Palo Alto Networks, Inc. (PANW) Q2 2024 Earnings Call Transcript
Published at 2024-02-20 20:18:03
Good day, everyone, and welcome to Palo Alto Networks' Fiscal Second Quarter 2024 Earnings Conference Call. I am Walter Pritchard, Senior Vice President of Investor Relations and Corporate Development. Please note that this call is being recorded today, Tuesday, February 20th, 2024 at 1:30 P.M. Pacific Time. With me on today's call to discuss second quarter results are Nikesh Arora, our Chairman and Chief Executive Officer; and Dipak Golechha, our Chief Financial Officer. Following our prepared remarks, Lee Klarich, our Chief Product Officer, will join us for the question-and-answer portion. You can find the press release and other information to supplement today's discussion on our website at investors.paloaltonetworks.com. While there, please click on the link for quarterly results to find the Q2 '24 supplemental information and the Q2 '24 earnings presentation. During the course of today's call, we will make forward-looking statements and projections regarding the company's business operations and financial performance. These statements made today are subject to a number of risks and uncertainties that could cause our actual results to differ from those forward-looking statements. Please review our press release and recent SEC filings for a description of these risks and uncertainties. We assume no obligation to update any forward-looking statements made in the presentations today. We will also refer to non-GAAP financial measures. These measures should not be considered as substitute for financial measures prepared in accordance with GAAP. The most directly comparable GAAP financial metrics and reconciliations are in the press release and the appendix of the investor presentation. Unless specifically noted otherwise, all results and comparisons are on a fiscal year-over-year basis. We would also like to note that management is scheduled to participate in the Morgan Stanley TMT Conference in March. I will now turn the call over to Nikesh.
Thank you, Walter. Good afternoon and thank you for joining us today for our earnings call. I am pleased to report another quarter in which we successfully executed our profitable growth strategy, driving a combination of top-line growth, significant expansion in non-GAAP operating margin, and strong free cash flow generation. Revenues grew 19% year-to-year and RPO grew 22%, capturing the full value of our future revenue. Billings grew 16% year-to-year. Just as important as we focus on profitable growth, we again delivered substantial operating margin leverage and strong growth in free cash flow. Non-GAAP operating margins of 28.6% expanded nearly 600 basis points year-over-year and we generated $2.9 billion in adjusted free cash flow on a trailing 12-month basis. Our strong profitability drove non-GAAP EPS of $1.46 up 39% year-over-year, and our GAAP net income continued to grow meaningfully even without one-time items. Beyond our financial results, we achieved a number of notable milestones in Q2, worthy of spotlighting. We continued to drive large deals, including a steady stream of million dollar plus deals and success in our largest deals with 10 transactions that were $20 million in the quarter. Our 10 highest spending customers in Q2 increased their spend with us by 36% of the period. I also wanted to update you on key achievements across our three platforms. In our network security business, we continue to see progress driving ARR growth in our SASE business. Q2 was our fifth consecutive quarter of 50% ARR growth. Additionally, more than 30% of our new SASE customers we signed in the second quarter were new to Palo Alto Networks, showing that we can win head-to-head in the market when leading with SASE. We continue to drive innovation in network security, refreshing our high-end 7500 series platform, and investing new OT security capabilities, which garnered a net new leadership position for us. In Prisma Cloud, we have made significant investments in the first half of the year to drive new customers and saw this pay off in Q2 with our highest new ACV growth in five quarters. We continue to see strong trends in multi-module adoption, with approximately 30% growth in customers with two or more modules and approximately 60% growth in customers with three or more modules. Additionally, about a quarter of our customers are using five or more modules. Our external recognition in this market continued with Forrester Research positioning us as a leader in this Cloud Workload Security Wave Report. In Cortex, XSIAM continues to be a significant catalyst for large transactions and growth across the business. This is evidenced by ARR, for XSIAM customers being more than five times higher than that of Cortex customers who have not yet adopted XSIAM. We have seen significant progress in the milestone with XSIAM in Q2, including the most number of deals signed in a single quarter and bookings of over $90 million again this quarter. We've already displaced 19 different SIM vendors to date, and with the confidence under our belt, we're now looking systematically on how we can accelerate this legacy SIM displacement. From a regional perspective, demand overall is healthy. We did see softness in the US federal government's market. We were positioned well for several large projects where we had requisite certifications and one technical selection, but these deals did not close. The situation started off towards the end of Q1. We were worsened in Q2, and as a result, we had a significant shortfall in our US Federal government business. We expect this trend will continue into our Q3 and Q4. Offsetting the billing weakness in Fed was some non-product backlog that we shipped this quarter. With several leadership positions awarded in second quarter, including our addition as a leader of the Gartner Endpoint Protection Magic Quadrant, we're now a recognized leader in 21 different categories across our three platforms. Five years ago when we began our strategy, the industry believed building leadership across multiple categories wasn't possible. No one was talking about security platform. Instead, the word was best-of-breed. Our success over the last five years has been driven by the shift to platformization. We're committed to investing in innovation to extend our industry leadership position and platform. This unique leadership across our three markets is driving strong adoption of our platforms in our target Global 2000 markets. As of Q2, 79% of Global 2000 have transacted with us on at least two of our platforms and 57% on all three. This is up from 73% and 47% two years ago. In most of these accounts, while they have adopted products from multiple platforms, we are early in driving each of our platforms wall-to-wall. This is a major area of focus for us as we move forward, driving consolidation within our three platforms. We know this is the right strategy as we see compelling economics with multi-platform wins. Our two platform customers have an average customer lifetime value that is more than five times that of our single platform customer. For our three platform customers, that is more than 40 times larger. While we are driving platformization, I personally think we should be doing this faster. Not only is this showing up in our deal statistics, but as we have established the position of our platforms, we are now seeing significant progress in consolidating vendors in our customer environments. We have built our zero trust platforms through a consistent architecture across our appliance, software, and SASE form factors. Customers can now consistently manage security policy across these form factors, and then leverage a consistent set of security subscriptions to consolidate network security capabilities. These capabilities, provided by point vendors can include intrusion prevention, web proxies, URL filtering, SD-WAN, and DLP, just to name a few. In Q2, we saw zero trust consolidation wins that included a large US manufacturing company standardizing on our network security platform in a $40 million transaction, replacing end-of-life competitive hardware, leveraging our security subscription, and removing a point competitor in SSE. We were the only company with the