Palo Alto Networks, Inc. (PANW) Earnings Call Transcript & Summary

Thanks very much for joining us to our Tech -- Annual Tech Conference. We have a wonderful schedule for you for the next few days. We have over 540 registered investors. We have 135 companies. I just want to remind you, I'm going to start from the most important part. Make sure to join us today at 4:45 for the reception. It's going to be on the 32nd floor, the panoramic level. And if you -- the one-on-one meetings are on the second floor, third floor and 12th floor, if you have just what -- your schedule. And if you have any questions about your one-on-one schedule, just see the corporate desk -- corporate access desk one level below here. So with no further ado, I would like to welcome CEO, Nikesh Arora, of Palo Alto Networks. Thank you very much for joining us today.

Good morning, everyone. First of all, we have to wish him a happy birthday. It's his birthday today. Happy birthday, Tal.

At a certain age, you don't celebrate anymore, until you're 80 and then everyone celebrates for you.

That's good.

So Nikesh, thank you. Thanks very much for doing this. And I want to start from a vision question, a long-term question. The question for investors is how will Palo Alto look 5 years from now? How is it going to be different from now? What is the main stage when you sit down with big corporates that look at your road map and how the company is going to shape up? What's the message for your customers or where you want to be years from now?

Yes. First of all, thank you for having me, and good morning everyone, primarily. So if you look at the technology landscape, if you look at the cybersecurity subsector, one of the few subsectors of technology, which does not have a large player, A. B, our customers are still buying north of 20 to 30 products for cybersecurity. We're only like 6% to 10% of the budget of any company's IT spend. So to have to manage 20 or 30 vendors in 6% to 8% IT spend, is [ untenable ], which means a lot of the owners of integration, a lot of the owners of connecting all these things lies in the customer. And our view always is, why should there not be a much more integrated, amazing set of products that works for our customers, so they don't have to do all the integration themselves. 5 years ago, we were in 2 Magic Quadrants, which is enterprise geek speak for great products, top right, in Gartner, Forrester, as this morning, we're in '24, which means we have proven to the market that we can have great products in '24 different categories. And our view is that the customers should not have to stitch them together. We should deliver a stitched platform. And if you look historically, this is possibly where the age thing shows up. And I started my career at Fidelity Investments [ 20 ] years ago. We have 22 systems, which used to connect to 1 CRM system. I don't think they have 22 anymore. It's a thing called Salesforce, Oracle, Microsoft Dynamics does it for you. So if you look back and say, yes, 30 years, you go -- you had so many disparate systems, which are now one platform. You think about your HR systems, you used to have 15 of those, they're down to 1 Co-Workday. You look at your financial systems. I remember writing code in Hyperion, right? Now you have one financial systems platform. So it is feasible in the industry, it has proven that there are platforms that can be created, and our aspiration is to be the platform for security.

Got it. So just to put it in reference, what Nikesh just said, yesterday, we hosted the dinner and the Bank of America IT group was there, and they said that Bank of America budget is $11.7 billion, IT budget. And of that $1.2 billion is spent on cybersecurity. So certainly a major part of our investment annually. So...

So can you send them on?

I can maybe send the $1 billion. I'm not sure about the other 0.2 billion.

We'll take that.

You spoke now about platform, and you coined the phrase platformization and other companies said the same thing after that. What does it mean? With the word platform, what does it mean for Palo Alto?

So look, the word platform for us means that you don't have to stitch multiple products to derive the solution that you want. That allows you to have consistency, lower cost of ownership, much more efficient security operations that allows you to get the security outcomes you need. And we've gone from 24 products to effectively what you call 3 platforms, a network security platform that allows you to have every bit inspected across the infrastructure. You don't need anybody else's product, except for us in the category, a cloud security platform, which means when you are moving your applications to public cloud, Google, Amazon, Microsoft, Oracle, IBM, you could use one cloud security platform from us. And now with our new product XSIAM, a singular platform for SOC. So for us, that means, on average, each of these platforms consolidate anywhere from 7 to 12 vendors. So if you go down from 20 or 30 to 3 or maybe 4, we don't do identity, that's a good start.

