Palo Alto Networks Inc
NASDAQ:PANW

Watchlist Manager
Palo Alto Networks Inc Logo
Palo Alto Networks Inc
NASDAQ:PANW
Watchlist
Price: 186.78 USD -1.36% Market Closed
Market Cap: 61.3B USD
Have any thoughts about
Palo Alto Networks Inc?
Write Note

Earnings Call Analysis

Q1-2025 Analysis
Palo Alto Networks Inc

Palo Alto Networks Q1 2025: Strong Growth in Revenue and NGS ARR

Palo Alto Networks kicked off fiscal 2025 with robust performance, reporting $2.14 billion in revenue, a 14% increase. Next-Gen Security ARR surged 40% to $4.52 billion, driven by services, particularly from the QRadar SaaS acquisition. The company revised its guidance upward, expecting total revenue between $9.12 billion and $9.17 billion, marking a 14% growth, and NGS ARR to reach $5.52 billion to $5.57 billion, up 31-32%. Operating margins are projected at 27.5% to 28%. A notable 2-for-1 stock split demonstrates confidence in sustained growth amid a rapidly evolving cybersecurity landscape.

Strong Financial Performance in Q1

Palo Alto Networks began fiscal year 2025 on a strong note, reporting total revenue of $2.14 billion in Q1, which reflects a 14% increase—surpassing management's guidance expectations. Notably, product revenue grew by 4%, while services revenue surged by 16% with subscription revenue alone up by 21%. This demonstrates a robust demand for their cybersecurity solutions, especially in subscription offerings.

Growth Across All Geographies

The company's strong performance was seen worldwide, with double-digit revenue growth across all geographic segments: the Americas grew by 12%, EMEA increased by 21%, and JPAC grew by 13%. This broad-based growth indicates a strong global demand for Palo Alto Networks' offerings and highlights the company's strategic positioning in the cybersecurity market.

Record Performance Obligations and ARR

Palo Alto Networks reported a remarkable remaining performance obligation (RPO) of $12.6 billion, up 20%, indicating a strong backlog of future revenue. Alongside this, their next-generation security annual recurring revenue (NGS ARR) grew by an impressive 40% to reach $4.52 billion. The company aims to further enhance ARR by transitioning QRadar SaaS customers to their core platform, XSIAM.

Focus on Profitability and Margins

The company managed to expand its gross margin slightly to 77.3%, despite some impacts from scaling new SaaS offerings. They also achieved a 60 basis points increase in their operating margin, reflective of their ongoing efficiency efforts. With a commitment to profitable growth, Palo Alto Networks demonstrated improved earnings per share (EPS) based on strong cash flow generation.

Strategic Shift Towards Platformization

Palo Alto Networks is making a significant pivot toward platformization, enhancing their cybersecurity solutions by consolidating various offerings into integrated platforms. This strategy not only caters to the evolving needs of customers but also positions them as a key player in the cybersecurity domain, tapping into a growing trend where many organizations are consolidating multiple vendor solutions.

Guidance for the Fiscal Year Ahead

Looking ahead, Palo Alto Networks provided guidance for FY2025 with projected revenue in the range of $9.12 billion to $9.17 billion (up 14%), NGS ARR forecasted between $5.52 billion and $5.57 billion (an increase of 31% to 32%), and an EPS forecast of $6.26 - $6.39, indicating 10% to 13% growth. This guidance reflects confidence in sustained growth and efficiency as they continue to leverage their platformization strategy.

Capital and Shareholder Returns

The management announced a two-for-one stock split, reflecting confidence in their business momentum and a desire to make shares more accessible to a broader base of investors. Furthermore, the company continues to maintain a debt reduction strategy, having paid down over $300 million of debt, which indicates a commitment to strong fiscal management.

Conclusion: A Promising Outlook

Overall, Palo Alto Networks showed strong financial performance while providing an optimistic outlook for the future based on their strategic initiatives in platformization and ongoing demand for cybersecurity solutions. Their ability to navigate the complexities of the cybersecurity landscape while maintaining growth in ARR and strategic investments positions them well for sustained success.

Earnings Call Transcript

Earnings Call Transcript
2025-Q1

from 0
W
Walter Pritchard
executive

[Presentation]

Good day, everyone, and welcome to Palo Alto Networks First Quarter 2025 Earnings Conference Call. I'm Walter Pritchard, Senior Vice President of Investor Relations and Corporate Development. Please note that this call is being recorded today, Wednesday, November 20, 2024, at 1:30 p.m. Pacific Time.

With me on today's call to discuss first quarter results are Nikesh Arora, our Chairman and Chief Executive Officer; and Dipak Golechha, our Chief Financial Officer. Following our prepared remarks, Lee Klarich, our Chief Product Officer, will join us for the question and a portion. You can find the press release and other information to supplement today's discussion on our website at investors.paloaltonetworks.com. While there, please click on the link for quarterly results to find the 1Q '25 supplemental information and 1Q '25 earnings presentation.

During the course of today's call, we will make forward-looking statements and projections regarding the company's business operations and financial performance. These statements made today are subject to a number of risks and uncertainties that could cause our actual results to differ from these forward-looking statements. Please review our press release and recent SEC filings for a description of these risks and uncertainties. We assume no obligation to update any forward-looking statements made in the presentation today.

This presentation contains non-GAAP financial measures and key metrics relating to the company's past and expected future performance. Non-GAAP financial measures should not be considered as a substitute for financial measures prepared in accordance with GAAP. The most directly comparable GAAP financial metrics and reconciliations are in the press release and the appendix of the investor presentation.

Unless otherwise noted today, all results and comparisons are on a fiscal year-over-year basis. Also note that management is scheduled to participate in the UBS Global Technology Conference.

I will now turn the call over to Nikesh.

Nikesh Arora
executive

Thank you, Walter. Good afternoon, and thank you, everyone, for joining us today for our earnings call. We're delighted to report a strong start to fiscal year 2025. And our first quarter of focusing on RPO and NGS ARR, we saw strength in both metrics and saw performed well ahead of our expectations. The market for cybersecurity continues to be robust and continues to grow faster than the overall technology market despite the acceleration of technology spend due to AI, cybersecurity continues to outpace technology spend.

