Good afternoon, and thank you for joining us for today's conference call to discuss Palo Alto Networks' Fiscal Third Quarter 2021 Financial Results. I'm Walter Pritchard, Senior Vice President of Investor Relations and Corporate Development. This call is being broadcast live over the web and can be accessed on the Investors section of our website at investors. Paloaltonetworks.com. With me on today's call are Nikesh Arora, our Chairman and Chief Executive Officer Deepak Goletcha, our Chief Financial Officer and Lee Klarich, our Chief Product Officer.
This afternoon, we issued a press release announcing our results for the fiscal Q3 ended April 30, 20 '21. If you would like a copy of the release, you can access it online on our website. We would like to remind you that during the course of this conference Call management will make forward looking statements, including statements regarding the impact of COVID-nineteen, the SolarWinds attack on our business, our customers, the enterprise and cybersecurity industry and global economic conditions, our belief that cyber attacks will continue to escalate, our expectations regarding the single equity structure, our expectations related to financial guidance, operating metrics and modeling points for the fiscal Q4 and fiscal year 2021, our expectations regarding our business strategy, our competitive position and the demand and market opportunity for our products and subscriptions, benefits and timing of new products, features, subscription offerings as well as other financial and operating trends. These forward looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause actual results to differ differ materially from those anticipated by these statements. These forward looking statements apply as of today.
You should not rely on them as representing our views in the future, and we undertake no obligation to update these statements after this call. For a more detailed description of these factors that could cause actual results to differ, please refer to our quarterly report on Form 10 Q filed with the SEC on February 23, 2021, and our earnings release posted a few minutes ago on our website and filed with to the SEC on Form 8 ks. Also, please note that certain financial measures we use on this call are expressed on a non GAAP basis and have been adjusted to exclude certain charges. For historical periods, we have provided reconciliations of these non GAAP financial measures to our GAAP financial measures in the supplementary financial information that can be found in the Investors section of our website located at investors. Paloaltonetworks.com.
And finally, once we have completed our formal remarks, we will be posting them to our Investor Relations website under the Quarterly Results section. We'd also like to inform you that we'll be virtually participating in the JP JPMorgan 49th Annual Global Technology Media and Telecommunications Conference on May 24 and the BofA Securities 2021 Global Technology Conference on June 8. Please also see the Investors section of our website for additional information about conferences that we may be participating in. And with that, I'd like to turn the call over to Nikesh.
Thank you, Walter. Good afternoon and thank you for joining us today for our earnings call. Let me begin with the current cybersecurity landscape. After the December Solarstorm attack, we saw an acceleration in attacks throughout our Q3 and after the quarter closed. These range from software supply chain attacks like SolarWinds and Codecov to ransomware attacks like Colonial Pipeline.
Ransomware especially has been in the spotlight recently And data from our own Unit 42 shows that the average ransom paid in 2020 tripled from 2019, and in 2021, it's more than doubled again. The highest demand we've seen is $50,000,000 up from $30,000,000 in 2020 with organized groups with near nation state discipline perpetrating coordinated attacks. The targets are not only corporations, where healthcare and pharma is a focus with the pandemic, but also government organizations and shared infrastructure. The The reason for this vulnerability is deep seated. Organizations run their operations on technology that is decades old, sometimes predating the Internet.
They continually bolt on new technologies to automate facilities and make them compatible with the modern Internet, but those platforms are inherently insecure. At the same time, Cyber defenses are fragmented, making it very challenging to block sophisticated attacks and lengthening mean time to discovery and repair. Lastly, more and more businesses and consumers are coming online without a baseline of protection. In such a scenario, it is imperative that customers focus on securing their most critical assets, while also focusing on reducing the fragmentation and leveraging newer technologies like artificial intelligence, machine learning and using those approaches. With that backdrop, let's focus on our results.
Overall, we saw continued strong demand environment and our own continued execution drove Q3 billings revenue and EPS ahead of guidance. We saw billings growth accelerated 27% in Q3, ahead of our 24% revenue growth forecast with growing ratable revenue contribution. I want to highlight one dynamic regarding our billings to help you better understand the drivers. During COVID, some customers were asking for annual billing plans to meet their needs. We noted to you that we saw success with larger, more strategic transactions in Q3.
Along with these deals, we saw an uptick in annual billings plans. Normalizing for this, our billings would have grown greater than 28%, nearly 2 points higher than we reported, which is the highest billing growth we have seen in the Q3 since Q3 of fiscal year 2018. Last year, we saw billings plan have an approximate one point impact Along with billings, we also saw 38% growth in our remaining performance obligation. This metric is growing faster than both revenue and deferred revenue and will be a source of consistent revenue growth in the future. Within the strong performance, we also saw 71% growth in ARR or annualized recurring revenue from our next generation security offerings, where we finished our Q3 at $970,000,000 up from $840,000,000 in Q2.
These ARR, billing and RPO trends drove 24% year over year growth in our reported revenue. It's worth noting, given your attention to NGS ARR, that in the very first week, in the 1st day of Q4, We transacted 1 of our largest next generation security deals in the history of Palo Alto Networks with a Fortune 30 manufacturer, which brought in dollars 7,000,000 in NGS ARR. So we're already at $980,000,000 on the 1st day of this quarter. With the acceleration in incremental NGS ARR in Q3 and trends we see in the business, we continue to have confidence in our Q4 target of $1,150,000,000 in ending NGS IRR. As part of the strong Q3 performance, we saw notable momentum in large transactions, with 901 customers having spent $1,000,000 with Palo Alto Networks in the last four quarters.
This cohort of customers was up 29% year over year, growing ahead of our overall revenue and billings growth. This growth in active millionaire customers has accelerated in recent quarters. As part of this large deal performance, our business is benefiting from growing adoption of multiple Palo Alto Networks security platforms across Charter, Prisma and Cortex. In Q3, 70 percent of our Global 2,000 customers had purchased products from more than one of these platforms and 41% had purchased all three platforms. This is up from 58% 25% 2 years ago.
