Palo Alto Networks Inc. (PANW) Q4 2020 Earnings Call Transcript

Palo Alto Networks Inc  (NYSE: PANW) Q4 2020 earnings call dated Aug. 24, 2020

Corporate Participants:

David Niederman — Vice President, Investor Relations

Nikesh Arora — Chief Executive Officer and Chairman

Luis Visoso — Chief Financial Officer

Lee Klarich — Chief Product Officer

Analysts:

Saket Kalia — Barclays — Analyst

Keith Weiss — Morgan Stanley — Analyst

Philip Winslow — Wells Fargo Securities — Analyst

Walter Pritchard — Citi — Analyst

Fatima Boolani — UBS — Analyst

Sterling Auty — J.P. Morgan — Analyst

Catharine Trebnick — Colliers International — Analyst

Patrick Colville — Deutsche Bank — Analyst

Rob Owens — Piper Sandler — Analyst

Brian Essex — Goldman Sachs — Analyst

Brent Thill — Jefferies — Analyst

Jonathan Ho — William Blair & Co. — Analyst

Brad Zelnick — Credit Suisse — Analyst

Presentation:

David Niederman — Vice President, Investor Relations

Good afternoon, and thank you for joining us on today’s conference call to discuss Palo Alto Networks Fiscal Fourth Quarter and Fiscal Year 2020 Financial Results. I’m David Niederman, Vice President, Investor Relations. This call is being broadcast live over the web and can be accessed on the Investors section of our website at investors.paloaltonetworks.com.

With me on today’s call are Nikesh Arora, our Chairman and Chief Executive Officer; Luis Visoso, our Chief Financial Officer; and Lee Klarich, our Chief Product Officer. This afternoon we issued a press release announcing our results for the fiscal fourth quarter ended July 3, 2020. If you’d like to copy of the release, you can access it online on our website.

We would like to remind you that during the course of this conference call, management will make forward-looking statements, including statements regarding the duration and impacts COVID-19 on our business, our customers, the enterprise and cybersecurity industry and global economic conditions, our financial guidance and modeling points for the fiscal first quarter of 2021, our expectations with regard to certain financial results and operating metrics for fiscal year 2021, our competitive position and the demand and market opportunity for our products and subscriptions, benefits and timing of new products, features and

Subscription offerings, including those from our proposed acquisition of The Crypsis Group, ARR and various billings, run rates as well as other financial and operating trends.

These forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. These forward-looking statements apply as of today. You should not rely on them as representing our views in the future, and we undertake no obligation to update these statements after this call. For a more detailed description of factors that could cause actual results to differ, please refer to our quarterly report on Form 10-Q filed with the SEC on May 22, 2020 and our earnings release posted a few minutes ago on our website and filed with the SEC on Form 8-K.

Also, please note that certain financial measures we use on this call are expressed on a non-GAAP basis and have been adjusted to exclude certain charges. For historical periods, we have provided reconciliations of these non-GAAP financial measures to GAAP financial measures in the supplemental financial information that can be found in the Investors section of our website located at investors.paloaltonetworks.com.

And finally, once we have completed our formal remarks, we will be posting them to our Investor Relations website under the Quarterly Results section. We’d also like to inform you that we will be virtually participating in the Citi 2020 Global Technology Conference on September 8, and the Deutsche Bank Technology Conference on September 14.

And with that, I will turn the call over to Nikesh.

Nikesh Arora — Chief Executive Officer and Chairman

Thank you, David. Good afternoon, everyone, and thank you for joining us today for our fiscal fourth quarter and full year 2020 results. I hope you enjoyed the video we showed you before. Our employees made that to celebrate how Palo Alto Networks has responded over the course of the year. I thought it would be a fitting start to everything we’re talking about today.

As you can probably tell, we’re delighted with our results this quarter and extremely thankful for the resilience that the team at Palo Alto Networks has shown in navigating the current environment. I cannot appreciate their efforts enough. I also want to acknowledge the challenges that people are experiencing globally as a result of COVID-19. This is a difficult time and we need to pull our strength and find empathy to get through it.

Before we talk about the quarter, I wanted to go back and remind you of the journey over the last three years. Three years ago, in my first and subsequent earnings calls, I’ve shared my observations about the cybersecurity industry. I talked about the need for integrated platform, need for setting platform with industry-leading solutions, I also talked about the need for us to become more relevant in emerging cloud security and the need to focus on AI, ML and automation. Three years later, we are well on our way to transforming from a single product category company to a three platform company. A company that secures the network with Strata, secures the cloud with Prisma and a platform for AI, ML applications and automation with Cortex.

We have been building products and acquiring new businesses to make progress towards our vision of providing integrated solutions. We are in early stages of our journey, but excited about the progress we’ve been able to achieve so far. The success of our transformation has strengthened our resolve [Phonetic] to double down on the growth areas in cybersecurity and aspire to be the cybersecurity partner of choice. The partner providing integrated comprehensive and industry-leading solutions to our customers.

We’ve had several conversations over the last three years around our M&A approach. As you have seen, successful M&A is an integral part of our approach. We’ve honed a disciplined framework to ensure that the companies require our productive investments and that they fit well within our long-term strategy. We look for industry-leading solutions that prepare us for tomorrow. And we focus on integration and retaining key talent, talent that has beat all odds and built solutions designed for tomorrow.

We have been able to unlock value by activating our go-to-market and customer success machines with incremental technologies to accelerate the acquired businesses. When we analyze the performance of our acquired companies, we see that we are achieving our stated goal of increasing a given target company’s internal business plan by 30% to 40% in the first 12 months of bringing them into the Palo Alto Networks’ family. We recently reviewed the M&A history of Palo Alto Networks with our board. I’m delighted to report that the aggregate annual run rate of all businesses that we’ve acquired is four times what it was pre-acquisition. Just as important, we’ve also been able to retain the key talent that had helped build the acquired companies.

