Palo Alto Networks Inc

NASDAQ:PANW

[Presentation] Good day, everyone, and welcome to Palo Alto Networks' Fiscal Fourth Quarter 2024 Earnings Conference Call. I'm Walter Pritchard, Senior Vice President of Investor Relations and Corporate Development. Please note that this call is being recorded today, Monday, August 19, 2024, at 1:30 p.m. Pacific Time. With me on today's call to discuss fourth quarter results are Nikesh Arora, our Chairman and Chief Executive Officer; and Dipak Golechha, our Chief Financial Officer. Following our prepared remarks, Lee Klarich, our Chief Product Officer, will join us for the question-and-answer portion. You can find the press release and other information to supplement today's discussion on our website at investors.paloaltonetworks.com. While there, please click on the link for quarterly results to find the Q4 2024 supplemental information and the Q4 '24 earnings presentation. During the course of today's call, we will make forward-looking statements and projections regarding the company's business operations and financial performance. These statements made today are subject to a number of risks and uncertainties that could cause our actual results to differ from those forward-looking statements. Please review our press release and recent SEC filings for a description of these risks and uncertainties. We assume no obligation to update any forward-looking statements made in the presentation today. We will also refer to non-GAAP financial measures. These measures should not be considered a substitute for financial measures prepared in accordance with GAAP. The most directly comparable GAAP financial metrics and reconciliations are in the press release and the appendix of the investor presentation. Unless specifically noted otherwise, all results and comparisons are in a fiscal year-over-year basis. We also note that management is scheduled to participate in both the Goldman Sachs Communacopia and Technology Conference, and the Citi Global TMT Conference in September. I will now turn the call over to Nikesh.

