Palo Alto Networks, Inc. (PANW) Q2 2023 Earnings Call Transcript
Published at 2023-02-21 18:32:02
Good day, everyone, and welcome to Palo Alto Networks Fiscal Second Quarter 2023 Earnings Conference Call. I am Clay Bilby, Head of Palo Alto Networks Investor Relations. Please note that this call is being recorded today, Tuesday, February 21, 2023, at 1:30 PM Pacific Time. With me on today's call are Nikesh Arora, our Chairman and Chief Executive Officer; and Dipak Golechha, our Chief Financial Officer. Our Chief Product Officer, Lee Klarich, will join us in the Q&A session following the prepared remarks. You can find the press release and information to supplement today's discussion on our website at investors.paloaltonetworks.com. While there, please click on the link for Events and Presentations where you will find the investor presentation and supplemental information. During the course of today's call, we will make forward-looking statements and projections regarding company's business operations and financial performance. These statements made today are subject to risks and uncertainties. We assume no obligation to update them. Please review the press release and our recent SEC filings to see these risks and uncertainties. We will also refer to non-GAAP financial measures. These measures should not be considered as a substitute for financial measures prepared in accordance with GAAP. The most directly comparable GAAP financial metrics and reconciliations are in the press release and the appendix of the investor presentation. All results and comparisons are on fiscal year-over-year basis, unless specifically noted otherwise. We would also like to note that management is scheduled to participate in the Morgan Stanley TMT Conference and JMP Securities Technology Conference in March. I will now turn the call over to Nikesh.
Thank you, Clay. Good afternoon, and thank you, everyone, for joining us today for our earnings call. I'm pleased to report that we had another strong quarter with the balance of top line growth, significant expansion and non-GAAP operating margin and strong free cash flow. Billings and revenue each grew 26% year-over-year. Our RPO grew 39% as we continue to sign large multiyear deals with our customers. We also delivered an acceleration in our operating leverage in Q2 as we focused on driving profitable growth. Our non-GAAP operating income grew 55% year-over-year, supported by a non-GAAP operating margin, which exceeded 22% for the quarter, up over 440 basis points year-over-year. This translated to another quarter of profitability on a GAAP basis. We have now been GAAP profitable on a cumulative basis over the last four quarters. In addition, our strong free cash flow generation this quarter also puts us on track to outperform prior guidance. I know many of you are wondering about the macro environment, so I want to start with an update there. There's clearly a tougher macro emerging out there as the Fed continues on its crusade to tame inflation. The changing macro is clearly making business leaders more cautious. Some of our customers are seeing signs of a slight slowdown while others are less impacted. I, however, feel that we're not done yet. And while not expecting shocks, I do think we will see more cautious activity over the next few quarters. Clearly, caution is abundant, driving more scrutiny, making customers demand more value from their partners. We've seen some projects get delayed or descoped, non-canceled while most continue on track. We've always maintained that we expect cybersecurity to be resilient, and we continue to see evidence of that. On the large deal front, this behavior is definitely widespread. For us, this has meant we need to get ahead of this and work closely with our CIO and CSO partners. Not just that, it's creating more conversations around payment terms, discounts and scope of deal with purchasing teams, something we've been working with our customers on as well. I'm delighted that based on our field teams getting ahead of this problem, earlier this quarter, we did not see any major deals slip from the quarter. Our deal cadence quality was consistent with the same quarter last year. On an equally positive note, this environment drives the need for consolidation, not just to generate clear security outcomes, but also to reduce the security vendor sprawl that has been prevalent in our customers' infrastructure and the need for a long-term security strategy based on total cost of ownership and value. We feel fortunate that with our portfolio, we are best positioned to deliver this to our customers. Within our own business, two things have happened. One, we have become more focused on efficiency from early this year. For example, our headcount growth this year is likely to be lower than any of the last three years. At the same time, we do not anticipate slowing down the pace of our development or business outcomes. Dipak and his team have been rigorously inspecting our cost structures across our portfolio to ensure we are set up to deliver consistent gross margins in all areas. This has been one of the major drivers of our improved operating margin and we hope to continue to improve as we scale. Secondly, as anticipated, supply chain challenges and product have abated significantly versus six months ago. While this is evident in our product gross margins and our overall profitability, there are some lingering impacts, which we expect to further abate through the end of this year. Let's also take a moment to discuss hardware growth. Over the last 12 months, a lot of factors have impacted hardware growth, including supply constraints, uneven demand, given supply chain impacts and backlog. Additionally, we have noticed our customers continue to be more focused on their cloud, network and security operations and transformations and are willing to sweat their hardware assets longer. Underlying all this, we still believe that the industry hardware growth rate is in the low to mid-single digits. As all these extraneous factors mitigated over the next few months, we will see the long-term growth gravitate back to those levels. So what does this mean for the second half of this year and beyond? Somewhat counter to the market, we're raising guidance both on top-line metrics, metrics and profitability. Of course, this requires the current demand to sustain, and for us to maintain a continued focus on execution. We have a unique opportunity in this environment to strengthen our position in the market. Hence, we are investing with an eye towards disciplined growth and positioning ourselves to the partner of choice for customers looking to consolidate. You'll hear more about this from Dipak, but we are raising billings and next-generation security our guidance on the back strength in our software-based and cloud-delivered capabilities. In our hardware pipeline, we're seeing specific transactions that are on track for Q4, which has caused us to shift some forecasted revenue from Q3 to Q4 while maintaining our annual guidance. With all I have said about efficiency in better operations and the impact, we're now guiding to 21.5% to 22% operating margin for fiscal year 2023. Additionally, we're also increasing our cash flow guidance. Consolidation continues to be a key theme with our customers. Of course, customers are not willing to compromise on quality and cybersecurity. Given our market leadership in 13 categories, we are fortunate to be engaged in many such conversations. Those conversations