Let’s look at some of the financial highlights from this quarter, starting with NGS. Three years ago, these collective offerings made up approximately 8% of our total billings. We closed FY 2020 with $928 million in NGS billings, representing approximately 20% of the total. Additionally, NGS ARR was approximately $650 million in Q4 2020. Three years ago, we didn’t have products that address the automation of cloud security markets. Today, we’re doing multi-million dollar deals in these areas, creating a strong foundation for our future growth. This is one of my favorite slides. NGS is growing faster than any of the single product newer public companies in this space.

Let’s take a deeper look in the piece parts of NGS. Turning to Cortex. We drove incredible innovation during 2020. We established a new category by transforming EDR to XDR, delivering detection and response across not just endpoints, but also firewalls and cloud assets. In November, we introduced XDR2.0, which featured a unified management UI, powerful new endpoint features an ingestion with third-party data alerts. XDR is rapidly gaining transaction — traction, sorry, and is a fastest growing product within NGS doing 1,000 customers. We recently added Managed Threat Hunting, industry’s first threat hunting service operating across integrated endpoint network and cloud data.

Cortex XDR’s momentum continues to accelerate, including a seven figure deal with a major energy company that chose Palo Alto Networks as a key partner in their digital transformation journey. Cortex XDR helped them drive down the complexity of security operations by sterilizing independent detection and response tools on to one superior platform. Through Cortex XDR, they were able to significantly reduce the number of alerts that needed to be triaged and investigated by their security analysts, all while gaining holistic visibility across the entire enterprise.

As security products get more real-time, it becomes more important to manage outcomes and respond rapidly. To aid our customers, we believe it is important to have a team of trained expert professionals to support them. To that end, we announced earlier today our intention to acquire The Crypsis Group, a fast growing cyber consulting and incident response company. This acquisition allows us to serve current and new customers across a broader set of their cybersecurity needs.

Once the transaction closes, Crypsis will bring strong incident response, forensics and consulting capabilities to our XDR portfolio. They have served more than 1,700 organizations across the healthcare, financial services, retail, e-commerce and energy industries. In addition to being able to predict and prevent cyber attacks, Cortex will also now be able to mitigate the impact of any breach that our customers may face, thus strengthening Palo Alto Networks’ position as the cybersecurity partner of choice for its customers. The Crypsis team, including the CEO, will join the Cortex speed boat.

Let’s turn to Cortex XDR — XSOAR. XSOAR is the industry’s first extended SOAR with native Threat Intelligence Management. XSOAR more than doubled our customers and billings over the last year, making it one of two leading solutions in the market. With the most recent launch of the XSOAR Marketplace, we are opening up the platform to both our partners and customers to enable automation for their security solutions.

One of the key wins I’m most proud to highlight for Q4 was an eight figure Cortex XSOAR deal with the United States government agency. Cortex XSOAR was chosen as the cornerstone of their global SOC transformation initiative, resulting in a 75% reduction in their meantime to respond by automating key security processes across the organization. COVID further put XSOAR’s real-time collaboration capability into focus, allowing the agency to rapidly shift their security operations to an entirely remote model, enabling them to defend the organization without any on-site personnel.

Let’s shift gears to Prisma. Prisma Cloud has come a long way this past year. We started with cloud security posture management and expanded our capabilities into cloud workload protection with container security and serverless security. Prisma Cloud has by now acquired over 1,800 customers and boasts 14% of the Global 2000 list. Our integrated platform approach in cloud security is working. We’ve signed a seven figure deal with the Fortune 10 company who will be using Prisma Cloud for both cloud security posture management and cloud workload protection. Several Prisma Cloud customers are consolidating multiple solutions with our unified cloud security platform. Today, a third of our customers are using both of these modules.

We will shortly launch new cloud security modules in data security, network security and IAM security. These modules will allow us to continue to execute on our vision of creating a fully integrated cloud security platform. Prisma Cloud continues to benefit from the overall global shift to cloud computing and the customer preference for platforms. We intend to work with our customers to continue to evolve this platform to serve their cloud security needs.

Let’s talk about Prisma Access. Prisma Access has been through an amazing journey in the last year. Combined with our recent CloudGenix acquisition, this is the most comprehensive SASE solution in the market. Prisma Access has become a powerful security tool as our customers go through a network transformation and create robust solutions for work from home for the long-term. This is showing up in our numbers, with the combination of Prisma Access and CloudGenix nearly doubling their customer accounts over the past two years and achieving $90 million in billings in our fiscal fourth quarter. We were very excited to sign a nearly eight figure deal with a major healthcare provider for Prisma Access in the fourth quarter, winning against the competitor by providing clear evidence that our solution provides the most effective security for their needs.

Additionally, we saw very strong conversion of Prisma Access trials that were launched in response to COVID and work from home. A notable example is a major enterprise that called us on the first Friday of COVID lockdown because their data center lacks sufficient bandwidth for all of their remote employees. By Monday, they had 1,000 users up and running. And by Wednesday, they had shifted enough users as pressure on the data center was relieved. This quickly became their secure work from home solution and they are now looking to extend Prisma Access out to all branch offices replacing their existing provider. We have many more similar examples of customers converting from Prisma Access trials and we’re delighted to have been able to help companies and the people remaining productive during these challenging times.

While NGS is an important part of our go-forward strategy, we are equally proud of our progress and success of our Firewall business. Recognized as an eight time Gartner Magic Quadrant leader, we continue to relentlessly Innovate to stay ahead of the pack. We continue to believe that firewall capability is essential and needs to evolve to deliver capability across all customer needs. Hence, we’ve been offering a consistent approach in our hardware, software and now containerized firewalls and are also able to deliver them in the cloud with Prisma Access.

