Palo Alto Networks Inc
NASDAQ:PANW
US |
Johnson & Johnson
NYSE:JNJ
|
Pharmaceuticals
|
|
US |
Berkshire Hathaway Inc
NYSE:BRK.A
|
Financial Services
|
|
US |
Bank of America Corp
NYSE:BAC
|
Banking
|
|
US |
Mastercard Inc
NYSE:MA
|
Technology
|
|
US |
UnitedHealth Group Inc
NYSE:UNH
|
Health Care
|
|
US |
Exxon Mobil Corp
NYSE:XOM
|
Energy
|
|
US |
Pfizer Inc
NYSE:PFE
|
Pharmaceuticals
|
|
US |
Palantir Technologies Inc
NYSE:PLTR
|
Technology
|
|
US |
Nike Inc
NYSE:NKE
|
Textiles, Apparel & Luxury Goods
|
|
US |
Visa Inc
NYSE:V
|
Technology
|
|
CN |
Alibaba Group Holding Ltd
NYSE:BABA
|
Retail
|
|
US |
3M Co
NYSE:MMM
|
Industrial Conglomerates
|
|
US |
JPMorgan Chase & Co
NYSE:JPM
|
Banking
|
|
US |
Coca-Cola Co
NYSE:KO
|
Beverages
|
|
US |
Walmart Inc
NYSE:WMT
|
Retail
|
|
US |
Verizon Communications Inc
NYSE:VZ
|
Telecommunication
|
Utilize notes to systematically review your investment decisions. By reflecting on past outcomes, you can discern effective strategies and identify those that underperformed. This continuous feedback loop enables you to adapt and refine your approach, optimizing for future success.
Each note serves as a learning point, offering insights into your decision-making processes. Over time, you'll accumulate a personalized database of knowledge, enhancing your ability to make informed decisions quickly and effectively.
With a comprehensive record of your investment history at your fingertips, you can compare current opportunities against past experiences. This not only bolsters your confidence but also ensures that each decision is grounded in a well-documented rationale.
Do you really want to delete this note?
This action cannot be undone.
52 Week Range |
130.985
202.95
|
Price Target |
|
We'll email you a reminder when the closing price reaches USD.
Choose the stock you wish to monitor with a price alert.
Johnson & Johnson
NYSE:JNJ
|
US | |
Berkshire Hathaway Inc
NYSE:BRK.A
|
US | |
Bank of America Corp
NYSE:BAC
|
US | |
Mastercard Inc
NYSE:MA
|
US | |
UnitedHealth Group Inc
NYSE:UNH
|
US | |
Exxon Mobil Corp
NYSE:XOM
|
US | |
Pfizer Inc
NYSE:PFE
|
US | |
Palantir Technologies Inc
NYSE:PLTR
|
US | |
Nike Inc
NYSE:NKE
|
US | |
Visa Inc
NYSE:V
|
US | |
Alibaba Group Holding Ltd
NYSE:BABA
|
CN | |
3M Co
NYSE:MMM
|
US | |
JPMorgan Chase & Co
NYSE:JPM
|
US | |
Coca-Cola Co
NYSE:KO
|
US | |
Walmart Inc
NYSE:WMT
|
US | |
Verizon Communications Inc
NYSE:VZ
|
US |
This alert will be permanently deleted.
Please standby. Good day. And welcome to the Palo Alto Networks Fiscal First Quarter 2020 Earnings Conference Call. Today’s conference is being recorded.
At this time, I’d like to turn the conference over to Mr. David Niederman, Vice President, Investor Relations. Please go ahead, sir.
Good afternoon. And thank you for joining us on today’s conference call to discuss Palo Alto Networks fiscal first quarter 2020 financial results. This call is being broadcast live over the web and can be accessed on the Investors section of our website at investors.paloaltonetworks.com.
With me on today’s call are Nikesh Arora, our Chairman and Chief Executive Officer; Kathy Bonanno, our Chief Financial Officer; and Lee Klarich, our Chief Product Officer.
This afternoon we issued a press release announcing our results for the fiscal first quarter ended October 31, 2019. If you would like a copy of the release, you can access it online on our website.
We would like to remind you that during the course of this conference call, management will make forward-looking statements, including statements regarding our financial guidance and modeling points for the fiscal second quarter, full fiscal year 2020, and our next three years, our competitive position and the demand and marketing opportunity for our products and subscriptions, benefits and timing of new products and subscription offerings, and trends in certain financial results and operating metrics.
These forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements.
These forward-looking statements apply as of today. You should not rely on them as representing our views in the future and we undertake no obligation to update these statements after this call.
For more detailed description of factors that could cause actual results to differ, please refer to our Annual Report on Form 10-K filed with the SEC on September 9, 2019, and our earnings release posted a few minutes ago, on our website and filed with the SEC on Form 8-K.
Also, please note that certain financial measures we use on this call are expressed on a non-GAAP basis, and have been adjusted to exclude certain charges. For historical periods, we have provided reconciliations of these non-GAAP financial measures to GAAP financial measures in the supplemental financial information that can be found in the Investors section of our website located at investors.paloaltonetworks.com.
And finally, once we have completed our formal remarks, we will be posting them to our Investor Relations website under the Quarterly Results section.
We would also like to inform you that we will be attending two investor conferences next month, we will participate at the Wells Fargo TMT Summit in Las Vegas on December 3rd and at the Barclays Global Technology Media and Telecommunications Conference on December 11th in San Francisco.
And with that, I will turn the call over to Nikesh.
Thank you, David. Good afternoon, and thank you everyone for joining our call. As most of you know, with this quarter, I am lapping my first Q1 at Palo Alto Networks. In my very first call, I talked about my observations on the industry and our goals of the company.
About a year ago, we were great single product company focusing on integration and automation. We have made some early moves towards the aspirations of the cloud where we are beginning to build products with AI and ML, recognizing the evolving trends in technology.
