UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

_____________________ 

FORM 10-K

_____________________

(Mark One)

☒    ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the fiscal year ended July 31, 2023

or

☐    TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the transition period from             to             

Commission File Number 001-35594

Palo Alto Networks, Inc.

(Exact name of registrant as specified in its charter)

Delaware	20-2530195
(State or other jurisdiction of incorporation or organization)	(I.R.S. Employer Identification No.)

3000 Tannery Way

Santa Clara, California 95054

(Address of principal executive offices, including zip code)

(408) 753-4000

(Registrant’s telephone number, including area code)

Securities registered pursuant to Section 12(b) of the Act:

Title of each class	Trading Symbol(s)	Name of each exchange on which registered
Common stock, $0.0001 par value per share	PANW	The Nasdaq Stock Market LLC (Nasdaq Global Select Market)

Securities registered pursuant to Section 12(g) of the Act:

None

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes  ☒ No  ☐

Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act.    Yes  ☐ No  ☒

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes  ☒ No  ☐

Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes  ☒ No  ☐

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.

Large accelerated filer	☒	Accelerated filer	☐
Non-accelerated filer	☐	Smaller reporting company	☐
		Emerging growth company	☐

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐

Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☒

If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued financial statements. ☐

Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant’s executive officers during the relevant recovery period pursuant to §240.10D-1(b). ☐

Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Act). Yes  ☐ No  ☒

The aggregate market value of voting stock held by non-affiliates of the registrant was $47,351,509,692 as of January 31, 2023, the last business day of the registrant’s most recently completed second fiscal quarter (based on the closing sales price for the common stock on the Nasdaq Global Select Market on such date). Shares of common stock held by each executive officer and director have been excluded in that such persons may be deemed to be affiliates. This determination of affiliate status is not necessarily a conclusive determination for other purposes.

On August 18, 2023, 308,594,604 shares of the registrant’s common stock, $0.0001 par value, were outstanding.

DOCUMENTS INCORPORATED BY REFERENCE

Portions of the information called for by Part III of this Annual Report on Form 10-K is hereby incorporated by reference from the definitive proxy statement for the registrant’s 2023 annual meeting of stockholders, which will be filed with the Securities and Exchange Commission not later than 120 days after the registrant’s fiscal year ended July 31, 2023.

Table Of Contents

		Page
	PART I
Item 1.	Business	4
Item 1A.	Risk Factors	14
Item 1B.	Unresolved Staff Comments	35
Item 2.	Properties	35
Item 3.	Legal Proceedings	35
Item 4.	Mine Safety Disclosures	35
	PART II
Item 5.	Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities	36
Item 6.	[Reserved]	37
Item 7.	Management’s Discussion and Analysis of Financial Condition and Results of Operations	38
Item 7A.	Quantitative and Qualitative Disclosures About Market Risk	51
Item 8.	Financial Statements and Supplementary Data	52
Item 9.	Changes in and Disagreements with Accountants on Accounting and Financial Disclosure	92
Item 9A.	Controls and Procedures	92
Item 9B.	Other Information	93
Item 9C.	Disclosure Regarding Foreign Jurisdictions That Prevent Inspections	93
	PART III
Item 10.	Directors, Executive Officers and Corporate Governance	94
Item 11.	Executive Compensation	94
Item 12.	Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters	94
Item 13.	Certain Relationships and Related Transactions, and Director Independence	94
Item 14.	Principal Accountant Fees and Services	94
	PART IV
Item 15.	Exhibits and Financial Statement Schedules	95
Item 16.	Form 10-K Summary	99
	Signatures	100

- 2 -

Part I

SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS

This Annual Report on Form 10-K, including the sections entitled “Business,” “Risk Factors,” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. The words “believe,” “may,” “will,” “potentially,” “estimate,” “continue,” “anticipate,” “intend,” “could,” “would,” “project,” “plan,” “expect,” and similar expressions that convey uncertainty of future events or outcomes are intended to identify forward-looking statements.

These forward-looking statements include, but are not limited to, statements concerning the following:

•expectations regarding drivers of and factors affecting growth in our business;

•statements regarding trends in billings, our mix of product and subscription and support revenue, cost of revenue, gross margin, cash flows, operating expenses, including future share-based compensation expense, income taxes, investment plans, and liquidity;

•expected recurring revenues resulting from growth in our end-customers and increased adoption of our products and cloud-delivered security solutions;

•our expectations regarding future investments in research and development and product development, customer support, in our employees and in our sales force, including expectations regarding growth in our sales headcount;

•our expectation that we will continue to expand our global presence;

•expectations regarding our revenues, including the seasonality and cyclicality from quarter to quarter;

•our expectation that we will expand our facilities or add new facilities as we add employees and enter new geographic markets;

•our expectation that we will increase our customer financing activities;

•the sufficiency of our cash flow from operations with existing cash, cash equivalents, and investments to meet our cash needs for the foreseeable future;

•our ability to successfully acquire and integrate companies and assets and our expectations and intentions with respect to the products and technologies that we acquire and introduce;

•the timing and amount of capital expenditures and share repurchases; and

•other statements regarding our future operations, financial condition and prospects, and business strategies.

These forward-looking statements are subject to a number of risks, uncertainties, and assumptions, including those described in “Risk Factors” included in Part I, Item 1A and elsewhere in this Annual Report on Form 10-K. Moreover, we operate in a very competitive and rapidly changing environment, and new risks emerge from time to time. It is not possible for our management to predict all risks, nor can we assess the impact of all factors on our business or the extent to which any factor, or combination of factors, may cause actual results to differ materially from those contained in any forward-looking statements we may make. In light of these risks, uncertainties, and assumptions, the forward-looking events and circumstances discussed in this Annual Report on Form 10-K may not occur, and actual results could differ materially and adversely from those anticipated or implied in the forward-looking statements. We undertake no obligation to revise or publicly release the results of any revision to these forward-looking statements, except as required by law. Given these risks and uncertainties, readers are cautioned not to place undue reliance on such forward-looking statements.

- 3 -

Item 1. Business

General

Palo Alto Networks, Inc. is a global cybersecurity provider with a vision of a world where each day is safer and more secure than the one before. We were incorporated in 2005 and are headquartered in Santa Clara, California.

We empower enterprises, organizations, service providers, and government entities to protect themselves against today’s most sophisticated cyber threats. Our cybersecurity platforms and services help secure enterprise users, networks, clouds, and endpoints by delivering comprehensive cybersecurity backed by industry-leading artificial intelligence and automation. We are a leading provider of zero trust solutions, starting with next-generation zero trust network access to secure today’s remote hybrid workforces and extending to securing all users, applications, and infrastructure with zero trust principles. Our security solutions are designed to reduce customers’ total cost of ownership by improving operational efficiency and eliminating the need for siloed point products. Our company focuses on delivering value in four fundamental areas:

Network Security:

•Our network security platform, designed to deliver complete zero trust solutions to our customers, includes our hardware and software ML-Powered Next-Generation Firewalls, as well as a cloud-delivered Secure Access Service Edge (“SASE”). Prisma® Access, our Security Services Edge (“SSE”) solution, when combined with Prisma SD-WAN, provides a comprehensive single-vendor SASE offering that is used to secure remote workforces and enable the cloud-delivered branch. We have been recognized as a leader in network firewalls, SSE, and SD-WAN. Our network security platform also includes our cloud-delivered security services, such as Advanced Threat Prevention, Advanced WildFire®, Advanced URL Filtering, DNS Security, IoT/OT Security, GlobalProtect®, Enterprise Data Loss Prevention (“Enterprise DLP”), Artificial Intelligence for Operations (“AIOps”), SaaS Security API, and SaaS Security Inline. Through these add-on security services, our customers are able to secure their content, applications, users, and devices across their entire organization. Panorama®, our network security management solution, can centrally manage our network security platform irrespective of form factor, location, or scale.

Cloud Security:

•We enable cloud-native security through our Prisma Cloud platform. As a comprehensive Cloud Native Application Protection Platform (“CNAPP”), Prisma Cloud secures multi- and hybrid-cloud environments for applications, data, and the entire cloud native technology stack across the full development lifecycle; from code to runtime. For inline network security on multi- and hybrid-cloud environments, we also offer our VM-Series and CN-Series Firewall offerings.

Security Operations:

•We deliver the next generation of security automation, security analytics, endpoint security, and attack surface management solutions through our Cortex portfolio. These include Cortex XSIAM, our AI security automation platform, Cortex XDR® for the prevention, detection, and response to complex cybersecurity attacks on the endpoint, Cortex XSOAR® for security orchestration, automation, and response (“SOAR”), and Cortex XpanseTM for attack surface management (“ASM”). These products are delivered as SaaS or software subscriptions.

Threat Intelligence and Security Consulting (Unit 42):

•Unit 42 brings together world-renowned threat researchers with an elite team of incident responders and security consultants to create an intelligence-driven, response-ready organization to help customers proactively manage cyber risk. Our consultants serve as trusted advisors to our customers by assessing and testing their security controls against the right threats, transforming their security strategy with a threat-informed approach, and responding to security incidents on behalf of our clients.

- 4 -

Product, Subscription, and Support

Our customer offerings are available in the form of the product, subscription, and support offerings described below:

PRODUCTS

Hardware and software firewalls. Our ML-Powered Next Generation Firewalls embed machine learning in the core of the firewall and employ inline deep learning in the cloud, empowering our customers to stop zero-day threats in real time, see and secure their entire enterprise including IoT, and reduce errors with automatic policy recommendations. All of our hardware and software firewalls incorporate our PAN-OS® operating system and come with the same rich set of features, ensuring consistent operation across our entire product line. The content, applications, users, and devices—the elements that run a business—become integral components of an enterprise’s security policy via our Content-ID™, App-ID™, User-ID™, and Device-ID technologies. In addition to these components, key features include site-to-site virtual private network (“VPN”), remote access Secure Sockets Layer (“SSL”) VPN, and Quality-of-Service (“QoS”). Our appliances and software are designed for different performance requirements throughout an organization and are classified based on throughput, ranging from our PA-410, which is designed for small organizations and branch offices, to our top-of-the-line PA-7080, which is designed for large-scale data centers and service provider use. Our firewalls come in a hardware form factor, a containerized form factor, called CN-Series, as well as a virtual form factor, called VM-Series, that is available for virtualization and cloud environments from companies such as VMware, Inc. (“VMware”), Microsoft Corporation (“Microsoft”), Amazon.com, Inc. (“Amazon”), and Google, Inc. (“Google”), and in Kernel-based Virtual Machine (“KVM”)/OpenStack environments. We also offer Cloud NGFW, a managed next-generation firewall (“NGFW”) offering, to secure customers’ applications on Amazon Web Services (“AWS”) and Microsoft Azure (“Azure”).

SD-WAN. Our SD-WAN is integrated with PAN-OS so that our end-customers can get the security features of our PAN-OS ML-Powered Next-Generation Firewall together with SD-WAN functionality. The SD-WAN overlay supports dynamic, intelligent path selection based on the applications, services, and conditions of the links that each application or service is allowed to use, allowing applications to be prioritized based on criteria such as whether the application is mission-critical, latency-sensitive, or meets certain health criteria.

Panorama. Panorama is our centralized security management solution for global control of our network security platform. Panorama can be deployed as a virtual appliance or a physical appliance. Panorama is used for centralized policy management, device management, software licensing and updates, centralized logging and reporting, and log storage. Panorama controls the security, network address translation (“NAT”), QoS, policy-based forwarding, decryption, application override, captive portal, and distributed denial of service/denial of service (“DDoS/DoS”) protection aspects of the network security systems under management. Panorama centrally manages device software and associated updates, including SSL-VPN clients, SD-WAN, dynamic content updates, and software licenses. Panorama offers network security monitoring through the ability to view logs and run reports for our network security platform in one location without the need to forward the logs and reliably expands log storage for long-term event investigation and analysis.

SUBSCRIPTIONS

We offer a number of subscriptions as part of our network security platform. Of these subscription offerings, cloud-delivered security services, such as Advanced Threat Prevention, Advanced WildFire, Advanced URL Filtering, DNS Security, IoT/OT Security, SaaS Security Inline, GlobalProtect, Enterprise DLP, and AIOps, are sold as options to our hardware and software firewalls, whereas SaaS Security API, Prisma Access, Prisma SD-WAN, Prisma Cloud, Cortex XSIAM, Cortex XDR, Cortex XSOAR, and Cortex Xpanse are sold on a per-user, per-endpoint, or capacity-based basis. Our subscription offerings include:

Cloud-delivered security services:

•Advanced Threat Prevention. This cloud-delivered security service provides intrusion detection and prevention capabilities and blocks vulnerability exploits, viruses, spyware, buffer overflows, denial-of-service attacks, and port scans from compromising and damaging enterprise information resources. It includes mechanisms—such as protocol decoder-based analysis, protocol anomaly-based protection, stateful pattern matching, statistical anomaly detection, heuristic-based analysis, custom vulnerability and spyware “phone home” signatures, and workflows—to manage popular open-source signature formats to extend our coverage. In addition, it offers inline deep learning to deliver real-time detection and prevention of unknown, evasive, and targeted command-and-control (“C2”) communications over HTTP, unknown-TCP, unknown-UDP, and encrypted over SSL. Advanced Threat Prevention is the first offering to protect patient zero from unknown command and control in real-time.

- 5 -

•Advanced WildFire. This cloud-delivered security service provides protection against targeted malware and advanced persistent threats and provides a near real-time analysis engine for detecting previously unseen malware while resisting attacker evasion techniques. Advanced WildFire combines dynamic and static analysis, recursive analysis, and a custom-built analysis environment with network traffic profiling and fileless attack detection to discover even the most sophisticated and evasive threats. A machine learning module derived from the cloud sandbox environment is now delivered inline on the ML-Powered Next-Generation Firewalls to identify the majority of unknown threats without cloud connectivity. In addition, Advanced WildFire defeats highly evasive modern malware at scale with a new infrastructure and patented analysis techniques, including intelligent runtime memory analysis, dependency emulation, malware family fingerprinting, and more. Once identified, whether in the cloud or inline, preventive measures are automatically generated and delivered in seconds or less to our network security platform.

•Advanced URL Filtering. This cloud-delivered security service offers the industry’s first Inline Deep Learning powered web protection engine. It delivers real-time detection and prevention of unknown, evasive, and targeted web-based threats, such as phishing, malware, and C2. While many vendors use machine learning to categorize web content or prevent malware downloads, Advanced URL Filtering is the industry’s first inline web protection engine capable of detecting never-before-seen web-based threats and preventing them in real-time. In addition, it includes a cloud-based URL filtering database which consists of millions of URLs across many categories and is designed to analyze web traffic and prevent web-based threats, such as phishing, malware, and C2.

