays, and then Matt Hedberg from RBC next.
Saket Kalia
Okay, great. Thanks for taking my question here. Nikesh, maybe for you. Can you hear me okay, Walter?
Operator
Yeah.
Saket Kalia
Okay, cool. Nikesh, that was helpful commentary on the equity structure around ClaiSec. I guess the question is what were some of the things that went into your decision to explore that last quarter, and then maybe reconsider it this quarter, and is it a matter of timing given the volatility in the market or would you say that the probability of exploring that down the road is still relatively low.
Nikesh Arora
I think Saket as we went through the mechanics of creating all the paper work required to file this. The debate began to happen with some of our shareholders, as look, the true value creations and they actually can take this and separate it, because you'll still have a stub or some sort of tracking stock. And the challenge with separating it, as you saw, 70% of our customers are buying multiple platforms. 40% of our customers are buying all three platforms. We're getting into conversations with CIO, and somebody goes to a breach or ransomware when they want to go, wall-to-wall and say, listen, come protect me, protect my cloud, protect my sock, protect my network transformation. And then we’re suddenly saying, look, we have all this vantage point from where we are, where we can go pitch all three platforms and go on the lock the customer with security and we're creating this artificial separation amongst ourselves, we're not going to be leveraged that. So that definitely went through the decision. I think the question which I can keep practicing. So just asked around to Deepak about the funding of ClaiSec vis-à-vis NetSec, I think, we'd still have to make that a self-standing profitable entity in its own due course. And I think it's too early to go think about separating that into distinct businesses, because we're getting phenomenal leverage from our firewall sales teams, who are sort of one and a half decades trying to build the relationships and get them better than our customers did.
Saket Kalia
Very helpful. Thanks.
Operator
Great, thanks. Great. Thanks. Next question from Matt Hedberg from RBC, and then we've got Tal Liani from BofA next.
Matt Hedberg
Thanks Walter. Hey, Nikesh, I wanted to talk about, all these recent breaches you alluded to President Biden, talking about the importance of zero trust. I guess, how do you think about that impacting your federal business later this year. And then also, as these breaches continue to accelerate in a post-COVID world, do you think you're going to be in a better position to consolidate security spending, there's always that debate on best of breed versus consolidation. Is this just accelerate your demand environment even more so?
Nikesh Arora
Matt, what interesting is, let's start with the second part first. Like, clearly, whatever approach was used to buy security hasn't worked, right? And we've traditionally been in a best of breed approach. You got the companies, they have 35, 25, 40 vendors, and this act of stitching all those solutions together is left on the shoulders of the customer. You coupled that are the two biggest technological transitions that have ever happened in the history of computing. One is the shift to the public cloud, but you have to fundamentally change your IT architecture. And the second is network automation that you're going through, driven by the cloud. So, CIOs are dealing with those two technology transitions and at the same time, having to take a hard look at security and bolstered up. And I think there, if you look at historically, I don’t think there has been many security companies who have been able to give you best of breed solutions across multiple capabilities. So our firewalls, nine times, top right, magic quadrant of our own capability, whether it's sassy or hardware firewalls, VMs fit in the category, so they can get the best firewalling capabilities across three different architectures, XDR measures the top right and Forrester Wave. We're the only cloud security native security company with Prisma cloud. We are top right in SD LAN and we're top right next sort of there was a corner. So we actually have the ability to give you a stitched set of products across five leadership positions, which is not available today in the cybersecurity industry. So, we're able to make the both the best of breed, and stitch platform argument right now, and is resonating because customers who are going through these agonizing times are stepping back and saying, wait, I need to look at it from a different approach. And I can go -- how can I go with a partner, where I can hold accountable for my entire security footprint.
Operator
Great. Thanks, Matt. Next up is Tal Liani with Keith Bachman from BMO on deck.
Tal Liani
Hey, I have an accounting issue -- accounting question. Great results, ARR, were better than expected, at least some people expected some issues there, but I looked at your filing and you change the definition of ARR a little bit this quarter, you edit the language. When I compare the language of this quarter versus last quarter, you edit the language that this quarter it includes certain cloud delivered security services to ARR, would you mind to quantify this addition was it material to the numbers this quarter? Thanks.
