Palo Alto Networks, Inc. (NASDAQ:PANW) Q1 2023 Earnings Call Transcript

Palo Alto Networks, Inc. (NASDAQ:PANW) Q1 2023 Earnings Call Transcript November 17, 2022

Palo Alto Networks, Inc. beats earnings expectations. Reported EPS is $0.83, expectations were $0.69.

Clay Bilby: Good day, everyone, and welcome to Palo Alto Networks Fiscal First Quarter 2023 Earnings Conference Call. I am Clay Bilby, Head of Palo Alto Networks Investor Relations. Please note that this call is being recorded today, Thursday, November 17, 2022, at 1:30 p.m. Pacific Time. With me on today’s call are Nikesh Arora, our Chairman and Chief Executive Officer; and Dipak Golechha, our Chief Financial Officer. Our Chief Product Officer, Lee Klarich, will join us in the Q&A session following the prepared remarks. You can find the press release and information to supplement today’s discussion on our website at investors.paloaltonetworks.com. While there, please click on the link for Events and Presentations where you will find the investor presentation and supplemental information.

During the course of today’s call, we will make forward-looking statements and projections regarding company’s business operations and financial performance. These statements are subject to risks and uncertainties that are made as of today. We assume no obligation to update them. Please review the press release and our recent SEC filings for a discussion of these risks and uncertainties. We will also refer to non-GAAP financial measures. These measures should not be considered as a substitute for financial measures prepared in accordance with GAAP. The most directly comparable GAAP financial measures and reconciliations are included in the press release and the appendix of this investor presentation. All comparisons are on a year-over-year basis, unless specifically noted otherwise.

Please also note that the 3-for-1 stock split announced during our Q4 was completed with share and per share numbers now reflecting this. I will now turn the call over to Nikesh.

Nikesh Arora: Thank you, Clay. Good afternoon, and thank you, everyone, for joining us for our earnings call. As you can see, we had a solid first quarter where we showed balanced top line growth and a demonstrable focus on profitability. Early in the quarter, we saw some customer behavior changes and have adapted our operations to align with the changing market conditions. On the top line, billings grew 27% year-over-year, while RPO grew 38%. We have consistently maintained that cybersecurity is the most innovative sector of the technology industry. Demonstrate progress on our transformation, we have shared how our new cloud delivered and cloud-enabled offerings are contributing to our business via our NGS ARR. In that context, this quarter, our NGS ARR hit a key milestone.

It crossed the $2 billion mark and grew 67% year-over-year. As the macroeconomic environment changes, we are accelerating our efforts to drive incremental operating leverage in our business. Given that we’re the largest independent cybersecurity business, we can meaningfully improve our margins over the next phase of our company’s next cycle. Our focus on profitability in the quarter drove operating income growth of 44% year-over-year with operating margins up 260 basis points during the same period. We also generated over $1 billion in free cash flow in the quarter. For the second quarter in a row, we generated net income on a GAAP basis as we focus on GAAP profitability for the fiscal year. At the center of our strategy is the need to drive more consolidation to get customers to a better security posture.

Towards that end, we continue to see large cross-platform buys and grow our millionaire customers at a steady clip. Our customers have been in a journey with us, initial deals that give them comfort with our products and help distinguish our abilities from our competition, over time, lead to customers seeing an opportunity to consolidate into one of our platforms. As they get comfortable with either Strata, Prisma or Cortex, we see them looking at further consolidation across multiple platforms from us. This strategy has allowed us to continue to transition our deal sizes with satisfied customers, and we expect this to continue. Consistent with that approach, we have had some marquee deals this quarter. The U.S. federal government agency chose our Cortex technology.

This transaction allows the total spend to grow into 9 figures with additional years in customer option. This selection highlights unique capabilities and market leadership of our Expanse technology, which was at the center of this transaction. We received a purchase order for the first 3 years of the deal for over $60 million in Q1. A large U.S. utility signed a 7-figure deal for software firewalls, security subscription and the Prisma Cloud. The customer has hundreds of appliance-based firewalls, and chose our software firewalls because of our consistent architecture, and choose Prisma Cloud as a standardized security across 4 public clouds. A major European media company signed an 8-figure multiproduct deal, replacing several incumbent network security vendors and consolidating on Palo Alto Networks, including our full line of cloud delivered security subscriptions.

We closed a 7-figure deal with a U.S. technology company, spanning all 3 platforms. The customer did not have our physical firewalls in the environment, but valued our consistency of software firewall deployment across on-premise and cloud. Our unique Expanse offering and the total cost of ownership benefits of consolidating on our platforms. You can see evidence of our broader success with large customer commitments in our active millionaire customer count, where we added over 230 year-over-year in the first quarter. We continue to innovate across our platforms and get recognized by the market for our abilities. This quarter saw us launch software composition analysis in Prisma Cloud, SaaS security posture management and SASE, and just this week, across our next-generation firewalls.

