Palo Alto Networks Inc (PANW) Q2 2021 Earnings Call Transcript

Palo Alto Networks Inc (NYSE: PANW) Q2 2021 earnings call dated Feb. 22, 2021.

 

Corporate Participants:

Karen Fung — Senior Director, Investor Relations

Nikesh Arora — Chief Executive Officer and Chairman

Luis Visoso — Chief Financial Officer

Lee Klarich — Chief Product Officer

Analysts:

Keith Weiss — Morgan Stanley — Analyst

Philip Winslow — Wells Fargo — Analyst

Sterling Auty — JP Morgan — Analyst

Saket Kalia — Barclays — Analyst

Fatima Boolani — UBS — Analyst

Brian Essex — Goldman Sachs — Analyst

Gray Powell — BTIG — Analyst

Patrick Colville — Deutsche Bank — Analyst

Tal Liani — Bank of America Merrill Lynch — Analyst

Brent Thill — Jefferies — Analyst

Michael Turits — KeyBanc Capital Markets — Analyst

Jonathan Ho — William Blair — Analyst

Andy Nowinski — D.A. Davidson — Analyst

Presentation:

Karen Fung — Senior Director, Investor Relations

Good afternoon and thank you for joining us on today’s conference call to discuss Palo Alto Networks’ Fiscal Second Quarter 2021 Financial Results. I’m Karen Fung, Senior Director of Investor Relations. This call is being broadcast live over the web and can be accessed on the Investors section of our website at investors.paloaltonetworks.com.

With me on today’s call are Nikesh Arora, our Chairman and Chief Executive Officer; Luis Visoso, our Chief Financial Officer; and Lee Klarich our Chief Product Officer.

This afternoon we issued a press release announcing our results for the fiscal second quarter ended January 31, 2021. If you would like a copy of the release, you can access it online on our website.

We would like to remind you that during the course of this conference call, management will be making forward-looking statements, including statements regarding the impact of COVID-19 and the SolarStorm on our business, our customers, the enterprise in cyber security industry and global economic condition, our expectations related to financial guidance, operating metrics and modeling points for the fiscal third quarter fiscal year 2021 and 2022, our intent to acquire Bridgecrew, our intend to be carbon-neutral by 2030, our expectations regarding our business strategies both in equity structure for the ClaiSec business and the vehicle for employees to invest in such equity, our competitive position and the demand and market opportunity for our products and subscriptions, benefits and timing of new products, features and subscription offerings as well as other financial and operating trends. These financial looking — these forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. These forward-looking statements apply as of today. You should not rely on them as representing our views in the future and we undertake no obligation to update these statements after this call. For more detailed description of factors that could cause actual results to differ, please refer to our quarterly report on Form 10-Q filed with the SEC on November 19, 2020 and our earnings release posted a few minutes ago on our website and filed with the SEC on Form 8-K.

Also please note that certain financial measures we use on this call are expressed on a non-GAAP basis and have been adjusted to exclude certain charges. For historical periods, we have provided reconciliations of these non-GAAP financial measures to GAAP financial measures in the supplemental financial information that can be found in the Investors section of our website located at investors.paloaltonetworks.com.

And finally, once we have completed our formal remarks, we will be posting them to our Investor Relations website under the Quarterly Results section. We’d also like to inform you that we will be virtually participating in the Morgan Stanley 2021 TMT Conference on March 2. Please also see the Investors section of our website for additional information of our conferences we may be participating in.

And with that I will turn the call over to Nikesh.

Nikesh Arora — Chief Executive Officer and Chairman

Thank you, Karen. Hello, everyone. I know Walter Pritchard you’re listening in. Enjoy your last earnings call from the other side. Next quarter, Walter will join us at this end as our new Senior Vice President of Investor Relations and M&A Finance.

Moving onto the quarter. Let me start with SolarStorm which many of you are describing as one of the most serious and sophisticated cyber attacks in history. The SolarStorm attacked highlighted that enterprises need a comprehensive upto date map of their full IT infrastructure environment, including understanding their own networks as well as external attack services and supply chains. In order for security teams to have an edge over the adversaries, they need to embrace next generation technologies that leverage AI, machine learning and automation. To help our customers, we set rapid response program and when I say rapid it was rapid.

Our acquisitions of Expanse and Crypsis almost fell precise. The team swung into action. We updated XDR for all the new threat vectors. We offered free assessments from our Crypsis team. We also evaluated the attack surfaces from the outside and for Expanse and discovered that there were dozens of effected customers including major government agencies and large companies. Many of which we’re actively communicating with SolarStorm malware command and control infrastructure. So far we’ve received over 1,000 assessment requests and have completed over 500. We believe that the SolarStorm attacked raises the mid and long-term criticality of the cyber security industry as a whole. This resulted more awareness and focus of cyber security which an in all candor is the need of the hour, given the complete reliance of technology in these times. We expect that this attack will be a wake up call to all enterprises to modernize cyber security and will serve as a net incremental tailwind not just for us but also for the industry.

Before I turn to our fiscal Q2 2021 results, I have an admission to make. Perhaps I was too cautious at the outset of the pandemic. The current sustained performance, resilience of our teams and execution has been turning more optimistic. We had a great second quarter, the strong business momentum as the organization executed across all platforms and strategies. As a result we beat Q2 guidance and consensus. Here are some highlights. We delivered billings of $1.2 billion, up 22% year-over-year, a strong growth across the board. Let me give you some additional context. Due to COVID, we have provided the billing plans to a select number of impacted customers. When adjusting for these billing plans, our billings momentum would have been several percentage points stronger in Q2 than the reported 22% year-over-year growth. This trend has been in place and has been going over the last few quarters.

Consequently, our revenue growth is higher than billings growth and accelerated to 25%, reaching $1 billion for the first time ever. Yes, our first $1 billion revenue quarter with accelerating revenue growth. The strength has been across the board. And as we continue down the path of more and more of a subscription-based model, the revenue predictability will continue to rise.

Non-GAAP EPS was $1.55, up $0.36 from last year. EPS expansion was driven by revenue growth and operating expense leverage. While there continues to be beneficial impacts to the lower travel due to COVID, we do continue to hire resources to support our product expansion which we expect to continue. Free cash flow margin for the quarter was 32.7%. In the first half of fiscal year 2021, we generated $838 million in free cash at a margin of 42.7%. We still expect free cash flow to normalize for the year around our full year guidance due to some seasonality we see in the second half.