One year later, I couldn’t be happier with our achievements. We have made significant progress moving into a leading position in cloud security, making great strides in automation using AI and ML across our product portfolio. Our speedboats are working. We are delivering integration. This is bearing fruit and our customers seeing the benefit and betting more and more on Palo Alto Networks.
A few months ago, we set out a three-year plan for the company and shared it with you during our Analyst Day in September. While I intend to share our progress during this quarter, I also want to provide a report card on how I feel we are progressing towards the longer term goals that we have set for ourselves. And perhaps, more importantly, I’d like to share where we are feeling more confident and also where we need more work.
This is the first quarter we are marking ourselves against the target that we presented in September. We have published a slide that is available on our Investor Relations website that you can download to follow along with my comments. We will be targeting our progress against this plan.
Let’s start with our overall billings targets and how they are tracking. We are delighted to have done better than our guidance. As I am learning the rhythm of our -- an enterprise business, I understand that enterprises put a lot of effort in driving good year end and then they have to kick-start new years.
I was advised that sometimes there can be challenges sustaining momentum into new fiscal year, but our teams have delivered and we are off to the races. As I spoke with investors after Analyst Day, many asked me, what makes you confident that you can achieve billings of $800 plus million in next-generation security this year?
I am delighted to report that after a great Q4, we have maintained the momentum and have been able to better our plans, delivering next-generation security billings of $170 million, which is 217% year-over-year.
So sticking with my scorecard, I have more confidence in our ability to continue to deliver here. To show our growing confidence, we are increasing our guidance for next-generation security billings for the full year to $810 million to $820 million.
The one area that we did not deliver to our expectation in the quarter is product, which weighed on the growth of the firewall as a platform category and grew only 11% year-over-year, the category firewall as a platform grew only 11% year-over-year. In fiscal 2019, we provided incentives to our teams to build our next-generation security business. By Q4, they showed us they could with very strong results.
That momentum carried into the start of fiscal 2020, with strong next-generation security pipeline going into Q1. However, even though we have balanced our sales incentives this year, it looks like it’s going to take us a little more for that change to take effect.
Despite our performance this quarter, we continue to have confidence in our ability to deliver a 23% CAGR over the next three years in the firewall as a platform category, with contributions from all three form factors hardware, virtual and as a service.
To help our efforts in this area, we have established our third speedboat to coincide with our security enterprise pillar. This speedboat will be led by Andy Elder who was recently the Chief Revenue Officer of Riverbed. This gives Amit, our President, three speedboat leaders, along with our regional leaders.
With that change, we have chosen not to replace the position of Head of Sales and on a flatter organization, allowing us to continue to be nimble in our transformation to a multi-product company.
Back to our scorecard, our revenues remain on target. Now let’s travel down to our EPS, margins and cash flow. I did get to read many of the analyst’s report on this topic and I want to help you appreciate a point we made at our Analyst Day.
This fiscal year is our year of investment in transformation. We are not looking to cut costs, we are looking to invest. However, we are holding our teams to a plan. Our plan asks us to deliver an EPS of $5.00 to $5.10 for this year and we intend to stick to it, without accounting, of course, the proposed acquisition of Aporeto, which I just announced.
Our Q1 adjusted free cash flow margin was light compared to our annual target due to the timing of certain cash flows. However, we remain on track with our annual guidance.
So with that, let’s now dive in the exciting product announcements we debuted at our Ignite Conference in Barcelona earlier this month. Many of our customers are taking integrated bets across our enterprise, cloud and the AI, ML products, while a year ago we were just talking about the ambition today, we see the three platforms emerging in our product strategy.
As you know, we have branded our cloud solutions Prisma, and our application framework in AI and ML products Cortex that left our firewall business needing a brand. Today we are announcing Strata, a brand for our firewall and attach subscription.
We are pleased with the innovations we are making to secure the enterprise. As some of you might be aware, we announced DLP and SD-WAN for Prisma Access at our Ignite event in Barcelona two weeks ago. We will extend SD-WAN capabilities to our next-generation firewalls with an attach subscription to be available shortly, and then IoT in 2020.
In the span of 18 months, we will take our attach subscriptions from four to seven. These new subscriptions will be simultaneously available in a virtual firewall format. As a quick side note, DNS security now boasts over 1,000 customers and is our fastest growing attach subscription having launched just in February of this year.
In this category, we continued to garner recognition for our technical leadership and were named as the leader in the Gartner Magic Quadrant for Network Firewalls for the eighth consecutive time.
We were also recognized as a leader by Forrester in their recent Zero Trust extended ecosystem platform providers Wave report. We feel good about the overall growth potential of firewall as a platforms and are excited about the ongoing innovation we have planned in this area.
Moving to securing the cloud and access to the cloud, let me first talk about Prisma Access. We are very excited about the recent innovations we have announced, including SD-WAN and DLP services, a new cloud-based management UI and new SaaS service level agreement.
Prisma Access is now the industry’s most comprehensive secure access service edge platform. This gives Prisma Access a potential to be a leader in a new market category defined by Gartner called SASE or secure access service edge.
SASE is a convergence of network and cloud security that recognizes the new demands required to secure cloud and mobile work forces, while also delivering on integration and ease of management. Prisma Access is perfectly suited to be leader in this emerging category. We are incredibly excited to bring this announced product to our customers.
Moving across to Prisma Cloud, one of the questions I often get asked is, are you deploying the string of pearls strategy? The answer is no. I want to point out, we are doing something different. We are integrating into three platforms.
Our goal is to make life easier for our customers through integration. A prime example is Prisma Cloud. As soon as we acquired Redlock, we integrated it into the evident functionality in four months.
This past week, we have announced the integration of Redlock, Twistlock and PureSec into one platform, yes, one platform, Prisma Cloud. Now for our SaaS version, you can only buy one product which is the integrated product.
I am very proud of our Prisma team who have delivered this effort in a record time of five months since acquisition, and of course, we will continue to work on delivering more cross-product capability over the next year.
Prisma Cloud allows organizations to obtain a full and unified view of their cloud security and compliance posture across any type of cloud workload, including containers, serverless and host environments under a single pane of glass.
