Palo Alto Networks, Inc. (PANW) Earnings Call Transcript & Summary

All right. Well, good afternoon, everyone, and welcome to Day 1 of the Barclays TMT Conference. My name is Saket Kalia. I cover software here at Barclays. It would not be a tech conference without having Nikesh Arora, Chief Executive Officer of Palo Alto Networks here with us today. We've got about 25 or 30 minutes together. Maybe what we'll do is I'll lead some fireside chat for about maybe 15 or 20 minutes of that, and any questions that might come in, just feel free to e-mail me at [email protected], and we'll try to get through some of them in the time that we've got. And so maybe with that, just as a preamble, Nikesh, thanks so much for being with us here today.

Thank you very much for having me, Saket.

Absolutely. Nikesh, I just want to start, I just kind of want to start high level here because I know you spend a lot of time with customers. I'm wondering what they're saying to you about their willingness to spend on security going into next year? And maybe to the extent that you can, what areas do you feel like they're kind of focused on within that security spend? Does that make sense?

Sure, Saket. Look, as you know, the environment, given the pandemic and given all that's been going on in tech, has really focused people on the tech infrastructure. And as part of that, what's happened is that we are seeing continued increase in volumes across the board, because more and more people are online, technology has sped up [Technical Difficulty]. That's causing tremendous amount of infrastructure spend to come into play. Because the pandemic held back some of the security amount, I think you will be seeing robust growth in security. We're seeing a pickup back in infrastructure hardware spend. As you know, we had seen that the past quarter, which we had announced recently. In addition to that, we're seeing continued momentum on the cloud [ ground of issues ]. As a result, we're seeing cloud security become something that more and more important [Technical Difficulty] [ it is ] to customers. And last but not least, this cloud transformation, the pandemic response is forcing an acceleration on the SaaS [ heap topic ] where people are getting [ the idea ] that they want to deploy more and more of a [ full viral ] stack in their cloud as well as we're seeing momentum in SaaS. And if you look at the top priority of the CIO going into the next calendar year. And [ that 1 ] we can see that they're saying we need to continue to drive this [ bound ] observation [ where ] definitely to look at our [Technical Difficulty] efforts where we are [ prepared to see ] and are how and when are we going to be ready for SASE and how we implement zero trust there.

Absolutely. That's really helpful. And a lot of topics in there that I'm sure we're going to dive into. But maybe we -- before we go there, maybe just another high-level question for you, Nikesh. I guess, again, as you spend more and more time with customers, I mean, how are customer preferences changing when it comes to sort of buying an integrated portfolio from 1 vendor versus working with many vendors who are specialists in their area? I'm not talking about best-of-breed, right? Like we can have that discussion about best-of-breed versus suite separately. But in terms of vendor consolidation, right, versus kind of working with a bunch of vendors. How -- what are you sort of hearing about that? And how has that evolved? And I think it's about 3.5 years since you've been at Palo Alto Networks. How has it evolved in your time at the company?

That's a great question, Saket. The -- 3.5 years ago, the general feeling in the market was, I'm not going to comp [ or seriously fair ], I'm not going to compromise my security posture, even if you have more than [ enough ] capability as a company, I'm going to buy what I believe is best [ is by east ]. And I think that's a very fair representation of the view of every customer that we've run into. Now I think for us, what we've done in the last 3.5 years is that we have made sure that our individual solutions are best of breed in their category. So you take [ a clone in cloudster ] [Technical Difficulty] [ this one round ] does not have a [ batter we'll ] be out there, the 7 modules that do CSBMs, [ CWPB labrast in there ] I am [ I'm not sure you want trackers ] but basically, these are various parts of having a robust cloud security platform. [ Ofeus noker ] So that whole wins on its own merit. It doesn't matter if the investment has involved a firewall or not, it doesn't matter if the customer [ has pulled it ] together. So there's no cloud or win [ that competes on its own merit just the opposite ] [Technical Difficulty] [ But according 6 DR capability ] competes effectively in the market with anybody in the EDR XDR space whether it's [ staros white ] Sentinel1, Carbon Black, Cybereason, any of those larger players in there, we compete [ again ] specialist as all of them. Now on the network security side what's fascinating is you have, [ again ] we have [ 57,000 ] customers [ with one or more ] firewalls. Each of those [ live in our ] firewalls [ each competition with other ] firewalls. But now as they're going through network security transformation, they don't want to be in the glass between their hardware and their SaaS solutions. They don't want to be [ into bat ] in the hardware [ and go into the bundle ] having a consistent UI against [ all 3 ] actually benefits us where people are able to buy our best of breed software firewall, our best of breed hardware firewall or our best of breed SASE solution which competes [ effectively with touch the ] as a single [ digit one ]. So it's kind of helping us on the network security side. It's helping us on the integration we have with the network security product XDR, at the same time, we [Technical Difficulty] expect to be specialist [ as it relates to us ].