•DNS Security. This cloud-delivered security service uses machine learning to proactively block malicious domains and stop attacks in progress. Unlike other solutions, it does not require endpoint routing configurations to be maintained and therefore cannot be bypassed. It allows our network security platform access to DNS signatures that are generated using advanced predictive analysis, machine learning, and malicious domain data from a growing threat intelligence sharing community of which we are a part. Expanded categorization of DNS traffic and comprehensive analytics allow deep insights into threats, empowering security personnel with the context to optimize their security posture. It offers comprehensive DNS attack coverage and includes industry-first protections against multiple emerging DNS-based network attacks.

•IoT/OT Security. This cloud-delivered security service uses machine learning to accurately identify and classify various IoT and operational technology (“OT”) devices, including never-been-seen-before devices, mission-critical OT devices, and unmanaged legacy systems. It uses machine learning to baseline normal behavior, identify anomalous activity, assess risk, and provide policy recommendations to allow trusted behavior with a new Device-ID policy construct on our network security platform. Other subscriptions have also been enhanced with IoT context to prevent threats on various devices, including IoT and OT devices.

•SaaS Security API. SaaS Security API (formerly Prisma SaaS) is a multi-mode, cloud access security broker (“CASB”) that helps govern sanctioned SaaS application usage across all users and helps prevent breaches and non-compliance. Specifically, the service enables the discovery and classification of data stored in supported SaaS applications, protects sensitive data from accidental exposure, identifies and protects against known and unknown malware, and performs user activity monitoring to identify potential misuse or data exfiltration. It delivers complete visibility and granular enforcement across all user, folder, and file activity within sanctioned SaaS applications, and can be combined with SaaS Security Inline for a complete integrated CASB.

•SaaS Security Inline. SaaS Security Inline adds an inline service to automatically gain visibility and control over thousands of known and new sanctioned, unsanctioned and tolerated SaaS applications in use within organizations today. It provides enterprise data protection and compliance across all SaaS applications and prevents cloud threats in real time with best-in-class security. The solution is easy to deploy being natively integrated on network security platform, eliminating the architectural complexity of traditional CASB products, while offering low total cost of ownership. It can be combined with SaaS Security API as a complete integrated CASB.

•GlobalProtect. This subscription provides protection for users of both traditional laptop and mobile devices. It expands the boundaries of the end-users’ physical network, effectively establishing a logical perimeter that encompasses remote laptop and mobile device users irrespective of their location. When a remote user logs into the device, GlobalProtect automatically determines the closest gateway available to the roaming device and establishes a secure connection. Regardless of the operating systems, laptops, tablets, and phones will stay connected to the corporate network when they are on a network of any kind and, as a result, are protected as if they never left the corporate campus. GlobalProtect ensures that the same secure application enablement policies that protect users at the corporate site are enforced for all users, independent of their location.

•Enterprise DLP. This cloud-delivered security service provides consistent, reliable protection of sensitive data, such as personally identifiable information (“PII”) and intellectual property, for all traffic types, applications, and users. Native integration with our products makes it simple to deploy, and advanced machine learning minimizes management complexity. Enterprise DLP allows organizations to consistently discover, classify, monitor, and protect sensitive data, wherever it may reside. It helps minimize the risk of a data breach both on-premises and in the cloud—such as in Office/Microsoft 365™, Salesforce®, and Box—and assists in meeting stringent data privacy and compliance regulations, including GDPR, CCPA, PCI DSS, HIPAA, and others.

- 6 -

•AIOps: AIOps is available in both free and licensed premium versions. AIOps redefines network operational experience by empowering security teams to proactively strengthen security posture and resolve network disruptions. AIOps provides continuous best practice recommendations powered by machine learning (“ML”) based on industry standards, security policy context, and advanced telemetry data collected from our network security customers to improve security posture. It also intelligently predicts health, performance, and capacity problems up to seven days in advance and provides actionable insights to resolve the predicted disruptions.

Secure Access Service Edge:

•Prisma Access. Prisma Access is a cloud-delivered security offering that helps organizations deliver consistent security to remote networks and mobile users. Located in more than 100 locations around the world, Prisma Access consistently inspects all traffic across all ports and provides bidirectional networking to enable branch-to-branch and branch-to-headquarter traffic. Prisma Access consolidates point-products into a single converged cloud-delivered offering, transforming network security and allowing organizations to enable secure hybrid workforces. Prisma Access protects all application traffic with complete, best-in-class security while ensuring an exceptional user experience with industry-leading service-level agreements (“SLA”s).

•Prisma SD-WAN. Our Prisma SD-WAN solution is a next-generation SD-WAN solution that makes the secure cloud-delivered branch possible. Prisma SD-WAN enables organizations to replace traditional Multiprotocol Label Switching (“MPLS”) based WAN architectures with affordable broadband and internet transport types that promote improved bandwidth availability, redundancy and performance at a reduced cost. Prisma SD-WAN leverages real-time application performance SLAs and visibility to control and intelligently steer application traffic to deliver an exceptional user experience. Prisma SD-WAN also provides the flexibility of deploying with an on-premises controller to help businesses meet their industry-specific security compliance requirements and manage deployments with application-defined policies. Our Prisma SD-WAN simplifies network and security operations using machine learning and automation.

Cloud Security:

•Prisma Cloud. Prisma Cloud is a comprehensive Cloud-Native Application Protection Platform (“CNAPP”), securing both cloud-native and lift-and-shift applications across multi- and hybrid-cloud environments. With broad security and compliance coverage and a flexible agentless, as well as agent-based, architecture, Prisma Cloud protects cloud-native applications across their lifecycle from code to cloud. The platform helps developers prevent risks as they code and build the application, secures the software supply chain and the continuous integration and continuous development (“CI/CD”) pipeline, and provides complete visibility and real-time protection for applications in the cloud.

With its code-to-cloud security capabilities, Prisma Cloud uniquely stitches together a complete security picture by tracing back thousands of cloud risks and vulnerabilities that occur in the application runtime to their origin in the code-and-build phase of the application. The platform enables organizations to “shift security left” and fix issues at the source (in code) before they proliferate as a large number of risks in the cloud. The contextualized visibility to alerts, attack paths, and vulnerabilities delivered by Prisma Cloud facilitates collaboration between security and development teams to drive down risks and deliver better security outcomes. The context helps security teams block attacks in the cloud runtime and developers fix risks in source code.

A comprehensive library of compliance frameworks included in Prisma Cloud vastly simplifies the task of maintaining compliance. Seamless integration with security orchestration tools ensures rapid remediation of vulnerabilities and security issues.

With a flexible, integrated platform that enables customers to license and activate cloud security capabilities that match their need, Prisma Cloud helps secure organizations at every stage in their cloud adoption journey. The platform enables security teams to consolidate multiple products that address individual risks with an integrated solution that also delivers best-in-class capabilities. Including the recently launched CI/CD security module, Prisma Cloud’s code-to-cloud CNAPP delivers comprehensive protection for applications and their code, infrastructure (workloads, network, and storage), data, APIs, and associated identities.

Security Operations:

•Cortex XSIAM. This cloud-based subscription is the AI security automation platform for the modern SOC, harnessing the power of AI to radically improve security outcomes and transform security operations. Cortex XSIAM customers can consolidate multiple products into a single unified platform, including EDR, XDR, SOAR, ASM, user behavior analytics (“UBA”), threat intelligence platform (“TIP”), and security information and event management (“SIEM”). Using a security-specific data model and applying AI, Cortex XSIAM automates data integration, analysis, and triage to respond to most alerts, enabling analysts to focus on only the incidents that require human intervention.

- 7 -

•Cortex XDR. This cloud-based subscription enables organizations to collect telemetry from endpoint, network, identity and cloud data sources and apply advanced analytics and machine learning, to quickly find and stop targeted attacks, insider abuse, and compromised endpoints. Cortex XDR has two product tiers: XDR Prevent and XDR Pro. XDR Prevent delivers enterprise-class endpoint security focused on preventing attacks. XDR Pro extends endpoint detection and response (“EDR”) to include cross-data analytics, including network, cloud, and identity data. Going beyond EDR, Cortex XDR detects the most complex threats using analytics across key data sources and reveals the root cause, which can significantly reduce investigation time as compared to siloed tools and manual processes.

•Cortex XSOAR. Available as a cloud-based subscription or an on-premises appliance, Cortex XSOAR is a comprehensive security orchestration automation and response (“SOAR”) offering that unifies playbook automation, case management, real-time collaboration, and threat intelligence management to serve security teams across the incident lifecycle. With Cortex XSOAR, security teams can standardize processes, automate repeatable tasks, and manage incidents across their security product stack to improve response time and analyst productivity. It learns from the real-life analyst interactions and past investigations to help SOC teams with analyst assignment suggestions, playbook enhancements, and best next steps for investigations. Many of our customers see significantly faster SOC response times and a significant reduction in the number of SOC alerts which require human intervention.

•Cortex Xpanse. This cloud-based subscription provides attack surface management (“ASM”), which is the ability for an organization to identify what an attacker would see among all of its sanctioned and unsanctioned Internet-facing assets. In addition, Cortex Xpanse detects risky or out-of-policy communications between Internet-connected assets that can be exploited for data breaches or ransomware attacks. Cortex Xpanse continuously identifies Internet assets, risky services, or misconfigurations in third parties to help secure a supply chain or identify risks for mergers and acquisitions due diligence. Finally, compliance teams use Cortex Xpanse to improve their audit processes and stay in compliance by assessing their access controls against regulatory frameworks.

SUPPORT

Customer Support. Global customer support helps our customers achieve their security outcomes with services and support capabilities covering the customer's entire journey with Palo Alto Networks. This post-sales, global organization advances our customers’ security maturity, supporting them when, where, and how they need it. We offer Standard Support, Premium Support, and Platinum Support to our end-customers and channel partners. Our channel partners that operate a Palo Alto Networks Authorized Support Center (“ASC”) typically deliver level-one and level-two support. We provide level-three support 24 hours a day, seven days a week through regional support centers that are located worldwide. We also offer a service offering called Focused Services that includes Customer Success Managers (“CSM”) to provide support for end-customers with unique or complex support requirements. We offer our end-customers ongoing support for hardware, software, and certain cloud offerings, which includes ongoing security updates, PAN-OS upgrades, bug fixes, and repairs. End-customers typically purchase these services for a one-year or longer term at the time of the initial product sale and typically renew for successive one-year or longer periods. Additionally, we provide expedited replacement for any defective hardware. We use a third-party logistics provider to manage our worldwide deployment of spare appliances and other accessories.

Threat Intelligence, Incident Response and Security Consulting. Unit 42 brings together world-renowned threat researchers, incident responders, and security consultants to create an intelligence-driven, response-ready organization that is passionate about helping clients proactively manage cyber risk. We help security leaders assess and test their security controls, transform their security strategy with a threat-informed approach, and respond to incidents rapidly. The Unit 42 Threat Intelligence team provides threat research that enables security teams to understand adversary intent and attribution, while enhancing protections offered by our products and services to stop advanced attacks. Our security consultants serve as trusted partners with state-of-the-art cyber risk expertise and incident response capabilities, helping customers focus on their business before, during, and after a breach.

Professional Services. Professional services are primarily delivered directly by Palo Alto Networks and through a global network of authorized channel partners to our end-customers and include on-location and remote, hands-on experts who plan, design, and deploy effective security solutions tailored to our end-customers’ specific requirements. These services include architecture design and planning, implementation, configuration, and firewall migrations for all our products, including Prisma and Cortex deployments. Customers can also purchase on-going technical experts to be part of customer’s security teams to aid in the implementation and operation of their Palo Alto Networks capabilities. Our education services include certifications, as well as free online technical courses and in-classroom training, which are primarily delivered through our authorized training partners.

- 8 -

RESEARCH AND DEVELOPMENT

Our research and development efforts are focused on developing new hardware and software and on enhancing and improving our existing product and subscription offerings. We believe that hardware and software are both critical to expanding our leadership in the enterprise security industry. Our engineering team has deep networking, endpoint, and security expertise and works closely with end-customers to identify their current and future needs. Our scale and position in multiple areas of the security market enable us to leverage core competencies across hardware, software, and SaaS and also share expertise and research around threats, which allows us to respond to the rapidly changing threat landscape. We supplement our own research and development efforts with technologies and products that we license from third parties. We test our products thoroughly to certify and ensure interoperability with third-party hardware and software products.

We believe that innovation and timely development of new features and products is essential to meeting the needs of our end-customers and improving our competitive position. During fiscal 2023, we introduced several new offerings, including: Cortex XSIAM 1.0, major updates to Prisma Cloud (including three new security modules), Prisma Access 4.0, PAN-OS 11.0, Cloud NGFW for AWS, and Cloud NGFW for Azure. Additionally, we acquired productive investments that fit well within our long-term strategy. For example, we acquired Cider Security Ltd. (“Cider”), which we expect will support our Prisma Cloud’s platform approach to securing the entire application security lifecycle from code to cloud.

We plan to continue to significantly invest in our research and development efforts as we evolve and extend the capabilities of our portfolio.

INTELLECTUAL PROPERTY

Our industry is characterized by the existence of a large number of patents and frequent claims and related litigation regarding patent and other intellectual property rights. In particular, leading companies in the enterprise security industry have extensive patent portfolios and are regularly involved in both offensive and defensive litigation. We continue to grow our patent portfolio and own intellectual property and related intellectual property rights around the world that relate to our products, services, research and development, and other activities, and our success depends in part upon our ability to protect our core technology and intellectual property. We file patent applications to protect our intellectual property and believe that the duration of our issued patents is sufficient when considering the expected lives of our products.

We actively seek to protect our global intellectual property rights and to deter unauthorized use of our intellectual property by controlling access to, and use of, our proprietary software and other confidential information through the use of internal and external controls, including contractual protections with employees, contractors, end-customers, and partners, and our software is protected by U.S. and international copyright laws. Despite our efforts to protect our intellectual property rights, our rights may not be successfully asserted in the future or may be invalidated, circumvented, or challenged. In addition, the laws of various foreign countries where our offerings are distributed may not protect our intellectual property rights to the same extent as laws in the United States. See “Risk Factors-Claims by others that we infringe their intellectual property rights could harm our business,” “Risk Factors-Our proprietary rights may be difficult to enforce or protect, which could enable others to copy or use aspects of our products or subscriptions without compensating us,” and “Legal Proceedings” below for additional information.

