Palo Alto Networks, Inc. (PANW) Q4 2022 Earnings Call Transcript
Published at 2022-08-22 20:13:02
Good day, everyone, and welcome to Palo Alto Networks Fiscal Fourth Quarter 2022 Earnings Conference Call. I am Clay Bilby, Head of Palo Alto Networks Investor Relations. Please note that this call is being recorded today, Monday, August 22, 2022, at 1:30 p.m. Pacific Time. With me on today's call are Nikesh Arora, our Chairman and Chief Executive Officer; Lee Klarich, our Chief Product Officer; and Dipak Golechha, our Chief Financial Officer. You can find the press release and information to supplement today's discussion on our website at investors.paloaltonetworks.com. While there, please click on the link for Events & Presentations where you'll find the investor presentation and supplemental information. In the course of today's conference call, we will make forward-looking statements and projections that involve risks and uncertainties that could cause actual results to differ materially from the forward-looking statements made in this presentation. These forward-looking statements are based on our current beliefs and information available to management as of today. Risks, uncertainties and other factors that could cause actual results to differ are identified in the safe harbor statements provided in our earnings release and presentation and in our SEC filings. Palo Alto Networks assumes no obligation to update the information provided as a part of today's presentation. We will also discuss non-GAAP financial measures. These non-GAAP financial measures are not prepared in accordance with GAAP and should not be considered as a substitute for or superior to measures of financial performance prepared in accordance with GAAP. We have included the tables which provide reconciliations between the non-GAAP and GAAP financial measures in the appendix to the presentation and in our earnings release, which we have filed with the SEC and which can also be found in the Investors section of our website. Please also note that all comparisons are on a year-over-year basis, unless specifically noted otherwise. We would like to note management is scheduled to participate in the Citibank Global Technology Conference and Goldman Sachs Communacopia and Technology Conference in September. I will now turn the call over to Nikesh.
Thank you, Clay. Good afternoon, and thank you for joining us today for our earnings call. As you can see from the video, we were excited to celebrate the 10th anniversary of our IPO in early July. Our employees are engaged and excited as we continue confidently on our mission to be the cybersecurity partner of choice. Moving to Q4, I'm pleased to report that we again saw very strong results, starting with top line results that were well ahead of the guidance we initially outlined for the fiscal year '22. We delivered this growth while balancing our profitability commitments, we also made significant investments to continue to transform our company and take advantage of the large and rapidly growing market opportunity we see in cybersecurity. On the top line, billings growth of 44% was the highest we've reported in four years. We also grew RPO ahead of our revenue growth rate. The key focus of our team has been rapidly positioning us as a constant cybersecurity innovator. And one way we measure our progress is how our NGS ARR develops. We're delighted to report this metric grew 60%, reaching $1.9 billion exiting the year. We are expecting it to reach $2.6 billion in FY '23. If this was an independent start-up, it would be amongst the fastest-growing cybersecurity businesses to achieve scale. Within our core network security business, Firewall as a Platform billings grew 26%. When we started reporting this metric, the intent was always to show that we continue to take share in the network security market; at the same time, transform the business to a software business. Today, close to 50% of that comes from software form factors. Operating income grew 52% in Q4 and our operating margin for the year finished to the high end of the guidance range, with adjusted free cash flow margin coming in above the high end of the range we provided. We achieved a major internal goal we've had on the profitability front, delivering GAAP profitability this quarter. Looking forward, we're guiding to full year GAAP profitability in fiscal 2023. We've had many of you ask us about the macro environment and how is it impacting our business and the markets we serve. In the last year, we arguably saw the most challenging supply chain conditions the technology industry has ever seen. We executed through this well during the year with modest impacts to our gross margins. We expect conditions will eventually ease. For our planning, we're assuming a material improvement won't be seen prior to the end of fiscal year '23. However, as the supply challenges fade, we expect this will start to have a favorable impact on our product gross margins. There's a continuing debate on inflation, it's nature and duration. We saw some labor and other inflationary pressures in the second half of the fiscal year. We do not anticipate these pressures going away in the next fiscal year and we have planned for it to persist through fiscal year '23. And hence, it is included in our plan and is reflected in our guidance. With respect to the macro impact on demand, we've just come out of Q4 with exceptional 44% billings growth. In enterprise sales, as most of you know, there is Q4 magic. We did, however, see some marginal changes in the macro environment in Q4. Whilst early, it is important to see how the overall macroeconomic conditions develop over the next year. First, we saw more longer duration deals as customers increasingly have the confidence to make large long-term commitments with us. This is important to the transformation objectives we set out for Palo Alto Networks. It confirms and validates our view that customers will consolidate if we give them constant best-of-breed products and ensure that they are integrated to deliver better security outcomes. Second, we saw some isolated instances of customers extending the life of hardware potentially driven by macro forces. We expect that on the margin. This could continue into FY '23. It is counterbalanced by some customers refreshing their state and our continued share gains in the hardware form factor. Third, in transformational projects, the vast majority of our customers continue on their investments here despite the expected short-term macro impacts. Security spending is tied into our customers' desires to move to the cloud, drive more direct relationship with their customers, modernize their IT infrastructure as well as drive efficiencies while adapting to a new way of working. Those efforts continue. Coupled with heightened awareness and need to do something around cybersecurity, we expect secular tailwinds to persist in cybersecurity, and