Good day, and welcome to the Palo Alto Network's Fiscal Second Quarter 2019 Earnings Conference Call. Today's conference is being recorded. At this time, I'd like to turn the conference over to Jeff True. Please go ahead, sir..

Good afternoon, and thank you for joining us on today's conference call to discuss Palo Alto Networks' Fiscal Second Quarter 2019 Financial Results. This call is being broadcast live over the web and can be accessed on the Investors section of our website at investors.paloaltonetworks.com.

With me on today's call are Nikesh Arora, our Chairman and Chief Executive Officer; Kathy Bonanno, our Chief Financial Officer; and Lee Klarich, our Chief Product Officer. This afternoon, we issued a press release announcing our results for the fiscal second quarter ended January 31, 2019.

If you would like a copy of the release, you can access it online on our website.

We would like to remind you that during the course of this conference call, management will make forward-looking statements, including statements regarding our financial guidance and modeling points for the fiscal third quarter and full fiscal year 2019; our competitive position and the demand and market opportunity for our products and subscriptions, benefits and timing of new products and subscription offerings; our ability to drive outsized growth rates; and trends in certain financial results, operating metrics, mixed shift and seasonality.

These forward-looking statements involve a number of risks and uncertainties. Some of which are beyond our control, and which could cause actual results to differ materially from those anticipated by these statements.

These forward-looking statements apply as of today, you should not rely on them as representing our views in the future and we undertake no obligation to update these statements after this call.

For a more detailed description of factors that could cause actual results to differ, please refer to our quarterly report on Form 10-Q filed with the SEC on November 30, 2018, and our earnings release posted a few minutes ago on our website and filed with the SEC on Form 8-K.

Also, please note that certain financial measures we use on this call are expressed on a non-GAAP basis and have been adjusted to exclude certain charges.

For historical periods, we have provided reconciliations of these non-GAAP financial measures to GAAP financial measures in the supplemental financial information that can be found in the Investors Section of our website located at investors.paloaltonetworks.com.

We would also like to inform you that we will be presenting at the Morgan Stanley Technology Media and Telecom Conference in San Francisco on Wednesday, February 27. And finally, once we have completed our formal remarks, we will be posting them to our Investor Relations website under Quarterly Results.

And with that, I will turn the call over to Nikesh..

Thank you, Jeff, and thank you, everyone, for joining us this afternoon for our fiscal second quarter 2019 results. I'll go briefly through our financials, give you a progress update on our three focus areas of securing the enterprise, securing the cloud and securing through our Application Framework.

And finally, I'll provide a little more color on the Demisto acquisition. Starting with our financials. I'm pleased to report that the team has delivered another outstanding quarter. Fiscal Q2 revenues of $711 million represents year-over-year growth of 30% and non-GAAP earnings per share increased by 44% to $0.151 - sorry, $1.51.

There have been a number of big wins this quarter. There are a few I'd like to highlight. We continue to see success around the world in our next-generation firewall business. People are getting more security conscious, and want to deploy our firewall with the attached subscription.

To note, during the quarter, we did a large deal with a data center in Europe at one of Europe's most prestigious car manufacturers, and had a significant expansion our hardware footprint, one of the largest online gaming companies in the world, as well as in one of the largest retailers in the world.

We are beginning to see fruits of our speedboat strategy with our increased focus on GlobalProtect cloud services, we've had a few spectacular wins, one to secure 25,000 mobile users at a global financial services company and another to secure 80,000 mobile users for one of France's largest state-owned public services.

We also won a very large VM-Series deal with several subsidiaries of one the largest broadcasting companies in the United States, and we won a deal to secure 47,000 endpoints at one of the largest university health care systems in the United States as well. Expanding more on our three strategy focus areas.

First, let me talk about securing the enterprise. Over the last 11 plus years, we transformed the network security market with our next-generation firewall. We use the firewall as a platform to deliver tightly integrated security services.

We've had great success with our attached subscriptions, the most successful ones having attach rates of about 90%.

Earlier this month, we announced the release of PAN-OS version 9.0, which added over 60 new features, including the policy optimizer, which helps teams replace legacy rules with intuitive policies to provide better security and are easier to manage. I'm excited about our new DNS security subscription.

This is our first new DaaS subscription since 2011. The subscription utilizes machine learning and predictive analytics to proactively block malicious domains and stop attacks in progress, the only service with level of capability to be integrated with the firewall.

This continues our practice of reducing the number of disparate point products and making security better, easier and more effective. We are working hard to win future subscription with our software releases, providing our customers more integration on the cybersecurity solutions in enterprise.

We believe the next-generation firewall will continue to serve as a platform for security services in the enterprise. We also have expanded our hardware family. Our new PA-7000 series features throughput capabilities at 2x the nearest competitor, and will be especially useful to customers with large data centers and high volumes of encrypted traffic.

