Palo Alto Networks (PANW) Q2 2022 Earnings Call Transcript

Palo Alto Networks (PANW 3.89%)
Q2 2022 Earnings Call
Feb 22, 2022, 5:00 p.m. ET

Contents:

• Prepared Remarks
• Questions and Answers
• Call Participants

Prepared Remarks:

Clay Bilby -- Investor Relations

Good day, everyone, and welcome to Palo Alto Networks fiscal second quarter 2022 earnings conference call. I am Clay Bilby, head of Palo Alto Networks investor relations. Please note that this call is being recorded today, Tuesday, February 22nd, 2022, at 2:00 p.m. Pacific Time.

With me on today's call are Nikesh Arora, our chairman and chief executive officer; and Dipak Golechha, our chief financial officer. Our chief product officer, Lee Klarich, will join us in the Q&A session following the prepared remarks. You can find the press release and information to supplement today's discussion on our investor website at investors.palolaltonetworks.com. While there, please kick on the links for events and presentations where you will find the investor presentation and supplemental information.

In the course of today's call, we will make forward-looking statements and projections that involve risk and uncertainty that could cause actual results to differ materially from forward-looking statements made in this presentation. These forward-looking statements are based on our current beliefs and information available to management as of today. Risks, uncertainties, and other factors that could cause actual results to differ are identified in the safe harbor statements provided in our earnings release and presentation and in our SEC filings. Palo Alto Networks assumes no obligation to update the information provided as a part of today's presentation.

We will also discuss non-GAAP financial measures. These non-GAAP financial measures are not prepared in accordance with GAAP and should not be considered as a substitute for or superior to measures of financial performance prepared in accordance with GAAP. We have included tables which provide reconciliations between the non-GAAP and GAAP financial measures in the appendix to the presentation and in our earnings release, which we have filed with the SEC and can also be found in the investors' section of our website. Please also note that all comparisons are on a year-over-year basis unless specifically noted otherwise.

We would also like to note that our management is scheduled to participate in the Morgan Stanley Investor Conference in March. I'd like to apologize for the delay in our start time. We experienced a technical issue that required delaying the call by 30 minutes. I will now turn the call over to Nikesh.

Nikesh Arora -- Chairman and Chief Executive Officer

Thank you, Clay. Good afternoon and thank you, everyone, for joining us today for our earnings call. As you've seen by our results we released, we had an exceptional Q2. We continue to accelerate the growth of our business in line with our stated direction of fiscal year '22 being the year of focused execution.

But first, let's talk about the market and the trends we're seeing. Firstly, we continue to see strong demand for cybersecurity. We have not seen any changes in the IT spending patterns of our customers or a slowdown in companies investing in IT systems through our competitive advantage. On the contrary, we see acceleration around trends associated with the shift to the cloud as well as the continued efforts to redefine network architectures to enable employees to work effectively from anywhere, a trend which has been bolstered by the pandemic, and we continue to believe we are still in the early innings here.

Both these factors underpin continued demand for cybersecurity services. Secondly, we continue to see an evolving and complicated threat landscape. We've highlighted in the past that cybersecurity is at the front and center of all conversations around risks and threats at companies as well as nation-state levels. We believe cybersecurity will continue to become more and more relevant and important.

With increased alliance and technology and the prevalence of cyberattacks, there is an ability to disrupt businesses and critical systems, making cybersecurity an area will -- that will need continued focus on investment. In addition to industry-specific trends, we're seeing a trend that is unique to Palo Alto Networks. Given our investments in the areas and continued relevance across multiple platforms and needs of our customers, we're having more and more significant partnership conversations, which encompass the entire Palo Alto Networks offering. Whilst early, we believe this is the true differentiation that Palo Alto Networks provides, both best-of-breed and integrated security that works.

Thirdly, our continued focus on execution. This focus is bearing fruit as we execute multiple dimensions across our business. Execution from our product teams means continuing our rapid pace of integrated platform delivery. We will talk about innovation across our platforms.

But to highlight, just today, we unveiled our XSIAM product, which is poised to reimagine security operation centers and truly deploy technology to resolve cyberattacks in real time. Execution from our go-to-market teams means focusing on the broader customer-driven priority of helping them significantly improve their cybersecurity posture. This is demonstrated by the multi-platform large deal commitments we're beginning to see. Execution from our supply chain team means we are able to work with our suppliers in this tough environment to deliver critical security appliances to our customers.

We had to balance some of the increased costs with price increases as an offset, but we've been able to keep these increases modest in comparison to our peers. Execution from our people leaders means despite this being a hot market for great talent, we're able to attract and retain the best minds in cybersecurity. As you saw in the opening of the call, we launched a Welcome Home program to welcome back employees that had left our company. We have seen good initial success here.

Let's take a quick look at some of the outcomes caused by the focus on execution. In Q2, revenue was up 30%, while the leading billing and RPO metrics were up 32% and 36%, respectively. We're building a more predictable business model. Our CRPO balance of $3.4 billion gives us significant visibility into our next 12 months' revenue.

Next-Generation Security, or NGS, ARR finished Q2 at $1.43 billion. As we hit our midyear point, we have greater confidence that our strategy is working, which is driving us to make further investments in these businesses. At the same time, we continue to transform our core network security business with a software mix within our Firewall as a Platform billings came in at 40%, up 5 points versus last year. We drilled these strong top-line results while balancing non-GAAP profitability even as we absorbed some incremental expenses from supply chain challenges.

Operating income grew 20%, and adjusted free cash flow grew 33%. We outperformed our non-GAAP EPS guidance midpoint by $0.09. For a number of quarters, we've talked about our large deal momentum. To accelerate these results as we exited fiscal 2021, we layer on a sales strategy to elevate our focus and drive efficiency in our largest opportunities.

