使用警語:中文譯文來源為 Google 翻譯,僅供參考,實際內容請以英文原文為主
Walter Pritchard - SVP of IR & Corporate Development
Good afternoon, and thank you for joining us for today's conference call to discuss Palo Alto Networks Fiscal Third Quarter 2021 Financial Results. I'm Walter Pritchard, Senior Vice President of Investor Relations and Corporate Development. This call is being broadcast live over the web and can be accessed on the Investors section of our website at investors.paloaltonetworks.com.
With me on today's call are Nikesh Arora, our Chairman and Chief Executive Officer; Dipak Golechha, our Chief Financial Officer; and Lee Klarich, our Chief Product Officer.
This afternoon, we issued a press release announcing our results for the fiscal third quarter ended April 30, 2021. If you would like a copy of the release, you can access it online on our website.
We would like to remind you that during the course of this conference call, management will make forward-looking statements, including statements regarding the impact of COVID-19, the SolarWinds attack on our business, our customers, the enterprise and cybersecurity industry, and global economic conditions; our belief that cyber attacks will continue to escalate; our expectations regarding a single equity structure; our expectations related to financial guidance, operating metrics and modeling points for the fiscal fourth quarter and fiscal year 2021; our expectations regarding our business strategy, our competitive position and the demand and market opportunity for our products and subscriptions, benefits and timing of new products, features, subscription offerings as well as other financial and operating trends.
These forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. These forward-looking statements apply as of today. You should not rely on them as representing our views in the future, and we undertake no obligation to update these statements after this call. For a more detailed description of these factors that could cause actual results to differ. Please refer to our quarterly report on Form 10-Q filed with the SEC on February 23, 2021, and our earnings release posted a few minutes ago on our website and filed with the SEC on Form 8-K.
Also, please note that certain financial measures we use on this call are expressed on a non-GAAP basis and have been adjusted to exclude certain charges. For historical periods, we have provided reconciliations of these non-GAAP financial measures to our GAAP financial measures in the supplementary financial information that can be found in the Investors section of our website located at investors.paloaltonetworks.com. And finally, once we have completed our formal remarks, we will be posting them to our Investor Relations website under the Quarterly Results section.
We'd also like to inform you that we'll be virtually participating in the JPMorgan 49th Annual Global Technology, Media and Telecommunications Conference on May 24 and the BofA Securities 2021 Global Technology Conference on June 8. Please also see the Investors section of our website for additional information about conferences that we may be participating in.
And with that, I'd like to turn the call over to Nikesh.
Nikesh Arora - CEO & Chairman
Thank you, Walter. Good afternoon, and thank you for joining us today for our earnings call.
Let me begin with the current cybersecurity landscape. After the December SolarStorm attack, we saw an acceleration in attacks throughout our third quarter and after the quarter closed. These range from software supply chain attacks like SolarWinds and COSCO to ransomware attacks like Colonial Pipeline. Ransomware, especially, has been in the spotlight recently. And data from our own Unit 42 shows that the average ransom paid in 2020 tripled from 2019. And in 2021, it's more than doubled again. The highest demand we've seen is $50 million, up from $30 million in 2020, with organized groups with near nation-state discipline perpetrating coordinated attacks. The targets are not only corporations, where health care and pharma is a focus with the pandemic, but also government organizations and shared infrastructure.
The reason for this vulnerability is deep seated. Organizations run their operations on technology that is decades old, sometimes predating the Internet. They continually bolt on new technologies to automate facilities and make them compatible with the modern Internet, but those platforms are inherently insecure. At the same time, cyber defenses are fragmented, making it very challenging to block sophisticated attacks and lengthening mean time to discovery and repair. Lastly, more and more businesses and consumers are coming online without a baseline of protection.
In such a scenario, it is imperative that customers focus on securing their most critical assets while also focusing on reducing the fragmentation and leveraging new technologies like artificial intelligence and machine learning and using those approaches.
With that backdrop, let's focus on our results. Overall, we saw a continued strong demand environment. And our own continued execution drove Q3 billings, revenue and EPS ahead of guidance. We saw billings growth accelerate to 27% in Q3, ahead of our 24% revenue growth forecast, with growing ratable revenue contribution.
I want to highlight one dynamic regarding our billings to help you better understand the drivers. During COVID, some customers were asking for annual billing plans to meet their needs. We noted to you that we saw success with larger, more strategic transactions in Q3. Along with these deals, we saw an uptick in annual billings plans. Normalizing for this, our billings would have grown greater than 28%, nearly 2 points higher than we reported, which is the highest billing growth we have seen in a third quarter since Q3 of fiscal year 2018.
Last year, we saw billings plan have an approximate 1 point impact. Along with billings, we also saw 38% growth in our remaining performance obligation. This metric is growing faster than both revenue and deferred revenue and will be a source of consistent revenue growth in the future.
Within this strong performance, we also saw 71% growth in ARR, or annualized recurring revenue, from our next-generation security offerings, where we finished our third quarter at $970 million, up from $840 million in Q2. These ARR, billing and RPO trends drove 24% year-over-year growth in our reported revenue.
It's worth noting, given your attention to NGS ARR, that in the very first week and the first day of Q4, we transacted one of our largest next-generation security deals in the history of Palo Alto Networks with a Fortune 30 manufacturer, which brought in $7 million in NGS ARR. So we're already at $980 million on the first day of this quarter. With the acceleration in incremental NGS ARR in Q3 and trends we see in the business, we continue to have confidence in our Q4 target of $1.15 billion in ending NGS ARR.
As part of the strong Q3 performance, we saw notable momentum in large transactions with 901 customers having spent $1 million with Palo Alto Networks in the last 4 quarters. This cohort of customers was up 29% year-over-year, growing ahead of our overall revenue and billings growth. This growth in active million customers has accelerated in recent quarters. As part of this large deal performance, our business is benefiting from growing adoption of multiple Palo Alto Networks security platforms across Strata, Prisma and Cortex. In Q3, 70% of our Global 2000 customers had purchased products from more than one of these platforms, and 41% have purchased all 3 platforms. This is up from 58% and 25% 2 years ago.
Turning to our product areas. Earlier this year, we started the dialogue around network security in cloud and AI and shared additional financial metrics to give you more transparency. Having these 2 product areas under the common umbrella of our world-class R&D and go-to-market organization is key to our strategy of being the largest cybersecurity company in the world.