we are best positioned to deliver against our customer needs. Another trend I would like to highlight is the return to Palo Alto Networks by employees who had left for seemingly greener pastures. Over a six-month period, as part of our Welcome Home Program, we have engaged with many former employees. To date, dozens of top performers have been rehired with many more in the funnel. Over 70% of people reached out to have expressed a desire to come back to us and a significant number already have. 50% are returning from start-ups, the next largest percentage coming from peer companies. We're happy to welcome these employees back to Palo Alto Networks. As we embark on new fiscal year, my fifth as Palo Alto Networks CEO, it’s worth reflecting where we came from. Our transformation strategy has not been easy, but we are unwavering in our resolve to build the most comprehensive and relevant offerings for our customers, taking away their complexity and delivering a better security outcome for them. We see a path to being the largest cybersecurity company backed by constant innovation and excellent execution becoming our customers' cybersecurity partner of choice while delivering increasing value to our shareholders. Just four years ago, we were a different company. We have reinvented the firewall market and captured the market share leadership position. There are glimmers of our next-generation security strategy, but it made up just 8% of our billings. Our software story in network and security was early, with some traction in our virtual firewalls and a fledgling precursor to SASE called GlobalProtect Cloud Services. We made our first acquisition in cloud native security and had early point products that will become part of Cortex. When we step back and took stock in the industry, we had a key hypothesis, which we then tested, proved to ourselves and have reproduced across the business today. There has not previously been a cybersecurity company with a leadership position in multiple categories, nor did the customers believe that a cybersecurity platform could anchor their architecture. We set out on this ambitious journey as you see at Prisma Cloud and Cortex as well as innovated significantly in our network security capabilities. Fast forward to today, our transformation has taken us far. We are a recognized leader in 11 cybersecurity categories across our three platforms. Next-generation security contributed more than 38% of our billings, helping to accelerate our growth. In network security, we now have the most comprehensive solution across three form factors that share a common architecture and also offer a suite of market-leading security subscriptions. We have built, assembled and integrated capabilities in nine modules that make up Prisma Cloud, which is now the leader in cloud native security. Lastly, we have three anchor products in Cortex, which with our new XSIAM product showing promise in the revolutionized security operations is going to hold us in good stead. The proof that this transformation is working is in the momentum we are seeing in our customers. The number of customers that spend over $1 million annually with us continues to grow, with the millionaire count now in excess of 1,200 and the number of Global 2000 customers that have purchased products in all three of our platforms is now 50%. While we've had many large customer wins recently, I want to highlight a team in three transactions. The first is a technology company that purchased products in all three of our platforms and a transaction over $75 million in value. The second is a financial services company that standardized its network security in our platform, including adding VMs and deploying Prisma Cloud spending north of $40 million. And third is a professional services company that spent over $75 million across Strata, Prisma and Cortex. One of the outcomes from our transformation over the past four years is a steady increase in our subscription and support mix primarily driven by the growth of our next-generation security business. Subscription and support now exceed 80% of our billings. This has resulted in greater predictability in our revenues. We have seen growing commitments from our customers represent a greater portion of our next year's revenue. As we enter fiscal year '23, that number is 59% at the midpoint of our guidance. Increasing revenue visibility gives us further confidence in our ability to invest and drive future growth. This number is over 70% for the revenue we expect in Q1. All of this has occurred while our revenue growth has accelerated from FY '20 to FY '22, in part due to the accelerated growth in our next-generation security offerings, while we have also taken share in traditional network security appliance form factors as reported by third parties. Despite the success so far in our transformation, we still see significant potential ahead of us. We estimate our large addressable market to be growing at a rate of 14%. At 29%, our fiscal year '22 revenue growth more than doubled this market growth rate. As we have transformed the business, we have seen our revenue growth reaccelerate. Even with this significant growth over the last four years, we still only represent approximately 6% of our TAM we last presented at our Analyst Day in September 2021. 6% share of the market is low for the market leader as compared to other categories and technology. So we see there is ample room to grow. There are numerous trends that excite us around our ability to drive this growth and continue our share gains. You may soon see a day where there will be $1 trillion in public cloud consumed. Our observation thus far in this early market is that companies allocate 2% to 5% of the cloud budgeted security, creating a significant Prisma cloud opportunity. There are 3.5 million worldwide cybersecurity jobs that are unfulfilled. Our view is that more training and hiring alone will not effectively and efficiently counter the growing use of automation employed in attacks and the volume of alerts that is overwhelming the security operations center. We believe a new paradigm and security ops is needed that heavily leverages AI and automation. We are targeting this opportunity with our Cortex products and XSIAM products specifically. Lastly, hybrid work is here to stay. There are more than 1 billion knowledge workers globally. We believe we have a strong position in SASE with our coverage of users and branch offices today, just catching the surface of loss opportunity. We have a clear mission in front of us in each of our security platforms to harness the opportunity that we have outlined. As this is Q4, I figured, rather than having me outline all the accomplishments from our product team, I would invite Lee Klarich, who patiently listens and sits in our calls, to give you a more detailed update to help you understand how we will continue to build on our success we had in FY '22.