Prisma Cloud also integrates security in the software development workloads, allowing developers the ability to see vulnerability status every time they run a build without having to run a separate tool. I personally believe Prisma Cloud is fast becoming the essential multi-cloud, multi-technology platform, now with over 1,000 customers.
Keeping to a theme of providing more capability, today we announced our intent to acquire Aporeto. After an extensive market scan and thinking through how we believe micro-segmentation can fundamentally be reinvented. We decided to accelerate our efforts to the proposed acquisition of Aporeto.
Aporeto has unique machine identity based micro-segmentation capabilities that complement the existing cloud native security platform capabilities delivered by Prisma Cloud. We are incredibly excited to welcome the team to Palo Alto Networks. In addition to the Aporeto acquisition, our team continues to drive hard innovation on the Prisma Cloud platform.
Now let’s turn to Cortex. I am also proud of this team. This team has outperformed their billings forecast for the first quarter by almost 20%. We introduced Cortex XDR 2.0 at Ignite. This is an integrated version with both endpoint protection and XDR capabilities.
When we launched Cortex 1.0 about six months ago, we are the only vendor to take EDR and reinvented with network data to deliver XDR. It’s been gratifying to see several other vendors follow suit and offer their own XDR term products.
We continue to stay on the bleeding edge in this category. We are extending Cortex XDR’s behavioral analytical capabilities to include data and logs collected from third-party firewalls, enabling detection across multi-vendor environments.
We announced the inclusion of Check Point Firewall Data at Ignite. We also hope to be able to accept data from Fortinet and Cisco before the year is over. This is probably the only time you will hear me talk about our competitors in a neutral way.
In the first nine months of Cortex XDR, we have enabled organizations to reduce alert volumes by up to 50x and speed investigation time by about 8x, filtering out the noise and allowing analysts to focus on those critical threats.
Turning to Demisto, which is part of our Cortex brand, a couple of months ago, we enhanced our comprehensive security orchestration automation response platform, Demisto by adding a number of new capabilities.
Demisto 5.0 redefines the limits of sore customizability, enabling users to visualize incident and indicator flows in a completely tailored manner, improving the clarity and speed of security operations.
What’s even more exciting is what Lee talked about at our ignite event, our ability to collect telemetry data on how Demisto is being used. We are starting to get this data on customers. We will start to see the benefits, where we can give them more insights on how to get the most of this platform, including which playbooks are the most valuable and which integrations work the best.
Finally, we are very pleased to announce a new high-end support offering called platinum support for our physical and virtual firewalls and our Panorama management system. This is a continuation of our goal to provide the highest level of service to our customers.
Platinum supported the NaaS version of our premium support offering and will feature dedicated teams and best-in-class response times, and also several other new features designed to ensure our customers peace of mind knowing that Palo Alto Networks deep expertise in their quarter, whenever they need it.
This is just an overview of all that we have introduced at Ignite and I encourage you to review the archive presentation from that event. As a continued measure of that confidence during the quarter, we repurchased nearly $200 million worth of our shares.
To conclude, we had a great first quarter. I feel more confident in our ability to deliver the plan we set out for this year. Our product teams have rolled out exciting innovations and have us on the leading edge in multiple categories from firewalls to XDR to SOAR to SASE and cloud security.
As I contemplate our road map for the next 12 months, I become even more excited to see the security category strengthening, knowing that our products will continue to mature and be deployed by our customers around the world.
With that, I will turn the call over to Kathy.
Thank you, Nikesh. Before I start, I’d like to note that except for revenue and billings figures, all financial figures are non-GAAP and growth rates are compared to the prior year periods, unless stated otherwise.
As Nikesh indicated, we had a good start to our fiscal year and are tracking well against the targets we had outlined during our Analyst Day in September. In the first quarter, we continued to add new customers at a healthy clip and sustained momentum in our next-gen security products.
Let’s look at some key customer wins. We signed an eight-figure deal with a leading casino company, spanning each of our three pillars. This engagement was positioned with their entire IT leadership team from the director level, all the way to the CIO as a comprehensive outcome-based security transformation project.
The large retail customer we highlighted last quarter expanded their Palo Alto Networks footprint this quarter with a seven-figure Cortex deal. This customer purchased Cortex XDR and Data Lake setting them up for comprehensive data analysis going forward.
We beat Check Point and replaced Cisco to win a substantial deal with a major European toy manufacturer, who purchased next-gen firewalls Prisma Access and Traps. This customer has selected Palo Alto Networks as their strategic security partner and in the coming years, we expect them to replace their current firewall with next-generation firewall from Palo Alto Networks, their current VPN solution will be replaced by Prisma Access and endpoint protection will be covered by Traps.
These wins are excellent examples of our success in articulating our vision of security and being able to demonstrate our value proposition to customers, and I am pleased to report that wins such as these help us deliver another strong quarter financially.
In Q1, total revenue grew 18% to $771.9 million. Looking at growth by geography, the Americas grew 18%, EMEA grew 16%, and APAC grew 21%.
Q1 product revenue of $231.2 million declined 4% compared to the prior year. Q1 SaaS-based subscription revenue of $318.6 million increased 38%. Support revenue of $222.1 million increased 21%. In total, subscription and support revenue of $540.7 million increased 30% and accounted for a 70% share of total revenue.
Turning to billings, Q1 total billings of $897.4 million, net of acquired deferred revenue, increased 18%. The dollar-weighted contract duration for new subscription and support billings in the quarter remained at approximately three years, but declined by approximately three months year-over-year. Total deferred revenue at the end of Q1 was $3 billion, an increase of 26%.
In addition to new customer acquisition, we continued to increase our wallet share with existing customers. Our top 25 customers, all of which made a purchase this quarter spend a minimum of $41.7 million in lifetime value through the end of fiscal Q1 2020, a 24% increase over the $33.6 million in the comparable prior year period.
Q1 gross margin was 76.6%, which was down 10 basis points compared to last year. Q1 operating margin was 15.8%, a decline of 500 basis points year-over-year and includes a headwind of approximately $7 million of net expense associated with our recent acquisition.