Additionally, we announced the availability of our K2-Series. As we discussed on last quarter's conference call, the service provider market has become a lot more interesting to us with the adoption of IoT and the advent of 5G, where security will be a primary concern.

Our new K2 series aggressive this market, simplifying operations by offering unprecedented visibility, automation and consistent protection. And finally, we continue our investments in Advanced Endpoint Protection with Traps 6.0, which we announced earlier today, endpoint security just got a lot better.

The new behavior threat prevention engine allows Traps to prevent attacks based on their behavior. Trap 6.0 also introduces container security protections, and this data collection predicts the arc, which I'll talk more about later. We're proud to serve close to 4,000 Traps customers, almost half of whom manage Traps from the cloud.

Turning to our second focus are, the cloud. We continue to be laser focused on delivering technology that enables our customers in the cloud journey by delivering the broadest set of security capabilities across all clouds and cloud configurations. As of the second quarter, approximately 8,000 customers are using our cloud offering.

The speedboat we created around cloud and the acquisition of RedLock last quarter is already showing positive results. We have exceeded the original forecast for our RedLock business by more than 50%. This is a great example of the power of combining a best-in-class product with Palo Alto Network's execution and distribution.

Additionally, our in-line cloud security VM-Series was recently expanded to include support for the Oracle cloud and initial trials of the Alibaba cloud. They improved performance of the product by up to 2.5x and added many new and enhanced capabilities for operating in both public and private cloud environments.

We're very pleased with our continued progress with the VM-Series and success we're seeing with customers. The third focus area of our strategy is harnessing the power of advanced AI and machine learning.

We started this strategy with the announcement of Application Framework 18 months ago and are proud to announce Application Framework 2.0, which is now called Cortex. We believe this is how security will be managed in the future. Cortex is a significant evolution of the Application Framework.

It is the industry's only open integrated AI-based continued security platform. Cortex has been deployed in the public cloud, allowing us to leverage its features and scale, rapidly deployed AI. We're also announcing the first application available for Cortex called Cortex XDR.

Built to empower stock analysts, Cortex XDR enables teams to stop sophisticated attacks and adapt their defenses to prevent future threats. Cortex XDR goes far beyond traditional EDR than only works on endpoint data.

It breaks down the silos created by legacy technologies to offer the first ever detection, investigation and response product that natively integrates network, endpoint and cloud data. It reduces the signal and noise ratio that is being plagued in security analyst.

It accurately uncovers threats using machine learning, simplifies investigations automation and stops attacks before damage is done to drive integration with existing and portion points. Cortex XDR is being launched in conjunction with Trap 6.0, our new endpoint product that I mentioned before.

Now Traps is enhanced is even better endpoint protection, using its behavioral threat protection engine, it stops advanced threats in real time by stitching together a chain of events to spot malicious activity.

When combined with Cortex XDR, customers can use Traps to extend their prevention capabilities, to include detection and response across the entire digital infrastructure from a single agent.

The more powerful Traps product, acts as the ultimate data collection center for Cortex as well as, collecting the most comprehensive data in this, in the industry.

We're confident in the uniqueness of our approach, so to make sure our customers can take full advantage of Cortex XDR, we have decided today to include endpoint protection free of charge when they purchase Cortex XDR. Yes, we're declaring our new developed advanced Traps 6.0 product as free, if purchased with Cortex XDR.

We believe that for true comprehensive investigational advanced attacks, the data is critical. Customers can now deploy one single endpoint agent that prevents, detects and responds to attacks across an entire digital infrastructure.

And to help us roll out Cortex XDR, we're also announcing partnerships with five managed security service partners, partners who will deliver 24x7 threat monitoring detection and response services to our customers. We are excited about these partnerships with Pricewaterhouse, Critical Start, ON2IT, BDO and Trustwave.

They will provide important service to our customers and demonstrate industry confidence in our Cortex platform. These are all exciting changes and I cannot thank our product team enough for stepping up to the challenge of integration and speed in solving our customers' problems. Lastly, I would like to provide more color on Demisto.

Last week we announced the proposed acquisition of Demisto. Demisto is a leader in the evolving space called SOAR.

We believe that Demisto's multivendor orchestration capabilities, and unique analytics and playbooks will help our customers further automate significant parts of their security operation and allow them to turn their attention to solving unique and complex threats.

Demisto, already partner of Cortex, now will integrate even more tightly into our plans for AI and ML on Cortex. Demisto has an ambitious plan for 2019, with billings projections of approximately $50 million to $55 million.

To facilitate and support achievement of this plan, we will have Demisto operate as a separate speedboat under the leadership of Slavik Markovitch, their CEO, leveraging the broader Palo Alto Networks distribution engine. At the same time, Slavik will work closely with Lee Klarich and me to facilitate the next step for customer solutions.

As I mentioned on the call we had last week, with the addition of Demisto, we now have made a couple of acquisitions over the last six months. While we continue to evaluate companies, my primary focus is on making sure these acquisitions are successful, and we are delighted with both customer reaction in our initial results.