GOVERNMENT REGULATION

We are subject to numerous U.S. federal, state, and foreign laws and regulations covering a wide variety of subject matters. Like other companies in the technology industry, we face scrutiny from both U.S. and foreign governments with respect to our compliance with laws and regulations. Our compliance with these laws and regulations may be onerous and could, individually or in the aggregate, increase our cost of doing business, impact our competitive position relative to our peers, and/or otherwise have an adverse impact on our business, reputation, financial condition, and operating results. For additional information about government regulation applicable to our business, see Part I, Item 1A “Risk Factors” in this Form 10-K.

COMPETITION

We operate in the intensely competitive enterprise security industry that is characterized by constant change and innovation. Changes in the application, threat, and technology landscape result in evolving customer requirements for the protection from threats and the safe enablement of applications. Our main competitors fall into four categories:

•large companies that incorporate security features in their products, such as Cisco Systems, Inc. (“Cisco”), Microsoft, or those that have acquired, or may acquire, security vendors and have the technical and financial resources to bring competitive solutions to the market;

•independent security vendors, such as Check Point Software Technologies Ltd. (“Check Point”), Fortinet, Inc. (“Fortinet”), Crowdstrike, Inc. (“Crowdstrike”), and Zscaler, Inc. (“Zscaler”), that offer a mix of security products;

- 9 -

•startups and point-product vendors that offer independent or emerging solutions across various areas of security; and

•public cloud vendors and startups that offer solutions for cloud security (private, public, and hybrid cloud).

As our market grows, it will attract more highly specialized vendors, as well as larger vendors that may continue to acquire or bundle their products more effectively.

The principal competitive factors in our market include:

•product features, reliability, performance, and effectiveness;

•product line breadth, diversity, and applicability;

•product extensibility and ability to integrate with other technology infrastructures;

•price and total cost of ownership;

•adherence to industry standards and certifications;

•strength of sales and marketing efforts; and

•brand awareness and reputation.

We believe we generally compete favorably with our competitors on the basis of these factors as a result of the features and performance of our portfolio, the ease of integration of our security solutions with technological infrastructures, and the relatively low total cost of ownership of our products. However, many of our competitors have substantially greater financial, technical, and other resources, greater name recognition, larger sales and marketing budgets, broader distribution, more diversified product lines, and larger and more mature intellectual property portfolios.

SALES, MARKETING, SERVICES, AND SUPPORT

Customers. Our end-customers are predominantly medium to large enterprises, service providers, and government entities. Our end-customers operate in a variety of industries, including education, energy, financial services, government entities, healthcare, Internet and media, manufacturing, public sector, and telecommunications. Our end-customers deploy our portfolio of solutions for a variety of security functions across a variety of deployment scenarios. Typical deployment scenarios include the enterprise network, the enterprise data center, cloud locations, and branch or remote locations. No single end-customer accounted for more than 10% of our total revenue in fiscal 2023, 2022, or 2021.

Distribution. We primarily sell our products and subscription and support offerings to end-customers through our channel partners utilizing a two-tier, indirect fulfillment model whereby we sell our products and subscription and support offerings to our distributors, which, in turn, sell to our resellers, which then sell to our end-customers. Sales are generally subject to our standard, non-exclusive distributor agreement, which provides for an initial term of one year, one-year renewal terms, termination by us with 30 to 90 days written notice prior to the renewal date, and payment to us from the channel partner within 30 to 45 calendar days of the date we issue an invoice for such sales. For fiscal 2023, 49.7% of our total revenue was derived from sales to three distributors.

We also sell our VM-Series virtual firewalls directly to end-customers through Amazon’s AWS Marketplace, Microsoft’s Azure Marketplace, and Google’s Cloud Platform Marketplace under a usage-based licensing model.

Sales. Our sales organization is responsible for large-account acquisition and overall market development, which includes the management of the relationships with our channel partners, working with our channel partners in winning and supporting end-customers through a direct-touch approach, and acting as the liaison between our end-customers and our marketing and product development organizations. We pursue sales opportunities both through our direct sales force and as assisted by our channel partners, including leveraging cloud service provider marketplaces. We expect to continue to grow our sales headcount to expand our reach in all key growth sectors.

Our sales organization is supported by sales engineers with responsibility for pre-sales technical support, solutions engineering for our end-customers, and technical training for our channel partners.

Channel Program. Our NextWave Channel Partner program is focused on building in-depth relationships with solutions-oriented distributors and resellers that have strong security expertise. The program rewards these partners based on a number of attainment goals, as well as provides them access to marketing funds, technical and sales training, and support. To promote optimal productivity, we operate a formal accreditation program for our channel partners’ sales and technical professionals. As of July 31, 2023, we had more than 7,100 channel partners.

Global Customer Success. Our Global Customer Success (“GCS”) organization is responsible for delivering professional, educational, and support services directly to our channel partners and end-customers. We leverage the capabilities of our channel partners and train them in the delivery of professional, educational, and support services to enable these services to be locally delivered. We believe that a broad range of support services is essential to the successful customer deployment and ongoing support of our products, and we have hired support engineers with proven experience to provide those services.

- 10 -

Marketing. Our marketing is focused on building our brand reputation and the market awareness of our portfolio and driving pipeline and end-customer demand. Our marketing team consists primarily of product marketing, brand, demand generation, field marketing, digital marketing, communications, analyst relations, and marketing analytics functions. Marketing activities include pipeline development through demand generation, social media and advertising programs, managing the corporate website and partner portal, trade shows and conferences, analyst relationships, customer advocacy, and customer awareness. Every year we organize multiple signature events, such as our end-customer conference “Ignite” and focused conferences such as “Cortex Symphony” and “SASE Converge.” We also publish threat intelligence research, such as the Unit 42 Cloud Threat Report and the Unit 42 Network Threat Trends Research Report, which are based on data from our global threat intelligence team, Unit 42. These activities and tools benefit both our direct and indirect channels and are available at no cost to our channel partners.

Backlog. Orders for subscription and support offerings for multiple years are generally billed upfront upon fulfillment and are included in deferred revenue. Contract amounts that are not recorded in deferred revenue or revenue are considered backlog. We expect backlog related to subscription and support offerings will change from period to period for various reasons, including the timing and duration of customer orders and varying billing cycles of those orders. Products are billed upon hardware shipment or delivery of software license. The majority of our product revenue comes from orders that are received and shipped in the same quarter. However, insufficient supply and inventory may delay our hardware product shipments. As such, we do not believe that our product backlog at any particular time is necessarily indicative of our future operating results.

Seasonality. Our business is affected by seasonal fluctuations in customer spending patterns. We have begun to see seasonal patterns in our business, which we expect to become more pronounced as we continue to grow, with our strongest sequential revenue growth generally occurring in our fiscal second and fourth quarters.

MANUFACTURING

We outsource the manufacturing of our products to various manufacturing partners, which include our electronics manufacturing services provider (“EMS provider”) and original design manufacturers. This approach allows us to reduce our costs as it reduces our manufacturing overhead and inventory and also allows us to adjust more quickly to changing end-customer demand. Our EMS provider is Flextronics International, Ltd. (“Flex”), who assembles our products using design specifications, quality assurance programs, and standards that we establish, and procures components and assembles our products based on our demand forecasts. These forecasts represent our estimates of future demand for our products based upon historical trends and analysis from our sales and product management functions as adjusted for overall market conditions.

The component parts within our products are either sourced by our manufacturing partners or by us from various component suppliers. Our manufacturing and supply contracts, generally, do not guarantee a certain level of supply or fixed pricing, which increases our exposure to supply shortages or price increases.

HUMAN CAPITAL

We believe our ongoing success depends on our employees. Development and investment in our people is central to who we are, and will continue to be so. With a global workforce of 13,948 as of July 31, 2023, our People Strategy is a critical element of our overall company strategy. Our People Strategy is a comprehensive approach to source, hire, onboard, develop, engage, and reward employees. Our approach is grounded on core tenants: respect each employee as an individual, demonstrate fairness and equity in all we do, facilitate flexibility, personalization, and choice whenever possible, and nurture a culture where employees are supported in doing the best work of their careers. Our values of disruption, execution, collaboration, inclusion, and integrity were co-created with employees and serve as the foundation of our culture.

Source & Hire. Sourcing diverse talent who possess the skills and capabilities to execute and add value to our culture form the cornerstone of our comprehensive approach to talent acquisition—a philosophy we call “The Way We Hire.” We utilize an array of methods to identify subject matter experts in their respective fields, emphasizing sourcing channels that connect us with underrepresented talents.

In an effort to foster career growth within Palo Alto Networks, we prioritize internal mobility. This allows current employees to progress either through a traditional career path or by exploring roles across various business functions, often culminating in promotions. We encourage existing employees to refer qualified individuals for our open positions, thus leveraging the collective networks of our team to attract a diverse range of expertise and perspectives.

We have made strides to understand job requirements and implement structured interviewing practices to identify candidates of the highest quality. By conducting thorough job analyses and creating success profiles, we have developed a deeper understanding of what is required for success in critical roles. We equip our hiring managers with essential training to identify and mitigate potential unconscious biases. Our interviewing process emphasizes values and competencies that we believe enhance our culture. This commitment extends to conducting interviews with diverse panelists and providing a balanced evaluation and quality interview experience for a diverse slate of candidates. We remain steadfast in our commitment to fairness, bias reduction, and equal opportunities for all potential hires.

- 11 -

A key to our hiring process is the Global Hiring Committees, introduced in fiscal 2023. These committees play a significant role in elevating our hiring standards by promoting shared understanding, reducing biases, enhancing objectivity, and ensuring the recruitment of diverse talent. The Committees foster effective collaboration using a common language and consensus-driven decision-making.

Onboard & Develop. We believe that each member of our workforce is unique, and that their integration into Palo Alto Networks and their career journey involve unique needs, interests, and goals. That is why our development programs are grounded on individualization, flexibility, and choice. From onboarding to ongoing development, our FLEXLearn philosophy offers multiple paths to assess, develop, and grow.

Our onboarding experience starts with “pre-boarding.” Before an employee’s start date, they are provided access to foundational tools to help them prepare to join Palo Alto Networks. We view pre-boarding as fundamental to introducing new employees to our culture, building trust, and facilitating rapid productivity. Welcome Day is a combination of in-person, virtual learning platforms and communication channels that provide new employees with inspirational, often personalized, onboarding experiences that carry on through the first year of employment. We have specialized learning tracks for interns and new graduates that have been recognized as best in class externally to support early-in-career individuals in acclimating to our culture as they progress on their career journey. As part of our merger and acquisition strategy, we have also established a robust integration program with the goal to enable individuals joining our teams to feel part of our culture at speed.

Following onboarding, there are a variety of ways that employees can assess their interests and skills, build a development plan specific to those insights, and continue to grow. Our development initiatives are delivered to employees through a comprehensive platform, FLEXLearn. The platform contains curated content and programs, such as assessment instruments, thousands of courses, workshops, and mentoring and coaching services. Leaders and executives also have access to specialized learning tracks that help them strategize, mobilize, and deliver maximum personal and team performance. Employees have full agency to direct their growth at their pace and choosing. Development information about core business elements, working in a distributed hybrid environment, as well as required company-wide compliance training, such as Code of Conduct, privacy and security, anti-discrimination, anti-harassment, and anti-bribery training, is also deployed through the FLEXLearn platform for all employees. In addition, FLEXLearn provides employees with events and activities that motivate and spark critical thinking, on topics ranging from inclusion to well-being and collaboration. On average, employees had completed 33 hours of development through the FLEXLearn platform during fiscal 2023.

Engage & Reward. We aim to foster engagement through a multifaceted approach to collect, understand, and act on employee feedback. Our comprehensive communication and listening strategy utilizes in-person and technology-enabled channels. We share and collect information through corporate and functional “All Hands” meetings, including several meetings specifically focused on employee-centered topics in an “Ask Me Anything” format. Digital Displays across our sites, our intranet platform, monthly and weekly email communications, and an active Slack platform provide a regular flow of information to and between employees and leadership. In addition to these channels that reach large audiences, we conduct regular executive listening sessions, including small group convenings with our CEO and other C-suite leaders, and ad-hoc pulse surveys to better understand employee engagement, sentiment, well-being, and the ability to transition to a hybrid work model.

Employee sentiment is also collected from external sources, such as web platforms that crowdsource feedback. Employees provide commentary to platforms such as Glassdoor, Comparably, and others and insights from those platforms are used to measure engagement. In addition, based on employee participation in an anonymous survey, the Best Practice Institute has certified Palo Alto Networks as a “most loved workplace” (2021, 2022, and 2023). Palo Alto Networks has been recognized by Glassdoor, Comparably, Human Rights Campaign, Disability Index, and others as an employer of choice. Our CEO has also earned a 92% employee approval rating on Glassdoor, a top percentile score.

In addition to a comprehensive compensation and diverse benefits program, we believe in an always-on feedback and rewards philosophy. From recurring 1:1 sessions, quarterly performance feedback, semi-annual performance reviews to use of our Cheers for Peers peer recognition program, employees get continuous input about the value they bring to the organization.

These engagement and recognition strategies have informed our holistic People Strategy, including our Inclusion and Diversity (“I&D”) initiatives and Internal Mobility program. Based on the outcomes from external sources, insights from internal sources, our modest attrition rate (compared to market trends), and strong participation in our Internal Mobility program, we believe employees at Palo Alto Networks feel engaged and rewarded.

Inclusion & Diversity. We are intentional about including diverse points of view, perspectives, experiences, backgrounds, and ideas in our decision-making processes. We deeply believe that true diversity exists when we have representation of all ethnicities, genders, orientations and identities, and cultures in our workforce. Our corporate I&D programs focus on five principles—our workforce should feel psychologically safe, they should understand, listen, and support one another, and they should elevate others. These principles are the foundation of our approach to I&D, which we call P.U.L.S.E.

- 12 -

We have eleven employee network groups (“ENG”s) that play a vital role in building understanding and awareness. Over 29% of our global workforce was involved in at least one ENG as of July 31, 2023. ENGs are also allocated funding to make charitable grants to organizations advancing their causes. We involve our ENGs in listening sessions with executive teams and we work in partnership to develop our annual I&D plans because we believe involvement is critical.

Our I&D philosophy is fully embedded in our talent acquisition, learning and development, performance elevation, and rewards and recognition programs. The diversity of our board of directors, with women representing 40% of our board as of July 31, 2023, is an example of our commitment to inclusion and diversity.

