X

Palo Alto Networks Inc. (PANW) Q1 2021 Earnings Call Transcript

Palo Alto Networks Inc. (NYSE: PANW) Q1 2021 earnings call dated Nov. 16, 2020

Corporate Participants:

Karen Fung — Senior Director of Investor Relations

Nikesh Arora — Chief Executive Officer and Chairman

Luis Visoso — Chief Financial Officer

Lee Klarich — Chief Product Officer

Analysts:

Walter Pritchard — Citigroup — Analyst

Sterling Auty — JPMorgan — Analyst

Keith Weiss — Morgan Stanley — Analyst

Fatima Boolani — UBS — Analyst

Jonathan Ho — William Blair — Analyst

Brian Essex — Goldman Sachs — Analyst

Philip Winslow — Wells Fargo — Analyst

Gray Powell — BTIG — Analyst

Andy Nowinski — D.A. Davidson — Analyst

Saket Kalia — Barclays — Analyst

Patrick Colville — Deutsche Bank — Analyst

Matthew Hedberg — RBC — Analyst

Rob Owens — Piper Sandler — Analyst

Gregg Moskowitz — Mizuho Securities — Analyst

Brent Thill — Jefferies — Analyst

Presentation:

Karen Fung — Senior Director of Investor Relations

Good morning and thank you for joining us on today’s conference call to discuss Palo Alto Networks’ Fiscal First Quarter 2021 Financial Results. I am Karen Fung, Senior Director of Investor Relations. This call is being broadcast live over the web and can be accessed on the Investors section of our website at investors.paloaltonetworks.com. With me on today’s call are Nikesh Arora, our Chairman and Chief Executive Officer; Luis Visoso, our Chief Financial Officer; and Lee Klarich, our Chief Product Officer. This morning, we issued a press release announcing our results for fiscal first quarter ended October 31, 2020. If you would like a copy of the release, you can access it online on our website.

We would like to remind you that during the course of this conference call, management will make forward-looking statements, including statements regarding the impact of COVID-19 on our business, our customers, the enterprise, and cyber security industry and global economic conditions, our expectations related to financial guidance, operating metrics, and modeling points for fiscal second quarter and full year, Expanse’s contribution to our fiscal 2021 ARR, our expectations regarding the timing of completing our acquisition of Expanse, our competitive position and the demand opportunity for our products and subscriptions, benefits and timing of new products, features and subscription offerings including those from our proposed acquisition of Expanse as well as other financial and operating trends.

These forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. These forward-looking statements apply as of today. You should not rely on them as representing our views in the future and we undertake no obligation to update these statements after this call. For a more detailed description of factors that could cause actual results to differ, please refer to our Annual Report on Form 10-K filed with the SEC on September 4, 2020 and on our earnings release posted a few minutes ago on our website and filed with the SEC on Form 8-K.

Also, please note that certain financial measures we use on this call are expressed on a non-GAAP basis and have been adjusted to exclude certain charges. For historical periods, we have provided reconciliations of these non-GAAP financial measures to GAAP financial measures in the supplemental financial information that can be found in the Investors section of our website located at investors.paloaltonetworks.com. And finally, once we have completed our formal remarks, we will be posting them to our Investor Relations website under the quarterly results section.

We’d also like to inform you that we will be virtually participating in the Wells Fargo TMT Summit on December 1st and the Barclays Global TMT Conference on December 10th. Please also see the Investors section of our website for additional information about conferences we maybe participating in. And with that, I will turn the call over to the Nikesh.

Nikesh Arora — Chief Executive Officer and Chairman

[Technical Issues] user conference, which starts tomorrow morning. This is my 10th quarterly call at Palo Alto Networks. The one thing in common between the first and the tenth is they are both 5:00 AM calls. I finally feel that we’re turning the corner on all that we’ve been doing over the last few years. We have a lot of interesting stuff in store for you on this call. In addition to sharing our first quarter results, we will discuss the financial impact of our proposed acquisition of Expanse. Since Luis joined us last quarter, he and I have had the privilege and opportunity to talk to a lot of you and based on the feedback, we’ve come up with a more transparent approach to understanding our business and hopefully, it gives you a better understanding what we have been up to and a way to think about Palo Alto Networks 2.0.

Over the last seven months, I’ve been cautious on the pandemic and our teams have continued to deliver and surprise me to the upside. I’m delighted to report this is no longer a coincidence, our customers are investing, our teams are executing, and our strategy of innovating in our firewall business and focusing on the next generation of products around cloud and AI in the industry is working. As you can see, we had a great start to fiscal year 2021 as we exceeded guidance across all metrics in Q1.

Here are some of the highlights. We delivered strong billings of $1.08 billion, up 21% year-over-year with strong growth across the board, driven by continued strength in next-generation security or NGS billings growing at 53% year-over-year and NGS ARR of $719 million. Revenue was up 23% to $946 million driven by strength in our cloud-based subscription and support revenue businesses. Non-GAAP EPS was $1.62, up $0.57 from last year. The EPS expansion was driven by revenue growth and operating expense leverage due to efficiencies as we have seen across the industry from lower spend associated with travel and events around COVID. Adjusted free cash flow margin was 53.4%. As mentioned last quarter, we expected a strong cash quarter following the record Q4 2020 billings. We think some of this will continue into the next quarter, but we expect this to normalize for the year around our full year guidance.

This continued strength during the pandemic makes me cautiously optimistic about the future prospects of the business, but we expect the winter will try all of our collective resolve with COVID. The worst-case scenarios are unlikely to unfold and we expect our customers to continue to invest in technology. I also feel that the strategic bets we made a few years ago are right for our customers in the current environment. Against that backdrop, I feel comfortable raising guidance for the full fiscal year even before including the contribution of our proposed acquisition of Expanse, which we announced last week.

Fiscal 2021 and at the midpoint guide, we expect total billings growth of 19%, up 300 basis points from our prior guidance, total revenue growth of 20% [Phonetic] to 21% [Phonetic], up 300 basis points from our prior guide, next-generation security ARR to be approximately $1.15 billion, up 77% year-over-year. We also expect non-GAAP operating margin adjusted free cash flow expansion up from our prior guidance of flat year-over-year. Subject to close, this includes the benefit from Expanse of approximately 100 basis points of billings growth, 50 basis points of revenue growth, and $73 million in ARR. We will absorb Expanse’s operating expenses within the framework of our guide.

Let me now highlight some of the key innovation launched in Q1 and the very positive customer traction starting with our firewall business. We continue to drive innovation within our firewall business. We recently extended our new enterprise DLP solution to integrate with our complete firewall platform. Our DLP offerings is a cloud delivered service that is powerful, simple to deploy, and protects sensitive data whether our customer keeps the data in the cloud, on-prem or takes a flexible approach. This launch takes our number of potential attached subscriptions to eight from four just two years ago.

We also introduced an innovative joint solution with our VM-series virtual firewall and AWS Gateway Load Balancer. Our engineering-level partnership with AWS enabled us to launch this new capability that significantly simplifies deployment, improves the scale and performance, and reduces the total cost of ownership of our VM-series customers. Going forward, we will continue to provide leading innovation to our customers. One example of this is the upcoming launch of our new 5G-Native security offering. With our unique approach to 5G security, we’re the first to introduce 5G network slice security, 5G context driven security and much more, all in a containerized solution matching the preferred architecture of 5G. Not only will this allow mobile operators to secure their 5G infrastructure, but it also enables them to launch value added security services to their growing enterprise customers who are leveraging 5G for many new use cases.