right certifications across all these offerings that could support their broad geographic footprint. This deal was part of the consolidation and modernization effort across IT with positive ROI for the customer. We also had a seven figure deal with a large law firm expanding our firewall footprint in the new data center and expanding their hybrid workforce initiatives with Prisma Access. As part of this, we won versus other firewall and SSE competitors and also consolidated their URL filtering and VPN capabilities. In Prisma Cloud, we have built a core-to-cloud platform combining key best-of-breed capabilities that we have acquired or developed organically. Our common architecture and user experience spreads across 12 modules. As our customers adopt multiple modules, they can consolidate a wide variety of vendors, including those in cloud security posture management, cloud workload protection, API security, SCA or software composition analysis, and infrastructure as code security amongst others. In Q2, we closed a seven-figure Prisma Cloud new logo deal with a financial services company displacing multiple incumbent vendors. The customer was looking for a CNAPP solution to support their multi-cloud journey. The Prisma Cloud CNAPP streamlined several previously deployed point solutions and tools. They also closed a seven figure renew and expand deal with the leading North American technology company where the customer intends to expand the use of Prisma Cloud to seven modules and also value the consolidation and standardization delivered through Prisma Cloud. Finally, in our Cortex platform with our autonomous security operations platform, XSIAM, we were able to establish our offering, which has enabled us to accelerate a platform value proposition with Cortex. A platform approach in the SOC is becoming a customer imperative, as point products, each with their own data stores, cannot have full context nor drive appropriate action without overly complex integrations and high people costs. In Q2, we saw consolidation wins that include a large insurance company that renewed its subscriptions, support and firewalls at the same time, added XSIAM and Expanse capability for a $25 million transaction. The XSIAM choice displays the two leading EDR and SIM competitors in the market, and enables the customer to avoid the cost of adding other point products in their SOC. Additionally, in Q2, we saw follow-on consolidation success for the Japanese manufacturing company that previously consolidated their network security across our SASE capabilities, leveraging Prisma Access and our DLP and CASB capabilities. The customer then added XSOAR into their SOC and expressed an interest in consolidating further. In Q2, they added XSIAM in a mid-seven figure deal. I know all of you had a chance to look at our guidance. Our guidance is not a consequence of a change in the demand outlook out there. Our guidance is a consequence of us driving a shift in our strategy in wanting to accelerate both our platformization and consolidation and activating our AI leadership. We believe this is the time for us to invest, given our leadership position in the market and our leadership position across platformization and consolidation. But before I talk about that more as to how we intend to accelerate our growth prospects in the future and drive towards a much higher aspiration of $15 billion in ARR by 2030, I want to give you a candid view of where we see the cybersecurity market and the demand function out there. The demand story is no different from prior quarters and on the margin, continues to get stronger. There are multiple drivers fueling this. The threat landscape continues to challenge our customers with increasing scale and sophistication of attacks. I'm personally getting calls from CEOs and members of boards that have had bad incidents, as well as those that have seen their peers adversely impacted. We're increasingly focusing on working with companies impacted by breaches, an important commitment as we continue to be the leader in this space. Last quarter, we offered 1,500 of our top customers an opportunity to get our free support during a breach. Surprisingly, 400 customers have signed up in the last 90 days out of 1,500 to get our help on this topic. Clearly there is awareness and concern around cybersecurity, as has never been before. Heightened geopolitical tensions are driving significant national state activity with national infrastructure being targeted. Successful breaches and ransomware attacks are being perpetrated across many industries with few repercussions for the bad actors. Although we did see various law enforcement agencies this morning over the weekend shut down lock pit, which is a promising sign. The new SEC mandate requires prompt disclosure of material incidents which often result in companies reporting those incidents before a full assessment can be done or incidents to mediate it. We see some companies making several disclosures in succession as they grapple with understanding the full extent of what they are facing. We see the results of these disclosure mandates recognizing the need for expedited action in security, visibility, and remediation in [indiscernible]. The part that is new, despite the many demand drivers we're seeing, we're beginning to notice customers are facing spending fatigue in cybersecurity. This is new, as adding incremental point products is not necessarily driving a better security outcome for them. This is driving a greater focus on ROI and total cost of ownership amongst most customers. There are also some key trends within the industry that I think are worth highlighting. Palo Alto Networks is unique in seeing gains in market share in hardware firewalls or in the product space. This market is changing rapidly with us seeing some of our competitors who had introduced price increases begin to roll them back. From our vantage point, we see the share shift happening in our favor because we see customers consolidating into our zero trust platforms. Customers, as I mentioned, 30%, net new network security customers or SASE or new to Palo Alto. Those are the customers who over time go ahead and consolidate their footprint and require our firewalls to be deployed to give them a consistent zero trust architecture. We see this as a promising trend. We intend to accelerate that opportunity. Along with the incremental focus on ROI and TCO with single product vendors having challenges and articulating compelling value, they're also forced to have platformization narrative. When they're not able to convince the customers that their strategy is competitive, they're many times resorting to un-economic pricing and putting pressure on transactions in this manner. We're beginning to see rogue behavior by some vendors in the space who are keen to retain their customers, primarily in the legacy vendor space and the start-up space. We intend to combat that with investing in this space and trying to accelerate platformization and consolidation for our customers. We're also seeing increased demand for AI, along with deploying AI in our products or big needs to our customers asking us to help them protect for a successful and responsible deployment of AI in their infrastructure. Putting this all together, these trends of the market bolster our conviction that adopting platforms is the only viable strategy for customers and leveraging AI is imperative. We want to march faster to our aspiration to become the sales force, to become the service now, or the workday of cybersecurity. Customers have adopted platforms in other markets across technology, and this will inevitably happen in cybersecurity. These industry trends set up conditions that favor leaders that can drive consolidation. We intend to answer this challenge. With all the problems that platformization holds, adoption is not always easy for many of our customers. Until now, we have primarily assumed that our customers adopt our platforms at their own pace. The crux of the challenge is around execution. Customers face risk in executing or making significant changes to the environments as well as economic exposure from these changes. Key friction points you've noticed include the challenge of replacing multiple products simultaneously as