Absolutely. That makes a lot of sense. I think that's maybe a good segue just into -- maybe we could just dig into those 3 product families just a little bit. I've always thought really the foundation here, right, is the firewall, is the network security with Strata. And to your point, one of the things you brought up in the beginning was, I think we -- one of the strongest hardware quarters that we've seen in a long time, I think it was 25% product revenue growth here in the first quarter. I guess maybe you could just recap, what do you think some of the drivers were of that? Again, I mean, much higher growth than we've seen in some time. And I felt like on the call, you said a couple of times that you felt like some -- at least some of this was sustainable. I'd love it if you could dig into that as well.

On the hardware front, we've had [ a bit of that ] as I said, there's been a bit of a reopening of the wall and a reopening of the idea of deploying more hardware. As we come out of the pandemic we've got to be able to go [ into data centers, more firewalls ] and we've seen this continuous rise in the [ maximum ]. So one is that [ they're ] coming back from the pandemic [ does it have to do ]. The other part is we've done a [ vital ] refresh of the network [Technical Difficulty ] besides the refresh, there is some sustain it for a few years on the [ refresh after the ]. The other half is probably not too far behind. So there's a bit of that going on. If you couple that with the fact that there is a bit of a supply chain event going on in the markets so customers are getting anxious, there is probably [ a bit of pooling ] going on in the market. A lot of [ things ] I think we continue to take share, and we get share in the net new customers who are trying to think about [ bubbles ] or in customers who are entering their refresh cycle. What only fascinating, Saket, look, we're refreshing WAN or replacing WAN that's 6 or 7 years old. And as you know every year, the [ dam ] increases because as we lap years, 1 more [ powers ] were sold 6 to 7 years ago. So I think that [ dam ] that data [ build ] every year becomes larger for us being able [ to compete when replace hardware ]. So as long as we take share, we're going to see -- grow better than most of our competitors.

Got it. A lot of different drivers there. That's really interesting. And I think your point just on share may be a good dovetail into the next question, which is: I guess, outside of demand, which again feels strong, I thought it was interesting to see that, that pace of growth versus others in the industry, was faster. And so maybe just a related question for you then, Nikesh is, how do you feel about the pace of market share gains here, in firewall specifically? And what do you think is helping Palo Alto Networks here maybe more recently?

Well, I think more recently, as I mentioned, there is the refresh to select [ often ] creates demand, creates often journey for us and the install base obviously into a better situation where our price performance has gone from being second or third in the market [ versus ] some other players to being #1, because it's all a matter of when you refresh because we refreshed so it brought most of our competitors [ by homescape ]. In that respect that's one driver. A couple that as I said, we're getting share. And I think, I don't know if you picked up, we shared a very critical statistic which I though was interesting. So 25% of our SaaS customers that [ may do ] follow up. I see that as a huge positive sign for ourselves because that tells me these customers have bought into our network security vision. And I'm hoping that [ owning the SASE ] deployment for the future, as they lap their hardware refresh or replace, they're going to do [ for all ] that they've already wanted [ that was good vision ] and they understand that there's a single pane of glass in all their [ SASE deployment ]. So that gives me hope that not only are we seeing [ dar ] today, but we're seeding the customers with [ SASE ] who are likely going to be [ future hardware hosts ].

No, that makes sense, especially with that opportunity to consolidate to 1 single pane of glass, that's really interesting. And maybe this is a good segue into -- shifting to Prisma, maybe starting with SASE. I think I've heard you say before that, that train has really just left the station, which I think is really interesting. It's -- that's been an offering that I feel like has made some big strides since it was first introduced. I guess -- of course it's always helpful to have Lee with these questions. But I'm curious, what do you feel like are some of the product enhancements that have been so much, so helpful in sort of taking Prisma SASE and making it even more competitive with other pure plays in the space?