Turning to our product areas. Earlier this year, we started the dialogue around network security and cloud and AI and shared additional financial metrics to give you more transparency. Having these two priorities under the common umbrella of our world class R and D and go to market organization is key to our strategy of being the largest cybersecurity company in the world. Starting with the network security side of our business. We are the leader in this business.
Our strategy of selling customers a leading firewall platform delivered through a hardware, software or as a service form factor underpins our success in this market. This has resulted in a business that is 28% larger Then our next peer on a revenue basis in Q3. Also, if you look at leading indicators that include deferred revenue and RPO, our scale comes through even further We are 40% to 50% larger. On these leading balance sheet metrics, we're going faster than our next peer. 3 years ago when I joined Palo Alto Networks, We are a hardware based firewall company.
We had a vision of a hybrid world where the enterprise and data centers would remain predominantly hardware oriented Growing adoption of software form factors like our VM Series firewalls. Meanwhile, in the remote access and remote office world, this opportunity has been transformed by cloud adoption And work from own trends to fuel Secure Access Service Edge, or SASE, adoption. The reception to our strategy of delivering a firewall in multiple form factors has enabled the accelerating firewall as a platform growth rates we just showed you. Within our firewall as a platform billings, we're seeing a distinct mix shift towards software. This software mix, which includes our VMs and SaaS business, now makes up 40% of Firewall's platform, up 21 percentage points from a year ago.
We saw 7 figure transactions for our software firewall capability, including VM and CNCities with the U. S. Government agency, a Fortune 30 manufacturer and a diversified financial services company. While we have seen the significant transition in form factors, One driver of growth and value in our business, our TAD subscription support have grown at a steady rate over the last several quarters on a revenue basis. We expect the software mix to continue to increase in the medium term, although along with this, we expect to continue to see attached subscriptions as a key growth driver.
We're showing you for the first time here that NetSec analyzed recurring revenue, which was $2,660,000,000 at the end of Q3 and grew 25%. As a reminder, this does not include our hardware business, which continues to be significant. This recurring revenue business is a key driver to strong cash generation, which we have guided to 42% for NetSec in FY 2021. We believe this high degree of recurring revenue and strong cash flow generated by NetSec is something that should be more clear now given this incremental disclosure over the last two quarters. Now turning to innovation and focusing first on Prisma SaaS.
Back at the beginning of the pandemic, we saw customers look to significantly expand remote access capability, while not compromising security or user experience. We've met that demand with free remote access trials and broad proof of concepts, enabling customers to see that value in Prisma Access as well as supporting the network transformation as they move to the cloud. We're seeing these efforts as well as momentum generated from the 2 This quarter, we saw a number of large Prisma Access transactions, including a global technology company, a large manufacturer and a Fortune 10 healthcare company, all eight figures or greater. Additionally, over 25 percent of our Prisma Access new customers in Q3 were net new to Palo Alto Networks. Lastly, we're seeing Early traction in our service provider partners for Prisma Access including Comcast, Verizon and Orange Business Services.
These relationships are part of broader initiatives with service providers that we see as a significant growth opportunity. Just yesterday, we announced a significant release in network security focused around a comprehensive approach to 0 Trust. This is timed well with last week's executive order out of the White House that defines 0 Trust in a way that is very consistent with Apollo Auto Network strategy. There's been a lot of noise in the industry around 0 Trust network access, but solutions continue to be fragmented around either remote users, Access control or enterprise apps. Our approach covers all users and devices, all locations, all apps and the Internet applying consistent access control and security.
Our new PAN OS 10.1 release brings cloud based identity controls, integrated CASB and enhancements to our URL and DNS security services. Palo Alto Networks' position across appliance, software and SaaS is unique and these new innovations are applicable to all our customers across all form factors. This is one of the most significant innovation releases for our next core next generation firewall franchise and gives us confidence in continued Net segment growth as we look forward. Now moving on to cloud and AI. On the Prisma Cloud front, we continue to build on our early leadership position in cloud Security posture management, cloud workload protection capability and marketplace delivered virtual firewalls where we are the largest player across this opportunity set.
Our strategy is to stay ahead of customer demand as we adopt cloud native security services across hyperscalers. We believe we have staked out a leadership position in cloud native security of this business. We have achieved over $250,000,000 in ARR across Prisma Cloud in our marketplace VM and CN Series. Fueling this growth is 39% growth in total customers and 38% growth in Global 2,000 customers across Prisma Cloud. Our unique consumption model in Prisma Cloud based on credits enables customers to use any of our modules across their cloud deployed workloads, including using multiple capabilities for workload.
We're seeing strong growth in credit consumption with over 100% growth year over year in Q3. Despite our strong position with Prisma Cloud Targeting an early opportunity, we see the next big challenge in security at the developer level or shift left security. We recently addressed this with our acquisition of BridgeCrew completed in Q3. Traditionally, security issues in code pose a challenge for the CISO organization. And we're seeing leading companies drive a collaborative approach between the CISO organization and the development organization to address this.
ShiftLeft integrates security into the DevOps process to catch these issues upfront where they're easy and quick to fix. It's a win for developers and a win for security. BridgeQ has an open source product, Checkov. This product delivers significant value to developers through a free download. Post the acquisition closed and the release of 2 point 0 of Checkov, we saw Bridgecrew downloads accelerate.
Bridgecrew is also seeing strong momentum in its paid customers, including a 6 figure customer in Q3. We're only in the very early stages of cross selling between Bridgecrew Software and Prisma Cloud. Within our Cortex product area, we continue to focus on delivering significant volumes of innovation to XDR, XSOAR and our recently acquired Xpans product. In Q3, we delivered a new release of XDR, which expands endpoint query capability and improved visibility into network activity. With XR, we significantly expanded our marketplace partner integrations to increase the set of automation and security playbooks that customers can deploy.
We're seeing this result in steady Cortex customer additions to XDR and X Store customers. We have over 2,400 customers starting from essentially scratch 2 years ago. Our focus on innovation has been validated by the market as well. We were particularly proud of this validation for Cortex XDR in Q3, where we garnered the best overall result in round three testing for MITRE. Also in the recently released Forrester Wave covering endpoint security software as a service market, we were named a leader.