Yes. And what are the benefits for the -- outside of complexity, reducing complexity, what are the benefits, financial benefits, maybe or what are the benefits for customers? Is there any technical benefits, meaning system efficacy, et cetra? Or is it just about prices? Just about [ bundling ] discounting?

No, it's not all about price and discounting. That's the whole -- let me give you 2 examples. One, when I started 6 years ago, I met one of these CIOs who had $1 billion budget in cybersecurity, and they proudly told me it was a bank and said, "we have 11 endpoint agents that run on our endpoints and on our laptops." So I came back and am being in the cybersecurity, I went to my Chief Product Officer, "Why would they have 11?" So what happens is, we deploy one, it collects a little bit of data, analyzes that data, delivers a security outcome. The next one does something else. The third one does MDM. Fourth one does EPP. Fifth one does EDR. All 3 letter acronyms, we do protect our jobs, so you don't understand them, don't worry about them. But you had 11 endpoints. The laptops will take 5 minutes to boot because there were 11 endpoints running on them. So I asked him, "Why couldn't one endpoint collect all the data, analyze all of it. Nobody's done it." So we went back and said, "why don't we have one agent that collects 200 megabytes of data, we analyze in the cloud and deliver the 10 security outcomes you want. Now that's a lower cost of ownership because it takes us a lot less money to serve that capability. So it's not about discounting or pricing. It is delivering the capability in a lot of lower cost because you're consolidating across 10 different times with 10 different rollouts are doing that. That's one part of it. I'll give you another example. Imagine you have those 10 endpoints running and you have other products running in their infrastructure, if something bad happens, all of us will find some variant or some version of that bad thing, right? So it's like having 20 sensors in the room and having one bad actor, and all 20 centers going -- 20 sensors going to 20 other products, it's like, "I am on something bad." And then the customer's job is to stitch those 20 pieces of information and say, "was that 1 bad thing or 2 or 3?" So give you an example, in our XSIAM product, we consolidate alerts across multiple vendors. Sometimes we consolidate 152 alerts to deliver 1 incident, which means the customer has to go respond to 152 different alerts instead of saying there was one security incident we had. So in the long term, it's impossible to do this manually stitch it yourself. Bad actors can get in and out of company's infrastructure in about 3 hours now. It used to be days now, 11 about 2 years ago, it's down to 3 hours. I can get in and out of the company, exfiltrate a terabyte of data in 3 hours. You have to be able to find me in there, stop me, stop exfiltrating data in 3 hours, you can't do it.

Got it. When you sell a platform, it's different than selling a point solution. So as you transform to a platform, what kind of changes do you have to make to your go-to-market and customer service organization?

Yes. Look, when you go from selling point solutions to a platform, you have to focus on 4,000, 5,000 customers and keep that relationship going that they like 1 product, they buy the next one, they buy the third one, they buy the fourth one. So we showed some statistics in our earnings call, about 51% of our top 5,000 customers have at least 2 platforms of Palo Alto and 13 have all 3. But that means you just landed. We haven't fully expanded all of them in those customer bases. We've discovered, any time we land with one platform and we fully expand to it, it takes our ARR from $200,000 to about $2 million. So we see a 10x improvement from landing and expanding into one platform. That goes to $14 million, if it's all 3 are there. I think it can go up to [ 70x ] depending on the size of the customer and what we can do. So we see the benefits of delivering more ARR revenue as very high, if we can actually go persist with the customer and actually expand footprint and deliver the platform. So that's a lot better than having to go sell many $200,000 deal. So conceptually, this is why about 9 months ago, we pivoted and said, "Look, let's go focus on the top 5,000 customers and try and drive platform across them." Having said that, our team is still landing in the next 57,000. There's 62,000 active customers at any point in time. They're still landing the other 57,000 customers, and then they get incorporated, we're trying to have a platform for them. So the only way we can go from, what are we, $3.8 billion in ARR to 15 to triple is to go triple the number of platforms you deployed.

And does it mean that you need to do more system integration now or team up with more system integrators because incorporating or deploying a platform is so much more complicated for our corporate.

