Good day, everyone, and welcome to today's Palo Alto Networks Conference Call. After comments by management, we will go directly to question and answer. As a reminder, this conference call is being recorded. At this time, I would like to turn the call over to Kelsey Turcotte from Palo Alto Networks. Please go ahead.
Thank you for joining us on today's conference call and can be accessed on the Investors section of the Palo Alto Networks website at investors. Paloaltonetworks.com. With me on today's call are Mark McLaughlin, Palo Alto Networks' Chairman, President and Chief Executive Officer and Stefan Thomason, Chief Financial Officer. This morning, Palo Alto Networks issued a press release discussing the acquisition. If you would like a copy of the release, you can access it online at the company's website.
We would like to remind you that during the course of this conference call, Palo Alto Networks Management will make forward looking statements, including statements Regarding our expectations regarding the acquisition, the confirmation of the acquisition, the integration of Cybera with Palo Alto Networks and synergies between the two companies, our competitive positioning, expectations regarding future investments and revenue growth and Fiscal Third Quarter Financial Performance. These forward looking statements involve a number of risks and uncertainties, Some of which are beyond our control, which cause actual results to differ materially from those anticipated by these statements. These forward looking statements apply as of today and you should not rely on them as representing our views in the future. And we undertake no obligation to update these statements after this call. Before I turn the call over to Mark, I want to remind you The registration for Ignite Investor Track running from March 31st to April 1st is still open and we encourage you to attend.
If you would like to register, please email me at kturkottpaloaltonetworks.com. For those of you who cannot attend in person, there will be a webcast available at investors. Paloaltonetworks.com For the portion that will be conducted from 1 p. M. Pacific Time to 4 p.
M. Pacific Time on Monday, March 31st. And with that, I'd like to introduce Mark.
Thank you, Kelsey, and thank you everyone for joining us today on such short notice. We're very excited to announce that we have entered into a definitive agreement to acquire privately held Cyvera for approximately $200,000,000 in transaction value, Comprised of approximately $112,000,000 in stock $88,000,000 in cash. The transaction was approved by both Boards We view today's announcement as a strategically compelling combination that again disrupts the security market And opens up significant incremental market opportunity for us. Civera provides a highly innovative endpoint threat prevention solution that's unique in the market. It protects enterprises from security breaches by blocking attacks on the endpoint at the critical exploit phase through advanced detection and prevention techniques Today's announcement also marks a significant step for us in the continued evolution of our next generation Enterprise security platform and our ever increasing leadership position in the market.
With the pending acquisition of Civera, we are once again changing the cybersecurity landscape By creating a unique and comprehensive enterprise security platform spanning networks, endpoints and the cloud. As a result, we are expanding our total addressable market in a large and growing $4,000,000,000 endpoint market with a 5th SaaS based offering. We see significant synergy to cross sell Civera to our existing base of customers. Our next generation security platform performs 3 security functions: Understanding traffic and controlling it, detecting and preventing known attacks and collecting information for our next generation threat cloud on any devices across any network and we've been doing this for several years now with great results. The acquisition of Cybera will extend our next Generation security platform to the endpoint with a very innovative approach to preventing both known and unknown attacks.
By blocking the attack at the exploit phase, Civera essentially disables the tools that attackers require Without needing prior knowledge of the attack itself, the result is technology that successfully prevents 0 day attacks The next generation threat cloud is able to detect more attacks, provide more intelligence and quickly prevent newly discovered attacks. The combination of our next generation firewall, our next generation threat cloud and Cybera's next generation endpoint security technologies In a single highly integrated and automated enterprise security platform, we'll be a first for the industry and provide significant value to customers in the cybersecurity battle. The level of innovation at Cybera is amazing and a great cultural fit for us as a technology driven company. What Cybera is doing in the enterprise endpoint space is akin to what Nir and the team did in the traditional network security space. In both cases, the Q1 of 2019, Palo Alto Networks has disrupted the $11,000,000,000 network security market with a next generation approach that has fundamentally changed the way enterprises think about security, While the competition tries to cobble together legacy technologies in an attempt to catch up, the endpoint security market today is similar.