well as the issues around double playing while working through complex contract terms. Over the last six months, we have been quietly working to develop programs that enable us to help minimize and even share in the risk of our customers' face. You will see us tomorrow launching a significant number of platform offers to our customers to help drive the consolidation and platformization strategy. We believe we can build customer confidence in our platforms by approaching them well before their point product contracts expire. After we gain their contractual commitment, we have offered an extended rollout period where we can demonstrate our ability to deliver these platform benefits. Customers can then start paying us after the obligation of legacy vendors ends. With the experience we've gained over the last six months, we believe now is the right time to accelerate programs across our portfolio to drive this platformization. All these programs will have mechanisms to reduce customer friction, accelerate product deployment, help customer realize the value of our platforms, and consume new innovation sooner. While this is not an exhaustive list, I wanted to give you some examples. We have begun to launch programs already that include legacy trade-ins, no-cost introductory offers and product add-ons and incentives to accelerate estate standardization. Each of these programs is elements of reducing execution risk and dealing with economic exposure that concern our customers. In that sense, we must bear the cost of the transition through lower upfront financial outcomes, but we are convinced these will yield amazing outcomes for us in the mid to long-term. We have developed these programs across all three platforms, and as I mentioned, we intend, we have announced a few and we intend to announce more starting tomorrow in addition to expanding some of the programs that we already have. Given this is an investor call and you're all focused on these numbers, I want to provide you a high level understanding of the aggregate impact we expect this will have in the medium term and long term. I will then have Deepak talk more about this in his section and explain this much more eloquently and elaborately. We expect a typical customer entering into a platformization transaction will not pay us for our technology for a period of time. As these programs ramp over the next year, we expect a change to our billings and revenue growth for the next 12 to 18 months. As customers move into the period where contracts have a full billing and revenue contribution, we expect to see an acceleration in our top line metrics. Beyond this dip and acceleration in our top line metrics, we believe we can sustain higher growth rates for longer, driven by sticky and broad platform relationships with incremental customers, allowing us to aspire to a goal of $15 billion in next generation security in 2030. We also expect to achieve our transformation to a business with greater than 90% recurring revenue, an industry leading non-GAAP operating margins in the low to mid 30s. As Deepak will explain, we believe we can do this in a financially prudent and strong manner. Talking about bigger platforms and ARR, aspirations cannot be done today without talking about AI. We have been working on AI for a long time as a company, however, we did accelerate our efforts with the arrival of generative AI. I personally believe AI is going to be one of the biggest inflection points in technology in over a decade and likely, more importantly, to significantly increase the total addressable market in cybersecurity. Gartner predicts by 2027 $300 billion will be spent on AI software. This AI juggernaut continues to bring several challenges along with it from a security perspective, multiple vectors of attacks ranging from phishing to malware to nation state activity and inflected negatively due to AI. Furthermore, customers are evaluating dozens of co-pilot type offerings with end users where security is not necessarily front and center. We see three discrete opportunities to drive additional growth in cybersecurity through AI and we have internally put pen to paper to understand this opportunity, and we're in alpha or beta stages of many of these across our product capabilities. First, organizations are concerned about their employees' access to AI in an insecure manner, where the consequences are unintended leakage over from source, other data models tampering, or AI-driven phishing, we see an opportunity to add value across the growing volume of users we secure. We currently secure north of 100 million users and their access to applications both in the public cloud and in the data center. We expect each of these users is an opportunity for us to deliver an AI security sub for them. It leaves us a $3 to $5 billion opportunity over the next five years. Secondly, organizations are increasingly deploying AI-related workloads in the cloud, just like they need to understand the overall security posture of the cloud estate and expeditiously identify immediate issues. They must do this for AI-related workloads. We believe this in itself is a $5 billion to $6 billion opportunity in the next five years. Lastly, network traffic will increasingly have an AI context with interactions and transactions between applications and AI models. Our more than half a million installed firewalls is the perfect place to inspect this traffic. We believe this is the $5 billion to $6 billion opportunity in the next five years. Overall, this combined $13 billion to $17 billion opportunity drives our conviction that investing in AI and maintaining our leadership can help us accelerate our growth towards $15 billion by 2030. The larger opportunity, we also believe we are uniquely positioned to garner our fair share of the stamp. Our proprietary data and large technology footprint is a significant advantage in driving AI outcomes. We've already seen the early benefits of this AI in our newly developed product offerings. In Q2, our AI offerings, which include XSIAM, Autonomous Digital Experience Management, or ADEM, and AIOps, cost the $100 million in ARR milestone. We are possibly the first security companies to cost $100 million ARR in AI security. This is above and beyond the AI capabilities we have embedded across all of our platforms, including our advanced subscriptions and our core to cloud platforms. Our co-pilots are in alpha, are in the hands of leading customers who are giving us feedback before we move to general availability. Looking forward, we have aggressive plans to roll out additional AI-based offerings by the end of this fiscal year. We have plans to offer three new product offerings, one to address each of the stamps I talked about. Before I wrap up and pass it on to Deepak, I'd like to summarize. We have established our platformization notion, our clear industry leadership position with our best-of-breed platforms, and the industry trends convince us we're in the best position to capitalize on this early trend and now focus on the next phase of cybersecurity, which is going to be all about consolidation. One of the hardest things to do is to change a strategy that is working. We have spent time understanding how to accelerate our strategy further. We firmly believe as a management team that the changes we are making today are going to give us better prospects in the mid to long-term and allow us to drive this consolidation much faster whilst giving our customers better ROI and total cost of ownership. AI is an opportunity in the early stages. However, we are seeing the signs that there is significant demand there. It will prove to be an inflection point for cybersecurity. And today will be marked as a day where we will see that inflection begin to take hold as we start to deliver more AI security products over the course of the rest of the year. We have confidence we can drive our top line growth trajectory higher for longer ahead of the growth trajectory we talked about back in August, despite absorbing some short-term impacts. We have shown we run the business in a financially prudent manner, which we will continue to do as we dive this exploration, hitting our original operating profitability and cash flow margin targets. With that, I will pass on to Deepak.
