Zscaler, Inc. (ZS) Q1 2025 Earnings Report, Transcript and Summary

Good day, and thank you for standing by. Welcome to the Zscaler First Quarter 2025 Earnings Call. At this time, all participants are in a listen-only mode. After the speakers' presentation, there will be a question-and-answer session. [Operator Instructions] Please be advised that today's conference is being recorded. I would now like to hand the conference over to your speaker today, Ashwin Kesireddy, Vice President, Investor Relations and Strategic Finance. Please go ahead.

Good afternoon, everyone, and welcome to the Zscaler First Quarter Fiscal Year 2025 Earnings Conference Call. On the call with me today are Jay Chaudhry, Chairman and CEO; Remo Canessa, CFO. Please note, we have posted our earnings release and a supplemental financial schedule to our Investor Relations website. Unless otherwise noted, all numbers we talk about today will be on an adjusted non-GAAP basis. You will find the reconciliation of GAAP to the non-GAAP financial measures in our earnings release. I'd like to remind you that today's discussion will contain forward-looking statements, including, but not limited to the company's anticipated future revenue, calculated billings, operating performance, gross margin, operating expenses, operating income, net income, free cash flow, dollar-based net retention rate, future hiring decisions, remaining performance obligations, income taxes, earnings per share, our objectives and outlook, our customer response to our products and our market share and market opportunity. These statements and other comments are not guarantees of future performance, but rather are subject to risks and uncertainty, some of which are beyond our control. These forward-looking statements apply as of today, and you should not rely on them as representing our views in the future. We undertake no obligation to update these statements after this call. For a more complete discussion of the risks and uncertainties, please see our filings with the SEC as well as in today's earnings release. I also want to inform you that we'll be attending the following conferences: UBS Global Technology and AI Conference in Scottsdale on December 4th; Scotiabank Global Technology Conference in San Francisco on December 10th; Barclays Global Technology Conference in San Francisco on December 11; Needham Growth Conference on January 9th and 10th. Now, I'll turn the call over to Jay.

