In the entertainment business, the competition is fierce and the stakes are always sky high. Success means staying ahead
of what we can do
more and for seasoned customer experience is key.
I'm Bobby Wilkins, the Vice President of Cybersecurity for CEDAR Entertainment. My job is to make sure that your experience is personalized and recognized as you want it
to be.
Steven has to be sure that what happened in Vegas and over 50 other properties across the country stays secure. That meant choosing Palo Alto Networks and the world's most comprehensive cybersecurity Portfolio.
The Palo Alto portfolio enables the other teams at Caesars to accomplish their jobs in a lower friction, higher speed environment.
Partnering with Palo Alto Networks provides Caesars with integrated, automated and simple cybersecurity that means they work smarter, not harder.
Caesars has the largest network of any business company in the world and we have in the 1st June quarter of the SaaS.
Palo Alto Networks is able to
help Caesars up their security, up serve efficiency and up the ante when it comes to customer experience.
The Palo Alto portfolio is what's building that better tomorrow for us.
Palo Alto Networks, secure today for a better tomorrow.
Good afternoon and thank you for joining us on today's conference call to discuss Palo Alto Networks Fiscal Q2 of 2021 financial results. I'm Karen Song, Senior Director of Investor Relations. This call is being broadcast live over the web and can access on the Investors section of our website at investors. Hollawaltonetworks.com. With me on today's call are Nikesh Arora, our Chairman and Chief Executive Officer Luis DeSoto, our Chief Financial Officer and Lee Klarich, our Chief Product Officer.
This afternoon, we issued a press release announcing our results for the fiscal Q2 ended January 31, 2021. If you would like a copy of the release, you can access it online on our website. We would like to remind you that during the course of this conference call, Management will be making forward looking statements, including statements regarding the impact of COVID-nineteen and the solar storm attack on our business, our customers, Enterprise and cybersecurity industry and global economic conditions are expectations related to financial guidance, operating metrics and modeling points for the fiscal third quarter fiscal year 2021 2022, our intent to acquire Bridgecrew, our intent to be carbon neutral by 2,030, Our expectations regarding our business strategy, both in equity structure for the Claytex business and a vehicle for employees to invest in such equity, Our competitive position and the demand and market opportunity for our products and subscriptions, benefits and timing of new products, Featuring the subscription offerings as well as other financial and operating trends, these financial looking these forward looking statements involve a number of risks and uncertainties, Some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements.
These forward looking statements apply as of today. You should not rely on them as representing our views in the future and we undertake no obligation to update these statements after this call. For a more detailed description of factors that could cause actual results to differ, please refer to our quarterly report on Form 10Q filed with the SEC on November 19, 2020, and our earnings release posted a few minutes ago on our website and filed with the SEC on Form 8 ks. Also please note that certain financial measures we use on this call are expressed on a non GAAP basis and have been adjusted to exclude certain charges. For historical periods, we have provided reconciliations of these non GAAP financial measures to GAAP financial measures and the supplemental financial information that can be found in the Investors section of our website located at investors.
Colawaltonetworks.com. And finally, once we have completed our formal remarks, we will be posting them to our Investor Relations Under the Quarterly Results section, we'd also like to inform you that we will be virtually participating in the Morgan Stanley 2021 TMT Conference on March 2nd. Please also see the Investors section of our website for additional information about conferences you may be participating in. And with that, I will turn the call over to Nikesh.
Thank you, Karen. Hello, everyone. I know Walter Pritchard you're listening in. Enjoy your last earnings call from the other side. Next quarter, Walter will join us at this end as our new Senior Vice President of Investor Relations and M and A Finance.
Well, moving on to the quarter. Let me start with Solar Strong, Which many of you are describing is one of the most serious and sophisticated cyber attacks in history. The Solarstorm attack highlighted that enterprises Need a comprehensive up to date map of their full IT infrastructure environments, including understanding their own networks as well as external attack surfaces and supply chains. In order for security teams to have an edge over the adverse adversaries, they need to embrace next generation technologies that leverage AI, machine learning in automation. To help our customers, we set up a rapid response program.
And when I say rapid, it was rapid. Our acquisitions of Expanse and Crypsys almost fell pre signed. The team swung into action. We updated XDR for all the new threat vectors. We offered free assessments from our crypsis team.
We also evaluated the attack surfaces from the outside in for Expanse and discovered that there were dozens of affected customers, including major government agencies and large companies, many of which were actively communicating with SolarStar ManBear command So far, we've received over 1,000 assessment requests and have completed over 500. We believe that the solar storm attack Raises the mid and long term criticality of the cybersecurity industry as a whole. This has resulted more awareness and focus on cybersecurity, It's in all candor is the need of the hour given the complete reliance of technology in these times. We expect that this attack will be a wake up call to all enterprises modernize cybersecurity and will serve as a net incremental tailwind, not just for us, but also for the industry. Before I turn to our fiscal Q2 2021 results, I have an admission to make.
Perhaps I was too cautious at the outset of the pandemic. The current sustained performance, resilience of our teams and execution has me turning more optimistic. We had a great second quarter with strong business momentum As the organization executed across all platforms and strategies. As a result, we made Q2 guidance and consensus. Here are some highlights.
We delivered billings of $1,200,000,000 up 22% year over year with strong growth across the board. Let Let me give you some additional context. Due to COVID, we have provided billing plans to a select number of impacted customers. When adjusting for these billing plans, Our billings momentum would have been several percentage points stronger in Q2 than the reported 22% year over year growth. This trend has been in place and has been growing over the last few quarters.
Consequently, our revenue growth is higher than billings growth and accelerated to 25%, reaching $1,000,000,000 for the first time ever. Yes, our first $1,000,000,000 revenue quarter The strength has been across the board. And as we continue down the path with more and more of the subscription based model, the revenue productivity will continue to rise. Non GAAP EPS was $1.55 up $0.36 from last year. EPS expansion was driven by revenue growth and operating expense leverage.
