Palo Alto Networks, Inc. (NYSE:PANW) Deutsche Bank 2020 Virtual Technology Conference September 14, 2020 6:00 PM ET
Nikesh Arora – Chairman and Chief Executive Officer
Conference Call Participants
Patrick Colville – Deutsche Bank
Hello, everyone, I appreciate you joining us today for this session with Palo Alto Networks and the CEO, Nikesh Arora. So, I am Patrick Colville, senior analyst at DB covering the cyber security and infrastructure software space.
The format of this session is going to be a video fireside chat with a listener Q&A. There’s a chat box where you can ask questions. The questions are anonymous. We’re not going to mention your name or company affiliation.
So, let’s do a kickoff with introductions. We’ve got Nikesh Arora, CEO of Palo Alto Networks with us. As everyone knows, Palo Alto Networks is the largest information security vendor and a firm that has got a reputation for driving innovation in the space.
Nikesh, thank you for joining us.
Thank you for having me, Patrick.
Q – Patrick Colville
Well, given time constraints, I’m going to jump straight into questions. I guess the elephant in the room right now is COVID-19. And so, a trend everyone’s familiar with, cybersecurity risks facing enterprise are only increasing, but how has the coronavirus pandemic affected that trend?
There’s been puts and takes. I think we all saw a heightened interest in remote secure work the moment pandemic hit because you had to go set up your business to allow for 100% of employees to be able to access stuff remotely. Not just that, you had to make sure they could access everything. So, typically, a company would schedule 5%, 10%, 15% capacity and you didn’t deal with the most complex apps because you can always come to the office and use them. Now, you’ve got to make sure everything is accessible from everywhere. So, we have seen both the capacity asked from people, but now that’s translating into architectural ask. People are saying, ‘Okay, my old model may not be the long term model and I might need to go to a different architecture if this thing is going to persist for a year, year-and-a-half. And you’ve seen that, right? Banks are going one week on, one week off, people are going two, three days a week. So, you need full capability at home.
So, I think that’s kind of accelerated some trends. I think the cloud computing trend is accelerating. I think people are sitting there and saying, how quickly can I migrate off my infrastructure? Because everybody’s been talking about the cloud. Okay, let’s use this opportunity to move our stuff to the cloud and be more robust and sort of more secure. And kind of like, they don’t want to manage too many moving parts. So, you’re saying let’s do that cloud transformation conversation as opposed to build out more data center capacity, which is more complex in a COVID environment.
So, you’re seeing cloud transformations, you’re seeing you’re seeing remote secure work conversations. In some cases, people who are further along their cloud journey, you’re beginning to hear them talk about SD-WAN security in the same breath. Say, how can I get my traffic router and how can I get it to be secure? So, I think that’s on the upside.
I think there’s a general concern that hardware is harder, no pun intended, to deploy in this environment. And you’re seeing that in large enterprise hardware businesses. They’re pointing downwards because that’s all they do. And you’ll see that – I think that trend will continue over the next 6 to 12 months where hardware is going to get harder just because it’s a complex deployment and it’s harder to upgrade and harder to deploy. So, I think you’re going to see that on the other side.
Outside of that, I think the question is, net-net, how many of the customers out there are seeing a positive or neutral impact from COVID? How many are seeing a marginal down impact and how many are seeing a harsh impact on their own P&Ls which is causing some degree of consternation or caution in the way people spend money. I think that’s more of a macroeconomic event as opposed to a company-specific event from an enterprise company perspective.
And, I guess, talking company specific for you guys in your results, it seems like COVID has been a pretty major tailwind for Prisma Access adoption. So, it’d be good to talk about what this tool offers for customers. And then, as the CEO of Palo Alto Networks, why you think Prisma Access should be a tool that your customers adopt en masse?
I think Prisma Access two years ago, we talked global protect cloud services and it’s a very lumpy revenue stream across the billing stream for us. And I think two years ago, we were lucky to see a $10 million quarter. And this past quarter, we saw $90 million. Obviously, it has CloudGenix in this. There’s a bit of CloudGenix in it. But there’s $91 million. That was – it’s all been built in the last 18 months. We’ve paid off a lot of technical debt, hired a lot of engineers, ported the entire platform to Google Cloud. And our largest customer is deploying 220,000 concurrent users if they want at any point in time. So, it has stood the test of scale. It has stood the test of security. And we’re seeing a lot more conversation in Q3. In COVID, we gave a bunch of free trials and we saw significant numbers convert in q4. So, we’ve seen the COVID impact in that number as well.