Last quarter we started the dialog around network security and cloud and AI, and shared the P&L for both businesses. We received great feedback on the additional transparency and we want to continue to drive more transparency to unlock shareholder value. Let’s first take a deep dive into the Network Security business, which we are calling NetSec. Our NetSec business is undergoing a transformation towards software and SaaS, making it more predictable and sustainable. Starting with our hardware firewall business and associated services, rather than building solutions only as hardware, we’ve chosen to offer security services as a software subscription.

Over the last two years we have doubled our security subscriptions support [Phonetic] with the introduction of DNS, SDRAM, IoT and DLP. We’re seeing great progress with DNS which has acquired nearly 5,000 customers since launch. The new subscriptions, along with the introduction of higher tier support, Platinum support has allowed us to increase our next-generation firewall support and security subscription revenue as a percentage of next-generation firewall hardware revenue over the last year. As you can see we sustained 15% CAGR in hardware, subs and support. And our hardware contribution has gone from 39% to 29% in that time. To continue to drive software growth, we have made these subscriptions available across all form factors. Firewall Flex and Prisma Access 2.0. We just recently completed the process of making it available on our product Prisma Access 2.0 which is our firewall in the cloud.

Turning to our software firewall. We continue to see a transformation software form factors. With the introduction of advanced features cloud native integrations and the development industry’s first containerized next-generation firewall, we continue to see product market fit. As a result VM and CN series grew over 60% in the first half of FY ’21. We recently launched Firewall Flex, another industry first, unique approach in how we offer virtual firewalls in CM series to increase customer flexibility and enable a consumption model to drive additional growth. This new flexible consumption models features credit based licensing, that let’s you consume VM and CN series firewalls, choose a number of CPUs needed and add any or all of our eight security subscriptions just previously limited to five. We believe that by providing greater flexibility to our customers, we will continue to drive growth and achieve greater subscription attach rates.

To highlight how our software firewalls are transforming, our customers approach security, we close the deal with a leading telecommunications company to secure their 5G network. The transition to 5G is driving a number of very important architectural changes including a highly distributor design, contain as the foundation and security for enterprise customers as a critical business driver. We are first to deliver enterprise and service provider to class 5G and contain our security. In doing so, we empower our customers to provide a secure 5G service to their customers and provide managed security offerings to their enterprise and customers.

Now let’s talk about Prisma Access. When COVID dramatically changed how work gets done, the companies across industries around the world, the needs for securing a remote workforce have also changed. No longer is it sufficient to have partial access to applications or what was sometimes called good enough security. Overnight, connectivity to every application was needed, security became business critical and user experience determined the difference between maintaining productivity or falling behind. Even before COVID accelerated this change, we were already working on turning Prisma Access into an industry-leading solution for enabling a secured remote workforce. What initially started as the global product cloud service started to transform in 2019 with the launch of Prisma Access. In the last year and a half, we’ve built out industry-leading capabilities in that timeframe, Prisma Access has gone from less than 150 customers now nearly 1,000 customers and 30% of the Fortune 100.

Last week we announced Prisma Access 2.0. The biggest updates is introducing this service. Prisma Access is the full security platform in the cloud. The machine learning based security preventing alone threats in line at line speed. A full firewall delivered as a service and includes features like Zero Trust Network Access, Secure Web Gateway, CASB, DLP and IoT security. Prisma Access secures both web and non-web apps. As an example, conventional web security approached to cloud deliver security, misses 53% of all remote workforce threats that pride over non-Web apps. Those threats cannot be ignored and unlike alternate solution in the market, we prevent them with Prisma Access. We have completely re-imagined the way customers manage Prisma Access with an entirely new cloud-based UI, that delivers better security outcomes for build and security assessment. The new digital experience management add on provides native end-to-end visibility and insight to SASE and the ability to self heal when digital experiences problems occur.

Prisma Access is built on a low latency and highly scalable infrastructure as Google Clouds backlog. Lastly Prisma Access along with the Prisma SD-WAN, our re-branded product from CloudGenix delivers a complete SASE offering. The recent addition of CloudBlades, we now have a SASE platform, which allows for an API platform for seamless third party service integration. Prisma Access securely enables access to all applications and known as best-in-class security to meet enterprise security needs without compromise and enables user experience that maintains or even improve worker productivity. In Q2 we closed an eight figure deal with a leading technology company with over 100,000 employees with businesses over 100 countries. As part of the digital transformation, the company was launching new remote work initiative. In order to realize a vision, they needed a secure and optimize network that will support a flexible remote work environment. Palo Alto Networks was ultimately chosen ahead of several of our security peers as a customer source as the only vendor that was offering, a true SASE solution. Ultimately Prisma Access was the key product, given their goal to rapidly enable remote work, but the customer also purchased next-generation firewalls, VM series firewalls enhanced their sole capabilities through Cortex XDR and XSOAR. This was definitely across platform deal to be proud of and we look forward to a great partnership with the customer going forward.

Lastly several of you have asked in the past about a software transition with the associated economics. While the first phase of VM and Prisma Access purchases have mostly been incremental use cases. We put together a few key examples on what we see in the market when a customer does choose to replace the hardware-based security solution with software or SaaS. The use cases are VMs replaced hardware firewalls like this example of a local retail store running software firewalls of third-party hardware along with other software applications. We estimate that the five-year revenue of the VM series deal is roughly equal with that of deal that deploy a separate physical next-gen firewall. For use cases where Prisma Access replaced hardware firewalls, we took a typical branch office use case and estimated five-year revenue for the Prisma Access deal is 2 times larger than our next-generation firewall did. From a customer perspective, we estimate the customer’s total cost of ownership is generally reduced as we move to virtual and cloud deliver form factors. As you know Prisma Access is only a year old. So our gross margins aren’t as favorable as hardware, but we expect them to improve over time.

Now moving over looking and looking at our Cloud and AI business. We started this call by discussing SolarStorm, but I didn’t talk about our own experience with an attempted SolarStorm attack. Back in December we shared with the broader security community that Cortex XDR instantly blocked a SolarStorm attempt on Palo Alto Networks. Thanks to the behavioral threat protection capability. We continue to be bullish on the rapid pace of innovation that is going into our Cortex XDR product. In fact Cortex XDR was recently recognized by AV-Comparatives as a strategic leader in the latest Endpoint Prevention in Response Evaluation. While still delivering lower total cost of ownership, than several Endpoint Security peers. Importantly last month Cortex XDR and Data Lake achieved FedRAMP moderate authorization which should make it a key piece of technology in the federal space. As further validation of our vision, we see more and more players in the endpoint security space rushing to jump on the XDR that we have established two years ago.

