Palo Alto Networks, Inc. (PANW) Earnings Call Transcript & Summary

Well, good afternoon, and thanks for joining us. I'm Rob Owens with Piper Sandler, and I manage our security and infrastructure software practice. Really pleased to be welcoming our next company, doing a fireside here, Palo Alto Networks. And joining me from the company is Nikesh Arora, its CEO. Nikesh, welcome. Good to see you.

Thanks, Rob. Likewise, good to see you as well.

Yes. It's been an active couple of days for you starting last Friday with a major product announcement that is getting Palo Alto into a new opportunity, Analyst Day yesterday. So first of all, thanks for joining us today in what's been a very busy schedule. But maybe a couple of the high points for investors out of Friday's announcements and as well as the Analyst Day yesterday.

Well, first of all, thank you for having me, Rob. As you know, we've been busy. We announced our work-from-home product, something I feel very passionately about. We've been working at it for the last 18 months. And we kind of accelerated that through the pandemic. As we heard from our customers that they were delighted with our SASE solution, our Prisma Access, but they wanted to make sure that there is something to cover their employees at home or their executives at home. And towards that end, we were delighted to announce Okyo Garde, which is a product we built from scratch, built the OS with security actually first in our mind. So we actually looked at all the traffic, said how do you -- how do we secure it, how do we write it down. Part of the challenges you can appreciate is that a lot of security has been added on to many traditional networking products in the past, and we're delighted we're able to launch that. It's early days, but we're hearing from our enterprise customers, there's a lot of interest. Of course, we had our Analyst Day yesterday. In fact, before we go there this morning, we just announced the integration of our Access product in SD-WAN to create a new SASE SKU, which were launched today, which we're really excited about as well. From the Analyst Day perspective, Rob, what has happened is as we've been through last year, as we've been through the pandemic, I'll tell you like right before the -- as the pandemic hit, me, the management team were all nervous as to what's going to happen, right? We're all -- we're not just -- I'm sure many companies were. And it was amazing to see all of us adapt to a scenario where we can work remotely. We can be productive, business was as usual, barring that sort of jolt in the first few months where people were trying to figure out which end is up. And what we've seen through that year has been steady adoption of technology, in fact, accelerating. Obviously, unfortunate cyber attacks, because of which, there is more focus on cybersecurity. And we also see our product portfolio begin to hit its stride. In this context, we felt comfortable laying out a plan for the next few years. And something different where we spent a lot of time investing in the last years and getting to the forefront of cybersecurity across the 3 major areas, we believe, are going to define cybersecurity. And we believe our product portfolio is 90-plus percent there in those categories. And we're beginning to see that prove itself with the customer. So we're seeing tremendous product market fit and customer adoption, so we felt comfortable setting out a very strong guide for the next few years, growing north of 22% and 23% of billings and revenue. And at the same time, we felt because we've done a lot of the product investment, a lot of the M&A, we felt comfortable saying this is a time where we can scale our operating margins going forward and our free cash flow margins going forward. So that's kind of, in a nutshell, what we've been up to.

In a nutshell. Now that guidance that you actually laid out, Nikesh, was above where the Street was. So not necessary, appreciated it, as always, with a buy on the stock. But that being said, why aggressive right here? That much confidence in the portfolio, the execution, how things are coming together, the threat landscape, what was underpinning that increase relative to Street expectations?

Yes. I mean, look, you have an outside in view of the world. I have an inside out view of the world. The inside out view of the world says we're seeing strength in our product categories. We're seeing strength in our network security platform. We're seeing strength in our cloud security platform. We're seeing strength in Cortex. We have a lot of expectations about how well we'll adapt the product to a larger TAM. So just generally across the board, we're feeling confident about our product portfolio. And that's not just our confidence based on the adoption and our interactions with customers. Couple that with what we believe is a tailwind in the cybersecurity sector, and I think with bumps and starts, we'll all come out of the pandemic, and we've all learned how to live with it. And I think we're all reaching a steady state from a business operational perspective. So we feel strongly that it is a moment where our parts are good. We have tailwinds. And we're seeing customers gravitate towards more platform consolidation, which is where our sweet spot is.

