0001327567false2020FY7/31P3YP1YP3YP5YP3YP1YP4YP5YP6YP7YP7Y257.5100013275672019-08-012020-07-31iso4217:USD00013275672020-01-31xbrli:shares00013275672020-08-2100013275672020-07-3100013275672019-07-31iso4217:USDxbrli:shares0001327567us-gaap:ProductMember2019-08-012020-07-310001327567us-gaap:ProductMember2018-08-012019-07-310001327567us-gaap:ProductMember2017-08-012018-07-310001327567us-gaap:ServiceMember2019-08-012020-07-310001327567us-gaap:ServiceMember2018-08-012019-07-310001327567us-gaap:ServiceMember2017-08-012018-07-3100013275672018-08-012019-07-3100013275672017-08-012018-07-310001327567us-gaap:CommonStockMember2017-07-310001327567us-gaap:CommonStockIncludingAdditionalPaidInCapitalMember2017-07-310001327567us-gaap:AccumulatedOtherComprehensiveIncomeMember2017-07-310001327567us-gaap:RetainedEarningsMember2017-07-3100013275672017-07-310001327567us-gaap:RetainedEarningsMember2017-08-012018-07-310001327567us-gaap:AccumulatedOtherComprehensiveIncomeMember2017-08-012018-07-310001327567us-gaap:CommonStockMember2017-08-012018-07-310001327567us-gaap:CommonStockIncludingAdditionalPaidInCapitalMember2017-08-012018-07-310001327567us-gaap:CommonStockMember2018-07-310001327567us-gaap:CommonStockIncludingAdditionalPaidInCapitalMember2018-07-310001327567us-gaap:AccumulatedOtherComprehensiveIncomeMember2018-07-310001327567us-gaap:RetainedEarningsMember2018-07-3100013275672018-07-310001327567us-gaap:RetainedEarningsMember2018-08-0100013275672018-08-010001327567us-gaap:RetainedEarningsMember2018-08-012019-07-310001327567us-gaap:AccumulatedOtherComprehensiveIncomeMember2018-08-012019-07-310001327567us-gaap:CommonStockMember2018-08-012019-07-310001327567us-gaap:CommonStockIncludingAdditionalPaidInCapitalMember2018-08-012019-07-310001327567us-gaap:CommonStockMember2019-07-310001327567us-gaap:CommonStockIncludingAdditionalPaidInCapitalMember2019-07-310001327567us-gaap:AccumulatedOtherComprehensiveIncomeMember2019-07-310001327567us-gaap:RetainedEarningsMember2019-07-310001327567us-gaap:RetainedEarningsMember2019-08-012020-07-310001327567us-gaap:AccumulatedOtherComprehensiveIncomeMember2019-08-012020-07-310001327567us-gaap:CommonStockMember2019-08-012020-07-310001327567us-gaap:CommonStockIncludingAdditionalPaidInCapitalMember2019-08-012020-07-310001327567us-gaap:CommonStockMember2020-07-310001327567us-gaap:CommonStockIncludingAdditionalPaidInCapitalMember2020-07-310001327567us-gaap:AccumulatedOtherComprehensiveIncomeMember2020-07-310001327567us-gaap:RetainedEarningsMember2020-07-310001327567us-gaap:PrepaidExpensesAndOtherCurrentAssetsMember2020-07-310001327567us-gaap:PrepaidExpensesAndOtherCurrentAssetsMember2019-07-310001327567us-gaap:PrepaidExpensesAndOtherCurrentAssetsMember2018-07-310001327567us-gaap:OtherAssetsMember2020-07-310001327567us-gaap:OtherAssetsMember2019-07-310001327567us-gaap:OtherAssetsMember2018-07-31panw:distributor0001327567us-gaap:AccountsReceivableMember2020-07-31xbrli:pure0001327567us-gaap:AccountsReceivableMemberpanw:CustomerAMember2019-08-012020-07-310001327567us-gaap:SalesRevenueNetMember2020-07-310001327567us-gaap:SalesRevenueNetMemberpanw:CustomerAMember2019-08-012020-07-310001327567us-gaap:SalesRevenueNetMemberpanw:CustomerBMember2019-08-012020-07-310001327567us-gaap:SalesRevenueNetMemberpanw:CustomerCMember2019-08-012020-07-310001327567us-gaap:SalesRevenueNetMemberpanw:CustomerDMember2019-08-012020-07-310001327567srt:MinimumMember2019-08-012020-07-310001327567srt:MaximumMember2019-08-012020-07-310001327567srt:MinimumMemberus-gaap:SoftwareDevelopmentMember2019-08-012020-07-310001327567srt:MaximumMemberus-gaap:SoftwareDevelopmentMember2019-08-012020-07-310001327567panw:CostofsubscriptionandsupportrevenueMember2019-08-012020-07-310001327567panw:CostofsubscriptionandsupportrevenueMember2018-08-012019-07-310001327567panw:CostofsubscriptionandsupportrevenueMember2017-08-012018-07-310001327567us-gaap:AccountingStandardsUpdate201602Member2019-08-010001327567country:US2019-08-012020-07-310001327567country:US2018-08-012019-07-310001327567country:US2017-08-012018-07-310001327567panw:OtherAmericasMember2019-08-012020-07-310001327567panw:OtherAmericasMember2018-08-012019-07-310001327567panw:OtherAmericasMember2017-08-012018-07-310001327567srt:AmericasMember2019-08-012020-07-310001327567srt:AmericasMember2018-08-012019-07-310001327567srt:AmericasMember2017-08-012018-07-310001327567us-gaap:EMEAMember2019-08-012020-07-310001327567us-gaap:EMEAMember2018-08-012019-07-310001327567us-gaap:EMEAMember2017-08-012018-07-310001327567srt:AsiaPacificMember2019-08-012020-07-310001327567srt:AsiaPacificMember2018-08-012019-07-310001327567srt:AsiaPacificMember2017-08-012018-07-310001327567panw:SubscriptionMember2019-08-012020-07-310001327567panw:SubscriptionMember2018-08-012019-07-310001327567panw:SubscriptionMember2017-08-012018-07-310001327567panw:SupportMember2019-08-012020-07-310001327567panw:SupportMember2018-08-012019-07-310001327567panw:SupportMember2017-08-012018-07-3100013275672020-08-012020-07-310001327567us-gaap:MoneyMarketFundsMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel1Member2020-07-310001327567us-gaap:MoneyMarketFundsMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel2Member2020-07-310001327567us-gaap:MoneyMarketFundsMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel3Member2020-07-310001327567us-gaap:MoneyMarketFundsMemberus-gaap:FairValueMeasurementsRecurringMember2020-07-310001327567us-gaap:MoneyMarketFundsMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel1Member2019-07-310001327567us-gaap:MoneyMarketFundsMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel2Member2019-07-310001327567us-gaap:MoneyMarketFundsMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel3Member2019-07-310001327567us-gaap:MoneyMarketFundsMemberus-gaap:FairValueMeasurementsRecurringMember2019-07-310001327567us-gaap:CertificatesOfDepositMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel1Member2020-07-310001327567us-gaap:CertificatesOfDepositMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel2Member2020-07-310001327567us-gaap:CertificatesOfDepositMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel3Member2020-07-310001327567us-gaap:CertificatesOfDepositMemberus-gaap:FairValueMeasurementsRecurringMember2020-07-310001327567us-gaap:CertificatesOfDepositMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel1Member2019-07-310001327567us-gaap:CertificatesOfDepositMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel2Member2019-07-310001327567us-gaap:CertificatesOfDepositMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel3Member2019-07-310001327567us-gaap:CertificatesOfDepositMemberus-gaap:FairValueMeasurementsRecurringMember2019-07-310001327567us-gaap:CommercialPaperMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel1Member2020-07-310001327567us-gaap:CommercialPaperMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel2Member2020-07-310001327567us-gaap:CommercialPaperMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel3Member2020-07-310001327567us-gaap:CommercialPaperMemberus-gaap:FairValueMeasurementsRecurringMember2020-07-310001327567us-gaap:CommercialPaperMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel1Member2019-07-310001327567us-gaap:CommercialPaperMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel2Member2019-07-310001327567us-gaap:CommercialPaperMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel3Member2019-07-310001327567us-gaap:CommercialPaperMemberus-gaap:FairValueMeasurementsRecurringMember2019-07-310001327567us-gaap:USTreasuryAndGovernmentMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel1Member2020-07-310001327567us-gaap:USTreasuryAndGovernmentMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel2Member2020-07-310001327567us-gaap:USTreasuryAndGovernmentMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel3Member2020-07-310001327567us-gaap:USTreasuryAndGovernmentMemberus-gaap:FairValueMeasurementsRecurringMember2020-07-310001327567us-gaap:USTreasuryAndGovernmentMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel1Member2019-07-310001327567us-gaap:USTreasuryAndGovernmentMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel2Member2019-07-310001327567us-gaap:USTreasuryAndGovernmentMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel3Member2019-07-310001327567us-gaap:USTreasuryAndGovernmentMemberus-gaap:FairValueMeasurementsRecurringMember2019-07-310001327567us-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel1Member2020-07-310001327567us-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2020-07-310001327567us-gaap:FairValueInputsLevel3Memberus-gaap:FairValueMeasurementsRecurringMember2020-07-310001327567us-gaap:FairValueMeasurementsRecurringMember2020-07-310001327567us-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel1Member2019-07-310001327567us-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2019-07-310001327567us-gaap:FairValueInputsLevel3Memberus-gaap:FairValueMeasurementsRecurringMember2019-07-310001327567us-gaap:FairValueMeasurementsRecurringMember2019-07-310001327567us-gaap:FairValueMeasurementsRecurringMemberus-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueInputsLevel1Member2020-07-310001327567us-gaap:FairValueMeasurementsRecurringMemberus-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueInputsLevel2Member2020-07-310001327567us-gaap:FairValueMeasurementsRecurringMemberus-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueInputsLevel3Member2020-07-310001327567us-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2020-07-310001327567us-gaap:FairValueMeasurementsRecurringMemberus-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueInputsLevel1Member2019-07-310001327567us-gaap:FairValueMeasurementsRecurringMemberus-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueInputsLevel2Member2019-07-310001327567us-gaap:FairValueMeasurementsRecurringMemberus-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueInputsLevel3Member2019-07-310001327567us-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2019-07-310001327567us-gaap:ForeignGovernmentDebtSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel1Member2020-07-310001327567us-gaap:ForeignGovernmentDebtSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel2Member2020-07-310001327567us-gaap:ForeignGovernmentDebtSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel3Member2020-07-310001327567us-gaap:ForeignGovernmentDebtSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2020-07-310001327567us-gaap:ForeignGovernmentDebtSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel1Member2019-07-310001327567us-gaap:ForeignGovernmentDebtSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel2Member2019-07-310001327567us-gaap:ForeignGovernmentDebtSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel3Member2019-07-310001327567us-gaap:ForeignGovernmentDebtSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2019-07-310001327567us-gaap:ForeignExchangeForwardMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel1Member2020-07-310001327567us-gaap:ForeignExchangeForwardMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel2Member2020-07-310001327567us-gaap:ForeignExchangeForwardMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel3Member2020-07-310001327567us-gaap:ForeignExchangeForwardMemberus-gaap:FairValueMeasurementsRecurringMember2020-07-310001327567us-gaap:ForeignExchangeForwardMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel1Member2019-07-310001327567us-gaap:ForeignExchangeForwardMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel2Member2019-07-310001327567us-gaap:ForeignExchangeForwardMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel3Member2019-07-310001327567us-gaap:ForeignExchangeForwardMemberus-gaap:FairValueMeasurementsRecurringMember2019-07-310001327567us-gaap:CashEquivalentsMemberus-gaap:USTreasuryAndGovernmentMember2020-07-310001327567us-gaap:CashEquivalentsMember2020-07-310001327567us-gaap:CertificatesOfDepositMemberus-gaap:InvestmentsMember2020-07-310001327567us-gaap:CorporateDebtSecuritiesMemberus-gaap:InvestmentsMember2020-07-310001327567us-gaap:USTreasuryAndGovernmentMemberus-gaap:InvestmentsMember2020-07-310001327567us-gaap:ForeignGovernmentDebtSecuritiesMemberus-gaap:InvestmentsMember2020-07-310001327567us-gaap:InvestmentsMember2020-07-310001327567us-gaap:CertificatesOfDepositMemberus-gaap:CashEquivalentsMember2019-07-310001327567us-gaap:CashEquivalentsMemberus-gaap:CommercialPaperMember2019-07-310001327567us-gaap:CashEquivalentsMemberus-gaap:USTreasuryAndGovernmentMember2019-07-310001327567us-gaap:CashEquivalentsMember2019-07-310001327567us-gaap:CertificatesOfDepositMemberus-gaap:InvestmentsMember2019-07-310001327567us-gaap:CommercialPaperMemberus-gaap:InvestmentsMember2019-07-310001327567us-gaap:CorporateDebtSecuritiesMemberus-gaap:InvestmentsMember2019-07-310001327567us-gaap:USTreasuryAndGovernmentMemberus-gaap:InvestmentsMember2019-07-310001327567us-gaap:InvestmentsMember2019-07-310001327567us-gaap:CashAndCashEquivalentsMemberus-gaap:CashEquivalentsMemberus-gaap:MoneyMarketFundsMember2020-07-310001327567us-gaap:CashAndCashEquivalentsMemberus-gaap:CashEquivalentsMemberus-gaap:MoneyMarketFundsMember2019-07-310001327567panw:CloudGenixIncMember2019-08-012020-07-310001327567panw:CloudGenixIncMember2020-04-212020-04-210001327567panw:CloudGenixIncMember2020-04-210001327567panw:CloudGenixIncMemberus-gaap:DevelopedTechnologyRightsMember2020-04-212020-04-210001327567panw:CloudGenixIncMemberus-gaap:CustomerRelationshipsMember2020-04-212020-04-210001327567panw:AporetoMember2019-08-012020-07-310001327567panw:AporetoIncMember2019-12-232019-12-230001327567panw:AporetoIncMember2019-12-230001327567panw:AporetoIncMemberus-gaap:DevelopedTechnologyRightsMember2019-12-232019-12-230001327567us-gaap:CustomerRelationshipsMemberpanw:AporetoIncMember2019-12-232019-12-230001327567panw:ZingboxInc.Member2019-09-202019-09-200001327567panw:ZingboxInc.Member2019-08-012020-07-310001327567panw:ZingboxInc.Member2019-09-200001327567panw:ZingboxInc.Memberus-gaap:DevelopedTechnologyRightsMember2019-09-202019-09-200001327567us-gaap:CustomerRelationshipsMemberpanw:ZingboxInc.Member2019-09-202019-09-200001327567panw:TwistlockLtd.Member2019-08-012020-07-310001327567panw:TwistlockLtd.Member2019-07-092019-07-090001327567panw:TwistlockLtd.Memberpanw:ReplacementEquityAwardsMember2019-07-092019-07-090001327567panw:TwistlockLtd.Memberus-gaap:RestrictedStockMember2019-07-092019-07-090001327567panw:TwistlockLtd.Member2019-07-090001327567panw:TwistlockLtd.Memberus-gaap:DevelopedTechnologyRightsMember2019-07-092019-07-090001327567panw:TwistlockLtd.Memberus-gaap:CustomerRelationshipsMember2019-07-092019-07-090001327567panw:PureSecLtd.Member2019-08-012020-07-310001327567panw:PureSecLtd.Member2019-06-122019-06-120001327567panw:PureSecLtd.Memberpanw:ReplacementEquityAwardsMember2019-06-122019-06-120001327567panw:PureSecLtd.Member2019-06-120001327567panw:PureSecLtd.Memberus-gaap:DevelopedTechnologyRightsMember2019-06-122019-06-120001327567panw:DemistoInc.Member2019-08-012020-07-310001327567panw:DemistoInc.Member2019-03-282019-03-280001327567panw:DemistoInc.Memberus-gaap:CommonStockMember2019-03-282019-03-280001327567panw:DemistoInc.Memberus-gaap:CommonStockMember2019-03-282019-03-280001327567panw:DemistoInc.Memberpanw:ReplacementEquityAwardsMember2019-03-282019-03-280001327567panw:DemistoInc.Memberus-gaap:RestrictedStockMember2019-03-282019-03-280001327567panw:DemistoInc.Member2019-03-280001327567panw:DemistoInc.Memberus-gaap:DevelopedTechnologyRightsMember2019-03-282019-03-280001327567us-gaap:CustomerRelationshipsMemberpanw:DemistoInc.Member2019-03-282019-03-280001327567panw:RedLockInc.Member2018-10-122018-10-120001327567panw:RedLockInc.Member2019-08-012020-07-310001327567panw:RedLockInc.Member2018-10-120001327567panw:RedLockInc.Memberus-gaap:DevelopedTechnologyRightsMember2018-10-122018-10-120001327567us-gaap:CustomerRelationshipsMemberpanw:RedLockInc.Member2018-10-122018-10-120001327567us-gaap:TrademarksAndTradeNamesMemberpanw:RedLockInc.Member2018-10-122018-10-120001327567panw:CyberSecdoLtd.Member2018-04-242018-04-240001327567panw:CyberSecdoLtd.Member2018-04-240001327567panw:CyberSecdoLtd.Memberus-gaap:DevelopedTechnologyRightsMember2018-04-242018-04-240001327567panw:CyberSecdoLtd.Memberus-gaap:CustomerRelationshipsMember2018-04-242018-04-240001327567panw:Evident.ioInc.Member2018-03-262018-03-260001327567panw:Evident.ioInc.Member2018-03-260001327567panw:Evident.ioInc.Member2019-08-012020-07-310001327567panw:Evident.ioInc.Memberus-gaap:DevelopedTechnologyRightsMember2018-03-262018-03-260001327567panw:Evident.ioInc.Memberus-gaap:TrademarksAndTradeNamesMember2018-03-262018-03-260001327567panw:Evident.ioInc.Memberus-gaap:CustomerRelationshipsMember2018-03-262018-03-260001327567us-gaap:DevelopedTechnologyRightsMember2020-07-310001327567us-gaap:DevelopedTechnologyRightsMember2019-07-310001327567us-gaap:CustomerRelationshipsMember2020-07-310001327567us-gaap:CustomerRelationshipsMember2019-07-310001327567us-gaap:PatentsMember2020-07-310001327567us-gaap:PatentsMember2019-07-310001327567us-gaap:TrademarksAndTradeNamesMember2020-07-310001327567us-gaap:TrademarksAndTradeNamesMember2019-07-310001327567us-gaap:OtherIntangibleAssetsMember2020-07-310001327567us-gaap:OtherIntangibleAssetsMember2019-07-310001327567us-gaap:InProcessResearchAndDevelopmentMember2020-07-310001327567us-gaap:InProcessResearchAndDevelopmentMember2019-07-310001327567panw:ComputerEquipmentEquipmentandSoftwareandSoftwareDevelopmentCostsMember2020-07-310001327567panw:ComputerEquipmentEquipmentandSoftwareandSoftwareDevelopmentCostsMember2019-07-310001327567us-gaap:LeaseholdImprovementsMember2020-07-310001327567us-gaap:LeaseholdImprovementsMember2019-07-310001327567us-gaap:LandMember2020-07-310001327567us-gaap:LandMember2019-07-310001327567panw:DemonstrationunitsMember2020-07-310001327567panw:DemonstrationunitsMember2019-07-310001327567us-gaap:FurnitureAndFixturesMember2020-07-310001327567us-gaap:FurnitureAndFixturesMember2019-07-310001327567panw:A2019NotesMember2014-06-300001327567panw:A2023NotesMember2018-07-310001327567panw:A2025NotesMember2020-06-030001327567panw:A2025NotesMember2020-06-032020-06-03panw:day0001327567panw:A2019NotesMember2014-06-302014-06-300001327567panw:A2023NotesMember2018-07-312018-07-310001327567panw:A2025NotesOptionToConvertMember2020-06-032020-06-030001327567panw:A2023NotesOptionToConvertMember2018-07-312018-07-310001327567panw:A2019NotesMember2018-08-012019-07-310001327567panw:A2019NotesMemberpanw:RepaymentAtEarlyConversionMember2018-08-012019-07-310001327567panw:A2019NotesMemberpanw:RepaymentAtMaturityDateMember2018-08-012019-07-310001327567panw:A2023NotesMember2020-07-310001327567panw:A2025NotesMember2020-07-310001327567panw:A2023NotesMember2019-07-310001327567us-gaap:FairValueInputsLevel2Member2020-07-310001327567us-gaap:FairValueInputsLevel2Member2019-07-310001327567panw:A2023NotesMember2019-08-012020-07-310001327567panw:A2025NotesMember2019-08-012020-07-310001327567panw:A2023NotesMember2018-08-012019-07-310001327567panw:A2019NotesMember2017-08-012018-07-310001327567panw:A2023NotesMember2017-08-012018-07-310001327567panw:A2019NotesMember2019-07-310001327567panw:A2019NotesMember2018-07-310001327567panw:A2019NoteHedgesMember2014-06-302014-06-300001327567panw:A2023NoteHedgesMember2018-07-312018-07-310001327567panw:A2025NoteHedgesMember2020-06-032020-06-030001327567panw:A2019WarrantsMember2014-06-300001327567panw:A2019WarrantsMember2014-06-302014-06-300001327567panw:A2023WarrantsMember2018-07-310001327567panw:A2023WarrantsMember2018-07-312018-07-310001327567panw:A2025WarrantsMember2020-06-030001327567panw:A2025WarrantsMember2020-06-032020-06-030001327567panw:A2019WarrantsMember2019-08-012020-07-310001327567us-gaap:RevolvingCreditFacilityMember2018-09-040001327567us-gaap:RevolvingCreditFacilityMemberpanw:Term2Member2018-09-042018-09-040001327567panw:Term2bMemberus-gaap:RevolvingCreditFacilityMember2018-09-040001327567us-gaap:RevolvingCreditFacilityMembersrt:MinimumMemberus-gaap:BaseRateMember2018-09-042018-09-040001327567us-gaap:RevolvingCreditFacilityMemberus-gaap:BaseRateMembersrt:MaximumMember2018-09-042018-09-040001327567us-gaap:LondonInterbankOfferedRateLIBORMemberus-gaap:RevolvingCreditFacilityMembersrt:MinimumMember2018-09-042018-09-040001327567us-gaap:LondonInterbankOfferedRateLIBORMemberus-gaap:RevolvingCreditFacilityMembersrt:MaximumMember2018-09-042018-09-040001327567us-gaap:RevolvingCreditFacilityMembersrt:MinimumMember2018-09-042018-09-040001327567us-gaap:RevolvingCreditFacilityMembersrt:MaximumMember2018-09-042018-09-040001327567us-gaap:RevolvingCreditFacilityMember2020-07-31panw:lease_agreement0001327567panw:Q415andQ116newleasearrangementsnewcorporateheadquartersMember2015-10-31utr:sqft0001327567panw:Q415andQ116newleasearrangementsnewcorporateheadquartersMember2017-09-302017-09-300001327567panw:Q415andQ116newleasearrangementsnewcorporateheadquartersMember2017-08-012017-10-310001327567panw:Q415NewLeaseArrangementspreviouscorporateheadquartersMember2015-05-310001327567panw:Q218NewSubleaseArrangementpreviouscorporateheadquartersMember2017-12-310001327567panw:Q113NewLeaseArrangementsPreviousCorporateHeadquartersMember2012-09-30panw:lease_renewal_option0001327567panw:Q113NewLeaseArrangementsPreviousCorporateHeadquartersMember2017-08-012018-07-310001327567panw:Q113NewLeaseArrangementsPreviousCorporateHeadquartersMember2018-08-012019-07-3100013275672019-12-012019-12-310001327567us-gaap:InventoriesMember2020-07-310001327567panw:CloudandOtherServicesMember2019-08-012020-07-310001327567panw:CloudandOtherServicesMember2020-07-310001327567panw:ShareRepurchaseProgramAMember2016-08-310001327567panw:ShareRepurchaseProgramAMember2017-02-280001327567panw:ShareRepurchaseProgramAMember2017-07-310001327567panw:ShareRepurchaseProgramBMember2019-02-280001327567panw:ShareRepurchaseProgramAMember2018-08-012019-07-310001327567panw:ShareRepurchaseProgramAMember2017-08-012018-07-310001327567panw:ShareRepurchaseProgramBMember2019-08-012020-07-310001327567panw:AcceleratedShareRepurchaseMember2020-02-240001327567panw:AcceleratedShareRepurchaseMember2019-08-012020-07-310001327567srt:MinimumMemberpanw:A2012EquityIncentivePlanMember2019-08-012020-07-310001327567srt:MaximumMemberpanw:A2012EquityIncentivePlanMember2019-08-012020-07-310001327567srt:MinimumMemberpanw:PerformanceBasedStockAwardPSAandPerformanceBasedStockUnitPSUMemberpanw:A2012EquityIncentivePlanMember2019-08-012020-07-310001327567panw:PerformanceBasedStockAwardPSAandPerformanceBasedStockUnitPSUMembersrt:MaximumMemberpanw:A2012EquityIncentivePlanMember2019-08-012020-07-310001327567panw:PerformancePeriod1Memberpanw:StockOptionswithServiceandMarketConditionsMemberpanw:A2012EquityIncentivePlanMember2019-08-012020-07-310001327567panw:StockOptionswithServiceandMarketConditionsMemberpanw:PerformancePeriod2Memberpanw:A2012EquityIncentivePlanMember2019-08-012020-07-310001327567panw:StockOptionswithServiceandMarketConditionsMemberpanw:PerformancePeriod3Memberpanw:A2012EquityIncentivePlanMember2019-08-012020-07-310001327567panw:StockOptionswithServiceandMarketConditionsMemberpanw:PerformancePeriod4Memberpanw:A2012EquityIncentivePlanMember2019-08-012020-07-310001327567panw:StockOptionswithServiceandMarketConditionsMembersrt:MinimumMemberpanw:A2012EquityIncentivePlanMember2019-08-012020-07-310001327567panw:A2012EquityIncentivePlanMember2020-07-310001327567srt:MaximumMemberpanw:A2012EquityIncentivePlanMember2020-07-310001327567panw:A2012EquityIncentivePlanMember2019-08-012020-07-310001327567panw:A2012EmployeeStockPurchasePlanMember2017-08-012018-07-310001327567panw:A2012EmployeeStockPurchasePlanMember2018-08-012019-07-310001327567panw:A2012EmployeeStockPurchasePlanMember2019-08-012020-07-310001327567panw:A2012EmployeeStockPurchasePlanMember2020-07-310001327567panw:EmployeeStockPurchasePlanEsppMemberpanw:A2012EmployeeStockPurchasePlanMember2019-08-012020-07-310001327567panw:EmployeeStockPurchasePlanEsppMemberpanw:A2012EmployeeStockPurchasePlanMember2020-07-310001327567srt:MaximumMemberpanw:A2012EmployeeStockPurchasePlanMember2020-07-310001327567panw:ZingboxInc.Memberus-gaap:RestrictedStockMember2019-08-012020-07-310001327567us-gaap:RestrictedStockMemberpanw:RedlockDemistoPuresecAndTwistlockMember2018-08-012019-07-310001327567panw:StockOptionswithServiceConditionMember2017-07-310001327567panw:StockOptionswithServiceConditionMember2016-08-012017-07-310001327567panw:StockOptionswithServiceandMarketConditionsMember2017-07-310001327567panw:StockOptionswithServiceandMarketConditionsMember2016-08-012017-07-310001327567panw:StockOptionswithServiceConditionMember2017-08-012018-07-310001327567panw:StockOptionswithServiceandMarketConditionsMember2017-08-012018-07-310001327567panw:StockOptionswithServiceConditionMember2018-07-310001327567panw:StockOptionswithServiceandMarketConditionsMember2018-07-310001327567panw:StockOptionswithServiceConditionMember2018-08-012019-07-310001327567panw:StockOptionswithServiceandMarketConditionsMember2018-08-012019-07-310001327567panw:StockOptionswithServiceConditionMember2019-07-310001327567panw:StockOptionswithServiceandMarketConditionsMember2019-07-310001327567panw:StockOptionswithServiceConditionMember2019-08-012020-07-310001327567panw:StockOptionswithServiceandMarketConditionsMember2019-08-012020-07-310001327567panw:StockOptionswithServiceConditionMember2020-07-310001327567panw:StockOptionswithServiceandMarketConditionsMember2020-07-310001327567panw:RestrictedStockAwardsRSAsMember2017-07-310001327567us-gaap:PerformanceSharesMember2017-07-310001327567panw:RestrictedStockAwardsRSAsMember2017-08-012018-07-310001327567us-gaap:PerformanceSharesMember2017-08-012018-07-310001327567panw:RestrictedStockAwardsRSAsMember2018-07-310001327567us-gaap:PerformanceSharesMember2018-07-310001327567panw:RestrictedStockAwardsRSAsMember2018-08-012019-07-310001327567us-gaap:PerformanceSharesMember2018-08-012019-07-310001327567panw:RestrictedStockAwardsRSAsMember2019-07-310001327567us-gaap:PerformanceSharesMember2019-07-310001327567panw:RestrictedStockAwardsRSAsMember2019-08-012020-07-310001327567us-gaap:PerformanceSharesMember2019-08-012020-07-310001327567panw:RestrictedStockAwardsRSAsMember2020-07-310001327567us-gaap:PerformanceSharesMember2020-07-310001327567us-gaap:RestrictedStockUnitsRSUMember2017-07-310001327567panw:PerformanceStockUnitsPSUsMember2017-07-310001327567us-gaap:RestrictedStockUnitsRSUMember2017-08-012018-07-310001327567panw:PerformanceStockUnitsPSUsMember2017-08-012018-07-310001327567us-gaap:RestrictedStockUnitsRSUMember2018-07-310001327567panw:PerformanceStockUnitsPSUsMember2018-07-310001327567us-gaap:RestrictedStockUnitsRSUMember2018-08-012019-07-310001327567panw:PerformanceStockUnitsPSUsMember2018-08-012019-07-310001327567us-gaap:RestrictedStockUnitsRSUMember2019-07-310001327567panw:PerformanceStockUnitsPSUsMember2019-07-310001327567us-gaap:RestrictedStockUnitsRSUMember2019-08-012020-07-310001327567panw:PerformanceStockUnitsPSUsMember2019-08-012020-07-310001327567us-gaap:RestrictedStockUnitsRSUMember2020-07-310001327567panw:PerformanceStockUnitsPSUsMember2020-07-310001327567panw:ZingboxAporetoAndCloudgenixMemberus-gaap:RestrictedStockUnitsRSUMember2018-08-012019-07-310001327567panw:ZingboxInc.Memberus-gaap:RestrictedStockUnitsRSUMember2019-08-012020-07-310001327567panw:AporetoIncMemberus-gaap:RestrictedStockUnitsRSUMember2019-08-012020-07-310001327567panw:CloudGenixIncMemberus-gaap:RestrictedStockUnitsRSUMember2019-08-012020-07-310001327567panw:EmployeeStockPurchasePlanEsppMember2019-08-012020-07-310001327567panw:EmployeeStockPurchasePlanEsppMember2018-08-012019-07-310001327567panw:EmployeeStockPurchasePlanEsppMember2017-08-012018-07-310001327567srt:MinimumMemberpanw:EmployeeStockPurchasePlanEsppMember2019-08-012020-07-310001327567panw:EmployeeStockPurchasePlanEsppMembersrt:MaximumMember2019-08-012020-07-310001327567srt:MinimumMemberpanw:EmployeeStockPurchasePlanEsppMember2018-08-012019-07-310001327567panw:EmployeeStockPurchasePlanEsppMembersrt:MaximumMember2018-08-012019-07-310001327567srt:MinimumMemberpanw:EmployeeStockPurchasePlanEsppMember2017-08-012018-07-310001327567panw:EmployeeStockPurchasePlanEsppMembersrt:MaximumMember2017-08-012018-07-310001327567us-gaap:CostOfSalesMemberus-gaap:ProductMember2019-08-012020-07-310001327567us-gaap:CostOfSalesMemberus-gaap:ProductMember2018-08-012019-07-310001327567us-gaap:CostOfSalesMemberus-gaap:ProductMember2017-08-012018-07-310001327567us-gaap:ServiceMemberus-gaap:CostOfSalesMember2019-08-012020-07-310001327567us-gaap:ServiceMemberus-gaap:CostOfSalesMember2018-08-012019-07-310001327567us-gaap:ServiceMemberus-gaap:CostOfSalesMember2017-08-012018-07-310001327567us-gaap:ResearchAndDevelopmentExpenseMember2019-08-012020-07-310001327567us-gaap:ResearchAndDevelopmentExpenseMember2018-08-012019-07-310001327567us-gaap:ResearchAndDevelopmentExpenseMember2017-08-012018-07-310001327567us-gaap:SellingAndMarketingExpenseMember2019-08-012020-07-310001327567us-gaap:SellingAndMarketingExpenseMember2018-08-012019-07-310001327567us-gaap:SellingAndMarketingExpenseMember2017-08-012018-07-310001327567us-gaap:GeneralAndAdministrativeExpenseMember2019-08-012020-07-310001327567us-gaap:GeneralAndAdministrativeExpenseMember2018-08-012019-07-310001327567us-gaap:GeneralAndAdministrativeExpenseMember2017-08-012018-07-310001327567us-gaap:GeneralAndAdministrativeExpenseMemberpanw:ZingboxInc.Member2019-08-012020-07-310001327567panw:AporetoIncMemberus-gaap:GeneralAndAdministrativeExpenseMember2019-08-012020-07-310001327567panw:CloudGenixIncMemberus-gaap:GeneralAndAdministrativeExpenseMember2019-08-012020-07-310001327567panw:RedLockInc.Memberus-gaap:GeneralAndAdministrativeExpenseMember2018-08-012019-07-310001327567panw:TwistlockLtd.Memberus-gaap:GeneralAndAdministrativeExpenseMember2018-08-012019-07-310001327567panw:Evident.ioInc.Memberus-gaap:GeneralAndAdministrativeExpenseMember2017-08-012018-07-310001327567panw:StockOptionswithServiceandMarketConditionsMemberpanw:A2012EquityIncentivePlanMember2019-08-012020-07-310001327567panw:StockOptionswithServiceandMarketConditionsMembersrt:MaximumMemberpanw:A2012EquityIncentivePlanMember2019-08-012020-07-310001327567us-gaap:InternalRevenueServiceIRSMember2020-07-310001327567us-gaap:StateAndLocalJurisdictionMember2020-07-310001327567us-gaap:ForeignCountryMember2020-07-310001327567us-gaap:ResearchMemberus-gaap:InternalRevenueServiceIRSMember2020-07-310001327567us-gaap:ResearchMemberus-gaap:StateAndLocalJurisdictionMember2020-07-310001327567us-gaap:ConvertibleDebtSecuritiesMember2019-08-012020-07-310001327567us-gaap:ConvertibleDebtSecuritiesMember2018-08-012019-07-310001327567us-gaap:ConvertibleDebtSecuritiesMember2017-08-012018-07-310001327567us-gaap:WarrantMember2019-08-012020-07-310001327567us-gaap:WarrantMember2018-08-012019-07-310001327567us-gaap:WarrantMember2017-08-012018-07-310001327567panw:RestrictedStockUnitsRSUsandPerformanceStockUnitsPSUsMember2019-08-012020-07-310001327567panw:RestrictedStockUnitsRSUsandPerformanceStockUnitsPSUsMember2018-08-012019-07-310001327567panw:RestrictedStockUnitsRSUsandPerformanceStockUnitsPSUsMember2017-08-012018-07-310001327567us-gaap:EmployeeStockOptionMember2019-08-012020-07-310001327567us-gaap:EmployeeStockOptionMember2018-08-012019-07-310001327567us-gaap:EmployeeStockOptionMember2017-08-012018-07-310001327567us-gaap:RestrictedStockMember2019-08-012020-07-310001327567us-gaap:RestrictedStockMember2018-08-012019-07-310001327567us-gaap:RestrictedStockMember2017-08-012018-07-310001327567us-gaap:EmployeeStockMember2019-08-012020-07-310001327567us-gaap:EmployeeStockMember2018-08-012019-07-310001327567us-gaap:EmployeeStockMember2017-08-012018-07-310001327567country:US2020-07-310001327567country:US2019-07-310001327567us-gaap:NonUsMember2020-07-310001327567us-gaap:NonUsMember2019-07-310001327567us-gaap:ProductMember2019-08-012019-10-310001327567us-gaap:ProductMember2019-11-012020-01-310001327567us-gaap:ProductMember2020-02-012020-04-300001327567us-gaap:ProductMember2020-05-012020-07-310001327567us-gaap:ServiceMember2019-08-012019-10-310001327567us-gaap:ServiceMember2019-11-012020-01-310001327567us-gaap:ServiceMember2020-02-012020-04-300001327567us-gaap:ServiceMember2020-05-012020-07-3100013275672019-08-012019-10-3100013275672019-11-012020-01-3100013275672020-02-012020-04-3000013275672020-05-012020-07-310001327567us-gaap:ProductMember2018-08-012018-10-310001327567us-gaap:ProductMember2018-11-012019-01-310001327567us-gaap:ProductMember2019-02-012019-04-300001327567us-gaap:ProductMember2019-05-012019-07-310001327567us-gaap:ServiceMember2018-08-012018-10-310001327567us-gaap:ServiceMember2018-11-012019-01-310001327567us-gaap:ServiceMember2019-02-012019-04-300001327567us-gaap:ServiceMember2019-05-012019-07-3100013275672018-08-012018-10-3100013275672018-11-012019-01-3100013275672019-02-012019-04-3000013275672019-05-012019-07-310001327567panw:DemistoInc.Memberpanw:GreylockPartnersMember2019-03-282019-03-280001327567panw:TheCrypsisGroupMemberus-gaap:SubsequentEventMember2020-08-012020-08-31
Table of Contents

UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
_____________________ 
FORM 10-K
_____________________
(Mark One)
 ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the fiscal year ended July 31, 2020
or
 TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the transition period from             to             
Commission File Number 001-35594
Palo Alto Networks, Inc.
(Exact name of registrant as specified in its charter)
Delaware20-2530195
(State or other jurisdiction of
incorporation or organization)
(I.R.S. Employer
Identification No.)
3000 Tannery Way
Santa Clara, California 95054
(Address of principal executive offices, including zip code)
(408753-4000
(Registrant’s telephone number, including area code)

Securities registered pursuant to Section 12(b) of the Act:
Title of each classTrading Symbol(s)Name of each exchange on which registered
Common stock, $0.0001 par value per sharePANWNew York Stock Exchange
Securities registered pursuant to Section 12(g) of the Act:
None
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes   No  
Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act.    Yes   No  
Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes   No  
Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes   No  
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.
Large accelerated filerAccelerated filer
Non-accelerated filerSmaller reporting company
Emerging growth company
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act.
Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report.
Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Act). Yes   No  
The aggregate market value of voting stock held by non-affiliates of the registrant was $22,950,644,677 as of January 31, 2020, the last business day of the registrant’s most recently completed second fiscal quarter (based on the closing sales price for the common stock on the New York Stock Exchange on such date). Shares of common stock held by each executive officer, director, and holder of 5% or more of the outstanding common stock have been excluded in that such persons may be deemed to be affiliates. This determination of affiliate status is not necessarily a conclusive determination for other purposes.
On August 21, 2020, 96,373,294 shares of the registrant’s common stock, $0.0001 par value, were outstanding.

DOCUMENTS INCORPORATED BY REFERENCE
Portions of the information called for by Part III of this Annual Report on Form 10-K is hereby incorporated by reference from the definitive proxy statement for the registrant’s 2020 annual meeting of stockholders, which will be filed with the Securities and Exchange Commission not later than 120 days after the registrant’s fiscal year ended July 31, 2020.




Table of Contents
TABLE OF CONTENTS

Page
PART I
Item 1.
Item 1A.
Item 1B.
Item 2.
Item 3.
Item 4.
PART II
Item 5.
Item 6.
Item 7.
Item 7A.
Item 8.
Item 9.
Item 9A.
Item 9B.
PART III
Item 10.
Item 11.
Item 12.
Item 13.
Item 14.
PART IV
Item 15.


- 2 -

Table of Contents
PART I
SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS
This Annual Report on Form 10-K, including the sections entitled “Business,” “Risk Factors,” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. The words “believe,” “may,” “will,” “potentially,” “estimate,” “continue,” “anticipate,” “intend,” “could,” “would,” “project,” “plan,” “expect,” and similar expressions that convey uncertainty of future events or outcomes are intended to identify forward-looking statements.
These forward-looking statements include, but are not limited to, statements concerning the following:
our expectations regarding the impacts on our business, the business of our customers, suppliers and partners, and the economy as a result of the global COVID-19 pandemic and related public health measures;
expectations regarding drivers of and factors affecting growth in our business;
the performance advantages of our products and subscription and support offerings and the potential benefits to our customers;
trends in and expectations regarding billings, revenue (including our revenue mix), costs of revenue, gross margin, cash flows, interest expense, operating expenses (including future share-based compensation expense), income taxes, investment plans and liquidity;
our ability to and expectation that we will continue to grow our installed end-customer base;
expected recurring revenues resulting from expected growth in our installed base and increased adoption of our products and cloud-based subscription services;
our expectations regarding future investments in research and development, customer support, in our employees and in our sales force, including expectations regarding growth in our sales headcount;
our ability to develop or acquire new product, subscription, and support offerings, improve our existing product, subscription, and support offerings, and increase the value of our product, subscription, and support offerings, including through deployment of new capabilities via security applications developed by third parties;
our expectation that we will continue to expand internationally;
our expectation that we will continue to renew existing contracts and increase sales to our existing customer base;
seasonal trends in our results of operations;
expected impact of the adoption of certain recent accounting pronouncements and the anticipated timing of adopting such standards;
our expectation that we will expand our facilities or add new facilities as we add employees and enter new geographic markets and expectations related to charges incurred in connection with exiting our former headquarter facilities;
our expectation that we will increase our customer financing activities;
the sufficiency of our cash flow from operations with existing cash and cash equivalents to meet our cash needs for the foreseeable future;
future investments in product development, subscriptions, or technologies, and any related delays in the development or release of new product and subscription offerings;
our ability to successfully acquire and integrate companies and assets, including closing The Crypsis Group acquisition;
expectations and intentions with respect to the products and technologies that we acquire and introduce;
the timing and amount of capital expenditures and share repurchases; and
other statements regarding our future operations, financial condition and prospects, and business strategies.
These forward-looking statements are subject to a number of risks, uncertainties, and assumptions, including those described in “Risk Factors” included in Part I, Item 1A and elsewhere in this Annual Report on Form 10-K. Moreover, we operate in a very competitive and rapidly changing environment, and new risks emerge from time to time. It is not possible for our management to predict all risks, nor can we assess the impact of all factors on our business or the extent to which any factor, or combination of factors, may cause actual results to differ materially from those contained in any forward-looking statements we may make. In light of these risks, uncertainties, and assumptions, the forward-looking events and circumstances discussed in this Annual Report on Form
- 3 -

Table of Contents
10-K may not occur, and actual results could differ materially and adversely from those anticipated or implied in the forward-looking statements. We undertake no obligation to revise or publicly release the results of any revision to these forward-looking statements, except as required by law. Given these risks and uncertainties, readers are cautioned not to place undue reliance on such forward-looking statements.
ITEM 1. BUSINESS
General
Palo Alto Networks, Inc. is a global cybersecurity provider with a vision of a world where each day is safer and more secure than the one before. We were incorporated in 2005 and are headquartered in Santa Clara, California.
We empower enterprises, service providers, and government entities to secure all users, applications, data, networks and devices with comprehensive visibility and context continuously across all locations. We deliver cybersecurity products covering a broad range of use cases, enabling our end-customers to secure their networks, remote workforce, access to the service edge, branch locations, public and private clouds, and to advance their Security Operations Centers (“SOC”). We believe our portfolio offers advanced prevention and security, while reducing the total cost of ownership for organizations by improving operational efficiency and eliminating the need for siloed point products. We do this with solutions focused on delivering value in three fundamental areas:
Secure the Enterprise:
Secure the network through our ML-powered Next-Generation Firewalls, available in a number of form factors, including physical, virtual and containerized appliances, as well as a cloud-delivered service, with Panorama management available as an appliance or as a virtual machine for the public or private cloud. This also includes security services such as Threat Prevention, WildFire, URL Filtering, DNS Security, IoT Security, GlobalProtect, SD-WAN and Data Loss Prevention that are delivered as SaaS subscriptions to our ML-powered Next-Generation Firewalls.
Secure the Cloud:
Secure the cloud through our Prisma security offerings, such as Prisma Cloud, the industry’s most comprehensive Cloud Native Security Platform (“CNSP”), protecting applications, data and the entire cloud native technology stack, throughout the full development lifecycle and across multi- and hybrid- cloud environments, Prisma SaaS for protecting SaaS applications, Prisma Access, a comprehensive Secure Access Service Edge (“SASE”) offering, that, together with CloudGenix SD-WAN, securing SD-WAN to enable the cloud delivered branch, and VM-Series and CN-Series for in-line network security in multi- and hybrid- cloud environments.
Secure the Future:
Secure the future of security operations through our Cortex security offerings, which includes Cortex XDR for prevention, detection and response, Cortex XSOAR for security orchestration, automation and response (“SOAR”), AutoFocus for threat intelligence, and Cortex Data Lake to collect and integrate security data for analytics. These products are delivered as software or SaaS subscriptions.
Impact of COVID-19 on our Business
We are actively monitoring, evaluating and responding to developments relating to COVID-19, which has and is expected to result in continued significant global social and business disruption. While we instituted a global work-from-home policy beginning in March 2020, we did not incur significant disruptions in our work operations during fiscal 2020. We are conducting business as usual with restrictions to employee travel and transitioning of in-person marketing events to virtual formats, among other modifications. These changes will substantially remain in effect in the first quarter of fiscal 2021 and are likely to extend to future quarters. We will continue to actively monitor the situation and will make further changes to our business operations as may be required by federal, state or local authorities or that we determine are in the best interests of our employees, end-customers, partners, suppliers and stockholders. Our focus remains on the safety of our employees, striving to protect the health and well-being of the communities in which we operate, and providing technology to our employees, end-customers and partners to help them do their best work while remote.
Although some end-customers adopted Prisma Access as their secure work-from-home solution for the longer term, COVID-19 may curtail our end-customers' spending and could lead them to delay or defer purchasing decisions, and lengthen sales cycles and payment terms, which could materially adversely impact our business, results of operations and overall financial performance. Also, certain of our end-customers or partners may be or may become credit or cash constrained making it difficult for them to fulfill their payment obligations to us. The extent of the impact of COVID-19 on our operational and financial performance will depend on developments, including the duration and spread of the virus, impact on our end-customers’ spending, volume of sales and length of our sales cycles, impact on our partners, suppliers and employees, actions that may be taken by governmental authorities and other factors identified in Part I, Item 1A "Risk Factors" in this Form 10-K. Given the dynamic nature of these circumstances, the full impact of COVID-19 on our ongoing business, results of operations and overall financial performance cannot be reasonably estimated at this time.
- 4 -