As a result of our efforts to drive innovation, our firewall business continues to receive industry accolades. I’m excited to share that Palo Alto Networks was crowned again as a leader in Gartner’s Magic Quadrant for Network Firewalls. This is the ninth consecutive time we are a leader in this Magic Quadrant. Once again, we achieved the highest and furthest overall position in the Magic Quadrant for our ability to execute and our completeness of vision. Not only was our strength in next-generation firewall product capability recognized, but our services like DLP and focus on cloud security was cited as strengths as well.

In Q1, we were also recognized as a leader in the The Forrester Wave: Zero Trust eXtended Ecosystem Platform Providers report noting that we have assembled a robust portfolio that delivers Zero Trust everywhere on-premise, in the data center, and in the cloud. Our strategy in firewall is working as firewall as a platform grew billings by 16% in Q1 2021 and we added approximately 2,000 more customers for a total of 71,000 next-generation firewall customers. Our software next-generation firewalls, VM-series and CN-series continue to gain momentum as well and we now have over 10,000 customers using our software firewalls.

Moving on to our SASE or Secure Access Service Edge solution, Prisma Access and CloudGenix. As SD-WAN has become the primary WAN architecture, organizations are demanding solutions with a better user experience while being simpler to deploy and manage. In the quarter, we introduced a number of new additions to our next-generation SD-WAN solution, CloudGenix. This included new AML-based capabilities to enhance our AI-Ops approach and further simplify network operations. Two new SD-WAN appliances, a small form factor appliance designed for retail and small offices and home offices and high-performance appliance suited for large campus and data center locations. We also delivered the first CloudGenix and Prisma Access integration which seamlessly enables cloud-delivered branch security in just a few clicks. In addition to the Gartner Magic Quadrant for network firewalls, Palo Alto Networks’ CloudGenix SD-WAN was recognized as a leader in the 2020 Gartner Magic Quadrant for WAN Edge Infrastructure.

For many of our customers, COVID accelerated the digital transformation timelines and we continue to see conversion of remote access trials and very strong pipeline generation. We now have more than 1,000 Prisma SASE customers, more than double from a year ago. To highlight a deal from the quarter, we won a seven-figure SD-WAN deal with a U.S. retailer who had already been a Palo Alto Networks customer for a number of years and was an early adopter of Prisma Access. The success that we had with Prisma Access and the strong integration with CloudGenix was a winning combination and this customer is now a full SASE customer. Switching to Prisma Cloud, Prisma Cloud is very well positioned for sustainable growth as it is at the heart of the global shift to cloud computing.

In Q1 2021, we launched Prisma Cloud 2.0 introducing four new modules to enable customers to easily and rapidly extend their cloud security coverage in a number of critical areas, all within a single cloud native security platform. These modules are data security, which discovers and protects cloud storage data at a scale and velocity common in public cloud environments and addressing one of the most common data exposure issues in cloud transformation includes web application API security, which protects web applications from attacks.

Our approach addresses the challenges of deployment complexity and scalability by leveraging the same agent as our container and host security making it very easy and horizontally scalable. We launched identity based micro-segmentation with the integration of Aporeto technology enabling Zero Trust security for cloud applications in a cloud native identity-based approach, and lastly IAM security which allow security teams to gain visibility into effective cloud identity permissions, user activity, implement governance, and respond to issues. While only recently introduced, we are excited by the strong customer interest we’re seeing. Prisma Cloud now serves 20% of the Global 2000 companies, 70% of the Fortune 100 companies, and secures 1.8 billion cloud resources. T

His customer momentum is up from the 14% of Global 2000 companies reported last quarter and up significantly from the 43% a Fortune 100 that we reported two quarters ago. We’re also seeing substantial increase in Prisma Cloud customers who are using both cloud security posture management and cloud workload protection for containers and serverless applications, now at 45%, up from a third we reported last quarter.

To highlight the benefits of our consumption model, we won a high seven-figure deal with a leading technology company to use Prisma Cloud for CSPM for AWS and cloud workload protection. This customer has quickly consumed the workloads purchased and we are working with them to support the expansion to new clouds and new workloads.

Moving to Cortex, Cortex is on its way to being the industry’s first proactive security platform, collecting data across multiple security data sources, applying machine learning techniques to detect sophisticated threats before they have a chance to succeed, and fully automating response for known threats. We’ve seen some incredible benefits to customers who adopted Cortex from customers seeing up to 50x reduction in alerts to customers automating more than 1 million incidents per day and based on our telemetry, we can see that we have recently passed the mark of 400 million actions automated, up 100% in just four months.

As a result, we are winning with customers who share our vision, including 34% of Global 2000 and 65% of Fortune 100. We continue to drive product innovation of Cortex XDR. Our recent XDR2.5 release includes many new capabilities that have enabled us to catch up in a number of areas surpassing leading EDR products. For example, we introduced Host Insights, our first add-on module for XDR which provides vulnerability assessment, application visibility, and our new search and destroy feature. And to our knowledge, we are the first EDR product to offer this search and destroy capability that will greatly speed up security response and eliminate the need for additional endpoint agents.

This might be a good time to highlight a customer win we had recently. We won a seven-figure deal and this is a story we hear every day. The customer is a small sec-ops team managing multiple point products that were generating too many alerts with too few resources to investigate every alert, leaving them exposed to advanced threats. Being able to quickly investigate alerts and identify and remediate threats was a critical requirement. Their existing EDR product was disjointed from the rest of the security infrastructure making it difficult and time-consuming to correlate data.

At the same time, their sim [Phonetic] was consuming a large chunk of their annual budget with little ROI. We challenged their way of thinking by demonstrating how the Cortex platform could automate and streamline the security operations, allows them to consolidate multiple products including the sim into Cortex. We demonstrated how Cortex will help transform the sec-ops team by automating routine processes and knocking down alert volume by more than 95% allowing them to focus on the critical few.

In Q1, we also launched the XSOAR Marketplace which opened up the platform to both our partners and customers and we now have over 500 content packs available to customers to enable automation for their security solutions. Additionally, we’re seeing engagement and momentum within our partner ecosystem with contributions and use cases ranging from insider threat to cloud security and threat intel management.

The last deal I want to share with you is a Fortune 500 diversified financial services company. Prior to implementing Cortex XSOAR, this customer was receiving over 1 billion threat alerts per week, completely overwhelming their security operations team leading to a state where alerts were disregarded creating a significant security gap.

By leveraging XSOAR and XSOAR threat intel management, they were able to take full control of threat information by aggregating disparate information sources automatically customizing scoring feeds and matching indicators against their environment as well as leveraging playbook automation to drive instant action. This combination of automation tactics reduced the number of threat alerts they received by more than 99%, creating a significantly more secure environment.

Moving quickly to Expanse. Last week, we announced our intent to acquire Expanse and told you about what they do and how they fit within our overall vision of Cortex. Expanse has dedicated themselves to developing an Internet collection attribution platform that constantly monitors the global Internet, mapping the exposed and untracked assets of an enterprise that comprise its attack surface. This data gives organizations a crucial picture from the outside-in, that is to say the same view that an attacker sees when hunting for potential weakness. It’s because of this insight that their technology is trusted by some of the world’s largest and most complex organizations from members of the Fortune 500 to the U.S. military.

With our user conference, Ignite, kicking off in a little over 24 hours, we’re excited to share that outside-in view with our customers. We worked with Expanse to offer CIOs the CISOs attending an Expanse Exec Report, which provides a vulnerability map and immediate insights to a customers complete attack surface, risks, and suspicious activity. This is a great lead generation tool for our sales teams to hit the ground running once we close the transaction. Expanse’s transaction multiples are very favorable compared to other companies of equivalent size and even more so when adjusting for growth.

