Advertisement
Canada markets close in 2 hours

  • S&P/TSX

    21,970.63
    +85.25 (+0.39%)
     

  • S&P 500

    5,109.87
    +61.45 (+1.22%)
     

  • DOW

    38,309.18
    +223.38 (+0.59%)
     

  • CAD/USD

    0.7316
    -0.0007 (-0.09%)
     

  • CRUDE OIL

    83.86
    +0.29 (+0.35%)
     

  • Bitcoin CAD

    87,428.09
    -939.48 (-1.06%)
     

  • CMC Crypto 200

    1,328.71
    -67.82 (-4.86%)
     

  • GOLD FUTURES

    2,351.00
    +8.50 (+0.36%)
     

  • RUSSELL 2000

    2,003.45
    +22.33 (+1.13%)
     

  • 10-Yr Bond

    4.6750
    -0.0310 (-0.66%)
     

  • NASDAQ

    15,956.57
    +344.81 (+2.21%)
     

  • VOLATILITY

    15.12
    -0.25 (-1.63%)
     

  • FTSE

    8,139.83
    +60.97 (+0.75%)
     

  • NIKKEI 225

    37,934.76
    +306.28 (+0.81%)
     

  • CAD/EUR

    0.6839
    +0.0018 (+0.26%)
     
MARKETS LIVE BLOG:

STOCKS RISE, LED BY STELLAR ALPHABET, MICROSOFT EARNINGS

Latest stubborn U.S. inflation reading will bring about more 'wait and see' from the Fed

Q3 2023 Palo Alto Networks Inc Earnings Call

Thomson Reuters StreetEvents
·55 min read

Participants

Dipak Golechha; Executive VP & CFO; Palo Alto Networks, Inc.

Lee Klarich; Executive VP & Chief Product Officer; Palo Alto Networks, Inc.

Nikesh Arora; Chairman & CEO; Palo Alto Networks, Inc.

Walter Pritchard; SVP of IR & Corporate Development; Palo Alto Networks, Inc.

Adam Tyler Tindle; Senior Research Associate; Raymond James & Associates, Inc., Research Division

Andrew James Nowinski; Senior Equity Analyst; Wells Fargo Securities, LLC, Research Division

Brad Alan Zelnick; Head of Software Equity Research and Senior US Software Research Analyst; Deutsche Bank AG, Research Division

Gabriela Borges; Analyst; Goldman Sachs Group, Inc., Research Division

ADVERTISEMENT

Gregg Steven Moskowitz; MD of Americas Research; Mizuho Securities USA LLC, Research Division

Hamza Fodderwala; Equity Analyst; Morgan Stanley, Research Division

Matthew George Hedberg; Analyst; RBC Capital Markets, Research Division

Saket Kalia; Senior Analyst; Barclays Bank PLC, Research Division

Shaul Eyal; MD & Senior Analyst; TD Cowen, Research Division

Presentation

Walter Pritchard

Welcome to Palo Alto Networks, Inc. Fiscal Third Quarter 2023 Earnings Conference Call. I am Walter Pritchard, Senior Vice President of Investor Relations and Corporate Development. Please note that this call is being recorded today, Tuesday, May 23, 2023, at 1:30 p.m. Pacific Time. With me on today's call are Nikesh Arora, our Chairman and Chief Executive Officer; and Dipak Golechha, our Chief Financial Officer. Following the prepared remarks, our Chief Product Officer, Lee Klarich will join us in the Q&A session. You can find the press release and other information to supplement today's discussion on our website at investors.paloaltonetworks.com. While there, please click on the link for events and presentations where you will find the investor presentation and supplemental information.
During the course of today's call, we will make forward-looking statements and projections regarding the company's business operations and financial performance. These statements made today are subject to risks and uncertainties. We assume no obligation to update them. Please review the press release and our recent SEC filings to see these risks and uncertainties. We will also refer to non-GAAP financial measures. These measures should not be considered a substitute for financial measures prepared in accordance with GAAP.
The most directly comparable GAAP financial metrics and reconciliations are in the press release and the appendix of the investor presentation. Unless specifically noted otherwise, all results and comparisons are on a fiscal year-over-year basis. We also note that management is participating at the Bank of America Global Technology Conference on June 6. I will now turn the call over to Nikesh.