Thank you, Walter. Good afternoon, everybody, and thank you for joining us today for our earnings call. As most of you are aware, the intensity around technology reliance, connectedness and as a consequence, cybersecurity continues to accelerate. Supply chains and interconnected systems have become the norm for bad actors to target. By most metrics, cyber incidents and their impact continue to be on the rise, and we saw it in spades in Q4, notably the large-scale breaches. A growing number of technology and business trends are further complicating the situation, creating additional challenges. The combination of these is getting further C-suite attention and focusing around cybersecurity. Organizations increasingly rely on their IT system, and nothing makes this more evident than a significant outage or security breach. Over the last 6 months, financial damages from an individual breach topped at $1 billion. In other case, the impact on business was existential and required significant work dedicated to system recovery and rebuilding. Our Unit 42 group is being called into customer crisis situations. We see a wide variation in breach situations, but ransomware remains a significant threat tying many together. A relatively new phenomena of public ransomware extortion is raising the [ profiler's ] challenge as organizations need to deal with the pressures of public disclosure before they have had time to do an early assessment. In addition, the time customers have to address an issue before damages escalate is shrinking. In fact, our research has found that, in nearly half of cases, attackers can exfiltrate customer data less than a single day of compromise. Geopolitical tensions remain at high levels as evidenced by multiple regional conflicts in the news. Cybersecurity activity is often elevated in these environments, and we see multiple nongovernment agencies impacted by this nation state activity. We have seen this trend building for a number of years. Customer environments have been more complex with the adoption of capabilities such as work from anywhere, public cloud and more recently, AI. This complexity is additive with old technologies that have not been retired. Meanwhile, a multitude of uncoordinated security defenses are simply layered on. The sprawling interconnectedness of business through their IT systems is multiplying the impact of a breach. Instead of breach impacts being isolated to a single company, we're seeing customers, suppliers, partners and others in the ecosystem being severely impacted. This has been most prevalent in the health care and retail industries, but this could happen anywhere. A recent high-profile outage involving security tools has elevated the cybersecurity conversation further. In addition to wanting to better understand the security risks, the C suite and Boards are also now digging deeper into the technologies being deployed to mitigate these risks. Meanwhile, AI continues to generate significant excitement in the market, and many organizations are starting to scale transformative use cases that can enable new sources of revenue and/or drive substantial efficiencies. AI adoption is proceeding at a rapid pace, faster than honestly I have seen any other new technology. However, it is following a typical pattern. Innovation is driving the speed of adoption, while security might be an afterthought. At the same time, adversaries are leveraging AI capabilities to broaden attacks, better target organizations and scale their malicious activity beyond the capabilities of defenses that relies solely in humans. This environment, paired with an ever more challenging threat landscape and a complex set of point products that are not well integrated or even coordinated, is driving a growing need for platformization. We saw this translate into an acceleration in our bookings in the second half of the year following the roll of our platformization strategy in fiscal year 2024. We're delighted with our Q4 results. We drove the top line ahead of the overall cybersecurity market and delivered improved profitability and strong cash generation. We exceeded our guidance range for quarterly revenue and EPS while exceeding our original annual guidance ranges for operating margin and free cash flow. We also grew RPO 20%. We saw strong growth in our next-generation security offerings, and we exceeded our next-generation security ARR guidance, significantly surpassing the $4 billion milestone in Q4. We grew NGS ARR 43% with strong contributions across the portfolio. And we have another milestone with $4.2 billion of NGS ARR to close out the year. It's more than half our fiscal year 2024 revenue. Remember, 6 years ago when I started, this was 0. We completed the year by expanding operating margins by 320 basis points and achieving nearly 39% free cash flow margin, generating well over $3 billion of free cash flow. We also continue to deliver healthy GAAP profitability. I know there was significant consternation around our platformization strategy 6 months ago. All I want to say is I wish we had started down that path sooner. The amount of interest and activity around it has certainly been heartening and shows promise. After a strong addition of approximately 65 new platformizations in Q3, we added over 90 new platformizations in Q4, now have well over 1,000 total platformizations amongst our 5,000 largest customers as we exit FY '24. Beyond the number of platformization, we saw something interesting. We saw a sequential increase in average ARR per platformized customer in Q4. For perspective, our average ARR per platformization is up over 10% since Q1. This effectively means as we convert our customers to platform customers and single platform customers to multi-platform customers, we see an uplift in ARR. This is an exciting development. [ Prefacing ] the rise in interest around platformization, senior-level customer meetings increased 70% year-over-year in the second half of the year and grew even faster in Q4. This engagement is key to aligning the customers' senior team with our platformization strategy and its benefits. We have a growing team of our executives and sales leaders focused on these engagements worldwide. We expect platformization to be a key driver towards achieving our goal of $15 billion in NGS ARR in fiscal year 2030, and our Q4 performance bolsters our confidence in our ability to reach this goal. You heard from a customer in the intro video, and I want to give you some more stories to dimensionalize our success at platformization in Q4. As you saw in the video, we signed a high 8-figure deal, in fact, a very high 8-figure deal with Schlumberger that started with executive engagement in our briefing center earlier in the year. They are an existing firewall and XSOAR customer. As part of the platformization, we expanded our firewall footprint, added Prisma Access and moving them closer to a Zero Trust network security implementation. Additionally, we added Prisma Cloud for cloud security, replacing an incumbent cloud security competitor. We also agreed to transfer their SIEM, replacing 2 distinct SIEM offerings with our AI-powered next-generation SIEM, XSIAM. They are now 1 of our marquee customers platformized across all 3. We had a mid-8-figure platformization deal with a global semiconductor manufacturer, building on a 5-year relationship. We worked with the customer on a project to reduce their costs and achieve a more consistent security outcome. This led to a discussion on transforming their network security to Zero Trust. Additionally, the customer agreed to deploy our Cortex platform. This approach was deemed more comprehensive and superior to a solution that was proposed, which comprised various point products from competitors, which would have to be stitched together. Third, we platformized a global media