We introduced our new PAN-OS 10.0 that feature the industry’s first machine learning based powered next generation firewall with advanced telemetry capabilities, the ability to secure containers, simplified decryption and many more groundbreaking features. To truly enable the firewall platform, we have worked on services that works seamlessly as part of our platform. The launch of IoT security subscription is our most recent example. In the last 18 months, we have doubled our subscription offerings from four to eight. DNS Security, which was launched in Q3 2019 has been our fastest growing subscription with over 15% attach rate and now over 3,000 customers.

Our software next generation firewalls continue to shine. VM Series continues to capture new customers at a rapid rate with over 9,000 customers now using VM Series, many of which are consumed through cloud marketplaces. And with the introduction of CN Series we can now apply next generation firewall capabilities to containerize environments on on-prem or in the cloud with consistent security and policy.

Turning to the topic of COVID-19 and its impact on both the global economy and our business. When we met with you to review our fiscal Q3 results in May, the pandemic was still in early stages. As we speak with our customers, we hear and see a range of impact and feedback. Many companies are becoming more cost and cash conscious. Companies are also adapting to the new environment by accelerating investment in technologies to ensure the more dispersed work is secured. I believe that we are in the very early stages of this acceleration and that the next several years present significant opportunities for cybersecurity as an industry and Palo Alto Networks in particular.

For our own employees, the second half of our fiscal 2020 was indelibly marked by COVID-19. We responded quickly, taking rapid action to ensure the safety for employees by establishing protocols and tools to work from home. We quickly gathered our early efforts and named it FLEXWORK, recognizing that we were in the early stages. Today, I’m delighted to announce that we are launching the next phase of FLEXWORK to help our employees maintain health, well-being and productivity during COVID-19.

The FLEXWORK program includes a broad range of initiatives, including FLEXbenefits and FLEXlearn. These initiatives will ensure that our people can choose benefits that make most sense for their working family environment and follow personalized learning paths designed to help them do their jobs and manage teams remotely. We plan to give our employees an additional allowance of $1,000 with choice of various flexible benefits. And over time, we intend to individualize benefits, making them an employee choice.

Even with all the challenges presented by COVID, the Palo Alto Networks teams have been able to adapt and maintain focus allowing us to post some great results. I know we cannot sit [Phonetic] in the progress achieved so far and need to focus on what is ahead. As I mentioned, we are pleased with our progress so far, yet we have a lot of work ahead of us. The macro environment was better than we anticipated, but still uncertain.

Here is what you can expect from us in 2021. We will continue to invest in our next generation security and security subscriptions, both through organic and inorganic means to continue our transformation journey. We will do so in a financially prudent manner as we have been able to demonstrate. You can expect us to manage our organic operating margin in line with what was achieved this year.

The work from on transition has created a challenge in the industry around hardware, and we expect this trend to continue. We have been shifting our customers to software-delivered security, and we plan to continue to do so. We expect most of our growth to come from software and services. While there are some cost savings due to COVID, we are planning to reinvest those savings towards our employees. We will be more generous over the coming years to drive this transition to a FLEXWORK environment.

In the words of my friend Mark Bienhoff [Phonetic] we will be responsive to and support all of our stakeholders not just our shareholders because we believe that is how true value is created in the long-term. I want to thank our amazing employees and partners for their contributions. Our success is only possible through our combined efforts.

Now, I want to take the opportunity to welcome Luis to Palo Alto Networks. Luis joined us almost two months ago from Amazon’s AWS division and has been rapidly learning all things in cybersecurity. We’re extremely fortunate to have an executive of Luis’ caliber to lead our CFO organization. With that, I will turn the call over to Luis.

Luis Visoso — Chief Financial Officer

Thank you, Nikesh for the warm welcome. While, I wasn’t here for the first three years of the transformation, I can clearly see that it is working, and we’re only getting started. I am encouraged by the value that Palo Alto Networks can create going forward, and I look forward meeting you in the upcoming events.

Moving on to our results, I’d like to note that except for revenue and billings, our financial figures are non-GAAP and growth rates are compared to the prior year period unless stated otherwise. As Nikesh indicated, we had an extremely strong finish to our fiscal year with fiscal Q4 billings of $1.39 billion, an increase of 32% year-over-year. Our next generation security business is performing strongly with NGS billings of $357 million, which grew 86% year-over-year. Firewall as a Platform billings, which includes physical firewalls, VMs, Prisma Access and CloudGenix, grew 19%. In the fourth quarter, we beat our guidance across all guided metrics. Total revenue grew 18% to $950.4 million. For the fiscal year, we reported total revenue of $3.4 billion, an 18% increase year-over-year.

Looking at growth by geography, Q4 revenue in the Americas grew 18%; EMEA grew 20% and APAC grew 16%. Q4 product revenue of $305.6 million was flat compared to the prior year. Q4 subscription revenue of $389.8 million increased 33%, support revenue of $255 million increased 23%. In total, subscription and support revenue of $644.8 million increased 29% and accounted for 68% of total revenue.

Turning to billings. Q4 total billings of $1.39 billion net of acquired deferred revenue increased 32%, driven by strong execution across the company, work from home tailwinds and continued success in next generation security. The dollar-weighted contract duration for new subscriptions and support billings in the quarter remained at approximately three years, flat year-over-year.

We closed five additional Palo Alto Networks’ financial services deals, enabling our business by offering greater flexibility to customers. Our fiscal 2020 total billings were $4.3 billion, up 23% year-over-year. Product billings were $1.07 billion, a decrease of 3% year-over-year and represent 25% of total billings. Support billings were $1.21 billion, up 28% and represented 28% of total billings. And subscription support — sorry, and subscription billings were $2.02 billion, an increase of 40% year-over-year and represented 47% of total billings. Total deferred revenue at the end of Q4 was $3.8 billion, an increase of 32% year-over-year.