Thank you, Ashwin. We delivered a strong Q1 with all metrics once again exceeding the high-end of our guidance. Revenue grew 26% year-over-year and bookings growth accelerated to over 30%, driven by increasing customer commitments through our Zero Trust Exchange platform and growing interest in our AI solutions. Our billings growth of 13% far exceeded the recent average growth rate of publicly traded legacy network security vendors by over 10 percentage points, demonstrating our continued market-share gains in cyber security. We are making tremendous progress executing on our go-to-market plans and driving innovations that our customers are relying on us for. With continued strong demand, I'm very pleased to increase our full-year billings and revenue guidance. Q1 was a solid quarter for profitability as well. With our operating discipline, we grew operating profit by 50% year-over-year and delivered new Q1 records for operating margin of 21% and free cash flow margin of 46%. While many successful SaaS companies strive for Rule of 40 results, our revenue growth and free cash flow margin makes us a rare SaaS company that operates at Rule of 70 or better. This places us in the top handful of the 145 largest public SaaS companies. In my scores of customer conversations, CXOs are prioritizing zero trust security and AI for their IT spending. We are fighting AI with AI. We recently delivered several AI innovations and are continuing to expand our AI portfolio in the following three areas of high customer interest; first, securing use of AI applications for faster and safer adoption of public and private AI applications. We enable customers to securely adopt public AI apps such as ChatGPT, Microsoft Copilot and GitHub Copilot with Zscaler for copilots. Zscaler for copilots provide granular visibility to find and classify on-prem or cloud data, gives access control for only the right users to access data, limits copilots' discovery of data, fixes copilot misconfigurations and enforces policies to stop sensitive data from leaking. Our industry-leading capabilities in this area are driving large customer wins. For example, in a new logo win, a global 2000 technology services customer purchased our AI-powered data protection solution, which accounted for 50% of the seven-figure ACV deal. Data protection enables this customer to securely roll out Microsoft CoPilot. The secure use of Office 365 was a huge opportunity for us. And I believe the secure use of Microsoft Copilot is a huge opportunity as well. In addition to enabling secure adoption of copilots, we provide visibility and control into public AI apps used by employees, scores a risk level of AI apps, and store prompt queries for logging or auditing purposes. With the widespread adoption of public AI apps, we are seeing growing demand for their security. Our innovations are expanding beyond securing public AI apps to customers' private AI apps, including chatbots, LLM and SLM models and inference engines. We are expanding the functionality of our in-line proxy-based zero trust exchange with an LLM proxy to analyze prompt queries and results to detect and prevent prompt injections and other malicious activities. Second, AI-powered automated digital experience for operational efficiency and faster resolution of end-to-end user performance issues. Our already available automated digital experience products, including ZDX Copilot are contributing to large deal wins. For example, in a seven-figure ACV upsell deal, a large healthcare provider doubled their ZIA subscription to 60,000 seats and purchased ZDX Advanced Plus, which includes ZDX Copilot for all 60,000 seats. This customer plans to use ZDX Copilot to automate IT operations and reduce resolution time for service tickets. With this deal, this customer's annual spend more than doubled with us. We are taking ZDX Copilot to the next level with ZDX AI agent to automate root cause analysis, resulting in further reduction in resolution time and provide automated recommendations to fix user performance issues. Third, AI-powered security products for better cyber and data protection and SecOps automation. We have delivered several AI-powered innovations for data and cyber protection such as automated data classification, Gen AI-based image classification, zero-day vulnerability detection and prevention, AI-powered app segmentation, and ML-based IoT/OT device discovery. For increased productivity and efficiency of security operations, we have introduced several innovations, including Risk 360 and unified vulnerability management by extending our Zero Trust platform with data fabric technology. We are developing other AI-powered innovations, including breach prediction, threat hunting, and more. Our AI-powered solutions leverage the vast amount of proprietary enterprise data generated by 500 billion transactions per day processed by our Zero Trust Exchange. We will continue to leverage our data and combine it with new agent-based technologies to rapidly expand our AI portfolio. The combination of Zero Trust and AI is creating exciting new opportunities, which we are well-positioned to capture with our large and expanding platform. Moving on, hackers are finding new ways to exploit the limitations of legacy castle-and-moat security to launch an increasing number of sophisticated attacks. Such attacks often start with exploitation of firewall or VPN architecture. These traditional security solutions enable threat actors to move laterally on the corporate network and compromise the entire organization. To make up for the flawed architecture, legacy security vendors are offering disjointed point products under the pretext of a platform. This increases cost and complexity for customers. A Fortune 50 retail customer recently told me that a legacy firewall vendor sold them a so-called platform. And when they tried to implement it, they found that it was nothing more than consolidated billings. Complexity is the enemy of security and resilience. No wonder so many enterprises are getting breached despite spending billions of dollars on so-called SASE security, which is nothing more than virtual firewalls and VPNs in the cloud. The sooner organizations move away from these disjointed security solutions to Zero Trust, the sooner they will become secure and resilient. Zscaler customers modernize and future-proof the security with our platform for better security, operational simplicity and cost reduction. Today, we proudly secure over 35% of Global 2000 and about 45% of the Fortune 500, and we're seeing more and more large enterprises adopt our platform. To give you an example, in a new logo seven-figure ACV deal, a global 2000 aerospace and defense company purchased ZIA for 100,000 users and workload protection for 5,000 workloads. This customer initiated a strategic shift towards a cloud-first architecture and chose Zscaler as their partner for their security transformation. Additionally, we see significant opportunity for ZPA upsells. Let me share an example. An existing Fortune 500 insurance customer expanded the ZIA subscription from 45,000 to 70,000 users and purchased ZPA for all 70,000 users. In addition to securing access to private applications, rapid M&A integration for faster time-to-value realization was a key objective for this customer. ZPA expedites M&A integration by securely providing zero trust access to applications for the acquired entity's employees without having to connect the networks of two companies. This is not possible with a firewall-based SASE solution. With this upsell, this customer's annual spend with us almost doubled to over $5 million. We expect ZPA to continue to be one of our biggest growth drivers in fiscal 2025. Moving on to data protection. At Zenith Live, we outlined our broader vision of our data protection solution that our customers are increasingly adopting. For example, in a seven-figure ACV deal, a Fortune 500 pharma company purchased our data protection solution for over 23,000 users to eliminate multiple point products, including legacy data loss prevention, insider threat management, email data security, and more. This purchased nearly doubled the annual spend of this customer with Zscaler. I'm thrilled with the innovations we are bringing to our data protection solution. For example, we recently introduced a unique offering, which combines the capabilities of ZPA with our cloud browser product to bring zero trust access to third-party suppliers and partners. Traditionally, third-party application access was addressed either by VDIs that are expansive and complex or by third-party enterprise browsers that require yet another agent to be deployed on the endpoint. Third-party enterprise browsers are complex to deploy and manage and their vulnerabilities are being exploited by attackers. Our solution uses standard browsers like Chrome and provides superior security while eliminating VDIs and third-party browsers. To give you a few examples, a global 2000 IT services company for 20,000 users, a US-based shipping and packaging company for 7,000 users, a global 2000 insurance company for over 5,000 users, each purchased our cloud browser solution to eliminate legacy third-party access products. We will continue to invest to accelerate innovations in this area. Next, our emerging products, including ZDX, Zero Trust for Branch and Cloud and AI analytics are increasingly contributing to our success. I'm excited to share that emerging products ARR is growing twice as fast as our core products. Combined with our account-centric go-to-market motion, our emerging products are driving large seven-figure deals. Let me share two examples. First, in a seven-figure upsell deal, a Fortune 500 transportation customer purchased ZIA for workloads, eliminating virtual firewalls from the cloud environments. This upsell drove approximately 40% increase in the annual spend of this existing $5 million-plus ARR customer, driven by our continued innovations for workload protection and our account-centric go-to-market strategy, we are securing large workload footprints for increasing number of customers, which has accelerated workload protection ARR over the past couple of quarters. Second, in a new logo seven-figure ACV win, a large US automotive supplier purchased our Zero Trust SD-WAN for all 45 of the branches and Zero Trust device segmentation for their 37 factories. A combination of Zero Trust SD-WAN with Zero Trust device segmentation will eliminate lateral threat movement among branches and factories, which is not possible to achieve with traditional SD-WAN. I believe with our solutions, we will accelerate the decline of North-South and East-West firewalls. This deal is an example of a global system integrator or GSI, working closely with Zscaler to transform customers' legacy networks and security to Zero Trust architecture. Next, in the federal vertical, we added a new cabinet-level agency this quarter and now we proudly serve 14 of the 15 cabinet-level agencies, including the DoD. The federal agencies are adopting the Zscaler platform to improve their security posture and reduce cost and complexity by eliminating firewalls and VPNs. Having landed these cabinet-level agencies, we see significant upsell opportunities to grow ARR over time. We are also continuing expansion into other federal agencies. For example, in a new logo win, a large federal agency purchased ZPA and ZDX for 22,000 users in a seven-figure ACV deal. Government investigations by multiple countries, including Australia, the European Union, Japan, Singapore, the United Kingdom, and the United States have concluded that nation-state fiber attackers are successfully breaching the moat created by firewall-based solutions, and as a result, these governments are planning to adopt Zero Trust architecture. We see this as a huge opportunity and we will leverage our success in US Federal to grow our business in these and other countries. Next, let me share a few highlights of the progress we are making to up-level our go-to-market engine. I am pleased to share that we're making solid progress on hiring and attrition plans. We had a strong quarter of hiring highly experienced quota-carrying account executives and had lower attrition. We expect these trends to continue in Q2, strengthening our sales capacity heading into the second half of fiscal 2025. Last year, we made the strategic decision to shift our sales motion from opportunity-based selling to account-centric selling. Our CRO, Mike Rich and his team are executing on this strategy and we are already seeing stronger customer engagements, higher-quality pipeline, better close rates, and more business with customers. Strong customer engagement and sales execution contributed to over 20% year-over-year growth in unscheduled billings in Q1. As a reminder, unscheduled billings is comprised of new upsell and renewal billings. We also grew $1 million-plus ARR customers by 25% year-over-year to 585. We ended Q1 with over 65 customers spending $5 million-plus annually with us. Moving on to the channel, we are working closely with our strategic partners, including GSIs, strategic national and regional partners, and hyperscalers to drive faster value realization for customers. An increasing number of strategic partners are embedding Zscaler's platform in their solutions for their customers. Our joint partner offerings are expanding beyond ZIA, CPA, and ZDX to now include our emerging products. Overall, with strong execution in our account-centric sales motion, we expect to continue to grow the number of $1 million-plus and $5 million-plus customers at a strong pace. With a more mature pipeline, a stronger sales team and growing partner engagements, I believe we remain on track to increase sales productivity and achieve strong growth. In conclusion, our expanding portfolio that combines the power of Zero Trust and AI is resonating with customers. Our customer engagements are getting stronger as demonstrated by our Net Promoter Score or NPS of over 70, which is well over 2 times the SaaS company average. I am proud of the progress we made in our go-to-market initiatives this quarter and we will continue to make further progress towards achieving our next goal of $5 billion in ARR. Now, I'd like to turn over the call to Remo for our financial results.