We ended the first quarter with 7,382 employees.
On a GAAP basis for the first quarter, net loss increased by 56% to $59.6 million or $0.62 per basic and diluted share.
Non-GAAP net income for the first quarter declined 9% to $104.8 million or $1.05 per diluted share. Our non-GAAP effective tax rate for Q1 was 22%.
Turning to cash flow and balance sheet items, we finished October with cash, cash equivalents and investments of $3.3 billion.
During the first quarter, we repurchased over 947,000 shares of common stock at an average price of approximately $209 per share, leaving a remaining repurchase authorization of approximately $800 million.
Q1 cash flow from operations of $225.2 million, decreased by 11% year-over-year. Free cash flow was $178 million, down 18% at a margin of 23.1%. Adjusting for cash charges associated with our headquarters in Santa Clara, free cash flow in the quarter was $202.7 million, representing a margin of 26.3%.
Capital expenditures in the quarter were $47.2 million, of which $22.7 million was associated with our headquarters in Santa Clara.
DSO was 63 days, an increase of five days from the prior year period.
Turning now to guidance and modeling points. For fiscal Q2 ‘20, we expect revenue to be in the range of $838 million to $848 million, an increase of 18% to 19% year-over-year. We expect billings to be in the range of $985 million to $1 billion, an increase of 16% to 17% year-over-year.
We expect Q2 ‘20 non-GAAP EPS to be in the range of $1.11 to $1.13, which incorporates approximately $3 million of net expense or $0.02 per share related to the proposed acquisition of Aporeto using approximately 100 million shares to 102 million shares.
For the full year fiscal 2020, we expect revenue to be in the range of $3.44 billion to $3.48 billion, representing year-over-year growth of 19% to 20%. We are increasing our prior billings guidance by $10 million to $4.105 billion to $4.165 billion, representing growth of 18% to 19% year-over-year.
As Nikesh said earlier, we are also increasing prior guidance for next-gen security billings by $10 million to be in the range of $810 million to $820 million, representing year-over-year growth of 79% to 82%.
We expect fiscal ‘20 non-GAAP EPS to be in the range of $4.90 to $5.00, which incorporates approximately $13 million of net expenses or $0.10 per share related to the proposed acquisition of Aporeto, using approximately 102 million shares to 104 million shares.
Finally, turning to free cash flow, for the full year, we continue to expect an adjusted free cash flow margin of approximately 30%. This excludes approximately $20 million in net expenses and acquisition transaction costs attributable to the proposed acquisition of Aporeto. Including these net expenses, we would expect adjusted free cash flow margin of approximately 29%.
As a reminder, the adjustments to free cash flow include CapEx associated with the completion of our headquarters in Santa Clara. You can review these adjustments to free cash flow in our supplemental financial information document, which is posted on our Investor Relations website.
Before I conclude, I’d like to provide some additional modeling points. We expect our Q2 and fiscal ‘20 non-GAAP effective tax rate to remain at 22%. CapEx in Q2 will be approximately $50 million, with approximately $25 million related to our headquarters in Santa Clara. For the full year, we continue to expect CapEx to be approximately $170 million to $180 million, with approximately $50 million related to our headquarters.
With that, I’d like to open the call for questions. Operator, please poll for questions.
Thank you. [Operator Instructions] We will take our first question today from Keith Weiss with Morgan Stanley.
Excellent. Thank you guys for taking the question. Nikesh, I was hoping to drill down a little bit more into the firewall as a platform side of the equation, where it seems you guys are a little bit disappointed. It sounds like the incentives that you guys had in place last year, just sort of push more of like the new business activity or more of the pipeline building on to the next-gen cloud stuff and let you guys a little bit short on pipeline heading into the FY ‘20. One, am I thinking about that correctly in terms of kind of where you guys came up a little bit short? And two, how do you guys think when you are looking at sort of assessing the problem, how do you vet out what comes from sort of that kind of execution issue versus what might be more of a macro or competitive issue?
Thanks, Keith, for your questions. You are thinking about it right. As you know, many of our next-generation security products are very early in their life cycle. So, literally, there’s stuff like Twistlock we acquired in July, there’s stuff like Demisto, all these things haven’t even lapped one year.
So we put a lot of effort towards getting our core team to both, learn, understand, build pipeline and sell and in that process we set up some good incentives for them to focus on next-generation security, because pretty much the entire conversation for my first year here was, they love the fact that you are a great firewall company, how are you guys are going to keep transforming as the firewall market transitions.
And we set out, our team and me, we set out to prove to ourselves that not only can we build the products in addition to firewall, but we can make this a multi-product company. So part of that is Lee’s team did a great job in getting the products in place and thinks on the integration work I talked about. The go-to-market team is starting to make sure they can prove -- that they can sell this stuff.
And we are very excited that approximately 40% of our core salespeople sold Cortex this past quarter, approximately 25% of them sold Prisma. So we are tracking to the targets we set ourselves in terms of getting our core engaged. But because of the incentives, people made their decisions that they can make more money selling Cortex and Prisma in Q4 than selling firewalls.
As a consequence, we saw a huge pipeline build and a lot of deals done in Q4, the momentum carried to Q1. We recognized this coming into the year. We have right-sized these incentives, but it takes a little bit longer for the pipeline till we get back into place.
I don’t think there’s a systemic issue. I don’t think it’s a market share issue. I just think it’s taking the eye off the ball and we have already put stuff into place and we wouldn’t be saying we feel confident of delivering 23% long-term, if we didn’t believe that we could actually get the team to balance their focus both on Cortex, Prisma, as well as the firewall.
Excellent. Thank you, guys.
Next we will hear from Sterling Auty with JP Morgan.
Yeah. Thanks. Hi. Maybe just following on that last question, can you help us understand that, I think, the EPS guidance for the year includes the acquisition. The revenue guidance is unchanged. So just so we get a sense of what looks like lowering the organic revenue for the year. How -- maybe the order of magnitude, how much acquisition revenue are you kind of baking into the reiterated full year revenue number?
