Palo Alto Networks, Inc. (PANW) Q2 2022 Earnings Call Transcript

Palo Alto Networks, Inc. (NYSE: PANW) Q2 2022 earnings call Feb. 22, 2022

Corporate Participants:

Clay Bilby — Head of Investor Relations

Nikesh Arora — Chief Executive Officer and Chairman

Dipak Golechha — Chief Financial Officer

Lee Klarich — Chief Product Officer

Analysts:

Saket Kalia — Barclays — Analyst

Tal Liani — Bank of America — Analyst

Brian Essex — Goldman Sachs — Analyst

Hamzah Fodderwala — Morgan Stanley — Analyst

Philip Winslow — Credit Suisse — Analyst

Brent Thill — Jefferies — Analyst

Rob Owens — Piper Sandler — Analyst

Gregg Moskowitz — Mizuho Securities — Analyst

Adam Borg — Stifel — Analyst

Patrick Colville — Deutsche Bank — Analyst

Presentation:

Clay Bilby — Head of Investor Relations

Good day, everyone, and welcome to Palo Alto Networks’ Fiscal Second Quarter 2022 Earnings Conference Call. I am Clay Bilby, Head of Palo Alto Networks’ Investor Relations. Please note that this call is being recorded today, Tuesday, February 22, 2022 at 2:00 PM Pacific Time. With me on today’s call are Nikesh Arora, our Chairman and Chief Executive Officer and Dipak Golechha, our Chief Financial Officer. Our Chief Product Officer, Lee Klarich will join us in the Q&A session following the prepared remarks.

You can find the press release and information to supplement today’s discussion on our investor website at investors.paloaltonetworks.com. While there, please click on the links for events and presentations where you will find the investor presentation and supplemental information. In the course of today’s call, we will make forward-looking statements and projections that involve risk and uncertainty that could cause actual results to differ materially from forward-looking statements made in this presentation. These forward-looking statements are based on our current beliefs and information available to management as of today. Risks, uncertainties and other factors that could cause actual results to differ are identified in the safe harbor statements provided in our earnings release and presentation and in our SEC filings. Palo Alto Networks assumes no obligation to update the information provided as a part of today’s presentation.

We will also discuss non-GAAP financial measures. These non-GAAP financial measures are not prepared in accordance with GAAP and should not be considered as a substitute for or superior to measures of financial performance prepared in accordance with GAAP. We have included tables which provide reconciliations between the non-GAAP and GAAP financial measures in the appendix to the presentation and in our earnings release, which we have filed with the SEC and can also be found in the Investors’ section of our website. Please also note that all comparisons are on a year-over-year basis, unless specifically noted otherwise. We would also like to note that our management is scheduled to participate in the Morgan Stanley Investor Conference in March. I’d like to apologize for the delay in our start time. We experienced a technical issue that required delaying the call by 30 minutes. I will now turn the call over to Nikesh.

Nikesh Arora — Chief Executive Officer and Chairman

Thank you, Clay. Good afternoon, and thank you everyone for joining us today for our earnings call. As you’ve seen by results we released, we had an exceptional Q2. We continue to accelerate the growth of our business in line with our stated direction of fiscal year ’22 being the year of focused execution. But first, let’s talk about the market and the trends we’re seeing. Firstly, we continue to see a strong demand for cyber security. We have not seen any changes in the IT spending patterns of our customers or a slowdown in companies investing IT systems to drive competitive advantage. On the contrary, we see acceleration around trends associated with the shift to the cloud as well as the continued efforts to redefine network architectures to enable employees to work effectively from anywhere, a trend which has been bolstered by the pandemic and we continue to believe we are still in the early innings here. Both these factors underpin continued demand for cyber security services.

Secondly, we continue to see an evolving and complicated threat landscape. We have highlighted in the past that cyber securities are at the front and center of all conversations around risks and threats of companies as well as nation and state levels. We believe cyber security will continue to become more and more relevant and important. With increased alliance and technology and the prevalence of cyber attacks, there is an ability to disrupt businesses and critical systems making cyber security an area will — that will need continued focus in investment. In addition to industry specific trends, we are seeing a trend that is unique to Palo Alto Networks. Given our investments in the areas and continued relevance across multiple platforms and needs of our customers, we’re having more and more significant partnership conversations which encompass the entire Palo Alto Networks offering. Whilst early, we believe this is the true differentiation that Palo Alto Networks provides, both best of breed and integral integrated security that works.

Thirdly, our continued focus in execution. This focus is bearing fruit as we execute multiple dimensions across our business. Execution from our product teams means continuing our rapid pace of integrated platform delivery. We will talk about the innovation across our platforms, but to highlight, just today we unveiled our XSIAM product, which is poised to re-imagine security operation centers and truly deploy technology to resolve cyber attacks real-time. Execution from our go-to-market teams means focusing on the broader customer-driven priority of helping them significantly improve their cyber security posture. This is demonstrated by the multi-platform large deal commitments we’re beginning to see. Execution from our supply chain team means we are able to work with our suppliers in this tough environment to deliver critical security appliances to our customers. We’ve had to balance some of the increased cost of price increases, as an offset but we’ve been able to keep these increases modest in comparison to our peers. Execution from our people leaders means despite this being a hot market for great talent, we’re able to attract and retain the best mine and cyber security. As you saw in the opening of the call, we launched our Welcome Home program to welcome back employees that had left our company. We have seen good initial success here.

Let’s take a quick look at some of the outcomes caused by the focus on execution. In Q2, revenue was up 30% while the leading billing in RPO metrics were up 32% and 36% respectively. We’re building a more predictable business model as the RPO balanced at $3.4 billion gives us significant visibility into our next 12 months revenue. Next-generation security or NGS ARR, finished Q2 at $1.43 billion. As we hit our mid-year point, we have greater confidence that our strategy is working, which is driving us to make further investments in these businesses. At the same time, we continue to transform our core network security business where the software mix within our firewall as a platform billings came in at 40% up 5 points versus last year. We drove these strong top line results by balancing non-GAAP profitability even as we absorbed some incremental expenses from supply chain challenges. Operating income grew 20% and adjusted free cash flow grew 33%. We outperformed our non-GAAP EPS guidance midpoint by $0.09.