We saw a particular strength in our next-generation security offerings, notably in Cortex and in NetSec. NGS ARR grew 40% to $4.5 billion. It is still well ahead of our industry's expectations independent of a onetime increase due to the IBM deal. On profitability front, we expanded our operating margin by 60 basis points year-over-year as we continue to see benefits from our broad efficiency focus while making the necessary investments to sustain our growth. This translated into a 13% EPS growth and strong cash generation. We are particularly pleased with our continued execution at scale, where we are able to balance our growth initiatives within our financial investment envelope, allowing us to deliver upside to our EPS guidance.

We've been talking about the benefits of simplifying security architectures and consolidating point products into platforms for a while now. I'm sure all of you remember our eventful quarter where we changed gears on platformization. And as I've said before, I wish we could have made our good decisions faster. We continue to see momentum across our partner ecosystem and our customers. More recently, our industry peers have been evangelizing the virtues of platformization and industry experts have begun to weigh in. I had our teams go back and compare the growth in the mentions of the word platform on cybersecurity earnings calls this year versus last year, we found an overall 50% increase amongst our peers. As they say, imitation is the highest form of flattery.

As another point of reference in recent research, Gartner sees 75% of secured leaders actively pursuing a vendor consolidation strategy, although less than 15% of large enterprise customers have implemented at least any one security platform solution. Gartner expects that by 2028, 45% of organizations will use fewer than 15 cybersecurity tools in their product portfolio, up from 13% of organization in 2023.

I do want to reiterate the definition of what we want to achieve as a platform. Central to stopping threats of the future is a robust AI and automation platformization strategy, and data is at the heart of it all. Our approach is to ingest all relevant security data once, stitch and analyze this with precision AI technology and natively automate end-to-end workflows. It's a tall order to take data from many different security vendors, analyze it on the fly and make a decision to stop an attack fast enough, but we're encouraged with the early success of our Exxon cloud platform to do exactly this.

In network security, we also collect all data across all Palo Alto Network security products and enable our customers to operate on a single pane of glass with consistent services, which work across all our form factors. We believe our network security strategy is the most comprehensive platform available in the industry, encompassing a majority of the use cases via a single consistent interface as one of our customers recently said, that's one pane of glass versus many classes of pain.

So while many of our competitors are talking about their platform approach, we don't believe they're equipped to deliver it in the way we can. We feel the cybersecurity industry is embarking into its next phase, where the market will continue to convert towards a fewer set of platformization players over the next 5 to 10 years. Point solutions will continue to get subsumed in these platform plays. Having started this trend, we intend to be one of those few players.

With this being the first quarter fiscal new year, we further oriented our go-to-market enablement around platformization, our goal is to broaden the effectiveness of our solutions selling across thousands of sellers and arm them to sell the value of our differentiated security outcomes across network security, cloud security and security operations. With platform-specific domain consultants and architects, we are able to bring tremendous focus to our go-to-market efforts.

I'm again pleased with the results we're seeing. These came through in our Q1 metrics. We added more than 70 new platformizations with about 1/3 coming from our acquisition of QRadar SaaS. We ended Q1 with approximately 1,100 platformization. Beyond the number of new platformization in Q1, we also stress strength in ARR per platformized customer. Our Q1 ARR or platformized customer was up 6% versus the average we saw during fiscal year 2024. The improvement in ARR is driven not only by our success signing larger transactions, it is also driven by our team's ability to expand existing platformized deployments continuously with new innovation that is delivered. For example, in network security, we have seen significant value from the adoption of advanced subscription services and uptake of add-on modules and SASE, such as ADEM or Autonomous Digital Experience Management, or CASB. ADEM and CASB are essential for us to be able to deliver AI solutions and air access capabilities in the future, and we believe this capability will become existential for all SASE customers. Our Q1 performance keeps us on track to achieve 2,500 to 3,500 platformization deals by fiscal year 2030.

We're happy with our continued strong growth in NGS ARR in Q1, fueled by our continued costimization momentum. We see multiple drivers here. Network security customers are ill deploying our software and SASE form factors, including adopting advanced Zero-trust security subscriptions across them. Over time, these customers have a significant incentive to converge the network security architecture towards adoption of our full form factors.

Outside of network security, where we now have well over $2 billion in NGS ARR, we are also seeing our cloud security and Cortex security operations business become significant as well. Last quarter, cloud security crossed the $700 million milestone, and this quarter, Cortex crossed the $1 billion milestone.

Looking at the large platform deals, we see a variety of opportunities across all of our customers. We signed a transaction with a large technology firm for over more than $50 million. This deal was headlined by a soft transformation, where we both replaced multiple SIMs exome and add XDR. The customer is facing rising costs in the stock with little automation and adequate visibility into the rising number of tailored attacks that leverage AI. The customer has a curate our customer and a year ago had platformized with us in network security. In this transaction, they added SD-WAN as well.

Next, we had a deal north of $15 million in value, the national hospital system platformizing their network security, which include an ELA for our firewalls. The customer is focused on both preventing a breach after observing the many high-profile incidents in the health care industry as well as reducing operating costs. We displaced a legacy for vendor and also set ourselves up for future SASE deployments. In SecOps, we also have an initial Cortex footprint and the secured our customer with an deployment.

Our financial institution customer standardizing our firewalls, including in LA in a transaction for over $20 million, after standardizing our network security platform with SASE in fiscal year 2024. While we had to win the firewall business based on the capability lines, our SASE platformization and our consistent NetSec architecture across form factors was a big differentiator. With the benefit of our consistent network security architecture, we were able to streamline operations across the network to drive lower cost. Last but not the least, we tried the transaction greater than $30 million for the physical security services company. The customer signed a large transaction with the last year, platformizing network security and security operations. In this quarter, the customer expanded both EXIM and XDR deployments and added SASE network security.

This is a challenging deal as there were significant changes as a customer with new IT Leap, including someone who previously deployed a SASE point product from a competitor. We were able to show both cost savings and a better security outcome from our consistent NetSec architecture. Our expanded Cortex footprint was driven by the customer's confidence that we are helping them identify and stop attacks. Overall, these are representative of a large deal momentum, where we saw 305 transactions over $1 million, up 13% and 60 transactions over $5 million, up 30% this quarter.