In the fourth quarter, we continue to add new customers at a healthy clip, adding approximately 2,400 new customers in the quarter. We also continue to increase our share of wallet of existing customers. Our top 25 costumers, all of which made a purchase this quarter, spent a minimum of $55.3 million in lifetime value through the end of fiscal Q4 2020, a 35% increase over the $40.9 million in the comparable prior year period.

Q4 gross margin was 74.3%, which was down 320 basis points compared to last year as some of our fastest growing products are still gaining the scale required to have the right cost structure and higher freight costs associated with comping. We expect these headwinds to continue into fiscal year 2021. Q4 operating margin was 19.8%, a decline of 180 basis points year-over-year and includes the impact of approximately $14 million of net expense associated with our recent acquisitions. For the full fiscal year 2020, operating margin was 17.6%, a decrease of 440 basis points year-over-year compared to fiscal year 2019 operating margin of 22% and includes the impact of approximately $23 million of net expense associated with our recent acquisitions.

We ended the fourth quarter with 8,014 employees. On a GAAP basis, for the fourth quarter, net loss increased 183% year-over-year to $58.9 million or $0.61 per basic and diluted share. For the full fiscal year 2020, GAAP net loss increased 226% year-over-year to $267 million or $2.76 per basic and diluted share. Non-GAAP net income for the fourth quarter decreased 1% year-over-year to $149 million or $1.48 per diluted share. For the full fiscal year 2020, non-GAAP net income decreased 10% year-over-year to $484.6 million or $4.88 per diluted share. Our non-GAAP effective tax rate for Q4 was 22%.

Turning to cash flow and balance sheet items. We finished July with cash, cash equivalents and investments of $4.3 billion. This includes net cash of approximately $2 billion raised through the June 2020 offering of convertible senior notes due in 2025. Q4 cash flow from operations of $333.7 million increased by 44% year-over-year. Free cash flow was $301.9 million, up 69% at a margin of 31.8%.

Capital expenditure in the quarter was $31.8 million. DSO was 81 days, an increase of 26 days from the prior year period, reflecting strong billings at the end of the quarter that will be collected in 2021. Lastly, in fiscal Q4 we completed $1 billion accelerated share repurchase transaction announced in February, where we will retiree a total of 5.2 million shares.

For the first fiscal quarter of 2021, we expect billings to be in the range of $1.03 billion to $1.05 billion, an increase of 15% to 17% year-over-year. We expect revenue to be in the range of $915 million to $925 million, an increase of 19% to 20% year-over-year. We expect non-cash EPS in the range of $1.32 to $1.35 using 99 million to 101 million shares. We do not expect Crypsis to have a material impact to Q1 results. Additionally, I would like to provide some additional modeling points. We expect non-GAAP effective tax rate to remain at 22%. Capex will be approximately $35 million to $40 million.

Turning to the full fiscal year 2021, I would like to provide a few markers on how we expect to perform. We expect billings to grow in the mid-teens and revenue to grow in the high-teens with product revenue flat to slightly down year-over-year. As Nikesh mentioned, we expect flat organic operating margins as we continue to invest in NGS and our employees during COVID times. EPS is expected to grow in the low to mid-teens as we face headwinds from lower interest income. Lastly, we expect our annual free cash flow margin to be consistent with 2020 margins. To note, we expect Q1 free cash flow margin to be higher than the year due to strong Q4 ’20 billings.

With that, I’d like to open the call for questions. May we please poll for questions.

Questions and Answers:

 

David Niederman — Vice President, Investor Relations

Thanks, Luis. As a reminder, please limit yourself to one question in interest of time. Our first question will come from Saket Kalia from Barclays. And our second question will come from Keith Weiss from Morgan Stanley.

Saket Kalia — Barclays — Analyst

Okay, great. Hey guys, thanks for taking my question here. And welcome Luis, look forward to working with you. Nikesh, a lot to talk about on the next-gen Security side, but maybe just to get it out of the way and touch on the core Firewall business, can you just talk about what you saw this quarter in terms of customers’ appetite for appliances? And which attached subscriptions perhaps maybe surprise you to be upside?

Nikesh Arora — Chief Executive Officer and Chairman

Well, Saket, thank you very much for your question. Look, as we’ve been talking about the macro environment for a while now and a lot of customers are not in their offices. When customers are not in their office, it’s very hard for hardware to be delivered or POCs to happen. So we are calling that hardware is going to continue to be a tough business in the next 12 months. We saw appetite from existing customers who are expanding their state or getting more firewalls because they need more capacity.

You don’t see as much new firewall business out there or new hardware business out of there. So we have to be very careful and cautious on it. But we are seeing that being supplemented by a lot more software-based solution. So you saw the success and strength in Prisma Access. You saw the success in our VMs. So we are seeing people step up and solve their problem using our software solutions more and more. And in case where they need more capacity for more VMs or more remote users, they are expanding capacity with firewalls or they are going through a cycle where there is some firewalls going to get into end of life, they are doing a refresh in those cases. But in terms of subscriptions, I have to say, as I highlighted DNS, which we launched in Q3 2019, did its 3,000 customers mark. We are in the process of allowing subscription capability in the future on a software firewall format. So you will see us continue to drive the subscription thing. It’s early for IoT, but we have a lot of expectation of IoT because we believe that’s an important need from the enterprise perspective. So we have launched — we won with our most recent ML to our firewalls and we hope to be able to add more enhancements to IoT and make a success out of that as well. This is harder, I can see myself. I’m not used to doing this on a earnings call.