For a number of quarters, we’ve talked about our large deal momentum. To accelerate these results, as we exited fiscal ’20 to ’21, we layered on a sales strategy to elevate our focus and drive efficiency in our largest opportunities. With a growing portfolio of products across the platforms making largely in selling repeatable process is core to our sustaining and accelerated growth trajectory. With BJ Jenkins taking over the leadership role for our broader sales organization, we’ve had an ability to increased management attention on the largest deals in the form of Amit Singh, our CBO.

We’re pleased with the results we have seen in the first half of the year. These deeper, multi-platform relationships are win-win for Palo Alto Networks and our customers. As a testament to this, at the end of Q2, 47% of our Global 2000 customers used products from all three of our platforms, up from 38% a year ago. In Q2, we closed 221 during seven-figure transactions, including three transactions over $20 million. Our Millionaire customers were at 1,077 in Q2, up 26% year-over-year. Our combined rate of growth in Millionaire customers as well as an increase in the size of our large deals has helped us sustain the accelerated level of growth you’ve seen over the last several quarters.

In all, it was a strong quarter and I want to thank our global teams for their stronger execution across the board. Driving these results are the transformation of our firewall business and our focus on capturing the growth in next-generation security. In particular, this quarter, our strengths we’re well balanced in both of these categories. Let’s do a quick review of our progress across our three platforms. As you know, we have them designed modularly so our customers can initiate their partnership journey with Palo Alto Networks, whatever their current need is, but over time we work with them to both expand across any one of our platforms and also work with them to adopt our other platforms in line with our plans. At the heart of our three-platform strategy is innovation. This is a fuel of our growth, especially in next-generation security where we play in markets that are early in their lifecycle. In the first half of fiscal year 2022, we had 22 major product releases, which is equal to all the releases we had in the full year of fiscal 2020. Even more impressive is that this quarter marks the end of all integrations of our acquired businesses over the last few years; i.e. all of our products are now seamlessly integrated and can have organic development continue on them. We were also pleased to receive two new industry awards adding one in developer security tools and other in secure web gateway. We now have a leadership position in 10 categories.

Focusing first on our firewall business. We’re continuing to refresh our platform, and just last week we announced two more new families with a PA-3400 and PA-5400. These new generation-four platforms have industry-leading performance on real world encrypted traffic using our single pass architecture and performance that is three times faster than similar Gen 3 appliances. We also rolled out PAN-OS 10.2 Nebula release, which adds significant new capability in using machine learning to stop the current generation of highly malicious attacks in line. This capability powers our recently released advanced URL and new advanced threat prevention subscriptions as well as bringing significant enhancements to the capability of our DNS security subscription. We added the industry’s first integrated AIOps to our next generation firewalls, our 10th subscription added to the firewall family, This capability assists customers to prevent firewall misconfigurations and proactively addresses performance issues before they impact customer networks. We were pleased with our ability to grow our product revenues at 21%. This contributed to our Q2 revenue upside and was ahead of our guided mid-teens growth for the full year, which we will be raising.

Our teams worked tirelessly during Q2 to ensure we could fulfill product demands to customers as quickly as possible, while also navigating through the Gen 3 to Gen 4 refresh. We did see demand for our next-generation firewall appliances outstripped our ability to ship in the quarter, and this is reflected in the growing RPO I spoke about earlier. Strong security demand, innovations we’re bringing to customers such as our Nebula release as well as customer appetite for Gen 4 gives a strong conviction in sustained product demand into fiscal year 2023.

Next, I wanted to spend some time on our NGS business. This is one where our teams have done work which I personally believe has not been done in the cyber security industry before, and this is what makes Palo Alto Networks special. We have built a formidable set of services which are cloud first and these services are resonating with our customers. This success is truly driven by us working with our customers to anticipate their challenges delivering best of breed solutions in an integrated fashion, whilst continuing to focus on security outcomes. This has resulted in us building an NGS ARR stream of $1.43 billion driven by billings growth of 79% in NGS.

Diving deeper into SASE which has been a strong contributor to NGS. We continue to see strong uptake from our existing customers. We’re also seeing marquee new customer wins, which are reflected in our current customer count of 1,983, which is up 62%. A recent report from the IT industry analyst Enterprise Strategy Group noted that 78% of organizations have begun or are planning SASE implementations. We see this mirrored in our customer conversations where hybrid work is now the way many of these companies are planning on supporting the future work. We are pleased to again stand on Okta’s Business at Work report where we were identified as the leading provider of remote access solutions. We’re seeing SASE emerge as a key platform for our customers. With these customers looking to Prisma SASE to deploy digital capabilities. We rolled out integrated CASB to within Prisma Access 3.0, including a new capability in-line DLP for SaaS and in particular collaboration applications. We continue to see success attaching autonomous digital experience management or ADEM as an up-sell in Prisma Access as customers rely more on SASE as the foundation of the network architecture.

On the cloud front, we’re seeing mainstream adoption of hyperscale public cloud in our customer base as well as an acceleration in production workloads. This is driving sustained strength we’re seeing from Prisma Cloud. Four years ago, we made it a conscious strategy to be a first mover with multiple big bets to proactively invest where we believed the future security was going. Our period began with several acquisitions targeting companies with the best technologies. We developed a unique go-to-market approach, allowing us to promote future modules as part of an integrated offering, we’re seeing tremendous success with this approach. While our active customers grew 21% to 1,810 in Q2, we saw north of 56% growth and credit consumptions, driven both by increased adoption in the cloud by our customers and their continued adoption of more security modules in Prisma Cloud. While our two core modules, cloud security posture management and cloud workload protection are mainstream within most of our customer base, we’re seeing an increase in adoption of three and more modules.

