Palo Alto Networks, Inc. (NASDAQ:PANW) Q4 2024 Earnings Call Transcript August 19, 2024
Palo Alto Networks, Inc. beats earnings expectations. Reported EPS is $1.51, expectations were $1.41.
Walter Pritchard: Good day, everyone, and welcome to Palo Alto Networks’ Fiscal Fourth Quarter 2024 Earnings Conference Call. I’m Walter Pritchard, Senior Vice President of Investor Relations and Corporate Development. Please note that this call is being recorded today, Monday, August 19, 2024 at 1:30 P.M. Pacific Time. With me on today’s call to discuss fourth quarter results are Nikesh Arora, our Chairman and Chief Executive Officer; and Dipak Golechha, our Chief Financial Officer. Following our prepared remarks, Lee Klarich, our Chief Product Officer, will join us for the question-and-answer portion. You can find the press release and other information to supplement today’s discussion on our website at investors.paloaltonetworks.com.
While there, please click on the link for Quarterly Results to find the Q4 2024 supplemental information and the Q4 ’24 earnings presentation. During the course of today’s call, we will make forward-looking statements and projections regarding the company’s business operations and financial performance. These statements are made today are subject to a number of risks and uncertainties that could cause our actual results to differ from those forward-looking statements. Please review our press release and recent SEC filings for a description of these risks and uncertainties. We assume no obligation to update any forward-looking statements made in the presentations today. We will also refer to non-GAAP financial measures. These measures should not be considered a substitute for financial measures prepared in accordance with GAAP.
The most directly comparable GAAP financial metrics and reconciliations are in the Press Release and the appendix of the investor presentation. Unless specifically noted otherwise, all results and comparisons are on a fiscal year-over-year basis. We also note that, management is scheduled to participate in both the Goldman Sachs Communacopia & Technology Conference and the Citi Global TMT Conference in September. I will now turn the call over to Nikesh.
Nikesh Arora: Thank you, Walter. Good afternoon, everybody, and thank you for joining us today for our earnings call. As most of you are aware, the intensity around technology reliance, connectedness, and as a consequence, cybersecurity continues to accelerate. Supply chains and interconnected systems have become the norm for better actors to target. By most metrics, cyber incidents and their impact continue to be on the rise. And we saw it in spades in Q4, notably the large scale breaches. A growing number of technology and business trends are further complicating the situation, creating additional challenges. The combination of these is getting further C-suite attention and focusing on the cybersecurity. Organizations increasingly rely on their IT system, and nothing makes this more evident than a significant outage or security breach.
Over the last 6 months, financial damages from an individual breach topped a $1 billion. In other case, the impact on business was existential and required significant work dedicated to system recovery and rebuilding. Our Unit 42 Group is being called into customer crisis situations. You see a wide variation in breach situations, but ransomware remains a significant threat tying many together. The relatively new phenomena of public ransomware extortion is raising the profiles as challenge, as organizations need to deal with the pressures of public disclosure, before they have had time to do an early assessment. In addition, the time customers have to address an issue before damages escalate is shrinking. In fact, our research has found that in nearly half of cases, attackers can exfiltrate customer data in less than a single day of compromise.
Q&A Session
Follow Palo Alto Networks Inc (NYSE:PANW)
Follow Palo Alto Networks Inc (NYSE:PANW)
Geopolitical tensions remain at high levels as evidenced by multiple regional conflicts in the news. Cybersecurity activity is often elevated in these environments, and we see multiple non-government agencies impacted by this nation state activity. We have seen this trend building for a number of years. Customer environments have been more complex with the adoption of capabilities, such as work from anywhere, public cloud, and more recently, AI. This complexity is additive with old technologies that have not been retired. Meanwhile, a multitude of uncoordinated security defenses are simply layered on. The sprawling interconnectedness of business through their IT systems is multiplying the impact of a breach. Instead of breach impacts being isolated to a single company, we’re seeing customers, suppliers, partners and others in ecosystem being severely impacted.
This has been most prevalent in the healthcare and retail industries, but this could happen anywhere. A recent high-profile outage involving security tools has elevated the cybersecurity conversation further. In addition to wanting to better understand the security risks, the C-suite and Boards are also now digging deeper into the technologies being deployed to mitigate these risks. Meanwhile, AI continues to generate significant excitement in the market, and many organizations are starting to scale transformative use cases that can enable new sources of revenue and/or drive substantial efficiencies. AI adoption is proceeding at a rapid pace faster than honestly I’ve seen any other new technology. However, it is following a typical pattern.
Innovation is driving the speed of adoption while security might be an afterthought. At the same time, adversaries are leveraging AI capabilities to broaden attacks, better target organizations, and scale their malicious activity beyond the capabilities of defenses that rely solely on humans. This environment, paired with an ever more challenging threat landscape and a complex set of point products that are not well integrated or even coordinated is driving a growing need for platformization. We saw this translate into an acceleration in our bookings in the second half of the year, following the role of our platformization strategy in fiscal year 2024. We’re delighted with our Q4 results. We drove the top line ahead of the overall cybersecurity market and delivered improved profitability and strong cash generation.
They exceeded our guidance range for quarterly revenue and EPS, while exceeding our original annual guidance ranges for operating margin and free cash flow. We also grew RPO 20%. We saw strong growth in our next generation security offerings, and we exceeded our next generation security our guidance significantly surpassing the $4 billion milestone in Q4. We grew NGS ARR 43% with strong contributions across the portfolio. And yet another milestone with $4.2 billion in NGS ARR to close out the year is more than half our fiscal year 2024 revenue. Remember six years ago when I started, this was zero. We completed the year by expanding operating margins by 320 basis points and achieving nearly 39% free cash flow margin, generating well over $3 billion of free cash flow.
