Palo Alto Networks, Inc. (PANW) Q4 2018 Earnings Conference Call Transcript

Palo Alto Networks, Inc. (PANW 4.19%)
Q4 2018 Earnings Conference Call
September 6, 2018, 4:30 p.m. ET

Contents:

• Prepared Remarks
• Questions and Answers
• Call Participants

Prepared Remarks:

Operator

Good day, everyone and welcome to the Palo Alto Networks fiscal fourth quarter and fiscal year 2018 earnings conference call. Today's conference is being recorded. At this time, I would like to turn the conference over to Ms. Amber Ossman, Director of Investor Relations. Please go ahead.

Amber Ossman -- Director of Investor Relations

Good afternoon and thank you for joining us on today's conference call to discuss Palo Alto Networks' fiscal fourth quarter and fiscal year 2018 financial results. This call is being broadcast live over the web and can be accessed on the investors section of our website at investors.paloaltonetworks.com. With me on today's call are Nikesh Arora, our Chairman and Chief Executive Officer; Kathy Bonanno, our Chief Financial Officer; Mark Anderson, our President; and Lee Clarich, our Chief Product Officer.

This afternoon we issued a press release announcing our results for the fiscal fourth quarter ended July 31, 2018. If you would like a copy of the release, you can access it online on our website.

We would like to remind you that during the course of this conference call, management will make forward-looking statements, including statements regarding our financial guidance and modeling points for the fiscal first quarter 2019, our competitive position, and the demand and market opportunity for our products and subscriptions, benefits, and timing of new products, and subscription offerings.

These forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. These forward-looking statements apply as of today and you should not rely on them as representing our views in the future. We undertake no obligation to update these statements after this call. For a more detailed description of factors that could cause actual results to differ, please refer to our quarterly report on Form 10-Q filed with the SEC on June 5, 2018, and our earnings release posted a few minutes ago on our website and filed with the SEC on Form 8-K.

Also, please note that certain financial measures we use on this call are expressed on a non-GAAP basis and have been adjusted to exclude certain charges. For historical periods, we provided reconciliations of these non-GAAP financial measures to GAAP financial measures in the supplemental financial information that can be found in the investors section of our website, located at investors.paloaltonetworks.com.

Finally, once we have completed our formal remarks, we will be posting them to our investor relations website under quarterly results. And with that, I'll turn the call over to Nikesh.

Nikesh Arora -- Chairman and Chief Executive Officer

Thank you, Amber. And thank you, everyone, for joining us this afternoon for our fiscal fourth quarter and fiscal year 2018 results. I spent the last 90 days talking to over a hundred people in the industry, experts, customers, partners, and our peers. It's been a lot of fun learning and drinking from the cybersecurity firehose. I've also spent some time reading what all of you've been wondering about and I realize you're all very curious to understand what the future holds for Palo Alto Networks and how we're likely to perform under new leadership.

Before Kathy takes us through our strong Q4 results, which I think are a testament to the company's great marketing opportunity and execution, I want to share 5 key observations and messages with you to give you a little more insight into what to expect from me going forward.

First, I think the security market is large and continues to grow. Security market size estimates are close to about $100 billion in 2018 and expected to grow at a CAGR of about 9% over the next 5 years. Despite being the leader in cybersecurity, we're still a small percentage of the market and we have aspirations to be larger. Continued spending on cybersecurity is being driven by a few notable technology trends. One, consumers and employees are walking around with very powerful computing devices which are constantly connected, using increasing bandwidth. This is forcing a large-scale upgrade in IT infrastructure globally.

Two, the transition to the cloud is gathering steam. Every customer I've talked to is working on a version of a cloud strategy and migrating either some or all of their business to SaaS and PaaS. Three, there's a broad understanding of the value of data and the need for good, usable data as a basis for applying AI and machine learning in the future. The increased complexity of managing these changing IT environments is creating significant challenges for enterprise security practitioners.

We believe that the benefits organizations seek as they make these transitions cannot be fully realized unless security solutions transform with them. Digital transformation requires security transformation, which gives me a lot of confidence in the continued growth of security spending.

This leads me to my second observation, and that is with the need for security transformation so apparent, we are well positioned to continue to succeed as Palo Alto Networks. Our ascent lies in our platform of social security, which emphasizes best-in-class security with automation and integration to simplify security management.

The company started with network security where the next-generation firewall changed the industry. Network security remains extremely important to enterprises and we continue to innovate and take share in this space. In the past 15 months, we have released updated versions of almost every next-generation firewall we offer and have delivered new models which allow us to sell additional use cases to our customers. Our cloud-delivered subscriptions are natively integrated into our firewalls and offer best-in-class network security protection, as well as eliminates the need for our customers to deploy multiple-point product solutions.

As digital transformation accelerated and as mobility and cloud computing have grown, our innovation has kept pace. We're also doing well in the nascent cloud security space. This is one area where I personally feel we could do a lot better. Our customers are facing new challenges and as we see the market embrace hybrid cloud and multi-cloud strategies, customers are asking for solutions that can integrate with their existing infrastructure. With over 54,000 customers worldwide, we have ring-side seats to understand the challenges of both traditional network security, as well as the evolving needs of our customers in the cloud security space. Today, with over 6,000 customers using our VMCs Aperture evident in GlobalProtect Cloud Service offerings, we have made great inroads into cloud security.

In the endpoint market, which is extremely competitive and also in transition, I believe we are on the right path for Traps and Secdo. With Traps, we now serve over 3,000 customers and protect over 5 million endpoints. With our recent acquisition of Secdo, we will add important EDR capabilities, which will enable us to compete even more aggressively.