While there continues to be beneficial impacts due to lower travels due to COVID, we do continue to have resources to support our product expansion, which we expect to continue. Free cash flow margin for the quarter was 32.7 percent. In the first half of fiscal year twenty twenty one, we generated $838,000,000 in free cash At a margin of 42.7%. We still expect free cash flow to normalize for the year around our full year guidance due to some seasonality we see in the second half. Last quarter, we started the dialogue around network security and cloud and AI and shared the P and L for both businesses.
We received great feedback on the additional transparency. We want to continue to drive more transparency to unlock shareholder value. Let's first take a deep dive into Network Security Business, which we are calling NetSec. Our Net The SIC business is undergoing a transformation towards software and SaaS, making it more predictable and sustainable. Starting with our hardware firewall business and associated services, For us in building solutions only as hardware, we have chosen to offer security services in the software sector.
Over the last 2 years, we have doubled our security subscriptions in 4 to 8 With the introduction of DNS, SD WAN, IoT and DLP. We're seeing great progress with DNS, which has acquired nearly 5,000 customers since launch. The new subscriptions along with the introduction of higher tier support, VIBM support has allowed us to increase our next generation firewall support and security subscription revenue as a percentage of Next generation firewall hardware revenue over the last few years. As you can see, we've sustained a 15% CAGR in hardware Subs and support and our hardware contribution is down from 39% to 29% in that time. To continue to drive software growth, we have made these subscriptions available across all Form factors, firewall Flex and Prisma Access 2.0, we just recently completed the process of making it available on Our product Prisma Access 3.0, which is our firewall in the cloud.
Turning to our software firewall. We continue to see a transformation to software With the introduction of advanced features, cloud native integrations and the development of the industry's 1st containerized next generation firewall, we continue to see product market fit. As a result, VM and CN Cities go over 60% in the first half of FY twenty twenty one. We recently launched Firewall Flex, another industry first, Unique approach on how we offer virtual firewalls and CN Cities to increase customer flexibility and enable a consumption model to drive additional growth. This new flexible consumption model features credit based licensing that lets you consume VM and CM centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters centimeters Ses firewalls, choose a number of CPUs needed And add any or all of our 8 security subscriptions, we just previously narrowed into 5.
We believe that by providing greater flexibility to our customers, We will continue to drive growth and achieve greater subscription attach rates. To highlight how our software and firewalls are transforming, how customers approach security, We closed a deal with a leading telecommunications company to secure their 5 gs network. The transition to 5 gs is driving a number of very important architectural changes, Including a highly distributed design, containers as a foundation and security for enterprise customers as a critical business driver. We are first to deliver enterprise And service provider class 5 gs and container security. In doing so, we empower our customers to provide a secure 5 gs service to their customers And provide managed security offerings to the enterprise and customers.
Now let's talk about Prisma Access. When COVID dramatically changed how work It's done at companies across industries around the world. The needs for securing a remote workforce have also changed. No longer is it sufficient to have partial access to applications Or what is sometimes called good enough security. Overnight, connectivity to every application was needed, security became business critical And user experience determine the difference between maintaining productivity or falling behind.
Even before COVID accelerated this change, We're already working on turning Prisma Access into an industry leading solution for enabling a secure and remote workforce. What initially started as a global product cloud service Starting to transform in 2019 with the launch of Prisma Access. In the last year and a half, we built out industry leading capabilities. In that timeframe, Prisma Access has gone from less than 150 customers to now nearly 1,000 customers and 30% of the Fortune 100. Last week, we announced Prisma Access 2.0, the biggest updates since introducing the service.
Prisma Access is a full security platform in the cloud The machine learning based security preventing unknown threats in line at line speed, the full firewall delivered as a service And includes features like 0 Trust Network Access, Secure Web Gateway, CASB, DLP and IoT Security. Prisma Access secures both web and non web apps as an example. The conventional web security approach to cloud delivered security Misses 53% of all remote workforce threats that ride over non web apps. Those threats cannot be ignored and unlike alternate solutions in the market, We have completely reimagined the way customers manage Prisma Access with an entirely new cloud based UI That delivers better security outcomes through built on security assessments. The new Digital Experience Management add on provides native end to end visibility and insights for SaaS And the ability to self heal when digital experiences problems occur.
Prisma Access is built on a low latency and highly scalable infrastructure with Google Cloud's backlog. Lastly, Prisma Access along with the Prisma SD WAN, our rebranded product from CloudGenics delivers a complete SaaS offering. The recent addition of Cloud Blades, we now have a SaaS platform, which allows for an API platform for seamless third party service integration. Prisma Access securely enables access to all applications and lowers best in class security to meet enterprise security needs without compromise It enables user experience that maintains or even improves worker productivity. In Q2, we closed an 8 figure deal with a leading technology company with over 100,000 employees The business is over 100 countries.
As part of the digital transformation, the company was launching a new remote work initiative. In order to realize their vision, They need a secure and optimized network that will support a flexible remote work environment. Palo Alto Networks was ultimately chosen ahead of several of our security peers As the customer saw us as the only vendor that was offering a true SaaS solution. Ultimately, Prisma Access was a key product given the goal to rapidly enable remote work. But the customer also purchased next generation firewalls, the M Series firewalls enhance their sole capabilities through Cortex XDR and X Vault.
This is definitely a cross platform deal to be proud of We look forward to a great partnership with the customer going forward. Lastly, several of you have asked in the past about a software transition While the first phase of VM and Prisma access purchases have mostly been incremental use cases, we put together a few key examples on what we see in the market When a customer does choose to replace the hardware based security solution with software or SaaS. For use cases, our VMs replace hardware firewalls, Like this example of a local retail store running software firewalls and third party hardware along with other software applications, the estimate that the 5 year revenue Although the VM Series deal is roughly equal to that of a deal deploying a separate physical network firewall. For use cases where Prisma access replaces hardware firewalls, We took a typical branch office use case and estimated the 5 year revenue of a Prisma Access deal is 2 times larger than an ex generation firewall deal. From a customer perspective, we estimate that the customer's total cost of ownership is generally reduced as they move to virtual and cloud delivered form factors.