Thank you, Nikesh. As Nikesh highlighted, across cybersecurity, one of the biggest challenges has always been the overwhelming number of point products that customers must deploy, integrate and operationalize to achieve the security they need. In most cases, this has never fully achieved, leading to expensive yet suboptimal security outcomes. We are bringing into approach, one that delivers market-leading capabilities tightly integrated in three platforms. FY '22 has been a significant year for us in network security, where we have furthered our position delivering a consistent security architecture across hardware, software and SASE. We neared completion of our Gen 4 hardware rollout, which on some models delivers close to 10x performance over Gen 3. As a result, we saw over 50% of NGFW hardware sales in Q4 on Gen 4. Also in FY '22, we introduced the cloud NGFW across three of the major clouds, enabling our customers to adopt best-in-class network security in a cloud native service. And Prisma SASE had three major launches in FY '22, including the most recent ZTNA 2.0 launch, firmly establishing our next-gen approach to Zero Trust. Across our hardware, software and SASE form factors, we are able to deliver a consistent set of core security capabilities as ML-powered cloud services. In FY '22, we saw the rapid adoption of Advanced URL Filtering, and we now see nearly all URL Filtering sales on this advanced ML-based service. Advanced Threat Prevention, which was introduced in fiscal Q3, is also now off to a strong start. And perhaps most importantly, customers can manage all form factors and security subscriptions from a single management console to deliver consistent user experience and tremendous operational leverage. While we believe the full platform is where customers will end up, we want to ensure customers can start their adoption with any form factor and receive a truly best-in-class solution. The number of $1 million lifetime value SASE customers that are also customers of our two other network security form factors ended FY '22 at 210. This is up eightfold since FY '19. We have seven customers that have purchased all three of our form factors with $100 million in lifetime value in network security. More broadly, when we look at our network security customer base, customers that have bought all three platforms from us, spend 10x more than those who are customers of only one form factor. This showcases the true value of our network security platform. In Q4, we introduced ZTNA 2.0, which redefines state-of-the-art and Zero Trust network access to bring uncompromised security and deliver zero trust with zero exceptions. We have seen significant momentum in our customer traction on SASE in FY '22 on a number of fronts. Our overall active SASE customer base grew by 51% in Q4, and our $1 million SASE deals also accelerated this year, up 83% with over 50 $1 million deals in Q4 alone. While many of these large deals are coming from our installed base as they see the value across our form factors, it is equally important that over 30% of our new SASE customers in Q4 were new to Palo Alto Networks. This highlights the competitiveness of our SASE solution and enables us to reach net new customers. Additionally, once we land with the new SASE customer, we are seeing customers look to standardize on our hardware and software appliances. In the cloud, we see that most customers are still relatively early in their journey. They are migrating workloads to the cloud and building new applications, growing their footprints, consuming more sophisticated services and adopting multiple clouds. With this has come an expansion in their cloud security needs. Our approach with Prisma Cloud delivers a comprehensive platform with a growing set of capabilities to stay ahead of our customers' needs. Increasingly, cloud security needs to start at the moment developers write their first lines of code through to deploying and running this code in public cloud. The acquisition of Bridgecrew brought us Infrastructure as Code, a way of detecting and fixing security issues during development. IAC became our ninth integrated module of Prisma Cloud at the end of January. And in the first six months of availability, we already have over 200 customers, making it our fastest-growing new module. We designed an incredibly easy way for our customers to activate any of the nine modules and have grown the number of customers that use more than three modules to over 1/3 and those using four modules to nearly 20%. This frictionless module adoption has helped to fuel our 55% growth in credits consumed on the platform. We are also closing in on 2,000 customers for Prisma Cloud. It's great to see all the third-party recognition like the SC Award as best cloud workload protection solution that we announced today, but we're not done yet. We see several opportunities for new modules and we'll continue to look at both organic development and external technology to drive continued expansion of the Prisma Cloud platform. We are earlier in our Cortex platform journey, executing well across our three core product categories of XDR, security orchestration and automation, and attack surface management. We saw significant progress in FY '22 as we drove sales of our key products and increased traction, combining offerings in larger cross Cortex transactions. Our customer count surpassed 4,000, and we also signed 52 transactions greater than $1 million in Q4. Combined with this customer success, we also continued the rapid innovation that we believe will be required to be a leader in security operations more holistically. When we envision the future of cybersecurity, I don't see a path to success that is not heavily driven by AI and automation. Attackers are too well funded and determined while customer networks, clouds, applications and users are too complex to manually defend. The only way to deliver meaningful security outcomes is by collecting rich useful data normalizing all data sources to a single source of truth and then applying AI models to detect attacks and automate responses in real time. We are now taking this to the next level. Earlier this year, we announced XSIAM, a fully integrated AI-driven SOC platform and kicked off a program with a limited number of design partners to ensure we had strong product market fit. The results of this design partner program are incredibly encouraging, proving our assumptions about the value of good quality data powering AI-based attack detection and native automation simplifying and speeding response. And I'm happy to say our first paid customer was a seven-figure purchase and most of the other design partners are likely to purchase in the coming months. We are on track to launch the product into a broader set of our customers in the first half of fiscal '23. We could not have accomplished all we have in the last several years in advancing our lead in network security, standing up our cloud-native security platform and progressing towards the autonomous stock without our investments in innovation. Over the last several years, our R&D spending has grown in order to enable our ambition to lead with the three platforms. You see this in major product releases, which reached nearly 50 in FY '22. As we move into FY '23, we are more committed than ever to leading in cybersecurity innovation. My team went through a rigorous process of prioritizing our most important investment areas across our three platforms. With the continued investment in R&D, I'm confident [Technical Difficulty]
[Technical Difficulty] about our financial targets in FY '23. I highlighted the strong drivers at play, including technology sector forces as well as drivers within cybersecurity. We just talked to you about all the innovation we have underway. We continue to have confidence in our team's execution and the traction we're seeing across our platforms. We expect to continue to deliver strong results, in line with the profile we have talked about for the last year since our Analyst Day. For fiscal year 2023, this includes billings growth of 20% to 21% and revenue growth with increasing predictability that is in the mid-20s. After achieving operating margins at the high end of our guidance in fiscal year '22, we intend to deliver operating margin expansion of 50 basis points to the high end of our guidance, with adjusted free cash flow margins of over 100 basis points at the high end of our guidance while absorbing increased supply chain costs and inflationary impacts. We achieved GAAP profitability in Q4 fiscal year '22 and we project this will continue for fiscal year '23. Lastly, today, we also announced a 3-for-1 stock split. This was done to help ensure our shares are accessible to all employees and investors. The stock split also demonstrates our belief in the future of the company and the momentum and confidence we have in our strategy. With that, I will pass on to Dipak to discuss our Q4 results in more detail as well as our Q1 and fiscal year '23 guidance.