Overall we continue to see the Cortex portfolio developing as the industry’s first practice security platform and we see penetration into the largest companies continue to grow. 35% of Global 2000, 66% of the Fortune 100 on our Cortex customers, indicating that automation advanced threat protection are top of mind for these customers. In Q2, we closed the deal with a retailer. The company chose Cortex XDR to increase visibility control and protection of the endpoints by adopting a more complete solution with XDR, rather than using EDR. The Cortex XDR support for mobile, the customers are also able to easily extend Cortex XDR to additional devices leveraged on side of their stores to unify the endpoint security policy across the entire enterprise.

We then expanded the conversation to address their SOC’s operational challenges by demonstrating how Cortex XSOAR’s out of the box pre-processing rules and alert de-duping could reduce the alert volumes dramatically. With the combination of enhanced visibility, protection and control for the entire endpoint of state coupled with automating and orchestrating alert volume, the Cortex platform will have a limited impact on this new customer.

Switching to Prisma Cloud. Prisma Cloud is building the most comprehensive and best of breed cloud native security platform. And we continue to see strong customer interest. Prisma Cloud has now acquired over 2,000 customers with 74% of the Fortune 100 and secures 2.5 billion cloud workloads. We also continue to see an increase in Prisma Cloud customers who are using both cloud security posture management and cloud workload protection for containers and service like applications now at 50%. Additionally, last month Prisma Cloud also achieved FedRAMP modernization along with Cortex XDR and Data Lake as we said. This allows US government customers to leverage our visibility compliance and governance capabilities for securing multi cloud and GovCloud deployment.

The last here, I would like to highlight is the largest Prisma Cloud deal that we’ve ever closed. An eight figure deal with the leading SaaS company. Like many in the industry, they’re moving from a private cloud environment to the public cloud. As part of this shift and moving to a containerized application architecture, the customer had unique scalability, availability and vulnerability requirements for securing the containers across AWS, GCP and Azure Cloud. The maturity, the superior vulnerability detection of the container security capabilities and the scalability of runtime protection of Prisma Cloud helped convince the customer to choose Prisma Cloud as their container security platform of choice.

Last week we announced our intent to acquire Bridgecrew. An early pioneer of security for the developer community. The next big challenge we’re taking on in cloud security is what is known as shift left security. Developers are playing an increasingly important role in cloud security, both in terms of what products are used and how they are operationalized. Today a single error in development can be replicated hundreds of times over resulting in thousands of security alerts. This drives down productivity and increase the likelihood of security issues in production application. Shift left integrates security into the DevOps process to catch these issues upfront where they’re easy and quick to fix. It’s a win for developers in the infra security, which to recognize the need for shift left security and pioneering approach, the infrastructure is code designed for developers. To engage the developer community they released an open source product or check out that was downloaded over 1 million times last year. And a paid for product gaining early traction. When we bring network security and Cloud ARR together, we see tremendous synergies, power the platform with Palo Alto Networks. Looking at our Global 2000 customers we see that these customers are increasingly adopting Strata, Prisma and Cortex. 68% of our Global 2000 customers have purchased more than one platform, up from 62% a year ago and 56% two years ago.

Given the momentum that we’re seeing, we’re raising guidance for the full fiscal year. For fiscal 2021 and at the midpoint of guide, we expect total revenue growth of 22%, up 200 basis points from our prior guide. Total billings was a 20%, up 100 basis points from our prior guidance, slightly lower than our revenue is due to the impact of billings plans as we discussed earlier. We continue to expect next generation security ARR at $1.15 billion, up 77% year-over-year. Product revenue is flat year-over-year, unchanged from our prior guidance. Lastly non-GAAP operating margin of 50 basis points and adjusted free — of adjusted free cash flow of 25% unchanged from our prior guidance as we continue to invest to capture the opportunity in the market.

Now let’s review our fiscal year projections for NetSec & ClaiSec. Overall, we are confirming our ClaiSec projections while raising NetSec billings by 100 basis points and revenue by 200 basis points given the strong performance of SASE and VM series. Moving on to adjusted free cash flows. We expect network security will deliver free cash flow margin of 41% FY ’21, up from 38% in FY ’20. We expect Cloud and AI free cash flow margin of negative 43% in FY ’21 and improved from negative — improvement from negative 59% at ’20. As mentioned last quarter, for the next few years, we expect Cloud and AI to achieve gross operating and free cash flow margins in line with industry benchmarks as we can scale and our customer base matures and become more efficient.

As you can see, we have been able to dig deeper and align our resources further with our business areas of ClaiSec and NetSec. And as I noted earlier, there are tremendous synergies in the power of the platform at Palo Alto Networks. At the same time we’ve also been increasing our focus on our software transformation with hardware firewalls while building new Cloud and AI business. To continue this transformation and strengthen our financial profile, we feel that we can create more focus by aligning the teams in our NetSec and ClaiSec. So we’re officially going from three speedboats of aligning our efforts on these two business areas with six focused efforts as speedboats in our next fiscal year. NetSec, we are focused on driving this transformation from hardware to software and delivering a best-of-breed hardware resolution as acquired. As you saw this transformation is actually financially neutral to net positive for us and always beneficial to our customers. The speedboats here will be firewalls including virtual firewalls, SASE and our growing security subscriptions.

ClaiSec, the business area we drive cloud security and our Cortex efforts have proven that with focus and an opportunistic organic and inorganic strategy, we can create an industry-leading set of solutions for cloud security and solutions like XSOAR and XDR driven by AI and ML. Here we need continued investment for us to drive customer scale and for us to continue to invest in both continued product development and customer adoption. We’ll do so by continuing our focus on Cortex, Prisma Cloud and Palo Alto Networks incident response services, the newly formed team combining Crypsis and Unit 42 which Wendi Whitmore has joined to help lead. We’re also excited to announce that with the Board’s consent, we are finalizing the filing needed for an equity structure for the ClaiSec business. Our goal is to make sure that the value of the ClaiSec business is more transparent. In addition the Board approved the development of a vehicle for employees to investors like ClaiSec equity strengthening the alignment to shareholders and the interest of employees regarding the success of our ClaiSec business.

Lastly I’m also proud to say that Palo Alto Networks recently made a commitment to address climate change which Luis will go over in more detail around how we will be carbon-neutral by 2030.

With that let me turn the call over to Luis.