As you know, Prisma AX is only a year old, so our gross margins aren't as favorable as hardware, but we expect them to improve over time. Now moving over And looking at our Cloud and AI business. We started this call by discussing Solarstorm, but didn't talk about our own experience with an attempted Solarstorm attack. Back in December, we shared with the broader security community that Cortex XDR instantly blocked a solar storm attempt on power of networks, Thanks to its behavioral threat protection capability. We continue to be bullish around the rapid pace of innovation that is going into our Cortex XDR product.
In fact, Cortex XDR was recently recognized by 80 comparatives as a strategic leader in their latest endpoint prevention and response evaluation, While still delivering lower total cost of ownership than several endpoint security peers. Importantly, last month, Cortex XDR and Data Lake achieved FedRAMP moderate authorization, which should make it a key piece of technology in the federal space. As further validation of our vision, We see more and more players in the endpoint security space, rushing to jump on the XDR wave that we had established 2 years ago. Overall, We continue to see the Cortex portfolio developing the industry's 1st proactive security platform and we see penetration in the largest companies continue to grow. 35% of Global 2,000 and 66 percent of the Fortune 100 are now Cortex customers, indicating that automation and advanced threat detection are top of mind for these customers.
In Q2, we closed a deal with the retailer. The company chose Cortex XDR to increase visibility, control and protection of the endpoints By adopting a more complete solution with XDR rather than using EDR. With Cortex XDR support for mobile, the customers are also able to easily extend Cortex XDR to additional devices leveraged on-site of their stores to unify their endpoint security policy across their entire enterprise. We then expanded the conversation to address their SOX operational challenges by demonstrating how Cortex exports out of the box pre processing rules And alert deduping could reduce the alert volumes dramatically. With the combination of enhanced visibility, protection and control of the entire endpoint estate With automating and orchestrating the live volume, the Cortex platform will have an immediate impact on this new customer.
Switching to Prisma Cloud. Prisma Cloud is building the most comprehensive and best of breed cloud native security platform and we continue to see strong customer interest. Prisma Cloud has now acquired over 2,000 customers It's 74% of the Fortune 100 and secures 2,500,000,000 cloud release workloads. We also continue to see an increase in Prisma We're using both cloud security posture management and cloud workload protection for containers and service less applications now at 50%. Additionally, Last month, Prisma Cloud also achieved Fed's AMP modernization along with Cortex XDR and data lake, as we said.
This allows U. S. Government customers Leverage our visibility, compliance and governance capabilities for securing multi cloud and GovCloud deployments. The last year I'd like to highlight is the largest Prisma Cloud deal that we've ever closed, 8 figure deal is a leading SaaS company. Like many in the industry, they're moving from a private cloud environment to the public cloud.
As part of the shift, Moving to a containerized application architecture. The customer had unique scalability, availability and vulnerability requirements For securing the containers across AWS, GCP and Azure clouds. The maturity, the superior vulnerability detection of the container security capabilities And the scalability of runtime protection of Prisma Cloud help convince the customer to choose Prisma Cloud as their continuous security platform of choice. Last week, we announced our intent to acquire Bridge Crew, an early pioneer of security for the developer community. The next big challenge we're taking on in cloud security is what is known as shiftless security.
Developers are playing an increasingly important role in cloud security, Both in terms of what products are used and how they're operationalized. Today, a single error in development can be replicated 100 of times Over resulting in thousands of security alerts to be fixed. This drives down productivity and increases likelihood of security issues in production applications. ShiftLeft integrates security into the DevOps process to catch these issues upfront where they are easy and quick to fix. It's a win for developers and a win for security.
Bridgecrew recognized the need for Shift plus Security and pioneered an approach to infrastructure as code designed for developers. To engage the developer community, they released an open source product called Checkoff that was downloaded over a 1000000 times last year and a paid 4 products gaining early traction. When we bring network security and cloud AI together, we see tremendous synergy, synergies, power of the platform, the power of networks. Looking at our Global 2,000 customers, we see that these customers are increasingly adopting Strata, Prisma and Cortex. 68% of our global development customers have purchased more than 1 platform, up from 62% a year ago and 56% 3 years ago.
Given the momentum that we're seeing, we're raising guidance for the full fiscal year. For fiscal 2021 and at the midpoint of guide, we expect total revenue growth of 22%, Up 200 basis points from our prior guide. Total billings was up 20%, up 100 basis points from our prior guide, slightly lower than our revenue raise due to the impact of billings plans as we discussed We continue to expect next generation security ARR at $1,150,000,000 up 77% year over year. Product revenue is flat year over year, unchanged from our prior guidance. Lastly, non GAAP operating margin of 50 basis points and adjusted free Up of adjusted free cash flow of 29%, unchanged from our prior guidance as we continue to invest to capture the opportunity in the market.
Now let's review our fiscal year projections for NetSec and PlaySec. Overall, we are confirming our PlaySec projections while raising NetSec billings by 100 basis points And revenue by 200 basis points given the strong performance of Saxy and BMCs. Moving on to adjusted free cash flows. We expect Network Security will deliver free cash flow margin of 41% in FY 2021, up from 38% in FY 2020. We expect Cloud and AI free cash flow margin of negative 42% FY 2021 and improve from negative improvement from negative 59% FY 2020.
As mentioned last quarter, For the next few years, we expect Cloud AI to achieve gross operating and free cash flow margins in line with industry benchmarks as we gain scale And our customer base matures and becomes more efficient. As you can see, we have been able to dig deeper and align our resources Further with our business areas in place like NetCent. And as I noted earlier, there are tremendous synergies in the power of the platform and power auto networks. At the same time, we've also been increasing our focus on our software transformation and hardware firewalls, while building a new cloud AI business. To continue this transformation and strengthen our financial profile, We feel that we can create more focus by aligning the teams around net second place.