Now to the financials, as we said in our call last week, on a standalone basis, we expect Expanse to contribute $67 million of ARR to our current fiscal year ending July 2021, continuing its 100% growth momentum. With Palo Alto Networks and subject to close, we expect Expanse to contribute $73 million of ARR in FY ’21. Assuming a mid-to-late Q2 close, we expect Expanse billings to contribute about 100 basis points of our growth to our overall billings for FY ’21 and adjusting for purchase accounting, we expect Expanse revenue to contribute about 50 basis points for overall revenue for FY ’21.

I know that you get concerned about our M&A strategy perhaps because inorganic impact to our P&L is hard to forecast in new models, but if you look at the $2.7 billion of acquisitions we have done since 2019, they contribute approximately 15% for forecasted FY ’21 billings. Very large enterprise companies have been built by successful M&A strategies. Good M&A strategies need to ensure that the products are easy to integrate, they are products customers want, and that we at Palo Alto Networks can significantly change their trajectory.

We believe that our ability to acquire, integrate, and leverage our go-to-market for acquisitions is a strategic competitive advantage and we expect to continue to be opportunistic to increase our long-term growth strategy. As I mentioned, Luis and I have spent a lot of time with all of you and you’ve all highlighted that you love our business, some of you have questioned whether our firewall business is under pressure, others have wanted more transparency around our gross margins while some of you wanted more visibility on ARR and eventually how to put it all together.

Well, we heard you. It’s taken a Herculean effort to share our quarterly results in the shortest period we’ve ever done, but also to deliver detailed reporting on two categories to show that our business is doing extremely well. Let’s take a look. Over the last quarters, we have discussed our total Palo Alto Networks’ performance and provided details for next-generation security firewall as a platform. We had hoped that the firewall as a platform metric shows you how we are continuing to create share in the firewall space. The challenge has been that we did not provide anything below that number. Well, we have decided to perhaps the best way to allay your concerns is show you the pro forma P&L around FwaaP and show you how it enjoys great margins and is actually higher quality business since we are transforming our hardware business to a software and subscription business. We like this shift as software revenues is of higher quality and increases revenue visibility. Our next-generation security business, which has been the thrust of our innovation over the last two years, has been highlighted to share with you how we’re building a bigger and better business faster than anyone else in next-generation security.

Next-generation security provides a perspective in our fast growing SaaS business on a billings basis, NGS is nearly a quarter of total buildings, up from 8% in FY ’18. NGS ARR closed Q1 at $719 million, up from $651 million in Q4 2020 and up from $568 million in Q3 2020. To provide a better understanding for our business, we juggled a few pieces around. For our firewall as a platform business, we added the related subscription, support and professional services, we call it Network Security. We removed the software firewalls from NGS in order for the two areas to make a whole. We call this Cloud & AI. With that context, we have prepared a recast of our full year guidance, which I just raised across both categories.

Let’s double click at Network Security. Our Network Security business on a standalone basis is still the largest firewall business in the industry by revenue. It enjoys double-digit growth driven by transformation to software form factors, our success in VMs and Prisma SASE and increased subscriptions to attach. This has allowed us to have lesser and lesser reliance on hardware and provides better revenue visibility. We feel comfortable that these growth rates are robust and sustainable. Our gross margins and operating margins are extremely healthy.

The gross margin was slightly less than where they could be because of our SASE gross margins, which given the early stage of that product, scale, relative firewalls, it has slightly lower margins. As we scale our SASE business and the new subscriptions we have launched, we expect these margins to improve over the next few years. Needless to say, these numbers speak for themselves and on a standalone basis, this will be a very valuable Network Security business. As we noted, our firewall business is the largest in the industry, we have industry-leading financials, and we’re going through a transformation. We will continue to invest in this transformation.

Palo Alto Networks has already transformed into a highly ratable business, but ratable revenue as a percent of total revenue is up from 59% two years ago to 71% in Q1 ’21. Now into Cloud & AI. This story has just started. If you ask every CIO, the two trends that they’re all excited about are the transition to the cloud and the impact of AI. Well, there’s no transformation unless there is a secure transformation. I think we have put to rest any questions on the idea that customers would get their cloud security from the CSPs only with 70% of the Fortune 100 being served by us. I think this is our opportunity to build upon. We’re singularly focused on continuing to improve our platform to meet the needs of our customers as highlighted earlier. On the AI front, we’re in the second iteration of this trend.

The first trend was around collection of data and attempted to correlate it for security. The next trend, which we are well poised to capture, is a trend to normalized data, reduce the signal-to-noise ratio, and to improve the security posture using data AI based proactive security using Cortex. We have organized our financials for our Cloud AI security category. This business, which we started building two years ago, is gaining traction. We’re ensuring that we build this as a SaaS and ARR business. We expect ARR for Cloud & AI to grow 89% year-over-year in FY ’21. Even when excluding the Expanse contribution, we expect the growth to be 71% year-over-year.

While the gross margins look lower in FY ’21 compared to FY ’20 partially because the integration of Crypsis, we expect that this business will continue to improve gross margins every year and improve significantly over the next three, four years. Operating margins will naturally improve as ratable revenue is recognized from the balance sheet to the P&L. We believe there’s a large opportunity in Cloud & AI and this could be the next $100 billion TAM in security. That said, we will continue to invest aggressively for this business.

In summary, if you put it altogether, we have two great businesses doing exactly what we would like them to do. In conclusion, we had a great fiscal quarter across the board and as a result, we are raising our fiscal 2021 guidance. We’ve been building two businesses at Palo Alto Networks, our Network Security business is the largest firewall player with sustained gross margins and operating margins and we have fast-growing Cloud & AI business where we expect FY ’21 ARR of 89% year-over-year. Lastly, I want to give you a quick update on what we call FLEXWORK, I started this morning by calling out the continued resilience of our employees.

Throughout COVID-19, we have been supporting each and every employee with our FLEXWORK approach, a series of initiatives to give employees far greater choice as they adapt to the challenges this year in areas from work location, to benefits, to learning, all underpinned by the way we lead and communicate, with compassion and authenticity. We continue to advance this approach through Q1. We launched the first phase of FLEX benefits, giving our employees and additional $1,000 allowance for the year to choose from a wide range of wellbeing and childcare options. We rolled out the first module of FLEX learn, an individualized learning path for our sales teams, leaders, managers, designed to support them as well as they work and lead remotely.

We’re delighted to see our FLEXWORK approach now gaining traction beyond Palo Alto Networks. Last month, we launched FLEXWORK at Zoomtopia and invited other companies to join open source discussions and share case studies and learnings. Over 600 attendees showed interest in the work. Simultaneously, the CEOs from Uber, Box, Splunk and Zoom all joined me in formally announcing the FLEXWORK coalition, community of leaders coming together, develop and share best practices as we focus on future work. We all agree the pandemic has highlighted areas of opportunity where we can bring about enduring workplace change. I look forward to continued conversations with these leaders and about how we can accelerate new work practices that put our employees at the center. With that, I will turn the call over to Luis.

