Please welcome, Vice President of Investor Relations, David Niederman.

Hello. Thanks for coming, we really appreciate it. Good afternoon, I am David Niederman Vice President of Investor Relations at Palo Alto Networks. Thanks for joining us today to discuss our Fiscal Fourth Quarter and Full Year 2019 Results. This meeting is being broadcast live over the web and can be accessed on our Investor Relations section of our website at investors.paloaltonetworks.com. Earlier this afternoon, we issued a press release announcing our results for our fiscal fourth quarter and full year ended July 31, 2019. We also provided a script of certain fiscal fourth quarter and full-year 2019 financial results and operating metrics along with applicable reconciliations as exhibits to a current report on Form 8-K filed with the SEC earlier this afternoon. Copies of these materials can also be found on the Investors section of our website. I'd like to remind you that management will be making forward-looking statements, including statements regarding our near and long-term financial guidance and strategy as well as modeling points for Q1'20 and full year fiscal 2020. Please kindly take a moment to review the Safe Harbor language provided with the meeting materials, also please note that certain financial measures we use on this call are expressed on a non-GAAP basis, and have been adjusted to exclude certain charges. For historical periods, we provided reconciliations of these non-GAAP financial measures to GAAP financial measures in the supplemental financial information that can be found at the end of the presentation and the investor section of our website located at investors.paloaltonetworks.com. On stage with us today will be Nikesh Arora, our Chairman and Chief Executive Officer; Kathy Bonanno, our Chief Financial Officer; Lee Klarich, our Chief Product Officer; and Nir Zuk, our Chief Technology Officer. We will have a Q&A forum at the end of the financial presentation. And with that, I'll turn it over to Kathy.

Hi everyone, thank you so much for coming today, oh look! a splattering of applause, how nice, I appreciate that. Thank you. Thank you all very, very much for coming today, we appreciate your interest in Palo Alto Networks. We have a lot to cover today, and so I'm just going to get right into it. I'm going to start by providing a quick overview of our fiscal Q4 results for the fiscal year 2019 and full year results. Nikesh will then come up and he'll walk you through our strategy and our operating framework for the next three years, and then Lee Klarich and Nir Zuk will take you through our product strategy and I'll return to cover forward-looking guidance at the end. So let's turn now to fiscal fourth quarter 2019 which capped-off another great year for Palo Alto Networks. In the quarter, we grew revenue 22% year-over-year to approximately $806 million. Quarterly billings crossed the billion-dollar mark, a first in the Company's history. And our performance in Prisma and Cortex or as we refer to them collectively as next-gen security was especially strong. Our next-gen security billings were approximately $192 million in the quarter, this represents a $768 million annual run-rate to approximately -- and accelerated our growth to approximately 180% year-over-year. For the full fiscal year, we also delivered strong top line results and full-year free cash flow was approximately $924 million. If we adjust for the cash charges associated with our headquarters in Santa Clara and the retirement of our 2019 convertible debt free cash flow for the year was $1.1 billion at a margin of 36.7%. So let's turn now to some of the product highlights for the quarter. In Q4, we completed the acquisitions of Twistlock and PureSec, and we are actively integrating…

Good afternoon. Thank you very much for joining us, and thank you, Kathy. Normally when I get up on stage, I usually ask the audience, what can I answer that you leave here happy. Now many of you are so kind you've written me very long notes about what you want me to tell you, which are going to make you happy. It's very helpful. It’s like I have my marching orders, you've given me the script. So Keith Weiss from Morgan Stanley, yes, we will talk about product evolution, M&A. Keith Bachman talks about depth and duration of depressed cash flow, sounds very depressing, but we'll talk about that, they're not depressed. We will go down to the details of our next generation security business and explain the financial models around you, they don't get spooked by duration issues. And yes, Brad, no hardware company of this size have made a transition like this, but hopefully we just need to keep growing and not make the transition. You do notice that we're displacing your favorite company Zscaler in many situations. So, but I'm scared today, we had changes or recommendations, something is going to happen to the rest of you guys. So for now, and I'm happy with Brad where he is? So it's about 12 plus months, I've been at Palo Alto Networks and I know you guys have been asking for us to come about and explain how we're thinking about this Company going forward. So, hopefully in the next 75-80 minutes me, Nir, Lee and many of my management colleagues will share our plan for the next three years with you, in terms of where we want to take this Company. Before I go there, I thought I would do is quickly walk you through what…

Good afternoon.

Good afternoon.

I've been working with Nir for a very, very long time almost 10 years. And I think this is the first time that he and I are actually sharing a stage together. So here we go, and that should be fine. I guess there should be fine. So what we'd like to do a share with you our product strategy and how we think about things. And we will fit that into the contracts that Nikesh has walked through in terms of the three pillars, securing the enterprise, securing the cloud and securing the future. Now I've been in the security industry for a very long time. I've been in Palo Alto Networks for very long time and I can't definitively say that I've never been more excited and confident in our ability to deliver these platforms in a very unique and differentiated way. Now to kick us off, no better person than Nir to talk about securing the enterprise. Nir?

Thank you, Lee. So let's talk a little bit about securing the enterprise, specifically about network security. I know that some of you would like to believe that the firewall is going away, and there is no role for network security in the future. In reality, there are things that have to be done through the network -- through network security and there is just not a place to do them. And so things like looking for command and control connections. Things like combining access control, user identity and authorization systems. And most importantly, more than half of the devices that enterprise use today cannot be protected by running something on the device itself, have to be protected from the network. Mobile phones, we've locked down operating systems or limited battery life, routers, switches, printers, network-attached scanners and all other kind of IoTs like IP phones and things like that. The only way to protect them is through the network because you can't run anything on it. So network security is here to stay, it's always been the core of cybersecurity and will continue to be the core of cybersecurity, but changes have to be made, because over time applications have been moving from the corporate data center into the cloud with our SaaS or public cloud and users have been moving from corporate networks into smaller offices, branch offices they have been moving of the network completely in the form of being mobile users and network security has to follow them and network security has to follow them wherever they go because again there are things that network security is the only thing or there things that network security has to do, like so on cybersecurity functionality, like access control and supporting again devices that can only be done from the network. The challenge is how you do that, how do you follow the user when they're off the network, how do you follow the application when it's running in the public cloud, and more importantly, like Nikesh said, customers are asking us to consolidate more and more functionality that would deploy in the network separately from the firewall into the single next generation based platform that we have created. And to talk about that and the innovation around it, we'll go back to Lee.