Switching gears, let's take a look at our 3 platforms and how they're supporting our growth. In network security, we continue to see steady demand in our product business. The demand continues to be a function of customer refreshes, capacity expansion and selective competitive takeouts, driven by the customer's desire to deploy our network security platform across the category. We're also seeing customers who has to move to the cloud are beginning to deploy more and more software firewalls to protect their cloud instances. With the recent upgrade of our products to be able to solve AI use cases, we continue to feel positively about strength in publicly cloud-deployed software firewalls. These represent 70% of our total virtual firewalls ARR and are driving our growth in this area.

SASE continues to drive transformation deals, as you saw in our customer stories. The true power of SASE and its extensibility now to our newer use cases helps validate the case from any of our new customers. Our SASE platform, has recently integrated AI-based monitoring, incremental capabilities to manage AI applications and even more recently, the PrisMax browser, which we will talk more about in a minute. Whilst our SASE customers grew 20%, more interestingly, 40% of our SASE customers this quarter are net new to Palo Alto Networks. This is exciting. So it creates a future opportunity post implementation to drive consistency by evolving these customers to the full network security platform. This was true for the financial services customer I mentioned. In addition to landing these SASE customers, we also have seen success driving large deals with SASE transactions over $1 million in contract value, up 40% in Q1.

Critical sustaining our NetSet performance are investments we're making innovating. We released an enhanced security capability for operational technology environments to address the growing challenges our customers face as a number of non-IT connected devices accelerate. Challenges and OT environments include a need for more visibility, a lack of segmentation and unsanctioned remote access. We have brought Precision AI to bear on this challenge, along with our new line of ruggedized firewalls.

We also saw strong interest from customers in our broad Secure AI by design portfolio with the AI Access letting the way. Our teams have been busy driving customer engagement. We have hundreds of customers leveraging AI access. We currently secure over 750 applications, a volume which we believe leads the industry and are growing this figure by the day. We are also providing in-line data loss prevention for more than 65 applications with this number growing as well.

Lastly, as part of our general availability release of our co-pilot capabilities across our 3 platforms, we rolled out the Strata Copilot. In our development process, we prioritize delivering superior accuracy and we've had fantastic feedback, The Strata Copilot trained on nearly 50,000 forces leverages best practices to help guide customers to faster decisions and help accelerate remediation. We have made a version of Copilot available to our customer support teams, which is beginning to positively impact our time to resolving customer issues, which we believe will continue to improve significantly going forward.

I want to spend a few minutes on the Prisma Access browser. We acquired Talon Cybersecurity in December of last year. We knew this technology would become increasingly important to secure unmanaged devices such as those used by contractors. We saw an opportunity to acquire high-quality scarce asset we first to natively integrate a secure browser into a SASE offering. Since then, we have been integrating the Talon browser with our leading security, DLP and access services and leveraging our network security capabilities. This has resulted in a much more robust secure enterprise browser, our Prisma Access Browser.

What has been rewarding has been a surge in interest in emergence of various use cases, the browser is the ideal place to counter targeted attacks such as issuing secure privileged users, and enable access to risky web applications. Customers are deploying Prisma Access browser as an additional security control that is transparent to the end user. Customers running the heart of business or SaaS applications and leveraging emerging applications are especially seeing the benefits of Prisma Access browser as a critical end user security control.

Also, the replacement of virtual desktop infrastructure, or VDI, is also starting to emerge as an opportunity. This is a legacy technology for which you are collectively unhappy. We are working to expand the pool of VDI users, which you can address by adding new protocols such as SSH and RDP and securely enabling mobile users. Adding our capabilities browser can further enhance the end user experience with Prisma Access browser compared to media. We've seen significant commercial transaction for Prisma Access browser with over 115 new customers and 1 million licenses sold since the time of the Talon acquisition. This traction of all auto network SASE customers, including some of our largest customers, highlights our ability to successfully integrate the innovation and the innovative technologies that we acquire and rapidly take to market. Prisma Access has about 16 million active licenses today. Our enterprise customers, the largest Prisma Access cohort are now eligible to leverage this license to adopt Prisma Access browser. We're seeing strong interest in this newly integrated capability.

Now moving on to Cortex. A strong momentum in this business continued with us crossing the $1 billion ARR milestone in Q1, as I mentioned before. We have built the Cortex portfolio steadily over the last 6 years, starting with SDR. Cortex offerings have both been recognized as leaders in their markets, but also work together seamlessly, the platform that can deliver superior security operations outcomes for our customers. In Q1, our leadership position continue to be reinforced by third-party recognitions, including from Gartner, in endpoint protection. Forrester and attack surface management and coping coal in security automation, orchestration response or SOR. stand out within Cortex and we have made significant progress since its release to GA about 2 years ago.

We continue to deliver both strong innovation and commercial momentum at XSIAM, released over 400 new machine learning detection modules, leveraging Precision AI to burden the scope of our autonomous stock capabilities. We now have over 150 active XSIAM customers, about 40 of which have more than $1 million in ARR. We also rolled out a program for managed security service providers in Q1.

One of the key highlights this quarter has been our partnership with including the QRadar transaction that closed this quarter. This is an amazing burgeoning relationship. I'm excited about the early momentum we are seeing from customers to migrate from QRadar to XSIAM. Following the close of the deal at the end of August, we have added over 550 QRadar SaaS customers to our Cortex customer base. Since announcing the transaction, we have seen a number of customers signed QRadar to XSIAM transaction for a total TCV so far, over $80 million as we execute against our well-planned go-to-market programs. Over predative XSIAM customer opportunities in the pipeline across the full SaaS and on-prem QRadar base worth of $1 billion in total value. We're also seeing further opportunity across this customer set with our broader Cortex offerings. This opportunity we see global with over half of the installed base outside the United States. We believe that this deal will help us to become one of the top 3 players in the SIM space over the upcoming years.

Beyond our success in Cortex and with XSIAM specifically, I want to highlight another trend we see in the market. Many of the attacks we see our customers are targeting their cloud environments. The pace of change in cloud is far faster than on-prem is challenging for security teams to keep up with. As new Cortex sometimes being pushed multiple times per day, and new cloud services are constantly being adopted by developers. This demand for real-time cloud security is driving us to bring together the capabilities of our leading SNAP portfolio, Prisma Cloud and our Cortex set operations capabilities to cloud attacks. This is black drop. We have sold millions of cloud detection and response agents, these deployments up 10x in the 2 quarters since the April launch of new offering. This has helped drive our combined Prisma Cloud and Cortex customer base, which is up 15% year-over-year. Interestingly, about 1/3 of our Prisma Cloud customers already use at least one Cortex product.