The legacy technologies were designed for a different time and have not kept up with the rapid threat landscape. Just like the legacy firewall space, You cannot build on the legacy platform and win this battle. With the acquisition of Civera, we'll be taking a fundamentally different approach The acquisition will bring us a unique endpoint based solution and an amazingly talented team, which will allow us to immediately target the adjacent Enterprise endpoint security market, which is $4,000,000,000 today and growing to close to $5,000,000,000 in the next few years. We see significant go to market opportunities as Sivera is highly synergistic with the needs of our existing customer base and offers a compelling growing global distribution capabilities and partners to sell the Savara offerings into our existing and fast growing 16,000 plus customer base. With this combination, we'll be able to compete in a very large $15,000,000,000 plus addressable market today that is growing to close to $20,000,000,000 in a few years And we'll do so with an unparalleled technical advantage.
Before I turn the call over to Stefan, I'd like to welcome the Savara team to Palo Alto Networks. Enterprise security platform that spans network, endpoint and the cloud. Now I'll turn the call over to Stefan and look forward to seeing many of you do our Ignite Investor Track On March 31. Stefan?
Thank you, Mark. I'd also like to welcome Cybera and thank the Palo Alto Networks team. Both have worked very hard to bring our vision to reality. Cyvera, which has raised 2 rounds of early stage venture capital, Tel Aviv to tap into a vibrant market of professionals in the security industry. Looking at the revenue and gross margin models, Sivera has a subscription offering, which further enhances our hybrid SaaS revenue model and will add to the services portion of our revenue stream.
Over time, gross margin for Savera should approach software type gross margins. While the Savera technology is As a result, we expect minimal billings and revenue contribution for the balance of fiscal 2014 with billings and revenue ramping into the back half of fiscal 2015. Given the subscription nature of the business, we expect billings and free cash flow to ramp ahead of revenue with meaningful revenue contributions in fiscal 2016. Prior to the acquisition, Civera's investments were heavily focused on R and D. Because of the technical leap forward they've pioneered versus other endpoint solutions in the market, we're going to continue to make the necessary investments in R and D to extend our lead.
Additionally, we'll build out the customer support in sales and marketing organizations to address the incremental $4,000,000,000 plus of market opportunity. Our plan is to build out a specialized sales organization to focus on the endpoint market and implement a marketing plan that broadly increases awareness. The preliminary estimates of the operating expense for our P and L associated with these investments are approximately $1,500,000 Q3 'fourteen, dollars 3,500,000 for Q4 'fourteen and $25,000,000 for FY 'fifteen. We anticipate being free cash flow positive for Cybera in the first half of fiscal twenty sixteen. After we close transaction, we'll refine the assumptions and provide updates at that time.
We look forward to discussing all this further During the investor track of our Ignite conference on March 31, Las Vegas. We'd now like to turn the call over to the operator to take questions.
And your first question comes from the line of Michael Tarratz with Raymond James. Please proceed sir. Your line is open.
Hey guys. Technology question first. There have been some other endpoint solutions that have been acquired, Mark, including Mandy, by FireEye and there are some other independent ones out there. Maybe you guys could take some time to differentiate a little bit How you guys approach the endpoint versus some of the competitors?
Sure. Hey, Michael, it's Mark. Good morning. So on the endpoint There's a number of features and functionalities to have a complete endpoint solution. The one that we believe is the most important because it prevents in the first place is exploit prevention.
And what Xivera is doing is based on a deep understanding of the exploit Techniques themselves to get the exploit in the first place. So it's preventative as opposed to detection. Most everybody else is doing Detection capabilities or forensics like the attack has occurred and then trying to figure out what happened after you're going to chalk the body instead of stopping the crime in the first place. That's a high level concept of the difference. And Nir is sitting here with me, so if he wants to add something.