Starting with the network security side of our business. We are the leader in this business. Our strategy of selling customers leading firewall platform delivered through a hardware, software or as-a-service form factor underpins our success in this market. This has resulted in a business that is 28% larger than our next peer on a revenue basis in Q3. Also, if you look at leading indicators that include deferred revenue and RPO, our scale comes through even further, we are 40% to 50% larger. On these leading balance sheet metrics, we're growing faster than our next peer.
Three years ago, when I joined Palo at Networks, we were a hardware-based firewall company. We had a vision of a hybrid world where the enterprise and data centers will remain predominantly hardware-oriented with growing adoption of software form factors like our VM-Series firewalls. Meanwhile, in the remote access and remote office world, this opportunity has been transformed by cloud adoption and work from home trends to fuel secure access service edge, or SASE, adoption.
The reception to our strategy of delivering a firewall in multiple form factors has enabled the accelerating Firewall as a Platform growth rates we just showed you. Within our Firewall as a Platform billings, we're seeing a distinct mix shift towards software. This software mix, which includes our VM and SASE business, now makes up 40% of Firewall as a Platform, up 21 percentage points from a year ago. We saw 7-figure transactions for our software firewall capability, including VM and CN-Series with a U.S. government agency, a Fortune 30 manufacturer and a diversified financial services company.
While we've seen the significant transition in form factors, one driver of growth and value in our business, our attached subscription and support have grown at a steady rate over the last several quarters on a revenue basis. We expect the software mix to continue to increase in the medium term, although along with this, we expect to continue to see attached subscriptions as a key growth driver.
We're showing you for the first time here the NetSec annualized recurring revenue, which is $2.66 billion at the end of Q3 and grew 25%. As a reminder, this does not include our hardware business, which continues to be significant. This recurring revenue business is a key driver to strong cash generation, which we have guided to 42% for NetSec in FY '21. We believe this high degree of recurring revenue and strong cash flow generated by NetSec is something that should be more clear now given this incremental disclosure over the last 2 quarters.
Now turning to innovation and focusing first on Prisma SASE. Back at the beginning of the pandemic, we saw customers look to significantly expand remote access capability while not compromising security or user experience. We've met that demand with free remote access trials and broad proof-of-concepts, enabling customers to see that value in Prisma Access as well as supporting the network transformation as they move to the cloud. We're seeing these efforts as well as momentum generated from the 2.0 launch, driving strong initial purchase and footprint expansions.
This quarter, we saw a number of large Prisma Access transactions, including a global technology company, a large manufacturer and a Fortune 10 health care company, all 8 figures or greater. Additionally, over 25% of our Prisma Access new customers in Q3 were net new to Palo Alto Networks. Lastly, we're seeing early traction in our service provider partners for Prisma Access, including Comcast, Verizon, Orange Business Services. These relationships are part of broad initiatives with service providers that we see as a significant growth opportunity.
Just yesterday, we announced a significant release in network security focused around a comprehensive approach to Zero Trust. This is timed well with last week's executive order out of the White House that defines Zero Trust in a way that is very consistent with the Palo Alto Networks strategy. There's been a lot of noise in the industry around Zero Trust Network Access, but solutions continue to be fragmented around either remote users, access control or enterprise apps. Our approach covers all users and devices, all locations, all apps and the Internet, applying consistent access control and security.
Our new PanOS 10.1 release brings cloud-based identity controls, integrated CASB and enhancements to our URL and DNS security services. Palo Alto Networks position across appliance, software and SaaS is unique, and these new innovations are applicable to all our customers across all form factors. This is one of the most significant innovation releases for our next core next-generation firewall franchise and gives us confidence in continued NetSec growth as we look forward.
Now moving on to cloud and AI. On the Prisma Cloud front, we continue to build on our early leadership position in cloud security posture management, cloud workload protection capability and marketplace-delivered virtual firewalls where we are the largest player across this opportunity set. Our strategy is to stay ahead of customer demand as they adopt cloud-native security services across hyperscalers. We believe we have staked out a leadership position in cloud-native security of this business.
We have achieved over $250 million in ARR across Prisma Cloud in our marketplace, VM and CN-Series. Fueling this growth is 39% growth in total customers and 38% growth in Global 2000 customers across Prisma Cloud. Our unique consumption model in Prisma Cloud based on credits enables customers to use any of our modules across their cloud-deployed workloads, including using multiple capabilities per workload.
We're seeing strong growth in credit consumption with over 100% growth year-over-year in Q3. Despite our strong position with Prisma Cloud, targeting an early opportunity, we see the next big challenge in security at the developer level or shift left security. We recently addressed this with our acquisition of Bridgecrew completed in Q3.
Traditionally, security issues in code was a challenge for the CISO organization. And we're seeing leading companies drive a collaborative approach between the CISO organization and the development organization to address this. Shift left integrates security into the DevOps process to catch these issues upfront, where they're easy and quick to fit. It's a win for developers and a win for security.
Bridgecrew has an open source product, Checkov. This product delivers significant value to developers through a free download. Post the acquisition close and the release of 2.0 of Checkov, we saw Bridgecrew downloads accelerate. Bridgecrew is also seeing strong momentum in its paid customers, including a 6-figure customer in Q3. We're only in the very early stages of cross-selling between Bridgecrew software and Prisma Cloud.
Within our Cortex product area, we continue to focus on delivering significant volumes of innovation to XDR, XSOAR and our recently acquired Xpanse product. In Q3, we delivered a new release of XDR, which expands endpoint credit capability and improves visibility into network activity. With XSOAR, we significantly expanded our marketplace partner integrations to increase the set of automation and security playbooks that customers can deploy. We're seeing this result in steady Cortex customer additions to XDR and XSOAR customers. We have over 2,400 customers, starting from essentially scratch 2 years ago.
Our focus on innovation has been validated by the market as well. We were particularly proud of the validation for Cortex XDR in Q3, where we garnered the best overall result in Round 3 testing for MITRE. Also in the recently released Forrester Wave covering endpoint security Software-as-a-Service market, we were named the leader. Cortex XSOAR surpassed 100-partner contributed content packs and now has over 650 content packs in the marketplace. Our Xpanse offering was featured in Tim Junio's keynote this week at RSA, where our research uncovered that 1/3 of leading organizations' attack surface is susceptible to exposure that are the main avenue for ransomware.