Cortex X sourced our product's 100 partner contributed content packs and now has over 6.50 content packs in the marketplace. Our Expanse offering was featured in Tim Junior's keynote this week at RSA, where our research uncovered that 1 third of leading organizations of access is susceptible to exposure that are the main avenue for ransomware. No other leading security company has a degree of visibility to identify and prevent today's most pernicious attack vector. Within Cortex, we are starting to see an uptick in large customer signings, such as a 7 figure transaction with a financial service firm, which included SDR Pro and XOR. Lastly, during Q3, we formed the new Unit 42 under the leadership of Wendy Whitmore, who comes to Palo Alto Networks after building successful security services businesses.
Our new team is a combination of 2 of the most capable teams in cybersecurity. The Cripsys team is laser focused on the mission of conducting world class Data Breach Investigations, while the Unit 42 team has focused on rapidly building threat intelligence into Palo Alto Networks product. This new Unit 42 has Completed over 1300 engagements at calendar year 2020, bringing to bear the power of 140 consultants. In response to SolarWinds and ransomware attacks, Microsoft related breaches and other attacks, we've mobilized our consultants in rapid response engagements, which help customers through these difficult times. As we look forward, we're focused on using services to become an even more strategic partner to our customers.
As I've reviewed with you here and should be evident in our Q3 results, we're seeing broad We see strength in our pipeline and continued demand tailwinds that remain strong, leading us to raise our FY 2021 guidance. I also want to update you on our plans we discussed in Q2 around exploring an equity structure for Classiq. We continue to focus on providing transparency for each part of our business. You'll notice the IRR for NetSec, which we highlighted this quarter. We believe this has helped investors gain better insight into our overall financial profile and especially understanding both sides of the business with with a different growth in free cash flow characteristics.
We have finished all the work required to file any form of equity on PlayStack. However, given the state of the market and offering With the extensive conversation with shareholders, we have decided at this point, it's best to continue with a single equity structure and an integrated P and L to postpone any decision to list PlaceIQ Equity. Lastly, We're excited to welcome Aparna Bhabha, Chief Operating Officer of Zoom to Palo Alto Networks' Board of Directors. She brings deep operational, financial and legal expertise, having served in diverse roles at rapidly growing tech companies such as Zoom, Magento and Nimble. Hereditary comes after the February appointment of Doctor.
Helene Gale to our Board. We continue to have a strong commitment to diversity at Palo Alto Networks, including at the most senior levels of governance in our company. With that, I will turn the call over to Deepak Gallegia, our CFO. We're excited to have Deepak step into the CFO role and enable a smooth transition within our organization. He brings world class experience.
We're already seeing him bring someone's experience to bear in driving improvement. Over to you, Deepak.
Thanks, Sankesh. I'm excited and humbled to be part of this World class leadership team and look forward to driving total shareholder return. As Nikesh indicated, we had a strong third quarter as we We continue to deliver winning innovation while simultaneously adding new customers at pace. This strength gives us confidence to raise guidance for the year. We delivered billings of $1,300,000,000 up 27% year over year with strong growth across the board and ahead of our guidance of 20% to 22% growth.
We've continued to see some customers ask for billing plans, many involving larger transactions as we become a more strategic partner to our customers. We've also used our Palo Alto Networks Financial Services financing capability here. The dollar weighted contract duration for new subscription and support billings in the quarter were consistent year over year and remained at approximately 3 years. We added approximately 2,400 new customers in the quarter. Total deferred revenue at the end of Q3 was $4,400,000,000 an increase of 30% year over year.
Remaining performance obligation or RPO was $4,900,000,000 an increase of 38% year over year. We continue to see these metrics as becoming more meaningful as we drive growth from our ratable business. Our revenue of $1,070,000,000 grew 24% year over year ahead of our guidance of 21% to 22% growth driven by our billings and broad business strength and amidst an increase in our ratable subscription revenue. We remain focused on driving this higher quality revenue with all new product offerings being pure or substantially all subscription in nature. Looking at growth by geography, the Americas grew 24%, EMEA grew 23% and APAC grew 25%, showing broad executional excellence across the world.
Q3 product revenue of $289,000,000 increased 3% compared to prior year. Q3 subscription revenue of $474,000,000 increased 34%. Support revenue of $311,000,000 increased 33% In total, subscription and support revenue of $785,000,000 increased 33% and accounted for 73% of total revenue. Our Q3 non GAAP gross margin was 74.6%, which was down 60 basis points compared to last year driven by product mix, which are less mature. Q3 non GAAP operating margin was 17%, an increase of 60 basis points year over year.
There are several factors driving our operating margins. We have revenue upside, lower travel and events expenses due to COVID and some shift in spending out of Q3. At the same time, we continued to aggressively invest for growth largely in the areas of sale capacity and R and D investments. With health conditions improving in geographies of many of our facilities, including our Santa Clara headquarters, we're seeing more employees look to return to the office. We expect this trend will continue to gain steam in Q4, reversing some of the savings we had seen in the last few quarters in our OpEx.
Non GAAP net income for the Q3 increased 22 percent to 140 of $40,000,000 or $1.38 per diluted share. Our non GAAP effective tax rate for Q3 was 22%. The EPS expansion was driven by revenue growth and operating expense leverage with an undertone of strong investments of growth. On a GAAP basis for the 3rd quarter, net loss increased to $140,000,000 or $1.50 per basic and diluted share. We ended the Q3 with 9,715 employees, including 39 from the Bridge Crew at the close of acquisition.
Turning to the balance sheet and cash flow statement. We finished April with cash, cash equivalents and investments of $3,800,000,000 Q3 cash flow from operations of $278,000,000 increased by 64% year over year. Free cash flow was $251,000,000 up 200% at a margin of 23.4%. Our DSO was 60 days, a decrease from 3 days from the prior year period and flat with the Q2. Our firewall as a platform or FWAAP billings grew 26% in Q3, and we continue our transition from hardware to software and SaaS form factors, as Nikesh highlighted.