Luis Visoso — Chief Financial Officer

Thank you Nikesh. Climate change is an existential threat and at Palo Alto Networks, we’re all in to do our part to address this crisis. We have done some important work up to this point, including LED certifications, recycling and community involvement. We plan to step up our efforts and contribute even more. I’m proud of our commitment to be Carbon-Neutral by 2030. We have already activated renewable energy and high quality carbon offset strategies. We’ll be reducing our emissions aligned to science-based targets and we will work across our value chain to have lasting impact and advocates stewardship. Paris [Phonetic] agreement calls on all of us to limit global warming below two degrees celsius by 2050. We plan to reach our commitments by 2030. We will keep you informed of progress along the way. We will continue to participate in the Carbon Disclosure Project and start sharing plans and progress — and progress using protocol set by the task force on climate-related financial disclosures. During the World Economic forum Davos Agenda last month, we committed to increase transparency by reporting on the international business councils, stakeholders capitalism metrics over time. It will take creativity, collaboration and visionary thinking to protect our planet and we’re up from the challenge. We call on others to join us, consider aligning to the Paris agreement and make your commitment to do your part.

Now, turning on — turning to our financials. As Nikesh indicated, we had a great second quarter and we continue to deliver winning innovation and adding new customers at a fast pace. This strength gives us confidence to raise our guidance for the year. I would like to start with our performance in Firewall as a Platform or FwaaP which had a great quarter as we continue to grow faster than the market. FwaaP billings grew 21% in Q2 as we continue to transition from hardware to software and SaaS form factors. As you can see FwaaP billings declined 3% in Q2 ’20 and over the last four quarters, we’ve been able to drive sustained execution and growth in this area to 21% in Q2 ’21.

Next-generation security or NGS continues to expand and now represents a quarter of our total billings at $309 million, growing 59% year-over-year. In Q2, we added over $120 million in new NGS ARR reaching $840 million. Let me remind you, at our Analyst — our last Analyst Day in September of 2019, NGS was a gleam in our eye and we called for $1.75 billion in billings by 2022. We’re on track to beat those numbers.

In Q2, total revenue grew 25% to $1.0 billion. Looking at growth by geography, the Americas grew 27%, EMEA grew 24% and APAC grew 14%. Q2 product revenue of $255 million increased 3% compared to the prior year. Q2 subscription revenue of $462 million increased 35%. Support revenue of $300 million increased 32%. In total, subscription and support revenue of $762 million increased 34% and accounted for 75% of total revenue. Excluding revenue from Crypsis and Expanse, subscription and support revenue increased 31%.

Turning to billings. Q2 total billings of $1.2 billion net of acquired deferred revenue increased 22%. Strength was broad based as we continue to see strong execution across the company. In dollar weighted contract duration for new subscriptions and support billings in the quarter were slightly down year-over-year, but remained at approximately three years. For the first half of fiscal ’21 billings of $2.3 billion increased 21% year-over-year. Product billings were $495 million, up 3% and accounted for 22% of total billings. Subscription billings were $1.2 billion, up 23%. Support billings were $733 million, up 34%. Total deferred revenue at the end of Q2 was $4.2 billion, an increase of 30% year-over-year. Remaining performance obligation or RPO was $4.6 billion, an increase of 41% year-over-year. In addition to adding approximately 2,400 new customers in the quarter, we continue to increase our wallet share of existing customers. Our top 25 customers, all of whom made a purchase this quarter, spend a minimum of $59 million in lifetime value through the end of fiscal Q2 ’21, a 27% increase over the $46 million in the comparable prior-year period.

Q2 gross margin was 75.3%, which was down 110 basis points compared to last year, mainly driven by a higher mix of our NGS products which are less mature. Q2 operating margin was 19.8%, an increase of 190 basis points year-over-year. The operating margin expansion is driven by operating expense leverage, behind operational efficiencies, lower travel and event expenses due to COVID which more than offset the incremental investment in headcounts. We ended the second quarter with 9,038 employees including a 176 from Expanse at the close of the acquisition.

On a GAAP basis for the second quarter net loss increased to $142 million or $1.48 per diluted — per basic and diluted share. Non-GAAP net income for the second quarter increased 28% to $154 million or $1.55 per diluted share. Our non-GAAP effective tax rate for Q2 was 22%.

Turning to cash flow and balance sheet items. We finished January with cash, cash equivalents and investments of $4 billion. On December 4, 2020, our Board of Directors authorized an increase to our share repurchase program and extended the expiration date to December 31, 2021. As of January 31, 2021, $1 billion remained available for repurchases. Q2 cash flow from operations of $365 million increased by 19% year-over-year. Free cash flow was $332 million, up 29% at a margin of 32.7%. DSO was 60 days. an increase of three days from prior-year period.

Turning now to guidance and modeling points. For the third quarter of 2021, we expect billings to be in the range of $1.22 billion to $1.24 billion, an increase of 20% to 22% year-over-year. We expect revenue to be in the range of $1.05 billion to $1.06 billion, an increase of 21% to 22% year-over-year. We expect non-GAAP EPS to be in the range of $1.27 to $1.29, which incorporates net expenses related to the proposed acquisition of Bridgecrew, using a 100 million to 102 million shares. Additionally, I’d like to provide some modeling points. We expect our Q3 non-GAAP effective tax rate to remain at 22%. Capex in Q3 will be approximately $30 million to $35 million.

As Nikesh reviewed earlier, for the full fiscal year, we are again raising our guidance across most metrics. We expect billings to be in the range of 5.13 billion to $5.18 billion, an increase of 19% to 20% year-over-year. We expect next-generation security ARR to be approximately $1.15 billion, an increase of 77% year-over-year. We expect revenue to be in the range of $4.15 billion to $4.20 billion, an increase of 22% to 23% year-over-year. We expect product revenue to be flat year-over-year. We expect operating margins to improve by 50 basis points year-over-year. We expect non-GAAP EPS to be in the range of $5.80 to $5.90 which incorporates net expenses related to the proposed acquisition of Bridgecrew using 99 to 101 million shares. Regarding free cash flow for the full year, we expect an adjusted free cash flow margin of approximately 29%.

With that I’d like to open the call for questions.

Questions and Answers:

Karen Fung — Senior Director, Investor Relations

In the interest of time please limit Q&A to one question. Our first question comes from Keith Weiss of Morgan Stanley.

Keith Weiss — Morgan Stanley — Analyst

Excellent. Thank you guys for taking the question and very nice quarter. I was hoping to dig in a little bit into SolarStorm, and if you could talk to us about any impacts that you saw in this quarter and more extensively, how do you expect the impact of that event to play out as we go through the year? Is there more on the comment? And what parts of the product portfolio do you think are going to get most impacted by that event?