And I looked at these kind of numbers, just very impressive. They did $195 million. We did $91 million. Two years ago, we were not. We were not in pitching distance, or whatever your favorite sport analogy is. Really excited about the product capabilities we’ve built. I think the combination of that with CloudGenix is going to position it as a SASE product, which is a must have product category, I think, in future, as people do more and more cloud transformations. Yeah. So, we’re really excited about it.
Also, it’s kind of a substitution product, but you have a choice. If you want to give more remote access to your employees, then you can put more firewalls in a data center and no more VPNs, which is old tech. I think in the future, you understood the traffic, take cloud traffic to the cloud and data center traffic to data center. That requires a solution like this.
So, I think this product category and the product itself has legs, and we will see more of it in the next few years.
Go for it.
No, you said, tell us why people should pipe all of the networks, because you can’t take a Deutsche Bank trading application and work it from home using a proxy. You need a firewall.
Sure, okay. But you made a point about cannibalization, which is actually, I guess, fairly interesting. Everyone’s investors, everyone likes a bit in numbers, you used to be an investor yourself. So, how can we quantify this cannibalization, Prisma Access versus on prem.
I think, Patrick, what I do internally, is I look at the three form factors of firewall we sell. We sell hardware, we sell virtual firewall, we sell Prisma Access. If you added the billings for all three, if that number is growing in double digits, I’m happy. Remember, my firewall has a six year life. My VMs are typically three year contracts. My Prisma Access, three year contracts. So, I’m adding three year subscribe revenue billings and six year end of life product into one number and still trying to grow that in high double digits or mid to high double digits, I think we’re taking share of the market.
Now, there are people out there who are selling hardware and tracking that and saying that’s growing at double, they are taking share. But a lot of people are – many people we know in the firewall business are low single digits. So, I think that people with high double digits are taking share. We’re taking share in hardware and software form factor. Some of those are taking share in hardware form factors. And I said hardware gets harder. So, I think software wins in the long term. That software eats the world.
Yes, exactly. And I guess, in that space, in the software space, you mentioned Zscaler. They’ve got a great product. The number is looking pretty favorable as well. Talk us through Prisma versus Zscaler and I guess how you guys win?
This is not the Internet. This is not a zero sum game. I’m perfectly happy with 40% market share in any category. I’m perfectly happy with that. And if the numbers keep growing the way they are, we will have transitioned the hardware business into a robust hardware and software business. Couple that with everything else we do, I think we’re in a good place. I think they have a solution which works a certain set of customers. We have a solution that works for a certain set of customers. We have 1,500 customers who deploy our firewalls in the global 2000. We did have a product for them two years ago which did a software sol for remote secure access. So, now we have a solution and they have a consistent management pain that allows them to do what they do in their data center with our software delivered firewall in the cloud or the VM. So, we haven’t this large install base to go target that solution. So, I think there’s enough room for us to peacefully coexist. It’s just that there won’t be a runner up [ph].
For the investors listening, I want to make this as interactive as possible. So, any questions, please use the chat box or email me. I’m on [email protected] or use the chat box.
So, Nikesh is coming from an investor. Q4 was a pretty impressive billings print, no doubt. Question from investors. Was the Q4 benefited from a pull forward from the first quarter because the first quarter implies a fairly steep seasonal decline? So, just any color and context around that would be great.
Yeah. Purely mathematic. The bigger Q4 is, the lower Q1 looks relative to that. So, yes, we had a big Q4. So, by definition, Q1 looks a little less interesting than Q4. And there was – Patrick, it’s interesting. In my two-and-a-half years here, we saw – this is nearest to perfect execution we saw in Q4 that we’ve seen in the company. Very few deals slipped out of Q4. Normally, we see a reasonable number of slip into the following quarter. So, there was ample deals that got done. There was a bunch of pull forward. So, you did see a great set of numbers in Q4. So, some of it has pulled forward. Some of it is customers looking for more certainly, signing ELAs sooner than they probably needed to. So, yeah. So, there’s some of that that’s coming in the comparison.
But the other part of it is, we still continue to be watching the market to see that it will see some macroeconomic wins to some of our customers. There’s a spectrum. Some customers are getting tailwinds because of what’s going on in the market. Some customers are marginally on the upside. Some customers, tech is the only thing working, so they’re trying to invest in tech for their price conscious. Some customers are seeing no demand. So, their revenue is hurting, they’re pushing back on everything that they’re spending. So, we have the same spectrum of customers out there. So, we’re just cautious of the ones who may not be able to play in the current environment. COVID being continued or sustained for longer causes us to watch on the margin what’s happening for our customer base.