are driving business, and many customers are on a long-term transformation path with us. The number of deals we closed over $1 million grew nearly 20% year-over-year, and the value of these transactions grew nearly 60%. Similarly, the number of greater-than-$5-million deals grew 84% and a number of greater-than-$10-million deals grew over 140%. We saw deal values in these cohorts grow significantly. This continued momentum is critical to us being able to drive platform consolidation. Time and again, we see early millionaire customers become an onboarding ramp to help us drive more cybersecurity value to our customers. Almost all of our $10 million deals involve multiple platforms on an underlying transformation that is driving vendor consolidation. Let's take a look at some of the ways we are driving consolidation. First, with Zero Trust transformations, we're helping customers standardize their appliance and software firewalls with a broad line of security subscriptions. A life sciences customer signed an eight-figure deal to standardize their operations using our next-generation firewalls, VMs and security subscriptions. In other cases, we're helping customers adopt SASE and software firewalls, and consolidate their security stack across our consistent set of offerings, driven by hybrid work and securing SaaS apps. A financial service firm recently signed an eight figure deal with us, because they wanted to transform their network and reduce both operational challenges and cost of ownership. They chose us over pure play SASE competitors, because of the breadth of our offering in our comprehensive Zero Trust network. Secondly, trial cloud transformations. We're using our Prisma Cloud and Prisma Access capabilities to help customers adopt hyperscale cloud and Software as a Service. Another financial services firm with a mandate to run over 90% of the apps in the cloud signed a high eight-figure deal to standardize in both Prisma Access and Prisma Cloud. Lastly, in SOC transformations, we're using our Cortex platform with XSIAM to help customers transform their security operations center and retool around high-fidelity data sources, AI and automation. A retail company started a relationship with us around Unit 42 incident response with an Expanse trial and small XDR deployment. They expanded the relationship with a high seven-figure deal to standardize on XDR and XSOAR. These strategic customer relationships and transformations would not have been possible without us building a new security industry paradigm, a paradigm around constant innovation. Our success is driven by investments in innovation and is increasingly clear to us that, there is a flywheel at play here. This starts with R&D investment, where we have the largest budget of all dedicated cybersecurity companies approximately $1 billion in non-GAAP spending on a trailing four-quarter basis. This is two to five times as much as our pure-play peers. Our scale also allows us to spread this budget across a larger revenue base and the shared needs of our three platforms. R&D investments then translate into a record number of product releases. Our first half major release is number 35, up 59% from the first half of last year. Some of the key releases in the first half included our flagship PAN-OS 11.0 Nova, our third advanced subscription, Advanced Wildfire, our new AI-based SOC platform XSIAM and new modules and updates in Prisma Cloud. This constant innovation is causing industry analysts to take notice. We recently received recognition for leadership in the cloud-native application protection platform category, or CNAPP, bringing our total number of active leadership recognitions to 13, which compares to nine a year ago. All these leadership positions have helped us grow our NGS ARR at 63%. We still believe there is a large untapped TAM for many of these services given the robust adoption of advanced software services that we have launched, which are all cloud delivered and us being in the early part of the SASE cloud life cycle, we feel confident in our future ability to drive NGS ARR. Let's take a deeper look at some of the highlights. I'll start with my personal favorite, our network security business. We launched our first SASE capability, Prisma Access, at the end of fiscal year 2019. In the first year, we booked less than $100 million in business. Over the last six quarters, we booked about $1 billion, with our largest deal last quarter being a TCV deal for $40 million for SASE. We now have over 4,000 customers and are growing ARR approximately 50%. In Q2, we saw a healthy number of large competitive wins in SASE, and SASE has one of our strongest pipelines looking 12 months out. Beyond the top line traction, we're also seeing improving economics in the business. Two years ago, we showed you how the five-year revenue from a SASE customer compares to an appliance customer. At that time, SASE was about two times higher. Since then, we've added additional value to SASE. We launched autonomous digital experience management in FY 2022, followed by AIOps and SaaS security posture management this year. AI has the power to transform SASE. Our integrated security services are now all powered by AI to detect and prevent even zero-day attacks. And we'll soon be introducing additional AI-driven capability to transform the user experience and using the platform. We now expect our five-year revenue from a SASE customer to be more than 2.5 times that of an appliance customer. We've also seen some improvements in our SASE gross margins over this period, as we have scaled to become more efficient. If you go to the other side of our network security portfolio, our software firewall business is going strong. This includes the broadest deployment options for customers, including VM-Series and CM series, which can run in their data centers or be purchased in the cloud marketplaces and the first-to-market integrated cloud next-generation firewall offerings for hyperscale clouds. We have the highest market share of any company in this market. We believe it's more than three times of our any closest competitor. The current macro environment is causing more customers to watch their CapEx budget. This shift, along with the fact that customers are transforming the data centers moving to the cloud, is leading more of them to adopt software firewalls. In Q2, the number of deals over $1 million for our software firewall was nearly doubled, and six of our top eight deals in Q2 included software firewalls in our offering. Moving onto our cloud security business. We continue to make steady progress with Prisma Cloud. Platform enhancements are important to our growth. We released the new API risk profiling capability to enhance our web application security module. This capability helps security teams assess their API stack surface, attack surface quickly based on more than 200 risk factors, including misconfigurations, exposure to sensitive data and access privileges. This helps teams prioritize the most significant risk and take preventive measures to address them. We also continue to shift left and focus on securing workloads as they are developed, solving our customers' application security channels. To that end, we closed the acquisition of Cider, and have brought their team under common leadership with our cloud code security team to help bring Cider's CICD security capability to our platform. After releasing Cloud Core Security a year-ago, over 15% of our customer base has adopted