Table of Contents
Product, Subscription, and Support Offerings
Our products are available in the form of the product, subscription, and support offerings described below.
Firewall Appliances and Software. All of our firewall appliances and software incorporate our PAN-OS operating system and come with the same rich set of features ensuring consistent operation across our entire product line. These features include: App-ID, User-ID, Content-ID, site-to-site virtual private network (“VPN”), remote access Secure Sockets Layer (“SSL”) VPN, and Quality-of-Service (“QoS”). Our appliances and software are designed for different performance requirements throughout an organization and are classified based on throughput, ranging from our PA-220, which is designed for small organizations and remote or branch offices, to our top-of-the-line PA-7080, which is designed for large scale data centers and service provider use. Our firewall appliances come in a physical form factor, in a virtual form factor, called VM-Series, that is available for virtualization and cloud environments from companies such as VMware, Inc. (“VMware”), Microsoft Corporation (“Microsoft”), Amazon.com, Inc. (“Amazon”), and Google, Inc. (“Google”), and in Kernel-based Virtual Machine (“KVM”)/OpenStack environments, as well as in a containerized form factor, called CN-Series.
Panorama. Panorama is our centralized security management solution for global control of all of our firewall appliances and software deployed on an end-customer’s network, as well as in their instances in public or private cloud environments as a virtual appliance or a physical appliance. Panorama is used for centralized policy management, device management, software licensing and updates, centralized logging and reporting, and log storage. Panorama controls the security, network address translation (“NAT”), QoS, policy-based forwarding, decryption, application override, captive portal, and distributed denial of service/denial of service (“DDoS/DoS”) protection aspects of the appliances, software, virtual and containerized systems under management. Panorama centrally manages device software and associated updates, including SSL-VPN clients, SD-WAN, dynamic content updates, and software licenses. Panorama offers network security monitoring through the ability to view logs and run reports from all managed appliances and software in one location without the need to forward the logs and reliably expands log storage for long-term event investigation and analysis.
Virtual System Upgrades. Virtual System Upgrades are available as extensions to the Virtual System capacity that ships with our physical appliances. Virtual Systems provide a mechanism to support multiple distinct security policies and administrative access for tenants on the same hardware device, which is applicable to our large enterprise and service provider end-customers.
Subscription Offerings. We offer a number of subscriptions as part of our portfolio. Of these subscription offerings, Threat Prevention, WildFire, URL Filtering, DNS Security, IoT Security, GlobalProtect, SD-WAN and Data Loss Prevention are sold as options to our firewall appliances and software, whereas AutoFocus, Prisma Access (formerly GlobalProtect cloud service), CloudGenix SD-WAN, Prisma Cloud (formerly Redlock Inc. (“RedLock”), Twistlock LTD. (“Twistlock”), PureSec Ltd. (“PureSec”) and Aporeto Inc. (“Aporeto”)), Prisma SaaS (formerly Aperture), Cortex Data Lake (formerly Logging Service), Cortex XDR (formerly Cortex XDR and Traps) and Cortex XSOAR (formerly Demisto Inc. (“Demisto”)) are sold on a per-user, per-endpoint, or capacity-based basis. Our subscription offerings include:
Secure the Enterprise:
Threat Prevention. This subscription provides intrusion detection and prevention capabilities and blocks vulnerability exploits, viruses, spyware, buffer overflows, denial-of-service attacks, and port scans from compromising and damaging enterprise information resources. It includes mechanisms such as protocol decoder-based analysis, protocol anomaly-based protection, stateful pattern matching, statistical anomaly detection, heuristic-based analysis, custom vulnerability and spyware “phone home” signatures, and workflows to manage popular open-source signature formats to extend our leading coverage.
WildFire. This cloud-based or appliance-based subscription provides protection against targeted malware and advanced persistent threats and provides a near real-time analysis engine for detecting previously unseen malware while resisting attacker evasion techniques. The core component of this subscription is a sandbox environment that can operate on an end-customers’ private cloud or our public cloud, where files can be run and monitored for more than 100 behavioral characteristics that identify the file as malware. A machine learning module derived from the cloud sandbox environment is now delivered in-line on the ML-powered Next-Generation Firewalls to identify the majority of unknown threats without cloud connectivity. Once identified, whether in the cloud or in-line, preventive measures are automatically generated and delivered to all subscribed devices in seconds or less. By providing this as a cloud-based subscription, all of our end-customers benefit from malware found on any of our end-customer’s networks.
URL Filtering. This subscription provides the uniform resource locator (“URL”) filtering capabilities of our portfolio. Our cloud-based URL filtering database consists of millions of URLs across many categories and is designed to analyze web traffic and prevent web-based threats such as phishing, malware, and command-and-control. The curated on-appliance URL database can be augmented to suit the traffic patterns of the local user community with a custom URL database. Our cloud-delivered service features network-based phishing protection, including a machine learning module delivered inline on our ML-powered Next-Generation Firewalls. These machine learning techniques can detect and stop never before seen threats and evasive phishing before they reach users or endpoints. Native integration with our ML-
- 5 -

Table of Contents
powered Next-Generation Firewalls eliminates the need for customers to deploy and manage their web security separately from network security.
DNS Security. This cloud-based subscription uses machine learning to proactively block malicious domains and stops attacks in progress. Unlike other solutions, it does not require endpoint routing configurations to be maintained and therefore cannot be by-passed. It allows firewalls access to DNS signatures that are generated using advanced predictive analysis, machine learning, and malicious domain data from a growing threat intelligence sharing community of which we are a part. Expanded categorization of DNS traffic and comprehensive analytics allow deep insights into threats, empowering security personnel with the context to optimize their security posture.
IoT Security. IoT Security is a new subscription on our ML-powered Next-Generation Firewalls with backward compatibility to older versions of PAN-OS. Using machine learning and our App-ID technology, it can accurately identify and classify various IoT and operational technology (“OT”) devices including never-been-seen-before devices, mission critical OT devices and unmanaged legacy systems. It uses machine learning to baseline normal behavior, identify anomalous activity, assess risk, and provide policy recommendations to allow trusted behavior with a new Device-ID policy construct on our ML-powered Next-Generation Firewalls. Our existing subscription-based security services have also been enhanced with IoT context to prevent threats on various devices, including IoT and OT devices.
GlobalProtect. This appliance-based subscription provides protection for users of both traditional laptop and mobile devices. It expands the boundaries of the end-users’ physical network, effectively establishing a logical perimeter that encompasses remote laptop and mobile device users irrespective of their location. When a remote user logs into the device, GlobalProtect automatically determines the closest gateway available to the roaming device and establishes a secure connection. Regardless of the operating systems, laptops, tablets and phones will stay connected to the corporate network when they are on a network of any kind and as a result, are protected as if they never left the corporate campus. GlobalProtect ensures that the same secure application enablement policies that protect users at the corporate site are enforced for all users, independent of their location.
SD-WAN. Our SD-WAN subscription is now integrated with PAN-OS, so that our end-customers can get the security features of our PAN-OS ML-powered Next Generation Firewall together with SD-WAN functionality. The SD-WAN overlay supports dynamic, intelligent path selection based on the applications, services and conditions of the links that each application or service is allowed to use, allowing applications to be prioritized based on criteria such as whether the application is mission-critical, latency-sensitive, or meets certain health criteria.
Data Loss Prevention. Our Enterprise Data Loss Prevention service is a cloud service that provides consistent, reliable protection of sensitive data, such as personally identifiable information (PII) and intellectual property, for all traffic types, applications, and users. Native integration with our products makes it simple to deploy, and advanced machine learning minimizes management complexity. Enterprise DLP allows organizations to consistently discover, classify, monitor, and protect sensitive data, wherever it may reside. It helps minimize the risk of a data breach both on-premises and in the cloud—such as in Office/Microsoft 365™, Salesforce®, and Box—and assists in meeting stringent data privacy and compliance regulations, including GDPR, CCPA, PCI DSS, HIPAA, and others.
Secure the Cloud:
Prisma Cloud. Prisma Cloud is the industry’s most comprehensive CNSP, securing public clouds and cloud native applications. Prisma Cloud delivers cloud security posture management and a cloud workload protection platform that provides comprehensive visibility and threat detection across an organization's hybrid, multi-cloud infrastructure.
Prisma SaaS. Prisma SaaS is a multi-mode, cloud access security broker service that helps govern sanctioned SaaS application usage across all users and helps prevent breaches and non-compliance. Specifically, the service enables the discovery and classification of data stored across the supported SaaS applications, protects sensitive data from accidental exposure, identifies and protects against known and unknown malware, and performs user activity monitoring to identify potential misuse or data exfiltration. It delivers complete visibility and granular enforcement across all user, folder, and file activity within sanctioned SaaS applications.
Prisma Access. This cloud-based subscription enables our end-customers to utilize the preventive capabilities of our portfolio to secure remote offices and mobile users, providing consistent protection across globally distributed network and cloud environments without the need for firewall appliances or software in the remote locations. With this offering, our end-customers can quickly and easily add or remove remote locations and users, and establish and adjust security policies as needed, using a multi-tenant, cloud-based security infrastructure that we operate on their behalf.
CloudGenix SD-WAN. Our CloudGenix SD-WAN solution is a next-generation SD-WAN solution that makes the secure cloud-delivered branch possible. Unlike legacy SD-WAN solutions that introduce cost and complexity, Our CloudGenix
- 6 -

Table of Contents
SD-WAN ensures exceptional user experience with app defined policies and simplifies network and security operations using machine learning and automation.
Secure the Future:
Cortex XDR. This cloud-based subscription enables organizations to identify and stop the most sophisticated attacks by applying AI and machine learning to context rich network, endpoint, and cloud data, to quickly find and stop targeted attacks, insider abuse, and compromised endpoints. Cortex XDR is comprised of XDR Prevent and XDR Pro. XDR Prevent delivers enterprise class endpoint security focused on preventing attacks. XDR Pro encompasses endpoint detection and response (“EDR”) and cross-data source analytics including network and identity data. These capabilities build on each other, such that a customer can start with XDR Prevent, then upgrade to XDR Pro for EDR and then upgrade to XDR Pro for cross-data source analytics.
Cortex XSOAR. Available as a cloud-based subscription or an on-premises appliance, Cortex XSOAR is the industry’s first extended SOAR offering that unifies playbook automation, case management, real-time collaboration, and threat intelligence management to serve security teams across the incident lifecycle. With Cortex XSOAR, security teams can standardize processes, automate repeatable tasks and manage incidents across their security product stack to improve response time and analyst productivity. Cortex XSOAR is powered by our machine learning bot, DBot, which ingests information about indicators to determine if they are malicious. It learns from the real-life analyst interactions and past investigations to help SOC teams with analyst assignment suggestions, playbook enhancements, and best next steps for investigations. 
AutoFocus. This cloud-based subscription provides threat intelligence capabilities to our end-customers’ security operations teams. Indicators of compromise and anomalies that occur on an end-customer’s network can be correlated with similar data that has been centrally collected from all our participating end-customers. This offers our end-customers priority alerts, deep attack context, and high-fidelity threat intelligence across millions of malware samples and tens of billions of file artifacts. This includes a direct pipeline to actionable intelligence from Unit 42, our threat research team. AutoFocus can inform users if adversaries and campaigns discovered by Unit 42 have targeted the end-user’s network, or similar networks.
Cortex Data Lake. This cloud-based subscription allows our customers to collect large amounts of context-rich enhanced network logs generated by our security offerings, including those of our ML-powered Next-Generation Firewalls, Prisma Access subscription, and Cortex XDR subscription, without needing to plan for local data storage.
Support. We offer Standard Support, Premium Support, four-hour Premium Support and Platinum Support to our end-customers and channel partners. Our channel partners that operate a Palo Alto Networks Authorized Support Center (“ASC”) typically deliver level-one and level-two support. We provide level-three support 24 hours a day, seven days a week through regional support centers that are located worldwide. We also offer an annual subscription-based Service Account Management (“SAM”) service that provides support for end-customers with unique or complex support requirements. We offer our end-customers ongoing support for both hardware and software in order to receive ongoing security updates, PAN-OS upgrades, bug fixes, and repair. End-customers typically purchase these services for a one-year or longer term at the time of the initial product sale and typically renew for successive one-year or longer periods. Additionally, we provide expedited replacement for any defective hardware. We use a third-party logistics provider to manage our worldwide deployment of spare appliances and other accessories.
Professional Services. Professional services are delivered directly by us and through our authorized channel partners to our end-customers and include on-location and remote, hands-on experts who plan, design, and deploy effective security solutions tailored to our end-customers’ specific requirements. These services include architecture design and planning, configuration, and firewall migrations, as well as Prisma and Cortex deployments. Our education services provide online and in-classroom training and are also primarily delivered through our authorized training partners.
Technology
We provide comprehensive and integrated cybersecurity solutions with a portfolio that eliminates the need for siloed security products.
ML-powered Next-Generation Firewall. Our ML-powered Next-Generation Firewalls embed machine learning in the core of the firewall, empowering our customers to stay ahead of new emerging threats, see and secure their entire enterprise, including IoT, and support speed and error reduction with automatic policy recommendations. Our ML-Powered Next-Generation Firewalls extend visibility and security to all devices connecting to an end-user’s network, including unmanaged IoT devices without the need to deploy additional sensors. Our ML-powered Next-Generation Firewalls inspect all traffic defined by the end-users policies, including all applications, threats, and content, and tie that traffic to the user, regardless of location or device type. The user, application, devices and content—the elements that run a business—become integral components of an enterprise's security policy via our User-ID, App-ID, Device-ID and Content-ID technology. As a result, security aligns with business policies as well as write rules that are easy to understand and maintain. Our ML-powered Next-Generation Firewalls can be deployed in multiple form factors, including hardware, software and cloud service, all managed centrally.
- 7 -

Table of Contents
Prisma Access. Prisma Access is a SASE technology that helps organizations deliver consistent security to remote networks and mobile users. Located in more than 100 locations around the world in 76 countries, Prisma Access consistently inspects all traffic across all ports and provides bidirectional networking to enable branch-to-branch and branch-to-headquarter traffic.
Delivering protection at scale, Prisma Access provides global coverage so teams do not have to worry about sizing and deploying hardware firewalls at the branch. Prisma Access uses Cortex Data Lake for centralized analysis, reporting, and forensics.
CloudGenix SD-WAN. CloudGenix SD-WAN provides deep application visibility, with Layer 7 intelligence for network policy creation and traffic engineering, ensuring exceptional user experience by enabling network teams to deliver Service Level Agreements (“SLA”s) for all apps including Cloud, SaaS and Unified communication as a Service (“UCaaS”). Machine learning and data science methodologies automate operations and problems avoidance to simplify network operations and reduce network trouble tickets.
Prisma Cloud. Prisma Cloud is a unified CNSP with broad security and compliance coverage for the entire cloud across hybrid and multi-cloud environments. Prisma Cloud protects cloud native applications and data spanning hosts, containers, serverless deployments, storage, and other platform as a Service (“PaaS”) offerings across cloud platforms. It dynamically discovers resources as they are deployed and correlates data cloud services (resource configurations, flow logs, audit logs, host and container logs, etc.) to provide security and compliance insights for cloud applications. It uses machine learning to profile user, workload, and app behaviors to prevent advanced threats.
Prisma Cloud integrates with continuous integration and continuous development (“CI/CD”) tool chains to provide full lifecycle vulnerability management, infrastructure-as-code scanning, runtime defense, and cloud native firewalling. With a comprehensive library of compliance frameworks, it vastly simplifies the task of maintaining compliance. Prisma Cloud provides this through deep context-sharing that spans infrastructure, PaaS, users, development platforms, data, and application workloads. Seamless integration with security orchestration tools ensures rapid remediation of vulnerabilities.
Prisma SaaS. Prisma SaaS enables safe cloud adoption by providing visibility, compliance controls, and security for cloud applications and sensitive data. It helps minimize the use of shadow IT, secure access to corporate SaaS applications and mitigate the risk of a data breach in the cloud.
Cortex XDR. Cortex XDR is an industry recognized extended detection and response offering that integrates endpoint, network, and cloud data to stop sophisticated attacks. Going beyond EDR, Cortex XDR detects the most complex threats using analytics across key data sources and reveals the root cause, reducing investigation time eighty eight percent compared to manual processes.
Cortex XSOAR. Cortex XSOAR improves SOC efficiency with an industry recognized extended SOAR offering. Security leaders can transform every aspect of their operations with a comprehensive, unified approach to case management, automation, real-time collaboration, and threat intelligence management. Cortex XSOAR enables security teams to manage alerts across all sources, standardize any processes with playbooks, take action on threat intelligence, and automate response for every security use case, and use of which has resulted, for many of our customers, in significantly faster SOC response times and a significant reduction in alerts to the SOC which require human intervention.
Certifications. Many of our products have been awarded Federal Information Processing Standard (“FIPS”) 140-2 Level 2, Common Criteria/National Information Assurance Partnership (“NIAP”) Evaluation Assurance Level (“EAL”) 2, Common Criteria/NIAP EAL4+, Network Equipment-Building System (“NEBS”), and ICSA Firewall certifications.
Research and Development
Our research and development efforts are focused on developing new hardware and software and on enhancing and improving our existing product and subscription offerings. We believe that hardware and software are both critical to expanding our leadership in the enterprise security market. Our engineering team has deep networking, endpoint, and security expertise and works closely with end-customers to identify their current and future needs. In addition to our focus on hardware and software, our research and development team is focused on research into applications and threats, which allows us to respond to the rapidly changing application and threat landscape. We supplement our own research and development efforts with technologies and products that we license from third parties. We test our products thoroughly to certify and ensure interoperability with third-party hardware and software products.
We believe that innovation and timely development of new features and products is essential to meeting the needs of our end-customers and improving our competitive position. During fiscal 2020, we introduced several new offerings, including: PAN-OS 10.0 with over 70 new features; our new ML-powered Next-Generation Firewalls; and our Cortex XSOAR solution that redefines security orchestration and automation with integrated threat intelligence management. Additionally, we acquired productive investments that fit well within our long-term strategy. For example, we acquired Zingbox, Inc. (“Zingbox”), which we believe will accelerate our delivery of IoT security through our ML-powered Next-Generation Firewall and Cortex products, Aporeto, which we believe will strengthen our cloud-native security platform capabilities delivered by Prisma Cloud and CloudGenix Inc. (“CloudGenix”), which we believe will strengthen our SASE offering.
We plan to continue to significantly invest in our research and development effort as we evolve and extend the capabilities of our portfolio.
- 8 -

Table of Contents
Intellectual Property
Our industry is characterized by the existence of a large number of patents and frequent claims and related litigation regarding patent and other intellectual property rights. In particular, leading companies in the enterprise security industry have extensive patent portfolios and are regularly involved in both offensive and defensive litigation. We continue to grow our patent portfolio and own intellectual property and related intellectual property rights around the world that relate to our products, services, research and development, and other activities, and our success depends in part upon our ability to protect our core technology and intellectual property. We file patent applications to protect our intellectual property and believe that the duration of our issued patents is sufficient when considering the expected lives of our products.
We actively seek to protect our global intellectual property rights and to deter unauthorized use of our intellectual property by controlling access to and use of our proprietary software and other confidential information through the use of internal and external controls, including contractual protections with employees, contractors, end-customers and partners, and our software is protected by U.S. and international copyright laws. Despite our efforts to protect our intellectual property rights, our rights may not be successfully asserted in the future or may be invalidated, circumvented or challenged. In addition, the laws of various foreign countries where our offerings are distributed may not protect our intellectual property rights to the same extent as laws in the United States. See “Risk Factors-Claims by others that we infringe their proprietary technology or other rights could harm our business,” “Risk Factors-Our proprietary rights may be difficult to enforce or protect, which could enable others to copy or use aspects of our products or subscriptions without compensating us,” and “Legal Proceedings” below for additional information.
Competition
We operate in the intensely competitive enterprise security market that is characterized by constant change and innovation. Changes in the application, threat, and technology landscape result in evolving customer requirements for the protection from threats and the safe enablement of applications. Our main competitors fall into five categories:
large companies that incorporate security features in their products, such as Cisco Systems, Inc. (“Cisco”) or those that have acquired, or may acquire, large network and endpoint security vendors and have the technical and financial resources to bring competitive solutions to the market;
independent security vendors such as Check Point Software Technologies Ltd. (“Check Point”), Fortinet, Inc. (“Fortinet”), and Zscaler, Inc. (“Zscaler”) that offer a mix of network and endpoint security products;
startups and single-vertical vendors that offer independent or emerging solutions in network;
public cloud vendors and startups that offer solutions for cloud security (private, public and hybrid cloud); and
large and small companies, such as Crowdstrike, Inc (“Crowdstrike”) that offer solutions for security operations and endpoint security.
As our market grows, it will attract more highly specialized vendors as well as larger vendors that may continue to acquire or bundle their products more effectively.
The principal competitive factors in our market include:
product features, reliability, performance, and effectiveness;
product line breadth, diversity, and applicability;
product extensibility and ability to integrate with other technology infrastructures;
price and total cost of ownership;
adherence to industry standards and certifications;
strength of sales and marketing efforts; and
brand awareness and reputation.
We believe we generally compete favorably with our competitors on the basis of these factors as a result of the features and performance of our portfolio, the ease of integration of our products with technological infrastructures, and the relatively low total cost of ownership of our products. However, many of our competitors have substantially greater financial, technical, and other resources, greater name recognition, larger sales and marketing budgets, broader distribution, more diversified product lines, and larger and more mature intellectual property portfolios.
Sales, Customer Support and Marketing
Customers. Our end-customers are predominantly medium to large enterprises, service providers, and government entities. Our end-customers operate in a variety of industries, including education, energy, financial services, government entities, healthcare, Internet and media, manufacturing, public sector, and telecommunications. Our end-customers deploy our portfolio of products for a
- 9 -

Table of Contents
variety of security functions across a variety of deployment scenarios. Typical deployment scenarios include the enterprise perimeter, the enterprise data center, and the distributed enterprise perimeter. Our end-customer deployments typically involve at least one pair of our products along with one or more of our subscriptions, depending on size, security needs and requirements, and network complexity. No single end-customer accounted for more than 10% of our total revenue in fiscal 2020, 2019, or 2018.
Distribution. We primarily sell our products and subscription and support offerings to end-customers through our channel partners utilizing a two-tier, indirect fulfillment model whereby we sell our products and subscription and support offerings to our distributors, which, in turn, sell to our resellers, which then sell to our end-customers. Sales are generally subject to our standard, non-exclusive distributor agreement, which provides for an initial term of one year, one-year renewal terms, termination by us with 30-90 days written notice prior to the renewal date, and payment to us from the channel partner within 30-45 calendar days of the date we issue an invoice for such sales. For fiscal 2020, 68.8% of our total revenue was derived from sales to four distributors.
We also sell our VM-Series virtual firewalls directly to end-customers through Amazon’s AWS Marketplace, Microsoft’s Azure Marketplace, and Google’s Cloud Platform Marketplace under a usage-based licensing model.
Sales. Our sales organization is responsible for large-account acquisition and overall market development, which includes the management of the relationships with our channel partners, working with our channel partners in winning and supporting end-customers through a direct-touch approach, and acting as the liaison between our end-customers and our marketing and product development organizations. We expect to continue to grow our sales headcount in all of our principal markets and expand our presence into countries where we currently do not have a direct sales presence.
Our sales organization is supported by sales engineers with responsibility for pre-sales technical support, solutions engineering for our end-customers, and technical training for our channel partners.
Channel Program. Our NextWave Channel Partner program is focused on building in-depth relationships with solutions-oriented distributors and resellers that have strong security expertise. The program rewards these partners based on a number of attainment goals, as well as provides them access to marketing funds, technical and sales training, and support. To ensure optimal productivity, we operate a formal accreditation program for our channel partners’ sales and technical professionals. As of July 31, 2020, we had more than 5,600 channel partners.
Customer Support. Our customer support organization is responsible for delivering support, professional, and educational services directly to our channel partners and to end-customers. We leverage the capabilities of our channel partners and train them in the delivery of support, professional, and educational services to ensure these services are locally delivered. We believe that a broad range of support services is essential to the successful customer deployment and ongoing support of our products, and we have hired support engineers with proven experience to provide those services.
Marketing. Our marketing is focused on building our brand reputation and the market awareness of our portfolio and driving pipeline and end-customer demand. Our marketing team consists primarily of product marketing, brand, demand, field, communications, including analyst relations and digital and analytics functions. Marketing activities include pipeline development through demand generation, social media and advertising programs, managing the corporate web site and partner portal, trade shows and conferences, analyst relationships, customer advocacy, and customer awareness. Every year we organize our end-customer conference “Ignite.” We also publish threat intelligence research such as the Unit 42 Cloud Threat Report and the Unit 42 IoT Threat Report, which are based on data from our global threat intelligence team, Unit 42. These activities and tools benefit both our direct and indirect channels and are available at no cost to our channel partners.
Backlog. Orders for subscription and support offerings for multiple years are generally billed upfront shortly after fulfillment of an order and are included in deferred revenue. Timing of revenue recognition for subscription and support offerings may vary depending on the contractual period or when the subscription and support offerings are rendered. Products are shipped and billed shortly after receipt of an order. The majority of our product revenue comes from orders that are received and shipped in the same quarter. As such, we do not believe that our product backlog at any particular time is meaningful and it is not necessarily indicative of our future operating results.
Seasonality. Our business is affected by seasonal fluctuations in customer spending patterns. We have begun to see seasonal patterns in our business, which we expect to become more pronounced as we continue to grow, with our strongest sequential revenue growth occurring in our fiscal second and fourth quarters.
Manufacturing
We outsource the manufacturing of our security products to various manufacturing partners, which include our electronics manufacturing services provider (“EMS provider”) and original design manufacturers. This approach allows us to reduce our costs as it reduces our manufacturing overhead and inventory and also allows us to adjust more quickly to changing end-customer demand. Our EMS provider is Flextronics International, Ltd. (“Flex”), who assembles our products using design specifications, quality assurance programs, and standards that we establish, and procures components and assembles our products based on our demand forecasts. These forecasts represent our estimates of future demand for our products based upon historical trends and analysis from our sales and product management functions as adjusted for overall market conditions.
- 10 -