Yes. It's less -- you're right. Look, the deploying of platform means that a company has to commit saying, I'm going to take out these 9 vendors, rip them out and put Palo Alto in there, which is complicated, which requires some degree of systems integration work. We have people who help -- but that is why the last 1 year, 1.5 years, we have been striking partnerships with the likes of Accenture, Deloitte, IBM, Infosys, Cognizant, all these others because they're becoming a bigger and bigger part of channel architecture in terms of deploying the solutions. So yes.

Got it. How does it work? So platformization by the way you answered, basically you discussed it platformization is mostly a market of large corporates at this point. So that means the smaller customers, et cetera, they continue to buy point solutions. That's the way to think about the market for -- in the near term?

No. Actually, what's interesting is more and more, if you see there are companies, which are also delivering that integrated capability at the low to mid-end of the market, and there's things like Arctic Wolf, Expel, ReliaQuest, all these companies have decided that those small customers cannot handle this multitude of products, and the complexity is they actually are delivering managed services at the low-to-medium end of the market. So economically, it's a lot more profitable for us to operate the customers who are willing to spend $10 million, $20 million, $30 million of TCV with us, then the $1 million TCV rang, but that's pure economics and math.

I want to maybe drill down a little bit to your success with next-generation security. So last quarter, you grew ARR by 47%. What are the components of this growth? What are the parts that are growing faster and where do you see more success or better demand, et cetera?

So if you break it down to 3 platform, looking at network security, 5 years ago, there was one player in something called SASE. And it was winner takes all the market at that point in time. In 5 years, I think we're the second largest player in SASE. Nobody expected that we'll be player in SASE. We do roughly about 40% to 50% of the business. We're the largest player in the market every quarter, give or take. So it's a fast growing field. What's fascinating for us is for the first time, our SASE customers are replacing other firewalls and bringing us back in to the build the platform. The good news is we can land at the firewall, hardware, we can land the firewall in the cloud, we can land with the SASE. It makes us the only player in the market, who has the full network security stack from hardware, software, cloud, firewall to SASE. Nobody else in the market does it. So the good news is the next question people ask me in platformization, who is your competitors? Well network security, if you want a platform, there's only one that can stitch them together. So there are fastest-growing pieces are SASE and software capabilities that stitch our firewalls in a network stack. Cloud security is a robust market, a little more competitive recently with some of the startups you're hosting here, but we're still approximately 50%, perhaps, larger than next player in the market in cloud security. This is where we integrate about 7 acquisitions put into to platform. You get one pane of glass, it's all stitched, one code base. And the last but not the least, our SOC platform, which is kind of the category where you're seeing an inflection point now, and I'll go back to that in a second, is XSIAM. We did $400 million of TCV in 15 months in that product. In the history of security, nobody's done $400 million with TCV in a brand new product that you've launched ever. So that's where we announced this quarter. We are buying IBM, securing our business, which is part of the same category, which should allow us to go work with them across thousands of [ curated ] our customers to be able to convert them into our product XSIAM.

So maybe I'll start with XSIAM. What does the acquisition give you? Why did you buy the assets from IBM?

Look, the biggest challenge you discover in platformization when you go to a customer saying, listen, I have something that works. I'm very nervous. If I take it down, it's not going to work. Whatever you put in there is not going to work. And the risk is that if I tell my other partner that they're going to be out, they walk away, and then I'm left in the middle with not being able to execute your platform and be sort of abandoned. The good news is, now, in both ends of the transaction, I already have the current install of QRadar. I am their new partner in XSIAM. I can manage this while I'm implementing this, and I can do a very smooth transition from their current infrastructure to mine. The good news is we bought the business, but we outsourced the business back to IBM, so they're running it. So nothing has changed for the customer. It's the same people, it's the same operations. The only difference is now we control the contracts when the deal closes, which means we can go to the customer and say your contract is Palo Alto, you our customer, run it as long as you want. We're going to work with you on the transition, we're going to make it seamless, and we can make the economic timelines match for you. So to us that's great. And I think it's public, we're paying half $0.5 billion. That's not a lot. People have paid billions of dollars to buy into that business.

So staying still with the smaller parts of your business? I'll just ask a question on Cortex before I go to the larger parts. Cortex, you mentioned previous quarter, I remember discussing with you and you said that now you feel that you are at par with standalone endpoint companies that have a platform. Talk about the Cortex success. What is the kind of deployment you're seeing? Kind of -- what is the kind of demand you're seeing from customers? Where can you fit yourself in the market?