My third observation is that I believe that our bet on the application framework is the right one and I'm pleased to report that it's progressing well. Coming from the outside, I had no bias one way or the other. After spending a good deal of time talking with customers about the application framework, three things came across loud and clear. One, customers are looking for greater integration. They continue to be concerned with the fragmentation of solutions in the market. As new attack vectors are exploited by cyber criminals, the response from many has been to add more point products and solutions. The results, however, have been challenging from a management and quality perspective and management of the overall security environment has become too cumbersome to be effective.

Two, customers are looking for simplification in deployment. With a multitude of users and endpoints and a sprawling infrastructure to manage, customers are concerned with the time to deploy security solutions across their enterprise. The longer it takes to deploy, the more exposed they feel. Three, the bad actors are more and more on the cutting edge of technology. Customers are concerned with their level of sophistication, both in their use of large-scale computing resources and approach to data.

The application framework is an attempt to resolve all of these and prepare for a world which is data rich. The application framework will provide simple yet flexible integration, fast speed of deployment, and innovative security applications offering big data analytics and machine learning to stay ahead of the bad guys and solve the most challenging cybersecurity threats. In August, the application framework became generally available to third-party apps and we expect the first of those applications to be offered to customers in the near future.

In R&D, the teams led by Lee Clarich, who is on the call, are attacking all of these challenges for our customers with tremendous innovation. Lee's organization now includes more focused leadership across each of our product areas. The goal of this change is to launch product speedboats to help us innovate fast.

I'm also delighted to say that Nir Zuk and Rajiv, our co-founders, have both reengaged and are in entrepreneurial mode, helping to accelerate our development engine and ensure we stay ahead of the evolving threat landscape.

On to my fourth observation. I recently read a number of analyst notes and I understand that my attitude toward M&A is a topic of interest. Well, we all know we have cash in our balance sheet, which in the tech sector seems to be the norm. We don't intend to spend it in a non-judicious manner. Not only as a shareholder, but also as an investor, my interests are very aligned with yours to create long-term shareholders value. I understand that we cannot create value either by expensive acquisitions or without bringing significant value and execution to any acquisition we make. Any activities in this area are going to be guided by our aspirations to solve our customers' problems and bring value to our customers and shareholders.

Which leads me to my fifth and final message I would like to leave you with today. That is that I intend to run the business for the long-term. Being a student of Warren Buffett, I'm going to be focused on generating long-term value, balancing investment in the business, which will allow us to grow and succeed with a need to provide returns to our shareholders.

While I appreciate the value of guidance for our analysts and investors, I'm all about creating long-term value for our shareholders and not just managing for the next 6 to 9 months. Therefore, you will notice a shift in our reports this year, as we provide guidance for only one quarter. But rest assured, I'm here for one reason and one reason only. That is to build the best cybersecurity company in the world.

In summary, I'm delighted to be here and believe that we have a significant opportunity ahead of us, as long as we continue to grow fast, innovate, and most importantly, provide industry-leading security for our customers around the globe. With that, I'll turn the call over to Kathy.

Kathy Bonanno -- Chief Financial Officer

Thank you, Nikesh. Before I start, I'd like to note that except for revenue and billing, all financial figures are non-GAAP, and growth rates are compared to the prior year period unless stated otherwise. As Nikesh indicated, we had a strong finish to our fiscal year. We continued to see healthy security spending and strong demand across our platform. With the addition of over 3,000 new customers during the quarter, we are privileged to now serve over 54,000 customers. We also continue to increase our wallet share with existing customers. Our Top 25 customers, all of which made a purchase this quarter, spent a minimum of $31.7 million in lifetime value, a 45% increase over the $21.9 million spend in the same period a year ago.

In the fourth quarter, total revenue grew 29% to $658.1 million. For the fiscal year, we reported total revenue of $2.3 billion, a 29% increase year-over-year. By geography, Q4 revenue grew 24% in the Americas, 43% in EMEA, and 43% in APAC. Q4 product revenue of $267.6 million grew 26% compared to the prior year. Q4 SaaS-based subscription revenue of $214.5 million increased 38%. Support revenue of $176 million increased 25%. In total, subscription and support revenue of $390.5 million increased 32% year-over-year and accounted for 59% of total revenue.

Q4 total billings of $868.1 million increased 29% year-over-year. The dollar weighted contract duration for new subscription and support billings in the quarter was approximately 3 years, consistent with what we have seen in prior periods. For fiscal 2018, total billings were $2.9 billion, up 25% year-over-year. Product billings were $871.5 million, an increase of 23% year-over-year, and represented 30% of total billings. Support billings were $856.2 million, up 20% and represented 30% of total billings. And subscription billings were $1.13 billion, an increase of 31% year-over-year and represented 40% of total billings.

We continue to drive a mix shift toward greater subscription services, as we provide more of our offerings from the cloud. In addition to strong attach services revenue during the quarter, the momentum of our non-attach subscriptions continued. Our VM series, Traps, AutoFocus, Aperture, Magnifier, GlobalProtect Cloud Service, Logging Service, and Evident offerings exited the fiscal year with run rate billings of approximately $274 million, growing over 68% year-over-year.

Total deferred revenue at the end of Q4 was $2.4 billion, an increase of 44%. The recently announced acquisitions were not material for revenue and billing in the quarter. Q4 gross margin was 76.2%, a decline of 110 basis points compared to last year, due to continued pressure from new product introductions. Q4 operating expenses were $349.9 million or 53.2% of revenue, which represents a 40 basis point improvement year-over-year.

Q4 operating margin was 23%, a reduction of 70 basis points year-over-year and includes approximately $13.4 million of operating expense related to acquisitions. For the full fiscal year 2018, operating margin was 20.8%, an increase of 70 basis points year-over-year compared to FY17 operating margin of 20.1%. Included in the 70 basis point increase is approximately 140 basis points of organic operating margin expansion, which adjusts for acquisition-related revenue and expenses. We ended the fourth quarter with 5,348 employees.