Yes, sure, of course.
So You're right. There are many endpoint solutions in the market. And by the way, we look at all of them. And, Cyvera by far stood out. And the reason for that is that there are really Several things are going on, on the endpoint.
Some of the companies you mentioned, as Mark said, what they do is they collect information from the endpoint, Send it to a central location and then if you find out that you had a problem, I. E. Your score score ended up in some other Then you hire an army of incident response people that use that information to figure out how you got hacked. Other approaches in the market include the AV approaches, which is look for each and every individual piece of malware using signatures. And there are hundreds of thousands of new ones every week, many millions every year that you have to chase and For sure, you're going to miss many of them.
Other projects in the market include host based intrusion detection and different kinds of them, old ones, new ones. The problem with them is that they're still chasing 1,000 and 1,000 and 1,000 of new vulnerabilities that are found every year and miss a lot of them. The Civera approach stood out very different. We tested it with a lot of different malware, even the most sophisticated one that we have collected Throughout the years and they just detect everything. And essentially what they do is they go after the toolkit that the exploit riders use In order to exploit the vulnerabilities, it turns out that that toolkit is limited to about 20 different techniques.
And what Civera does is, it basically blocks the bad guys from being able to use those techniques. And it just works. Again, it works for each and every Sample, each and every sophisticated piece of malware we have detected over the last few years.
And any particular way that this will be integrated with the existing Technology platform? Yes. Obviously, you're going to feed feedback up to the cloud, but does it leverage the platform in other ways?
Yes. So just think of it in the slide deck there, you saw Michael sort of a triangle concept that this will be the only really integrated and automated Our ThreatCloud, which is basically analyzing information from the endpoint and analyzing information from the network itself. So
Your next question comes from the line of Raimo Lenschow with Barclays. Please proceed. Your line is open.
Hey, thanks. Congratulations. Sounds like a very interesting deal.
Hi, Trevor.
Can you just two quick questions from me. So first, If I look at the current offering, will the client still need an endpoint solution like a legacy one and you just do the more advanced stuff at least for now? And then I guess later on you And then just a quick question. How does the pricing licensing model work? So you mentioned subscription.
Is it per endpoint, how do I have to think about it? Thank you.
Yes, sure. So, Raimo, good morning. Yes, so on the big picture of At the endpoint, many, many, many companies have legacy solutions in the endpoint because those technologies are doing a lot of different end the point of features and functionality, so this technology is very, very focused in the advanced threat space and that's where the legacy It can be complementary to legacy technologies and run side by side with those things. And over time, we can evolve it if we choose to do that from a Roadmap perspective, so that's the way to think about it right now. And on the model, I'll let Stefan to address that.
For the pricing and licensing, it'll be some convention around a license per endpoint. We'll get into more specifics of that during our Investor Day at Ignite. And also we need to get through the transaction and actually close it out, but it will be some convention around endpoint pricing.
And that pricing that would be recognized as a SaaS based offering.
Okay. Perfect. Okay. Thanks.
Your next question comes from the line of Keith Weiss with Morgan Stanley. Please proceed. Your line is open.
Thanks, Wanda. Thank you guys for taking the question. It looks like a very interesting acquisition. First question, do you guys have any customers that are running both your technologies and the SIBERA Technologies today? And if so, can you walk us through how they're using the 2 technologies together today?
So, hey, Keith, good morning. There is excuse me. So, Cybera has a handful of customers today. Good feedback on that are running both of our technologies. They're not integrated obviously yet in this customer base, but they like both of them.
We've already got a lot of early indication from some customers that we've given some confidential previews to that very much like The CIVERA technology is what it does and can definitely understand the power of integrating it to Wildfire and to the next generation platform. So the early interest is very high.
Yes. So this is Nir. As Mark said, we have a few customers that are joint customers. And The way the products work today, they're relatively separate. Although there is a way to forward information from wildfire to Cyvera For Cyvera to use in order to detect legacy attacks on the endpoint.