Nikesh Arora

It's a bit of a little repeat AI action there. Thank you, Walter. Good afternoon, everyone, and thank you for joining us today for our earnings call. As you can see, once again, our teams have delivered a balanced quarter between our top and bottom line performance in the current macroeconomic environment.
In Q3, our billings grew 26% year-over-year and revenue grew 24% while RPO grew ahead of these at 35%. Our Q3 non-GAAP operating income and our trailing 12-month adjusted free cash flow both grew about 60% year-over-year, while we achieved our fourth consecutive quarter of profitability on a GAAP basis.
Let's talk about the macro environment. The overall macro trends of cautious spending, deal scrutiny, and cost and value consciousness persist. Moreover, the behavior continues to be more widespread across a larger source of our customers. Against this backdrop, we have been staying ahead with rigorous execution. We've increased our own deal scrutiny, gotten ahead of the challenges and continue to sharpen our business value focus while demonstrating superior security outcomes to our customers.
From a technology trend perspective, there is no significant change. The themes have seen around cloud adoption, automation and hybrid work continue with minor variations. Network transformations albeit with long cycles continue to be undertaken because they offer cost savings and are part of a modernization stack for most customers as they go down their cloud and network transformation journeys. This, in turn, continues to drive a sustained demand for SASE and hardware and software firewalls. As we have shared before, the theme of consolidating around platforms continues to come up, and we are well positioned to offer solutions in this regard.
Needless to say, in the last 3 months, ChatGPT and generative AI have revived the interest in AI as a technology. As we have always maintained, AI is a data problem and security is a data problem and has an interesting -- AI has an interesting role to play in security, both for its ability to help deliver superior security outcomes in near real time. And unfortunately, the potential threat associated with AI being used to generate attacks. We have and continue to work on these problems. We should talk more about this today. On the other hand, we continue to see limited underlying growth in hardware in the industry. Whilst the supply chain crisis and its effects are all but over, there is a shift that the crisis has created.
We have seen a higher appetite for software-based solutions and networking and higher appetite for cloud-delivered form factors. This is particularly salient to the current CapEx-constrained environment. On the adversary front, there seems to be no impending recession in threats. Increased cloud activity and connectivity continues to drive the threat environment. This is best illustrated by recent findings in the seventh installment of our Unit 42 Cloud Threat Report. It still takes the average security team approximately 6 days to resolve a security alert. In contrast, it only takes a threat actor a few hours to explore a newly discovered vulnerability. While over malicious versions of open source software packages were circulated in 2022, less than 1/4 of those packages are sourced properly to ensure a clean software version is incorporated into a typical customer's code base.
Regulatory interest continues to rise and is prevalent across multiple governments. There's sustained activity around incremental regulatory mandates and executive orders to create awareness around cybersecurity. This is true not only at the government level, but also as company's Board of Directors are bringing additional oversight and driving alignment of accountability for cybersecurity. This requires incremental organizational focus and investment by our customers.
On the macro front, customers anticipate that global growth may slow. Some are grappling with rising capital costs and are watching their bottom lines more closely. This means looking for efficiencies in their business. Within cybersecurity, complex architectures and long vendor rosters have come into focus. And many customers see this as an opportunity to simplify and drive consolidation. Five years ago, when I highlighted the need for platform architectures and consolidation, the idea was met with some resistance. For the last few years, our industry-leading solutions, 3-platform approach has continued to take hold and has allowed us to provide a much needed option for simplicity, a modern stack and better security outcomes for our customers.
I mentioned earlier that our customers engaging in more scrutinous deals and value, resulting in robust discussions internally and with us. We continue to work hard to stay ahead of deal cycles, engaging the CFO and procurement departments. The cost of money continues to be on a topic of conversation as customers enter into a larger and longer-term relationship with us, some also seek more flexible business terms. A strong balance sheet allows us to accommodate customers while we maximize our medium-term cash flow.
Let's turn to efficiency and operations. As we started this fiscal year, we pivoted our efforts and focused our effort on doing more with less. Our teams responded effectively. Coupled with the weighing of the supply chain crisis, we have been able to adapt our operating model significantly. Dipak will get into specifics. But it suffice us to say we have found a new rhythm and at our scale, we believe we can continue to drive better margins from our business. We have achieved this through selective hiring in our customer-facing teams as well as streamlining our go-to-market efforts in addition to hiring for key innovation areas, which we expect to continue to do. These efforts are self-evident in our higher Q3 operating margins and our increased operating and free cash flow margin guidance for the year. We continue to see platformization in cybersecurity.
I talked about consolidation earlier. A key part of our thesis at Palo Alto Networks has always been to drive superior cybersecurity outcomes for our customers. Due to that, we need a robust portfolio. That works both individually and cohesively to reduce the burden on our customers who have to stitch together disparate cybersecurity products. We've had to navigate this fine line with our customers. We continue to see the benefits of this approach and think we are in a multiyear trend.
We have the opportunity to do to security what we have seen done in financial software, HR software or CRM, where customers have adapted to platforms due to their inherently superior benefits from data integrity, integration, seamlessness and outcome orientation. As they say, the proof is in the pudding. You can see our success here driving larger platform transactions. Across the board, the size of the transactions we are signing is increasing. This is evidenced by booking from transactions valued over $1 million, $5 million and $10 million in the third quarter, which are up by year-over-year by 29%, 62%, 136%, respectively.
We see a similar trend in cohorts of our customers. For example, when we look at the average lifetime value for our 200 largest customers, we've seen steady growth of 30% plus over the last 3 years. When we look at purchases of our platforms amongst the Global 2000, we see now that 53% of our customers have bought a product in all 3 platforms of startup, Prisma and Cortex, up from 48% a year ago and 33% 3 years ago. We see this as a continuing trend. It convinces us that the opportunity to impact outcomes for our customers is large, if they can get this right. We see the path to continued success with large customers and multiproduct expansion around store base.
I'll now update you on our 3 platforms, starting with network security. We are the comprehensive Zero Trust network security company. This quarter, we were proud to be named a new leader in Gartner's most recent security service edge Magic Quadrant. This recognition as app as our teams have been delivering significant innovation and seeing stronger customer adoption in SAS for years. This, in addition to our leadership position in SD-WAN, makes us the only SaaS vendor in the industry to be named a leader in the Gartner SSE and SD-WAN Magic Quadrants. Add to that, our leadership position in network firewalls and our #1 market share position in virtual firewalls, we are the only vendor with a clear leadership across Zero Trust network security.