Thank you, Nikesh, and good afternoon, everyone. Today, we again reported another strong quarter, which culminates in a strong fiscal year for Palo Alto Networks. For Q4, revenue of $1.55 billion grew 27% and was at the high end of our guidance range. Products grew 20% and total services grew by 30%. By geography, we saw strong growth across all theaters with EMEA up 33%, the Americas growing 26% and JAPAC growing 24%. The Next-Generation Security ARR grew 60% to $1.89 billion with strength across the portfolio. In the fourth quarter of 2022, we delivered total billings of $2.69 billion, up 44%, which was above the high end of our guidance range. Total deferred revenue in Q4 was $6.99 billion, an increase of 39%. Remaining performance obligation, or RPO, was $8.2 billion increasing 40% with current RPO representing about half of our RPO similar to recent quarters. With nearly all of our hardware products now refreshed, as Lee had mentioned, over 50% of our Q4 product orders were booked with Generation 4. Customer reception has been positive, with the majority of customers still in the early phases of their upgrade. Our Firewall as a Platform billings grew 26%. We also continue to see an increasing software mix within our FWaaP billings, up 2 points to 48% in Q4. Moving beyond the top line metrics I've already highlighted, non-GAAP gross margin of 73.2% was down 210 basis points year-over-year as we continue to incur additional expense for components and shipping. We expect this headwind to persist to March of fiscal year '23. Last Q4, we guided for a fiscal '22 operating margin of 18.5% to 19%. We're pleased to have achieved the high end of our goal by delivering 19% operating margin for fiscal year '22, while absorbing higher-than-expected supply chain costs. Non-GAAP net income for the fourth quarter grew 57% to $254 million or $2.39 per diluted share. Our non-GAAP effective tax rate was 22%, GAAP net income was $3 million or $0.03 per basic and diluted share. Turning now to the balance sheet and cash flow statement. We finished Q4 with cash, equivalents and investments of $4.69 billion. Days sales outstanding was 98 days, several days above where it would have landed without the impact of late quarter shipments. Our discounts continue to be in line with what we have seen over the last year. Q4 cash flow from operations was $524 million. We generated adjusted free cash flow of $485 million. We achieved 33.3% adjusted free cash flow margins for the year, above the high end of our 32% to 33% guide for fiscal year '22. During Q4, we repurchased approximately 755,000 shares on the open market at an average price of approximately $483 per share for a total consideration of $365 million. Additionally, our Board of Directors authorized an additional $915 million for share repurchase, refreshing our authorization for future share repurchases back to $1 billion expiring December 31, 2023. On the M&A front, we closed one very small acquisition in Q4. We reduced our stock-based compensation as a percent of revenue by approximately 3% year-over-year and quarter-to-quarter. SBC will remain a focus area in fiscal '23 as we balance the use of SBC to attract and retain top cybersecurity talent with scale leverage we expect in this area. Lastly, moving to guidance and modeling points. It is worth noting that in fiscal '22, we have flexibility built into our plans that allowed us to execute through some real-time developments during the year, such as supply chain and labor inflation. We've used the same approach in building our fiscal year '23 plans, incorporating a degree of flexibility of outcomes. It's also worth noting that we saw a very strong Q4 business activity. In some cases, this was from customers taking advantage of ordering hardware and especially subscriptions ahead of a price increase that took effect on August 1. We also saw some customers make large commitments in the fourth quarter that might have otherwise happened in fiscal year '23. As you think about next year, note that in the second half of fiscal '22, we have very strong billings with some benefit from an increase in invoicing of multiyear contracts for a few large customers. In Q4, without this impact, our billings would have been in the mid to high 30s. Turning to our guidance for the fiscal quarter of 2023. We expect billings to be in the range of $1.68 billion to $1.70 billion, an increase of 22% to 23%. We expect revenue to be in the range of $1.535 billion to $1.555 billion, an increase of 23% to 25%. We expect non-GAAP EPS to be in the range of $2.03 to 2.06%. For the fiscal year '23, we expect billings to be in the range of $8.95 billion to $9.05 billion, an increase of 20% to 21%. We expect NGS ARR to be in the range of $2.60 billion to $2.65 billion, an increase of 37% to 40%. We expect revenue to be in the range of $6.85 billion to $6.9 billion, an increase of 25%. We expect product revenue to be in the mid to high single-digit percent range year-over-year. We expect fiscal '23 operating margins to be in the range of 19% to 19.5%, which is 50 basis points ahead of the range we provided at our fiscal -- for fiscal '22 and consistent with the growth targets we presented during our fiscal year '21 Analyst Day. We expect non-GAAP EPS to be in the range of $9.40 to $9.50. We expect adjusted free cash flow margin to be 33.5% to 34.5%, and we expect to be GAAP profitable for fiscal year 2023. Regarding our fiscal year '24 financial targets, which we outlined at our September 21 Analyst Day, we have strong confidence in achieving those objectives and we hope you take away from our call today some of the reasons behind this confidence. Additionally, please consider the following modeling points. We expect approximately 42% of our operating income to come in the first half of the fiscal year and approximately 58% in the second half. We expect our non-GAAP tax rate to remain at 22% for Q1 fiscal year '23, subject to the outcome of future tax legislation. For Q1 '23, we expect net interest and other income of $6 million to $8 million. We expect Q1 '23 diluted shares outstanding of 108 million to 110 million shares. We expect fiscal year '23 diluted shares outstanding of 111 million to 113 million shares. We expect our Q1 capital expenditures of $35 million to $40 million. And we expect fiscal year '23 capital expenditures of $190 million to $200 million. And finally, as Nikesh noted, we announced today a 3-for-1 split of Palo Alto Networks common stock. The decision was driven by a desire to make our stock more accessible to our employees and the broader group of investors. It is also supported by our underlying confidence in our continued business momentum. Shareholders of record at the close of business on September 6, 2022 will receive two additional shares after the close of business on September 13, 2022 for every outstanding share held on September 6. Our stock will be trading on a split-adjusted basis on September 14, 2022. With that, I will turn the call back over to Clay for the Q&A portion of the call. A - Clay Bilby: Great. Thank you, Dipak. To allow for a broad participation, I would ask that each person ask only one question. The first question comes from Hamza Fodderwala of Morgan Stanley, with Rob Owens to follow.
