Palo Alto Networks (PANW) – Earnings Review – Q3 2023
Palo Alto Networks provides network, cloud and endpoint security services.
Demand
- Missed its billings guidance by 2%,
- Beat analyst revenue estimates by 2.2% and beat its own revenue guidance by 2.5%.
- Its 25.7% 3-year revenue CAGR compares to a 27.1% 3-year revenue CAGR as of last quarter and a 25.6% CAGR as of two quarters ago.
- 83% of total revenue is recurring vs. 77% Y/Y.
- Next generation security (NGS) annual recurring revenue (ARR) rose by 53% Y/Y to surpass $3 billion.
Margins
The firm beat $0.42 GAAP earnings per share (EPS) estimates by $0.14. It also beat $1.16 EPS estimates and its same EPS guidance by $0.22. EPS rose by 66% Y/Y as Palo Alto enjoyed Y/Y operating leverage across all three major cost buckets.
Please note that PANW’s Q1 is seasonally strong for free cash flow (FCF) generation. This occurs as strong fiscal year Q4 bookings lead to Q1 collections being higher than any other quarter.
Fiscal Year (FY) 2024 Guidance
- Lowered its annual billings guidance by 1.8%.
- Reiterated its revenue guidance which slightly missed revenue estimates.
- Raised its $5.34 EPS estimate to $5.46.
- Reiterated 37.5% adjusted FCF margins for the year.
Balance Sheet
- $3.9 billion in cash & equivalents.
- $3.0 billion in long term investments.
- $2.0 billion in senior convertible notes.
- Basic share count rose by 3.4% Y/Y. Stock comp fell as a percent of revenue and the firm expects this to continue. Considering the stage of maturity for PANW, I’d like to see that happen. It’s diluting shareholders at a faster rate than rapidly growing CrowdStrike.
Call & Release Highlights
Remaining Performance Obligations (RPO) vs. Billings
RPO measures total revenue under contract, but that has not yet been recognized. Billings measure invoices/bills sent during a time period.
Much attention on the call was paid to the billings miss and billings guidance reduction. It blamed this miss on “cost of money” pushing clients to get more aggressive in pursuit of special deals and promotions. Given the strength of PANW’s balance sheet and cash flows, it has been working with customers through these uncertain times. In some cases, more customers are looking for better rates on multi-year deals. They’re also seeking out financing through Palo Alto and others to diminish initial cost outlays. In other cases, customers are looking to move from multi-year deals to annual billing in order to reduce upfront costs. All of this means stable revenue generation over the full course of contracts, continued strong pipeline generation and stable RPO. For evidence, RPO rose by 26% Y/Y. Conversely, this phenomenon means fewer near-term billings.
“We feel like we have de-risked ourselves in terms of future billings guidance… We are not concerned with demand or ability to execute. Billings is a pure consequence of payment conversations with customers.” – CEO Nikesh Arora
Product Revenue
Product and hardware revenue trends have normalized for the firm. Supply chain issues are resolved, “backlog is being shipped” and performance is reverting to pre-pandemic results. This won’t mean explosive growth ahead, as this segment is a more legacy/mature area. Still, it did lead to a sharp upward spike in gross margins which rose from 63.6% to 77.3%.
Customer Wins
- $25 million expansion deal with the federal government for its endpoint and cloud products.
- $18 million cloud deal to consume “multiple modules across the suite.”
- $15 million add-on with an educational organization for more endpoint and cloud security tools. It’s already a network security client.
- $28 million contract with a “Nation State” for its secure access service edge (SASE) and its extended security intelligence and automation management (XSIAM) (endpoint). More on these acronyms later.
56% of Global 2,000 works with Palo Alto.
Cloud Security (Prisma)
Palo Alto debuted a new cloud product called Darwin. This gives a view across all cloud apps to “help customers understand risks with deeper context and to overlay active attacks in near real time.” It offers “full coverage from source code to the cloud.” It will also buy a firm called Dig Security (for $235 million in cash) to help identify and protect sensitive assets in public cloud environments.
