Palo Alto Networks, Inc. (PANW) Presents at Morgan Stanley Technology, Media & Telecom Broker Conference Call - (Transcript)

Palo Alto Networks, Inc. (NASDAQ:PANW) Morgan Stanley Technology, Media & Telecom Conference Call March 5, 2020 3:15 PM ET

Company Participants

Nikesh Arora - CEO & Chairman

Conference Call Participants

Keith Weiss - Morgan Stanley

Keith Weiss

All right.

Nikesh Arora

Somebody should take a picture of this. We're the lone brave warriors who've decided to be here in person.

Keith Weiss

So thank you, Nikesh, for joining us, and thank you, everyone, for sticking it out. We saved the best for last: Nikesh Arora, CEO of Palo Alto Networks.

Question-and-Answer Session

Q - Keith Weiss

So maybe to kick off, we could start with just a very high-level picture. You've been on board for 18 months. The Board brought you onboard to sort of take Palo Alto Networks into a new direction to have a much broader, much more expanded vision of what a security company can be. You took a while to sort of figure out what that vision is going to be, but it's really started to come into place in the last 6 months, I would say. Can you talk to us about, one, kind of what that vision is, number one? And number two, how far into sort of putting together the key building blocks have we gotten into building what you could -- you think of as kind of like the new Palo Alto Networks for the next 5 to 10 years?

Nikesh Arora

Great. Thank you, Keith. Thank you, everyone, for being here. 18 months ago, when I joined Palo Alto Networks, Palo Alto Networks was an amazing firewall company and had continued to take market share in the firewall space. And when I studied the enterprise industry, if you look at it, once you get to a $15 billion to $20 billion market cap and you're not a platform play, i.e., you're going to a company and you replace everything and you stay there and you're there for 20 years, it's very hard to sustain your upward ascendancy. And there are many examples out there of people who started not as platform plays but as clever solutions or point solutions. And they've gotten there by creating multiple other product capabilities and eventually converting them to a platform because if you don't, there is a lot of the cost of sales, the friction of sales, the cost of integration into a large estate is very high.

We decided that it's very hard to change the current security vendor landscape and the customer's estate. On customers that have 25 to 40 security vendors, lots of integration, lots of complexity. But there were 2 insights we sort of held onto. One, we said in the next 10 years, 30% to 40% of the infrastructure is going to move to the cloud. All of you guys have estimates. You're smarter than me on this stuff. But whatever I read says there's potentially going to be $400 billion to $500 billion of cloud spend 10 years from now. If it's $100 million now, I'm probably either too high or not too -- probably too low.

If you think that the current security spend is 6% to 10% of a customer's IT spend and if Microsoft, Google, Amazon, et cetera, take care of the infrastructure security piece and not only focusing on the security of the traffic, you still have a $10 billion to $20 billion TAM, which has not enough products addressing it.

We decided there is a real opportunity to be that platform for cloud security in a multicloud basis. In the first 6 months, we were fearful that Microsoft, Amazon, Google would be the natural competitors. But what was fascinating is, every customer we talk to is not on only one cloud. They're definitely talking about being on multiple clouds or a hybrid cloud, which means that you have to have a product that actually works similarly across AWS, GCP, Azure, Alibaba, Oracle, VMware and your own sort of data center environment. So that was one insight.

And we made tremendous progress by acquiring some companies doing some work internally. We think by the end of this year, calendar year, we will have a robust platform with multiple modules, which allows us to become a cloud security platform. And unlike the past where you build a security product and create a whole bunch of capability and integrate it and have APIs so people could integrate that into the estate, we're just building a platform. You take the whole thing and the whole thing works or use some functionality. We're not integrating with other things because there's nothing integrated within the cloud security world. We can take data off your SOC.

The other insight we had was more and more security products are being deployed. Cost of storing data, cost of analyzing data is becoming cheaper and cheaper, which means people will take the messy estate of security they have and then sort of changing the appliances. They will start analyzing the data a lot more and using that with integrations back into the old estate and remediating stuff. So I don't go change the sensors. I just analyze the data and use some automated techniques to go change the settings in my sensors. So we've got Demisto, which does exactly that, which does the automation piece.