So there is lots of innovation is going on in next-gen firewall. There is two areas in particular, I want to talk through with all of you today that are -- of particular importance. The first is sort of piggyback off when Nir was talking about the importance of form factors, okay. How do we take all the same capabilities and make sure that they can be deployed everywhere, the in-line security as needed. And this is something we started driving several years ago when we expanded from hardware appliance form factors to software form factors with the VM series. Since that time, VM series has turned into the leading virtual next-gen firewall in the market. And then from there and we're recently we expanded into delivering these capabilities as a service with Prisma access, which allows us to extend security out to mobile users branch offices, retail environment, et cetera. Now with particularly powerful about this, in addition to be able to provide consistent security everywhere, is the ability to have a single control plane to be able to manage this consistently as well. As Nikesh mentioned earlier, one of our very large customer acquisitions in the previous quarter was a customer who had been with us for a while with hardware and the data center. And in the quarter as they extended that using VM-series and Prisma access into a complete solution, and what was particularly exciting and relevant to them was the ability to get that consistent security consistent control plane, we can't get anywhere else. Now, going hand in hand with us, is the ability to use of firewall as a platform for delivering more and more capabilities. If you look -- if you think about the enterprise security market, it is actually insane. The number…

Thank you, Lee. Maybe before that I'm very excited about Prisma Cloud. When we started the company and Lee has been with me, since the beginning. When we started the company, we are going to build an acceleration firewall and we had a bunch of very large vendors that we have to go and displace which we've done. But we're today by far the largest network security vendor out there. It was a lot of work displacing them. I think that with cloud with public cloud security and generally with cloud security the market is open. There is the need, I don't see any other vendor in a position to do this. And I think that the numbers that you've seen and the numbers that you will see speak for themselves. Because to do this, you have to first have the firewall because there is no way to secure the cloud without a firewall, you have to look at the things that only the firewall can look and there are things that's running in the cloud, that you need a firewall, because you can't run endpoint security on them. And then on top of that, you need all the different technologies that we've been building and acquiring and integrating over the last few years, that I just don't see anyone out there that's even thinking about it nevertheless, someone that has the different components that are required in order to go after the cloud security market. So very excited about that, at least as much as much as we're excited when we started Palo Alto Networks and went after the enterprise security market. Now once applications start moving to the cloud, which they are, enterprise network architectures and access architectures are changing. And the reason for that -- oops we…

Well, thank you, Lee and Nir. So, as I mentioned, we spend a lot of time making sure we get our product strategy right, and Lee and Nir, have highlighted where we plan to go. I hope you didn't miss the fact that Lee is committed publicly to deploying a lot of subscriptions in our firewalls and potentially applying SD-WAN across every form factor. I'm just trying to make sure he hears me, safe to use, so that I can make sure I can hold him too. And we also talked about ingesting third-party data into Cortex, which is an extension of our vision of our Application Framework from the past. But product is just part of our solution. Once you get product right, you've got to make sure you have the execution capability to put the product out in the market. And, as I've analyzed enterprise companies, it's very interesting, there is very few very large enterprise companies and many small enterprise companies. And it's interesting, if you look at them, there is a distribution engine that needs to be created just commensurate with your product capacity. Companies get started, they get into a very good state with one set of products and then either you have to keep innovating and adding more product to the portfolio with the salespeople or you have to acquire product and be able to ingest it in a way that your salespeople are going to sell it. There is only one way to double revenue, it's a double number of salespeople and make sure there is enough capacity in the market, or make sure you double the amount of product that a salesperson can sell and is able to sell to be able to do that. Our intent is to do a little…

Okay. Thank you, Nikesh. All right. So that's a lot, talked a lot about fiscal 2022 and about what we see in the coming years. Let me just put a finer point on what we expect for fiscal 2020. So, am I moving these slides or somebody else? Okay. Since it's a lot of data and information on the screen and these slides will be made available to you, I'm going to focus primarily on talking about the year-over-year growth rates. We will make these slides available to you following the call. So for fiscal Q1 FY'20, we expect billings growth to be between 15% to 17% year-over-year. We expect revenue growth of 16% to 17% year-over-year. We expect non-GAAP EPS to be in the range of $1.02 to $1.04, which incorporates net expenses related to acquisitions, including the Zingbox proposed acquisition, which we've just announced. For the full-year of fiscal 2020, we expect billings to increase between 17% to 19% year-over-year and we expect revenue growth to be in the range of 19% to 20% year-over-year. As Nikesh mentioned, next-gen security billings growth is expected to be in the range of 77% to 79% year-over-year. We expect fiscal 2020 non-GAAP EPS to be in the range of $5 to $5.10, which also includes net expenses related to our recent acquisitions. And finally, turning to free cash flow, we expect adjusted free cash flow margin of approximately 30% for fiscal 2020. In this slide presentation, you will also find some additional modeling points related to CapEx estimate, share count, tax rate, the impact of M&A on EPS. I'm not going to read them to you, but once again we'll make that available to you. So finally, we've summarized our fiscal 2022 guidance for you as well on the screen, Nikesh already covered this, but hopefully the format for fiscal 2022 will be easy for you to digest. And I don't think it's on the screen, so perhaps -- yeah, perhaps I should move it since I'm holding the clicker in my hands, sorry. So, while we are investing to capture significant market opportunity and we do see a gradual shift in durations, we expect it to be gradual associated with changing mix of our products towards more cloud and SaaS delivered products. As Nikesh mentioned, we're not anticipating a big bang event. And so, for the years beyond fiscal 2022, we're targeting our operating margins to be above 25% and free cash flow margins at least 30% or greater. So that hopefully will put some of your minds at ease. That concludes our prepared remarks. And now we'll turn up the lights and be happy to address any of your questions. Nikesh?

Are you guys happy yet? Come on give her a round of applause. Tough crowd.

Okay. We have people running mics. So I see some questions.

Please state your name and your firm before you state your question, please.

Thank you. This is Jonathan Ho from William Blair. One of the questions I had is regarding the next-generation growth, can you unpack for us a little bit of the components that you see from that next-gen side? And maybe how much that ties to the investments that you're making? Thanks.

Yeah. Look, we're not going to break down the individual components just yet. But in terms of the investment, we -- as I mentioned, we've moved 1,000 people through acquisitions or through organic hiring. We've taken our Prisma and Cortex or next-generation security team to about 1,500 people out of 7,000 people, the highlights we ended FY'19 with. We anticipate adding more people into those categories, both for R&D and for sales. We feel reasonably comfortable that our core team is robust in the size. So we'll be making small additions to our core team but mostly we're focusing some of our newer hires into Prisma and Cortex. Some of that spending is also a full year impact of what we already invested going into Q3 and Q4 of this year. So some of it is a follow on from Q3 and Q4 investment, which we were able to manage with our budget for this year. But some of it is incremental hiring for Prisma and Cortex. In terms of across the board, I can give you color that Prisma Cloud is doing phenomenally well for us. It's really -- we need to be out there in front of our customers a lot more. There is over 20,000 -- 30,000 people selling public cloud between AWS, Azure, GCP and Alibaba. There's probably a few hundred cloud security salespeople in the world. So when we show up and customers and we show them a demo and saying, look, this is what you're not doing. They're, oh, yeah, I got to go cover my security needs and when I write applications, they're just not able secure themselves. So we're seeing really good traction for Prisma Cloud. I think Nir made it abundantly clear how excited we are about Prisma Access and how proxy style securing cloud-native architectures is not a good idea. So Prisma Access is the huge focus. Demisto has done well. Post acquisition it has followed the M&A slide I showed you in terms of expecting to double their business plan from where they are. So -- and XDR for us has done really well, because we got 250 customers in the first full quarter of operation and we continue to see more and more -- with the addition of third-party data ingestion. And the way we think about the ingestion, just to clarify, we just don't ingest data, we make sure analytics engine can ingest that data and provide analytics and suppress bad alerts and give you good signal and do data stitching. So, our ingestion philosophy is more a philosophy which works in building analytics around the data and then ingesting the data [indiscernible]. So I think across the board we anticipate robust growth, that's why we're comfortable guiding to an $800 million to $810 million number.