In closing, as we approach RSA next week, we know there'll be a robust debate about whether the endpoint of the firewall is a center of security. In our mind, this debate is looking at security through too narrow a lens. We believe the future of security is about data.

It's about data, it's about machine learning from that data and orchestrating and automating responses. And for customers who are struggling to manage too many disconnected security point products, we believe that our platform pros to security, with high levels of integration, analytics and automation is the answer for the future of security.

We believe Cortex is the future. And with that, I'll turn the call over to Kathy..

Thank you, Nikesh. Before I start, I'd like to note that except for revenue and billings figures, all financial figures are non-GAAP and growth rates are compared to the prior year period unless stated otherwise. All current and prior period financials discussed are reflected under ASC 606 as we adopted the new standard as of August 1, 2018.

In the second quarter, we once again added new customers at a rapid pace while also driving robust expansion business. Our top 25 customers, all of which made a purchase in Q2, spent a minimum of $35.6 million in lifetime value, a 39% increase compared to the same period last year. In the second quarter, total revenue grew 30% to $711.2 million.

By geography, Q2 revenue grew 27% in the Americas, 38% in EMEA, 35% in APAC. Q2 product revenue of $271.6 million grew 33% compared to the prior year. Q2 SaaS-based subscription revenue of $249.7 million increased 36%. Support revenue of $189.9 million increased 21%.

In total, subscription and support revenue of $439.6 million increased 29% and accounted for 62% of total revenue. Our nonattached offerings continued to show strong momentum and we exited the second quarter with run rate billings of approximately $383 million, growing approximately 60% year-over-year.

Q2 total billings of $852.5 million increased 27% year-over-year. The dollar-weighted contract duration for new subscription and support billings in the quarter was approximately three years. For the first half of fiscal 2019, billings of $1.6 billion increased 27% year-over-year.

Product billings were $514.9 million, up 33% and accounted for 32% of total billings. Subscription billings were $646.7 million, up 30%. Support billings were $449.4 million, up 17%. Total deferred revenue at the end of Q2 was $2.5 billion, an increase of 32%. Q2 gross margin was 76.3%, an increase of 30 basis points compared to last year.

Q2 operating expenses were $367.5 million or 51.7% of revenue, which represents a 220 basis point improvement year-over-year. Operating margin was 24.6%, an increase of 250 basis points. We ended the second quarter with 5,856 employees. Non-GAAP net income for the second quarter grew 49% to $147 million or $1.51 per diluted share.

Our non-GAAP effective tax rate for Q2 was 22%. On a GAAP basis for the second quarter, net loss declined by 90% to $2.6 million or $0.03 per basic and diluted share. Turning to cash flows and balance sheet items. We finished January with cash, cash equivalents and investments of $3.6 billion.

During the quarter, we completed our $1 billion share repurchase program, which was effective through December 31, 2018. We repurchased approximately 1.9 million shares of common stock at an average price of approximately $178 per share. On February 22, our Board of Directors approved a new $1 billion share repurchase program.

The new repurchase authorization will expire on December 31, 2020. Turning to cash flow. Q2 cash flow from operations of $275.4 million increased 13%. Free cash flow for the quarter was $251.9 million. This figure was impacted by approximately $15 million of imputed interest expense associated with redemption of a 2019 convertible debt.

Adjusting for this and other cash charges, free cash flow in the quarter was $271.4 million, up 21% at a margin of 38.2%. Capital expenditures during the quarter were $23.5 million. DSO was 50 days, a decline of nine days from the prior year period. Turning now to guidance and modeling points.

For fiscal Q3 '19, we expect revenue to be in the range of $697 million to $707 million, an increase of 23% to 25% year-over-year. We expect non-GAAP EPS to be in the range of $1.23 to $1.25, which includes expenses related to the proposed Demisto acquisition using approximately 99 million to 101 million shares.

Before I conclude, I'd like to provide some additional modeling points. Our Q3 non-GAAP EPS guidance includes a net increase in M&A expense of approximately $5 million or $0.04 per share attributable to the proposed Demisto acquisition.

In the first 12 months following the acquisition, we expect Demisto billings of approximately $50 million to $55 million. Our EPS guidance also includes an expected $0.01 impact due to U.S. tariffs on Chinese origin goods. We expect our non-GAAP effective tax rate to remain at 22%. CapEx will be approximately $20 million to $25 million.

To help you model billings for the remainder of the year, we are comfortable with current consensus for the second half of the year. And for fiscal 2019, including acquisition-related operating expenses, we expect an adjusted free cash flow margin of approximately 36%.

This fiscal 2019 number is adjusted for one-time items consisting of the previously communicated $97 million related to the settlement of 2019 convertible debt and between $35 million to $40 million of cash flow associated with our new headquarters in Santa Clara. With that, I'd like to open the call for questions.

Operator, please poll for questions..