No other leading security company has the degree of visibility to identify and prevent today's most pernicious attack vector. Within Cortex, we are starting to see an uptick in large customer signings such as a 7-figure transaction with a financial services firm, which included XDR Pro and XSOAR.
Lastly, during Q3, we formed the new Unit 42 under the leadership of Wendi Whitmore, who comes to Palo Alto Networks after building successful security services businesses. Our new team is a combination of 2 of the most capable teams in cybersecurity. The Crypsis team is laser focused on the mission of conducting world-class data breach investigations while Unit 42 team has focused on rapidly building threat intelligence into Palo Alto Networks product. This new Unit 42 has completed over 1,300 engagements in calendar year 2020, bringing to bear the power of 140 consultants.
In response to SolarWinds and ransomware attacks, Microsoft-related breaches and other attacks, we have mobilized our consultants in rapid response engagements, which help customers through these difficult times. As we look forward, we're focused using services to become an even more strategic partner to our customers.
As I reviewed with you here and should be evident in our Q3 results, we're seeing broad strength in our business across geographies and product areas. We see strength in our pipeline and continued demand tailwinds that remain strong, leading us to raise our FY '21 guidance. I also want to update you on our plans we discussed in Q2 around exploring an equity structure for ClaiSec.
We continue to focus on providing transparency for each part of our business. You'll notice the ARR for NetSec, which we highlighted this quarter. We believe this has helped investors gain better insight into our overall financial profile and especially understanding both sides of the business with a different growth and free cash flow characteristics. We have finished all the work required to file any form of equity on ClaiSec. However, given the state of the market and after extensive conversation with shareholders, we have decided at this point, it's best to continue with a single equity structure and an integrated P&L and postpone any decision to list ClaiSec equity.
Lastly, we're excited to welcome Aparna Bawa, Chief Operating Officer of Zoom, to Palo Alto Networks Board of Directors. She brings deep operational, financial and legal expertise, having served in diverse roles at rapidly growing tech companies such as Zoom, Magento and Nimble. Her addition comes off of the February appointment of Dr. Helene Gayle to our Board. We continue to have a strong commitment to diversity at Palo Alto Networks, including at the most senior levels of governance in our company.
With that, I will turn the call over to Dipak Golechha, our CFO. We're excited to have Dipak step into the CFO role and enable a smooth transition within our organization. He brings world-class experience. We're already seeing him bring some of his experience to bear in driving improvements. Over to you, Dipak.
Dipak Golechha - CFO
Thanks, Nikesh. I'm excited and humbled to be part of this world-class leadership team and look forward to driving total shareholder return. As Nikesh indicated, we had a strong third quarter as we continue to deliver winning innovation while simultaneously adding new customers at pace. This strength gives us confidence to raise guidance for the year.
We delivered billings of $1.3 billion, up 27% year-over-year with strong growth across the board and ahead of our guidance of 20% to 22% growth. We've continued to see some customers ask for billing plans, many involving larger transactions as we become a more strategic partner to our customers.
We've also used our Palo Alto Networks Financial Services financing capability here. The dollar-weighted contract duration for new subscription and support billings in the quarter were consistent year-over-year and remained at approximately 3 years. We added approximately 2,400 new customers in the quarter.
Total deferred revenue at the end of Q3 was $4.4 billion, an increase of 30% year-over-year. Remaining performance obligation, or RPO, was $4.9 billion, an increase of 38% year-over-year. We continue to see these metrics as becoming more meaningful as we drive growth from our ratable business.
Our revenue of $1.07 billion grew 24% year-over-year, ahead of our guidance of 21% to 22% growth, driven by our billings and broad business strength and amidst an increase in our ratable subscription revenue. We remain focused on driving this higher quality revenue with all new product offerings being pure or substantially all subscription in nature.
Looking at growth by geography. The Americas grew 24%, EMEA grew 23% and APAC grew 25%, showing broad executional excellence across the world. Q3 product revenue of $289 million increased 3% compared to prior year. Q3 subscription revenue of $474 million increased 34%. Support revenue of $311 million increased 33%. In total, subscription and support revenue of $785 million increased 33% and accounted for 73% of total revenue.
Our Q3 non-GAAP gross margin was 74.6%, which was down 60 basis points compared to last year, driven by product mix which are less mature. Q3 non-GAAP operating margin was 17%, an increase of 60 basis points year-over-year.
There are several factors driving our operating margins. We have revenue upside, lower travel and event expenses due to COVID and some shift in spending out of Q3. At the same time, we continue to aggressively invest the growth largely in the areas of sale capacity and R&D investments.
With health conditions improving in geographies of many of our facilities, including our Santa Clara headquarters, we're seeing more employees look to return to the office. We expect this trend will continue to gain steam in Q4, reversing some of the savings we had seen in the last few quarters in our OpEx.
Non-GAAP net income for the third quarter increased 22% to $140 million or $1.38 per diluted share. Our non-GAAP effective tax rate for Q3 was 22%. The EPS expansion was driven by revenue growth and operating expense leverage with an undertone of strong investments of growth.
On a GAAP basis for the third quarter, net loss increased to $140 million or $1.50 per basic and diluted share. We ended the third quarter with 9,715 employees, including 39 from the Bridgecrew at the close of acquisition.
Turning to the balance sheet and cash flow statement. We finished April with cash, cash equivalents and investments of $3.8 billion. Q3 cash flow from operations of $278 million increased by 64% year-over-year. Free cash flow was $251 million, up to 100% at a margin of 23.4%. Our DSO was 60 days, a decrease from 3 days from the prior year period and flat with the second quarter.
Our Firewall as a Platform, or FWaaP, had another strong quarter as we continue to grow faster than the market. FWaaP billings grew 26% in Q3, and we continue our transition from hardware to software and SaaS form factors, as Nikesh highlighted.
Our next-generation security, or NGS, continues to expand and now represents 27% of our total billings at $346 million, growing at 70% year-over-year. In the third quarter, we added $133 million in new NGS ARR, reaching $973 million. The acquisition of Bridgecrew added an immaterial amount to this number, and we remain confident in our plan to achieving $1.15 billion in NGS ARR exiting fiscal year '21.
Turning now to guidance and modeling points. For the fourth quarter of 2021, we expect billings to be in the range of $1.695 billion to $1.715 billion, an increase of 22% to 23% year-over-year. We expect revenue to be in the range of $1.165 billion to $1.175 billion, an increase of 23% to 24% year-over-year.