Non-GAAP net income for the fourth quarter grew 46% to $125 million or $1.28 per diluted share. For the full fiscal year 2018, non-GAAP net income grew 51% year-over-year to $381.4 million or $3.99 per diluted share. On a GAAP basis for the fourth quarter, net loss declined 94% to $2.3 million or $0.02 per basic and diluted share. For the full fiscal year 2018, GAAP net loss declined 32% year-over-year to $147.9 million or $1.61 per basic and diluted share.

Turning to cash flow and balance sheet items. We finished July with cash, cash equivalents, and investments of $4 billion. This includes net cash of approximately $1.5 billion raised through the July 2018 offering of convertible senior notes due in 2023. Q4 cash flow from operations of $277.9 million increased 16%. Free cash flow was $252.5 million, up 33% at a margin of 38.4%. These numbers include approximately $12.4 million of operating cash outflow related to our recent acquisition. Capital expenditures in the quarter were $25.4 million. CSO was 57 days, a decline of 13 days from the prior year period.

Turning now to guidance and modeling points. In addition to the usual reminder that this guidance includes the type of forward-looking information that Amber referred to earlier, there are two important notes for guidance this quarter. First, we intend to revert to quarterly revenue and EPS guidance only, which was our practice prior to fiscal 2017. Second, we will adopt ASC 606 during Q1 fiscal 2019 and our guidance reflects the change in accounting rule.

In our fiscal 2018 10-K and our Q4 '18 supplemental financial information, we will provide an overview of ASC 606 adjustments associated with select financial metrics. The impact on revenue and operating income is expected to be immaterial in Q1 '19. For fiscal Q1 '19, we expect revenue to be in the range of $625 million to $635 million on an ASC 606 basis, an increase of 25% to 27% year-over-year. We expect first quarter non-GAAP EPS to be in the range of $1.04 to $1.06, also under ASC 606, using approximately 98 million to 100 million shares.

Before I conclude, I'd like to provide some additional modeling points. Our non-GAAP EPS guidance includes expense of $10 million to $15 million associated with our recent acquisitions. We expect our non-GAAP effective tax rate to remain at 22%. Capex in Q1 '19 will be approximately $35 million.

With that, I'd like to open the call for questions. Operator, please poll for questions.

Questions and Answers:

Operator

Certainly. If you would like to signal for a question at this time, please do so by pressing *1 on your telephone keypad. If you are using a speakerphone today, please ensure that your mute function has been turned off to allow your signal to reach our equipment. Our first question will come from Phil Winslow with Wells Fargo.

Philip Winslow -- Wells Fargo Securities -- Analyst

Thanks, guys and congrats on a great quarter. You saw another strong quarter in new customer additions, but you also highlighted you just continued to up-sell and just penetration inside of existing customers. So, my question is as you look forward to Q1 over the coming quarters here, how are you thinking about the balance of the new customer addition, the land there, but also kind of further gaining wallet share inside of existing customers. How do you think about this coming fiscal year versus what we saw over this last year? Thanks.

Mark Anderson -- President

Hey, Phil. It's Mark Anderson here. I think we're going to see more of the same. I think we have strong motions with partners, with sales teams around the world with a really good coverage model focusing on growing their existing customers and expanding into new customers. I think the wind has never been more behind our sails than it is right now, just in terms of our brand in the market and our reputation for driving better security outcomes. We've got I think a team that's focused on doing both of these workstreams as part of their day-to-day job.

Philip Winslow -- Wells Fargo Securities -- Analyst

Got it. And then just a follow-up for Nikesh. The app framework going live here, obviously it's just kicking off here, but what are the milestones or KPIs that you're looking at to show adoption of that? Is it customer go-lives, is it partner go-lives? How are you thinking about the milestones that you're looking at that we should keep track of too?

Nikesh Arora -- Chairman and Chief Executive Officer

Thanks for your question. I think when I've talked to customers, as I mentioned, the challenge seems to be a lot of point solutions in the industry. From my perspective, the app framework is definitely the long-term direction, both for us and for the industry. The way we're trying to think about it internally is to make sure that we get our big products to start working together much better. I expect us to start seeing more and more integration between our firewall product and endpoint products, like in the XDR world as we acquired Secdo and we're busy working hard to make these things go live together.

At the same time, obviously we want the application framework to be useful for other third parties. So, the more third-party players we can get to adopt our model, the more we can get our products to work together and the more we can provide customers the opportunity to be able to see how to look at their threats, how to look at their security posture across multiple parts of their infrastructure. To us, that is a win.

Mark Anderson -- President

And if I could just add on top of that, Nikesh, I think we both feel when we talk to customers about it, that they love the notion, they love the concept. They love the idea of being able to distill innovation into much more consumable form factors. I think more importantly, prospects that we're talking to, we talk about the application framework as a future state for them, but it gives them real strong belief that picking Palo Alto Networks as their future provider is the right way to go.

Philip Winslow -- Wells Fargo Securities -- Analyst

Great. Thanks, guys.

Mark Anderson -- President

Thank you.

Operator

Thank you. Our next question comes from Matt Hedberg with RBC Capital Markets.

Matt Hedberg -- RBC Capital Markets -- Analyst

Hey, guys. Thanks for taking my questions. Congrats on the results as well. The product refresh seems to be moving along nicely and clearly, Kathy, you called out strong growth in SaaS and emerging products. I'm curious though if you could drill down a little bit more on both pricing -- both in the core firewall and also some of the newer products that are seeing quite a big of growth as well?

Kathy Bonanno -- Chief Financial Officer

Sure. Yeah, thanks, Matt. We're definitely very excited about the opportunity that refresh presents to us. Obviously, it's an important opportunity for us and we are definitely very focused on capturing that opportunity. But as we've already discussed, most of the opportunity for us comes from attracting new customers, winning new customers, and expanding within our existing base. We've seen very consistent pricing throughout our history. Our deal size tends to remain in the sort of mid-5 figures. We're not really seeing a change to what.