You see there are 2 there are really 2 ways to get an end user endpoint today. The legacy way, which is send them a piece of malware and hope that they install it, right? Take areas and install it and there are other ways to hack into it or to exploit the vulnerability. Cyvera is focused more on the latter, which is really the way all the APTs work, which is vulnerability on the endpoints, take it over and then do whatever you want we did and with the network. And with the information that Cevera can get from wildfire, they can also handle the former, which is make sure that the hospitals don't get on the endpoint.
This is in testing. Some customers got a preview of it and the feedback was really, really good, which is part of why we think, Cevira is the right solution for us.
Excellent. And then one for Stephane, in terms of how we should be thinking about the OpEx impact for FY 'fifteen, I think you said $25,000,000 in OpEx. From a free cash flow perspective, could you give us some kind of sense of what FY 2015 free cash flow impact should be like?
Well, OpEx is going to be ramping up throughout FY 2015. Free cash flow, we don't anticipate The Sivera acquisition turned positive for free cash flow until the first half of FY twenty sixteen. And mainly that's due to the The incremental build out that we're taking a very early stage company, making the necessary investments in not only R and D, but more specifically into customer support, sales and marketing to really build out that presence, we're going to be building an overlay sales force or specialized sales force To sell the Endpoint technology. So from a free cash flow standpoint, it will be positive in the first half of FY twenty sixteen. That's what we're anticipating right now.
Most of that expense, Keith, will go into the go to market capability since the technology is built and already But we think that's a worthwhile exercise since there's, like I said, a $4,000,000,000 enterprise endpoint
Your next question comes from the line of Phil Winslow with Credit Suisse. Please proceed. Your line is open.
Hi. Thanks guys and good morning. Just have a question I guess for both Nir and Mark Sort of from a historical perspective to now, in the past we've seen some endpoint companies trying to go into network security market kind of unsuccessfully. More recently though we've seen some network security companies trying to move in an endpoint. I guess what do you think has changed from I guess a technology perspective or from The buyer's perspective that makes sort of a joint endpoint network offering more attractive and sort of why you think that the network security vendors are going to Successful now moving into the endpoint.
Thanks.
Yes. Hey, Phil. Good morning. Yes, a few things there. The first is that the most importantly is that The advent of the advanced persistent threats is really what's driving this because you could have in the past a network market, Companies to think about the network as one thing, not just network over here and endpoint guys over here.
But more and more when they use the term network, it includes Endpoints because the threats can come in through the endpoint and get to the network, come to the network, get to the endpoint. So it's a common understanding now of what the network Actually means and then because of that folks like us who have very deep technical understanding of the advanced threat market Technically qualified in order to take on both of those challenges. Just that's a technical intellectual sort of statement from an understanding perspective. And then the third part is making sure that you can actually get it out there from a customer perspective, right. So that's Challenge where you have to get deployed out on the endpoints as well.
But I think companies and customers over the last 18 months when we really, really started to dig into this market Have shown an understanding and the desire to do that because the legacy technologies just are Really not keeping up here. So this reminds me a heck of a lot of the firewall market a number of years ago, where you had a new challenge out there that the I can see providers are just not quick enough in order to get in front of mostly because they're running large installed businesses and they're kind Not innovating where they need to innovate and that opens up a disruptive capability in a really large market and that's what we intend to exploit.
To integrate network security and endpoint security in such a way that it actually provides value to the customer. I think that the use of cloud based technologies, Our next generation threat cloud, which today processes a lot of information. Today's processes, It runs a lot of files, documents, executables from our customers in sandboxes. It provides URL categorization, which Machine Learning to automatically categorize websites. It's looking at a lot of DNS traffic coming from customers to find a lot of bad domains that were not known before.