We expect non-GAAP EPS to be in the range of $1.42 to $1.44 using 101 million to 103 million shares.
Additionally, I'd like to provide some modeling points. We expect our Q4 non-GAAP effective tax rate to remain at 22% and our CapEx in Q4 to be approximately $30 million to $35 million.
As Nikesh indicated, we're seeing broad drivers across our business in Q3, driven by a foundation of innovation and strong sales execution. Along with trends we see in our pipeline and demand tailwinds that remain strong, we're raising our fiscal year '21 guidance.
We expect billings to be in the range of $5.28 billion to $5.3 billion, an increase of 23% year-over-year. We continue to expect next-generation security ARR to be approximately $1.15 billion, an increase of 77% year-over-year. We expect revenue to be in the range of $4.2 billion to $4.21 billion, an increase of 23% to 24% year-over-year. We expect product revenue growth of 1% to 2% year-over-year. We expect operating margins to improve by 50% -- 50 basis points year-over-year. We expect non-GAAP EPS to be in the range of $5.97 to $5.99, using 99 million to 101 million shares. We expect -- regarding free cash flow for the full year, we expect an adjusted free cash flow margin of approximately 30%.
Now let's review our fiscal year projections for NetSec and ClaiSec. Overall, we are confirming our ClaiSec projections while raising our NetSec billings by 300 basis points and revenue by 100 basis points given the strong performance of SASE, VM-Series and subscription business overall within NetSec.
Moving on to adjusted free cash flow. We expect network security will deliver a free cash flow margin of 42% in fiscal year '21, up from 38% in fiscal year '20. We continue to expect cloud and AI free cash flow margin of minus 43% in fiscal year '21, an improvement from negative 59% in fiscal year '20. While we are focused on growth investments in cloud and AI, over time, we expect cloud and AI to achieve gross, operating and free cash flow margins in line with industry benchmarks as we gain scale, our customer base matures and we become more efficient.
In Q3, we repurchased $350 million in our own stock at an average price of $322. As of April 30, 2021, we had $652 million remaining available for repurchases. This is part of a broader capital allocation strategy focused on balancing priorities and maximizing total shareholder return. We start with fueling organic investments and managing priorities across innovation and go-to-market to set the foundation for sustainable growth at Palo Alto Networks.
Second, we've deployed capital for targeted acquisitions, which accelerated this growth opportunity. We rigorously evaluate targets, focused on acquiring leading technology, retaining key members of the team and following through with integrating these acquisitions into our businesses.
Finally, we work to optimize our capital structure using the options available to us in this dynamic market. That includes deploying debt, using stock for M&A consideration and also buying back our own stock when we see it representing a good value.
With that, let's move on to the Q&A portion of the call. Walter, over to you.
Walter Pritchard - SVP of IR & Corporate Development
Thanks. (Operator Instructions) Our first question comes from Brian Essex from Goldman Sachs, with Fatima Boolani from UBS on deck.
Brian Lee Essex - Equity Analyst
Maybe for you, Nikesh. We've seen a lot of solid outperformance relative to expectations on the network security side and nice performance this quarter with respect to cloud and AI ARR growth.
I wanted to get a better understanding, given that the outperformance has been on the network security side, how confident are you in your ability to hit that $1.150 billion guide for the full year? How do we think about how that business has performed relative to your expectations so far this year?
Nikesh Arora - CEO & Chairman
Brian, remember 2, 3 years ago, when we set out targets for our next-generation security business, we didn't have the muscle at Palo Alto Networks to figure out how we can get out of the firewall business and have that sales force go out and actually go sell cloud and AI. The good news is over the last 2.5 years, we're building muscle. We're learning how the market operates.
It's kind of interesting. Every one of these markets operate slightly differently. If you look at NGS, it's a combination of SASE, Prisma Cloud and Cortex. And SASE's characteristics are a lot of the free trials we gave a few quarters ago and this whole push to work from home is forcing customers to think hard about their security stack, and it's no longer you can access half the apps half the time. You need to be able to access everything from wherever you are.
So we're seeing network transformations, and that's what's driving the success on SASE and some of the huge wins you've had on Prisma Access. As I mentioned, one of the deals which we closed and shipped in the first of this month is our largest SASE delever, which gave us $7 million of NGS ARR. So you can see approximately the quantum of that deal. So we're seeing a lot of traction on the access front, in the SASE front. So that's good.
Cortex is an interesting space because we compete there with people like CrowdStrike and SentinelOne and the others. We're great on the product front, as we've showed you with the Forrester Wave and the MITRE results. We're trying to create more muscle around being able to do those deals. Those deals are typically -- you got to -- because it's a competitive market, you got to do a whole bunch of deals there, and the always range in the $1 million to $5 million range at the higher end and a smaller below that. So you don't get lumpy deals. You just have to do a lot more deals. And that's what we're doing in the Cortex front.
Last but not the least, on the cloud front, we got 2,250 customers. But there, the deals end up being large deals. They're slightly lumpy, and they have very high variability in duration and consumption. So somebody will say, "I'm moving to the cloud. I'm going to buy credits for the next 3 years. How many credits do I need?" They suddenly find their deployment is slower because they haven't deployed fully on GCP or AWS or Azure.
Others will say they've been customers last 2 years. They're upping because they moved all their workloads to the cloud and their workload ramp has increased. So all 3 of them have slightly different characteristics. That's why we end up in a portfolio situation.
You saw this quarter, we added about, $133 million in net new NGS ARR. I just told you about 7 more because I felt you guys are extremely curious in NGS, and I don't want you guys to go out thinking we're not confident on our $1,150 million. So right now, we all feel that we'll get to $1,150 million on NGS ARR, and it's going to end up being a portfolio call in terms of some things extremely -- doing extremely well, some things doing normal.
Brian Lee Essex - Equity Analyst
Got it. Got it. And then maybe to follow up with Dipak. I appreciate the commentary on the improving operating efficiency or potential to improve the operating efficiency of cloud and AI. And I think that's one of the things that investors kind of struggle with when I think we've all looked at this business on the sum of the parts basis and the performance of each on its own and the challenge with cloud and AI is that it's burning cash at the rate that it is. What do you think about the term -- the time line for improving profitability and cash flow generation from that business because I think that might be a trigger for investors to maybe look at that business on a stand-alone basis and assign it a little bit more value.