With a growing portfolio of products across three platforms, making large deals selling a repeatable process is core to our sustaining and accelerated growth trajectory. With BJ Jenkins taking over the leadership role for our broader sales organization, we've had an ability to increase management attention on the largest deals in the form of Amit Singh, our CBO. We're pleased with the results we have seen in the first half of the year. These deeper multi-platform relationships are a win-win for Palo Alto Networks and our customers.

As a testament to this, at the end of Q2, 47% of our Global 2000 customers used products from all three of our platforms, up from 38% a year ago. In Q2, we closed 221 seven-figure transactions, including three transactions over $20 million. Our military customers were 1,077 in Q2, up 26% year over year. Our combined rate of growth in a million customers, as well as an increase in size of our large deals, has helped us sustain the accelerated level of growth you've seen over the last several quarters.

In all, it's a strong quarter and I want to thank our global team for their strong execution across the board. Driving these results are the transformation of our firewall business and our focus on capturing the growth in next-generation security. In particular, this quarter, our strengths were well balanced in both of these categories. Let's do a quick review of our progress across our three platforms.

As you know, we have them designed modularly so customers can initiate their partnership journey with Palo's Networks whatever their current need is, but over time, we work with them to both expand across any one of our platforms and also work with them to adopt our other platforms in line with their plans. At the heart of our three-platform strategy is innovation. This is a fuel of our growth, especially in next-generation security where we play in markets that are early in their life cycle. In the first half of fiscal year 2022, we had 22 major product releases, which is equal to all the releases we had in the full year of fiscal 2020.

Even more impressive is that this quarter marks the end of all integrations of our acquired businesses over the last few years, i.e. all of our products are now seamlessly integrated and can have organic development continue on them. We were also pleased to receive two new industry awards, adding one in developer security tools and other in secure web gateway. We now have a leadership position in 10 categories.

Focusing first on our firewall business. We're continuing to refresh our platform. And just last week, we announced two more new families with the PA-3400 and PA-5400. This new generation four platforms have industry-leading performance on real work encrypted traffic using our single-pass architecture and performance that is three times faster than similar Gen 3 appliances.

We also rolled out PAN-OS 10.2 Nebula release, which adds significant new capability in using machine learning to stop the current generation of highly malicious attacks in line. This capability powers our recently released advanced URL and new advanced threat prevention subscriptions as well as bring significant enhancements to the capability of our DNS security subscription. We have the industry's first integrated AIOps to our next-generation firewalls, our tenth subscription added to the firewall family. This capability assists customers to prevent firewall misconfigurations and proactively addresses performance issues before they impact customer networks.

We were pleased with our ability to grow our product revenues at 21%. This contributed to our Q2 revenue upside and was ahead of our guided mid-teens growth for the full year, which we will be raising. Our teams worked tirelessly during Q2 to ensure we could fulfill product demands to customers as quickly as possible while also navigating through Gen 3 to Gen 4 refresh. We did see demand for our next-generation firewall appliances outstrip our ability to ship in the quarter, and this is reflected in the growing RPO I spoke about earlier.

Strong secured demand, innovations we're bringing to customers such as our Nebula release as well as customer appetite for Gen 4 gives us strong conviction and sustained product demand into fiscal year 2023. Next, I want to spend some time on our NGS business. This is one where our teams have done work, which I personally believe has not been done in the cybersecurity industry before. And this is what makes Palo Alto Network special.

We have built a formidable set of services which are cloud-first, and these services are resonating with our customers. This success is truly driven by us working with our customers to anticipate their challenges, delivering best-of-breed solutions in an integrated fashion while continuing to focus on security outcomes. This has resulted in us building an NGS ARR stream of $1.43 billion driven by billings growth of 79% in NGS. Diving deeper into SASE, which has been a strong contributor to NGS.

We continue to see strong uptake from our existing customers. We're also seeing marquee new customer wins, which are reflected in our current customer count of 1,983, which is up 62%. A recent report from the IT industry analyst Enterprise Strategy Group noted that 78% of organizations have begun or are planning SASE implementations. We see this mirrored in our customer conversations, where hybrid work is now the way many of these companies are planning on supporting the future work.

We are pleased to again stand on Autos Business Work report where we were identified as a leading provider of remote access solutions. We're seeing SASE emerge as a key platform for our customers with these customers looking to Prisma SASE to deploy leading capabilities. We rolled out integrated CASB within Prisma Access 3.0, including a new capability around in-line DLP for SaaS, and in particular, collaboration applications. We continue to see success attaching autonomous digital experience management, or ADM, as an upsell in Prisma Access as customers rely more on SASE as a foundation of the network architecture.

On the cloud front, we're seeing mainstream adoption of hyperscale public cloud in our customer base as well as an acceleration in production workloads. This is driving sustained strength we're seeing from Prisma Cloud. Four years ago, we made it a conscious strategy to be a first mover with multiple big bets to proactively invest where we believe the future of security is going. Our pivot began with several acquisitions targeting companies with the best technologies.

We developed a unique go-to-market approach, allowing us to promote future modules as part of an integrated offering. We're seeing tremendous success with this approach. While our active customers grew 21% to 1,810 in Q2, we saw north of 56% growth in credit consumptions driven both by increased adoption of the cloud by our customers and their continued adoption of more security modules in Prisma Cloud. While our two-core modules, cloud security posture management, and cloud workload protection, are mainstream within most of our customer base, we're seeing an increased adoption of three and more modules.

There are two areas I would like to highlight in Prisma Cloud this quarter: first, the launch of cloud code security; and second, the launch of agentless scanning. Approximately one year ago, we acquired Bridgecrew, which has strong early traction in DevSecOps, enabling security to be shifted left into the software development life cycle. This addresses security problems before they are created in production deployments and is far more efficient. A single deployment template can be propagated hundreds of times.

When there are multiple vulnerabilities in the code, each deployment could create hundreds of security events even once in production. Bridgecrew had significant traction with its checkout open-source tool, momentum that has significantly accelerated since its acquisition closed, and downloads are up to five times year over year. Building on the Bridgecrew technology, in Q2, we released our fifth Prisma Cloud pillar, cloud code security, which is part of our three release. Our stand-alone Bridgecrew product has about 70 customers.