Nikesh Arora — Chief Executive Officer and Chairman

Hey Keith. Thanks. Look, as we said in the call, we launched a series of initiatives to make sure that our customers are protected vis-a-vis SolarStorm. That was a sustained attack which was planned or a series of quarters if not years, and what we realized that, once you get into supply chain and start being able to respond to 18,000 customers, the impact is going to be far-reaching. What’s happened is, people were first reacting to that and starting to make sure for an emergency basis there is nothing in the infrastructure which is already infected and they not effectively been compromised. Now with that slowly and steadily behind us, what’s happening, we were noticing people doing cyber security assessments. Every Board is out there saying take a look at what we’ve got, make sure there is no breaches, make sure that we won’t be breached.

The first question was are we breached? The answer was, no we’re fine. Somebody telling us wait a minute, could we have been breached if we had SolarStorm? The answer is yes. So what we’re noticing, we’re noticing a rethinking of the cyber security architectures. In that context, our Crypsis acquisition was very helpful, because that’s where we have field force to be able to go out and address these situations that kind of sort of came to light and I don’t know if you know Wendi Whitmore, IBM X-Force until now and she is going to come join us. She’s had a CrowdStrike and FireEye and Mandiant as well. But she is going to come drive that effort even more aggressively for us. We also saw that in our own case XDR protected us, which again becomes an important distinction for us because it was a zero day attack and we found it because of behavior along the lease that were happening on the endpoint, which is effectively a key feature of XDR, so we’re seeing a lot more conditions around that. And Expanse’s ability to be able to look at what assets are exposed to the outside which in this case was SolarStorm servers, it was useful that Expanse went out and looked and saw that there were hundreds of customers with open SolarStorm servers sitting on the network. So, it’s generally been useful for us in the XDR part, the XSOAR part, the Crypsis part, but more importantly from a board focus on cyber security hygiene, it has been critical.

Keith Weiss — Morgan Stanley — Analyst

Thank you.

Nikesh Arora — Chief Executive Officer and Chairman

Thanks Keith.

Karen Fung — Senior Director, Investor Relations

Our next question comes from Philip Winslow of Wells Fargo.

Philip Winslow — Wells Fargo — Analyst

Great, thanks for taking my question and congrats on another fabulous quarter. Really want to focus in on Prisma Cloud and the VM and CN Series. Obviously you saw a massive uptick in the number of workloads you are protecting to cloud with Prisma Cloud and then obviously a massive uptick in year-over-year I think more than 4 times in terms of the number of firewall software customers. So I guess kind of two related questions. And first, Nikesh why you’re hearing the customers are choosing Prisma Cloud obviously you signed the largest deal on that product’s history this quarter and then the follow-up to that, we think about Prisma Cloud, plus the success you’re seeing in the VM and CN series, are those two combined when combined kind of changing the customer dialog you are having as you’re seeing these customers accelerate their shift to cloud?

Nikesh Arora — Chief Executive Officer and Chairman

Yes, Philip, thank you. Look, if you look at it you have tracked yourself. We grew our Firewall as a Platform 21%, and we’ve been talking about trying to get that to the 15% range. You can see all of that growth has come from firewall in the cloud i.e., Prisma Access 2.0 and has come from our VM and CN series firewalls. And it’s kind of, it’s hard to understand if you’re not sitting with the customer. We have seen a few deals flip from hardware to software in the last week. Literally customers aim to buy much of hardware and say wait, hold on. You guys launched its Firewall Flex, why don’t we just go into this flexible credit program, where we can spin up as many firewalls we want and spin them down, if you don’t need them. I think you can those credits to the cloud.

So what do you — I think what is something very important to understand we are going through a hardware to cloud transition now in the industry. It does not mean it is the demise of the hardware industry, it just means that the incremental shift is beginning to happen is getting — gathering momentum. You can’t keep posting tens of billions of dollars on billings for AWS, GCP and Azure, and not see a decline in data center over time. It’s going to happen. So if you look past the quarters and then that transition, it becomes very important how you are going to protect your some of the future? So, we are beginning to see customers go from hardware to software and honestly we’re encouraging it to the extend the customer wants our opinion. We have the ability to sell the hardware, the best industry and able to sell them software firewalls. And if you will sell them Prisma Access 2.0 in the cloud. We’re sitting now and I’m saying you pick the best architecture you want and we’ll service it, you ask us, we’d rather you ran [Phonetic] the software out and that’s when all of you guys start asking us, wait a minute, you got a software do you lose money? So we put up a slide saying, look, we don’t lose money, we make more money. We are going to say that, not that loudly because that’s not a good thing to say loudly, better security solution for the customer, reduce total cost of ownership, but we’re seeing that transition. I think that’s the most important part of the story and as we highlighted, we did a big deal in the telecom space where suddenly security matters in 5G right, because in no offense when you and I walk around with our iPhones and Android devices, we got malware on them, tough luck buddy. But if you’re in a car, driving down the highway and that can be infected with malware that’s a problem. So the 5G enterprise networks have to be secure. All 5G networks are being built on the cloud.

Philip Winslow — Wells Fargo — Analyst

Great. Thanks very much.

Nikesh Arora — Chief Executive Officer and Chairman

Thanks, Phil.

Karen Fung — Senior Director, Investor Relations

The next question comes from Sterling Auty of JP Morgan.

Sterling Auty — JP Morgan — Analyst

Yes, thanks. Hi guys. So in the context of the guidance increase I did notice that the next-generation security ARR seeing the same despite what looks like good results in the quarter, was there any pull-forward or what additional commentary can you give us around that NGS ARR outlook for the year?

Nikesh Arora — Chief Executive Officer and Chairman

Obviously there is no hidden meaning in there. We’re not trying to tweak it in such a way that — look, we’ve seen strength in cloud firewall, we’ve seen phenomenal strength at Prisma Access. I have to tell you that this pandemic has forced the network conversation about how do I make sure Sterling can access every application at home, not just the ones that I will let him access. It is gone from a — it’s good to have remote access, so you have to have remote access. And then the security suddenly start paying attention on the network architecture and then is and Lee and his team have delivered this, the phenomenal next upgrade where we can look at both web-based and non-web-based apps. So we’re seeing phenomenal success. So there is no tempering of our expectation and ambition on NGS. It’s just how the math works right now.

Sterling Auty — JP Morgan — Analyst

Thank you.

Karen Fung — Senior Director, Investor Relations

Next question comes from Saket Kalia of Barclays.