There are two areas I would like to highlight in Prisma Cloud this quarter. First, the launch of Cloud Code Security and second, the launch of Agentless scanning. Approximately one year ago, we acquired Bridgecrew, which has strong early traction and DevSecOps enabling security to be shifted left into the software development lifecycle. This addresses security problems before they are created in production deployments and is far more efficient. A single deployment template can be propagated hundreds of times. There are multiple vulnerability in the code, each deployment could create hundreds of security events even once in production. Bridgecrew had significant traction with the Chekov open source tool, momentum that has significantly accelerated since this acquisition closed and downloads of up to five times year-over-year. Building on the Bridgecrew technology in Q2, we released our fifth Prisma Cloud pillar, Cloud Code Security, which is part of our 3.0 release. Our standalone Bridgecrew product has about 70 customers. We’re pleased to see DevSecOps’ customer momentum building as Prisma Cloud customers adopt Cloud Code Security just several weeks after its integrated release into our platform.

Let’s talk about Agentless Scanning. You’ve seen a number of smaller provider focus on small initiatives and cloud native security. Providing only agentless scanning, is one of them. What we hear clearly from a customer is that they want a platform approach to cloud security, which offers the flexibility of both agent and agentless scanning depending on their architecture and security needs. Towards this end, our teams rallied and delivered agentless scanning in record time. This makes sure that our customers can deploy either approach via the integrated platform that is Prisma Cloud.

Now turning to Cortex, our endpoint security secured analytics and automation solutions. We continue to see significant customer demand for automation and security as a threat data and volume security grow at exponential rates. The human-only approach to interpreting data and responding to events is not keeping pace. We’re seeing strong customer adoption of our market-leading technologies across XDR, XSOAR and Xpanse. Total customers across XDR Pro and XSOAR reached 3,232 and increased over 69%. Q2 was a strong quarter for new customers, both those that are brand new to Palo Alto Networks and also across the quarter. We also saw Q2 strength across all of our geographies for Cortex. At our Ignite event last November, we launched our managed partnership program XMDR and we continue to see partners join the program to further align the opportunity across our Cortex portfolio. We now have 27 partners there and have a strong pipeline of inter subordinates working through the certification process.

Core to our growing success with Cortex is the innovation investments we have made over the last years in XDR, XSOAR, Xpanse with market-leading capabilities in each. Shortly after release XDR3.0 in Q1 to enable cloud detection response, we the released XDR3.0 — 3.1 in Q2 to further enhance our cloud asset visibility and insights. Q2 also marked the release of our intelligence modules for XSOAR providing end-to-end real world threat intelligence to help identify and discover new malware familiar — families or campaigns of attack techniques that are related to security incidents. This morning, we announced our Cortex Extended Security Intelligence and Automation Management or XSIAM platform and shared our vision to provide an autonomous cyber security solution as a modern alternative to SIM solutions. We believe security operations teams have an urgent threat-detection remediation problem and only by leaning into a natively AI-driven platform, we will be able to bring down our response time from hours and days to seconds and minutes. We’re on a mission to revolutionize how data analytics and automation is leveraged in cyber security and XSIAM is a product of years of research and development we’ve been doing in this area. XSIAM is currently available to a limited number of customers and will be broadly available later this year.

In summary, I’m very pleased with our Q2 results. We both continue to benefit from strength in our core next-generation firewall business and it’s a strong sign of our future growth prospects significant strength across our next-generation security portfolio. This balanced performance is a hallmark of our long-term strategy to drive durable growth. On the back of this strength and based on what we’re seeing in our pipeline heading into the second half of fiscal year 2022, we are raising our total revenue, product revenue and total billings guidance for the year. Within this top line, given our confidence in both our pipeline and our sales execution NGS, we’re also raising NGS ARR for the year.

Lastly we’re delivering this top line while we continue to make significant investments in our business for future growth. We not only continue to see strong near-term demand, but it’s also strong medium-term trends in cyber security, fueled by underlying strength in IT spending and secular trends like hybrid work and cloud native adoption. We have aligned investments both to building sales capacity for fiscal year ’23 as well as medium-term investments of product capability. These investments have been made while also absorbing unexpected supply-chain related cost this year. Despite this, we have been able to deliver upside to our non-GAAP EPS forecast so far this year. We’re lifting our non-GAAP EPS guidance for the year reflecting much of the upside we saw in Q2.

With that, I will turn the call over to Dipak to go into more detail on the Q2 performance of our guidance.

Dipak Golechha — Chief Financial Officer

Thank you, Nikesh, and good afternoon, everyone. We again delivered results ahead of our guidance across all metrics as we continue to transform our business. Topline growth remained strong in Q2 with balanced strength across our portfolio including product and especially in our next-generation security offerings. Supported by the strength in our differentiated offerings, we’re raising our full-year guidance. For Q2, revenue of $1.32 billion grew 30% and was above the high end of our guidance range. Product grew 21% and total services grew by 32%. We saw strong growth in all geographies and across all platforms. By geography, the Americas grew 33%, EMEA was up 22% and APAC grew 23%.

NGS ARR finished the quarter at $1.43 billion, supported by broad strength across each of our platforms. Prisma Access ARR more than doubled year-on-year and we continued to see especially strong growth from XDR and Prisma Cloud. This demonstrates that our portfolio approach to driving growth in our high-growth markets is working and what gives us confidence to raise our guidance here, which I will talk more about shortly. In the second quarter of 2022, we delivered total billings of $1.61 billion, up 32% and also above the high end of our guidance range. Total deferred revenue in Q2 was $5.4 billion, an increase of 31%. As a reminder, billings is total revenue plus the change in total deferred revenue, net of acquired deferred revenue. Our NGS billings grew 79% year-over-year. Going forward, we encourage investors to focus on our NGS ARR metric as we view this measure as being more indicative of the underlying drivers of this business. We will not be updating NGS billings in the future.

Remaining performance obligation or RPO was $6.3 billion, increasing 36% with current RPO growing largely in line with total RPO. As mentioned previously, we believe RPO adds meaningful insight into our future revenue as it includes both prepaid and contractual commitments from customers. The strength of our RPO growth gives us confidence in our future quarters as it effectively provides us a head start from a revenue perspective.