Luis Visoso — Chief Financial Officer

Thank you, Nikesh and good morning to everyone. Before I start, I’d like to know that except for revenue and billings, all financial figures are non-GAAP and growth rates are compared to the prior year periods, unless stated otherwise. As Nikesh indicated, we had a great first quarter as we delivered — as we continue to deliver winning innovation and add new customers. This strength gives us confidence to raise our guidance for the year. In Q1, total revenue grew 23% to $946 million. Looking at growth by geography, the Americas grew 27%, EMEA grew 16%, and APAC grew 11%. Q1 product revenue of $237 million, increased 3% compared to the prior year. Q1 subscription revenue of $428 million, increased 34%. Support revenue of $281 million, increased 26%. In total, subscription and support revenue of $709 million, increased 31% and accounted for 75% of total revenue.

Turning to billings, Q1 total billings of $1.083 billion, net of acquired deferred revenue, increased 21%. Strength was broad based as we continue to see strong execution across the company. The dollar weighted contract duration for new subscriptions and support billings in the quarter was up slightly and remained at approximately three years. Total deferred revenue at the end of Q1 was $3.9 billion, an increase of 31% year-over-year. Remaining Performance Obligation or RPO was $4.4 billion, an increase of 40% year-over-year. In addition to adding approximately 2,200 new customers in the quarter, we continue to increase our wallet share with existing customers.

Our top 25 customers, 24 of which made a purchase this quarter, spent a minimum of $57.2 million in lifetime value through the end of fiscal Q1 ’21, a 37% increase over the $41.7 million in the comparable prior year period. Q1 gross margin was 75.8%, which was down 80 basis points compared to last year, mainly driven by higher mix of our NGS products, which are less mature. Q1 operating margin was 21.7%, an increase of 590 basis points year-over-year. The operating margin expansion is driven by operating expense leverage as we benefit from lower travel and event expenses due to COVID, which more than offset the incremental investment in headcount.

We ended the first quarter with 8,376 employees, including 156 from Crypsis at the close of acquisition. On a GAAP basis for the first quarter, net loss increased to $92.2 million or $0.97 per basic and diluted share. Non-GAAP net income for the first quarter increased 51% to $158.1 million or $1.62 per diluted share. Our non-GAAP effective tax rate for Q1 was 22%.

Turning to cash flow and balance sheet items. We finished October with cash, cash equivalents and investments of $4.1 billion. During the first quarter, we purchased $500 million or 2.1 million shares of common stock at an average price of approximately $242 per share. We have returned $2.7 billion to shareholders since Q1 2017 through the repurchase of programs and ASR where we repurchased 15.1 [Phonetic] million shares of common stock at an average price of approximately $179 per share. Q1 cash flow from operations of $535 million, increased by 138% year-over-year. Free cash flow was $505 million, up 184% at a margin of 53.4%. As we mentioned last quarter, this was driven by the strong cash collections, following Q4 2020 record billings. DSO was 81 days, an increase of 18 days from the prior year period. We expect another strong collections quarter in Q2, which is expected to bring our DSO down to historical levels. Turning now to guidance and modeling points.

For the second fiscal quarter of 2021, we expect billings to be in the range of $1.17 billion to $1.19 billion, an increase of 17% to 19% year-over-year. We expect revenue to be in the range of $975 million to $990 million, an increase of 19% to 21% year-over-year. We expect non-GAAP EPS to be in the range of $1.42 to $1.44 using 98 million shares to a 100 million shares. Additionally, I would like to provide some modeling points. We expect our Q2 non-GAAP effective tax rate to remain at 22%. Capex in Q2 will be approximately $30 million to $35 million.

As Nikesh reviewed earlier, for the full fiscal year 2021, we will be raising our guidance across all metrics. We expect billings to be in the range of $5.08 billion to $5.13 billion, an increase of 18% to 19% year-over-year. We expect next-generation security ARR to be approximately $1.15 billion, an increase of 77% year-over-year. We expect revenue in the range of $4.09 billion to $4.14 billion, an increase over 20% year-over-year. We expect product revenue to be flat year-over-year. We expect operating margins to improve by 50 basis points year-over-year. We expect non-GAAP EPS to be in the range of $5.70 to $5.80 using 99 million shares to 101 million shares. Regarding free cash flow, for the full year, we expect an adjusted free flow margin of approximately 29%. With that, I’d like to open the call for questions.

Questions and Answers:

Karen Fung — Senior Director of Investor Relations

In the interest of time, please limit Q&A to one question. Our first question comes from Walter Pritchard from Citigroup.

Walter Pritchard — Citigroup — Analyst

Hi, thanks. Can you hear me?

Nikesh Arora — Chief Executive Officer and Chairman

Yes. Hey, Walter.

Walter Pritchard — Citigroup — Analyst

All right. Great. Thanks. So I guess, you’ve seen really strong customer adds around Cortex and around Prisma and have — I think your Global 2000, Fortune 500 penetration is pretty strong here. Can you talk about where you are in terms of standardization amongst some of those clients and how you think about revenue from those products around up-sell versus new customers going forward?

Nikesh Arora — Chief Executive Officer and Chairman

Look, we have a different answer for both of them. As you know that our Cortex XDR platform is only about two quarters old and we’re delighted that we’re crossing 1,000 customers in that category. We continue to see opportunity in penetrating both our existing customer base and new customers as far as XDR is concerned. As you know, we keep launching more capability in our XDR platform. We want to go from being able to just normalize data across their endpoints and firewalls to more and more data sources and with the combination of Expanse, we think that’s a very powerful proposition, we think in the future, it’s no longer about aggregating data and throwing it into a large data lake and running analytics, it’s about being able to normalize the data.

So I think we are early in the transformation of data and AI-based security around Cortex and this is a very long runway ahead of it. In terms of Prisma Cloud, what’s fascinating as we highlighted an example in the call, where we had a customer who kind of estimated how much workload and how much capacity they are going to need into clouds as they ran through it in a quarter. That’s what we think over time happens to all the cloud customers because it’s kind of interesting. The gap between how much people have actually sort of moved to the cloud versus how much is ahead of them is huge. I’d say it took us two years to get to the cloud, to get 70% of our capacity off our data centers in the cloud.

We had to buy everything two years ago to start ramping up to get there. So we think all of our customers are early in their ramps, relatively speaking. Some of them are further along, but we think most customers are early or maybe in the first or second innings of a ramp and we think there’s a long runway ahead as well for the cloud part. So in cloud, we’re really focused on customer acquisition and landing customers. That’s why we keep sharing with you 70% of the global — Fortune 100 or 20% of Global 2000 because we think the more customers we can have, we expect consumption to keep growing for each of those customers. Hence, we have a consumption base model for most of our products now because the more they consume, we expect recurring revenues to show up. Does it give you a better sense for it?

Walter Pritchard — Citigroup — Analyst

Yes, thank you.

Karen Fung — Senior Director of Investor Relations

Our next question comes from Keith Weiss from Morgan Stanley. Keith, I think you might be on mute.

Nikesh Arora — Chief Executive Officer and Chairman

Probably went back to sleep? I know it was a long call, Keith, but not that long.

Karen Fung — Senior Director of Investor Relations

We’ll move on to the next caller, Sterling Auty from JPMorgan and then we’ll move back to Keith afterwards.

Sterling Auty — JPMorgan — Analyst

Thanks, hi, guys. Thank you very much for the additional disclosure, incredibly helpful, but just want to make sure I understand how should we think about, you gave the guidance for total product revenue improved to flat year-over-year, but I’m just kind of curious what impact you’re seeing from SD-WAN in other areas that might actually provide some further improvement in that product growth rate as we move through the year?