Saket Kalia — Barclays — Analyst

Okay, great. Hey, thanks for taking my question here guys. Nikesh maybe for you. You touched on this in your prepared comments. Can you talk about the Cloud and AI equity structure? What’s the reason for setting up that structure now and how is it going to work mechanically?

Nikesh Arora — Chief Executive Officer and Chairman

So Saket, 2.5 years ago when I came here we talked about building a cloud security business and we talked about building an AI ML based business. Last quarter we started showing you the two pieces of NetSec and ClaiSec. You’ve seen that we are aspiring to get $735 million of ARR in Cloud AI security. We also shared our left hand side, our network security business, actually that’s phenomenal cash flow margin, 38% going to 41%. So that’s a cash generated positive for our business whilst we go through a soft — hardware to software transformation. On the right hand side, we’re competing with behemoths out there today, like the cloud strikes the world and in the XDR space and a bunch of start-ups in the cloud space, that’s an area for investment. We think that the market inherently values both those business fundamentally differently. It values the network security business and cash flow, it values the cloud and AI business and ARR. So we want to be able to create the opportunity for the market to value our businesses differently to create more transparency on shareholder — for the shareholders and where it also allows us to keep investing in the Cloud & AI business and in the interest of driving more ARR.

So what we’ve done is, as you saw, we have separated our financials, showed you what NetSec and ClaiSec, Luis and team have worked hard to get them audit and make sure that we can keep reporting them on a more regular basis going into next fiscal year. And we are looking at various equity structures that allow us to create incentive plans as well as potentially in the future monetize the ClaiSec business for different set of investors, compared to the Palo Alto investor.

Karen Fung — Senior Director, Investor Relations

Our next question comes from Fatima Boolani of UBS.

Fatima Boolani — UBS — Analyst

Good afternoon and thank you for taking the questions. My question is around the Firewall as a Platform business and the metrics there. Appreciate that deals sort of changed flavor in the 11th hour, to your point Nikesh. So what are some of the core assumptions we should leave with around the installed base refresh opportunity as well as the R&D pipeline for hardware and the plants refreshes within the product portfolio in the Strata side?

Nikesh Arora — Chief Executive Officer and Chairman

Well Lee do you want talk about the hardware refresh. All I’m going to say there, we’re not taking the — our pedal off the metal. We are going aggressively trying to continue to build the next-generation of hardware and focus on refresh. I will tell you in absolute dollars we still sell the largest number of hardware firewalls in the industry. We got lost in percentages. It doesn’t matter if other vendors are out there, generating 18% growth. We still sell more absolute dollars of product in a quarter than anybody else. Lee if you can talk about the hardware.

Lee Klarich — Chief Product Officer

Yes, look we’re always working on the next generation of hardware, since the beginning of the company till now and we have some amazing new platforms coming. I won’t tell you too much until they’re out, but we’re always working on that, really exciting stuff there. The software side as well with PanOS and new security capabilities, another set of amazing things we’re working on. One thing I’ll point out in that though is the leverage we get across hardware, software and cloud-delivered. Part of what really resonates with our customers is not that they get to pick which one they use from us, but their ability to actually use hardware where they need hardware, software form factors when they need software, cloud delivered where they need that with a set of consistent security capabilities, easy to manage and operationalize, that’s something that only we can deliver to our customers.

Fatima Boolani — UBS — Analyst

Thank you.

Karen Fung — Senior Director, Investor Relations

Next question comes from Brian Essex of Goldman Sachs.

Brian Essex — Goldman Sachs — Analyst

All right. Great. Hi. Thank you. Thank you for taking the question. I was wondering Nikesh, if you could dig into a little bit Firewall Flex in your credit based licensing model for next-gen firewall. What was the timing of that rollout? How long it has been market and how much adoption is that in terms of the way it’s impacting your model?

Nikesh Arora — Chief Executive Officer and Chairman

I’ll give you the preface of it and then Lee can jump in and give you the details. But look, we hadn’t refreshed our VM pricing policy. It was set up more like a hardware business where you had to tell us which particular model of software you wanted and you we’re basically stuck to that model. And if you think about software deployment. It’s a key. I can give you a key with more capacity or a key with lower capacity. So we just felt that we were being too pedantic in our approach in selling software in a very hardware-centric model where you can only by five subscriptions the rate. So we worked hard over the last 18 months to get this all done into a new credit-based model, where you can right size your requirements. You can spin them up and spin them down, but if I say everything, then Lee doesn’t get to say much. Lee explain that… He often looks to me saying, why do you say your going to help me having answer the second half of it when you don’t stop. So I’m going to stop.

Lee Klarich — Chief Product Officer

In my defense, like the — when we came up with the model that was sort of I call it the normal model and that’s what others were doing. I’m actually — and our customers are very excited about this new Firewall Flex model, because it is the first of its kind in the industry giving our customers the flexibility, as Nikesh was saying to choose how many CPUs do they need, what subscriptions do they want, where they want to deploy it, cloud on-prem etc. That level of flexibility and to do in your credit model where each individual deployment can actually be different. So we’ve actually — it’s one of those unique cases where we’ve given the customer a lot more flexibility and options, yet made it simpler at the same time.

The last piece it addressed was, in the old model it was getting too cumbersome on how to offer all the different security subscriptions. This model allowed us to easily scale up to all of the current security subs plus any future subscriptions we come out with.

Brian Essex — Goldman Sachs — Analyst

Are those [Indecipherable]?

Lee Klarich — Chief Product Officer

Sorry. We just launched beginning of February. So it’s only been out for a few weeks. We’re already having customers respond incredibly positive to it.

Brian Essex — Goldman Sachs — Analyst

All right. Very helpful. Thank you.

Nikesh Arora — Chief Executive Officer and Chairman

Thanks Brian.

Karen Fung — Senior Director, Investor Relations

Next from Gray Powell of BTIG.

Gray Powell — BTIG — Analyst

Great, thanks. Can you guys hear me okay?

Nikesh Arora — Chief Executive Officer and Chairman

Yes.

Gray Powell — BTIG — Analyst

All right. Congratulations on the good numbers. So yes, last week, you all announced Cloud Secure Web Gateway features and Prisma Access. How important is that functionality to your customer base and do you think it creates an opportunity to gain incremental share from legacy players like Symantec or even some of the higher-growth companies like Zscaler?

Nikesh Arora — Chief Executive Officer and Chairman

Sorry. Okay. No he changed his definition of legacy players. I got it. Never mind, Sorry just kidding. We get punchy, after too much coffee in an earnings call date. So Lee go ahead. It’s all yours.