David Niederman — Vice President, Investor Relations

Great. Our next question comes from Keith from Morgan Stanley.

Keith Weiss — Morgan Stanley — Analyst

Thank you guys for taking the question, and a very nice quarter and really impressive overall billings as well as those next-gen security billings really sustaining a ton of momentum. I wanted to tack on to Saket’s question and better understand when we think about the kind of the overall firewall platform billings grown 19%, that’s a very impressive number. Is there a substitution effect going on? And is there any way that you could quantify that in terms of people taking Prisma Cloud versus taking firewalls and maybe some substitution of dollars going from one side of the equation to the other versus product revenues?

Nikesh Arora — Chief Executive Officer and Chairman

Yeah. I think — thanks, Keith, for the question. Yes, there is substitution going on. If you look at the example I highlighted in the call where one of our customers was running out of capacity in their data center to be able to do remote secure access and we went and deployed Prisma Access. They got 1,000 people live in over the weekend, they got more people live by the end of next, the following week and now they’re going to go put Prisma Access across their entire state, across all their offices and that would have been a box sale. Three years ago that will be more boxes in the data center running VPM.

So there is clear substitution going on, Prisma Access is substituting hardware. Now I would like it because A, it’s a software form factor, which means we can update and upgrade that software on a more regular basis. In hardware, the customer has to do the updates and upgrades and this is where the security risk comes in. So for us, having software form factors out there is a long-term amazing total cost of ownership benefit not just for us, but our customers allow us to keep updating security as they go on.

So yes, the substitution is happening. It’s happening from the hardware format to the software format in the case of Prisma Access or take the case when customer says, as we at Palo Alto Networks, we have significantly shrunk our data capacity. We basically shifted a lot of our own compute to Google Cloud or to AWS. And when that happens, we’re not deploying more hardware in our data centers, we are actually buying more cloud from the public cloud providers. And to protect that also in those situations, we’re putting our VM Series firewalls on our CN Series in the future against our cloud instance. So that’s again because we are moving to the cloud, we’re substituting our own hardware purchases and our own hardware deployments with what is a containerized or a VM Firewall.

So in both cases you’re seeing the substitution happen. That’s why we’ve been talking about this Firewall as a Platform number for the last year and a half, saying, look, pay attention to that number because when these substitutions happen, some vendors, some partners or some industry players have some of those solutions, not all of them. And the virtue of us having all three form factors whether it’s cloud-based firewall or a firewall that can operate in the hardware form factor or to Prisma Access or against the public cloud instances that allows us consistency and allows us to pitch the right firewall for the right situation.

Keith Weiss — Morgan Stanley — Analyst

That’s very helpful. Thank you.

David Niederman — Vice President, Investor Relations

Our next question will come from Phil Winslow from Wells Fargo in line with Walt Pritchard from Citigroup.

Philip Winslow — Wells Fargo Securities — Analyst

Great. Thanks for taking my question, and hey, congrats on a strong quarter. I wanted to focus in on just the go-to-market efforts. Wondering if you could give us an update getting into this fiscal year how you feel about sales productivity, sales capacity and also the incentive structure and anything you’re changing this year or any priority focuses for ’21?

Nikesh Arora — Chief Executive Officer and Chairman

We’re going to make sure that we don’t do what we did two years ago, that’s your question. It’s — I don’t want to use the word unprecedented because I think it’s been used too often. But launching it — right now, we’re going through our sales kick off. We’ve been gone from a three day event, which used to be physical last year in Vegas, and I’m not missing Vegas, but it’s turning to a six week learning journey and we’re instrumenting everything online where people have to go through the learning process and they’re going to upload their video, pictures up into a platform where each of them are going to read each other and critic each other. So we are all learning with the time in terms of how to go — sort of initialize the sales force in new fiscal year.

And I think our teams are doing really good job of making that happen. So from that perspective, I am not concerned about our ability to go out there and create the opportunities for our sales teams. I think the real question going into next year is how do we continue to maintain the momentum. And as I’ve said, we intend to keep investing in our transformation that we’ve done so far with next generation security. We’re all very pleased. If you had asked me at the Analyst Day two years ago, what did — or one year ago, what did I think were the biggest risk was. My biggest risk was can we get to $805 million of billings from next generation security because it all sort of somewhat fledgling businesses we bought, we were going to integrate them, we’re going to go and convince customers that this is the right way to go by cybersecurity. And $928 million of billings which was a welcome and a surprise also for us in a good way. Our teams love the products, our customers are loving the product. So we’re just going to try and keep that momentum going, going into next year. All of our sales tweaks or commission tweaks or go-to-market tweaks that we make are going to be aligned towards meeting the objectives that we set out for ourselves. So we’re hoping not to make any major shifts, yet keep doing and investing the direction that the teams feel successful so far.

Philip Winslow — Wells Fargo Securities — Analyst

Great. Thanks, Nikesh. And should we expect Nir to drop an electronic flute album this coming fiscal year?

Nikesh Arora — Chief Executive Officer and Chairman

That video when was sent to me by an employee two days ago and it was very sort of amazing that they’ve put it together. We thought it was a worthwhile thing to show. And I don’t even know where or when Nir was playing the electric flute.

Philip Winslow — Wells Fargo Securities — Analyst

Thanks, guys.

Nikesh Arora — Chief Executive Officer and Chairman

My son trying to jump on my back while working out.

Philip Winslow — Wells Fargo Securities — Analyst

Awesome. Thanks, guys.

Nikesh Arora — Chief Executive Officer and Chairman

All right. It’s just us. David?

David Niederman — Vice President, Investor Relations

Great. Can we go to Walt from Citigroup, please. Walt?