Look, I think a few things that happen [ certainly is ] one is in the private incarnation of the word access, right, actually, you work from home, you had access to half the applications you're happy to show up at the office the next day, probably 6 in the morning, and you're happy with the access [ you get ]. Suddenly with the pandemic, what has happened is, you need hundreds of access from home [ and the office ] and we can't do subset of applications for the access from home. That requires you to get away from a proxy [ because more effective for your whole viral set ]. So that's one of the bigger [ discoveries ]. If you couple that with the fact that [ what all do ] our Prisma Access product approximately 2.5 years old when I came. This product wasn't doing what we wanted it to do. We really put hundreds of people to work on this. We've integrated a bunch of acquisitions. We're seeing the fruit of those investments. And we're seeing we have a customer with 1 million users that [ wyanoke past a year]. Many customers with hundreds of thousands of users. All of these had to be hot moved to SASE, right? There's the pandemic because people saw we wanted access 100% of the time to everyone. Couple that with the fact that we believe this was SASE 2 years plus of growth when it integrates the firewalls into the network architecture. So all the factors are driving the SASE goes for us. And as you said, [ or maybe something we'll talk about ] that the industry is still very early because as people make that cloud transformation, as people go to make their [ remote ] access Google Plus, they're going to have [ to get a SASE too ], right? We don't have a [ 10,000 fee income ] We don't have the largest market share yet. Imagine if I told you [ that by the end of the weekend we'll have to go ] then we will have to [ deploy ] SASE. Couple that with the fact that [ if impute ] the customer that are out there are going to be in the cloud. [ If that's true ] then they will deploy SASE. So I'm trying to explain this [ best ], but I guess people understand quick it was the first 2 or 3 years [ of winning that can understand ] base for [ for cities ].

Got it. Got it. Absolutely. I think Prisma Cloud, I think has been another area of success, right, with cross-sell and new customer lands as well. I guess, especially with some of your background just with -- in the public cloud in the past, where do you think the market is in terms of looking at third-party solutions like Prisma Cloud, right, for protecting workloads in the public cloud, versus looking at native tools from the cloud providers themselves versus -- just to give you a third option, no security at all in the public cloud, which I don't know how real that is, but I'm curious your thoughts there.

Well, I think that's a very fair [ expectation ]. If you're a small business, smaller company, few employees, you're a single cloud customer, you're more than likely going to [ say ] whatever I get my public cloud by, because most of the public cloud providers, that gating capability has some sort of security bundle that comes with your cloud purchase. So you're probably going to rely on them for the [ app you get ] even if they don't have everything that you need, so you're probably going to have to go [ get point solution to solve the problem ]. Now for the first time in this transition from infrastructure to cloud or data center above, you have an opportunity to actually solve this [ making system code ] as opposed to going back and create the [ whole ] preference that you created for the enterprise security [ last time ]. So from that perspective, as you go up the maturation curve, as you go up the deployment curve [ and see ] the complexity [ coloring your vision ] and you would have thought we have customers who are typically in 2 or 3 clouds. They are trying to run across AWS, GCP, Azure or Alibaba or IBM. So we have customers who want a consistent pane of glass across all those clouds. You can't get consistent pane of glass across multiple cloud from a native CSP right? [Technical Difficulty] [ because everybody ] Even if you have to be cloud to give you it, it's giving you a pane of glass. Couple that with the fact that even that cloud provider will have to give you 4 panes of glass for 4 pieces of functionality in some cases, which is why we [ want some pane ]. So if you look at our customer base, we have [ northwards of ] 15, 1700 of our customers in the cloud, they're all on the top end of the enterprise stack. They're typically more complex environments where we deploy multiple technologies, multiple clouds. And we think that market is here to stay. Again, I think we're [ amid already in that market ] because you see a lot of cloud being bought, a lot more of it [ has been deployed ]. And I'm telling you next what we'll find we will see pretty much most of the new attacks happen out there from the cloud because somebody's program [ didn't have it on ]. That will create more and more focus [ lead for our security ] and that's where have been our opportunities of the cloud. So being right now, [ the mantra ] my team has got a land or for customers [ who are on a mission ] to deploy well, [ we want to ] make sure they're satisfied [ with what we ] offer and keep it all in the product for [ more and more of these customers ]. I believe there's still a lot of product development [ we have to pursue ].

Yes, sure. So again, that single pane of glass benefit that you bring across multi-cloud, that's an interesting theme. I'd love to maybe wrap up and just talk about Cortex a little bit. And before we talk about the committed environment. Just to maybe start at a high level, Nikesh, you're hearing this term XDR a lot more, right? And I think that means different things to different people at times. I'm curious, how do you define XDR? Why do you think Cortex is maybe better positioned to provide XDR than maybe other traditional endpoint-focused tools?