these capabilities. Our cloud core security customers in Q2 grew 30% over Q1. Our new secret management module launched in December scans code repos used by developers for hard-coded secrets like passwords and API keys to make sure this information is not exposed and used as a vector of attack. We continue to see these new capabilities and enhancements drive an increase in customer module adoption. For example, our customers with two or more modules grew over 40%, and customers with four or more modules more than doubled. Credit consumption of Prisma Cloud increased 48% year-over-year. This growth is being driven by new customer additions, customers increasing their cloud footprints and customers consuming additional modules. While there has been discussion on moderation and cloud consumption in the market, we believe the relatively early stage of cloud security adoption has and will continue to shelter us from this headwind. Before I move on to Cortex and talk about continuing signs of optimism I see in that category, I feel compelled to take a detour towards AI. Clearly, AI has been on everyone's mind given the continued conversation in the tech industry. Most of you know the story of arrival with the Palo Alto Networks. I talked about fragmentation and the need for a solution there, which we have talked a lot about. I also talked about automation and AI. We counted, I used the word AI more time than my first six months in Palo Alto Networks than platform or consolidation. The challenges you all know is that AI has been a data problem and continues to be so. Unlike consumer AI, where we can talk about Sonnets and ChatGPT's creative capabilities and the revolution that is going to drive in search or advertising, its ability to summarize data and continue to amuse and inform us, the demands from AI and enterprise are far more exacting and so are the returns. An enterprise AI needs to be clean. It has to have comprehensive data. And in security, especially it needs to be real time. So not only do you need to have the best data to create great security outcomes, you also need to be positioned in line to block threats. Let me make a case why with petabytes of data from trillions of events, billions of sessions, hundreds of millions of URLs and tens of millions of flies flowing -- files, not flies -- flowing through our product across cloud, network and endpoints daily, we are best positioned to deliver security outcomes using AI machine learning. Palo Alto Network's next-generation firewalls broke through the firewall industry in the early days because of our ability to then deliver next-generation security. These services were driven by expansive data collection capabilities, EAL, or enhanced application logs. We have since applied that capability across our entire network security stack. We estimate that this network secure data is just under half the valuable security data that is needed for any AI-driven outcome. We have over 60,000 customers where we can help them use this data. As we conceived with Cortex, we built XDR to ensure we collected the best endpoint data across the industry. We acquired and deployed the largest security automation footprint at XSOAR, but we're not stopping there. We then acquired and integrated Expanse, which looked at vulnerability data from a different and unique perspective. These formed the fundamental building blocks for XSIAM. With our leadership position in automation, analytics and attack surface management, again, we're driving an AI-based SoC transformation. With our 4,500 Cortex customers, we're able to bring what we believe is the next largest set of security data that is useful for AI. We applied the same thought and rigor as we built Prisma Cloud, integrating data from all hyperscalers, integrating shift-left data from developers. Slowly and steadily, the Prisma Cloud integration is being built on a stronger foundation of security data. Cloud is becoming an increasingly important contributor to AI, and our 2,000 customers will benefit from it. We have delivered unique AI-based outcomes, including blocking unknown yet malicious websites, command and control domain and files at scale. Also, we have shown in our own security operations center that we can reduce the mean time to detection to seconds and the meantime to respond to minutes. These are all outcomes that cannot be achieved without the data we have and the AI/machine learning expertise we apply. Let's take a look into how we believe this has made us more excited and encouraged us around XSIAM. In Q2, as part of the Cortex and XSIAM platform, we released important new capabilities, including SaaS-enabled XSOAR, delivering a cloud-based interface and Expanse active attack surface management allowing our customers to remediate issues discovered using XSIAM. We launched XSIAM and GA at the end of Q1. So far, we've closed approximately $30 million in business and have a growing pipeline of customers that are looking to transform security operations of the new platform. I think XSIAM is going to pave the way for us to drive AI-driven security transformation outcomes. We will continue to work hard with our early customers to drive evolution and success in XSIAM. I'm extremely positive, perhaps, and cautiously optimistic about XSIAM. Its early relevance, product market fit, and with the concurrent discussion on AI, it makes me hopeful that this could be the fastest ramp of any security product. We see our first milestone to getting to $100 million in bookings faster than Cortex SASE or Prisma Cloud in our portfolio. Before I turn the floor to Dipak, I want to put all this together and talk about where we're focused as we enter the second half of our fiscal year and beyond. We see a clear road map ahead of us. We intend to put our head down and execute. Right now, we're in the process of transforming our business to software-based and cloud delivery offerings. Our revenue, which is increasingly driven by our next-generation security capabilities, is becoming more recurring in nature, and we have an opportunity to own a greater share of our customers' cybersecurity budget. This should allow us to sustain high revenue growth for longer. Over the last couple of years, we set in motion a plan to expand our operating margin, including driving scale in our faster-growing businesses. Over the last six months, we've listened to investors who have encouraged us to focus on profitable growth and accelerate incremental leverage in our business, and we made good progress in Q2. We're now well positioned for the second half of the year. We are appreciably raising our margin target for FY 2023 up 200 basis points from our prior guidance and 250 basis points from our initial FY 2023 guidance. We believe we can continue to build on this into fiscal year 2024 and beyond, putting us three years ahead of our profitability targets we offered at our last Analyst Day in September 2021. As Dipak will describe, we believe the combination of sustaining higher top line growth and focus on efficiency sets up well to build on this base of higher profitability and grow EPS ahead of revenue. I want to emphasize that achieving GAAP profitability is an important milestone for our company. In support of this, we're actively focused on managing our stock-based compensation to continue bringing this down as a percent of our revenue. With that, I'll turn the floor over to Dipak to take you through our details of our results and guidance, and then we'll take questions.