Table of Contents
The component parts within our products are either sourced by our manufacturing partners or by various component suppliers. We do not have any long-term manufacturing contracts that guarantee us any fixed capacity or pricing, which could increase our exposure to supply shortages or price fluctuations related to raw materials.
Employees
As of July 31, 2020, we had 8,014 employees. Competition for qualified personnel in our industry is intense, and we believe that our future success depends in part on our continued ability to hire, motivate, and retain such personnel.
Available Information
Our website is located at www.paloaltonetworks.com, and our investor relations website is located at investors.paloaltonetworks.com. Our Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K and amendments to reports filed or furnished pursuant to Sections 13(a) and 15(d) of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), are available free of charge on the Investors portion of our web site as soon as reasonably practicable after we electronically file such material with, or furnish it to, the Securities and Exchange Commission (“SEC”). We also provide a link to the section of the SEC’s website at www.sec.gov that has all of our public filings, including Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, all amendments to those reports, our Proxy Statements, and other ownership related filings.
We also use our investor relations website as a channel of distribution for important company information. For example, webcasts of our earnings calls and certain events we participate in or host with members of the investment community are on our investor relations website. Additionally, we announce investor information, including news and commentary about our business and financial performance, SEC filings, notices of investor events, and our press and earnings releases, on our investor relations website. Investors and others can receive notifications of new information posted on our investor relations website in real time by signing up for email alerts and RSS feeds. Further corporate governance information, including our corporate governance guidelines, board committee charters, and code of conduct, is also available on our investor relations website under the heading “Governance.” The contents of our websites are not incorporated by reference into this Annual Report on Form 10-K or in any other report or document we file with the SEC, and any references to our websites are intended to be inactive textual references only.
- 11 -

Table of Contents
ITEM 1A. RISK FACTORS
Our operations and financial results are subject to various risks and uncertainties including those described below. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties that we are unaware of, or that we currently believe are not material, also may become important factors that affect us. If any of the following risks or others not specified below materialize, our business, financial condition, and operating results could be materially adversely affected, and the market price of our common stock could decline. In addition, the impacts of COVID-19 and any worsening of the economic environment may exacerbate the risks described below, any of which could have a material impact on us. This situation is changing rapidly, and additional impacts may arise that we are not currently aware of.
Risks Related to Our Business and Our Industry
The recent global COVID-19 outbreak could harm our business and results of operations.
The novel strain of COVID-19 identified in late 2019 has spread globally, including within the United States, and has resulted in government authorities implementing numerous measures to try to contain the virus, such as travel bans and restrictions, quarantines, shelter in place orders, and shutdowns. This outbreak has negatively impacted and will likely continue to have a negative impact on, worldwide economic activity and financial markets and has impacted, and will further impact, our workforce and operations, the operations of our end-customers, and those of our respective channel partners, vendors and suppliers. In light of the uncertain and rapidly evolving situation relating to the spread of this virus and various government restrictions and guidelines, we have taken measures intended to mitigate the spread of the virus and minimize the risk to our employees, channel partners, end-customers, and the communities in which we operate. These measures include transitioning our employee population to work remotely from home beginning in March 2020, which is planned to continue through the first quarter of fiscal 2021 and is likely to expand into future quarters. Although we continue to monitor the situation and may adjust our current policies as more information and public health guidance become available, these precautionary measures that we have adopted could negatively affect our customer success efforts, sales and marketing efforts, delay and lengthen our sales cycles, and create operational or other challenges, any of which could harm our business and results of operations. In addition, COVID-19 may disrupt the operations of our end-customers and channel partners for an indefinite period of time, including as a result of travel restrictions and/or business shutdowns, all of which could negatively impact our business and results of operations, including cash flows.
The impact of COVID-19 is fluid and uncertain, but it has caused and may continue to cause various negative effects, including an inability to meet with our actual or potential end-customers; our end-customers deciding to delay or abandon their planned purchases; increased requests for delayed payment terms or product discounts by our end-customers and channel partners; us delaying, canceling, or withdrawing from user and industry conferences and other marketing events, including some of our own; changes in the demand of our products, which has caused us to reprioritize our engineering and research and development efforts and make changes to our original offering roadmap; and delays or possible disruptions in our supply chain. As a result, we may experience extended sales cycles; our demand generation activities, and our ability to close transactions with end-customers and partners may be negatively impacted; our ability to provide 24x7 worldwide support and/or replacement parts to our end-customers may be adversely affected; and it has been and, until the COVID-19 outbreak is contained and global economic activity stabilizes, will continue to be more difficult for us to forecast our operating results.
More generally, the outbreak has not only significantly and adversely increased economic and demand uncertainty, but it has caused a global economic slowdown, and it is likely that it will cause a global recession which could likely decrease technology spending and adversely affect demand for our offerings and harm our business and results of operations.
Our business and operations have experienced growth in recent periods, and if we do not effectively manage any future growth or are unable to improve our systems, processes, and controls, our operating results could be adversely affected.
We have experienced growth and increased demand for our products and subscriptions over the last few years. As a result, our employee headcount has increased significantly, and we expect it to continue to grow over the next year. For example, from the end of fiscal 2019 to the end of fiscal 2020, our headcount increased from 7,014 to 8,014 employees. In addition, as we have grown, our number of end-customers has also increased significantly, and we have increasingly managed more complex deployments of our products and subscriptions with larger end-customers. The growth and expansion of our business and product, subscription, and support offerings places a significant strain on our management, operational, and financial resources. To manage any future growth effectively, we must continue to improve and expand our information technology and financial infrastructure, our operating and administrative systems and controls, and our ability to manage headcount, capital, and processes in an efficient manner, all of which may be more difficult to accomplish the longer that our employees must work remotely from home.
We may not be able to successfully implement or scale improvements to our systems, processes, and controls in an efficient or timely manner. In addition, our existing systems, processes, and controls may not prevent or detect all errors, omissions, or fraud. We may also experience difficulties in managing improvements to our systems, processes, and controls or in connection with third-party software licensed to help us with such improvements. Any future growth would add complexity to our organization and require effective coordination throughout our organization. Failure to manage any future growth effectively could result in increased costs,
- 12 -

Table of Contents
disrupt our existing end-customer relationships, reduce demand for or limit us to smaller deployments of our products, or harm our business performance and operating results.
Our operating results may vary significantly from period to period and be unpredictable, which could cause the market price of our common stock to decline.
Our operating results, in particular, our revenues, gross margins, operating margins, and operating expenses, have historically varied from period to period, and even though we have experienced growth, we expect variation to continue as a result of a number of factors, many of which are outside of our control and may be difficult to predict, including:
our ability to attract and retain new end-customers or sell additional products and subscriptions to our existing end-customers;
the budgeting cycles, seasonal buying patterns, and purchasing practices of our end-customers, including the likely slowdown in technology spending due to the recent global economic downturn;
changes in end-customer, distributor or reseller requirements, or market needs;
price competition;
the timing and success of new product and service introductions by us or our competitors or any other change in the competitive landscape of our industry, including consolidation among our competitors or end-customers and strategic partnerships entered into by and between our competitors;
changes in the mix of our products, subscriptions, and support, including changes in multi-year subscriptions and support;
our ability to successfully and continuously expand our business domestically and internationally, particularly in the current global economic slowdown;
changes in the growth rate of the enterprise security market;
deferral of orders from end-customers in anticipation of new products or product enhancements announced by us or our competitors;
the timing and costs related to the development or acquisition of technologies or businesses or strategic partnerships;
lack of synergy or the inability to realize expected synergies, resulting from acquisitions or strategic partnerships;
our inability to execute, complete or integrate efficiently any acquisitions that we may undertake;
increased expenses, unforeseen liabilities, or write-downs and any impact on our operating results from any acquisitions we consummate;
our ability to increase the size and productivity of our distribution channel;
decisions by potential end-customers to purchase security solutions from larger, more established security vendors or from their primary network equipment vendors;
changes in end-customer penetration or attach and renewal rates for our subscriptions;
timing of revenue recognition and revenue deferrals;
our ability to manage production and manufacturing related costs, global customer service organization costs, inventory excess and obsolescence costs, and warranty costs, especially due to potential disruptions in our supply chain as a result of COVID-19;
our ability to manage cloud hosting costs and scale the cloud-based subscription offerings;
insolvency or credit difficulties confronting our end-customers, which could increase due to the effects of COVID-19 and adversely affect their ability to purchase or pay for our products and subscription and support offerings in a timely manner or at all, or confronting our key suppliers, including our sole source suppliers, which could disrupt our supply chain;
any disruption in our channel or termination of our relationships with important channel partners, including as a result of consolidation among distributors and resellers of security solutions;
our inability to fulfill our end-customers’ orders due to supply chain delays or events that impact our manufacturers or their suppliers, which may be adversely affected by the effects of COVID-19;
the cost and potential outcomes of litigation, which could have a material adverse effect on our business;
seasonality or cyclical fluctuations in our markets;
- 13 -

Table of Contents
future accounting pronouncements or changes in our accounting policies;
increases or decreases in our expenses caused by fluctuations in foreign currency exchange rates, as an increasing amount of our expenses is incurred and paid in currencies other than the U.S. dollar;
political, economic and social instability caused by the referendum in June 2016, in which voters in the United Kingdom (the “U.K.”) approved an exit from the European Union (the “E.U.”) and the U.K. government subsequently notified the E.U. of its withdrawal, which is commonly referred to as “Brexit,” continued hostilities in the Middle East, terrorist activities, and any disruption from COVID-19 and any disruption these events may cause to the broader global industrial economy; and
general macroeconomic conditions, both domestically and in our foreign markets that could impact some or all regions where we operate, including the expected global economic slowdown and potential global recession caused by the COVID-19 pandemic.
Any one of the factors above, or the cumulative effect of some of the factors referred to above, may result in significant fluctuations in our financial and other operating results. This variability and unpredictability could result in our failure to meet our revenue, margin, or other operating result expectations or those of securities analysts or investors for a particular period. If we fail to meet or exceed such expectations for these or any other reasons, the market price of our common stock could fall substantially, and we could face costly lawsuits, including securities class action suits.
The sudden and significant global economic downturn could have an adverse effect on our business and operating results.
We operate globally and as a result our business and revenues are impacted by global macroeconomic conditions. The multinational efforts to contain the spread of COVID-19 have had a significant adverse effect on the global macroeconomic environment that could lead to a global recession. In addition, the instability in the global credit markets, the recent contraction of China’s economy, falling demand for oil and other commodities, uncertainties regarding the effects of Brexit, uncertainties related to the timing of the lifting of governmental restrictions to mitigate the spread of COVID-19, uncertainties related to elections and changes in public policies such as domestic and international regulations, taxes, or international trade agreements, international trade disputes, government shutdowns, geopolitical turmoil and other disruptions to global and regional economies and markets could continue to add uncertainty to global economic conditions.
These adverse conditions could result in reductions in sales of our products and subscriptions, longer sales cycles, reductions in subscription or contract duration and value, slower adoption of new technologies, and increased price competition. As a result, any continued or further uncertainty, weakness or deterioration in global macroeconomic and market conditions may cause our end-customers to modify spending priorities or delay purchasing decisions, and result in lengthened sales cycles, any of which could harm our business and operating results.
Our revenue growth rate in recent periods may not be indicative of our future performance.
We have experienced revenue growth rates of 17.5% and 27.5% in fiscal 2020 and fiscal 2019, respectively. Our revenue for any prior quarterly or annual period should not be relied upon as an indication of our future revenue or revenue growth for any future period. If we are unable to maintain consistent or increasing revenue or revenue growth, the market price of our common stock could be volatile, and it may be difficult for us to achieve and maintain profitability or maintain or increase cash flow on a consistent basis.
We have a history of losses, anticipate increasing our operating expenses in the future, and may not be able to achieve or maintain profitability or maintain or increase cash flow on a consistent basis, which could cause our business, financial condition, and operating results to suffer.
Other than fiscal 2012, we have incurred losses in all fiscal years since our inception. As a result, we had an accumulated deficit of $1.2 billion as of July 31, 2020. We anticipate that our operating expenses will continue to increase in the foreseeable future as we continue to grow our business. Our growth efforts may prove more expensive than we currently anticipate, and we may not succeed in increasing our revenues sufficiently, or at all, to offset increasing expenses. Revenue growth may slow or revenue may decline for a number of possible reasons, including the downturn in the global and U.S. economy due to COVID-19, slowing demand for our products or subscriptions, increasing competition, a decrease in the growth of, or a demand shift in, our overall market, or a failure to capitalize on growth opportunities. Any failure to increase our revenue as we grow our business could prevent us from achieving or maintaining profitability or maintaining or increasing cash flow on a consistent basis. In addition, we may have difficulty achieving profitability under U.S. GAAP due to share-based compensation expense and other non-cash charges. If we are unable to navigate these challenges as we encounter them, our business, financial condition, and operating results may suffer.
If we are unable to sell new and additional product, subscription, and support offerings to our end-customers, our future revenue and operating results will be harmed.
Our future success depends, in part, on our ability to expand the deployment of our portfolio with existing end-customers and create demand for our new offerings, including cloud security, AI and analytics offerings. This may require increasingly sophisticated
- 14 -

Table of Contents
and costly sales efforts that may not result in additional sales. The rate at which our end-customers purchase additional products, subscriptions, and support depends on a number of factors, including the perceived need for additional security products, including subscription and support offerings, as well as general economic conditions. Further, existing end-customers have no contractual obligation to and may not renew their subscription and support contracts after the completion of their initial contract period. Our end-customers’ renewal rates may decline or fluctuate as a result of a number of factors, including their level of satisfaction with our subscriptions and our support offerings, the frequency and severity of subscription outages, our product uptime or latency, and the pricing of our, or competing, subscriptions. Additionally, our end-customers may renew their subscription and support agreements for shorter contract lengths or on other terms that are less economically beneficial to us. We also cannot be certain that our end-customers will renew their subscription and support agreements. If our efforts to sell additional products and subscriptions to our end-customers are not successful or our end-customers do not renew their subscription and support agreements or renew them on less favorable terms, our revenues may grow more slowly than expected or decline.
We face intense competition in our market and we may lack sufficient financial or other resources to maintain or improve our competitive position.
The market for enterprise security products is intensely competitive, and we expect competition to increase in the future from established competitors and new market entrants. Our main competitors fall into five categories:
large companies that incorporate security features in their products, such as Cisco Systems, Inc. (“Cisco”) or those that have acquired, or may acquire, large network and endpoint security vendors and have the technical and financial resources to bring competitive solutions to the market;
independent security vendors such as Check Point Software Technologies Ltd. (“Check Point”), Fortinet, Inc. (“Fortinet”), and Zscaler, Inc. (“Zscaler”) that offer a mix of network and endpoint security products;
startups and single-vertical vendors that offer independent or emerging solutions in network;
public cloud vendors and startups that offer solutions for cloud security (private, public and hybrid cloud); and
large and small companies, such as Crowdstrike, Inc (“Crowdstrike”) that offer solutions for security operations and endpoint security.
Many of our existing competitors have, and some of our potential competitors could have, substantial competitive advantages such as:
greater name recognition and longer operating histories;
larger sales and marketing budgets and resources;
broader distribution and established relationships with distribution partners and end-customers;
greater customer support resources;
greater resources to make strategic acquisitions or enter into strategic partnerships;
lower labor and development costs;
newer or disruptive products or technologies;
larger and more mature intellectual property portfolios; and
substantially greater financial, technical, and other resources.
In addition, some of our larger competitors have substantially broader and more diverse product and services offerings, which may make them less susceptible to downturns in a particular market and allow them to leverage their relationships based on other products or incorporate functionality into existing products to gain business in a manner that discourages users from purchasing our products and subscriptions, including through selling at zero or negative margins, offering concessions, product bundling, or a closed technology offering. Many of our smaller competitors that specialize in providing protection from a single type of security threat are often able to deliver these specialized security products to the market more quickly than we can.
Organizations that use legacy products and services may believe that these products and services are sufficient to meet their security needs or that our offerings only serve the needs of a portion of the enterprise security market. Accordingly, these organizations may continue allocating their information technology budgets for legacy products and services and may not adopt our security offerings. Further, many organizations have invested substantial personnel and financial resources to design and operate their networks and have established deep relationships with other providers of networking and security products. As a result, these organizations may prefer to purchase from their existing suppliers rather than add or switch to a new supplier such as us regardless of product performance, features, or greater services offerings or may be more willing to incrementally add solutions to their existing security infrastructure from existing suppliers than to replace it wholesale with our solutions.
- 15 -

Table of Contents
Conditions in our market could change rapidly and significantly as a result of technological advancements, partnering or acquisitions by our competitors, or continuing market consolidation. New start-up companies that innovate and large competitors that are making significant investments in research and development may invent similar or superior products and technologies that compete with our products and subscriptions. Some of our competitors have made or could make acquisitions of businesses that may allow them to offer more directly competitive and comprehensive solutions than they had previously offered and adapt more quickly to new technologies and end-customer needs. Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources.
These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer orders, reduced revenue and gross margins, and loss of market share. Any failure to meet and address these factors could seriously harm our business and operating results.
A network or data security incident may allow unauthorized access to our network or data, harm our reputation, create additional liability and adversely impact our financial results.
Increasingly, companies are subject to a wide variety of attacks on their networks on an ongoing basis. In addition to traditional computer “hackers,” malicious code (such as viruses and worms), phishing attempts, employee theft or misuse, and denial of service attacks, sophisticated nation-state and nation-state supported actors engage in intrusions and attacks (including advanced persistent threat intrusions) and add to the risks to our internal networks, cloud deployed enterprise and customer facing environments and the information they store and process. These risks may increase due to COVID-19. Despite significant efforts to create security barriers to such threats, it is virtually impossible for us to entirely mitigate these risks. We and our third-party service providers may face security threats and attacks from a variety of sources. Our data, corporate systems, third-party systems and security measures may be breached due to the actions of outside parties, employee error, malfeasance, a combination of these, or otherwise, and, as a result, an unauthorized party may obtain access to our data. Furthermore, as a well-known provider of security solutions, we may be a more attractive target for such attacks. A breach in our data security or an attack against our service availability, or that of our third-party service providers, could impact our networks or networks secured by our products and subscriptions, creating system disruptions or slowdowns and exploiting security vulnerabilities of our products, and the information stored on our networks or those of our third-party service providers could be accessed, publicly disclosed, altered, lost, or stolen, which could subject us to liability and cause us financial harm. Although we have not yet experienced significant damages from unauthorized access by a third party of our internal network, any actual or perceived breach of network security in our systems or networks, or any other actual or perceived data security incident we or our third-party service providers suffer, could result in damage to our reputation, negative publicity, loss of channel partners, end-customers and sales, loss of competitive advantages over our competitors, increased costs to remedy any problems and otherwise respond to any incident, regulatory investigations and enforcement actions, costly litigation, and other liability. In addition, we may incur significant costs and operational consequences of investigating, remediating, eliminating and putting in place additional tools and devices designed to prevent actual or perceived security breaches and other security incidents, as well as the costs to comply with any notification obligations resulting from any security incidents. While we maintain cybersecurity insurance, our insurance may be insufficient to cover all liabilities incurred by these incidents, and any incidents may result in loss of, or increased costs of, our cybersecurity insurance. Any of these negative outcomes could adversely impact the market perception of our products and subscriptions and end-customer and investor confidence in our company and could seriously harm our business or operating results.
Reliance on shipments at the end of the quarter could cause our revenue for the applicable period to fall below expected levels.
As a result of end-customer buying patterns and the efforts of our sales force and channel partners to meet or exceed their sales objectives, we have historically received a substantial portion of sales orders and generated a substantial portion of revenue during the last few weeks of each fiscal quarter. If expected revenue at the end of any fiscal quarter is delayed for any reason, including the failure of anticipated purchase orders to materialize (particularly for large enterprise end-customers with lengthy sales cycles), our logistics partners’ inability to ship products prior to fiscal quarter-end to fulfill purchase orders received near the end of a fiscal quarter (including due to the effects of COVID-19), our failure to manage inventory to meet demand, any failure of our systems related to order review and processing, or any delays in shipments based on trade compliance requirements (including new compliance requirements imposed by new or renegotiated trade agreements), revenue could fall below our expectations and the estimates of analysts for that quarter, which could adversely impact our business and operating results and cause a decline in the market price of our common stock.
Seasonality may cause fluctuations in our revenue.
We believe there are significant seasonal factors that may cause our second and fourth fiscal quarters to record greater revenue sequentially than our first and third fiscal quarters. We believe that this seasonality results from a number of factors, including:
end-customers with a December 31 fiscal year-end choosing to spend remaining unused portions of their discretionary budgets before their fiscal year-end, which potentially results in a positive impact on our revenue in our second fiscal quarter;
- 16 -

Table of Contents
our sales compensation plans, which are typically structured around annual quotas and commission rate accelerators, which potentially results in a positive impact on our revenue in our fourth fiscal quarter;
seasonal reductions in business activity during August in the United States, Europe and certain other regions, which potentially results in a negative impact on our first fiscal quarter revenue; and
the timing of end-customer budget planning at the beginning of the calendar year, which can result in a delay in spending at the beginning of the calendar year potentially resulting in a negative impact on our revenue in our third fiscal quarter.
As we continue to grow, seasonal or cyclical variations in our operations may become more pronounced, and our business, operating results and financial position may be adversely affected.
If we are unable to hire, integrate, train, retain, and motivate qualified personnel and senior management, our business could suffer.
Our future success depends, in part, on our ability to continue to hire, integrate, train, and retain qualified and highly skilled personnel. We are substantially dependent on the continued service of our existing engineering personnel because of the complexity of our offerings. Additionally, any failure to hire, integrate, train, and adequately incentivize our sales personnel or the inability of our recently hired sales personnel to effectively ramp to target productivity levels could negatively impact our growth and operating margins. Competition for highly skilled personnel, particularly in engineering, is often intense, especially in the San Francisco Bay Area, where we have a substantial presence and need for such personnel. Due to COVID-19, we slowed hiring in the third quarter of 2020, which could adversely affect our ability to retain qualified personnel. Additionally, potential changes in U.S. immigration and work authorization laws and regulations, including in reaction to COVID-19, may make it difficult to renew or obtain visas for any highly skilled personnel that we have hired or are actively recruiting.
In addition, the industry in which we operate generally experiences high employee attrition. Although we have entered into employment offer letters with our key personnel, these agreements have no specific duration and constitute at-will employment. We do not maintain key person life insurance policies on any of our employees. The loss of one or more of our key employees, and any failure to have in place and execute an effective succession plan for key executives, could seriously harm our business. If we are unable to hire, integrate, train, or retain the qualified and highly skilled personnel required to fulfill our current or future needs, our business, financial condition, and operating results could be harmed.
Our future performance also depends on the continued services and continuing contributions of our senior management to execute on our business plan and to identify and pursue new opportunities and product innovations. The loss of services of senior management, the decrease in the effectiveness of such services due to working remotely from home, or the ineffective management of any leadership transitions, especially within our sales organization, could significantly delay or prevent the achievement of our development and strategic objectives, which could adversely affect our business, financial condition, and operating results.
Further, we believe that a critical contributor to our success and our ability to retain highly skilled personnel has been our corporate culture, which we believe fosters innovation, teamwork, passion for end-customers, focus on execution, and the facilitation of critical knowledge transfer and knowledge sharing. As we grow and change, we may find it difficult to maintain these important aspects of our corporate culture. Any failure to preserve our culture as we grow could limit our ability to innovate and could negatively affect our ability to retain and recruit personnel, continue to perform at current levels or execute on our business strategy.
If we are not successful in executing our strategy to increase sales of our products and subscriptions to new and existing medium and large enterprise end-customers, our operating results may suffer.
Our growth strategy is dependent, in part, upon increasing sales of our products, services, subscriptions and offerings to new and existing medium and large enterprise end-customers. Sales to these end-customers involve risks that may not be present, or that are present to a lesser extent, with sales to smaller entities. These risks include:
competition from competitors, such as Cisco and Check Point, that traditionally target larger enterprises, service providers, and government entities and that may have pre-existing relationships or purchase commitments from those end-customers;
increased purchasing power and leverage held by large end-customers in negotiating contractual arrangements with us;
more stringent requirements in our worldwide support contracts, including stricter support response times and penalties for any failure to meet support requirements; and
longer sales cycles, particularly during the current economic slowdown and in some cases over 12 months, and the associated risk that substantial time and resources may be spent on a potential end-customer that elects not to purchase our products and subscriptions.
In addition, product purchases by large enterprises are frequently subject to budget constraints, multiple approvals, and unplanned administrative, processing, and other delays. Finally, large enterprises typically have longer implementation cycles, require
- 17 -