A really nice set of results. Dipak, just a clarification question for you real quick. Did you say that the billings growth in Q4 would have been mid to high 30s, excluding the estimated pull forward? And then also for Nikesh, you mentioned some early macro commentary about longer duration deals. Are you also seeing any changes in the sales cycle as you guys do more seven, eight-figure [nine] (ph) deals? And then did that reflect in the guidance at all?
Yes. I just keep the efficiency of time. Yes, Dipak did say that if some of the -- it's important to understand, not just pull forwards, we had some large long-duration deals, having normalized for them. We just want to make sure we set expectations for next year, that 44 was exceptional and some of that was because of some large longer duration deals. I mean normalize for that, then you'd end up in the mid to high 30s. So this is more precautionary in our part as opposed to telling you that we're not doing well. On the front of like -- deal life cycles have been elongating at the top end of the market for us as the deal size have grown. This is not net new to us. This has been happening over the last two or three years. When I came, the largest deal we did was $28 million, now we've done deals closer to $100 million. So obviously, it takes a longer time to get a $100 million deal in place and requires a lot more validation from our customers' POCs and getting engaged. So that trend is consistent. We have not seen any change in that driven by economic factors. So that is your question. As I said, the three effects we saw, we shared a little bit of sweating of hardware assets to push them out a little longer and we've seen some people look at transformation projects. You can see them not go away from transformation. We've seen consolidation. Those are the three things we've seen.
Great. Next question from Rob Owens of Piper Sandler with Phil Winslow to follow.
Would love to drill down into the success you guys are seeing in Prisma Cloud. And what are the biggest factors and/or technical differentiation that's driving your success right now?
Let me give you sort of an overarching picture, and Lee has been kind enough to elicit our product capabilities. But like -- very quickly, we're noticing that if you go out look that there's hundreds of billions of dollars of cloud being sold by our cloud service providers, the top 5 around the world. And what is becoming clear is most of the top end or large customers are in multiple clouds. They're not just in one. We ourselves are in GCP and AWS instances and delivered Azure. So we're seeing ourselves in multi-cloud scenario. So one, that multi-cloud development is causing customers to look for a multi-cloud solution, and that's normally not driven by one cloud service provider, it’s typically somebody like us. That's one part of it. The other part is if the customer is looking for a point solution, it's harder for us, but most customers are migrating away from point solutions, looking for a more platform approach. As Lee highlighted, which Bridgecrew, which we acquired operates on the left side of the development life cycle, the build life cycle. Prisma Cloud used to traditionally operate in the run cycle where you put things into production. By connecting build and run, we've created the sort of even the extension to the development life cycle. So we are seeing people who are taking a serious view towards cybersecurity in the cloud come to Palo Alto Networks and not chase some point solutions. If you look at the industry, there are no platform solutions available. Most industry groups have already validated that as the SC Awards we heard about this morning. So Lee, do you want to add something, technical differentiation?
You've been well trained, Nikesh.
I'll add one piece, and actually, Nikesh said it in his prepared remarks. Not only do we have a platform approach, but everything that we deliver from the platform is best in class. And that combination is critically important for our customers to have the trust and confidence in using Prisma Cloud.
Great. Next, Phil Winslow of Credit Suisse with Adam to follow.
Congratulations on a great end to the fiscal year. Now when we speak to your partners, a growing message back has been an increasing amount of demand for Prisma access, which obviously had a great quarter. It's coming from enterprises that have been customers of other competing on-premise firewall vendors. However, they do not offer as robust a set of cloud service as Palo Alto Networks does. And lead to your point, during your slides, the number that jumped out to us today was that more than 30% of new SASE logos in Q4 were new to Palo Alto Networks. So Nikesh, maybe Lee, if you could comment too. If you think forward here, what is the opportunity to not only monetize SASE and Prisma Access but also to potentially transition that largely on-premise installed base of those competing firewall vendors to Palo Alto Networks platform, what are you hearing from customers and why?
Phil, I think in the last year, I would say, our ability to deliver, deploy and sell SASE has grown. And as you picked up the number, 30% of these customers are net new to Palo Alto. And the way it works is we go to them, they appreciate our firewalls, but the problem is they now have bought firewalls from somebody two years ago, three years ago, five years ago, and there's still a lot end of life on them. So they like us, they like our solutions, but they're not able to execute because somebody before them bought them or they bought them at a moment when they [were deluded](ph). So it now comes to a point where we are able to convince them that our SASE solution is right. Our excitement for these 30% customers is that, over time, they will then migrate their on-prem hardware to Palo Alto as well. And we're noticing early days, but we're noticing some of these customers who bought our SASE solution because they understand our security fabric then have deployed it, then it's a simple attach of putting hardware because security solutions have already been put into place. So we have taken share in the firewall market by most third-party estimates, somewhere between 300 to 400 basis points. And we think part of the driver is us being able to deliver a more comprehensive zero trust network security capability. As Lee highlighted, we have customers who have spent north of $100 million of lifetime value and network security with us, which is hard to do.