Dipak Golechha - CFO
Yes. So maybe if I answer it in 2 different ways. I mean we look at what other companies have done as they've kind of like grown through their -- as they scaled over time. And we often benchmark ourselves versus where were they at this time and are there things that we can do to be able to get there.
But at the same time, we're not shy from like making the right investments if we see the opportunity there. So that's why I don't want to really box ourselves into a time frame. It really is a question of what opportunities are out there at the time. So we have a base plan that's constantly improving, but we're also reflecting on the fact that this is a dynamic market. And sometimes you need to lean in if it makes sense for the long term.
Nikesh Arora - CEO & Chairman
Yes. If I can add to that. Yes, there are 2 parts. One, as Dipak highlighted, we continue to work hard towards getting gross margin efficiency on those products because our product development is in our control. And Lee, who's sitting to my right, he and his team worked hard at trying to make sure that we optimize the gross margin part.
The rest of it, honestly, is the question of how much do we want to invest in sales capacity to be able to drive those. Don't forget in each of those areas, we are dealing with extremely competitive situations. In the case of XDR, we deal with dedicated salespeople in CrowdStrike. They outflank us 8 to 1 on the number of salespeople. So we have to look hard at how much investment we want to make on the sales side. We do get leverage to Palo Alto salespeople or eventually end up with hand-to-hand combat.
On the Prisma Cloud side, I'd say we were doing fine, and we are doing fine. But suddenly, the equity of the venture markets have gone and provided phenomenal evaluation and dumped a lot of cash in some very early-stage companies. We're now dangling large paychecks to our salespeople because we've got the most qualified large security sales.
And so that's why I think Dipak is right in saying that we're going to watch the market carefully. But again, we just told you another number, $250 million in ARR in cloud security, VMs and public cloud security. That's a number which outflanks our next competitor by probably 25x.
Walter Pritchard - SVP of IR & Corporate Development
Great. Thanks. (Operator Instructions) So next up is Fatima Boolani, and on deck is Keith Weiss from Morgan Stanley.
Fatima Aslam Boolani - Associate Director and Equity Research Associate Technology-Software
Nikesh, maybe I'll start with you very quickly. You talked through a lot of the areas of strength from a product pillar perspective. But in terms of just zooming back, can you stack rank for us what specific product areas in the NGS portfolio really were the drivers of billings acceleration in the quarter? And then I have a quick follow-up for Dipak, please?
Nikesh Arora - CEO & Chairman
Yes. As I highlighted, SaaS is strong. Dipak highlighted the subscriptions are strong. We're pleased with the way Cortex is evolving and cloud ends up being lumpy. So some quarters, we'll get some very large deals and then make up the billing. Some quarters, they push. But across the board, the portfolio is performing in line with our expectations or slightly ahead, as we said, we hit $973 million or $980 million, depending on how you count it.
Fatima Aslam Boolani - Associate Director and Equity Research Associate Technology-Software
Fair enough. Dipak, nice to meet you...
Walter Pritchard - SVP of IR & Corporate Development
Let's just go one question. Let's -- we're going to move on next to Keith Weiss with Sterling Auty from JPMorgan on deck.
Keith Weiss - Equity Analyst
Excellent. Very nice quarter. I think you guys are doing a very good job of illustrating the -- there's a difference between firewall appliances and more generally firewalling capabilities. And you're seeing that Firewall as a Platform growth sustain really well, actually accelerate in recent quarters. And I think that's probably one of the key areas that investors are most cautious on is the durability of growth in firewalling.
Can you talk to us a little bit about where you're seeing that strength from? Do you believe it to be durable over the next couple of years? And is there anything that we should be watching out for in terms of tough compares or any onetime items from a year ago period that might upset that growth trend that you've been seeing in firewalls and platform?
Nikesh Arora - CEO & Chairman
So I'll make 2 comments, Keith. One is, is there a situation where the customers are looking for, like you say, firewalling capability? We can walk in and say, we can solve this problem with software or you can go deploy tons of hardware to solve the same problem. So take a large retailer, they can go deploy 1,200 firewalls in each of their stores if they choose to go down the hardware route, which is more costly to deploy, harder to maintain, harder to upgrade over time. Or we can go in and say, "Let's do that with Prisma SASE, which is a software-dependent solution, which has lower cost of ownership, easier deployment, easier to solve." So you're seeing us create some degree of substitution in our customer base.
So if you compare us like-to-like with some of the leading hardware firewall businesses, which don't have that strength in that software capability, they cannot deal with that substitution capability, which we think is better for the long term because, and we just pointed to the RPO. And so look, it did go up with 38%. That just means we have future revenue coming down the pike on the FWaaP front, which is going to be harder to hunt and kill on a quarterly basis if we're a hardware-only business.
So I actually think there's more resilience in our network security business than most hardware-dependent businesses.
The second piece I would say in that context is what was proxy-based architectures is now full firewall in the cloud. And we're seeing that in spades in Prisma SASE. People are stepping back and saying, "Okay, let me understand this. How do I get my trading system to be accessible from an employee's home?" You can't do that with proxy-based architectures. We've talked about that ad nauseam. And we're seeing that really bear out in the success we're seeing in Prisma SASE. My fellow colleagues, Walter and Dipak, won't let me throw out more stats in that area. But I'll just say I'm extremely delighted with the progress we've made in SASE from where we came from. 2.5 years ago, this used to be a product called GPCS. And we would shutter, like you said, the onetime items. There was one deal when I came to Palo Alto, we expended the entire year to see how we lap that in the following quarter. Now we do 6 of those in a quarter, and we've got tons and tons lined up in our pipe going forward.
So SASE is strong, which should give us continued strength. I think the network transformation is in a very, very early stage. If you think about it, if you see AWS, GCP, Azure clipping $40 billion, $50 billion of billings in a quarter, all those customers are going to stand up and realized, "Wait. I'm relying on MPLS-based architectures to go back to my data center. Now I don't need to go there. I need to go to a public cloud." When you do that, you got to go SASE. And right now, we firmly believe we have the best SASE solution in the market. We firmly believe that we have the most deployed customers out there at scale.
Walter Pritchard - SVP of IR & Corporate Development
Great. Thanks. Next question from Sterling Auty and Saket Kalia from Barclays on deck.