[Operator Instructions]. Our first question comes from Walter Pritchard, Citi..

Can you give us an update on service provider? It sounds like you're still pretty excited about that opportunity. I don't know if you're willing to express it as a percent of revenue or what not, but curious, just an update on that, and then had a product-related follow-up..

Hi Walter, thanks for your question. Look, as I'd mentioned when we launched K2, and we talked about it last quarter, we believe the treats to the 5G opportunity is a unique opportunity and the whole focus in IoT, or you have been talking to a whole bunch of telcos and service providers out there.

And there's a twinkle in their eye when we start talking about the B2B use case for 5G, where they would not have cared as much if well, I shouldn't say that for them but, they were not as focused on individual consumers and the ability to hack their phones or to provide security.

But as it comes to be B2B use cases, providing bandwidth at the edge, they are very concerned of making sure that their B2B customers have a secure tunnel going from, all the way from their devices or their cars or whatever they choose to implement or health care devices are rigged, back to the cloud.

And we believe our firewall is uniquely positioned to solve that problem for them in the K2 firewall space. So we're very happy with a lot of conversations we're having. We're beginning to start seeing requests for integrating that in some sort of testing with them.

So all I can say is, early days, but we're happy with the direction the conversations are taking..

And then, maybe for Kathy. On the endpoint side, I guess that's going to market where, you haven't really had a complete solution, arguably until now.

Should we think about seeing a pretty significant ramp in that revenue here as you go into the second half of your fiscal year, given you have the complete product, you have some of those new relationships, and so forth? Or is that maybe too ambitious and we should think about that as more of a fiscal 2020 driver?.

Well, look, we're very excited about the new Trap 6.0 and of course, Cortex XDR, which will leverage Trap 6.0, we think that is going to be a very compelling solution for our customers. And so we obviously have a lot of confidence in our ability to drive acceptance of that product in the marketplace.

In terms of what's going to drive our overall revenue performance, I'm really not going to start to get into those kinds of details. But we're very excited about Traps 6.0 and things that we, that it offers us great potential for the future..

[Operator Instructions]. Our next question comes from Karl Keirstead, Deutsche Bank..

Maybe one for Nikesh, one for Kathy. Nikesh, the product revenue growth acceleration to 33% I think was super impressive. I'm wondering if you could just comment on where you saw strength either by appliance family or vertical perhaps, maybe.

Just give a little color on if there is any particular driver of that? And then, Kathy, the question for you is really on the margin out performance. I don't think anybody was modeling a 250 basis point margin improvement. I'm assuming that something occurred in the sales and marketing line.

Maybe you could offer some color as to whether any expenses were deferred out of 2Q into 3Q, or if there's anything else unusual..

Hey Karl, thanks for the question. Look, one thing I have to say that, there's no specific driver, but a general level of activity we're seeing out of the marketplace.

As we've talked about this in the past, that every time something happens in a market where a customer gets breached or somebody gets beat, there's a heightened the sense of awareness in security.

All I can tell you is that the conversations are getting more and more up leveled in terms of preparedness for organizations for security, and we are seeing more and more security consciousness. From a vertical perspective, we've always done better where people care more about security.

Fed has been strong for us, the financial services have been strong for us, but we're seeing that peer down into other verticals. So I'd just say generally, this trends across the board, and that's probably what has driven the revenue and the product front this quarter..

Yes. And I'll just address the margin comment by saying they're very related. The strong product mix that we saw in the quarter obviously drives higher revenue yield. So that obviously is helping our margins. But in addition, we have been driving leverage in the business.

And in Q2, we saw operating expense as a percentage of revenue decline by 220 basis points, as I mentioned in my remarks. And you're right, that sales and marketing is driving that number and the leverage that we're seeing. And we've seen that for the last several quarters, good leverage in terms of sales and marketing expense overall..

Our next question comes from Fatima Boolani, UBS..

One for Nikesh and one for Kathy. Nikesh, one of the things that you've talked about and have been focusing on is packaging your cloud solutions in a better way and also taking steps to ensure the entire portfolio, which has expanded quite dramatically over the last couple of years, making sure the entire portfolio sort of better integrated.

So I wanted to understand sort of the mile markers and progress you've made on that front. And to what extent that has been influencing deal sizes, deal trends and especially that customer lifetime value metric that continues to grow apace? And then a follow-up for Kathy, if I may..

Sure, Fatima, thanks for your question.

Look, I think I'm very excited that in eight months we've been able to create real focus around the three areas I highlighted, the enterprise side and expanding your question a little bit more, on the enterprise side, as I said in our prepared remarks that I think this company had done a phenomenal job in building a firewall and putting subscriptions on top of firewalls.

So basically, once you put a firewall at customer's infrastructure, which is a hard decision because you're introducing another piece in their infrastructure, which is now delivered to you by a cybersecurity vendor.