Our Next Generation Security, or NGS, continues to expand and now represents 27% of our total billings at $346,000,000 growing at 70% year over year. In the Q3, we added $133,000,000 in new NGS ARR reaching $973,000,000 The acquisition of Bridgecrew added an immaterial amount to this number, And we remain confident in our plan to achieving $1,150,000,000 in NGS ARR exiting fiscal year 2021. Turning now to guidance and modeling points. For the Q4 of 2021, We expect billings to be in the range of $1,695,000,000 to $1,715,000,000 an increase of 22% to 23% year over year. We expect revenue to be in the range of $1,165,000,000 to $1,175,000,000 an increase of 23% to 24% year over year.
We expect non GAAP EPS to be in the range of $1.42 to $1.44 using $101,000,000 to 103,000,000 shares. Additionally, I'd like to provide some modeling points. We expect our Q4 non GAAP effective tax rate to remain at 22% and our CapEx in Q4 to be approximately $30,000,000 to $35,000,000 As Nikesh indicated, we're seeing broad drivers across our business in Q3, driven by a foundation of innovation and strong sales execution. Along with trends we see in our pipeline and demand tailwinds that remain strong, we're We're raising our fiscal year 2021 guidance. We expect billings to be in the range of $5,280,000,000 to $5,300,000,000 an increase of 23% year over year.
We continue to expect next generation security ARR to be approximately $1,150,000,000 an increase of 77% year over year. We expect revenue to be in the range of $4,200,000,000 to 4 point to $1,000,000,000 an increase of 23% to 24% year over year. We expect product revenue growth of 1% to 2% year over year. We expect operating margins to improve by 50 basis points year over year. We expect non GAAP EPS to be in the range of $5.97 $5.99 using $99,000,000 to 101,000,000 shares.
We expect regarding free cash flow for Full year, we expect an adjusted free cash flow margin of approximately 30%. Now let's review our fiscal year projections for NetSec and ClaySec. Overall, we are confirming our ClaySec projections while raising our NetSec billings by 300 basis points and revenue by 100 basis points given the strong performance of SASE, VM Series and subscription business overall within NetSec. Moving on to adjusted free cash flow, we expect Network Security will deliver a free cash flow margin of 42% in fiscal year 2021, up from 38% in fiscal year 2020. We continue to expect Cloud and AI free cash flow margin of minus 43% in fiscal year 21, an improvement from negative 59% in fiscal year 2020.
While we are focused on growth investments in cloud and AI, Over time, we expect Cloud and AI to achieve gross operating and free cash flow margins in line with industry benchmarks as we gain scale, our customer base matures and we become more efficient. In Q3, we repurchased $350,000,000 in our own stock at an average price of $3.22 As of April 30, 2021, we had $652,000,000 remaining available for repurchases. This is part of a broader capital allocation strategy focused on balancing priorities and maximizing total shareholder return. We start with fueling organic investments and managing priorities across innovation and go to market to set the foundation for sustainable growth for Palo Alto Networks. 2nd, we've deployed capital for targeted acquisitions, which accelerate this growth opportunity.
We rigorously evaluate targets focused on acquiring leading technology, retaining key members of the team and following through with integrating these acquisitions into our businesses. Finally, we work to optimize our capital structure using the options available to us in this dynamic market. That includes deploying debt, using stock for M and A consideration and also buying back our own stock when we see it representing a good value. With that, let's move on to the Q and A portion of the call. Walter, over to you.
Thanks. In the interest of time, Please limit yourself to one question. Our first question comes from Brian Essex from Goldman Sachs with Fatima Boolani from UBS OnDeck.
Hi, thank you. Good afternoon and thank you for taking the question. Maybe for Unicash, we've seen a lot of solid outperformance Relative to expectations on the network security side and nice performance this quarter with respect to cloud and AI ARR growth. Wanted to get a better understanding given that the outperformance has been on the network security side, how confident are you in your ability to hit that $1,150,000,000 guide For the full year, how do we think about how that business has performed relative to your expectations so far this year?
Brian, remember 2 or 3 years ago when we set out targets for our next generation security business, we didn't have the muscle To figure out how we can get out of the firewall business and have that sales force go out and actually go sell cloud and AI. The good news is over the last two and a half years, we're building muscle, we're learning how the market Right. It's kind of interesting. Every one of these markets operates slightly differently. If you look at NGS, it's a combination of Sassy, Prisma Cloud and Cortex.
Sassy's characteristics are a lot of the free trials we gave a few quarters ago and this whole push to work from home is forcing customers to think hard about their security stack. It's no longer you can access half the apps half the time you need to be able to access everything for wherever you are. So we're seeing network transformations and That's what's driving the success on Sassy and some of the huge wins we've had on Prisma Access. As I mentioned, one of the deals which we closed and shipped in the first Fund is our largest SaaS CD lever, which gave us $7,000,000 of NGS ARR. So you can see approximately So we're seeing a lot of traction on the access front and the SaaS front.
So That's good. Cortex is an interesting space because we compete there with people like CrowdStrike and SentinelOne and the others. We're great on the product front as we've showed you Forrester Wave and the MITRE results, we're trying to create more muscle around being able to do those deals. Those deals are typically You got to because it's a competitive market, you got to do a whole bunch of deals there and they all range in the $1,000,000 to $5,000,000 range at the higher end and the smaller below that. So you You don't get lumpy deals.
You just have to do a lot more deals. And that's what we're doing on the Cortex front. Last but not the least, on the cloud front, we got 2,250 The deals end up being large deals. They're slightly lumpy and they have very high variability in duration and consumption. So So some of these say I'm moving in the cloud, how to buy credit for the next 3 years, how many credits do I need?
They'll suddenly find their deployment is slower because they haven't deployed fully on GCP or AWS or Azure. Others you will say they've been customers last 2 years. They're upping because they moved all their workloads to the cloud and their workload ramp has increased. So all three of them have slightly different characteristics. That's why we end up in a portfolio situation.