Dipak Golechha
I'll take that question. It's really not material to be overall, we added a couple of cloud delivered technology solutions like IOT in one example, when you have all of them that they're relatively de minimus in nature.
Tal Liani
Got it. Thank you.
Nikesh Arora
The early launches of our products and we want to make sure they fit in the right bucket.
Nikesh Arora
We can sell IoT against Cortex. Cortex data lakes and they sit in both places in our firewall business and in our cloud AI business.
Tal Liani
Great. Thank you.
Operator
Next up is Keith Bachman and then Gray Powell from BTIG.
Keith Bachman
All right, thank you very much. Nikesh I want to ask you to flesh out Cortex, a bit more in terms of run rate and expectations feedback we've been getting from the channels is Cortex certainly is doing better and I was wondering if you could talk about win rates, where you're winning. Some of the reasons why? Is there any metrics you can give us on growth associated with the Cortex brand, whether it's revenues or billings?
Nikesh Arora
Well, I can't give you a metric we haven't given, but I'll tell you, Cortex comprises three products; one is XDR, which we compete with as you see with CrowdStrike and SentinelOne. I think the challenge we have there is our product as you can see, has technically been now ranked better than CrowdStrike and at par with SentinelOne and others. The challenge we see is we don't have as much coverage as CrowdStrike, so they're in more deals and we are, and that's a virtue of the fact that they have eight times more dedicated sales people chasing the XDR category and we don't. Where we do end up against them, we pretty much don't lose technical PLCs, obviously because of the, you've seen the technical comparison market, then it becomes a price war, and we don't bend over on the price war. So, we see reasonably good win rates against them where we are present. I think our challenges were not present in as many deals as we'd like to be present and because they've got us -- they've been at it for seven years, we've been at it for two and a half. So, that's kind of like the XDR solution. XSOAR, it used to be Phantom and demister, for the most part we don't see much competition in the XSOAR category. We think pretty much where the customer believes they have a need, they will go with XSOAR, so we're not we don't feel challenged in that market, but it's a moderate deal size, it's not the deal size of cloud which can get to eight figures. It's a deal size just smaller than that, but we do see less competitive activity in the XSOAR category. And last but not the least [Indiscernible] access management is a newer category where people are beginning to understand that the hackers can look at the entire vulnerability footprint from the outside, so you're better off having a clear view. For example, any customer that goes into a Breach Report ransomware actually wants to understand that the entire footprint and the vulnerability associated with it. So we end up having an engagement expense, whenever that happens. What is going on is that with the formation of Unit 42, we're getting more and more involved in more incidents out there, and that's allowing them to drag and drop XDR and Expanse in those early days, but we have merged the forensic capabilities for example of Crypsis, which used to be a product called Hadron that has been embraced into XDR, that will go live very shortly, where our cars were where our incident responders can go deploy XDR and provide all the forensic capabilities that they do when a breach happened. So early days we are seeing more traction on Cortex, I think we announced that we have 2,400 customers. The only -- the real upside and opportunity for us is to go ahead and execute at scale over there to get into more and more deals, because the product is there. Two years ago – 12 months ago we didn't have the product.
Keith Bachman
Right. Okay. Terrific. Thank you.
Operator
0Thanks, Keith. Next up is Gray Powell from BTIG. And on deck is Adam Tindle from Raymond James.
Gray Powell
Hey, great. Can you hear me okay? All right. Thanks for taking the question. So yeah, maybe back on Prisma Access, what's been the reception with Prisma Access 2.0 so far? And do you see that product update with proxy capabilities getting Palo Alto into more traditional secure web gateway replacement deals or potentially improving the pace of new logo ads on the product set?