Yeah. Look, we acquired this company called Aporeto. We are in the process of acquiring it. This is slightly earlier in the technology lifecycle of cloud security. This is a bet we are making in terms of how micro segmentation will need to be done in the future and with that bet, it’s going to take us a while to integrate this into our Prisma Cloud offering.
So we are not anticipating much revenue uplift this year. So we are holding revenue flat from -- as a flat in line with guidance, without expecting any revenue impact this fiscal year from Aporeto. But we -- obviously we have to pay the cost for the company.
Okay. And then one follow-up on Prisma specifically, you talked on the other side, I think, at length through the prepared remarks. I think last quarter you talked about maybe some early Prisma wins. Can you give us just maybe a little bit more color on the traction that you saw in the quarter especially on the competitive dynamics with Prisma?
Well, look, both on Prisma Cloud and Prisma Access and I am sure you all remember Nir’s emotional explanation on Analyst Day around Prisma Access, which is the product that competes in the secure access space.
We are very excited. We are seeing -- we continue to see traction. We continue to see large seven-figure deals in that space. It’s a space where we are seeing the market is going. There is a cloud transformation happening.
As you start transforming your applications to the cloud, you start thinking about how to transform your network and start creating more high bandwidth secure access to all of your users and your branches.
So we see the market moving there. We see our product getting stronger and more mature. As we said, we announced the availability of SD-WAN and DLP in the product, where -- which makes it a comprehensive solution in the market.
So we are seeing the traction. Those deals take the same time as firewall deals take to close because customers have to go through a strategic transformation of the network. So they are not as quick as Prisma Cloud deals.
On the other side, as I said, we have, I think, in record time, gone past 1,000 pure cloud security customers across Redlock, Evident, Twistlock, PureSec, which, in our mind, is one of the fastest ramps in terms of our ability to get 1,000 customers to deploy our cloud security product.
And this is when we were selling them individually and we just last week integrated all of them into one SKU. So we believe that gives us more traction. So we are very excited about the traction we are seeing in the Prisma product.
Got it. Thank you.
Next we will hear from Fatima Boolani with UBS.
Good afternoon. Thank you for taking the questions. I had one for Nikesh and one for Kathy. Nikesh for you just harkening back to the Analyst Day, we did talk about contract structuring as a mechanism to allow you to introduce new functionality into the installed base. So I am wondering with regard to the expansion in the unattached portfolio and even the attached portfolio of subscriptions, I was wondering if you could share some of the details of what has changed or what is different as you start this new fiscal year around some of the newer expanded capabilities in Prisma Cloud. And certainly, this new acquisition, as well as on the DNS and SD-WAN attached side and then I will have a follow-up for Kathy, please.
Okay. Great. Thank you for the question, Fatima. I think as we discussed at the Analyst Day, we had said that we don’t want to have to sell every module of Prisma Cloud to our customers individually and we want to create a structure where they can actually buy once and use our products on a consumption basis.
And effectively, this integrated platform we have rolled -- started rolling out last week, Prisma Cloud, where you have one SKU where all Redlock, Twistlock, PureSec functionalities available.
If you bought Redlock SaaS version, you will be able to use container security without coming and signing a new deal. You will just use up some of your credits that you bought. If you bought Twistlock functionality, you would be able to do the same thing with Redlock or PureSec.
So we have simplified our contracts and our ability to consume in this release of our product last week. We are in the process of rolling it out to all of our Prisma, sorry, all of our Twistlock and Redlock customers, which should be accomplished in the next few weeks, I hope.
And those customers then will have the ability to consume the product without actually having to come and buy those individual products from us, which is -- takes away a lot of friction in the process.
In terms of SD-WAN and DLP, they will be available integrated and part of Prisma Access, so you will not have to go buy different products and integrate them. This will come integrated out of the software box, if there’s some such thing, and you will be able to use it with a single cloud pane.
Fair enough. That makes a ton of sense. Kathy, for you, I was wondering if you could give us an update on just some of the tariff escalation that’s happening and that’s -- sort of how that’s impacting or financially impacting your supply chain and how we should think about those costs rolling through the model. I know, historically, you quantified some of the negative financial impact on EPS. I am wondering if there is any sort of update there, given some of the whipsawing on the trade war and tariff-related escalations we have seen? Thanks a lot.
Sure. Thanks for the question. We do manufacture our products in the U.S. However, there are certain components that we -- as we have talked about in the past, that we source from China. That’s the only place where we are able to purchase these components.
And we have seen that list of products expand as the tariff situation has expanded in the U.S., as it relates to China products. So, we have felt the impact of that and we have been talking for a while about the impact to EPS.
However, just at the start of this new fiscal quarter -- fiscal Q2, we did increase pricing on our firewalls and that increase in pricing is intended to offset the tariff impact. So that’s why you don’t see us outlining a specific financial impact this quarter.
That’s super clear. Thank you so much, Kathy.
Yeah.
We will now hear from Phil Winslow with Wells Fargo.
Hi. Thanks guys for taking my question. I just wanted to focus in on the next-gen firewall platform space. Kathy and Nikesh, you both have talked about the opportunity just to refresh the older models that you all sold in the past. I am wondering if you could provide us an update on -- sort of what you are seeing right now and thinking for this year relative to past years in terms of the contribution from just refresh of your base and then just one quick follow-up to that.
Yeah. Sure. We have been talking about refresh activity in a couple of different ways. One, in terms of what we see with our customers’ refreshing competitive boxes, and of course, that’s been a motion that we have been competitively trying to address since the start of the company.
And as you know, there is rarely a company that we go into that doesn’t already have firewalls and so it’s always been a competitive displacement go-to-market approach for us. When we talk about our own internal refresh cycle, we continue to see our customers refreshing.
However, in terms of driver of growth, we pointed out that in terms of just pure magnitude of customers, our new customer acquisition, as well as our customer expansion opportunity is a much bigger driver of our overall growth and less -- much less so refresh of our own boxes that we have sold to customers previously.