We also continue to deliver healthy GAAP profitability. I know there was significant consternation around our platformization strategy six months ago. All I want to say is, I wish, we started down that path sooner. The amount of interest and activity around it has certainly been heartening and shows promise. After a strong addition of approximately 65 new platformizations in Q3, we added over 90 new platformizations in Q4, now have well over 1,000 total platformizations amongst our 5,000 largest customers as we exit FY ’24. Beyond the number of platformization, we saw something interesting. We saw a sequential increase in average ARR per platformized customer in Q4. For perspective, our average ARR per platformization is up over 10% since Q1.
This effectively means as we convert our customers to platform customers and single platform customers to multi-platform customers, we see an uplift in ARR. This is an exciting development. Representing the rise in interest around platformization, senior-level customer meetings increased 70% year-over-year in the second half of the year and grew even faster in Q4. This engagement is key to aligning the customer senior team with our platformization strategy and its benefits. We have a growing team of our executives and sales leaders focused on these engagements worldwide. We expect platformization to be a key driver towards achieving our goal of $15 billion in NGS ARR in fiscal year 2030, and our Q4 performance bolsters our confidence in our ability to reach this goal.
You heard from a customer in the intro video, and I wanted to give you some more stories to dimensionalize our success of platformization in Q4. As you saw in the video, we signed a high 8-figure deal. In fact, a very high 8-figure deal, [indiscernible] that started with executive engagement in our briefing center earlier in the year. They are an existing firewall and XSOAR customer. As part of the platformization, we expanded our firewall footprint, added Prisma Access of moving them closer to a Zero Trust network security implementation. Additionally, we added Prisma Cloud for cloud security, replacing an incumbent cloud security competitor. We also agreed to transfer their SIEM replacing two distinct SIEM offerings with the AI powered, next-generation SIM, XSIAM.
They are now one of our marquee customers platformized across all three. We had a mid-eight figure platformization deal with global semiconductor manufacturer building on a five year relationship. We worked with the customer on a project to reduce their costs and achieve a more consistent security outcome. This led to a discussion on transforming the network security to Zero Trust. Initially, the customer agreed to deploy our Cortex platform. This approach was deemed more comprehensive and superior to a solution that was proposed, which comprised various point products from competitors, which would have to be stitched together. Third, the platformized global media company across all three of our network security form factors. The customer prioritized and focused on driving Zero Trust network transformation for an increasingly mobile workforce, while under significant cost pressures and dealing with the complexities of M&A integration.
The customer is also leveraging XSOAR and XSIAM to improve automation and better understand their tax surface. Our team ultimately converted this lengthy sales cycle into a 9-figure deal. Lastly, a U.S. financial services firm is moving 90% of the applications to the public cloud, significantly reducing its data center footprint. In that process, they’re looking to consolidate point solutions and simplify the management of their security environment. This customer expanded from its existing Cortex XDR and XSOAR footprint to add XSIAM, replacing again two incumbent SIMs. Additionally, the customer added firewall capacity and Prisma Cloud for cloud native applications to deploy a comprehensive cloud security solution to secure them both to the cloud.
Now, I’ll highlight the drivers of our momentum and key innovations across our three product platforms as we look towards fiscal 2025 and beyond. Over the last five years, we have driven a significant transition as an industry around more software-driven network security. Our strategy to deliver a comprehensive approach towards network security with hardware software form factors for both on-prem and cloud, and an industry’s leading SASE solution is working. Not just that, our comprehensive set of software subscriptions work consistently across all these form factors. We continue to see our firewall platform billings growth growing in a healthy manner, up 17% in fiscal year 2024. While there’s slower appliance growth around the industry, our NetSec growth has been driven by SASE and the software firewall business.
Our firewall platform billings are now two-thirds of total, up from just over 40% two years ago. This year, our VM and SASE business grew 40% propelling this mix shift. Our software-based virtual firewall business continues to show strong results, but bookings accelerating the second half. Helping to drive this, we double our cloud next generation firewall business, which runs natively on top of our four hyperscalers. Along with cloud next-generation firewall, we’re seeing an inflection of software firewall business as about 70% of their business this quarter was being used to protect the public cloud. These customers choose Palo Alto firewall instead of the firewall from the cloud service provider. Our customer momentum in SASE remains strong with customers growing by over 20%.
Once again, in FY ’24, more than one-third of our new SASE customers continue to be new to Palo Alto Networks. This is encouraging. We’re effectively landing in network security with all three of our product families, allowing us to eventually drive platformization and move these customers to a Zero Trust platform. Our natively integrated enterprise browser has attracted more attention to our SASE offerings since the Talon acquisition. Not only is it now an integral part of SASE, we’re also able to provide the customers an ability to protect the AI usage of their employees, both in our SASE and browser product. Beyond our software and SASE form factors, our cloud-based subscriptions are driving steady network security code. A significant driver is the advanced versions of four of our core subscriptions, modernized to be fully cloud delivered like newer subscriptions such as IoT and DLP.
We have seen strong adoption of our first three advanced subscriptions, which carry a higher price point than our original subscriptions. Advanced URL Filtering, our first has been adopted by over half of our customers after three years in the market. We just launched Advanced DNS in Q4 and are excited to see it ramp as well. More broadly, we have seen the overall subscription attach rate per customer increase from 2.6 at the end of fiscal year 2022 to 3.5% today. We have 10 subscriptions that run across all of our network security offerings. Customers can buy these on our firewalls one-by-one, in bundles package for a specific network security use case, or as an enterprise license agreement to cover the entire state. Beyond the strong network security momentum, we are innovating to ensure we can continue to lead the network security market as software and SASE further drives growth.
Some of the most important highlights are: Prisma Access browser. Following the position of Talon in Q2, we launched the industry’s first and only enterprise browser, newly integrated with SASE this month. Leading up to launch, we saw strong interest in this technology with over a 100 customers adopting our Talon powered Prisma Access browser. The browser is available to our existing and new SASE customers. We have seen success with our autonomous digital experience management capability integrated with SASE, which helps customers proactively identify sources of downtime and ensure network availability for the hybrid worker and branch office. We followed that up by adding this capability to our firewall and have seen strong initial interest.