A lot of hands going up. Okay. Amber?

Hi, Ken Talanian, Evercore ISI. When I look at that $6 billion billings number, how much of that is from your existing product set? And what are your assumptions around kind of current acquisitions going into that and then maybe some of the future acquisition assumptions that build-up to that?

Look, as Lee mentioned, that we believe many of the cloud security products are not fully built in the market from a maturity perspective. If you look at serverless, serverless we think is 50% built, we bought PureSec, they have a product roadmap, which is a robust product roadmap in front of them for six to nine months. So we believe there will be interesting cloud security based acquisitions we might have to do in the future, which will fall in the M&A philosophy we highlighted. So, some of those bolt-on technology, which haven't been developed or anticipated, and our desire to build a cloud platforms for the future. But there is no major plug in that number for us to go out and acquire revenue to reach that $6 billion number. We feel we should be able to get there with the majority of the products we have in place with small bolt-on acquisitions as we see the industry [indiscernible].

Thank you. Shaul Eyal with Oppenheimer. Nikesh, you have put many concerns to rest over the course of the past hour, so.

Thank you.

So, one question I had in mind is...

But still have one. So go -- everything before the but is to be ignored. Yeah.

As we think about your targets heading towards fiscal 2022 and above, have you taken into consideration any changes with respect to channel compensation, partners, anything with a go-to-market? Or pretty much from our perspective, we should be thinking about it mostly at a status quo going further?

There are no major assumptions in there in changing any channel behavior in the process. We are seeing more activity in the channel by telcos and by SIs like the Accentures and the Deloittes of the world or AT&Ts of the world or Telefonica's of the world, they are becoming more active in cybersecurity. If you look at most of the landscape, every telco, every consulting organization is building very large cybersecurity practices because they're trying not only [indiscernible] they're building cloud practices. So if you go, this is the biggest fastest-growing segment of the SI and SP space. So, yes, we anticipate they will have a bigger role to play in how we are able to deploy some of our products in the future. But to us, that's just evolution of channel. If they end up doing more business, bring us to customers, we'll be there with them just the way we are with the [Optiv's] [ph] and WWT's of today.

Thanks. Saket Kalia from Barclays. Nikesh you talked about no transition to a term license model, for example, for the firewall business, which was good to hear. But you also even suggested that maybe some cloud products could be priced similarly to the firewall. I think we mentioned that quickly. Could you just give some examples of that and when that could actually start to happen?

So what I -- sorry, thank you, first of all, for asking the question. I want to make sure I clarify. Sometimes our sales teams bundle our annual products into three-year deals and sell them like they would sell it upfront cash payment, which allows us to get the cash flow just the way we get the cash flow for our firewall products and roughly -- three years is roughly the term for our hardware business in terms of contract durations. So that's all I'm saying that, some of the cloud deal end up being three-year deals instead of annual deals. So we still get the benefit of the cash flow, so which is why Kathy alluded to the fact that we're not anticipating large duration declines over the next three years. We believe -- I haven't said this yet, but I'm going to say it, we believe that the duration decline will be approximately 10% over the next three years and hence, we believe we are able to deliver -- we will be able to deliver the $4 billion of cash flow over the next three years.

Hi. It's Imtiaz Koujalgi from Guggenheim. Kathy, if I'm doing my math right, based on your billings guide for next year and your billings guide for the next-generation products if I back that out, it looks like you're guiding to the core business growing at about 8%, the firewall business, which is a big step down from the 24% product growth we had this year. Is that the right way to think about product growth next year in the high-20s?

Yeah. I think it's a little bit higher than that, but yes that's close. The reason that we are looking at this firewall technology as a group is because we're very excited about what we're seeing from our customers in terms of demand for both Prisma Access and our VM series. And so, that security category, which Nikesh showed up on the slide earlier, we are expecting to continue to grow at very rapid rates. Now, the mix may change a little bit in between there, but I think our forecast still holds regardless. And the firewall security itself, that in line security, that network security is still a very important component for all of our customers, but we are seeing great demand and great excitement about what Prisma Access can do by delivering that security in a cloud form factor really security-as-a-service. And so, we're very jazzed about our possibilities going forward in terms of being able to win deals that would have normally been one with firewalls, hardware with that particular product and we think that we're the only competitor that can really offer these various form factors to our customers. And so, we see a really terrific opportunity.

Just to elaborate on that for a second. You saw two examples, one Lee alluded to a very large retailer and we had a video from another. In both cases we were competing with firewall boxes. And we went in with Prisma Access with a differentiated strategy. These are very large deals, as I've mentioned, one of them was over $10 million, the other one was close. But in both cases, we were able to displace the hardware form factor for competitors because competitors did not have a software form factor. The good news is, the software form factor deployment is a brief. If you try and deploy a box in 2,000 locations in a retailer, it takes them a year and a half or two years. The software, we can get there in three to five months. So, part of what we are trying to do is, we're trying to actually force that shift towards the software form factor because as Nir mentioned, we don't believe our competition has the capability to deliver the solution via the software form factor, which allows us both to be differentiated, reduce speed of deployment, allow it to run across hundred on-boarding points from -- for our customers. So that's part of the assumption, which you rightfully captured. We're actually trying to engineer that bigger shift and trying to drive our business more towards the software form factor.

Thanks. So, one more follow-up, Kathy. On the long-term target, comparing what you gave us last time in 2017, you had free cash flow margins long-term below operating margins. This time you reversed it, your operating margins long-term are actually lower than your free cash flow margin targets. What is driving that reversal? Is it just more recurring revenues?

Yeah. Can I just clarify? When we're talking about long-term and I'm glad you asked this so I can get it out there for everyone to hear. We're talking four to five years, right? And the previous guidance that we had given, our long-term was much, much further out when we're sort of growing at the rate of the market is the way we described it. And at that point in time, we assumed that we'd be a much greater cash taxpayer. And so, that was the reason for the lower free cash flow margins. But we're talking right now long-term for us is about four to five years out. Okay? Thank you. And I said four to five, not 45. I need to be very clear and enunciate.

45 would be great guidance. All right. Somebody has the mic? There's question on this slide. David behind you.

And I saw a woman with her hand up. I want her to get a question, Fatima. Just don't ask us a hard one now. Just kidding.

I'll go easy on you. I'm Fatima Boolani from UBS. Just a quick point of clarification on the mix shift dynamics you're seeing in the core firewall business, is that a displacement dynamic or are you seeing the mix shift within the refresh of your own installed base? I just want to clarify...