Thank you, Nikesh, and good afternoon, everyone. For Q2, revenue of $1.66 billion grew 26%. Product revenue grew 15%, whilst total service revenue grew 29%, with subscription revenue growing 32% and support revenue growing 25%. Moving on to geographies. We saw revenue growth across all theaters, with the Americas growing 22%, EMEA up 35% and JPAC growing 32%. The strength of our next-generation security capabilities continues to drive our results, with NGS ARR of $2.3 billion, growing 63%. Strength was broad-based across all three of our platforms: Network security, cloud security and security operations. We delivered total billings of $2.03 billion, up 26% and above the high end of our guidance range. Total deferred revenue in Q2 was $7.6 billion, an increase of 39%. Remaining performance obligation, or RPO, was $8.8 billion, increasing 39%, with current RPO representing about half of our RPO similar to recent quarters. Our non-GAAP earnings per share was significantly ahead of our guidance, and this metric, as well as our trailing 12 months adjusted free cash flow, accelerated. Non-GAAP EPS of $1.05 grew 81% year-over-year, while trailing 12-month adjusted free cash flow of $2.7 billion grew 76% year-over-year. Moving on to the rest of the financial highlights. Non-GAAP gross margin of 75.5% was up 150 basis points year-over-year, driven mainly by an increase in our software mix. On a quarter-over-quarter basis, we saw less pressure from incremental costs related to the supply chain. We've made significant progress in driving leverage. This is something that we articulated at our Analyst Day in September 2021 and kicked off in fiscal year 2022. And we have accelerated this in fiscal year 2023 with a focus on profitable growth as evidenced by our Q2 performance. Our operating margin of 22.8% increased 440 basis points year-over-year. This result was driven by improving gross margins and a slower level of headcount additions. We expect to see ongoing improvements in our operational efficiency. And as a result, we are raising our fiscal year 2023 operating margin guidance. Non-GAAP net income for the second quarter grew 79% to $332 million, or $1.05 per diluted share. Our non-GAAP effective tax rate was 22%. Delivering fiscal year GAAP profitability is another milestone in our balance of driving growth and profitability. For the quarter, GAAP net income was $84 million or $0.28 per basic share and $0.25 per diluted share. This was our third consecutive quarter of GAAP profitability. And as Nikesh noted, we have now been profitable on a cumulative basis for the last four quarters. We believe we now meet the criteria for inclusion in the S&P 500. Turning now to the balance sheet and cash flow statement. We ended Q2 with cash equivalents and investments of $6.2 billion. Our average duration -- our new contracts increased slightly year-over-year, driven by deals with strategic customers. It remains at approximately three years, where it has been historically. Q2 cash flow from operations was $695 million, with total adjusted free cash flow of $685 million this quarter. Our strong free cash flow in Q2 was driven by increased operating profitability, higher interest income and improvement in billings linearity due to improving supply chain conditions. During Q2, we repurchased approximately 1.8 million shares at the open market at an average price of approximately $139 per share for a total consideration of $250 million. As a reminder, our share repurchase program is opportunistic, and we are committed to this method of returning cash to shareholders over the medium-term. Stock-based compensation ticked up 20 basis points as a percent of revenue sequentially, related to the issuance of our annual grants and the impact from the Cider acquisition. On a year-over-year basis, stock-based compensation was down 350 basis points as a percent of revenue. Before I get to guidance, I wanted to cover my thoughts on operating margin. We have continued to drive improvements in the profitability for our fastest-growing businesses as they have gained scale. Also, over the last six months, we have developed and executed on detailed plans to accelerate our operating leverage. This includes raising the bar around the return on investment we expect as well as remaining prudent in our hiring. We've also spent a lot of time looking at our peer group and studying benchmark data. As we look towards the second half of the year and into fiscal year 2024, we believe we can continue to execute against our plans and drive higher operating margins. We expect that this will translate into us growing our EPS faster than our revenue growth rates. Now moving on to guidance. We're offering guidance for Q3 and also Q4 to make this explicit and then offering updated annual guidance. You'll see we're maintaining our annual revenue guidance and giving explicit guidance for Q3 to Q4 based on what we see in our pipeline for product revenue. For the third quarter of 2023, we expect billings to be in the range of $2.20 billion to $2.25 billion, an increase of 22% to 25%. We expect revenue to be in the range of $1.695 billion to $1.725 billion, an increase of 22% to 24%. We expect non-GAAP EPS to be in the range of $0.90 to $0.94, an increase of 50% to 57%. For the fourth quarter of the year, we expect billings to be in the range of $3.12 billion to $3.17 billion, an increase of 16% to 18%. We expect revenue to be in the range of $1.937 billion to $1.967 billion, an increase of 25% to 27%. We expect non-GAAP EPS to be in the range of $1.18 to $1.22 per share, an increase of 48% to 53%. For the fiscal year, we expect billings to be in the range of $9.1 billion to $9.2 billion, an increase of 22% to 23%. We expect NGS ARR to be in the range of $2.75 billion to $2.8 billion, an increase of 45% to 48%. We expect revenue to be in the range of $6.85 billion to $6.91 billion, an increase of 25% to 26%. We continue to expect product revenue growth in the range of 10% for the full fiscal year. For fiscal year 2023, we're expecting our operating margins to be in the range of 21.5% to 22%. And we expect our non-GAAP EPS to be in the range of $3.97 to $4.03, an increase of 57% to 60%. We expect our adjusted free cash flow margin to be between 36.5% to 37.5% and we expect to be GAAP profitable each quarter and for the fiscal year 2023. Additionally, please consider the following modeling points. We expect our non-GAAP tax rate to remain at 22% for Q3 and fiscal year 2023, subject to the outcome of future tax legislation. For Q3 and Q4, we expect net interest income -- net interest and other income of $45 million to $49 million. We expect Q3 diluted shares outstanding of 321 million to 327 million shares. We expect Q4 diluted shares outstanding of 326 million to 332 million. We expect fiscal year 2023 diluted shares outstanding of 320 million to 326 million. We expect Q3 capital expenditures of $35 million to $40 million, with full year capital expenditures of $165 million to $170 million. With that, I will turn the call back over to Clay for the Q&A part of the call. A - Clay Bilby: Great. Thank you, Dipak. [Operator Instructions] The first question will be from Brian Essex of JPMorgan with Hamza Fodderwala to follow. Brian, you may ask your question.
Great. Thank you, Clay and congrats to everyone on some fantastic results. Really, really strong here. Thanks for taking the question. Maybe Nikesh for you, I just have a question on SASE. Maybe if you could dig in a little bit to the competitive dynamics there. Does it really help to -- I guess, how much does it help the platform to have full end-to-end SASE? I see a lot of private vendors building out full end-to-end SASE platforms, or is this more of a transformational push or maybe there's a little bit of both? Thank you.
Hey, thanks for the question. Look, the SASE market, I think traditionally was a market which was focused on Internet access. Customers use that as a proxy-based way to onboard Internet access and was fine. I think the pandemic really flipped the switch, coupled with the whole cloud transformations that are going on, our customers, especially larger customers, want to create a first -- first-class citizen of any user who's not sitting in the office or in the campus, and they want to get to Zero Trust. So, I think the confluence of Zero Trust, the confluence of the cloud transformation, the confluence to apply a full security stack opened the door for full SASE deployment to network transformations, couple that with the fact that people are trying to get away from large wide- network-type network architectures, SD-WAN type network. So, I think, our confidence on all of these things created a real spurt in the SASE market. We have 60-plus thousand customers who use our firewalls. Now, we're showing them a path to migrate from a firewall-based, campus-based, data center-based architecture to a Zero Trust architecture, which spans hardware, software, and any kind of remote access and campus solutions. So, I think that's what's driving that for us. And whilst your guys -- you're impatient, your brains move faster than our ability to execute sometimes, it's only been three years. And I think I could challenge anybody out in the market. Anybody -- everybody read the same Gartner Magic Quadrant on SASE. I want to see how many vendors can claim that the last six quarters, they sold $1 billion SASE, and who just did a $40 million deal in SASE last quarter. So, I think that's our execution, our ability to work with existing customers, our constantly listening to customers evolving our product is allowing us to get here. It's a competitive market, but I think we're down to two, two and a half vendors in this market who we see at every customer now.