Thank you, Nikesh, and good afternoon, everyone. Given all that we have to talk about this quarter, I will do an abbreviated review of our Q2 results. You can refer to the press release and supplemental financial information on our website for our key numbers. For Q2, revenue of $1.98 billion grew 19%. Product revenue grew 11%, while total service revenue grew 22%, with subscription revenue growing 26%, and support revenue growing 14%. Moving on to geographies, we saw consistent revenue growth across all of our theaters, with the Americas growing 19%, EMEA up 19%, and JPAC also growing 19%. We had some puts and takes during the quarter related to billings. As Nikesh mentioned, we saw weakness in the US federal vertical related to some specific programs. This US federal weakness was a meaningful headwind to our billings in Q2 after we saw a slow start in the year to Fed. The impact of these federal deals on our revenue is significant as they are relatively shorter than our average contract term. At the same time, we saw a decrease in our non-product backlog which offset this Fed weakness in our billings. We continued to see customers closely watching cash outlays around deals, which we discussed last quarter, although this trend played out largely as we expected 90 days ago. Remaining performance obligation, or RPO, was $10.8 billion, and current RPO was $5.2 billion. You likely noticed that our GAAP EPS was $4.89 and GAAP net income was $1.75 billion. These benefited from a $1.5 billion release of a tax-related valuation allowance. This was a one-time item in fiscal year '24, which has been adjusted out of our non-GAAP results. This amount also does not impact our cash taxes. Our average duration on new contracts was relatively flat year-over-year, with average duration for new contracts remaining at approximately three years, while total contract duration was down slightly year-over-year. I did want to spend more time talking about our accelerated platformization and consolidation strategy and give you more of my perspective with some additional framing and detail with a financial lens. Nikesh talked about our programs to alleviate friction with customers. We believe that by moving from a deal-by-deal approach to a program-based and systematic approach, we can accelerate platformization with a customer base and drive vendor consolidation faster by mitigating platformization friction. This results in a number of business benefits for us, ranging from a faster capture of the customer estate and larger platform commitment to higher renewal and expansion rates and faster adoption of our new innovations. For the customer they are able to execute on the platform deployment with lower risk and consolidate vendors while benefiting from a lower cost total cost of ownership and a better security posture. As Nikesh gave you the high-level trajectory on our pipeline, I wanted to help you understand how we think about the medium term. Our platformization offers to drive consolidation, effectively provide customers a period of the contract for free as part of their commitment. We expect we may see a period of 12 to 18 months of pressure on our top line growth rates, notably billings. Some of our platformization programs embed deferred payments into deal structures, which we have spoken about in the past. We expect this will persist through fiscal year 2025 as we anniversary the rollout of these programs and result in billings below the target we provided in August of 2023. Beyond this period, we expect we can sustain higher growth than we provided in these targets in August. From an NGS ARR perspective, we expect less impact on our year-end metrics, and we expect we can continue to meet or exceed our target, which called for 30% growth rate through fiscal year '26. As Nikesh noted, we are establishing a long-term target of $15 billion of NGS ARR in fiscal year '30. Underlying this trend, we expect customers deploying our full set of platforms to have a higher makeup of NGS products. These offerings tend to be deeply installed in our customer infrastructure. And once a customer deploys the platform, it's easier to continue to consolidate vendors and adopt new innovations. We expect this to drive a significant increase in our overall revenue mix that is recurring. From a revenue perspective, we expect to see less pressure on revenue as compared to billings. Generally we see a lag in changes in our revenue growth versus our billings growth, and we expect that this will happen here as well. As Nikesh mentioned, part of what gives us confidence to execute on the strategy, and especially to do so now, is our success in driving profitable growth. As we embark on a strategy that we expect will negatively impact the top line in the short-term, we have significant confidence that our business scales well and we can continue to see operating leverage from a number of drivers. As I have mentioned multiple times before, we scale well across every line item of our P&L, ranging from customer support to cloud hosting, to sales and marketing, to G&A. And we've seen significant payoff from focusing on internal efficiency across all areas of the business. Let me give you some specific examples for Q2. First, in cloud hosting, we signed a significant extension with our primary cloud provider. This contract is constructed to enable us to drive further margin benefits as we scale. Second, within G&A, we're progressing well on a significant employee experience program. This started by analyzing all of our service desk tickets across all channels and identifying all the manual responses needed to address requests. The combination of process re-engineering, automation, and AI is still in progress, but we have already seen positive savings and have a target of automating 90% of the more than 300,000 manual interventions. By the end of Q2, we have roughly halved the cost of our T&E servicing. We are now leveraging this program as a template across other business areas. In short, whilst we made a lot of progress, we still have significant opportunities on the profitability front. That gives us confidence that we can maintain our medium term operating margin and free cash margin targets beyond this year. Specifically, we believe that we can expand our operating margins by 100 basis points beyond this year, in line with the operating margin guidance we gave in August of 28% to 29%. And this can continue to support our medium-term free cash flow margin target of 37% plus. We expect that this will come despite us absorbing some billing's impact, as we have both the benefit of some prior arrangements with deferred payments contributing as well as efforts we have placed on optimizing the cash dynamics of our vendor spending. In short, I wanted to reiterate what Nikesh said, that it is important for us to be able to manage through this platformization acceleration in a financially prudent manner and we have set ourselves up well to do this over the next 12 to 18 months. Now moving on to the guidance for Q3 and the year. For the third quarter of 2024, we expect billings to be in the range of $2.30 billion to $2.35 billion, an increase of 2% to 4%. We expect revenue to be in the range of $1.95 billion to $1.98 billion, an increase of 13% to 15%. We expect non-GAAP EPS to be in the range of $1.24 to $1.26, an increase of 13% to 15%. For the fiscal year, we expect billings to be in the range of $10.10 billion to $10.20 billion, an increase of 10% to 11%. We expect NGS ARR to be in the range of $3.95 billion to $4 billion, an increase of 34% to 35%. We expect revenue to be in the range of $7.95 billion to $8 billion, an increase of 15% to 16%. We expect operating margins to be in the range of 26.5% to 27%, an increase of 240 basis points to 290 basis points year-over-year. And we expect non-GAAP EPS to be in the range of 5.45% to 5.55%, an increase of 23% to 25%. We expect adjusted pre-cash flow margin to be 38% to 39%. In the interest of time and to get as many of your questions as possible, we've included the modeling points in the appendix of our earnings presentation. With that, I will turn the call back over to Walter for the Q&A portion of the call. A - Walter Pritchard: Thanks. We'll now proceed with Q&A. Please, in the interest of time, ask only one question with no follow-ups. Our first question will come from Hamza Fodderwala from Morgan Stanley, followed by Brian Essex from JPMorgan. Hamza, please go ahead with your question.