What we focus primary on is expanding the lifetime value. We've seen very nice continued expansion of lifetime value over time with our customers.

Matt Hedberg -- RBC Capital Markets -- Analyst

That's great. We continue to hear good things from Traps, as you called out good growth to customer addition there. I'm curious though, now with Secdo in the fold here, how do you look at that anti-virus opportunity, you know, adding EDR capabilities? And maybe how do you think about the competitive landscape in that market? Thanks.

Lee Clarich -- Chief Product Officer

Thanks. This is Lee Clarich here. So, we're very pleased with the progress we made with Traps. We're very prevention-focused in how we approach the endpoint security market. There was a lot of opportunity there for us to take advantage of. With the acquisition of Secdo, it gave us an opportunity to expand that footprint toward EDR.

As we've looked at that and we've made progress on it, our views have, of course, expanded to thinking about not just what we can do for endpoint data, but what we can do with data collector across the entire platform. The ability to do that is, in large part, enabled by division and execution we're doing in the application framework that brings these different components together. It brings the data together in one place and enables us to build applications to take advantage of that.

Operator

Thank you. We'll move to our next caller, Pierre Ferragu with New Street Research. Please go ahead, sir.

Pierre Ferragu -- New Street Research -- Analyst

Thanks for taking my questions. Nikesh, you mentioned your objective is to become the best cybersecurity company in the world, which is very exciting. I was wondering, could you tell us about that? Like 5 years from now, what does Palo Alto Networks look like? Is that like a product company selling its own diverse security technology and appliances or more of an enabler helping other developers own their own products? Then, I'd love to hear your thoughts on what you've seen with the early development of your developer community. So, who is typically very excited about the opportunity to develop on your platform today? I'm really curious to hear whether you meet an excitement or also some sort of resistance from people who might have to choose between collaborating with your or competing with you?

Nikesh Arora -- Chairman and Chief Executive Officer

Thank you for your question. I want to remind you that this is Day 90 on the job for me. My cybersecurity knowledge is only restricted to my ability to read everything in cybersecurity and meet industry players and constantly pepper Lee, Nir, and Rajiv and the team with questions. So, having said that, that's a good question. Where do we see the company 5 years from now? It's kind of very fascinating. As I go talking to customers, they're obviously trying to protect things that they can as quickly and as easily as they can.

If you think about the bad actors, they're really trying to attack the most vulnerable part of your infrastructure, which is the easiest thing they can crack. What's important is they're getting more and more best of breed in terms of use of computing, use of data, use of technology and we need to be able to match them and do better than them in terms of our ability to understand data and be able to deploy large amounts of computing against it.

So, 5 to 10 years from now, I think this is going to become a data game and an AI game and ML game. It will be impossible for human beings to be able to protect companies and large enterprise infrastructure because the whole world is moving to the cloud and there's tons and tons of data being created every day. If you believe that, then to be able to apply good AI and ML is very important [inaudible]. Garbage in/garbage out. Put stuff in, you're more likely to get a good outcome. So, I think part of what Lee and Nir and the team have been working on is to make sure that we produce good data from the products we have.

So, a lot of the acquisitions that Palo Alto Networks has made have been very strategic in their ability to collect the right data. That allows us to create the version of the Logging Service and the application framework that we are aspiring to create. So, you can expect us to keep trying to put good data into our Logging Service, keep trying to encourage both our internal teams and partners to write applications against that Logging Service so it's no longer a point solution that endpoint solves for endpoint, and firewall solves for firewall, and cloud security solves for cloud security. It's you see a thread once anywhere, and you have the ability to figure out what to do with it across all parts of the infrastructure.

That's where we'd like to be. To be able to look at threats across any sort of ingress point into any infrastructure, any user, and be able to give you a solution that fixes that at the other end. Now, over time, you want AI and ML to do this and it's a journey to getting there from where we are. But given all the products we have in place, all the ingredients we have in place, I'm personally very excited that we have the skillset and the capability and the people and the resources to get there.

Pierre Ferragu -- New Street Research -- Analyst

Thanks, that's very clear. Thank you very much.

Operator

Thank you. Our next question will come from Jonathan Ho with William Blair. Please go ahead.

Jonathan Ho -- William Blair & Co. -- Analyst

Hi, I just wanted to I guess start with you, Nikesh. Now that you've had some time in seat as the CEO, what do you see? In particular, you mentioned that in cloud security you saw maybe some room for improvement. What do maybe see as the gaps or the opportunities, just given your time so far?

Nikesh Arora -- Chairman and Chief Executive Officer

Look, I think it's fair to say that Palo Alto Networks has grown at an amazing pace and as you grow at an amazing pace, there are things that you could've done better as you were growing. So, part of the opportunity is collectively as a management team to sit down and say look, what have we been ignoring? What can we collectively put our efforts behind? Where can we improve our execution? How do we compare with other players in the industry? What is our strategic vision? Where should we go from here? I think generally that's what me and the team have been doing for the last 90 days and the team has been very collaborative and open to rethinking certain things.

Having said that, as I mentioned, both in my due diligence before I got to Palo Alto Networks and in my last 90 days, there are no major obstacles to being able to achieve the vision that I laid out. We have a collective opportunity as management to continue to hone our execution, continue to stay focused, and as I mentioned in the prepared remarks, one of the best things we've done in the last 90 days is sit down with Lee and the product team and say look, to win in this space, we have to be a product company first, which is how we got here in the first place, so let's make sure that our product teams are aligned toward the opportunities and we are being very honest with ourselves in terms of how do we get scale and how do we win in these areas.