It's incumbent upon us to provide more and more solutions so the customers that can be triggered off the firewall, and I think the product, it really rallied in the last eight months, and we've built our first nonattached - sorry, attached subscription after 2011 in our DNS security service.

And the team is really charged about building more capability to our firewall, we have 60,000 customers of firewalls.

So the ability to take that to our customers and say look, you don't need another appliance in your infrastructure, you don't need another solution, it all works off of Palo Alto Networks' pane, management pane and you - can give you a way - we give you more and more capability from the firewall that you deploy, and that's kind of, to me it's very exciting.

So that's a point of integration and a mile marker like you called it, for integration for us on the enterprise side.

On the cloud side, we're slowly and steadily working towards better integration, we're excited about our RedLock progress, we're excited of our GPCS progress as I highlighted, these are big wins for us and the team is getting more and more excited, we're deploying more people across the sort of regions, to make sure we have the capability and the ability to go compete with the people out there offering these solutions.

You can expect us to provide more proof points of our integration in further quarters. We don't have anything to announce in the cloud side yet, and I think we just announced Cortex this morning, I think the marketing team has done a phenomenal job, the product team's done a phenomenal job in deploying Application Framework 2.0.

It was a half last quarter, what will be the proof point of us being able to show true integration across multiple data points, and Cortex XDR is that. It is the only service in the industry, which you have a planned endpoint, cloud and network data as a point of integration.

So we believe we are making tremendous progress towards our aspiration to acquire more integrated services, and you can expect us to do more and more of that..

Kathy, may be a question for you on the gross margin. Certainly a little better than we were looking for. Just wanted to understand how you've been navigating some of the supply chain constraints as a consequence of the tariff.

And how much longer should we expect that headwind to persist? And at the same time, as the cloud solution build-out and you probably have greater scale, how should we think about impacting - how we should think about those investment impacting gross margins as well? And that's it for me..

Yes, sure.

So in terms of our gross margin improvement during the quarter, yes, we've said that with the new products that we introduced now, almost two years ago, we've made a concerted effort to ensure that we're able to improve the margins on those products over time, and we've definitely been able to do that, and so we've seen some improvement in their product gross margins over time.

We also have seen some improvement in terms of just memory pricing, which we talked about, memory pricing seems to be stabilizing now. We do still have some issues in terms of more commoditized parts being more expensive than they have been in the past. But overall, we've indicated an impact of $0.01 to $0.02 in this quarter due to the tariff.

So it's kind of a mixed bag. We're seeing some improvements and we're also, we also have some negative influences. Overall, we did see an increase of about 30 basis points year-over-year, which obviously we're very pleased about, given the current environment.

In terms of cloud investments and where we see that going, obviously the, you've also seen some declines in our services margin, as we have been investing in those businesses. We think that there's a lot of potential for us to build really big, nicely sized businesses in the cloud and there's a great opportunity for us.

So we're definitely investing in those areas in order to ensure that we can capture the market opportunity..

The next question comes from John DiFucci, Jefferies..

My first question is actually for Lee. So Lee, I think you mentioned, or it might have been Nikesh on the last call that the new telco class appliance you're coming out with, I assume that's the PA-7000.

Just, I guess if you could just let us know that's right, or is that replacing other products? And I guess if it is, then another one is, should we expect further launches to address this market, a market you really haven't been in very much in the past?.

Yes, good question. So let me just start by clarifying. The PA-7000 series and specifically the new modules that were introduced and launched as part of the 9.0 release earlier this month, that is the basis for the K2 series.

But the K2 series is an optimized hardware platform targeted for service providers and specifically the mobile networks as we see those transitioning from 4G to 5G. And then with 5G, the advent of much broader IoT and in particular, high-value and sensitive IoT devices coming onto those that need security.

So they're related but they are different offerings. Relative to service provider overall, we have been in this space and in this market, selling to service providers. We have seen success across different parts of the portfolio.

The K2 series though is the first time we've designed and built a product specifically for that market, to really go capture the specialized opportunity that exists there..

And we're still waiting on the K2 series, is it correct, or....

No. The K2 series is now available as of earlier this month..

Okay, perfect. And Kathy, just a clarification. I mean the results are strong across the board, all revenue categories, but especially in the product area. So I just want to make sure we understand it correctly.

I mean, is all the detached subscription something, I think both you and Nikesh talked about in your prepared remarks, is all of that in the subscription line? Or is there any of that in the license line due to ASC 606 in the way on-premise subscription's treated under that standard?.

Yes. A portion of the VM series, which we talked about and when we talked at the beginning of Q1, regarding ASC 606, the portion of our VM series is recognized upfront in that category..

Okay.

And so it's in that line item in the, on the income statement, in the license line?.

That's correct. That's correct..

Okay, and was there any shift, like is there a continuing shift to more subscription, or more on, what would be that kind of revenue, on-premise subscription where you'd have more on the license line?.