We launched our AI Access offering enabling our organization’s workforce to use AI tools with confidence, while giving security teams’ full visibility, robust controls, data protection, and proactive threat prevention measures. AI Access can easily be turned on for our over 5,000 Prisma Access customers. Following our early access program in July, we have now seen interest from over 1,000 customers to deploy AI access. Finally, leveraging our industry-leading virtual firewall capability, our AI runtime offering is experiencing strong interest from Prisma Cloud and network security customers looking to protect the AI applications, models, and data from threats. As we look forward, the direction of the network security market is as clear to us as it’s ever been.
We are focused on driving the benefits of platformization through our three network security form factors and getting our customers to true Zero Trust architecture delivers the best security with the lowest cost to operate. Turning to Prisma Cloud. The enterprise adoption of a public cloud is a generational change in IT that has been underway for at least half a decade. More recently, this has been fueled by the adoption of AI services in the public cloud. The public cloud must be secured differently than on premise environments, and we recognize this more than five years ago. In this highly competitive market, we have not only established ourselves the largest pure-play cybersecurity, cloud security business being the first to $700 million in ARR.
We also have the broadest footprint of cloud security capabilities in the market. As a great confirmation of our leadership and innovation capability, leading/SaaS players have chosen Prisma Cloud to secure their production environments. We have CRM, HR, and collaboration leaders who all signed significant deals with us in fiscal year 2024. These players are amongst the most sophisticated users of public cloud technology, and hundreds of thousands of organizations trust them to operate a secure enterprise grade SaaS offering. We are proud to be able to showcase them as customers. Highlighting the comprehensiveness of our platform, we had a number of key innovations Q4 that show our ability to stay in the lead in this competitive market. For example, we released our 13th Prisma Cloud module data security posture management, based on the acquisition of Dig Security.
The Dig team has moved quickly, not only releasing this module, but also helping to integrate data security comprehensively within Prisma Cloud. An important use case for securing data in the cloud is securing cloud native LLM-based applications. To address this need, we released AI security posture management, our 14th module. Lastly, we released cloud detection response capabilities, leveraging the best of Prisma Cloud and Cortex. CDR gives us all full visibility into security events in the cloud, as well as real time threat detection and remediation. With an increasing frequency and scale of breaches targeting cloud environments, CDR capabilities becoming critical differentiator and a comprehensive cloud security platform. As we close out the air along with the overall acceleration we saw in our second half business, our large deal business in Prisma Clouds was up its strong growth in new and expand business in Q4.
As we look forward, we will ensure Prisma Cloud stays ahead of the CNAPP market new capabilities. We will bring new real time capabilities to the cloud and enable full cloud security integration to the SoC. These will be essential for our customers as public cloud and AI adoption broaden. Last but not the least, Cortex. Fiscal year 2024 was a watershed year for Cortex. We firmly established XSIAM as the transformation platform for security operations and continue to innovate across the broader Cortex portfolio. We also expanded the Cortex customer base, bringing us future opportunities for XSIAM and maintained ARR growth on a significantly increased scale. XSIAM achieved approximately $500 million in bookings in FY ’24 alone, up more than 2x versus our fiscal year 2023.
Our active customers are up 4x over the same time period. We finished the year with over 30 customers north of $1 million in XSIAM ARR. Customers are seeing the security outcomes that XSIAM can deliver, namely a dramatic production in the time to discover remediate security events. This is important in identifying signs of breach and stopping the activity before significant business interruption occurs. Our ability to deliver the substantial outcomes unlike any product we have sold, since the introduction of our original next generation firewall more than 15 years ago, and the growth of XSIAM is following a similar path. Beyond XSIAM, our momentum in Cortex continues with the business passing $900 million in ARR this year. The focus of our platformization efforts for Cortex is with XSIAM.
Having closed out fiscal year 2024 with well north of 100 XSIAM customers, we have seen some amazing outcomes with deployed customers. More than 50% have achieved a median time resolution for security incidents of under 10 minutes, coming from days. After the first quarter deployment, these customers have then seen an additional 2x improvement in their median time to remediate. Looking forward, we have increased conviction that we can lead the transformation of any organization security operation center with XSIAM. We see a growing list of customers as an appetite for the outcome we can deliver, and we believe the market is at point that is ripe for disruption. We have a strategy of delivering additional value to our Cortex XDR XSOAR Xpanse customers by enabling them to platformize XSIAM.
We also see a significant option to provide real time capabilities and cloud security where cloud detection response capabilities can help drive this opportunity. Lastly, we expect to close the IBM create our SaaS assets acquisition by the end of September. We’re excited to work with our colleagues at IBM to bring XSIAM to their customers. It doesn’t stop at XSIAM platformization. We’re also equally excited about our newest launch, XSIAM for cloud. This allows organizations to comprehensively address cloud security issues as part of the security operations. Additionally, we are partnering with many service providers and system integrators to build capability together continue accelerating our XSIAM opportunity. And finally, a quick note on the recent widespread outages in the industry.
I want to reiterate, our product uses an approach that deploys a 1% to 3% wide sample test cohort to ensure no issues, and then we release content updates in a phased manner. We have additionally enabled controls so customers can manage the update process and control it. The recent outage has caused a number of customers to reevaluate their options. They have initiated conversations with us around XDR and XSIAM. This, plus our industry leading cortex technology is appealing, as we’ve talked to everyone we have talked to so far, and we think it has potential to further drive our cortex momentum. When it came to Palo Alto Networks, we articulated a clear strategy that for our continued success, we needed to ensure our products were constantly improving.
They were solving problems for our customers the best way possible, and also we are solving new problems. In other words, our success would depend on our product portfolio and product quality. I continue to be excited by our continued growing leadership position in cybersecurity categories. With our products, customers adopt the best-of-breed offering and eventually evolve to a platform approach. The results of our innovation are evident in the broad analyst recognition of our leadership position across 24 categories. This quarter, we added a new recognition in incident response services, a testament to our industry-leading capabilities in breach response and recovery. We also added a leadership recognition data security posture management, our 8th for Prisma Cloud.