And we put a lot of effort into building our AI/ML capabilities in security and launched a product called Cortex XDR. Cortex XDR, launched 6 months ago, was 2 different products of Palo Alto Networks. 2 weeks ago, we got rated 10 points ahead of CrowdStrike. We went from not being a player in the market to at least by one independent agency being rated ahead of what's in the market. We went from not having a competitor, Zscaler, to being a competitor to Zscaler.

So 18 months in, I think we have a play in most of the bleeding-edge security categories, both from analytics and AI perspective as well as a cloud perspective. I think we're 60% there in getting ourselves a comprehensive platform-like strategy. I think it will take us between 6 to 12 months to get what we have to a place where we believe it scales across the large customer bases. Right now, our customer bases are in less than 1,000 or 1,000 plus in each of these categories. But we think the long-term opportunity is to get this deployed across tens of thousands of customers.

And the good part is that we're creating the products that integrate very well into our firewall estate, where we have 70,000-plus customers, 68,000s of customers. So we use that as a natural base to go and upsell these products into. Sorry, it's a long answer, but that's where we are.

Keith Weiss

No, that's perfect. And if I understand the kind of like the M&A strategy and the expansion strategy, when I think of -- when you think historically about consolidation within the security industry, a lot of companies would go and say, "Listen, I do sort of endpoint well. I'm going to go and try to do everything next to me and try to kick out sort of existing vendors in entrenched categories," which proved very difficult.

If I'm understanding the Palo Alto Networks strategy correctly, it seems to be more so of trying to kind of skate to where the puck is going versus trying to like dislodge people from existing categories. Is that the right way to characterize it?

Nikesh Arora

Yes, unless there is a natural motion to rip out a category. So if you take a look at endpoints, given what's happening in the market with the more traditional players, or where do we use the word legacy, more traditional players who have been large in the endpoint space, there's a new technology out there where endpoint is no longer a place to be protected. It also is a place to get all your data because of all the encryption in the industry. So in that context, the EDR and XDR vendors become more relevant. So there's going to be a rip-and-replace cycle that is going to go through the market to replace the old endpoint vendors.

So you don't need to be in the new space? Yes. If there's a cycle of EDR, XDR, we'll be there to play with it. But the idea of going into red oceans and trying to go convince the customer that we are marginally better and deploy your next IT spend to us, it's a long sales cycle, a lot of friction, a lot of deployment, a lot of unhappiness. It's much easier to go to the blue ocean and say, "You have nothing. You need security. Turn this on."

Keith Weiss

All right. I want to dig down first into sort of the firewall side of the equation. The way I look at the Palo Alto story over the next 3 years is you have a solid foundation of your core firewall business, where we have an expectation of high single digits, low-teens growth in that overall estate, and you're building on top of that a new kind of next-generation cloud security business. I think a part of the equation that investors have lost confidence in is on the firewall side of the equation given some shaky execution over the past couple of quarters. Has there been any changes in the competitive environment or on the pricing front that's contributed to these challenges?

Nikesh Arora

So if you abstract yourself for a second and think about telecom -- IT infrastructure spend. Because we provide security in the data center, if you're building a lot of data centers, you're going to buy a lot of firewalls. If you're not building a lot of data centers, you're either going to replace old firewalls or just increase capacity of firewalls. I don't -- I haven't seen numbers, but at some point in time, when $500 billion moves to the cloud, somebody is going to get hurt. Was that some TV show where I heard that? Nevermind. Somebody's going to get hurt, right? It's going to come out of the infrastructure space, the same place on.