Okay. You’ve touched on this earlier, but the demand for appliance-based firewall, so I guess reading between the line of commentary, it didn’t seem like it’s the focus. But can we just talk about the appliance firewalls and some metrics to help investors kind of quantify this around either deal sizes, churn rates, closing and anything that COVID-19 might have changed that you could think is worth probably flagging?
Patrick, I will answer that question, but I will also make a plea to all investors. This is a very backward looking conversation, the hardware conversation. And I don’t mean that in a pejorative sense or I do not mean to question the intelligence of the question. But if you look at our business, we have a firewall business which has approximately billion dollars of product in its billings. A significant – three plus billion dollars, or whatever remains, two-point-some-billion dollars of subscription billing is connected to hardware, but also connected to our next generation security. Then we have $928 million of next generation security billing.
What’s happening is that our product proportion of our total billings has declined rapidly this year relative to the overall purely mathematically, by product being flat and everything else growing in the 19%, 20% range.
If that trend continues, product continues to become a smaller and smaller part of our overall billings. The quality of that revenue becomes more and more – billings and revenue because more and more SaaS like in the future.
So, as you play the movie over the next two, three years, you will see that product is less interesting at Palo Alto Networks and software becomes very, very interesting at Palo Alto Networks.
If you notice, I started showing here our metrics. We’re beginning to look at deployment rates, net retention rates internally to make sure we understand how to create that flywheel that SaaS companies have.
And if you look at this year, I think it was a pivotal moment. $928 million of billings has shown approximately less than 100 – around $100 million of revenue this year. 300 plus million dollars of revenue will unfold into our P&L next year from our $928 million next generation security billing.
If we can indeed grow NGS next year in the billion plus category next year, you will see that impact also roll into our numbers. Now, it has two interesting impacts. One is trust that I have revenue growth for the company in a more sustainable, more predictable fashion because tremendous amount of revenue falls off our deferred revenue into our P&L. The second part is, what people need to just pay a little bit of attention to is our operating margins are really driving them to flat because we have a lot of upfront costs in NGS. We have sales commissions which all kick in, we have deployment costs which all kick in, we have cloud hosting costs for proof of concept which are one-time amortized by us, written off by us [indiscernible] which all hit gross margin.
So, in two and a half years, you should see some degree of gross margin improvement in our NGS business from cloud hosting efficiencies and deployment costs normalizing relative to the overall number. And secondly, you should see operating margin expansion because my quality of my year two revenue is way higher operating margin than year one.
So, you’re going to see the SaaS benefits at Palo Alto Networks in the 18 to 24-month timeframes, at which point in time the product conversation becomes, ‘product is interesting right now because it has disproportionate impact on our P&L from the revenue impact.’
Having made that plea, I will answer your question, so I’m not [indiscernible] dodge the product. Product, there are two things going on specific to Palo Alto Networks. One, when a customer walks up to me and says, I like to have remote access to all my customers, I have some Palo Alto firewalls in the data center, can you give me more firewalls? I say have you tried Prisma Access. Do that because I can give you software capacity in the cloud and you can dynamically adjust the capacity based on number of users. So, when we get out of COVID, you don’t have to be using that anymore. Or beyond COVID, you can use that [indiscernible]. You don’t have to go to 50 different locations and deploy a firewall everywhere because you’re driving your traffic from the cloud into your data center remote use cases.
So, I am referencing a software sol versus hardware in certain situations, right? So, part of it is, like I say, used the word cannibalistic. And that’s on purpose because I would rather have higher quality software revenue – and by the way, it’s a better outcome for the customer. The cost of ownership is lower, the deployment costs are lower and the upgrade costs are lower. So, that’s a good outcome for the customer and it’s competitive. It’s competitive advantage. I can do that and many people can’t. So, that’s kind of one impact of it.
The second impact is, hardware’s life cycle are six months. Sale life cycle. And I think, in the last six months, with everybody being home, COVID, people aren’t being in their offices, logistics, deployment, I think hardware is hard in this time. And I’m just being cautious to make sure that that impact doesn’t hit us and people get surprised. Oh, my God, yeah, we get it it’s cool, we get it it’s hard to deploy, but you never realize that. So, that’s the second part.