Sterling Auty - Senior Analyst
It's fun to see Walter on the other side trying to keep us to one question after all these years.
I want to follow up on Keith's question as well on FWaaP. Help us understand what are the metrics that we should look at in terms of -- and you gave a little bit of this last quarter, but when you look at your installed base of the on-premise appliances, as some of that starts to transition to FWaaP, is that happening? And if it does, how is the dollar-for-dollar comparison? In other words, do your customers still end up spending more because they're still expanding under FWaaP versus their traditional appliance? Is it smaller or the same?
Nikesh Arora - CEO & Chairman
I'm going to bring in my colleague, Lee Klarich, who spends a lot of his time making sure that these transitions work and we see these transitions happen. So Lee?
Lee Klarich - Executive VP & Chief Product Officer
Yes. Thank you, Nikesh. Good question. And actually, last quarter, we provided some insight into this, if you remember. The -- there's effectively 2 transitions that we see play out. One transition has to do with the movement of applications from data centers to the cloud, where the form factor often is changing from a hardware form factor to software form factors, VM-Series, et cetera. The other transition is from -- based on how the employees and users are moving, increasingly obviously moving off the network and soon moving to more of a hybrid state where in that case, the -- it often is movement from hardware to hardware plus cloud-delivered SASE architectures.
And so as you think about those, the net effect of all of it is positive for us in terms of the overall spend from customers. There's some puts and takes. hardware going to VM-Series in the cloud is relatively similar. Hardware going to SASE is actually typically an uptick in overall spend because it's not just like-for-like. It's actually SASE includes Network as a Service and a lot of the networking components, global network reach, et cetera. And so the overall spend envelope becomes larger as more of the capabilities actually get integrated into the service that we're delivering to customers. So overall positive, and we've been now tracking this and have history of this for a few years to be able to actually see how that plays out.
Walter Pritchard - SVP of IR & Corporate Development
Great. Thank you. Next question from Saket Kalia from Barclays and then Matt Hedberg from RBC on deck.
Saket Kalia - Senior Analyst
Okay. Great. Nikesh, maybe for you.
Can you hear me okay, Walter?
Walter Pritchard - SVP of IR & Corporate Development
Yes.
Saket Kalia - Senior Analyst
Okay. Cool. Nikesh, that was helpful commentary on the equity structure around ClaiSec. I guess the question is what were some of the things that went into your decision to explore that last quarter and then maybe reconsider at this quarter? And is it a matter of timing given the volatility in the market? Or would you say that the probability of exploring that down the road is still relatively low?
Nikesh Arora - CEO & Chairman
I think, Saket, as we went through the mechanics of creating all the paperwork required to file this, the debates began to happen with some of our shareholders. I say, look, the true value creation is when actually you can take this and separate it because you'll still have a stub -- some sort of a tracking stock.
And the challenge with separating it, as you saw, 70% of our customers are buying multiple platforms, 40% of our customers are buying all 3 platforms. We're getting into conversations with CIO and somebody goes through a breach or ransomware where they want to go wall-to-wall and say, "Listen, come protect me, protect my cloud, protect my SOC, protect my network transformation." And then there's suddenly saying, "Look, we have all this vantage point from where we are where we can go pitch all 3 platforms and go envelope the customer with security, and we're creating this artificial separation amongst ourselves, where we're not going to be able to leverage that." So that definitely went through the decision.
And I think the question which -- I can't keep track. I think -- so just asked around to Dipak about funding of ClaiSec vis-a-vis NetSec. I think we'd still have to make that a self-standing profitable entity in its own due course. And I think it's too early to go think about separating that into distinct businesses because we're getting phenomenal leverage from our firewall sales teams who've spent sort of 1.5 decades trying to build the relationships and get embedded in our customer base.
Walter Pritchard - SVP of IR & Corporate Development
Great. Thanks. Our next question, from Matt Hedberg from RBC, and then we've got Tal Liani from BofA up next.
Matthew George Hedberg - Analyst
Nikesh, I wanted to talk about all these recent breaches. You alluded to President Biden talking about the importance of Zero Trust. I guess how do you think about that impacting your federal business later this year? And then also, as these breaches continue to accelerate in a post-COVID world, do you think you're going to be in a better position to consolidate security spending? There's always a debate on best of breed versus consolidation. Does this just accelerate your demand environment even more so?
Nikesh Arora - CEO & Chairman
Matt, what's interesting is let's start with the second part first. Like clearly, whatever approach was used to buy security hasn't worked, right? And we've traditionally been in a best-of-breed approach. You go to companies, they have 35, 25, 40 vendors. And the act of stitching all those solutions together is left on the shoulders of the customer.
You couple that with the 2 biggest technological transition that have ever happened in the history of computing -- one is the shift to the public cloud where you have to fundamentally change your IT architecture, and the second is the network transformation that you're going through, driven by the cloud. So CIOs are dealing with those 2 technology transitions and at the same time, having to take a hard look at security and bolster it up.
And I think there, if you look at historically, I don't think there's been many security companies who've been able to give you best-of-breed solutions across multiple capabilities.
So our firewalls, 9x, top right Magic Quadrant. All firewall capability, whether it's SASE or hardware firewalls and VMs, fit in that category. So they can get the best firewalling capabilities across 3 different architectures from us. XDR, made it to the top right in Forrester Wave. We're the only cloud security -- native security company with Prisma Cloud. We are top right in SD-WAN, and we're top right next sort of there was a quarter. So we actually have the ability to give you a stitched set of products across 5 leadership positions, which is not available today in the cybersecurity industry.
So we're able to make both the best-of-breed and stitched platform argument right now and is resonating because customers who are going through these agonizing times are stepping back and saying, "Wait, I need to look at it from a different approach. And I can go -- how can I go with a partner who I can hold accountable for my entire security footprint?"
Walter Pritchard - SVP of IR & Corporate Development
Thanks, Matt. Next up is Tal Liani, with Keith Bachman from BMO on deck.
Tal Liani - MD and Head of Technology Supersector
I have an accounting issue, accounting question. Great results. ARR were better than expected. At least some people expected some issues there. But I looked at your filing and you changed the definition of ARR a little bit this quarter. You added the language -- when I compare the language of this quarter versus last quarter, you added the language that this quarter, it includes certain cloud-delivered security services to ARR. Would you mind to quantify this addition? Was it material to the numbers this quarter?