Our product growth was 21% in Q2 and above what we have seen historically, reflecting strong customer demand for our appliance and software offerings. Within our firewall as a platform business, we saw billings grow 26% in line with the growth we have seen over the last year as customers purchased hardware, software and SASE form factors. Within FWaap, up our software mix increased 5 points to 40%. Last quarter, we raised our fiscal year ’22 outlook for product revenue growth to mid teens. We’re raising this outlet to high teens as we continue to balance the forces of very strong customer demand and supply chain constraints.

Turning to the details of our results. Product revenue was $308 million growing 21%. Subscription revenue of $618 million increased 34%, Support revenue of $391 million increased 30% and in total, subscription and support revenue of $1.01 billion increased 32% and accounted for 77% of our total revenue. Non-GAAP gross margin of 74% was down 130 basis points, in part due to the ongoing costs associated with the supply chain. Our production teams have done an outstanding job in fulfilling the growing demand and keeping the priority focused on enabling shipments to customers. We will continue that posture moving forward.

Non-GAAP operating margin of 18.4% was again up sequentially and down year-over-year as expected with higher products and support costs impacting the year-over-year trends. Non-GAAP net income for the second quarter grew 20% to $185 million or $1.74 per diluted share. Our non-GAAP effective tax rate was 22%, our GAAP net loss was $94 million or $0.95 per basic and diluted share.

Turning now to the balance sheet and cash flow statement. We finished January with cash equivalents and investments of $4.2 billion. Days sales outstanding was 60 days, unchanged from a year ago. Cash flow from operations was $483 million, we generated adjusted free cash flow of $441 million, a margin of 33.5%. In Q2, we again balanced multiple financial priorities with strength in both top line, underlying non-GAAP profitability and in cash conversion. We believe it is important to hold ourselves to this discipline even when growth is robust in order to drive a best-in-class financial model as we scale into a larger company.

We continue to execute on our capital allocation priorities that outlined in our September Analyst Day. During Q2, we repurchased approximately 1 million shares on the open market at an average price of approximately $534 per share for total consideration of $550 million. We continue to expect a large part of our cash flow to be used for share repurchase. We have approximately $450 million remaining on our authorization for future share repurchases expiring December 31, 2022.

On the M&A front, we did not close any acquisitions in Q2. As we noticed at Analyst Day, we continue to focus on managing down our stock-based compensation as a percentage of revenue. This quarter, we reduced SBC by about 2 points year-over-year as we apply our overall disciplines of this process whilst balancing the current market for cyber security talent. We look forward to continuing this trend. Similarly, we talked about an aspiration for achieving the Rule of 60 combining revenue growth and adjusted free cash flow margin. You will see that with the revised midpoint of our fiscal year guidance, we are now expecting to achieve this once aspirational goal.

Lastly, moving to guidance and modeling points. As Nikesh highlighted, we continue to see very balanced demands. This includes demand from our appliance form factors that outstrips our ability to fulfill them in the short term as well as strengthen our next-generation security portfolio. Our Q3 guidance takes into account the strong demand picture as well as the best information we have today on supply chain and other factors. Turning to our guidance for the third quarter of fiscal ’22. We expect billings to be in the range of $1.59 billion to $1.61 billion, an increase of 22% to 25%. We expect revenue to be in the range of $1.345 billion to $1.365 billion, an increase of 25% to 27%. Non-GAAP EPS is expected to be in the range of $1.65 to $1.68 based on a weighted average diluted count of approximately 106 million to 108 million shares.

For fiscal year 2022, we expect billings to be in the range of $6.8 billion to $6.85 billion, an increase of 25% to 26%. We expect revenue to be in the range of $5.425 billion to $5.475 billion, an increase of 27% to 29%. We expect NGS ARR to be $1.725 billion to $1.775 billion, an increase of 46% to 50%. We expect product revenue to grow in the high teens with the seasonality weighted to Q4 as we have seen in prior years. We continue to expect operating margins to be in the range of 18.5% to 19%. Non-GAAP EPS is expected to be in the range of $7.23 to $7.03 based on a weighted average diluted count of approximately 106 million to 108 million shares. Adjusted free cash flow margin is expected to be in the range of 32% to 33%.

Additionally, please consider the following additional modeling points. We expect our non-GAAP tax rate to remain at 22% for Q3 ’22 and fiscal year ’22, subject to the outcome of future tax legislation. We expect net interest and other expenses of $5 million to $6 million per quarter. For Q3, we expect capital expenditures of $40 million to $45 million. For fiscal year ’22, we expect capital expenditures of $185 million to $195 million, which includes $39 million outlaid in Q2 related to our Santa Clara headquarters.

With that I will turn the call back over to Clay for the Q&A portion of the call. Thank you.

Questions and Answers:

Clay Bilby — Head:of Investor Relations

Great. Thank you, Dipak. And to allow for broad participation, I would ask that each person ask only one question. The first question is coming from Saket Kalia of Barclays, with Tal Liani of BofA to follow.

Saket Kalia — Barclays — Analyst

Okay. Great. Thanks, Clay. Thanks team. Nikesh, maybe I’ll start off with a product question since it’s hot off the press this morning. I was wondering if you could talk a little bit about the XSIAM product a little bit. Again, brand new given the announcement today. But maybe the question is, how do you envision it disrupting the SIM market? And how can you maybe leverage your existing portfolio to cross sell into the customer base?