Table of Contents
greater product functionality and scalability and a broader range of services, demand that vendors take on a larger share of risks, sometimes require acceptance provisions that can lead to a delay in revenue recognition, and expect greater payment flexibility from vendors. All of these factors can add further risk to business conducted with these end-customers. If we fail to realize an expected sale from a large end-customer in a particular quarter or at all, our business, operating results, and financial condition could be materially and adversely affected.
We rely on revenue from subscription and support offerings, and because we recognize revenue from subscription and support over the term of the relevant service period, downturns or upturns in sales of these subscription and support offerings are not immediately reflected in full in our operating results.
Subscription and support revenue accounts for a significant portion of our revenue, comprising 68.8% of total revenue in fiscal 2020, 62.2% of total revenue in fiscal 2019, and 61.3% of total revenue in fiscal 2018. Sales of new or renewal subscription and support contracts may decline and fluctuate as a result of a number of factors, including end-customers’ level of satisfaction with our products and subscriptions (including newly integrated products and services), the prices of our products and subscriptions, the prices of products and services offered by our competitors, and reductions in our end-customers’ spending levels. If our sales of new or renewal subscription and support contracts decline, our total revenue and revenue growth rate may decline, and our business will suffer. In addition, we recognize subscription and support revenue over the term of the relevant service period, which is typically one to five years. As a result, much of the subscription and support revenue we report each fiscal quarter is the recognition of deferred revenue from subscription and support contracts entered into during previous fiscal quarters. Consequently, a decline in new or renewed subscription or support contracts in any one fiscal quarter will not be fully or immediately reflected in revenue in that fiscal quarter but will negatively affect our revenue in future fiscal quarters. Also, it is difficult for us to rapidly increase our subscription and support revenue through additional subscription and support sales in any period, as revenue from new and renewal subscription and support contracts must be recognized over the applicable service period.
Defects, errors, or vulnerabilities in our products, subscriptions, or support offerings, the failure of our products or subscriptions to block a virus or prevent a security breach, misuse of our products, or risks of product liability claims could harm our reputation and adversely impact our operating results.
Because our products and subscriptions are complex, they have contained and may contain design or manufacturing defects or errors that are not detected until after their commercial release and deployment by our end-customers. For example, from time to time, certain of our end-customers have reported defects in our products related to performance, scalability, and compatibility. Additionally, defects may cause our products or subscriptions to be vulnerable to security attacks, cause them to fail to help secure networks, or temporarily interrupt end-customers’ networking traffic. Because the techniques used by computer hackers to access or sabotage networks change frequently and generally are not recognized until launched against a target, we may be unable to anticipate these techniques and provide a solution in time to protect our end-customers’ networks. Furthermore, as a well-known provider of security solutions, our networks, products, including cloud-based technology, and subscriptions could be targeted by attacks specifically designed to disrupt our business and harm our reputation. In addition, defects or errors in our subscription updates or our products could result in a failure of our subscriptions to effectively update end-customers’ hardware and cloud-based products. Our data centers and networks may experience technical failures and downtime, may fail to distribute appropriate updates, or may fail to meet the increased requirements of a growing installed end-customer base, any of which could temporarily or permanently expose our end-customers’ networks, leaving their networks unprotected against the latest security threats. Moreover, our products must interoperate with our end-customers’ existing infrastructure, which often have different specifications, utilize multiple protocol standards, deploy products from multiple vendors, and contain multiple generations of products that have been added over time. As a result, when problems occur in a network, it may be difficult to identify the sources of these problems.
The occurrence of any such problem in our products and subscriptions, whether real or perceived, could result in:
expenditure of significant financial and product development resources in efforts to analyze, correct, eliminate, or work-around errors or defects or to address and eliminate vulnerabilities;
loss of existing or potential end-customers or channel partners;
delayed or lost revenue;
delay or failure to attain market acceptance;
an increase in warranty claims compared with our historical experience, or an increased cost of servicing warranty claims, either of which would adversely affect our gross margins; and
litigation, regulatory inquiries, or investigations, each of which may be costly and harm our reputation.
Further, our products and subscriptions may be misused by end-customers or third parties that obtain access to our products and subscriptions. For example, our products and subscriptions could be used to censor private access to certain information on the Internet. Such use of our products and subscriptions for censorship could result in negative press coverage and negatively affect our reputation.
- 18 -

Table of Contents
The limitation of liability provisions in our standard terms and conditions of sale may not fully or effectively protect us from claims as a result of federal, state, or local laws or ordinances, or unfavorable judicial decisions in the United States or other countries. The sale and support of our products and subscriptions also entails the risk of product liability claims. Although we may be indemnified by our third-party manufacturers for product liability claims arising out of manufacturing defects, because we control the design of our products and subscriptions, we may not be indemnified for product liability claims arising out of design defects. We maintain insurance to protect against certain claims associated with the use of our products and subscriptions, but our insurance coverage may not adequately cover any claim asserted against us. In addition, even claims that ultimately are unsuccessful could result in our expenditure of funds in litigation, divert management’s time and other resources, and harm our reputation.
False detection of applications, viruses, spyware, vulnerability exploits, data patterns, or URL categories could adversely affect our business.
Our classifications of application type, virus, spyware, vulnerability exploits, data, or URL categories may falsely detect, report and act on applications, content, or threats that do not actually exist. This risk is heightened by the inclusion of a “heuristics” feature in our products and subscriptions, which attempts to identify applications and other threats not based on any known signatures but based on characteristics or anomalies which indicate that a particular item may be a threat. These false positives may impair the perceived reliability of our products and subscriptions and may therefore adversely impact market acceptance of our products and subscriptions. If our products and subscriptions restrict important files or applications based on falsely identifying them as malware or some other item that should be restricted, this could adversely affect end-customers’ systems and cause material system failures. Any such false identification of important files or applications could result in damage to our reputation, negative publicity, loss of channel partners, end-customers and sales, increased costs to remedy any problem, and costly litigation.
We rely on our channel partners to sell substantially all of our products, including subscriptions and support, and if these channel partners fail to perform, our ability to sell and distribute our products and subscriptions will be limited, and our operating results will be harmed.
Substantially all of our revenue is generated by sales through our channel partners, including distributors and resellers. We provide our channel partners with specific training and programs to assist them in selling our products, including subscriptions and support offerings, but there can be no assurance that these steps will be utilized or effective. In addition, our channel partners may be unsuccessful in marketing, selling, and supporting our products and subscriptions. We may not be able to incentivize these channel partners to sell our products and subscriptions to end-customers and in particular, to large enterprises. These channel partners may also have incentives to promote our competitors’ products and may devote more resources to the marketing, sales, and support of competitive products. Our channel partners operations may also be negatively impacted by other effects COVID-19 is having on the global economy, such as increased credit risk of end-customers and the uncertain credit markets. Our agreements with our channel partners may generally be terminated for any reason by either party with advance notice prior to each annual renewal date. We cannot be certain that we will retain these channel partners or that we will be able to secure additional or replacement channel partners. In addition, any new channel partner requires extensive training and may take several months or more to achieve productivity. Our channel partner sales structure could subject us to lawsuits, potential liability, and reputational harm if, for example, any of our channel partners misrepresent the functionality of our products or subscriptions to end-customers or violate laws or our corporate policies. If we fail to effectively manage our sales channels or channel partners, our ability to sell our products and subscriptions and operating results will be harmed.
If we do not accurately predict, prepare for, and respond promptly to rapidly evolving technological and market developments and successfully manage product and subscription introductions and transitions to meet changing end-customer needs in the enterprise security market, our competitive position and prospects will be harmed.
The enterprise security market has grown quickly and is expected to continue to evolve rapidly. Moreover, many of our end-customers operate in markets characterized by rapidly changing technologies and business plans, which require them to add numerous network access points and adapt increasingly complex enterprise networks, incorporating a variety of hardware, software applications, operating systems, and networking protocols. We must continually change our products and expand our business strategy in response to changes in network infrastructure requirements, including the expanding use of cloud computing. For example, organizations are moving portions of their data to be managed by third parties, primarily infrastructure, platform and application service providers, and may rely on such providers’ internal security measures. In 2019, we announced our new cloud security offerings, for securing access to the cloud (Prisma), and our security offerings for securing the future of security operations (Cortex). While we have historically been successful in developing, acquiring, and marketing new products and product enhancements that respond to technological change and evolving industry standards, we may not be able to continue to do so and there can be no assurance that our new or future offerings will be successful or will achieve widespread market acceptance. If we fail to accurately predict end-customers’ changing needs and emerging technological trends in the enterprise security industry, including in the areas of mobility, virtualization, cloud computing, and software defined networks (“SDN”), our business could be harmed. In addition, COVID-19 and the resulting increase in customer demand for work-from-home technologies and other technologies have caused us to reprioritize our engineering and R&D efforts and there can be no assurance that any product enhancements or new features will be successful or address our end-customer needs.
- 19 -

Table of Contents
The technology in our portfolio is especially complex because it needs to effectively identify and respond to new and increasingly sophisticated methods of attack, while minimizing the impact on network performance. Additionally, some of our new features and related enhancements may require us to develop new hardware architectures that involve complex, expensive, and time-consuming research and development processes. The development of our portfolio is difficult and the timetable for commercial release and availability is uncertain as there can be long time periods between releases and availability of new features. If we experience unanticipated delays in the availability of new products, features, and subscriptions, and fail to meet customer expectations for such availability, our competitive position and business prospects will be harmed.
Additionally, we must commit significant resources to developing new features and new cloud security, AI/analytics and other offerings before knowing whether our investments will result in products, subscriptions, and features the market will accept. The success of new features depends on several factors, including appropriate new product definition, differentiation of new products, subscriptions, and features from those of our competitors, and market acceptance of these products, services and features. Moreover, successful new product introduction and transition depends on a number of factors including, our ability to manage the risks associated with new product production ramp-up issues, the availability of application software for new products, the effective management of purchase commitments and inventory, the availability of products in appropriate quantities and costs to meet anticipated demand, and the risk that new products may have quality or other defects or deficiencies, especially in the early stages of introduction. There can be no assurance that we will successfully identify opportunities for new products and subscriptions, develop and bring new products and subscriptions to market in a timely manner, or achieve market acceptance of our products and subscriptions, including our product enhancement efforts in connection with COVID-19, or that products, subscriptions, and technologies developed by others will not render our products, subscriptions, or technologies obsolete or noncompetitive.
Our current research and development efforts may not produce successful products, subscriptions, or features that result in significant revenue, cost savings or other benefits in the near future, if at all.
Developing our products, subscriptions, features, and related enhancements is expensive. Our investments in research and development may not result in significant design improvements, marketable products, subscriptions, or features, or may result in products, subscriptions, or features that are more expensive than anticipated. Additionally, we may not achieve the cost savings or the anticipated performance improvements we expect, and we may take longer to generate revenue, or generate less revenue, than we anticipate. Our future plans include significant investments in research and development and related product and subscription opportunities. We believe that we must continue to dedicate a significant amount of resources to our research and development efforts to maintain our competitive position. However, we may not receive significant revenue from these investments in the near future, if at all, or these investments may not yield the expected benefits, either of which could adversely affect our business and operating results.
We may acquire other businesses, which could require significant management attention, disrupt our business, dilute stockholder value, and adversely affect our operating results.
As part of our business strategy, we may acquire or make investments in complementary companies, products, or technologies. For example, in March 2018, we acquired Evident.io, Inc., in April 2018, we acquired Cyber Secdo Ltd. (“Secdo”), in October 2018, we acquired RedLock, in March 2019, we acquired Demisto, in June 2019, we acquired PureSec, in July 2019, we acquired Twistlock, in September 2019, we acquired Zingbox, in December 2019, we acquired Aporeto and in April 2020, we acquired CloudGenix. The identification of suitable acquisition candidates is difficult, and we may not be able to complete such acquisitions on favorable terms, if at all. If we do complete future acquisitions, we may not ultimately strengthen our competitive position or achieve our goals and business strategy; we may be subject to claims or liabilities assumed from an acquired company, product, or technology; acquisitions we complete could be viewed negatively by our end-customers, investors, and securities analysts; and we may incur costs and expenses necessary to address an acquired company’s failure to comply with laws and governmental rules and regulations. Additionally, we may be subject to litigation or other claims in connection with the acquired company, including claims from terminated employees, customers, former stockholders or other third parties, which may differ from or be more significant than the risks our business faces. If we are unsuccessful at integrating past or future acquisitions in a timely manner, or the technologies and operations associated with such acquisitions, into our company, the revenue and operating results of the combined company could be adversely affected. Any integration process may require significant time and resources, which may disrupt our ongoing business and divert management’s attention, and we may not be able to manage the integration process successfully or in a timely manner. We may not successfully evaluate or utilize the acquired technology or personnel, realize anticipated synergies from the acquisition, or accurately forecast the financial impact of an acquisition transaction and integration of such acquisition, including accounting charges and any potential impairment of goodwill and intangible assets recognized in connection with such acquisitions. We may have to pay cash, incur debt, or issue equity or equity-linked securities to pay for any future acquisitions, each of which could adversely affect our financial condition or the market price of our common stock. Furthermore, the sale of equity or issuance of equity-linked debt to finance any future acquisitions could result in dilution to our stockholders. See the risk factors entitled “Our failure to raise additional capital or generate the significant capital necessary to expand our operations and invest in new products and subscriptions could reduce our ability to compete and could harm our business” and “The issuance of additional stock in connection with financings, acquisitions, investments, our stock incentive plans, the conversion of our Notes or exercise of the related Warrants, or otherwise will dilute all other stockholders.” The occurrence of any of these risks could harm our business, operating results, and financial condition.
- 20 -

Table of Contents
Because we depend on manufacturing partners to build and ship our products, we are susceptible to manufacturing and logistics delays and pricing fluctuations that could prevent us from shipping customer orders on time, if at all, or on a cost-effective basis, which may result in the loss of sales and end-customers.
We depend on manufacturing partners, primarily Flex, our EMS provider, as our sole source manufacturers for our product lines. Our reliance on these manufacturing partners reduces our control over the manufacturing process and exposes us to risks, including reduced control over quality assurance, product costs, product supply, timing and transportation risk. Our products are manufactured by our manufacturing partners at facilities located in the United States. Some of the components in our products are sourced either through Flex or directly by us from component suppliers outside the United States. The portion of our products that are sourced outside the United States may subject us to additional logistical risks (which may increase due to the global impact of COVID-19) or risks associated with complying with local rules and regulations in foreign countries. Significant changes to existing international trade agreements could lead to sourcing or logistics disruption resulting from import delays or the imposition of increased tariffs on our sourcing partners. For example, the United States and Chinese governments have each enacted, and discussed additional, import tariffs. These tariffs, depending on their ultimate scope and how they are implemented, could negatively impact our business by increasing our costs. For example, some components that we import for final manufacturing in the United States have been impacted by these recent tariffs. As a result, our costs have increased and we have raised, and may be required to further raise, prices on our hardware products. Each of these factors could severely impair our ability to fulfill orders.
In addition, we are subject to requirements under the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (the “Dodd-Frank Act”) to diligence, disclose, and report whether or not our products contain minerals originating from the Democratic Republic of the Congo and adjoining countries, or conflict minerals. Although the SEC has provided guidance with respect to a portion of the conflict minerals filing requirements that may somewhat reduce our reporting practices, we have incurred and expect to incur additional costs to comply with these disclosure requirements, including costs related to determining the source of any of the relevant minerals and metals used in our products. These requirements could adversely affect the sourcing, availability, and pricing of minerals used in the manufacture of semiconductor devices or other components used in our products. We may also encounter end-customers who require that all of the components of our products be certified as conflict free. If we are not able to meet this requirement, such end-customers may choose not to purchase our products.
Our manufacturing partners typically fulfill our supply requirements on the basis of individual purchase orders. We do not have long-term contracts with these manufacturers that guarantee capacity, the continuation of particular pricing terms, or the extension of credit limits. Accordingly, they are not obligated to continue to fulfill our supply requirements and the prices we pay for manufacturing services could be increased on short notice. Our contract with Flex permits them to terminate the agreement for their convenience, subject to prior notice requirements. If we are required to change manufacturing partners, our ability to meet our scheduled product deliveries to our end-customers could be adversely affected, which could cause the loss of sales to existing or potential end-customers, delayed revenue or an increase in our costs which could adversely affect our gross margins. COVID-19 has resulted in certain cases to cause delays and challenges in obtaining components and inventory, as well as increases to freight and shipping costs, and may result in a material adverse effect on our results of operations. Any production interruptions for any reason, such as a natural disaster, epidemic or pandemic such as COVID-19, capacity shortages, or quality problems, at one of our manufacturing partners would negatively affect sales of our product lines manufactured by that manufacturing partner and adversely affect our business and operating results.
Managing the supply of our products and product components is complex. Insufficient supply and inventory may result in lost sales opportunities or delayed revenue, while excess inventory may harm our gross margins.
Our manufacturing partners procure components and build our products based on our forecasts, and we generally do not hold inventory for a prolonged period of time. These forecasts are based on estimates of future demand for our products, which are in turn based on historical trends and analyses from our sales and product management organizations, adjusted for overall market conditions. COVID-19 has made forecasting more difficult and we may experience increased challenges to our supply chain due to the unpredictability of the impacts of COVID-19. In order to reduce manufacturing lead times and plan for adequate component supply, from time to time we may issue forecasts for components and products that are non-cancelable and non-returnable.
Our inventory management systems and related supply chain visibility tools may be inadequate to enable us to forecast accurately and effectively manage supply of our products and product components. If we ultimately determine that we have excess supply, we may have to reduce our prices and write-down inventory, which in turn could result in lower gross margins. If our actual component usage and product demand are lower than the forecast, we provide to our manufacturing partners, we accrue for losses on manufacturing commitments in excess of forecasted demand. Alternatively, insufficient supply levels may lead to shortages that result in delayed product revenue or loss of sales opportunities altogether as potential end-customers turn to competitors’ products that are readily available. If we are unable to effectively manage our supply and inventory, our operating results could be adversely affected.
- 21 -

Table of Contents
Because some of the key components in our products come from limited sources of supply, we are susceptible to supply shortages or supply changes, which could disrupt or delay our scheduled product deliveries to our end-customers and may result in the loss of sales and end-customers.
Our products rely on key components, including integrated circuit components, which our manufacturing partners purchase on our behalf from a limited number of component suppliers, including sole source providers. The manufacturing operations of some of our component suppliers are geographically concentrated in Asia and elsewhere, which makes our supply chain vulnerable to regional disruptions, such as natural disasters, fire, political instability, civil unrest, a power outage, or health risks, such as epidemics and pandemics like COVID-19, and as a result could impair the volume of components that we are able to obtain. Lead times for components may also be adversely impacted by factors outside of our control including COVID-19.
Further, we do not have volume purchase contracts with any of our component suppliers, and they could cease selling to us at any time. If we are unable to obtain a sufficient quantity of these components in a timely manner for any reason, sales of our products could be delayed or halted or, we could be forced to expedite shipment of such components or our products at dramatically increased costs. Our component suppliers also change their selling prices frequently in response to market trends, including industry-wide increases in demand, and because we do not have volume purchase contracts with these component suppliers, we are susceptible to price fluctuations related to raw materials and components and may not be able to adjust our prices accordingly. Additionally, poor quality in any of the sole-sourced components in our products could result in lost sales or sales opportunities.
If we are unable to obtain a sufficient volume of the necessary components for our products on commercially reasonable terms or the quality of the components do not meet our requirements, we could also be forced to redesign our products and qualify new components from alternate component suppliers. The resulting stoppage or delay in selling our products and the expense of redesigning our products could result in lost sales opportunities and damage to customer relationships, which would adversely affect our business and operating results.
The sales prices of our products and subscriptions may decrease, which may reduce our gross profits and adversely impact our financial results.
The sales prices for our products and subscriptions may decline for a variety of reasons, including competitive pricing pressures, discounts, a change in our mix of products and subscriptions, anticipation of the introduction of new products or subscriptions, or promotional programs or pricing pressures as a result to the economic downturn resulting from COVID-19. Competition continues to increase in the market segments in which we participate, and we expect competition to further increase in the future, thereby leading to increased pricing pressures. Larger competitors with more diverse product and service offerings may reduce the price of products or subscriptions that compete with ours or may bundle them with other products and subscriptions. Additionally, although we price our products and subscriptions worldwide in U.S. dollars, currency fluctuations in certain countries and regions may negatively impact actual prices that channel partners and end-customers are willing to pay in those countries and regions. Furthermore, we anticipate that the sales prices and gross profits for our products could decrease over product life cycles. We cannot guarantee that we will be successful in developing and introducing new offerings with enhanced functionality on a timely basis, or that our product and subscription offerings, if introduced, will enable us to maintain our prices and gross profits at levels that will allow us to achieve and maintain profitability.
We generate a significant amount of revenue from sales to distributors, resellers, and end-customers outside of the United States, and we are therefore subject to a number of risks associated with international sales and operations.
We have a limited history of marketing, selling, and supporting our products and subscriptions internationally. We may experience difficulties in recruiting, training, managing, and retaining an international staff, and specifically staff related to sales management and sales personnel. We also may not be able to maintain successful strategic distributor relationships internationally or recruit additional companies to enter into strategic distributor relationships. Business practices in the international markets that we serve may differ from those in the United States and may require us in the future to include terms other than our standard terms related to payment, warranties, or performance obligations in end-customer contracts.
Additionally, our international sales and operations are subject to a number of risks, including the following:
political, economic and social uncertainty around the world, health risks such as epidemics and pandemics like COVID-19, macroeconomic challenges in Europe, terrorist activities, and continued hostilities in the Middle East;
greater difficulty in enforcing contracts and accounts receivable collection and longer collection periods;
the uncertainty of protection for intellectual property rights in some countries;
greater risk of unexpected changes in foreign and domestic regulatory practices, tariffs, and tax laws and treaties, including regulatory and trade policy changes adopted by the current administration or foreign countries in response to regulatory changes adopted by the current administration;
- 22 -