Lee Klarich — Chief Product Officer

As I think all of you have seen and heard from us before, we used to set up this sort of either/or approach. Either it was Next-Gen firewall approach to security or as a proxy approach. And you’ve heard us talk a lot about the challenges associated with the proxy approach, limited application support, some of the challenges with applications and breakage and performance. But at the same time we recognized is, there are certain use cases out there where there is a right way to do it and it is, can be very complementary to what we do from a Next-Gen firewall perspective. And so with this release, we basically integrated that into Prisma Access, such that we can now give our customers the ultimate of flexibility on how they connect to the cloud through both the Secure Web Gateway model plus our Next-Gen firewall natively integrated and provide all the great security capabilities we have.

Nikesh Arora — Chief Executive Officer and Chairman

So I think Gray what Lee is saying is, we changed near looks religion on proxies. Now we also support proxies as part of our product and we also support the app based approach. So now you can go after web based apps and non-web-based apps and we said 53% of your breach has come from non-web-based apps and proxies are used less than non-web-based apps. But we cover both opportunities like doing it the proxy way or the non-proxy way.

Gray Powell — BTIG — Analyst

Got it, okay. Thank you very much.

Karen Fung — Senior Director, Investor Relations

Next question comes from Patrick Colville of Deutsche Bank.

Patrick Colville — Deutsche Bank — Analyst

Hey, there. Thank you for taking my question. Really appreciate it. Just want to ask about Bridgecrew. So is that deployed on-prem in the cloud, who buys it? Is it the kind of developer buying it with the kind of credit card type payment model or just help us understand that product better please?

Nikesh Arora — Chief Executive Officer and Chairman

Yes. Look, I’ll — again, I’ll do the one-two punch here, but we’ve been making bets for the last 2.5 years where are securities going in the cloud space, especially it went from workloads, went to containers, went to micro-segmentation, went to DLP, went to IAM, and what we kind of the realization is what’s happening is there is a bunch of — so what happens as you do — you build an application with the developer, you give it your IT team and they deploy it and say, hey, you silly guy, you got a bunch of security bugs and go fix it. The guy tells what’s my security bugs? Why didn’t you tell me before? They started going to open source and trying to find security monitoring software to see, let me just make sure I don’t build stuff with security bugs in it. So what happens is, what Bridgecrew has is such a — it’s an open source, free no credit card needed, these are software that starts tracking the security bugs in your development side, the ICD side. So it tells the developer, you’re making a mistake, fix it.

Now what happens is, you fix it, then you give it to the guy and the security guy says, well you still have bugs, wait a minute, I checked it. So what we’ve done is we bought Bridgecrew, who will take the open source tools that they have. We’ll look at the policies there. We’ll map them with the policies in the enterprise side to make sure that if you need to find — if we are going to check for it in real time and in production, you get to check for it for free as a developer. So there’s 26 million developers developing the seamless security professionals. If you can get 26 million people to start checking it while they’re building the application, building the software, then its consistent what they’re going to check on the enterprise side, that’s the muscle we didn’t have, that’s a DevOps muscle. Most DevOps companies don’t have security muscle. We have security muscle. We don’t have DevOps muscle. We just bought DevOps.

And so the monetization is via — so what happen is they have a enterprise version of the free software to give away to the developers. It’s kind of like Dropbox. A lot of people start using it. You want that to be in the enterprise section, because you don’t want to be checked against a different product set of policy. So we’re going to merge that enterprise using Prisma Cloud, because we already check it. I will say whatever you’re developers check for free is what we’re going to check in production, they’re consistent. So if they didn’t find a bug when they were writing the code, we’re unlikely to find it when we’re running it.

Patrick Colville — Deutsche Bank — Analyst

Thank you.

Karen Fung — Senior Director, Investor Relations

Question comes from Tal Liani of BofA.

Tal Liani — Bank of America Merrill Lynch — Analyst

Hi guys. I want to go back and ask about the legacy or the hardware piece. I’m trying to understand the competitive landscape now and trying to understand the customers reaction to the fact that market is migrating somewhere else? Are there still competitive replacements or is this a case where customers just keep the status quo whatever they have today, because if they take a decision, it’s going to be a decision to migrate out of hardware into more than solutions. So I’m trying to understand the dynamics, the underlying dynamics in the market and from it to understand what’s the competitive landscape like?

Nikesh Arora — Chief Executive Officer and Chairman

Yes Tal, thanks for the question. Look what’s going to happen in my version of the world is you will still have 40% to 50% of the customers will still stick to a data center hardware base strategy. I think what the market and not fully embraced and understood is when you move to the cloud, the cloud can be expensive. And many companies will say wait a minute, I don’t need to do all this stuff in the cloud, and I’m going to still keep a data center and do some of the less expensive stuff here, why do I want to take everything and make it real time bleeding edge on the cloud. It’s going to end up in a hybrid world where people are going to maintain data centers and maintain cloud. So I don’t think every customer in the world is moving to the cloud. But I think that on the margin, yes, you’re seeing a bigger shift to cloud than your people sticking to hardware.

So with that fact in mind we do see competitive replacements when customers have end of life for existing hardware installs. They’re sitting there and saying I’m coming to the end of life for legacy vendor A, B, C, D or E, should I go replace this with new versions of legacy A, B or C or should I look at a new network architecture, which allows me flexibility of having hardware and software remote access. The example we gave, we did a $20 million deal with a customer. Who built, who bought Prisma Access for half of their employees, who bought hardware firewall through the data centers and who bought virtual firewalls for their cloud and they make sure they were all consistent. So we do see customers end of life-ing legacy hardware, which is dead ended, which doesn’t have a software form factor or a firewall in the cloud capability and we do see them transitioning to a hardware and software model. It’s not zero-sum, it is not either/or. It sometimes ends up being this and that.

Tal Liani — Bank of America Merrill Lynch — Analyst

Got it. Thank you.

Karen Fung — Senior Director, Investor Relations

Next question comes from Brent Thill of Jefferies.

Brent Thill — Jefferies — Analyst

Thanks. And Nikesh, there’s a lot of questions from investors about this proposed equity structure and the timing and…

Nikesh Arora — Chief Executive Officer and Chairman

Pretty quick.

Brent Thill — Jefferies — Analyst

I’m curious if you could just double click on what do you think this looks like and why you’re doing this right now?