Now you're going to need similar capability in the cloud, but it's not going to be in a box. It's going to be a software form factor. So one of the other things we've been doing aggressively is making a cloud firewall, which we have, called our VM-Series, making a firewall that sits in your branch or your store which works off a software form factor. We don't sell a box. So if I take all those trees and if you -- here's a probably good example. So if you're going to add Zscaler capability in to firewall capability because if somebody is not putting a box in your branch, they're putting Zscaler in or they're putting Prisma Access in, does that add to the firewall spend? Do you take it as a new business or take it as part of firewall?

So broadly speaking, the firewall functionality has to be there. You cannot run a secure infrastructure without having firewall capability. It will come in a box. It will come in a software form factor. It will come as a firewall on the cloud. We look at something like Firewall as a Platform in our company, which is where we want to make sure that growth rate is ahead of the market, which is you continue to take market share, whether it's a hardware form factor or software form factor.

We had execution misses the last 2 quarters that didn't grow faster than the market. We're confident that it will grow at market or faster market next year because we see the underlying trends that we still have a product for every part of this transition. Do we want to make sure that we sell as many boxes? Yes, we do. But if a customer says, "I'm going to take 1,500 stores," and I have a choice of putting a box in every store or software firewall, we prefer the software firewall. It's much easier to upgrade, keep the code up-to-date and protect them better. Some of our competitors who don't have a software one would sell them a box. So if they sell more boxes and I sell more software, you're going to say, "Oh my God, it looks like somebody is taking more share and you're losing share in the box because you aren't selling boxes." Well, I'm replacing the box with the software, ratable revenue stream. So there's part of that, too.

Broadly speaking, I think over the next -- did you say 3 to 5 years? 3 to 5 years, we will see a bigger and bigger shift to the software form factor. As people move their stuff to the cloud, you will see people deprecate some amount of their data centers, keep some core data center for some activity and because the economics might be different. But we personally, at Palo Alto, also hope to be able to make up that shortfall with our software form factors, which 18 months ago was a hobby for us, and now it's turned into a profession. We actually have lots of people doing lots of go-to-market against it, deploying a muscle and emotion. It's been 16 months. It's very hard in 16 months to get 6 new product categories right.

But we put out some numbers at Analyst Day saying we're going to get that business to $800 million in billings this year. We raised guidance last quarter in that category. And as we keep going through that, we feel more and more comfortable as we see product market fit, as we see deals. That is going to be real. To use one example, we announced this quarter, we did a large $30-plus million deal with one company. We did $10 million in Prisma plus $10 million in Cortex, $10 million in firewalls. We couldn't have done this 18 months ago as a company. We didn't have a cloud product. We didn't have a SOC automation product. We could have sold $10 million of firewalls to that customer. Generating $10 million deals by buying four start-ups, if it was a repeatable playbook, I'd be buying start-ups every day.

Keith Weiss

Right. Got it. On the box side of the equation, though, and just -- so digging down in sort of the sales execution challenges. Does that -- my underlying assumption is that demand doesn't go away, right? The job of a good sales guy is to make sure that, that sale, that firewall, sale stays high priority. And the issue seemed to be that you kind of push the sales guy to sort of prioritize other things. They weren't pushing the firewall priority high. So one, is that demand still there? Is that potential firewall still -- sale still there?

And two, you talked about creating kind of your speedboats that you've had for these other newer categories of having a speedboat for the firewall business. That's a huge sales force. That's really sort of an existing motion. How are the speedboats going to help there?

Nikesh Arora

So two parts to the thing, right? You're right. We incented our sales force last year to go sell more next-generation stuff because, honestly, we didn't know if a firewall sales team could sell cloud security or could sell network transformation or could sell SOC automation. And the first 2, 3 quarters, it looks like -- holy [expletive], it looks like they can't sell it. And suddenly in the fourth quarter, these guys go and went out with a bang and sold a lot more than any of our reps had expected.

And part of that learning there was that throughout the year, they had been going and creating opportunity for the new stuff and they knew that they would get 3.5x their commission if they sold it in the fourth quarter. They really put in and turned all the screws to go sell as much because 3.5x is better than 1x. And they have been doing that consistently over the year.