We've taken the steps toward streamlining our teams and getting more focused. Now, the plan is to put more work behind those arrows and be able to compete effectively in all those places. So, sort of like work as an entrepreneurial empowered team in each of our product areas to go ahead and solve the problem for our customers. At the same time, keep the integrative fabric of our aspiration to have a common set of data coming from all of our products so we can actually solve the larger problem as we get smarter about applying AI and ML to the opportunities.

Jonathan Ho -- William Blair & Co. -- Analyst

Got it. Then just as a quick follow-up, what's been the initial partner response with the application framework? Can you maybe talk a little bit about what's exciting for them and some of the integrations that you're performing with those third parties?

Nikesh Arora -- Chairman and Chief Executive Officer

I think there's two ways to look at it. I think from a customer perspective, there's a resounding sort of yes, we would love something like that. On a philosophical and principle level, where they'd like to see the data commingle and be able to work together across our product, obviously they'd like to see more data than just ours. And part of that opportunity is to understand what is good data and over time how that gets into the same place.

I think from a partner perspective, our partners, the first 30 beta partners that we have, are happy that they can get access to the data and start building their apps on top of it as opposed to, again, having to solve point by point with our products on a digitized basis. But I think this is a journey on both ends, both on the partner side and on the customer side, of getting more and more good stuff to the center. Mark, do you want to add something?

Mark Anderson -- President

Yeah. Just with regard to channel partners, Jonathan, I think the value proposition for them I think is quite compelling. I think most of them tend to focus on 4 or 5 different vendors and apply the training necessary to enable their people to be trusted advisors for those 4 or 5 different companies. We now give them the opportunity to partner with many partners. We're doing the integration work with the application framework and abstracting the complexity out of provisioning that innovation. So, it's really a compelling proposition for them. Most partners that I've talked to are busy looking at how they can build an application themselves, how they can take advantage of the application framework to deepen their ties with their customers.

Operator

Thank you. Again, everyone, that is *1 to signal for a question. At this time, additionally, please limit yourself to one question and one follow-up. We'll take our next caller, Andrew Nowinski, with Piper Jaffray. Please go ahead, sir.

Andrew Nowinski -- Piper Jaffray -- Analyst

Great, thank you and congrats on the strong quarter. As it pertains to expanding within your install base, we're hearing that enterprises are increasingly leveraging micro-segmentation in the networks, creating these separate enclaves of data. Is that one of the drivers of your new appliance growth or your product growth within your install base?

Lee Clarich -- Chief Product Officer

This notion of sort of zero-trust architecture is not a new concept. And internal segmentation and micro-segmentation, these are all use cases that have been around for actually many years and has been something that we've been very strong in for many years, as well. While the new appliances with higher performance and higher capacity certainly are a very good fir for this use case, it's part of a go-to-market motion that is not new to us and something we're very good at.

Andrew Nowinski -- Piper Jaffray -- Analyst

Okay. Then the growth of your SaaS-based revenue continues to outpace the rest of your portfolio. Should we expense the 3-year average contract duration to start coming down or are those deals also coming in at a 3-year average?

Kathy Bonanno -- Chief Financial Officer

We've seen pretty consistent contract lengths or durations, as I mentioned during my remarks. We haven't really seen any change in that to speak of. We've been adding more and more of our revenue base from subscriptions as more and more of our new offerings tend to be in subscription format. So, we're getting customers to commit to us on average for about a 3-year duration, which has been pretty consistent over time.

Nikesh Arora -- Chairman and Chief Executive Officer

Thanks, Andy.

Operator

Thank you. Our next question will come from Michael Turits with Raymond James. Please go ahead.

Michael Turits -- Raymond James -- Analyst

Good evening. Two questions, both somewhat at high level and I think both for Lee and Nikesh. First, both of you guys alluded to doing more with data and specifically around the application framework and the Logging Service. Does this shift what kind of native apps you might build around the app framework and Logging Service? Does it move you more toward SIM or what other types of applications might we be aiming?

Lee Clarich -- Chief Product Officer

Hi, Michael. The first application for the application framework actually was Magnifier, which does user behavior analytics and that's a very telling example of the kinds of applications that we can build with the right data brought to the right place in a centralized fashion. It's basically a way of applying machine learning to a very challenging security capability that in the past often was very difficult to use because it was heavily people-oriented. Shifting that toward machine learning and automation is the kind of example for the applications that we're going to be focused on.

Now, when you do bring data to a central location, there's obviously a whole bunch of other options that present themselves, whether it has to do with threat intelligence, analytics, data visualization, automation, etc. Some of those will be things that we will take on ourselves and a lot of those will be things that third parties are able to build applications for.

Michael Turits -- Raymond James -- Analyst

And my follow-up question has to do with the cloud and the lots of different ways to approach cloud. One is what you put in the cloud and then what you deliver from the cloud. So, it's that latter that I'm interested in. Nikesh and Lee, do you think that there is a need to do more on the GlobalProtect direction of actually delivering from the cloud? Because that's an area where you've had less of a presence.

Nikesh Arora -- Chairman and Chief Executive Officer

I'll give you my learnings of 90 days and Lee can jump in with more. I think the whole cloud space is a huge opportunity and I think it's still early because people are just beginning to move their workloads en masse to the cloud and trying to understand what their internal operating infrastructure looks like. As that becomes more robust, they're going to understand the need for having the same features and tools that they've had as their traditional infrastructure and I think there are a lot of tools which need to be created which don't exist and which are not going to come from your native cloud providers.

So, they're going to be looking for third parties like us or others to provide those capabilities. That's why I said there's an area we can do a lot better in. So, we are focusing our speedboats toward that area and you will hear more from us in upcoming quarters about progress in those areas. But clearly, as you identified, GlobalProtect is, we believe, a unique product which has a lot of use cases and there are opportunities and challenges to be able to hone each of those use cases and really grow aggressively in those categories and individual use cases to try and make sure customers understand the benefit and value of that product. Lee, did you want to add?