We're pleased to see DevSecOps customer momentum building as Prisma Cloud customers adopt cloud core security to several weeks after its integrated releases into our platform. Let's talk about agentless scanning. You've seen a number of smaller provider focused on small initiatives in cloud-native security. Providing only agentless scanning is one of them.

What we hear clearly from a customer is that they want a platform approach to cloud security, which offers the flexibility of both agent and agentless scanning, depending on their architecture and security needs. Towards this end, our teams rallied and delivered agentless scanning in record time. This makes sure that our customers can deploy either approach via the integrated platform that is Prisma Cloud. Now turning to Cortex, our endpoint security, security analytics, and automation solutions.

We continue to see significant customer demand for automation and security as threat data and volume security events grow at exponential rates. The human-only approach to interpreting data and responding to events is not keeping pace. We're seeing strong customer adoption of our market-leading technologies across XDR, XSOAR, and Xpanse. Total customers across XDR Pro and XSOAR reached 3,232 and increased over 69%.

Q2 was a strong quarter for new customers, both those that are brand-new to Palo Alto Networks and also cross-sell to Cortex. We also saw acute strength across all of our geographies for Cortex. At our Ignite event last November, we launched our managed partnership program, XMDR, and we continue to see partners join the program to further align the opportunity across our Cortex portfolio. We now have 27 partners there and have a strong pipeline of interest of partners working through the certification process.

Core to our growing success with Cortex is the innovation investments we have made over the last years in XDR, XSOAR, and Xpanse with market-leading capabilities in each. Shortly after leasing XDR 3.0 in Q1 to enable cloud detection response, we release XDR 3.0 -- 3.1 in Q2 to further enhance our cloud asset visibility and insights. Cut also marked the release of our intelligence modules for XSOAR, providing end-to-end railroad the intelligence to identify and discover new malware familiar -- families or campaigns or attack techniques that are related to security incidents. This morning, we announced our Cortex extended security intelligence and automation management, or XSIAM, platform and shared our vision to provide an autonomous cybersecurity solution as a modern alternative to SIEM solutions.

We believe security operations teams have an urgent threat detection remediation problem, and only by leaning into a natively AI-driven platform, we will be able to bring down response times from hours and days to seconds and minutes. We're on a mission to revolutionize how data analytics and automation is leveraged in cybersecurity, and XSIAM is a product of years of research and development we've been doing in this area. XSIAM is currently available to a limited number of customers that will be broadly available later this year. In summary, I am very pleased with our Q2 results.

We both continue to benefit from strength in our core next-generation firewall business and is a strong sign of our future growth prospects, significant strength across our next-generation security portfolio. This balanced performance is a hallmark of our long-term strategy to drive durable growth. On the back of this trend and based on what we're seeing in our pipeline heading into the second half of fiscal year 2022, we are raising our total revenue, product revenue, and total billings guidance for the year. Within this top line, given our confidence in both our pipeline and our sales execution NGS, we're also raising NGS ARR for the year.

Lastly, we're delivering this top line while we continue to make significant investments in our business for future growth. We not only continue to see strong near-term demand but also strong medium-term trends in cybersecurity, fueled by underlying spend in IT spendings and secular trends like hybrid work and cloud-native adoption. We have aligned investments both to building sales capacity for fiscal year '23 as well as medium-term investments and product capability. These investments have been made while also absorbing unexpected supply chain-related costs this year.

Despite this, we have been able to deliver upside to our non-GAAP EPS forecast so far this year. We're lifting our non-GAAP EPS guidance for the year, reflecting much of the upside we saw in Q2. With that, I will turn the call over to Dipak to go into more detail on the Q2 performance of our guidance.

Dipak Golechha -- Chief Financial Officer

Thank you, Nikesh, and good afternoon, everyone. We again delivered results ahead of our guidance across all metrics as we continue to transform our business. Top-line growth remained strong in Q2 with balanced strength across our portfolio, including product and especially in our next-generation security offerings. Supported by the strength in our differentiated offerings, we're releasing our full year guidance.

For Q2, revenue of $1.32 billion grew 30% and was above the high end of our guidance range. Product grew 21%, and total services grew by 32%. We saw strong growth in all geographies and across all platforms. By geography, the Americas grew 33%, EMEA was up 22%, and JAPAC grew 23%.

NGS ARR finished the quarter at $1.43 billion, supported by broad strength across each of our platforms. Prisma Access ARR more than doubled year on year, and we continue to see especially strong growth from XDR and Prisma Cloud. This demonstrates that our portfolio approach to driving growth in our high-growth markets is working and what gives us confidence to raise our guidance here, which I will talk more about shortly. In the second quarter of 2022, we delivered total billings of $1.61 billion, up 32% and also above the high end of our guidance range.

Total deferred revenue in Q2 was $5.4 billion, an increase of 31%. As a reminder, billings is total revenue plus the change in total deferred revenue, net of acquired deferred revenue. Our NGS billings grew 79% year over year. Going forward, we encourage investors to focus on our NGS ARR metric as we view this measure as being more indicative of the underlying drivers of this business.

We will not be updating NGS billings in the future. Remaining performance obligation, or RPO, was $6.3 billion, increasing 36%, with current RPO growing largely in line with total RPO. As mentioned previously, we believe RPO adds meaningful insight into our future revenue as it includes both prepaid and contractual commitments from customers. The strength of our RPO growth gives us confidence in our future quarters as it effectively provides us a head start from a revenue perspective.

Our product growth was 21% in Q2 and above what we have seen historically, reflecting strong customer demand for our appliance and software offerings. Within our Firewall as a Platform business, we saw billings grow 26%, in line with the growth we have seen over the last year as customers purchase hardware, software and SASE form factors. Within FWaaP, our software mix increased five points to 40%. Last quarter, we raised our fiscal year '22 outlook for product revenue growth to mid-teens.