company across all 3 of our network security form factors. The customer prioritized and focused on driving Zero Trust network transformation for an increasingly mobile workforce while under significant cost pressures and dealing with the complexities of an M&A integration. The customer is also leveraging XSOAR and Xpanse to improve automation and better understand their attack surface. Our team ultimately converted this lengthy sales cycle into a 9-figure deal. Lastly, a U.S. financial services firm is moving 90% of its applications to the public cloud, significantly reducing its data center footprint. In that process, they're looking to consolidate point solutions and simplify the management of their security environment. This customer expanded from its existing Cortex XDR and XSOAR footprint to add XSIAM replacing, again, 2 incumbent SIEMs. Additionally, the customer added firewall capacity and Prisma Cloud for cloud-native applications to deploy a comprehensive cloud security solution to secure their move to the cloud. Now I'll highlight the drivers of our momentum and key innovations across our 3 product platforms as we look towards fiscal 2025 and beyond. Over the last 5 years, we have driven a significant transition as an industry around more software-driven network security. Our strategy to deliver a comprehensive approach towards network security with hardware, software form factors for both on-prem and cloud and an industry-leading SASE solution is working. Not just that. Our comprehensive set of software subscriptions work consistently across all these swing factors. We continue to see our Firewall as a Platform billings growth growing in a healthy manner, up 17% in fiscal year 2024. While there is slower appliance growth around the industry, our NetSec growth has been driven by SASE and the software firewall business. Our Firewall as a Platform billings are now 2/3 of the total, up from just over 40% 2 years ago. This year, our VM and SASE business grew 40% propelling this mix shift. Our software-based virtual firewall business continues to show strong results with bookings accelerating in the second half. Helping to drive this, we doubled our cloud next-generation firewall business, which runs natively on top of our -- of the 4 hyperscalers. Along with cloud next-generation firewall, we're seeing an inflection on software firewall business, as about 70% of the business this quarter was being used to protect the public cloud. These customers choose the Palo Alto firewall instead of the firewall from the cloud service provider. Our customer momentum in SASE remained strong, with customers growing by over 20%. Once again, in FY '24, more than 1/3 of our new SASE customers continue to be new to Palo Alto Networks. This is encouraging. We're effectively landing in network security with all 3 of our product families allowing us to eventually drive platformization and move these customers to a Zero Trust platform. Our natively integrated enterprise browser has attracted more attention to our SASE offerings since the Talon acquisition. Not only is it now an integral part of SASE. We're also able to provide the customers an ability to protect the AI usage of employees both in our SASE and browser product. Beyond our software and SASE form factors, our cloud-based subscriptions are driving steady network security growth. A significant driver is the advanced versions of 4 of our core subscriptions, modernized to be fully cloud delivered like newer subscriptions such as IoT and DLP. We have seen strong adoption of our first [indiscernible] advanced subscriptions, which carry a higher price point than our original subscriptions. Advanced URL Filtering, our first, has been adopted by over half of our customers after 3 years on the market. We just launched Advanced DNS in Q4 and are excited to see it ramp as well. More broadly, we have seen the overall subscription attach rate per customer increase from 2.6 at the end of fiscal year 2022 to 3.5 today. We have 10 subscriptions that run across all of our network security offerings. Customers can buy these on our firewalls one by one, in bundles packaged for a specific network security use case or as an enterprise license agreement to cover the entire estate. Beyond the strong network security momentum, we are innovating to ensure we can continue to lead the network security market as software and SASE further drives growth. Some of the most important highlights are Prisma Access browser. Following the acquisition of Talon in Q2, we launched the industry's first and only enterprise browser natively integrated with SASE this month. Leading up to the launch, we saw strong interest in this technology with over 100 customers adopting our Talon-powered Prisma Access browser. The browser is available to our existing and new SASE customers. We have seen success with our autonomous digital experience management capability integrated with SASE, which helps customers proactively identify sources of downtime and ensure network availability for the hybrid worker and branch office. We followed that up by adding this capability to our firewall and have seen strong initial interest. We launched our AI Access offering, enabling our organization's workforce to use AI tools with confidence while giving security teams full visibility, robust controls, data protection and proactive threat prevention measures. AI Access can easily be turned on for our over 5,000 Prisma Access customers. Following our early access program in July, we have now seen interest from over 1,000 customers to deploy AI Access. Finally, leveraging our industry-leading virtual firewall capability, our AI Runtime offering is experiencing strong interest from Prisma Cloud and network security customers looking to protect their AI applications, models and data from threats. As we look forward, the direction of the network security market is as clear to us as it's ever been. We are focused on driving the benefits of platformization through our 3 network security form factors, and getting our customers to true Zero Trust architecture delivers the best security with the lowest cost to operate. Turning to Prisma Cloud. The enterprise adoption of a public cloud is a generational change in IT that has been underway for at least half a decade. More recently, this has been fueled by the adoption of AI services in the public cloud. The public cloud must be secured differently than on-premise environments, and we recognized this more than 5 years ago. In this highly competitive market, we have not only established ourselves as the largest pure-play cybersecurity cloud security business being the first to $700 million in ARR. We also have the broadest footprint of cloud security capabilities in the market. As a great confirmation of our leadership and innovation capability, leading SaaS players have chosen Prisma Cloud to secure their production environments. We have CRM, HR and collaboration leaders who all signed significant deals with us in fiscal year 2024. These players are amongst the most sophisticated users of public cloud technology, and hundreds of thousands of organizations trust them to operate a secure, enterprise-grade SaaS offering. We are proud to be able to showcase them as customers. Highlighting the comprehensiveness of our platform, we had a number of key innovations in Q4 that show our ability to stay in the lead in this competitive market. For example, we released our 13th Prisma Cloud module data security posture management based on the acquisition of Dig Security. The Dig team has moved quickly, not only releasing this module but also helping to integrate data security comprehensively within Prisma Cloud. An important use case for securing data in the cloud is securing cloud native LLM-based applications. To address this need, we released AI