Our combined portfolio can bring superior security value and operational improvement to our customers. We recently released a new capability, integrating our ex automation capability in Cortex with our data security posture management, or DSPM in cloud, to automate the remediation of data security risks identified. We also released our AI-Copilots for Prisma Cloud and Cortex to general availability, while early in their adoption, we see significant promise here, driving towards security operations that are machine led and human empowered. And our Cortex Copilot beta, nearly half of users trusted to take security actions that we have.

With the recent or conversations around genetic AI, we have begun embedding agent capabilities across our copilots. We believe this agenetic vision of AI will be hugely impactful in security, and we're moving swiftly to adopt that into our product. We continue to drive innovation in our cloud security offerings. We released ESPM from our acquisition. We integrated that into Prisma Cloud to counter the rise in cloud data attacks. These critical DSPM capabilities enable customers to trace potential attack paths in their cloud environment to determine what sensitive data is at risk appropriately prioritize their response and remediate automatically. Along with our overall launch of secure by design, our run time and ISPM offerings targeted at cloud environments have also seen positive early traction. Lastly, we also launched another program for managed security providers as customers to enable partners to deliver security services in the customer cloud environment.

Before I wrap up and hand the call over to Dipak and I'll leave you with a few thoughts. One, we're seeing growing industry validation of our strategy with Q1 marking yet as a steady quarter progress. Platformization is fueling the growth of our NGS ARR and puts us on track to hit our long-range targets as we drive sustainable, profitable growth. We're signing large transactions with leading global organizations because our approach delivers better security outcomes than the alternative.

Over the last 6 years, we have integrated our solution across 3 AI power platforms, and this approach is driving our business. We believe we have the best network cloud and security operation platforms, and we will continue to invest across these areas and keep them at the forefront of the nexus of cybersecurity in the AI. Over time, we will steadily bring these platforms closer together to solve problems, leveraging our integrated capabilities and common data. We hear our customers asking for it and we are delivering on it today with real-time security across cloud and Cortex.

We also intend to lead these platform convergence opportunities that arise in the future. As you can see in Q1, our conviction and platformization and momentum gives us the confidence to make significant investments, notably in innovation. I believe we are the only dedicated cybersecurity company with resources and focus to drive consistent innovation and harness a substantial dedicated go-to-market capability to fuel our differentiated strategy.

We are releasing capabilities that our single form factor competitors network security are not able to offer such as our leading integrated browser in SASE. Our leading cloud and sets will fully position us to lead in real-time cloud detection and response. We're also seeing good early signs from product and go-to-market investments around the opportunity to create our customer base to exceed our XSIAM momentum further.

As for securing AI itself, our secure AI by design portfolio is off to a good start, enabling organizations to confidently and securely leverage AI in the enterprise. If I look at the broader technology industry, we have seen evergreen companies that successfully execute on the platform approach in markets such as CRM, HR, ITSM. We think this will happen in cybersecurity, and we are poised to be that company.

Boiling this down to the impact on our fiscal year 2025 outlook, we are raising our full year '25 NGS ARR, revenue and EPS in the back of a strong performance. Also reflecting our belief in the company's future and the momentum and confidence we have in our strategy, we announced a 2-for-1 stock split. This is also done to help ensure our shareholders accessible to all our shares are accessible to all employees and investors.

I'll now turn the call over to Dipak to give you more details of our Q1 performance and our guidance.

D
Dipak Golechha
executive

Thank you, Nikesh, and good afternoon, everyone. To maximize our time spent on Q&A, I will provide you with highlights of Q1. You can review the results in our press release and the supplemental financial information on our website. Note that we have removed billings and added NGS ARR and RPO to our supplemental financials, reflecting our focus on the latter metrics.

In Q1, total revenue was $2.14 billion and grew 14%, above the high end of our guidance. Within revenue, product revenue grew 4%, while total services revenue grew 16%. Going into services revenue. Subscription revenue grew 21% and support revenue rose 8%.

As Nikesh mentioned, the demand for firewall appliances was stable in Q1, and we continue to expect growth of 0% to 5%, as we have previously discussed. Our support revenue is mainly tied to our appliance factor.

Moving on to geographies, we saw double-digit revenue growth across all of our theaters with the Americas growing 12%, EMEA up 21%, and JPAC growing 13%. Total RPO grew 20% to $12.6 billion. We added approximately $68 million in RPO sequentially from the acquisition of the QRadar SaaS business. Approximately $30 million of this IPO was also included in our deferred revenue.

Our current RPO grew 18% to $5.9 billion. The average duration of our new contracts remained at approximately 3 years, in line with the year ago quarter and slightly down from Q4.

Our NGR grew 40% finishing Q1 at $4.52 billion. We added $74 million in NGS ARR from QRadar SaaS. We expect this QRadar NGS ARR to decline to approximately half this amount by Q4 as we focus on upgrading these customers to XSIAM and growing our XSIAM ARR.

Also, it is worth noting that about 1/3 of our new platformization in Q1 came from QRadar. These customers have both have over 100,000 in QRadar ARR and our active customers of Cortex XDR and Cortex XOR. That is a onetime increase as we completed the acquisition.

Moving down the income statement. Gross margin of 77.3% was down slightly as we saw the impact of some of our new SaaS offerings that haven't yet scaled. We continue to see efficiencies across the company as we focused on driving profitable growth. This resulted in 60 basis points of operating margin expansion and along with some higher interest and other income, drove upside to our earnings per share.

Our diluted GAAP EPS continues to grow along with our overall profitability and we generated strong free cash flow in Q1 based on collections of our substantial Q4 bookings.

On our balance sheet, you will see that our debt balance came down by over $300 million. We have continued to see early conversion of our convertible debt, which occurred at the option of the debt holders and was settled by us in cash and equity. Our remaining debt matures in June 2025 although we continue to see early conversions. We did not repurchase any shares in Q1, and our buyback strategy remains opportunistic. We continue -- we have $1 billion in authorization remaining through December 2025.