Lastly, we announced the general availability of XSIAM in Cortex. External recognition of our innovation is important to us as many customers rely on this third-party validation as a part of their evaluation process. This quarter, we received leadership recognition in 2 new categories, adding cloud security posture management, or CSPM, and cloud-native application protection platform, or CNAPP, to our list. Let’s take a deeper look at our 3 platforms. We have continued to see solid growth in our network security business. Our innovations in the appliance firewall form factor, including our Gen 4 refresh and our investments in the virtual form factor, have continued to drive our share gains. On a year-over-year basis, we have gained approximately 3 percentage points of market share in the appliance market and 7 percentage points in the VM market.

Our customers see an opportunity to drive standardization and make decisions to move away from competitors that have not kept up with our pace of innovation. We also see many customers extending the standardization to SASE. Many are in the relatively early stages of executing SASE, given it involves changes to their security network architectures. Our Prisma SASE offering has gained industry recognition, and we’ve seen an increasing number of wins within our installed base, as well as with new customers. To put this into perspective, our firewall customer base is over 15x larger than our SASE customer base. With our core sellers now enabled and executing and driving SASE into the installed base, SASE continues to represent our largest pipeline.

Consolidation of network security capabilities by our customers is driving a (ph) subscription into our installed base across all firewall form factors. Our constant innovation and capability expansion in network security has been a hallmark of our platform since we entered the market over 15 years ago. While we have highlighted the number of new subscriptions we offer, we have also reimagined our existing capabilities. Our advanced URL filtering and threat prevention versions leverage deep learning to block evasive, zero-day unknown attacks in real time. Yesterday, we introduced the advanced version WildFire to stop more zero-day cloud attacks as part of our PAN-OS 11.0 Nova release. The new subscriptions provide significant additional value to our installed base and have already seen promising adoption.

Moving on to Prisma Cloud. Prisma Cloud continues to be the industry’s leading CNAPP platform built from best-in-class acquisition and organic innovation. We acquired Bridgecrew 18 months ago to shift left and introduced the cloud core security module with infrastructure as code scanning. Building on this, we released our SCA, or software composition analysis solution in Q1. The integration of SCA with the Prisma Cloud platform, enables developers and security teams to prioritize known vulnerabilities that impact the application life cycle proactively. We have seen hundreds of Prisma Cloud customers use our IAC and SCA capabilities as part of our cloud core security module. We continue to see Prisma Cloud customers increase their credit consumption as they expand their hyperscaler footprint and adopt more of our 9 modules such as cloud code.

Half of our Prisma Cloud customers are using 2 or more modules, and nearly 20% are using 4 or more modules. In Q1, our credit consumption grew 55% year-over-year. Building further upon our success, shifting left with IAC Security and ASC adoption, we’re doubling down on investing in software supply chain security. Today, we announced our intent to acquire Cider Security, which is key to the strategy. Cider brings the ability to visualize customers’ application development and deployment environment, analyze the tools, identify risks and how to remediate them. This ability to secure the software supply chain is backed up by Cider’s leading CICD security research team. With the integration of Cider’s capabilities into Prisma Cloud after the closing of the acquisition, we will further our leadership in cloud security, helping enterprises secure applications from code to cloud.

Across Cortex, we are focused on driving momentum in a number of areas. The first key is ensuring we are winning customers with our best-of-breed product capability. In Q1, we saw strong Cortex large deal performance. We had success not only with XDR, XSOAR and Expanse on a stand-alone basis, but a number of notable examples of multiproduct deals. This included a multimillion dollar transaction at a European construction company, which replaced their existing SIEM and SOAR with XDR Pro and XSOAR. One of the government customer adopted XDR Pro and XSOAR in a 7-figure deal as it formalized a new SoC for multiple agencies. These are in addition to the federal customer we already talked about. We continue to innovate across Cortex during Q1, delivering a new managed detection and response service built on our XDR capability and enriched by our Unit 42 world-class threat intelligence.

I’m most excited about the general availability of XSIAM, our breakthrough autonomous security operations platform. Our launch event for XSIAM were oversubscribed, and we see a lot of resonance with our product and its future roadmap as customers reimagine the world of SOC management. Just a few months ago, we had launched a design partner program. Most recently, we’ve had 2 multimillion-dollar commitments from XSIAM design partners as they expanded into production deployments. At this point, the majority of our design customers have transitioned to paying customers. In fact, we are carefully managing how we onboard future XSIAM customers because we want to ensure fast customer time to value. Our interest list is north of 50 customers, who would like us to deploy XSIAM.