Thank you, Jay. Our Q1 results exceeded our guidance on growth and profitability, even with ongoing customer scrutiny of large deals. Revenue was $628 million, up 26% year-over-year and up 6% sequentially. From a geographic perspective, Americas represented 54% of revenue, EMEA was 30% and APJ was 16%. Our total calculated billings in Q1 grew 13% year-over-year to $517 million. As Jay mentioned, our unscheduled billings comprised of new, upsell, and renewal billings grew over 20% year-over-year. Our calculated current billings grew 12% year-over-year. Our remaining performance obligations or RPO grew 26% from a year ago to $4.411 billion. Current RPO was approximately 49% of the total RPO. We ended Q1 with 585 customers with over $1 million in ARR and 3,165 customers with over $100,000 in ARR. This continued strong growth of large customers speaks to the strategic role we play in our customers' digital transformation journeys. Our 12-month trailing dollar-based net retention rate was 114%, while good for our business, our increased success in selling bigger bundles, selling multiple pillars from the start and faster upsells within a year can reduce our dollar-based net retention rate in the future. There could be variability in this metric on a quarterly basis due to the factors I just mentioned. Turning to the rest of our Q1 financial performance. Total gross margin of 80.6% compares to 80.7% in the year-ago quarter. Our total operating expenses increased 5% sequentially and 19% year-over-year to $372 million. We continue to generate significant leverage in our financial model with operating margin of approximately 21%, an increase of about 330 basis points year-over-year. Our free cash flow margin was 46%, including data center CapEx of approximately 3% of revenue. We ended the quarter with over $2.7 billion in cash, cash equivalents and short-term investments. Now let me provide our guidance for Q2 and full-year fiscal 2025. As a reminder, these numbers are all non-GAAP. For the second quarter, we expect revenue in the range of $633 million to $635 million, reflecting a year-over-year growth of approximately 21%, gross margins of approximately 80%. I would like to remind investors that we are introducing new products that are experiencing strong growth and are optimized for faster go-to-market rather than margins. This will continue to influence our gross margins. We plan to optimize new products for margins over time as they scale. Operating profit in the range of $126 million to $128 million, net other income of $18 million and earnings per share in the range of $0.68 to $0.69, assuming a 23% tax rate and $163 million fully diluted shares. For the full-year fiscal 2025, we expect billings in the range of $3.124 billion to $3.149 billion, reflecting a year-over-year growth of 19% to 20%. We expect our first-half mix to be approximately 39.3% to 39.5% of our full-year billings guide, revenue in the range of $2.623 billion to $2.643 billion, reflecting a year-over-year growth of 21% to 22%, operating profit in the range of $549 million to $559 million, earnings per share in the range of $2.94 to $2.99, assuming a 23% tax-rate and approximately $164 million fully-diluted shares. We expect our free cash flow margin to be approximately 23.5% to 24%. We expect our data center CapEx to be approximately three points higher as a percentage of revenue compared to fiscal 2024 as we invest in upgrades to our cloud and AI infrastructure, with a large market opportunity and customers increasingly adopting the broader platform, we will invest aggressively to position us for long-term growth and profitability. On a personal note, I'd like to share that after eight amazing years, I have decided to retire as Chief Financial Officer of Zscaler. It has been my greatest pleasure to be a part of Zscaler's journey from less than $250 million to over $2.5 billion in ARR. I'd like to thank Jay for his confidence in me. It has been a true partnership, which for me personally has been very special. I'd also like to thank the employees of Zscaler and our Board of Directors for their support through the years and also thank our customers, partners, investors, and analysts. I am confident that Zscaler will continue to shape the next several decades in cybersecurity with its Zero Trust Exchange platform and I look forward to following Zscaler's progress. Now, I'll turn the call over to Jay.