Good afternoon. Thanks for taking my question. I just wanted to clarify, Nikesh, your comment on spending fatigue. What exactly were you referring to there, just given you also said demand was quite good. And then just the billings cut. It seems like it's a function of some bundling, discounting, as well as lower duration. Anyway to quantify that at all? Thank you.
Thanks, Hamza. Thanks for the question. Yeah, I think I want to make sure there's no confusion in our characterization of spending fatigue. Over the last few years, most of our customers have ended up spending more on cybersecurity than on IT. As a consequence, they're feeling like my budget for cybersecurity keeps going up in double-digits every year because I'm trying to protect against every new threat vector. Yet, you see the number of breaches continues to rise. So our customer are sitting down and saying, if I spend more money, can you show me how I get a lower total cost of ownership across my enterprise? How do I spend less on the services that I have to deploy? And how do I get better ROI? So I think it's more about optimizing their current cybersecurity budgets as opposed to there being no demand. Demand continues to be very strong. The customers are demanding to get more for the amount of money they have allocated to cybersecurity. That's where platformization consolidation kicks in. In terms of trying to quantify duration versus.
So just to be clear, Hamza, from a billings perspective, part of the billings guidance is related to the Fed that we talked about in the prepared remarks, part of it is also because of the platform initiatives -- platformization initiatives per se, but also part of it is we just expect there to be more deferred payments like annual billings, things like that as we roll out these programs. That's what makes it up.
Great. Thank you, Hamza. Next question is from Brian Essex at JPMorgan, followed by Saket Kalia at Barclays. Brian, go ahead.
Yeah. Thanks, Walter. And maybe to follow up on Hamza's question. Maybe for Dipak, one thing that caught my ear was the comment about discounting or offering a free period upfront for a certain period of time. Wanted to get a sense of what kind of headwind within that billings guidance is attributable to some of that discounting? And should we be looking at other metrics like average TCV or annualized TCV to get a sense of once those contracts hit a normal run rate, what would a normalized growth rate look like?
Thanks, Brian. Let me jump in here. I think let me clarify in terms of the discounting notion. What's happening today is when I go to a customer and say, listen, I'd like to replace your estate with the entire platform. The customer says, wait, wait a minute, I got this vendor for IPS, this for SD-WAN, this for SSC. And I got half of my firewalls from another vendor, and they all expire at different points in time. I'd love to deploy Zero Trust, but it's going to take me two, three years as the end of life, so these vendors happen. And I'm scared that if I rip and replace this at this point in time, is going to create execution risk, not just that, it's going to hit economic risk. So the propositions we're going to customers is, listen, let's lay out a two-year, three-year cybersecurity consolidation and platformization plan. We'll go start implementing today, you pay us when they're done. So what it is, is more of a sort of like you can use our services until you have to keep paying the other vendor, we'll take it from there. But that's taking away a lot of the economic exposure and the execution risk for our customers. Now you can call that discount or you can call that a free offer. Our estimate is approximately it works out at about six months' worth of free product capabilities to our customers on a rolling basis. I think in about 12 months, as our offers start lapping each other, we should go back to our growth rate we've been talking about. And I think the right metric is the time frame is to look at RPO.
Thank you, Brian. Next question is from Andrew Nowinski at Wells Fargo, followed by Gabriela Borges at Goldman Sachs. Go ahead, Andy.
Thank you. I wanted to ask about the US federal spending. You said it was soft in Q2, Nikesh and I think it's going to remain soft for the next six months. But given your comments about how nation state activity targeting the national infrastructure was increasing, I guess, why do you think there's a disconnect between that trend? And were those comments specific to your Palo Alto customers in the US Fed are more broad-based?
Look, part of it is particular to us. As you are aware, there was a large program. We were part of down selected to be the only vendor. We'd expected we staffed it to make sure we could implement it and we could get the orders. That program didn't materialize at the pace and at the spending levels we had expected. We saw an early glimpse in Q1 towards the end -- you saw it not show up in Q2, and we have it staffed for Q3 and Q4. Remember, Fed is a lower duration number. So it has a much more significant impact to revenue because Fed pays on an annualized basis as opposed to an TCV basis. So you're seeing the impact of that to our revenue for Q3 and Q4 and some of the billings miss in Q2, which we had to make up with shipping from non-product backlog. So that's kind of what happened in the Fed business. One's bidding, twice shy. So we're being very cautious about how we expect it to come back or not in the second half of the year. So it's more pertinent to that as opposed to a broader comment around the federal space. And don't forget, Fed is, in general, is not a next-generation security adopter because they're usually slower on cloud services than they are on traditional cybersecurity products.
Thanks, Andy, Apologies. We're going to go back to Saket Kalia from Barclays and then go to Gabriela Borges from Goldman. Go ahead, Saket.
Hey, great. Hey, thanks, guys. Nikesh, maybe for you, just to touch on the platformization item a little bit deeper. I almost think about these as ramping contracts and you tell me if that's off. But specifically, as you look at the second half, maybe putting the mechanics of the ramp aside, how do you sort of feel about sort of underlying demand with metrics like ACV or bookings and what percentage of your book of business do you sort of expect to shift to sort of this ramping structure? Does that make sense?