And the third part, to be honest, I think this is more my gut than more data and hard data [indiscernible] over time, I think the cloud transformation conversations have accelerated in the last three or four months. People are beginning to see, can they move to the cloud quicker. And that typically means that people pause data center spend and start migrating to cloud, start talking about moving to cloud workloads. So, I might see more VMs get spun up in the short term because people want that excess capacity in the short term, but they are eventually trying to move to the cloud. Some of them will end up in a hybrid situations. So, all these things call for more software form factor deployments, which is the right answer from a technological infrastructure perspective. So, I’m just being cautious. I’m telling my teams, make sure you give me double-digit firewall as a platform growth because that means you’re playing in the software space, you’re playing with Prisma Access. I’m less positive about product, but the Street seems to be more positive about product.
That’s a very comprehensive answer. So, your guidance was for flat to slightly down product growth. And since the way that – I don’t want to butcher your words, but that product is Palo Alto’s legacy, the future is software and cloud delivered, and so that kind of flat to slightly down is not really what you should focus on. You should focus on the, I guess, software delivered form factors, Prisma Access, et cetera, because that’s kind of really where the puck is going for Palo Alto and that’s kind of where you want to take them.
I’ll take that one step up and I’ll say that the industry is migrating from a – needs to migrate from a hardware to software platform solution. And as long as the industry is growing at about 2% to 5% on the firewall side between hardware and software and as long as I’m growing twice or three times that rate, I’m taking share in the long term. And if you focus on [indiscernible] share of the firewall capability out there, I’ll be happy two years from now with more firewall as a platform share than less and if that means that I’m more biased towards wanting software share than just hardware share.
On the kind of software, hardware kind of space, CloudGenix, that was a big acquisition you guys did at the beginning of the coronavirus crisis. What’s the feedback been there? SD-WAN is obviously one of the kind of hottest areas in cybersecurity. So, I’d love to talk about early product feedback in SD-WAN and how that’s changing as a result of COVID.
I’ll tell you, long term, all these acquisitions we’ve made, we’ve made with the point of view of TAM, where the puck is going and where we believe the customer needs are going to be. If you look at what’s happening, two, three years ago, when you went to the market – I joined Palo Alto, we were talking about cloud transformations, people moving to the cloud. So, we’re still talking about moving into one cloud, go to GCP, Azure or AWS. What’s happened in the last two-and-a-half years is that, suddenly you’re seeing a wave toward multi cloud. You’ve got 1,800 customers in Prisma cloud. Most of them are multi cloud customers. They’re not just on one platform because typically they end up using AWS, GCP, Azure tools if they’re just on one platform, but when you have multiple platforms and on-prem, you start using that. So, you’re seeing that shift has happened towards multi cloud.
I’ll give you a case in point ourselves. When I came two years ago, we had our own data centers. And we did everything in our data centers. That’s like, if you want to do a cloud hosted service like Prisma Access, we should put on GCP or Azure or AWS [indiscernible] GCP. It still took us 12 to 18 months, Patrick, to get on to GCP and move 70% of our infrastructure there. So, every cloud deal you hear about today, whether it’s Adobe or Walmart, they’re still in the early innings of their journey. They’re going to take two, three years to get most of their applications in the cloud.
But let’s assume that two to three years from now and different people are on different cohorts, when that move happens, 20%, 30%, 40% traffic is in the cloud, it will make no sense for me to take all my traffic back to my data center because I have to go to the cloud, half my traffic has to go to the cloud. At that point in time, you’ve got to get rid of expensive MPLS and go with SD-WAN. At that point it’s important for SD-WAN to be secure.
So, I think the puck is going to secure SD-WAN, secure access, secure edge, which means you need both security and networking in a single product. So, we’re really good with security. We’re leveraging a lot of Google networking underneath it. And we’re going to leverage the SD-WAN capability of CloudGenix. That’s how we’ll deliver a SASE solution to our customers, so tomorrow when a large retailer says, wait a min, how is my traffic going all the way into the cloud, why do I have expensive MPLS lines going to my data center which are large cable lines going in there, let’s rip that out and you’ll see they’ll see 50% cost savings ripping on MPLS, putting SD-WAN in.
So, this is a category that pays for itself over time. So, I think that it’s still early innings of SD-WAN, but over time you need SD-WAN and security to be best of breed and be able to combine to be able to win those deals.
And what did CloudGenix bring that you guys didn’t have standalone? You guys have a phenomenal R&D team. So, what does this kind of scale up bring that you guys didn’t?
Two things. What happens is that, first of all, if you deployed SD-WAN, there are components in SD-WAN and there is an architecture of SD-WAN. The components are our firewall. Our firewalls can do SD-WAN capability, so can other people’s firewalls, and all the firewalls will have SD-WAN capability. You can put them into an SD-WAN architecture and be able to use them because you need to talk to both sides. Point A needs to talk to point B to figure out what’s the least cost routing for getting the traffic as fast as you can. So, our firewalls have the capability, our controllers have that capability and you can put on firewalls into SD-WAN architecture.