Endpoint Security (Cortex)
Cortex’s customer count rose 25% Y/Y to reach 5,300. Cortex’s Extended Detection and Response (XDR) tool was the only to achieve 100% protection and detection in MITRE’s most recent test. Its Extended Security, Orchestration, Automation and Response (XSOAR) and Extended Security Intelligence and Automation Management (XSIAM) products were named leaders by independent third parties. XSIAM also landed its first 8 figure expansion deal. The newer product has a $1 billion backlog which rose 100% Q/Q. PANW just launched its latest iteration of its XSIAM product this quarter to a warm customer reception. The launch includes a “bring your own AI tool.” That allows 3rd party developers to more freely access and leverage models from within the secure PANW environment.
Endpoint security companies LOVE to confuse us with acronyms. Here’s what these acronyms actually mean:
- XDR is an overarching threat detection and response tool. It uses 3rd party data sources on top of PANW’s 1st party security data to uplift endpoint security beyond solely the endpoint.
- XSOAR automates the remediation work needed to resolve a breach or vulnerability.
- XSIAM collects, organizes and derives patterns/meaning from security events.
Network Security (Strata)
The move from legacy technologies like fire walls to zero trust architecture continues. As a reminder, zero trust means what it sounds like: zero trust. It prevents irresponsible access and permissions from being abused. With zero trust, a bad actor cannot penetrate the most vulnerable part of a digital ecosystem and move freely within it thereafter. zero trust ensures consistent and complex validation of these permissions at every turn.
PANW debuted a new operating system (PAN-OS 11.1) within Strata Cloud Manager this quarter. The tool “unifies the management of all 3 form factors (network, cloud, endpoint) in a single pane of glass.” This is its push to become more of a unified platform play like CrowdStrike. It has all of the product breadth to do this; now, it’s just about integrating them in a more cohesive fashion. Customers of all 3 form factors rose 34% Y/Y with 64% of its 100 largest using all 3 vs. 53% Y/Y. These “platform customers” boast 15x spend rates vs. single product users.
SASE stands for Secure Access Service Edge. It combines network security tools to extend protection. It prevents unauthorized access to data, abuse of networks by bad actors (like phishing attacks to overwhelm networks with traffic) and broad visibility into health, hygiene and performance of a network. This is a key place (among several) where network and cloud security tie closely together. Palo Alto’s SASE product enjoyed 60% Y/Y growth and presence in 35% of its $5 million+ network deals vs. 10% Y/Y.
Within the SASE realm, it’s also buying a company called Talon Cyber Security (for $435 million). This will allow it to add unmanaged devices from independent contractors/employees to its coverage wing. This will closely tie into PANW’s cloud access tools (called Prisma Access).
Quick Note on Generative AI
We can’t get through a tech report without discussing Gen AI. I’m sorry, I don’t make the rules (ok maybe I do). In this case, GenAI is further accelerating demand for services like PANW’s. Why? It lowers the sophistication barrier to conducting complex ransomware attacks. Hackers no longer need to be experts, they just need to buy a piece of software to structure the hack for them. This diminished bad actor friction is an unfortunate demand tailwind here.
StockMarket Nerd’s Take
We can’t call this a perfect quarter with the billings miss. Still, I think we can call this a positive quarter given all of the other data.
The billings miss makes all the sense in the world. We live in a world where minimizing near-term costs is a top priority for many firms. Understanding this, the current quarter revenue and overall RPO are likely better demand signals here for now. The first focuses on actual collections from services conducted. The second focuses on overall value of contracts signed. If overall demand were suffering and deals were shrinking instead of the structure and timing of deals changing, RPO would suffer too. It isn’t. Furthermore, the reduced billings guidance amid reiterated revenue provides more evidence for this being the actual reasoning.
I think it’s important to note here that I don’t own shares of PANW. I own shares of a direct competitor in CrowdStrike (CRWD). Regardless, I will defend any company when it deserves defending (not just holdings) and vice versa (including holdings). My goal is not to skew your thinking or convince you of anything. It’s to share my research and explain my findings.
To see the complete earnings report, check the SEC filings here.