ENVIRONMENTAL, SOCIAL, AND GOVERNANCE

We recognize our duty to address environmental, social, and governance (“ESG”) practices. From our science-based approach to emissions reductions and our social impact programs to our Supplier Responsibility initiatives and Code of Business Conduct and Ethics, we value the opportunity to have meaningful outcomes that reinforce our intention to respect our planet, uplift our communities, and advance our industry.

Environmental. We recognize climate change is a global crisis and are committed to doing our part to reduce environmental impacts. We remain committed to our goals of utilizing 100% renewable energy by 2030, reducing our greenhouse gas (“GHG”) emissions and working across our value chain, and with coalitions, to address climate change. We made progress towards our goals in fiscal 2023 through several milestones. We engaged with a local utility provider to power our Santa Clara, California headquarters with 100% renewable energy effective January 1, 2023. Our near-term scope 1, 2, and 3 emissions reduction goals, aligned to a warming scenario of 1.5° Celsius, were verified by the Science Based Targets initiative. We were recognized by Carbon Disclosure Project (“CDP”) as an “A-List” company and a “Supplier Engagement Leader.” We remain committed to being transparent about our progress over time through annual reporting.

Social. In addition to our People Strategy described in the section titled “Human Capital” above, we prioritized the health and safety of our global workforce. Through the deployment of our Global Supplier Code of Conduct, we continued to reach across our supply chain to communicate our expectations regarding labor standards, business practices, and workplace health and safety conditions. During fiscal 2023, we maintained our affiliate membership in the Responsible Business Alliance and maintained our commitment to Supplier Diversity. We value our role as a good corporate citizen and in fiscal 2023 continued to execute our social impact programs. We made charitable grants to support organizations providing services in our core funding areas of education, including academic scholarships, diversity, and basic needs. We expanded our work to provide cybersecurity curriculum to schools, universities, and nonprofit organizations to help individuals of all ages protect their digital way of life and to prepare diverse adults for careers in cybersecurity. Employees continued to participate in our giving, matching, and volunteer programs to make impacts in their local communities.

Governance. Integrity is one of our core values. Our corporate behavior and leadership practices model ethical decision-making. All employees are informed about our governance expectations through our Codes of Conduct, compliance training programs, and ongoing communications. Our board of directors is governed by Corporate Governance Guidelines, which are amended from time to time to incorporate best practices in corporate governance. Reinforcing the importance of our ESG performance, the charter of the ESG and Nominating Committee of the board of directors includes the primary oversight of ESG.

AVAILABLE INFORMATION

Our website is located at www.paloaltonetworks.com, and our investor relations website is located at investors.paloaltonetworks.com. Our Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and amendments to reports filed or furnished pursuant to Sections 13(a) and 15(d) of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), are available free of charge on the Investors portion of our website as soon as reasonably practicable after we electronically file such material with, or furnish it to, the Securities and Exchange Commission (“SEC”). We also provide a link to the section of the SEC’s website at www.sec.gov that has all of our public filings, including Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, all amendments to those reports, our Proxy Statements, and other ownership-related filings.

We also use our investor relations website as a channel of distribution for important company information. For example, webcasts of our earnings calls and certain events we participate in or host with members of the investment community are on our investor relations website. Additionally, we announce investor information, including news and commentary about our business and financial performance, SEC filings, notices of investor events, and our press and earnings releases, on our investor relations website. Investors and others can receive notifications of new information posted on our investor relations website in real time by signing up for email alerts and RSS feeds. Further corporate governance information, including our corporate governance guidelines, board committee charters, and code of conduct, is also available on our investor relations website under the heading “Governance.” The contents of our websites are not incorporated by reference into this Annual Report on Form 10-K or in any other report or document we file with the SEC, and any references to our websites are intended to be inactive textual references only. All trademarks, trade names, or service marks used or mentioned herein belong to their respective owners.

- 13 -

Item 1A. Risk Factors

Our operations and financial results are subject to various risks and uncertainties including those described below. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties that we are unaware of, or that we currently believe are not material, also may become important factors that affect us. If any of the following risks or others not specified below materialize, our business, financial condition, and operating results could be materially adversely affected, and the market price of our common stock could decline. In addition, the impacts of any worsening of the economic environment may exacerbate the risks described below, any of which could have a material impact on us.

Risk Factor Summary

Our business is subject to numerous risks and uncertainties. These risks include, but are not limited to, the following:

•Our operating results may be adversely affected by unfavorable economic and market conditions and the uncertain geopolitical environment.

•Our business and operations have experienced growth in recent periods, and if we do not effectively manage any future growth or are unable to improve our systems, processes, and controls, our operating results could be adversely affected.

•Our revenue growth rate in recent periods may not be indicative of our future performance, and we may not be able to maintain profitability, which could cause our business, financial condition, and operating results to suffer.

•Our operating results may vary significantly from period to period, which makes our results difficult to predict and could cause our results to fall short of expectations, and such results may not be indicative of future performance.

•Seasonality may cause fluctuations in our revenue.

•If we are unable to sell new and additional product, subscription, and support offerings to our end-customers, especially to large enterprise customers, our future revenue and operating results will be harmed.

•We rely on revenue from subscription and support offerings, and because we recognize revenue from subscription and support over the term of the relevant service period, downturns or upturns in sales or renewals of these subscription and support offerings are not immediately reflected in full in our operating results.

•The sales prices of our products, subscriptions, and support offerings may decrease, which may reduce our revenue and gross profits and adversely impact our financial results.

•We rely on our channel partners to sell substantially all of our products, including subscriptions and support, and if these channel partners fail to perform, our ability to sell and distribute our products and subscriptions will be limited and our operating results will be harmed.

•We are exposed to the credit and liquidity risk of our customers, and to credit exposure in weakened markets, which could result in material losses.

•A portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks.

•We face intense competition in our market and we may lack sufficient financial or other resources to maintain or improve our competitive position.

•We may acquire other businesses, which could subject us to adverse claims or liabilities, require significant management attention, disrupt our business, adversely affect our operating results, may not result in the expected benefits of such acquisitions, and may dilute stockholder value.

•If we do not accurately predict, prepare for, and respond promptly to rapidly evolving technological and market developments and successfully manage product and subscription introductions and transitions to meet changing end-customer needs in the enterprise security industry, our competitive position and prospects will be harmed.

•Issues in the development and deployment of Artificial Intelligence (“AI”) may result in reputational harm and legal liability and could adversely affect our results of operations.

•A network or data security incident may allow unauthorized access to our network or data, harm our reputation, create additional liability, and adversely impact our financial results.

•Defects, errors, or vulnerabilities in our products, subscriptions, or support offerings, the failure of our products or subscriptions to block a virus or prevent a security breach or incident, misuse of our products, or risks of product liability claims could harm our reputation and adversely impact our operating results.

•Our ability to sell our products and subscriptions is dependent on the quality of our technical support services and those of our channel partners, and the failure to offer high-quality technical support services could have a material adverse effect on our end-customers’ satisfaction with our products and subscriptions, our sales, and our operating results.

•Claims by others that we infringe their intellectual property rights could harm our business.

- 14 -

•Our proprietary rights may be difficult to enforce or protect, which could enable others to copy or use aspects of our products or subscriptions without compensating us.

•Our use of open source software in our products and subscriptions could negatively affect our ability to sell our products and subscriptions and subject us to possible litigation.

•We license technology from third parties, and our inability to maintain those licenses could harm our business.

•Because we depend on manufacturing partners to build and ship our hardware products, we are susceptible to manufacturing and logistics delays and pricing fluctuations that could prevent us from shipping customer orders on time, if at all, or on a cost-effective basis, which may result in the loss of sales and end-customers.

•Managing the supply of our hardware products and product components is complex. Insufficient supply and inventory would result in lost sales opportunities or delayed revenue, while excess inventory would harm our gross margins.

•Because some of the key components in our hardware products come from limited sources of supply, we are susceptible to supply shortages or supply changes, which, in certain cases, have disrupted or delayed our scheduled product deliveries to our end-customers, increased our costs and may result in the loss of sales and end-customers.

•If we are unable to attract, retain, and motivate our key technical, sales, and management personnel, our business could suffer.

•We generate a significant amount of revenue from sales to distributors, resellers, and end-customers outside of the United States, and we are therefore subject to a number of risks associated with international sales and operations.

•We are exposed to fluctuations in foreign currency exchange rates, which could negatively affect our financial condition and operating results.

•We face risks associated with having operations and employees located in Israel.

•We are subject to governmental export and import controls that could subject us to liability or impair our ability to compete in international markets.

•Our actual or perceived failure to adequately protect personal data could have a material adverse effect on our business.

•We may have exposure to greater than anticipated tax liabilities.

•If our estimates or judgments relating to our critical accounting policies are based on assumptions that change or prove to be incorrect, our operating results could fall below our publicly announced guidance or the expectations of securities analysts and investors, resulting in a decline in the market price of our common stock.

•We are obligated to maintain proper and effective internal control over financial reporting. We may not complete our analysis of our internal control over financial reporting in a timely manner, or our internal control may not be determined to be effective, which may adversely affect investor confidence in our company and, as a result, the value of our common stock.

•Our reputation and/or business could be negatively impacted by environmental, social, and governance (“ESG”) matters and/or our reporting of such matters.

•Failure to comply with governmental laws and regulations could harm our business.

•We may not have the ability to raise the funds necessary to settle conversions of our Notes, repurchase our Notes upon a fundamental change, or repay our Notes in cash at their maturity, and our future debt may contain limitations on our ability to pay cash upon conversion or repurchase of our Notes.

•We may still incur substantially more debt or take other actions that would diminish our ability to make payments on our Notes when due.

•The market price of our common stock historically has been volatile, and the value of an investment in our common stock could decline.

•The convertible note hedge and warrant transactions may affect the value of our common stock.

•The issuance of additional stock in connection with financings, acquisitions, investments, our stock incentive plans, the conversion of our Notes or exercise of the related Warrants, or otherwise will dilute stock held by all other stockholders.

•We cannot guarantee that our share repurchase program will be fully consummated or that it will enhance shareholder value, and share repurchases could affect the price of our common stock.

•We do not intend to pay dividends for the foreseeable future.

•Our charter documents and Delaware law, as well as certain provisions contained in the indentures governing our Notes, could discourage takeover attempts and lead to management entrenchment, which could also reduce the market price of our common stock.

•Our business is subject to the risks of earthquakes, fire, power outages, floods, health risks, and other catastrophic events, and to interruption by man-made problems, such as terrorism.

•Our failure to raise additional capital or generate the significant capital necessary to expand our operations and invest in new products and subscriptions could reduce our ability to compete and could harm our business.

- 15 -

Risks Related to Global Economic and Geopolitical Conditions

Our operating results may be adversely affected by unfavorable economic and market conditions and the uncertain geopolitical environment.

We operate globally, and as a result, our business and revenues are impacted by global economic and geopolitical conditions. The instability in the global credit markets, inflation, changes in public policies such as domestic and international regulations, taxes, any increases in interest rates, fluctuations in foreign currency exchange rates, or international trade agreements, international trade disputes, geopolitical turmoil, and other disruptions to global and regional economies and markets continue to add uncertainty to global economic conditions. Military actions or armed conflict, including Russia’s invasion of Ukraine and any related political or economic responses and counter-responses, and uncertainty about, or changes in, government and trade relationships, policies, and treaties could also lead to worsening economic and market conditions and geopolitical environment. In response to Russia’s invasion of Ukraine, the United States, along with the European Union, has imposed restrictive sanctions on Russia, Russian entities, and Russian citizens (“Sanctions on Russia”). We are subject to these governmental sanctions and export controls, which may subject us to liability if we are not in full compliance with applicable laws. Any continued or further uncertainty, weakness or deterioration in economic and market conditions or the geopolitical environment could have a material and adverse impact on our business, financial condition, and results of operations, including reductions in sales of our products and subscriptions, longer sales cycles, reductions in subscription or contract duration and value, slower adoption of new technologies, alterations in the spending patterns or priorities of current and prospective customers (including delaying purchasing decisions), increased costs for the chips and components to manufacture our products, and increased price competition.

Risks Related to Our Business

RISKS RELATED TO OUR GROWTH

Our business and operations have experienced growth in recent periods, and if we do not effectively manage any future growth or are unable to improve our systems, processes, and controls, our operating results could be adversely affected.

We have experienced growth and increased demand for our products and subscriptions over the last few years. As a result, our employee headcount has increased, and we expect it to continue to grow over the next year. For example, from the end of fiscal 2022 to the end of fiscal 2023, our headcount increased from 12,561 to 13,948 employees. In addition, as we have grown, the number of end-customers has also increased, and we have managed more complex deployments of our products and subscriptions with larger end-customers. The growth and expansion of our business and product, subscription, and support offerings places a significant strain on our management, operational, and financial resources. To manage any future growth effectively, we must continue to improve and expand our information technology and financial infrastructure, our operating and administrative systems and controls, and our ability to manage headcount, capital, and processes in an efficient manner.

We may not be able to successfully implement, scale, or manage improvements to our systems, processes, and controls in an efficient or timely manner, which could result in material disruptions of our operations and business. In addition, our existing systems, processes, and controls may not prevent or detect all errors, omissions, or fraud. We may also experience difficulties in managing improvements to our systems, processes, and controls, or in connection with third-party software licensed to help us with such improvements. Any future growth would add complexity to our organization and require effective coordination throughout our organization. Failure to manage any future growth effectively could result in increased costs, disrupt our existing end-customer relationships, reduce demand for or limit us to smaller deployments of our products, or materially harm our business performance and operating results.

Our revenue growth rate in recent periods may not be indicative of our future performance, and we may not be able to maintain profitability, which could cause our business, financial condition, and operating results to suffer.

We have experienced revenue growth rates of 25.3% and 29.3% in fiscal 2023 and fiscal 2022, respectively. Our revenue for any quarterly or annual period should not be relied upon as an indication of our future revenue or revenue growth for any future period. If we are unable to maintain consistent or increasing revenue or revenue growth, the market price of our common stock could be volatile, and it may be difficult for us to maintain profitability or maintain or increase cash flow on a consistent basis.