One last area to highlight. We continue to believe in the opportunity around AI. We think we are in the very early innings, and AI will be both a threat and opportunity. I’m particularly proud of our teams who stepped up and delivered this comprehensive suite of AI security solutions for our customers. We also continue to infuse AI into our platforms, allowing us to bring leading solutions to our customers. These AI solutions are off to a good start. We surpassed $200 million in AI ARR to close out the year. Underscoring the traction, the AI first products we’ve had in the market such as XSIAM and [indiscernible]. In May, we announced our suite of AI security offerings and launched our precision AI campaign featuring the TV ad with Keanu Reeves.
For the last several weeks, we’ve released the announced product, namely AI Access, the AI Firewall or runtime security, and AI security posture management. We believe this makes us the first to market with a comprehensive portfolio for secure AI by design. Before I hand over the call to Dipak, I want to reflect on our journey and set some context as we discuss fiscal year 2025. Throughout fiscal year 2024, we saw a backdrop helping create interest in demand for enhanced cybersecurity. This helps to accelerate our bookings in the second half of the year. It is also reflected in our new platformization, as we close the year with strong momentum and our strong NGS ARR. FY ’24 marked a seminal moment in our history. I feel our innovation engine is now leading the market, be it by showing enhancements to our SASE portfolio, our cloud security efforts, or in the SoC.
We have new integrated solutions for our customers. Take AI, we believe we are the only scale cybersecurity player to lead the market in a comprehensive suite of AI solutions. We feel comfortable that, we’re on track towards our target of making Palo Alto Networks the first $15 billion ARR security business. We have made decisions on how we run our business to maximize long-term ARR, shall aligns well with growing shareholder value. A select club of enterprise companies has scaled ARR business in front of us, and we intend to join the club. Dipak will cover in detail how we will evolve our external metrics in line with this. We closed the year with strong top-line growth, expanded our operating margins, and drove best-in-class cash conversion, and we are confident that we can continue this in fiscal year 2025 and beyond.
With that, I will hand over to Dipak.
Dipak Golechha: Thank you, Nikesh, and good afternoon, everyone. To maximize our time spent on Q&A, I will provide you with highlights of Q4. You can review the results in our press release and the supplemental financial information on our website. In Q4, total revenue was $2.19 billion and grew 12%, above the high end of our guidance. Within revenue, product revenue declined 5%, while total services revenue grew 18%. Drilling into services revenue, subscription revenue grew 23%, and support revenue grew 10%. It is worthnoting that, product revenue grew 24% a year ago as the supply chain normalized, resulting in growth above our underlying demand in that period. Despite the tough Q4 comparison due to supply chain constraint reversals in the second half ’23, fiscal ’24 product revenue grew in the low single digit range, which is in line with our expectations.
The firewall appliance market demand was stable in Q4, and we continue to expect growth of 0% to 5%, as we have previously discussed. Moving on to geographies. We saw revenue growth across all theaters with the Americas growing 11%, EMEA up 14%, and JAPAC growing 15%. We saw strength across all of our geographic theaters. Total RPO, a metric that better represents our top-line growth and billings, grew 20% to $12.7 billion. Our current RPO grew 17% to $5.9 billion. The average duration of our new contracts remained at approximately three years, in line with our third quarter. As Nikesh mentioned, our NGS ARR grew well past the $4 billion mark, ending the year at $4.22 billion and growing 43%. Strength in NGS ARR was broad-based across our three security platforms.
We reported Q4 billings above the high end of our guidance, driven primarily by double-digits booking growth and higher volumes transacted on [pandas]. On our balance sheet, you will see that our debt balance came down by $199 million and is now under $1 billion. Like in Q3, this reduction was driven by the early conversion of our convertible debt, which occurred at the option of the debt holders and was settled for us in cash and equity. Our remaining debt matures in June 2025, although we may continue to see early conversions. We did not repurchase any shares in Q4, and our buyback strategy remains opportunistic. Our Board of Directors approved an additional $500 million buyback authorization, such that we now have $1 billion in authorization remaining through December 2025.
I wanted to give you some context around our NGS ARR, RPO, billings, and total services revenue metrics. You can see the relatively steady trends in RPO and NGS ARR, which closely match the trend in total services revenue, while we have seen more volatility in billings. We’ve talked for a year now about the factors that impact our billings. Over a year ago, we began to see the impact of rising interest rates on how customers perceive the cost of money in procurement situations. This was causing many to ask for payments to be spread over multiple years, instead of an upfront payment. In response, we leveraged programs such as annual billings and our PANFS financing capability. The impact on billings varied based upon which program the customer chose and how the deal was structured.
Also, during this fiscal year, we rolled out our platformization strategy, and we offered customers more flexibility in payment terms, when making large strategic commitments. This has had a further impact on our billings. In both of these situations, we found ourselves facing the choice of maximizing billings or focusing on NGS ARR, and we want all to have all of the incentives aligned to the latter. RPO and revenue are both important to understanding our business momentum. Revenue gives you the near-term view of our growth. Our RPO helps you understand the longer-term trend and the scale of our book of business that will drive revenue. This aggregate measure is driven by contracts we sign each quarter, and the long-term growth in RPO influences our revenue growth over time and gives you visibility into the future trend.
As a reminder, the contracts included in our RPO are all non-cancelable and non-refundable in nature. We aspire to continue to grow RPO ahead of our target forward revenue growth rate as that helps us build confidence in these growth rates. Now focusing further on NGS ARR. As a reminder, NGS ARR is an important metric for us as it shows the return on the significant investments we’ve been making in the next generation areas of our cybersecurity market that are also growing the fastest. We expect these offerings will disproportionately drive our growth as we transform our revenue. Our recent rollout of platformization has sharpened our focus on maximizing ARR. For example, we started the account review process early in fiscal year 2024, to identify white space amongst the largest organizations globally and maximize ARR.