Lee Clarich -- Chief Product Officer

If you think about what it takes to properly secure an enterprise and particularly mobile users, remote networks, branch offices, etc., our view and philosophy is you need to secure all applications, all traffic, all locations, all users with very consistent and sophisticated security capabilities. We think we're very uniquely positioned with GlobalProtect and go over to cloud service to be able to do that.

Operator

Thank you. Our next question will come from Fatima Boolani with UBS. Please go ahead.

Fatima Boolani -- UBS Securities -- Analyst

Good afternoon. Thank you for taking the questions. Nikesh, in your prepared remarks you talked about giving Lee more defined product-related leadership, so maybe the question is for you, Lee, just what specific areas in terms of a priority sequence you're focusing on within your product organization because you have a lot of irons in the fire and I'd just love to understand where you're focused on from an R&D perspective. And then a follow-up for Kathy, if I may.

Lee Clarich -- Chief Product Officer

Absolutely. So, just to clarify what Nikesh said in prepared remarks, what I've done within my organization is create focus across the different product areas with leaders that have the empowerment, the entrepreneurship, the ability to make decisions quickly, and drive the product segments and innovation. And that's not me. That's about recreating the structure within the team. What that they creates for me is the ability to then focus on the areas that we view as being the highest opportunity in the future -- cloud, application framework, etc.

Fatima Boolani -- UBS Securities -- Analyst

That's really helpful. Kathy, for you, just at high level, can you give us any sense or a complexion of the product revenue trajectory as you think about next year, or this year, rather, and appreciate the attach subscriptions are an important part of the story. I just wanted to get a better sense of how you're thinking about that for next year. Thank you.

Kathy Bonanno -- Chief Financial Officer

Absolutely. We saw really nice product growth this year and this quarter as well. So, we're really pleased with the product trajectory. The new products that we've introduced are being very well accepted in the marketplace and we're having a lot of success selling those new product offerings. So, we're really excited about them in the marketplace. Obviously, we haven't guided to product revenue in the future and all I can really tell you about that is we feel good about our position in the market and we've seen and expect to see continued good performance of our products in the market.

Fatima Boolani -- UBS Securities -- Analyst

Thank you.

Operator

Thank you. We'll move next to Ken Talanian with Evercore ISI. Please go ahead.

Ken Talanian -- Evercore ISI -- Analyst

Hi, thanks for taking the question. As we look into next year, I was wondering if you could rank order the primary drivers of billings growth. And then among those, where do you see the greatest potential for variability?

Kathy Bonanno -- Chief Financial Officer

In terms of billings growth, I would say the same thing that we've been talking about for some time. Our primary driver of growth continues to be expansion within our existing customer base and trying to drive that lifetime value higher. We've had a lot of success with that, as you know. That has worked out very well for us and continues to be the primary driver. We're also seeing nice new customer acquisitions, which is very important for us as well. Those two movements really dwarf any other opportunities that we have. We've talked about refresh in the past. That's a very important opportunity for us. So, when we think about the magnitude and the numbers, it really comes primary from expansion and then new customers acquisition.

Ken Talanian -- Evercore ISI -- Analyst

Okay, great. Nikesh, as you think about the importance of data going forward, what types of changes to Palo Alto as an organization and from a technological standpoint are needed to really position it for success?

Nikesh Arora -- Chairman and Chief Executive Officer

I think part of what, as you saw some of the change I've already talked about, one is Lee's really focused team because what we want to understand is clearly how each of these product areas can go out and become big products and win for us. We felt that we needed to put more sort of direct effort into the application framework and Nir himself has decided to jump in. He's leading the application framework team to keep moving them in line with our strategy of moving faster. So, one is clearly speed.

I think second, we're giving all those product leaders go-to-market partners who are basically focused with them to become more entrepreneurial and go faster. So, part of what we're trying to do is that this is an industry which has a lot of vendors, a lot of partners, a lot of players. It's an industry that's moving very fast and we're trying to figure out how we can leverage the benefits of being a large player in this space and being a cybersecurity leader and at the same time, not give up the ability to move fast, move quickly, try, fail, try again, execute.

So, we're trying to keep the entrepreneurial spirit reinvigorated and try and make this a company which actually can balance those two things, which is both an opportunity and a challenge going forward.

Ken Talanian -- Evercore ISI -- Analyst

Great. Thanks very much.

Operator

Thank you. Our next question will come from Keith Weiss with Morgan Stanley. Please go ahead.

Keith Weiss -- Morgan Stanley -- Analyst

Thank you guys for taking the question and very nice quarter. Maybe just play devil's advocate just a little bit to hear your thoughts on the subject. You guys have $4 billion of cash on the balance sheet now and you took out sort of more of a credit facility, so it definitely seems like you're building up a war chest. You're talking about customers' need to consolidate and integrate solutions and buy from fewer vendors, which makes a ton of strategic sense. I've heard it from CSOS for quite some time.

But it also seems like CSOS say that they want consolidation and they want to buy from fewer vendors, but in reality they keep buying point products. They keep doing the same thing that they have been doing of buying sort of point solutions. What do you think is going to change that in the marketplace? What do you think is going to make consolidation the right answer that you guys could effectively consolidate multiple products and get customers to actually buy a broader swath of products over time?

Nikesh Arora -- Chairman and Chief Executive Officer

I'd like to make a very clear point here. You should not hear the word consolidation from us. You will hear the word integration from Palo Alto Networks, but never the word consolidation. The distinction I make and I've made it internally and for you is that for us, consolidation means them being able to buy from the same person. We're not interested in that. We're interested in solving multiple problems for the same customers ourselves. That's actually the bigger effort.