We saw the pipeline in Q1. We saw the pipeline in Q2. We thought the pipeline was high quality, but they weren't as baked as they normally should have been at that point in time because the people had been not focusing on them for four quarters in a row. So we thought we could fix a five quarter problem in two quarters, and we can't. It's going to take that amount of time for them to go knock at the doors.

So look, firewalls sell in three circumstances. One is I have your firewalls. I need more capacity. I'm going to buy more firewalls. Your my firewall estate. They'll call us and say I need more firewalls.

Two. You sold me a three year ELA. In there, there's product numbers. You come to me. You knock at the door, and I say, "Hey, you should get another firewall." And you say, "Yes, maybe I should get one." You already have it in the contract. You already have paid for the software. Buy one more of the firewalls. So the salesperson often creates that opportunity in the existing customer base.

The third is a new customer. There's the Check Point replacement, a Cisco replacement, a Juniper replacement, a Fortinet replacement. That requires them to get in there and create the opportunity. Did they have a question on that, they went into more Prisma and more Cortex and some of that stuff. So they went after the easy stuff. They didn't do the hard stuff. And now we've got them back out there trying to do the hard stuff and they create that opportunity. The second part, I forgot.

Keith Weiss

The speedboats.

Nikesh Arora

Yes, sorry. The speedboats work like this. In the past, in the 15 years of Palo Alto, we've had one motion. We would typically launch a new software release every year. You launch a software release. There's a motion around it. You go to the customer saying upgrade your software. You have more things you can buy. Now in cloud, we're launching a modular product every month. We're going to launch 7 from the time at our Analyst Day until the time this year ends. That's 7 new products.

The company was not used to understanding how to sell 7 new products, which each have an ACV of $120,000, because there is no motion of going back to the same customer 7 times a year to sell them more stuff. You sold a firewall, you sold a big deal. They took 6 months to deploy it. You send the customer service people. You send the REs, and you moved on to the next customer. Now we're seeing, build this muscle of going back to the same customer, understanding their cybersecurity estate and sell them more into that same base. So we're building those muscles, and that requires a faster coordination across functions.

Focus -- for example, we're launching IoT in some short order. We need to go understand how do we sell IoT. How is the product design? Are we going to be able to upsell to our existing customers? Who is the customer list? Who's the rep? Can the rep be given material? Can the rep schedule a call? Because we're teaching the reps on new motion saying, "Call your existing customers. Stay in touch with them. Sell them more new [expletive]."

Keith Weiss

Right. Got it. So it's more like a subscription...

Nikesh Arora

That's what the speedboat does. What the firewall speedboat does, it's going to do the same thing. We run campaigns. It's time for a replacement. You aren't using the subscriptions. We've launched 4 new subscriptions in the last 1 year. Try and buy this stuff. It's much better. You can rip out some other appliance to do that. So we need to create that go-to-market motion in a company which was a single-product company with a different sales cycle, which is now a multiproduct company with a much faster need to go back to the same customer and upsell them into.

Keith Weiss

Got it. That makes sense. I want to touch on sort of attached subscriptions. I think the last time we saw data from you guys was about a little over 3s on average attached subscriptions, and that's per appliance. You've rolled out...

Nikesh Arora

2-point something, yes.

Keith Weiss

Almost three, okay. You've rolled out more attached subscriptions. How is the traction with those further attached subscriptions? And SD-WAN is probably the newest one that you guys have a rolled out there. What's the initial reception on SD-WAN? Because that's a topic that definitely has been talked a lot about in the industry, and definitely, some of your competitors have been making...

Nikesh Arora

One of our competitors, yes.

Keith Weiss

Yes, yes.

Nikesh Arora

So on the subscription front, we had four subscriptions at Palo Alto. The last one that was launched was 7 years ago -- or 8 years now or 7 years ago. We launched DNS Security last year, which effectively works. So you sell the firewall. They tick a box. They buy a subscription. So with one marketing person and the same sales force, we were able to add DNS Security subscription, and we have thousands of customers now using DNS Security. The subscription is approximately at list 20% of the price of firewall.