It's more of a displacement dynamic. I give you one specific use case, but there are similar use cases in many places where -- whether it's a retailer, whether it's multi-branch situation or multiple mobile user situation. We have customers with 100,000 employees or more who want to go to a Prisma Access type solution for the mobile users. So, it's more -- it's mostly a displaced -- mostly a displacement of competition dynamic than it is a refresh of our data center firewall business.

Understood. So my real question is...

I know where you're going, don't worry.

You talked about...

I've spent three months pouring over every one of these numbers of Kathy, so I know exactly where you're going. Please go.

You talked a lot about automation in each one of the pillars of your corporate strategy. And so, if I think about your top 25 or your 25th largest customer spending close to $40 million per annum with you. I mean, how should we think about that with the automation opportunity and the fact that you expect to double the size of your business in the next four to five years? I mean, what are some of the dynamics there if your 25th largest customers already spending $40 million with you?

So, let me use Cortex XDR as a use case, right. We have thousands of customers who deployed Traps. The version of Traps four months ago was not collecting data, sending it to a central data lake, allowing us to do insights and analytics against it. We are able to go back to every one of those large customers and allow them to ingest data from there and give -- and upsell them to Cortex XDR. So this is a use case for us where we take their firewalls, we take their endpoints and say, why don't you collect the data across the board, we'll analyze it to you, we'll reduce the signal-to-noise ratio and we'll couple Demisto with it and be able to give you automation going forward. So, that's the use case, for example, we can take our firewall customers, our endpoint customers, add automation to this and that budget comes out of their SOC budgets, because every one of our customers is building SOC. SOC is the fastest-growing category with about 20%-plus growth year-over-year, where people are deploying more people and more data ingestion and more data logging spend.

And do you foresee that more coming out of the wallets of traditional managed security services providers you sort of offer these Tier 1 type capabilities? And are those dollars coming from essentially?

Those dollars are coming from both SOC dollars, if you will, there is such a category, but they are also coming from efficiencies we're able to drive for those SOC owners, we are saying, we can come in and instead of we put up some interesting numbers up there, you out 8 times and 50 times in terms of alert reduction. Traditional approach to alert reduction is hire more SOC analyst. If he can walk and say, I can reduce the number of alerts by 8 times and I can the reduce the number of alerts by 50 times, that's a huge amount of savings, which is coming out of the SOC analysts that people have to hire and very few of our customers are able to scale up their SOC to hire 300 SOC analysts because it's kind of very interesting. One thing I learnt, which I can talk about, very few customers delete policies. They are scare of deleting seven, eight of firewall policies because somebody wrote them with some wisdom in mind and the new guys says, oh, I'm not going to delete it. So there is the poor SOC analyst trying to interpret, why is that an alert? And the problem is, the alert keeps coming back because they have no ability to go out and remediate that and fixed that policy. So part of what Demisto is doing is, okay, we understand you don't like alerts, so let's automate this so you can start focusing on stuff that's important. That's why you end up with that 174,000 alerts and not that I'm a hacker or a bad guy, but if I understand how you prioritize the important alerts you should look at, I'll spend my time trying to figure out how to be under the radar. So part of our philosophy is, we want to look at every alert out there and the only way he can get there is through automation. Automation that works in the endpoint, automation that works in your firewall, automation that works in your SOC, so that's why if you notice, every one of our products has a large automation TAM because we believe we're going to take away from this services is the labor TAMs and put that into automation.

Thank you so much.

Amber, in the back.

Hi, Sterling Auty with JPMorgan. So, one question for Nikesh and Kathy, and if possible, can I throw a follow-up question to Nir, if he still has his microphone?

Yeah. Our entire management team is here, of course.

All right. Fantastic. So Nikesh and Kathy, Nikesh you mentioned the 10% reduction in duration over the next three years, how much of that is actually going to be what you're managing that duration to versus what customers want? Because one of the positive feedback items that we received through the channel over the last quarter or so is, finally, Palo Alto being flexible on payment terms. And if God forbid, we do roll into some tougher macro economic times, I could see more and more customers perhaps wanting to only pay a year at a time instead of three years upfront.

Kathy, you want to...

Yeah. We are going to be very thoughtful about those trade-offs in terms of what sort of financial incentives do we have to provide in order to have our customers commit to us for a longer period of time. We talked about last -- that issue last quarter, and we talked about the fact that we were paying very close attention to the economics of deals like that where our customers really wanted to only pay us a year at a time. And we're going to continue to do that. And if our customers demand more and more of that, obviously, we will adapt to what our customers are wanting. But we actually find that there are a lot of customers who are very comfortable with the way they pay us today very comfortable with our billing practices to date. And so, we're not seeing this huge surge of demand. It tends to be occasional request that we handle on a one-off basis. Potentially it could become larger in the future and, of course, we'll adapt to that over time. But the big shift that we've been talking about -- I'm sorry, Nikesh, is really driven more by the mix shift of the products and primarily the growth of Prisma Cloud, which we talked a little bit about last quarter having shorter contract durations, which we talked about.

And sorry, just to add to that, I've discovered over the last 13 months, the industry has certain compensating mechanisms already in place. And there are customers who want to pay on an annual basis and the industry -- the channel wants to facilitate it. They figured it out with some sort of financing and they show up at our doorstep with the entire contract durations worth of cash flow. So, it's been around for a very long time, and there are many enterprise companies which have financing arms and all different kind of tactics to enable that cash flow generation. So we haven't assumed any of that stuff, we believe that life will go on as normal. But I have the inevitable Nir here, you wanted to question.

Exactly. The follow-up, Nir, when you were talking about proxies, you did Gen 1 kind of Gen 2, but when we're thinking about Prisma and the competition going forward, you didn't really kind of call out the name. So I want to be very specific in terms of understanding who you think...

You think we didn't call out the name. Okay.

Nikesh, you touched upon. Who do you think is going to be the core competition in terms of Prisma Access moving forward? I mean, we all think probably Zscaler is going to be part of it. But what about the Akamai and the other companies that are in that space? And what do you think happens to kind of the traditional firewall vendors, do they all get squeezed out or do they come up with offerings as well? Thanks.

Yeah. I -- so I think the competition is Zscaler. However, I strongly believe that the right architecture and the right products at the end of the day win. And we've been told that may be multiple times, right? FireEye, for example, right? A long time ago, FireEye came out of the market and they had this idea of running sandboxes and signatures are dead and the entire world is going to ship to FireEye and some of you even bought that story, but it was the wrong technical solution. First, sandbox is not going to replace everything and second, from a technical perspective, a sandbox needs to do prevention, no detection. It has to be in line and it has to be across entire infrastructure, which means it needs to run off the firewall. And that's why they went their way, we went our way and we all know how it ended up for both of us. So, I think that we're facing the same situation right now. There is the right technical way of doing something and the right way to deliver a product to the market, then there is the wrong way. And proxies have always been the wrong way and firewalls have always been the right way, being in the network, part of the network, being a packet-based device, participating in routing, participating in network optimization, and being able to support all applications, not just few applications, not breaking applications. I don't know if you know, if Microsoft recommends that when you use Zscaler, you turn -- you don't use Zscaler when you go to Office 365. Why? Because it breaks Office 365. Because that's what proxies do. And it's their own technical solution and I strongly believe that the right technical solution will win. Now, if you look at what's involved in Access in the modern access into the cloud and back into the infrastructure -- into their corporate infrastructure for mobile users and branch offices, you need to do a lot of different things. And our competition today, different competitors do different things. I don't see a single competitor that does both the application security part of it, the firewall side of it, the CASB side of it, the SD-WAN part of it, they are back to corporate side of it, I just don't see anyone that has the complete portfolio to be able to do what we're talking about. Yes, there are the firewall vendors, the firewall vendors, like I said, are still busy figuring out why they can't sell their hardware against ours. While we've been spending the last several years building our virtual firewall and building our cloud-delivered firewall to a point where I just -- it's just -- they are three to five years behind at least, plus the amount of time they are behind our hardware firewall is, I just -- I don't see competition from them.