Table of Contents
risks associated with trade restrictions and foreign legal requirements, including the importation, certification, and localization of our products required in foreign countries;
greater risk of a failure of foreign employees, channel partners, distributors, and resellers to comply with both U.S. and foreign laws, including antitrust regulations, the U.S. Foreign Corrupt Practices Act, the U.K. Bribery Act, U.S. or foreign sanctions regimes and export or import control laws, and any trade regulations ensuring fair trade practices, which non-compliance could include increased costs;
heightened risk of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements;
increased expenses incurred in establishing and maintaining office space and equipment for our international operations;
management communication and integration problems resulting from cultural and geographic dispersion; and
fluctuations in exchange rates between the U.S. dollar and foreign currencies in markets where we do business and related impact on sales cycles.
These and other factors could harm our future international revenues and, consequently, materially impact our business, operating results, and financial condition. The expansion of our existing international operations and entry into additional international markets will require significant management attention and financial resources. Our failure to successfully manage our international operations and the associated risks effectively could limit the future growth of our business.
Further, we are subject to risks associated with changes in economic and political conditions in countries in which we operate or sell our products and subscriptions. For instance, Brexit creates an uncertain political and economic environment in the U.K. and across E.U. member states for the foreseeable future, including during the transition period connected to Brexit. Any agreements arising out of negotiations which the U.K. government makes to retain access to E.U. markets may lead to greater restrictions on the free movement of goods, services, people and capital between the U.K. and the remaining E.U. member states. Our financial condition and operating results in the U.K. and the E.U. may be impacted by such uncertainty with potential disruptions to our relationships with existing and future customers, suppliers and employees all possibly having a material adverse impact on our business, prospects, financial condition and/or operating results.
We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and operating results.
Our sales contracts are primarily denominated in U.S. dollars, and therefore, substantially all of our revenue is not subject to foreign currency risk. However, there has been, and may continue to be, significant volatility in global stock markets and foreign currency exchange rates that result in the strengthening of the U.S. dollar against foreign currencies in which we conduct business. The strengthening of the U.S. dollar increases the real cost of our products to our end-customers outside of the United States and may lead to delays in the purchase of our products, subscriptions, and support, and the lengthening of our sales cycle. If the U.S. dollar continues to strengthen, this could adversely affect our financial condition and operating results. In addition, increased international sales in the future, including through our channel partners and other partnerships, may result in greater foreign currency denominated sales, increasing our foreign currency risk.
Our operating expenses incurred outside the United States and denominated in foreign currencies are increasing and are subject to fluctuations due to changes in foreign currency exchange rates. If we are not able to successfully hedge against the risks associated with foreign currency fluctuations, our financial condition and operating results could be adversely affected. We have entered into forward contracts in an effort to reduce our foreign currency exchange exposure related to our foreign currency denominated expenditures. As of July 31, 2020, the total notional amount of our outstanding foreign currency forward contracts was $443.6 million. For more information on our hedging transactions, refer to Note 5. Derivative Instruments in Part II, Item 8 of this Annual Report on Form 10-K. The effectiveness of our existing hedging transactions and the availability and effectiveness of any hedging transactions we may decide to enter into in the future may be limited and we may not be able to successfully hedge our exposure, which could adversely affect our financial condition and operating results.
We are exposed to the credit and liquidity risk of some of our channel partners and end-customers, and to credit exposure in weakened markets, which could result in material losses.
Most of our sales are made on an open credit basis. Beyond our open credit arrangements, we have also experienced demands for customer financing due to COVID-19 and our competitors’ offerings. The majority of these demands are currently facilitated by leasing and other financing arrangements provided by our distributors and resellers. To respond to this demand, we expect to increase our customer financing activities in the future.
We believe customer financing is a competitive factor in obtaining business. The loan financing arrangements provided by our distributors and resellers may include not only financing the acquisition of our products and services but also providing additional funds for other costs associated with network installation and integration of our products and services.
- 23 -

Table of Contents

Our exposure to the credit risks relating to the financing activities described above may increase if our customers are adversely affected by a global economic downturn or periods of economic uncertainty. Although we have programs in place with our distributors and resellers that are designed to monitor and mitigate these risks, we cannot guarantee these programs will be effective in reducing the credit risks, especially as we expand our business internationally. If we are unable to adequately control these risks, our business, operating results, and financial condition could be harmed.
In the past, we have experienced non-material losses due to bankruptcies among customers. If these losses increase due to COVID-19 or global economic conditions, they could harm our business and financial condition. A material portion of our sales is derived through our distributors. For fiscal 2020, four distributors represented 68.8% of our total revenue and as of July 31, 2020, one distributor represented 31.5% of our gross accounts receivable. Additionally, to the degree that turmoil in the credit markets makes it more difficult for some customers to obtain financing, those customers’ ability to pay could be adversely impacted, which in turn could have a material adverse impact on our business, operating results, and financial condition.
A portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks.
Sales to government entities are subject to a number of risks. Selling to government entities can be highly competitive, expensive, and time-consuming, often requiring significant upfront time and expense without any assurance that these efforts will generate a sale. The substantial majority of our sales to date to government entities have been made indirectly through our channel partners. Government certification requirements for products and subscriptions like ours may change, thereby restricting our ability to sell into the federal government sector until we have attained the revised certification. If our products and subscriptions are late in achieving or fail to achieve compliance with these certifications and standards, or our competitors achieve compliance with these certifications and standards, we may be disqualified from selling our products and subscriptions to such governmental entity, or be at a competitive disadvantage, which would harm our business, operating results, and financial condition. Government demand and payment for our products and subscriptions may be impacted by government shutdowns, public sector budgetary cycles, contracting requirements, and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our products and subscriptions. Government entities may have statutory, contractual, or other legal rights to terminate contracts with our distributors and resellers for convenience or due to a default, and any such termination may adversely impact our future operating results. Governments routinely investigate and audit government contractors’ administrative processes, and any unfavorable audit could result in the government refusing to continue buying our products and subscriptions, a reduction of revenue, or fines or civil or criminal liability if the audit uncovers improper or illegal activities, which could adversely impact our operating results in a material way. Additionally, the U.S. government may require certain of the products that it purchases to be manufactured in the United States and other relatively high cost manufacturing locations, and we may not manufacture all products in locations that meet such requirements, affecting our ability to sell these products and subscriptions to the U.S. government.
Our ability to sell our products and subscriptions is dependent on the quality of our technical support services and those of our channel partners, and the failure to offer high-quality technical support services could have a material adverse effect on our end-customers’ satisfaction with our products and subscriptions, our sales, and our operating results.
After our products and subscriptions are deployed within our end-customers’ networks, our end-customers depend on our technical support services, as well as the support of our channel partners, to resolve any issues relating to our products. Our channel partners often provide similar technical support for third parties’ products and may therefore have fewer resources to dedicate to the support of our products and subscriptions. If we or our channel partners do not effectively assist our end-customers in deploying our products and subscriptions, succeed in helping our end-customers quickly resolve post-deployment issues, or provide effective ongoing support, our ability to sell additional products and subscriptions to existing end-customers would be adversely affected and our reputation with potential end-customers could be damaged. While we have been able to meet increased demand for support services in fiscal 2020, failure to do so in the future could have a material adverse effect on our business.
Many larger enterprise, service provider, and government entity end-customers have more complex networks and require higher levels of support than smaller end-customers. If we or our channel partners fail to meet the requirements of these larger end-customers, it may be more difficult to execute on our strategy to increase our coverage with larger end-customers. Additionally, if our channel partners do not effectively provide support to the satisfaction of our end-customers, we may be required to provide direct support to such end-customers, which would require us to hire additional personnel and to invest in additional resources. It can take several months to recruit, hire, and train qualified technical support employees. We may not be able to hire such resources fast enough to keep up with unexpected demand, particularly if the sales of our products exceed our internal forecasts. As a result, our ability, and the ability of our channel partners to provide adequate and timely support to our end-customers will be negatively impacted, and our end-customers’ satisfaction with our products and subscriptions will be adversely affected. Additionally, to the extent that we may need to rely on our sales engineers to provide post-sales support while we are ramping our support resources, our sales productivity will be negatively impacted, which would harm our revenues. Our failure or our channel partners’ failure to provide and maintain high-quality support services could have a material adverse effect on our business, financial condition, and operating results.
- 24 -

Table of Contents
Claims by others that we infringe their proprietary technology or other rights could harm our business.
Companies in the enterprise security industry own large numbers of patents, copyrights, trademarks, domain names, and trade secrets and frequently enter into litigation based on allegations of infringement, misappropriation, or other violations of intellectual property or other rights. Third parties have asserted and may in the future assert claims of infringement of intellectual property rights against us. For example, in December 2011, Juniper, one of our competitors, filed a lawsuit against us alleging patent infringement. In September 2013, we filed a lawsuit against Juniper alleging patent infringement. In May 2014, we entered into a Settlement, Release and Cross-License Agreement with Juniper to resolve all pending disputes between Juniper and us, including dismissal of all pending litigation.
Third parties may also assert such claims against our end-customers or channel partners, whom our standard license and other agreements obligate us to indemnify against claims that our products and subscriptions infringe the intellectual property rights of third parties. In addition, to the extent we hire personnel from competitors, we may be subject to allegations that they have been improperly solicited, that they have divulged proprietary or other confidential information, or that their former employers own their inventions or other work product. Furthermore, we may be unaware of the intellectual property rights of others that may cover some or all of our technology or products and subscriptions. As the number of products and competitors in our market increases and overlaps occur, infringement claims may increase. While we intend to increase the size of our patent portfolio, our competitors and others may now and in the future have significantly larger and more mature patent portfolios than we have. In addition, litigation may involve patent holding companies or other adverse patent owners who have no relevant product revenue and against whom our own patents may therefore provide little or no deterrence or protection. In addition, we have not registered our trademarks in all of our geographic markets and failure to secure those registrations could adversely affect our ability to enforce and defend our trademark rights. Any claim of infringement by a third party, even those without merit, could cause us to incur substantial costs defending against the claim, could distract our management from our business, and could require us to cease use of such intellectual property. Furthermore, because of the substantial amount of discovery required in connection with intellectual property litigation, there is a risk that some of our confidential information could be compromised by disclosure during this type of litigation. A successful claimant could secure a judgment, or we may agree to a settlement that prevents us from distributing certain products or performing certain services or that requires us to pay substantial damages, royalties, or other fees. Any of these events could seriously harm our business, financial condition, and operating results.
Our proprietary rights may be difficult to enforce or protect, which could enable others to copy or use aspects of our products or subscriptions without compensating us.
We rely and expect to continue to rely on a combination of confidentiality and license agreements with our employees, consultants, and third parties with whom we have relationships, as well as trademark, copyright, patent, and trade secret protection laws, to protect our proprietary rights. We have filed various applications for certain aspects of our intellectual property. Valid patents may not issue from our pending applications, and the claims eventually allowed on any patents may not be sufficiently broad to protect our technology or products and subscriptions. We cannot be certain that we were the first to make the inventions claimed in our pending patent applications or that we were the first to file for patent protection, which could prevent our patent applications from issuing as patents or invalidate our patents following issuance. Additionally, the process of obtaining patent protection is expensive and time-consuming, and we may not be able to prosecute all necessary or desirable patent applications at a reasonable cost or in a timely manner. Any issued patents may be challenged, invalidated or circumvented, and any rights granted under these patents may not actually provide adequate defensive protection or competitive advantages to us. Additional uncertainty may result from changes to patent-related laws and court rulings in the United States and other jurisdictions. As a result, we may not be able to obtain adequate patent protection or effectively enforce any issued patents.
Despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy aspects of our products or subscriptions or obtain and use information that we regard as proprietary. We generally enter into confidentiality or license agreements with our employees, consultants, vendors, and end-customers, and generally limit access to and distribution of our proprietary information. However, we cannot be certain that we have entered into such agreements with all parties who may have or have had access to our confidential information or that the agreements we have entered into will not be breached. We cannot guarantee that any of the measures we have taken will prevent misappropriation of our technology. Because we may be an attractive target for computer hackers, we may have a greater risk of unauthorized access to, and misappropriation of, our proprietary information. In addition, the laws of some foreign countries do not protect our proprietary rights to as great an extent as the laws of the United States, and many foreign countries do not enforce these laws as diligently as government agencies and private parties in the United States. From time to time, we may need to take legal action to enforce our patents and other intellectual property rights, to protect our trade secrets, to determine the validity and scope of the proprietary rights of others or to defend against claims of infringement or invalidity. Such litigation could result in substantial costs and diversion of resources and could negatively affect our business, operating results, and financial condition. Attempts to enforce our rights against third parties could also provoke these third parties to assert their own intellectual property or other rights against us or result in a holding that invalidates or narrows the scope of our rights, in whole or in part. If we are unable to protect our proprietary rights (including aspects of our software and products protected other than by patent rights), we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time, and effort
- 25 -

Table of Contents
required to create the innovative products that have enabled us to be successful to date. Any of these events would have a material adverse effect on our business, financial condition, and operating results.
Our use of open source software in our products and subscriptions could negatively affect our ability to sell our products and subscriptions and subject us to possible litigation.
Our products and subscriptions contain software modules licensed to us by third-party authors under “open source” licenses. Some open source licenses contain requirements that we make available applicable source code for modifications or derivative works we create based upon the type of open source software we use. If we combine our proprietary software with open source software in a certain manner, we could, under certain open source licenses, be required to release the source code of our proprietary software to the public. This would allow our competitors to create similar products or subscriptions with lower development effort and time and ultimately could result in a loss of product sales for us.
Although we monitor our use of open source software to avoid subjecting our products and subscriptions to conditions we do not intend, the terms of many open source licenses have not been interpreted by United States courts, and there is a risk that these licenses could be construed in a way that could impose unanticipated conditions or restrictions on our ability to commercialize our products and subscriptions. From time to time, there have been claims against companies that distribute or use open source software in their products and subscriptions, asserting that open source software infringes the claimants’ intellectual property rights. We could be subject to suits by parties claiming infringement of intellectual property rights in what we believe to be licensed open source software. If we are held to have breached the terms of an open source software license, we could be required to seek licenses from third parties to continue offering our products and subscriptions on terms that are not economically feasible, to reengineer our products and subscriptions, to discontinue the sale of our products and subscriptions if reengineering could not be accomplished on a timely basis, or to make generally available, in source code form, our proprietary code, any of which could adversely affect our business, operating results, and financial condition.
In addition to risks related to license requirements, usage of open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or assurance of title or controls on origin of the software. In addition, many of the risks associated with usage of open source software, such as the lack of warranties or assurances of title, cannot be eliminated, and could, if not properly addressed, negatively affect our business. We have established processes to help alleviate these risks, including a review process for screening requests from our development organizations for the use of open source software, but we cannot be sure that our processes for controlling our use of open source software in our products and subscriptions will be effective.
We license technology from third parties, and our inability to maintain those licenses could harm our business.
We incorporate technology that we license from third parties, including software, into our products and subscriptions. We cannot be certain that our licensors are not infringing the intellectual property rights of third parties or that our licensors have sufficient rights to the licensed intellectual property in all jurisdictions in which we may sell our products and subscriptions. In addition, some licenses may be non-exclusive, and therefore our competitors may have access to the same technology licensed to us. Some of our agreements with our licensors may be terminated for convenience by them. We may also be subject to additional fees or be required to obtain new licenses if any of our licensors allege that we have not properly paid for such licenses or that we have improperly used the technologies under such licenses, and such licenses may not be available on terms acceptable to us or at all. If we are unable to continue to license any of this technology because of intellectual property infringement claims brought by third parties against our licensors or against us, or claims against us by our licensors, or if we are unable to continue our license agreements or enter into new licenses on commercially reasonable terms, our ability to develop and sell products and subscriptions containing such technology would be severely limited, and our business could be harmed. Additionally, if we are unable to license necessary technology from third parties, we may be forced to acquire or develop alternative technology, which we may be unable to do in a commercially feasible manner or at all, and we may be required to use alternative technology of lower quality or performance standards. This would limit and delay our ability to offer new or competitive products and subscriptions and increase our costs of production. As a result, our margins, market share, and operating results could be significantly harmed.
We face risks associated with having operations and employees located in Israel.
As a result of various of our acquisitions, including Secdo, PureSec and Twistlock, we have offices and employees located in Israel. Accordingly, political, economic, and military conditions in Israel directly affect our operations. The future of peace efforts between Israel and its Arab neighbors remains uncertain. There has been a significant increase in hostilities and political unrest between Hamas and Israel in the past few years. The effects of these hostilities and violence on the Israeli economy and our operations in Israel are unclear, and we cannot predict the effect on us of further increases in these hostilities or future armed conflict, political instability or violence in the region. Current or future tensions and conflicts in the Middle East could adversely affect our business, operating results, financial condition and cash flows.
In addition, many of our employees in Israel are obligated to perform annual reserve duty in the Israeli military and are subject to being called for active duty under emergency circumstances. We cannot predict the full impact of these conditions on us in the
- 26 -

Table of Contents
future, particularly if emergency circumstances or an escalation in the political situation occurs. If many of our employees in Israel are called for active duty for a significant period of time, our operations and our business could be disrupted and may not be able to function at full capacity. Any disruption in our operations in Israel could adversely affect our business.
Our failure to adequately protect personal information could have a material adverse effect on our business.
A wide variety of provincial, state, national, and international laws and regulations apply to the collection, use, retention, protection, disclosure, transfer, and other processing of personal data. These data protection and privacy-related laws and regulations are evolving and being tested in courts and may result in ever-increasing regulatory and public scrutiny as well as escalating levels of enforcement and sanctions. Further, the interpretation and application of foreign laws and regulations in many cases is uncertain, and our legal and regulatory obligations in foreign jurisdictions are subject to frequent and unexpected changes, including the potential for various regulatory or other governmental bodies to enact new or additional laws or regulations, to issue rulings that invalidate prior laws or regulations, or to increase penalties significantly.
For example, the E.U. General Data Protection Regulation (“GDPR”), which became effective in May 2018, imposes more stringent data protection requirements, and provides for greater penalties for noncompliance, than E.U. laws that previously applied. The GDPR requires, among other things, that personal data only be transferred outside of the E.U. to certain jurisdictions, including the United States, if steps are taken to legitimize those data transfers. We have relied on the E.U.-U.S. and Swiss-U.S. Privacy Shield programs, and the use of model contractual clauses approved by the E.U. Commission, to legitimize these transfers. Both the E.U.-U.S. Privacy Shield and these model contractual clauses have been subject to legal challenge. We are in the process of analyzing the recent “Schrems II” decision by the Court of Justice of the European Union and its impact on our data transfer mechanisms. The effects of this decision are highly uncertain and difficult to predict. Among other effects, we may experience additional costs associated with increased compliance burdens and new contract negotiations with third parties that aid in processing data on our behalf. We may experience reluctance or refusal by current or prospective European customers to use our products, and we may find it necessary or desirable to make further changes to our handling of personal data of residents of the European Economic Area (“EEA”). The regulatory environment applicable to the handling of EEA residents’ personal data, and our actions taken in response, may cause us to assume additional liabilities or incur additional costs and could result in our business, operating results and financial condition being harmed. Additionally, we and our customers may face a risk of enforcement actions by data protection authorities in the EEA relating to personal data transfers to us and by us from the EEA. Any such enforcement actions could result in substantial costs and diversion of resources, distract management and technical personnel and negatively affect our business, operating results, and financial condition.
In the U.K., a Data Protection Act that substantially implements the GDPR also became law in May 2018. It remains unclear, however, how this act and other U.K. data protection laws or regulations will develop in the medium to longer term and how data transfers to and from the United Kingdom will be regulated after Brexit.
California recently enacted the California Consumer Privacy Act (“CCPA”), which requires, among other things, covered companies to provide new disclosures to California consumers, and afford such consumers new abilities to opt-out of certain sales of personal information, and also affords a private right of action to individuals affected by a data breach, if the breach was caused by a lack of reasonable security. The enforcement of the CCPA by the California Attorney General commenced on July 1, 2020. The CCPA has been amended on multiple occasions and is the subject of proposed regulations of the California Attorney General that have yet to be finalized. It remains unclear what, if any, additional modifications will be made to this legislation or how it will be interpreted and enforced. The effects of the CCPA potentially are significant, however, and may require us to modify our data processing practices and policies and to incur substantial costs and expenses for compliance. Moreover, a new privacy law, the California Privacy Rights Act (“CPRA”) was recently certified by the California Secretary of State to appear on the ballot for the November 3, 2020 election. If this initiative is approved by California voters, the CPRA would significantly modify the CCPA, potentially resulting in further uncertainty and requiring us to incur additional costs and expenses in an effort to comply.
We may also from time to time be subject to, or face assertions that we are subject to, additional obligations relating to personal data by contract or due to assertions that self-regulatory obligations or industry standards apply to our practices. Other states have also expanded their data protection laws. Additionally, the Federal Trade Commission and many state attorneys general are interpreting federal and state consumer protection laws to impose standards for the online collection, use, dissemination, and security of data. Further, we may be or become subject to data localization laws mandating that data collected in a foreign country be processed and stored within that country. Each of these privacy, security, and data protection laws and regulations, and any other such changes or new laws or regulations, could impose significant limitations, or require changes to our business model or practices or growth strategy, which may increase our compliance expenses and make our business more costly or less efficient to conduct.
Our actual or perceived failure to comply with applicable laws and regulations or other obligations to which we are now or which we may be subject relating to personal data, or to protect personal data from unauthorized acquisition, use or other processing, could result in consequences such as enforcement actions and regulatory investigations against us, fines, public censure, claims for damages by end-customers and other affected individuals, damage to our reputation and loss of goodwill (both in relation to existing end-customers and prospective end-customers), any of which could have a material adverse effect on our operations, financial performance, and business. Evolving and changing definitions of personal data and personal information, within the E.U., the United
- 27 -

Table of Contents
States, and elsewhere, especially relating to classification of Internet Protocol (“IP”) addresses, machine identification, location data, and other information, may limit or inhibit our ability to operate or expand our business, including limiting strategic partnerships that may involve the sharing or uses of data, and may require significant expenditures and efforts in order to comply. Even the perception of privacy, data protection or information security concerns, whether or not valid, may harm our reputation and inhibit adoption of our products and subscriptions by current and future end-customers.
We are subject to governmental export and import controls that could subject us to liability or impair our ability to compete in international markets.
Because we incorporate encryption technology into our products, certain of our products are subject to U.S. export controls and may be exported outside the United States only with the required export license or through an export license exception. If we were to fail to comply with U.S. export licensing requirements, U.S. customs regulations, U.S. economic sanctions, or other laws, we could be subject to substantial civil and criminal penalties, including fines, incarceration for responsible employees and managers, and the possible loss of export or import privileges. Obtaining the necessary export license for a particular sale may be time-consuming and may result in the delay or loss of sales opportunities. Furthermore, U.S. export control laws and economic sanctions prohibit the shipment of certain products to U.S. embargoed or sanctioned countries, governments, and persons. Even though we take precautions to ensure that our channel partners comply with all relevant regulations, any failure by our channel partners to comply with such regulations could have negative consequences for us, including reputational harm, government investigations, and penalties.
In addition, various countries regulate the import of certain encryption technology, including through import permit and license requirements, and have enacted laws that could limit our ability to distribute our products or could limit our end-customers’ ability to implement our products in those countries. Changes in our products or changes in export and import regulations may create delays in the introduction of our products into international markets, prevent our end-customers with international operations from deploying our products globally or, in some cases, prevent or delay the export or import of our products to certain countries, governments, or persons altogether. Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons, or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential end-customers with international operations. Any decreased use of our products or limitation on our ability to export to or sell our products in international markets would likely adversely affect our business, financial condition, and operating results.
Our failure to raise additional capital or generate the significant capital necessary to expand our operations and invest in new products and subscriptions could reduce our ability to compete and could harm our business.
We intend to continue to make investments to support our business growth and may require additional funds to respond to business challenges, including the need to develop new features to enhance our portfolio improve our operating infrastructure, or acquire complementary businesses and technologies. Accordingly, we may need to engage in equity or debt financings to secure additional funds. If we raise additional equity or equity-linked financing, our stockholders may experience significant dilution of their ownership interests and the market price of our common stock could decline. For example, in June 2014, we issued our 2019 Notes (the “2019 Notes”), in July 2018, we issued our 2023 Notes (the “2023 Notes”) and in June 2020 we issued our 2025 Notes (the “2025 Notes”). None of our 2019 Notes remained outstanding as of July 31, 2019. However, any conversion of the outstanding 2023 Notes and 2025 Notes (the “2023 Notes” together with the “2025 Notes”, the “Notes”) into common stock will dilute the ownership interests of existing stockholders to the extent we deliver shares upon conversion of such Notes. See the risk factor entitled “The issuance of additional stock in connection with financings, acquisitions, investments, our stock incentive plans, the conversion of our Notes or exercise of the related Warrants, or otherwise will dilute all other stockholders.” The holders of our Notes have priority over holders of our common stock, and if we engage in future debt financings, the holders of such additional debt would also have priority over the holders of our common stock. Current and future indebtedness may also contain terms that, among other things, restrict our ability to incur additional indebtedness. We may also be required to take other actions that would otherwise be in the interests of the debt holders and would require us to maintain specified liquidity or other ratios, any of which could harm our business, operating results, and financial condition. We may not be able to obtain additional financing on terms favorable to us, if at all. If we are unable to obtain adequate financing or financing on terms satisfactory to us when we require it, our ability to continue to support our business growth and to respond to business challenges could be significantly impaired, and our business may be adversely affected.
We have a corporate structure aligned with the international nature of our business activities, and if we do not achieve increased tax benefits as a result of our corporate structure, our financial condition and operating results could be adversely affected.
We have reorganized our corporate structure and intercompany relationships to more closely align with the international nature of our business activities. This corporate structure may allow us to reduce our overall effective tax rate through changes in how we use our intellectual property, international procurement, and sales operations. This corporate structure may also allow us to obtain financial and operational efficiencies. These efforts require us to incur expenses in the near term for which we may not realize related benefits. If the structure is not accepted by the applicable tax authorities, if there are any changes in, or interpretations of, domestic and international tax laws that negatively impact the structure, or if we do not operate our business consistent with the structure and applicable tax provisions, we may fail to achieve the reduction in our overall effective tax rate and the other financial and operational
- 28 -