Great question, Saket. So let me go back a little bit of history. There is an entire industry [ it's called endpoint industry ] primarily initially focused on [Technical Difficulty] your endpoint [ everywhere but especially endpoint ] of malware using signature-based technologies. As time passed, as it became cheaper, as bandwidth became faster, latency [ was lower ] more people said, why wait, why do I have the process at the endpoint? Let me take the data back [ clump on the platform ] and try and protect the endpoint based on behavior, based on what I see as opposed to putting the [ signature on there ]. That's where the [ EER history ] is for. Now if you imagine that somebody got firewalls running and the endpoint running and analyzing both of them together, were sitting and say, "Wait, the end point told you, you have a problem, but the firewalls are telling you, you have a problem, too. Can you cross-coordinate that so we get 1 signal as opposed to noise from multiple solutions. So what we did, we took that data [ and collected endpoint ]. We said, I said, oh, how much data did we collect, how [ much did people collect, did people have access ]. So why would everything [ came from that endpoint ] We cross-coordinated that data with firewalls. We realize that we reduced the number of alerts in the software. [ Well that's interesting ] what if we actually started posting endpoint data with other security data. What we've been able to do, we've been able to ingest [ other people's firewalls alerts ], identity data, post analytics [ go ahead ] and cross correlate that [ sign it use to manalytic saw by the factors taking down ] right? So what I'm trying to tell you, that the reason [ these are ] interesting that we've gone from endpoint being a point that is affected to post the endpoint being a point that is protected as well as a sensor like for [ data for protecting everybody ]. I think from that perspective, what you're seeing when it makes the [ out eventually ] will start to be one more of the [ SIEM space because I think SIEM's ready for ] a good overhaul, sign that [ older tech without that here ] we keep doing data [ indeshion ] data aggregation and trying to [ release more normalized ] data, the time has come for products like XDR or [ star decus ] .

Got it. That's great that I mean you could leverage such a strong position in the firewall, right, with the fast-growing Cortex business, right, to basically make both of them increase the value of both of them together by cross-correlating alerts. Got it, got it. Maybe just to stay on XDR or Cortex a little bit. You've talked about managed detection and response or MDR here with Cortex. And it's a slightly different go-to-market, I think, than maybe like some of the other kind of NextGen endpoint providers there. Can you just talk about that go-to-market a little bit? And how it's different maybe than the other product families that you have?

Yes. I mean I think, Saket, what's going on is that the XDR product [ is an old content security product ] because it takes a lot of data across to us, a lot of lost there's a lot going on in the background, it actually gives you a lot more security [ app ] then it becomes more and more important for our customers to extract the full value of the product and its capability, it's important for us to participate in that journey with them. So [ it's a long ], we've created an offering where we will help manage that capability for them; i.e. we'll monitor their endpoints for them, give them this [ npr capability ] because that way they can pull that product or they [ use their own resources apply ] Just want to make sure our customers have an option of being assisted by Palo Alto for our best journey where they're outcome-focused just [ or e us ] the product that they have [Technical Difficulty] .

Got it. I'd love to maybe move on to some modeling questions here and just zoom out a little bit and talk about the 3-year model that you put out at Analyst Day, which was very helpful, by the way. And maybe just to recap a couple of the important metrics. I think the model that we put out calls for roughly 22% billings CAGR, roughly 35% free cash flow margin. And again, there are several other metrics, and you feel free to touch on the ones that you want to emphasize. But maybe from your perspective, Nikesh, what are a couple of the important assumptions in this model, right? I realize there's a lot that goes into a long-term model like that, right? But what are the important assumptions that are in there, where you feel like there could be some upside tension? And why?

So Saket, if you think about it, [ I made ] when we did our last model approximately [ 2 years ago ] and I was just reminiscing with a bunch of our team, saying last time when we did this, we had 4 risks in the model, maybe a 5th. What I meant by that point in time, we actually outlined a division in the industry and said the industry parts and to security. The industry needs a revamp in SASE, the industry needs a set of products that eventually [ we'll mark as a 6th ]. That was the vision. We had to build the products that the product market favors and build upon it because we're really [Technical Difficulty] to the past one. And there was sales risk. And then there was execution risk. Once you have sold it and you deployed. So we have 4 embedded risks in our last 3-year model, which we were able to effectively navigate the next [ iter ]. In this model we've laid out for you, first of all, [ organic/inorganic ] model the last time we have anticipated [ hypervisor ]. So we have an organic model, but we don't have a product [ so it's ] pretty much everything that's in our numbers is [ supplementary that we add to that for other ] So [ then I brought up ] market business because risk because we know that the products that we have out there SASE [ work with our product go ] Cortex is the outer core [Technical Difficulty]. So we don't have product market [ fitness ] the question is we sell. So, so far we've proven in the last year that, that has not been the risk of all of it where we've been able to take a product and package and go to market, sell that and we work hard on deployment. So from my perspective, this is a way more derisked model than we had 2 years ago. Already, you can see this is probably the highest amount of free cash flow [Technical Difficulty] [ we have ever geared as a public ] company and a very, very robust growth rate. So from my perspective, this is a good model. There is tremendous amounts of opportunity in the market. I guess the upside tension is continuing to an execution.