We’re qualifying them and carefully onboarding them so that we can scale the business appropriately and give them value. In summary, I feel our teams did a good job in a seasonally tough quarter, where also the macroeconomic climate is fast changing. I’m sure all of you are trying to figure out what all of this means for us over the next 3 quarters. As we all know, the Fed is working to tame inflation impacting growth. While cybersecurity is somewhat resilient, we do see some marginal signs of impact. Cybersecurity deals are getting more scrutiny, suggesting deeper and longer reviews of transformational projects. New conversations that include payment terms and discounts are causing deal cycles to elongate. On a positive front, while some deals have been sized down and broken to phases, we are experiencing few deal cancellations.

We do this — expect this behavior to become the norm over the next year. The impact is not uniform across all sectors, but those feeling the impact of interest rate increases are more likely to scrutinize their budgets than those prospering in the high interest rate environment. Technology, CPG and some parts of retail are feeling an impact, while utilities, oil and gas, defense and public sector verticals continue to be on course of their plans. Coming off Q4, Q1 tends to be a seasonally more challenging quarter, but we were able to tame some of these early trends by doubling down on execution. FY ’23 will require continued excellent execution to overcome some of these macro impacts. Towards that end, we have already taken concrete action.

We have front-loaded hiring of our field teams to increase coverage across our customer base. We have also expanded our level of activity around both new accounts and existing customers to ensure faster time to value with our products. As we discussed last quarter, we have seen some customers delay hardware refresh plans. While they will ultimately need to refresh, some are choosing to defer and reassess at a later date. I continue to believe that hardware will have a long-term industry growth rate in the 5% to 8% range, and we might trend to the lower end of the range. However, coupled with an easing supply chain, I expect that near term, we’ll continue to report a low double-digit growth rate for product revenue. Too many vendors leads to complexity and increased risk.

Given the increased scrutiny and return requirements, the silver lining for Palo Alto Networks is that we are having more conversations around consolidating platforms than we’ve ever had before. We think customers are less likely to purchase newer security products. Instead, they will continue to consolidate towards like-for-like capabilities from fewer vendors. Cybersecurity is critical to IT transformation and hyperscaler adoption. We believe that whilst there may be short-term bumps to the pace of investment by some of the customers, these projects will continue for the medium and long term. We see cybersecurity spending as resilient, but not immune to customers adjusting for the current environment. Having said that, I continue to believe that we can overcome these macroeconomic impacts with strong and focused execution, which is what we plan to do.

It was just 6 to 9 months ago that we were talking about the challenges we face in the competition for talent. We’re now finding it easier to recruit and hire top talent, but also seeing lower attrition rates, which necessitates fewer overall new hires. We will closely monitor our hiring as well as our overall spending to further sharpen our focus on efficiency. As we proceed through the year and focus internally how we respond to the external landscape, sharp execution from our teams will be paramount. Before I turn the call over to Dipak, I want to provide some perspectives on how we’re thinking about the forecast. We are adjusting the high end of our guidance ranges for revenue and billings for the year for the upside we saw in Q1. Within our revenue, we do expect slightly higher product revenue growth in the range of 10-plus percent as we are able to ship some orders that had previously been held back by the more challenging supply chain situation I mentioned earlier.

We’re also reflecting the strength we saw in NGS ARR during Q1, with higher NGS ARR guidance range for the year. This reflects not only the performance of our Cortex Prisma Cloud SASE and software firewalls, but also the success we have seen in advanced cloud-delivered subscriptions that I noted. On a positive note, we’re focusing more and more on execution and how our teams focus on driving incremental operating leverage. Towards that end, we were able to take steps to accelerate the profitability we previously outlined at our Analyst Day, which was reflected in our Q1 operating margin and EPS performance. We will remain focused here. And as a result, we’re raising our operating margin guidance for the year by 50 basis points. This, as well as higher interest income, is driving the increase to our EPS and cash flow guidance as Dipak will cover.

Over the last 3 years on a compounded basis, our EPS and adjusted free cash flow have grown below our revenue growth rate as we made significant investments. We are not targeting EPS and adjusted free cash flow to both grow north of 30% at our guidance midpoint, which is ahead of our revenue growth. We are confident in our strategy and wouldn’t trade our position with any other cybersecurity company. We believe our broad portfolio focus as an advantage as we focus on emerging areas where customers are allocating new budget dollars, while also capturing an increased portion of the customers broader cybersecurity budget as they look to consolidate spending. We will continue to invest for the long term with our commitment to fund innovation, while we also pursue near-term opportunities to drive efficiencies in our business.