Walter Pritchard — Citi — Analyst

Hi, thanks. Yeah, I’m here. So just a question on margins. I guess, you took on pretty significant margin dilution in fiscal — fiscal 2020. Could you help us understand the puts and takes around margins as we head into ’21? And especially you’ve seen that revenue on those acquisitions, it sounds like real quite a bit and take care of some of that dilution. Can you help us understand where the incremental investments are going relative to keeping those margins flat?

Nikesh Arora — Chief Executive Officer and Chairman

Yeah. Walt, I think if you think about the success in NGS, so what we did was we deployed a speed boat model, which was we created a dedicated sales team that was helping us sell Prisma Cloud and helping us sell Cortex and Cortex XSOAR. And now what we’re doing is we’re trying to; a, keep that momentum. You saw that we grew that number 105% and that requires us to make sure we continue to invest in our sales team which can actually go compete with some of the other players in the market and go into hand-to-hand combat for some of the larger deals.

What we’ve also done is we’re deploying that capability across our entire core sales team where they’re able to take the products and [Indecipherable] it. So we track very carefully how people are spending time and how much of our new products are able to sell. So we’re glad that the proportion of our sales teams that are able to sell next generation security continues to rise, which is a good thing. But we continue to hope to make investments in that direction.

The other part, which Luis alluded to is that as we see ramp up in next generation security because there is a significant amount of deployment expense and consulting expense, which is a one-time expense that happens early in the lifecycle of us deploying these products, you see that we have some compression in the first year of the margin, both on the gross margin and the operating margin, both sides when we deploy these services.

Luis, do you want to add something?

Luis Visoso — Chief Financial Officer

No, I think you covered it well, Nikesh. Nothing to add.

Walter Pritchard — Citi — Analyst

Okay. Thank you.

David Niederman — Vice President, Investor Relations

Great. Our next question will come from Fatima Boolani from UBS. And following Fatima, we’ll have Sterling Auty from J.P. Morgan.

Fatima Boolani — UBS — Analyst

Great. Good afternoon, everyone. Thanks for taking my questions. Either for Nikesh or Luis, nice to meet you. I wanted to drill into your fiscal ’21 outlook, appreciate sort of the high level trajectory of the key metrics in the business. But as I triangulate between a near triple-digit growth in your NGS portfolio, which is now a fifth of the mix. As I think about the software business contribution accelerating and even substituting for hardware, I’m wondering what’s maybe underpinning some of your conservatism on a mid-teens outlook? Would love to get some of your puts and takes and your thought process behind that outlook relative to the 32% you did this quarter?

Luis Visoso — Chief Financial Officer

Yeah. Thank you for the question, and nice to meet you. I think there are — we should take into account two factors. One is the strong performance of Palo Alto Networks, right? So we’re performing very strongly, and you’ll see that in our Q4 results and you see that in our guidance in Q1. But there is still a lot of uncertainty out there and we want to be prudent as we keep guidance for the year end or as we setup framework for the full year. So we just want to be prudent as we think about it, just given the uncertainty.

David Niederman — Vice President, Investor Relations

Great. Our next question comes from Sterling Auty from J.P. Morgan.

Sterling Auty — J.P. Morgan — Analyst

Yeah, thanks. Hi guys. So wanted to drill into the acquisition of Crypsis. So we’re watching FireEye actually separate their product business from their services business, and I just want to make sure, is there an intention with this acquisition to have the incident response actually drive, follow through purchasing of product? Is that what you’re looking to accomplish with it or is it a different strategy in terms of the acquisition?

Nikesh Arora — Chief Executive Officer and Chairman

Sterling, that’s a great question, and I would not comment on FireEye. But we have noticed when it comes to XDR, the customers are both excited about having a managed capability around it as well as we’ve noticed that in the case of incident response, typically if you have a good set of products and those products help you protect in that or help you diagnose during that incident, the customers are reasonably keen on deploying those products on a larger scale. We’ve experienced that with XDR even without having Incident response team. We’ve been called in by many of our large customers in certain cases where we’ve gone on a sort of a — on a partnership basis gone and helped them in the case of an incident or in the case of a breach. And almost all times variably, the customers have actually embraced XDR and deployed it in large number. So we’ve noticed that and we believe that if we had a team that was being sort of canvas have asked to come in and do, help, in this case, Crypsis has done 1,700 such responses from an incidence perspective, we think the upsell or gross sell possibility for XDR if it’s the right product in that instance is huge. So we think this will significantly allow us to amplify our success next year and in the future.

Sterling Auty — J.P. Morgan — Analyst

Understood. Thank you.

David Niederman — Vice President, Investor Relations

Our next question will come from Catharine Trebnick from Colliers, and then we’ll have Patrick Colville from Deutsche Bank.

Catharine Trebnick — Colliers International — Analyst

All right. Nice quarter, gentlemen, and thank you for taking my question. During the quarter, several of the IT executives I spoke to talked a lot about Microsoft and the native Firewall. Could you drill down for us on your capabilities versus theirs? Where do you think they are in achieving growth through their native firewall? Thank you.

Nikesh Arora — Chief Executive Officer and Chairman

Well, thank you for asking the question. I was hoping that there will be a question which I can point to Lee because he’s wearing his nice clean shirt. So Lee?

Lee Klarich — Chief Product Officer

Thank you, Nikesh. Good question, Catherine. What we have seen relative to the cloud providers is, they — it’s very important to them to have a set of security capabilities that helps remove certain obstacles for getting customers to consume more and more cloud, but not necessarily going to the level of true enterprise class. And I think that’s the underpinning of our success with the M Series and just recently released CN Series, Prisma Cloud as well. We’re really focused on bringing the enterprise class capabilities that our customers expect in a much more tightly integrated fashion and being able to then take those capabilities and go multi-cloud as well as hybrid cloud. And so one of the key differences in our approach is our ability to support our larger customers as they have multi-cloud strategies, whereas the cloud providers themselves are most by definition, going to be single cloud in their solutions.

