Palo Alto Networks, Inc. (PANW) Earnings Call Transcript & Summary

Okay. Well, hey, good morning or good afternoon depending on what coast you're on right now. Welcome to day 2 of the Barclays TMT Conference. My name is Saket Kalia. I cover software here at Barclays. Very happy to have with us the team from Palo Alto Networks. We've got Nikesh Arora, Chief Executive Officer. We've also got Karen Fung in Investor Relations. We've got about 25 minutes together. Let's take maybe the first 15 or 20 minutes to go through some fireside chat with Nikesh, which I know is going to be fun. And then for -- let's try to make it interactive for anyone on the line here. If you've got any questions, just shoot me an e-mail at [email protected]. I'll do my best to weave them in at the end. So with maybe that as a framework, Nikesh, thanks so much for being with us here today.

Hey, thank you for having me, Saket.

Yes. Real pleasure. It's funny. It's been just over 2 years, I think, since you've joined Palo Alto Networks. And in that time, we've seen quite a few changes in the business. It's been real fun to follow. I guess maybe the question just to sort of start us all off here, Nikesh is, what are some of the changes in the business that you're most proud of as you look back thus far?

Well, Saket, I think the most exciting thing for me, for example, I don't know where to start, but I'll start from the end. Two weeks ago, Fortune came out with a list of top 50 exciting companies to watch in the future, and I think we made that list for the first time. We're the only cybersecurity company on that list alongside Splunk and ServiceNow and Workplace and probably as this morning Airbnb. But it's just like to be able to take a phenomenally performing team at Palo Alto Networks and to be able to put ourselves center stage in that sort of spectrum of cybersecurity so that people see us as a company that is now hopefully going to be the forefront of solving a multitude of security problems as opposed to just being a firewall company has been the most exciting product set.

Absolutely, absolutely. Maybe, Nikesh, let's also touch on you -- on how you feel like Palo Alto has performed in light of the COVID pandemic. Lots of conversations that CIOs are having right now about accelerating their digital transformation, moving more applications to the cloud. I guess a high-level question is how you sort of see security, and just as importantly, Palo Alto's products set sort of fitting into that conversation.

Well, it kind of -- these past few days, Saket, what has happened is that, as you can see, the thing that has powered us through this pandemic has been technology. We've all been asked to isolate. We've all been asked to stay home, wear masks, not go out and go out sparingly. And what has happened is like people from all age groups have been sitting home watching Netflix, Hulu, Disney+, whatever have you; ordering their groceries from Instacart and getting their fruit from DoorDash. So you're seeing that the stuff done -- or Amazon. So you're seeing the stuff that's working has been technology, as I said. Unfortunately, many companies saw their entire revenues go online, 100% revenues were online because your physical revenue is managed. And at that point in time, I think we went through 3 waves. I think the first wave was I just need more capacity. I need more capacity so people can work from home. I need more capacity so I can meet to need, the volume needs of the business. And so that was kind of the early shop phase. I think 3 months into it, I think I'm sure you just see your observation. We also had this working. People can work from home. They're being productive. They can deliver results, and we look at a number of companies that have produced results, which haven't faltered in the market. And honestly, we all thought this is going to be different. We saw the market greater because we all thought this is going to change the way the world. That's what economic prospects look like. But clearly, we all were able to figure out that our teams are resilient. The people are resilient, and we're able to perform. So people kind of went back to their day jobs. Okay, let's keep doing our day jobs, and so we found more productivity. In that context, what we've seen from a technology perspective is people have said, "How am I going to design my architecture for the future?" Now what they've done is they've talked about cloud transformations, getting on to the cloud quicker. They thought about when I go to the cloud, what is my network lead to look like? As you saw most recently, some of the very, very serious cybersecurity pacts happened not too long ago. So people have become more careful saying, "My entire 100% of business is online, I need to make sure it's secure." So we're seeing the trend for security, the trend for cloud, the trend for network transformation. And I guess sometimes better lucky than good. In 2.5 years when we set out our strategy, we said, "What's going to be big?" Cloud is going to be big. Cloud is going to cause network transformation. And data and AI are going to be big because it becomes cheaper and cheaper to store data and process data. And we're still working hard. We've got a variety of exciting products in those categories. Products, some of them, have been around 1.5 year. Some have been around for 6 months. But we're seeing phenomenal excitement and growth and momentum in many of our newer products as we demonstrated in the last quarter's earnings that we expect a $735 million ARR in a business which we've done now 2 years ago.