So we're officially going from 3 speed, both on aligning our efforts around these two business areas with 6 focused efforts SPEAK posted on our next fiscal year. NetSec, we're focused on driving this transformation from hardware to software and delivering a best of breed hardware solution as acquired. As you saw, this transformation is actually financially neutral to net positive for us and always beneficial to our customers. The Speedboat sale will be firewalls, including virtual firewalls, Sassy and outgoing security subscriptions. Claset, the business area with regard to our security and our Cortex efforts have proven that with focus In an opportunistic organic and inorganic strategy, we can create an industry leading set of solutions for cloud security and solutions like XO and XDR, and AI and ML.
Here we need continued investment for us to drive customer scale and for us to continue to invest in both continued product development and customer adoption. We'll do so by continuing our focus on Cortex, Business Cloud and Also Networks, Incident Response Services, a newly formed team combining CRYPSIS and Unit 42, which Wendy Whitmore has joined to help lead. We're also excited to announce that with the Board's consent, they're finalizing the filing needed for an equity structure for the Playtech business. Our goal is to make sure that the value of the Playtech business is more transparent. In addition, the Board approved the development of a vehicle for employees to invest in such Glacek Equity, strengthening the alignment of shareholders And the interest of employees regarding a successful workplace like business.
Lastly, I'm also proud to say that Palo Alto Networks recently made a commitment to address climate change, Luis will go over in more detail around how we will be carbon neutral by 2,030. With that, let me turn the call over to Luis.
Thank you, Nikesh. Climate change is an existential threat and our Palo Alto Networks were all in to do our part to address this crisis. We have done some important work up to this point, including lead certifications, recycling and community involvement. We plan to step up our efforts and contribute even more. I'm proud of our commitment to be carbon neutral by 2,030.
We have already activated renewable energy and high quality carbon offset strategies. We will be reducing our emissions aligned to science based targets and we will work across our value chain to have lasting impact and advocate stewardship. The Paris agreement calls on all of us to limit global warming below 2 degrees Celsius by 2,050. We plan to reach our commitments by 2,030. We will keep you informed of progress along the way.
We will continue to participate in the carbon disclosure project and start sharing plans And progress using protocols set by the passport on climate related financial disclosures. During the World Economic Forum's Davos agenda last month, we committed to increase transparency by reporting on the International Business Council's stakeholders' capitalistic metrics over time. It will take creativity, collaboration and visionary thinking to protect our planet and we're off from the challenge. We call on others to join us, consider aligning to the Paris agreement and make your commitment to do your part. Now turning on turning to our financials.
As Nikesh indicated, we had a great second quarter and we continue to deliver winning innovation and New customers at a fast pace. This strength gives us confidence to raise our guidance for the year. I would like to start With our performance in firewall as a platform or SFAB, which had a great quarter as we continue to grow faster than the market. SFAB billings grew 21% in Q2 as we continue to transition from hardware to software and SaaS form factors. As you can see, SF billings declined 3% in Q2 2020.
And over the last 4 quarters, we've been able to drive sustained execution and growth in this area to 21% in Q2 2021. Next Generation Security or NGS continues to expand and now represents a quarter of our total billings At $309,000,000 growing 59% year over year. In Q2, we added over $120,000,000 in new NGS ARR Reaching $840,000,000 Let me remind you, at our analyst our last Analyst Day in September of 2019, NGS was a gleam in our eye and we call for $1,750,000,000 in billings by 2022. We're on track to beat those numbers. In Q2, total revenue grew 25 percent to $1,000,000,000 Looking at growth by geography, the Americas grew 27%, EMEA grew 24% and APAC grew 14%.
Q2 product revenue of $255,000,000 increased 3% compared to the prior year. Q2 subscription revenue of $462,000,000 increased 35%. Support revenue of $300,000,000 increased 32%. In total, subscription and support revenue of $762,000,000 increased 34% And accounted for 75% of total revenue. Excluding revenue from Crisis and Expanse, subscription and support revenue increased 31%.
Turning to billings, Q2 total billings of $1,200,000,000 net of acquired deferred revenue increased 22%. Strength was broad based As we continue to see strong execution across the company, the dollar weighted contract duration for new subscriptions and support billings In the quarter, we're slightly down year over year, but remain at approximately 3 years. From the first half of fiscal twenty twenty one, Billings of $2,300,000,000 increased 21% year over year. Product billings were $495,000,000 up 3% And accounted for 22% of total billings. Subscription billings were $1,200,000,000 at 23%.
Support billings were $733,000,000 up 34%. Total deferred revenue at the end of Q2 was $4,200,000,000 an increase of 30% year over year. Remaining performance obligation or IPO was 4 point $6,000,000,000 an increase of 41% year over year. In addition to adding approximately 2,400 new customers in the quarter, We continue to increase our wallet share of existing customers. Our top 25 customers, all of whom made a purchase this quarter, Spend a minimum of $59,000,000 in lifetime value through the end of fiscal Q2 2021, a 27% increase Over the $46,000,000 in the comparable prior year period.
Q2 gross margin was 75.3%, Which was down 110 basis points compared to last year, mainly driven by a higher mix of our NGS products, which are less mature. Q2 operating margin was 19.8%, an increase of 190 basis points year over year. The operating margin expansion is driven by operating expense leverage behind operational efficiencies, lower travel and event expenses due to COVID, which more than offset the incremental investment in headcount. We ended the Q2 with 9,038 employees, including 176 from Expanse at the close of acquisition. On a GAAP basis for the 2nd quarter, Net loss increased to $142,000,000 or $1.48 per basic and diluted share.
Non GAAP net income for the Q2 increased 28 percent to $154,000,000 or $1.55 per diluted share. Our non GAAP effective tax rate for Q2 was 22%. Turning to cash flow and balance sheet items. We finished January with cash, cash equivalents and investments of $4,000,000,000 On December 4, 2020, Our Board of Directors authorized and increased our share repurchase program and extended the expiration date to December 31, 2021. As of January 31, 2021, dollars 1,000,000,000 remained available for repurchases.