David Niederman — Vice President, Investor Relations

Great. Now we’ll have Patrick Colville from Deutsche Bank.

Patrick Colville — Deutsche Bank — Analyst

Thank you for taking my question, and congrats on a great quarter. Can we just talk about the product — fiscal ’21 kind of color you gave. I appreciate the world is changing, we’re going to a more software-driven world, even a little bit less hardware, but the guidance you gave is suggestive of kind of market share bleed to Fortinet and checkpoints. And so just any thoughts around does that matter that you guys now more focused on the kind of software components just to help us I guess get your thinking around the hardware side and what used to be the core business?

Nikesh Arora — Chief Executive Officer and Chairman

Yeah. I think, Patrick, thank you for the question. I don’t get to the same conclusion. So the way we think about the firewall platform, as you see, we consider a situation where we sell Prisma Access could have been a hardware situation. And if you sold Prisma Access with CloudGenix and SDRAM solution, we think that’s a like-for-like deal where we’re not losing market share. And the reason we’ve been talking about Firewall as a Platform for the last year and a half or so is, when we — we look at market share from the firewall perspective and say, am I selling more firewalling capability than the industry growth rate? I think the industry growth of firewalls is in the low-single-digit range. And if we can deliver Firewall as a Platform growth rates in the high-teens, that’s a good outcome for us. So we grew Firewall as a Platform 19%, industry probably grew at 35 or 4%, focus and we think we took share. I took share with software, which I think is in the long-term much better outcome for us because it allows us to give our customers in a better situation and also it’s not a hardware-dependent business where there is more risk.

So we don’t — you don’t get to the same conclusion on loss of market share as long as I’m growing Firewall as a Platform in the ranges that we have, I think we’re taking share. We may be shifting share to the earlier question from hardware to software, but we don’t have any intention of losing any share to anybody in the market. We hopefully — we intend to gain share in the market. And I think you have to look at it more holistically across what Zscaler is doing, what Checkpoint is doing, what Microsoft firewalls are doing, what our firewalls are doing. If you look at that as a total firewall market, you want to be growing that share of that pie. And even the current environment, as I’ve said, it’s very hard to go deploy hardware or sell hardware to customers because many of them are not there in the office to take delivery and do a proof of concept even. So we’re delighted that we have software form factor to be able to sell them in this environment and deploy them remotely because that’s what the customers are looking for right now.

Patrick Colville — Deutsche Bank — Analyst

Thanks for the color.

David Niederman — Vice President, Investor Relations

Our next question comes from Rob Owens from Piper Sandler, then we’ll have Brian Essex from Goldman Sachs.

Rob Owens — Piper Sandler — Analyst

Great. Thanks for taking my question. Wanted to drill down a little bit more into Prisma Cloud and some of the newer off things you guys discussed relative to data security, network security and IAM. Are those products going to be from Palo Alto exclusively? Would we expect you to partner with some of the other vendors in the markets? And any incremental color in terms of timing and functionality would be appreciated? Thanks.

Nikesh Arora — Chief Executive Officer and Chairman

So I’m going to give you a perspective, then I’m going to ask Lee to jump in and talk about the margins. Look, one of the points, a few we have taken as we deploy our next generation of products whether it’s cloud security or Cortex, we have tried to make sure that we give the customers the best of breed integrated solution for cloud security. So when we bought RedLock and we bought Twistlock and PureSec and Aporeto, we made sure they were integrated into one platform. The way we sell it is we go to our customer and say, buy credits. Our customers buy credits to use our products. And we keep introducing these new modules within our product. And as the customers experience our product, they start exploring these new modules and start using them, which keeps decrementing credits.

So we’re trying to create scale from a go-to-market perspective and provide them the best capabilities. So towards that end, the 1,800 customers we have for Prisma Cloud, these customers barring for on-prem versus cloud versions, they will have the opportunity of experiencing every one of our modules without having to come out and buy it from us. They would already have it as part of the product. And if they choose to use it, they will decrement their credits faster. So that’s our strategy. And towards that end, we believe that the true benefit for the security solution of the customer as well as for us economically is if we don’t have to go do sort of the sales rule every time that we are launching a new module because we believe cloud security is not fully developed as a platform. So we will have seven modules some time later today. And I’ll let a Lee talk about the feature functionality and capability.

Lee Klarich — Chief Product Officer

Yeah. So one of the very strong points of feedback we’re hearing from our customers with Prisma Cloud is our ability to give them both breadth of capability as well as depth in those capabilities is really resonating. They like the strategy of an integrated platform delivering a increasingly comprehensive set of cloud security capabilities that they need.

So with that in mind, these three new modules that will be coming out we expect this fiscal quarter are really exciting. The first one is data security. So this is effectively applying both DOP as well as malware scanning to cloud storage. Cloud storage basically data breaches is one of the big challenges a lot of customers deal with, and this module will aim to address and fix that. Second is a module focused on web application and API security. So this will play in the sort of the WAF and RASP market categories, fully integrated leveraging the exact same agent that our customers have already deployed when using us to do container and serverless security. And then IAM security, which is focused on the cloud credentials that customers have and a really big challenge around over-provisioning and commissioning of those credentials. And so this will give visibility as well as security around how to lock those down with the right security policy.

And then tying this back to what Nikesh said, as these new modules are available, where Prisma Cloud customers will simply be able to start using them and decrementing the capacity if already purchased from us, making the turning on and using these new modules super simple.

Rob Owens — Piper Sandler — Analyst

Thanks.