Table of Contents
efficiencies that we anticipate as a result of the structure and our future financial condition and operating results may be negatively impacted. In addition, we continue to evaluate our corporate structure in light of current and pending tax legislation, and any changes to our corporate structure may require us to incur additional expenses and may impact our overall effective tax rate.
We may have exposure to greater than anticipated tax liabilities.
Our income tax obligations are based in part on our corporate structure and intercompany arrangements, including the manner in which we develop, value, and use our intellectual property and the valuations of our intercompany transactions. The tax laws applicable to our business, including the laws of the United States and other jurisdictions, are subject to interpretation and certain jurisdictions may aggressively interpret their laws in an effort to raise additional tax revenue. The tax authorities of the jurisdictions in which we operate may challenge our methodologies for valuing developed technology or intercompany arrangements, which could increase our worldwide effective tax rate and harm our financial position and operating results. It is possible that tax authorities may disagree with certain positions we have taken, and any adverse outcome of such a review or audit could have a negative effect on our financial position and operating results. Further, the determination of our worldwide provision for income taxes and other tax liabilities requires significant judgment by management, and there are transactions where the ultimate tax determination is uncertain. Although we believe that our estimates are reasonable, the ultimate tax outcome may differ from the amounts recorded in our consolidated financial statements and may materially affect our financial results in the period or periods for which such determination is made.
In addition, our future income tax obligations could be adversely affected by changes in, or interpretations of, tax laws in the United States or in other jurisdictions in which we operate.
If our estimates or judgments relating to our critical accounting policies are based on assumptions that change or prove to be incorrect, our operating results could fall below our publicly announced guidance or the expectations of securities analysts and investors, resulting in a decline in the market price of our common stock.
The preparation of financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the amounts reported in our consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, the results of which form the basis for making judgments about the carrying values of assets, liabilities, equity, revenue, and expenses that are not readily apparent from other sources. For more information, refer to the section entitled “Critical Accounting Estimates” in “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in Part II, Item 7 of this Annual Report on Form 10-K. In general, if our estimates, judgments or assumptions relating to our critical accounting policies change or if actual circumstances differ from our estimates, judgments or assumptions, including uncertainty in the current economic environment due to COVID-19, our operating results may be adversely affected and could fall below our publicly announced guidance or the expectations of securities analysts and investors, resulting in a decline in the market price of our common stock.
Failure to comply with governmental laws and regulations could harm our business.
Our business is subject to regulation by various federal, state, local, and foreign governmental agencies, including agencies responsible for monitoring and enforcing employment and labor laws, workplace safety, product safety, environmental laws, consumer protection laws, privacy and data-protection laws, anti-bribery laws (including the U.S. Foreign Corrupt Practices Act and the U.K. Anti-Bribery Act), import/export controls, federal securities laws, and tax laws and regulations. In certain jurisdictions, these regulatory requirements may be more stringent than those in the United States. Noncompliance with applicable regulations or requirements could subject us to investigations, sanctions, mandatory product recalls, enforcement actions, disgorgement of profits, fines, damages, civil and criminal penalties, or injunctions. If any governmental sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation resulting from any alleged noncompliance, our business, operating results, and financial condition could be materially adversely affected. In addition, responding to any action will likely result in a significant diversion of management’s attention and resources and an increase in professional fees. Enforcement actions, litigation, and sanctions could harm our business, operating results, and financial condition.
If we fail to comply with environmental requirements, our business, financial condition, operating results, and reputation could be adversely affected.
We are subject to various environmental laws and regulations including laws governing the hazardous material content of our products and laws relating to the collection of and recycling of electrical and electronic equipment. Examples of these laws and regulations include the E.U. Restriction on the Use of Certain Hazardous Substances in Electrical and Electronic Equipment Directive (“RoHS”) and the E.U. Waste Electrical and Electronic Equipment Directive (“WEEE Directive”), as well as the implementing legislation of the E.U. member states. Similar laws and regulations have been passed or are pending in China, South Korea, Norway, and Japan and may be enacted in other regions, including in the United States, and we are, or may in the future be, subject to these laws and regulations.
The E.U. RoHS and the similar laws of other jurisdictions limit the content of certain hazardous materials such as lead, mercury, and cadmium in the manufacture of electrical equipment, including our products. Our current products comply with the E.U.
- 29 -

Table of Contents
RoHS requirements. However, if there are changes to this or other laws (or their interpretation) or if new similar laws are passed in other jurisdictions, we may be required to reengineer our products to use components compatible with these regulations. This reengineering and component substitution could result in additional costs to us or disrupt our operations or logistics.
The WEEE Directive requires electronic goods producers to be responsible for the collection, recycling, and treatment of such products. Changes in interpretation of the directive may cause us to incur costs or have additional regulatory requirements to meet in the future in order to comply with this directive, or with any similar laws adopted in other jurisdictions.
We are also subject to environmental laws and regulations governing the management of hazardous materials, which we use in small quantities in our engineering labs. Our failure to comply with past, present, and future similar laws could result in reduced sales of our products, substantial product inventory write-offs, reputational damage, penalties, and other sanctions, any of which could harm our business and financial condition. We also expect that our products will be affected by new environmental laws and regulations on an ongoing basis. To date, our expenditures for environmental compliance have not had a material impact on our operating results or cash flows, and although we cannot predict the future impact of such laws or regulations, they will likely result in additional costs and may increase penalties associated with violations or require us to change the content of our products or how they are manufactured, which could have a material adverse effect on our business, operating results, and financial condition.
Our business is subject to the risks of earthquakes, fire, power outages, floods, health risks and other catastrophic events, and to interruption by man-made problems such as terrorism.
Both our corporate headquarters and the location where our products are manufactured are located in the San Francisco Bay Area, a region known for seismic activity. In addition, other natural disasters, such as fire or floods, a significant power outage, telecommunications failure, terrorism, an armed conflict, cyberattacks, epidemics and pandemics such as COVID-19, or other geo-political unrest could affect our supply chain, manufacturers, logistics providers, channel partners, or end-customers or the economy as a whole and such disruption could impact our shipments and sales. These risks may be further increased if the disaster recovery plans for us and our suppliers prove to be inadequate. To the extent that any of the above should result in delays or cancellations of customer orders, the loss of customers, or the delay in the manufacture, deployment, or shipment of our products, our business, financial condition, and operating results would be adversely affected.
Risks Related to Our Notes
We may not have the ability to raise the funds necessary to settle conversions of our Notes, repurchase our Notes upon a fundamental change or repay our Notes in cash at their maturity, and our future debt may contain limitations on our ability to pay cash upon conversion or repurchase of our Notes.
We will need to make cash payments (1) if holders of our Notes require us to repurchase all or a portion of their Notes upon the occurrence of a fundamental change (e.g. a change of control of Palo Alto Networks, Inc.) before the maturity date, (2) upon conversion of our Notes, (3) to repay our Notes in cash at their maturity, unless earlier converted or repurchased. However, we may not have enough available cash or be able to obtain financing at the time we are required to make payments.
In addition, our ability to repurchase or to pay cash upon conversion of our Notes may be limited by law, regulatory authority or agreements governing our future indebtedness. Our failure to repurchase our Notes at a time when the repurchase is required by the applicable indenture governing such Notes or to pay cash upon conversion of such Notes as required by the applicable indenture would constitute a default under the indenture. A default under the applicable indenture or the fundamental change itself could also lead to a default under agreements governing our future indebtedness. If the payment of the related indebtedness were to be accelerated after any applicable notice or grace periods, we may not have sufficient funds to repay the indebtedness and repurchase our Notes or to pay cash upon conversion of our Notes.
We may still incur substantially more debt or take other actions that would diminish our ability to make payments on our Notes when due.
We and our subsidiaries may be able to incur substantial additional debt in the future, subject to the restrictions contained in our debt instruments, some of which may be secured debt. We are not restricted under the terms of the indenture governing our Notes from incurring additional debt, securing existing or future debt, recapitalizing our debt or taking a number of other actions that are not limited by the terms of such indenture governing our Notes that could have the effect of diminishing our ability to make payments on our Notes when due. While the terms of any future indebtedness we may incur could restrict our ability to incur additional indebtedness, any such restrictions will indirectly benefit holders of our Notes only to the extent any such indebtedness or credit facility is not repaid or does not mature while our Notes are outstanding.
Risks Related to Our Common Stock
Our actual operating results may differ significantly from our guidance.
From time to time, we have released, and may continue to release, guidance in our quarterly earnings releases, quarterly earnings conference calls, or otherwise, regarding our future performance that represents our management’s estimates as of the date of
- 30 -

Table of Contents
release. This guidance, which includes forward-looking statements, has been and will be based on projections prepared by our management. These projections are not prepared with a view toward compliance with published guidelines of the American Institute of Certified Public Accountants, and neither our registered public accountants nor any other independent expert or outside party compiles or examines the projections. Accordingly, no such person expresses any opinion or any other form of assurance with respect to the projections.
Projections are based upon a number of assumptions and estimates that, while presented with numerical specificity, are inherently subject to significant business, economic and competitive uncertainties and contingencies, many of which are beyond our control, such as COVID-19, and are based upon specific assumptions with respect to future business decisions, some of which will change. The rapidly evolving market in which we operate may make it difficult to evaluate our current business and our future prospects, including our ability to plan for and model future growth. We intend to state possible outcomes as high and low ranges which are intended to provide a sensitivity analysis as variables are changed. However, actual results will vary from our guidance and the variations may be material. The principal reason that we release guidance is to provide a basis for our management to discuss our business outlook as of the date of release with analysts and investors. We do not accept any responsibility for any projections or reports published by any such persons. Investors are urged not to rely upon our guidance in making an investment decision regarding our common stock.
Any failure to successfully implement our operating strategy or the occurrence of any of the events or circumstances set forth in this “Risk Factors” section in this Annual Report on Form 10-K could result in our actual operating results being different from our guidance, and the differences may be adverse and material.
The market price of our common stock historically has been volatile and the value of your investment could decline.
The market price of our common stock has been volatile since our initial public offering (“IPO”) in July 2012. The reported high and low sales prices of our common stock during the last 12 months have ranged from $275.03 to $125.47 per share, as measured through August 21, 2020. The market price of our common stock may fluctuate widely in response to various factors, some of which are beyond our control. These factors include:
announcements of new products, subscriptions or technologies, commercial relationships, strategic partnerships, acquisitions or other events by us or our competitors;
price and volume fluctuations in the overall stock market from time to time;
news announcements that affect investor perception of our industry, including reports related to the discovery of significant cyberattacks;
significant volatility in the market price and trading volume of technology companies in general and of companies in our industry;
fluctuations in the trading volume of our shares or the size of our public float;
actual or anticipated changes in our operating results or fluctuations in our operating results;
whether our operating results meet the expectations of securities analysts or investors;
actual or anticipated changes in the expectations of securities analysts or investors, whether as a result of our forward- looking statements, our failure to meet such expectations or otherwise;
inaccurate or unfavorable research reports about our business and industry published by securities analysts or reduced coverage of our company by securities analysts;
litigation involving us, our industry, or both;
actions instituted by activist shareholders or others;
regulatory developments in the United States, foreign countries or both;
major catastrophic events, such as COVID-19;
sales or repurchases of large blocks of our common stock or substantial future sales by our directors, executive officers, employees and significant stockholders;
sales of our common stock by investors who view our Notes as a more attractive means of equity participation in us;
hedging or arbitrage trading activity involving our common stock as a result of the existence of our Notes;
departures of key personnel; or
economic uncertainty around the world.
- 31 -

Table of Contents
The market price of our common stock could decline for reasons unrelated to our business, operating results, or financial condition and as a result of events that do not directly affect us. In the past, following periods of volatility in the market price of a company’s securities, securities class action litigation has often been brought against that company. Securities litigation could result in substantial costs and divert our management’s attention and resources from our business. This could have a material adverse effect on our business, operating results, and financial condition.
The convertible note hedge and warrant transactions may affect the value of our common stock.
In connection with the sale of our 2019 Notes, 2023 Notes and 2025 Notes, we entered into convertible note hedge transactions (the “Note Hedges”) with certain counterparties. In connection with each such sale of the Notes, we also entered into warrant transactions with the counterparties pursuant to which we sold warrants (the “Warrants”) for the purchase of our common stock. The Note Hedges for our 2019 Notes have expired. The Note Hedges for our 2023 Notes and 2025 Notes are expected generally to reduce the potential dilution to our common stock upon any conversion of our Notes and/or offset any cash payments we are required to make in excess of the principal amount of any such converted Notes. The Warrants could separately have a dilutive effect to the extent that the market price per share of our common stock exceeds the applicable strike price of the Warrants unless, subject to certain conditions, we elect to cash settle such Warrants.
The applicable counterparties or their respective affiliates may modify their hedge positions by entering into or unwinding various derivatives with respect to our common stock and/or purchasing or selling our common stock or other securities of ours in secondary market transactions prior to the maturity of the outstanding Notes (and are likely to do so during any applicable observation period related to a conversion of our Notes). This activity could also cause or avoid an increase or a decrease in the market price of our common stock or our Notes, which could affect a note holder’s ability to convert its Notes and, to the extent the activity occurs during any observation period related to a conversion of our Notes, it could affect the amount and value of the consideration that the note holder will receive upon conversion of our Notes.
We do not make any representation or prediction as to the direction or magnitude of any potential effect that the transactions described above may have on the price of our Notes or our common stock. In addition, we do not make any representation that the counterparties or their respective affiliates will engage in these transactions or that these transactions, once commenced, will not be discontinued without notice.
The issuance of additional stock in connection with financings, acquisitions, investments, our stock incentive plans, the conversion of our Notes or exercise of the related Warrants, or otherwise will dilute all other stockholders.
Our amended and restated certificate of incorporation authorizes us to issue up to 1.0 billion shares of common stock and up to 100.0 million shares of preferred stock with such rights and preferences as may be determined by our board of directors. Subject to compliance with applicable rules and regulations, we may issue shares of common stock or securities convertible into shares of our common stock from time to time in connection with a financing, acquisition, investment, our stock incentive plans, the conversion of our Notes, the settlement of our Warrants related to each such series of Notes, or otherwise. Any such issuance could result in substantial dilution to our existing stockholders and cause the market price of our common stock to decline.
We cannot guarantee that our share repurchase program will be fully consummated, or that it will enhance shareholder value, and share repurchases could affect the price of our common stock.
In February 2019, our board of directors authorized a $1.0 billion share repurchase program which will be funded from available working capital. The repurchase authorization will expire on December 31, 2020. In February 2020, our board of directors approved the repurchase of $1.0 billion of our common stock through an accelerated share repurchase (“ASR”) transaction, which was completed in fiscal 2020. This ASR transaction is in addition to our share repurchase program. Although our board of directors has authorized a share repurchase program, we are not obligated to repurchase any specific dollar amount or to acquire any specific number of shares under the program. The share repurchase program could affect the price of our common stock, increase volatility and diminish our cash reserves. In addition, the program may be suspended or terminated at any time, which may result in a decrease in the price of our common stock.
We are subject to risks associated with our strategic investments. Impairments in the value of our investments could negatively impact our financial results.
In July 2017, we formed the $20.0 million Palo Alto Networks Venture Fund. The fund is aimed at seed-, early-, and growth-stage security companies with a cloud-based application approach. We may not realize a return on our capital investments. Many such private companies generate net losses and the market for their products, services or technologies may be slow to develop, and, therefore, are dependent on the availability of later rounds of financing from banks or investors on favorable terms to continue their operations. The financial success of our investment in any company is typically dependent on a liquidity event, such as a public offering, acquisition or other favorable market event reflecting appreciation in the cost of our initial investment. The capital markets for public offerings and acquisitions are dynamic and the likelihood of liquidity events for the companies we have invested in, and intend to invest in, could significantly change. Further, valuations of privately-held companies are inherently complex due to the lack of readily available market data and as such, the basis for these valuations is subject to the timing and accuracy of the data received
- 32 -

Table of Contents
from these companies. If we determine that any of our investments in such companies have experienced a decline in value, we may be required to record an impairment, which could be material and negatively impact our financial results. All of our investments are subject to a risk of a partial or total loss of investment capital.
We do not intend to pay dividends for the foreseeable future.
We have never declared or paid any dividends on our common stock. We intend to retain any earnings to finance the operation and expansion of our business, and we do not anticipate paying any cash dividends in the future. As a result, you may only receive a return on your investment in our common stock if the market price of our common stock increases.
The requirements of being a public company may strain our resources, divert management’s attention, and affect our ability to attract and retain qualified board members.
As a public company, we are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, the Dodd-Frank Act, the listing requirements of the New York Stock Exchange (“NYSE”), and other applicable securities rules and regulations. Compliance with these rules and regulations have increased our legal and financial compliance costs, made some activities more difficult, time-consuming or costly, and increased demand on our systems and resources. Among other things, the Exchange Act requires that we file annual, quarterly, and current reports with respect to our business and operating results. In addition, the Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. In order to meet the requirements of this standard, significant resources and management oversight may be required. As a result, management’s attention may be diverted from other business concerns, which could harm our business and operating results. Although we have already hired additional employees to comply with these requirements, we may need to hire even more employees in the future, which will increase our costs and expenses.
In addition, changing laws, regulations, and standards related to corporate governance and public disclosure are creating uncertainty for public companies, increasing legal and financial compliance costs, and making some activities more time-consuming. These laws, regulations, and standards are subject to varying interpretations, in many cases due to their lack of specificity, and, as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies. This could result in continuing uncertainty regarding compliance matters and higher costs necessitated by ongoing revisions to disclosure and governance practices. We intend to invest resources to comply with evolving laws, regulations, and standards, and this investment may result in increased general and administrative expense and a diversion of management’s time and attention from revenue-generating activities to compliance activities. If our efforts to comply with new laws, regulations, and standards differ from the activities intended by regulatory or governing bodies, regulatory authorities may initiate legal proceedings against us and our business may be harmed.
We are obligated to maintain proper and effective internal control over financial reporting. We may not complete our analysis of our internal control over financial reporting in a timely manner, or this internal control may not be determined to be effective, which may adversely affect investor confidence in our company and, as a result, the value of our common stock.
While we were able to determine in our management’s report for fiscal 2020 that our internal control over financial reporting is effective, as well as provide an unqualified attestation report from our independent registered public accounting firm to that effect, we may not be able to complete our evaluation, testing, and any required remediation in a timely fashion, may be unable to assert that our internal controls are effective, or our independent registered public accounting firm may not be able to formally attest to the effectiveness of our internal control over financial reporting in the future. In the event that our chief executive officer, chief financial officer, or independent registered public accounting firm determines in the future that our internal control over financial reporting is not effective as defined under Section 404, we could be subject to one or more investigations or enforcement actions by state or federal regulatory agencies, stockholder lawsuits or other adverse actions requiring us to incur defense costs, pay fines, settlements or judgments and causing investor perceptions to be adversely affected and potentially resulting in a decline in the market price of our stock.
Our charter documents and Delaware law, as well as certain provisions contained in the indentures governing our Notes, could discourage takeover attempts and lead to management entrenchment, which could also reduce the market price of our common stock.
Provisions in our amended and restated certificate of incorporation and amended and restated bylaws may have the effect of delaying or preventing a change in control of our company or changes in our management. Our amended and restated certificate of incorporation and amended and restated bylaws include provisions that:
establish that our board of directors is divided into three classes, Class I, Class II and Class III, with three-year staggered terms;
authorize our board of directors to issue shares of preferred stock and to determine the price and other terms of those shares, including preferences and voting rights, without stockholder approval;
provide our board of directors with the exclusive right to elect a director to fill a vacancy created by the expansion of our board of directors or the resignation, death or removal of a director;
- 33 -

Table of Contents
prohibit our stockholders from taking action by written consent;
specify that special meetings of our stockholders may be called only by the chairman of our board of directors, our president, our secretary, or a majority vote of our board of directors;
require the affirmative vote of holders of at least 66 2/3% of the voting power of all of the then outstanding shares of the voting stock, voting together as a single class, to amend the provisions of our amended and restated certificate of incorporation relating to the issuance of preferred stock and management of our business or our amended and restated bylaws;
authorize our board of directors to amend our bylaws by majority vote; and
establish advance notice procedures with which our stockholders must comply to nominate candidates to our board of directors or to propose matters to be acted upon at a stockholders’ meeting.
These provisions may frustrate or prevent any attempts by our stockholders to replace or remove our current management by making it more difficult for our stockholders to replace members of our board of directors, which is responsible for appointing the members of management. In addition, as a Delaware corporation, we are subject to Section 203 of the Delaware General Corporation Law. These provisions may prohibit large stockholders, in particular those owning 15% or more of our outstanding voting stock, from merging or combining with us for a certain period of time. Additionally, certain provisions contained in the indenture governing our Notes could make it more difficult or more expensive for a third party to acquire us. The application of Section 203 or certain provisions contained in the indenture governing our Notes also could have the effect of delaying or preventing a change in control of us. Any of these provisions could, under certain circumstances, depress the market price of our common stock.
ITEM 1B. UNRESOLVED STAFF COMMENTS
Not applicable.
ITEM 2. PROPERTIES
Our corporate headquarters is located in Santa Clara, California where we lease approximately 941,000 square feet of space under three lease agreements that expire in July 2028, with options to extend the lease terms through July 2046. We also lease space for personnel in Israel. In addition, we provide our cloud-based subscription offerings through data centers operated under co-location arrangements in the United States, Europe, and Asia. Refer to Note 11. Leases in Part II, Item 8 of this Annual Report on Form 10-K for more information on our operating leases. Additionally, we own 5.8 acres of land adjacent to our headquarters in Santa Clara, California, which we intend to develop to accommodate future expansion, the speed of which development has been slowed due to the current environment.
We believe that our current facilities are adequate to meet our current needs. We intend to expand our facilities or add new facilities as we add employees and enter new geographic markets, and we believe that suitable additional or alternative space will be available as needed to accommodate ongoing operations and any such growth. However, we expect to incur additional expenses in connection with such new or expanded facilities.
ITEM 3. LEGAL PROCEEDINGS
The information set forth under the “Litigation” subheading in Note 12. Commitments and Contingencies in Part II, Item 8 of this Annual Report on Form 10-K is incorporated herein by reference.
ITEM 4. MINE SAFETY DISCLOSURES
Not applicable.
- 34 -