Dipak Golechha - CFO
Yes, I'll take that question. It's really not material to the overall number. We added a couple of cloud-delivered technology solutions, like IoT being one example. When you add all of them, they're relatively de minimis in nature. Yes.
Nikesh Arora - CEO & Chairman
Of the early launches of our products, we want to make sure they sit in the right bucket. We can sell IoT against Cortex XDR and Cortex Data Lake, and they sit in both places in our firewall business and in our Cloud AI business.
Walter Pritchard - SVP of IR & Corporate Development
All right. Next up is Keith Bachman, and then on deck is Gray Powell from BTIG.
Keith Frances Bachman - MD & Senior Research Analyst
All right. Nikesh, I wanted to ask you to flush out Cortex a bit more in terms of run rate and expectations. Feedback we've been getting from the channels is Cortex certainly is doing better. And I was wondering if you could talk about win rates, where you're winning, some of the reasons why. Is there any metrics you can give us on growth associated with the Cortex brand, whether it's revenues or billings?
Nikesh Arora - CEO & Chairman
Yes. Well, like, I can't give you a metric we haven't given, but I'll tell you, Cortex comprises 3 products. One is XDR, which we compete with, as you see with CrowdStrike and SentinelOne. I think the challenge we have there is our product, as you can see, has technically been now ranked better than CrowdStrike and at par with SentinelOne and others. The challenge we see is we don't have as much coverage as CrowdStrike. So they are in more deals than we are, and that's a virtue of the fact that they have 8x more dedicated salespeople chasing the XDR category, and we don't.
Where we do end up against them, we pretty much don't lose technical POCs, obviously, because of the -- you've seen the technical comparison in the market, then it becomes a price war, and we don't bend over on the price war. So we see reasonably good win rates against them where we are present. I think our challenge is we're not present in as many deals as we'd like to be present because they've got -- they've been at it for 7 years. We've been at it for 2.5. So that's kind of like the XDR solution.
On XSOAR, it used to be Phantom and Demisto. For the most part, we don't see much competition in the XSOAR category. We think pretty much where the customer believes they have a need, they will go with XSOAR. So we don't feel challenged in that market. But it's a moderate deal size. It's not the deal size of cloud, which can get to 8 figures. It's a deal size just smaller than that, but we do see less competitive activity in the XSOAR category.
And last but not the least, Xpanse attack surface management is a newer category where people are beginning to understand that the hackers can look at your entire vulnerability footprint from the outside. So you're better off having a clear view. For example, any customer that goes into a breach or post-ransomware actually wants to understand their entire footprint and the vulnerability associated with it. So we end up having an engagement at Xpanse whenever that happens.
What is going on is that with the formation of Unit 42, we're getting more and more involved in more incidents out there, and that's allowing them to drag and drop XDR and Xpanse in those. It's early days. But we have merged the forensic capabilities, for example, of Crypsis, which used to be a product Hadron that has been embraced into XDR and will go live very shortly where our incident responders can go deploy XDR and provide all the forensic capabilities that they do when a breach happens.
So early days. We are seeing more traction on Cortex. I think we announced that we have 2,400 customers. The only -- the real upside and opportunity for us is to go ahead and execute at scale over there to get into more and more deals because the product is there. Two years ago -- 12 months ago, we didn't have the product.
Walter Pritchard - SVP of IR & Corporate Development
Thanks, Keith. Next up is Gray Powell from BTIG, and on deck is Adam Tindle from Raymond James.
Gray Wilson Powell - Director & Security and Analytics Software Analyst
Great. So yes, maybe back on Prisma Access. What's been the reception with Prisma Access 2.0 so far? And do you see that product update with proxy capabilities getting Palo Alto into more traditional secure web gateway replacement deals or potentially improving the pace of new logo adds on the product set?
Lee Klarich - Executive VP & Chief Product Officer
Yes. Look, we were really excited about the 2.0 launch a few months ago, great reception from customers, really excited about everything that was in that launch.
Remember, this is where we introduced cloud management. So cloud-native experience on board -- easy onboarding activation. This is also where we launched the first-ever autonomous digital experience management add-on module. So this allows our customers to monitor the actual end user experience that they're seeing through the service to the applications they're accessing in addition to the proxy capabilities and cloud-based technology, et cetera.
So it was a big release, very well received. The adoption, almost all of the Prisma Access customers have now been upgraded to 2.0 and very smooth upgrade process. We're seeing great adoption in the new cloud management. Close to 100 customers are now using that in just the first couple of months of availability. The autonomous DEM, we're getting great feedback from customers, some early adopters and growing the pipeline of that as an add-on module that we can go and sell back into the Prisma Access customers as well as new customers.
And the proxy capability is interesting. As you know, we still believe most customers are going to want the full-fledged capabilities of Prisma Access and not just the proxy capabilities. But that capability has achieved what we wanted. It's removed that as an objection. It's allowed customers who need it to be able to move to Prisma Access and just removed that as a criteria. And so we're seeing a number of customers that are testing that and using it and happy we added it and made the change.
Walter Pritchard - SVP of IR & Corporate Development
Thanks, Gray. Next up, Adam Tindle from Raymond James and then Michael Turits with KeyBanc.
Adam Tyler Tindle - Senior Research Associate
Okay. I wanted to ask on profitability, whether it's Nikesh or Dipak wants to weigh in. You're seeing deal sizes increase, you're seeing cross-platform adoption, and those were helpful metrics for us. We typically associate those with very healthy contribution margin. You did talk about 50 basis points of operating margin expansion this year, but I wanted to ask beyond this.
Do you think that this is something where you can build on, you're hitting a turning point, we could see sustained margin expansion from here? You talked about 150 basis points annually a couple of years ago at an Analyst Day. I'm wondering the puts and takes to get back to that level of margin expansion.
Dipak Golechha - CFO
I think the honest answer is it's pretty situational, right? I mean I think every customer deal is different and like we're obviously going to lean in if we have to in order to do that. But I think what really drives us is making sure that we don't leave any money on the table. I certainly think that as the portfolio grows, as the attack surface area becomes more complicated, hopefully, the leverage moves more within -- towards our favor over time, and that will help us over time.
But I think in general, I would stand by -- it's always a focus area for us, and we believe that with scale, we'll come to margin expansion over time. But at the same time, we just don't want to leave opportunities on the table if they're there for the taking.