Thank you, Nir.

I'm going to recall...

What Nir means to say is, we respect our competition and we are glad that we're able to build amazingly large businesses and serve the customers' needs with cybersecurity. I think that's what he said.

Matt Hedberg, RBC. It seems like every other question of investors is macro, you guys delivered strong results, obviously, some very large deals this quarter and the guidance on a multi-year view is very strong. I guess, Nikesh, when you're out talking to executives, what is the pulse of buying behavior out there right now? And then I have a quick product question for Nir as well.

Yeah. What's interesting and maybe I'm going to ask our President, Amit Singh, who you have not seen in this context. He can talk more because he has been out there on the road grinding away. So you guys get to tell the good stories, I get to go out there in the field and grind. So, let's have you come up. So...

Oh boy.

Hello, everyone. The climate for cybersecurity is quite strong, the acquisitions. It's driven by all the challenges you see in the papers and buying behavior is actually quite solid. The movement towards software and software-delivered is a real one, so -- and we are actually very, very excited about the products that we have, both on the product side, as well as the service delivery side of it, because these are cloud-delivered solutions, it's a backdrop that I come from. And interesting, when you look at any trend, whether it's how many software startups were funded, cybersecurity startups, all the way to the actual market spending, it's very, very solid. Your question was, I think, on the macro picture. We haven't seen any slowdown. We haven't seen slowdown, you saw some of that numbers we shared around pipeline, pipeline growth, partner generation pipeline and clearly, our Q4 performance is a measure testament of being able to hold the core business, while being also able to generate brand new businesses and scale them.

And then maybe just a quick product question. Nir, when you think about consolidating security spend, what's sort of your view on identity? It's -- obviously, it's a hot category out there. What role is identity have in the Palo Alto platform?

Sure. So first, most of our customers integrate our network security with identity, because identity needs enforcement, and in most cases, the firewall is going to do a bit of thing that performs the enforcement. Actually, the only case where it's not the firewall is when you access SaaS applications. In all other cases, it's the firewall that enforcing the identity, sometimes the applications themselves as well. So that's the rough identity. Now, if you look at the market today, I think most of the market is focused on what's called hygiene, meaning who can connect and who cannot connect to an application, which is interesting but it's becoming commodity. I think the most interest -- the more interesting part of Identity is identity analytics. So being able to take identity events and figuring out attacks from the identity. So that's -- I think that's one area that's not being addressed today by the market and is an opportunity. I think that's the other side of identity that is still yet to be decided by the market is, how do you do machine-to-machine identity, especially in the cloud. And I think the jury is still out on that and that's -- that could be one day an interesting thing to look at.

Hi, Phil Winslow, Wells Fargo. Just wanted to focusing on the firewall platform billing slide and there you break out your firewall hardware versus Prisma and the VM series, we already -- so we talked a lot about Prisma Access here today, but wanted to focus my question on the VM series. One of the questions I get a lot from investors is attach rate of VM series and attach rate of firewall in the public cloud environment. And so, it's kind of question to the whole team here is that, one, how are you thinking about contribution VM series to the forward billings? But also, where are we in terms of increasing attach rates of VM series and call it your hybrid cloud, multi-cloud security?

Quick clarifying question, what you mean the attach of the VM series?

The -- instead of call it like the out-of-the-box firewall that you got -- get from a cloud vendor, Azure, AWS attaching actually VM series to that workload and the like.

So we're very pleased with the VM series and how it's done. The -- when it first came out, we were focused on the private cloud use case because at the time that was the first generation of cloud, and then it's evolved really well as more workloads have shifted into public cloud infrastructure. VM series today supports all of the major cloud vendors in US Azure, GCP, Alibaba. It's evolved in a number of ways that are very specific to cloud in terms of how we integrate it with different orchestration platforms, how would do automation. We're the only security vendor, for example, especially supported with Terraform, which is one of the main sort of multi-cloud automation orchestration tools out there. We are sellable to all the marketplaces. And we actually have a very nice business and growing business with VM series being consumed through the marketplaces. So, there is a lot of really good things that are happening there. The -- I'd say, the only sort of challenge that -- may not the only challenge, but big challenge relative to your question is, a lot of companies will first try to get by without real security. And the -- through various mechanisms and often is through unfortunate events where something bad happens to a company that triggers the people to actually really go back and pay attention. But that's the only challenge is sort of getting people over the hump of trying the thing that they think might be good enough before they realize that what they really need is best-in-class security and understand that we can do the cloud integration aspects that they also knew. Okay? A question here.

Great. Karl Keirstead at Deutsche Bank. First of all, Nikesh for a guy who a year ago said that you no longer giving annual guidance only next quarter, thank you for the reversal.

Appreciate it. I'll -- adaptive dynamic earn. Yes.

I wanted to, let's say, stress test your confidence in 20% billings and revenue growth over the next three years. And, I guess, I'm saying this in the context of you having just put up a quarter where you grew both metrics by 22%. So you just put up 22% and you're saying you're going to grow 20% for the next three. At first that sounds a little bit optimistic, especially given that you're on stage as well talking about a hardware to software form factor shift, which if we look at firms like F5 and others that are going through this. It tends to be quite dilutive to your overall growth rate. So, is it that that form factor shift you expect only to be quite gradual and you can kind of skate around it? Or is it that you're emerging products are just growing so damn fast, but despite that you can still get to 20%? Thank you.

