Snowflake & Palo Alto Earnings Reviews

Author

Brad Freeman
May 21, 2025

In case you missed it from this earnings season:

Table of Contents

1. Palo Alto (PANW) – Earnings Review

a. Palo Alto 101

Palo Alto is a cybersecurity company competing across endpoint, cloud and network. It’s pushing to bundle next-gen products into larger deals to differentiate vs. firewall-based competitors like Fortinet and next-gen disruptors. There are three key product pillars to know:

Cortex: Its endpoint security segment is called Cortex. Extended Security Information and Event Management (XSIAM) is the centerpiece of this section. XSIAM brings together Extended Security Orchestration, Automation and Response (XSOAR), Extended Detection and Response (XDR) and Security Information Event Management (SIEM). 

  • SIEM collects needed data to give customers the context required for a holistic view of operations and broader protection. Data ingestion comes with massive scalability and large cost advantages vs. legacy alternatives. It’s a key piece of XDR.

  • XDR infuses non-endpoint and endpoint data sources together to extend breach protection beyond strictly the endpoint. Adding more data without sacrificing cost and latency performance is where SIEM shines.

  • XSOAR helps automate and guide best practices for incident response while ranking threat severity. It relies on SIEM for its scaled, complete data ingestion to actually know how to instruct optimal workflows. 

  • Cortex competes with CrowdStrike & SentinelOne.

Strata: The network security suite is called Strata. It offers a host of tools tools that prevent unauthorized data access and network abuse such as phishing attacks. It deploys software-defined wide area networks (SD-WANs) within firewall environments. SD-WANs serve as virtual network securers using a software-based approach to protection.

Palo Alto protects networks using a “zero trust” architecture. Zero trust means a bad actor cannot penetrate the most vulnerable part of a digital ecosystem and move freely within it thereafter. Zero trust ensures consistent and complex validation of these permissions at every turn. It ends the game of “everyone within a firewall environment getting perpetual, unconditional access” and greatly limits the potential damage of network breaches. There are two pieces of the network bucket: modern hardware and software. 

  • In hardware, PANW provides “next-gen firewalls” with tools like contextual app inspection (more malleable access rules), intrusion prevention, URL filtering, data loss prevention (DLP) and more. 

  • Secure Access Service Edge (SASE) is the overarching software offering that ties its network platform approach together. It combines network security and network performance.

    • Prisma Access Platform (PAP) is the network security piece of SASE. It includes aforementioned SD-WANs, a Secure Web Gateway (SWG) and a Cloud Access Security Broker (CASB) to decide who gets access to which apps.

    • One important product to know within PAP is called Prisma Access Browser (PAB). It encrypts and secures remote network connections and browser data across siloed, spread-out workforces.

    • Strata competes with companies like Zscaler and Cloudflare.

Cortex Cloud: The cloud security suite is now called Cortex Cloud. Like XSIAM and SASE are the platformization pillars in endpoint and network, in cloud it’s the Cloud Native Application Protection Platform (CNAPP). CNAPP includes:

  • Cloud Security Posture Management (CSPM) organizes access compliance, provides overarching cloud visibility, and proactively blocks misconfigurations.

  • Cloud detection and response (CDR) proactively hunts and protects customers from cloud-based threats.

  • Cloud Workload Protection Platform (CWPP) is very similar to CDR, but for cloud workloads specifically, rather than identities, API calls etc.

  • Cloud Discovery & Exposure Management (CDEM) “evaluates internet exposure risks and discovers unknown internet-exposed cloud assets.”

  • Data Security Posture Management (DSPM) tags, uncovers & protects data in the cloud. This works for structured data, as well as unstructured data, which is increasingly important in the age of GenAI.

  • Cortex Cloud competes with virtually all of the large public cybersecurity companies in some capacity.

Cortex Cloud ties very closely to both Cortex and Strata; cloud, network and endpoint use cases are deeply intertwined. Products like CASB extend cloud security talents to network use cases and are a direct piece of its SASE network offering… Endpoint products like XDR rely heavily on cloud tools as well… etc.

b. Key Points

  • Fantastic performance for Prisma Access Browser (PAB).

  • Continued momentum in moving clients to platform-wide solutions.

  • AI continues to accelerate threat frequency and drive more demand.

  • Cortex Cloud is enjoying “strong early customer interest.”

c. Demand

  • Slightly beat next-gen security (NGS) annual recurring revenue (ARR) estimate & beat guidance by 0.7%.

    • AI ARR specifically rose 150% Y/Y to $400M.

  • Missed RPO estimate by 1% & missed guidance by 0.4%.

  • Beat revenue estimate by 0.4% & beat guidance by 0.7%.

It was good to see net new ARR rise following two consecutive quarters of declines. They think the momentum is a culmination of “significant investments” made over the last few years to push its subscription offerings to the cloud and build compelling product suites across the three core pillars. All of that work is helping the “new market offerings” (software firewalls, XSIAM, SASE) within ARR take up a larger and larger portion of its underlying growth. These products come with longer demand runways and support its goal of reaching $15B in ARR by fiscal year 2030. They reiterated that objective on the call.

d. Profits & Margins

  • Beat EBIT estimate by 1.6%.

    • Economies of scale and internal AI initiatives drove Y/Y operating leverage.

  • Missed FCF estimate by 6.3%.

  • Beat $0.77 EPS estimate & beat identical guidance by $0.03 each.

  • Missed GPM estimate by 100 bps (bps = basis points; 1 basis point = 0.01%).

Gross margin remains impacted by a manufacturing facility shift to Texas. At the same time, this decision also means it’s paying virtually no tariffs and it does expect to realize margin tailwinds from the large change. It will just take time for the new facility to ramp towards capacity. Contract renegotiations with cloud vendors as it scales helped offset a small part of this GPM decline.

e. Balance Sheet

  • $3.3B in cash & equivalents.

    • Project AI M&A was for $700M in cash & equity and will impact its cash balance starting in the Q1 FY 2026 report.

  • No traditional debt.

  • $380M in convertible notes.

    • There was more early conversion of some notes for equity and cash. The rest will be settled by the end of next quarter.

  • Diluted share count fell by 0.3% Y/Y; basic share count rose by 2.9% Y/Y.

f. Q4 Guidance & Valuation

  • Reiterated Q4 next-gen ARR guidance, which slightly beat estimates.

    • Reiterated stable Y/Y net new ARR guidance.

  • Reiterated Q4 RPO guidance, which missed estimates by 1%.

  • Raised Q4 revenue guidance by 0.4%, which met estimates.

  • Raised EPS guidance by $0.025, which beat by $0.01.

  • Slightly raised annual EBIT and FCF margin guidance, which both slightly beat expectations.

  • It sees product GPM somewhere around 78%-82% next quarter.

PANW trades for 55x forward EPS. EPS is expected to grow by 16% this year and by 11% next year.

g. Earnings Call & Presentation Details

Subscribe to our premium content to read the rest.

Become a paying subscriber to get access to this post and a boatload of other subscriber-only content. Read the stock market newsletter read by Fortune 500 CEOs.

Already a paying subscriber? Sign In.

Reply

or to participate.