Nikesh Arora - CEO & Chairman
Yes. Just adding to that, Adam. I read your note, thank you for your initiation and upgrade. I noticed that you talked about operating margin leverage. And as many folks have highlighted in this call, we have 2 businesses, the network security business, where you can see the leverage, 42% free cash flow margins still growing at 26% of billings and 38% or some number in RPO. And that [takes the overall].
But -- so we see that's where the leverage is. We used that leverage towards the ClaiSec businesses. History of cybersecurity, nobody has built a $735 million ARR business in 2.5 years. So let's just like take stock and pause. And we didn't buy all of it. We bought some products into it, but it has been built by a lot of go-to-market capability.
If you benchmark that against the CrowdStrikes and the Oktas of the world or the Zscalers of the world, you'll see there's a natural evolution, which doesn't happen in 2 years. So do we believe there is operating leverage in future years? Yes, we do. It becomes a question of do I want to go hire another 300 salespeople and beat as many deals as CrowdStrike? Or do I want to hire 100 salespeople and have a lower growth rate because I don't believe I have the capability on the product side. Palo Alto Networks has never been in a position like today from a product capability perspective.
Our products resonate. We rarely get thrown out because our products don't cut it. And given the heightened security awareness in the market, we're seeing more traction because, as you guys know, our products are on the margin, slightly more expensive or premium than some of the other players in the market. As the security awareness or desire to have a more secure product goes up, it'd be better for us because the customer is more willing to be tolerant of a price point associated with Palo Alto Networks.
So honestly, I think I'm repeating what Dipak said, is that we don't want to throttle the growth opportunity for us. When I came to Palo Alto, we were growing at the low 20s. Now we just showed you 27 and maybe 28, 29, if you adjust for the annual plan stuff. And that's acceleration. And we like to see we can maintain high growth rates going forward. And that requires us to invest and look for leverage in future years. We'll do that as a management team.
Walter Pritchard - SVP of IR & Corporate Development
Great. Thanks. Next question from Michael Turits at KeyBanc, and after that, Patrick Colville at Deutsche Bank.
Michael Turits - MD & Senior Analyst
Nikesh, I think that one of the investment thesis here has been that you're the company most likely to (inaudible) consolidated security, but make that transition to software and to the cloud, and you're proving that out. But that said, you've also been doing a great job this year on the product/appliance side, up 3% year-to-date versus what you had guided to flat. So I'm just trying to get a sense for the dynamics of that in the next 3 calendar quarters. Do you -- could we get a boost from refresh of what wasn't done last year? And is there any constraint to that if it's going to happen from supply chain components?
Nikesh Arora - CEO & Chairman
That's a great question, Michael. I think the supply chain situation changes weekly. And you can see all those machinations play out in the market. As you can imagine, like other players in the market, we have some degree of inventory capability vis-a-vis our expected demand in the upcoming -- in the shorter duration and the longer duration. All bets are off in the industry, depending on how they bring up more fabs to go print out the chips and get them to us.
So the good news is, as I highlighted, we've moved 40% of our firewalling business to software. So if the industry starts to see supply constraints, we are able to solve the customer's problem by giving them capability, which is software-based. And we obviously will still have our baseline availability of hardware. We do have the units available for the recent announcements for our hardware launch, which we just did, which Lee can talk about in a second.
But again, I know we've talked about this, Michael, and we keep going back and forth on this is that I honestly look at the overall capability, the firewalling capability. And as much as I like product, I also like the idea of having more -- less and less reliance on hardware because I promise you, in a few years from now, you're going to tell me, "Yes, love your business. But still got this hardware hunt and kill requirement every quarter, you go punch the ticket and give me a hardware."
So we're trying to thread the needle with you here, trying to give you great firewalling growth, keep the revenue growth high, keep the cash flow high and still transform our business from hardware to software. But Lee, do you want to talk about the hardware launch?
Lee Klarich - Executive VP & Chief Product Officer
Sure. While we're transitioning the business, there's still a wonderful business out there for hardware, and the 2 new models that we just announced yesterday are pretty exciting really.
We introduced a new high-end appliance, scales up to 150 gig throughput with all security turned on, 75 gig with full SSL decryption, just amazing product for the large campus data center environments. The -- and then at a -- for the branch environments, smaller enterprise environments, we announced 4 new appliances in the 400 series. That basically 10x the performance of the previous platforms we had. And one thing that's, I think, particularly interesting about how we're bringing these new products to market is we -- they have all of the leading security capabilities that the Palo Alto Networks is known for, but we're bringing them out of price points that are incredibly competitive with even the -- some of the lower-cost vendors out there. And so we're -- same capabilities -- same great capabilities, leading capabilities, but at super competitive price points, changing the dynamic in the hardware space competitive space.
Nikesh Arora - CEO & Chairman
I can't get Lee to say this, but I wanted to say he keeps saying leading competitors. Yes. Palo Alto great security at X prices.
Lee Klarich - Executive VP & Chief Product Officer
We can't do it.
Nikesh Arora - CEO & Chairman
We can't do it? You can do it.
Lee Klarich - Executive VP & Chief Product Officer
Okay. Fine.
Walter Pritchard - SVP of IR & Corporate Development
Great. Last question here from Patrick Colville with Deutsche Bank.
Patrick Edwin Ronald Colville - Research Analyst
I was actually going to ask about the new appliances because I think that's super interesting. But I think Lee covered it pretty comprehensively there.
The questions we've been getting from investors over the last hour has been about the definitional change on ARR. So could you mind just quantifying what the certain cloud-delivered security service is? How much is that in 3Q versus 2Q?
Dipak Golechha - CFO
Yes. Let me give that a crack. I said that it was de minimis. It's less than $5 million. So just as a kind of like an overall number to be able to work through.
Walter Pritchard - SVP of IR & Corporate Development
Great. Well, that concludes the Q&A portion of the call. Thank you all for joining and asking the questions. We're going to -- I'm going to turn it back over to Nikesh for closing remarks.
Nikesh Arora - CEO & Chairman
Okay. I just want to take the opportunity to thank you all for joining our call. I also want to take the opportunity to thank the employees at Palo Alto Networks for all their hard work and dedication to allow us to produce these results. We are here because of what they do. So once again, thank you, everyone, and I look forward to seeing you guys in our individual callbacks.