David Niederman — Vice President, Investor Relations

Next question is from Brian Essex from Goldman Sachs.

Brian Essex — Goldman Sachs — Analyst

Great. Thank you. Thank you for taking the question. Nikesh, I just had a quick question on OS 10 and saw that you released it a few weeks ago. And I was wondering how meaningful that cycle should be relative to other releases? Is that something that customers are going to get automatically with their subscription? And how might we expect this to be rolled out throughout your installed base? Thank you.

Nikesh Arora — Chief Executive Officer and Chairman

So the — obviously super excited about the release and all of the capabilities. The ML-powered next-gen firewall really just infusing machine learning into the core of the product. I’d say, to begin with, many of our customers who have a hardware device or software form factor able to use it. However, they need to be on some of the newer hardware platform. So this will incent some customers who are still on older generation of hardware to want to upgrade in order to get these capabilities. Second, this is the release that will unlock some of the newer subscriptions we talked about, including IoT Security. And so there will be added incentive for customers to get to 10.0 in order to take advantage of those new subscriptions.

Brian Essex — Goldman Sachs — Analyst

Great. Thank you very much.

Operator

Our next question will come from Brent Thill from Jefferies. Following Brent, we’ll have Jonathan Ho from William Blair.

Brent Thill — Jefferies — Analyst

Great. Nikesh, over the last year you’re now approximating well north of $800 million in M&A. We appreciate the payback that you gave us, but kind of just maybe give us a sense, do you expect this pace to continue or do you feel like you need to digest what you have now and you’ve got the core pieces to achieve would you like to go forward at this point?

Nikesh Arora — Chief Executive Officer and Chairman

Brent, as we highlighted in the prepared remarks, we have followed a very disciplined approach. We look at — we’re constantly looking at new cybersecurity capabilities in the industry. As you know that as soon as quote unquote, antidote is found towards a cyber breach tactic, the hackers start working in the next way to try and figure out how to hack the customers. So we have to be constantly on the look out. And we’ve taken a very, very proactive point of view that we don’t want our customers have to go integrate solutions themselves, which is what causes the chaos in cybersecurity.

So we’ve stepped up and said we’re going to become more and more comprehensive player in areas where we believe we can add value. So we’re not going to — we don’t see value in going after old red oceans where there is enough players in the market and we’re not trying to create a sort of a place to get everything. We’re trying to get to a place where the product that we deliver or the platform we deliver has all comprehensive capability. And as I’ve said, cloud security is not fully evolved because we are all moving to the cloud and discovering across the entire process and our customers are having to integrate some solutions. That’s why we’ve chosen to acquire some companies, but also build these next few modules that Lee highlighted internally, organically, because we believe the cost of integration would be higher than doing the organic development ourselves.

So we’re just — we’re constantly on the look out to make sure that we are solving the problem for the customer. We will continue to stay on the look out, Brent. And all we’re trying to highlight is that we’re not — we’re very thoughtful when we do M&A. We look at it both from an economic and a product perspective. And so far, our track record has shown that we are able to significantly accelerate the capabilities once we acquire these companies, both from a go-to-market perspective and product perspective and we’re going to continue looking at the market from that lens.

David Niederman — Vice President, Investor Relations

Jonathan Ho, William Blair.

Jonathan Ho — William Blair & Co. — Analyst

Great. Just with Strata, can you talk a little bit about where you’re seeing the fastest growth in terms of that product set? And could digital transformation may be create a second wave of security investment around the CN Series and some of the other products in Strata?

Nikesh Arora — Chief Executive Officer and Chairman

Hi Jonathan. So to your first question where we’re seeing the fastest growth, I mean, I think obviously, as you’ve seen, we’re seeing great growth across the platform. We talked about Firewall as a Platform and inclusive of Prisma Access and the newly integrated CloudGenix Prisma Cloud. Certainly with the recent acceleration of the shift to cloud, Prisma Cloud has been a fantastic cloud security platform we have built for our customers to help them in that shift and Cortex is really gaining traction both around XSOAR and XDR.

David Niederman — Vice President, Investor Relations

Great. Our next question comes from Brad Zelnick, Credit Suisse, and this will be our final question.

Brad Zelnick — Credit Suisse — Analyst

Thanks so much for fitting me in, and congratulations on the momentum into Q4, very impressive. I’ve got an easy one for you guys. I just wanted to ask about the spike in DSOs. So it’s completely natural to understand why this quarter you would see the month of July being so heavily back-end weighted. But if you were to normalize and assume a more normal linearity to this Q4, how much of this is because of extending payment terms, if at all? And what are you seeing with customers in their need to spread out payments? Thank you.

Luis Visoso — Chief Financial Officer

Yeah, that’s an easy question, as you said. No, we do not expect any structural changes. We do expect to get back to normal levels in Q1. This is how our billings came in Q4, but we don’t expect this to be an issue going forward.

Brad Zelnick — Credit Suisse — Analyst

Okay. Thank you.

David Niederman — Vice President, Investor Relations

That concludes the Q&A portion of our call. Thank you for all your questions. I’m going to turn it back to Nikesh for closing remarks.

Nikesh Arora — Chief Executive Officer and Chairman

Thank you again everyone for joining us today. Palo Alto Networks remains committed to helping our employees, partners and customers navigate the challenges posed by the global pandemic in every way we can. We’re striving to amortize with those suffering from the worst impacts and then help in our communities and networks where possible. I’m encouraged by the positive attitudes and teamwork I see on display from our committed employees. And this helps fuel our drive to continue our mission of making each day safer and more secure than ever before. We look forward to connecting virtually with all of you at one of the many upcoming investor conferences. Be safe and stay healthy. Thank you again for joining our call. Have a great evening.

David Niederman — Vice President, Investor Relations

You can now disconnect.