- 16 -

In addition, we have incurred losses in fiscal years prior to fiscal 2023 and, as a result, we had an accumulated deficit of $1.2 billion as of July 31, 2023. We anticipate that our operating expenses will continue to increase in the foreseeable future as we continue to grow our business. Our growth efforts may prove more expensive than we currently anticipate, and we may not succeed in increasing our revenues sufficiently, or at all, to offset increasing expenses. Revenue growth may slow or revenue may decline for a number of possible reasons, including slowing demand for our products or subscriptions, increasing competition, a decrease in the growth of, or a demand shift in, our overall market, or a failure to capitalize on growth opportunities. We have also entered into a substantial amount of capital commitments for operating lease obligations and other purchase commitments. Any failure to increase our revenue as we grow our business could prevent us from maintaining profitability or maintaining or increasing cash flow on a consistent basis, or satisfying our capital commitments. If we are unable to navigate these challenges as we encounter them, our business, financial condition, and operating results may suffer.

Our operating results may vary significantly from period to period, which makes our results difficult to predict and could cause our results to fall short of expectations, and such results may not be indicative of future performance.

Our operating results have fluctuated in the past, and will likely continue to fluctuate in the future, as a result of a number of factors, many of which are outside of our control and may be difficult to predict, including those factors described in this Risk Factor section. For example, we have historically received a substantial portion of sales orders and generated a substantial portion of revenue during the last few weeks of each fiscal quarter. If expected revenue at the end of any fiscal quarter is delayed for any reason, including the failure of anticipated purchase orders to materialize (particularly for large enterprise end-customers with lengthy sales cycles), our logistics partners’ inability to ship products prior to fiscal quarter-end to fulfill purchase orders received near the end of a fiscal quarter, our failure to manage inventory to meet demand, any failure of our systems related to order review and processing, or any delays in shipments based on trade compliance requirements (including new compliance requirements imposed by new or renegotiated trade agreements), our revenue could fall below our expectations and the estimates of analysts for that quarter. Due to these fluctuations, comparing our revenue, margins, or other operating results on a period-to-period basis may not be meaningful, and our past results should not be relied on as an indication of our future performance.

This variability and unpredictability could also result in our failure to meet our revenue, margin, or other operating result expectations contained in any forward-looking statements (including financial or business expectations we have provided) or those of securities analysts or investors for a particular period. If we fail to meet or exceed such expectations for these, or any other, reasons, the market price of our common stock could fall substantially, and we could face costly lawsuits, including securities class action suits.

Seasonality may cause fluctuations in our revenue.

We believe there are significant seasonal factors that may cause our second and fourth fiscal quarters to record greater revenue sequentially than our first and third fiscal quarters. We believe that this seasonality results from a number of factors, including:

•end-customers with a December 31 fiscal year-end choosing to spend remaining unused portions of their discretionary budgets before their fiscal year-end, which potentially results in a positive impact on our revenue in our second fiscal quarter;

•our sales compensation plans, which are typically structured around annual quotas and commission rate accelerators, which potentially results in a positive impact on our revenue in our fourth fiscal quarter; and

•the timing of end-customer budget planning at the beginning of the calendar year, which can result in a delay in spending at the beginning of the calendar year, potentially resulting in a negative impact on our revenue in our third fiscal quarter.

As we continue to grow, seasonal or cyclical variations in our operations may become more pronounced, and our business, operating results, and financial position may be adversely affected.

RISKS RELATED TO OUR PRODUCTS AND TECHNOLOGY

If we are unable to sell new and additional product, subscription, and support offerings to our end-customers, especially to large enterprise customers, our future revenue and operating results will be harmed.

Our future success depends, in part, on our ability to expand the deployment of our portfolio with existing end-customers, especially large enterprise customers, and create demand for our new offerings, The rate at which our end-customers purchase additional products, subscriptions, and support depends on a number of factors, including the perceived need for additional security products, including subscription and support offerings, as well as general economic conditions. If our efforts to sell additional products and subscriptions to our end-customers are not successful, our revenues may grow more slowly than expected or decline.

- 17 -

Sales to large enterprise end-customers, which is part of our growth strategy, involve risks that may not be present, or that are present to a lesser extent, with sales to smaller entities, such as (a) longer sales cycles and the associated risk that substantial time and resources may be spent on a potential end-customer that elects not to purchase our products, subscriptions, and support, and (b) increased purchasing power and leverage held by large end-customers in negotiating contractual arrangements. Deployments for large enterprise end-customers are also more complex, require greater product functionality, scalability, and a broader range of services, and are more time-consuming. All of these factors add further risk to business conducted with these end-customers. Failure to realize sales from large enterprise end-customers could materially and adversely affect our business, operating results, and financial condition.

We rely on revenue from subscription and support offerings, and because we recognize revenue from subscription and support over the term of the relevant service period, downturns or upturns in sales or renewals of these subscription and support offerings are not immediately reflected in full in our operating results.

Subscription and support revenue accounts for a significant portion of our revenue, comprising 77.1% of total revenue in fiscal 2023, 75.2% of total revenue in fiscal 2022, and 73.7% of total revenue in fiscal 2021. Sales and renewals of subscription and support contracts may decline and fluctuate as a result of a number of factors, including end-customers’ level of satisfaction with our products and subscriptions, the frequency and severity of subscription outages, our product uptime or latency, the prices of our products and subscriptions, and reductions in our end-customers’ spending levels. Existing end-customers have no contractual obligation to, and may not, renew their subscription and support contracts after the completion of their initial contract period. Additionally, our end-customers may renew their subscription and support agreements for shorter contract lengths or on other terms that are less economically beneficial to us. If our sales of new or renewal subscription and support contracts decline, our total revenue and revenue growth rate may decline, and our business will suffer. In addition, because we recognize subscription and support revenue over the term of the relevant service period, which is typically one to five years, a decline in subscription or support contracts in any one fiscal quarter will not be fully or immediately reflected in revenue in that fiscal quarter but will negatively affect our revenue in future fiscal quarters.

The sales prices of our products, subscriptions, and support offerings may decrease, which may reduce our revenue and gross profits and adversely impact our financial results.

The sales prices for our products, subscriptions, and support offerings may decline for a variety of reasons, including competitive pricing pressures, discounts, a change in our mix of products, subscriptions, and support offerings, anticipation of the introduction of new products, subscriptions, or support offerings, or promotional programs or pricing pressures. Furthermore, we anticipate that the sales prices and gross profits for our products could decrease over product life cycles. Declining sales prices could adversely affect our revenue, gross profits, and profitability.

We rely on our channel partners to sell substantially all of our products, including subscriptions and support, and if these channel partners fail to perform, our ability to sell and distribute our products and subscriptions will be limited and our operating results will be harmed.

Substantially all of our revenue is generated by sales through our channel partners, including distributors and resellers. For fiscal 2023, three distributors individually represented 10% or more of our total revenue and in the aggregate represented 49.7% of our total revenue. As of July 31, 2023, two distributors individually represented 10% or more of our gross accounts receivable and in the aggregate represented 37.6% of our gross accounts receivable.

We provide our channel partners with specific training and programs to assist them in selling our products, including subscriptions and support offerings, but there can be no assurance that these steps will be utilized or effective. In addition, our channel partners may be unsuccessful in marketing, selling, and supporting our products and subscriptions. We may not be able to incentivize these channel partners to sell our products and subscriptions to end-customers and, in particular, to large enterprises. These channel partners may also have incentives to promote our competitors’ products and may devote more resources to the marketing, sales, and support of competitive products. Our agreements with our channel partners may generally be terminated for any reason by either party with advance notice prior to each annual renewal date. We cannot be certain that we will retain these channel partners or that we will be able to secure additional or replacement channel partners. In addition, any new channel partner requires extensive training and may take several months or more to achieve productivity. Our channel partner sales structure could subject us to lawsuits, potential liability, and reputational harm if, for example, any of our channel partners misrepresent the functionality of our products or subscriptions to end-customers or violate laws or our corporate policies. If we fail to effectively manage our sales channels or channel partners, our ability to sell our products and subscriptions and operating results will be harmed.

- 18 -

We are exposed to the credit and liquidity risk of our customers, and to credit exposure in weakened markets, which could result in material losses.

Most of our sales are made on an open credit basis. Beyond our open credit arrangements, we have also experienced demands for customer financing and deferred payments due to, among other things, macro-economic conditions. To respond to this demand, our customer financing activities have increased and will likely continue to increase in the future. Increases in deferred payments result in payments being made over time, negatively impacting our short-term cash flows, and subject us to risk of non-payment by our customers, including as a result of insolvency. We monitor customer payment capability in granting such financing arrangements, seek to limit the amounts to what we believe customers can pay and maintain reserves we believe are adequate to cover exposure for doubtful accounts to mitigate credit risks of these customers. However, there can be no assurance that these programs will be effective in reducing our credit risks. To the degree that turmoil in the credit markets makes it more difficult for some customers to obtain financing, those customers’ ability to pay could be adversely impacted, which in turn could have a material adverse impact on our business, operating results, and financial condition.

Our exposure to the credit risks relating to the financing activities described above may increase if our customers are adversely affected by a global economic downturn or periods of economic uncertainty. If we are unable to adequately control these risks, our business, operating results, and financial condition could be harmed. In addition, in the past, we have experienced non-material losses due to bankruptcies among customers. If these losses increase due to global economic conditions, they could harm our business and financial condition.

A portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks.

Sales to government entities are subject to a number of risks. Selling to government entities can be highly competitive, expensive, and time-consuming, often requiring significant upfront time and expense without any assurance that these efforts will generate a sale. The substantial majority of our sales to date to government entities have been made indirectly through our channel partners. Government certification requirements for products and subscriptions like ours may change, thereby restricting our ability to sell into the federal government sector until we have attained the revised certification. If our products and subscriptions are late in achieving or fail to achieve compliance with these certifications and standards, or our competitors achieve compliance with these certifications and standards, we may be disqualified from selling our products, subscriptions, and support offerings to such governmental entity, or be at a competitive disadvantage, which would harm our business, operating results, and financial condition. Government demand and payment for our products, subscriptions, and support offerings may be impacted by government shutdowns, public sector budgetary cycles, contracting requirements, and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our products, subscriptions, and support offerings. Government entities may have statutory, contractual, or other legal rights to terminate contracts with our distributors and resellers for convenience or due to a default, and any such termination may adversely impact our future operating results. Governments routinely investigate and audit government contractors’ administrative processes, and any unfavorable audit could result in the government refusing to continue buying our products, subscriptions, and support offerings, a reduction of revenue, or fines or civil or criminal liability if the audit uncovers improper or illegal activities, which could adversely impact our operating results in a material way. Additionally, the U.S. government may require certain of the products that it purchases to be manufactured in the United States and other relatively high-cost manufacturing locations, and we may not manufacture all products in locations that meet such requirements, affecting our ability to sell these products, subscriptions, and support offerings to the U.S. government.

We face intense competition in our market and we may lack sufficient financial or other resources to maintain or improve our competitive position.

The industry for enterprise security products is intensely competitive, and we expect competition to increase in the future from established competitors and new market entrants. Our main competitors fall into four categories:

•large companies that incorporate security features in their products, such as Cisco, Microsoft, or those that have acquired, or may acquire, security vendors and have the technical and financial resources to bring competitive solutions to the market;

•independent security vendors, such as Check Point, Fortinet, Crowdstrike, and Zscaler, that offer a mix of security products;

•startups and point-product vendors that offer independent or emerging solutions across various areas of security; and

•public cloud vendors and startups that offer solutions for cloud security (private, public, and hybrid cloud).

- 19 -

Many of our competitors have greater financial, technical, marketing, sales, and other resources, greater name recognition, longer operating histories, and a larger base of customers than we do. They may be able to devote greater resources to the promotion and sale of products and services than we can, and they may offer lower pricing than we do. Further, they may have greater resources for research and development of new technologies, the provision of customer support, and the pursuit of acquisitions. They may also have larger and more mature intellectual property portfolios, and broader and more diverse product and service offerings, which allow them to leverage their relationships based on other products or incorporate functionality into existing products to gain business in a manner that discourages users from purchasing our products and subscriptions, including incorporating cybersecurity features into their existing products or services and product bundling, selling at zero or negative margins, and offering concessions or a closed technology offering. Some competitors may have broader distribution and established relationships with distribution partners and end-customers. Other competitors specialize in providing protection from a single type of security threat, which may allow them to deliver these specialized security products to the market more quickly than we can.

We also face competition from companies that have entrenched legacy offerings at end-user customers. End-user customers have also often invested substantial personnel and financial resources to design and operate their networks and have established deep relationships with other providers of networking and security products. As a result, these organizations may prefer to purchase from their existing suppliers rather than add or switch to a new supplier such as us. In addition, as our customers refresh the security products bought in prior years, they may seek to consolidate vendors, which may result in current customers choosing to purchase products from our competitors. Due to budget constraints or economic downturns, organizations may add solutions to their existing network security infrastructure rather than replacing it with our products and subscriptions.

Conditions in our market could change rapidly and significantly as a result of technological advancements, partnering or acquisitions by our competitors, or continuing market consolidation. Our competitors and potential competitors may be able to develop new or disruptive technologies, products, or services, and leverage new business models that are equal or superior to ours, achieve greater market acceptance of their products and services, disrupt our markets, and increase sales by utilizing different distribution channels than we do. In addition, new and enhanced technologies, including AI and machine learning, continue to increase our competition. To compete successfully, we must accurately anticipate technology developments and deliver innovative, relevant, and useful products, services, and technologies in a timely manner. Some of our competitors have made or could make acquisitions of businesses that may allow them to offer more directly competitive and comprehensive solutions than they had previously offered and adapt more quickly to new technologies and end-customer needs. Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources.

These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer orders, reduced revenue and gross margins, and loss of market share. If we are unable to compete successfully, or if competing successfully requires us to take aggressive pricing or other actions, our business, financial condition, and results of operations would be adversely affected.

We may acquire other businesses, which could subject us to adverse claims or liabilities, require significant management attention, disrupt our business, adversely affect our operating results, may not result in the expected benefits of such acquisitions, and may dilute stockholder value.

As part of our business strategy, we acquire and make investments in complementary companies, products, or technologies. The identification of suitable acquisition candidates is difficult, and we may not be able to complete such acquisitions on favorable terms, if at all. In addition, we may be subject to claims or liabilities assumed from an acquired company, product, or technology; acquisitions we complete could be viewed negatively by our end-customers, investors, and securities analysts; and we may incur costs and expenses necessary to address an acquired company’s failure to comply with laws and governmental rules and regulations. Additionally, we may be subject to litigation or other claims in connection with the acquired company, including claims from terminated employees, customers, former stockholders, or other third parties, which may differ from or be more significant than the risks our business faces.