This leadership across the network security category is a testament to our ability to drive significant innovation in new markets while maintaining our leadership in core markets and offering this innovation as part of our cohesive platforms. Let's talk about SASE. SASE remains one of the fastest-growing markets within all of cybersecurity. Our ARR is growing over 50%. At scale, we have surpassed 4,200 customers in Q3. Our success has spread across all 3 major geographies as highlighted by large deals in each of these territories in Q3. Let me tell you about 3 of these notable wins.
First, a global beverage company with U.S. headquarters signed a transaction north of $30 million, which includes $24 million of SASE or a complete SASE transformation that included Prisma Access, Prisma SD-WAN and our ADEM or autonomous digital experience management for tens of thousands of employees. Second, Japan-based technology company signed an 8-figure transaction to modernize its network and its network security after an extensive. Before standardizing on our SASE, the customer replaced its legacy firewalls and other network security capabilities and standardized on our next-generated firewalls, driving a full zero trust network strategy.
Finally, a European technology company signed a high 7-figure SASE deal that was part of an overall transaction to Palo Alto Networks of once again, nearly $30 million in total value. The customer bought from us because of our multiple network security form factors -- in the broader transaction, we added capabilities such as IoT and fully adopted our core network security subscriptions.
You all might remember at the beginning of this fiscal year, as part of our scaling efforts, we combined our SASE sales organization into our core sales organization. Drivers here that we saw SASE demand going mainstream, and we saw encouraging signs that our core sellers could sell the more complex SASE offering. After 3 quarters of executing as a combined organization, we're delighted to report that over 80% of our core reps participate in the creation of Prisma SASE pipelines as we enter Q4. Q3 was a strong quarter of innovation, highlighted by our AI-powered SASE launch. This flagship release in capabilities to enable organizations to automate their increasingly complex IT and network operations center functions with IPS. They need to improve monitoring for networks and apps to the branch office and significantly improves integration with IoT secured.
Moving over to our firewall business. Broader in SASE, the future of network security is clear to us. It is centered around software. And while we have led and expect to continue to lead the hardware appliance market for many years, software and cloud delivery form factors have been an increasing focus since I joined as CEO. There are multiple reasons why the shift to software is accelerating. In the changing macro environment, customers are more challenged in their CapEx budgets, which often fund appliance purchases. As a result, their interest in software and cloud deliver form factors remain high. This is especially true when tied to strategic initiatives around cloud adoption. Illustrating this, we saw a significant uptick in customer request to evaluate our virtual firewall offerings at the beginning of the pandemic. Customer interest in VMs is also sparked by supply chain challenges where we saw evaluation sustain.
We continue to see primarily net new demand for software and cloud delivered form factors. However, we are seeing more appliance replacements and planning for this trend to continue and possibly accelerate.
Beyond the strength I already covered in SASE, we saw VMC's deals over $1 million, more than double in Q3, including an 8-figure deal we signed with a government agency where they moved from a primarily appliance-centric model to VM cities as they fully leverage public cloud as their primary infrastructure. This year, so far, our VMC's bookings are up more than 40% year-over-year, and it grew over 55% in Q3.
Most investors have equated our product revenue with hardware. However, given the drivers I have mentioned here, this has been rapidly shifting. -- software now contributes 30% of our product revenue. This is up from about 10% 3 years ago. We expect this trend to continue. And as Dipak would remind you, bookings from our VMCs and SASE transactions are recognized as revenue more over time than an appliance booking. Given the conversation about AI, as I mentioned, there is a renaissance in artificial intelligence driven by significant advances in large language models. The development of more powerful in (inaudible) computing in the broad availability of large volumes of training data. As a result, we have all seen some of the fastest innovation cycles and launches a unique application over the last several months.
At Palo Alto Networks, we have been focused on this technology for many years, and our efforts have been accelerating over the last 2 years. We first introduced machine learning capabilities as part of our wildfire offering 7 years ago. In the ensuing years, we added AI and machine learning capabilities across our network security portfolio. and has been a critical driver of our innovation and differentiation in the market. In 2020, we introduced the industry's first machine learning power next-generation firewall, where machine learning detection moved in line to prevent zero-day attacks. Since then, we have overall nearly all of our security subscriptions with advanced AI capabilities, DNS security, advanced filtering, advanced threat prevention and advanced wildfire, all harness machine learning for in-line detection and prevention of zero-day attacks. This means even new attacks that have never been seen before are blocked at the very first attempted used by an attacker.
Additionally, we applied AI to IoT security to discover, identify and secure IoT devices. And most recently, -- it was expanded to cover both medical IoT and OT security needs. We had a signature release in SASE that included AI-powered autonomous digital experience management in addition to leveraging IFRS DAN as well as AI-powered fishing prevention. In short, -- we have really been accelerating the application of AI to our network security stack and is one of the most mature applications of AI in the security industry today.
We are not only ahead in investments in AI and machine learning as a differentiator in our products, but these investments have driven tangible customer benefits. In a typical day, we analyzed nearly 750 million, yes, 750 million new unique telemetry objects worldwide. This includes files, URLs, domains, DNS connections and other signals. Our AI models analyze this data. And every day, we see 1.5 million new attacks that have never been seen before. We take these new insights and add them to all the other things we have already know about, and we use them to block 8.6 billion attacks across our customer base daily.
This forms the foundation how we do better security across our network security platforms and it is how we continue to get better and better at detecting 0-day attacks and being in a position actually to prevent those attacks as well. Moving on to Prisma Cloud. Our early data in Prisma Cloud continues to strengthen. Most of our competitors continue to provide only point products, while customer demand continues to shift towards the platform approach. Within this connecting the left side to the right side, otherwise, node as code to cloud is becoming paramount. As an example of our platform's success, we continue to see strong usage of our cloud security posture management and cloud workload protection offerings.