You saw this quarter we added about $133,000,000 in net new NGS ARR. I just told you about $7,000,000 more because I felt you guys are Extremely curious on NGS and I don't want you guys to go out thinking we're not confident on our 11.50. So right now, we all feel that we'll get to 11.50 on NGS ARR and it's going That being a portfolio call in terms of some things extremely doing extremely well, some things doing normal.
Got it. Got it. Thank you for that. And then maybe to follow-up with Deepak, Appreciate the commentary on the improving operating efficiency or potential to improve the operating efficiency of cloud and AI. And I think that's one of the things that investors kind of struggle with when I think we've all looked at this business on a sum of the parts basis and the performance of each on its own and the Challenge with Cloud and AI is that it's burning cash at the rate that it is.
What do you think about the term the timeline for improving profitability and Cash flow generation from that business, because I think that might be a trigger for investors to maybe look at that business on a standalone basis and assign it a little bit more value.
Yes. So maybe if I answered it in 2 different ways. I mean, we look at what other companies have done as they've Sound like grown through their, as they've scaled over time. And we often benchmark ourselves versus where were they at this time and other things that we can do to be able to get there. But at the same time, we're not shy from like making the right investments if we see the opportunity there.
That's why
I don't want to really box ourselves into a timeframe. It really is a question of what opportunities are out there at the time. So we have a base That's constantly improving, but we're also reflecting on the fact that this is a dynamic market and sometimes you need to lean in if it makes And for long term.
Yes. If I can add to
that Yes.
There are 2 parts. 1, as Deepak highlighted, we continue to work hard towards getting gross margin efficiency on those products because the product development is in our control. And Lee, who's sitting To my right, he and his team work hard at trying to make sure that we optimize the gross margin part. The rest of it honestly is the question of how much do we want to invest in sales capacity To be able to drive those. Don't forget, in each of those areas, we are dealing with extremely competitive situations.
In the case of XDR, we deal with dedicated salespeople from CrowdStrike. They outflank us 8 to 1 on the number of salespeople. So we have to look hard at how much investment we want to make on the sales side. We do get leverage to the Palo Alto salespeople or eventually end up in hand to hand combat. On the Prisma Cloud side, I'd say we were doing fine and we are doing fine, but suddenly the equity or the venture markets have gone and Provided phenomenal evaluations and dumped a lot of cash in some very early stage companies who are now dangling large paychecks to ourselves, people who have got the Qualified cloud security sales team.
So that's why I think Deepak is right in saying that we're going to watch the market carefully. But again, we just told you another number, dollars 250,000,000 ARR In cloud security, VMs and public cloud security. That's a number which is outflanks our next competitor by probably 25 times.
Super helpful color. Thank you.
Great. Thanks. Just remind us, limit to one question. So next up is Satim Bawalani and on deck is Keith Weiss from Morgan Stanley.
Thanks, Walter. Migesh, maybe I'll start with you very quickly. You talked through a lot of the areas of strength from a product pillar perspective. But in terms of just zooming back, can you stack rank for us what specific product areas in the NGS portfolio Really, were the drivers of billings acceleration in the quarter? And then I have a quick follow-up for Deepak, please.
Yes. As I highlighted, Sassy is Strong. Deepak highlighted the subscriptions are strong. We're pleased with the way Cortex is evolving and cloud ends up being lumpy. So some quarters we'll get some very large deals And they make up the billing some quarters they push, but across the board, the portfolio is performing in line with our expectations We're slightly ahead.
As we said, we hit 973 or 980 depending on how you count it.
Deepak, nice to
Let's just go one question. Let's we're going to move on next to Keith Weiss with Sterling Auty from JPMorgan on deck.
Excellent. Thank you guys. Very nice quarter and thanks for taking the question.
I think you guys are doing
a very good job of illustrating There's a difference between firewall appliances and more generally firewalling capabilities. And you're seeing that Firewall as a platform growth, sustain really well, actually accelerating in recent quarters. And I think that's probably one of the key areas that investors are most Cautious on is the durability of growth and firewalling. Can you talk to us a little bit about where you're seeing that strength from? Do you believe it to be durable over the next Couple of years.
And is there anything that we should be watching out for in terms of tough compares or any one time items from a year ago period that might Upset that growth trend that you've been seeing in firewalls and platform.
So I'll give let me two comments, Keith. One is, There are situations where the customers are looking for, like you say, a firewalling capability. We can walk in and say we can solve this problem with software Or you can go deploy tons of hardware to solve the same problem. So take a large retailer, they can go deploy 1200 firewalls in each of their stores If they choose to go down the hardware route, which is more costly to deploy, harder to maintain, harder to upgrade over time, or we can go in and say, let's do that with Prisma SaaSci, which is a Software dependent solution, which has lower cost of ownership, easier deployment, easier to solve. So you're seeing us create some degree of substitution in our customer base.
So if you Compares like to like with some of the leading hardware firewall businesses, which don't have that strength in that software capability, they cannot deal with that substitution Capability, which we think is better for the long term because we just point to the RPO and so look, if you can grow RPO at 38%, that just means we have future revenue coming down the pike On the FLAP front, which is going to be harder to hunt and kill on a quarterly basis, which we were a hardware only business. So I actually think there's more resilience In our network security business and most hardware dependent businesses. The second piece, I would say in that context is What was proxy based architectures is now full firewall in the cloud. We're seeing that in spades in Prisma SaaS. People are stepping back and saying, okay, let me understand this.
How do I get my trading system to be accessible from an employee's home? You can't do that with proxy based We talked about that at nauseam. And we're seeing that really bear out in the success we're seeing in Prisma SaaSie. My fellow colleagues, Walter and Deepak will not let me throw out more stats in that area, but I'll just say I'm extremely delighted With the progress we've made in Sassy from where we came from, 2.5 years used to be a product called GPCS and we would shutter, like you said, the one time items. There was one deal when I came to Palo Alto.