And I think that the ability to take endpoint information and plug it into that cloud and then in return generate information that's useful for both the network And also as Mark said, I think that the big endpoint security vendors have been sleeping for quite a while. And when we saw Civera last when we met Civera last year and started talking to them, it became apparent They're going to do to the endpoint security market what we did to the network security market in pretty much the same way and it only made sense combine the 2 and go after the entire enterprise security markets together.
Great. Thanks guys.
Thanks, Phil. Your next question comes from the line of Walter Pritchard with Citigroup. Please proceed. Your line is open.
Thank you. Just relative to the go to market investments that you talked about on the call here, can you talk about How you take this to market? Is it a separate sales force? And I think just referring to what Phil talked about in the past, we've seen a number of network companies Good to this market. It feels like the issue has been a separate buyer and I know my firm is a separate buyer.
Just trying to understand What you have to do differently from a go to market perspective? Why do you think your chances are better given it may be a separate buyer you're going into? Did you guys catch that question?
Can you hold on for one second? I think the main speaker line dropped. This is Kelsey.
Hey, Kelsey.
Sorry. Just hold on a second please.
Hi, Kelsey. We are back. I apologize everybody for that. I'm not sure what happened there with the conference line. I'll just pick up where we left off.
Walter, you had a question about the go to market motion, so that's where I was I think I got cut off, so I'll just pick up there. As I was saying yes, sorry about that. As I was saying, we're very cognizant of the challenges in getting endpoints out on to the getting another agent out on to the endpoints And we thought a lot about that. And I think you're right that historically there's challenges with different buyers around that. I think what we're seeing that gives us Confidence that we're going to get this right is the first thing is the idea of advanced threats being thought of as companies, as I said, for the entire network, Which includes endpoints before.
So while there is in fact traditionally different buyers from network security and endpoint enterprise security, When we spent time in the last year really digging into this, what we have found is that as either those people are talking to each other Or more likely not higher level like the CIO, CTO or CISO level, they're thinking of the entire network and are making decisions About endpoint security in light of the network side and network side in light of the endpoint side. So there's I think there's a common understanding of what the network means in the future. It's being driven to C level and our early feedback when we went out and talked to a number of our confidentially, that's what we got back. It was the CISO or the CIO saying, yes, we're very interested in this and we understand how this works together. Now that aside, there is a different motion there on getting something deployed at the endpoint.
So what we're going to do is create an overlay, as Stephan said, Sales team that are specialists on the endpoint side, it will take us some time to build that out in order to be able to speak the right language to the Again, firewall, that combination that really makes it rock and the C level folks that we've spoken with, I think, get that And understand that. We think that's what's going to happen. And then the last point is, we've been pretty successful so far with wildfire. And from A need perspective into the APT space and what we found is that overlay team working with our 100 and 100 and 100 of folks in the field Has been able to have the right architectural conversations because they know what they're talking about, about APT. So the account folks are getting the overlay team Into the architectural meeting, the overlay team is able to have the architectural strategy conversation with folks and then the account team is able to fill those In the future, the C level folks will think about endpoints as part of the network, not as a separate thing.
Great. Thank you.
Thanks, Walter.
Your next question comes from the line of Aaron Swartz with Jefferies. Please proceed. Your line is open.
Good morning. Thank you. Maybe sort of a continuation or follow-up from the last question. But if we talk to enterprise customers For years, they've been putting a lot of price pressure on the traditional endpoint vendors in instances of where companies even go for free Solutions are sort of the lowest common denominator pricing for these legacy type antivirus solutions on the endpoint. And I guess, Mark, in your work and sort of Talking to the CISO or talking about this common approach, how do you reverse that?
And how do you sort of create an appetite to again
The answer is relatively simple, which is legacy stuff doesn't work, right? So earlier I said that this is very reminiscent for us the firewall market and everybody was competing with stateful inspection technology primarily on price. When Palo Alto Networks came And NEAR invented the next generation firewall, was very innovative and was actually solving a very important problem for customers and it turns out they're willing to pay for that and willing to pay a premium for that. And that's what's driven the success of this company since then. So we view this as very similar, which is you've got a large legacy market where the legacy vendors haven't innovated.