Nikesh Arora
Yes. Look, we're really excited about the 2.0 launch a few months ago, great reception from customers, really excited about everything that was in the launch. Remember, this is where we introduce cloud management. So cloud native experience, onboard – easy onboarding activation. This is also where we launched the first ever Autonomous Digital Experience Management add-on module. So this allows our customers to monitor the actual end user experience that they're seeing through the service to the applications are accessing in addition to the proxy capabilities and cloud-based technology, et cetera. So it was a big release, very well received. The adoption, almost all of the Prisma Access customers have now been upgraded to 2.0 and very smooth upgrade process, we're seeing great adoption to cloud management, close to 100 customers are now using that in just the first couple months of availability. The Autonomous DEM, we're getting great feedback from customers from early adopters and growing the pipeline of that that's an add-on module that we can go and sell back into the Prisma Access customers as well as new customers. And you know the proxy capabilities interesting is, as you know the -- we still believe most customers are going to want the full fledged capabilities of Prisma Access and not just the proxy capabilities, but that capability has achieved what we wanted is remove that as an objection. It's allowed customers who need it, to be able to move to Prisma Access and just remove that as a criteria. And so we're seeing a number of customers that are testing that and using it and happy we added it and made the change.
Gray Powell
Okay. Great. Thank you very much.
Operator
Thanks, Gray. Next up Adam Tindle from Raymond James and then Michael Turits from KeyBanc.
Adam Tindle
Okay. Thanks. Good afternoon. Congrats on the results. I wanted to ask on profitability, whether it's Nikesh or Dipak wants to weigh in. You're seeing deal sizes increase. You're seeing cross platform adoption and those were helpful metrics for us. We typically associate those with very healthy contribution margin. You did talk about 50 basis points of operating margin expansion this year, but I wanted to ask beyond this. Do you think that this is something where you can build on, you're hitting a turning point and we could see sustained margin expansion from here? You’ve talked about a 150 basis points annually, a couple of years ago at an analyst day, wondering the puts and takes to get back to that level of margin expansion? Thanks.
Nikesh Arora
I think the honest answer is it's pretty situational, right. I mean, I think every – every customer deal is different and like we're obviously going to lean in, if we have to, you know, in order to do that but I think what really drives us, is making sure that we don't leave any money on the table. I certainly think that as the portfolio grows, as the attack surface area becomes more complicated, hopefully, the leverage moves more within towards our favor over time and that will help us over time. But I think in general, I would stand by, it's always a focus area for us and we believe that with scale will come from margin expansion over time. But at the same time, we just don't want to leave opportunities on the table, if they're there for the taking.
Dipak Golechha
Yes. Just adding to that Adam, I read your note, thank you for your enunciation and upgrade. I noticed that you talk about operating margin leverage and as many folks have highlighted in this call, we have two businesses, the Network Security business, where you can see the leverage, 42% free cash flow margins are still growing at 26% of billings and 38% or some number out here, the metric is different. But, so, we see that’s where the leverage is. We use that leverage towards a ClaiSecc businesses. In the history of cybersecurity, nobody's build a 735 million ARR business in 2.5 years. So let's just take stock and pause and – and we didn't buy all of it. We bought some products into it but it has been built by a lot of go-to-market capability. If you benchmark that against the CrowdStrike and the Okta to the world, or the Zscaler to the world, you'll see there's a natural evolution, which doesn't happen in two years. So, do we believe there is operating leverage in future years? Yes we do. It becomes a real question, do I want to go hire another 300 sales people, and beat as many deals as CrowdStrike or do I want to hire 100 salespeople and have a lower growth rate, because I don't believe I have the capability on the product side. Palo Alto Networks has never been in a position like today from a product capability perspective. Our products resonate, we rarely get thrown out because our products don't correct. And given the heightened security awareness in the market, we're seeing more traction because, as you guys know, our products are on the margin slightly more expensive or premium than some of the other players in the market. As the security awareness or heightened you know, desire to have a more secure product goes up, they’re better for us because the customer is more willing to be – willing to be tolerant of a price point associated with Palo Alto Networks. So honestly, I think I'm repeating what Deepak said, is that, we don't want to toddle the growth opportunity for us. When I came to Palo Alto, we were growing at the low 20s. Now we just showed you 27 And you know, maybe 28, 29 if you adjust for the annual plan stuff, and that's acceleration and we'd like to see if we can maintain high growth rates going forward and that requires us to invest and look for leverage in future years, we'll do that as a management team.