Customers are increasingly standardizing on these foundational modules with 49% of Prisma Cloud customers using both CSPM and CWP. This quarter, Gartner noted that in 2022, only 25% of enterprises buy these capabilities from a common vendor. They expect this will increase to 60% of enterprise by 2025. At the same time, we continue to stay ahead of the industry's need for new capabilities, which is core to our commitment as a platform. We are on track to launch our 11th module as we integrate cybersecurity.
We're also focused on driving industry certification in Prisma Cloud, -- in this last quarter, we were accepted by the Joint Advisory Board and reached ready status for FedRAMP High, a first for a cloud security platform. This comes in addition to other certifications we have achieved, including recently announced Prisma Access achieving Impact Level 5, or IL-5 provision authorization, IL-5 is the highest unclassified authorization level for DoD agencies under the FedRAMP process. We continue to see steady growth in consumption of Prisma Cloud credits, which were up 44% year-over-year in Q3.
Our platform is key to the steady growth. We continue to see customers increase their consumption as they deploy workloads and strategically leverage the public cloud at the core of their IT and business strategy. This includes migrating workloads to the hyperscale cloud, building new applications in the cloud and leveraging new cloud services. They're also deploying new Prisma Cloud modules, of which we currently have 10. The number of customers using 2 or more Prisma Cloud modules grew 37% year-year, while the number using 4 or more modules almost double. We now have 1 in 5 of our Prisma Cloud customers using our cloud core module across our capabilities and infrastructures code, SCA or software composition analysis and sequence management as they leverage the more efficient approach to detect and remediate security issues as co decision for cloud applications before it reaches production.
Now moving on to Cortex. This has been a net new business for Palo Alto Networks, a business which is born the belief that we need to bring next-generation innovation to the SOC and all the related activities, just like we had brought firewall business years ago. We're delighted to announce that Cortex achieved $1 billion booking milestone over the last 12 months. Cortex was born in 2019. And since then, they have focused intensively on ensuring we have industry-leading capabilities across endpoints, SOC automation and tax surface management. In the last 4 years, we have risen to a leading player in automation, application of AI, attack service management and continue to plan the charts of the XDR industry as one of the most technically capable solutions. We're particularly proud of the fact that XT has consistently led and secured efficacy. XDR delivered 100% prevention and 100% detection across the 19 evaluation steps conducted by Miter and has had the highest quality detections of any product in the latest round of valuations.
On the back of our hard work driving these capabilities, we have built Cortex business to over $1 billion in bookings over the last 12 months, as I mentioned -- is up from $150 million in annual bookings when we launched Cortex as a business in 2019. As we look forward, these 3 core capabilities of Cortex are precursors to leading in the next-generation autonomous security operations center, which pulls this all together and was launched publicly a few months ago called XSIAM. Our next-generation SOC platform, XSIAM, built totally on AI is on track to be our fastest-growing new offering. XSIAM represents another significant opportunity within Cortex as we fulfill our vision around autonomous security operations, like network security or a decade ago, security operations have evolved slowly.
IM is now paving the way for us to drive AI-driven security transformation outcomes. After our GA launch in late Q1, our design partners made significant commercial commitments to XSIAM -- we followed that up in Q2 by broadening our go-to-market and achieving early success with $30 million in bookings. This quarter, we established momentum for XSIAM with quarterly bookings more than doubling sequentially as we signed our first 8-figure deal. -- and transactions across all 3 of our major geographic theaters with this product. We remain optimistic about the prospects of XSIAM with the product, the center of customer security operations center transformation. We're seeing XSIAM deals give us access to a broader sort of our customers' budget. Based on what we have achieved this quarter and what we see in the pipeline, we're confident we can achieve our goal of $100 million in bookings faster than we originally anticipated.
This would make it one of the fastest-growing security platforms from Palo Alto Networks. Not only does XSIAM bring together the core capabilities of Cortex, it also brings AI-driven outcomes to customers. This huddles a new approach to security, an outcome-based approach. The inspiration came to us from our own SOC, where we were hopefully slow in our own meantime remediate 5 years ago. Our MTTR was in days, which in today's adversary environment is unacceptable. With that insight in mind, we were able to collect billions of events and then using AI reduces down to just over 100 alerts from a handful of incidents from here. continuing to use in automation, we are able to investigate or respond while detecting incidents in a matter of seconds and respond to high priority ones in under a minute. This is 1 of the most compelling outcome stories in security. -- so far. And the early customers that are farthest along on this journey with us, we are seeing the benefits accrue in a similar way.
We process over 3.5 petabytes of data a day across the customer state of XDR and XSIAM. From here, we apply approximately 1,000 AI models to detect attacks. We then leverage Smart scoring in these automation to accelerate investigation response. We are seeing early indications that customers are able to see reductions in meantime to respond from days or weeks down to hours or minutes just like we did.
Summing back, we are fortunate to be focused on the product technology market that is more resilient. Our customers depend on their partnership with us to address challenges that are only becoming more sophisticated. The market is tough and definitely more challenging than when we started the year. I'm proud that our team has executed through this environment. Our strategy focused on having industry-leading capabilities, helping customers simplify their architectures and consolidating vendors is working. Given our diverse portfolio of products, some of our products are growing faster in any given quarter and others are moderating. Combined, you see this portfolio benefit in the top line results we reported today.
We also see significant opportunity as we begin to embed generative AI into our products and workflows. There are 3 ways that our concerted investment is generative AI will benefit us. First, generative AI will help us improve our core underhood detection and prevention efficacy by further advancing the state-of-the-art AI/ML in our products that I spoke of today. Second, manifests itself in how our customers engage with our products. We will leverage our large cybersecurity data set and telemetry to provide a more intuitive and natural language driven experience within our products, which should improve NPS and drive efficiency benefits to our customers. And finally, -- as our employees leverage generative AI, it will drive significant efficiency in our own processes and operations across the enterprise.
We intend to deploy proprietary Palo Alto Network security L&M in the coming year and are actively pursuing multiple efforts to realize these 3 outcomes. Our portfolio approach the company's overall scale and focus and efficiency have enabled us to drive significant leverage. We are well ahead of schedule here, and we're not done. As we continue to execute on our plans, we see additional opportunities for efficiency. With our visibility into incremental leverage, we continue to see the operating profit levels in our fiscal year 2023 guidance as a baseline to build upon. With that, I will turn the call over to Dipak to discuss the details of Q3 and our guidance.