Nikesh Arora — Chief Executive Officer and Chairman

Thank you, Saket. Thanks for the question. Look when I came to Palo Alto Networks, our meantime to respond at Palo Alto Networks was measured in 10s of days. And for someone who did not work in the security industry, I found that a little flabbergasting because if it takes 10s of days to figure out that you’ve been breached and all you’re doing is closing the door after somebody has gone. So we challenged our team internally, saying, can you take that and turn that in the seconds or minutes because that’s the only way we’re going to have a chance to be able to protect not just ourselves, but our customers in the future. That required us internally revamp from having north of I’d say, 15 to 20 other security vendors, even in our infrastructure, down to less than 10 because there are some areas — as you know, we don’t play in cyber security. But that coupled with the automation, with data analytics, we’re down at Palo Alto Networks just under 1 minute as a meantime to resolution, which is how we can resolve Log4j within our company or SolarWinds within our company. I think that’s the capability that customers need. And Nir did a phenomenal job just — in his video, where he says, look, you take a car and you adaptive control, you add park lane assist, you add all those features to an old car. As in — old as in it will be a new car but the cars which were around 20 years. That doesn’t make it an autonomous vehicle. He had to start from scratch, he had to build the software to build and analyzing data. And that’s kind of the right analogy to think about it. The future of protecting our customers will have to depend on being able to analyze data on the fly — immediate on the fly and not wait for humans to analyze it and come back then they let us know, now I know what happened.

Towards that end, we have launched XSIAM. It is an early release working with handful of design partners, to work with them, to go to place security infrastructure in line with what we’ve done at Palo Alto that allow us to learn and to build with them, but we expect this product will be GA later in the year. Really excited. The way it leverages our portfolio is, we can do it quickly if we’re using Palo Alto appliances, Palo Alto firewalls, Palo Alto endpoints. We can do it at Palo Alto Prisma Cloud. It is an easy thing to do for us. We also had to give others security vendors, but obviously the quality of data becomes suspect as we keep growing on to more and more legacy security technologies.

Saket Kalia — Barclays — Analyst

Great. Thanks.

Clay Bilby — Head:of Investor Relations

And our next question comes from Tal Liani of Bank of America, with Brian Essex up next. Tal, please proceed.

Tal Liani — Bank of America — Analyst

Hi. Hope you can hear me. I have a balance sheet — I’m limited to one question, so I’ll just ask the question that no one else would ask, probably. I’ll ask the balance sheet question. There is long-term convertible note that was rolled into short-term liabilities. The magnitude is big, it’s $1.6 billion. Can you explain this? Also, I’m looking at your SBC, it’s getting to $290 million this quarter, almost. It’s a big number. And if I go back, you’re not profitable, if I take into account SBC and that has been the historical trend. So can you first explain the SBC and the outlook? We know how — what’s going to be the trend with this account? And when are you going to turn profitability on a GAAP basis? What’s the plan for the company? Thanks.

Nikesh Arora — Chief Executive Officer and Chairman

Let me start with the second. I’ll hand over to Dipak, to answer your question on the balance sheet and add to my answer. Look, when I came, we bought a bunch of companies, and the way we bought them was, we uninvested the founders from their equity in their companies and reinvested them with Palo Alto stock over a period of four years. That was the only way we could secure the talent of all these founders of the companies we bought. So a significant part of our SBC is the embedded M&A cost of retaining founders. As you’ve noticed, we have not done any significant M&A over the last two or three quarters. As that begins to roll off, you will see a step change down in our SBC when all those acquisitions begin to roll. Obviously, the earliest one will start rolling off in about another six months and then over the next year or so — year and a half, you’ll see significant rollout. So that should show you that in addition to that, as Dipak highlighted, we are working hard to make sure that the normal SBC continues to be managed down. But of course, as you know, it’s a percent of revenue, if revenue keeps going up, it also acts as a benefit towards that direction. So we will talk more about what our forecast to achieve GAAP profitability as we lap Q4 this year because we have more visibility on the M&A stuff, but I will let Dipak add to that and as well talk about the balance sheet item.

Dipak Golechha — Chief Financial Officer

Yes, I think the only thing that I would add is like, what we found in the company is when we really focus on something, we find opportunities. You’ve seen that on pretty much every metric that we focused on. This now becomes another metric that we’re focusing on. I just want to say that we’re going to balance that with the need to retain our talent, just as you saw from the welcome home video, we want to make sure that we get the best talents as well. But that’s really on the SBC.

On your balance sheet question, Tal, a couple of different points. We — 2023 and 2025 notes eligible for early conversion from February 1 to April 30, 2022 due to the share price exceeding the price thresholds. Those notes continue to be classified on the balance sheet as current liabilities in Q2 unchanged from Q1. In Q4, the 2023 notes were classified as current liability and the 2025 notes were a long-term liability. So it’s just the question of how they’re classified on the balance sheet based on all the trigger events on the notes. But hopefully that answers your question.

Clay Bilby — Head:of Investor Relations

All right. Great. Thank you. And the next question comes from Brian Essex of Goldman Sachs with Hamza Fodderwala up next. Brian, please proceed.

Brian Essex — Goldman Sachs — Analyst

Yes. Great. Thank you. Good afternoon, and thank you for taking the question. Nikesh, I just want to touch on the hardware side of the business. See the innovation with the updates of PAN-OS and Gen-4 hardware refresh. What — I guess, first part of the question would be, have you adjusted sales incentives to drive better hardware adoption? And then maybe, part B of that question is, how do you think about the — I guess, the ability or the incentives to leverage the product side of the business to drive consolidation of share on your platform going forward?

Nikesh Arora — Chief Executive Officer and Chairman

Great question, Brian. So, two parts, one, as you probably heard from everyone in the industry who is in the hardware business, demand is outstripping supply. I suspect it partly has to do with supply, partly has to do with volumes going up with the pandemic, inflation expectations. So we don’t have to do a lot on sales incentives to dive in more hardware. We have customers who would like their hardware delivered sooner than later, so we are seeing demand. And as I said, our ability to supply, despite the 21% growth, still, demand outstripped that 21% number, which is why you see our RPO continuing to rise. So I — that’s your answer to the first part.