So when we started in the XDR business, the endpoint security business, we were #14 out of 14. That was 3 years ago. This morning, Forrester released their Magic Quadrant, we are #2 from technical capability and competence perspective, the leadership quadrant after Microsoft, actually, surprisingly. So we have made technical progress in the last 3 years, going from #14 to #2 technically. And from scale and breadth perspective, we have north of 6000 customers. I think it's down to a 4-player market now. I think the other 10 are kind of gone or will be gone for the most part. And you can count them off in the 4. I think it becomes a 3-player market at some point in time, which is not bad. We're used to operating at 4% share in the security industry. If you can be a 3-player market, your share is likely more than 3%. So any category, I can have more than 3% share. I'm happy.

And what's the synergy between Cortex and the rest of the portfolio?

So look, 85% of the enterprise data is inspected either at the endpoint or in a firewall. 85%. So if you want to understand what's happening in a company, 85% of that is there. The rest is possibly in other point products and in the cloud. If I have access to 85% of the data, I can analyze it using machine learning models and deliver security outcomes as fast as I can. So that's the imperative or that's the rationale for us to be in that business. We already have 40% share in the firewall business. With reasonable large share in the endpoint business, we can actually become the security operations solution for our customers. This is why XSIAM does well for us because we have access to all this data.

I want to go back to Prisma Access and SASE. There's a lot of entrants, new entrants to the market, right. So we have Microsoft and all the other firewall companies. How do you -- what do you think is going to be -- or how will the market look like on 2 vectors. Number one is, will the other firewall companies be able to also sell on top of their firewall SASE, is it this is the main selling point? Or are there any other factors that can drive success? And second, when we talk with Fortinet or with Microsoft, they talk about a very low pricing level. So do you envision price erosion in the market?

That was going to be clear, but I won't be. It's too early in the morning. So let's start with SASE. First of all, SASE is a very large market. And the way to understand it is if you think about the 2 or 3 reasons going on, one, this whole cloud revolution, AI revolution forces half of a company traffic to go to public cloud now. If you thought you could stay away from public cloud, now with AI you have to go there because nobody can actually manage to run and host their models on-prem in their data centers. Those things are going to be way further along. So even the reluctant companies who didn't want to go to the cloud are storing the data in the public cloud to do AI. So it's possibly good for your friends and public cloud and the guys with the AI model. That understanding, which means fundamentally your network architecture has changed the company. Used to have a data center, all the traffic went there, you inspected and firewalled, it was contained. Now half of your traffic is sitting in some other part of the world, which is sitting on a public cloud or a SaaS application. So with that change in architecture, your network boundary and parameters have expanded. You have to do it the same way you did in the data center, you do it on the edges, which is what SASE does for you. Every store you walked down in Union Square, used to have a small modem and possibly when you went and gave your credit card, they sometimes hold the thing up in the air, trying to get signal because they won't be able to charge you. Now every store is talking about AR and VR in the stores, they want very high bandwidth in every store, they want to be able to show you the thing through visualization, which means you need a lot more technology in every store, every $5 Burger King store needs large tech stack. So which means that's going to create a huge deployment of SASE in other words. So still it's a big market, there are 2 players, I'd say, which have proven their SASE credentials almost every scenario, right? We have in it stores, we are in consulting companies. We're in the federal government, we're in manufacturing companies, we're in defense. So we're -- we have north of 4,000 customers deployed. We have north of 15 million endpoints at any point in time using our SASE product plus another 50 million on VPN product. So yes, are there 10 more players in the market? Yes, they are. Are you going to see price erosion? Possibly, but price erosion requires commoditization of the space and consistent quality products. That's not there yet. I'm not suggesting it's never going to be there. And the question is, can you stay one step ahead of everything. So our SASE product is the only product in the market now with enterprise browser integrated into it. We're going to launch AI capability -- AI access capability, so any AI app can be inspected using that. So we'll just stay on the innovation trend now, stay up there. It's not a trivial decision. The average SASE customers take about 6 to 9 months to make a decision and they run it through the ringer. So it's not like I have it, you can buy it from me. You have to actually run through the motion to make sure it works because it's not just a security product, they're actually outsourcing operations to somebody else, which is a different ballgame.