Got it. Great. And then, just a follow-up for Nikesh on the platform side of your Cortex obviously, you talked about the AI-based continuous operations platform, I think, is what you called it at the Analyst Day. What’s the feedback been from customers in terms of developing their own apps, their own functionality on top of this, as well as third parties, any sort of update there would be great.
Yeah. As I mentioned in my prepared remarks, this team outperformed the numbers by approximately 20%. So there we are seeing tremendous amount of tractions, both -- traction both on the XDR side and the Demisto side, Demisto is performing way ahead of our acquisition plan.
We haven’t opened up the capability for customers to write their own applications on our platform just yet. We have some apps in the old version of the application framework. But right now we focus more on providing integration out of the box with third-party vendors, so customers don’t have to try and take that and normalize the data, which has been a bit of a shift in our strategy, but we are seeing huge traction.
I think it’s fair to say that one of the times when Lee announced the ingestion of checkpoint firewall data into our product was when he got a standing ovation. It’s hard to get a standing ovation from a bunch of engineers at a conference. So they must have liked that and we are going to do the same thing with Cisco and Fortinet firewall data.
So that way when a customer is trying to look at alerts across firewall and endpoint data, we can ingest any firewall data, as well as match it up with our endpoints. So we are seeing traction in Cortex across both product categories, but we have not opened up the ability for people to write their own apps just yet.
All right. Thanks guys.
Next we will hear from Karl Keirstead with Deutsche Bank.
Thank you. Maybe I will direct both to Nikesh. So Nikesh, the product revenue disappointment is coming relatively soon after a series of sales leadership changes at Palo Alto over the last six, nine months. I am just wondering if you believe that those changes might have contributed to the product performance, and in that spirit, do you mind just repeating your rationale for not replacing the Head of Sales. So first part of the question is on the sales leadership, and then I will ask my second. Thank you.
Sure. I think we are taking two random points, and try and draw a straight line. I personally don’t think there’s any correlation between the changes and our challenge on the product this quarter. If there was a challenge we would have [inaudible] across the Board, across every category, not just our firewalls.
So, the fact that our teams have gone out and that’s the billings targets for Q4 and Q1, and we have had a mix shift in terms of what we have been able to sell, validate at least the period we are putting our or for the facts we are putting out around the fact the incentives contributed to it as opposed to our leadership changes.
On the leadership change front, we have very strong leaders in our regions. We promoted Rick Congdon, who has been around for many years at Palo Alto Networks. He is doing a phenomenal job in Q4 to run our Americas business.
We have Christian Hansen in Europe we have talked about in past earnings calls, as well as we have promoted Simon Green to one of JPAC business to manage the Pacific for us. So between those three, we feel we have strong leadership in the regions.
And both our Prisma and Cortex leaders are doing really well, given the performance we have seen NGS. And we felt that we were not -- we don’t have a laser-focused leader on the firewall as a platform category.
So we were able to hire Andy Elder, who is an amazing sales leader from Riverbed, who is going to run that part of our business in terms of focusing and making sure that as we deploy new products like Prisma Access or virtual firewalls, or going from four to seven subscriptions that there is a same go-to-market focus that we have had on Prisma and Cortex.
And with that, sort of 3x3 matrix, we feel, I might need to say engaged in that transformation with these teams and putting another layer between him and these six people would be detrimental to our ability to go and execute. So we have decided not to replace the Head of Sales position.
Got it. Okay. That’s helpful. And then, again in the spirit of just trying to unpack what might be going on. This too might be drawing an incorrect conclusion. But is it possible Nikesh that you guys saw an accelerated hardware to software form factor shift that might have cut you a little bit by surprise and contributed to that product number, but it would obviously show up in super strong VM series billings numbers?
I wish that was the case that we have been caught unaware. So I really like to be surprised by phenomenal growth in any product category. Unfortunately, it’s just the fact that our teams had only so many dollars they could sell in Q4 and they sold a lot of them.
But they sold them in the category, which was going to make them a lot of money, which is a good thing. You want your sales teams be motivated by the incentives -- realizing incentives are not working. But we have fixed the focus to make sure they have focused on both categories.
So we think it’s nothing systemic. We think it happened in this quarter. And to be honest, if you look at the numbers, another $20 million of deals would have gotten us to a number, which would have made all of you happy and made us happy. But we -- that’s kind of the quantum of the change on an $897 million worth of billings.
So $20 million showed up in more next-generation securities then showed up in product, which is why we are all getting unhappy about this. But hopefully, we can fix that in upcoming quarters and we can deliver to the long-term guidance of 25% CAGR.
Got it. I am sure you will. Thank you very much, Nikesh.
Thank you.
Jonathan Ho with William Blair has our next question.
Hi. Good afternoon. I just wanted to start out with maybe the Aporeto acquisition and could you maybe give us a little bit of a sense of what this adds to your overall solution set, as well as the role that micro segmentation plays in the cloud?
Sure. Look, as we said in the past is that there are tons and tons of people selling the transition to the public cloud across the various large cloud providers around the world, whether it’s Alibaba cloud sales or Oracle, Amazon or GCP or Azure, they are all trying to convince us to move to cloud.
We personally have thought to having moved to the cloud for that reason, because we think that’s the right outcome of the long-term. But we don’t believe that a lot of the cloud security products exists to be able to deliver the amount and quality and capability of cyber security that exist in today’s enterprise world.
And as you make that transition, as we start putting more and more mission-critical applications onto the cloud, it is going to be important to reinvent the way cyber security is delivered, made for the cloud, by the cloud, what’s the third part of that? Never mind. [Inaudible] is weaker than it should be.
But anyway, so as we go down that path, we believe only 50% of the cloud security products have been invented so far. And instead of sit down and try and build them all ourselves, we have acquired Redlock and Evident, in the first instance, secure workloads, the market moved swiftly to containers. We acquired Twistlock, the market was heading to serverless. We acquired PureSec. We are also in the process of building our own modules in addition to those, which we will, obviously, as part of our product road map.