With that, I will turn the call over to Dipak.

Dipak Golechha: Thank you, Nikesh, and good afternoon, everyone. For Q1, revenue of $1.56 billion grew 25% and was above the high end of our guidance range. Product grew 12% and total services grew by 30%. By geography, we saw growth across all theaters, with EMEA up 32%, the Americas growing 24% and JPAC growing 26%. Our next-generation security capabilities are increasingly driving our results, and our NGS ARR grew 67% and at $2.11 billion exceeded $2 billion for the first time. We continue to see strength driven by our broad portfolio within next-generation security. This includes Cortex, Prisma Cloud, Prisma SASE, software firewalls and the advanced versions of cloud-delivered subscriptions. We remain optimistic about the prospects of this broad and diverse portfolio.

We delivered total billings of $1.75 billion, up 27%, which was above the high end of our guidance range. Total deferred revenue in Q1 was $7.2 billion, an increase of 39%. Remaining performance obligation, or RPO, was $8.3 billion, increasing 38%, with current RPO representing about half of our RPO similar to previous quarters. Moving beyond the top line metrics. I already highlighted non-GAAP gross margin of 74.3% was down 10 basis points year-over-year, with some incremental supply chain-related expenses being incurred for components and shipping. Operating margin was 20.6%, an increase of 260 basis points year-over-year. This strength in operating margin was the result of lower expenses as a percent of revenue across all 3 expense lines, R&D, sales and marketing and G&A.

We have already focused on aligning our investment plans to the areas of highest return. And thus, as we proceed through this environment, it is sharpening of these efforts. Non-GAAP net income for the first quarter grew 56% to $266 million or $0.83 per diluted share. Our non-GAAP effective tax rate was 22%. GAAP net income was $20 million or $0.07 per basic share and $0.06 per diluted share. Now turning to the balance sheet and cash flow statement. Our balance sheet is strong, closing Q1 with the highest cash and investable balance ever with cash equivalents and investments of $5.9 billion. We have ample flexibility to repay debt coming due, invest in the business, do tuck-in acquisitions and return capital to shareholders. We’re in the enviable position to be able to do all of these at the same time.

Q1 cash flow from operations was $1.24 billion. We generated more than $1 billion in free cash flow for the first time in our history, with total free cash flow of $1.2 billion this quarter. This puts us well on track to hit our annual guidance, which we are raising today. This cash flow performance was largely driven by strong collections in the quarter, that we expected based on the strength of our business in Q4. During Q1, we did not repurchase any of our shares. As a reminder, our share repurchase program is opportunistic, and we’re committed to this method of returning cash to shareholders over the medium term. As Nikesh discussed on the M&A front, we entered into a definitive agreement to purchase Cider Security for approximately $195 million in cash, excluding the value of replacement equity awards, subject to adjustments.

We expect this deal to close in the fiscal second quarter. We expect the financial impact of the transaction to be immaterial to our fiscal ’23 guidance. Stock-based compensation ticked up slightly as a percentage of revenue quarter-over-quarter as expected with the issuance of a portion of our fiscal year ’23 grants. On a year-over-year basis, we continue to manage our down as a percent of revenue, in line with our long-term plans. As we’ve had a number of questions about the impact of foreign exchange volatility on our business. I wanted to remind investors that we price our products in dollars around the world and therefore not exposed to the direct translation impact to revenue that you may be hearing about from other companies. Now moving on to our guidance for Q2 and for the year.

For the second fiscal quarter of 2023, we expect billings to be in the range of $1.94 billion to $1.99 billion, an increase of 21% to 24%. We expect revenue to be in the range of $1.63 billion to $1.66 billion, an increase of 24% to 26%. We expect non-GAAP EPSto be in the range of $0.76 to $0.78, an increase of 31% to 35%. For the fiscal year, we expect billings to be in the range of $8.95 billion to $9.1 billion, an increase of 20% to 22%. We expect NGS ARR to be in the range of $2.65 billion to $2.7 billion, an increase of 40% to 43%. We expect revenue to be in the range of $6.85 billion to $6.91 billion, an increase of 25% to 26%. We expect product revenue growth in the range of 10%, up slightly, as Nikesh outlined in his remarks. We expect fiscal ’23 operating margins to be in the range of 19.5% to 20%, up 50 basis points versus the range we outlined coming into the year.