Absolutely, absolutely. Definitely came through. And to your point, just on the diversity of the product portfolio, let's dig into that a little bit. You've got 3 main sort of product families, if you will, right? We've got Strata for core firewall. We've got Cortex for endpoint and SOAR. And then we've got -- of course, got Prisma for cloud security. And I'd like to start from sort of the end first, if you will, with Prisma and really dig into Prisma SASE, which, of course, the security delivered by cloud. Maybe the question for you, Nikesh, is how has that product improved versus stand-alone competitors, for example, in the last couple of years? And how have your -- because I know you spend a lot of time with customers. How have your customer conversations in that product changed over the last couple of years as well?

It's a great question, Saket. The early days, 2.5 years ago, remember, this is to be the exciting market of VPNs, right? You basically -- you and I got a VPN. We backhaul ourselves into the data center, and off we were to the races because majority of the data is not in the data center. When the cloud came around, people said, "Why don't I need to go to this? And I go to my SAP, my Workday, my Office 365. Why am I backhauling the traffic in there? Let's figure out a way of sending traffic to where it needs go." When you do that, you say, "Wait a minute, what about all the security?" Because the security is applied at a data center at a policy level, and that's how you regulate what happens. So we said, "Okay, well, let's start". And some people say, "Let's use proxies." We said, "Well, let's just put the entire firewall stack in the cloud." So when I came in Palo Alto Networks, we had 27 engineers working on [indiscernible] working on the topic, right? We took the entire back end and said, "Well, what's important when I'm doing this on the back?" Like what's important is I have to be able to do this very low latency because I'm in line. So if I get in line of traffic flows, when there's more access, you've got to have very low latency. I spent 10 years at Google. I know Google has one of the best networks in the world. So we had to do the deal with Google Cloud and says, "Why don't we backhaul to you at the nearest point possible and you can rifle through that traffic very quickly with low latency, which eliminates the need for us to do round trips of proxies, right?" We're basically all loading onto GCP, our firewalls in the cloud and Google Cloud. You can run it the data against the firewall and can be off to where we need to go. So that's kind of like where Prisma Access came about. Subsequently, what has happened in the market, we realized, wait, if I start using Internet to backhaul my traffic, if I start going directly there, I think the whole set of monitoring tools, those sort of capabilities that didn't exist in the past because the MPLS [indiscernible]. You need SD-WAN and you need DLP there because you don't have the back of your data center where there's some on-prem DLP server. So that's where, I think, Gartner coined the term SASE. We already had that in our product. We've got DLP in there. We've got SD-WAN in there. We've got IoT security coming in there. We have obviously the CloudGenix. We have the ability to build SD-WAN out, and there's Prisma Access. So what's happened is because of pandemic, customers have realized they're no longer happy with a half solution. They want every application accessible from everywhere, which require the full firewall stack in the cloud. So our conversations have just accelerated post pandemic with many of our customers as they're thinking through the remote work capabilities and they're thinking through having a robust infrastructure, which kind of like protects them at the edge. And what's exciting is that I think we're still in the early innings of that journey. I know people have said, "Oh, well, that's kind of flash in the pan, the pandemic-driven manage. And when the pandemic is over, this is going to go back, and this is just sort of incremental capacity needed for the pandemic." I don't think so. I think we are accelerating a trend, and trends have the ability to sustain for longer. So I think this SASE trend, this network security trend where I see people going from hardware to software is going to continue for the next many years.