security posture management, our 14th module. Lastly, we released cloud detection and response capabilities, leveraging the best of Prisma Cloud in Cortex. CDR gives the SOC full visibility into security events in the cloud as well as real-time threat detection and remediation. With an increasing frequency and scale of breaches targeting cloud environments, CDR capability is becoming a critical differentiator and a comprehensive cloud security platform. As we close out there, along with the overall acceleration we saw in our second half business, our large deal business in Prisma Cloud was up with strong growth in new and expand business in Q4. As we look forward, we will ensure Prisma Cloud stays ahead of the CNAPP market new capabilities. We will bring new real-time capabilities to the cloud and enable full cloud security integration to the SOC. These will be essential for our customers as public cloud and AI adoption broaden. Last but not the least, Cortex. Fiscal year 2024 was a watershed year for Cortex. We firmly established XSIAM as the transformation platform for security operations and continue to innovate across the broader Cortex portfolio. We also expanded the Cortex customer base bringing us future opportunities for XSIAM and maintain ARR growth on a significantly increased scale. XSIAM achieved approximately $500 million in bookings in FY '24 alone, up more than 2x versus our fiscal year 2023. Our active customers are up 4x over the same time period. We finished the year with over 30 customers north of $1 million in XSIAM ARR. Customers are seeing the security outcomes that XSIAM can deliver, namely a dramatic reduction in the time to discover, remediate security events. This is important in identifying signs of breach and stopping the activity before significant business interruption occurs. Our ability to deliver the substantial outcomes unlike any product we have sold since the introduction of our original next-generation firewall more than 15 years ago and the growth of XSIAM is following a similar path. Beyond XSIAM, our momentum in Cortex continues with the business passing $900 million in ARR this year. The focus of our platformization efforts for Cortex is with XSIAM. Having closed out fiscal year 2024 with well north of 100 XSIAM customers, we have seen some amazing outcomes of deployed customers. More than 50% have achieved a median time to resolution for security incidents of under 10 minutes coming from days. After the first quarter deployment, these customers have then seen an additional 2x improvement in their median time to remediate. Looking forward, we have increased conviction that we can lead the transformation of any organization's security operations center with XSIAM. We see a growing list of customers with an appetite for the outcome we can deliver, and we believe the market is at a point that is ripe for disruption. We have a strategy of delivering additional value to our Cortex XDR, XSOAR, Xpanse customers by enabling them to platformize XSIAM. We also see a significant opportunity to provide real-time capabilities in cloud security, where cloud detection and response capabilities can help drive this opportunity. Lastly, we expect to close the IBM QRadar SaaS assets acquisition by the end of September. We're excited to work with our colleagues at IBM to bring XSIAM to their customers. It doesn't stop with XSIAM platformization. We are also equally excited about our newest launch, XSIAM for Cloud. This allows organizations to comprehensively address cloud security issues as part of their security operations. Additionally, we are partnering with many service providers and system integrators to build capability together to continue accelerating our XSIAM opportunity. And finally, a quick note on the recent widespread outages in the industry. I want to reiterate, our product uses an approach that deploys a 1% to 3% wide sample test cohort to ensure no issues, and then we release content updates in a phased manner. We have additionally enabled controls so customers can manage the update process and control it. The recent outage has caused a number of customers to reevaluate their options. They have initiated conversations with us around XDR and XSIAM. This, plus our industry-leading Cortex technology, is appealing as we've talked -- to everyone we have talked to so far, and we think it has potential to further drive our Cortex momentum. When I came to Palo Alto Networks, we articulated a clear strategy that for our continued success, we needed to ensure our products were constantly improving. We were solving problems for our customers the best way possible, and also, we are solving new problems. In other words, our success would depend on our product portfolio and product quality. I continue to be excited about our continued growing leadership position in the cybersecurity categories. With our products, customers adopt the best-of-breed offering and eventually evolve to a platform approach. The results of our innovation are evident in the broad analyst recognition of our leadership position across 24 categories. This quarter, we added a new recognition of incident response services, a testament to our industry-leading capabilities in breach response and recovery. We also added a leadership recognition in data security posture management, our eighth for Prisma Cloud. One last area to highlight. We continue to believe in the opportunity around AI. We think we are in the very early innings, and AI will be both a threat and opportunity. I'm particularly proud of our teams who stepped up and delivered this comprehensive suite of AI Security solutions for our customers. We also continue to infuse AI into our platforms, allowing us to bring leading solutions to our customers. These AI solutions are off to a good start. We surpassed $200 million in AI ARR to close out the year, underscoring the traction, the AI-first products we have had in the market such as XSIAM and AIOps. In May, we announced our suite of AI security offerings that launched our Precision AI campaign featuring the TV ad with Keanu Reeves. Over the last several weeks, we have released the announced product, namely AI Access, AI firewall or Runtime Security and AI Security Posture Management. We believe this makes us the first to market with a comprehensive portfolio for secure AI by design. Before I hand over the call to Dipak, I want to reflect on our journey and set some context as we discuss fiscal year 2025. Throughout fiscal year 2024, you saw a backdrop helping create interest and demand for enhanced cybersecurity. This helped to accelerate our bookings in the second half of the year. It is also reflected in our new platformization as we closed the year with strong momentum and our strong NGS ARR. FY '24 marked a seminal moment in our history. I feel our innovation engine is now leading the market by showing enhancements to our SASE portfolio, our cloud security efforts or in the SOC. We have new integrated solutions for our customers. Take AI. We believe we are the only scale cybersecurity player to lead the market in a comprehensive suite of AI solutions. We feel comfortable that we are on track towards our target of making Palo Alto Networks the first $15 billion ARR security business. We have made decisions on how we run our business to maximize long-term ARR, which aligns well with growing shareholder value. The select club of enterprise companies has scaled [ near our ] business in front of us, and we intend to join the club. Dipak will cover in detail how we will evolve our external metrics in line with this. We closed the year with strong top line growth, expanded our operating margins and drove best-in-class cash conversion. And we are confident that we can continue this in fiscal year 2025 and beyond. With that, I will hand it over to Dipak.