First of all, thank you, Karl. If I'm allowed to clarify, I was not comfortable giving guidance when I walked in because I didn't understand the levers of the business. Nor did I understand the industry and nor did I understand the levers of the Company, and I hate to stand up on stage and comment on behalf of 7,000 people without having some degree of confidence and comfort in our ability to deliver. So, I appreciate you guys and during the last one year of our quarterly guidance, but I think hopefully we have given more guidance and put a large news around our necks. Now, we have to go out and deliver this stuff. So, thank you for reminding me of that. In terms of our comfort level, I want to parse your question into two or three parts. One part is, we are seeing unabated growth in cloud, generally and I alluded to the fact that there is not enough cloud security out there and there has not been enough people enumerating the need for cloud security. I will not take the name of the customer but there has been a recent breach, where it was a cloud breach. And I can tell you that got the phones ringing because people suddenly realized that you can have cloud breaches, even though you are using a public cloud provider, security cannot be used as an open source set of tools. You have to go find a security product to secure cloud instances as you start putting more and more important crown jewel data out there. So, we believe that that's going to drive more of the VM use case, we believe that's going to drive a lot of the Prisma cloud use case. We're also seeing -- as…

Pierre Ferragu, New Street. Nikesh, first of all --. Pierre Ferragu, New Street. Nikesh, first of all, thank you very much for not changing your business model. It took me a very long time to figure it out and I spent…

It taken me 12 months to figure out, then I had to go figure out what the other guys…

What have done so far. That's great. And it gives me the opportunity to ask more of a product question to Nir. And so, you explained very well how you plan to completely crush all proxy-based competitors. And I was wondering, and you've defended it very well all the -- all what you have already in your development in the next-generation firewall and all what you've done from there. But I was wondering how you transfer that benefit to technologies you're acquiring. So, for instance, if we look at the components of Prisma Cloud, when they came in first day what did you do? How did you integrate their technologies with your existing technology? How did they benefit from that? And then your clients using it, how does it benefit from having a Palo Alto Networks firewall and having Prisma Cloud in the same environment?

Yeah. Thank you for the question. So, Nikesh mentioned a couple of the principles that we now apply more vigorously in terms of the incoming companies, level responsibility we give them, the expectations we put on the founding teams of these companies to continue to execute, as well as to build an integration plan. And it's interesting you asked about Prisma Cloud, that was formed out of the basis of two acquisitions, Evident.io and RedLock. The integration of those two together took us about four months. Four months to integrate two products into a single platform. It now forms the foundation where we'll be able to then further integrate Twistlock and PureSec into that platform continue to extend it out. Again, pulling the leadership teams of the companies into this together in order to make sure, and then building an execution plan that includes the integration that we all agree on very quickly after the acquisitions happen. And we're very much in the midst right now of executing on that with an expectation that by the end of this calendar year those will now be new modules in the Prisma Cloud platform. So, a lot of this is around giving the right people the right responsibility, the right accountability and then executing. And we're showing that we can do this a very good success. On the customer side then, what they're seeing is, very easy adoption of additional cloud security capabilities showing up in the same platform that they're already used to. They simply get to consume and deploy against our cloud workloads, which is a very powerful a go-to-market and adoption aspect that the products are enabling.

Yeah. Another example will be XDR. So we bought an EDR company, we bought in NTA company, right, Secdo and LightCyber and integrated both together. Nobody believed we can do that. Nobody believed we can take network data, take endpoint data, combine them together and generate meaningful analytics based on that. And we're the first one to do it, and like I said, EDR, NTA as their -- and they're don't make sense and now we're going to integrate -- we plan to integrate more and more things into it. Now, the other type of integration that we have, which I think we partly ask about is, when we buy someone like Zingbox, or we develop something like DNS security, it becomes a service that is attached to our firewall. And all the customer has to do to use it is to flip a switch. You flip a switch and you use the service, and you test it for a week, a month, whatever, you like it you buy it, you don't like it, you don't buy. And most customers, they're turning to and they see things that they just can't not buy the product. And the interesting thing is that, those services apply to all form factors. So if you have a physical firewall, you do that, if you bought Prisma Access, you turn in and you do that. If you went with a competitor, with a proxy competitor and you want to do IoT security in the branch, which you do, like you need to secure printers and you probably have IP phones and video cameras and other things connected to the network in the branch, what do you do? You have to go to an IoT security company, you have to the buy their product, you have to deploy it in the branch and you have to do deploy it in 2,000 branches, if you have 2,000 real points and somehow operationalize it. With Palo Alto Networks, if you are a Prisma Access customer already, you turn on a switch, immediately it applies to all your branches, you like it you buy it, you don't like it you don't buy it. It's that simple. Okay?

There are other question right next to the gentlemen.

Hi, it's Keith Bachman from Bank of Montreal. Nikesh and Kathy for you, is M&A inclusive or exclusive of what you just put up on the board? And what I mean by that is, as we think about the revenue outlook and billing outlook, I assume that the context of that is mostly smaller deals probably don't move the M&A, but I just wanted to see if you could clarify. And it relates to you as well Kathy on the margins, this year you're suggesting that margins go lower but thereafter, they'll move higher. And so, is that again M&A neutral? So if you do some deals you might ask for forgiveness for the margin growth that you're suggesting in the outer years if in fact you do pursue M&A even some smaller deals that might pressure those margin. So, inclusive or exclusive is the shorter question of M&A?

So to give you a framework, it's exclusive of any large M&A, which has a significant revenue acquisition component. So, if you go buy a company for $100 million of revenue, where -- that's not part of our plan, as I said to the gentleman earlier, there is no plug in these numbers that we're going to be acquiring $200 million, $300 million revenue growing at 50% right, that is not a bad stuff. We're not looking for M&A as a strategy. We're looking as platform as a strategy. Now, in the platform context, if you think about, are we better off going back and, for example, we built Cortex XDR from the acquisitions. We've put it -- we got the teams to integrate. We didn't sell it for six months. We got them to integrate and sold it after. They put it together. Twistlock, RedLock, PureSec, we integrated and we're deploying it across our platform. So if you find there is a product need and a product market fit that needs to be integrated across the platform that stuff will have to be acquired and we'll keep you posted as we acquire them, what the impacts of those are financially. We have not built any expectation saying we're going to be doing $500 million of acquisitions every year and it's going to have certainly EPS impact, we're going to take that and take into these numbers. These are raw numbers, organic, Kathy has told you FY'20 has a $45 million M&A for this year, after one year we roll that into our organic numbers. So FY'21, 2022 there's no -- there'll be unless we do something between now and then there is -- those will become organic numbers. One thing I think there was a clarification question which I want to announce publicly, somebody asked a question about the duration of 10%, is that every year or across three years? The answer is over three years, not every year. I'm trying to keep my friends out of jail, I heard that broadband is poor in Jail, so. And still on MPLS.

Sounds good idea. My wife just watching the [indiscernible] black last night. So I don't want you there. Michael Turits from Raymond James. Question on -- for Nir and Lee, you guys talked about SD-WAN and SD-WAN is big and a big part of what Fortinet has been talking about for some time. So I'm trying to think about, first of all, how do you become an SD-WAN player? What are you going to do with it? Is it similar I think to what Fortinet is doing and saying, hey, we can do this too and function the SD-WAN? Or are you going to use it to help improve GlobalProtect cloud services networking component, because that's also a big place for Zscaler wins is by doing networking that they say salespeople money?

Yeah. Doing networking with a proxy, that's interesting, but...

He doesn't need any more encouragement.

I just want to get him proud -- I have seen him perform for a while.