Yes, yes, that makes a lot of sense. I think part of what we're noticing, Saket, is that we'd like to go from best-of-breed competitive behavior with legacy vendors or New Year vendors and go straight to platform competition. Because you noticed that we have a higher win rate on platform deals. We have a higher win rate and consolidation plays as opposed to best-of-breed head ones, which end up costing more time and energy and you see very, I call it, rogue behavior where people start trying to desperately hold on to customers. So we are trying to shift our go-to-market towards a consolidation play and a platform play. I think, as I said to earlier, the right number to look at in this context is RPO. The underlying demand is strong. Our book of business is strong. Our pipeline is strong. There is nothing going on in the demand side. It's just that we see this pushing out of the billings towards later parts as we get more and more consolidation offers and platform offers out there. To give you an example, when we acquired Talend , we made Talend free to every SASE customer, right? Is there going and trying to upsell that every SASE customer and run the risk of running the POCs other secure browsers. We've decided to give it away free for the next 12 months until the customer's renewal comes up. Now that has a billing impact in the 12-month time frame and revenue impact. However, at the end of 12 months, all these will be renewed because our aspiration is to get 50% of our customers to use the enterprise browser. It's one of the best products we've acquired. It has tremendous market traction. When we acquired it, there were 100 POCs in place going on at customers. And we told them, listen, if you're a Palo Alto customer, just use it. It's part of our product. It's part of the licensing. You don't have to pay us more, you don't have to do a new contract. What that does, it allows us to penetrate a market segment which would end up being competitive, we end up getting some share and spend the rest of our lives trying to create more traction and more market share in the future. Is that great. It's free. Our incident response offer. We never had 400 Fortune 2000 customers dealing with us on incident response. We launched an offer in 90 days, we've got 400 customers. We gave them 250 hours free, right? That's 100,000 hours of breach consulting for free, but that drives a future business for us where they become our cybersecurity partner of choice. So we're trying to seed ourselves into our customers' platform and consolidation strategies so that we don't have to keep fighting on individual breach individual best-of-breed deal every time we go to a customer.
Makes sense. Thanks, guys.
Great. Thanks, Saket. We're going to go next to Gabriela Borges with Fatima Boolani from Citi on deck.
Hi. Good evening. Thank you. Nikesh, I wanted to ask how you think about the risk of potentially cannibalizing the customers that are willing to pay full price today as you implement the bundling strategy? And then how do you think about --
If you find them, let me know. Sorry, go ahead, please ask the question. How do you?
Yes. It's also a longer-term question on how do you think about maybe catalyzing a race to the bottom with pricing pressure. So as you think about ramp deals, technology that maybe was $100 today or a year from now, by the time you get to renewal, is no longer worth $100 because you've created pricing competition or you've created a competitive response.
I think there are two answers. Yes, let me answer two parts of the question. I think this is -- to think about it as a price war is a wrong way to think about it. Actually, we're averting a price war by driving a platformization approach. I will explain how. First of all, all of our customer deals are discussed, negotiated POC. So it's very rarely that we have a customer who does not understand the value of what they're offering. Because the competitive market, we have a price. Our competitors are who normally rational competitors have a price. So we don't think that we're cannibalizing a full price paying customer we are possibly. I think what we are doing, Gabriela is that we're avoiding the unintended consequence where a customer says, oops, I have no time left. Because what happens to customers with all the right intentions we'll say, I'll renew, I'll buy Palo Alto in 12 months from now when my current contract goes away. They take a little while analyzing and they get to six months, oh my God, if I'm not able to deploy you in six months, I'm going to have an exposure, so I'm going to go try and get a renewal. When they're trying to get a renewal, the other vendors know this is not going to be their business for too long. So that's when international pricing behavior happens. It's not when they execute early and deploy early. So actually, averting the last minute race to the bottom like you called it, by making sure our customers don't have to worry about the execution risk and trying to get renewals and trying to get best pricing in the last six months.
Great. Thanks, Gabriela. Next up is Fatima Boolani from Citi. And after that, Roger Boyd from UBS.
Hey, good afternoon. Thanks for taking my question. Nikesh, on the platformization strategy. I was hoping you could drill into what the catalyst was for this to be a midyear change. What were you hearing from customers where you said we've got to pull the trigger in the middle of the year because it's admittedly atypical. And then as a related note, when you're rolling this out, if you've got customers who are not paying you for six months, how are salespeople going to get compensated for that free freemium sort of stance you're taking. So just how are you protecting I guess, the piece of the go-to-market organization as it relates to the new strategy?
Thank you. Dipak did warn me this one will take a little bit of explaining. And -- so let me go back to what Saket said. For simplicity purposes, think about a ramp deal. So our sales people still get paid on TCV, right? So they're still going to do a three-year deal or a five-year deal. We're not doing six months or 12-months deals. So you'll see that in our RPO. You'll still see us doing ramp deals for the first six months may not be charged, but the next 4.5 years is or the next 2.5 years to sort our salespeople will get paid on the TCV deals like they get paid today, right? That's not a problem. I think that's the best way to think about it and, I'm sorry, there was another part that I missed, I apologize.
Just the impetus of it being --
I'd say the impetus, Fatima is fascinating. We are -- we've managed to double our business in the last five years. And for us to get to a double from here and more, we've had to step back and say, what did we do? We got 21 categories where we're best-in-breed to realize we're still fighting best-of-breed deals while we should be selling the platformization strategy and we realized selling the platformization strategy, which we have been for the last six months, as we said, we have been trialing this out, we've been running this play with about six months discovering, when we go in with the platform approach, we win more often than if we go into the best-of-breed only. Otherwise, we get whittled down on price, XDR to XDR or SASE to SASE. When you go with XSIAM with XDR, XSIAM and XSOAR, then we don't get a little down on price because customers see the TCO value and the ROI of doing the entire replacement together. But the moment we go up with that is like lots a lot of risk. I got to replace everything in the next six months. I'm not willing to commit, let's go one at a time. And they go one at a time, I get riddled down on price with a legacy vendor.