Absolutely, absolutely. I mean you touched on some interesting points in there, and one of them was SD-WAN. And maybe that's a good segue into the Strata product family. I think the new SD-WAN capabilities here are worth talking about outside of the SASE offering as well. So the question is, for customers that are looking to combine their firewall and SD-WAN on a single appliance, what does Palo Alto offer here in terms of software and appliances?

So as of 5 months ago, we have SD-WAN capability in our firewalls like everybody else out there. So you can follow the firewall, you can configure it to as part of an SD-WAN network. You can do that with our Prisma Access product as well on a native basis, even RBMs. What CloudGenix does is allows you to design, architect and build the SD-WAN capability across enterprise. So you can actually go build an entire into an SD-WAN. You have SD-WAN appliances, where you have SD-WAN boxes in branch, you have one from a firewall. We have firewalls, which are SD-WAN capable. So you can actually stitch the network of SD-WAN between our CloudGenix capability and the firewall capability. Again, it's kind of interesting. I think SD-WAN is also at an early stage as a trend. I think you're going to see more and more customers go down the SD-WAN route because it's a simple cost play to replace MPLS. But there, you've got to be very good at partnering with some of the people who are hired as network consultants because a customer is not going to design that SD-WAN capability themselves. They have to work through a network consultant. They have network architectures, a desirable network architecture. And what's happening is now because of the pandemic, because of what you read every day in the newspaper, it's no longer SD-WAN. It's like what about security? Wait, I don't want to put 2 boxes for SD-WAN and for security designed into our network? And why do I need to put a hardware box if I can do it soft, right? That's where the trend is going, and you'll see more and more of that. And hopefully, our strategy of Prisma SASE is right in that direction.

Got it. Got it. Maybe a strategic finance question for you, kind of staying on the Strata business, but maybe even a little bit broader, talking about the network security business. You mentioned last quarter, I mean it was a great quarter. I think actually another really important point was some really interesting disclosure. And kudos to Luis and the team, by the way, for helping provide that. The team gave some helpful stats just on showing that the network security business, I think it's growing mid-teens with roughly 30% operating margins. And you correct me there if I'm wrong. But I guess the question is, how do you think about this network security business sort of long term in terms of sort of balancing growth and profitability? And are there any knobs in that business that the team wants to turn, if you will, to drive certain changes? Open-ended question.

Yes. Look, I think from a financial profile perspective, I think that is a good financial profile for our network security business of the quality of the business we have. What I mean by that is, remember, this is not just a hardware business. So if you go look at the RPO of that business, you look at the billings of that business, you'll see there is a spread between billings and revenue, which means our software business is variable within that network security business. So we actually -- so we're changing the quality of hardware and software within that and yet sustaining mid-teen growth at a revenue level and an operating margin close to 30%, like you said, and gross margin in the 77%, 78% range. So I think the business is adequately funded as well. It's not like we've got to go fund a lot more in that space. We have enough people working on it. We can keep innovating on the hardware, keep innovating on RBMs, keep innovating on our Prisma Access capability. The norm that we have in there, which should provide some degree of counterbalance or protection is, remember, Prisma SASE is still not at the scale of a large firewall estate or firewall business. We had around for 24 months, really around -- in the new form for 9 months. So in that context, Prisma Access is still getting up the efficiency and scalability curve from a cloud cost perspective. So there may be a knob in there, which allows us to get better on that particular part of that gross margin over time, that continues to drop for the operating margins. So what I'm saying is there is a counterbalance that we think this financial profile is sustainable in that network security part of our business.

Yes, absolutely. And maybe said another way, I mean 30%-ish type of operating margins in mid-teens growth, that is a -- and fully allocated expenses, that is a rule of 40 business. Got it. So...

Is it? Go on. Never thought of the rule of 40? What do you do when you have no profit? You just keep doing a 40% [indiscernible]?