Dipak Golechha

Thank you, Nikesh, and good afternoon, everyone. For Q3, revenue was $1.72 billion and grew 24%. Product revenue grew 10%. Total service revenue grew 29% with subscription revenue of $838 million, growing 31% and support revenue of $495 million, growing 25%. Moving on to geographies. We saw revenue growth across all theaters with the Americas growing 24%, EMEA up 23% and GPAC growing 24%. The strength of our next-generation security capabilities continues to drive our results with NGS ARR of $2.6 billion, growing 60%. And -- we saw strength across all 3 platforms, network security, cloud security and security operations. We delivered total billings of $2.26 billion, up 26% and above the high end of our guidance range. Total deferred revenue in Q3 was $8.1 billion, an increase of 38%. Remaining performance obligation, or RPO, was $9.2 billion, increasing 35% with current RPO just under half of our RPO.
Our non-GAAP earnings per share was significantly ahead of our guidance growing 83% year-over-year. We again delivered strong cash flow in Q3, with trailing 12-month adjusted free cash flow of $2.8 billion, growing 68% year-over-year.
Moving on to the rest of the financial highlights. Non-GAAP gross margin of 76.1% was up 320 basis points year-over-year, driven mainly by a higher software mix, reduced supply chain costs and some efficiencies and customer support. Our non-GAAP operating margin of 23.6% increased 540 basis points year-over-year. In addition to improving gross margins, slower headcount additions contributed to our operating leverage. Based on our performance in Q3, we are raising our fiscal year '23 non-GAAP operating margin guidance.
Non-GAAP net income for the third quarter grew 86% to $359 million or $1.10 per diluted share. Our non-GAAP effective tax rate was 22%. We again delivered GAAP profitability in Q3 with GAAP net income of $108 million or $0.31 per diluted share. Now turning to the balance sheet and cash flow statement. We ended Q3 with cash equivalents and investments of $6.7 billion. It is worth reminding investors that our 2023 convertible note will mature on July 1, 2023, and we expect to settle the principal obligation with cash on our balance sheet of $1.7 billion. The excess will be settled in shares. These shares have previously been accounted for in our non-GAAP diluted shares outstanding.
Q3 cash flow from operations was $432 million, with total adjusted free cash flow of $401 million this quarter. Stock-based compensation declined by 90 basis points as a percentage of revenue sequentially. On a year-over-year basis, stock-based compensation was down 220 basis points as a percent of revenue. As we look forward, we remain focused on profitable growth. At our Analyst Day in 2021, we outlined plans to drive 50 to 100 basis points of margin expansion annually in fiscal year 2023 and fiscal year 2024.
In the months leading up to this profitability commitment, we focused in-depth on optimally balancing investments in our business and opportunities to capture efficiencies and benefit from our growing scale. As a result, we came out of this effort with significant conviction in meaningful operating leverage. In fiscal '22, we started implementing these plans, but faced supply chain challenges that unexpectedly drove higher costs. While the supply chain was uncertain as we entered fiscal year 2023, we also saw signs of a changing macroeconomic environment. As such, it was the right time to accelerate our efficiency plans. We focused our headcount additions in sales and R&D to fuel our medium-term growth prospects. Outside of these critical investment areas, we've leveraged our scale and employed technology to accommodate our growth in other business areas.
Additionally, supply chain challenges have continued to abate at an increasing pace, helping to improve our gross margin. The result has been a significant acceleration in operating margin expansion through the first 3 quarters of fiscal year 2023 and also increases to our operating and free cash flow margin guidance through the year.
As you see with our guidance for non-GAAP operating margin in fiscal year 2023, we're nearly 300 basis points ahead of the midpoint of our fiscal year 2024 range that we implied back in 2021. We now see our fiscal year 2023 non-GAAP operating margin as a baseline to build on in the future.
Moving on to guidance. For the fourth fiscal quarter of 2023. We expect billings to be in the range of $3.15 billion to $3.20 billion, an increase of 17% to 19%. We expect revenue to be in the range of $1.937 billion to $1.967 billion, an increase of 25% to 27%. We expect non-GAAP EPS to be in the range of $1.26 to $1.30 million, an increase of 58% to 63%. For the fiscal year 2023, we expect billings to be in the range of $9.18 billion to $9.23 billion, an increase of 23% to 24%. We expect NGS ARR to be in the range of $2.80 billion to $2.85 billion, an increase of 48% to 51%. We expect revenue to be in the range of $6.88 billion to $6.91 billion, an increase of 25% to 26%. And -- we expect product revenue growth in the range of 15% to 16% of fiscal year '23 as we see supply chain challenges normalize as we exit fiscal year '23.
For fiscal year '23, we expect operating margins to be in the range of 23% to 23.25%. We expect non-GAAP EPS to be in the range of $4.24 to $4.29, an increase of 69% to 70%. And -- we expect our adjusted free cash flow margin to be 37.5% to 38.5%, and we expect to be GAAP profitable for fiscal year 2023, including in Q4.
Additionally, please consider the following modeling points. We expect our non-GAAP tax rate to remain at 22% for Q4 '23 and fiscal year '23, subject to the outcome of future tax legislation. For Q4 '23, we expect net interest and other income of $50 million to $55 million. We expect Q4 diluted shares outstanding of 326 million to 332 million. We expect fiscal year diluted shares outstanding of 322 million to 324 million, and we expect Q4 capital expenditures of $35 million to $40 million.
With that, I will turn the call back over to Walter for the Q&A portion of the call.

Question and Answer Session

Walter Pritchard

Thank you, Dipak. To allow for broad participation, I would ask that each person ask only one question. Our first question will come from Saket Kalia of Barclays with Hamza Fodderwala from Morgan Stanley on deck.

Saket Kalia

Sorry, it didn't let me unmute. A nice job to the team executing in a very challenging environment. Nikesh, maybe a lot of good things to talk about, but I'd love to just double-click on the operating margin improvement here that you've seen and really a new baseline that the team is creating going into next year. Maybe the question is -- can you and Dipak maybe talk about what areas the team is -- what areas of the team is finding efficiency in? And what are the opportunities for efficiency maybe going forward as well?

Nikesh Arora

Yes. Look, I'll preface that as Dipak highlighted supply chain crisis all but over. And as you know, there were some adverse impacts to gross margins by -- driven by hardware. I think the product mix is in our favor as we go from hardware to software, our gross margins are way better on software than they generally are on hardware, given software firewalls are much, much more profitable for us.
Coupled with that, I think what Dipak really has been driving for the last year as we flipped into the new macroeconomic environment has been a real focus on resource utilization, ROI as well as making sure we are focused on our hiring only on stuff were it's important. We also talked about streamlining sales forces. If you remember (inaudible) the conversation around making sure our SSI team is integrated with our core which saved us hundreds of heads in terms of efficiency as well as driving more outcome and output from a SASE perspective. So generally, those have been some of the key drivers. But Dipak, did you want to add something?

Dipak Golechha

No, I think you've covered it all. I think Saket we've talked this before, Yes. We scale well as a company, right? And I think that's across all the different elements of our P&L. I think Nikesh has talked about the supply chain. We talked about the OpEx. I just also mentioned cloud hosting and cloud consumption as we get bigger and we consume more, we have the ability to go back to our service providers and try and negotiate better contracts. So I think across all the areas of the P&L, we scale pretty well as a company.

Nikesh Arora

And I think to your question in terms of where this goes, as Dipak said, this is a new baseline. We think there is continued opportunity from here. and we haven't even factored in the potential impact of generative AI, as you've been hearing all the conversation in the industry. We're still working on it, we're understanding it. We're relooking at processes. But -- we believe there is a date there. We think there will be an opportunity in the future to get more efficiency from generative AI as we go ahead and implement some of the capabilities. through our organization.
So I think there's upside built in the continued efforts of what Dipak has been driving for the last 9 months. And there is the sort of the icing on the top. It's the potential application of generative AI as we continue to grow business over the next few years.

Walter Pritchard

Next question is from Hamza Fodderwala from Morgan Stanley with Brian Essex from JPMorgan on deck.

Hamza Fodderwala

I hope you can hear me okay. Maybe a question for Nikesh and Lee Klarich around. Nikesh, on AI, you -- you've clearly been thinking about this a lot based on what I can tell from your Twitter. But we were at RSA last month. While there's or while there's a lot of opportunity around AI, did there seem to be a lot of risk around data security around sort of the data that these models are trained on. So I'm curious, as you have that AI-based conversation with your customers, how are you getting them comfortable around that to really leverage the full capabilities of AI to automate their SOCs?

Nikesh Arora

Yes. I think there's 2 different parts of it. I think 1 part is us using AI already in our products where we have been using it for a while to look at patent recognition, look at what is telling us from a from real-time analysis of data perspective, as I mentioned, we deploy over 1,000 AI models to go look at what happens in the next erodes all proprietary is happening -- in our instance, this is not an LLM that's going out and getting trained. This is a proprietary AI model used by Palo Alto Network, built by Palo Networks being used for a specific use case and task for security.
Now to the extent that we intend and will deploy conversational AI in our models, we are working with every public model and open source model out there to understand how can we build it using our own proprietary data. I don't know, Lee, do you want -- can you elaborate on that, please?