And I'd love to double-click there. I mean you've been with Palo Alto for 3 years now. And you came in and you talked about consolidation and for someone that's covered the industry for 24 years at this point...

No one is going to come get you, Rob.

Yes, I know. I've seen it in our work in the past. So the pioneers definitely had arrows in their back. So why is it working at this point in time? Why is it working for Palo Alto?

Well, I think we have taken a very fundamentally different perspective on consolidation. And consolidation in the past was practiced as acquisitions where you can buy it from the back of my truck. You can buy CASP, you can buy endpoint, you can buy routers, you can buy whatever you'd like to get. But I don't think the customer is looking for a single point of purchase. I think this customer is looking for reduced integration needs at their end, reduced amounts of alerts, higher security. So look, we bought north of 14, 15 companies in total in the last 3 years. We have end of life each of those products, integrated those products into our core platforms. We have created integration at an alert level, at a data level, at a deployment level, at a consumption level. So we've actually integrated the entire product into our portfolio and actually present it as a much better integrated solution, yet maintaining the best-in-class capabilities of those products. And the Twistlock was the best container security product we bought, we still maintain its best-in-class capabilities, RedLock and CWPP. But I'm still watching people 3 years later buying CWPP and CSPM or container security and cloud workload protection 3 years out. They're are competitors who are buying those, and says, "Oh my God, we've discovered this is a hot new area." Well, we've moved on. We're doing IM security and DLP and WAF RASP and SaaS visibility, while they're busy doing that. So from our perspective, we've used, I think consolidation is perhaps not the right word in that context. We're actually truly delivering a platform which integrates at a core level, the capability. And when customers see that, they see the difference, hopefully, that's what's causing them to adapt. Look at SaaS again, we had GPCS or Prisma Access at our own end, we introduced SASE ability in there. We just launched ADEM, Autonomous Digital Experience Management. We're seeing traction, people saying, "Yes. I want that." So it's good.

And you reported some pretty impressive SASE results on your last quarter. Maybe you could speak to where customers are at in terms of this SASE journey and the remaking of the network security, if you will, into the cloud?

Look, fundamentally, I don't think any one of us can deny that there is a trend where customers move to the cloud. You don't believe it, just look at Amazon AWS GCP's numbers and Azure's numbers, you'll see $150 million, somebody must be spending it. As people move to the cloud, the old paradigm of backhauling everything with data center has to be reinvented or redefined. And there's where MPLS goes away, SD-WAN comes in. So you basically see people start to bifurcate network traffic at a network level. Couple that with the pandemic, people want to make sure the security policies are applied at the edge because, I don't know, I'm not accessing that from my company headquarters anymore or my company office anymore. I'm accessing that from home. Why do I need to go back into our data center, go from the back door into the cloud? Why can't I just split the traffic and see the security policies deployed in my laptop so the right traffic goes to the right place? So there is that fundamental network rearchitecture going on around the world in every company. I think we're probably in the first 3% to 5% of it, to be honest. I think there's 95% of it still to happen. It's going to happen in the next 5 to 10 years. That's what kind of -- and that, being able to put security at the edge, it's effectively what SASE is. Everything that was going to stack in the data center needs to move to the edge. That's easier said than done. If we're not in the data center, you don't know what happens there. So we took the data center stack, moved it to the edge. We did DLP here. We do autonomous digital experience management as this side. We're doing SaaS visibility at this side because you don't have to go back to the data center. You can't own the firewall anymore. You're effectively running the firewall at your laptop, at the edge. So I think that is a very, very strong trend going forward. We're delighted that our product meets our customers' requirements. We have some very large customers who deployed in the last 18 months from a few hundred thousand customers -- a few hundred thousand users at a pop. We actually got a customer close to 1 million users, got a customer that has 600,000 users. So we've kind of proven the scale capability. And we took a different architectural approach. We actually run that on the back of Google Cloud and AWS because we know that they have the best bandwidth in the industry, and low latency, and they can give you POPs and drop off wherever you want. And they are pretty much first-class peering relationships with most SaaS companies out there, which allows that traffic to get to where it needs to get to with very low latency.