Great. Thanks, Fatima. Next up, we have Roger Boyd, and after that, it will be Jonathan Ho from William Blair.
Great. Thanks for taking the questions. Another follow-up on the platformization. But as you get more accommodative on some of these offerings, more aggressive on discounting. What are you expecting to see from a contract duration perspective? It sounds like the focus is going to be on RPO, but are you expecting to see contract duration actually extend in exchange for some of this economic flexibility? Thanks.
I think that's a great question. I think the way to think about it is that we still have two parts of our business. We'll still have the regular part of our business, which is still growing and competing best-of-breed. We expect that business to continue. Remember, this platformization really applies to where customers have the opportunity to consolidate and platformize. There are still many who are in different parts of their cybersecurity journey or the IT journey. So to the extent that we are dealing with the customer who's willing to consolidate with us, you will see contract durations go up because we're not going to do this if you're not going to get a commitment for a three to five year deal because it does not behoove us to do those deals if you don't see a long-term commitment to the customer because we are going to be consolidating multiple security products to them and working with them to implement them across the enterprise.
Great. Thank you. Next question, Jonathan Ho from William Blair. And after that, we've got Adam Borg from Stifel.
Great. Thank you for taking my question. I guess one thing I'm trying to understand a little bit better is this ability to standardize on the platform, give you something similar to what Microsoft has done with their E5 bundling to sort of force customers or package very attractive terms for customers to switch. And I guess how does that maybe play out in terms of customers' willingness to commit to a single vendor platform? Thank you.
That's a great question, Jonathan. Very apt question. Look, it allows us to do a much better job of putting stuff together across our portfolio as opposed to having to do each of these deals on an individualized basis. So you're bang on the idea that this consolidation benefits us and allows us to drive towards that platform much faster. That's helpful. I think it also gives us financial flexibility in terms of pricing deals. That's also very important, very true. But I'll give you an example, right, just this morning, I was on the phone and the customer is trying to buy an IoT capability. Independently, that IoT capability is going to cost them north of $5 million. They already have our firewalls. We allowed them to activate IoT of our firewalls, which cost us a lot less than $5 million. But that allowed them to consolidate. And now when the renewal comes up in six months or 12 months, they're going to be able to renew for a higher amount. So that degree of flexibility that we can offer our customers, but they don't have to go end up spending more and building yet another vector that they have to go consolidate in the future is what we're trying to drive to.
Great. Thanks, Adam. Next up is Keith Bachman from BMO followed by Tal Liani of BofA.
Hi. Thank you. You confuse me, Walter. I think Dipak for you, you mentioned we certainly have the billings guide for Q3 and then implied for Q4, something like 10%. And you indicated that this was going to be a 12 to 18 month sort of impact as you try to anniversary consolidating spend. But is there any trough or any way to think about FY'25? I mean is it still double-digit billings growth that we should be thinking about? Or any kind of metrics on how you think about the six to, or excuse me, 12 to 18 month impact where you're trying to anniversary the program?
Yes, our aspiration is that towards the second half of '25, we should revert back to our original expectations of mid to high double-digit growth. But as I said, so 12 to 18 is obviously we have to go experience these programs to see how they persist. But at some point in time, they will start to lap and give us better upside in the larger size deals that we're able to do.
I just want to make one more point, sorry, on this context. One of the things that I think should not be lost what Dipak has said. We have maintained our absolute free cash flow guidance for the year and absolute EPS guidance for the year. So we believe we can make all this happen whilst holding our earnings and free cash flow constant.
Great. Next, we're going to go back to Adam Borg and then we're going to go to Tal Liani for BofA.
Awesome. Thanks, Walter. Thanks, everyone for taking the question. Maybe just on XSIAM, it was good to see the traction there. Maybe talk more about the displacement opportunity that you saw in the quarter. I think you talked about replacing -- displacing up to 19 different vendors since being introduced and talk more about how you plan to further penetrate that as part of this broader platformization approach. Thanks.
Thanks, Adam. So Adam, we've displaced 19 unique different SIM vendors. And the reason that's relevant for us is that tells us that our platform has capability that spans multiple use cases and different types of products in the market. It's not like we only replace one kind of SIM. We have been able to replace different kinds of SIM, which offer different capabilities in our customers. And we still believe this is the fastest and best cybersecurity product that has been created. We are north of 65 customers now in nine months. As we said, we have signed a larger number of deals this quarter. And on a deal basis, we did a $90 million in TCV. So we're really excited about it. This does resonate with our customers. We are launching tomorrow an offer to replace end points for our customers who are stuck with legacy end points which is one of the things that holds us back in being able to deploy XSIAM. We've also announced support of other non-legacy vendors that they have in their infrastructure. So our customers have been asking for that so we can support some of the other leading edge XDR capabilities in the market. So we are making a concerted play to be able to be the SOC of choice. It is radically different and better than most other SIMs out in the marketplace. So we are putting a concerted effort, very excited about where we are with it.
Thanks a lot, Adam. Next up, Tal Liani from BofA followed by Brad Zelnick at Deutsche Bank.
Hi. First, just a clarification, you spoke about discounting or pricing. Is there any product where you see more discounting than others? Is it on the legacy firewall side? Or do we see it on SASE or Cortex? Or should we look at it as a complete kind of pricing for the platform?
I think the best analogy is Jonathan's analogy, which is the bundling of multiple things into one capability, more like I don't want to call it that one. More like one of the other vendors has a certain bundling philosophy. I think it's more like that than it is about individual product categories because it's not about if you buy SASE, I'll make it cheap, or if you buy XDR, I'll make it cheap. It's about -- if you commit to my network security platform, the combined whole of it will be much better TCO and ROI for you, and I'll take the execution risk. You don't remember, the exit ARR for me is going to be no different than it is today and I think that's why I don't like the word discounting or reduced pricing. The exit ARR will be consistent with what I would get today. I would end up taking the execution risk away from the customer.