Thank you, Nikesh, and good afternoon, everyone. To maximize our time spent on Q&A, I will provide you with highlights of Q4. You can review the results in our press release and the supplemental financial information on our website. In Q4, total revenue was $2.19 billion and grew 12%, above the high end of our guidance. Within revenue, product revenue declined 5%, while total services revenue grew 18%. Drilling into services revenue, subscription revenue grew 23% and support revenue grew 10%. It is worth noting that product revenue grew 24% a year ago as the supply chain normalized, resulting in growth above our underlying demand in that period. Despite the tough Q4 comparison due to supply chain constraint reversals in the second half, fiscal '24 -- the second half of '23, fiscal '24 product revenue grew in the low single-digit range, which is in line with our expectations. The firewall appliance market demand was stable in Q4, and we continue to expect growth of 0% to 5% as we have previously discussed. Moving on to geographies. We saw revenue growth across all theaters with the Americas growing 11%, EMEA up 14% and JPAC growing 15%. We saw strength across all of our geographic theaters. Total RPO, a metric that better represents our top line growth and billings, grew 20% to $12.7 billion. Our current RPO grew 17% to $5.9 billion. The average duration of our new contracts remained at approximately 3 years, in line with our third quarter. As Nikesh mentioned, our NGS ARR grew well past the $4 billion, ending the year at $4.22 billion and growing 43%. Strength in NGS ARR was broad-based across our 3 security platforms. We reported Q4 billings above the high end of our guidance, driven primarily by double-digit booking growth and higher volumes transacted on PANFS. On our balance sheet, you will see that our debt balance came down by $199 million and is now under $1 billion. Like in Q3, this reduction was driven by the early conversion of our convertible debt, which occurred at the option of the debt holders and were settled for us in cash and equity. Our remaining debt matures in June 2025 although we may continue to see early conversions. We did not repurchase any shares in Q4, and our buyback strategy remains opportunistic. Our Board of Directors approved an additional $500 million buyback authorization such that we now have $1 billion in authorization remaining through December 2025. I wanted to give you some context around our NGS ARR RPO billings and total services revenue metrics. You can see the relatively steady trends in RPO and NGS ARR, which closely matched the trends in total services revenue, while we have seen more volatility in billings. We've talked through a year now about the factors that impact our billings. Over a year ago, we began to see the impact of rising interest rates on how customers perceive the cost of money and procurement situations. This was causing many to ask for payments to be spread over multiple years instead of an upfront payment. In response, we leveraged programs such as annual billings and our PANFS financing capability. The impact on billings varied based upon which program the customer chose and how the deal was structured. Also, during this fiscal year, we rolled out our platformization strategy, and we offered customers more flexibility in payment terms when making large strategic commitments. This has had a further impact on our billings. In both of these situations, we found ourselves facing the choice of maximizing billings or focusing on NGS ARR, and we want all to have all of the incentives aligned to the latter. RPO and revenue are both important to understanding our business momentum. Revenue gives you the near-term view of our growth. Our RPO helps you understand the longer-term trend and the scale of our book of business that will drive revenue. This aggregate measure is driven by contracts we signed each quarter and the long-term growth in RPO influences our revenue growth over time and gives you visibility into the future trend. As a reminder, the contracts included in our RPO are all noncancelable and nonrefundable in nature. We aspire to continue to grow RPO ahead of our target forward revenue growth rate as that helps us build confidence in these growth rates. Now focusing further on NGS ARR. As a reminder, NGS ARR is an important metric for us as it shows the return on the significant investments we've been making in the next-generation areas of our cybersecurity market that are also growing the fastest. We expect these offerings will disproportionately drive our growth as we transform our revenue. Our recent rollout of platformization has sharpened our focus on maximizing ARR. For example, we started the account review process early in fiscal year 2024 to identify white space amongst the largest organizations globally and maximize ARR. As we followed up with the rollout of our platformization strategy, we focus not only on the total deal value or the cash collected upfront but also on an exit ARR and profitability of the recurring revenue stream. We can accommodate customer points of friction while maximizing this recurring revenue as we structure deals with customers to encourage their strategic adoption. These friction points include the challenge of replacing multiple products simultaneously and the issues around double paying while working through complex contract terms. In making these short-term concessions to billings, we ensure a valuable long-term relationship with a deal that meets our and the customers' needs. I've talked to you about how NGS ARR and RPO are becoming more prominent in our focus as we drive our platformization strategy. The shortcomings related to billings have become significant over the last 12 to 18 months and further increasing as we drive our platformization strategy. In evolving our metrics, we solicited the input of some of our largest shareholders and looked at how our peer companies are giving guidance. Investor feedback was that quarter-to-quarter billing volatility is merely a distraction, and it does not impact our assessment of the shareholder value we can create over the medium and long term. We've seen a number of companies disclose ARR and adopt an RPO-related metric to help investors better understand the business trajectory. Some of those companies include Adobe, Salesforce, ServiceNow and Workday. As a result, beginning this quarter, we will focus on NGS ARR as our key top line guidance metric in addition to revenue. We will provide NGS ARR guidance both quarterly and annually. We will also provide total RPO guidance quarterly and annually this year to help investors understand the size of our book of committed contracts compared to their future expectations for our revenue. Since we know this is a change for you after many years of guiding billings, I wanted to help provide a onetime bridge back to what we would expect our billings to look like if we were not to change any of the practices in our business that impacts billings. If we were to keep the mix between our PANFS and billing programs in fiscal year 2025 in line with what we had in fiscal year 2024, we would expect this to drive 12% growth in our billings in fiscal year 2025. Before I get to detailed guidance, I want to give investors some additional color on the drivers of our cash flow as that is an area that we continue to receive questions on. First and foremost, our improving operating margins have been the most important driver of our free cash flow margin. We have seen our operating margins improve by over 800 basis points since fiscal year '21, when we began a more intensive focus on profitable growth. This higher operating margin has helped us put a higher floor under our free cash flow margins. We continue to see ample opportunity to expand our operating margins supporting our free cash flow. Beyond improvements in our operating profitability, the timing of customer cash payments can impact our free cash flow. Over the last 4 years, we have gradually absorbed an increase in customer preference for payments over time, increasing this proportion of our bookings from 6% in fiscal year 2020 to 30% as of the most recent quarter while maintaining or even increasing our free cash flow margins. I'm happy that we've been able to do this, and we have confidence we can continue this gradual transition within the business and sustain our free cash flow margins at 37% plus through fiscal year 2026. I also wanted to update you on the pending transaction with IBM. We continue to expect the deal to close by the end of September, depending on the timing of regulatory approvals and other customary closing conditions. At this point, we have included several tens of millions in acquired revenue from legacy QRadar SaaS products and our fiscal year 2025 revenue guidance with this number decreasing over time based on the speed at which we migrate -- curate our customers to XSIAM. We have also embedded the ongoing expenses in our operating margin, cash flow margin and EPS guidance. Now moving on to guidance. For the fiscal year 2025, we expect NGS ARR to be in the range of $5.42 billion to $5.47 billion, an increase of 28% to 30%; remaining performance obligation of $15.2 billion to $15.3 billion represents, an increase of 19% to 20%; revenue to be in the range of $9.10 billion to $9.15 billion, an increase of 13% to 14%; operating margins to be in the range of 27.5% to 28%; non-GAAP EPS to be in the range of $6.18 to $6.31, an increase of 9% to 11%; and adjusted free cash flow margin to be 37% to 38%. For the first fiscal quarter of 2025, we expect NGS ARR to be in the range of $4.33 billion to $4.38 billion, an increase of 34% to 36%; remaining performance obligation of $12.4 billion to $12.5 billion, an increase of 19% to 20%; revenue to be in the range of $2.10 billion to $2.13 billion, an increase of 12% to 13%; and non-GAAP EPS to be in the range of $1.47 to $1.49, an increase of 7% to 8%. Since we know this is a change for you all after many years of guiding billings, I wanted to remind you of the onetime bridge back, which I talked about before. Finally, we included our typical modeling points in the presentation for you to review. With that, we're going to play one more customer video, and then we will move to the Q&A portion of the call. [Presentation]