We sweated the entire year to see how we lap that in the following quarter. Now we do 6 of those in a quarter And we've got tons lined up in our pipe going forward. So SaaS is strong, which should give us continued strength. I think the network transformation is in a very, very early stage. If you think about it, if you see AWS GCB Azure clipping $40,000,000,000 $50,000,000,000 of billings in a quarter, All those customers are going to stand up and realize, wait, I'm relying on MPLS based architectures to go back to my data center.
Now I don't need to go there. I need to go to public cloud. When you do that, you got to go SaaS. And right now, we firmly believe we have the best SaaS solution in the market. We firmly believe that we have the most deployed customers out there at scale.
Great. Thanks. Next question from Sterling Auty and Saket Kalia from Barclays on deck.
All right. Thanks. It's fun to see Walter on the other side trying to Keep us to one question after all these years. I want to follow-up on Keith's question as well on FLAP. Help us understand what are the metrics that we should look at in terms of and you gave a little bit of this last quarter, but When you look at your installed base of the on premise appliances, as some of that starts to transition to FLAP, is that happening?
And if it does, how is the dollar for dollar comparison? In other words, do your customers still end up spending more Is there still expanding under an FLAP versus their traditional clients? Is it smaller or the same?
I'm going to bring in my colleague, Lee Klarich, Shah, who spends a lot of his time making sure that these transitions work and we see these transitions happen. So Lee?
Yes. Thank you, Nikesh. Good question. And actually, last quarter, we provided some insight into this. If you remember, the There's effectively 2 transitions that we see play out.
One transition has to do with the movement of applications from data centers to the cloud, where the form factor often is changing from a hardware form factor to software form factors, VM Series, etcetera. The other transition is from based on how the employees and users are moving increasingly, obviously moving off the network and soon moving to more of a hybrid state where In that case, the it often is movement from hardware to hardware plus cloud delivered SaaS architectures. And And so as you think about those, the net effect of all of it is positive for us in terms of the overall spend from customers. There are some puts and takes. Hardware going to VM Series in the cloud is relatively similar.
Hardware going to SASE is actually typically an uptick In overall spend because it's not just like for like, it's actually SaaS includes network as a service and a lot of the networking components, global Work reach, etcetera. And so the overall spend envelope becomes larger as more of the capabilities actually get integrated into the service that we're delivering to customers. So overall positive, and we've been now tracking this and have history of this for a few years to be able to actually see how that plays out.
Great. Thank you.
Great. Thanks. Next question from Saket Kalia from Barclays and then Matt Hedberg from RBC OnDeck.
Okay, great. Thanks for taking my question here. Nikesh, maybe for you, can you hear me okay, Walter? Yes. Okay, cool.
Because that was helpful commentary on the equity structure around ClySEC. I guess the question is, what were some of the things that went into your decision to explore that last quarter and then maybe this quarter? And is it a matter of timing given the volatility in the market? Or would you say that the probability of exploring that down the road is still relatively low.
I think, Saket, as we went through the mechanics of creating all the paperwork required to file this, The debates began to happen with some of our shareholders. As I look, the true value creation is when you actually can take this and separate Because you'll still have a stub with some sort of a tracking stock. And the challenge with separating it is you saw 70% of our customers are buying multiple platforms. 40% of our customers are buying all 3 platforms. We're getting into conversations with CIO and somebody goes to a breach or ransomware, but they want to go wall to wall and say, listen, Come protect me, protect my cloud, protect my SOC, protect my network transformation.
And then you're suddenly saying, look, we have all this vantage point from where we are, where we can go pitch all three platforms And go and envelope the customer with security and we're creating this artificial separation amongst ourselves, we're not going to be able to leverage that. So that definitely went through the decision. I think the question was I can't keep track, I think, so just asked around to Deepak about funding of Classiq visavisnetsec. I think we'd still have to make that a self standing profitable entity in its own due course. And I think it's too early to go think about separating that into distinct businesses Because we're getting phenomenal leverage from our firewall sales teams who've spent Sort of 1.5 decades trying to build the relationships and get embedded in our customer base.
Very helpful. Thanks. Great.
Thanks. Next question from Matt Hedberg from RBC and then we've got Talayani from BofA up next.
Thanks, Walter. Nikesh, I wanted to talk about, you know, all these recent breaches. You know, you alluded to President Biden talking about the importance of 0 Trust. I guess, How do you think about that impacting your federal business later this year? And then also, as these breaches continue to accelerate Post COVID world, do you think you're going to be in a better position to consolidate security spending?
There's always that debate on best of degree versus consolidation. Does this just accelerate your demand environment even more so?
Matt, what's interesting is let's start with the second part first. Like clearly, Whatever approach was used to buy security hasn't worked, right? And we've traditionally been in a best of breed approach. You go to companies, they have 35, 25, 40 vendors and the act of stitching all those solutions together is left on the shoulders of the customer. You couple that with the 2 biggest technological transitions that have ever happened in the history of computing.
1 is the shift to the public cloud, where you have to fundamentally change your IT architecture. The second is the network transformation that you're going through driven by the cloud. So CIOs are dealing with those 2 technology transitions and at the same time Having to take a hard look at security and bolster it up. And I think there, if you look at historically, I don't think there's been many security companies who've been able to give you best of breed solutions across multiple capabilities. So our firewalls, 9 times.
Top right, Magic Quadrant. All firewall capability, whether it's SASE or hardware firewalls VMs fit in that category, so So they can get the best firewalling capabilities across 3 different architecture systems. XDR, maybe the top right in Forrester Wave. We're the only cloud security, native security company with Prisma Cloud. We are top right in SD WAN and we're top right next door if there was a quarter.
So we actually have the ability to give you a stitched set of products Across 5 leadership positions, which is not available today in the cybersecurity industry. So we're able to make the both the best of breed And Stitch platform argument right now and is resonating because customers who are going through these agonizing times are stepping back and saying, wait, I need to look at it from a different approach And I can go how can I go with a partner who I can hold accountable for my entire security footprint?