As we followed up with the rollout of our platformization strategy, we focused not only on the total deal value or the cash collected upfront, but also on an exit ARR and profitability of the recurring revenue stream. We can accommodate customer points of friction, while maximizing this recurring revenue as we structure deals with customers to encourage their strategic adoption. These friction points include the challenge of replacing multiple products simultaneously and the issues around double paying, while working through complex contract terms. In making these short-term concessions to billings, we ensure a valuable long-term relationship with a deal that meets our and the customer’s needs. I’ve talked to you about how NGS ARR and RPO are becoming more prominent in our focus, as we drive our platformization strategy.
The shortcomings related to billings have become significant over the last 12 to 18 months and further increasing, as we drive our platformization strategy. In evolving our metrics, we solicited the input of some of our largest shareholders and looked at how our peer companies are giving guidance. Investor feedback was that, quarter-to-quarter billing volatility is merely a distraction, and it does not impact our assessment of the shareholder value we can create over the medium and long-term. We’ve seen a number of companies disclose ARR and adopt an RPO-related metric to help investors better understand the business trajectory, some of those companies include Adobe, Salesforce, ServiceNow, and Workday. As a result, beginning this quarter, we will focus on NGS ARR as our key top-line guidance metric, in addition to revenue.
We will provide NGS ARR guidance both quarterly and annually. We will also provide total RPO guidance quarterly and annually this year to help investors understand the size of our book of committed contracts, compared to their future expectations for our revenue. Since we know this is a change for you after many years of guiding billings, I wanted to help provide a onetime bridge back to what we would expect our billings to look like, if we were not to change any of the practices in our business that impacts billings. If we were to keep the mix between our PANFS and billing programs in fiscal year 2025 in line with what we had in fiscal year 2024, we would expect this to drive 12% growth in our billings in fiscal year 2025. Before I get to detailed guidance, I want to give investors some additional color on the drivers of our cash flow as that is an area that we continue to receive questions on.
First and foremost, our improving operating margins have been the most important driver of our free cash flow margin. We have seen our operating margins improve by over 800 basis points, since fiscal year ’21 when we began a more intensive focus on profitable growth. This higher operating margin has helped us to put a higher floor under our free cash flow margins. We continue to see ample opportunity to expand our operating margins, supporting our free cash flow. Beyond improvements in our operating profitability, the timing of customer cash payments can impact our free cash flow. Over the last four years, we have gradually absorbed an increase in customer preference for payments over time, increasing this proportion of our bookings from 6% in fiscal year 2020 to 30% as of the most recent quarter, while maintaining or even increasing our free cash flow margins.
I’m happy that we’ve been able to do this, and we have confidence we can continue this gradual transition within the business and sustain our free cash flow margins at 37% plus through fiscal year 2026. I also wanted to update you on the pending transaction with IBM. We continue to expect the deal to close by the end of September depending on the timing of regulatory approvals and other customary closing conditions. At this point, we’ve included several tens of millions in acquired revenue from legacy QRadar SaaS products in our fiscal year 2025 revenue guidance, with this number decreasing over time, based on the speed at which we migrate to rate our customers to XSIAM. We have also embedded the ongoing expenses in our operating margin, cash flow margin and EPS guidance.
Now moving on to guidance. For the fiscal year 2025, we expect NGS ARR to be in the range of $5.42 billion to $5.47 billion, an increase of 28% to 30%, remaining performance obligation of $15.2 billion to $15.3 billion represents an increase of 19% to 20%, revenue to be in the range of $9.10 million to $9.15 billion an increase of 13% to 14%, operating margins to be in the range of 27.5% to 28%, non-GAAP EPS to be in the range of $6.18 to $6.31, an increase of 9% to 11%, and adjusted free cash flow margin to be 37% to 38%. For the first fiscal quarter of 2025, we expect NGS ARR to be in the range of $4.33 billion to $4.38 billion an increase of 34% to 36% remaining performance obligation of $12.4 billion to $12.5 billion an increase of 19% to 20%, revenue to be in the range of $2.10 billion to $2.13 billion, an increase of 12% to 13% and non-GAAP EPS to be in the range of $1.47 to $1.49 an increase of 7% to 8%.
Since we know this is a change for you all after many years of guiding billings, I wanted to remind you of the one-time bridge back, which we talked about before. Finally, we included our typical modeling points in the presentation for you to review. With that, we’re going to play one more customer video, and then we will move to the Q&A portion of the call. [Audio-Video Presentation]
A – Walter Pritchard: Thank you, Dipak. To allow for broad participation, I would ask that each of our participants only ask one question. The first question will come from Saket Kalia from Barclays with Hamza Fodderwala from Morgan Stanley on deck.
Saket Kalia: Thanks for taking my question and nice end to the year. Nikesh, maybe for you, it’s been a great start to the platformization strategy. I guess the question is, as you look at those top 5,000 customers that we’re targeting as part of that 2,500 to 3,500 goal, how much of that is white space versus competitive takeout? And maybe related to that, when we started thinking about the platformization strategy, you talked about giving customers more flexibility, as they transitioned off of legacy solutions. How is that additional flexibility helping with these platformization wins?
Nikesh Arora: First of all, Saket. Thank you. You always seem to manage to get the first question in, so congratulations. Like, as I said, very, very positively excited by the response to platformization. We’ve literally had customers reach out now. Most recently, customer we were about to close a deal. Customers said, no. I don’t want to do this one deal. I actually want to sit down with the whole platformization discussion. We might do it next quarter, but let’s not go two point solutions at a time. These are these anecdotes. These are these moments where it gets really exciting for us and our sales teams. In terms of your question about where are they coming from, as you mentioned, a third of our customers in SASE here are net new to the company.
So when we platformize them on SASE or Zero Trust network security, they’re new to the company. There’s a lot of existing customers that are highlighted in our four of our largest deals where they already work Palo Alto customers, but they use the opportunity to go embrace the larger platform because they saw the vision. They participated, and they bought into it. This is where it is really helpful where they say, listen. I really like the platformization idea. I have two parts of the puzzle. But my third part of the puzzle, I need another 12 months for the other vendor to expire so that I can go and respond. I’m like, don’t worry about it. You have to. We’ll start implementing the third, and we’ll turn on our economics the moment the other vendor is done.