Great. Next is Adam Tindle of Raymond James with Brian Essex to follow.
Okay. Nikesh on the NGS portfolio, congrats on the success. You're just under $2 billion at this point. And I thought I'd maybe touch on the growth versus profitability algorithm for that piece of the business now that at this level of scale. If I look at the fiscal '23 guidance, it implies that new NGS ARR is going to be just over $700 million, which is a big number, but it's about the same dollar amount as you added in fiscal '22. Could you maybe speak to kind of the crossroads of opportunity to invest more for NGS ARR, maybe a new step function level of new ARR growth versus is it a better opportunity now to harvest and improve profitability and certainly, any metrics you can provide on where you are and where you can go and NGS profitability would be great.
So I'm sorry, I'm confused. Are you saying 50%, 60% growth is time to harvest or trying to grow faster? Sometimes I can never make you guys happy. It's like three years ago, we said $1 billion you guys always said, that's a big number. You won't get there. We get you to $1.9 billion in four years, and they sit and say, that's par for the course now, just like start making more money. Like, as Lee highlighted, we are trying to balance our R&D spend with our growth aspirations. I personally believe there is so much room in the cybersecurity market as we've demonstrated. Since I came, we've -- revenue growth is up 50% in terms of percentage growth. So we used to grow in the 19%, 20% range, growing at 20% to 29%. And I think that's a good place. It's such large numbers. We're growing at a good number. We're going to keep balancing our investment yet showing you fiscal prudence. Could I go spend more money and let the operating margin language lower? Yes. But I don't want to. We promised that we keep extracting operating margin to make sure we're fiscally prudent, and we're going to do that. But at the same time, we use the opportunity of every dollar to make it more efficient and keep spending for growth. We think our growth profile, obviously, as you would expect, has improved for most of our products that we were taking bets on about three or four years ago. I think it's also important to understand ARR is a leading indicator of revenue. So revenue comes in after ARR and then you have costs come in on day one. So yes, our operating margins for these new areas are getting better, in some cases getting to positive from negative. But I think we're still further away until you see the impact of the $700 million, $800 million we added this year. As that flows into revenue, the next 700 flows in revenue, we hopefully will keep expanding operating margins, which is fueling our ability to give you that 50 basis point expansion over the years. But we're going to keep striking the balance.
Great. Next is Brian Essex of Goldman Sachs, with Fatima Boolani to follow.
My congratulations on the results as well. It's great to see. Maybe, Nikesh, if you could help us reconcile what you're seeing on the product revenue side, particularly within the context of your guidance next year, particularly given what you said about consolidating, sharing your platform, early stages of refresh cycle, but it sounds like you've got some great VM series traction and the percentage of revenue of total Firewall as a Platform business is accelerating. What are the underlying assumptions behind that mid to high single-digit product revenue growth? Where could you see upside? And how are things different underlying those expectations compared to what you're seeing today?
Yes, Brian, as you know, thank you for the question, and thank you for your kind words. Look, we had the similar set of expectations last year going into the fiscal year. And we benefited from some price increases, as you know. We also benefited from some pull-through activities by customers because there were supply chain prices and people were trying to make sure,, they're stocking up. We just want to be prudent. We don't anticipate more price increases because our philosophy is we don't want to keep driving prices up. Because when you keep increasing prices, when supply chain settles down, you have to cut prices. And I don't want to be in that scenario where we're showing you tremendous volatility in our product revenue. So that's kind of one factor is the price normalization. The second factor is potential pull-in by customers because of supply chain constraints and ordering ahead. If you balance that out, we think the number is still in the low to high single-digits. But again, as I've told you from perhaps five years ago, we are focusing on Firewall as a Platform. The more I drive SASE, the more I drive virtual firewalls, the better off we are as transitioning our business. As we highlighted, 70% of our revenue now is predictable going into next quarter. We highlighted that 80% of our software subscription is coming from software. So we are trying to make sure we keep transforming this business and software business. We love our hardware business. It drives a lot of its installed base. It lies with lots of refreshes. It drives a lot of our advanced prevention capability. So please don't take away, that's not now a favorite child of ours. But at the same time, we are cautious and we're making sure we balance the growth in our hardware business with the thrust we're putting into SASE and Cloud and Cortex.
Great. Next from Fatima Boolani of Citigroup with Saket Kalia next.
Nikesh, for you, if I calculate a rough back of the envelope math, you had roughly maybe 10% of your billings tied to a handful of transactions. So as I think about large deal dependency and $75 million, $100 million deals becoming the norm at Palo Alto, how do you put your head together with Dipak to sort put guardrails around the guidance as the business becomes a little bit more levered to some of these larger deals, especially given your scale?
Let me lay back. First of all, we were careful, we said mid-to-high 30s. So it's not exactly 10%. It's somewhere between 5% and 8%, if you will, if you were bringing back of the math envelope. But yes, 5% to 8%. But look, part of it is we also told we have 1,200 millionaire customers. I think in cybersecurity, that makes us the largest number of millionaire customers you're going to expect. There's a large amount of customers between that and the $1 million customers, 100 million and 1 million, there's a lot of people -- there are lots of numbers between 1 and 100. So you can expect we have people pretty much at every number. Part of it is a balancing act in terms of what deals we prioritize and what deals we focus on. Remember, $100 million deals don't go away. They just take longer. So we could get it done in Q1. We'll get it done in Q2. So our customer has a wake up one morning and saying, you know what that deal we have been discussing over the last nine months for $100, it's not going to happen. If typically it becomes a $60 million deal, you say it's going to happen in the following quarter. So our job is to have a lot more pipeline in our portfolio to make sure that we're able to bring enough of them in, to be able to keep you hungry analysts away from destroying our credibility or whatever the right phrase is. Have we got you convinced yet, Fatima or not? I'm still waiting.