Great. Thank you, Tal. Next up, we have Brad Zelnick from Deutsche Bank. And after that, Matt Hedberg from RBC.
Great. Thanks so much. I wanted to ask another question from a go-to-market perspective, just extending on Fatima's question. Nikesh, how do you align the channel to execute on this platformization strategy where for you to win, somebody else has to lose. And their economics are typically a function of present day billings not LTV. And then also just extending on that, you've talked about the SIs as a real strategic opportunity for you. Where do they fit into this platform -- I got to practice the word platformization strategy. Thank you.
I know it's a new word. Only introduced five years ago when you didn't believe us. But now we've got to worry about consolidation. Thank you, Brad. So when I start to make fun with you, I start forgetting your question. So look, the two, the SI, your channel question, so two parts of it. It's a great question. First of all, channel does get compensated on TCV. So I think part of what we said is our deals are 40 times when they use all three platforms compared to a single platform deal. Our deals are north of 20 times than used two platforms, right? Our top 10 customers spent 36% more with us than everybody else. And that's all a function of -- as the deal size. As we do the platformization, the deal size is going to get bigger. The channel gets paid on TCV. So channel has a lot of incentive to help us drive this platformization. I think you hit a very important point around SIs. We have been working really hard over the last six months with our SI partners to help activate and we're actually trying to get in front of their engagements with customers as opposed to wait for their RFPs. We have very strong relationships with almost every SI out there. It's been a concerted effort. We've just Kristy Friedrichs who is the CEO of New Relic to drive our partnership, she is the Chief Partnership Officer. So we are putting a lot of attention and focus on it. And we're positively enthused about the traction we're getting with the SI. To think about it, the SIs are new to this business over the last three to five years. They used to have cybersecurity businesses, but they really doubled down and focused on it, you can take your favorite SI and they all have a very strong practice in cyber security. And they would much rather partner with one large player or a few large players in the entire gamma of 3,000 cybersecurity companies that are out there. So it fits their aspirations. It fits our aspirations are getting ahead of it. So they are a critical part of this platformization approach because these platform offers actually spin out a lot more services revenue than individual best-of-breed offers.
Great. Thanks. Next up is Matt Hedberg from RBC followed by Joe Gallo from Jefferies.
Great. Thanks, Walter. I think one of the important points, Nikesh, you made is, despite all these changes, free cash flow margins are unchanged for fiscal '24 and the midterm targets, I guess the question for Dipak, I just wanted to make sure I understood why that's the case. It sounds like you said it was prior arrangements and optimizing vendor payments. First of all, did I get that right? And I guess, secondly, when we get into '25, are there other variables that we think of that could potentially change that margin target or kind of confidence level that, that margin target can hold into next year?
So whilst we're not guiding to next year, we're pretty confident in our free cash flow margin, as I said in my prepared remarks going forward. Just to be clear, the thing that buttresses our free cash flow margin the most is our operating margin. Okay? So we do expect that to continue to increase. And that's kind of like one part of it. Secondly, we've got more business that's coming off prior contracts that we've signed. So we have visibility to that. We know when they're going to come. We also have some incremental focus on factors that impact our cash flow, for example, vendor payment terms. But when we put that all together, look, we're pretty confident on the cash flow side.
Great. Thank you. And we'll take our final question from Joe Gallo at Jefferies. Go ahead, Joe.
Hey, guys. Thanks for the question. I appreciate the candor and the cash on spend fatigue and it's logical. But given your discounting comments, can you just give an update on the competitive environment on win rates or any metrics you're tracking, particularly in SASE. Have you seen several vendors enter the market, several noting large eight-figure wins. You've certainly made eight-figure deals look easy over time, but what gives you confidence this is not competitive, and this is more of a short-term hiccup?
First of all, I would not classify this as a short-term hiccup. I know you guys would love life that was linearly nice in quarters and moved up in a beat-and-raise percentage basis. I'm trying to get this done in the next three to five years where we become even a bigger and larger platform in cybersecurity. If I step back and look at what we've done over the last five years, we established the notion of the platform in cybersecurity. It wasn't a notion that existed. I'm trying to accelerate the deployment of the notion because I believe competitive advantage in product in this industry the last two to three years. At this point in time, I believe we have the largest competitive advantage across our platforms in the market starting with our XSIAM product in our SOC space. We think that is a 15-year-old legacy space, which we should get quickly and go and deploy as quickly as we can across the board and take you any friction in the process. On network security, we did not have network securities, Zero Trust offers in the marketplace. We are starting to see our customer bought $40 million of SASE and then came and replaced all their firewalls with us in the last six months, right? So we are seeing the customers show that behavior. We're trying to take all the friction out of the way, they can make that happen. Now if I break it down into the three categories we're in, I think in network security, you'll see more and more zero trust offers where hardware, software and SASE have to combine. There's very few vendors in the space who can do that today. So they're trying to hold on to the legacy positions. We're accelerating combination across that category. You can make your own judgments as to which vendors are going to benefit, which ones are not going to benefit as much. In the SOC space, there is only one option, deploy AI in your SOC. The average technology in the SOC space is 13 to 15 years old, right? That was not made for AI. It was not ready for AI, it doesn't matter who you buy, it doesn't matter what gets acquired. What is important is that you can actually have an AI delivered data lake that delivers the capability of XSIAM. On cloud, it's a new space. And we're beginning to see what's fascinating is for us, our best cloud customers are the ones who are delivering SaaS software to their customers. So we take the large platform players, they use our cloud security because they understand the need to have an integrated cloud platform. So we have green shoots. We have trialed this. This is the time for us to double down and accelerate. That's what we're doing. It's not a hiccup.
Great. Thanks, Joe, for that last question. With that, I'll pass it over to Nikesh for his closing remarks.
I know this was exciting for all of you guys, even more exciting for us. We are committed. We believe this is the right way forward. We believe this is the way we can deliver a faster platformization, a faster way to consolidate the industry into a platform. We hope that in the next five years, this allows us to double our business from here, which is why I'm here. I want to say thank you to all of our employees, all of our partners, and of course, all of you for taking the time to listen to our earnings call.