Now what that does, as I’ve said in the past, it takes over the execution risk, but they’re not worried that they’ll stop paying. They’ll start paying us then, and they have to worry if it’s going to work or not. At the same time, it also creates that economic bridge for them. But for us, it’s amazing because, I have a very simple view. This goes back to the days of when CRM was not a platform or ticketing or management IT infrastructure was not a platform. At that point in time, you have four or five applications doing this. But once you bought one that did all five things, you never went back and deployed 4 different things to solve the problem. We believe we have a unique opportunity in the platforms we offer. And as I said, I wish we’d gone there earlier than later.
I firmly believe this is what’s going to help us get to the $15 billion number faster.
Walter Pritchard: Next up, Hamza Fodderwala from Morgan Stanley followed by Brian Essex from gold from JPMorgan.
Hamza Fodderwala: Thank you, and congrats on a strong finish, to the year. Dipak, thank you for all the helpful guidance and modeling points. Nikesh, I really appreciate the disclosure on the AI security ARR. I think over $200 million of ARR there already. There’s two parts of that. There’s the AI for security operations, which has been Cortex XSIAM, which has been the fastest growing product I think you guys have had in Palo Alto’s history. And then the other part is securing AI, which, I when we talk to CISOs seems to be a really big problem. It’s coming up more and more in all the various industry conferences. So I’m curious. I know it’s early days. You just announced some of these products. But based on the pipeline you’re seeing today, how fast of a product cycle do you think this could be? Because it seems like an entirely new category altogether.
Nikesh Arora: Thank you, Hamza. So I think as you know, the XSIAM product is excellent in its own regard. We’ve shown you we did $500 million bookings this year, which I think the second year of a product is spectacular, by all means. And that helped us drive the $900 million in ARR Cortex. And we’re seeing super later results from a median time to remediate. I just reviewed a bunch of this this morning. We’ve got some customers down to under 10 minutes, so it’s really exciting. And that does form a part of the ARR. There’s a very reasonable part of that ARR that comes from our network security business where we’ve actually deployed AI operations into our firewalls, which is what I call infusing AI into network security. That allows us to actually anticipate when the customer might run out of capacity, anticipate firewall sort of issues.
That’s part of it. Not a lot of that revenue is coming from the product we just launched. We launched all of our three products pretty much this year, not even last year, which we did start launching on July 20th through August 16th. All of our AI security suite is done. But as I mentioned, about 1,000 customers are interested in AI Access, which is the thing they’re most interested in. There’s a financial service organization which, you might know. It’s the first time in our history that the entire security team literally walked up to the screen and say, wait. What are you doing here? Yes. We want to talk to you about that. So early days, exciting. And the reason it’s exciting, as I said, it’s seminal for me because it’s very rare that you’d expect a large cybersecurity player to show up with innovation ahead of the market.
And now that we can deploy AI Access to all of our 5,000, 6000 Prisma Access customers or we can deploy AI firewalls against all of our virtual firewall customers. It’s interesting because all they have to do is turn on a switch, and they don’t have to deploy new instances or new agents. It’s just going to work. Early days, exciting, and I’m pretty sure these products will go through multiple versions as they get more and more robust.
Walter Pritchard: Next up is Brian Essex from JPMorgan followed by Andy Nowinski from Wells Fargo.
Brian Essex: Thank you, Walter, and thank you for taking the question. Nikesh, you mentioned on the call about the outage in July and how that impacted some of the demand on your platform. But what are you hearing from CISOs? Or what did you see in the quarter, one, in terms of, like, follow through from the pipeline for the quarter, was there a pause in that catch up? And then maybe an adjacent question, how might this be changing the way that some CIOs are looking at, the exposure that they may have to one vendor, one type of technology. I know clear that, you’ve highlighted the difference in the way that you roll out the updates. We’re just looking for more higher level, one, deal experience and then two, CIO thought process as they approach to next-gen technology.
Nikesh Arora: Brian, as I’ve said publicly as well, look, that was a tough event. It simultaneously impacted tens of millions of users, which is unfortunate. I appreciate the way, CrowdStrike handled it. At the same time, it caused two things to happen. One, customers are asking us, you have the same product. How do you deploy it? As I highlighted to you, we have a fundamentally different way in which we do content updates and have been doing it for a very long time. We were able to articulate that. Funnily enough, some of the customers busy remediating that issue while we’re trying to get our deals done with them. It’s kind of interesting. They were saying, I’m so busy fixing that. We had to sort of drag our deals kicking and screaming in some cases.
That was kind of interesting. But I think what it did do is, like you said, it caused customers to step back and say, wait a minute. No. I need to make sure that I’m evaluating all the XDR opportunities in the market. For us, who is, not the number one player in the market, we’re top four, I think, in that market, hopefully trending towards three, it’s exciting, because customers are willing to give us consideration on the XDR space. It’s no longer a slam-dunk for some other place in the market, which is helpful for us, helpful for our sales team, and I think, we can build on that coupled with our XIM capability and opportunities that we just talked about. I think it gives us comfort that is going to keep helping us drive momentum in Cortex.
Walter Pritchard: Next one from Andy Nowinski at Wells Fargo followed by Gabriela Borges from Goldman Sachs.
Andy Nowinski: Good afternoon. Thank you very much for the question. Nikesh, it seemed like one of the common factors of those platformization deals that you talked about on the call, involved consolidation on the SIEM side. And so, maybe once the, deal with IBM closes, do you think your platformization deals could possibly accelerate if SIEM conversion is actually a core driver or impetus of these deals?
Dipak Golechha: I’m going to have Lee answer. Otherwise, he doesn’t come to these calls.