We're raising this outlook to high teens as we continue to balance the forces of very strong customer demand and supply chain constraints. Turning to the details of our results. Product revenue was $308 million, growing 21%. Subscription revenue of $618 million increased 34%.

Support revenue of $391 million increased 30%. And in total, subscription and support revenue of $1.01 billion increased 32% and accounted for 77% of our total revenue. Non-GAAP gross margin of 74% was down 130 basis points, in part due to the ongoing costs associated with the supply chain. Our production teams have done an outstanding job in fulfilling the growing demand and keeping the priority focused on enabling shipments to customers.

We will continue that posture moving forward. Non-GAAP operating margin of 18.4% was again up sequentially and down year over year as expected, with higher product and support costs impacting the year-over-year trend. Non-GAAP net income for the second quarter grew 20% to $185 million or $1.74 per diluted share. Our non-GAAP effective tax rate was 22%.

Our GAAP net loss was $94 million or $0.95 per basic and diluted share. Turning now to the balance sheet and cash flow statement. We finished January with cash equivalents investments of $4.2 billion. Days sales outstanding were 60 days, unchanged from a year ago.

Cash flow from operations was $483 million. We generated adjusted free cash flow of $441 million, a margin of 33.5%. In Q2, we again balanced multiple financial priorities with strength in both top line, underlying non-GAAP profitability, and in cash conversion. We believe it is important to hold ourselves to this discipline even when growth is robust in order to drive a best-in-class financial model as we scale into a larger company.

We continue to execute on our capital allocation priorities that outlined in our September Analyst Day. During Q2, we repurchased approximately 1 million shares on the open market at an average price of approximately $534 per share for a total consideration of $550 million. We continue to expect a large part of our cash flow to be used for share repurchase. We have approximately $450 million remaining on our authorization for future share repurchases expiring December 31st, 2022.

On the M&A front, we did not close any acquisitions in Q2. As we noticed at Analyst Day, we continue to focus on managing down our stock-based compensation as a percentage of revenue. This quarter, we reduced SBC by about two points year over year as we apply our overall discipline to this process while balancing the current market for cybersecurity talent. We look forward to continuing this trend.

Similarly, we talked about an aspiration for achieving the Rule of 60, combining revenue growth and adjusted free cash flow margin. You will see that with the revised midpoint of our fiscal year guidance, we are now expecting to achieve this once aspirational goal. Lastly, moving to guidance and modeling points. As Nikesh highlighted, we continue to see very balanced demand.

This includes demand from our appliance form factors that outstrips our ability to fulfill them in the short term as well as strengthen our next-generation security portfolio. Our Q3 guidance takes into account the strong demand picture as well as the best information we have today on supply chain and other factors. Turning to our guidance for the third quarter of fiscal '22. We expect billings to be in the range of $1.59 billion to $1.61 billion, an increase of 24% to 25%.

We expect revenue to be in the range of $1.345 billion to $1.365 billion, an increase of 25% to 27%. Non-GAAP EPS is expected to be in the range of $1.65 to $1.68 based on a weighted average diluted count of approximately 106 million to 108 million shares. For fiscal year 2022, we expect billings to be in the range of $6.8 billion to $6.85 billion, an increase of 25% to 26%. We expect revenue to be in the range of $5.425 billion to $5.475 billion, an increase of 27% to 29%.

We expect NGS ARR to be $1.725 billion to $1.775 billion, an increase of 46% to 50%. We expect product revenue to grow in the high teens with the seasonality weighted to Q4 as we have seen in prior years. We continue to expect operating margins to be in the range of 18.5% to 19%. Non-GAAP EPS is expected to be in the range of $7.23 to $7.3 based on a weighted average diluted count of approximately 106 million to 108 million shares.

Adjusted free cash flow margin is expected to be in the range of 32% to 33%. Additionally, please consider the following additional modeling points. We expect our non-GAAP tax rate to remain at 22% for Q3 '22 and fiscal year '22, subject to the outcome of future tax legislation. We expect net interest and other expenses of $5 million to $6 million per quarter.

For Q3, we expect capital expenditures of $40 million to $45 million. For fiscal year '22, we expect capital expenditures of $185 million to $195 million, which includes $39 million outlaid in Q2 related to our Santa Clara headquarters. With that, I will turn the call back over to Clay for the Q&A portion of the call. Thank you.

Clay Bilby -- Investor Relations

Great. Thank you, Dipak. [Operator instructions] The first question is coming from Saket Kalia of Barclays with Tal Liani of BofA to follow.

Saket Kalia -- Barclays -- Analyst

OK. Great. Thanks, Clay. Thanks, team.

Nikesh, maybe I'll start off with a product question since it's hot off the press this morning. I was wondering if you could talk a little bit about the XSIAM product a little bit. Again, brand new given the announcement today. But maybe the question is, how do you envision disrupting the SIEM market? And how can you maybe leverage your existing portfolio to cross-sell into the customer base?

Nikesh Arora -- Chairman and Chief Executive Officer

Well, thank you, Saket. Thanks for the question. Look, when I came to Palo Alto Networks, our mean time to respond at Palo Alto Networks was measured in tens of days. And for someone who did not work in the security industry, I found that a little flabbergasting because if it takes tens of days to figure out that you've been breached and all you're doing is closing the door after somebody is gone.

So we challenged our team internally said, can you take that and turn that into seconds or minutes because that's the only way we're going to have a chance to be able to protect not just ourselves, but our customers in the future. That required us internally revamp from having north of, I'd say, 15 to 20 other security vendors even in our infrastructure down to less than 10 because there are some areas, as you know, we don't play in cybersecurity. But that, coupled with automation, with data analytics, we're down at Palo Alto Networks just under one minute as a mean time to resolution, which is how we can resolve log4G within our company or SolarWinds within our company. And I think that's the capability that customers need.

And we did a phenomenal job just in his video where he says, "Look, you take a car and you had adaptive control, you add park lane assist. You add all those features to an old car or is an oat a new car, but doors between around 20 years that doesn't make it an autonomous vehicle. You have to start from scratch. You have to build the software to build analyzing data.