And when we spoke with you last quarter, they are trying to differentiate by saying we're going to eliminate the firewall. It's a zero trust, we're going to eliminate the firewall. This is -- that's where the market is going. Do you share the vision?

It's a good question for them. Look I don't know how you eliminate a data center firewall. How do you take 10 gigabits of throughput running at data center, if you're Visa or MasterCard, you're running transactions at such volume that you don't even want to go to a public cloud because public cloud has higher latency than a data center, what do you do with the data center firewall. Scared of it, how? How to get rid of a firewall as a public cloud? How to get rid of it, so I don't think it's an either/or scenario. I think there are different horses for different courses. We need high throughput, high bandwidth, hardware, the cheapest form factor in the world even today to do traffic inspection sitting in the data centers, you need software firewall sitting embedded in the public cloud. What do you do? When I've got application stocking in Google cloud for each of them, what you're going to do from there. You've got to have some inspection on the loop or you do it on AI models. So you will need -- fundamentally a firewall is the ability to inspect traffic, right? Whenever the traffic goes from point A to point B., if I can insert myself in, I can see what's happening, what's coming from where? Where is it going? Is there bad stuff in the middle. That activity will still be alive forever because volume is growing 2 to 4x every year. If you say the volume of traffic in the world goes up 2 to 4x every year, the active inspection is needed for every bit of traffic, that's what security is about, now which form factor is done depends on your deployment, whether it's done using an SD-WAN box with software in the cloud or it's done in a firewall. It just depends on what becomes steeper to inspect. If you talk to Fortinet, they're deploying SASE and firewalls. If you talk to Cisco they're doing the same thing in all the boxes. So I think that's a bit of a competitive comment.

And is there a synergy between your firewall revenues or firewall cell and your SASE cell? Is that...

Yes, 100%. The synergies is that, look, once you -- there are 2 parts. One is, you want to get in the traffic flow, number one. We get into SASE flow by putting a firewall or putting a SASE endpoint in your laptop. Two, you have to be able to inspect and stop bad things, right? And three is, if you find something suspicious, you have to go analyze that data and give a signal that there is something going on though SASE. Now you want to do it consistently with every bit of traffic. You can't say for this bit of traffic, I'm using vendor X, for this I am using vendor Y, for this I am using vendor Z. Let us all try and figure out all this bad stuff together because you want to run consistently same way. So our benefit is we're on the same analytics across any form factor. You buy our firewall, you have the same analytics, you buy our SASE with same analytics, you've the same data governance and the security policies. So that's the benefit of having it, that's the whole of optimization.

I want to switch maybe to Prisma Cloud, another big opportunity for you. You and I had here a discussion 2 years ago, and there are a lot of start-ups in the space. And if you look at the market today and most of these startups are having difficulties -- serious difficulties rounding down or valuation going down in rounds and the question is, how will the market look like in your point of view, like 5 years from now? We know it's going to be a giant market. It's going to be a big market because that's where applications are going. But from a player's point of view, how will the market look like? Will you have the same competitors you're having today? Or do you envision entry of other players to the market?

So what's fascinating is in security, you discover there are 2 very large categories of products. Let's call -- one is called hygiene, the other called real-time protection. Hygiene is setting the configuration signal, something stupid, somebody left a door open, somebody left window open, you check the configuration to make sure nobody has left anything unconfigured or badly configured. Real-time protection is when you see bad things, you can stop them in production from doing bad things to your enterprise infrastructure, right? Which is typically what happens with XDR endpoints or firewalls or in the SOC. You stop bad things from happening. The cloud security industry has been heavily biased towards the hygiene factors. If you look historically, there have been companies that have come and gone, we had Dome9, they got bought up by one of the vendors, there was DV Cloud, there's Aqua, Orca is here, there's a whole bunch of companies. So what happens over time, the companies have come and gone, and we've discovered many of the larger players have started creating cloud capability in the market, which is fine, which is what part of the growth is going to happen. But I think the bogey ships to the real-time protection parts more and more as opposed to the hygiene part. So hygiene parts are commoditized because all you do in hygiene is you're basically taking APIs from Google, Microsoft Amazon, Oracle, IBM and saying, "Here's all the configuration data, let me go give you a way to make sense of it." Hygiene is cheap to do. So the price -- there's always pricing pressure on the hygiene part. It's a good start because people are still configuring. But as you go into production, you have to start doing real-time protection in production, but the industry moves there were, again, that is where we're putting our bet on XSIAM in the cloud, for the cloud. So we've built cloud security capabilities on XSIAM capability. We think over time, the enterprise converges the enterprise security and cloud security into 1 pane of glass and SOC.