Before I turn to guidance, I wanted to touch on the early impact we saw as we shifted our focus squarely to RPO and NGS ARR as our top line metrics. We did this believing it would help further drive company-wide behavior to optimize our business for long-term value creation, and we are encouraged by the early results in Q1.

As we drove sales enablement and training to kick off the year, we focus the teams on maximizing exit ARR and deal profitability as compared to specific invoicing structures. I'm encouraged by some early signs we saw in Q1 where we reduced cycle times within certain steps of our deal close process. We also saw a handful of larger deals that work their way through the process, more smoothly than in the past. For example, a 7-figure SASE deal with one of the world's largest semiconductor companies accelerated through our process, we structured the deal around annual billings as compared to prior Panes proposals which would have needed longer scrutiny and approvals at our customer. In another 7-figure transaction for XDR with a health care customer, we were able to structure a deal to accommodate the customers payment terms requirements while focusing on maximizing exit ARR. We look forward to building on this to drive further improvements in predictability in our business as we focus squarely on NGS ARR and profitability in our deals.

In Q1, we focused our Pan financing capability on transaction where it was best suited, resulting in a meaningful reduction in the volume of these transactions. Instead of Pan we leveraged annual invoicing, which can be simpler for customers, especially when procuring SaaS offerings.

Last quarter, I mentioned to you that we would have expected our billings to grow 12% this fiscal year if we did not change any of the practices in our business that impact billings. After reviewing Q1 results, this would continue to be true under the same assumptions. The quarterly analysis of billings is no longer meaningful as it does not reflect how we now run the business. Based on our Q1 performance, we also remain confident in our cash flow outlook for the year.

With that, let me turn to guidance. For the fiscal year 2025, we expect NGS ARR to be in the range of $5.52 billion to $5.57 billion, an increase of 31% to 32%. As a reminder, this guidance includes the contribution of QRadar SaaS of about half of the approximately $74 million in ARR from QRadar in Q1 as well as incremental momentum in our offerings Nikesh and I discussed. Remaining performance obligation of $15.2 billion, $15.3 billion, an increase of 19% to 20%.

Revenue to be in the range of $9.12 billion to $9.17 billion, an increase of 14%. Operating margins to be in the range of 27.5% to 28%. Diluted non-GAAP EPS to be in the range of $6.26 to $6.39, an increase of 10%, 13% and adjusted free cash flow margin in the range of 37% to 38%.

For the second fiscal quarter, we expect NGS ARR to be in the range of $4.70 billion to $4.75 billion, an increase of 35% to 36%. Remaining performance obligation of $12.9 million to $13.0 billion, an increase of 20% to 21% and revenue to be in the range of $2.22 billion to $2.25 billion of 12% to 14%. We expect diluted non-GAAP EPS to be in the range of $1.54 to $1.56 per share, an increase of 5% to 6%. We included our typical modeling points in the presentation for you to review.

Finally, as Nikesh noted, we announced today a 2-for-1 split of Palo Alto Networks common stock. This decision is supported by underlying confidence in our continued business momentum and by our desire to make our stock more accessible to our employees and the broader group of investors.

Shareholders of record at the close of trading on December 12, 2024, we'll receive one additional share after the close of training on December 13, 2024, for every outstanding share held on December 12. Our stock will begin trading on a split-adjusted basis on December 16, 2024.

With that, we will roll on more video, and then we will start Q&A.

[Presentation]

W
Walter Pritchard
executive

[Operator Instructions] Our first question will come from Saket Kalia from Barclays followed by Brad Zelnick from Deutsche Bank.

S
Saket Kalia
analyst

A nice start to the year. Maybe this is a question for both you and Nikesh and Dipak. The platformization strategy is clearly starting to hit its stride. And we've talked about the ARR implications of that longer term, specifically the long-term ARR target. But I'm curious if we can just talk about the margin implications from platformization long term as those deals tend to be bigger and also tend to have higher lifetime value.

Nikesh Arora
executive

Well, I'm going to add Dipak to add. Pike look at margin, if you look at the biggest cost on any enterprise company's P&L, it's a cost of sales by far. The second largest cost is your COGS as it relates to cloud spend. Now we are privileged to have some amazing deals with 2 large cloud service providers, which allow us to maintain margins that are consistent almost with on-prem solutions that other people do because of our scale, and we expect that to continue to improve over time. So that -- at one end, that's a significant factor. The second significant factor towards margin improvement is, as I mentioned, cost of sales. So the more we can platformize with existing customers and have large deal sizes with customers, it reduces our effort but you don't have to get 20 deals to get $200 million like some of our peers, you get one deal for $200 million, which means the cost of sales is lower on an incremental basis as we established a land and expand strategy from a customer perspective.

And last but not the least, I sort of alluded to it, we're noticing some very interesting outcomes from a customer support perspective, which ends up being the third largest area of cost we're seeing, in some cases, our Tier 1 support cases are getting solved by support coals, which our support teams are using. So we're significantly reducing the time to resolution of support tickets at least on the sort of simpler end for now. But as I said, we've trained 50,000 data points into our network security copilot. I think as we get better and better at training our models and training their customer support copilots, where we've fully revamp the way we collect data on customer issues. I think there's tremendous potential there to give us future margin expansion. So I think across the board, margin expansion on COGS, margin expansion from lower cost of sales and margin expansion from customer support automation.

W
Walter Pritchard
executive

Next up is Brad Zelnick from Deutsche Bank, followed by Hamza Fodderwala from Morgan Stanley.

B
Brad Zelnick
analyst

Congrats on a strong start to the year. Nikesh, your net set competitors are talking about hardware refresh cycles. And I appreciate hardware is a much smaller part of your mix. So I won't bother asking why you're not expecting a refresh benefit like they are.

Nikesh Arora
executive

But we look forward to their refresh cycle. So we get a chance to take out their customers last Palo Alto. So I'm delighted there's a refresh cycle in the market.

B
Brad Zelnick
analyst

And that's exactly what I wanted to ask. Instead, how should we think about their refresh impacting your opportunity, both in the positive sense that you can go in and displace them as their boxes reach end of life, but also perhaps as a headwind. If they're using the event to bundle in ops and other next-gen capabilities. Are you running campaigns actively to go after this?