Lee Klarich

Yes, of course. it's very early in the large language model adoptions that we're seeing. And as you point out, there are a number of risks associated with them, particularly in enterprise use cases. We've already seen some examples where data has sped into large language models without the understanding of how the data will be used and the data has been publicly -- made public available even though it was confidential. So it's very clear that there is sensitivity there. There's also sensitivity from a security perspective of things like prompt injection attacks, data poisoning and things like that, that have to be taken into account.
The -- and so I think what we'll see is the enterprise use cases of LLM will evolve a little bit more -- actually, I should say, need to evolve a little bit more methodically and carefully to take the security challenges into account. At the same time though, it's also important to recognize that they offer tremendous promise, as Nikesh mentioned earlier in terms of being able to help guide product adoption, product usage to help enhance security capabilities and to drive greater efficiencies across the business.

Nikesh Arora

Yes. I think to cap it off, I think there is no doubt we will continue to deploy our proprietary AI models for XSIAM or from network security use case as I highlighted. We believe in our preliminary analysis over the last 3 months and driving a lot of these work streams internally that there is are there with generative AI. So we believe that we will be deploying generative AI over the course of the next few months, and we'll talk more about it later then. -- but we think that has an opportunity both to significantly improve our customer efficiency and the efficacy of our products, at the same time, also to drive efficiencies within the way we run Palo Alto Networks.
I think last but not the least, which is something you didn't ask, but I'll say, separately, Lee and his team have been working hard to see and look at the adverse impact that generative AI could have in terms of adversaries using (inaudible) to build new malware do you try and attack our customers. And there's a lot of work we're doing as well to make sure we are able to protect our customers against any such activity that is conducted using generative AI.

Walter Pritchard

Thanks for your question, Hamza. Next question is from Brian Essex at JPMorgan, followed by Brad Zelnick from (inaudible) Deutsche Bank. SP643898026 And to follow up on Saga's comments, nice progression in operating margin here, and it's good to see cash flow margin guidance go up as well. If I could tick down -- if you could maybe peel back a couple of layers on that. Core drivers of that cash flow margin improvement, how sustainable it is. We noticed that CapEx like -- looks like it's a little bit lower than you previously guided to. So just wondering, as we kind of look at that as a foundational metric to lean on for valuation, how sustainable is that? As we kind of forecast operating margins going forward, should that I guess, gap between operating margins and cash flow margins remain relatively consistent going forward?

Dipak Golechha

Yes. So Brian, thanks for the question. Let me just start off with like the biggest driver over the long term is really just to strength in your bookings. -- at least your billings and then comes down. Then the foundation really is your operating margins that then makes up the base that you can do on your cash. There are multiple other factors, but do recognize that when we came into the year, the interest rates are at a different level. We have had the benefit of higher interest rates. we've deployed a lot of our cash that we earn interest income. We're not predictors of interest rates, but fundamentally, we believe that, that will continue to be a tailwind for our cash generation. And then last but not least, we do have PAN-OS.
We have a certain amount of our business that we do structure and financing. Frankly, that's been broadly in line with what we assumed at the beginning of the year, but those are really the drivers, and we feel pretty comfortable on what we're able to do with those different drivers and delivering on our numbers?

Walter Pritchard

Next question from Brad Zelnick at Deutsche Bank, followed by Andrew Nowinski at Wells Fargo. Go ahead, Brad.

Brad Alan Zelnick

Great. Thanks so much for the question and nice job. -- both to Nikesh Dipak and the entire team. Akash, my question is about M&A, which I feel like typically comes later in the call, but like it's such a great opportunity right now. What's the hurdle to doing a large deal -- and can you remind us how you think about transformative M&A? And just related to that, your competitors naturally knock you on having grown through required innovation. Just to set the record straight, can you talk about how much of a priority and a focus it is to have a deeply integrated product?

Nikesh Arora

Yes, Brian, I think, first of all, I'm amused that you're asking for transformational M&A. I think I feel like somehow we at Palo Alto Networks have been going through a transformation already for the last 5 years.
Let me talk about it in 2 different parts. One, and I'd like to bust a myth of the notion that we've grown our innovation through M&A because pretty much the entire IM product that we've built, which is now going to be one of the fastest platforms at par networks is homegrown. It was built by our team internally. It was designed, built and delivered by the Cortex team. So I think it's a disservice to them to say that some 1 of the fastest-growing platforms being built at Palo Networks was acquired.
Similarly, our next-generation firewalls or our SASS product or SASE product, for the most part, is entirely homegrown, driven by the security capabilities that we built using our firewalls as well as our virtual firewall business. So I think majority of our M&A has been focused on building our cloud security portfolio where we felt where we needed to be assertive and be out there in the front.
And I would say, auxiliary capabilities, whether it's in automation with ESOAR or axillary capabilities around tax purpose management. So bottom line, we're very comfortable with the 3 platforms that we have and what we need to get done. I think we've been very clear about from an acquisition perspective, we look for product capability, where we can take product capability and attach that and make sure we can solve more problems for our customers that they're looking at. So from that perspective, my view on M&A is consistent that we find something interesting, an industry trend, which is added incremental tech capability, we will do it. I think from a transformational M&A, I think we can transform this company and have continued to transform it to where it is based on our innovation and our balance of execution. I think -- we will continue to do that. I don't think the market is particularly cheap yet. If you were to try and look for transformation, I think it's kind of a dual double-edge situation.
One, I think we continue to get stronger as we get execution under our belt, a country growing value as Palo Alto Networks. And if some of the large players out there end up committing missteps and we'll go take a look at it for now. I feel very comfortable with the position Palo Alto has in the industry. I feel very, very comfortable with the amount of cash we have on our balance sheet. And I believe it is our job to keep our heads down and keep executing because it's a tough market. And I think one of the things which was brought up just a minute ago, I think the opportunities from AI have not been fully comprehended by most enterprise businesses. I think we are going to undergo a transformation spot Auto Networks as well as generally an enterprise software industry over the next 12 to 24 months as we embrace generative AI, I think that's the real opportunity and challenge in front of us. And I think half of the people are not that we get it wrong. And hopefully, we're on the right side of history.