Good to see profit there for sure. Nikesh, maybe just to shift to the third part of the product family here with Cortex. I'd love to maybe focus or just dig a little deeper on the recent Expanse acquisition. And more broadly, I think one of the themes that we've seen in some of the M&A that's been done over the last couple of years has been this idea of revenue synergy. So often, I see deals that are done where there's expense synergy. And of course, there is that component. But there's been a lot of deals here that have actually had some revenue synergy, faster growth post-deal type of commentary. So the question on Expanse specifically is can you just talk about the revenue synergies that you see here with the rest of Cortex platform?

Look, I think if you play this movie 5 years out and look back, you'll say, "what Palo Alto started doing in 2019 was the beginning of the next trend of security." And I mean that. I think if you look at security, what is the problem and what's broken? If you talk to the [indiscernible] in the world, they will tell you they've got too many security vendors in their infrastructure, and there is still a big miss in their SOC because they have less of alerts and they've got to keep hiring people, and they hear about cybersecurity shortages. If you direct through the insights that go into how we think about Cortex, number one is it's becoming easier and easier to store data and analyze data in a collective place. Many companies out there have shown it. You've seen market caps of companies have their data go up because they believe that's the future. We believe that, too. And so for us, Cortex is pretty simple. It's to protect the entire capability of the organization from the endpoint, whether it's the endpoint or the firewall. We're in line in both places. Collect all that data, cross-correlate that data and analyze it. And once you're done are analyzing it, figure out how to remediate that on the fly. So I hate to say it like this because it sounds like we're pandering to something else, but our desire is for an autonomous SOC, not unlike Mr. Musk's desire for autonomous car. An autonomous SOC is a SOC that self-heals and solves your problem so you don't have to go into veer. Because if you can build that, then you need less and less human intervention, need more and more stuff on the fly. Now to get there from where we are, you have to eliminate a lot of noise and focus on signals. To give you an example, when I started, I followed those SOC at 57,000 or less a week. Now we're down to 500, right? And that's by eliminating the noise, cross correlating data and saying, "Those things are false positives. Get rid of them." If you get 500 down to 5 as soon as after you evaluate, then you're talking real business because those 5 become real security incidents, initial capital beforehand. Finding out after 30 days that somebody came into your infrastructure into something away is not very helpful. So I think...

Absolutely.

I fundamentally believe that cybersecurity has gone from being a hobby to a profession. I mean look at what happened a few weeks now. I was at -- FireEye just announced what happened to them. It's very unfortunate that it happened, but it's possible what can happen to them can happen to any one of us. We have those too. But the point is if somebody has a very targeted track to view and you're now able to find it in line while it's happening and you're not able to block it right then, somebody is going to take the crown jewels and go away.

Absolutely.

And towards that vision, that's where Cortex is headed. We've come a long way from where we started. We have a phenomenal endpoint product. We have a phenomenal EDR capability. We have phenomenal XDR capability, cross correlate our firewalls and end points. We are -- we have announced the ability to do that with identity data and e-mail data so we can start cross correlating that data. Our intent to cross correlate all data in Cortex eventually. And then we use Exo as an automation tool when it's a simplistic thing. You're pushing attack with 10,000 alerts, automate them so you get rid of 10,000 alerts because you're separating signal from noise.

Autonomous SOC, very interesting term. Nikesh, I maybe want to -- since we talked about the product families, I kind of want to look at the business from a different lens, which is maybe zooming in on the next-gen security business part of the NGS business. I think NGS made up about 25% of total billings last quarter, and that's significantly higher than what it was just 2 years ago. And so the question is, how do you see that mix in the future, understanding that there's a balance between the core firewall business and sort of the faster-growing NGS business? Does that make sense?

Yes. Look, I think this is a mathematical exercise you're better equipped to do than I am. But if you look at the growth rates of the NGS business and the network security business, you will notice over time, those 2 have to meet.

Got it.