It requires a lot more thinking, a lot more work on our part to make two things work together. That's why you see when we bought Secdo, it's not how we started selling Secdo in addition to selling our firewall. We basically took the product team inside. We're reintegrating them into our larger picture. We're trying to make it work with our stuff so that when the customer comes in and says look, I can just check another box and get more capability across multiple pieces of infrastructure.

The customer definitely wants that and they will buy it if you can actually prove that they don't have to learn two different policy systems, two different management panes, two different ways of managing threat vectors. They want the ability to manage across their threat landscape from fewer tools and they want it to be as good as other products that they could've bought. So, they want both. They want best-of-breed and they also want integration.

So, you're right. The reason they're buying point solutions is because someone tells them this is best-of-breed. They go buy the best-of-breed. Nobody wants to be caught with a breach and say oh, my God, I bought something that was easier to buy than one that was better. So, they definitely want best-of-breed, but they also want it to work together because they know with 140 vendors across their enterprise, they can't sleep well at night.

Keith Weiss -- Morgan Stanley -- Analyst

Excellent. That makes a ton of sense. Perhaps a follow-up for Kathy. Product gross margins have been sort of weighed down by the new product introductions. But this quarter, we saw a sequential improvement and it looks like it's starting to turn up a little bit. How should we think about product gross margins where they are versus where they've been historically and the ability for them to sort of inch back up toward those historical levels?

Kathy Bonanno -- Chief Financial Officer

We're really comfortable with where our gross margins are right now. We've been operating within a gross margin range that we've talked about for some time now. 75% to 78%. What the current gross margins reflect is the fact that we've introduced a lot of new products. When we introduce new products, they tend to be lower margin. We expect those to increase over time. So, the fact that we're selling a lot of new products we're very excited about. We would expect that those margins will improve over time, but we're always looking at our range of margins within the various products that we sell. Obviously, we haven't provided margins for gross margins into the future, but we're comfortable with where we are now given the fact that we've got so many new products in our mix right now. And we're also continuing to invest, not on the product side, in the services side in the application framework and Logging Service, etc., which is also impacting our overall gross margin.

Nikesh Arora -- Chairman and Chief Executive Officer

Thanks, Keith.

Operator

Thank you. We'll move now to Greg with Cowen & Company. Please go ahead.

Gregg Moskowitz -- Cowen and Company -- Analyst

Thank you very much. I have a follow-up to one of Michael's questions on the application framework. This is probably for Lee. How are you thinking about the timetable of being able to take customer data from physical and virtual firewalls and endpoint and bring that into the data lake and use ML to run correlations against it? Any color on where the solution is today from a technical perspective and more importantly, where you think you could be in a year or two would be helpful.

Lee Clarich -- Chief Product Officer

Absolutely. A good question. First of all, we're doing a lot of what you just said. We are taking data from much of the platform into Logging Service and being able to apply machine learning to that with the Magnifier application. We're very pleased with the progress we've continued to make on that. In the prepared remarks, we talked about just last week releasing the production-ready APIs that will enable third-party applications to be delivered most likely later this month.

So, that's where we're at and we continue to make a lot of progress. From a future date perspective, I think we've painted this vision many times over. We envision collecting more and more data from more and more customers and applying more and more of our own and third-party applications against that. The response that we've seen from customers has been tremendous. They buy into the vision. They understand how it solves important problems that they've been facing in very unique ways that others are not able to do.

Gregg Moskowitz -- Cowen and Company -- Analyst

Terrific. Then just a follow-up for Kathy, if I could. You mentioned that the Q1 will have $10 million to $15 million of expenses from recent M&A. Are you able to give us a sense of approximately how long into fiscal '19 we should expect you to incur elevated investment levels from Evident and Secdo?

Kathy Bonanno -- Chief Financial Officer

We're not really providing any guidance beyond Q1 at this point.

Gregg Moskowitz -- Cowen and Company -- Analyst

Okay. Thank you very much.

Kathy Bonanno -- Chief Financial Officer

Thank you.

Nikesh Arora -- Chairman and Chief Executive Officer

Thanks, Greg.

Operator

Thank you. We'll now move to John DiFucci with Jefferies. Please go ahead.

John DiFucci -- Jefferies -- Analyst

Thank you. My first question I think is for Lee and maybe Mark, from a field perspective. We all know that Palo Alto Networks provides a broad platform of security offerings that are more or less integrated and the application framework enables the integration data from the different security solutions and vendors. But Nikesh noted that customers are really looking for even greater integration. What about the next level integration? What's sometimes called orchestration. Across other vendors' established products that are even complementary to your offerings. Is that something that you can even do or does a truly neutral vendor need to fill that role?

Nikesh Arora -- Chairman and Chief Executive Officer

You can hear us all laughing. There's a reason.

Lee Clarich -- Chief Product Officer

That's an interesting question. When I think about automation, I think about it from a number of different ways. Actually, I believe that the most valuable automation is the automation that no one even sees. It's the automation that we're able to do natively within the platform where things just happen and the customers just benefit from it. So, when you ask a question about orchestration, it's like yeah, it's a necessary component, but often orchestration is used to make up for a lack of integration. So, yes, we will enable it. We have partners that do it. They do important things. But we're going to always be looking to see in terms of the unique value that we can provide how do we more natively automate things in the back end and actually reduce the necessity to have external orchestration.

John DiFucci -- Jefferies -- Analyst

Okay. That sounds, because I do have a second question. So maybe it is a big topic and we can talk further on that at some point, Lee. But my second question is really I think for Nikesh and Kathy. We certainly understand your desire to manage the business for the long-term, but why does that goal coincide with the discontinuation of annual guidance? Because you're going to end up having a wide disparity of expectations out there, which is fine, but I'm not sure that's great.