Nikesh Arora
executive

So Brad, let me parse that out actually I know I spoke faster and English on my second language. So I did try to suddenly land in there that I am positive about hardware, where I said we're seeing steady growth in hardware, both from refreshes of boxes for our customers. We're seeing expanded demand for new use cases like ruggedized and IoT, et cetera. And last but not the least, we are seeing slow and steady takeouts of other customers. So what's happening is our SASE cohort from 2 or 3 years ago, very landed with SASE as that end of life happens in that customer base for firewalls, they turn to us and say, now I know the Palo Alto security interface, I don't have to learn it and they can just put firewalls, hardware firewalls against that SASE management pain because we have the same security management pain across SASE. It's not going to be revolutionary, but it is going to be evolutionary. If you look every year, our market share in hardware firewalls goes up 200 to 300 basis points. So we think there are donors in the market of market share who will constantly keep donate market share as they hit their refresh cycles. And there are acquirers of market share, and we're hopefully one of those. So I actually have a steady expectation from product hardware which I think is going to underpin our growth across the board over the next few years.

W
Walter Pritchard
executive

Next is Hamza Fodderwala from Morgan Stanley, followed by Brian Essex from JPMorgan.

H
Hamza Fodderwala
analyst

Great to see the success with Prisma Access browser, you're into that acquisition. Nikesh, I wanted to get your -- just maybe early view into 2025. I mean, on the one hand, there's some optimism on the macro. You have a lot of new products. On the other hand, CIO, CSOs they still want value for what they're spending. There's some talks about the incoming administration looking to perhaps roll back certain regulations, maybe cut entire civilian agencies. You're a big seller into the federal government. So I'm just curious how you weigh those puts and takes as you look into 2025?

Nikesh Arora
executive

Thank you, Hamza, for a great question. Look, I think the most -- if you separate signal and noise, the biggest signal is AI in the next 12 to 48 months. NAI is already having significant impact both on the attack side, attacks are getting faster and faster and quicker. AI is possibly being used to evaluate what are the more vulnerable parts of your infrastructure, so we can go after that. So I think from a cyber incident perspective, unfortunately, it's not going to slow down. And that's the biggest driver of improved security posture and improve higher spend from CIOs. I think you're right. There is a consolidation. Let me spend less money for security. And there, we are discovering -- it's a more top-down motion than it is a bottom-up motion. And as you're aware, we are expending a lot of effort to interacting with CIOs and C-level executives. And actually, we're spending a lot more time with our partners trying to address that issue because they are typically involved in the transformation stage where say, let's take all of the stuff and put it together and replace it. So we're seeing early success. As I said, we should have done that sooner because when you sit across this as I say, look, you have 9 different products, you could bundle it together, take it down, have one management pain and you'll save a lot of cost because and they understand, because we're not ingesting data 9x across 9 products or in just to get once analyzing it 9x, and giving them the outcomes they want. So I think the trend is in our favor.

As regards the incoming administration, I think clearly, a higher standard deviation administration by the sounds of it, and higher standard deviation implies more risk and more risk implies possibly a more return.

W
Walter Pritchard
executive

Next up is Brian Essex from JPMorgan, followed by Joe Gallo from Jefferies.

B
Brian Essex
analyst

Great to see the strong profitability and cash flow, by the way. I want to ask about the integration between Cortex and cloud. And I wanted to understand when did that kind of hit the market? Is it typically led by Cortex or cloud? And how should we think about how that positions you competitively, not just in the cloud security market, but across all of Strata, Prisma, Cortex segments of the business?

Nikesh Arora
executive

So look, at a higher level, the cloud market is effectively right now, 3 parts, right? There's the entire configuration management part, which is the snap part and posture management part. There is the blocking real-time threats and protecting enterprises part, which is the CDR cloud detection response part. And then there's a cloud the network traffic that needs to be inspected from a firewall perspective. We're clearly leaders in the network traffic part. As we talked about, 70% of our use case is not public-facing cloud service provider traffic. We are still one of the leaders in the SNAP space from our early start in Prisma Cloud. But what I think is going to happen in the next few years, this market is going to shift more and more towards the real-time security side on cloud, which is where CDR, cloud socks, XSIAM become more and more important. So almost every one of our XSIAM deals, there is a portion of that is deployed toward cloud security now. And having that data together allows us to prioritize all the configuration issues and separate again, noise. So I'm going to let Lee describe a bit more about how we see that evolving. But I think that will change the cast of characters who are going to win in cloud security in the future.

Lee Klarich
executive

Yes. Thanks, Nikesh. Thanks, Brian, for the question. The you picking upward whre Nikesh left off, the -- if you think about sort of end-to-end cloud security, there's the -- all of the work that goes into sort of the cloud posture side, generates a lot of data and understanding about what assets are deployed, what workloads are deployed, how they're configured, how they might be vulnerable or susceptible to attack, connecting that with CDR, it allows us to both leverage that for better protection of the cloud workloads in real time. And vice versa, it allows us to leverage all the run time, cloud run time components back into posture from a remediation perspective. And so -- we initiated this earlier this year with the initial launch of CDR, which basically connects Prisma Cloud with Cortex. And then since then, we've been continuing to iterate on that and drive closer and closer integration between those 2 platforms.

W
Walter Pritchard
executive

Next up, Joe Gallo from Jefferies, followed by Matt Hedberg from RBC.

J
Joseph Gallo
analyst

I think you could characterize cyber guidance broadly for calendar 4Q, is tepid at best. But yet your F 2Q guide calls for an acceleration in RPO and really strong ARR. So I mean, what are you seeing with budget flush or Fed or pipeline that's allowing you to kind of defy the gravity that others are feeling?

D
Dipak Golechha
executive

Well, I think we covered a lot of these, Joe, in our prepared remarks. I mean, we've got a product portfolio that we feel very proud of. We've just recently done an IBM acquisition, where we have a lot of additional pipeline that's coming through the pipe there. And hopefully, we've proven over the last few years that we have a forecasting process that we feel comfortable, like manages the business. So I don't want to comment about others, but we really focus more on what we see. And maybe your comment is just proof positive that our platformization strategy is working and is somewhat unique.

W
Walter Pritchard
executive

Matt Hedberg go ahead, followed by Greg Moskowitz after that.