Walter Pritchard

Question is from Andy Nowinski from Wells Fargo, followed by Matt Hedberg from RBC.

Andrew James Nowinski

Okay. And congrats on a great quarter. So nearly every single vendor and nearly every single reseller we talked to says they're seeing an elongation of sales cycles, yet you seem to defy those headwinds with massive growth in large deals and customer spending $5 million and $10 million with you. I guess would you view this as an important inflection point as it relates to sort of consolidation in that if you can drive large deals in this macro constrained environment, you could potentially see an acceleration of those consolidation trends when the macro improves?

Nikesh Arora

Are you predicting a macro improvement, Andy?

Andrew James Nowinski

I certainly hope so.

Nikesh Arora

Well, look, I think first and foremost, I don't want to leave you the view with any impression that the macro is not hard. It is hard out there. I think everything you're hearing from resellers, from other people in the industry is true. Customers are spending more time paying attention to deals. Customers are taking longer, some are rightsizing deals, some are focusing things that are important. Some are looking for financing. Some want to pay annually. So all the effects that you talked about are true in the industry.
And we recognize this towards the end of our first quarter. And I'll tell you what, we've been working at double time, like literally, the day Dipak shut the doors and us being able to book anything this quarter, we are out there hunting for next quarter. We have a big number to hit this quarter. We're out there in the field. We're executing our teams are out there. So as you probably appreciate, there is no magic in the world around the fact that our quarter ended July 31. There's no budget year-end for any part of the world on July 31. It's -- it's a date that's been created at Palo Alto finishes Air Q4 July 31, which means we have to run as hard as we can to get business done by July 31.
We know that the end of our year, we know the sand of our quarter, our customers know that. So what we're doing is we're getting ahead of it. We're hoping that us getting ahead of it and continuing to rigorously execute is going to allow us to be able to improve our conversion rate. Our conversion rates on our pipeline are down, guess what? You dug up more pipeline, therefore, your conversion rate that's down still allows you to make the number that you promised the Street. That's what we've been trying to do. And as I've said, the macro is hard, and we're going to keep trying to keep our heads down and execute.

Walter Pritchard

Great. Next question from Matt Hedberg at RBC followed by Gabriela Borges at Goldman. Go ahead, Matt.

Matthew George Hedberg

Thanks, Walter. Mike, congrats again team, outstanding results. I guess, Nikesh orderly, on the success you've seen this far with XSIAM, you noted you essentially have full access to SIM budgets right now. I'm curious with some of the large deals you're seeing, are these generally replacing legacy SIM vendors? Or are you actually generating new TAM that didn't exist previously.

Nikesh Arora

So Matt, I'll let Lee jump in and talk about some of the specifics, but I'll tell you what every 1 of these deals is a replacement of a legacy XSIAM or a data store. In addition, we do not sell XSIAM without our endpoint products. You have to buy Palo Alto Cortex XDR to deploy XSIAM because we believe the only way to have normalized good source -- single source of truth data is to deploy our endpoint products. And then we use that, as I showed in the AI funnel of how we can go cross correlate that and go drive great security outcomes. So in every case, we are replacing an existing manner. But I will tell you, the SOC industry is upside down. It was designed so far to go understand when a breach happens, how the breach happened and trying to figure out how to remediate.
It. And those remediation times, as I highlighted are 6 days and now most modern attacks are in and out and under toll out. So if you've got a SOC infrastructure where it allows you to come up with what happened to you after 6 AF days, the bad actors have gone in and out in 12 hours, you have a mismatch. That is a problem. But Lee, can you highlight some of the key use cases that where we've seen in the first 30 plus customers that we have, what's some of this transformation?

Lee Klarich

Yes. Look, nearly -- so exams replacing the SIM is also replacing other tools in the SOC as well. the -- there's 3 core elements to how this is happening. The first is around data. As you saw, 3.5 petabytes a day is being ingested and analyzed. Data is the key to driving good AI and XM is specifically designed to be able to ingest large amounts of data across different data sources into an AI data lake. Second is how we drive AI-based analytics on that data, be able to detect attacks in real time. This is something that the traditional XSIAM industry was just not well designed to be able to do. That is driving the meantime the detection that you're seeing. And then 3 is the integration of automation natively into that allows us to drive the meantime remediation down from what in the past used to be, in many cases, days, down to hours and even tenants. And so in all of the XSIAM deployments we're seeing, -- it's amazing how quickly we are seeing the outcomes that we saw in our own SOC when we deployed an operationalized XSIAM.

Nikesh Arora

Probably the last -- sorry, Matt, the only thing I'll add on this is that over the last 15 years, what has happened is the cost and value equation in existing socks has diverged tremendously. So people are spending a lot of money collecting data in a lot of data stores and they're not getting adequate value out of it and they're not getting adequate security outcomes out of it. So I think that is a big gap, and that gap is something we've been -- we've built this product, try and fill -- and now it really is very early days for us. I think the fact that we'll get to $200 million in the time spend that you thought was aggressive less than that. I think tells us there's a huge potential out there, which means we have to keep our heads down, again, keep building, keep executing and keep trying to solve the problems that our customers are presenting in front of us, but I have a good feeling about that.

Walter Pritchard

Our next question from Gabriela Borges at Goldman Sachs with Adam Tindle from Raymond James on deck.

Gabriela Borges

Either for Lee or Nikesh. I want to ask about your cloud security strategy in Prisma, specifically with respect to how you think about the right balance of incentives that you give customers upfront to catalyze adoption? And then also how you think about the balance of top-down growth versus product-led growth given that DevSecOps, DevOps some of those tools seem to be driven by product line growth as well.

Nikesh Arora

Go ahead, answer that question.

Lee Klarich

One of the challenges that we've set out to address with Prisma Cloud was this fundamental challenge in enterprise cybersecurity sort of the proliferation of point products. Every time there's a new security need, there's a new product and then customers become the system integrator of all deterrent point solutions. And they spend more time trying to be the system integrator than they are actually getting the value from the products.
And so with Prisma Cloud, we've taken the unique approach of building a platform where we can deliver many different capabilities pre-integrated from the same location. Now at the same time, we did that on the technical side, we also approached it from a sort of the adoption side and, I'll call it, the procurement side of having a single Prisma Cloud credit system that makes it really easy for customers to buy a level of capacity and then simply use it to adopt as much of the platform as they need and when they need. And so we've -- it's allowed us to focus more of our attention in terms of how we engage with customers and how the product works on in product adoption, guided adoption of additional capabilities and enabling them to easily use more and more the services as they need them as opposed to having to go back and turn every module into a new transaction with a customer.
And as you saw from what Nikesh showed, the new credit uses year-over-year going up about 44% year-over-year, but then also the number of customers there are more or 4 more modules. In the case of former almost doubling year-over-year shows how well that is working.