And that's kind of the right analogy to think about it. The future of protecting our customers will have to depend on being able to analyze data on the fly, immediate on the fly, not wait for humans to analyze it, and come back 10 days later and say, now I know what happened. So toward the end that end, we have launched XSIAM. It is an early release working with a handful of design partners to work with them to go replace to security infrastructure and align with what we've done at Palo Alto that allow us to learn and to build with them, but we expect this product will be GA-ed later in the year.

Really excited. The way it leverages our portfolio is we can do it quickly if you're using Palo Alto appliances, Palo Alto firewalls, Palo Alto endpoints. We can do pro a Palo Alto Prisma Cloud is an easy thing to do for us. We also integrate with other security vendors.

But obviously, the quality of data becomes suspect as you keep going on to more and more legacy security technologies.

Saket Kalia -- Barclays -- Analyst

Great. Thanks.

Clay Bilby -- Investor Relations

And our next question comes from Tal Liani of Bank of America with Brian Essex next. Please proceed.

Tal Liani -- Bank of America Merrill Lynch -- Analyst

Hi. I hope you can hear me. I have a balance sheet -- I'm limited to one question, so I'll just ask the question that no one else will ask probably. I'll ask the balance sheet question.

There is a long-term convertible note that was rolled into short-term liabilities. The magnitude is big. It's $1.6 billion. Can you explain this? Also, I'm looking at your SBC.

It's getting to $290 million this quarter almost. It's a big number. And if I go back, you're not profitable if I take into account SBC, and that has been the historical trend. So can you first explain the SBC and the outlook? We know how -- what's going to be the trend with this account? And when are you going to turn profitability on a GAAP basis? What's the plan for the company? Thanks.

Nikesh Arora -- Chairman and Chief Executive Officer

Let me start with the second. I'll hand it over to Dipak to answer your question on the balance sheet and add to my answer. Look, when I came, we bought a bunch of companies. And the way we bought them was we unvested the founders from their equity and their companies and revested them with Palo Alto stock over a period of four years.

That was the only way we could secure the talent of all these founders of the companies we bought. So a significant part of our SBC is the embedded M&A cost of retaining founders. As you've noticed, we have not done any significant M&A in the last two or three quarters. As that begins to roll off, you will see a step change down in our SBC when all those acquisitions begin to roll off.

Obviously, the earliest ones will start rolling off in about another six months. And then over the next year or so, a year and a half, you'll see significant rollout. So that should show you that. In addition to that, as Dipak highlighted, we are working hard to make sure that the normal SBC continues to be managed down.

And of course, as you know, as a percent of revenue, if revenue keeps going up, it also acts as a benefit toward that direction. So we will talk more about what our forecast to achieve GAAP profitability as we lap Q4 this year because we'll have more visibility on the M&A stuff, but I will let Dipak add to that and as well talk about the balance sheet item.

Dipak Golechha -- Chief Financial Officer

Yeah. I think the only thing that I would add is like what we found in the company is when we really focus on something, we find opportunities. You've seen that on pretty much every metric that we focus on. This now becomes another metric that we're focusing on.

I just want to say that we're going to balance that with the need to retain our talent. Just as you saw from the Welcome Home video, we want to make sure that we get the best talent as well. But that's really on the SBC. On your balance sheet question, Tal, like a couple of different points.

The 2023 and 2025 notes eligible for early conversion from February 1st to April 30th, 2022, due to the share price exceeding the price thresholds. Those notes continue to be classified on the balance sheet as current liabilities in Q2, unchanged from Q1. In Q4, the 2023 notes were classified as current liability, and the 2025 notes were a long-term liability. So it's just a question of how they're classified on the balance sheet based on all the trigger events on the notes.

But hopefully, that answers your question.

Clay Bilby -- Investor Relations

All right. Great. Thank you. And the next question comes from Brian Essex of Goldman Sachs with Hamza Fodderwala up next.

Brian, please proceed.

Brian Essex -- Goldman Sachs -- Analyst

Great. Thank you. Nikesh, I just want to touch on the hardware side of the business. I see the innovation with the updates of PAN-OS and Gen 4 hardware refresh.

What -- I guess first part of the question, have you adjusted sales incentives to drive better hardware adoption? And then maybe part B of that question is, how do you think about, I guess, the ability or the incentives to leverage the product side of the business to drive consolidation of share on your platform going forward?

Nikesh Arora -- Chairman and Chief Executive Officer

Great question, Brian. So two parts. One, as you probably heard from everyone in the industry who's in the hardware business, demand is outstripping supply. I suspect it partly has to do with supply, partly has to go volumes going up at a pandemic, inflation expectations.

So we don't have to do a lot on sales incentives to die with more hardware. We have customers who would like their hardware delivered sooner than later. So we are seeing demand. And as I said, our ability to supply despite the 21% growth, still demand outstrip that 21% number, which is why you see our RPO continuing to rise.

So I think that's your answer to the first part. In terms of the ability for us to leverage hardware, and I'll highlight a metric we shared last time, that 25% of our customers in SASE are -- were net new to Palo Alto last quarter. we haven't declared that number this quarter, but that gives you a sense. And typically, those conversations, Brian, are, hey, while I love your security platform, I love your security policy, I'd like to deploy it, but my firewalls are still around, and they have two, three years more to go.

In that case, we end up with a SASE deal with the expectation that over time, when that customer consolidates their firewall, it gets to be a Palo Alto, end-to-end Zero Trust execution because the only way to do Zero Trust right is to make sure your hardware, your cloud, and your remote users are all consistent in terms of security policies used. From that perspective, we see an opportunity to take hardware and further consolidate. In some cases, its customers going from two harder vendors to one. In some cases, it's customers doing a replacement of some other hardware vendor with Palo Alto networks because now they already deployed SASE in their environment.