We expect non-GAAP EPS to be in the range of $3.37 to $3.40, an increase of 34% to 37%. We expect adjusted free cash flow margin to be 34.5% to $35.5%, and we continue to expect to be GAAP profitable for fiscal year 2023. Additionally, please consider the following modeling points. We expect our non-GAAP tax rate to remain at 22% for Q2 and fiscal ’23, subject to the outcome of future tax legislation. For Q2 ’23, we expect net interest and other income of $18 million to $20 million. We expect Q2 ’23 diluted shares outstanding of 320 million to 326 million shares. We expect fiscal year ’23 diluted shares outstanding of $325 million to $331 million. We expect Q2 capital expenditures of $40 million to $45 million, and we expect fiscal year capital expenditures of $190 million, $200 million.

As an additional modeling support based on our prior seasonality, we expect the quarter-over-quarter revenue and billings growth for Q3 ’23 to be in line with last year. Also, we expect operating income in Q3 to be roughly flat with our Q2 levels. To wrap up, we are confident in our strategy and wouldn’t trade our position with any other cybersecurity company. We’re focused on sharp execution and sales intensity to stay ahead of the changing macroeconomic environment. At the same time, we’re focused on taking steps to accelerate our profitability as I guided. With that, I will turn the call back over to Clay for the Q&A portion of the call.

A – Clay Bilby: . Our first question of the evening comes from Saket Kalia of Barclays.

See also 12 Best Ethical Stocks To Buy and 12 Best Bear Market Stocks To Buy Now.

Saket Kalia: Okay. Great. nice set of results. Nikesh, maybe for you. You mentioned some early customer behavior changes. I was wondering if you could just expand on that a little bit and how that manifested in the business? It doesn’t seem like there was much of an impact in the NGS business. In fact, that accelerated growth year-over-year. I wonder if you could just expand on where that customer behavior changed and how you’ve incorporated that into the full year guide?

Q&A Session

Nikesh Arora: Look, Saket, as I mentioned, we are seeing customers spend more time trying to understand what they’re spending money on. There’s more questions, the CFOs are getting involved. So larger deals are getting more scrutiny. We noticed that early in the quarter, so we accelerated our efforts in trying to get those deals in front of those CFOs much faster than earlier in the quarter as opposed to waiting towards the end. In certain cases, customers came back and said, I’d like this now. I’d like to hold off on this and buy it next quarter. That just means we have to go far more pipeline much faster and much harder to make sure we can make up for those deals with other deals in our pipeline. At any point in time, our pipeline, as you would expect, is larger than what we expect to deliver in that quarter.

So we have deals in the pipeline. We just have to work with our customers to solidify them. And what we have done is, because of that behavior, we have increased scrutiny internally, we’ve increased efforts with our sales teams to get ahead of this and we’re just increasing the activity of execution. We front-loaded our hires. We hired 550 direct sales rep as quickly as we could in the quarter because this environment is going to continue. And the only way to fight this to get more coverage out of the field. Get work coverage, get more focus on getting deals done, get them across the line. There’s not a demand problem, right? All that is happening is that people are pushing out some of their products, means you just need to get more active with our customer base to make sure we get more business into our pipeline.

This is what we’re doing.

Clay Bilby: Next question from Hamza Fodderwala of Morgan Stanley..

Hamza Fodderwala: And a lot of great clarity in the prepared remarks. Nikesh, I wanted to talk a little bit about supply chain security and Cider. I think a few months ago, there was an executive order from the Biden administration around securing software supply chains. I know it’s early days in the acquisition, the acquisition is not even dry yet, but — what do you feel about sort of the pipeline, the opportunity the Palo Alto Networks being now the largest cybersecurity vendor for the U.S. federal government? What are you seeing there? And is there interest already from that front?

Nikesh Arora: Let me comment, and then I’m going to let our birthday boy, Lee Klarich speak to this, because we’ve got to give him work to do. It’s his birthday and came to work. As you know, Prisma Cloud continues to go from strength-to-strength. We see very large deals in the hopper in our pipeline, and we’re beginning to see more and more seriousness on cloud security from our customers. I highlighted a customer which has 4 public clouds deployed. They can’t do that. They can’t secure it with for different native cloud CSP platform security. So we are seeing more interest. We are seeing more engagement. As I’ve always maintained, I don’t believe all the cloud security products have been created. And as you start to see the customers move.

So we saw the shift left movement. We went ahead, did Bridgecrew. It’s fully integrated. We’ve seen 65% of our customers begin to use that. As we’re talking to them, we’re realizing they have some legacy, some new apps tech vendors in place, which they’re deploying and they’re trying to use that to take care of supply chain security. Some of that is older architectures, older ways of doing things. But we decided we want to do it differently. If I answer the question, Lee, everything say, Lee, answer the rest of those question.