M
Matthew Hedberg
analyst

What stood out to me the large deal success was striking. I know you spent a lot of time talking about platformization. It seems like Q1 brings a whole another level to it. Could you talk about specifically on the SIM side of it. The NGS, it really does seem like there's a next-gen sum replacement opportunity here. And we've talked a lot about some of the competitors with Splunk. Can you talk about just like what could -- what are some of the catalysts that could unlock some of these large replacement deals? I know they take a long time, but curious if there's anything that you guys can do to accelerate that.

Nikesh Arora
executive

Matt, look, we're very happy in 2 years since going GA on XSIAM, we're positively enthused about the progress we've made. We've crossed $1 billion in ARR and Cortex. We're seeing larger and larger IM deals. We have 150 customers. And as we know, men have a robust pipeline north of $1 billion. And this is the fastest-growing product in the history of cybersecurity at scale. Now the good news is, there are 2 or 3 very interesting characteristics of the SIM market. If you look at the SIM market, SIMs are off technology that is 10 to 15 years old. If you go back and look at the history of what SIMs are whether QRadar, Exabeam, Jazz, Sumo Logic, Splunk. These things are 10 -- 7, 10, 15 years old. I think there's a new breed of SIM players that is fast coming in to replace these legacy SIMs. I think we're going to go through a SIM replacement cycle that we went through the endpoint replacement cycle from Symantec and McAfee to the XDR vendors. I think it is a moment of SIM now for the next 5 years.

Now interestingly, every SIM deal that we see, we are able to deliver a much better security posture and median time to remediate and detect, which is better than the current deployment and we're able to save cost. So from a compelling proposition perspective, this is a no-brainer. You come and say, "I know you're spending $10 million a year running your stock. I can do it for $9 million. I can consolidate and I can improve your median time to remediate from 4 days in many cases from 19 minutes to 4 hours." So that's a compelling proposition. We are seeing tremendous amount of interest in the market. We have created a compelling event in the case of QRadar customers because they have to migrate to us or elsewhere, and we're seeing enough traction where people are considering Palo Alto instead. So I think in the next 3 to 5 years, you will notice that the entire $20 billion TAM of SIM is going to go through upheaval.

W
Walter Pritchard
executive

Next up, Gregg Moskowitz from Mizuho followed by Rob Owens from Piper Sandler.

G
Gregg Moskowitz
analyst

Nikesh, now that we're a few quarters into the platformization go-to-market, I'd love to get a little more of a flavor of how it's going. Is there and ask for 2 of the strategy that's been most successful so far. For example, if you were to look at traction with legacy trade-ins versus introductory offers or more multiproduct incentives. What would you say is resonating the most with customers?

Nikesh Arora
executive

I think that resonates the most, Greg, is elimination of execution risk. And what I mean by that is when I go to go to a customer saying, okay, let's go do this in a phased manner. We'll replace your SASE or deploy SASE for you. And then Phase 2 will come in and replace their firewalls, they like that. If I say don't worry, I'll start executing today and you can start paying me when you stop being the other vendor, that's kind of the -- that's like the golden bare hog because the biggest risk they have is wait I have to go extend another deal by 1 year. Guess what, that you're sending a signal to the other vendor, you're out in air, so the prices go up. And I say, don't worry about it. Let's start executing now were deployed, you can pay me when the current contract expires. So that elimination risk is resonating the most. Again, the customers fully understand that we're going to get our pound of flesh in the year 2 or year 3 of that deal. So they understand there is no free lunch. But eliminating that execution risk goes a long way. I think the -- as I said to Hamza and I said in our prepared remarks, it really helps us step back and say, like, what are you trying to achieve? I mean, in many cases, we've been able to converge XDR and SIM RFPs, for example, saying, listen, 50% of the data is going to go into XDR, which is going to be one vendor. That data is needed for AI-based or machine learning-based analysis across the entire stack. Why wouldn't you make sure that, that data can be part of the same and be used to improve your posture and get better, faster outcomes

W
Walter Pritchard
executive

Next question, Rob Owens from Piper Sandler, followed by Gray Powell from BTIG.

R
Robbie Owens
analyst

Nikesh, in your prepared remarks, I love for you to build on the data security. And another one of the holy grails alongside next-generation SIM, of course, is data that everybody is chasing. So what you're seeing from end customers? I know you made acquisitions of a DSPM capability in the space. But how you see Palo Alto's evolution longer term relative to the data opportunity?

Nikesh Arora
executive

Rob, this is my perfunctory question. I have to give to Lee otherwise...

R
Robbie Owens
analyst

Sounds good.

Lee Klarich
executive

Thanks, Rob. The -- look, if you take a step back, data securities is a long-standing sort of product category that's often been very painful. It's difficult to be after in data classification. It's difficult to figure out what policy is to enforce and it's difficult to do that holistically everywhere the data might exist and need to be protected, right? So there's 2 pieces to our data security strategy that you've seen us evolve. First is around getting coverage of all the places where data might exist and improving the data classification capabilities within those. So over the last 6 months, we've launched AI-based data classification, leveraging large language models, machine learning models to get more and more accurate in the data classification, being able to apply that to all different places where data can exist and move.

The second piece and very importantly, is the tie-in with Prisma Access browser. The way that users interact with data, access it, download it, share it is one of the highest risk areas for data security. And historically, it's been very difficult to get all of the necessary context for enforcing an accurate policy. Within the Secure Browser, we get all of the context needed. And what we're already seeing with the early adopters of Prisma Access browser is the realization that this One component of what it does is effectively a next-gen data security component for how they secure data interaction with all of their employees. And this is part of the reason why the browser is expanding from being primarily focused on unmanaged device and third-party contractors to actually being something that applies to all devices and all users across the entire enterprise.

W
Walter Pritchard
executive

Next up is Gray Powell, BTIG, followed by Andy Nowinski from Wells Fargo.

G
Gray Powell
analyst

Let me ask a question on the call. I really appreciate it. So Acton, I'm a little confused on the NGS ARR statistics. If I look at the numbers, and back out the QRadar deal, you added around $230 million in net new ARR this quarter versus $270 million a year ago. That metric has never been down on a year-over-year basis before. So is there something or something with the acquisition that maybe I'm not thinking about? Or just like what was the driver there? And then for the full year increase in NGS ARR, how much of that is organic versus full visibility on the QRadar asset?