And we look to the world of micro segmentation and said, micro segmentation is deployed today and the data center is not the way it needs to be deployed in the cloud because micro segmentation relies on IP addressing in the data center, which is very good for the enterprise but not really how the cloud operates.
And Aporeto has a really good way. They have been working at it for the last two and a half years, three years, perfecting an approach which they have deployed in two or three very large customers at scale.
We looked at it and said, look, this would be a phenomenal set of capabilities to have in our cloud security platform. We talked to the company. We liked them. We looked to the whole market, and said, this is the way we want to do this in the future.
As a consequence, we acquired them and this will become part of our Prisma Cloud platform. So we don’t intend this to be a separate SKU, we expect it to be part of integrated capability as part of our Prisma Cloud platform and we hope the underlying capability they bring will allow us to create more features in the future using their backlog.
Thank you. And then just as a follow up, can you talk a little bit about maybe what you are seeing in terms of your customers from a budgeting activity standpoint for 2020 specific to Prisma Cloud and what types of trends are you seeing around that? Thank you.
Look, I haven’t been in this industry very long. But I am told by my colleagues and the way we watch this, it’s very rare to start a cybersecurity company or a product and start closing seven-figure deals in short order, and it’s fair to say, we are seeing a healthy amount of seven-figure deals in Prisma Cloud, which tells us that there is a need out there for this product, as a product market fit.
And it kind of makes sense if you think about average customers are spending tens of millions of dollars in their cloud transition moving to the public cloud providers, and I have said, this in the past, if we can get 2% to 5% of that spend for cloud security, we will be in a good place.
And I think we are tracking to that as we go to customers and we see them, they are spending $30 million, $50 million a year in the public cloud. We are tracking to the 2% to 5% number for those customers.
And there’s a possibility that, that goes up a little bit, because there’s a whole bunch of capabilities that doesn’t exist yet. But we have not run into budget constraints in our customers, who are moving to the cloud, and saying, well, I am moving to cloud, but I don’t have the money to do cloud security.
Thank you. We will now hear from Saket Kalia with Barclays.
Hey, guys. Thanks for taking the questions here. First, maybe for you, Nikesh, just to go back to an earlier question on SD-WAN, I think, we understand the integration of that into Prisma Access. But can you just talk about your thoughts on SD-WAN as part of the firewall appliance and whether that’s something you feel is driving some customer purchase decisions right now?
It seems to have become a consideration in the purchase decision. But let’s remember there’s over 40 SD-WAN providers out there in the world and customers also choose whether they want a separate SD-WAN with more capability or an integrated SD-WAN in the firewall.
But given that has become a consideration, we have launched or announced SD-WAN as part of Prisma Access and you can logically expect us to be able to deliver that across every form factor in the near future.
Got it. That’s helpful.
That’s where you were going, Saket.
Yeah. Absolutely. That was where I was going. But maybe for -- maybe for you, Kathy, just as a quick follow-up. Can you just talk about the gross margins on the recurring revenue part of the business. So much of that is that nice higher margin attached subscription and maintenance, but of course there is a nice growing piece from next-gen as well. As the latter grows, can you just talk about how that affects the gross margin profile, if at all?
Yeah. Sure. The gross margin range that we have provided in the past that we expect to operate within is 75% to 78% gross margins and we have continue to operate within that range for many, many quarters now.
The services margin in particular, which we -- which you will see in our financials has been at the higher end of that range as you rightly point out. And it’s in fact actually come down a little bit over the last couple of years and that’s as a result of us building out the next-gen security products. Many of them which have hosting and data management costs and those costs are higher than the typical software type margins that you have seen on our attach subscriptions in the past. So, slightly different profile, but still operating overall service margins at the high end of that range.
Got it. Thank you.
Yeah.
Walter Pritchard with Citi has our next question.
Hi. A question for Nikesh and then one for Kathy, so on Prisma Cloud, you talked about integrating those products probably faster than most were expecting. I am wondering how you are thinking about integrating the backend management of the Prisma Cloud products, as well as other products into Panorama? What the time line looks for that and are there some customers that are waiting for that unified management to make bigger commitments to those products?
Walter, what we have noticed is that people want integration of the SD-WAN capability or DLP capability into the Prisma Access pane. So it can be integrated solution as they go deploy this in their branches and as they deploy for remote users.
We are not seeing a lot of -- we don’t believe that’s the right thing to merge our cloud security pane into our firewall pane. Our cloud security pane is self-standing independent pane, which you believe is more relevant to DevSecOps than the CIO teams, then it is to the network security team.
So, which is what we said we just announced the integrated -- sort of deploying the integrated platform across RedLock, Twistlock, PureSec, Evident last week and we believe that’s going to become the mainstay of the cloud security front-end. And Lee, do you want to add something?
Yeah. So just maybe continuing where Nikesh left off. So for Prisma Cloud, we do have a single unified UI for all different Prisma Cloud offerings. So for customers that are securing their applications in the cloud, they would go to one UI for that.
Within Prisma Access, as we deliver additional integrated services, we have an ability to do that within Panorama to be able to, we call, plug-ins that can expand Panorama to include the additional capabilities as they come out. So, again, customer can go to one unified UI to see all those different pieces in one place.
Great. Thanks, Lee. And then, Kathy, on the acquisition, I guess, just looking up on LinkedIn, looks like the company, Aporeto, had about 65 employees. I guess, as we think about smaller kind of tuck-in M&A like this, I guess, maybe some of us would have expected, given you had a couple of hundred employees kind of organically every quarter you could kind of do this under your organic hiring plans. How should we think about that going into the future? Do we need to worry about kind of margins coming down with tuck-ins?
Well, we have talked about the impact, which is pretty modest impact $0.02 on the earnings per share for the quarter and we are investing in order to ensure that we can integrate these products and make sure that we are successful in our go-to-market efforts and so there is real expense associated with those. So the framework that we have given you is an organic framework and when we do M&A we will point out any incremental financial impact to that.
Okay. Thank you.
Our next question will come from Gur Talpaz with Stifel.