The question is, can you use me as the management control pane to manage that SD-WAN architecture. We don’t have that. That’s what CloudGenix brings. And it’s based on the – we actually deploy it on the cloud. They actually use some very interesting AI where they actually don’t have to talk to both ends. They can – based on AI, they can figure out the least cost routing and give you a cloud delivered SD-WAN pane. Couple that with the cloud delivered capability of Prisma Access, we can merge those two into one cloud pane and say, now you can do SD-WAN metrics and security at the same time because there’s a lot of interplay between networking and security. Right? If you want to go from point A to point B this way, as opposed to this way, that’s SD-WAN setting you to do that. You want to make sure your security is in lockstep with your packets moving across your network.
So to paraphrase that back, it’s more the management plane and I guess the networking components that they brought to the table. And it’s kind of really, I guess, filled out the product set.
Well, they’ve been at it for seven or eight years. Right? So, they’ve developed expertise in the whole networking piece. And yes, I’ve got a great R&D team, but my R&D team, 90% of the time is focused on security than on networking. So, I needed the networking competence as well, which is what they bring, and they bring security competence. And because they’ve been around longer than us – Prisma Access has been only around 18 months – we have a lot of customers they bring which we can go down and pitch Prisma Access to and vice versa.
Yeah. I guess in your two-and-a-half years as CEO, you’ve done a number of kind of tuck-in acquisitions. That’s been something that we’ve seen – it’s been a strategy of yours. Thinking about the product portfolio, thinking about the cybersecurity landscape, where do you feel that there could be areas that there might be need for Palo to address any holes?
In the last two-and-a-half years, we’ve looked at every part of the security market and seen which part is there value for us to play in and which part is there no value for us to play, right? And we play organically and we play with M&A. So, I’d say cloud security was a blue ocean. There is not many players out there. We made four acquisitions. We’ve integrated three. We’ll integrate the fourth one next month. And we win 7 to 8 out of 10 deals. That was an opportunity. We looked at it, we grabbed it with Prisma cloud. We think that we’re in a good space and everybody is now – they’re trying to play catch up. So, I see, I hear every day that some CASB vendor is building CWPP and CSPM. I hear that McAfee is building that capability. I heard that SentinelOne is building cloud security. CrowdStrike is building cloud security. So, everybody’s is figuring out. There’s a market there and they’re chasing it from their vantage point. But we spent the time and effort. We think we’re 18 months ahead of most people in the cloud security space with the integrations we’ve done. And that was blue ocean.
There was a category where remote secure access, as you saw, which one company was running away with it and we basically intercepted them, we started Prisma Access with about 200 engineers on the project, with GCP backplane and we’ve deployed our go-to-market teams against it. So, we felt that maybe we wanted to – we want to play in that space of reckoning because everybody will have to get away from VPNs over time. So, VPNs are going to go away and this is going to be the new way of accessing remote branches and remote security. So, those areas, we did what we needed to do.
On the firewall side, we don’t do much acquisitions. We felt one area of IoT security where we took a differentiated approach and said, look, we’re just going to make it easy to deploy some firewalls, you don’t have to go put another appliance in there. That’s kind of our subscription strategy in firewalls. We did that.
And the other category we have built over time is the XDR category where we compete with CrowdStrike which again – there was CrowdStrike, Cylance, Carbon Black and Cybereason. I don’t know where Cylance is. I think it’s somewhere out there. Other than BlackBerry, don’t see them much. Carbon Black is with VMware. CrowdStrike is CrowdStrike. Ported XDR solution [indiscernible]. We were number 14 on the list of 10 endpoint vendors. Now we’re in the top three where we get consideration from everybody because we beat some of the competitors [indiscernible].
So, we built capability in endpoint because we believe that’s an area which is a must have. We built capability in data analytics, ML and AI which I think is the next frontier of cybersecurity. And if you think about it, that’s where you will see us focus more and more to make sure we get more and more of a robust capability, in ML and AI because I think that’s the frontier. That’s what allows you to do instant remediation today. Cybersecurity still takes 50 to 60 days to solve a breach. I think that’s too long. I think by then companies can be shut down. If a financial services institution has been breached for over three days, I think the SEC will ask them to shut down. So, you can’t afford keep opening up your infrastructure to customers, to vendors, to third parties if you go to public cloud. You can’t afford offline security.