If we are unsuccessful at integrating past or future acquisitions in a timely manner, or the technologies and operations associated with such acquisitions, into our company, our revenue and operating results could be adversely affected. Any integration process may require significant time and resources, which may disrupt our ongoing business and divert management’s attention, and we may not be able to manage the integration process successfully or in a timely manner. We may have difficulty retaining key personnel of the acquired business. We may not successfully evaluate or utilize the acquired technology or personnel, realize anticipated synergies from the acquisition, or accurately forecast the financial impact of an acquisition transaction and integration of such acquisition, including accounting charges and any potential impairment of goodwill and intangible assets recognized in connection with such acquisitions. In addition, any acquisitions may be viewed negatively by our customers, financial markets, or investors and may not ultimately strengthen our competitive position or achieve our goals and business strategy.

We may have to pay cash, incur debt, or issue equity or equity-linked securities to pay for any future acquisitions, each of which could adversely affect our financial condition or the market price of our common stock. Furthermore, the sale of equity or issuance of equity-linked debt to finance any future acquisitions could result in dilution to our stockholders. The occurrence of any of these risks could harm our business, operating results, and financial condition.

- 20 -

If we do not accurately predict, prepare for, and respond promptly to rapidly evolving technological and market developments and successfully manage product and subscription introductions and transitions to meet changing end-customer needs in the enterprise security industry, our competitive position and prospects will be harmed.

The enterprise security industry has grown quickly and continues to evolve rapidly. Moreover, many of our end-customers operate in markets characterized by rapidly changing technologies and business plans, which require them to add numerous network access points and adapt increasingly complex enterprise networks, incorporating a variety of hardware, software applications, operating systems, and networking protocols. If we fail to effectively anticipate, identify, and respond to rapidly evolving technological and market developments in a timely manner, our business will be harmed.

In order to anticipate and respond effectively to rapid technological changes and market developments, as well as evolving security threats, we must invest effectively in research and development to increase the reliability, availability, and scalability of our existing products and subscriptions and introduce new products and subscriptions. Our investments in research and development, including investments in AI, may not result in design or performance improvements, marketable products, subscriptions, or features, or may not achieve the cost savings or additional revenue that we expect. In addition, new and evolving products and services, including those that use AI, require significant investment and raise ethical, technological, legal, regulatory, and other challenges, which may negatively affect our brands and demand for our products and services. Because all of these investment areas are inherently risky, no assurance can be given that such strategies and offerings will be successful or will not harm our reputation, financial condition, and operating results.

In addition, we must continually change our products and expand our business strategy in response to changes in network infrastructure requirements, including the expanding use of cloud computing. For example, organizations are moving portions of their data to be managed by third parties, primarily infrastructure, platform, and application service providers, and may rely on such providers’ internal security measures. While we have historically been successful in developing, acquiring, and marketing new products and product enhancements that respond to technological change and evolving industry standards, we may not be able to continue to do so, and there can be no assurance that our new or future offerings will be successful or will achieve widespread market acceptance. If we fail to accurately predict and address end-customers’ changing needs and emerging technological trends in the enterprise security industry, including in the areas of AI, mobility, virtualization, cloud computing, and software-defined networks, our business could be harmed.

The technology in our portfolio is especially complex because it needs to effectively identify and respond to new and increasingly sophisticated methods of attack, while minimizing the impact on network performance. Additionally, some of our new features and related enhancements may require us to develop new hardware architectures that involve complex, expensive, and time-consuming research and development processes. The development of our portfolio is difficult and the timetable for commercial release and availability is uncertain as there can be long time periods between releases and availability of new features. If we experience unanticipated delays in the availability of new products, features, and subscriptions, and fail to meet customer expectations for such availability, our competitive position and business prospects will be harmed.

The success of new features depends on several factors, including appropriate new product definition, differentiation of new products, subscriptions, and features from those of our competitors, and market acceptance of these products, services, and features. Moreover, successful new product introduction and transition depends on a number of factors, including our ability to manage the risks associated with new product production ramp-up issues, the availability of application software for new products, the effective management of purchase commitments and inventory, the availability of products in appropriate quantities and costs to meet anticipated demand, and the risk that new products may have quality or other defects or deficiencies, especially in the early stages of introduction. There can be no assurance that we will successfully identify opportunities for new products and subscriptions, develop and bring new products and subscriptions to market in a timely manner, achieve market acceptance of our products and subscriptions, or that products, subscriptions, and technologies developed by others will not render our products, subscriptions, and technologies obsolete or noncompetitive.

Issues in the development and deployment of AI may result in reputational harm and legal liability and could adversely affect our results of operations.

We have incorporated, and are continuing to develop and deploy, AI into many of our products and solutions, including services that support our products and solutions. AI presents challenges and risks that could affect our products and solutions, and therefore our business. For example, AI algorithms may have flaws, and datasets used to train models may be insufficient or contain biased information. These potential issues could subject us to regulatory risk, legal liability, including under new proposed legislation regulating AI in jurisdictions such as the EU and regulations being considered in other jurisdictions, and brand or reputational harm.

The rapid evolution of AI, including potential government regulation of AI, requires us to invest significant resources to develop, test, and maintain AI in our products and services in a manner that meets evolving requirements and expectations. The rules and regulations adopted by policymakers over time may require us to make changes to our business practices. Developing, testing, and deploying AI systems may also increase the cost profile of our offerings due to the nature of the computing costs involved in such systems.

- 21 -

The intellectual property ownership and license rights surrounding AI technologies, as well as data protection laws related to the use and development of AI, are currently not fully addressed by courts or regulators. The use or adoption of AI technologies in our products may result in exposure to claims by third parties of copyright infringement or other intellectual property misappropriation, which may require us to pay compensation or license fees to third parties. The evolving legal, regulatory, and compliance framework for AI technologies may also impact our ability to protect our own data and intellectual property against infringing use.

A network or data security incident may allow unauthorized access to our network or data, harm our reputation, create additional liability, and adversely impact our financial results.

Increasingly, companies are subject to a wide variety of attacks on their networks on an ongoing basis. In addition to traditional computer “hackers,” malicious code (such as viruses and worms), phishing attempts, employee theft or misuse, and denial of service attacks, sophisticated nation-state and nation-state supported actors engage in intrusions and attacks (including advanced persistent threat intrusions and supply chain attacks), and add to the risks to our internal networks, cloud-deployed enterprise and customer-facing environments and the information they store and process. Incidences of cyberattacks and other cybersecurity breaches and incidents have increased and are likely to continue to increase. We and our third-party service providers face security threats and attacks from a variety of sources. Despite our efforts and processes to prevent breaches of our internal networks, systems, and websites, our data, corporate systems, and security measures, as well as those of our third-party service providers, are still vulnerable to computer viruses, break-ins, phishing attacks, ransomware attacks, or other types of attacks from outside parties, or breaches due to employee error, malfeasance, or some combination of these. We cannot guarantee that the measures we have taken to protect our networks, systems, and websites will provide adequate security. Furthermore, as a well-known provider of security solutions, we may be a more attractive target for such attacks. The conflict in Ukraine and associated activities in Ukraine and Russia may increase the risk of cyberattacks on various types of infrastructure and operations, and the United States government has warned companies to be prepared for a significant increase in Russian cyberattacks in response to the Sanctions on Russia.

A security breach or incident, or an attack against our service availability suffered by us, or our third-party service providers, could impact our networks or networks secured by our products and subscriptions, creating system disruptions or slowdowns and exploiting security vulnerabilities of our products. In addition, the information stored or otherwise processed on our networks, or those of our third-party service providers, could be accessed, publicly disclosed, altered, lost, stolen, rendered unavailable, or otherwise used or processed without authorization, which could subject us to liability and cause us financial harm. Any actual or perceived breach of security in our systems or networks, or any other actual or perceived data security incident we or our third-party service providers suffer, could result in significant damage to our reputation, negative publicity, loss of channel partners, end-customers, and sales, loss of competitive advantages over our competitors, increased costs to remedy any problems and otherwise respond to any incident, regulatory investigations and enforcement actions, demands, costly litigation, and other liability. In addition, we may incur significant costs and operational consequences of investigating, remediating, eliminating, and putting in place additional tools, devices, and other measures designed to prevent actual or perceived security breaches and other security incidents, as well as the costs to comply with any notification obligations resulting from any security incidents. Any of these negative outcomes could adversely impact the market perception of our products and subscriptions and end-customer and investor confidence in our company and could seriously harm our business or operating results.

Defects, errors, or vulnerabilities in our products, subscriptions, or support offerings, the failure of our products or subscriptions to block a virus or prevent a security breach or incident, misuse of our products, or risks of product liability claims could harm our reputation and adversely impact our operating results.

Because our products and subscriptions are complex, they have contained and may contain design or manufacturing defects or errors that are not detected until after their commercial release and deployment by our end-customers. For example, from time to time, certain of our end-customers have reported defects in our products related to performance, scalability, and compatibility. Additionally, defects may cause our products or subscriptions to be vulnerable to security attacks, cause them to fail to help secure networks, or temporarily interrupt end-customers’ networking traffic. Because the techniques used by computer hackers to access or sabotage networks change frequently and generally are not recognized until launched against a target, we may be unable to anticipate these techniques and provide a solution in time to protect our end-customers’ networks. In addition, due to the Russian invasion of Ukraine, there could be a significant increase in Russian cyberattacks against our customers, resulting in an increased risk of a security breach of our end-customers’ systems. Furthermore, defects or errors in our subscription updates or our products could result in a failure to effectively update end-customers’ hardware and cloud-based products. Our data centers and networks may experience technical failures and downtime or may fail to meet the increased requirements of a growing installed end-customer base, any of which could temporarily or permanently expose our end-customers’ networks, leaving their networks unprotected against the latest security threats. Moreover, our products must interoperate with our end-customers’ existing infrastructure, which often have varied specifications, utilize multiple protocol standards, deploy products from multiple vendors, and contain multiple generations of products that have been added over time. As a result, when problems occur in a network, it may be difficult to identify the sources of these problems.

- 22 -

The occurrence of any such problem in our products and subscriptions, whether real or perceived, could result in:

•expenditure of significant financial and product development resources in efforts to analyze, correct, eliminate, or work-around errors or defects or to address and eliminate vulnerabilities;

•loss of existing or potential end-customers or channel partners;

•delayed or lost revenue;

•delay or failure to attain market acceptance;

•an increase in warranty claims compared with our historical experience, or an increased cost of servicing warranty claims, either of which would adversely affect our gross margins; and

•litigation, regulatory inquiries, investigations, or other proceedings, each of which may be costly and harm our reputation.

Further, our products and subscriptions may be misused by end-customers or third parties that obtain access to our products and subscriptions. For example, our products and subscriptions could be used to censor private access to certain information on the Internet. Such use of our products and subscriptions for censorship could result in negative press coverage and negatively affect our reputation.

The limitation of liability provisions in our standard terms and conditions of sale may not fully or effectively protect us from claims as a result of federal, state, or local laws or ordinances, or unfavorable judicial decisions in the United States or other countries. The sale and support of our products and subscriptions also entails the risk of product liability claims. Although we may be indemnified by our third-party manufacturers for product liability claims arising out of manufacturing defects, because we control the design of our products and subscriptions, we may not be indemnified for product liability claims arising out of design defects. While we maintain insurance coverage for certain types of losses, our insurance coverage may not adequately cover any claim asserted against us, if at all. In addition, even claims that ultimately are unsuccessful could result in our expenditure of funds in litigation, divert management’s time and other resources, and harm our reputation.

In addition, our classifications of application type, virus, spyware, vulnerability exploits, data, or URL categories may falsely detect, report, and act on applications, content, or threats that do not actually exist. This risk is heightened by the inclusion of a “heuristics” feature in our products and subscriptions, which attempts to identify applications and other threats not based on any known signatures but based on characteristics or anomalies which indicate that a particular item may be a threat. These false positives may impair the perceived reliability of our products and subscriptions and may therefore adversely impact market acceptance of our products and subscriptions and could result in damage to our reputation, negative publicity, loss of channel partners, end-customers and sales, increased costs to remedy any problem, and costly litigation.

Our ability to sell our products and subscriptions is dependent on the quality of our technical support services and those of our channel partners, and the failure to offer high-quality technical support services could have a material adverse effect on our end-customers’ satisfaction with our products and subscriptions, our sales, and our operating results.

After our products and subscriptions are deployed within our end-customers’ networks, our end-customers depend on our technical support services, as well as the support of our channel partners, to resolve any issues relating to our products. Many larger enterprise, service provider, and government entity end-customers have more complex networks and require higher levels of support than smaller end-customers. If our channel partners do not effectively provide support to the satisfaction of our end-customers, we may be required to provide direct support to such end-customers, which would require us to hire additional personnel and to invest in additional resources. If we are not able to hire such resources fast enough to keep up with unexpected demand, support to our end-customers will be negatively impacted, and our end-customers’ satisfaction with our products and subscriptions will be adversely affected. Additionally, to the extent that we may need to rely on our sales engineers to provide post-sales support while we are ramping up our support resources, our sales productivity will be negatively impacted, which would harm our revenues. Accordingly, our failure, or our channel partners’ failure, to provide and maintain high-quality support services could have a material adverse effect on our business, financial condition, and operating results.

RISKS RELATED TO INTELLECTUAL PROPERTY AND TECHNOLOGY LICENSING

Claims by others that we infringe their intellectual property rights could harm our business.

Companies in the enterprise security industry own large numbers of patents, copyrights, trademarks, domain names, and trade secrets and frequently enter into litigation based on allegations of infringement, misappropriation, or other violations of intellectual property rights. In addition, non-practicing entities also frequently bring claims of infringement of intellectual property rights. Third parties are asserting, have asserted, and may in the future assert claims of infringement of intellectual property rights against us.

- 23 -

Third parties may also assert such claims against our end-customers or channel partners, whom our standard license and other agreements obligate us to indemnify against claims that our products and subscriptions infringe the intellectual property rights of third parties. In addition, to the extent we hire personnel from competitors, we may be subject to allegations that they have been improperly solicited, that they have divulged proprietary or other confidential information, or that their former employers own their inventions or other work product. Furthermore, we may be unaware of the intellectual property rights of others that may cover some or all of our technology, products, subscriptions, and services. As we expand our footprint, both in our platforms, products, subscriptions, and services and geographically, more overlaps occur and we may face more infringement claims both in the United States and abroad.