Q2 cash flow from operations of $365,000,000 increased by 19% year over year. Free cash flow was $332,000,000 Up 29% at a margin of 32.7%. DSO was 60 days, an increase of 3 days from prior year period. Turning now to guidance and modeling points. For the Q3 of 2021, we expect billings to be in the range of $1,220,000,000 to $1,240,000,000 an increase of 20% to 22% year over year.
We expect revenue to be in the range of $1,050,000,000 to 1 point $6,000,000,000 an increase of 21% to 22% year over year. We expect non GAAP EPS to be in the range of 1 $1.27 to $1.29 which incorporates net expenses related to the proposed acquisition of Bridgecrew using 100,000,000 to 102,000,000 shares. Additionally, I'd like to provide some modeling points. We expect our Q3 non GAAP Effective tax rates will remain at 22%. CapEx in Q3 will be approximately $30,000,000 to $35,000,000 As Nikesh reviewed earlier, for the full fiscal year, we're again raising our guidance across most metrics.
We expect billings to be in the range of 5 $0.13 to $5,180,000,000 an increase of 19% to 20% year over year. We expect next generation security ARR to be approximately $1,150,000,000 an increase of 77% year over year. We expect revenue to be in the range of $4,150,000,000 to $4,201,000,000 an increase of 22% to 23% year over year. We expect product revenue to be flat year over year. We expect operating margins to improve by 50 basis points year over year.
We expect non GAAP EPS to be in the range of $5.80 to 5 point related to the proposed acquisition of Bridgecrew using 99,000,000 to 101,000,000 shares. Regarding free cash flow for the full year, we
Our first question comes from Keith Weiss of Morgan Stanley. Excellent.
Thank you guys for taking the question and very nice quarter.
I was hoping to dig in
a little bit into Solar Storm. And if you could talk to us about Any impacts that you saw in this quarter? And more expansively, how do you expect the impacts of that event To play out as we go through the years, is there more on the common? And what parts of the product portfolio do you think are going to get most impacted by that event?
Hey, Keith. Thanks. Look, as we said in the call, we launched a series of initiatives to make sure that our customers are protected vis a vis solar storm. That was a sustained attack, which was planned over a series of quarters, if not And what we realized that once you get in the supply chain and start being able to respond to 18,000 customers, the impact What's happened is people were first reacting to that and started to make sure for an emergency basis there's nothing in their infrastructure Which is already infected and they have not effectively been compromised. Now with that slowly and steadily behind us, what's happening, we're noticing people doing cybersecurity assessments.
Every Board is out there saying, take a look at what we've got, make sure that if there's no breaches, make sure that we won't be breached. First question was, Are we breached? The answer was, no, we're fine. Somebody rings, wait a minute, could we have been breached to be the API Solar Strong? The answer is yes.
So what we're noticing is we're noticing a rethinking of the cybersecurity architectures. In that context, our Cripps acquisition was very helpful because that's where we have the Field force to be able
to go out
and address these situations. It kind of sort of came to light. And I don't know if you know Wendy Whitmore than IBM X Force until now and she's going to come join us. She's had a stint of CrowdStrike and FireEye and Mangiant as well. So she's going to come drive that effort even more aggressively for us.
We also saw that our own case, XDR protected us, which again becomes an important distinction for us because it was a 0 day attack and we found it because of behavioral anomalies We're happening on the endpoint, which is effectively a key feature of XDR. So we're seeing a lot more conversations around that and expands its ability to be able to look at what assets are Close to the outside, which in this case was Solarstorm servers, was also useful with an expansion out and looked and saw that there were hundreds of customers with open Solar storm server sitting on the network. So it's generally been useful for us in the XDR part, the XR part, The Cripsus part, but more importantly from a Board focus on cybersecurity hygiene has been critical.
Excellent. Thank you.
Our
next question comes from Philip Winslow of Wells Fargo.
Great. Thanks for taking my question and congrats on another fabulous quarter. Really want to focus in on Prisma Cloud and the BM and CN series. Obviously, You saw a massive uptick in number of workloads that you protect in the cloud with Prisma Cloud and then obviously a massive uptick year over year, I think more than 4x in terms of the number of Firewall software customers. So I guess kind of 2 related questions in here.
First, because why are you hearing the customers are choosing Prisma Cloud obviously signed a large deal in that product's history this quarter. And then the follow-up to that, when you think about Prisma Cloud plus the success you're seeing in the VM and CM series, Are those 2 combined kind of changing the customer dialogue that you're having as you're seeing these customers accelerate their shift to cloud?
Yes. So thank you. Look, if you look at it, if you abstract yourself, we grew our firewall as a platform 21%, right? And we've been talking about trying to get that to The 15% range, you can see all that growth has come from firewall in the cloud, I. E.
Prisma Access 2.0 And has come from our BMC and CNCs firewalls. And it's kind of it's hard to understand if you're not sitting with the customer. We've seen a few deals flip From hardware to software in the last week. Literally customers aim to buy a bunch of hardware and said, wait, hold on. You guys launched its firewall flex, why don't we just go into the Flexible credit program, we can spin up as many firewalls we want and spin them down if we don't need them, and then we can carry those credits to the cloud.
So what I think what is something very important to understand, we are going through a hardware to cloud transition now in the industry. It does not mean it's a demise of the hardware industry. It just means that the incremental shift is beginning to happen, it's getting gathering momentum. You can't keep posting tens of 1,000,000,000 of dollars on billings for AWS, GCP and Azure and not see a decline in data center over time. It's going to happen.
So if you look past the quarters and in that transition, it becomes very important how you're going to protect yourself in the future. So we are beginning to see customers go from hardware to software. And honestly, We're encouraging it to the extent the customer wants our opinion. We have the ability to sell them hardware, the best industry or the ability to sell them software firewalls As you build a sales on Prisma, access to revenue in the cloud. We're sitting down and saying, you pick the best architecture you want, we'll service it.