I guess, in the AI/Ml, the space that kind of excels in is in when you’re doing a lot of log management and log crunching. So, it’s what you’re referring to, that kind of SIM, SAW security operations type area, that’s kind of where you’re seeing most kind of, I guess, interesting developments.
I think it’s more than that. Patrick, to be honest, I think the last generation was log ingestion and SIM. And I think that, again, is very offline. Like log ingestion is dump a lot of security data and then everybody has apps on how to query that data. Actually, it doesn’t do much online remediation. There’s no cross correlation happening online. So, there’s a bunch of companies that do data ingestion and data dumps. Then there’s a bunch of companies that take that data and put all the alerts into a beautiful screen and say, now, dear customer, put some rules in to tell me what is more important? Well, if I’ve got to tell you what’s more important as a customer, what’s your value add as a security company? Give me all your data, write your own rules, what is that? A UI? That’s what next generation – that’s what a SIM is. So, what we’ve done is saying, we’re not going to take data dumps. In XDR, we take all the data from an endpoint. We cross correlate that with firewall data and say, ‘Hey, this alert you saw on the endpoint in the firewall, this is the same thing. We’re cross correlating, reducing that by 50x. So, we’re actually adding value by reducing. Then we’re running behavior analytics against that stuff and telling you what’s most important. We just ingested identity data and start telling you, maybe you can cross correlate against identity too. So, what we’re doing is, we’re building a single normalized data lake against one set of source of truth.
So, the only way we do ML and AI is you have to anchor on some source of truth. If you don’t anchor on source of truth, you can’t do AI. That’s where the big difference is. We don’t ingest everyone’s data. We ingest what we believe is good quality data. So, if you want an AI/ML solution, you have to take XDR from us. Without it, we can’t do AI, ML for you.
And then, if you take XDR, we can keep cross correlating more and more data in the enterprise against it, which we are building more and more capability. Once you can do that, we can tell you, don’t bother about these 5000 alerts. They’re silly because they’ve been cross correlated and they’re the same thing. They’re just different ways of looking at that thing. Today, what customers do, they’ll take CrowdStrike, follow up with a firewall from another place, Prisma Access, there’s no correlation [indiscernible] data pieces. If I take my XDR and follow up with Prisma Access and firewalls, I can cross correlate and reduce the number of alerts by 50x. That makes the life of a stock analyst a lot easier.
In our own SAW, we’ve gone from 50,000 alerts to 500 events that our teams look at. So, you’ve got to get to some degree of elimination of noise in the cyber industry.
Next. I guess the acquisition of The Crypsis Group was something that you guys did made in your results last month. Just talk us through, for those who don’t know about the deal, what they are, what they bring, and then I guess why you needed to do it? What was the kind of reason to pull the trigger?
Yeah. It’s interesting, Patrick. One of the things, as we analyze the competition, as we analyze the market, realize that there are SI channels. You can go to Accenture, Deloitte, you can go sell with them. There are SD telcos who will sell with you. But these are all peacetime efforts. Right? A wartime effort is when somebody has an incident who responds. That’s when they need it the most. So, they will typically call Mandiant, they will typically call CrowdStrike nowadays, they’ll typically call Crypsis. And CrowdStrike will leave back CrowdStrike. They’ve announced in their earnings that they have 1:$3.77 of product leave behind on incident response. FireEye still manages – Mandiant still manages to get behind FireEye products, I don’t know why, but that’s fine.
And we’re sitting here and saying, we’ve got a great product, but we don’t even see these 1500 incidents or breaches that happened because we don’t know when it’s happened. Nobody tells you when they’re being breached or been breached. So, this way now, we have insight into 1,500 breaches where Crypsis goes in to solve the customers’ problem, and we can help with our tools and, hopefully, that if we can get anywhere close to CrowdStrike’s leave behind, that’s a nice jump on our XDR business which is six months old. So, yeah.
Crypsis is actually well run business. Their gross margin is not quite like software gross margin [indiscernible] gross margin, but they’re not bad. And if I can couple that with the product leave behind, I think that’s a huge opportunity for us. We didn’t pay – we paid services company type multiples. So, it’s not SaaS company multiple as we pay to acquire the business. I think they were just – they fit perfectly into our Cortex strategy of being a – sort of giving us the heft on the IRBs, which some of our competition has which we don’t.
And then what’s the timeline for integration for this vision to become a reality? Are we talking September 2021?