While we have been increasing the size of our patent portfolio, our competitors and others may now and in the future have significantly larger and more mature patent portfolios than we have. In addition, litigation has involved and will likely continue to involve patent-holding companies or other adverse patent owners who have no relevant product revenue and against whom our own patents may therefore provide little or no deterrence or protection. In addition, we have not registered our trademarks in all of our geographic markets and failure to secure those registrations could adversely affect our ability to enforce and defend our trademark rights. Any claim of infringement by a third party, even those without merit, could cause us to incur substantial costs defending against the claim, could distract our management from our business, and could require us to cease use of such intellectual property. Furthermore, because of the substantial amount of discovery required in connection with intellectual property litigation, there is a risk that some of our confidential information could be compromised by disclosure during this type of litigation. A successful claimant could secure a judgment, or we may agree to a settlement that prevents us from distributing certain products or performing certain services or that requires us to pay substantial damages, royalties, or other fees. Any of these events could seriously harm our business, financial condition, and operating results.

Our proprietary rights may be difficult to enforce or protect, which could enable others to copy or use aspects of our products or subscriptions without compensating us.

We rely and expect to continue to rely on a combination of confidentiality and license agreements with our employees, consultants, and third parties with whom we have relationships, as well as trademark, copyright, patent, and trade secret protection laws, to protect our proprietary rights. We have filed various applications for certain aspects of our intellectual property. Valid patents may not issue from our pending applications, and the claims eventually allowed on any patents may not be sufficiently broad to protect our technology or products and subscriptions. We cannot be certain that we were the first to make the inventions claimed in our pending patent applications or that we were the first to file for patent protection, which could prevent our patent applications from issuing as patents or invalidate our patents following issuance. Additionally, the process of obtaining patent protection is expensive and time-consuming, and we may not be able to prosecute all necessary or desirable patent applications at a reasonable cost or in a timely manner. Any issued patents may be challenged, invalidated or circumvented, and any rights granted under these patents may not actually provide adequate defensive protection or competitive advantages to us. Additional uncertainty may result from changes to patent-related laws and court rulings in the United States and other jurisdictions. As a result, we may not be able to obtain adequate patent protection or effectively enforce any issued patents.

Despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy aspects of our products or subscriptions or obtain and use information that we regard as proprietary. We generally enter into confidentiality or license agreements with our employees, consultants, vendors, and end-customers, and generally limit access to and distribution of our proprietary information. However, we cannot be certain that we have entered into such agreements with all parties who may have or have had access to our confidential information or that the agreements we have entered into will not be breached. We cannot guarantee that any of the measures we have taken will prevent misappropriation of our technology. Because we may be an attractive target for computer hackers, we may have a greater risk of unauthorized access to, and misappropriation of, our proprietary information. In addition, the laws of some foreign countries do not protect our proprietary rights to as great an extent as the laws of the United States, and many foreign countries do not enforce these laws as diligently as government agencies and private parties in the United States. From time to time, we may need to take legal action to enforce our patents and other intellectual property rights, to protect our trade secrets, to determine the validity and scope of the proprietary rights of others, or to defend against claims of infringement or invalidity. Such litigation could result in substantial costs and diversion of resources and could negatively affect our business, operating results, and financial condition. Attempts to enforce our rights against third parties could also provoke these third parties to assert their own intellectual property or other rights against us or result in a holding that invalidates or narrows the scope of our rights, in whole or in part. If we are unable to protect our proprietary rights (including aspects of our software and products protected other than by patent rights), we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time, and effort required to create the innovative products that have enabled us to be successful to date. Any of these events would have a material adverse effect on our business, financial condition, and operating results.

- 24 -

Our use of open source software in our products and subscriptions could negatively affect our ability to sell our products and subscriptions and subject us to possible litigation.

Our products and subscriptions contain software modules licensed to us by third-party authors under “open source” licenses. Some open source licenses contain requirements that we make available applicable source code for modifications or derivative works we create based upon the type of open source software we use. If we combine our proprietary software with open source software in a certain manner, we could, under certain open source licenses, be required to release the source code of our proprietary software to the public. This would allow our competitors to create similar products or subscriptions with lower development effort and time and ultimately could result in a loss of product sales for us.

Although we monitor our use of open source software to avoid subjecting our products and subscriptions to conditions we do not intend, the terms of many open source licenses have not been interpreted by United States courts, and there is a risk that these licenses could be construed in a way that could impose unanticipated conditions or restrictions on our ability to commercialize our products and subscriptions. From time to time, there have been claims against companies that distribute or use open source software in their products and subscriptions, asserting that open source software infringes the claimants’ intellectual property rights. We could be subject to suits by parties claiming infringement of intellectual property rights in what we believe to be licensed open source software. If we are held to have breached the terms of an open source software license, we could be required to seek licenses from third parties to continue offering our products and subscriptions on terms that are not economically feasible, to reengineer our products and subscriptions, to discontinue the sale of our products and subscriptions if reengineering could not be accomplished on a timely basis, or to make generally available, in source code form, our proprietary code, any of which could adversely affect our business, operating results, and financial condition.

In addition to risks related to license requirements, usage of open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or assurance of title or controls on origin of the software. In addition, many of the risks associated with usage of open source software, such as the lack of warranties or assurances of title, cannot be eliminated, and could, if not properly addressed, negatively affect our business. We have established processes to help alleviate these risks, including a review process for screening requests from our development organizations for the use of open source software, but we cannot be sure that our processes for controlling our use of open source software in our products and subscriptions will be effective.

We license technology from third parties, and our inability to maintain those licenses could harm our business.

We incorporate technology that we license from third parties, including software, into our products and subscriptions. We cannot be certain that our licensors are not infringing the intellectual property rights of third parties or that our licensors have sufficient rights to the licensed intellectual property in all jurisdictions in which we may sell our products and subscriptions. In addition, some licenses may be non-exclusive, and therefore our competitors may have access to the same technology licensed to us. Some of our agreements with our licensors may be terminated for convenience by them. We may also be subject to additional fees or be required to obtain new licenses if any of our licensors allege that we have not properly paid for such licenses or that we have improperly used the technologies under such licenses, and such licenses may not be available on terms acceptable to us or at all. If we are unable to continue to license any of this technology because of intellectual property infringement claims brought by third parties against our licensors or against us, or claims against us by our licensors, or if we are unable to continue our license agreements or enter into new licenses on commercially reasonable terms, our ability to develop and sell products and subscriptions containing such technology would be severely limited and our business could be harmed. Additionally, if we are unable to license necessary technology from third parties, we may be forced to acquire or develop alternative technology, which we may be unable to do in a commercially feasible manner or at all, and we may be required to use alternative technology of lower quality or performance standards. This would limit and delay our ability to offer new or competitive products and subscriptions and increase our costs of production. As a result, our margins, market share, and operating results could be significantly harmed.

RISKS RELATED TO OPERATIONS

Because we depend on manufacturing partners to build and ship our hardware products, we are susceptible to manufacturing and logistics delays and pricing fluctuations that could prevent us from shipping customer orders on time, if at all, or on a cost-effective basis, which may result in the loss of sales and end-customers.

We depend on manufacturing partners, primarily our EMS provider, Flex, to manufacture our hardware product lines. Our reliance on these manufacturing partners reduces our control over the manufacturing process and exposes us to risks, including reduced control over quality assurance, product costs, product supply, timing, and transportation risk. Our hardware products are manufactured by our manufacturing partners at facilities located primarily in the United States. Some of the components in our products are sourced either through Flex or directly by us from component suppliers outside the United States. The portion of our hardware products that are sourced outside the United States may subject us to geopolitical risks, additional logistical risks or risks associated with complying with local rules and regulations in foreign countries.

- 25 -

Significant changes to existing international trade agreements could lead to sourcing or logistics disruption resulting from import delays or the imposition of increased tariffs on our sourcing partners. For example, the United States and Chinese governments have each enacted, and discussed additional, import tariffs. Some components that we import for final manufacturing in the United States have been impacted by these tariffs. As a result, our costs have increased and we have raised, and may be required to further raise, prices on our hardware products, all of which could severely impair our ability to fulfill orders.

Our manufacturing partners typically fulfill our supply requirements on the basis of individual purchase orders. We do not have long-term contracts with these manufacturers that guarantee capacity, the continuation of particular pricing terms, or the extension of credit limits. Accordingly, they are not obligated to continue to fulfill our supply requirements and the prices we pay for manufacturing services could be increased on short notice. Our contract with Flex permits them to terminate the agreement for their convenience, subject to prior notice requirements. If we are required to change manufacturing partners, our ability to meet our scheduled product deliveries to our end-customers could be adversely affected, which could cause the loss of sales to existing or potential end-customers, delayed revenue or an increase in our costs which could adversely affect our gross margins. Any production interruptions for any reason, such as a natural disaster, epidemic or pandemic, capacity shortages, or quality problems at one of our manufacturing partners would negatively affect sales of our product lines manufactured by that manufacturing partner and adversely affect our business and operating results.

Managing the supply of our hardware products and product components is complex. Insufficient supply and inventory would result in lost sales opportunities or delayed revenue, while excess inventory would harm our gross margins.

Our manufacturing partners procure components and build our hardware products based on our forecasts, and we generally do not hold inventory for a prolonged period of time. These forecasts are based on estimates of future demand for our products, which are in turn based on historical trends and analyses from our sales and product management organizations, adjusted for overall market conditions. In order to reduce manufacturing lead times and plan for adequate component supply, from time to time we may issue forecasts for components and products that are non-cancelable and non-returnable.

Our inventory management systems and related supply chain visibility tools may be inadequate to enable us to forecast accurately and effectively manage supply of our hardware products and product components. If we ultimately determine that we have excess supply, we may have to reduce our prices and write-down inventory, which in turn could result in lower gross margins. If our actual component usage and product demand are lower than the forecast we provide to our manufacturing partners, we accrue for losses on manufacturing commitments in excess of forecasted demand. Alternatively, insufficient supply levels may lead to shortages that result in delayed hardware product revenue or loss of sales opportunities altogether as potential end-customers turn to competitors’ products that are readily available. If we are unable to effectively manage our supply and inventory, our operating results could be adversely affected.

Because some of the key components in our hardware products come from limited sources of supply, we are susceptible to supply shortages or supply changes, which, in certain cases, have disrupted or delayed our scheduled product deliveries to our end-customers, increased our costs and may result in the loss of sales and end-customers.

Our hardware products rely on key components, including integrated circuit components, which our manufacturing partners purchase on our behalf from a limited number of component suppliers, including sole source providers. The manufacturing operations of some of our component suppliers are geographically concentrated in Asia and elsewhere, which makes our supply chain vulnerable to regional disruptions, such as natural disasters, fire, political instability, civil unrest, power outages, or health risks. In addition, we continue to experience supply chain disruption and have incurred increased costs resulting from inflationary pressures. We are also monitoring the tensions between China and Taiwan, and between the U.S. and China, which could have an adverse impact on our business or results of operations in future periods.

Further, we do not have volume purchase contracts with any of our component suppliers, and they could cease selling to us at any time. If we are unable to obtain a sufficient quantity of these components in a timely manner for any reason, sales of our hardware products could be delayed or halted, or we could be forced to expedite shipment of such components or our hardware products at dramatically increased costs. Our component suppliers also change their selling prices frequently in response to market trends, including industry-wide increases in demand. Because we do not have, for the most part, volume purchase contracts with our component suppliers, we are susceptible to price fluctuations related to raw materials and components and may not be able to adjust our prices accordingly. Additionally, poor quality in any of the sole-sourced components in our products could result in lost sales or sales opportunities.

If we are unable to obtain a sufficient volume of the necessary components for our hardware products on commercially reasonable terms or the quality of the components do not meet our requirements, we could also be forced to redesign our products and qualify new components from alternate component suppliers. The resulting stoppage or delay in selling our hardware products and the expense of redesigning our hardware products would result in lost sales opportunities and damage to customer relationships, which would adversely affect our business and operating results.

- 26 -

If we are unable to attract, retain, and motivate our key technical, sales, and management personnel, our business could suffer.

Our future success depends, in part, on our ability to continue to attract, retain, and motivate the members of our management team and other key employees. For example, we are substantially dependent on the continued service of our engineering personnel because of the complexity of our offerings. Competition for highly skilled personnel, particularly in engineering, including in the areas of AI and machine learning, is often intense, especially in the San Francisco Bay Area, where we have a substantial presence and need for such personnel. In addition, the industry in which we operate generally experiences high employee attrition. Our future performance depends on the continuing services and contributions of our senior management to execute on our business plan and to identify and pursue new opportunities and product innovations. If we are unable to hire, integrate, train, or retain the qualified and highly skilled personnel required to fulfill our current or future needs, our business, financial condition, and operating results could be harmed.

Further, we believe that a critical contributor to our success and our ability to retain highly skilled personnel has been our corporate culture, which we believe fosters innovation, inclusion, teamwork, passion for end-customers, focus on execution, and the facilitation of critical knowledge transfer and knowledge sharing. As we grow and change, we may find it difficult to maintain these important aspects of our corporate culture. While we are taking steps to develop a more inclusive and diverse workforce, there is no guarantee that we will be able to do so. Any failure to preserve our culture as we grow could limit our ability to innovate and could negatively affect our ability to retain and recruit personnel, continue to perform at current levels or execute on our business strategy.

We generate a significant amount of revenue from sales to distributors, resellers, and end-customers outside of the United States, and we are therefore subject to a number of risks associated with international sales and operations.

Our ability to grow our business and our future success will depend to a significant extent on our ability to expand our operations and customer base worldwide. Many of our customers, resellers, partners, suppliers, and manufacturers operate around the world. Operating in a global marketplace, we are subject to risks associated with having an international reach and compliance and regulatory requirements. We may experience difficulties in attracting, managing, and retaining an international staff, and we may not be able to recruit and maintain successful strategic distributor relationships internationally. Business practices in the international markets that we serve may differ from those in the United States and may require us in the future to include terms other than our standard terms related to payment, warranties, or performance obligations in end-customer contracts.

Additionally, our international sales and operations are subject to a number of risks, including the following:

•political, economic, and social uncertainty around the world, health risks such as epidemics and pandemics like COVID-19, macroeconomic challenges in Europe, terrorist activities, Russia’s invasion of Ukraine, tensions between China and Taiwan, and continued hostilities in the Middle East;

•unexpected changes in, or the application of, foreign and domestic laws and regulations (including intellectual property rights protections), regulatory practices, trade restrictions, and foreign legal requirements, including those applicable to the importation, certification, and localization of our products, tariffs, and tax laws and treaties, including regulatory and trade policy changes adopted by the current administration, such as the Sanctions on Russia, or foreign countries in response to regulatory changes adopted by the current administration; and

•non-compliance with U.S. and foreign laws, including antitrust regulations, anti-corruption laws, such as the U.S. Foreign Corrupt Practices Act and the U.K. Bribery Act, U.S. or foreign sanctions regimes and export or import control laws, and any trade regulations ensuring fair trade practices.