All right, good. Fantastic. Thank you.
All right. Great. Next question from Saket Kalia of Barclays with Brent Thill next.
Okay. Great. Echo my congrats on a very strong quarter. Dipak, maybe for you. You mentioned in your prepared remarks that you took the same approach with FY '23 guide as you did with FY '22, which was obviously very strong. So maybe the question for you is, as we all contemplate the impact of macro uncertainty for next year, how did you sort of think about that when you were kind of thinking about that billings guide for next year, which, again, was very strong at a higher base for '22?
Yes. I don't think there's anything different and I'm going to tell you, Saket, that's already -- that's not already in our prepared remarks. I mean, I think it's really a question of just dissecting what are the impacts of the macro, figuring out what supply chain-related, what's inflation-related, what's demand-related and then just making sure that we methodically work through it, like Nikesh and I and the leadership team have a lot of debates, right, during the course of the annual planning process, and then we just try to make sure that we're thinking through scenarios and having enough flexibility for different scenarios. But really nothing to add beyond the prepared remarks.
Great. Next is Brent Thill of Jefferies with Andy Nowinski next.
You have Joe on for Brent. Congrats on the result. Maybe just a follow-up to that last question. Appreciate the extra prudence, and I know that it's your fiscal first quarter, but is there any reason why the growth rate would half? I know there's some duration in 4Q, but just maybe talk about the billings guidance as it relates to F 1Q?
So I think again, ultimately, we talked about how you've got to normalize it for some large deals. We did also take a price increase on August 1. I think, again, we're just trying to be prudent at the beginning of the fiscal year and make sure that we're not getting ahead of our skis. I mean the 20% to 21% is the fiscal year guide. I think we've guided a little bit higher in Q1, specifically, but I think -- yes, and still ahead of consensus. So I think we feel pretty good about the pipeline, all the metrics that we look at.
Important to understand the overall market context. You've got companies which are reducing guidance, companies which are cutting EPS guidance. There are companies which are warning a potential customer deal life cycles being smaller. So we're trying to make sure that we are prepared for both the upside and downside scenario. I think it's fair for us to be prudent in that market.
Okay, great. Next, we've got Andy Nowinski of Wells Fargo with Joel Fishbein next.
Great. First, I just want to extend my congrats on a great quarter and the billings guidance, particularly in light of the much higher comp you have this year. So for a question, I wanted to ask about your win rates on Prisma SASE because none of your competitors have firewalls or other solutions to offer beyond their SASE solutions. So I'm wondering if the rest of your portfolio might actually be your most sustainable competitive advantage that's driving that growth in new logos you're seeing with Prisma SASE.
Andy, I think part of -- if you look at it historically, until about three years ago, we didn't have a SASE, we could actually go head-to-head with the industry leader, let's just say, right? What has happened in the last 1.5 years or two? We've become a force to reckon with. I'd say in the most -- the largest enterprise deal is head-to-head with two vendors. Very rarely do we see a third. This doesn't take a lot to guess who the second vendor is. And two years ago, we were not showing up to the party. Two years ago, getting one or two deals out of 10. Now we think we're in five to six out of 10 deals and our aspiration is next year to be 10 out of 10 deals. You know what, hopefully, if we can win half the deals that we're in, we'll be growing at big numbers like we did this year. So we think we are coming of age in our SASE business. We have a lot of respect for the other player in the market. We think we have a better solution technically. We're seeing that when enterprise architectures come to play where customers want to integrate a Zero Trust strategy across hardware, software and remote access driven solutions. We believe that we have a technical edge. At the same time, we made the early decision to deploy that on the public cloud. We actually are the only company that can deliver your SASE solution on the public cloud with redundancy. So GCP goes down, we hot switch to AWS. As AWS goes down with hot switch to GCP, so we give you the highest level SLA in the SASE business in the market today.
All right. Next, we've got Joel Fishbein of Truist Securities, followed by Keith Bachman.
Nikesh, just wanted to follow up on Fed spending and SLED spending, particularly since Palo Alto is probably in the pull position to deal with the Zero Trust environment that the federal government's disposing a strategy around it, and I would love to just get an update. It seems like there's a lot of rhetoric, but not a lot of spending.
Joel, as you'll appreciate, what typically happens when a new administration comes into place. The first six months, they spend the time getting to know each other. The next six months, they write a lot of executive orders and then we get into implementation, if we're lucky in year two. So yes, we have seen great signs of alignment in the Fed market. We have seen some good executive orders to align towards more awareness around cybersecurity. As you know, the SEC is also looking at it how to make it a more relevant conversation and Board. So all the signs are headed in the right direction. The fiscal year close for Fed comes in, in the next 1.5 months. So we should hopefully see some activity in Q1 around that. And I think next year should be a better year for Fed spending, especially around Zero Trust and SASE and cloud.
All right. Next is Keith Bachman, the BMO with Gregg Moskowitz to follow.
Great. Lee, I want to bring you into the conversation for a second, if I could. Lots of good metrics around Cortex. And I was just wondering how you're thinking about the growth potential in Cortex and particularly with XSIAM coming in the first half, does that you think actually caused an acceleration in growth in Cortex? And Dipak, if I could just ask a clarification, sneak one in here. For the billings guide, are you assuming duration neutral in FY '23? Or any kind of assumptions around duration and pricing that we should be thinking about in that '20 to '21 billings guide when you compare this year to last year?