You ask us, we'd rather you run down the software route. That's when all of you guys start asking us, wait even if you go to software, do lose money. So we put up a slide saying, look, we don't lose money, we make more money. We don't say that not that loudly because that's not a good thing to say loudly. It's better security solution for the customer, reduce total cost of ownership, but we're seeing that transition.
I think that's the most important part of the story. And as we highlighted, we did a big deal in the telecom space where suddenly security matters in 5 gs, right? Because in No offense when you and I walk around with our iPhones and Android devices, you got malware on them, tough luck, buddy. But if you're a car Driving down the highway and that can be infected malware, that's a problem. So the 5 gs enterprise networks have to be secure.
All 5 gs networks are being built on the cloud.
Great. Thank you very much.
Thanks, Phil.
The next question comes from Sterling Auty of JPMorgan.
Yes. Thanks. Hi, guys. So in the context of the guidance increase, I did notice that the next generation security ARR is Same the same despite what looked like good results in the quarter. Was there any pull forward or what additional commentary can you give us around that NGS ARR outlook for the year?
Honestly, there's no hidden meaning
in there. We're not trying to tweak it in such a way that Look, we've seen strength in cloud firewall. We've seen phenomenal sense in Prisma. I have to tell you that this pandemic has forced The network conversation about how do I make sure Sterling can access every application at home, not just the ones that I will let him access. It's gone from a It's good to have remote access, but you have to have remote access.
And then the security and suddenly start paying attention to network architecture. And then Lee and his team have delivered this phenomenal next upgrade where we can look at both web based and non web based apps. So we're seeing phenomenal success. So There's no tempering of our expectation and ambition on NGS. It's just how the math works right now.
Understood. Thank you.
Next question comes from Bhagat Kalia of Barclays.
Okay, great. Hey, thanks for taking my question here guys. Nikesh, maybe for you, you touched on this in your prepared comments. Can you talk about the cloud and AI equity structure? What's the reason for setting up that structure now and how is it going to work mechanically?
So, Saket, and a half years ago when I came here, we talked about building a cloud security business and we talked about building an AIML based business. Last quarter, we started showing you The two pieces of NetSec and PlaySec, you've seen that we're aspiring to get $735,000,000 of ARR in cloud AI security. We also shared Our left hand side, our network security business actually has phenomenal cash flow margin, 38% going to 41%. So that's a cash generative part of our business Whilst we go through a soft hardware to software transformation. On the right hand side, we're competing with them out there today like the CrowdStrike of the world And in the SDR space and a bunch of startups in the cloud space, that's an area for investment.
We think that the market inherently values both those business fundamentally differently. It values the network security business and cash flow, it values the cloud It values the network security business and cash flow. It values the Cloud AI business on ARR. So we want to be able to create the opportunity for the market to value our businesses differently To create more transparency for the shareholders and it also allows us to keep investing in the Cloud AI business And in the interest of driving more ARR. So what we've done is, as you saw, we've separated our financials, show you both NetSec and Placex.
Louise and team have worked hard to get them audited, make sure that we could keep them on a more regular basis going into next fiscal year. And we are looking at various equity structures that allow us to create incentive plans as well as Potentially in the future monetize the Clay Sec business for a different set of investors compared to the overall power of investors.
Our next question comes from Fatima Gomani of UBS. Good afternoon. Thank you for taking the questions. My question is around the firewall as a platform business and the metrics there. Appreciate that deals sort of change flavor in the 11th hour to your point in cash.
So what are some of the core We should leave with around the installed base refresh opportunity as well as the R and D pipeline for Hardware and appliance refreshes within the product portfolio on the Strata side?
Lee, do you want to talk about the All I'm saying is that we're not taking our pedal off the metal. We are going aggressively trying to continue to build the Generation of hardware and focus on refresh. I will tell you in absolute dollars, we still sell the largest number of hardware firewalls in the industry. We got lost in percentages. It doesn't matter if other vendors are out there generating 18% growth.
We still sell more absolute dollars of product in a quarter than everybody else. Elyse, you talked about the hardware.
Yes. We're always working on the next generation of hardware, since the beginning of the company till now and we have some Amazing new platforms coming. I won't tell you too much until they're out, but we're always working on that Really exciting stuff there. The software side as well with Panos and new security capabilities, another set of amazing things we're working on. One thing I'll point out in that though is the leverage we get across hardware, software and cloud delivered.
Part of what really resonates with our customers is not that they get to pick which one they use from us, but their ability to actually use hardware where they need hardware, Software form factors where they need software, cloud delivered where they need that, with a set of consistent security capabilities, easy to manage and operationalize, that's Something that only we can deliver to our customers.
Thank you.
All right, great. Hi, thank you. Thank you for taking the question. I was wondering, Nikesh, if you could dig into a little bit Firewall Flex and your credit based licensing model for next gen firewall, what was the timing of that rollout? How long has it been in market?
And How much adoption is that in terms of the way it's impacting your model?
I'll give you the preface of it and then Lee can jump in and give you the details. But look, when We had refreshed our VM pricing policy. It was set up more like a hardware business, where you had to tell us which particular model of software you wanted. You were basically stuck to that model. And if you think about software deployment, it's a key.
I can give you a key with more capacity or key with lower capacity. So we just felt that we were being too Advancing our approach in selling software in a very hardware centric model where you can only buy 5 subscriptions of 8. So we worked hard over the last 18 months to get this all done into A new credit based model where you can right size your requirements, so you can spin them up and spin them down. But if I say everything, then we don't get to say much. And we
In my defense, like the when we came up with the model that was sort of, I call it the normal model and that's what others were doing. I'm Actually, our customers are very excited about this new firewall flex model because it is the first of its kind in the industry, giving our customers The flexibility, as Nikesh was saying, to choose how many CPUs do they need, what subscriptions do they want, where they want to deploy it, Cloud, on prem, etcetera, that level of flexibility and to do in a credit model where each individual deployment can actually be different. So we've actually it's one of those unique cases where we've given the customer a lot more flexibility and options, Yet made it simpler at the same time. The last piece that it addressed was in the old model, it was getting too cumbersome on how to offer all the different security subscriptions. This model allowed us to easily scale to all of the current security subs plus any future subscriptions we come out with.