Lee Klarich: But I think the — our ability to land customers on any of the three platforms and expand is fundamental to how we can approach this with customers. With that being said, XSIAM this this past year has been a bit of a revelation to see our ability to innovate with a new platform, launch it, and quickly get some of the world’s largest companies to adopt it and adopt it as a large scale soft transformation. And you’re seeing that with the results of that with the medium time to resolution, driving down from days to minutes, less than 10 minutes is world class. And so, to see some of these large customers of ours achieve that so quickly is phenomenal. I believe that, once we have that position in the SoC, that will help to drive the other platforms because the other platforms will help bring — we’ll be able to show where good data sources are and less good less valuable data sources are and actually help our customers walk through a ongoing security transformation, based on the insights that XSIAM is able is able to glean from seeing all of the security data in one place.
Walter Pritchard: Next up, Gabriela Borges from Goldman Sachs followed by Fatima Boolani from Citi.
Gabriela Borges: Good afternoon. Thank you. Nikesh, either for you or for Dipak. You’ve talked in the past about some of your own internal uses of AI to drive operating efficiencies within your business. Give us a little bit of an update on how that’s going. Where do you feel you are in that road map of being able to implement AI to, for example, save in your customer operations center and things like that? And a little bit maybe on how what you’ve learned from the last year in adopting AI for your sales in-house?
Nikesh Arora: Great question. So, there are three parts, as I said. One, we’ve infused AI in our products, and we talked about that at length just now. The second part is, using generative AI to create customer helpful AI copilots as well as AI copilots for our customer support teams, because they can also use them. And then third part is just driving internal efficiencies. Let me start with the third part first. We had approximately, give or take, 300 people who were involved in solving employee tickets for our employees, so about 2% of our 15,000 people. We had just launched, last week what we call the internal AI employee experience that has allowed us to reduce that headcount by 50%. We think that can go down to 80% because we’ve able to been able to automate a lot of the tasks and also use generative AI to answer employees’ questions.
You can think about 200 people odd, which we don’t need, either our own employees or third-party contractors because it’s boring work. Its horrible work to have to go keep solving IT problems that have been solved a million times before. Now we’ve automated a bunch of them, used AI to fix it. So that’s one project. We’ve got some early results. Some of our best developers are 40% better in coding, who have used our internal coding Copilot. It certainly is. We expect that we should be able to deploy that capability across 3,000 of them. Now remember, coding is only a third of their job, because they do other things for the other two-thirds of their job. But even in the third, if my best person is 40% better, an average person is 20% to 25% better, there’s opportunities for better code and we can do more.
Those are sort of the two internal efforts, if you will. On the customer support side, again, the most fascinating discovery for us is we have an internal customer support copilot, which is consistent with our co-pilots we are sharing with our customers across Cortex, Prisma, and Strata. And those customer support people. The best one is equally productive irrespective of tenure after three months. So I can hire a net new person, have them solve customer problems, and 3 months in, they’re as good as somebody who’s been here for three, four years. So these are all very promising signs. There’s a lot of work that we’re doing, but part of our philosophy is if we don’t go through the trials and tribulations and try it ourselves. We’re not going to get to be a great company using AI.
So early days, but very excited.
Walter Pritchard: Next up, Fatima Boolani from Citi followed by Tal Liani from BofA.
Fatima Boolani: Thank you, and thank you for taking my question. Nikesh, I wanted to zero in on some of your Prisma Cloud prepared remarks. You talked about a business acceleration in the back half, and your tone suggested a material improvement in that pillar and maybe a little bit more of a proverbial pep in your step in that segment of the business, especially when I think about last year, when you did allude to some irrational market behavior, market participant, dynamics and activity. I wanted to get to the bottom of what’s underpinning some of that back half acceleration and some of the more sanguine kind of outlook on the Prisma Cloud franchise from here.
Nikesh Arora: I’ll have to go back and listen to the sentiment analyzer on my own call afterwards. But, reacting to your pep in my step, last year, as I said to you prior that, because of the aggressive new players, they cut prices down 30%, 40%. Whilst we saw the volume increases, pricing was impacted in the industry causing effectively our growth rate not to be as exciting as we wanted it to be. That has stabilized for sure. We also took some remedial steps in turning our business into an ACV business for Prisma Cloud unlike the rest of our business, because we wanted our sales team to act in a similar fashion as the market was seeing. We made a bunch of product improvements, and we actually went to our biggest customers and ensured products were effective for them.
And I said, coupled with that, what has also happened is, as I mentioned, that, most of our customers are now using many modules, which are oriented towards network security in the cloud. We run on all four hyperscalers natively, which is in addition to CNAPP, is also our real time cloud security part. So given the 14 modules we have from a comprehensiveness perspective, we found some of the customers where we can uniquely solve their use cases, allowing us to do those large deals. And in a way, the platformization helps. Like [Schlumberger] they bought all three. It wasn’t a separate decision for them to go buy Cortex from us and cloud from somebody else and network security from somebody else. That ability to drive your platform also helps drive our cloud security business.
Walter Pritchard: Next up, Tal Liani from BOA followed by Patrick Coville from Scotiabank.
Tal Liani: I guess. You spoke in the past about shorter contract duration. What are the implications on free cash flow generation? Are there any short term or long term implications? And then, in general, can you talk about you know, free cash flow improved so dramatically over the last few years. Can you talk about the long-term outlook for free cash flow margin? Thanks.
Dipak Golechha: Sure, Tal. I’ll take that one. Just to start off with, I think I said in my prepared remarks, our contract lengths actually did not shrink. They’ve been roughly consistent at three years for our new deals, and they’ve been actually relatively constant for quite a while now. You do have some areas where the contract lengths may be shorter. You have others like platformization deals where they’re more strategic in nature, but on average, it ends up being that much. I think in terms of the ability to generate free cash flow, frankly, I think the most important part about our free cash flow is really the operating margins. I mentioned that in my prepared remarks that since fiscal year ’21, we’ve actually improved our operating margin by 800 basis points.
That really is the biggest buttress to what has happened. And we’ve been able to absorb the change in the amount of deferred payments going from 6% to 30% in the last quarter, like, over that same time period. So I think we’ve proven, that we’ve been able to deliver strong cash flow, like, whilst being able to absorb all of these deferred payments. We feel very confident that we’ll be able to continue to do that in in the future.