D
Dipak Golechha
executive

So let me answer both, Gray, let me just start off with the NGS ARR was above our guidance. So some of this, we already knew when we provided the guidance, but -- some of the products that move into NGS ARR have also been the advanced forms of our cloud subscriptions from a year ago, so things that were attached to our firewalls, where we made them cloud-enabled. Some of that happened last year, which is what led to a lot of the increase in the ARR. We're now lapping that. We're not -- so that's really the bigger explanation of the base. We knew that. That's why we included that in our guidance to begin with. When it comes to what's happening with QRadar, we talked about the onetime benefit. Our strategy is to convert all of the customers to XSIAM. Over time, we expect about half of that to occur within this year. So we would expect maybe half of that additional NGS ARR to be there by the end of the year.

Nikesh Arora
executive

Great, I think to recast what Dipak said, you have seen the peak inorganic NGR this quarter at $74 million or the number from IBM. And half of that, we will migrate to us, and we expect half of that still stay on QRadar for -- through the end of this fiscal year. So there's no more net new inorganic NGS ARR expected this year.

W
Walter Pritchard
executive

Next up, Andy Nowinski from Wells Fargo, followed by Fatima Boolani from Citi.

A
Andrew Nowinski
analyst

Great results this afternoon. I wanted to ask you about the Prisma SASE. You highlighted a number of large deals that either deployed SASE or the expanded with SASE? And I know it's bringing a lot of new customers, which is great. But I was wondering if you could provide an update on the growth of ARR from that solution, whether those new customers you're bringing into Palo Alto onto the platform, are coming at the expense of other vendors? Or are those -- were they just not using any SASE solution previously?

Nikesh Arora
executive

So -- and all of the above, there are some customers who are going through a network transformation and they're now replacing their legacy VPN clients or other solutions they've had in the past. In some cases, there are competitor vendors who only had an Internet proxy-based deployment with the legacy VPN or in some cases, with Palo Alto VPN, which is converting to a full SASE solution from us. So we see all variants of that, as we said, 40% of that are net new logos to us, which means they are not deploying a Palo Alto VPN. They're deploying our SASE solution. So we're seeing all of that.

I just think the SASE market, as I said in the past, is a fast-growing market. We have clearly established ourselves one of the top 3 players in the market. I think we're definitely growing faster than some of the others, one or at least one more of the other top 3 players in the market. And we particularly like the SASE space because we're always innovating, providing new stuff as we basically -- as I said in my remarks, we've made it available to every existing SASE customers. They can deploy Prisma Access browser for the unused licenses. So they can actually experience the browser. It's integrated. It's in the same management pain. It's the same UI. Yes. So I guess I feel positive about it. We haven't quite $1 billion yet as the way we told you, but we're looking forward to it.

W
Walter Pritchard
executive

Fatima Boolani from Citi's up next. And our last question will be from Roger Boyd from UBS.

F
Fatima Boolani
analyst

I think the topic jour is definitely QRadar and a lot of the momentum that you've been seeing that $80 million or more than $80 million of bookings that you've already seen in the short amount of time. What I wanted to actually shift gears on is on the on-premise side of the QRadar business. And Nikesh, some of your commentary, which I think is so there is just a stage stale technology in the SIM market, right? So that $500 million or so of revenue that is just still captive in the QRadar on-premise space, what is the thought process, the strategy to really forklift those customers to the Goodies in XSIAM? And as you think about the arc of the next 12 to 24 months, how should we think about a multiplier effect on that business to really give Cortex booster shot to have it potentially be your biggest pillar?

Nikesh Arora
executive

Yes, Fatima, I -- we had our Board meeting yesterday, and 1 of my Board members and I had this debate about which deal is going to look like the best deal Palo Alto ever did. And my bet is in the IBM deal, he bet on the Talend deal. Of course, I like both of them equally successful. But specifically, as it relates to QRadar, our teams are very focused. Since close, we've called the top 500 customers and reached out to see if we can support the migration from QRadar to Palo Alto. This is irrespective of whether they are QRC or on-prem. I mentioned $1 billion pipeline. That $1 billion pipeline is a hybrid pipeline at both QRock and on-prem customers. The message is out there to on-prem customers that this technology will also over time be migrated. And I have to say IBM is doing a phenomenal job working with us and being proactive with those customers where we go -- I had a call yesterday with the CIO or IBM and elsewhere together in the room where we're talking to the customers saying they will provide the migration services, they'll work on the migrating the rules from QRadar to Palo Alto XSIAM and we're going to do it together. So look, it's -- we haven't done a partnership like this ever in the history of our company. I have seen one in the cybersecurity industry yet. We have a lot of expectations, but it's a lot of execution, a lot of hard work. It's not going to happen because I snap my fingers, but -- our teams are focused, we're dedicated. We're trying to do that. I think this will propel us into the top 3 SIM players in the market in the next 2 years from nowhere. We did not play in this space 2 years ago.

W
Walter Pritchard
executive

Last question, Roger Boyd to wrap it up.

R
Roger Boyd
analyst

Dipak, you noted that contract duration on new business remain constant at 3 years. Can you comment on what you're seeing with renewal and upsell business? And particularly when customers are renewing on a platform deals and adopting XSIAM, which carries longer duration. I guess as we look to gauge the success of some of these platformization deals, shouldn't we expect to see contracts lengthen as customers place more strategic bets on your platform?

D
Dipak Golechha
executive

Yes. So I think we're, Roger, thanks a lot for the question. Look, at the end of the day, we're a large company with lots of different customers. We're definitely seeing the dynamic that you mentioned on some customers -- we also see dynamics where other customers are saying, look, I know there's a lot more innovation to come. Let me go shorter duration on the renewals because that could be ahead of the large platformization in the future. So we see a little bit of everything. I think on the renewals, just the data trended slightly up, but nothing significant.

W
Walter Pritchard
executive

And end the Q&A. I'll turn the call back over to Nikesh for his closing remarks.

Nikesh Arora
executive

Thank you, everyone, once again for joining us. As I said, I'm very excited about our great start to FY '25. We look forward to seeing many of you at upcoming investor events. I also want to thank all of our employees who put a lot of hard work to help us deliver these amazing results. And also, of course, I want to thank all of our customers to trust in Palo Alto for delivering cybersecurity solutions to them. For that, have a wonderful day.