Nikesh Arora — Chief Executive Officer and Chairman

Sterling, thank you. We include the SD-WAN revenues mostly in our Prisma SASE product, which goes in the overall firewall as a platform billing. So you will see the impact of SD-WAN in our firewall as a platform billings number. Then we continue to see strength in the SD-WAN category as well as the entire SASE category as I mentioned. I think most remote work transformations, network transformations are not done. They’re early in their sort of journey and I think most of our customers are realizing that they’re going to have to migrate their network infrastructure to more of an SD-WAN style infrastructure as well as they’re going to probably have to sustain 100% capacity for remote working for much longer than anybody thought.

Sterling Auty — JPMorgan — Analyst

But I thought with the two products, one of it was on Box. I didn’t know if that was going to have the ability to provide some pull-through for some additional product as well as we moved through the year?

Nikesh Arora — Chief Executive Officer and Chairman

Even that on box SD-WAN subscription is part of our subscriptions number, which again shows up in the FY billings number in this new left-hand side we just showed you.

Sterling Auty — JPMorgan — Analyst

Understood. Thank you.

Nikesh Arora — Chief Executive Officer and Chairman

No problem.

Karen Fung — Senior Director of Investor Relations

We will try this again. The next question comes from Keith Weiss from Morgan Stanley.

Nikesh Arora — Chief Executive Officer and Chairman

Good morning, Mr. Weiss.

Keith Weiss — Morgan Stanley — Analyst

Good morning. Can you guys hear me now?

Nikesh Arora — Chief Executive Officer and Chairman

Yes.

Keith Weiss — Morgan Stanley — Analyst

Excellent. So I thank you for taking the question, bearing with me and my technical difficulties. Very nice quarter. Loved the Expansive disclosure. I think it’s a really good view on the overall business. I wanted to get a little bit more on to the firewall side of the equation. I think it’s going to surprise guys as both the growth in sort of the overall customer base I think was up 8,000 on a year-on-year basis, as well as sort of the overall and a billings growth in that business. Can you talk to us a little bit about one kind of where the customers are coming from, how you guys are expanding that overall firewall base? And then two, what are the kind of vectors of growth we should be thinking about on a going forward basis? Like where are we in terms of subscriptions per customer? How far can that go on a going forward basis as well as kind of like the virtual versus physical mix, like how much further is that taking up your spending per customer?

Nikesh Arora — Chief Executive Officer and Chairman

Yes, I think, Keith, the best way to think about it is that the software side of that business continues to see strong growth. The SASE pieces, the Prisma access pieces, the SD-WAN capability in CloudGenix, that is also where we capture our subscription growth. Our subscriptions have gone from four to eight. We just launched the LP, which is getting lot of interest from our existing customers. IoT which is very early still for us is also getting a lot of interest from our customers.

SD-WAN ends up being part of a larger SD-WAN sort of infrastructure deal where they will turn on the SD-WAN capability in the firewall and then they will also buy pure SD-WAN with CloudGenix and the architectures work, so they work together. So we expect most of the growth is going to come from the software side of the house. As we shared the VMs, I have gone over 10,000 customers. We’ve seen a lot of interest and activity there in the VM space. As we highlighted, we’ve launched the 5G capability, containerized firewall 5G capability, which is unique in the industry. We’re going back to our service provider partners and saying, look, this is what you need to get 5G done right and to help your customers leverage 5G use cases that they’re deploying.

So I expect a lot of the growth should come in the software side. The hardware customers are mostly refresh and some are existing customers. In some cases, you’ll see people go away from legacy vendors who provide hardware firewalls. Sometimes we will see hardware wins, which come as part of an overall platform deal where people want to deploy the entire Palo Alto blueprint across their infrastructure. So hardware is harder than software especially in the current environment.

Keith Weiss — Morgan Stanley — Analyst

Got it. Excellent. Super helpful. Thank you guys.

Karen Fung — Senior Director of Investor Relations

Our next question comes from Fatima Boolani from UBS.

Fatima Boolani — UBS — Analyst

Good morning. Thank you for taking the questions. Can you hear me?

Nikesh Arora — Chief Executive Officer and Chairman

Just for you, because you didn’t believe that we were growing a business on the other side.

Fatima Boolani — UBS — Analyst

I could see that. Thank you for that. I’ll keep it tight. Nikesh, if I can ask you to put a mix hat on for a second. Into fiscal ’21, you’re going to have an even bigger portfolio than you did in fiscal ’20. So I’m wondering if you can speak to or at least quantify to what extent enterprise adoption agreements or enterprise licensing style agreements are becoming a bigger part of your overall sales motion particularly as you look to drive more next-gen solution adoption activity?

Nikesh Arora — Chief Executive Officer and Chairman

Yes, enterprise agreements typically kick in stronger in renewables than in the first phases of our deal. So a lot of the deal — a lot of the original, the only business comes as on a product by product basis until we get to a scale where customers says, wait a minute, it makes much more sense for me to go consolidate all that stuff. Rarely you’ll see somebody walk in and settle [Phonetic] on a $20 million, $30 deal and let’s go rip out everything in our infrastructure and replace it with Palo Alto Networks.

We see that it happens incrementally over time with our customers, as they get one product, they enjoy it, they get the next set of products and we’ve seen that happen on a recurring basis in the last two, 2.5 years I’ve been here. We expect they will continue to be important, but they typically kick in renewal. So we have reasonably good visibility as to which customers are up for renewal where it makes sense for them to be pitched enterprise agreement, but they play their fair role in our renewal capability.

Well, we make sure that our teams understand that you cannot just renew somebody and call it an enterprise agreement. There has to be a significant amount of upsell and deployment of new products into the customer base before it qualifies for an enterprise agreement, but this hat is a little smaller. I tried on the weekend.

Karen Fung — Senior Director of Investor Relations

Our next question comes from Jonathan Ho from William Blair.

Jonathan Ho — William Blair — Analyst

Hi, good morning and congrats on the strong results. I just wanted to start out with, getting a sense for how the integration with CloudGenix is going and maybe what the initial customer feedback has been with the combined products? Thank you.

Nikesh Arora — Chief Executive Officer and Chairman

I’m going to have my friend Lee Klarich answer that question since he’s been sitting just smiling. Go ahead, Lee.

Lee Klarich — Chief Product Officer

Thank you, Nikesh. Good question, Jonathan. What we’ve seen in the SD-WAN space in particular is even though it provides obviously a lot of value to customers, it’s still can be very clunky. It can still be very difficult to roll out deploy operationalize and obviously, the approach for CloudGenix, we think we address many of those challenges, but further the integration with Prisma Access where we can also deliver the cloud network and integrate those two together and as you heard Nikesh say earlier, we recently introduced an ability for those to be deployed with basically one-click integration and so all of that combination that we bring together as SASE is starting to resonate with our customers and we see that as the future architecture for how customers are going to connect their branch offices, remote sites to a cloud or a network with cloud security and address those deployment challenges while gaining the best security they can.

Karen Fung — Senior Director of Investor Relations

Our next question comes from Brian Essex from Goldman Sachs.

Brian Essex — Goldman Sachs — Analyst

Hey, good morning and thank you for taking the question. Thank you for me as well on the additional metrics around NGS. It’s really helpful. I know investors have been waiting a while for that. Maybe, Nikesh or Luis, how should we think about two things, one the gross margin progression. Is that just a function of the delivery on cloud infrastructure? And then two, seasonality, so comparing this to your overall business from a margin perspective, at what rate might this business be in parity with the rest of the business? And then from a seasonality perspective, I noticed that billings were seasonal this quarter similar to the larger business. How do we think about that on a go-forward basis? Thank you.