All right. Our next question from Hamza Fodderwala with Morgan Stanley with Fatima to follow. Go ahead Hamza.
Hey good afternoon. Thank you for taking my question. Maybe for Nikesh and Lee Klarich. Just curious around the early customer conversations around AI as customers look to automate their security operations. And to what extent is that aiding the conversation towards consolidation for Palo Alto Networks?
That's a great question, Hamza. And I've been sort of on and off in terms of how to temper my enthusiasm for this space. And I was on my way to India to speak at a convocation, I experienced ChatGPT for the first time. And I turned around and rewrote my convocation speech saying, this is the best thing that happened to security, enterprise and to consumer, because I think it's kind of an inflection point, which is big. Now clearly, that's a conversation. I'd say, two months ago, customers were not asking us about AI, and now they all want to know, are you deploying AI in your security products? That's great. And that's why we spent some time on the earnings call trying to elaborate how we've been using this for a long time. The conversations are around how do I start making more sense of my data. I think the last iteration of using data in the security industry has been more about, I'd say, offline or reactive data analysis for the most part. And this is the first time the customers want real-time, proactive, block-the-threat outcomes, which is sort of our sweet spot, if I may say so. And that conversation is beginning to start. I'll tell you, on XSIAM, there's no deal less than $1 million. I haven't seen a security product that we launched in the industry which starts off at a minimum price of $1 million, right? We've done $30 million of business in the last 12 to 16 weeks, where our customers -- our teams are still getting trained. We're still getting traction. We still have, we think, 70%, 80% of the product developers still working on the rest of it as we get feedback from customers. So -- and I'm cautiously optimistic. And I think you will see this pave the way for deployment of AI. This is our first outcome-based product. This is the first time we can walk in and say, listen, I can reduce your mean time to respond, a mean time to detect. Otherwise, I'd say, use this, this is really good, it's going to save you, but he won't find out until something happens. In the case of XSIAM, I say, I can demonstrate efficiency, I can demonstrate lower cost of ownership for you. So, very hopeful. Don't get ahead of yourself. It's going to take a while. I really told you we'd be happy if I get $100 million faster than any of the product. And hopefully, this becomes another leg of growth for Palo Alto to give us more sustained top line over the long-term.
All right. Our next question from Fatima Boolani of Citigroup with Brad Zelnick like to follow. Go ahead.
Good afternoon. Thanks for taking my questions. Nikesh, this one's for you. You were pretty explicit that you are having realistic conversations with customers about payment terms and extensions and financial circumstances as most organizations focus maybe more on cash flow preservation than they had in the past. So maybe to specifically ask, it's not very apparent in your numbers that you're having those types of conversations. So a, how are you managing to circumvent a lot of that? And how is Palo Alto Financial Services as a financing vehicle maybe helping you drive a lot of those conversations that's not apparent to us?
It means we are doing a good job of managing our cash flow margins and making sure our customers are happy. And this very rarely do I get to make both shareholders and customers happy at the same time. So it's one of those moments. Look, on a more serious note, yes, you're right. We are having those conversations. And I'd say, Dipak and his team doing a phenomenal job in making sure that our sales teams are supportive when the customer is talking about payment terms, annual billing plans or specifically using PANFS. So I'm going to pass over to Dipak and explain how he's walking the tightrope and making sure that we're doing this effectively with our customers. I will say, we're blessed because, as Dipak highlighted, we have $6.2 billion of cash on our balance sheet. So we have the capacity to be able to do this for our customers. But Dipak?
Yes. No, I think, I would just say that, it's been very selective and very purposeful looking at the actual customer interaction. We have a whole team, that are very experienced at this. We brought a lot of people in with external experience. And it really is a case-by-case piece here, but that's how you keep it like very selective and strategic. And that's the only time we really use it.
All right. Great. Our next question is from Brad Zelnick of Deutsche Bank, followed by Tal Liani. Go ahead, Brad.
Great. Thank you, very much, and congrats, Nikesh and team. Great, great job. Nikesh, Palo Alto Networks is far more than a hardware company. And that's...
Oh, my God, Brad. You're reminding me of the meeting we had 4.5 years ago in my office. Go on.
I'm so glad that I left that impression on you, Nikesh. But I'm still waiting for the odd word by the way. You can see behind here. It's still -- even though I'm in front of the building, it's a bit sparse. But good to see you. So, far more than a hardware company today that's on full display, but you've downticked on your industry hardware growth expectations from what you said last quarter. I believe last quarter, you said 5% to 8%. Now you're saying low to mid-single digit. I don't know if it's a material difference, but I noticed the difference. If anything, what's changed at all in your market view? How should we expect your hardware business to perform versus market? And what would you say, Nikesh, to a skeptic that's perhaps skeptical that a lot of the success you see in everything else in next-gen is riding along on -- and opportunities created when a sales person shows up and is selling hardware? I guess how much of that motion is happening away from hardware that we should appreciate? Thanks.