The question is when. But we think it's a very large TAM. We think there's a very large TAM and network security transformation. It seems a very large TAM. The whole autonomous SOC data, ingestion data management place for security is in a huge TAM and cloud security. So we're targeting very large TAM in each of our 3 product capabilities, our areas, which is one of our biggest set of -- if you back it up, it seems like that one of the insights I had when I started at Palo Alto Networks, I never did an enterprise before. And when I looked at very large enterprise companies, they're go-to-market machines. If you look at the Oracles of the world that Larry Ellison built or Cisco that John Chambers built and you look at what more Palo Alto is doing, you have a lot of go-to-market capability and then you put a lot of product into the bag. So the people are out there and make sure they're capable. And they're proven time and time again, we want to build a large-scale revenue and billings business. It happens by having great customer relationships and being able to have an entire portfolio of products to send a customer. In our case, that portfolio has to inter work together really well because this is secure. That's the only difference that we have to do, but we still have to go out and have lots of people out there selling this stuff because we have to win each customer at a time. Now -- and I've said this before, but as my old friends say, repetition is not small in the prayer so I'll say it again, There's a customer whose entire capacity, they bought firewalls from us wall to wall and put it everywhere they should, could spend $15 million, and they did it. Last year, we sold at $45 million. Why? Because we had Prisma and we had Cortex. Without Prisma and Cortex, that was a $15 million customer. The wonderful person who did that sale, the lady, she knew the customer is set out, she knew their needs, she'd been able to work with them very closely, and she was able to go facilitate all 3 sales. Our incremental effort to go facilitate the next 2 sales was not as high as she had to go insert to sell the first team. If she had to go create $45 million of our 3 customers, that'll take us 3 time the effort. So in the end, there is scalability in having a coherent set of -- and I say coherent set of products in the portfolio that work well together and our products that customers bought. So there's a bunch of prerequisites on building the go-to-market business. If your product sucks, it doesn't matter what your salespeople do. If your products don't work together, then you don't understand what the benefit of buying for a person is. But you can actually get that trifecta of making sure you have great products, you have great go-to-market capability and you actually have a system that allows you to do that effectively, then you can actually build a machine that goes out and sells more and more products. So part of our strategy in the last 1.5 years is to build the portfolio, make sure we have products that people want, make sure you have a team that's out there which understands the customer and then build that system that allows you to be effective in that system. So if you look everything we're doing in the last around 1.5 years has been pieces of that puzzle. Some of them are doing better than the others. That's our job as management, keep improving the execution. But I feel very happy that we've come to where we have in 2.5 years and managed to handle dynamic [indiscernible]

Absolutely, absolutely. Just to sort of put a bow on this topic of NGS and maybe ask a question -- a similar question that we asked before for the network security business. But maybe from a margin perspective, clearly, more investment going into this business for higher growth, to be clear. But I guess the question is, how do you think about the path to profitability here? Is this going to be something that's based on revenue scale? Is it a matter of time? Is it expense synergies? Any thoughts on kind of how the operating loss in the NGS business could narrow over time?