Luis Visoso — Chief Financial Officer

Yes, I think we — to the second part of your question, we will always see a little bit of seasonality with Q4 being stronger than Q1, right. So that would be kind of normal. In terms of gross margin, yes, we have strong plans as you would imagine and as Nikesh mentioned, we do expect to get very competitive gross margins over the next few years. We have very clear plans that include efficiencies in our Cloud & AI business, so you should expect that business to significantly improve over time and as I said, we have very concrete plans to achieve that.

Brian Essex — Goldman Sachs — Analyst

Is that maybe just on infrastructure side or is there something else driving that margin?

Nikesh Arora — Chief Executive Officer and Chairman

As I mentioned, Brian, on the last call, the two largest parts of the gross margin are clearly are cloud infrastructure pieces and we have worked hard both in Lee’s team and in Luis’ efforts in trying to lease [Phonetic] those costs down and we have a very clear line of sight as to how and when those costs will go down, so we’re very comfortable saying that those gross margins should improve significantly in the next two to three years, that’s one part of it. The other part is, as you know, this is the revenue against cost metric and revenue comes in ratably, the costs come in front-loaded in customer success.

Our deployment costs and customer deployment requirement is like we have to deploy $1 million deal in two months right now. At our cost to point the deal is now the $1 million come over three [Phonetic] years. So you will see as that business scales, the customer success pieces in the pre-gross margin numbers become relatively smaller compared to the total revenue size, but that also gives you a natural margin progression in the right direction.

Brian Essex — Goldman Sachs — Analyst

Fair enough. Thank you.

Karen Fung — Senior Director of Investor Relations

Our next question comes from Philip Winslow from Wells Fargo.

Philip Winslow — Wells Fargo — Analyst

Great, thanks for taking my question and again, thanks for the added transparency in terms of disclosure. Obviously, it’s a very strong quarter with a lot of very positive metrics here. One that really stood out to me was on Prisma Cloud. Customers using compute — shift to cloud security is something that we’ve been focused on for a while, but it feels like that’s hitting an inflection point. So I guess a question for Nikesh and Lee, what are you hearing from customers about sort of adoption of computes or understanding of sort of the evolution of security in the cloud?

Nikesh Arora — Chief Executive Officer and Chairman

I think we’ve maybe mentioned before the — I think a lot of early cloud adoption from enterprises was sort of more lift and shift. We saw take an application in the data center and simply move it to the cloud without rearchitecting it, without leveraging a lot of the benefits of the cloud and the more mature companies, from a cloud perspective, are now taking more of a cloud-native approach and those cloud-native approach sometimes is obviously leveraging PaaS services, but one of the key aspects is increasingly using containerized security architectures and deployment architectures.

Interesting enough, that also sometimes comes back on-premise as well and so as there is a greater and greater usage of containerized architectures, cloud-native architectures, the Prisma Cloud compute security capabilities become very important. And this obviously, for us, comes from the acquisition of Twistlock we made about 1.5 years ago and at the time it was best-in-class. We continue to invest in it and continue to receive great feedback from our customers when they do take advantage of it.

Philip Winslow — Wells Fargo — Analyst

Great, thanks team, keep up the great work.

Nikesh Arora — Chief Executive Officer and Chairman

Thanks, Philip.

Luis Visoso — Chief Financial Officer

Thanks.

Karen Fung — Senior Director of Investor Relations

Our next question comes from Gray Powell from BTIG.

Gray Powell — BTIG — Analyst

Great. Thanks. Can you hear me okay?

Nikesh Arora — Chief Executive Officer and Chairman

Yes.

Gray Powell — BTIG — Analyst

Cool. So yes, I maybe want to go back to an earlier question on the core firewall side. How should we think about attach subscription growth on the core firewall side because I think you have four new subscriptions, some of them seem to be getting pretty good traction. You’ve introduced a higher cost premium support tier, but at the same time, product revenue growth is flattening out, which means that the installed base that subscriptions can attach to is flattening out. So I’m just trying to think like how those two things should net against each other?

Nikesh Arora — Chief Executive Officer and Chairman

Well, they shouldn’t net against each other because you see the four new subs that we’ve added, we believe, should be applicable to majority of our customers and most of our customers don’t have them. I mean, the one which has seen some traction, which we talked about last quarter, was our DNS Security sub, which is penetrated over 5% or 6% of our base. So we expect there is still a lot of runway in the new subscriptions to be able to penetrate our base of 70,000-plus firewall customers. So we don’t think that, that should all be on top of the product base that we have out there and whilst product revenues are flat, our install base continues to rise because this is a one-time sale. Every time we sell, it’s to, hopefully, a new set of customers and over time some of them renew.

So I think you are still seeing customer acquisition as is it evident from the 8,000 new customers we have between last year and this year although they are prime candidates for subscriptions that get attached. In addition to that some of these customers whilst they might be flat from product revenue, they are deploying Prisma SASE or Prisma Access, also deploying VMs where VMs and Prisma Access also allow you to attach subscriptions.The subscriptions are not specific only to our hardware business. You can get as of soon DLP with Prisma Access, you can get IoT with Prisma Access. So our subscriptions go past, they apply not only to the 70,000 hardware customers, they apply it to a significant part of our 10,000 software virtual firewall customers or a 1,000 Prisma SASE customers.

Gray Powell — BTIG — Analyst

Got it. That’s really helpful. Did you say DNS is already at 5% to 6% penetration about that’s only been out like a year?

Nikesh Arora — Chief Executive Officer and Chairman

About 18 months? Yes, I’d say we said 3,000 last quarters, 3000, I think, my math says is approximately —

Lee Klarich — Chief Product Officer

Your math is good.

Gray Powell — BTIG — Analyst

Alright, thanks.

Nikesh Arora — Chief Executive Officer and Chairman

Early in the morning. That’s great. Just want to make sure 5% was right.

Karen Fung — Senior Director of Investor Relations

Next question comes from Andy Nowinski from D.A. Davidson.

Andy Nowinski — D.A. Davidson — Analyst

Great thank you and congrats on a good start to fiscal 2021. At a high level question, when you look at the thousands of new customers you added this quarter, I’m curious what percentage started with just your Cloud AI products or do most customers start with the network security products? Just trying to get a better understanding of which one is driving new logo growth. Thanks.

Nikesh Arora — Chief Executive Officer and Chairman

Yes, my CFO will not let me tell you the number of exact number of new cloud AI customers but I will tell you there’s a significant part of the — both of the Fortune 100 and Global 2000 base, where they have no interest in some of our hardware products, because these are born in the cloud companies, so they are going through a cloud transformation. So we are seeing a reasonable number, a significant number of customers, be our first time customers in Prisma Cloud customers who had no interest in buying a firewall because many of them don’t have a substantive data center, but they have a cloud presence because that’s kind of what they chose to go with and now with the eight modules, seven modules we provide in Prisma Cloud, they find it interesting to go down that platform route.

Many of our customers who are on the defense side or the financial services side where we’ve not had such a strong presence are getting — we are seeing renewed interest, both in the cloud transformation as well as the data collection capabilities, Cortex XDR and hopefully Expanse in the future. So we’re seeing a new set of customers we’re able to address with our cloud AI solutions, which we were not able to address with our hardware capabilities.

Andy Nowinski — D.A. Davidson — Analyst

Thanks, Nikesh.

Nikesh Arora — Chief Executive Officer and Chairman

You are welcome.

Karen Fung — Senior Director of Investor Relations

The question comes from Saket Kalia from Barclays.

Saket Kalia — Barclays — Analyst

Okay. Hey, good morning. Can you hear me okay?

Nikesh Arora — Chief Executive Officer and Chairman

Yes, Saket. How are you?