So, Brad, I think it's important to understand, that we have a very large installed base. We have 62,000 customers who deploy Palo Alto firewalls. And let's just say, in my 4.5 years at Palo Alto, I don't know any customer has decommissioned us yet. So, I think that the solution of the hardware is not being deployed or not being used is not true. So there is hardware and [indiscernible] customers. Even though somebody may not be buying hardware, a lot of our subscription growth, our ELA growth, is driven by the fact that people have hardware, which they are extending the software capabilities on and buying more software capabilities from us. So it's not just that a salesperson shows up only to sell hardware, they actually show up to deploy more security capabilities on the software front. And couple that in the case of SASE, if you look at our large pipeline, it's clearly driven by a customer of Palo Alto, who is a firewall customer, or a potential SASE customer who's saying, listen, I know your security services, I know your Zero Trust policies, I want to be able to expand into it and deploy a full end-to-end SASE solution or a Zero Trust solution for you. So, I guess I'm trying to say is that, our success in software is not hardware-dependent. All I'm highlighting is that I believe that the market was very confused last year with supply chain. You couldn't get chips. There were orders being made. Customers are getting jittery, saying, I have capacities, I might need more hardware. So a whole bunch of conflation of effects that happened hardware. I have constantly maintained that hardware grows. The industry grows at low to mid-single digits. You noticed that perhaps a slight downtick in my expectations, and that's probably fair. You're perceptive. But I don't think it changes the overall outcome for us as a company. I do worry about people who are purely hardware-focused, who don't have the ability to position a solution which includes software. I'll give you an example. A large retailer comes to us and say, I'd like to deploy a SASE solution across my entire retail base. I'd like to upgrade. I want to do AR, VR for my store. I want to go get more bandwidth in there. Technically, there are multiple ways to solve the problem. What you do is sell firewalls and say, hey, put a bigger firewall in your store. And I can deliver SASE because I have security capability. I can say, put an SD-WAN box in there, go deploy a lot of bandwidth in there, and do a software-based SASE implementation. A, it's going to be much easier to replace software in there, upgrade software. I take care of that for you. B, it's more secure because you have the most latest upgraded software available right away. Three, it's scalable, you can improve your bandwidth requirement and security requirements over time. And; D, for me, it's great because it's 2.5 times more valuable for me to have you deploy SASE than put a box, which I'd have to keep sending a truck every year to try and upgrade this offer.
Makes perfect sense to me. Keep up the good work. Thank you.
Great. Next question from Tal Liani of BofA, followed by Keith Bachman. Go ahead, Tal.
…I wanted to show you my arc, I made it.
I wanted to ask you about the difference between revenue growth, billing and deferred revenue. You increased the guidance for deferred and billings that are very, very strong. We see less of an increase in revenue. What are the dynamics going forward?
I'm going to let Dipak answer, but I will recommend you to try Dali. And you might be able to create a parallel poster of our, and we'll have to figure out who did, which one.
Yeah. Look, Tal, I think at the end of the day, like we are an enterprise company. And as you see in our guidance, like we have a large Q4 guidance with a lot of customers sweating assets, as Nikesh mentioned in our -- in his script. I think, we're just trying to reflect that in our latest forecast, which is what drives the guidance. And so if you have people sweating assets, we don't know exactly what will fall in which quarter, and that's what drives the revenue.
Yeah. Well, I think just to make sure that you don't -- we don't mix the forest from the trees. We are seeing better growth across our business on a TCV basis across our customers. That's driving the billings growth, which obviously then falls into revenue, both short-term and long-term and deferred. I think what you're seeing is the higher mix of software in our expectations going forward, which makes it more ratable over time. It gives us more predictability. Hence, the revenue looks consistent with expectations, and you see the software part, which is sitting in deferred grow faster.
Certainly on SASE, that is the most…
All right. Great . Thanks. Our next question from Keith Bachman of BMO, followed by Patrick Colville. Go ahead, Keith.
Many thanks. Good afternoon, good evening. I wanted to ask you, Nikesh, about Cortex, if I could, more broadly, and I'll break it in two parts. The Cortex journey, the results have been solid, not just this quarter, but for some period of time now. And A, on the competitive front, we've been hearing a lot of discussion from some of the leading vendors that pricing has become much more material in winning share of the CrowdStrikes or what have you. It doesn't appear that that's the case at all in your results from the growth rates and the profitability. So I just want to hear a little bit about pricing. And then more broadly on B, just the competitive dynamics on your results, and you mentioned $100 million run rate on XSIAM, how has the portfolio helped shaping this outcome as you look out over the horizon over the next number of quarters in Cortex?
So Keith, that's a great question. And I'm hesitating on my own analogy, which I was going to give you, but I don't think we should print that. It's clear, it's just -- I don't want to put a word against our Cortex business. First and foremost, look, I've always maintained that the opportunity in the security market arises when there's an inflection point. And I think the endpoint industry went through an inflection point a few years ago when we saw the emergence of EDR and XDR players. And you saw that, I'd say, perhaps the normalization of pure endpoint antivirus-type players in the market. And what's happened is if you look at the evolution, we've gone from a few endpoint players to many, and you're beginning to see convergence again down to two or three people. And I'd say that we are one of the three growing XDR vendors where customers are choosing us. We have one of the best POC outcomes across the entire market vis-à-vis other players. So I'd say today, if you're looking for an XDR outcome, there's possibly two or three vendors always in the fray are beginning to see ourselves to. That was not the case three years ago. That was not the case two years ago. So we're happy with our position, I think, one. Two, XDR is a pipeline business because it's pretty consistent to your point about pricing, the deal sizes are pretty consistent, and they're sort of in a range and you got to have a lot of deals to your pipeline and get some conversion going from them. Cloud and SASE can be big. I still have $40 million cloud deal, $40 million SASE deal. I don't have $40 million XDR deals. They're all in the same swim lane, and you can substitute one for the other. And we see consistent growth. Now where I think our secret sauce is kicking in and should kick in is XSIAM only works with XDR. And what's interesting is we've seen very early, we've had 15 customers of XSIAM in the last 12 weeks, and they're all north of $1 million. Very early, we're seeing customers saying, I'd like XSIAM. And we're saying, listen, you can only get XSIAM if you're going to buy XDR. So we're beginning to see there's a pull because of an outcome-based oriented XSIAM. Again, as I said to Hamza, don't get ahead of your skids, this is a shift we're trying to engender in the industry, but we think that the way to drive XDR for us in the long-term is going to be by creating the best security outcome in the SoC for the customer. But they realize I need good data. The only way I get good data is to Palo Alto, XDR which allows us to go create the security outcomes in XSIAM. So that's our approach. Until then, we're just going to keep our head down, grind at the pipeline, make sure we can win the deals. But for us, we're headed for the bigger price because I can do a lot of XSIAM business where I can XDR seed it into my customers. So XDR pricing is less contentious for me. It's more interesting for me to get the right customer in XDR. So you noticed there's a certain part of the market we play in. We don't play in the low to mid-end of the market in XDR. We don't have 500 customer -- 500 user customers. We like to get the 10,000, 15,000, the higher end of the XDR customers because we think that is a high transfer into XSIAM in the future. We've been doing that consistently for the last few years trying to build that base so as when the XSIAM is ready, we can start encouraging our customers to evolve from XDR to XSIAM.
