Palo Alto Networks, Inc. (NASDAQ:PANW) Q2 2024 Earnings Call Transcript

Palo Alto Networks, Inc. (NASDAQ:PANW) Q2 2024 Earnings Call Transcript February 20, 2024

Palo Alto Networks, Inc. beats earnings expectations. Reported EPS is $1.46, expectations were $1.3. Palo Alto Networks, Inc. isn’t one of the 30 most popular stocks among hedge funds at the end of the third quarter (see the details here).

Walter Pritchard: Good day, everyone, and welcome to Palo Alto Networks’ Fiscal Second Quarter 2024 Earnings Conference Call. I am Walter Pritchard, Senior Vice President of Investor Relations and Corporate Development. Please note that this call is being recorded today, Tuesday, February 20th, 2024 at 1:30 P.M. Pacific Time. With me on today’s call to discuss second quarter results are Nikesh Arora, our Chairman and Chief Executive Officer; and Dipak Golechha, our Chief Financial Officer. Following our prepared remarks, Lee Klarich, our Chief Product Officer, will join us for the question-and-answer portion. You can find the press release and other information to supplement today’s discussion on our website at investors.paloaltonetworks.com.

While there, please click on the link for quarterly results to find the Q2 ’24 supplemental information and the Q2 ’24 earnings presentation. During the course of today’s call, we will make forward-looking statements and projections regarding the company’s business operations and financial performance. These statements made today are subject to a number of risks and uncertainties that could cause our actual results to differ from those forward-looking statements. Please review our press release and recent SEC filings for a description of these risks and uncertainties. We assume no obligation to update any forward-looking statements made in the presentations today. We will also refer to non-GAAP financial measures. These measures should not be considered as substitute for financial measures prepared in accordance with GAAP.

The most directly comparable GAAP financial metrics and reconciliations are in the press release and the appendix of the investor presentation. Unless specifically noted otherwise, all results and comparisons are on a fiscal year-over-year basis. We would also like to note that management is scheduled to participate in the Morgan Stanley TMT Conference in March. I will now turn the call over to Nikesh.

Nikesh Arora: Thank you, Walter. Good afternoon and thank you for joining us today for our earnings call. I am pleased to report another quarter in which we successfully executed our profitable growth strategy, driving a combination of top-line growth, significant expansion in non-GAAP operating margin, and strong free cash flow generation. Revenues grew 19% year-to-year and RPO grew 22%, capturing the full value of our future revenue. Billings grew 16% year-to-year. Just as important as we focus on profitable growth, we again delivered substantial operating margin leverage and strong growth in free cash flow. Non-GAAP operating margins of 28.6% expanded nearly 600 basis points year-over-year and we generated $2.9 billion in adjusted free cash flow on a trailing 12-month basis.

Our strong profitability drove non-GAAP EPS of $1.46 up 39% year-over-year, and our GAAP net income continued to grow meaningfully even without one-time items. Beyond our financial results, we achieved a number of notable milestones in Q2, worthy of spotlighting. We continued to drive large deals, including a steady stream of million dollar plus deals and success in our largest deals with 10 transactions that were $20 million in the quarter. Our 10 highest spending customers in Q2 increased their spend with us by 36% of the period. I also wanted to update you on key achievements across our three platforms. In our network security business, we continue to see progress driving ARR growth in our SASE business. Q2 was our fifth consecutive quarter of 50% ARR growth.

See also 16 Companies With The Highest Sustainable Revenue in the US and 25 Most Affordable Places to Retire in the U.S. in 2024.

Q&A Session

Additionally, more than 30% of our new SASE customers we signed in the second quarter were new to Palo Alto Networks, showing that we can win head-to-head in the market when leading with SASE. We continue to drive innovation in network security, refreshing our high-end 7500 series platform, and investing new OT security capabilities, which garnered a net new leadership position for us. In Prisma Cloud, we have made significant investments in the first half of the year to drive new customers and saw this pay off in Q2 with our highest new ACV growth in five quarters. We continue to see strong trends in multi-module adoption, with approximately 30% growth in customers with two or more modules and approximately 60% growth in customers with three or more modules.