Thank you, Dipak. [Operator Instructions] The first question will come from Saket Kalia from Barclays, with Hamza Fodderwala from Morgan Stanley on deck. Go ahead, Saket.

Nikesh, maybe for you. It's been a great start to the platformization strategy. I guess the question is, as you look at the -- those top 5,000 customers that we're targeting as part of that 2,500 to 3,500 goal, how much of that is white space versus competitive takeout? And maybe related to that, when we started thinking about the platformization strategy, you talked about giving customers more flexibility as they transition to off of legacy solutions. How is that additional flexibility helping with these platformization wins?

Well, first of all, Saket, thank you. He always seemed to manage to get the first question and so congratulations. As I said, very, very positively excited by the response to platformization. We've literally had customers reach out. Most recently, a customer we were about to close a deal, customers said, no, no, I don't want to do this one deal. I actually want to sit down with the whole platformization discussion. We might do it next quarter, but let's not go to point solutions at a time. So these are these anecdotes. These are these moments where it gets really exciting for us and our sales teams. In terms of your question about where are they coming from, as you mentioned, 1/3 of our customers and SASE are net new to the company. So when we platformize them on SASE or Zero Trust network security, they're new to the company. There's a lot of existing customers that are highlighted in our 4 of our largest deals where they already were Palo Alto customers, but they use the opportunity to go embrace the larger platform because they saw the vision. They participated and they bought into it. And this is where it's really helpful where they say, listen, I really like the platformization idea. I have 2 parts of the puzzle. But my third part of the puzzle, I need another 12 months with the other vendor to expire so that I can go embrace Palo Alto. Don't worry about it. You have to, well, start implementing the third and we'll turn on our economics the moment the other vendor is done. Now what that does, as I've said in the past, it takes over the execution risk because they're not worried that they'll stop paying and they'll start paying us then. And they have to worry is it going to work or not. At the same time, it also creates that economic bridge for them. But for us, it's amazing because -- like I have a very simple view. This goes back to the days of when CRM was not a platform or ticketing or management IT infrastructure without a platform. At that point in time, you have 4 or 5 applications doing this. But once you bought 1 that did all 5 things, you never went back and deployed 4 different things to solve the problem. So we believe we have a unique opportunity in the platforms we offer. And as I said, I wish we've gone there earlier than later. So I firmly believe this is what's going to help us get to the $15 billion number faster.

Next up, Hamza Fodderwala from Morgan Stanley followed by Brian Essex from JPMorgan. Go ahead, Hamza.

Congrats on a strong finish to the year, and Dipak, thank you for all the helpful guidance and modeling points. Nikesh, I really appreciate the disclosure on the AI security ARR. I think over $200 million of ARR there already. There's 2 parts to that. There's the AI for security operations, which has been Cortex XSIAM, which has been the fastest-growing product, I think, you guys have had in Palo Alto's history. And then the other part is securing AI, which when we talk to CISOs, seems to be a really big problem. It's coming up more and more in all the various industry conferences. So I'm curious -- I know it's early days. You just announced some of these products. But based on the pipeline you're seeing today, how fast of a product cycle do you think this could be because it seems like an entirely new category altogether?

That's a great question. Thank you, Hamza. So I think as you know, the XSIAM product is excellent in its own regard. We've shown you we did $500 million bookings this year, which I think the second year of a product is spectacular by all means. And that helped us drive the $900 million in ARR in Cortex. And we're seeing super related results from a median time to remediate. I just reviewed a bunch of this morning. We got some customers down to under 10 minutes. So it's really exciting. And that does form a part of the ARR. There is a very reasonable part of that ARR that comes from our network security business, where we actually deployed AI operations into our firewalls, which is what I call infusing AI into network security. So that allows us to actually anticipate when the customer might run out of capacity, anticipate firewall issues. So that's part of it. Not a lot of that revenue is coming from the product we just launched because we launched all of our 3 products pretty much this year, not even last year. We started launching on July 20 through August 16. So all of our AI security suite is then. But as I mentioned, about 1,000 customers are interested in AI Access, which is the thing they're most interested in. There is a financial service organization which you might know. It's the first time in our history that the entire security team literally walk up to the screen and say, "Wait, what are you doing here? Yes, we want to talk to you about that." So early days, exciting. And the reason it's exciting, as I said, it's seminal for me because it's very rare that you'd expect a large cybersecurity player to show up with innovation ahead of the market. And now that we can deploy AI Access to all of our 5,000, 6,000 Prisma Access customers or can deploy AI firewalls against all of our virtual firewall customers, it's interesting because all they have to do is turn on a switch and they don't have to deploy new instances or new agents. It's just going to work. So early days, exciting, and I'm pretty sure these products will go through multiple versions as they get more and more robust.

Next up is Brian Essex from JPMorgan followed by Andy Nowinski from Wells Fargo. Brian, go ahead.

Maybe, Nikesh, you mentioned on the call about the outage in July and how that impacted some of the demand on your platform. But what are you hearing from CISOs? Or what did you see in the quarter, one, in terms of like follow-through from the pipeline for the quarter? Was there a pause and then that catch-up? And then maybe an adjacent question, how are -- how might this be changing the way that some CIOs are looking at the exposure that they may have to one vendor, one type of technology? And I know sort of that you highlighted the difference in the way that you roll out the updates, but just looking for a more higher level, one, deal experience and then, two, CIO thought process as they approach next-gen technology.

Well, Brian, as I've said publicly as well, like, that was a tough event. It's simultaneously impacted tens of millions of users, which is unfortunate. I appreciate the way CrowdStrike handled it. At the same time, it caused 2 things to happen. One, customers started asking us, "You have the same product. How do you deploy it?" And as I highlighted to you, we have a fundamentally different way in which we do content updates and have been doing it for a very long time. So we were able to articulate that. Funny enough, some of the customers are busy remediating that issue while they're trying to get our deals done with them. So it's kind of interesting. They would say I'm so busy fixing that, so we had to sort of drag our deals kicking and screaming in some cases. So that was kind of interesting. But I think what it did do is, like you said, it caused customers to step back and say, "Wait a minute. I need to make sure that I'm evaluating all the XDR opportunities in the market." And for us who is not the #1 player in the market, we're in top 4, I think, in that market, hopefully trending towards 3, it's exciting because customers are giving to -- willing to give us consideration. On the XDR space, it's no longer a slam dunk for some other players in the market, so -- which is helpful for us, helpful for our sales team. And I think we can build on that. Coupled with our XSIAM capability and opportunities that we just talked about, I think it gives us comfort that it's going to keep helping us drive momentum in Cortex.

Next one from Andy Nowinski at Wells Fargo followed by Gabriela Borges from Goldman Sachs. Go ahead, Andy.

So Nikesh, it seemed like one of the common factors of those platformization deals that you talked about on the call involved consolidation on the SIEM side. So maybe once the deal with IBM closes, do you think your platformization deals could possibly accelerate if SIEM conversion is actually a core driver or impetus of these deals?

I'm going to have Lee answer. Otherwise, he doesn't come to these calls.