In terms of the ability for us to leverage hardware — and I’ll highlight a metric we shared last time, that 25% of our customers in SASE were net new to Palo Alto last quarter. We haven’t declared that number this quarter but that gives you a sense. And typically those conversations, Brian, are, hey I love your security platform, I love your security policy, I’d like to deploy it but my firewalls are still around and they have two, three years more to go. In that case, we end up with the SASE deal, with the expectation that over time, when that customer consolidates their firewall, it gets to be a Palo Alto end-to-end Zero Trust execution because the only way to do Zero Trust right, is to make sure your hardware, your cloud and your remote users are all consistent in terms of security policies used. From that perspective, we see an opportunity to take hardware and further consolidate, in some cases, customers going from two hardware vendors to one, in some cases, customers doing a replacement of some other hardware vendor with Palo Alto Networks because now they’re already deployed SASE in their environment.

So we see all of that happening. And one of the beautiful features or some of the subscriptions I laid out, whether it’s autonomous monitoring or AIOps or DNS security or URL filtering, et., we can make that happen consistently for our customers across both platforms. So in that perspective, they already see the benefits of deploying that on a consistent basis.

Clay Bilby — Head:of Investor Relations

Great, thank you. And our next question comes from Hamzah Fodderwala of Morgan Stanley, with Phil Winslow to follow.

Hamzah Fodderwala — Morgan Stanley — Analyst

Hey guys. Thanks for taking my question. So the NGS there are grew really nicely and you raised the full-year guide on that too, which I — you normally don’t do midway through the year. The Prisma SASE, Prisma Cloud doing really well, as usual it seems. But there appears to be an inflection on on Cortex. Can you talk about some of the strategic initiatives that are driving that in the last couple of quarters in particular? And then maybe just for Dipak, can you help us understand maybe the gap between NGS billings and ARR growth going forward as some of the lower durations stop — becomes a higher percentage of the NGS mix?

Nikesh Arora — Chief Executive Officer and Chairman

Thanks, Hamza, thanks for the question. Look, I think this was an all-out quarter strength across every NGS category, whether it’s cloud, SASE or Cortex. I think there is an inflection point both in Cortex as well as Prisma Cloud. More and more conversations around where customers are coming to the point of saying, yes, I cannot do this with the cloud native tools, because I’ve got multiple cloud providers I’m dealing with, or, I cannot do this with a — the next start-up from two guys who started it and I can cover one sliver. I need something that’s more comprehensive. Because honestly, if I was going to replace a security capability with a start-up capability, AWS, Azure, GCP already have that capability. It’s not like they’re lacking in capability from a security perspective. But just to give an example, if you deployed security using one cloud provider, whether it’s AWS or GCP or Azure, you’d have to integrate 10 of their modules to get one Prisma Cloud. You have to do the integration work yourself. So we’ve already done, that not just within their tools, also across all public cloud providers. So that’s why the consolidation of security capabilities in Prisma Cloud makes sense. We’re seeing that inflection. You see the number of customers is closing in on 2000 customers, 80 of the Fortune 100, so we’re not dealing with small enterprises trying to replace some feature some CSPs. We’re dealing with people who are now in complex production environment type scenarios and they already get the point [Indecipherable] So we’ve seen that inflection there and you’re seeing that with 56% growth in credit consumption, you’re seeing not only are we benefiting from people adopting multiple modules, we’re also benefiting from the fact that their native sort of production workloads are going up. And at Palo Alto Networks, we’ll tell you, our consumption of public cloud has always outstripped our forecast because of the success we’re seeing in our NGS portfolio.

So that’s one part. Cortex I’d say, again, raw materials, well, we didn’t have any of these products at Palo Alto Network. We were busy selling firewalls. So, I think part of it is the sales force getting behind it, understanding it and on most technical desks out there, XDR fairs better than most of the NG would know in the XDR space. So we have real technical differentiation advantage in the market. From that perspective, we are able to go on out for our base and say, look, I know we didn’t have this product two years ago, it’s time for you to renew, it’s time for you to deploy XDR, why don’t you try Palo Alto Network’s XDR. So you’re seeing both of those. I don’t know, Lee do you want to add something?

Lee Klarich — Chief Product Officer

No, it’s all right.

Nikesh Arora — Chief Executive Officer and Chairman

Besides, I don’t want to make Lee feel like he’s not answering any questions. Next one’s coming over. It’s a balance sheet question.

Lee Klarich — Chief Product Officer

Okay.

Nikesh Arora — Chief Executive Officer and Chairman

Thanks, Hamza.

Dipak Golechha — Chief Financial Officer

You want me to answer the…

Nikesh Arora — Chief Executive Officer and Chairman

Oh, yes.

Dipak Golechha — Chief Financial Officer

The billings versus ARR. Hamza, it’s a good question. It comes up quite often I think. Fundamentally, the way I look at it is, you’re comparing apples with oranges a little bit here. ARR is really your annual recurring revenue. Your billings is looking at whatever the duration is for what’s out there. And so if you have one deal that happens to be a long duration, right, you will get more billings and ARR within that quarter. Previous times we’ve had that. So I think the last quarter our NGS billings grew less than the ARR, which is why I’m probably more in the camp of let’s just focus on NGS. ARR, it’s the source of truth and the one that we will focus on. But hat’s all that’s happening. It’s quite variable quarter-to-quarter based on some of the larger deals that Nikesh mentioned.

Clay Bilby — Head:of Investor Relations

All right. Great. And up next is Phil Winslow of Credit Suisse, with Brent Thill to follow. Please proceed, Phil.

Philip Winslow — Credit Suisse — Analyst

Great. Thanks for taking my question. Congrats on a great quarter. Just wanted to focusing in on Prisma Cloud, Nikesh, may be inception that question into my head with your — with you please. But you mentioned the increased attach to production environments as well as just being early in terms of consolidating the functions at Palo Alto. What are you hearing from customers in terms of just adoption? Are we at that inflection point? And also, how are the competitive dynamics changing here?

Nikesh Arora — Chief Executive Officer and Chairman

Yes, I’m going to hand over to Lee because as I said, if Lee doesn’t answer a question, he won’t come to the next earning call. So, but before I give it to him, I will say one thing. We’ve deployed on adoption team on Prisma Cloud in the last six months, which is seeing phenomenal outcomes. And also I don’t — I want to say — I want you to intake it the right way. Competitively, the option is, customers are not ready to go to a production quality high and fully integrated cloud security platform. I’m fine with my DIY plus my cloud native tools. But there is no — we don’t run into a POC or compete with somebody else because usually, we either lose against ourselves, because the customer would rather stay where they are. Now, in the case of XDR or SASE, we have a competitive environment, it’s not like we don’t compete. But in the case of cloud, it’s usually based on the customer needs. But I’m going to let Lee talk about what customer received from cloud, what typically does the trick.