You mentioned you made 7 acquisitions. How streamlined -- no, within -- yes, within Prisma Cloud. How streamlined is the solution? Have you managed to integrate all these 7 acquisitions into a unified experience for customers, et cetera?

Yes. I think we did that in the first instance, we could have done a better job. We relaunched it by doing a better job. So our volumes grow 30% to 40% a year based on our customers' cloud data that we have to inspect but because of the competitive nature of the industry there's been tremendous pricing pressure, which I expect on the hygiene side. You'll see the bogey shift towards the production side. So the market hasn't grown at the same rate as the volume has grown because of pricing pressure and competitive behavior. But I think the long term is going to be great.

How -- the same question I asked you about Prisma Access, how synergistic is Prisma Cloud to rest of the business?

Look, at the SOC or take endpoint, right? You have this product called XDR. It's basically a detection response agent that sits on your endpoints. The same agent now sits against cloud workloads or cloud VM, in the cloud host, right? So you don't need 2 different agents that are doing detection and response for different parts of your infrastructure. The synergies is there. Our XDR again works both for cloud security and for enterprise security, right? We ingest the data into our SOC and XSIAM, we're going to have 2 different XSIAM, we're going to have 2 different SOC management tools, one for enterprise and firewalls, one for the cloud. They all go to the same place. So it's very hard over time. The customer doesn't want 2 different installations saying, "Oh, this is my cloud traffic, this is my on-prem traffic." Because eventually, many of these applications talk to each other. There's a lot of the legacy systems that are still sitting on-prem. If you have a beautiful mobile banking app, it still has to go touch an on-prem data center or some legacy data that's sitting in your infrastructure, you need to be able to inspect that application across both infrastructure.

Firewalls. So the market went through -- the market itself went through a period of elevated demand and then a period of absorption, talk about the outlook for firewall -- overall firewall growth, and we spoke a little bit about it. But -- is there a different environment going forward? And forget the last 3 years, it was different, unique. But if you look at the 3 years prior to that in the next 3 years or the next 4 years, do you see different environments? Or is it going to go back to what we've seen before?

So Tal, as you will appreciate, I've been very consistent that the underlying firewall market grows at 5% to 8%, and sometimes it grows 0% to 5% and sometimes it grows 5% to 8%. There are all kinds of extraneous factors like supply chain issues, pandemic, or price increases because of supply chain that happened. All those are getting normalized and our discovering that the underlying growth is still 0% to 8%, sometimes closer to 0, sometimes closer to 8%. I don't think that trend changes. The confounding factor, as you know, is as the migration of the cloud happens, it puts a damper on hardware, and you should see the benefit of the software. So our software firewalls grow 3x the space than our hardware firewall because we've seen more volume in the cloud than we're seeing in hardware. I think the industry grows at still at 0% to 5%. I think the question is, how many vendors are selling as much software firewalls as they're selling hardware firewalls, the traffic is growing. The volume is growing, the pricing pressure is not there. It's like firewalls are adequately priced, and there's -- it's not like that it is competitive that people will go with the firewall because of the price. So get the firewalls because of existing installed base because of competence capability and comfort of the customers for that capability. So I think that market goes in the 0% to 5% range. I don't think it changes. I think the individual companies in the market, it depends on who's taking share from who because there are still some donors in this market, which we appreciate. And some of the other players get more share. But I think it's a steady business. The value we see is once you have a firewall, what else can you do? So we've launched IoT, we've launched advanced DNS recently, advanced WildFire. So we have more advanced capability to sit on firewall because once I'm in the infrastructure, the customer shouldn't have to deploy more sensors to do more things. The rest is all software. So the hardware acts as a control point and a sensor and enforcement point I should do a lot more software capabilities that sit on the hardware. To give you an example, every company is now, on average, 20% of their employees are using AI. Some AI app. The AI app is very tempting to say, take your beautiful marketing blog, upload it, and I'll show you how to do a better job as an LLM, right, which means, approximately twice the people are experimenting within the companies. Now you've got to inspect that to make sure they're not sending corporate data or proprietary data into some public LLM and training it because that's a bad thing. Now you have 2 choices, you go to a new startup and will say, let me get in the middle of that traffic flow, so I can expect it. And I'll say, well, I already have a SASE flow in there. Let me just create that capability of inspection, which means I can go sell another 20% revenue to each of my customers without deploying any new hardware or any piece of software. So I think 5 years ago, the security industry is very orderly. Everybody played in their swim lane and they didn't mess with the other guys. We did our firewalls and somebody did the endpoint, somebody did the identity. I think we unleashed security in the market where we're saying, look, you can play in other swim lanes and now you're seeing a lot more cybersecurity companies who want to be in other swim lanes compared to the one they started with.