Saket Kalia — Barclays — Analyst

Okay. Excellent. Good. Nikesh how are you? Luis, maybe for you, maybe just shifting gears to profitability for a second. I think the operating margin guide for fiscal ’21 is going up slightly. And I believe that too is consolidating the Expanse cost base. Maybe the first part of the question, am I thinking about that right? And then secondly, more strategically, longer term on that Cloud & AI business, who do you sort of benchmark yourself against in terms of where that profitability can go long-term?

Luis Visoso — Chief Financial Officer

Yes, to your first question, yes, margin is up slightly year-over-year. So yes, we are raising our guidance on margin, so you are right. And you are also right our fiscal year margin is impacted by Expanse, which we basically offset all of that, right. So we factored that in and we covered the cost and even though — even despite of that we’re going up. And yes, we’re benchmarking ourselves against the best you have in the market, right and we want to get towards those margins as well and we think it’s very reasonable to do that as we gain scale and as we deliver the savings that we talked just a few minutes ago, right. Some of the savings that we are working with Lee’s team, Lee and his team, and some of the savings that we think we can get just as we gain more scale. So that should clearly improve, but that’s kind of where we’re going. Now think about some of the best-in-class companies out there and that’s what we’re benchmarking against to deliver.

Nikesh Arora — Chief Executive Officer and Chairman

Yes, Saket just to add to that and this is not a reporting question. Part of the reason we wanted to make sure you understand this split and the difference in the two businesses is you want to reinforce that our firewall business is as good as any other firewall business out there in the industry because I got calls about, hey, you are seeing an overall decline in gross margins that because your firewall was under pressure. No it’s not. I think the other part I want to make sure that you see is that it’s kind of like maybe we do and we’re looking, but it’s very hard to build a $735 million ARR business from scratch in 18 months. I want to show you that we’re building that business in parallel to continuing to focus on the firewall business.

And to an extent, the overall gross margin, operating margin are somewhat not fully in our control as management and we want to show you the reason that we’re investing on the right hand side is because we can drive that ARR growth at very high double-digit for a longer period of time. For that we need to continue to invest. And we’re just showing in the run we invest. You’ll see the transparency where we’re investing, where we’re not investing, where we’re leveraging and showing your expansion where we’re continuing to invest.

We’re investing in both, obviously not to the same levels. Prisma SASE is a brand new product category for us in our firewall business. And to be honest, I will tell you this in two years from now when you look back, you’ll say, yes you guys did a great job transforming your business to hardware, to software because there’s a high probability the industry starts to slow down on hardware because people realize they are moving faster to network transformation, cloud transformation. And when that happens, you need two years of prep work together.

Saket Kalia — Barclays — Analyst

Very helpful. Thanks guys.

Luis Visoso — Chief Financial Officer

Cool.

Karen Fung — Senior Director of Investor Relations

Our next question comes from Patrick Colville from Deutsche Bank.

Patrick Colville — Deutsche Bank — Analyst

Hey there, thanks again for the new disclosure. It’s going to echo to others. I mean, absolutely awesome to see that. So I just want to circle back to Fatima’s question about enterprise agreements. So can you just help us understand, I guess at Palo Alto Networks what you define as an enterprise agreement versus just a kind of regular, multi-product deal. And the reason I asked is because we know in our conversations with resellers we’re hearing Palo Alto and enterprise agreement a lot more. So I guess — and I guess the second part of my question is, is there any disclosure you can give us around what proportion of billings are from enterprise agreements? Thank you.

Nikesh Arora — Chief Executive Officer and Chairman

Thanks, Patrick. Thank you for the congratulations. And first of all, I’m looking at Lee just to confirm what I’m going to say, is that we have no enterprise agreements wherever we blend Cloud AI and network security.

Lee Klarich — Chief Product Officer

Correct? We don’t.

Nikesh Arora — Chief Executive Officer and Chairman

So first and foremost, any of the cloud and AI stuff does not get bundled with our hardware deals or does not get bundled with software deals. We probably have no enterprise agreements where we blend all of our Prisma SASE and hardware and software firewalls. We don’t. So Prisma SASE deals and also independent of that. So most of our enterprise agreements are still firewall plus subscription agreements whether they are hardware and software and a subscription, they are still the agreements that have continued in Palo Alto Networks for the last 15 years.

None of the new stuff is included in enterprise agreements because we don’t believe that we have to create cross-product discounting to try and encourage customers to use them. We want our new products to stand on their own and be sold on their own and be able to — be on a consumption model, which is much more transparent and much easier to manage if they’re not part of it, large bundle discount deal. So that’s answer number one. Our enterprise deals refer to hardware plus subscription updates.

So in that context, any customer who wants to do an enterprise agreement with us is probably an existing hardware customer with subscriptions, where they are going to buy more subscriptions and promise to buy more hardware from us over the next three years. And that’s why you do an enterprise agreement, saying hey, I’m going to go from a 100 firewalls to 200 firewalls if I pay you so much money for all your subscriptions in the next three years, can I have a deal where I don’t have to keep paying every time I buy a new firewall for subscription. So most of our enterprise deals take on the form of if you commit to a large amount of hardware purchase, you can get a bundled price for subscriptions, which you don’t have to pay incrementally for.

That’s the nature of our deals. Hence, our EAs are pretty much dependent on our hardware business. And as I said to a question earlier that most of our EAs are based on renewal deals because nobody walks in front saying, I want to buy the state of thousand firewalls tomorrow sign me up. It’s typically I’ve got 200 more I’m going to get 200 because I’m through a transformation of Palo Alto Networks, can I just hurry up and get a renewal of a larger number if I commit to more hardware because I love your product.

Karen Fung — Senior Director of Investor Relations

Our next question comes from Matthew Hedberg from RBC.

Matthew Hedberg — RBC — Analyst

Hi guys. Thanks for taking my question. And I’ll offer my congrats again. Disclosures are really, really helpful. I guess I have a question for Lee. In a post-COVID distributed world, I have to think DLP takes on a new level of importance. Can you talk a little bit more granular about how you guys differ in your approach to cloud DLP versus others? And how much of that is a new business i.e., as a result of distributed work or increased cloud migration or how much of it is legacy DLP replacement?

Lee Klarich — Chief Product Officer

Yes. Thanks for the question, Matthew. When you look at the DLP market, it’s been around for a long time. It hasn’t changed a whole lot during that time and it was therefore sort of designed and architected for a very on-prem world. It largely assumes that employees all show up to the office, applications are all in the data center and everything is sort of well contained. As you look at today’s world, users are — employees are working from anywhere, applications are increasingly running into cloud and the legacy DLP on-prem architecture does not work as well anymore.

And so what we’ve done is built a DLP service that runs in the cloud and then can connect into all the different enforcement points that are needed, whether that’s one of our hardware devices in the data center, prem whether that’s Prisma Access, whether that’s Prisma Cloud for cloud workload and storage security. And so we can take that single DLP cloud engine and integrate it with all of those enforcement points, really designed for this new way in which networks are deployed, applications are deployed. And so we think that’s a very more appropriate architecture and we’re getting it’s early, but we’re getting very positive feedback from our customers and interest in that approach.

Matthew Hedberg — RBC — Analyst

Thank you.

Karen Fung — Senior Director of Investor Relations

Our next question comes from Rob Owens from Piper Sandler.

Rob Owens — Piper Sandler — Analyst

Good morning. And thank you for taking my question. Given you are the first to report in October quarter on this really early Monday morning, I was curious if you can give us kind of a broader read in terms of what’s going on internationally looked like domestic was strong, but rest of the world growth rates ticked down a little bit versus where they were in the back half, or even the quarter from a linearity standpoint, given your dates, billings outstanding, ticked up, I guess, on a year-over-year basis and went a little higher than it was previously. Thanks.