Operator
Thanks. Next question is from Michael Turits at KeyBanc and after that Patrick Colville at Deutsche Bank.
Michael Turits
Yes, thanks. Nikesh, I think one of the – one of the you know investment features here has been that you're the company, most likely to balance, consolidate security, but to make that transition to software and to the cloud, and you're proving that out, but that said, you’ve also has been doing a great job this year on the product/appliance side up to 3% year-to-date versus what you got to do a flat. So I'm just trying to get a sense for the dynamics of that in the next three calendar quarters. Do you – could we get a boost from refresh of what wasn't done last year and is there any constraint to that, if it's going to happen from supply chain components?
Nikesh Arora
That’s a great question, Michael. I think the supply chain situation changes weekly. And you can see all those machinations play out in the market. As you can imagine like other players in the market, we have some degree of inventory capability vis-à-vis we are expected demand in the upcoming in the shorter duration and a longer duration, all bets are off in the industry, depending on how they bring up more fabs to go print out the chips and get them to us. So the good news is, as I highlighted we move 40% of our firewalling business software. So, if the industry starts to see supply constraint, we are able to solve the customers problem by giving them capability which is software based and we obviously will still have our baseline availability of hardware. We do have the units available for the recent announcements for hardware launch, which we just did, which we can talk about in a second. But again, I know we've talked about this Michael and we keep going back and forth on this is that, I honestly look at the overall capability of the firewalling capability and as much as I like product. I also like the idea of having more or less and less reliance on hardware because I promise you in a few years from now you're going to tell me, love your business but you still got this hardware hunt and kill requirement every quarter, and then you go punch the ticket and give me hardware. So we're trying to thread the needle with you here, trying to give you a great firewalling goes through to revenue growth side. Keep the cash flow high and still transform our business from hardware to software. But Lee you want to talk about this, firewall?
Lee Klarich
Sure. While we're, you know, transition the business there's still a wonderful business out there for hardware and the two new models that we just announced yesterday are pretty exciting really. We introduced a new high end appliance scales up to 150 gig throughput with all security turned on, 75 gig with full SSL decryption; Just amazing product for the large campus data center environments. And then, at a - for the branch environments, smaller enterprise environments, we announced four new appliances in the 400 series that basically 10x the performance of the previous platforms we had. And one thing is -- I think particularly interesting about how we were bringing these new products to market is, we have all of the leading security capabilities that health networks is known for. But we're bringing them out of price points that are incredibly competitive with even the -- some of the lower cost vendors out there. And so, we're same capability. Same great capabilities leading capabilities. But at super competitive price points, change the dynamic in the hardware space, competitive space.
Nikesh Arora
I can’t get Lee to say – wanted to say, keep saying leading competitors. Yes, we follow on the great security ex-pricing. You can’t do it.
Michael Turits
Okay, fine.
Operator
Last question here from Patrick Colville with Deutsche Bank. Go ahead.
Patrick Colville
Thank you for squeezing me in. I was actually going to ask about new appliances because I think that's a super interesting, but Lee covered it pretty comprehensively there. The questions we’d been getting from investors over the last hour has been about the definition of change on ARR. Do you mind just quantifying what the certain cloud delivered security services, how much is that in 3Q versus 2Q?
Nikesh Arora
Let me get that cracking. When I said that it was deminimus. It's less than $5 million. So just as a kind of like a -- an overall number to be able to work very quickly.
Patrick Colville
Great. Very clear. Thank you so much.
Operator
Great. And that concludes the Q&A portion of the call. Thank you all for joining and asking the questions. We're – I am going to turn it back over to Nikesh for closing remarks.
Nikesh Arora
Hey. I just want to take the opportunity to thank you all for joining our call. I also want to take the opportunity to thank the employees at Palo Alto Networks for all their hard work and dedication to allow us to produce these results. We are here because of what they do. So once again, thank you everyone. And I look forward to seeing you guys in our individual call backs.