Crypsis does not need integration. They have a product called Hadron, which is 10 people. We should be able to integrate in two to four months into XDR. But that doesn’t stop them from doing their day job and going in and telling people, hey, we’re part of Palo Alto Networks. And if you think that product – we know a product that you can use, they’re not using our product to remediate a breach. They’re just going in with their own product called Hadron. They’ll do the remediation and they’ll – and if interested there, they’ll bring our Cortex sales team and give us a lead.
Can we switch gear to public cloud because you briefly touched on it earlier, but I think it’s critical to double click here? Pretty sure no one will disagree that this coronavirus has proven that the public cloud delivery model works great in the enterprise. And the likely outcome is 2020 to 2025. There’s going to be an acceleration in public cloud adoption. And just trying to think Palo Alto’s positioning in that new paradigm. I think the biggest question really I get from investors is the dynamics between independent software vendors and cloud service providers. There’s this kind of frenemy relationship that why – if I’m a CSO, do I need to layer on Palo on top of my GCP, AWS or Azure environment?
I’ll give you a very simple answer. There’s 1,800 customers who felt it important to layer on Palo Alto Networks. Two years ago, if you had asked me that question – 1,800, we cover 42% of the Fortune 100. Why? Because everybody has multiple cloud providers. You can go deploy containers with Microsoft, with Azure – sorry, with Azure, with GCP, with AWS and with VMware. Now which container security product are you going to use? Are you going to Microsoft products? Well, it kind of doesn’t work in integration with AWS and GCP. Which one are you going to use?
So, typically, moment customers ends up on multiple platforms, we’ve kind of like – we’re neutral because we don’t have a cloud platform. So, we have to make it work with everything. We can do container security across every platform. We can merge container security and [indiscernible] security between platforms. We can now take serverless and make it with one agent with container and serverless. We have the same agent that’ll work with segmentation with Aporeto. That’s the same agent that’s going to work with our WAF RAS. So, we have one agent across seven – five modules. And we have seven modules that work together. So, even if you were trying to replicate what we do, you’d have to self-integrate these three modules from AWS and two modules from GCP and three from Azure. So, if you want customers to spend their life trying to integrate across seven different security sols across three different clouds, they can. But it’s way more efficient for them to use our product and our products have APIs into the native products of cloud providers. It’s not like we’re generating our own data. We’re taking their data from AWS, GCP, Azure. We just launched a new product called IAM,0 identity access management for the cloud. So, if you have a developer, he’s developing an AWS on GCP and Azure, as a manager, CIO, your choice is to give them rights for each platform in each of the native tools or you can give that in Palo Alto IAM and we will just, through APIs, deploy that capability across all clouds and make you consistent. It’s kind of like Okta, right? That’s what they do. We’re just doing it to the cloud, using connected workloads and security, so you can see [indiscernible] exposure.
So, the reason we get in is because of the fact that customers are multi cloud. The hardest customer for us is ones who say, I’m only going to one cloud and I’m not going anywhere else. There are customers out there like that, but less and less.
I guess when does this hit numbers because we can point to a number of kind of fairly big companies in the endpoint space, in the SASE space, in the public cloud security space. There aren’t any kind of companies with significant revenue streams, which suggests to us that the market is still fairly nascent. So, when does this translate into hitting the P&L and looking kind of interesting? And, I guess, why now?
Well, I’ll tell you why. Because two things. One is, we’ve all been hearing about the public cloud. If you go ask your own companies, whichever companies or their customers, and say, what percent of your public cloud transformation is done. And I’ll wager you that the average answer you’re going to get is 15% to 20%. Right? Walmart’s not done. Adobe’s not done. Palo Alto is not done. We’re in the 60% range. But we move fast because we have products that need it. So, you go around the Global 2000, 90-plus-percent of those are legacy businesses, not 10%. It’s like, yes, Airbnb is done, Lyft is done and Uber is done and DoorDash is done, those guys are done, but that’s where they started. But most traditional guys are not done. So, as you see more important workloads move to the cloud, people get more conscious about security. They’re not conscious. You don’t have your most critical application – most critical applications are running in data center. DB has a – you should go talk to your CIO and ask him how much of mission critical stuff is in the cloud? I would wager a guess that he’ll say none. So, do you need to secure that stuff? Probably not. You put your trading system in the cloud, you better secure the damn thing. You put customer accounts in the cloud, you better secure it. So, the reason is now is because people are starting to move mission-critical applications to the cloud. When they do, they want to make sure that this stuff doesn’t get breached. You’ve seen Capital One, Target, all these guys move stuff on to the cloud because they had – then they used – some of them will use open source security solutions, which is a bad idea. Do not use things that people contribute to for security, generally speaking. That’s not a good idea. It’s like going and buying a lock that was made in a nation state which doesn’t really put the keys right. So, don’t do that.