Financials, you and I spoke about billings versus bookings. And for the right reasons, you say focus on bookings. That's an important part. What -- talk about both ends. What do you see in the market in terms of bookings? And what do you say to investors on the billing side?

So I think I'm going to keep saying this until somebody believes me. I think billings is a broken metric. And I think for all of you who are very astute investors, you know the differences. But I can't hide my bookings. Bookings is when I go sell an amount of business to a customer, and there's a duration of that deal. If it's 1 year, 2 year, 3 years, 4 or 5 years, customers like commit to paying you $10 million a year, in 5 years you get $50 million of bookings, this shows up on the RPO. This business is services I have to deliver, they have made a commitment, it's contractually agreed. If the customer says, bill me every year, my billings are $10 million. The customer says bill me for 2 years now and the other 3 years is going to happen, it's billings $20 million. If I tell the customer, why don't I lend you money and you pay it back to me, and my billing is $50 million. We lend them $50 million and I got $50 million. So billing is the metric that really depends on when the customer should be invoiced for the services. We've lived in benign interest season environment for a very long time, 15 years, the customers didn't care. They're like, great, do you want the money upfront, what discounting would it give me. Well, you're only making 25 basis points there for 3 years, I'll give you 3% off. You give me the money now, so great, 3% upfront is better than 25 basis points a year, I give you 3%. Now they want a 20% discount because their cost of capital is 6% to 7% a year, if you're lucky. So nobody wants to me, if you ever tried to go like -- would you want to pay your Netflix subscription upfront for the next 5 years? No. So the world has changed. I don't think going back to 25 basis points anytime soon, you guys know better. I don't, but I haven't seen it yet. So the conversation in the payment side is different, which means billings is a number I'm trying to manage on a constant basis. The number I cannot hide from is RPO and bookings. I can't hide from that number. No company can. So any company and you start looking at billings and companies like, you got to watch out what the RPOs of the billings are, it is kind of where it is. And we spend way too much time in trying to go into a customer, we did $150 million a customer. Hey, do you want borrow $150, what for? so you can pay me upfront, really, that sounds like a silly idea. Try going to do a CFO saying, please borrow $150 from me, I'll give it to you, you sign a promissory note and you can buy my services. It's a long and a tough conversation and unnecessary because all that does is, it doesn't change my business. It just moves $150 from RPO to billings. You want me to spend time doing that? Great. That's a bad idea for investors who want me to be doing that.

Maybe I'll talk here with my line of questions, I have a few more, but I want to leave enough room for questions from the audience, is there any question in the audience? Anyone wants to ask a question, just raise your hand? We should have a microphone going around.

They're saving them for the one-on-ones.

Yes. Too shy in the morning, how do you define -- you mentioned this last quarter, 65 platformization deals. How do you define a platformization deal?

Sell my network security stack and I have 80% penetration in the customers, it is a platformization deal, you buy some of my cloud stack, they're using me for multiple modules, it is a platformization deal, it's a minimum threshold of $1 million at least, it is a platformization deal. It's just a metric. Remember, I said I've got 900 platform deals done. When we do triple my business, I need to get a 2,500, 3,500 in the next 5 years to triple the business. And this is just a way to keep track. If I'm showing 65, you do the math. I need about 70 a quarter on average, give or take, in the next 5 years to get to my number. So if I'm too far off the 65 recorded then you are not at pace to get to triple my business.