I want to personally thank Remo for all his contributions to Zscaler. Remo has been a friend and a trusted business partner whose wisdom and judgment helped us make many critical decisions as we scaled our business at an unprecedented pace. He will be dearly missed. Remo will remain as CFO until his successor is appointed. With that, operator, you may now open the call for questions.

Thank you. [Operator Instructions] One moment for our first question. Our first question will come from the line of Saket Kalia from Barclays. Your line is open.

Okay, great. Hey guys, thanks for taking my question here. And first off, Remo, congrats on your retirement. [Indiscernible] Zscaler and all the companies before this as well.

Thank you, Saket. I appreciate that.

Absolutely. Jay, maybe for you. Thanks for the detail on the unscheduled billings growth of 20% this quarter. Can you just maybe talk about how that did versus your expectation or maybe versus last quarter for some context? And as you look forward, do you still feel confident in sort of the accelerated billings growth as that contracted non-cancellable billings pool sort of grows and normalizes back to what it was historically?

So, I'll start. Saket the 20% growth is what we expected and actually exceed our expectations also. As we talked about, the scheduled contracted billings is 7% in the first half and 23% in the second half. So we do expect the unscheduled billings to be 20% plus also in the second half as we talked about in the last call.

Good. And in addition to that, let me add a few comments. Our Q1 was very strong and there are three factors that I believe will keep on helping us in the second half. One, we are seeing strong demand for the Zscaler platform, including solid signs of interest for AI security offerings we have, that wasn't there before. Two, we have a strong and growing pipeline. Three, our ramp sales capacity has strengthened as we had lower sales attrition in Q1. So I feel very good about our guidance for the second half.

Very helpful. Thanks, guys.

Thank you. One moment for our next question. Our next question comes from the line of Andrew Nowinski from Wells Fargo. Your line is open.

Okay. Thanks, Remo. Sorry to hear you retiring. It's certainly been a pleasure working with you over the last decade.

Likewise.

I guess I'd like to ask a question on data security, the ZDX copilot certainly sounds like an interesting opportunity. Given your prior partnership with Microsoft and your ability to securely deliver traffic to Office 365, I would imagine Microsoft is supporting you in this endeavor, but just wondering maybe if you could provide some more color on how you're helping -- how they're helping you bring more customers -- help more customers roll-out Copilot and whether you are seeing Zscaler beat Varonis in that space? Thank you.