Great. Thanks, Matt. Next up is Talianni with Keith Bachman from BMO on deck.
Hey, I have an accounting issue, accounting question. Great results. ARR were better than expected. At least some people expected some issues there. But I looked at your filing and you changed the definition of ARR a little bit this quarter.
You added the language when I compare the language of this quarter versus last quarter. You added the language that this quarter it includes certain cloud delivered security services to ARR. Would you mind to quantify This addition, was it material to the numbers this quarter? Thanks.
Yes, I'll take that question. It's really not material to the overall number. We added a couple of cloud delivered Technology solutions like IoT being one example, when you add all of them that they're relatively de minimis In nature, yes.
Got it. Thank you.
We're talking
about the early launches of our products and we want to make sure they sit in the right bucket. We can sell IoT against Cortex XT or Cortex Data lakes and they sit in both places in our firewall business and in our cloud AI business. Great. Thank you.
All right. Next up is Keith Bachman and then Andej is great pal from BTIG.
All right. Thank you very much. Nikesh, I wanted to ask you to Flush out Cortex a bit more in terms of run rate and expectations. Feedback we've been getting from the channels is Cortex certainly is doing better. And I was wondering if you could talk about win rates, where you're winning, Some of the reasons why, is there any metrics you can give us on growth associated with the Cortex brand, whether it's revenues or billings?
Yes. Well, I can't give you a metric we haven't given, but I'll tell you. Cortex comprises 3 products. 1 is XDR, Which we compete with as you see with CrowdStrike and SentinelOne. I think the challenge we have there is, well, our product as you can see As technically been now ranked better than CrowdStrike and at par with Central One and others, the challenge we see is we don't have as much coverage as CrowdStrike.
So they are in more deals than we are And that's a virtue of the fact that they have 8 times more dedicated salespeople chasing the XTR category and we don't. Where we do end up against them, We pretty much don't lose technical POCs, obviously, because of the you've seen the technical competitive market, then it becomes a price war and we don't bend over On the price war. So we see reasonably good win rates against them where we are present. I think our challenge is we're not present in as many deals We'd like to be present in because they've got us they've been at it for 7 years. We've been at it for 2.5.
So that's kind of like the XDR solution. On XOR, It used to be Phantom and Demisto. For the most part, we don't see much competition in the XOR category. We think pretty much where the customer believes they have a need, they will go with XOR. So we don't feel a challenge in that market, but It's a moderate deal size.
It's not the deal size of cloud, which can get to 8 figures. It's a deal size just smaller than that, but we do see Less competitive activity in the XOR category. And last but not the least, Xpans at Access Management is a newer category where people are beginning to understand that the hackers Look at your entire vulnerability footprint from the outside, so you're better off having a clear view. For example, any customer that goes into a breach or post ransomware actually wants to understand And their entire footprint and the vulnerability associated with it. So we end up having an engagement that expands whenever that happens.
What is going on is that with the formation of Unit 42, we're getting more and more involved in more incidents out there and that's allowing them to drag and drop XDR and Expanse in those. It's early days, but we have merged the forensic capabilities, for example, of TRIPSYS, which used to be a product called Hadron That has been embraced into XDR and will go live very shortly where our incident responders can go deploy XDR And provide all the forensic capabilities that they do when a breach happens. So early days, we are seeing more traction on Cortex. I think we announced that we have 2,400 customers. The only the real upside and opportunity for us is to go ahead and execute at scale over there to get into more and more deals because the product is there.
2 years 12 months ago, we We didn't have the product. Right. Okay, terrific. Thank you.
Thanks, Keith. Next up is Gray Powell from BTIG. And on deck is Adam Tindle from Raymond James. Hey, Greg. Can you hear me okay?
All right. Thanks for taking the question. So yes, maybe back on Prisma Access. What's been the reception with Prisma Access 2.0 so far? And do you see that product update with proxy capabilities Getting Palo Alto into more traditional secure web gateway replacement deals or potentially improving the pace of new logo ads on the product
Yes. Look, we were really excited about the 2.0 launch a few months ago, great reception from customers, really excited about Everything that was in that launch. Remember, this is where we introduced cloud management, so cloud native experience, onboard easy onboarding, Activation, this is also where we launched the first ever autonomous Digital Experience Management add on module. So this allows our customers to monitor the actual end user experience that they're seeing through the service to the locations they're accessing in addition to the proxy capabilities and Cloud Blaze technology, etcetera. So it was a big release, very well received.
The Adoption, almost all of the Prisma Access customers have now been upgraded to 2.0 and Very smooth upgrade process. We're seeing great adoption in the new cloud management. Close to 100 customers are now using that in just the first Couple of months of availability, the autonomous DEM, we're getting great feedback from customers from early adopters and growing the pipeline of that. That's an add on module that we can go and sell back into the Prisma Access customers as well as new customers. And the proxy capability
As you
know, we still believe most customers are going to want the full fledged capabilities of Prisma Access and not just the proxy capabilities. But That capability has achieved what we wanted. It's removed that as an objection. It's allowed customers who need it to be able to move to Prisma Access And just remove that as a criteria. And so we're seeing a number of customers that are testing that and using it and happy we added it and made the change.
Great. Thank you very much. Thanks, Craig. Next up, Adam Tindle from Raymond James and then Michael Sperdge from KeyBanc.
Okay, thanks. Good afternoon. Congrats on the results. I wanted to ask on profitability, whether it's Nikesh or Deepak wants to weigh in. You're seeing deal sizes increase.
You're seeing cross platform adoption and those are helpful metrics for us. We typically associate those with very Healthy contribution margin. You did talk about 50 basis points of operating margin expansion this year, but I wanted to ask beyond this, Do you think that this is something where you can build on? You're hitting a turning point and we could see sustained margin expansion from here. You talked about 150 basis points annually a Couple of years ago at an Analyst Day, I'm wondering the puts and takes to get back to that level of margin expansion.