Kathy Bonanno -- Chief Financial Officer

Yeah. So, look, I really view this as more of a returning to our practice prior to fiscal '17, when we had always provided quarterly revenue and EPS guidance. In fiscal '17, we felt the need to provide additional metrics and more longer term guidance, given that we undertook a sales restructuring during that year. But we are beyond that. We're very comfortable with your ability to model. We're very comfortable with our ability to execute and so we feel like returning to that prior practice is appropriate at this time.

John DiFucci -- Jefferies -- Analyst

Well, thanks for that vote of confidence, Kathy. Nice job.

Nikesh Arora -- Chairman and Chief Executive Officer

We want you to have the same confidence in us that we have in you.

John DiFucci -- Jefferies -- Analyst

Okay, great. Well, nice job. Thank you.

Nikesh Arora -- Chairman and Chief Executive Officer

Thanks, John.

Operator

Thank you. We'll move now to Walter Pritchard with Citi. Please go ahead.

Walter Pritchard -- Citi -- Analyst

Hi, thanks. First, a question for Nikesh. On the cloud side, a lot has been talked about here, but one thing I think is a question out there is do the public cloud providers enable the third-party vendors at this point to really provide the solutions customers need or do you need more access to APIs and network protocols and so forth to be able to insert yourself in the right position? I'm curious to hear your thoughts on that.

Nikesh Arora -- Chairman and Chief Executive Officer

I personally had very encouraging discussions with the leaders of all the public cloud providers out there over the last 90 days and the CEOs of the companies. So, clearly they understand that there's a shared responsibility between the customer and them. They don't want to take the entire onus of security onto themselves. At the same time, even to somebody's earlier question, in that case, nobody wants one vendor to provide the solution.

Most solutions that customers are deploying are multi-cloud or hybrid cloud. In which case, they want a third party to provide that capability. Yes, we do need some access to certain parts of the APIs, etc. We have to figure out the container [inaudible]. There's stuff that we need to do. I'll let Lee answer that because that's past my 90-day expectation of understanding. But, Lee, can you jump in?

Lee Clarich -- Chief Product Officer

Yeah. There's a lot that they already do and work closely with engineering to engineering to enable the things that we need to secure our joint customers in the cloud. Now, we're also constantly working with them to expand and further enable that tight integration, which makes it easier for our customers to consume and leverage our security capabilities within these environments.

Walter Pritchard -- Citi -- Analyst

Got it. Then just for Kathy. I think on the product side, the thing that I think is a bit of a challenge here is your original guidance you ended up about 17 percentage points ahead of your original product guidance for fiscal '18 and reported results. I guess we'd love to hear from your perspective how much of what drove that substantial upside in fiscal '18 are sustainable trends you see going forward versus factors that may have been refresh or one-time or forecasting it was challenging? Just trying to understand. You had such big upside, I think it's hard for us to even think about where product revenue might land next year given that.

Kathy Bonanno -- Chief Financial Officer

Yeah. I think that the important thing to note is that the biggest opportunities for us continue to be motions that we have executed on year after year after year. So, continuing to expand within our existing base and continuing to attract and win new customers. That remains the vast driver of our growth. I would just say perhaps when we look at our product performance, we've introduced new products during the last 15 months that have been very well received in the market, which is allowing us to solve new use cases, win new customers, and definitely keep nice win rates against our competition. So, we don't feel like these are one-time benefits to our company. Refresh is certainly an important opportunity, but I've mentioned before the real opportunity comes from continued expansion and winning new customers.

Mark Anderson -- President

Walter, if I can just underline that. Our customers are working with our sales teams and our partners to solve really important business problems for that. That inevitably leads them to buying into our security operating platform notion, which provides consistent security controls wherever they put their data and their applications and infrastructure employees. So, I think buying into that architecture is a really big difference between what we do and what everybody else does. I think that's why we're enjoying such tailwinds relative to the market.

Walter Pritchard -- Citi -- Analyst

Great. Thanks.

Operator

Thank you, everyone. That will conclude our question-and-answer session for today. I would like to turn the conference back over to Mr. Arora for any additional or closing remarks.

Nikesh Arora -- Chairman and Chief Executive Officer

Hey, everyone. Thank you very much for joining us for our earnings call, my maiden earnings call at Palo Alto Networks. In closing, I'd like to thank all the employees at the company, our customers, and our partners for the amazing work they've done so far. This is really the beginning for us and for me and I'm excited to see what's in store for us in the future. Thanks again for your time.

Operator

Again, that will conclude today's conference. Thank you all for participating. You may now disconnect.

Duration: 63 minutes

Call participants:

Nikesh Arora -- Chairman and Chief Executive Officer

Kathy Bonanno -- Chief Financial Officer

Mark Anderson -- President

Lee Clarich -- Chief Product Officer

Amber Ossman -- Director of Investor Relations

Philip Winslow -- Wells Fargo Securities -- Analyst

Matt Hedberg -- RBC Capital Markets -- Analyst

Pierre Ferragu -- New Street Research -- Analyst

Jonathan Ho -- William Blair & Co. -- Analyst

Andrew Nowinski -- Piper Jaffray -- Analyst

Michael Turits -- Raymond James -- Analyst

Fatima Boolani -- UBS Securities -- Analyst

Ken Talanian -- Evercore ISI -- Analyst

Keith Weiss -- Morgan Stanley -- Analyst

Gregg Moskowitz -- Cowen and Company -- Analyst

John DiFucci -- Jefferies -- Analyst

Walter Pritchard -- Citi -- Analyst

More PANW analysis

This article is a transcript of this conference call produced for The Motley Fool. While we strive for our Foolish Best, there may be errors, omissions, or inaccuracies in this transcript. As with all our articles, The Motley Fool does not assume any responsibility for your use of this content, and we strongly encourage you to do your own research, including listening to the call yourself and reading the company's SEC filings. Please see our Terms and Conditions for additional details, including our Obligatory Capitalized Disclaimers of Liability.