Sorry, we just launched the beginning of February. So it's only been out for a few weeks. We're already having customers respond incredibly positive to it.
All right.
Congratulations on the good numbers. So yes, last week, you all announced How secure gateway features in Prisma Access, how important is that functionality to your customer base? And do you think it creates an opportunity to gain incremental share from legacy players like Symantec or even some of the higher growth companies like Seascale?
Oh, sorry. Okay. Now he changed his definition of legacy. Never mind. Sorry, just kidding.
We get punchy after too much coffee in our earnings call. So,
Lee, right.
Because as I think all of you have seen or heard from us before. We used to set up this Sort of either or approach, either it was next gen firewall approach to security or as a proxy approach. And You've heard us talk a lot about the challenges associated with the proxy approach, limited application support, some of the challenges with Applications and breakage and performance, but at the same time we recognized is there are certain use cases out there Where there is a right way to do it and it is a can be very complementary to what we do from an action borrower perspective. And so with this release, We basically integrated that into Prisma Access such that we can now give our customers the ultimate flexibility On how they connect to the cloud through both a secure web gateway model, plus our next gen firewall natively integrated And provide all the great security capabilities we have.
So I think, Graeme, what Lee is saying is we can we retain New York's religion on proxy. Now we also support proxy as part of our product. And we also support the app based support. So now you can go after web based apps and non web based apps. And we said 53% of your breaches come from Non web based apps and proxies are useless and non web based apps.
And we cover both opportunities by doing it the proxy way or the non proxy way.
Got it.
Okay. Thank you very much.
Next question comes from Patrick Colville Deutsche Bank.
Hey there. Thank you for taking my question. Really appreciate it. Just want to ask about Bridgecrew. So is that deployed on prem in the cloud?
Who buys it? Is it the kind of developer buying it with Credit card type payment model, just help us understand that product better, please. Yes. Look, again, I'll do the one two punch here. But We've been making bets for the last two and a half years where our security is going in the cloud space especially.
We went from workloads, we went to containers, we went to micro segmentation, we went to DRP, we went to I am. And what we come to the realization is what's happening is there's a bunch of so what happens is you do you build an application to the developer, you give it to your IT Teams are deployed, hey, you silly guy, you've got a bunch of security bugs and you go fix it. The guy said, what's my security bug? Why didn't you tell me before? Since started going to open source and trying to find security monitoring software to see, let me just make sure I don't build stuff with security bugs in it.
So what happens is what Bridgecrew has is such a it's a open source, free, no credit card needed Piece of software that starts tracking the security bugs in your development site, CICD site. So it tells the developer, you're making a mistake, fix it. Now Apple is you fix it, then you give it to the guy and security guy says, wait, you still have bugs. So wait a minute, I checked it. So what we've done is we bought Bridgeview, we'll take the open source tool that they have, Look at the policies there.
We'll map them with the policies in the enterprise side to make sure that if you need to find if they're going to check for it in real time and in production, you get to Check for it for free as a developer. So there's 26,000,000 developers developing their seamless security professionals. If you can get 26,000,000 people To start checking it while they're building the application, building software, then it's consistent with what they're going to be checked out in the enterprise side. That's the muscle we didn't have. That's a DevOps muscle.
Most DevOps companies don't have security muscle. We have security muscle, we don't have DevOps muscle. We just bought DevOps muscle. Okay. And so the monetization is the so what will happen is they have a Enterprise version of the free software they give away to developers.
It's kind of like Dropbox, if a lot of people started using it, You want that to be in the enterprise section because you don't want it being checked against a different product set of policies. So we're going to merge that enterprise case with Infinox Cloud because we already check it. I will say whatever your developers check for free is what we're going to check-in production, they're consistent. So if they didn't find a bug when they were Writing the code, we're unlikely to find it when we're running it. Thank you.
Question comes from Tal Liani of BofA.
Hi, guys. I want to go back and ask about the legacy or the hardware piece. I'm trying to understand the competitive landscape now and trying to understand the customers' reaction to the fact that market is migrating somewhere else. Are there still competitive replacements Or is this a case where customers just keep the status quo whatever they have today because if they take a decision, it's going to be Decision to migrate out of hardware into more modern solutions. So I'm trying to understand the dynamics, the underlying dynamics in the market and from it to Stan, what's the competitive landscape like?
Yes, Tal, thanks for the question. Look, what's going to happen in my version of the world is you will still have 40% to 50% of the customers will still stick to a data center or hardware based strategy. I think what the market has not fully embraced and understood is when you move to cloud, The cloud can be expensive. And many companies will say, wait a minute, I don't need to do all this stuff in the cloud. I'm going to still keep a data center and do some of the less expensive stuff Here, why do I want to take everything and make it real time bleeding edge on the cloud?
So we're going to end up in a hybrid world where people are going to maintain data centers and maintain the cloud. So I don't think every customer in the world is moving to cloud, but I think on the margin, yes, you're seeing a bigger shift to cloud than you are people seeing happen. So with that fact in mind, We do see competitive replacements when customers have end of life for existing hardware installs, right. They're sitting there and saying, I'm coming to end of life for legacy vendor A, B, C, D or E. Should I go replace this with new versions of legacy A, B or C?
Or should I look at a new network architecture, which allows me flexibility of having hardware and software in remote access. The example we gave, we did a $20,000,000 deal with a customer Who built who bought Prisma Access for half of their employees, who bought hardware firewalls to the data centers and who bought virtual firewalls to the cloud and They make sure they're all consistent. So we do see customers end of lighting legacy hardware, which is
dead ended, which doesn't have
a software form factor or a firewall in the cloud And we do see them transitioning to a hardware and software model. So it's not zero sum, it's not either or, it sometimes ends up being This ends up. Got it. Thank you.
Next question comes from Brent Thill of Jefferies.