Yeah. So SD-WAN, SD-WAN -- so maybe 30 seconds on what SD-WAN is. So, just a word on same page. As applications move to the cloud and it stops making sense to the MPLS, you want to -- you start using regular Internet connection through IDSL, cable modems, whatever, D3s, E3s, whatever you can get. The challenge with that is that, they don't provide you the same reliability and performance guarantees that MPLS does. So, all of the sudden, you start relying on applications in the cloud like Office 365 and G Suite and Salesforce.com or your own applications in public cloud, but you cannot get the same guarantees. So SD-WAN is about taking multiple Internet connections like a DSL from one provider and a cable modem from another or 2DSL or a DSL and LTE or 5G, so on and so on, and somehow doing some kind of networking tricks on them such that with the tool or more links you can get to the same reliability and the same guarantees more or less that you get from MPLS, of course, at a much lower cost, much higher bandwidth, which is what those applications in the cloud need. Now, there are multiple ways of doing that, you can do it in the branch itself, meaning you can take the firewall that is in the branch and you can add SD-WAN to that firewall and do that -- those networking tricks to make those multiple Internet connections appear much more reliable. And we're doing that, meaning we are building that and that's going to become a subscription on top of the firewall, that's like Lee said, where if you deploy our firewalls in the branch, we do that and in that respect, it's somewhat similar to what other SD-WAN vendors…

QED, yes.

Do I need to acquire? No like Lee said, we're building SD-WAN.

Okay.

Erik Suppiger, JMP. Couple of questions, one on the free cash flow margins. Is the primary cause for the decline this year duration or what should we think of as the primary hit on the margin front? I'll ask the second question after that.

Yeah. The primary reason for the decline is the same primary reason you see for our operating margin decline, and that's the investments that we're making, not only organically to drive the new areas of our business, but also the M&A investments that we've made.

Okay. And then for...

Which is why we expect it to turn around.

Okay. Then for Nir or Lee, XDR, is that product production-ready? How much of that -- how can we gauge the success of XDR from here? Because we've had Traps out there for a while. Is this something that's going to be a viable competitor to CrowdStrike at this point? Or how should we be thinking about that? And how much of that is getting sold outside of your installed base?

So, as we mentioned earlier, we're actually very happy with how XDR has done. Now, it's early. We announced it about -- and released about four and a half, five months ago. You saw the results for the first full quarter, number of customers we added. So, very excited about the initial market reception, customer reception to XDR. And the messages that we talked about here are things we're hearing from our customers. Very powerful -- the ability to integrate the -- and stitch the endpoint data with the network data. No one else can do that, no one else can give the end-to-end visibility, reducing the number of alerts, reducing the amount of time it takes them to actually investigate incidents. So all the things we said here are -- they're here because that's what we're hearing from our customers that have adopted XDR. Okay? The -- and the interesting aspect of this is, that is enabling us to really sort of change the conversation with our customers to one that is a very strategic conversation about the shift toward, not just endpoint protection, but the shift toward analytics and ultimately toward automation and tying that with Demisto. Okay?

So going back to the theory…

Proxy, almost similar. No. This is another case where I think that the right technical solution will win. EDR doesn't make any sense. It really doesn't make any technical sense to limit yourself to collecting data just from endpoints, limiting yourself to processing data just from endpoints and then responding back to the endpoints, where we all know that the Traps happen across the entire infrastructure. They can start in the SaaS application and then take over an endpoint and then propagate through the network and end up in the public cloud, where your data is. It -- the right technical way of doing it is to collect data from multiple parts of the infrastructure into one place, use your analytics, all your people or whatever it is to go through the entire data, find the attacks-based information in the entire data and when you find an attack, it doesn't matter where the signal came from, you want to respond back to the entire infrastructure, which is kind of where Demisto comes in, responding back to the entire infrastructure. And I just don't see the competition doing that. I don't see the competition doing more than just basic endpoint data collection and response. So, assuming we get the right marketing and the right sales and marketing around it, go-to-market and there are some missing product features, I think that next time we'll be able to talk much more about where we are versus the competition.

If I may elaborate on that from a market activity perspective, and given that we've only had 4.5 months worth of great experience with the product in the market against the competitor you mentioned, we -- remember 12 months ago, we didn't have a dedicated sales force that could compete in terms of on a point-by-point basis against some of these competitors because we had a core sales team, which was aren't as fully adaptive selling this product. Now that we have speedboat teams out there, it's fair to say, we saw CrowdStrike in between 25 and 30 deals, which were in our installed base, because that's why we went after first, and I think the number is we were able to beat them in 75% of the deals we saw them in our installed base. Again, it's one data point. But we're slowly getting our act together and getting better at this stuff. But six months ago, we didn't have a product. Traps would not compete against EDR because Traps endpoint protection did not do an XDR. We launched XDR, we've made Traps free. We have thousands of customers using Traps. Our first target is go to the customers who already have Traps, they already have a Firewalls, who better than them to make sure that they can buy an XDR and we're delighted that 75% of them were CrowdStrike [indiscernible] more deals than we do because they have a larger sales force, but we're delighted that we were able to beat in 25% -- 75% of those deals.

Thank you. Shaul from Oppenheimer again. Maybe question for Amit or Kathy. European performance were as -- it has been quite stable over the course of the past probably two years now. I think this quarter and last quarter, not as strong as we have seen before. So, is it a macro issue? Maybe a UK-specific issue? Maybe tightening -- tying it to a former macro related question that was asked? Thank your.

It's just a great opportunity. Really -- it really is. Europe strong adopter of -- cybersecurity is actually on the headlines and there is national legislation in countries to go fix it. And we're just investing in the team, giving them resources, we love the leadership team there. So it's actually a growth opportunity for us to do -- continue to do well and actually do better in EMEA.

All right. We got one in the front and then two in the back on the right.

Thanks. Andy Nowinski with Piper Jaffray. So, the question with regard to Prisma Access. At the Gartner Security Conference, a few months ago Zscaler was on stage at the keynote and they had a few customers on stage as well, that said, they tried your GlobalProtect cloud service, which you're now calling Prisma Access and didn't get the performance that they were looking for. It wasn't scalable. I guess, can you just talk about how you've changed or fixed the performance in the architecture?

We -- it was a company, it was not existing customer. And they had actually selected said competitor. So we had an opportunity to get in one last chance and they told us the same thing. And we said, can you share with us the test that you're doing? And it was provided by the competitor and it was a flawed test. We were able to show them how it was a flawed test and after they readed the test to no longer be a flawed test, Prisma Access performed wonderfully. And that was before the most recent update to Prisma Access where we now have over 100 on-boarding locations around the world. So, we are very pleased with the performance of -- performance capabilities of Prisma Access as a globally deployed cloud solution.

And as the video you saw, which talks about a million employees and hundreds of hospitals, they ran a full POC against the same competitors. So hopefully --. Sorry, which is already deployed. Yes. All right. Question in the back and we're coming to the end of our Q&A session. But we will take a few more questions some there and then, let's go to Brad first. I don't want to end on Brad.

This is a fantastic presentation today. My question is actually really simple. Three months ago, if we listen to your remarks in your earnings call, you talked about a transition.

Yeah.

There is not much of a transition.

Yes.

Why?