I think the honest answer is it's pretty situational, right? I mean, I think every customer deal is different and Like we're obviously going to lean in if we have to in order to do that. But I think what really drives us is making sure that we don't leave any money on the table. I certainly think that as the portfolio grows, as the attack surface area becomes more complicated, Hopefully, the leverage moves more within towards our favor over time and that will help us over time. But I think in general, I would stand by it's always a focus area for us and we believe that with scale we'll come to margin expansion Over time, but at the same time, we just don't want to leave opportunities on the table if they're there for the taking.
Yes.
Just adding to that, Adam, I read your note. Thank you for your initiation and upgrade. I noticed that you talk about operating margin leverage. And as Many folks have highlighted in this call, we have 2 businesses, the Network Security business, where you can see the leverage, 42% free cash flow Margins still growing at 26% of billings and 38% of our some number in our peers and that's exactly different. But so We see that's where the leverage is.
We use that leverage towards the ClaySec businesses. In the history of cybersecurity, nobody has built a $735,000,000 ARR in 2.5 years. So let's just like take stock and pause and we didn't buy all of it. We bought some products into it, but It has been built by a lot of go to market capability. If you benchmark that against the CrowdStrike and the Oktas of the world or the Zscaler of the world, You'll see there is a natural evolution, which doesn't happen in 2 years.
So yes, do we believe there is operating leverage in future years? Yes, we do. It becomes a real question of do I want to go I don't know that 300 salespeople and beat as many deals as CrowdStrike or do I want to hire 100 salespeople and have a lower growth rate because I don't believe I have the capability on the product side. Palo Alto Networks has never been in a position like today from a product capability perspective. Our products resonate.
We rarely get thrown out because our products don't cut it. And given the heightened security awareness in the market, we're seeing more traction because As you guys know, our products are on the margins slightly more expensive or premium than some of the other players in the market. As the security awareness or heightened Desire to have a more secure product goes up. It'd be better for us because the customer is more willing to be tolerant of a price point associated with Palo Alto Networks. So honestly, again, I think I'm repeating what Deepak said is that we don't want to throttle the growth opportunity for us.
When I came to Palo Alto, we were growing at the low-20s. Now we just showed you 27% and maybe 20%, 29% if you Adjust for the annual plan stuff and that's acceleration and we like to see if we can maintain high growth rates going forward and if that requires us to invest And look for leverage in future years, we'll do that as a management team.
Thanks. Next question from Michael Turits at KeyBanc and after that Patrick Kovill at Deutsche
Yes, thanks. Nikesh, I think that one of the investment thesis here has been that you're the company most likely to not only Consolidated security, but to make that transition to software and to the cloud, and you're proving that out. But that said, you've also been doing a great job this Here on the productappliance side, up 3% year to date versus what you had guided to a flat. So I'm Trying to get a sense for the dynamics of that in the next 3 calendar quarters. Do you could we get a boost from Refresh of what wasn't done last year?
And is there any constraint to that if it's going to happen from supply chain components?
That's a great question, Michael. I think the supply chain situation changes weekly. And you can see all those machinations play out in the market. As you can imagine, like other players in the market, we have some degree of inventory capability vis a vis our expected demand in the Upcoming in the shorter duration and the longer duration, all bets are off in the industry depending on how they bring up more fabs to go print out the chips and get them to us. So The good news is, as I highlighted, we moved 40% of our firewalling business to software.
So if the industry starts to see supply constraints, we are able to solve Most problem by giving them capability, which is software based and we obviously will still have our baseline availability of hardware. We do have the units available for the recent announcements for our hardware launch, which we just did, which Lee can talk about in a second. But Again, I know we've talked about this, Michael, and we keep going back and forth on this is that I honestly look at the overall capability, the firewalling capability. And as much as I like product, I also like the idea of having more less and less reliance on hardware because I promise you, in In a few years from now, you're going to tell me, yeah, I love your business, but you still got this hardware hunt and kill requirement every quarter. Here you go punch the ticket and give me hardware.
So, We're trying to thread the needle with you here, trying to give you great firewalling growth, keep the revenue growth high, keep the cash flow high and still transform our business from hardware to software. Lee, do you want to talk about that?
Sure. While we're transitioning the business, there's still Wonderful business out there for hardware and the 2 new models that we just announced yesterday are pretty exciting really. We introduced a new high end appliance, scales up to 150 gig throughput with all security turned on, 75 gig with full SSL decryption, just amazing product for the large campus data center environments. The And then at a for the branch environments, smaller enterprise environments, we announced 4 new appliances in the 400 series That basically 10x the performance of the previous platforms we had. And one thing that's, I think particularly interesting about How we're bringing these new products to market is we they have all of the leading security capabilities that the Palo Alto Networks is known for, But we're bringing them out of price points that are incredibly competitive with even the some of the lower cost vendors out there.
And so we're same capabilities, same great capabilities, leading capabilities, but at super competitive price points, change of the dynamic in the hardware space, competitor space.
I can't get Lee to say the statement. What I'm saying keeps saying leading competitors. Okay. Yes. Follow Alto great security at X prices.
We can't do it.
Okay, fine.
Great. Last question here from Patrick Coville of Deutsche Go ahead.
Thank you for squeezing me in. I was actually going to ask about the new appliances because I think that's super interesting, but I think Lee covered it pretty comprehensively there. The questions we'll be getting from investors over the last hour has been about the definitional change on ARR. So Did you mind just quantifying what the certain cloud delivered security services, how much is that in 3Q versus 2Q?
Yes. Let me give
that a crack.
And when I said that it was de minimis, it's less than $5,000,000 So just as a kind of like an overall number to
be able to work through. Great. Very clear.
Thank you so much.
Great.
Well, that concludes the Q and A portion of the call. Thank you all for joining and asking the questions. I'm going to turn it back over to Nikesh for closing remarks.
Hey, I just want to take the opportunity to thank you all for joining our call. I also want to take the opportunity to thank the employees at Palo Alto Networks for all their hard work and dedication to allow us to produce these results. We are here because of what they do. So once again, thank you everyone and I look forward to seeing you guys in our individual callbacks.