Lee Klarich — Chief Product Officer

Yes, I think — thanks Nikesh. There is a couple of, I think, key trends that we’re seeing. One, and following on to what Nikesh was saying, there were a number of companies, probably early adopters of cloud, that built a lot of their own tooling, used a lot of open source. And it’s interesting, a couple of years ago. when we talk to them, they would say, no, no, no, we’ve got this covered, we’ve built our own tools, we’re happy to maintain them. And many of them are now coming back to us and saying, actually, it turns out this is more work than we thought it was. It’s surprising just how many distinct APIs exist in each of the different cloud products that you have to integrate with, pull data from an understand. Just using that as one example of many, right. So that’s one trend that we’re seeing is, the challenge of doing it yourself.

The second is, the, I think the understanding of what actually needs to be accomplished. And again, early on, we saw it was, I just need compliance in the cloud. And now we’re seeing customers fully understand the needs across all different five pillars that we have and the importance of each of those and our ability to deliver on those. And lastly, I’d say we’ve actually gotten fairly good and we continue to work on this of building in-product adoption capability. So we’re not just dependent on people, customer success and adoption folks talking to our customers about adoption of new modules, we’re building that into the product natively suggesting to the customer what they need in order to be most secure and we’re seeing that drive a lot of adoption. You saw the note — the metrics on the Bridgecrew integration and just how quickly we’ve gotten to 70 customers adopting that in-product in just a couple of weeks since it was released in to production. So love to see this trend. Obviously, there is a lot more adoption we’re going to be see in the future, but I do think that we’re seeing that inflection point.

Philip Winslow — Credit Suisse — Analyst

Great. Thank you.

Clay Bilby — Head:of Investor Relations

Right. Our next question comes from Brent Thill of Jefferies, with Rob Owens to follow. Brent, please proceed.

Brent Thill — Jefferies — Analyst

Nikesh, just on the demand environment. Everyone is curious to hear your view on the strength of the pipeline relative to a year ago and many are questioning that is there been a pull forward or not. Can you just address what you’re seeing in the pipeline and ultimately why this is not — not been a pull forward of demand in your perspective?

Nikesh Arora — Chief Executive Officer and Chairman

I think, Brent it would be a pull-forward demand if you saw everyone posting numbers at this rate. You are seeing some other players in the industry who are low single digit in firewalls. So, we must be taking demand away from somebody else, whether it was us taking it or Fortinet taking it, clearly we’re taking some demand away from somebody else. Look, some of it is pent-up demand where people did not have anybody to go into the office and go deploy a firewall because nobody was going to the office. Now people are coming back, slowly and steadily there are people who are going to probably as part of that. Part of it is a refresh, as you know. We are — we have now refreshed more than 65% from our portfolio and that’s still only three months spend. So we’re still seeing demand for Gen-4 products being created at Palo Alto Networks. I think a couple of that — and I think to some degree, there is a little bit of a fear that they won’t get the firewall in time, so people are ordering to get them. But I think we also, as I said, we’re going to see this in to fiscal year 2023 at least and we’ll keep you posted.

Clay Bilby — Head:of Investor Relations

All right, great. And our next question comes from Rob Owens of Piper Sandler, with Gregg Moskowitz to follow. Rob, please ask your question now.

Rob Owens — Piper Sandler — Analyst

Thank you very much. With the success that you guys are currently seeing in cloud, can you talk about the channel model in terms of how you go to market, and longer term the potential economic implications, if there are any? Thanks.

Nikesh Arora — Chief Executive Officer and Chairman

Yes. Look, I think it’s fair to say in the large enterprise customers, the model hasn’t changed from a channel perspective. On the margin as you will appreciate, almost all cyber security products are slowly and steadily being listed on public cloud marketplaces. So, all of us, including Palo Alto, we’re seeing some customers buy on those marketplaces and in some cases, it makes sense. And we’ve got a embedded native firewall in GCP and if you can deploy it by accessing it through the marketplace, you will. In some cases, people using unused credits on public cloud marketplaces to be able to buy security, because that’s a feature that public cloud marketplaces have offered. I think that’s on the margin, but I’ll tell you what’s more interesting about people. We’re seeing channel partners get very savvy and start building adoption teams and sales team just specific to cloud or specific to our portfolio because they see the market is shifting in that direction. There is a bit of a arms race amongst themselves, their channel, where the more qualified people are likely to get more customers to buy from them, because — and it’s not always the person you use for firewalls.

Rob Owens — Piper Sandler — Analyst

Thanks.

Clay Bilby — Head:of Investor Relations

Our next question is from Gregg Moskowitz of Mizuho Securities, with Adam Borg to follow. Greg, please proceed.

Gregg Moskowitz — Mizuho Securities — Analyst

Okay. Thank you, and congrats on a terrific quarter. Nikesh, last quarter you sized the pull-forward at about 10% of product orders. How do you think about the net impact of this for the Q2? And then maybe as a sort of a — little bit of a follow on to Brent’s question, is there any evidence of double ordering at either a partner or the customer level?

Nikesh Arora — Chief Executive Officer and Chairman

So, Gregg, on the first part, I think it’s — there is a net wash. There is a pull-through, but there is the lack of ability to fulfill. So whilst I might be seeing a pull-through, you’re not seeing it in my product revenue because that’s kind of within the range of what I’ve not been able to ship because of the exceeded demand. So in my numbers you’re seeing a balance. You’re seeing — and you’ll probably, if you have visibility you see it in the booking but you wouldn’t see it in the revenue because I haven’t been able to ship it, not having been to build. So I think that’s the answer to the first question.