No, no. I mean, In terms of what's driving the growth there, that's really not a driver of the growth, not a significant driver of the growth in any respect. It's obviously, we've made the adjustment, both in this year's recognition of VM series and last year's recognition of VM series.

And while we're seeing growth there, obviously, it's not as big a portion of our business as the rest of our product revenues are. And so the real impact is what we're seeing in terms of the rest of the product category..

[Operator Instructions]. Our next question comes from Gur Talpaz, Stifel..

Congrats on the results. A few product-centric questions here.

One, how should we think about the efforts around XDR and Cortex, in conjunction with your vision for Demisto and the app framework? And ultimately speaking, how intertwined are these initiatives?.

Let me give you an overview and then perhaps Lee can jump in with the real answers. Look, for us, Cortex is a big deal. We spent a lot of time in making sure we get the underlying platform right.

We think by deploying it on the public cloud and using the features that become, where we can handle massive amounts of data and being able to leverage the, needing the eye tools, and that is very useful.

I think XDR is very critical, I think XDR is a service, which there is a whole bunch of start-ups out there, trying to provide that kind of service.

I think it's different when we deploy that service where you can leverage the data you collect from Palo Alto to firewalls, and from Traps and from our cloud security sensors, where you actually, there are many customers who deployed all 3 from us.

So we have the option to go to them, as silica rehabs, and here a real tool that can help you near solve, deal with a whole bunch of stuff that will not be - that was not available in the past.

I think Demisto was something that, I think you and I even talked about this, and we didn't talk much about it, because I wasn't going to talk to you about it until we'd figured out we want it.

But I think when we went out to our customers, the customer's big challenge is I've got so many cybersecurity solutions, I'm getting 3x to 10x more alerts others than I was getting 2 to 5 years ago, and I'm going to have to hire more and more analysts to figure out how to solve the alert. So this cannot be a punitive damage.

The more secure I want to feel, the more products I need to deploy, the more people I want to hire to solve the alerts that you guys send me.

So we realized that there is a crescendo where people are saying, I need more help solving this alert, then going on generating, that I think Demisto fits squarely in that sore spot in the industry, no pun intended.

And part of the opportunity we have is to be able to take that and leverage that across the entire Application Framework where you can leverage that across data from not just Palo Alto Networks, but other vendors and Demisto's already mastered that art..

Yes, and just to piggyback on top of what Nikesh said.

I think one of the ways to think about this is, we do want to actually encourage customers to have more alerts, like more data is always a good thing, but only if for the majority of that, we can automatically deal with that, and that is where Demisto will fit in, is that, that automated playbooks and analytics to deal with sort of the large volume of alerts coming in.

And then XDR provides that ability to stitch together data from different sources, really understand it and proactively present it to the soft analyst for the more sophisticated attacks, where you actually need an analyst to spend some time understanding it, investigating it and initiating responses.

So they do work very sort of hand-in-hand in terms of how a soft analyst will think of the capabilities..

Yes, that's actually really helpful. And then Nikesh, you talked about a strong customer response for Demisto. But I want to know if you've had a chance to talk with any integrated vendors yet.

And if you've gotten any response yet from those that have worked directly with Demisto in the past and how they sort of viewed the integration and acquisition going forward?.

We have had an opportunity. I think it's fair to understand that the biggest role in this process belongs to the customer, because Demisto is deployed in a customer's infrastructure with their explicit permission, to be able to access the data from the customer and remediate it back into their infrastructure.

And they built the product on the back of open connectors that are available from every vendor out there. So there's no proprietary connectivity that Demisto leverages, that is going to change by the acquisition, if that's where your question is headed.

In addition, Demisto will also have access a lot of Palo Alto data, which is just impossible for us to deploy anywhere else but in Cortex..

Your next question comes from Gabriella Borges, Goldman Sachs..

Nikesh, I was hoping you could expand a little bit on the monetization opportunities around XDR. We've talked about monetization with the Application Framework more broadly, maybe just specifically on XDR. And the decision to include Traps within the broader bundle, just some puts and takes on how you thought about that..

Sure, thank you. Look, again, I'm going to give you a little overview and Lee will jump in, hopefully. From an XDR perspective, I think in our thesis, going into it was the thesis of integration, and that is something the company had already been working on for a while with the acquisitions of [indiscernible].

Maybe figured out how to take all this data and provide it consistently in one way as opposed to deploying more and more tools against the infrastructure. So XDR for us is very, very important because it is actually the first critical application from our end which integrates data from all the three sensors that I mentioned.

So it's very important as we get into the soft business. And also, part of the observation we've had is that as more and more sophisticated tools get developed, it becomes impossible for customers to train their soft analysts across multiple tools.

So if you notice, I mentioned this, but we want to highlight is that, we've actually partnered with five partners who are going to help us manage this, as it gets deployed in the soft, because we believe, the true leverage is from being able to fully utilize the product across all the data that we've collected, or will be collecting for XDR.