Sure. It's a good question. Yes, what we're building is essentially leveraging a lot of work we did with Microsoft over the years. We've done tons of integration, including integration for data and discovery and classification, whether it's talking about OneDrive or SharePoint and others. What gives us unique advantage is that we are sitting in line for all the traffic for Office 365, we can also go what's known as outer band using API for some of the classification, discovery, and the like. But this is as big of an opportunity for us as it was actually for Office 365, maybe bigger in some ways. We are here, the customers have already embraced Office 365. Customers are actually beginning to use Microsoft copilot and now they are concerned about the data leakage and privacy as well. We're seeing real deals. I briefly mentioned during our earnings release, a G 2000 company, they wanted to secure Microsoft Copilots, so they did a deal with us. This was a seven-figure deal and is really driven by our data protection solution that's AI powered, which identifies and makes sure only the right amount of data can be accessed by the right user when they're using Microsoft Copilot. So while many companies out there will try to do AI security, but not very many of them are sitting in the traffic path. They may be able to do one piece of it, but we can do both in line as well as data sitting at us. So I'm very excited with the opportunity. And you will see more coming with us. We are already working with the field with many of the Microsoft organizations to make sure we help our customers as customers are the same common interest.

Thank you.

Thank you. One moment for our next question. Our next question comes from the line of Gabriela Borges from Goldman Sachs. Your line is open.

Hi, good evening. Thanks for taking my question. Jay, I wanted to follow up on your comments on ZPA being a particularly meaningful driver of growth in FY 2025. Maybe just remind us how far along do you think we are in the VPN replacement cycle. How is the competitive environment changing and what are some of the catalysts that might cause an enterprise to reevaluate their VPN and Zero Trust ZPA strategy now versus maybe call it during COVID? Thank you.

Yes, Gabriela, I thought VPNs will be gone a long time ago. There are lots and lots of them sitting out there. Now similar to we used to wonder how long will blue code proxies be here. We're still discovering lots of them and replacing them. But the opportunity is not just VPN. VPN is the starting point. That's a kind of beachhead for us. We are the entire inbound DMZ that replaces the whole stack starting with load balancers, DDoS protection, external firewalls, VPN, all that kind of stuff. So that's big opportunity. And the next phase of this opportunity ends up being Zero Trust segmentation out there. So three-phase, VPN replacement, entire inbound DMZ, and segmentation with Zero Trust. If you look at what we've done with ZPA in terms of numbers, it's a remarkable growth. At the time of the IPO, ZPA was about a single-digit percent of new and upsell business. Today, ZPA is over 40% of the mix of new and upsell generated by ZIA and ZPA combined. I believe it's a matter of time when all of our customers will buy ZIA, ZPA, and ZDX for every employee. That's where our customers are headed. We see more and more wins out there. And the so-called competition is still trying to spin up virtual VPN in the cloud and call it Zero Trust. So we think we have a big advantage in this area for quite some time.

Thank you for the color and congrats to you, Remo, from me as well.

Sure.

One moment for our next question. Our next question comes from the line of Brad Zelnick from Deutsche Bank. Your line is open.

Great. Thanks so much. So much information you've shared Remo, fantastic run, congrats, and nice strong booking start to the year guys. Jay, I was surprised to hear you compare your growth this quarter to that of the firewall players out there, just given how differentiated you are. And some of those folks are talking about significant hardware refresh opportunities ahead as they have boxes that go end-of-life. If you look backwards, to what extent are those events opportunities for Zscaler to go in and totally rearchitect and transform and displace a set of branch firewalls, for example, and bring them onto your platform? Thank you.

Yes. I agree with this statement. I was wondering, should we be ever talking about comparing our billings growth to firewalls? You shouldn't, but the delta was so big that we thought it's worth highlighting it. But moving on to that other question you had about the refresh next year. When people used to ask me three years ago, are you replacing firewall directly and I used -- I would say, no, we are not focused on firewalls. But where we are sitting today, firewall refresh is good opportunity for us and we are planning to target customers with our cost takeout programs. Until about a year ago, we had limited impact on firewalls, but now with a combination of our Zero Trust SD-WAN and Zero Trust device segmentation, we're able to replace most of the firewalls, north-south firewalls, de-stress firewalls in data center, in branches as well in the cloud as well. So I'm seeing tremendous customer interest to reduce or eliminate finewalls with our platform. So it's a good opportunity that we will be pursuing.

Thank you. If I could just sneak in a quick follow-up, I don't know for you or Remo, but 30% plus bookings growth, I mean that is really strong. I think by my math, current bookings using CRPO even is strong as well. So it's not as if this is driven by duration. Can you maybe unpack that for us just to help us to understand -- I understand the scheduled versus unscheduled billings dynamic, but we're looking at a pretty significant delta. And I just -- I feel like that bookings number is so strong, it's worth highlighting and maybe just drilling into a bit for everyone. Thank you so much again.