Got it. Very helpful and good context comparing to the other -- to the prior 3-year model that we put out there. I think you touched on something interesting that I feel like some investors have cared about as well from the Analyst Day, which was sort of a new take on capital allocation, thinking about the uses of free cash flow. And I think you touched on it there in your last answer, but maybe just for all of our benefits, how do you and the rest of the Board at Palo Alto kind of think about capital allocation sort of going forward, compared to maybe how it has been historically? Any thoughts there?

In my perspective, it's very clear the shareholders crossed [ the land and meet the bar ] on that and built [ us house in something ]. They don't want us to be investors, they don't want us to be taking excessive risk [ to build at some secure time ]. That's what we did. Last year we bought companies from the cap that we had because we believed those [ seek would ] create net prices, which are acceptable to us or we could really take those businesses and turn them into a [Technical Difficulty] [ tremendous value for us ] . And the majority of that was through our acquisition. So we actually already believe [ where we have added value ] for our shareholders by [ $2.5 million acquisition but we also will be growing set ] if you want and operate a cleaner model where a significant part of this business comes from [Technical Difficulty] [ a significant part of our services, majority matures all that ]. I said that at this point in time we kind of to my mind made up [Technical Difficulty] [ technical team finish ]. So there are less areas of opportunity in terms of being able to fill the gaps [ and operating capital for filling that part ]. I also believe [ in our market or fewer cybersecurity ] is private markets is [ our salvation ]. So I don't believe it's a fair use of shareholder capital from [ our part ] [Technical Difficulty]. So from my perspective, we're very comfortable where we are from an M&A perspective and there may be 1 depending on skill sets [ and what we have to acquire ]. I don't think right now [ is the time ]. So you will see us pay back [ our converts ] and see us, our [ standing ] stock buyback [ will be predicated ] based on the [ core sum ] very, very rational model of [ post ] capital [ outlay ].

Absolutely. I hate to hit you with this next topic, but I think it's one, obviously, that is top of mind, and that's on a popular topic around supply chain, right? And I think you've been clear in sort of saying like this is a temporary thing, right? But maybe just to level set all of us, can you remind us just what have been some of the actions that your team has kind of gone through to respond to these issues? And maybe give us some perspective on -- again, I mean you said 6 to 9 months. But why do you feel confident that this could be a short -- a relatively short-lived issue that hopefully we can put behind us in short order?

Saket, if you think about these prices, okay, for the second quarter purpose some of our competitors are [ there with that ]. But if you think about it 6 or 9 months ago, [ we pretty much set up ] the history to our old contracts as they were quite short [ how they would get the ] impact. The good news is the impact 6 to 9 months [ have landed hope we understand what the model is ]. So 6 to 9 months ago, you couldn't get a clear answer in terms of what you could get in terms of [ we were ships where that is ]. They're getting a little more comfortable and working on visibility [ thus more what would we possibly ] expect. Are we getting anything past [ that ] probably not. But at the same time, we are getting more visibility, we're getting more [ staying at ]. [ If I give you an idea ] we are 6 months out. I think the roughest part we are all going through to a tough position figuring out where the [ ships are going to come from, how much we need ] are kind of behind us. I think we're still going to have [ lots more stuff ] in the supply chain a safe so manage are we set. Now this will also develop supply chain. But again, the suppliers of chip manufacturers you're also in a [Technical Difficulty] trying to make sure we can land what we need to satisfy the demand out there from our customers. Again, [ in amount you have big ] we probably buy close to $100 million of chips a year. It's a very small [ segment actually ]. So we just need to find the right call for our need to be able to satisfy our customers [ all this will be an excuse ].

Got it. Makes a lot of sense. Nikesh, I have so many more questions, but I also want to be respectful of your time. Thank you so much for spending this time with us. Really enjoy just getting to talk about the business with you and just continuing to learn more. And what seems like a great opportunity over the next 3 years. So I look forward to seeing it unfold.

Thank you so much, Saket. Thank you very much for your support, appreciate it.

Absolutely. All right, folks. Have a good one. Bye now.