Table of Contents
PART II
ITEM 5. MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES
Market Information
Our common stock, $0.0001 par value per share, began trading on the NYSE on July 20, 2012, where its prices are quoted under the symbol “PANW.”
Holders of Record
As of August 21, 2020, there were 151 holders of record of our common stock. Because many of our shares of common stock are held by brokers and other institutions on behalf of stockholders, we are unable to estimate the total number of stockholders represented by these record holders.
Securities Authorized for Issuance under Equity Compensation Plans
See Part III, Item 12 “Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters” of this Annual Report on Form 10-K for more information regarding securities authorized for issuance.
Recent Sale of Unregistered Securities
During fiscal 2020, we issued a total of 22,724 shares of our unregistered common stock in connection with the acquisition of Zingbox (“Zingbox Transaction”) and a total of 11,983 shares of our unregistered common stock in connection with the acquisition of Aporeto (“Aporeto Transaction”).
None of the Zingbox Transaction or Aporeto Transaction involved any underwriters, any underwriting discounts or commissions, or any public offering. We believe the offers, sales, and issuances of the securities pursuant to the Zingbox Transaction, were exempt from registration under the Securities Act of 1933, as amended (the “Act”) by virtue of Section 4(a)(2) of the Act and Rule 506 of Regulation D promulgated thereunder, because the issuance of securities to the recipients did not involve a public offering. The recipients of the securities in the Zingbox Transaction represented their intentions to acquire the securities for investment only and not with a view to or for sale in connection with any distribution thereof, and appropriate legends were placed upon the stock certificates issued in these transactions. All recipients had adequate access, through their relationships with us or otherwise, to information about us. The issuances of these securities were made without any general solicitation or advertising.
During fiscal 2020, we also issued 2.0 million shares of our common stock to certain financial counterparties that were holders of warrants that we issued in connection with the issuance of our 2019 Notes. The shares of common stock issued upon exercise of these warrants were issued in reliance on an exemption from registration provided by Section 3(a)(9) of the Securities Act of 1933, as amended.
Purchases of Equity Securities by the Issuer and Affiliated Purchasers
The following table summarizes stock repurchases during the three months ended July 31, 2020 (in millions, except per share amounts):
PeriodTotal Number of Shares PurchasedAverage Price Paid per Share
Total Number of Shares Purchased as Part of Publicly Announced Plans or Programs(1)
Approximate Dollar Value of Shares that May Yet Be Purchased Under the Plans or Programs(1)
May 1, 2020 to May 31, 2020(2)
0.0 $195.15 0.0 $801.9 
June 1, 2020 to June 30, 2020(2)(3)
1.0 $209.28 1.0 $801.9 
July 1, 2020 to July 31, 2020(2)
0.0 $251.79 0.0 $801.9 
Total1.0 $209.82 1.0 
______________
(1) On February 26, 2019, we announced that our board of directors authorized a $1.0 billion share repurchase program which will be funded from available working capital. Repurchases may be made at management’s discretion from time to time on the open market, through privately negotiated transactions, transactions structured through investment banking institutions, block purchase techniques, 10b5-1 trading plans, or a combination of the foregoing. The repurchase authorization will expire on December 31, 2020 and may be suspended or discontinued at any time. On February 24, 2020, we announced that our board of directors approved the repurchase of $1.0 billion of our common stock through an accelerated share repurchase (“ASR”) transaction, which was completed in fiscal 2020. This ASR was in addition to our above-mentioned share repurchase authorization.
- 35 -

Table of Contents
(2) Includes shares of restricted common stock delivered by certain employees upon vesting of equity awards to satisfy tax withholding requirements. The number of shares delivered by these employees to satisfy tax withholding requirements during the period was not significant.
(3) Includes repurchases under our ASR transaction. During the three months ended July 31, 2020, we purchased approximately 1.0 million shares out of the 5.2 million shares of our common stock purchased under the ASR transaction, to conclude the program.
Stock Price Performance Graph
This performance graph shall not be deemed “filed” for purposes of Section 18 of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), or incorporated by reference into any filing of Palo Alto Networks, Inc. under the Securities Act of 1933, as amended, or the Exchange Act, except as shall be expressly set forth by specific reference in such filing.
This performance graph compares the cumulative total return on our common stock with that of the NYSE Composite Index and the NYSE Arca Tech 100 Index for the five years ended July 31, 2020. This performance graph assumes $100 was invested on July 31, 2015, in each of the common stock of Palo Alto Networks, Inc., the NYSE Composite Index, and the NYSE Arca Tech 100 Index, and assumes the reinvestment of any dividends. The stock price performance on this performance graph is not necessarily indicative of future stock price performance.
panw-20200731_g1.jpg
Company/Index7/31/20157/31/20167/31/20177/31/20187/31/20197/31/2020
Palo Alto Networks, Inc.$100.00 $70.44 $70.91 $106.69 $121.91 $137.72 
NYSE Composite Index$100.00 $99.11 $109.97 $119.12 $120.07 $114.54 
NYSE Arca Tech 100 Index$100.00 $101.00 $124.57 $155.55 $167.37 $193.31 

- 36 -

Table of Contents
ITEM 6. SELECTED FINANCIAL DATA
The selected consolidated statement of operations data for fiscal 2020, 2019, and 2018 and consolidated balance sheet data as of July 31, 2020 and 2019 are derived from our audited consolidated financial statements included elsewhere in this Annual Report on Form 10-K. The selected consolidated statement of operations data for fiscal 2017 and 2016 and consolidated balance sheet data as of July 31, 2018, 2017, and 2016 are derived from audited financial statements not included in this Annual Report on Form 10-K. Our historical results are not necessarily indicative of the results that may be expected in the future. The selected consolidated financial data below should be read in conjunction with the section entitled “Management’s Discussion and Analysis of Financial Condition and Results of Operations” included in Part II, Item 7 of this Annual Report on Form 10-K and our consolidated financial statements and related notes included in Part II, Item 8 of this Annual Report on Form 10-K.
 Year Ended July 31,
 20202019201820172016
(in millions, except per share data)
Selected Consolidated Statements of Operations Data:
Total revenue(1)
$3,408.4 $2,899.6 $2,273.6 $1,755.1 $1,378.5 
Total gross profit(1)
2,408.9 2,091.2 1,628.5 1,278.7 1,008.5 
Operating loss(1)
(179.0)(54.1)(104.2)(165.8)(157.3)
Net loss(1)
$(267.0)$(81.9)$(122.2)$(203.0)$(192.7)
Net loss per share, basic and diluted(1)
$(2.76)$(0.87)$(1.33)$(2.24)$(2.21)
Weighted-average shares used to compute net loss per share, basic and diluted96.9 94.5 91.790.6 87.1 

 July 31,
 20202019201820172016
 (in millions)
Selected Consolidated Balance Sheet Data:
Cash and cash equivalents$2,958.0 $961.4 $2,506.9 $744.3 $734.4 
Investments1,344.2 2,417.1 1,444.0 1,420.0 1,204.0 
Working capital(1)(2)
2,437.5 1,611.5 2,036.8 818.1 927.2 
Total assets(1)
9,065.4 6,592.2 5,948.9 3,538.5 2,858.2 
Total deferred revenue(1)
3,810.2 2,888.7 2,279.3 1,692.4 1,240.8 
Convertible senior notes, net(2)
3,084.1 1,430.0 1,920.1 524.7 500.2 
Long-term operating lease liabilities(3)
336.6     
Common stock and additional paid-in capital2,259.2 2,490.9 1,967.4 1,599.7 1,515.5 
Total stockholders’ equity(1)
$1,101.8 $1,586.3 $1,160.3 $927.8 $894.9 
______________
(1)The amounts for fiscal 2018 and 2017 have been adjusted due to our adoption of the new revenue recognition standard. Fiscal year 2016 has not been adjusted.
(2)The net carrying amount of the 2019 Notes was classified as a current liability in our consolidated balance sheets as of July 31, 2018 and was classified as a long-term liability for all other prior periods presented. The net carrying amounts of the 2023 Notes and 2025 Notes were classified as a long-term liability in the periods they were presented. Refer to Note 10. Debt in Part II, Item 8 of this Annual Report on Form 10-K for more information on the Notes.
(3)We adopted the new lease accounting standard effective August 1, 2019 on a modified retrospective basis, under which financial results reported in periods prior to fiscal 2020 were not adjusted.
- 37 -

Table of Contents
ITEM 7.  MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS
The following discussion and analysis of our financial condition and results of operations should be read in conjunction with our consolidated financial statements and related notes appearing elsewhere in this Annual Report on Form 10-K. The following discussion and analysis contains forward-looking statements based on current expectations and assumptions that are subject to risks and uncertainties, which could cause our actual results to differ materially from those anticipated or implied by any forward-looking statements. Factors that could cause or contribute to such differences include, but are not limited to, those discussed in this Annual Report on Form 10-K, and in particular, the risks discussed under the caption “Risk Factors” in Part I, Item 1A of this report.
Our Management’s Discussion and Analysis of Financial Condition and Results of Operations (“MD&A”) is organized as follows:
Overview. A discussion of our business and overall analysis of financial and other highlights in order to provide context for the remainder of MD&A.
Key Financial Metrics. A summary of our GAAP and non-GAAP key financial metrics, which management monitors to evaluate our performance.
Results of Operations. A discussion of the nature and trends in our financial results and an analysis of our financial results comparing fiscal 2020 to 2019. For discussion and analysis related to our financial results comparing fiscal 2019 to 2018, refer to Part II, Item 7. Management's Discussion and Analysis of Financial Condition and Results of Operations in our Annual Report on Form 10-K for fiscal 2019, which was filed with the Securities and Exchange Commission on September 9, 2019.
Liquidity and Capital Resources. An analysis of changes in our balance sheets and cash flows, and a discussion of our financial condition and our ability to meet cash needs.
Contractual Obligations and Commitments. An overview of our contractual obligations, contingent liabilities, commitments, and off-balance sheet arrangements outstanding as of July 31, 2020, including expected payment schedules.
Critical Accounting Estimates. A discussion of our accounting policies that require critical estimates, assumptions, and judgments.
Recent Accounting Pronouncements. A discussion of expected impacts of impending accounting changes on financial information to be reported in the future.
Overview
We empower enterprises, service providers, and government entities to secure all users, applications, data, networks and devices with comprehensive visibility and context continuously across all locations. We deliver cybersecurity products covering a broad range of use cases, enabling our end-customers to secure their networks, remote workforce, access to the service edge, branch locations, public and private clouds, and to advance their Security Operations Centers (“SOC”). We believe our portfolio offers advanced prevention and security, while reducing the total cost of ownership for organizations by improving operational efficiency and eliminating the need for siloed point products. We do this with solutions focused on delivering value in three fundamental areas:
Secure the Enterprise:
Secure the network through our ML-powered Next-Generation Firewalls, available in a number of form factors, including physical, virtual and containerized appliances, as well as a cloud-delivered service, with Panorama management available as an appliance or as a virtual machine for the public or private cloud. This also includes security services such as Threat Prevention, WildFire, URL Filtering, DNS Security, IoT Security, GlobalProtect, SD-WAN and Data Loss Prevention that are delivered as SaaS subscriptions to our ML-powered Next-Generation Firewalls.
Secure the Cloud:
Secure the cloud through our Prisma security offerings, such as Prisma Cloud, the industry’s most comprehensive Cloud Native Security Platform (“CNSP”), protecting applications, data and the entire cloud native technology stack, throughout the full development lifecycle and across multi- and hybrid- cloud environments, Prisma SaaS for protecting SaaS applications, Prisma Access, a comprehensive Secure Access Service Edge (“SASE”) offering, that, together with CloudGenix SD-WAN, securing SD-WAN to enable the cloud delivered branch, and VM-Series and CN-Series for in-line network security in multi- and hybrid- cloud environments. CloudGenix SD-WAN autonomous networking and integrated security is available as a combination of physical, virtual and cloud-delivered appliances and services.
Secure the Future:
Secure the future of security operations through our Cortex security offerings, which includes Cortex XDR for prevention, detection and response, Cortex XSOAR for security orchestration, automation and response (“SOAR”),
- 38 -

Table of Contents
AutoFocus for threat intelligence, and Cortex Data Lake to collect and integrate security data for analytics. These products are delivered as software or SaaS subscriptions.
For fiscal 2020 and 2019, total revenue was $3.4 billion and $2.9 billion, respectively, representing year-over-year growth of 17.5%. Our growth reflects the increased adoption of our portfolio, which consists of product, subscriptions, and support. We believe our portfolio will enable us to benefit from recurring revenues as we continue to grow our installed end-customer base. As of July 31, 2020, we had end-customers in over 170 countries. Our end-customers represent a broad range of industries including education, energy, financial services, government entities, healthcare, Internet and media, manufacturing, public sector, and telecommunications, and include some of the largest Fortune 100 and Global 2000 companies in the world. We maintain a field sales force that works closely with our channel partners in developing sales opportunities. We use a two-tiered, indirect fulfillment model whereby we sell our products, subscriptions, and support to our distributors, which, in turn, sell to our resellers, which then sell to our end-customers.
Our product revenue was $1.1 billion or 31.2% of total revenue for fiscal 2020, representing a slight decrease year-over-year of 2.9%. Product revenue is generated from sales of our appliances, primarily our ML-powered Next-Generation Firewall, which is available in a number of form factors, including as physical, virtual and containerized appliances. Our ML-powered Next-Generation Firewall incorporates our PAN-OS operating system, which provides a consistent set of capabilities across our entire product line. Our products are designed for different performance requirements throughout an organization, ranging from our PA-220, which is designed for small organizations and remote or branch offices, to our top-of-the-line PA-7080, which is designed for large scale data centers and service provider use. The same firewall functionality that is delivered in our physical appliances is also available in our VM-Series virtual firewalls, which secure virtualized and cloud-based computing environments and in our CN-Series container firewalls, which secures container environments and traffic.
Our subscription and support revenue grew to $2.3 billion or 68.8% of total revenue for fiscal 2020, representing year-over-year growth of 30.0%. Our subscriptions provide our end-customers with near real-time access to the latest antivirus, intrusion prevention, web filtering, and modern malware prevention capabilities across the network, endpoints, and the cloud. When end-customers purchase our physical, virtual or container firewall appliances, they typically purchase support in order to receive ongoing security updates, upgrades, bug fixes, and repairs. In addition to the subscriptions purchased with these appliances, end-customers may also purchase other subscriptions on a per-user, per-endpoint, or capacity-based basis.
We continue to invest in innovation and acquire businesses as we evolve and further extend the capabilities of our portfolio, as we believe that innovation and timely development of new features and products is essential to meeting the needs of our end-customers and improving our competitive position. During fiscal 2020, we introduced several new offerings, including: PAN-OS 10.0 with over 70 new features; our new ML-powered Next-Generation Firewalls; and our Cortex XSOAR solution that redefines security orchestration and automation with integrated threat intelligence management. Additionally, we acquired productive investments that fit well within our long-term strategy. For example, in September 2019, we acquired Zingbox, which we believe will accelerate our delivery of IoT security through our Next-Generation Firewall and Cortex offerings; in December 2019, we acquired Aporeto, which we believe will strengthen our cloud-native security platform capabilities delivered by Prisma Cloud; and in April 2020, we acquired CloudGenix, which we believe will strengthen our SASE offering.
We believe that the growth of our business and our short-term and long-term success are dependent upon many factors, including our ability to extend our technology leadership, grow our base of end-customers, expand deployment of our portfolio and support offerings within existing end-customers, and focus on end-customer satisfaction. To manage any future growth effectively, we must continue to improve and expand our information technology and financial infrastructure, our operating and administrative systems and controls, and our ability to manage headcount, capital, and processes in an efficient manner. While these areas present significant opportunities for us, they also pose challenges and risks that we must successfully address in order to sustain the growth of our business and improve our operating results. For additional information regarding the challenges and risks we face, see the “Risk Factors” section in Part I, Item 1A of this Annual Report on Form 10-K.
Impact of COVID-19 on our Business
We are actively monitoring, evaluating and responding to developments relating to COVID-19, which has and is expected to result in continued significant global social and business disruption. As described in “Impacts of COVID-19 on our Business” included in Part I, Item 1 Business in this Annual Report, we have made some changes to our business that include instituting a global work-from-home policy beginning in March 2020 that did not incur significant disruptions in our work operations during fiscal 2020. We will continue to actively monitor the situation and will make further changes to our business operations as may be required by federal, state or local authorities or that we determine are in the best interests of our employees, end-customers, partners, suppliers and stockholders. Our focus remains on the safety of our employees, striving to protect the health and well-being of the communities in which we operate, and providing technology to our employees, end-customers and partners to help them do their best work while remote.
Although some end-customers adopted Prisma Access as their secure work-from-home solution for the longer term, COVID-19 may curtail our end-customers' spending and could lead them to delay or defer purchasing decisions, and lengthen sales cycles and payment terms, which could materially adversely impact our business, results of operations and overall financial performance. Also, certain of our end-customers or partners may be or may become credit or cash constrained making it difficult for them to fulfill their payment obligations to us. The extent of the impact of COVID-19 on our operational and financial performance will depend on
- 39 -

Table of Contents
developments, including the duration and spread of the virus, impact on our end-customers’ spending, volume of sales and length of our sales cycles, impact on our partners, suppliers and employees, actions that may be taken by governmental authorities and other factors identified in Part I, Item 1A "Risk Factors" in this Form 10-K. Given the dynamic nature of these circumstances, the full impact of COVID-19 on our ongoing business, results of operations and overall financial performance cannot be reasonably estimated at this time.
Key Financial Metrics
We monitor the key financial metrics set forth in the tables below to help us evaluate growth trends, establish budgets, measure the effectiveness of our sales and marketing efforts, and assess operational efficiencies. We discuss revenue, gross margin, and the components of operating loss and margin below under “—Results of Operations.”
July 31,
20202019
(in millions)
Total deferred revenue$3,810.2 $2,888.7 
Cash, cash equivalents, and investments$4,302.2 $3,378.5 

Year Ended July 31,
202020192018
(dollars in millions)
Total revenue$3,408.4 $2,899.6 $2,273.6 
Total revenue year-over-year percentage increase17.5 %27.5 %29.5 %
Gross margin70.7 %72.1 %71.6 %
Operating loss$(179.0)$(54.1)$(104.2)
Operating margin(5.3)%(1.9)%(4.6)%
Billings$4,301.7 $3,489.8 $2,856.2 
Billings year-over-year percentage increase23.3 %22.2 %26.8 %
Cash flow provided by operating activities$1,035.7 $1,055.6 $1,038.1 
Free cash flow (non-GAAP)$821.3 $924.4 $926.1 

• Deferred Revenue. Our deferred revenue primarily consists of amounts that have been invoiced but have not been recognized as revenue as of the period end. The majority of our deferred revenue balance consists of subscription and support revenue that is recognized ratably over the contractual service period. We monitor our deferred revenue balance because it represents a significant portion of revenue to be recognized in future periods.
Billings. We define billings as total revenue plus the change in total deferred revenue, net of acquired deferred revenue, during the period. We consider billings to be a key metric used by management to manage our business. We believe billings provides investors with an important indicator of the health and visibility of our business because it includes subscription and support revenue, which is recognized ratably over the contractual service period, and product revenue, which is recognized at the time of shipment, provided that all other conditions for revenue recognition have been met. We consider billings to be a useful metric for management and investors, particularly if we continue to experience increased sales of subscriptions and strong renewal rates for subscription and support offerings, and as we monitor our near-term cash flows. While we believe that billings provides useful information to investors and others in understanding and evaluating our operating results in the same manner as our management, it is important to note that other companies, including companies in our industry, may not use billings, may calculate billings differently, may have different billing frequencies, or may use other financial measures to evaluate their performance, all of which could reduce the usefulness of billings as a comparative measure. We calculate billings in the following manner:
- 40 -

Table of Contents
Year Ended July 31,
202020192018
(in millions)
Billings:
Total revenue$3,408.4 $2,899.6 $2,273.6 
Add: change in total deferred revenue, net of acquired deferred revenue893.3 590.2 582.6 
Billings$4,301.7 $3,489.8 $2,856.2 

• Cash Flow Provided by Operating Activities. We monitor cash flow provided by operating activities as a measure of our overall business performance. Our cash flow provided by operating activities is driven in large part by sales of our products and from up-front payments for subscription and support offerings. Monitoring cash flow provided by operating activities enables us to analyze our financial performance without the non-cash effects of certain items such as depreciation, amortization, and share-based compensation costs, thereby allowing us to better understand and manage the cash needs of our business.
• Free Cash Flow (non-GAAP). We define free cash flow, a non-GAAP financial measure, as cash provided by operating activities less purchases of property, equipment, and other assets. We consider free cash flow to be a profitability and liquidity measure that provides useful information to management and investors about the amount of cash generated by the business after necessary capital expenditures. A limitation of the utility of free cash flow as a measure of our financial performance and liquidity is that it does not represent the total increase or decrease in our cash balance for the period. In addition, it is important to note that other companies, including companies in our industry, may not use free cash flow, may calculate free cash flow in a different manner than we do, or may use other financial measures to evaluate their performance, all of which could reduce the usefulness of free cash flow as a comparative measure. A reconciliation of free cash flow to cash flow provided by operating activities, the most directly comparable financial measure calculated and presented in accordance with GAAP, is provided below:
Year Ended July 31,
202020192018
(in millions)
Free cash flow (non-GAAP):
Net cash provided by operating activities$1,035.7 $1,055.6 $1,038.1 
Less: purchases of property, equipment, and other assets214.4 131.2 112.0 
Free cash flow (non-GAAP)$821.3 $924.4 $926.1 
Net cash provided by (used in) investing activities$288.0 $(1,825.9)$(520.0)
Net cash provided by (used in) financing activities$673.0 $(773.9)$1,245.6 

- 41 -

Table of Contents
Results of Operations
The following table summarizes our results of operations for the periods presented and as a percentage of our total revenue for those periods based on our consolidated statements of operations data. The period to period comparison of results is not necessarily indicative of results for future periods.
Year Ended July 31,
202020192018
Amount% of RevenueAmount% of RevenueAmount% of Revenue
(dollars in millions)
Revenue:
Product$1,064.2 31.2 %$1,096.2 37.8 %$879.8 38.7 %
Subscription and support2,344.2 68.8 %1,803.4 62.2 %1,393.8 61.3 %
Total revenue
3,408.4 100.0 %2,899.6 100.0 %2,273.6 100.0 %
Cost of revenue:
Product294.4 8.6 %315.9 10.9 %272.412.0 %
Subscription and support705.1 20.7 %492.5 17.0 %372.716.4 %
Total cost of revenue(1)
999.5 29.3 %808.4 27.9 %645.128.4 %
Total gross profit
2,408.9 70.7 %2,091.2 72.1 %1628.571.6 %
Operating expenses:
Research and development768.1 22.5 %539.5 18.6 %400.717.6 %
Sales and marketing1,520.2 44.7 %1,344.0 46.4 %1074.247.3 %
General and administrative299.6 8.8 %261.8 9.0 %257.811.3 %
Total operating expenses(1)
2,587.9 76.0 %2,145.3 74.0 %1732.776.2 %
Operating loss
(179.0)(5.3)%(54.1)(1.9)%(104.2)(4.6)%
Interest expense
(88.7)(2.6)%(83.9)(2.9)%(29.6)(1.3)%
Other income, net35.9 1.1 %63.4 2.2 %28.5 1.3 %
Loss before income taxes(231.8)(6.8)%(74.6)(2.6)%(105.3)(4.6)%
Provision for income taxes35.2 1.0 %7.3 0.2 %16.9 0.8 %
Net loss$(267.0)(7.8)%$(81.9)(2.8)%$(122.2)(5.4)%
______________
(1)Includes share-based compensation as follows:
Year Ended July 31,
202020192018
(in millions)
Cost of product revenue
$5.7 $5.6 $7.0 
Cost of subscription and support revenue
77.7 71.3 66.7 
Research and development
274.6 186.8 145.2 
Sales and marketing
214.5 221.9 208.0 
General and administrative
92.0 102.1 77.0 
Total share-based compensation$664.5 $587.7 $503.9 

- 42 -

Table of Contents
Revenue
Our revenue consists of product revenue and subscription and support revenue. Revenue is recognized upon transfer of control of the corresponding promised products and subscriptions and support to our customers in an amount that reflects the consideration we expect to be entitled in exchange for those products and subscriptions and support. We expect our revenue to vary from quarter to quarter based on seasonal and cyclical factors.
Product Revenue
Product revenue is derived primarily from sales of our appliances. Product revenue also includes revenue derived from software licenses of Panorama and the VM-Series. Our appliances and software licenses include a broad set of built-in networking and security features and functionalities. We recognize product revenue at the time of hardware shipment or delivery of software license.
Year Ended July 31,