So we see all of that happening. And one of the beautiful features some of the subscriptions I laid out, whether it's autonomous monitoring or AIOps or DNS security or filtering, etc., we can make that happen consistently for our customers across both platforms. So in that perspective, they already see the benefits of deploying that on a consistent basis.

Clay Bilby -- Investor Relations

Great. Thank you. And our next question comes from Hamza Fodderwala of Morgan Stanley with Phil Winslow to follow.

Hamza Fodderwala -- Morgan Stanley -- Analyst

Thanks for taking my question. So the NGS ARR grew really nicely, and you raised the full year guide on that, too, which I -- you normally don't do midway through the year. The Prisma SASE, Prisma Cloud doing really well, as usual, it seems. But there appears to be an inflection on Cortex.

Can you talk about some of the strategic initiatives that are driving that in the last couple of quarters in particular? And then maybe just for Dipak, can you help us understand maybe the gap between NGS billings and ARR growth going forward as some of the lower-duration stuff becomes a higher percentage of the NGS mix?

Nikesh Arora -- Chairman and Chief Executive Officer

Thanks, Hamza. Thanks for the question. Look, I think this was an all-out quarter strength across every NGS category, whether it's cloud, SASE or Cortex. I think there's an inflection point both in Cortex as well as Prisma Cloud.

More and more conversations around where customers are coming to the point they're saying, yes, I cannot do this with the cloud-native tools because I've got multiple cloud providers I'm dealing with or I cannot do this with the next start-up from two guys who started it, and that can cover one sliver. I need something that's more comprehensive. Because honestly, if I was going to replace security capability with a start-up capability, AWS Azure, GCP already had that capability. It's not like they're lacking in capability from a security perspective.

But just to give you an example, if you deployed security using one cloud provider, whether it's AWS or GCP or Azure, you'd have to integrate 10 of their modules to get one Prisma Cloud. You have to do the integration work yourself. So we've already done that not just within their tools, also across all public cloud providers. So that's why the consolidation of security capabilities in Prisma Cloud makes sense.

We're seeing that inflection. You see the number of customers. It's closing in on 2,000 customers, 80 of the Fortune 100. So we're not dealing with small enterprises trying to replace some features from CSPs.

We're dealing with people who are now in complex production environment types and areas, and they are deploying Prisma Cloud. So we've seen that inflection there. And you're seeing that with 56% growth in credit consumption. You're seeing not only are we benefiting from people adopting multiple modules but also benefiting from the fact that their native sort of production workloads are going up.

And at Palo Alto Networks, I will tell you, our consumption of public cloud has always outstripped our forecast because of the success we're seeing in our NGS portfolio. So that's one part. In Cortex, I'd say, again, remember three years ago, we didn't have any of these products at Palo Alto Networks. We were busy selling firewalls.

So I think part of it is the sales force getting behind it, understanding it. And on most technical desks out there, XDR fares better than most of the names you would know in the XDR space. So we have real technical differentiation advantage in the market. From that perspective, we are able to go down to our base.

And look, I know we didn't have this product two years ago. It's time for you to renew. It's time for you to deploy XDR. Why did it try Palo Alto Networks for XDR? You're seeing both of those.

I don't know, Lee, do you want to add something?

Lee Klarich -- Chief Product Officer

No. It's fine.

Nikesh Arora -- Chairman and Chief Executive Officer

Because I don't want to make Lee feel like he's not answering any questions. Exel is coming your way. It's a balance sheet question. Thanks, Hamza.

Dipak Golechha -- Chief Financial Officer

Do you want me to answer the billings versus ARR? Hamza, it's a good question. It comes up quite often. I think fundamentally, the way I look at it is you're comparing apples and oranges a little bit here. ARR is really looking at your annual recurring revenue.

Your billings is looking at whatever the duration is for what's out there. And so if you have like one deal that happened to be a long duration, right, you will get more billings and ARR within that quarter. Previous times, we've had that. So I think the last quarter, our NGS billings grew less than the ARR, which is why -- I'm probably more in the camp of let's just focus on NGS ARR.

It's the source of truth and the one that we will focus on. But that's all that's happening. It's quite variable quarter-to-quarter based on some of the larger deals that Nikesh mentioned.

Clay Bilby -- Investor Relations

All right. Great. And up next is Phil Winslow of Credit Suisse with Brent Thill to follow. Please proceed, Phil.

Phil Winslow -- Credit Suisse -- Analyst

Great. Thanks for taking my question. Congrats on a great quarter I just wanted to focus in on Prisma Cloud, Nikesh, maybe inception that question and if my head with your fleet. But you mentioned increased attached to production environments as well as just being early in terms of consolidation, the functions at Palo Alto.

What are you hearing from customers in terms of just adoption? Are we at that inflection point? And also, how are the competitive dynamics changing here?

Nikesh Arora -- Chairman and Chief Executive Officer

I'm going to hand over to Lee because I said if Lee doesn't answer a question, he won't come to the next earnings call. So -- but before I give it to him, I will say one thing. We've deployed an adoption team on Prisma Cloud in the last 6 months, which is seeing phenomenal outcomes. And also, I don't -- I want to say -- I want you to take it the right way.

Competitively, the option is customers I'm not ready to go to a production quality, high-end, and fully integrated cloud security platform. I'm fine with my DIY plus my cloud-native tools. But there's -- we don't run into a POC or compete with somebody else. It's usually, we either lose against ourselves because the customer would rather stay where they are.

Now in the case of XDR or SASE, we have competitive environments. It's not like we don't compete. But in the case of cloud, it's usually based on the customer needs. But I'm going to let Lee talk about what customers see from cloud what typically does the trick?

Lee Klarich -- Chief Product Officer

Yeah. I think -- thanks, Nikesh. There's a couple of, I think, key trends that we're seeing. One, and following on to what Nikesh was saying, there were a number of companies, probably early adopters of cloud, that built a lot of their own tooling, used a lot of open source.