Subsequently, we have launched SD-WAN. We will be launching DLP and be launching IoT. IoT most likely will be more than the cost of one sub. Because of some math, it may be a double sub perhaps, which means we basically added $1 -- for $1 of firewall, we'll be adding in the last 16 months $1 more of potential revenue because we're adding 5 -- effectively 5 more subscriptions. It took 7 years for us to get penetrated to over 50% of our base with our first 4 subscriptions. So this is more a long-term revenue game, where we can go attach this.

Now the beautiful part is these subscriptions also attach to our software products. If you're using a VM in a data center, if you're using Prisma Access, you can use these same subscriptions against those products. On the SD-WAN front, that's kind of a market I think is going to get even hotter over the next few years. Because as people have moved to $100 billion spend to the cloud, we're seeing large companies who then say, "Okay, wait. My branch, my remote office, my store, why am I sending all the data back to my data center, backhauling it in MPLS and then sending it to the cloud from there? I should be able to split the traffic at source and put in the cloud." For that, you need to put an SD-WAN capability in there and you put Prisma Access or Zscaler in there as security.

I think that wave has just begun because, first, you need to put the apps in the cloud. The user's behavior changes, and you say holy [expletive] for use my traffic is coming back. It should have been going up. So you're going to see over the next 2, 3 years a lot more SD-WAN implementations out there rip out the MPLS. That's an $8 billion TAM in the market. There are players out there who have good SD-WAN, no security. There are players out there who have security and no SD-WAN. So we're hoping to be that player which has -- we already have Prisma Access, which is working well for us. Finally, we are competing with Zscaler. And we hope to have more and more robust SD-WAN capability because that's a big SaaS-y market which we can attach.

Keith Weiss

Got it. Got it. And last question on firewalls and then we'll shift to the next-generation portfolio. When we think about that kind of potential replacement or sort of switching, if you will, instead of selling branch firewalls, you're selling someone Prisma Access to do the same firewalling functionality, how should we think about sort of the crossover point? If you're going to get like $1 upfront of firewall sales, how long is it going to take you with Prisma Access to make back that $1 or sort of exceed that $1?

Nikesh Arora

So the good news is that from a pricing perspective and an estate perspective, there is no price degradation when you go from a firewall to Prisma Access. So it's not like I get less money from Prisma Access than I get for a firewall. So the same architecture, if my competition gives them a box for a firewall and I give them Prisma Access, I actually give them more capability and software upgradability and more security. So I actually still get a premium on a box sale in Prisma Access.

Keith Weiss

Year one.

Nikesh Arora

Well, I sell it -- I sell the same three year upfront like a...

Keith Weiss

Yes. Got it.

Nikesh Arora

Like a firewall. So my Prisma Access -- my transition to Prisma Access does not change the price to the customer or my billings. What it does change is the ratability of my revenue.

Keith Weiss

Got it. That makes sense. So crossover point under 3 years.

Nikesh Arora

Yes, if you did a like-for-like replacement, but there's not a like-for-like replacement. People will still buy firewalls.

Keith Weiss

On the next-generation portfolio, if we're looking across Prisma Cloud, Prisma Access, Cortex combined, it's a pretty aggressive sort of expectation, $1.75 billion by FY '22. Is there 1 of those 3 that's going to be the core driver or is going to be a sort of a heavier -- sort of take a heavier load of sort of that growth opportunity? What's your favorite child amongst those?

Nikesh Arora

Look, if you think about it, when we set those targets, we had acquired Demisto, RedLock, Twistlok, PureSec and Aporeto. RedLock, Apareto, PureSec had pretty much close to 0 revenues when we acquired them. Twistlock had customers and Demisto had customers, had product market fit and revenues associated with them. We were able to do a very large Q4 using those products. And part of it was we can deploy it across our sales force, some of the earlier easy targets, and our upselling was involved. This year, we're building the muscle to be able to sell $810 million of that product set.