In terms of the Traps decision, I think, if you look at the endpoint industry, and I stated it hard over the last eight months, there's a lot of vendors and there's a lot of vendors who used to do a certain set of features as new vendors do in turn have new features.

And we've sat and thought about how we could make sure that Traps, over time, becomes the ubiquitous endpoint agent in the market. And we realized that endpoint production, in its most advanced form, should become table stakes, every customer should have it.

But the endpoint agent has, in my mind, at least two major features, one is to provide protection at the endpoint, but more - as importantly, is to provide data to be able to go back into a cloud sort of cloud database, if you will, which allows them both to leverage it across other security solutions, but also be able to set behavior and turn data back to the endpoint.

So we thought bundling Traps and XDR would be the right outcome. And because we want ubiquity on Traps, we want to make sure that's available free to our customers, they can deploy it.

And as you probably know, customers have multiple endpoint agents running in their infrastructure, they're not required to replace anything, this is just a free product that they can deploy, which leverages - which allows us to leverage XDR more effectively for that customer.

Lee thinks I've - he has coached me well, and he's giving me a thumbs up, which means he doesn't add anything..

The follow-up is for Lee. I think he might know the answer to this.

When you look at you customer base on next-gen's firewall, do you have a sense for to what extent your customers have standardized on Palo Alto deployment for the firewall, versus maybe you're still dual sourcing, or have multiple firewall vendors? Then, can some of the new policy rules in the features that you have in 9.0 help with that standardization effort?.

Yes, great question. The high level answer is obviously going to be, it depends. It depends on a number of things such as how large the customer is when they initially become a customer of Palo Alto Networks and where they are in that journey.

We see, certainly a lot of our customers, they often will initially purchase for a particular project, deploy, gain success out of that and then use that success to leverage across other parts of their infrastructure over time.

Obviously, we try to accelerate that in capabilities like the policy optimizer, actually allow us to help accelerate that, by moving them more quickly into the kind of security policies we think and they think are better, both from a security perspective as well as an ease-of-operation perspective.

The second aspect to that is, the more they are able to see the value and consume the value of additional subscription service on top of that, whether that's fire prevention subscription, WildFire, and the URL filtering, GlobalProtect or now with 9.0, the DNS security service, the more value they see out of using us as their primary firewall in their infrastructure, which also then often drives broader consumption and usage.

And so it is a journey, but what we see both in terms of utilization as well as footprint does continue to expand..

Our next question comes from Sterling Auty, JPMorgan..

I'm curious how you guys think about the need for product growth moving forward within the overall growth of total revenue. You started as a razor and razorblade model, now you have a substantial amount of nonattached subscription.

So how fast does product have to grow moving forward for you to deliver on your growth goals?.

That's a good question. I think, look, we like more and more customers to deploy our firewalls there. So in that perspective, yes, we'd like to see product growth.

But we want to see both depth and breadth, and that's why we embarked on a rejuvenation on our subscription services, because we believe that a firewall can offer multiple subscriptions to our customers.

And yes, we found good success and uptake every time we've deployed new subscription, we just want to increase the intensity of those subscriptions because today, there are still many point products that are being deployed in the infrastructure.

So we see the firewall not just as, as I said, like as a, as an in-line firewall that protects you, but we also see that as a platform to be able to deploy more and more services where the customers don't need to plug more things, so. For our growth plan, it's important for us to get both depth and breadth on the product side..

Makes sense. And I have one follow-up. On Demisto, you gave us a sense of the aspirations on the billings front.

But how does the contract structure look and how does - how do we think about the billings flowing into revenue?.

Kathy, did you want to not answer that?.

Well, Demisto operates with a ratable model, for the most part. And so we would expect a ratable revenue model with the Demisto acquisition.

Does that answer your question, Sterling?.

Well, sort of. So in other words, we should expect the revenue contribution initially to be small but for it to layer in.

So in that four quarter look, the second half should be substantially bigger than the first half? Or is that the wrong way to look at it?.

Well, I think you're on the right track, that revenue does lag in terms of - the revenue does lag bookings in a ratable revenue model. So you've got that correct..

Our next question comes from Keith Wise, Morgan Stanley..

This is Hamza Fodderwala, in for Keith Wise. Just a couple of quick questions from my end. Looking at the fiscal Q3 guidance and it implies a slight sequential down tick in revenue versus Q2, which is unlike what we've seen in the past.

So to what extent is that caution related to the macro environment, whether it be tariffs or spillover effects from the federal government shutdown or just typical conservatism in your forward guidance?.

Yes. Look, I wouldn't read any sort of macro comment into our guidance. We're guiding a very respectable 23% to 25% year-over-year revenue growth range on a pretty tough compare last year. So we feel very comfortable with where we are in terms of our guidance..

Got it. And just a follow-up question on the free cash flow margin. You mentioned a 36% of free cash flow margin roughly for the full year.

Does that include the onetime payments or does that - does that exclude that?.