And it's interesting. A couple of years ago when we talked to them they would say, "No, no, no, we've got this covered. We've built our own tools. We're happy to maintain them." And many of them are now coming back to us and saying, "Actually, it turns out, this is more work than we thought it was." It's surprising just how many distinct APIs exist in each of the different cloud products that you have to integrate with, pull data from and understand.

Just using that as one example of many, right? So that's one trend that we're seeing is the challenge of doing it yourself. The second is the -- I think the understanding of what actually needs to be accomplished. And again, early on, we saw it was, I just need compliance in the cloud. And now we're seeing customers fully understand the needs across all different five pillars that we have and the importance of each of those and our ability to deliver on those.

And lastly, I'd say, we've actually gotten fairly good, and we continue to work on this of building in-product adoption capability. So we're not just dependent on people customer success and adoption folks talking to our customers about adoption of new modules. We're building that into the product natively, suggesting to the customer what they need in order to be most secure, and we're seeing that drive a lot of adoption. You saw the note -- the metrics on the Bridgecrew integration and just how quickly we've got to 70 customers adopting that in product in just a couple of weeks since it was released into production.

So love to see this trend. Obviously, there's a lot more adoption we're going to see in the future, but I do think that we're seeing that inflection point.

Clay Bilby -- Investor Relations

Great. Our next question comes from Brent Thill of Jefferies with Rob Owens following. Brent, please proceed.

Brent Thill -- Jefferies -- Analyst

Nikesh, just on the demand environment, everyone's curious to hear your view on the strength of the pipeline relative to a year ago. And many of are questioning that this -- has there been a pull-forward or not? Can you just address what you're seeing in the pipeline and ultimately why this has not been a pull-forward of demand in your perspective?

Nikesh Arora -- Chairman and Chief Executive Officer

I think, Brent, it will be a pull-forward demand if you saw everyone posting numbers at this rate. You are seeing some other players in the industry who are low single digit in firewalls. So we must be taking demand away from somebody else, whether it's us taking from Fortinet, taking it -- clearly, we're taking some demand away from somebody else. Look, some of it is pent-up demand where people did not have anybody to go into the office and go deploy a firewall because nobody was going to the office.

Now people are coming back slowly and steadily. There are people to go deploy. So as part of it is that. Part of it is a refresh, as you know.

We are -- we have now refreshed more than 65% of our portfolio, and that's still only three months in. So we're still seeing demand for Gen 4 products being created at Palo Alto Networks. I think a couple of that. And I think, to some degree, there's a little bit of fear that they won't get the firewall in time, so people are ordering to get them.

But I think we will still -- as I said, we're going to see this into fiscal year 2023 at least, and we'll keep you posted.

Clay Bilby -- Investor Relations

All right. Great. And our next question comes from Rob Owens of Piper Sandler with Gregg Moskowitz following Rob. Please ask your question.

Rob Owens -- Piper Sandler -- Analyst

Thank you very much. With the success that you guys are currently seeing in cloud, can you talk about the channel model in terms of how you go to market and longer term, the potential economic implications if there are any?

Nikesh Arora -- Chairman and Chief Executive Officer

Look, I think it's fair to say, in the large enterprise customers, the model hasn't changed from a channel perspective. On the margin, as you will appreciate, almost all cybersecurity products are slowly and steadily being listed on public cloud marketplaces. So all of us, including Palo Alto, we're seeing some customers buy on those marketplaces. In some cases, it makes sense.

We've got an embedded native firewall than GCP, and you can deploy it by accessing it to the marketplace, you will. In some cases, people are using unused credits on public cloud marketplaces to be able to buy security because that's a feature that public cloud marketplace have offered. I think that's on the margin. But I'll tell you what's more interesting about people.

We're seeing channel partners get very savvy and start building adoption teams and sales teams that are specific to cloud and specific to our portfolio because they see the market is shifting in that direction there. There's a bit of an arms race among themselves, a channel where the more qualified people are likely to get more customers to buy it from them because -- and it's not always the person you use for your firewalls.

Brent Thill -- Jefferies -- Analyst

Thanks.

Clay Bilby -- Investor Relations

Our next question is from Gregg Moskowitz of Mizuho Securities with Adam Borg to follow. Gregg, please proceed.

Gregg Moskowitz -- Mizuho Securities -- Analyst

OK. Thank you and congrats on a terrific quarter. Nikesh, last quarter, you sized the pull-forward at about 10% of product orders. How do you think about the net impact of this for the Q2? And then maybe as a sort of a little bit of a follow-on to Brent's question, is there any evidence of double ordering at either the partner or the customer level?

Nikesh Arora -- Chairman and Chief Executive Officer

So Gregg, on the first part, I think it's -- there's a net wash. There's a pull-through, but there's a lack of ability to fulfill. So while I might be seeing a pull-through, you're not seeing in my product revenue because that's kind of within the range of what I've not been able to ship because of the exceeded demand. So in my numbers, you're seeing a balance.

You're seeing -- and you probably -- if you had visibility you see in the booking, but you wouldn't see it in the revenue because I haven't been able to ship not been a build. So I think that's the answer to the first question. And in terms of -- I know this question's been asked at least for the last two quarters about double ordering and shadow ordering. We don't work that way.

When you order for us, you pay us. And I haven't seen a refund being asked for on a firewall or a canceled order yet for the last two quarters. So it's not in our numbers. And that may be true at the lower end where people have distribution channels, where channel will preorder and hold on to it.

So you may see that there, where the end customer is not customer in record in the beginning, where you start -- you have distribution stocking that goes on. We don't do any distribution stocking. We basically have end customers in every purchase order, and we haven't seen a canceled order or refund. Dipak?

Dipak Golechha -- Chief Financial Officer

In fact, just to build on that, like our sales cycle, six to nine months, and all of our purchase orders are noncancelable. So it's just to put a finer point on it, that they are noncancelable.

Gregg Moskowitz -- Mizuho Securities -- Analyst

Helpful. Thank you, guys.