During the course of this year, both fiscal and calendar, we will deploy approximately 7 more modules into Prisma -- into next-generation security, i.e., we will deploy -- we just deployed threat intel management in Cortex XSOAR. If you -- at RSA. We will deploy -- we deployed -- we'll deploy Apareto at some point in time. We will deploy IoT at some point in time. We will deploy DLP across these categories.

So our products are almost going to double in capability in this time frame, which allows us to -- and the estimates of '21 and '22 include the fact that we're going to be adding more products. And we should be able to sell more of these products. Again, they're aggressive targets, yes, like just the way our first set of NGS targets were. If we hit our $810 million number -- when we hit our $810 number, and our growth rate implied to get to $1.75 billion is bigger than any of the fastest-growing next-generation security companies out there. So we're building a brand-new company in parallel while we're maintaining a firewall business for -- yes.

Keith Weiss

Drilling down on Prisma Cloud. You talked about a mid-figure deal last quarter. Like, what's driving that demand today? Is it more kind of the RedLOCK side of the equation, more Twistlock, more virtual firewalls? And then sort of second question on that, sort of who are your core competitors that we should be thinking about for Prisma Cloud in particular?

Nikesh Arora

So that's interesting. That's a good question. So look, if you look at cloud security 3 or 2.5 years ago this is hearsay I wasn't in the industry, there was a huge buzz around CASB. Everybody was chasing CASB down because they've all got Salesforce, Workday, all these applications and need a cloud access security broker, and that's going to solve their cloud security problem. A lot of people were not focusing on all the apps we developed as companies internally.

And suddenly, there were a bunch of compliance rules, and RedLock came about and said, "Oh, I can explain where they're in compliance or not in compliance across this business." And the first piece of that was just vulnerability. Knowing what I have, where am I vulnerable? What am I going to do about it? The problem is, as -- and then when that happened -- the next big thing that's happened now is people saying, wait, I was going to be in GCP, but I've discovered some part of my team is in AWS, some part is in Azure. I have to figure out what to do. Now what's that's driven? That's driven a huge shift to people saying, I'm not going to go do this native cloud. I'm going to start doing containers because I want fungibility. I want to be able to move my stuff from one cloud to the other.

The moment you go to containers, you need container security. You need to deploy an agent into your infrastructure. The equivalent of agent is today, most companies have 5 or 6 agents on your laptops or endpoints. You don't want 6 agents in the cloud. It'll slow things down and you won't know what the hell's going on because they're all sitting in encrypted containers. We bought Twistlock, which has an agent. We merged serverless capability into that agent. We are merging Aporeto capability in that agent. So we're going to have 1 agent to do 4 things. Your equivalent is to go buy 4 different products and deploy 4 more agents into your infrastructure, which is generally a bad area, especially in cloud. So that's what's driving the demand. That's where we think things are going. We have 2 or 3 more modules that we think we're going to build. That's what's going to happen in Prisma Cloud.

I think across the board, the Prisma Access market, which is effectively, for lack of a better comparison, you can think about what Zscaler's TAM is. That's Prisma Access's TAM. We think that's a huge opportunity as companies go through a network transformation. Prisma Cloud is a net new TAM. The competitors are the cloud-native guys, Microsoft, Google and AWS. And there are point solutions that compete in each category. So Aqua competes with competes with Twistlock. Dome9 competes with RedLock. Dome9 is part of Check Point. Aporeto brand-new tech, doesn't have competitors, doesn't have a lot of deployment yet. But we think, as part of the Prisma Cloud platform, it'll get more deployment because we have over 1,000 customers using Prisma Cloud.

Keith Weiss

Got it. On Prisma Access and the competitive dynamic with Zscaler, where do you think you are in terms of sort of catching up with them in terms of breadth and depth of the functionality? Are you comfortable the product is really kind of in a good fighting form, if you will, to take them on?