Nikesh Arora — Chief Executive Officer and Chairman

Thanks for the question. Look, it’s not — first of all, we have spent the last six to eight months preparing for the financials visibility and transparency of ClaiSec and NetSec. It requires a lot of work on our accounting side, lots of rules to make sure how we do transfer pricing between the entities, how do we leverage a common sales force for all our networks. So and again, we’re not doing anything at all we’d have as we presented to the board and they’ve agreed that this is an area for us to go ahead and work further on, which means we are looking at seeing how can we make the ClaiSec equity more transparent. If you believe the market values that differently than the Palo Alto.

Now the market can say this is great, we just love your product, but at the end we will help it achieve all the price targets of the more enthusiastic and optimistic ones that you have, in which case we may not have to do anything. If not, you may actually — you will take a look at the ClaiSec equity and see how do we create more transparency, because fundamentally, if you look at it, you’ve got one business left generating $1.5 billion of free cash flow, which is fantastic, you like at 38% margins going to 41%, whilst we’re going through hardware and software transition.

On the other hand, we have a $735 million ARR business growing at 77%. That business has negative cash flows and the market looks together in values in one certain way, maybe the market will value it differently, if you look at it differently. So we’re just exploring the opportunity of being able to make that value more transparent. We’re not going to change the operating structure of the company. We’re going to still run it as one company with two basically agile business units if that makes sense.

Karen Fung — Senior Director, Investor Relations

Our next question comes from Michael Turits of KeyBanc.

Michael Turits — KeyBanc Capital Markets — Analyst

Hey, good afternoon everybody and nice quarter. It was a really good quarter on firewall platform-as-a-service, and you raised network security but product itself was just a slight beat and you didn’t raise it. So what’s the delta? What really raised that guidance on network for the year and drove the outperformance?

Nikesh Arora — Chief Executive Officer and Chairman

Software.

Michael Turits — KeyBanc Capital Markets — Analyst

What was the biggest piece? VM-series, Prisma Access, subscription attach. How would you rank this?

Nikesh Arora — Chief Executive Officer and Chairman

Access, VM and subscription, not because subscriptions aren’t doing well, it’s just a very large number. So sustaining a large number of growing at 30% is a good thing.

Michael Turits — KeyBanc Capital Markets — Analyst

Great. So really Prisma Access was the big driver.

Nikesh Arora — Chief Executive Officer and Chairman

Yes, I mean, look at Access has gone to a — when I joined it was called GlobalProtect cloud. So this be barely the $10 million in the quarter. Now it’s going gangbusters. As I said now, just said a $20 million deal across the customers and data enterprise, which included Cortex and Prisma Access in there. So we can get to $10 million plus deals and Access in one deal where we were doing $10 million in one quarter three years ago. So that makes sense.

Michael Turits — KeyBanc Capital Markets — Analyst

Great. Thanks Nikesh.

Karen Fung — Senior Director, Investor Relations

Next question comes from Jonathan Ho of William Blair.

Jonathan Ho — William Blair — Analyst

Hi, there. I just wanted to get some additional color in terms of the subscriptions that you’ve been, I guess selling with the firewalls. Is there any way that you could maybe provide some additional perspective on maybe which ones are doing well and what the average number of subscription being taken are and yes, that would be great. Thank you.

Nikesh Arora — Chief Executive Officer and Chairman

Yes, Jonathan. Obviously, we had four when I joined and they’re all had over 50% attach rates even before. The one, which has gone from zero to 500 is DNS secured in the last two years, we just announced we crossed the 5,000 customer mark. Many of the newer subscriptions were just launched as part of 10.0 with our software, so they’re all very reason which includes IoT as DRAM, DLP. And sorry at least I think that’s giving socially distance I keep not asking him what he — if I forgot anything.

SD-WAN, you can see is combined with our CloudGenix efforts. So we see SD-WAN traction between the two of them. We’re seeing a lot of interest in DLP which is very early. It’s only a few weeks old. And IoT we see situations, but that’s more of an architectural sale. It’s not just of that subscription. People want to look at the IoT architecture for the enterprise. But we are — we launched health care IoT, so its part of the IP efforts. So I have expectations from DLP, I’ve expectations from SD-WAN. Obviously, the combination of CloudGenix and IoT. But I think we’ll see different approaches and different sort of trajectories in terms of adoption. IoT is a bigger ticket when we sell it. DLP, is a simple of that and is easy to deploy like DNS security is. So they take different trajectories and different price.

Karen Fung — Senior Director, Investor Relations

Our last question comes from Andy Nowinski of D.A. Davidson.

Andy Nowinski — D.A. Davidson — Analyst

Great. Thank you for squeezing me in. So, you mentioned a number of eight figure deals for both Prisma Access and Prisma Cloud which were record deals for the company. Just wondering if you could provide any more color with regard to your overall large deal activity for the quarter? Was the activity up year-over-year and if you did see an increase in the overall activity, what drove the growth? Thanks.

Nikesh Arora — Chief Executive Officer and Chairman

Yes, Andy, I think purely I’m waiting for Luis to go look, but purely mathematically we added the same number of customers we did this year than we did last year and our billings grew 20%. So we got — definitely got to have more bigger deals in there. I have Luis, what are you doing? So yes, we are seeing strength, but I would say, it’s kind of interesting. If you look at the landscape, the higher end of the cloud sales see bigger deals, because you’re comparing them to large GCP, AWS, Azure spend. So even if you get 2% to 5% on the GCP, Azure, AWS commitment you end up with a large deal, which is typically in the seven plus figure range. And you see a similar activity in Prisma Access because it ends up being a three-year TCE style deal where if you get the top-end like 100,000 plus users, at the end of the day 7.5 figure deal.

XDR in the market, typically ends up in the $1 million to $2 million range because of competitive pressure. The competitive activity, so you just think a lot more XDR deals to get there. So it is different depending obviously firewall again, depends on the install base end of life and ELAs have their own characteristics depending on, again, how much of state is there, how much people are re-upping and have a software that might, but Luis?

Luis Visoso — Chief Financial Officer

So here is how I look at it. If you add up the billings of the last largest deal that we did this quarter and you compare that to a year ago, the total is 35% higher. So it just gives you a magnitude of how significant those large [Phonetic] tiers are for us?

Andy Nowinski — D.A. Davidson — Analyst

Thanks guys. That’s really helpful.

Nikesh Arora — Chief Executive Officer and Chairman

All right. We’ll see Brad Zelnick if you change your mind about us, you don’t even get to ask the question. All right, thank you everyone. Thank you for joining us and thank you very much for all your questions. We look forward to seeing many of you in our upcoming investor events. I also want to thank our customers, partners and of course our employees at Palo Auto Networks. Have a great day.