Walter Pritchard: Next question, Patrick Colville from Scotiabank followed by Roger Boyd from UBS.
Patrick Colville: Thank you, Walter. Nikesh and Dipak, the financial disclosure you guys give us is terrific. You give us a huge amount of metrics. But the metric I want to focus on is the new RPO guide. RPO rose 20% in 4Q, and the guide implies, I think, a 19.5% in the midpoint in fiscal ’25. I guess what gives you the confidence that, there’s going to be kind of no deceleration over the next 12 months? Is it specific business lines or is it, IBM QRadar acquisition or hiring? Can you just kind of have a look on that, please?
Nikesh Arora: I think, Patrick, it’s a combination of factors. As I mentioned, we’ve seen the pipeline. We’ve seen the acceleration in the second half. If you look at our first half versus second half, implied bookings have gone up. We see the pipeline for next year. Obviously, the IBM business is part of that. Obviously, the strength we’re seeing in XSIAM is part of that. Our platformization efforts are part of that. This year, we have tried to anticipate that with making sure we have resources in place, for the coverage we need to deliver those numbers.
Walter Pritchard: Next up, Roger Boyd from UBS followed by Matt Hedberg from RBC.
Roger Boyd: Great. Thanks for taking the question. Maybe just a follow-up to Dipak’s comments, a question ago on annualized billings. But you noted, Dipak, that 12% would be kind of the bridge to billings guide this year if you maintain a similar mix of financing and annual billings. Given the shift towards RPO and, ARR guidance, is it fair to assume that that mix will probably not be that similar to what you saw last year, as well as probably additional factors around the interest environment. Is there any thoughts on what you might see from the mix of financing and annualized billings?
Dipak Golechha: Look. I think we’ll see a mix more towards annualized billings in a way from financing. I think the simplest way to think about it is, if you do financing, it’s another it’s another piece of paperwork. It’s a loan document at the end of the day. It does create, like more work out in the field. And so, in line with our platformization strategy, we’re all about figuring out where all the friction points are and trying to eliminate them, where we can and continue to do the best thing for the shareholders. That’s really what we’re driving here, and that’s what I would expect now.
Nikesh Arora: I thinks it’s code for that to look very different because we may not be doing as many PANFS deals because they contribute to billings, but they don’t change RPO and they don’t change cash flow. If you don’t have too many PANFS deals, it saves time to the field.
Walter Pritchard: Next up is Matt Hedberg, followed by our last question will be Keith Bachman from BMO.
Matt Hedberg: Thanks, guys. Congrats on the quarter and big fan of the new guidance philosophy. I think it really does tie to the business. Nikesh, a question for you. With the election coming up and you guys have historically had a really strong federal business, just sort of curious about how you’re thinking about US Fed in 1Q and sort of what could that mean for kind of the up it seems like there’s a lot of pent-up demand there on the federal side. Just sort of curious on your outlook there.
Nikesh Arora: Yes. Matt, I’ve learned in my life never try and foreshadow the government. Usually, it’s not a winning strategy. Don’t predict insulate, don’t predict budgets, don’t predict elections. We’ll roll with the punches. We have people clearly, we know there’s business that we have to renew because they have our Palo Alto capability and products. We’re working hard and getting all that done. There’s a bunch of new ideas and new projects that we’re working on, but we’ll keep powering through them. As the elections transpire, depending on what administration comes into place, it’s going to impact a bunch of the budgets. But as I said, we had significantly de-risked our federal expectations as we told you earlier, in this calendar year. We’re going with a muted set of expectations into the election to make sure that we don’t see any bad surprises.
Walter Pritchard: Thanks for that question, Matt. The last one will be Keith Bachman from BMO.
Keith Bachman: Alright. Thank you, Walter. Good evening. I wanted to ask about XSIAM a bit and break it into two parts. In your slide deck, you noted that your active customer count is up 4x. And I just wanted to hear a little bit about where those customers are coming from. What I mean by that is are these displacements? Are you sitting side-by-side? Just want to hear a little bit more about that. And then, Dipak, for you, in my discussions with IBM, I thought the QRadar business was running about a $100 million, a little bit less than that in ARR and you said tens of millions. I wasn’t sure what is being included when you think about the guidance there on what QRadar may add on a prospective basis over the next 12 months or so?
Nikesh Arora: Almost every one of the XSIAM sales is replacing an existing SIEM. And in some cases, multiples. As I mentioned, in case of Schlumberger, we replaced two. In case of the other eight figure deal, we replaced two others. For the most part, it is if you looked at the market share of existing SIEMs in the market, our acquisitions, which are north of a hundred customers, would be a representation of us taking the same amount of share from each of those people. And if you look at the people out there, I think there’s a bunch of people, who’s been around 15, 17 years who have shared their market. Those will be the people we’ll be replacing for the most part. There’s no net new SIEM. I don’t think they’re starting net new companies out there that scale will require, $10 million, $20 million, $30 million SIEM deal. So it’s usually we’re replacing people who are out there. I will let Dipak answer the IBM question.
Dipak Golechha: Just, to keep things very simple, Keith, and we can we can follow-up with you in more detail offline. There are certain contracts that will be part of the IBM ELA or something like that. We won’t be able to recognize the revenue, of just the way that the accounting treatment works, and there’ll also be some contracts that require consent from customers. Those are the kinds of things. We do expect over time things to move to XSIAM. Our intention was never to do things, and that’s much more ratable revenue anyhow.
Keith Bachman: It just takes some time to get those customers transferred over. Fair enough.
Nikesh Arora: Our real interest is in converting them to XSIAM as you’d appreciate. That’s right.
Walter Pritchard: With that, conclude the Q&A portion of the call. I’ll turn it back over to Nikesh for his closing remarks.
Nikesh Arora: I want to use the opportunity to thank all of you for supporting us and for joining our call. I also want to thank all of our customers, partners and entire ecosystem for supporting our business. And last, but most importantly, all of our employees who worked really hard to deliver these results. Thank you very much.