Yes, I mean, it's a great number, Brad. 30% bookings growth, we're really proud of that. One thing to call out is that is that our unscheduled billings of 20 plus percent growth basically both in the first half and second half is helping that. So -- but 30% bookings growth is again a really good number. CRPO, strong growth in CRPO with 22% RPO growth year-over-year at 26%. So, all good metrics. And again, we're well-positioned with our customers. Our new and upsell is 65% with upsell in Q1 and again, selling into accounts with the new go-to-market organization is taking hold. A lot of good things really happening for Zscaler as we go into the second half -- into Q2 and also the second half of this year.

Thank you. One moment for our next question. Our next question comes from the line of Mike Cikos from Needham. Your line is open.

Hey, guys. Thanks for taking the questions here. And I just really wanted to come back to the 20% plus year-to-year unscheduled bowling -- billings in the quarter. So congrats on that. Just wanted to see, can you tie that into the disclosure that we have today on that emerging products ARR. And is most of that unscheduled billings growth being sustained by those emerging products to see or hear that ARR base is growing twice as fast as core, I wanted to get some more color around if that's the driver on which products within that emerging products classes is seeing the most traction? Anything that would be incremental? Thank you very much, guys.

Yes. I mean it's a -- Mike, it's across the board, it's both emerging products as well as our core products. The emerging products include AI, workload protection, ZDX, and our brand solutions. ZDX is doing very well, but as we called out also workloads is doing well for us. So going forward, we made the comment that we'd be in the mid-20s percentage of new and upsell for the emerging products and we still feel that. But to answer your question, it's across the board, our entire platform.

Yes. Maybe I can add a couple of more comments about it. Yes, that ARR, emerging products, ARR growing at two times our core products. We're very excited about it. So what's driving it? The branch is one part of it. I highlighted some of the deals for the branch. We talked about a seven-figure ACV deal for the branch for this automotive suppliers. We had Zero Trust SD-WAN securing 45 branches. We had Airgap doing Zero Trust segmentation of devices for 37 branches. So that thing is taking long. We believe this is going to disrupt the SD-WAN, which enables lateral threat movement and chance of ransomware attacks. I was especially pleased with the progress we're making on cloud workload protection. We have been selling workload protection. We did a great seven-figure deal in a workload that was very interesting because a lot of these customers in the past have started small with us early on in smaller footprints. Now they're expanding those footprints with bigger deals and that's what's going to accelerate our opportunity here. And then there'll be Zero Trust workload segmentation the next opportunity. That's why we are excited because the only competition in the workload space for us for communication is old-school firewalls and we are excited.

Thank you very much.

One moment for our next question. Our next question will come from the line of Ittai Kidron from Oppenheimer. Your line is open.

Hi, thanks, and Remo, also congratulations and enjoy your retirement. You earned it. A couple of small ones for me. First of all, if I may, Remo, in the last earnings call, you gave an ARR number and an ARR target for the end of the fiscal year. I was wondering if you can give us an update on ARR here and now in the target for year-end? And then secondly on the emerging products, can you remind us what are the two, three biggest pieces within the emerging products category, number one? But number two, also, what percent of new business activity do they represent for you right here right now? Just trying to get a better sense of the change in mix there, contribution-wise. Thank you.

I'll start and let Jay finish up. So, our ARR target for the end of the year is $3 billion. And so we are on track for that $3 billion. Net retention rate is 114%, which again we think is outstanding. And as we talked about that net retention rate is influenced with customers buying more upfront. But because of the new emerging products and the strength of new emerging products, that has a positive effect to that. Related to what makes up the large part of emerging products, I'll turn it over to Jay.

Yes, let me expand upon that. You can put them in a few buckets, CDX started out. It has done very well. It's the biggest piece of it. Zero Trust branch started out the branch-through with Zero Trust appliance, Zero Trust SD-WAN. It's a great area for us. Zero Trust workloads and cloud, I shared a couple of examples, good opportunities. I know the AI products is becoming actually pretty good for us as well. So we are excited. In the past, we had talked about a part of AI products called AI analytics. This solution bundle was up 90% year-over-year. It's coming from a small base, but we're very pleased with the traction of the various emerging products are taking. In the new business and upsell opportunity. As we called out, we expect it to be in the mid-20% range, up from, I believe it was 22% last year. So, we do see emerging products increasing in strength as we go forward.

I appreciate it. Thank you.

Thank you. One moment for our next question. Our next question comes from the line of Rob Owens from Piper Sandler. Your line is open.

Yes, thanks for taking my question. And I guess while we have the opportunity, I'll pick on Remo and something he said because Remo, in your prepared remarks, you talked about ongoing customer scrutiny on large deals. And I don't know if that's just a general economic comment or there's something else coloring your opinion. A lot of the script was around adding AI in some of these transformational solutions that you guys are rolling out. Just curious if there's something else that might be lending to longer sales cycles as deals are getting bigger or if that was just more of a general economic comment. Thanks.