They've in essence commoditized The technology and then along comes a company like Cyvera with something very innovative and disruptive solving a hard problem at the right time and the customers
Ladies and gentlemen, we have time for one more question and that comes from the line of Scott Zeller with Needham and Company. Please proceed sir. Your line is open.
Yes. Thank you. Just a high level summary. Could you go over the previous acquisition Morta versus Cyvera, I mean, obviously, Cyvera, we're talking about the endpoint focus. But just from maybe a technique Perspective, you were talking earlier today about cyber understanding the toolkit that hackers are using.
Could you just talk perhaps how Morta is either different or similar to this acquisition.
Yes. Great question, Scott. Yes. So in both cases, What we're after is very innovative and sophisticated technology and understanding in advanced threat space. So what mortar brings to the party for us From an APT perspective, is a number of technologies, the one that we've mentioned a few times, Is the ability to understand really subtle lateral movements.
So if you have a threat inside your network, it's attempting to move across your network. Very sophisticated threats are able to do that in a very subtle way to escape detection and Mortis As a technology and team that understands that very well. So that's just a general statement or comment technically You definitely want to be able to see and understand threats as they move through your network in order to detect them and ultimately prevent them. What Xivera is doing is Specific to the endpoint today, but they're looking at the underlying techniques that are used to create To exploit a problem on the endpoint or an application on the endpoint already. And so an easy way to think about that, there's been 100, if not 1,000 have reported exploits at the endpoint, but all of them over time what we found is generated or use maybe a couple dozen techniques.
They're very sophisticated techniques. So what Sivera has done is, has a deep understanding of those techniques. So while the entire market is very focused on, Think about it as a house of protecting the house from break in. You've got cameras, you've got locks, you're watching for the break in to or somebody is in the house trying to figure out where they are, Sivera is actually going to the meeting where the terminals are planning how to break in And they understand in advance, that they're coming over the wall 2 o'clock in the morning in the left side of the yard sort of thing and they're there. You can just stop the break in from occurring in the first So it's a very different and upstream approach than what else is in that market today.
Okay. Thank you for that.
This is Nir. I'd like to add to that, that preventing there's no single silver bullet that's going to prevent the bad guys from doing what they want. And you need to have As many defenses as you can against them and that includes number 1, limiting what your users can To absolutely what they need to do and that's what the next generation firewall does. And then you also need to look at the malware trying to get in, which is what sandboxing You want to try to detect the malware already on your network trying to go out, which is what you can do with the IPS looking for command and control connections. You want to prevent the malware from being able to resolve the IP addresses to which it wants to go, which you do with DNS protection.
You want to protect the endpoint, Meaning, if the malware already made it to the endpoint, you want to detect it on the endpoint, prevent the exploit on the endpoint, which is what Cybera is doing. And then if somehow the bad guy was able to get on the endpoint and is now moving around the network, you want to detect that and block that, which is something that a data center Next generation firewall plus the technology that we acquired for Morta can do. So if you look at what we're trying to do here is we're Building multiple defenses against the way a traditional APT remember APT is a person, APT is not a piece of malware. A traditional APT or not additional, but an APT would take in order to get to where they really want to get, which is your data in the data center. And we think that only this approach of preventing all the different steps that they take is actually going to work.
Thank you.
Thanks, Scott.
This concludes our question and answer session. I would now like to turn the call back over to Mr. Mark McLaughlin for closing remarks.
Thanks everybody for joining us today. We really appreciate it and we're very excited about this acquisition. Like we said, it brings us Immensely talented team, some very unique and disruptive technology and an opportunity to immediately expand Our addressable market by over $4,000,000,000 Look forward to talking with everybody in more detail in about a week's time at Ignite and hope we'll see you there for the investor track. Thanks everybody.
Ladies and gentlemen, that concludes today's conference. Thank you for your participation. You may now