Saket, you must be old-fashioned like me because I just saw the DoorDash IPO and the Airbnb IPO. I didn't hear anybody else want to talk about profit really. Hey, you ask me, just kidding. So -- but to your profitability question, the NGS business, remember, it's 2 years, 2.5 years out the gate, and we showed you the gross margin profile for -- let's call it cloud and AI because NGS has Prisma Access. If you look at our cloud and AI business, we're short in the gross margin. So gross margins are somewhat depressed because we made the Crypsis acquisition, which makes up a bigger share now and which will diminish over time as the other products lap into revenue from a mix perspective. So we'll see that gross margin improve. We'll see that gross margin improve as we start picking cloud savings into that number, which we are working on, and we have clear line of sight to pass to better numbers. So I think the gross margins should gravitate to a 7 handle over time, which is pretty consistent with SaaS businesses and software businesses. And remember, there's a couple of services business associated with it so far. On the operating margin, as you know, because of the ratable nature of ARR businesses, there is a continued step improvement in operating margins that happens that the [indiscernible] falls off your balance sheet on your P&L. So we should expect step improvement in our operating income line over time. And Luis and I are working on this, and no promises. But what -- I think what becomes more important and interesting is the cash flow of those 2 businesses. So we're working to see if we can give that disclosure this quarter, but we're not making any promise. We're working on it. But that'll give you a good sense because if I could show you that my cloud and AI business becomes cash flow neutral in the near future and we're going to keep improving the cash flow profile, the operating income will just show up as it's falling off the balance sheet to the P&L. To be honest, there's a balance you always have to strike in our business, Saket, as there are companies who we compete, whether it's a CrowdStrike or a Zscaler or others. They're on there. They're pitching the ARR business. They're growing as fast as they can. They're not, in our mind, not heating their operating margin line right now because people are focused on their growth numbers. And we've got to match that growth in our cloud and AI business because if we don't, we'll lose market share. So we've got to make sure we start the right balance and making sure we have go-to-market institution capabilities against our competitors on the cloud and AI part. And that's why the way -- reason we created that separation for everyone to see is we think the network security business is the highest quality firewall business in the world, highest quality in terms of hardware plus software, making the transition with the same financial profile. It's very hard for businesses to hold on to their financial profile and undergo transformation. So we think that's a solid business, and we think It's probably 30%, 40% bigger than the nearest firewall business in the world with a similar financial profile. So that business left should be worth 30%, 40% more than any firewall business in the world because we have better quality. Just pure Prisma Access. We think the business is right is a fast-growing cloud security and AI security business, which should be looked at in comparison with other people who are in the same space growing that base, and we've got to make sure we stay in lockstep with those people. So our job as management is to get the synergy we can between the 2 businesses, don't slow down the cloud and AI business in the attempt to get too many synergies, keep investing to make sure you are grabbing the large TAM that's out there, and we'll make the value more and more transferred to shareholders. That's the job.

Got it. And I'll just reiterate, I mean I think certainly not just the sell side, but I think the buy side certainly found that incremental disclosure very helpful. So thanks to you and Luis and the finance team for that. Maybe in the last minute that we've got here, left kind of a lightning roundy question if we can here, Nikesh. I mean I know you spend a lot of time with customers. Obviously, 2020 was a really different year. And so very tough to think about kind of what 2021 or speculate what 2021 will look like. But as you sit down with customers qualitatively, what are they saying about their willingness to spend and invest next year in security?

Look, I think, Saket, what's very interesting is there are 3 factors here. One is you are seeing customers come back and start thinking about 2021 plans and infrastructure needs, and they're making sure that the same trend continues, that IT doesn't falter, IT continues to be transformed and be secured. So in that context, I don't think the appetite changed, one. Two, luckily for us, we're seeing customers wanting to consolidate. I think they're getting to the point where a lot of stuff is coming end of life. There have been structural changes in the industry at a macro level where people have gone public, some people have got bought out. Some products have over time, extend of life, haven't evolved in the market. So you're seeing customers consolidate into a newer set of players. We hope that we will meet all of those players. You are seeing the emergence of systems integrators and service providers in the new channel because customers are entrusting them with this transformation. So we're working hard with the SIs and the SPs of the world to make sure that we're part of that journey. So I think from that perspective, I think cybersecurity spending should continue to grow at the rate it has in 2020 or 2019 into 2021, probably a little higher.

Well, on that note, I've got so any more questions for you, Nikesh, but unfortunately limited time. Thank you so much for taking the time here. I certainly found it helpful. I'm sure the folks on the webcast did as well. I can only say that I look forward to being able to do this in person in 2021 in San Francisco next year.

This is so much more efficient, Saket. Maybe I'll just Zoom into that meeting.

Works for me. Nikesh, thanks again for the time. Really appreciate it.

All right.

All righty. Have a good one. Bye now.