Hi, guys. This is actually Chris Speros on for Gur. For Nikesh, you noted earlier that Demisto was performing ahead of plan. Can you talk about the dynamics behind what’s driving this outperformance?
Yeah. Look, I think, the whole automation use case is resonating with our customers, where they are building Data Lakes, they are looking at their SIMs, but they are realizing they are getting a huge barrage of alerts as they deploy more and more cybersecurity solutions into either the enterprise and the cloud.
And Demisto is turning out to be the versatile automation tool with the number of indications it has of all security vendors out there. So we are seeing traction. Our core team is able to explain it, sell it across the Board.
As I mentioned, that approximately 30-plus percent of our core sales team is selling Cortex, which includes Demisto. So it’s really the expanded go-to-market, the expanded capabilities that the new Demisto product has. It’s really driving that, and of course, the good product market fit out there.
Great. That’s awesome and one for, Kathy, if I may. With more large Prisma deal starting to close, can you walk us through the relative economics of a Prisma deal versus a traditional appliance deal?
Yeah. Prisma Access and the functionality that it provides is typically slightly higher -- somewhat higher price than a typical firewall sales that we would see. Of course, depending upon the firewall and the number of attach subscriptions over time over a five-year period, which is the typical life cycle of a firewall, we would expect to see more revenue from the Prisma Access deal.
Great. Thank you guys.
Yeah.
Our next question will come from Patrick Colville with Arete Research.
Thank you for taking my question. Kathy, you mentioned earlier on the call that DSOs had risen five days year-on-year. I mean is the product issue anything related to the change in DSOs. I mean are those things correlated or they separate?
No. There’s really no correlation there.
Okay. Understood. And then, can I just switch over to SD-WAN, because that’s an area that we are getting a lot of incoming on both from investors and CISOs. So you have mentioned that Palo is going to release appliances with SD-WAN functionality built in. So If I understand correctly, right now the devices don’t have SD-WAN, but that’s in the roadmap, is that correct?
Yeah. That’s correct.
And I mean, can you give us a rough timeline for that or at this early stage?
Yeah. So a couple of weeks ago at our EMEA Ignite Conference, we announced SD-WAN and we plan to deliver SD-WAN across all three form factors, so hardware, virtual and Prisma Access around the mid-December time frame, so next month.
Good. Thank you for answering the questions.
Our next question will come from Brian Essex with Goldman Sachs.
Great. Good afternoon. Thank you for taking the question. Maybe a couple for Nikesh, I guess, one would be, as you target products for the developer environment. To what extent are your customers already integrated development with security and is that an evolution that still has to come?
I am going to let Lee answer that question since he’s been sitting here with not a whole lot to, he is doing the stuff.
Can you repeat the question?
Oh! You were listening. How many of the customers have integrated security into DevOps?
Oh! Look, in the cloud, there’s a whole movement towards call shift left, which is really focused on integrating the security process and functionality and posture as close to the point of development as possible.
So that by the time an application is running in production in the cloud, all of the security is already there and was developed as part of the application. This was something that Twistlock and container security was very focused on.
Right.
It’s a very common practice within container development to have the shift left mentality and as we look to this going forward, we see it becoming a bigger part of cloud security practice.
Got it. That’s helpful. And maybe just a follow-up -- jump on this one who whoever wants to kind of grab it, but you have done quite a bit of M&A over the past couple of years, what percentage of your sales force would you say is fully ramped on selling the entire suite or is there still some progress that needs to happen there in terms of getting everyone kind of up to speed and fully productive?
Yeah. And as I mentioned earlier, approximately 39% of our core sales team is selling Cortex, our Cortex suite of product and approximately 25% is selling our Prisma suite of products. Of course, there is a lot of room for us to go from 40% to more and more of our sales team being able to sell these products. But having said that, many of these products have been in play only for about six months, so we have --
Right.
-- a few thousand people out there in the field and it takes a while to get them all comfortable, up to speed, being able to sell it.
Not only that, we have lots of partners out there, and part of our efforts are not just to motivate and create our team, but also to make sure our partners fully understand our capabilities and are able to sell. So, yes, we can make more progress, but, again, very excited about the progress we have made so far with the new product categories.
Got it. Very helpful. Thank you very much.
Our final question will come from Michael Turits with Raymond James.
Hey, guys. Thanks. I will squeeze two in quickly. One, Nikesh, in Prisma Access, are you seeing primarily Zscaler or is it a wider field, including people like maybe Fortinet with carriers, Netskope, iboss, et cetera? And then, Kathy, how fast do you expect that you can get the product growth back to the kind of levels that we are expecting it to trend at?
So in terms of your first part of the question, Prisma Access we will be seeing out there. Prisma Access is part of a network transformation decision that the customer makes and depending on how their current network operates and what they want to make it look like going into the cloud, there can be hardware-based solutions or software based solutions. And depending on whether it’s a smaller footprint of larger data centers versus a larger footprint of smaller branches or remote users, the architectures can vary.
So you can solve this problem with different architects and different products. But we -- from our stand, I can tell you that, our software-based solution, our software-based approach and our security-first approach is resonating with them because as it goes to cloud, the security is getting distributed and they want to make sure that as they start accessing mission-critical applications straight into the cloud or back to the data centers, that security is a priority.
So we are seeing traction in that space. I am sure there are many other vendors out there who have different solutions, which are adapted to their product portfolio.
And in terms of product growth, we don’t guide product specifically, but you can tell from the guidance that we have given both for Q2 and for the full year looking at typical trends that we have seen in the past in terms of product as a percent of the total. You can -- I am sure back into what we are expecting for product are pretty closely.
Thanks, guys.
Yeah. So before I close, I want to thank everybody again for joining us today, and I wish you and your families a very safe and Happy Thanksgiving. And we look forward to seeing many of you in the upcoming weeks at some of our investor conferences. I also want to thank our customers, our partners and employees around the world. Have a wonderful evening.
That will conclude today’s conference call. Thank you for your participation. You may now disconnect.