Next is Patrick Colville of Scotiabank, followed by Matt Hedberg. Go ahead, Pat.
Hi, guys. Thank you for taking my question. And it's good to be back. So I want to ask about margin. So I mean, really impressive to see what you guys printed in the margin. I mean, looking at the numbers for fiscal second quarter. To me, the two most important levers were the product gross margin and the sales and marketing kind of costs that were moderated. I guess as we think about the remainder of the year, how should we model out those two levers? So should we continue to expect less incremental pressure from supply chain costs on the product GMs? And how far can this S&M efficiency go?
Well, I think, Patrick, first of all, is Dipak made your life easier by giving you an operating margin guidance for the year. So you don't have to worry about the component parts. So you can just look at the total and have a wonderful time. Save you some modeling at Palo Alto. So that notwithstanding, I think between Dipak and I, we've both said that -- I contemplated putting this in our earnings script. I had a meeting with an investor. Dipak and I had a meeting for hours about six months to seven months ago. And they took us through the brute force of profitability and margins and margin expansion and long-term EPS for Palo Alto. And the other day, Dipak and I looked at each other and say, you know what, growth is important, but growth -- profitable growth is even more important. And I'd say, there's a series of programs that Dipak has been running over the last six months, which include looking at gross margin across all of our products, looking at our spend across categories, looking at headcount. So this is a sustained program we have in place. We're going to moderate our way through it to make sure that we don't impact our ability to generate the right amount of growth and right amount of profitable growth. But I think, the thing I'll leave you with is that, we've given the guidance for the full year for operating margin, how it's going to evolve. We think it's a very good place compared to where we were expecting to be right now. And I think, we've also given you hope that we don't believe this is the end. We believe we can keep improving from here. So for now, that's all we're going to say.
All right. Thank you, so much.
All right. Next, we've got Matt Hedberg of RBC followed by Jonathan Ho. Go ahead, Matt.
Cool. Thanks, guys. Congrats from me as well. Nikesh, I have to go back to SASE. I mean the 50% growth in ARR off of a large base is impressive. And you guys took a different approach this year in terms of integrating your core firewall and your SASE sales force. Can you talk about the strides in those conversations into the other sort of 50,000 firewall customers that aren't SASE customers? How does that discussion go? And if -- just because it feels like such a marriage that makes so much sense from a cross-sell perspective?
Yes. Matt, look, I think a happy firewall customer is a customer who at least has a good feeling about Palo Alto. And I think, if they've deployed our security services, they're even better, because they know how those security capabilities work. And now we're working though each of these customers to trying to work with them on their Zero Trust strategy. SASE is generally a long lead time, long conversation, because it's not just security. I think the part which sometimes gets lost in this -- in some of the analysts, is that SASE is actually -- you're taking -- say, the firewall, I give you a firewall, you run the firewalls in your network, it's all good. You run your growing product. In SASE, I run your network. I take the traffic from your laptop onto me, on to GCP, and route the traffic for you. So now I'm part of your mission-critical capabilities. That means my network has to be strong, my latency has to be low, my availability has to be high. That's not a traditional question security CoIP companies have been asked. They're not used to running networks. That's why I just fall off my chair when I keep hearing, there are seven other vendors building SASE solutions. I'm like, yes, good luck, learn how to run a network. So there's no coincidence that we decided that we were not going to run the network. We're going to let AWS and GCP run the network for us, because that's what they do really well. And they have cloud capability with low latency. So we've built our SASE stack, which runs now concurrently on GCP and AWS, allowing us to give you availability, which is higher than those two individually. So we think in the long term, that's the right answer, right? Now, clearly, we're not 11 years old in SASE. We're 3.5 years old in SASE. So there are some things which we’ll get stumped on, because there are features and capability we need to keep building, because there are edge cases which had been brought to the forefront. That's where Lee and his team are doing a phenomenal job, continuing to keep us at the top of the sort of pyramid of that topic. We're working on some really exciting capabilities in the upcoming future. We'll inform you in the next upcoming quarters. But we feel very good about our SASE pipeline, our on ramp. They're lumpy. They're large deals. But there is product market fit, and we're seeing success.
All right. And our next question from Jonathan Ho of William Blair followed by Saket Kalia. Go ahead, Jonathan.
Congratulations. Just wanted to maybe start out, you've seen some tremendous large deal success this quarter. In terms of the platform consolidation discussions with customers, what are you seeing? And is there evidence of customers maybe standardizing on Palo Alto across multiple areas? What could drive that sort of trend over time? Thank you.
So William, the reason we showcased the millionaire customers, the $5 million deals and the $10 million deal slide, is there's a journey. By the way, I'm going to send you a Palo Alto shirt, so you can at least wear that in this meeting. You can wear that other one other times. But anyway, so yeah, we showed you a slide of $1 million and $5 million and $10 million because customers go through a journey. And it's very rarely you walk into a fresh customer, and we convinced them to go spend tens of millions of dollars to this and consolidate. So it's usually an evolutionary process where we've become the firewall vendor of choice. They go with us on SASE. They're working on cloud. They see the concurrence of cloud and SASE. They have XDR. They want to get to XSIAM. So slowly and steadily, we are showing them the benefits of consolidation. I'll tell you, us being leaders in 13 categories helps because the first time you used the word consolidation, the first reaction of the CIO or CISO is, wait a minute, I want the best stuff. I just don't want it because you have it. Then we say, wait a minute, our stuff is the best up as well as it works together. So it's a journey. It is not something that is a panacea that every customer comes in and walks in, but our teams are now focused towards trying to evolve our customers down that path or across that journey, right? And that's why we can go out and do a deal. I think our largest deal this quarter is north of $75 million.
All right. Our next question from Saket Kalia of Barclays followed by Joe Gallo. Go ahead, Saket.