And fundamentally, in those situations where you're bringing on large customers, why is Palo Alto winning? Is it the breadth of the platform that they're buying into? Is it relationship-based selling? Help us understand why you might have a leg up on the pure plays. Or as you said, we're in the first 1% to 3%, so there's going to be multiple winners as this market emerges.

Well, look, don't forget, we have 85,000 customers that have deployed Palo Alto's network security somewhere or the other, right? So that's a good start. Because you want consistency with your data center policies and security policies with your policies on the edge. You don't want 2 sets of policies running around as you're trying to create a zero trust environment. And that, that allows us to come in with a winning proposition because the only way to deliver consistent zero trust, as you might have heard from [indiscernible] in the presentation yesterday and if your listeners haven't watched it, I would highly recommend that as part of our Analyst Day. But if you really want to deploy true zero trust across the enterprise, you want consistency. That consistency comes from having a similar approach in your data center, in the virtual cloud at your edge. And that's a proposition only Palo Alto offers, at least as far as we know it. And that allows us a big leg up in us winning customers. The sophistication of our capabilities and the completeness of our product also convinces customers, like this morning, we integrated SD-WAN and our SASE product. There's no product out there with SD-WAN and network security that works together with DLP in it, with autonomous endpoint monitoring in it, with SaaS visibility in it, with IoT security in it. There's no product out there.

Sure. So maybe shifting gears a little bit. Cybersecurity has obviously dominated the headlines with major breaches. You've got executive orders. It does feel like it's probably one of the best times this industry has seen relative to the demand landscape, and with an ability to execute, obviously, companies are doing well. Talk about the impact that this increased visibility in this environment is actually having on your business overall. And I think that was obviously evidenced a little bit in the guidance and the inside out, as you put it, confidence that you showed yesterday.

Yes, Rob, I think there's an interesting nuance in what you said. I want to make sure everybody understands that. This is not a flash in the pan moment for cybersecurity. This is a moment when people realize cybersecurity is important, will continue to be important for the rest of our lives. So it's not like, "Oh my God, we have 3 attacks, there's a huge demand. Demand is going to ebb and flow." You're finally paying attention and saying, "Oh my God, what does the cybersecurity infrastructure look like?" Now Rome wasn't built in a day. The cybersecurity infrastructure that's out there were not built yesterday or last week. These were built over 10 years of buying point products, and stitching them in your SoC and realizing, holy s****, I couldn't protect myself against a SolarWinds attack or I couldn't protect myself when the Exchange Server attack happened. We sit down and say, "Okay, I've got tens of millions, if not hundreds of millions of dollars deployed, what does my security posture look like?" You've never had to test your security posture because it's been a benign world. In this world, you've got to go test it, and every CECL, CI worth their salt is having to go think about their security architecture and make sure that is going to be robust for time to come. And that's not going to get fixed in 1 day. It's going to take months, it's going to take years in certain cases. So I think there is an awareness of cybersecurity. That awareness is causing a lot of CIOs and CISOs to rearchitect their security posture. And in that process, I think, generally, the sector is going to do well. And hopefully, people who are in a platform role are going to do better, or at least we're going to do better, hopefully, than point solutions.

Yes. And I think the Street has always had that perception of cause and effect, right? We see a breach, we see spend. And I appreciate the commentary that there truly is a long tail and mounting momentum with customers and 1 large customer out there is the Federal government. And you've had some massive contracts historically that we can all see on the Federal databases, talk about spending intentions within the Federal government. How do you think this is playing out? It seems to be less seasonal now, too, we're hearing from companies where it used to be a September quarter, their fiscal fourth quarter type of thing whereas you're seeing spending throughout the year. So would love your take, especially given Palo Alto's platform and how compelling that is.

I think, Rob, look, the thing about administration changes is you get a whole new cast of characters. This has happened in the last few months. And as you've seen, we just had confirmation of some of the various leaders in the cybersecurity sort of forefront in the last few months, they're putting their plans together, they're doing -- sort of sorting out their ideas, they were in crisis mode as soon as they came in because of all the hacks that were going on. So -- but they want to do the right thing in terms of putting the right infrastructure in place. There is the September quarter, as you know, where the Federal government sort of exhaust their budgets and starts a fresh new year. I think the trend is our friend. I think they're going to get more consequent about how to protect not just Federal agencies, but critical infrastructure around the country as well as what happens to the state and the local perspective. But I think like sort of going back to my notion of it's going to take time for them to get their plans together, rearchitect what they want to do. And I think the good news is there's a tremendous amount of awareness and intent in them wanting to get the right thing done, both at the nation state level as well as across the various agencies in the U.S. government.