Yes. Thanks for the question, Keith. The -- we saw another year of good traction with Cortex across XGR, XSOAR and Xpanse. And I anticipate that we'll continue to see that traction in FY '23 given the product innovation that we've driven and will continue to drive across those three products and the value they provide. When I think about XSIAM, I think of it as being the start of fairly exciting journey, but it's going to be a multiyear journey. I don't see it as being just a quick hit. It's a more architectural transformation. It is truly what I believe customers need but it will take a little bit longer for that to fully play out. And I'm very encouraged by the design partner program we ran, but there's -- we're going to see that play out over the course of the next year, and hopefully, that sets the foundation for the years to come.
And then just to answer your question on duration and pricing, no significant changes on duration and no additional pricing beyond the ones that we've already announced. Recall August 1, we did have a price increase that was about 5% on our hardware.
Right, Gregg Moskowitz, Mizuho Securities, followed by Matt Hedberg.
So Nikesh, at the beginning of your fiscal '22 year, you spoke about a more incremental period, a more moderate period, if you will, as it relates to acquisitions. But earlier, Lee also mentioned several opportunities for new modules and valuation multiples having generally come in, I'm curious how you're thinking about M&A in fiscal '23?
So we outlined that we -- it's harder to do M&A now than it was three or four years ago because we had such a wide canvas or blank canvas in terms of various opportunities where we could go make acquisitions today, we have to balance the idea of an acquisition to make sure that is it consistent with our product strategy. Is it an overlapping acquisition or is it a complementary acquisition where we can integrate over time. So that reduces the amount of the opportunity out there. As I've always said, we're very focused on product area acquisitions as opposed to go-to-market acquisitions because we have -- as you can see, from our ARR or NGS, $1.9 billion. We have the ability to go sell good stuff if we get good stuff from our product better than here. So I think we will continue to stay on the lookout and scan the market. We are not in the mindset of acquiring large deals. We're in the mindset of looking for great product teams that we can complementarily attach to our capabilities. So we keep scanning the market and if something shows up, we'll do it. But again, I don't think it has ever been a significant part of our effort in terms of our market cap. When we did the first $2.5 billion, the market cap was $20 million, $25 million, now it's north $50 million. So you can imagine it's a small scale relative to what the opportunity for the company is, and that's how we think about it. We're not jumping at the bit right now. The market -- I think it's kind of like -- the public market has rationalized, the private markets probably haven't yet. It's a bit like real estate and people remember the last the neighbor's house, what is sold at, they kind of forget what their house is worth. So until people realize true value of their house, it's going to be a little longer before acquisitions come into the security market again.
Great. Matt Hedberg, RBC followed by Gray Powell.
Nikesh and team, congrats on the results. The success of your SASE portfolio is obviously impressive. I'm wondering, as you approach the fiscal year, are there things that you're doing from a go-to-market perspective to even drive higher cross-sell? I believe you have about 54,000 firewall customers and now just shy of 3,600 SASE customers. Just kind of curious how you think about maybe driving even more cross-sell what has obviously been the top growth?
So thank you for the question. It's a great question. It's something our management team has spent a lot of time thinking about. And what we are doing going into this fiscal year is we used to have SASE sales specialists. And what we've done is we have merged them into our core sales team, and we've been running boot camps for the last 6 to 8 weeks training everybody out in the field for SASE. So we're converting our entire core field team, our network security team into a SASE first team which is the way -- only way we can get amplification across 2,000 sellers and actually go make sure there's a SASE opportunity to be uncovered to every customer. So we think SASE's come of age. We think SASE is the linchpin towards our network security strategy. We think this is going to be a very, very large market in the next five to 10 years. And we say we're one of two vendors in the market who will be invited to every opportunity, and we hope to win our disproportionate share.
Right. Yes. Great. Our last question for the day from Gray Powell with BTIG.
All right. And congratulations on the strong results. So yes, I guess I'll stick with the SASE theme. And I'd be really curious, I mean a lot of other companies that have reported earnings in the security space, they're talking about longer sales cycles, particularly for larger, more complex deals. How does that play into the Prisma SASE portfolio? Are you seeing any macro impact there, particularly in terms of pipeline? And then was that like a consideration in the NGS ARR guidance.
Look, Gray, as I said, first and foremost, the large complex deals take longer to get done. And SASE does take longer because customers -- SASE is just not buying a security and bolting it on. It's actually re-architecting your network access. It’s actually just how your laptop delves in into your work if you're using Palo Alto SASE or Prisma SASE. So it's kind of important because if your laptop doesn't get access to BTIG's infrastructure in trouble. So it becomes a network play as much as a security play. So teams take a little longer to get it done. So I think that's kind of part of the process, less so the macroeconomic concerns, if you will, it's really doing the technology transformation agreeing to do it as an organization. That's what takes a little longer. In terms of our guidance, look, there's a whole bunches of puts and takes that are going in there. There are secular tailwinds. We obviously have a sense of the pipeline going into next year. As Fatima asked, we did some big deals, guess what, we didn't do some big deals, right? You couldn't have done every deal, so there's a bunch of deals that are still waiting in the wings. Yes, they're larger, and they're binary that if they all don't come in, we'll have to go hustle. If they all come in, we'll be in a great place. But our job as management to just balance all these factors, you've got to balance inflation, supply chain, deal cycles, various product investments. So I think across the balance, if you look, we think our guidance is prudent across all of these factors where we think some of them might be better for us. Some of them may be worse. But on the margin, we think we can deliver the guidance as presented to you.
Great. Thanks. That will conclude our Q&A. I'll turn it back over to Nikesh for his closing remarks.
Well, first of all, thank you, everyone, for your attention and your questions and for joining us. We look forward to seeing many of you after this in separate calls as well as upcoming conferences. I also want to thank our customers, partners and of course, most of all, our employees who make us the great place that we are. With that, go Palo Alto Networks.