Okay. Great. Hey, guys. Thanks for fitting me in. Numbers speak for themselves, Nikesh. Maybe a question for you. A lot of excitement around XSIAM. Some interesting wins you called out as well in your AI section. But maybe a strategic question for you. As you think ahead, maybe the next couple of years for XSIAM, how do you think that, that will have started to disrupt the SIM market, either from a tech or a pricing perspective? And maybe just to flip that on its head a little bit, is it possible that tools like XSIAM maybe help expand the SIM market?
So I think, Saket, the SIM market doesn't have a pricing problem. It has a value problem. I spend a lot of money. I don't get enough value. And if you ask some of the customers out there, how do they use the SIM, SIM is used post-breach or post-event to figure out what happened. A SIM is not doing on-the-fly real-time blocking. So when SolarWinds happens, Log4j happens, you can go to your SIM and look at where it happened and figure out and trace it back and try and block the whole. What it won't do for you is stop it mid-flight. And that's a paradigm shift as far as security is concerned. The only way you can do that and stop it mid-flight is analyzing data as it's being created. So to us, the reason we call XSIAM not SIM is here's our words. We watch the data in flow. We watch it coming from the endpoint. We cross correlate mid-flight with firewall data. We go and triage it. We automate some of the alert, some of the noise away. And we're looking at like real incidents between triage already, which are not being put in some large data lake and then running query language against to see how do I solve the problem. They're already doing it in the back end. Now of course, with the availability of new LLMs that are out there, which you all I'm sure have been talking about and dealing with in their free time, they do a lot more useful things than write poetry for your wife. They can actually analyze data to tell you what is anomalous and what is off pattern. And if you can figure that out, then what do you have to do? You have to go ahead and remediate it. How do you remediate it? You got to be a firewall to remediate a network. You've got to be an endpoint to remediate the endpoint. You got to be Prisma Cloud, remediate it in the cloud. So I think what XSIAM is going to do is going to bring real-time capability in the SOC, or real-time capability in security. It's early days. Again, I'm going to say – keep repeating, reputation doesn’t spoil the prayer, don't get ahead of itself, but this is where we're heading. And if you can picture chat ChatGPT 10 years from now, picture AI and security 10 years from now. You will not have humans trying to analyze because it'd be too hard for humans to analyze petabytes of data. Already, the data in an organization is too much for a security analyst to analyze.
All right. Great. Next question from Joe Gallo of Jefferies, followed by Ben Bollin of Cleveland. Go ahead, Joe.
Hey, guys. Thanks for the question. Can you just comment on the execution in cloud security despite the backdrop of hyperscaler growth moderation? And then maybe more importantly, where customers are in the journey to cloud security consolidation? It still feels like the Wild West of a lot of disparate products in that category. When does that market merge, which I'd imagine benefits to? Thanks.
Thanks, Joe. So two quick answers. One, we're still the largest player with north of 2,000 customers in cloud security. I don't know, if you explicitly called it out, but our largest cloud security was $40 million this past quarter. I don't know any other vendor in the cloud security space who's doing half of that in a quarter in one deal. So yes, there are many small players out there, but we've seen a bit of churn in the market where some small players have kind of been acquired and gone. Does that mean we'll be the only player? No, there'll be other players in the medium term, but we feel comfortable that there are people who are consolidating. It feels like the Wild West because customers are still not fully in the full cloud security platform mold. So they've not fully embraced the need to have all these things connected, but I think it's a matter of time and a matter of demonstration that it's going to happen. In terms of your question around where we are, and we talked about that in the prepared remarks around hyperscalers. Remember, the cloud security market is a few billion dollars. The hyperscalable market hundreds of billions of dollars. Now the difference is when you commit to a hyperscaler, you commit that you're going to move, you're going to transition, you spend a lot of money. And a lot of that stuff sits in deferred revenue because they are not fully deployed, or customers haven't fully consumed. Cloud security applies to stuff that you consume, right? Like, if you haven't consumed it, or you aren't ready to consume it, they're not going to be buying cloud security. So I think we have a little bit of a gap in terms of when people commit to when they deploy it, to when they take cloud security. I just think the – that stuff can slow down for a while, but it's still got – there's a lot of headroom for us to get from where we are. Even, if we got to all the customers who are in deployment or are deployed, I think we should see a steady continued growth for Prisma Cloud. So the market demand, to me, is not where the challenge is. The challenge for us or the opportunity is to go convince as many customers as we can that this is a platform play. You have to consolidate across multiple modules. You have to have stuff talk to each other on a constant basis, otherwise, you end up in the same situation as you were in enterprise security many --.
Our last question today is from Ben Bollin of Cleveland Research. Go ahead, Ben.
Good afternoon, everyone. Thank you for taking the question. Nikesh, you've talked about some GSI opportunities in the past. I'm interested in how you see that channel developing? What type of tail you see there? And how meaningful your platform is becoming for those partners? Thanks.
Thanks, Ben. I used to say that, about a year ago that, I've had more CIO conversations in a quarter than I did in many years. I'd now say that about GSIs. I'd say in the last six months, I've had more GSI conversations than I had in the first five years of Palo Alto, or four and a half years of Palo Alto, right? And the reason is GSIs are interested in transformation. They're interested in where they can go into a customer and deploy a much better security outcome for them. We were not relevant as a firewall company with SASE, with cloud security, with now XSIAM, they see a real opportunity to go in and do some transformation for their customers. And transformation for them means revenue to them and means a solid product in the back. I'd say most GSIs are still early is in their journey to build a full cybersecurity competency across the board. And there, they'd rather deal with lesser vendors than more. So, us being leaders in certain categories, plays into our strength and our ability to partner with them. I think you -- we are already, without specifically calling out deals, there are many deals where we are partnered with GSIs, where they are the front. We work with them to be as part of a larger transformation project, and we're seeing more and more of that.
With that, we conclude the Q&A portion of our call today. I'll turn it back over to Nikesh for his final remarks.
Look, first of all, I want to thank all of you for joining our call. I also want to thank our employees, who work really hard towards delivering these results. I have to say six months ago, when we've started to see warning signs, we pivoted hard. We made sure that our teams got ahead of it, and they have delivered. So, I want to thank all of them for their contribution. As I said, this is this is a challenging macro environment out there. And the only way we're going to get through this as Palo Alto Networks is to keep our head down and execute. And that's what we intend to do. Once again, thank you, guys and see you next quarter.