Thanks. Nikesh, there's a lot of
questions from investors about this Proposed equity structure and the timing and what you think, I'm curious if you could just double click on What do you think this
looks like and why you're doing this right now?
Thanks for the question. Look, it's not First of all, we have spent the last 6 to 8 months preparing for the financials visibility and transparency of Playtech and EdTech. It requires a lot of work on our accounting side, lots of rules to make sure how we do transfer pricing between the entities, how do we leverage our common sales force and power networks. So and again, we're not Doing anything yet, all we'd have is we presented to the Board and they've agreed that this is an area for us to go ahead and work further on, Which means we are looking at seeing how can we make the Clay Stack equity more transparent if we believe the market values that differently than the volatile Now the market could say this is great, we just love your borrowed equity and we will help it achieve all the price targets and also more Enthusiastic and optimistic ones that you have, in which case we may not have to do anything. If not, we may actually go take a look at the Glaestick equity and see how do we create more transparency.
Because Fundamentally, if you look at it, you've got one business on the left generating $1,500,000,000 of free cash, which is fantastic. We like it, 38% margins, 1.41% Whilst we're going through a hardware to software transition. On the other hand, we have a $735,000,000 ARR business going at 77%. That business has negative cash flows And the market looks together and values us one step away, maybe the market will value it differently if you look at it differently. So we're just exploring the opportunity Of being able to make that value more transparent.
We're not going to change the operating structure of the company. We're going to still run it as one company With 2 basically agile business units, if that makes sense.
Next question comes from Michael Turits of KeyBanc.
Hey, good afternoon everybody and nice quarter. It was a really good quarter on firewall platform as a service and you raised network security, but product itself was just a slight beat and didn't raise it. So What's the delta? What really raised that guidance on network for the year and drove the outperformance? What was the biggest piece?
VM Series, Prisma Access, subscription attached, how would you rank
those? Access, VMs and subscriptions, not because subscriptions aren't doing well, it's just a very large number. So Sustaining a large number going at 30% is a good thing. Right.
So it's really Prisma Access was a big driver.
Yes. I mean look at Access, it's gone through a When I joined, it was called GlobalProtect Cloud Service, we barely did $10,000,000 in the quarter. Now it's playing gangbusters. So now it just set you to $20,000,000 deal Across the customer's entire enterprise, which included Cortex and Prisma Access in there. So we can get to $10 plus 1,000,000 deals on Access In one deal where we were doing $10,000,000 in 1 quarter, 3 years ago.
So that makes sense.
Great. Thanks, Nikesh.
Next question comes from Jonathan Ho of William Blair.
Hi there. I just wanted to get Some additional color in terms of the subscriptions that you've been, I guess, selling with the firewalls. Is there any way that you can maybe provide some Additional perspective on maybe which ones are doing well and what the average number of subscriptions being taken are and yes, that'd be great. Thank you.
Yes, Jonathan, obviously, we had 4 when I joined and they're all had over 50% attach rates Even before, the one which has gone from 0 to 500 is DNS secured in the last 2 years, as we just announced we crossed the 5,000 customer mark. Many of the newer subscriptions were just launched at part of 10.0 with our software. So they're all very recent, Which includes IoT, SD WAN, DLP. And sorry, I got Lee sitting next to socially distance. I keep not asking him what he if I forgot anything.
But SD WAN, you can see is combined with our CloudGenics efforts. So we see SD WAN traction between the 2 of them. We're seeing a lot of interest in DLP, Which is very early. It's only a few weeks old. And IoT, we see situations, but that's more of an architectural sales because not just a DaaS subscription.
People want to look at the IoT architecture for the enterprise. But we launched healthcare IoT, so it's part of the IoT effort. So I have expectations from DLP, I have expectations from SD WAN, obviously, with combination of Cloudgenics and IoT, but I think we'll see Different approaches and different set of trajectories in terms of adoption. IoT is a bigger ticket when we sell it. The LP is a simple attach and is easy to deploy Like the end of security is, so they take different trajectories at different price.
Our last question comes from Andy Nowinski of D. A. Davidson.
Great. Thank you for squeezing me in. So you mentioned a number of 8 figure deals for both Prisma Access
and Prisma Cloud,
Which were record deals for the company. Just wondering if you could provide any more color with regard to your overall large deal activity for the quarter. Was the activity up year over year? And if you
did see an increase in
the overall activity, what drove
the growth? Thanks.
Yes, Andy, I think purely math I'm waiting for Louise to go look, but purely mathematically, we added the same number of customers we did this year than we did last year and our billings grew About 20%. So we got to definitely got to have more bigger deals in there. How are you, Luis? What are you doing? So yes, we are seeing strength.
But I would say, it's kind of interesting. If you look at the landscape, the higher end of cloud sales see bigger deals, Because you're comparing them to large GCP, AWS, Azure spend. So even if you get 2% to 5% of the GCP, TP Azure AWS commitment, you end up with a large deal, which is typically the 7 plus figure range. And You see similar activity in Prisma Access because it ends up being a 3 year TCE style deal with If you get the top end like 100,000 plus users, you end up with a 7.5 figure deal. XDR in the market typically ends up in the nearly into $2,000,000 range because of competitive pressures and competitive activity.
So you just need a lot more XDR deals to get there. So it's different depending obviously firewall again depends on the installed base of the estate and the end of life and ELAs have their own Characteristics depending on again, how big the state is there, how much people are re upping and how much off are there. But Luis?
So here is how I look at it. If you add up The billings of the last largest deal that we did this quarter and you compare that to a year ago, the total is 35% higher. So it just gives you a magnitude of how significant those large peers are for us.
Thanks guys. That's really helpful. All right. Well, see Brad Zelnick, if you change your mind about us, you don't even get to ask the question. All right.
Thank you everyone. Thank you for joining us and thank you very much for all your questions. We look forward to seeing many of you in our upcoming investor events. I also want to thank our customers, partners and of course our employees at Palo Alto Networks. Have a great day.