And if I look back to yesterday and the 3 areas that you laid out relative to the network security opportunity, which Palo Alto has been a leader in the firewall market. Cloud security, as you pointed out, you were very early to make acquisitions with Twistlock, RedLock evidence, really a leader. And then we've got Cortex. And I think you were one of the first to actually coin the term, if not the first, XDR, and how you were focused on information gathering. But it's obviously a highly noisy category. You've got the endpoint guys making noise. You have the SIM guys kind of fighting it out. So would love to understand Palo Alto's position here and where you really think the long-term opportunity is?

Look, the proof of the pudding is in its eating. And we showcased yesterday at the Analyst Day that we were able to deploy XDR and our technologies and get ourselves to very few relevant security events and be able to remediate that in -- some in seconds and some in minutes. Now if you abstract, there is -- that's what is needed, right? You want an attack to be stopped mid-flight, want an attack to be remediated or figured out within minutes, not within days, which is the current standard, is many days. Now as customers are getting more and more aware of this need for autonomous detection, autonomous remediation, we begin to see then think about how to get to that outcome. Getting that outcome is not as simple as deploying Cortex in their SoC. It also requires them to go back and rethink their cybersecurity architecture, which is what people are going through as we speak. So I think the long-term prognosis for the whole SoC and the operation of SoC is a combination of agents that collect data from the enterprise, aggregate that data in some normalized fashion, and then remediate using that data using auto analytics or AI and ML. And what we shared with you yesterday was a building block of such a strategy. XDR acts both as an agent and as a demystifier of a lot of the alerts and reducer of all the noise. It drives more signal, XSOAR acts as an automation mechanism, which takes a lot of those signals and figures out what can be automatically remediated by having integrations with over 700 vendors around the industry, where there are 750 autonomous playbooks that can be deployed by our customers. And expense allows you to take a look at it from an external hacker perspective, a bad actor perspective and say, "How would I cross-correlate that data and see what they see, so I'm making sure that anything that is visible from the outside has been bought and can be remediated." So we shared the building blocks. I think you'll see more and more integration across those elements. I think you'll see more and more automation and normalization of data in that space. And yes, you're right. There are -- it's a big price and a lot of people who are legacy players in that space are looking at the price. Some of the newer endpoint folks are also looking at it from a price perspective. The question is, who gets there at scale and there was a lot of pomp and celebration. And hopefully, we'll get there.

And within some of your cloud portfolio and the cash, you have had companies that have been more DevOps-centric and DevOps-focused, and I think you've done a good job productizing those capabilities. But the whole notion of Shift Left. I know you made the Bridgecrew acquisition recently, but where do you think Palo will play relative to the Shift Left opportunity longer term? And how far left do you think you might go?

Well, we're more left than we were now, which is a good start. But I think, for those of you who haven't spent much time on this topic, but look, the whole notion of cloud security is protecting the applications written by the enterprise folks and port it to the cloud or shift to cloud. Now the problem is that the traditional tools say, "Okay, great, you're submitting an application to production. Let me tell you where your mistakes are and go fix them." And developers don't like that. They don't only like to be told that go fix your code after having submitted it for production. So effective;y what Bridgecrew does is it allows the developers to assess their code while they're writing it to tell them if there are any security flaws in that code. And if there are, it recommends that they fix them. And then they catalog that and make sure that it's available as they migrate to Prisma Cloud. We are deep in the process of integrating Bridgecrew with Prisma Cloud, which means Bridgecrew will be able to assess what the production teams are going to assess you against once your product gets there, once your code gets there, which is I think hugely important because what it does is it gives you validation as a developer very early in a development process that are you building a secure piece of code or secure application or not. I think that's going to be huge. I think that will become the norm. I mean, honestly, like there's no reason to tell me after the fact that I screwed up, tell me while I'm screwing up, so I can do something about it. And I think that's kind of the notion of Shift Left, how far left can you go. Now this is a bizarre notion that there's a lot of open source capability out there because at the end of the day, if you're shifting left, you want to make sure that it's integrated in some sort of enterprise solution, which is going to be security grade, if you will. So that's our aspiration with Bridgecrew and Prisma Cloud. And we're seeing phenomenal amount of early interest from many of our customers and n the Bridgecrew customers, and many of Prisma Cloud's customers. I think that'll be the next best bastion of cloud security, but we're well prepared for it. There are players out there who are very left, don't have security. There are players who have some security, not all the security offer and no left. So hopefully, we can balance the 2 worlds of having the left part and the right part.