Nikesh Arora

We think we have a better product than Zscaler. And I'm sure I can point people to a video that Nir Zuk speaks eloquently about it much better than I do and is more entertaining. I was trying to watch your clock.

Keith Weiss

Okay. So I have a bunch of questions left, but I want to make sure we take questions from the audience if there are. So I'm just going to open up right now to see if there's any questions from the audience before I go on. All right...

Nikesh Arora

Require people to test the mics.

Keith Weiss

On Cortex, our checks have been picking up some really strong traction within Cortex right now, really good market response to SOAR, the security orchestration, automation and response capability. One, like how big of a market can that really become? And this is one of the things we talked about last year, is that there's a huge opportunity in terms of all the people that are thrown at the security problem. It seems like this is kind of the core answer from Palo Alto Networks in terms of trying to solve that problem.

Nikesh Arora

Look, we're very happy with the progress we've made with the SOAR product. There was only one player in the market called Phantom. As far as Splunk, I think with Demisto and the efforts the team has made into making them to what we call XSOAR, Extended SOAR, next generation, couple that with threat intelligence management, which is a separate TAM for $1 billion, so now you have 2 products which are in 1.

Cortex XDR was sort of 2-piece products at Palo Alto Networks. 6 months ago, we launched it. Two weeks ago, we got rated 10 points ahead of CrowdStrike by NSS. So we feel we're doing there -- what we're doing there is interesting. We've started ingesting other third-party data sources in there. We're doing other firewalls, other endpoints. We're in beta for the next set of ingestion of data.

Over time, because you want to do AI and ML, you have to have homogenized data. And what the industry has wrong today is taking all that data and dumping it into an unstructured database, is spending a lot of money per terabyte for data, which you can't do much about it. So you have to go homogenize that data. So we've taken the approach that we're going to homogenize the data at ingestion. Once you homogenize, you can actually understand. I call it the 1 mouse, 13 mousetrap problem. If there were 13 different traps in this room, all managed by 13 different companies, when a mouse runs around and catches -- gets all the cheese and doesn't get caught, there are 13 alerts in your SOC. And if you haven't homogenized the data, you have no idea if it's 1 mouse or 13 mice.

Yes. So part of homogenizing data and understanding what does this mean allows us to reduce the number of alerts by 50x by homogenizing data. That's not possible with other current products, which do unstructured data. So we're taking the slightly tortoise approach to data ingestion. But our aspiration over time is to be able to ingest all kinds of security data in the Cortex data lake, which allows us to target a much -- very, very large TAM out there, where people are putting data into an unstructured data lake for security.

Keith Weiss

Got it. I'm going to squeeze in one last question. It's always tricky asking the CEO margin questions. But I'm going to...

Nikesh Arora

Sorry?

Keith Weiss

Always tricky asking the CEO margin questions, but I'm going to squeeze in the margin question. Given sort of the shift, partly because sort of our product expectations have come down, partly because the cloud and subscription parts of the business are growing faster than expected, is there any kind of risk that sort of the operating margin and expectation has to get reset for that new revenue mix?

Nikesh Arora

You've seen the short-term impact of the margin this year because even though our billings number is within 1% of The Street expectations for the first half of the year, our product number was not. Hence, the instant calories to our revenue and EPS were not available. Hence, we have a bigger spread in our margin than we had last year.

For the longer term, that bodes well because whatever we didn't build, whatever we didn't drop to revenue is now sitting in deferred revenue, which will automagically stream up in the next two years. And if we can grow that $800 million number in NGS faster and bigger, there's a lot more revenue that gets accumulated in your growth phase, which pays for old age. So I think our margins can come back in the 2022, '23 time frame as we highlighted at our Analyst Day. I think deferred revenue is better for long-term margin than not. So did that answer your margin question?

Keith Weiss

Yes. Fair enough. Excellent. Well, unfortunately, that takes us to the end of our allotted time slot. But Nikesh, thank you very much for joining us.

Nikesh Arora

Thank you very much. Cheers.