So the 36% full year free cash flow margin that we guided to includes the adjustments, that's an adjusted free cash margin..

Our next question comes from Shaul Eyal, Oppenheimer and Company..

Nikesh or Kathy, I think this quarter has shown the strongest level of growth in EMEA, I think at around 38% year-over-year. What's driving this ongoing improvement? Is that the work you've been doing with the biggest distributors? Is that demand trends? Help us understand..

I think generally speaking, that, as Palo Alto Networks as a company has grown and we've expanded globally, we spend a lot more time making sure we have robust teams in every country in Europe. We have very strong leadership there.

I think it's just, in my mind, it's really getting out there in front of customers and presenting our solutions and penetrating the market. So it's just good execution on the part of our EMEA team and all I can say is, from prior experience, a U.S.-based company, is very focused in the U.S.

where it starts over time, and tries expanding globally, and we have a lot more room, we think in our international markets, and we're going to be continuing to focus on execution, not just in the U.S. but in EMEA as we've shown, and various parts of Asia Pacific and Latin America..

That's fair enough. And a follow-up, if I may. Linearity trends, if I'm looking at the past few quarters, I think you'd be slightly improving out of the back-end loaded as prior ones. Just looking for some color if possible on that specific point..

Yes. Our linearity is, in terms of when our bookings come in, as - remains fairly consistent over time. We do see, depending on the quarter, for example, in the quarter just ended, December obviously is a year-end month. And so we see different linearity in that quarter than we do another quarters, but that's been very consistent over time.

So yes, I wouldn't really call out anything particularly new or different there..

Our next question comes from Philip Winslow, Wells Fargo..

On the site with the launch this morning, you said you had 60,000 enterprise customers. And if I just look at that versus the end of the year, it's up about, call it 6,000, which is actually ahead of where you were through the first half of fiscal '18. So obviously you're going to add net new customers at a very healthy pace.

When you start to think about sort of forward guidance, so like, even just medium-term planning, how are you thinking about sort of just prioritization of go-to-market between upsell, obviously, what is it, growing product portfolio in an existing install base versus continuing to land new customers..

Well, I think part of the challenge given to this sales team is, we've got to be able to walk and chew gum at the same time. So we'll have to - a bit of both. I think to be able to sustain the growth aspirations we have, you have to go out and expand in our existing base.

We also have to be able to land new customers, because we have a lot of new products that we're trying to deploy, which will be deployed both in our existing customers and newer customers. So maybe more receptive to our new products, which we are deploying in the cloud space, in the Cortex space. So we really are trying to focus on both ends.

The opportunity to go to existing customers and sell them new, existing product, new products is, of course, is great because they already have experienced our products, have deployed them and have the training and the experience on the products, but we're challenging our teams to try and do a bit of both..

Got it. And just to follow-up on that, in terms of just obviously the healthy net new customer adds. Any changes that you're seeing in those deals in terms of just win rates versus the competition, your pricing in those deals, et cetera, just any sort of color on that would be great..

Our win rates haven't changed substantially over the last 12 months or last eight months at least, since I've been here. I think it's been pretty consistent across the board. We are seeing better traction obviously in some of our newer products, which we haven't seen in the past, hence the growth rates sustaining lower 60%, as Kathy mentioned.

So we are seeing traction there, we are seeing our teams beginning to form around it. So we have expect - high expectations from the teams in that area. But generally across from a landscape perspective, one of you highlighted the success we're seeing more in EMEA. So clearly, that's more of a penetration strategy.

So I think it's just steady execution across all fronts and wherever we feel that we need to go in step in and create more effort, we do by constantly inspecting our processes..

Our last question comes from Ken Talanian, Evercore..

Are you seeing most customers make enterprise-wide purchases, GlobalProtect cloud? Or most of the deals thus far more representative of a land-and-expand opportunity?.

Look, there are customers who already have policy network firewalls deployed and they're used to our panorama management pane, so they understand how to set up policies, how to make them work, and then GlobalProtect cloud's become an extension of their security posture.

But we've also seen, as I highlighted the two wins we have had, we've also seen situations where we walked in, and a customer has deployed GlobalProtect cloud service because they believe it's a more secure product than the other product, which is competitor, which I cannot name, I forget..

Okay.

And last question, have you made or do you plan to make any changes this year to sales force compensation or the compensation terms?.

We're constantly adapting our sales force's compensation to make sure it meets the objectives we set for ourselves. In the quarter, we also take feedback based on where our expectations were different from what has transpired in the market.

But there's nothing substantive that we have changed or we plan to change during the course of our year, because so far, it seems to be working. As there are no more questions, I just want to thank all of you for attending our call. I also want to shout out, give a big shout out to the team at the company, they've done a phenomenal job.

So thank you very much, and I look forward to meeting with many of you in the upcoming weeks and some of you at the Morgan Stanley conference. Thank you..

Thank you, ladies and gentlemen. This concludes today's conference, you may now disconnect..