Additionally, about a quarter of our customers are using five or more modules. Our external recognition in this market continued with Forrester Research positioning us as a leader in this Cloud Workload Security Wave Report. In Cortex, XSIAM continues to be a significant catalyst for large transactions and growth across the business. This is evidenced by ARR, for XSIAM customers being more than five times higher than that of Cortex customers who have not yet adopted XSIAM. We have seen significant progress in the milestone with XSIAM in Q2, including the most number of deals signed in a single quarter and bookings of over $90 million again this quarter. We’ve already displaced 19 different SIM vendors to date, and with the confidence under our belt, we’re now looking systematically on how we can accelerate this legacy SIM displacement.

From a regional perspective, demand overall is healthy. We did see softness in the US federal government’s market. We were positioned well for several large projects where we had requisite certifications and one technical selection, but these deals did not close. The situation started off towards the end of Q1. We were worsened in Q2, and as a result, we had a significant shortfall in our US Federal government business. We expect this trend will continue into our Q3 and Q4. Offsetting the billing weakness in Fed was some non-product backlog that we shipped this quarter. With several leadership positions awarded in second quarter, including our addition as a leader of the Gartner Endpoint Protection Magic Quadrant, we’re now a recognized leader in 21 different categories across our three platforms.

Five years ago when we began our strategy, the industry believed building leadership across multiple categories wasn’t possible. No one was talking about security platform. Instead, the word was best-of-breed. Our success over the last five years has been driven by the shift to platformization. We’re committed to investing in innovation to extend our industry leadership position and platform. This unique leadership across our three markets is driving strong adoption of our platforms in our target Global 2000 markets. As of Q2, 79% of Global 2000 have transacted with us on at least two of our platforms and 57% on all three. This is up from 73% and 47% two years ago. In most of these accounts, while they have adopted products from multiple platforms, we are early in driving each of our platforms wall-to-wall.

This is a major area of focus for us as we move forward, driving consolidation within our three platforms. We know this is the right strategy as we see compelling economics with multi-platform wins. Our two platform customers have an average customer lifetime value that is more than five times that of our single platform customer. For our three platform customers, that is more than 40 times larger. While we are driving platformization, I personally think we should be doing this faster. Not only is this showing up in our deal statistics, but as we have established the position of our platforms, we are now seeing significant progress in consolidating vendors in our customer environments. We have built our zero trust platforms through a consistent architecture across our appliance, software, and SASE form factors.

Customers can now consistently manage security policy across these form factors, and then leverage a consistent set of security subscriptions to consolidate network security capabilities. These capabilities, provided by point vendors can include intrusion prevention, web proxies, URL filtering, SD-WAN, and DLP, just to name a few. In Q2, we saw zero trust consolidation wins that included a large US manufacturing company standardizing on our network security platform in a $40 million transaction, replacing end-of-life competitive hardware, leveraging our security subscription, and removing a point competitor in SSE. We were the only company with the right certifications across all these offerings that could support their broad geographic footprint.

This deal was part of the consolidation and modernization effort across IT with positive ROI for the customer. We also had a seven figure deal with a large law firm expanding our firewall footprint in the new data center and expanding their hybrid workforce initiatives with Prisma Access. As part of this, we won versus other firewall and SSE competitors and also consolidated their URL filtering and VPN capabilities. In Prisma Cloud, we have built a core-to-cloud platform combining key best-of-breed capabilities that we have acquired or developed organically. Our common architecture and user experience spreads across 12 modules. As our customers adopt multiple modules, they can consolidate a wide variety of vendors, including those in cloud security posture management, cloud workload protection, API security, SCA or software composition analysis, and infrastructure as code security amongst others.