Clay Bilby -- Investor Relations

All right. The next question comes from Adam Borg of Stifel followed by Patrick Colville. Adam, please proceed.

Adam Borg -- Stifel Financial Corp. -- Analyst

Great. Thank you so much for taking the question. Maybe just to drill down on Cortex for a minute, just given the traction there. And maybe you can talk a little bit more about attack service management.

It just seems like that's the area of interesting importance just given the breach environment. So I was hoping you could talk more about traction there and the opportunities going forward. Thanks.

Lee Klarich -- Chief Product Officer

Yeah. Look, when we acquired Xpanse a little bit over a year ago, we talked about why we thought this was so important. And number one is the proactive side of it, the finding an issue so you can fix it before an attacker finds it. And attackers have increasingly automated tools, and so it becomes even more important.

For example, if you look at log4j, the -- shortly after LogforJ information became available, what we saw was attackers building automated scripts to basically try to find vulnerable Apache servers, right? And so that's the kind of challenge that a lot of customers are up against. And Xpanse makes it very easy for customers to proactively find that fix it, etc. Second is in a reactive state, where something has become known publicly, Xpanse helps our customers find where they have exposure in order to address those issues first. And so both of these are examples of why Xpanse has become so important to our customer base.

And we've seen our customer base really understand that better over the last couple of quarters and really embrace this as a sort of a must-have product in their security operations.

Adam Borg -- Stifel Financial Corp. -- Analyst

Great. Thanks so much.

Clay Bilby -- Investor Relations

And our last question for today will come from Patrick Colville of Deutsche Bank. Patrick, you may ask your question.

Patrick Colville -- Deutsche Bank -- Analyst

Thank you for squeezing me in. I guess congrats on a really excellent quarter. I mean the numbers are so clean that I think we're going to ask a philosophical question, if I may. It's going to be about M&A.

Valuations are roughly 30% cheaper than when we last spoke three months ago. The start of your tenure, Nikesh, as CEO was quite acquisitive. Is the moderation in valuations for private companies, public companies as well, does that mean that your philosophy around M&A might have changed versus the messaging you gave us six months ago?

Nikesh Arora -- Chairman and Chief Executive Officer

So there's no change, Patrick. I don't think the valuation in the private markets have quite normalized like the public markets have, first and foremost. So I think the private markets are still enjoying the lack of liquidity as the no reason to mark-to-market devaluation. So that's just more of a philosophical answer, not correlated to my M&A point, right? I would like you to have it purely because some of those companies are trying to come attract talent for Palo Alto Networks as I'd like them to get mark-to-market, so people realize that these things can go down.

But that having been said, there has been no change. Look, as I said, the reason we're acquisitive in the beginning, there were many areas of cybersecurity which were up and coming and going to be important, and we were not in there and we were behind the eight ball, or pick an analogy, we were late to the party. We hadn't done the work needed to be ready for that market. Take cloud security, right? We bought six or seven companies in cloud security.

Each of them had been in existence for three to four years. So that's four years of development that we were able to benefit from in a market we need to be first. With Prisma Cloud, it's abundantly clear why we did that. Take XSOAR, we didn't have automation workflows and platforms.

We did that. Take SASE. We didn't have in endpoint monitoring. We didn't have SD-WAN.

That's stuff that takes four to seven years to build. We didn't have the time to go build it. Otherwise, the market -- we would not be in the market. Today, we compete with Zscaler, Netskope.

In SASE, we compete with CrowdStrike everyone in XDR. We would not have been a player. So that made sense. Today, if you look forward, I don't see many areas of cybersecurity where we don't have a leading product or a leading product that's not on development.

If you look at Palo Alto's innovation cycle, I'd say creating firewalls continues to innovate, spend three years acquiring getting up to snuff to a place where now we can compete in multiple categories. And now with XSIAM, we're delivering industry-leading innovation. I couldn't buy anything for XSIAM because I looked at everything in the SIEM space. And I said, "Wait a minute, why do we need to look at something, which is 10 years old? I don't need customers.

I have customers they want to buy technology." So from that perspective, nothing has changed. I don't think there's any company out there that is valued to play where is so, oh, my god, this could be accretive when you go take this. Because I think the cost of integration in cybersecurity is going to make you from a leading player to a mediocre player because you spent too much time merging sales forces, merging customers trying to run two competing technologies. So that's not our playbook.

Our playbook is to go find good technology which you can absorb, make part of our go-to-market motion, and to use those founders. And we've done that, and we've left the door open saying if you were to buy companies, it would be more in the product category, which will be more in line with the smaller to midsize acquisitions we made on anything else. So that philosophy hasn't changed, Patrick.

Clay Bilby -- Investor Relations

All right. Great. Thank you. With that, we'll close the call.

I'll turn it over to Nikesh for his final remarks.

Nikesh Arora -- Chairman and Chief Executive Officer

Well, once again, thank you, everybody, for joining us. And as like Clay said, we apologize for the 30-minute delay. We look forward to seeing many of you at upcoming investor events and some of you on calls after this. I just, once again, want to thank our customers, our partners, and most importantly, our employees around the world for helping us deliver a great quarter.

Have a great day.

Duration: 56 minutes

Call participants:

Clay Bilby -- Investor Relations

Nikesh Arora -- Chairman and Chief Executive Officer

Dipak Golechha -- Chief Financial Officer

Saket Kalia -- Barclays -- Analyst

Tal Liani -- Bank of America Merrill Lynch -- Analyst

Brian Essex -- Goldman Sachs -- Analyst

Hamza Fodderwala -- Morgan Stanley -- Analyst

Lee Klarich -- Chief Product Officer

Phil Winslow -- Credit Suisse -- Analyst

Brent Thill -- Jefferies -- Analyst

Rob Owens -- Piper Sandler -- Analyst

Gregg Moskowitz -- Mizuho Securities -- Analyst

Adam Borg -- Stifel Financial Corp. -- Analyst

Patrick Colville -- Deutsche Bank -- Analyst

More PANW analysis

All earnings call transcripts