Good question. I'm glad you asked it. Four, five months ago we were going full speed ahead analyzing every which way we can make this transition to a fully ratable model. And when we sat down and looked at it from an accounting perspective, a legal perspective, a go-to-market perspective, we would have to impact the channel, our salespeople, we all step back and said, okay, why are we doing this. Our customers are buying billions of dollars of products from us. They have a motion. Our salespeople know how to record it. How to sell it. And we sat down and said, we're doing it because the industry likes our models, our software models. I personally like money upfront. Cash flow is a good thing. You go out and hunt, use some this year, rest of them you put in a cold store and use it in year two, and year three. Why do I have to go hunt every year if I'm going to go to analyze model? So, we just felt that we were trying to unnaturally change the Company's business model and transition to a place, which is more akin to a pure software SaaS ARR-based model and we are -- it's kind of a hybrid business. We have a firewall business very strong, and we're building the next-generation security business, which we believe is going to be very strong and some of the characteristics of this we really like. We like the upfront cash, we like the cash flow that this brings us. We like the fact that it gives you long-term deferred revenue, which allows you to be amortized. So we decided that we're better off going this way. So this is why we're here. And then we were comfortable that we've analyzed everything -- every Sunday. This Analyst Day has been in the making for six months. Right? We've been trying to look at what we want to come and tell you, what's important, what's not important. As I said, I probably will never read as many research notes that I've read in the last six months from all of you guys, apologies to you, but I have a day job. But I did read most of them, and I did read, but you guys have concerned about, and I understand why you like those models. But if you got to run the Company, you'll be the owner [ph] of the company and the way the customers want us to deliver the product. So that's why.

Srini Nandury, Summit Insights Group. Nikesh, recently VMware acquired Carbon Black and...

Who?

VMware.

Which Company?

Okay. VMware.

Yeah, yeah. I know VMware very well.

Acquired Carbon Black.

Yes, Carbon Black, yes.

Okay. So the question is this, we are trying to make sense of how the landscape is going to be evolving, It looks like VMware is going to be acquiring more companies in this space and what does this mean for the whole security landscape going forward?

I can't comment on VMware strategy. There are lot of people who believe security is important, right? And they're all stepping up their acquisitions and security. And I think that's probably accurate. You will see a lot more acquisition in this space, because I don't think 2,500 vendors are going to survive. One of the questions early gentlemen asked was buying behavior. I firmly believe in the next five years, you will see more consolidated single vendor buys than you will see multi-vendor buys. 800 EBCs at Palo Alto Networks where customers show up and I haven't seen a customer who's actually espouses desire that he wants -- he or she wants multiple vendors to be able to secure their environment. They're looking for a solution which integrates across multiple solutions. So, if any company out there, whether it's VMware, or whether it's Microsoft, whether it's Broadcom can actually take products and integrate them. I think they're going to win. So, the question is not acquiring, we can all acquire companies. Acquisition is the easiest part. The question is, can you actually integrate them? Do you actually get leverage from integrating them into your platform? Acquiring a customer, putting them in an ELA and making them free or being part of your large, what is that, I hear that platform level. So there is a new term you will hear soon in the security space from ELAs to PLAs because people have disparate products security and consulting and chips and you could put them into a PLA now, it does not have to be an ELA anymore because it's more than an Es to P. But those are interesting parts. I think the true need of the customer is an integrated platform. So people can deliver integrated platform more part…

We'll do that out in the field not here.

So, I'll give you some data point and then I'll have our product leadership answer that. I went back and as part of preparing for the Analyst Day, I looked at the enterprise IT spend of the last seven years, right? Because it's typically the end-of-life for most IT infrastructure between seven to 10 depending on what it is and where you buy it. There is approximately $1 trillion, $1.2 trillion a year, that's been spent on enterprise IT. The reason I go to track that is because I think security is 3% to 8% of that number, right? In financial services, the government goes to 8% because they're very security conscious, others go to 3%. So if you think about it, there is approximately $12 trillion to $15 trillion of plant out there in enterprises, which is IT infrastructure plant. I just put a slide up there, which is a Gartner slide or Goldman Sachs slide, I don't remember those, Goldman Sachs, maybe it's from this morning, which talks about the cloud disruption opportunity of $1 trillion in 2023, right? So, either you're telling me that we're going to stop spending an enterprise IT and the IT entire is going to go down and all we're going to do is, we're spending in the cloud. Or are you telling me, people are still going to spend $1 trillion to it, growing at 3% and a lot of that is still going to go to enterprise IT. So, I suspect this transition is going to take longer than we think that people are still going to be spending enterprise IT. Now, not in the margin, it may be smaller number because people are shifting to the cloud and what it doing is two things, one, it's making people reevaluate as I'm going to make that shift to the cloud, what do I want to buy that allows me that transition, and that's why one of the large retail as we talked about, they're going to the cloud. They don't want to just buy hardware firewalls, they want to make sure they can get VM, so the cloud instances they can get a cloud-delivered architecture to Prisma Access. So the question is, we expect this transition to happen in the next five to seven years, a lot of it. Do you have products that satisfy the three use cases? So data center use case, the transition use case to the cloud and then the new architecture towards the cloud. So we think that's why the product strategy is aligned towards this transition. We think that shift is going to happen. It will happen on a customer-specific basis depending how ready they are. It will happen on a industry basis. So shows us on the moving parts, but we think firewalling is around for a while for the people who are still investing in data centers. But I'll let my product colleagues elaborate on the...

Sure. So from a product perspective, the firewalls get deployed in lots of different places, they get deployed in the datacenter, they get deployed at headquarter gateways, regional sites, branch offices, and the -- some of those use cases are more attractive to shift the form factor. So, for example, applications moving to public cloud, the form factor toward would be software for lots of different technical reasons that are mostly sort of straightforward to understand why you want to do that. For example, you can't shift a hardware device to Amazon and ask them to deploy into your AWS account. You have to use software form factors. As we talked about for branch offices, retail, mobile users, there is a shift that we are driving with Prisma Access that we believe is a very good shift, both in terms of the customer outcome, as well as what they need and want to be able to accomplish. But there is still -- as Nikesh was saying, this investment in the enterprise infrastructure over the last seven-plus years, there will continue to be a lot of investment in that infrastructure has to be protected. So, particularly in the larger central sites, regional sites and the world will be hybrid for a long time, meaning datacenters there will still be a lot of hardware that will need to be deployed against that. And one thing we didn't talk about today, but it is very important is, in a lot of those places that I just mentioned, the performance of hardware starts to become really important, right? If you think about a large headquarters with 10 gig connectivity growing, you want to do internal segmentation or do segment of IoT devices and things like that, which that would be 100 gig, some of the larger datacenters, hardware still has a very important role to play in a lot of those core use cases.

All right. I think with that we'll call an end to the Q&A session. I want to say thank you to my management team here, who has been part of the journey and getting us here so far. I also want to use the opportunity to shout at our 7,000 employees around the world who worked hard to deliver the results that we are able to deliver and hopefully we'll keep working hard for the next three years to achieve the targets and beyond, to achieve the targets we've outlined. With that, it's my pleasure to invite you downstairs for some cocktails and some demos, instead -- in case you want to geek out in some of the products.