In Q2, we closed a seven-figure Prisma Cloud new logo deal with a financial services company displacing multiple incumbent vendors. The customer was looking for a CNAPP solution to support their multi-cloud journey. The Prisma Cloud CNAPP streamlined several previously deployed point solutions and tools. They also closed a seven figure renew and expand deal with the leading North American technology company where the customer intends to expand the use of Prisma Cloud to seven modules and also value the consolidation and standardization delivered through Prisma Cloud. Finally, in our Cortex platform with our autonomous security operations platform, XSIAM, we were able to establish our offering, which has enabled us to accelerate a platform value proposition with Cortex.

A platform approach in the SOC is becoming a customer imperative, as point products, each with their own data stores, cannot have full context nor drive appropriate action without overly complex integrations and high people costs. In Q2, we saw consolidation wins that include a large insurance company that renewed its subscriptions, support and firewalls at the same time, added XSIAM and Expanse capability for a $25 million transaction. The XSIAM choice displays the two leading EDR and SIM competitors in the market, and enables the customer to avoid the cost of adding other point products in their SOC. Additionally, in Q2, we saw follow-on consolidation success for the Japanese manufacturing company that previously consolidated their network security across our SASE capabilities, leveraging Prisma Access and our DLP and CASB capabilities.

The customer then added XSOAR into their SOC and expressed an interest in consolidating further. In Q2, they added XSIAM in a mid-seven figure deal. I know all of you had a chance to look at our guidance. Our guidance is not a consequence of a change in the demand outlook out there. Our guidance is a consequence of us driving a shift in our strategy in wanting to accelerate both our platformization and consolidation and activating our AI leadership. We believe this is the time for us to invest, given our leadership position in the market and our leadership position across platformization and consolidation. But before I talk about that more as to how we intend to accelerate our growth prospects in the future and drive towards a much higher aspiration of $15 billion in ARR by 2030, I want to give you a candid view of where we see the cybersecurity market and the demand function out there.

The demand story is no different from prior quarters and on the margin, continues to get stronger. There are multiple drivers fueling this. The threat landscape continues to challenge our customers with increasing scale and sophistication of attacks. I’m personally getting calls from CEOs and members of boards that have had bad incidents, as well as those that have seen their peers adversely impacted. We’re increasingly focusing on working with companies impacted by breaches, an important commitment as we continue to be the leader in this space. Last quarter, we offered 1,500 of our top customers an opportunity to get our free support during a breach. Surprisingly, 400 customers have signed up in the last 90 days out of 1,500 to get our help on this topic.

Clearly there is awareness and concern around cybersecurity, as has never been before. Heightened geopolitical tensions are driving significant national state activity with national infrastructure being targeted. Successful breaches and ransomware attacks are being perpetrated across many industries with few repercussions for the bad actors. Although we did see various law enforcement agencies this morning over the weekend shut down lock pit, which is a promising sign. The new SEC mandate requires prompt disclosure of material incidents which often result in companies reporting those incidents before a full assessment can be done or incidents to mediate it. We see some companies making several disclosures in succession as they grapple with understanding the full extent of what they are facing.

We see the results of these disclosure mandates recognizing the need for expedited action in security, visibility, and remediation in [indiscernible]. The part that is new, despite the many demand drivers we’re seeing, we’re beginning to notice customers are facing spending fatigue in cybersecurity. This is new, as adding incremental point products is not necessarily driving a better security outcome for them. This is driving a greater focus on ROI and total cost of ownership amongst most customers. There are also some key trends within the industry that I think are worth highlighting. Palo Alto Networks is unique in seeing gains in market share in hardware firewalls or in the product space. This market is changing rapidly with us seeing some of our competitors who had introduced price increases begin to roll them back.

From our vantage point, we see the share shift happening in our favor because we see customers consolidating into our zero trust platforms. Customers, as I mentioned, 30%, net new network security customers or SASE or new to Palo Alto. Those are the customers who over time go ahead and consolidate their footprint and require our firewalls to be deployed to give them a consistent zero trust architecture. We see this as a promising trend. We intend to accelerate that opportunity. Along with the incremental focus on ROI and TCO with single product vendors having challenges and articulating compelling value, they’re also forced to have platformization narrative. When they’re not able to convince the customers that their strategy is competitive, they’re many times resorting to un-economic pricing and putting pressure on transactions in this manner.