Yes, Rob, it was just a general economic comment, which basically, we haven't really seen any change for a while.

Yes, but that in ways helps us. We are seeing interest in cyber -- especially cyber that can really reduce the chance of ransomware attacks and the like. So that's where Zero Trust comes in. And then the CIO often will say and that hasn't changed. I like your cyber method. But if you can reduce my cost and complexity, to doubly motivate it. So really, we have combined the need for Zero Trust and now AI becomes a further catalyst with cost and complexity reduction, which is helping us because most companies can't do cost reduction. Legacy firewall vendor is not going to cannibalize that large installed base of firewalls, we can.

Great. Thanks for the color.

One moment for our next question. Our next question will come from the line of Brian Essex from J.P. Morgan. Your line is open.

Good afternoon and thank you for taking the question. Remo, congratulations. We're certainly going to miss working with you. I maybe wanted to hit on the SecOps side of the equation. Maybe, Jay, can you help us understand where you are in terms of progress with Avalor? And I noticed in the press release, you noted that you surpassed 0.5 trillion daily transactions, which is huge. How are your customers evaluating your ability to scale over the volume of data and traffic that you have, given all the changes we're seeing in the SecOps side of the market in the current environment? Thanks.

SecOps market is ready for disruption. It's a big market. We have taken a very thoughtful approach of starting by building the data fabric so that all queries and all the stuff doesn't need to come to the massive data lake, which can take forever. So, Avalor acquisition has done that for us. Now building upon Avalor, we have done a few things already that are in the market. We started with Risk 360 that's powered by the back-end Avalor. We have unified vulnerability management that actually helps customers make sure they can properly prioritize vulnerabilities in that space. And then running on the same platform, some of the digital experience offerings are getting bigger and better as well that -- in the SecOps, the biggest thing we're doing that others can easily do is essentially scoring and prioritization of what needs to be done. But the next phase that will be powered will be the products we're building, it's called breach prediction and threat hunting. They're working with some of the early-stage design win, customers are seeing some very good results. So what the point we want to make was, you can go and build technology. But if you don't have the kind of private enterprise data you need, you can't do much with it. Let me contrast it, ChatGPT took the public data off the whole world, trained it on LLMs, they're able to do it well. But the logs are private. Zscaler having those logs available, we can actually train the stuff, but applied -- but based on the collective learning, this thing can be applied to a specific customer, so each customer gets benefit. So we are increasing our investment in this area. And over time, you're going to start seeing some meaningful results in this area.

Alright, that's helpful. Thank you.

One moment for the next question. Our next question comes from the line of Joel Fishbein from Truist. Your line is open.

Thanks for taking the question. Remo, big shoes to fill and you'll be surely missed. Jay, you talked a little bit about the public sector and US federal. Just curious if there's been any updates on DoD and ThunderDome and any other projects there they've been looking at doing a revitalization and you seem to be primed for that, we'd love to hear where that stands.

So, we continue to gain share in federal market across the board. One of the things proud of is now they reached 14 of the 15 cabinet lab agencies as our customers. Across defense too, we have a number of initiatives. We had talked about some of them in the past. We think we have very, very big opportunity out there. And with the new administration coming on board, we are all reading about the push for cost reduction. I believe that's a positive for us. For our federal business, this is because we reduce cost and complexity. We eliminate North-South, East-West firewalls, VPN, NAC, segmentation, all of those kind of products. So, I'm excited about the frontal opportunities and it's not just the US, they're taking the same kind of solutions to some of the Western-friendly, NATO-friendly countries as well.

Thank you.

One moment for your next question. Our next question will come from the line of Fatima Boolani from Citi. Your line is open.

Oh, good afternoon. Thank you for taking my questions. I appreciate it. And Remo, congratulations on an illustrious career. I wanted to ask you a question with regards to the updated billings guidance and some of the implied second-quarter billings based on some of the seasonality commentary you shared, Remo. Is there anything that we should think about vis-a-vis transactions that maybe landed early? Just trying to get a better sense of, hey, first-quarter was really strong out of the gate, certainly relative to expectations. But why would we see some of that pare down in the second quarter or second fiscal quarter? If you can give us some color around that? Thank you so much.

Yes, our guide for the second quarter for billings is actually up the 39% to 33% -- 39.3% to 39.5% would indicate that for the second quarter. The key thing is that we had a great first quarter and if you take a look, we're passing the beat for the entire year. Really fundamentally, nothing has changed but we talked about on the prior call, the key dynamic which is occurring is the scheduled billings at 7% in the first half and 23% in the second half. So nothing has really fundamentally changed. What I can say is that our pipeline supports our guidance. What I can say also is that hiring has been very good in our sales organization. Attrition is down. The go-to-market organization really is becoming very, very strong. SIs as we go forward will become a more important part to Zscaler. So the second half, basically as we talked about and you have our guidance, we brought up guidance for the full year and we feel comfortable with that. Absolutely. Also the same thing. The go-to-market execution of Mike Rich and the leadership team has been outstanding.