So, from that perspective, now because people are beginning to think about moving mission-critical workloads to the cloud, now because you’re seeing the migrations begin to pick up. So, I think we confuse ourselves. When you see the big cloud deals, they take three to five years to deploy. [indiscernible] scale yet. As I said, we win seven out of eight deals. We lose to people who are single cloud. So, we lose to people who are looking for a point solution where they’ve gone and done a deal with somebody and negotiated a really good price for one piece.
So, if I was to paraphrase that back, it’s that mission-critical workloads are not yet running in the cloud for the bulk of enterprises. And when they do, that’s typically when you get the attach of security, if I understood you correctly. And, I guess, the way I should think about as investors, that’s kind of – that goodness is still to come that, at the moment, it’s about building footprints. But the revenue impact is kind of in the out-years.
Look, it’s a good number for us from where we acquired all these companies. They barely had any revenue – or any billings and we are beginning to see it become more and more interesting in our numbers. But I think what will be interesting is three, four years from now, you turnaround, look and say, wow, that’s amazing. You have thousands of customers in cloud security and their workloads continue to increase or renewals will get more and more interesting because, don’t forget, we sell into it, but – and I honestly ask all of you to go back to your own organizations and ask them how many workloads have we moved to the cloud because the financial services industry is notorious for not having moved yet. And you’ll realize if you believe 30%, 50% of those are going to end up in the cloud four or five years from now and they’re very security conscious, you will find that there’s a natural tailwind associated with cloud security, which will effectively become more and more real as more and more stuff moves.
Interesting because your point earlier was that, in firewall, we’re moving from a world of appliance-based firewall to kind of SASE and I guess cloud-based firewall and that we’re in a bit of a pocket of air as that subscription revenue, I guess, makes up for the shift from product. And so, your point here is, in the kind of, I guess, the public cloud security space, that’s to ramp. I don’t want to give you – put you in a spot and make you kind of get long-term guidance, but I guess is the way that one could think about it is that when the transition phase now and a lot of these kind of engines are firing, but the financial impact is going to come in a bit.
I don’t think that’s fair. I think we grew billing 32% this year. So, that’s financial impact. I think we built $928 million of next generation security. We’re saying that grew at 105%. So, I hope that’s financial impact. I think the shift you’re seeing is that $928 million in billings didn’t show up as $928 million of revenues because that was hardware firewalls. It would not be in a transition if we do a billion dollars more in revenue. But if you look at my deferred revenue spiking because all that stuff getting layered on the balance sheet and over time is going to unfold into my P&L.
So, I think you have a leading indicator. It’s called billings. The leading indicator is called deferred revenue. And that’s what happens when you do a hardware to software transformation and beat not growing the billings at 32%.
I guess my final question is about – on the cost side. You’re in all these areas. You’re in firewall, you’re in ADR, you’re in cloud-based security. So, you guided for flat margin year-on-year. Is the thinking behind that that you basically – you need to compete against the best of breed vendors on those spaces and you’re optimizing for the top line?
Yeah, partly that, Patrick. And partly, I think it’s the transition impact. Right? So, the more I shift from hardware and software, the more my billings keep rising, but my revenue is for a later period in time. But my costs are still real right now. So, what happens is, my costs are all up front. So, if you take a look at typical SaaS company in the first two, three years of their hypergrowth years, you’ll find there’s margin compression. And then, margin expansion happens after two, two-and-a-half when you begin to see that revenue falling off the deferred revenue line and showing up on your revenue line and your revenue growth rate continues to stay solid for a long number of years or many number of years as long as you’re growing your billings.
So, I think we’re in that phase. We’ve had one year of hypergrowth in our billings. Hopefully, we continue this for a year or two more, and you’ll start to see that revenue unfold on to our P&L and you’ll start to see our margins expanding by themselves. But for now, you’re seeing us load up front end for sales costs, deployment costs, cloud hosting costs, which also will scale over time. So, you’re seeing the margin compression in gross margins and operating margins, which if we separated the two “P&Ls” for FWAP [ph] and for NGS, you will see them mirroring what you would expect a steady hardware business versus a SaaS business do if you put them together.
Got it. Well, a lot going on. It’s fascinating times at Palo Alto Networks. Thank you so much, Nikesh Arora, CEO. Really appreciate your time. Have a great rest of the day and keep following the company closely.
It’s time for you to crack that bottle of Chianti given where you are.
Cheers. All the best. Bye-bye.