Walter Pritchard

Great. Next up, Adam Tindle, Raymond James; followed by Gregg Moskowitz, Mizuho.

Adam Tyler Tindle

I want to start by just acknowledging the China operating margin is really impressive and commitment to that being a baseline is a really important point. If I'm thinking about tomorrow, some of the distracting questions that might come up would be around product revenue. I think you grew 10% year-over-year in Q3, and you had previously guided the fiscal year to 10%. But if I saw in the slides correctly, I think you're now raising that to 15% to 16%. So what's driving that increase in product revenue and the accelerating Q4 despite the cautionary comments. And anything we can think about in terms of puts and takes to product revenue as we think about fiscal '24, so we don't get ahead of ourselves.

Nikesh Arora

Yes, Adam, I think there are 2 parts to it. One is, as you will appreciate, we highlighted that software has become 30% of our product revenue. So we -- when you book a hardware firewall, you get a dollar for dollar for revenue. In software, you don't get a dollar for dollar for revenue there is some part of an amortized value we get from our software firewalls and some part of our SD-WAN, which becomes part of our product revenue. So we have to run harder on billings to be able to deliver product revenue in the context of software.
But as I mentioned, our virtual firewalls grew at 55% this quarter. They grew at 40% for the year so far. This is a tailwind we had not expected. At the same time, the hardware, as I mentioned, is not as strong as we'd expected. So they balance each other out. But in balances in favor of software for now, coming off a low base of last year. So as a result, we have been able to improve our product revenue guidance. So obviously, it comes at the cost of services revenue because some of our software has now had to work triple time to be able to deliver product revenue. So I think that's the context in which you should think about it overall, where there's been a draw from 1 side and a partial give on the other side and the product revenue. However, given our RPO is growing way ahead of revenue, it just means we are saving up a lot of revenue for a future rainy day.

Dipak Golechha

No, for raining a area. The only other thing that I would maybe just add to that is simply the supply chain dynamics that Nikesh talked about in his remarks, I mean that does have some factors, but we really have been able to -- with a world-class team get ahead of the supply chain reality. And so that may explain some of the variability you're seeing.

Walter Pritchard

Great. Next up, Gregg Moskowitz from Mizuho, followed by Shaul from Cowen.

Gregg Steven Moskowitz

All right. I have a follow-up for Lee or Nikesh on generate AI. So your comments on LLM were helpful, but do you think gen AI will tilt the scales in favor of Palo Alto and perhaps some other security vendors over time? Or is it ultimately more likely to cause an even faster game of cat and mouse between the vendors and the attackers, -- how do you see this playing out?

Nikesh Arora

Well, I think look, first and foremost, the benefit of generative AI so far is twofold, right? One is in its ability to summarize data and give you access to information much faster. Can I imagine a sales rep at Palo Alto having access to their fingertips about all Palo Alto information, -- of course, I can. Can I imagine my customer support people having access to amazing amounts of information that's at the tip of their fingers so they can answer customer questions about faster. Can I imagine for showcasing that information directly to my customers as you're seeing the industry now suddenly a plethora of copies start to emerge in every product. So I think that is going to become an obvious benefit of generative AI.
Now don't forget, it relies on one principle called having a lot of data. But it's very important that whether you're using it for sharing your own information from your customers to your customers, you need a lot of that data. You have to clean all your data processes and have that. Secondly, if you're in the security business, it definitely helps. If you have the largest data like in the world, of security data. So from that perspective, I think it favors the people who have a lot of data already as part of their strategy, and they have built a business on the back of a data-led strategy. I think not just specific to security in any industry, especially consumer Internet, if you've been a UI company, you have something to worry about. If you're a travel booking operator or something with just takes other people's data and makes a better UI, you have something to worry about. So I think from that perspective, it favors companies which have tremendous amounts of data.
I think the second thing is also important to understand, if I have people spend thousands of billions in customers support or more, there is leverage. I can go spend $30 million, $40 million, $50 million deploying at Lam and saving up my cost. If you're running a small company and your entire cost of $50 million, it probably doesn't behoove you to go out and create a released generate project to go pay and take away 12 cost. So I think it also benefits people of scale who are able to drive efficiencies using generative AI across the enterprise, allowing them to grow their business much faster with limited resources. Does that help?

Walter Pritchard

And Shaul Eyal from Cowen, our last question.

Shaul Eyal

Congrats, team. Nikesh, I want to go back, actually, I know Brad was asking about M&A. I want to ask about the competitive landscape, but specifically with a focus maybe on the CNAPP front. So my question is, -- how do you think about it? Any change? Do you think that the product right now, as it stands, is comprehensive or anything you might be thinking of maybe augmenting specifically on the CNAPP front.

Lee Klarich

That's by far the most comprehensive cloud-native application production platform there is. That doesn't mean that we do everything, but we do far more than any other solution out there. There's a tremendous amount of focus on delivering capabilities that we've been building internally, organically amongst the team. We've seen the most recent one we delivered with secret scanning just a few months ago. We've seen very good early adoption of that.
At the same time, we're also delivering on the latest acquisition of cyber security, where we expect that to become a new module in the next couple of months available to all of our Prisma Cloud customers. And so the -- Nikesh about how we've leveraged M&A in the past to help build some of the key technology areas of Prisma Cloud, which is absolutely true. We have also shown an ability to deliver new cloud security capabilities organically and be very successful at that. And right now, I feel good about the balance of both those capabilities and how we're bringing them together and how we continue to deliver new innovations.

Walter Pritchard

With that, we'll conclude the Q&A portion of the call, and I'd like to pass it back to Nikesh for his closing remarks.

Nikesh Arora

Well, thank you very much again, everybody, for joining us. We look forward to seeing many of you at the upcoming investor events. I also want to once again take an opportunity to thank all of our employees who worked very hard in a very dedicated fashion, as you all know, to help us achieve the results. Not only that, a big thank you to all of our partners and our customers around the world. Have a wonderful day. Thank you.