I think the -- our ability to land customers on any of the 3 platforms and expand is fundamental to how we can approach this with customers. With that being said, XSIAM, this past year, has been a bit of a revelation to see our ability to innovate with a new platform, launch it and quickly get some of the world's largest companies to adopt it and adopt it as a large-scale SOC transformation. And you're seeing that with -- the results of that with the median time to resolution, driving down from days to minutes. Less than 10 minutes is world class. And so to see some of these large customers of ours achieve that so quickly is phenomenal. I believe that once we have that position in the SOC, that will help to drive the other platforms because the other platforms will help bring -- we'll be able to show where good data sources are and less good, less valuable data sources are and actually help our customers walk through an ongoing security transformation based on the insights that XSIAM is able to glean from seeing all of the security data in one place.

Next up, Gabriela Borges from Goldman Sachs followed by Fatima Boolani from Citi. Gabriela, go ahead to your question.

Nikesh, either for you or for Dipak. You've talked in the past about some of your own internal leases of AI to drive operating efficiencies within your business. Give us a little bit of an update on how that's going. Where do you feel you are in that road map of being able to implement AI to, for example, saving your customer operations and around things like that? And a little bit maybe on how -- what you've learned from the last year in adopting AI for yourselves in-house?

Great question. So there are 2 parts -- 3 parts, as I said. One we've infused AI in our products, and we talked about that at length just now. The second part is using generative AI to create customer helpful AI copilots as well as AI Copilots for our customer support teams because they can also use them. And then the third part is just driving internal efficiencies. Let me start with the third part first. We had approximately, give or take, 300 people who were involved in solving employee tickets for our employees, so about 2% of our 15,000 people. We have just launched, last week, what we call the internal AI employee experience, that has allowed us to reduce that head count by 50%. And we think that can go down to 80% because we've been able to automate a lot of the tasks and also use generative AI to answer employees' questions. So you can think about 200 people odd, which we don't need, either our own employees or third-party contractors because it's boring work, it's horrible work to have to go keep solving IT problems that have been solved 1 million times before. Now we've automated a bunch of them, use AI to fix it. So that's one project. We've got some early results. Some of our best developers are 40% better in coding who have used our internal coding copilot. [ It's already is ]. We expect that we should be able to deploy that capability across 3,000 of them. If I remember, coding is only 1/3 of their job because they do other things for the other 2/3 of their job. But even in the third, if my best person is 40% better, an average person is 20% to 25% better, there's opportunities for better code and we can do more. So those are sort of the 2 internal efforts if you will. On the customer support side, again, the most fascinating discovery for us is we have an internal customer support copilot, which is consistent with our copilots we are sharing with our customers across Cortex, Prisma and Strata. And those customer support people, the best one is equally productive irrespective of tenure after 3 months. So I can hire a net new person, have them solve customer problems and 3 months in, they're as good as somebody who has been here for 3, 4 years. So these are all very promising signs. There's a lot of work that we're doing. But part of our philosophy is if we don't go through the trials and tribulations and try it ourselves, we're not going to get to be a great company using AI. So early days but very excited.

Next up, Fatima Boolani from Citi followed by Tal Liani from BofA. Go ahead Fatima.

Nikesh, I wanted to zero in on some of your Prisma Cloud prepared remarks. You talked about a business acceleration in the back half. And your tone suggested a material improvement in that pillar and maybe a little bit more of a proverbial pep in your step in that segment of the business, especially when I think about last year, when you did allude to some irrational market behavior, market participant dynamics and activity. So I wanted to get to the bottom of what's underpinning some of that back half acceleration and some of the more sanguine kind of outlook on the Prisma Cloud franchise from here.

I'll have to go back and listen to the sentiment analyzer on my own call afterwards. But reacting to your pep in my step. Like last year, as I said to you prior, that because of the aggressive new players, they cut prices down 30%, 40%. So whilst we saw the volume increases, pricing was impacted in the industry, causing effectively our growth rate not to be as exciting as we wanted it to be. That has stabilized for sure. We also took some remedial steps in turning our business into an ACV business for Prisma Cloud unlike the rest of our business because we wanted our sales team to act in a similar fashion as the market we're seeing. They made a bunch of product improvements, and we actually went to our biggest customers and ensured they were -- our products were effective for them. And I said, coupled with that, what has also happened is, as I mentioned, that some part of -- most of our customers are now using many modules, which are oriented towards network security in the cloud. We run on all 4 hyperscalers natively, which is most -- which is in addition to CNAPP. It's also our network security part and our real-time cloud security part. So given the 14 modules we have from a comprehensiveness perspective, we found some of the customers where we can uniquely solve their use cases, allowing us to do those large deals. And anyway, the platformization helps. And like with Schlumberger, they bought all 3, right? So it wasn't a separate decision for them to go buy Cortex from us and cloud from somebody else and network security from somebody else. So that ability to drive platform also helps drive our cloud security business.

Next up, Tal Liani from BofA followed by Patrick Colville from Scotiabank. Go ahead, Tal.

You spoke in the past about shorter contract duration. What are the implications on free cash flow generation? Are there any short-term or long-term implications? And then in general, can you talk about -- free cash flow improved so dramatically over the last few years. Can you talk about the long-term outlook for free cash flow margin?

Sure, Tal. I'll take that one. Just to start off with -- I think I said in my prepared remarks, our contract lengths actually did not shrink. They've been roughly consistent at 3 years for our new deals, and they've been actually relatively constant for quite a while now. So you do have some areas where the contract lengths may be small -- shorter. You have others like platformization deals where they're more strategic in nature, but on average, it ends up being that much. I think in terms of the ability to generate free cash flow, frankly, I think the most important part about our free cash flow is really the operating margins. I mentioned that -- in my prepared remarks that since fiscal year '21, we've actually improved our operating margin by 800 basis points. That really is the biggest buttress to what has happened, and we've been able to absorb the change in the amount of deferred payments going from 6% to 30% in the last quarter like over that same time period. So I think we've proven that we've been able to deliver strong cash flow. Like whilst being able to absorb all of these deferred payments, we feel very confident that we'll be able to continue to do that in the future.