Another thing that we discussed before was the Federal segment, you derisked your guidance and you removed federal contribution. What is -- first of all, what are the current trends in federal. And how do you see it playing out the next few quarters, few years?

Federal is very interesting. They spend a lot of money in cybersecurity, approximately $18 billion to $20 billion a year, but it's a 75% services business, a lot more of that is services -- professional services, people do some very tough and specific things. Half of the Federal government is air gapped, they don't want your cloud processing any of the federal data. So it puts you in a very interesting situation. What happened to us, we had worked very hard for about 1.5 years or 2 to get into the pole position, which we did on selling SASE across the entire missions in the government, in a project called Thunderdome. And we discovered that eventually got fragmented and everybody can make their own decision. So it was a strategy that they had, which got fragmented and we kept waiting, we kept trying to sell this. So that's going to happen more organically than as onetime. So we just put that out of our forecast because we don't want to rely on it, large numbers tracking our forecast, which we don't know the third tier. And it's still a robust business a large single-digit percent of our business comes from the federal government on a regular basis. So it's not like it's a bad segment to be in, it's just there is no big, lumpy deal.

Got it. Another thing you spoke last quarter was $150 million deal in the health care space. Can you provide details? I mean this is a giant contract. Can you provide details on what are you doing for the customer? How did it start? And what did you replace? So just a little bit of details on your participation.

Well, nothing focuses the mind of a technology team more than a bad cybersecurity incident, right? It's very hard for them to ignore it. And unfortunately, one of our customers ended up in that situation. We have a team called Unit 42, which goes in and doesn't sit in response. They were commandeered, they went there, and the difference between what we do and what most other people do is we just don't fix -- tell you what happened from a security breach perspective, we actually can go implement the solution for you, unlike most people. And given our expansive platform, approach, we can cover 75% to 80% of the stack and replace everything in short order because everything is stitched and worked. So we were able to see eye to eye with the customer. Our team pretty much lived there for 3 months, rebuilt the connectivity with the tens of thousands of pharmacies in the United States so that -- and every pharmacy wanted a net new clean connection. So the underpinning of that is SASE, so Palo Alto Prisma Access now connects a lot of those pharmacies. They are protected by endpoint in our SOC platform and our cloud capability. So across the board, is public knowledge that we are currently working on the next health care act that is going on in the market. It's not as big as the last one. So we just won't put any numbers into forecast.

Great. My last question is just on margins. Margins were strong last quarter, up to 100 basis points. What's the outlook?

I think if you step back and think our forecast is to get close to $8 billion of revenue this year, which still makes us the largest independent cybersecurity business of $8 billion. I think we're beginning to hit scale economics from a cybersecurity industry perspective, which is good for us. If you think about the P&L, most R&D costs are between 12% to 16% for a company. Most G&A costs are 4% to 6% if you're -- unless you're Broadcom which is a lot cheaper, but that's a different story. Majority of your cost outside and your gross margin is cost of sales and marketing and customer support, it ranges anywhere from 40% to 70% depending on size of the company. That's where scale matters. And that's where larger deals per customer matter. Because if I can do $10 million instead of $1 million deals, I have to still need the same amount of reps to do $10 million deals that I need to do $1 million deals. So I think the entire platformization approach, the entire approach towards being a larger presence in our customers is margin accretive in the long term. And I've heard rumors that people expect AI is going to deliver even more savings in the future. So I'm looking forward to those. We've tried a few experiments. We see some benefits. I think it's going to take a little longer than most people think. But it will come. It's not -- there are clear productivity instances you can see. It does require a change of behavior. It won't be like you can take these 500 people and have them go away. It will be all of us who will get 30% or 40% more efficient. The question is how do we manage that as organizations, how do we take that 30%, 40% more productivity out of each individual and turn that into economic value. But I think the prognosis is the margins should continue to see positive benefit over the next few years, both from a scale perspective, cost of goods perspective and from the cost of sales and marketing perspective.

Great. Nikesh, thank you very much.

Thank you for having me.