Sure. Do you need to develop a new channel to get to developers? Or the companies you've bought expanded organically effectively. You've got some great technologies. But do you have to more formalize it? And then those companies that you have bought to ask the kind of converse question, have you been able to put them through more of the traditional security channels as they've grown and matured like the Twistlocks?

Yes. So the enterprise security product, Prisma Cloud, it actually worked really well from the traditional channel perspective and also the CSP perspective, to be honest. I mean, at the end of the day, we can't sell security if you're not a customer of one of the public cloud providers. So we have to partner with them to make sure our products work as an integral part as well as partner with them to go to work with their customers. So that's kind of working from that perspective. Yes, Bridgecrew presents a different opportunity. It's a very developer-centric opportunity, which requires more developer evangelical skills, which our teams are busy adopting and many of the Bridgecrew folks had those skills as they walked in. So you're right, it does require getting the excitement and enthusiasm on the developer front. And Bridgecrew's had north of 3 million to 4 million downloads of their tool, which is what -- is kind of how the adoption works, the developers as it relates to a code source checking or sort of source code checking tool, which is what Checkov is with a glance.

And we only have a few minutes left, but I would love to understand your strength in core firewall. And there's those of us initially that thought of this as a razor, razor blade game, and you did a lot to convince us we were wrong and really grew the portfolio outside of just the basic firewall sale. Now your product revenue is spiking relative to, I think, where we thought it was probably even where you thought of.

Well, it's just growth is spiking.

Yes. But it is greater versus being flat to down. What is going on in this? And at the same time, you're actually seeing mix shift software, which you showed on the slides yesterday. So what is going on in this market? And why is Palo Alto participating? And why is there confidence that this is a multiyear trend?

Well, it's a great question. Look, products slowed down prepandemic a little bit. I think a lot of the focus -- the product that's sold in the pandemic was mostly people expanding capacity for remote use case. And also because a lot of people are not sure when they're going back to the office to their data centers to deploy some of this stuff, they kind of sweated the assets a little longer than we expected. And that's sweating the asset now. We have great products, so you can sweat the asset a little more, they figured out. But they've come to a point where the capacity increases haven't stopped. They need to go refresh some of the hardware. We're beginning to see that cycle again. But we have, obviously -- that's one part of it. The other part is we've deployed a lower end PA-400 firewall series, which we -- it was a market we never really played in. This is a market which is primarily dominated by 2 other players in the industry from a market share perspective. So we figured we shouldn't we let them have a cake walk in that space, and we have a phenomenal product, with superior price performance in that category. And a couple, add to the fact that we think this is going to take a little while before that trend of people wanting more capacity back goes away. It's going to take a while before the refresh goes away. So we feel comfortable for the next few years, we can sustain that mid-single-digit growth on product side, but honestly, that's to feed the hungry bears on the product front. I mean, again, our focus continues to be around making sure the integrated solution of software and hardware is presented to our customers because we're seeing every customer is going to end up with some hardware, some virtual firewalls against public cloud and definitely SASE. So as long as you can be consistent across those 3 platforms, we track that those 3 coupled together should grow north of 20%. And as long as it keeps doing that, we think we're taking share in the firewall business on onboard.

Excellent. Well, Nikesh, congratulations on your success, and thank you for your time today.

Thank you, Rob. Thank you for your support. Appreciate it.

Yes. Cheers. Thanks.