Next question, Patrick Colville from Scotiabank followed by Roger Boyd from UBS. Go ahead, Patrick.

I mean, Nikesh and Dipak, the financial disclosure you guys gave us is terrific. You gave us a huge amount of metrics. But the metric I want to focus on is the new RPO guide. So RPO rose 20% in 4Q. And the guide implies, I think, a 19.5% at the midpoint in fiscal '25. So I guess what gives you the confidence that there's going to be kind of no deceleration over the next 12 months? Is it specific business lines? Or is it IBM QRadar acquisition or hiring? Can you just kind of double click on that, please.

Well, I think, Patrick, it's a combination of factors. As I mentioned, we've seen the pipeline. We've seen the acceleration in the second half. If you look at our first half versus second half, implied bookings have gone up. We see the pipeline for next year. Obviously, the IBM business is part of that. Obviously, the strength we're seeing in XSIAM is part of that. Our platformization efforts are part of that. And this year, we have tried to anticipate that with making sure we have resources in place for the coverage we need to deliver those numbers.

Next up, Roger Boyd from UBS followed by Matt Hedberg from RBC. Roger, go ahead.

Maybe just a follow-up to Dipak's comments, a question ago on annualized billings. But you noted, Dipak, that 12% would be kind of the bridge to billings guide this year if you maintain a similar mix of financing and annual billings. Given the shift towards RPO and ARR guidance, is it fair to assume that, that mix will probably not be that similar to what you saw last year as well as probably additional factors around interest rate environment? Just any thoughts on what you might see from the mix of financing annualized billings?

Yes. Look, I think we'll see a mix more towards annualized billings and away from financing. Like I think, the simplest way to think about it is if you do financing, it's another piece of paperwork. It's a loan document at the end of the day. It does create like more work out in the field. And so in line with our platformization strategy, we're all about like figuring out where all the friction points are and trying to eliminate them where we can and continue to do the best thing for the shareholders. So that's really what we're driving here and that's what I would expect to happen.

I think its code for that -- it will look very different because we may not be doing as many PANFS deals because they contribute to billings, but they don't change RPO or they don't change cash flow. So if you don't have to do too many PANFS deals, it saves time [ with the build ].

Next up is Matt Hedberg followed by our last question, will be Keith Bachman from BMO. Go ahead, Matt.

Congrats on the quarter and a big fan of the new guidance philosophy. I think it really does tie to the business. Nikesh, a question for you. With the election coming up and you guys have historically had a really strong federal business, just sort of curious about how you're thinking about U.S. Fed in 1Q and sort of what could that mean for kind of the update. It seems like there's a lot of pent-up demand there on the federal side. I'm just sort of curious on your outlook there.

Yes. Matt, I've learned in my life never try and foreshadow the government. Usually, it's not a winning strategy. Don't predict interest rate. Don't predict budgets. Don't predict the election. So we'll roll with the punches. We have people -- clearly, you know there's business that we have to renew because they have our Palo Alto capabilities and products and we're working hard in getting all that done. There's a bunch of new ideas and new projects that we're working on, and we'll keep powering through them. As the elections transpire, depending on what administration comes into play, this is going to impact a bunch of the budgets. But as I said, we had significantly derisked our federal expectations, as we told you earlier in this calendar year. So we're going with a muted set of expectations into the election to make sure that we don't see any bad surprises.

The last one will be Keith Bachman from BMO. Go ahead, Keith.

I wanted to ask about XSIAM a bit and break it into 2 parts. In your slide deck, you noted that your customer -- active customer count is up 4x. And I just wanted to hear a little bit about where those customers are coming from. And what I mean by that is are these displacements. Are you sitting side by side? Just want to hear a little more about that. And then, Dipak, for you, in my discussions with IBM, I thought the QRadar business was running about $100 million a little bit less than that in ARR. And you said tens of millions. So I just -- I wasn't sure what is being included when you think about the guidance there on what QRadar may add on a prospective basis over the next 12 months or so.

So almost every one of the XSIAM sales is we're replacing an existing SIEM and in some cases, multiples. As I mentioned in case of Schlumberger, we replaced 2. In case of the other 8-figure deal, we replaced 2 others. For the most part, it is -- if you looked at the market share of existing SIEMs in the market, our acquisitions, just north of 100 customers, would be a representation of us taking the same amount of share from each of those people. And if you look at the people out there, I think there's a bunch of people who's been around 15, 17 years, who have shared the market. Those will be the people we'll be replacing for the most part. So there's no net new SIEM. I don't think they're starting net new companies out there. That scale will require $10 million, $20 million, $30 million SIEM deal. So usually, we're replacing people who are out there. I will let Dipak answer the...

The IBM question. Just to keep things very simple, Keith, and we can follow up with you in more detail off-line. There are certain contracts that will be part of the IBM ELA or something like that. We won't be able to recognize the revenue of just the way that the accounting treatment works, and there will also be some contracts that require consent from customers, like -- so those are the kinds of things. We do expect, over time, things to move to XSIAM. Like our intention was never to do things, and that's much more ratable revenue anyhow.

So it just takes some time to get those customers transferred over. Yes, fair enough.

And to be honest, our real interest is in converting them to XSIAM, as you'd appreciate. That's right.

All right. Well, with that, we'll conclude the Q&A portion of the call. I'll turn it back over to Nikesh for his closing remarks.

I want to use the opportunity to thank all of you for supporting us and for joining our call. I also want to thank all of our customers, partners and entire ecosystem for supporting our business and last but most importantly, all of our employees who worked really hard to deliver these results. Thank you very much.