Nikesh Arora — Chief Executive Officer and Chairman

Well, there’s a varied impact around the world given where people are on this pandemic scale and degree of difficulty in terms of being able to execute in their own environments here. We still see that different parts of Asia are doing better than the others because they’re going through their emotions of trying to deal with the pandemic. See similar behavior in Europe, we saw in early part of the quarter was normal in Europe. It’s gotten subsequently harder because Europe has started to shut down.

So we’re seeing different impacts across the Board, but as you know, these deals don’t happen in days. These deals happen in months. So there’s already always work that’s been going on for the last many months for these deals to culminate towards the end of the quarter. So generally speaking, as I said, you know, Europe is okay, it is scattered, the U.S. continues to be strong. I think as I said, we are going to get tested in the, and I don’t mean COVID testing the COVID is going to test us. We do get tested pretty much, very often, but COVID is going to test all of us in the next three months because I think the winter is coming.

And we’re hoping that all the work that the teams have been able to do in the last few months will bear through the winter. But yes, I think, international continues to be — look, there’s two parts to it, one is native strand, the other is investment. So we are continuing to invest internationally because we were not as invested, I would say internationally two, two and a half years ago. We’re making investments around the world. We’re also investing in making sure our cloud and AI businesses are visible across various customer bases because in many cases, the hardware business, hadn’t been able to be of much significance many countries around the world, but we’re going back and re-investing in cloud and AI. So I think that counteracts some of the natural weakness based on the pandemic. But we’ll see what happens the next few months.

Rob Owens — Piper Sandler — Analyst

Alright, thank you.

Karen Fung — Senior Director of Investor Relations

Our next question comes from Gregg Moskowitz from Mizuho Securities.

Gregg Moskowitz — Mizuho Securities — Analyst

Okay. Thank you for taking the question. Nikesh, your next-gen security ARR and billing and growth for me is impressive. Especially now that you’re lapping tough comps. What I’m wondering is what are the one or two NGS products that haven’t yet contributed much, but that you think is only a matter of time before they move the needle on growth.

Nikesh Arora — Chief Executive Officer and Chairman

That was, that was a, quite an impactful way to end the question. But the NGS products, it’s kind of interesting as I parse them down, we include Prisma SASE and NGS. We continue to see tremendous amounts of traction in Prisma SASE. Prisma Access continues to go from strength to strength. As I mentioned, we think we four or five, 10 quarters ago, Prisma Access was GPCS, it didn’t kind of have enough traction. Now we see tough comps being lapped with great numbers, partly driven by the pandemic response, partly driven by the fact that finally near standing at the top of the roof and claiming the proxy solution that don’t fully work. If somebody is hearing him because people want a full-stack firewall and the firewall in the cloud.

So a lot of success for Prisma Access front. We think that continues to sustain itself SD-WAN and SASE going forward for the next few years. On Prisma Cloud is kind of a different story. It was kind of like, we’ll see more benefits in the future because right now we’re in expand mode, land mode and we’re getting more and more customers, but really we are dependent on the customers’ ability to transform their existing infrastructure to the cloud. So we’re getting in there, we’re getting our modules in, we’re trying to do upsells, get them to use more and more of our product.

As they spend more — put more workloads in the cloud, Prisma Cloud will see continued ARR growth in the future. On the Cortex XDR front, it’s competitive with many XDR vendors out there. Again, we’re seeing traction because we have a large install base of traps, which many of that is converting to XDR. We’re also seeing new customers where we compete to the likes of Cylance [Indecipherable] etc and there, XSOAR, we think is now way larger than any other automation product out there from a security automation perspective.

And we think the combination of Expanse, and XDR and XSOAR holds tremendous promise, but I think that’s more a next fiscal year thing. This fiscal year I expect Prisma Access, Prisma SASE, I expect the Prisma suite to do really well and XDR to really — XDR to do really well independently. I think we’ll see more and Expanse expense plus XDR in the next fiscal year. That gives you a better sense. And of course, VMs continue to do great for us because people are finally realizing you can put a virtual firewall against your third instance and they need one.

Karen Fung — Senior Director of Investor Relations

Our next question comes from Tal Liani from BofA. Okay. I don’t think we have Tal. So I’ll move on to our last question and will come from Brent Thill from Jefferies.

Brent Thill — Jefferies — Analyst

Thank you. Nikesh just on the go-to-market this year can you speak to any changes that you’re making in the go-to-market motion? Is it anything new this year largely unchanged from last year?

Nikesh Arora — Chief Executive Officer and Chairman

Brent, thanks for the question. Look last year, the year before that, when I started, we had a large kicker to get our NGS jump-started and hopefully $1 billion ARR by the end of this fiscal year, it tells you that we were able to jumpstart it, although that caused some consternation in our product business, as you guys are fully aware of. So we normalized that last year. So we did not create that much of a jump between NGS and a product and things have stabilized. I’ll tell you that the one change we’ve made this year and you should see it in the left side and right inside, be sure you, we have focused our cloud AI team to believe, to build ACV and ARR, right?

And our Network Security business is more TCV oriented. So if you were ever to see an impact or shrubs, the way what’s going on your billings versus ARR, and that’s why we started this disclosure today about showing you the left-hand side is very focused on revenue, operating margin, gross margin and billings, the right-hand side is a very much an ARR business because we believe the huge opportunity we have in front of us should be focused on ACV and that’s why, answering Patrick’s question about what do we do with the EAs, I don’t want to bury next-generation regarding revenue products in the EAs because sometimes the EAs you get customers buying a lot of stuff then they choose what they want to use later.

I’m focused on making sure every one of our Cloud & AI product gets deployed the time to value is very high or short, the time to value is short and value is very high. I want to make sure there’s consumption increase, I want to make sure there are contracts in place will allow people to spend more as they consume more. So the big shift we made at this time of big or minor shift is we’ve made sure people focus both on the ARR side and the TCV side, in our business, our sales team. As you can imagine, we didn’t have an ARR business. We can report ARR, but we didn’t have any ARR focus on our firewall business. I hope that helps answer the question.

Brent Thill — Jefferies — Analyst

Thank you.

Karen Fung — Senior Director of Investor Relations

That concludes the Q&A portion of our call. Thank you all for your questions. I’m going to turn it back to Nikesh for closing remarks.

Nikesh Arora — Chief Executive Officer and Chairman

Well thank you, Karen and thank you everyone for dialing in. And, I want to normally not what I would do in an earning’s call but I want to applaud the work of Luis and our finance teams. This was a tough, close to get done in 10 days before our user conference. At the same time, based on your feedback, we spent a lot of time with auditors and others to make sure that we were able to show the split because all of you wanted more transparency in our cloud AI business and network security business.

I hope you see, by just disclosure, we are building two great businesses at Palo Alto Networks, and we are going to continue to focus on trying to build a share of our value across both these segments and we’ll keep looking as to what’s the best way to increase more transparency and see if it makes sense in the longer-term to be more regular about these updates, but hopefully you found that disclosure useful.

I want to thank you again. I wish your families and you have very safe and happy Thanksgiving next week. We look forward to seeing many of you in our upcoming weeks at our investor conferences. I know I’ll be talking to some of you shortly after. I also want to, once again, shout out to our Palo Alto Networks family, our employees, our customers, and our entire ecosystem thank you very much, everybody and go Palo Alto Networks.

Related Post