And in terms of — I know there is — this question has been asked at least for the last two quarters about double ordering and shadow ordering. We don’t work that way. When you order from us, you pay us. And I haven’t seen a refund being asked for in the firewall or a cancelled order yet in the last two quarters. So I will — it’s not in our numbers. And that’s — that may be true at the lower end where people have distribution channels, where a channel will pre-order and hold onto it. So you may see that there were the end customer is not customer on record in the beginning, where you starts — have distribution stocking that goes on. We don’t do any distribution stocking. We basically have end customers in every purchase order and we haven’t seen a cancelled order or refund. Dipak?

Dipak Golechha — Chief Financial Officer

If I — just to build on that, like our sales cycle is six to nine months and all of our purchase orders are non-cancellable. So it’s — just to put a finer point on it that they are non-cancellable.

Gregg Moskowitz — Mizuho Securities — Analyst

Helpful. Thank you, guys.

Clay Bilby — Head:of Investor Relations

All right. The next question coming from Adam Borg of Stifel, followed by Patrick Colville. Adam, please proceed.

Adam Borg — Stifel — Analyst

Great. Thanks so much for taking the question. Maybe just to drill down on Cortex remitted, just given the traction there. And maybe you can talk a little bit more about attack surface management. It just seems like that’s the area of interesting importance, just given the breach environment. So I was hoping you could talk more about traction there and the opportunities going forward. Thanks.

Lee Klarich — Chief Product Officer

Yes. Look at when we acquired Xpanse a bit over a year ago, we talked about why we thought this is so important and number one is, the proactive side of it. The finding an issue that you — so you can fix it before an attacker finds it, and attackers have increasingly automated tools and so it becomes even more important. For example, if you look at Log4j, the — shortly after Log4j information became available, what we saw was, attackers building automated scripts to basically try to find vulnerable patchy servers, right? And so, that’s the kind of challenge that a lot of customers are up against and Xpanse makes it very easy for customers to proactively find that, fix it, etc.

Second is, in a reactive state where something has become known publicly, Xpanse helps our customers find where they have exposure in order to address those issues first. And so, both of these are examples of why Xpanse has become so important to our customer base and and we — we’ve seen our customer base really understand that better over the last couple of quarters, and really embrace this as a sort of a must-have product in their security operations.

Adam Borg — Stifel — Analyst

Great. Thanks so much.

Clay Bilby — Head:of Investor Relations

And our last question for today will come from Patrick Colville of Deutsche Bank. Patrick, you may ask your question.

Patrick Colville — Deutsche Bank — Analyst

Thank you for squeezing me in. So I guess, congrats on a really excellent quarter that — I mean, the numbers so clean I think I’m going to ask a philosophical question, if I may. It’s going be about M&A. Valuations are roughly 30% cheaper than when we lost spoke three months ago. The start of your tenure, Nikesh, as CEO, we looked quite acquisitive. Is the moderation valuations for private companies, public companies as well, does that mean that your philosophy around M&A might have changed versus the messaging you gave us six months ago?

Nikesh Arora — Chief Executive Officer and Chairman

So there is no change, Patrick. I don’t think the valuations of private markets have quite normalized like the public markets have, first and foremost. I’d say the private markets are still enjoying the lack of liquidity as they no reason to mark-to-market their valuation. So — and that’s just more of a philosophical answer not correlated with my I mean M&A point, right? I would like you to have in purely because some of those companies are trying to come attract talents from Palo Alto Networks and as I’d like them to get mark-to-market so people realize these things can go down. But that having been said, there has been no change. Look, as I said, the reason we were acquisitive in the beginning, there were many areas of cyber security which were up and coming and going to be important and we were not in there and we were behind the 8-ball. To pick an analogy, we were late to the party, we hadn’t done the work needed to be ready for that market.

Take cloud security right? We bought about six or seven companies in cloud security, each of them had been in existence for two to four years. That’s four years of development that we were able to benefit from in a market, we need to be first. With Prisma Cloud, it is abundantly clear why we did that. Take XSOAR, we didn’t have automation workflows and platforms, we did that — take SASE. We didn’t have endpoint monitoring, we didn’t have SD-WAN. That stuff takes four to seven years to build. We didn’t have the time to go build it otherwise the market — we would not be in the market. Today we compete with Zscaler or Netskope in SASE. We compete with CrowdStrike, SentinelOne in XDR. We would not have been a player. So, that made sense.

Today, if you look forward, I don’t see many areas of cyber security where we don’t have a leading product or leading products not in development. If you look Palo Alto’s innovation cycle, I’d say, great in firewalls, continues to innovate, spend three years acquiring, getting up to snuff to a place where now we can compete in multiple categories, and now with XSIAM, we are delivering industry-leading innovation. I couldn’t buy anything for XSIAM because I looked at everything in the same space. And I said, wait a minute, why do we need to look at something which is 10 years old? I don’t need customers because I have customer willing to buy technology. So from that perspective, nothing has changed. I don’t think there’s any company out there that is valued a place for where you’d say. oh, my god, we could — this could be accretive, we should go take this because I think the cost of integration in cyber security is going to make you from a leading player to a mediocre player because you would spend too much time merging sales forces, merging customers trying to form two competing technologies. So that’s not our playbook. Our playbook is to go find cool technology, which you can absorb, make part of our go-to-market motion and to use those founders. And we’ve done that and we’ve left the door open saying if you were to buy companies that would be more on the product category, which will be more in line with these smaller to mid-sized acquisitions we’ve made, anything else. So that philosophy hasn’t changed, Patrick.

Clay Bilby — Head:of Investor Relations

All right. Great. And thank you, with that, we’ll close the call. I’ll turn it over to Nikesh, for his final remarks.

Nikesh Arora — Chief Executive Officer and Chairman

Well, once again, thank you, everybody for joining us, and as — like Clay said, we apologize for the 30-minute delay. We look forward to seeing many of you at our upcoming investor events and some of you on calls after this. I just, once again, want to thank our customers, our partners and most importantly, our employees around the world for helping us deliver a great quarter. Have a great day.