Thank you.

Thank you. One moment for our next question. Our next question comes from the line of Shrenik Kothari from Baird. Your line is open.

Hi, congrats on the retirement, Remo, it's great working with you and good luck for the next chapter. And thanks for taking my question. So the shift to account-centric selling, of course, is yielding benefits already, as Jay mentioned, with the pipeline quality. Just a follow-up to Brad's question on the bookings growth and I'd say Remo and Jay, you mentioned about the partnership with GSIs facilitating significant deal wins. You mentioned about the seven-figure SD-WAN. Can you just help provide some more quantifiable color in terms of incremental ARR tied to GSI-led deals? And any more examples that highlight success with GSIs, if that is leading to larger, bigger deals or also longer sales cycles? And how should we think about the billings going forward?

Right. A very good question. We are actually seeing increasing contribution of GSIs, especially in large accounts. I highlighted two deals actually this time that are driven by GSIs as strong partners. An auto supply parts company, this was a combination of Zero Trust segmentation and Zero Trust branch eliminating the need for firewalls and lots and lots of factories and branches, they also -- GSI also helped us with a G2K services company where we sold protection for Microsoft and copilot type of stuff. I think the difference we're seeing is that GSI as I know working more closely with customers starting the early stage and they are standardizing on some of our solutions, It used to be ZIA, ZPA, ZDX, now there's standard solutions on, including emerging products as well. So, good momentum and also think of it, when we talk about eliminating a bunch of products, generally, those products end up being what? They are firewalls, they are VPN, they are SD-WAN, the NAC, the VDIs, the device segmentation. It creates an opportunity for GSI partners to get services to replace -- take those products out. Over time, we'll start giving you more and more data about it. But I'd say we are very pleased with results and this is because of the leadership we added to drive GSI that's making a big difference.

Got it. Thanks a lot, Jay.

One moment for our next question. Our next question will come from the line of Matt Hedberg from RBC. Your line is open.

Great. Thanks for taking my questions. Lots of really good things to think about in this quarter. I guess I wanted to go back to the data protection solution. It seems like it's really contributing to large deals. And it's not the first thing you've talked about. I look back, I think in Q4 of 2023, fiscal 2023, you talked about an approaching $250 million of ARR. And I think at the time it was growing about 60%. Any update on the scale of that business? I think it was about maybe about 12% of ARR back then. I have to imagine it's been growing faster than the base business, but that feels like it's a really, really material contributor to new and emerging product growth.

Yes, data protection keeps on growing faster than our overall business. We are doing some big deals and I think with the emergence of AI, one of the biggest thing that's going to really help drive data protection is AI because companies are worried about the data leaking out there as they start using more and more public AI services like ChatGPT, even Copilot falls under that area. And then they will be worried about private AI applications that our customers are building too. So we have built probably the most comprehensive platform for data protection, not just in-line data and endpoint, data for SaaS applications, data in the cloud with DSPM of the world, and even data security for emails as well. I think you keep on seeing us, another comment I made was for -- as all largely data protection exfiltration happens for Internet, we are sitting in line. We're naturally there. We're doing SSL, TLS inspection. So it's natural to expect to grow this business and we're doing a good job with it.

Thank you. One moment for our next question. And our last question for today will be from the line of Roger Boyd from UBS. Your line is open.

Great. Thanks for taking the questions. And Remo, sad to see you go, but I'll echo my congrats on your retirement there. It's been a pleasure. Jay, just to follow up on data security. It seems like you're having a lot of traction upselling that data security portfolio, but I'm wondering to what extent that you've seen that holistic view that really only in-line vendors can do start to influence new ZPA, ZIA deals and how big of a competitive differentiator you see that being going-forward?

So, data protection, majority of the time, it comes with ZIA, ZPA. With such a large installed base, our customers started on data protection site and had none or small data protection. So it's easy and natural for us to start that way. We are seeing some of the customers who -- some of the prospects starting with interest on the data protection side as well. Those numbers are relatively small. The biggest products that are actually helping us with new logos without ZIA, ZPA are actually products like Airgaps, Zero Trust device segmentation or Avalor's unified vulnerability management. Look, a company like that has a large platform, we can sell a lot of the installed base. We can also sell a lot of the new logo opportunities because a big market for us there. That's why we don't really push for one or the other. We think both are important for us and we are doing well in both areas.

Thank you. And with that, I would now like to turn it back over to Jay Chaudhry for any closing remarks.

Great. Well, thank you all for your interest in Zscaler. We look forward to seeing you in one of the many conferences that we'll be participating in. See you then. Thank you.

Goodbye.

Thank you for your participation in today's conference. This does conclude the program. You may now disconnect. Everyone, have a great.