These and other factors could harm our future international revenues and, consequently, materially impact our business, operating results, and financial condition. The expansion of our existing international operations and entry into additional international markets will require significant management attention and financial resources. Our failure to successfully manage our international operations and the associated risks effectively could limit the future growth of our business.

We are exposed to fluctuations in foreign currency exchange rates, which could negatively affect our financial condition and operating results.

Our sales contracts are denominated in U.S. dollars, and therefore, our revenue is not subject to foreign currency risk; however, in the event of a strengthening of the U.S. dollar against foreign currencies in which we conduct business, the cost of our products to our end-customers outside of the United States would increase, which could adversely affect our financial condition and operating results. In addition, increased international sales in the future, including through our channel partners and other partnerships, may result in foreign currency denominated sales, increasing our foreign currency risk.

- 27 -

Our operating expenses incurred outside the United States and denominated in foreign currencies are generally increasing and are subject to fluctuations due to changes in foreign currency exchange rates. If we are not able to successfully hedge against the risks associated with foreign currency fluctuations, our financial condition and operating results could be adversely affected. We have entered into forward contracts in an effort to reduce our foreign currency exchange exposure related to our foreign currency denominated expenditures. As of July 31, 2023, the total notional amount of our outstanding foreign currency forward contracts was $957.5 million. For more information on our hedging transactions, refer to Note 6. Derivative Instruments in Part II, Item 8 of this Annual Report on Form 10-K. The effectiveness of our existing hedging transactions and the availability and effectiveness of any hedging transactions we may decide to enter into in the future may be limited, and we may not be able to successfully hedge our exposure, which could adversely affect our financial condition and operating results.

We face risks associated with having operations and employees located in Israel.

As a result of various of our acquisitions, including Cider, Cyber Secdo Ltd. (“Secdo”), PureSec Ltd. (“PureSec”), and Twistlock Ltd. (“Twistlock”), we have offices and employees located in Israel. Accordingly, political, economic, and military conditions in Israel directly affect our operations, including the recent political unrest in Israel. The future of peace efforts between Israel and its Arab neighbors remains uncertain. The effects of hostilities and violence on the Israeli economy and our operations in Israel are unclear, and we cannot predict the effect on us of further increases in these hostilities or future armed conflict, political instability, or violence in the region. Current or future tensions and conflicts in the Middle East could adversely affect our business, operating results, financial condition, and cash flows.

In addition, many of our employees in Israel are obligated to perform annual reserve duty in the Israeli military and are subject to being called for active duty under emergency circumstances. We cannot predict the full impact of these conditions on us in the future, particularly if emergency circumstances or an escalation in the political situation occurs. If many of our employees in Israel are called for active duty for a significant period of time, our operations and our business could be disrupted and may not be able to function at full capacity. Any disruption in our operations in Israel could adversely affect our business.

We are subject to governmental export and import controls that could subject us to liability or impair our ability to compete in international markets.

Because we incorporate encryption technology into our products, certain of our products are subject to U.S. export controls and may be exported outside the United States only with the required export license or through an export license exception. If we were to fail to comply with U.S. export licensing requirements, U.S. customs regulations, U.S. economic sanctions, or other laws, we could be subject to substantial civil and criminal penalties, including fines, incarceration for responsible employees and managers, and the possible loss of export or import privileges. Obtaining the necessary export license for a particular sale may be time-consuming and may result in the delay or loss of sales opportunities. Furthermore, U.S. export control laws and economic sanctions prohibit the shipment of certain products to U.S. embargoed or sanctioned countries, governments, and persons. Even though we take precautions to ensure that our channel partners comply with all relevant regulations, any failure by our channel partners to comply with such regulations could have negative consequences for us, including reputational harm, government investigations, and penalties.

In addition, various countries regulate the import of certain encryption technology, including through import permit and license requirements, and have enacted laws that could limit our ability to distribute our products or could limit our end-customers’ ability to implement our products in those countries. Changes in our products or changes in export and import regulations may create delays in the introduction of our products into international markets, prevent our end-customers with international operations from deploying our products globally or, in some cases, prevent or delay the export or import of our products to certain countries, governments, or persons altogether. Any change in export or import regulations, economic sanctions, such as the Sanctions on Russia, or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons, or technologies targeted by such regulations could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential end-customers with international operations. Any decreased use of our products or limitation on our ability to export to or sell our products in international markets would likely adversely affect our business, financial condition, and operating results.

- 28 -

RISKS RELATED TO PRIVACY AND DATA PROTECTION

Our actual or perceived failure to adequately protect personal data could have a material adverse effect on our business.

A wide variety of laws and regulations apply to the collection, use, retention, protection, disclosure, transfer, and other processing of personal data in jurisdictions where we and our customers operate. Compliance with these laws and regulations is difficult and costly. These laws and regulations are also subject to frequent and unexpected changes, new or additional laws or regulations may be adopted, and rulings that invalidate prior laws or regulations may be issued. For example, we are subject to the E.U. General Data Protection Regulation (“E.U. GDPR”) and the U.K. General Data Protection Regulation (‘U.K. GDPR,” and collectively the “GDPR”), both of which impose stringent data protection requirements, provide for costly penalties for noncompliance (up to the greater of (a) €20 million under the “E.U. GDPR” or £17.5 million under the “U.K. GDPR,” and (b) 4% of annual worldwide turnover), and confer the right upon data subjects and consumer associations to lodge complaints with supervisory authorities, seek judicial remedies, and obtain compensation for damages resulting from violations.

The GDPR requires, among other things, that personal data be transferred outside of the E.U. (or, in the case of the U.K. GDPR, the U.K.) to the United States and other jurisdictions only where adequate safeguards are implemented or a derogation applies. In practice, we rely on standard contractual clauses approved under the GDPR to carry out such transfers and to receive personal data subject to the GDPR (directly or indirectly) in the United States. In the future, we may self-certify to the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), which has been approved for transfers of personal data subject to the GDPR to the United States and requires public disclosures of adherence to data protection principles and the submission of jurisdiction to European regulatory authorities. Following the “Schrems II” decision by the Court of Justice of the European Union, transfers of personal data to recipients in third countries are also subject to additional assessments and safeguards beyond the implementation of approved transfer mechanisms. The decision imposed a requirement for companies to carry out an assessment of the laws and practices governing access to personal data in the third country to ensure an essentially equivalent level of data protection to that afforded in the E.U.

Among other effects, we may experience additional costs associated with increased compliance burdens, reduced demand for our offerings from current or prospective customers in the European Economic Area (“EEA”), Switzerland, and the U.K. (collectively, “Europe”) to use our products, on account of the risks identified in the Schrems II decision, and we may find it necessary or desirable to make further changes to our processing of personal data of European residents. The regulatory environment applicable to the handling of European residents’ personal data, and our actions taken in response, may cause us to assume additional liabilities or incur additional costs, including in the event we self-certify to the EU-U.S. DPF. Moreover, much like with Schrems II, we anticipate future legal challenges to the approved data transfer mechanisms between Europe and the United States, including a challenge to the EU-U.S. DPF. Such legal challenges could result in additional legal and regulatory risk, compliance costs, and in our business, operating results, and financial condition being harmed. Additionally, we and our customers may face risk of enforcement actions by data protection authorities in Europe relating to personal data transfers to us and by us from Europe. Any such enforcement actions could result in substantial costs and diversion of resources, and distract management and technical personnel. These potential liabilities and enforcement actions could also have an overall negative affect on our business, operating results, and financial condition.

We are also subject to the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”). The CCPA requires, among other things, covered companies to provide enhanced disclosures to California consumers and to afford such consumers certain rights regarding their personal data, including the right to opt out of data sales for targeted advertising, and creates a private right of action to individuals affected by a data breach, if the breach was caused by a lack of reasonable security. The effects of the CCPA have been significant, requiring us to modify our data processing practices and policies and to incur substantial costs and expenses for compliance. Moreover, additional state privacy laws have been passed and will require potentially substantial efforts to obtain compliance. These include laws enacted in at least ten states, which all go into effect by January 1, 2026.

We may also from time to time be subject to obligations relating to personal data by contract, or face assertions that we are subject to self-regulatory obligations or industry standards. Additionally, the Federal Trade Commission and many state attorneys general are more regularly bringing enforcement actions in connection with federal and state consumer protection laws for false or deceptive acts or practices in relation to the online collection, use, dissemination, and security of personal data. Internationally, data localization laws may mandate that personal data collected in a foreign country be processed and stored within that country. New legislation affecting the scope of personal data and personal information where we or our customers and partners have operations, especially relating to classification of Internet Protocol (“IP”) addresses, machine identification, AI, location data, and other information, may limit or inhibit our ability to operate or expand our business, including limiting strategic partnerships that may involve the sharing or uses of data, and may require significant expenditures and efforts in order to comply. Notably, public perception of potential privacy, data protection, or information security concerns—whether or not valid—may harm our reputation and inhibit adoption of our products and subscriptions by current and future end-customers. Each of these laws and regulations, and any changes to these laws and regulations, or new laws and regulations, could impose significant limitations, or require changes to our business model or practices or growth strategy, which may increase our compliance expenses and make our business more costly or less efficient to conduct.

- 29 -

Tax, Accounting, Compliance, and Regulatory Risks

We may have exposure to greater than anticipated tax liabilities.

Our income tax obligations are based in part on our corporate structure and intercompany arrangements, including the manner in which we develop, value, and use our intellectual property and the valuations of our intercompany transactions. The tax laws applicable to our business, including the laws of the United States and various other jurisdictions, are subject to interpretation and certain jurisdictions may aggressively interpret their laws, regulations, and policies, including in an effort to raise additional tax revenue. The tax authorities of the jurisdictions in which we operate may challenge our methodologies for valuing developed or acquired technology or determining the proper charges for intercompany arrangements, which could increase our worldwide effective tax rate and harm our financial position and operating results. Some tax authorities of jurisdictions other than the United States may seek to assert extraterritorial taxing rights on our transactions or operations. It is possible that domestic or international tax authorities may subject us to tax examinations, or audits, and such tax authorities may disagree with certain positions we have taken, and any adverse outcome of such an examination, review or audit could result in additional tax liabilities and penalties and otherwise have a negative effect on our financial position and operating results. Further, the determination of our worldwide provision for or benefit from income taxes and other tax liabilities requires significant judgment by management, and there are transactions where the ultimate tax determination is uncertain. Although we believe that our estimates are reasonable, the ultimate tax outcome may differ from the amounts recorded on our consolidated financial statements and may materially affect our financial results in the period or periods for which such determination is made.

In addition, our future income tax obligations could be adversely affected by changes in, or interpretations of, tax laws, regulations, policies, or decisions in the United States or in the other jurisdictions in which we operate.

If our estimates or judgments relating to our critical accounting policies are based on assumptions that change or prove to be incorrect, our operating results could fall below our publicly announced guidance or the expectations of securities analysts and investors, resulting in a decline in the market price of our common stock.

The preparation of consolidated financial statements in conformity with U.S. GAAP requires management to make estimates and assumptions that affect the amounts reported on our consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, the results of which form the basis for making judgments about the carrying values of assets, liabilities, equity, revenue, and expenses that are not readily apparent from other sources. For more information, refer to the section entitled “Critical Accounting Estimates” in “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in Part II, Item 7 of this Annual Report on Form 10-K. In general, if our estimates, judgments, or assumptions relating to our critical accounting policies change or if actual circumstances differ from our estimates, judgments, or assumptions, our operating results may be adversely affected and could fall below our publicly announced guidance or the expectations of securities analysts and investors, resulting in a decline in the market price of our common stock.

We are obligated to maintain proper and effective internal control over financial reporting. We may not complete our analysis of our internal control over financial reporting in a timely manner, or our internal control may not be determined to be effective, which may adversely affect investor confidence in our company and, as a result, the value of our common stock.

If we are unable to assert that our internal controls are effective, our independent registered public accounting firm may not be able to formally attest to the effectiveness of our internal control over financial reporting. If, in the future, our chief executive officer, chief financial officer, or independent registered public accounting firm determines that our internal control over financial reporting is not effective as defined under Section 404, we could be subject to one or more investigations or enforcement actions by state or federal regulatory agencies, stockholder lawsuits, or other adverse actions requiring us to incur defense costs, pay fines, settlements, or judgments, causing investor perceptions to be adversely affected and potentially resulting in a decline in the market price of our stock.

Our reputation and/or business could be negatively impacted by ESG matters and/or our reporting of such matters.

There is an increasing focus from regulators, certain investors, and other stakeholders concerning ESG matters, both in the United States and internationally. We communicate certain ESG-related initiatives, goals, and/or commitments regarding environmental matters, diversity, responsible sourcing and social investments, and other matters in our annual ESG Report, on our website, in our filings with the SEC, and elsewhere. These initiatives, goals, or commitments could be difficult to achieve and costly to implement. We could fail to achieve, or be perceived to fail to achieve, our ESG-related initiatives, goals, or commitments. In addition, we could be criticized for the timing, scope or nature of these initiatives, goals, or commitments, or for any revisions to them. To the extent that our required and voluntary disclosures about ESG matters increase, we could be criticized for the accuracy, adequacy, or completeness of such disclosures. Our actual or perceived failure to achieve our ESG-related initiatives, goals, or commitments could negatively impact our reputation, result in ESG-focused investors not purchasing and holding our stock, or otherwise materially harm our business.

- 30 -

Failure to comply with governmental laws and regulations could harm our business.

Our business is subject to regulation by various federal, state, local, and foreign governmental agencies, including agencies responsible for monitoring and enforcing employment and labor laws, workplace safety, product safety, environmental laws, consumer protection laws, privacy, data security, and data-protection laws, anti-bribery laws (including the U.S. Foreign Corrupt Practices Act and the U.K. Anti-Bribery Act), import/export controls, federal securities laws, and tax laws and regulations. These laws and regulations may also impact our innovation and business drivers in developing new and emerging technologies (e.g., AI and machine learning). In certain jurisdictions, these regulatory requirements may be more stringent than those in the United States. Noncompliance with applicable regulations or requirements could subject us to investigations, sanctions, mandatory product recalls, enforcement actions, disgorgement of profits, fines, damages, civil and criminal penalties, or injunctions. If any governmental sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation resulting from any alleged noncompliance, our business, operating results, and financial condition could be materially adversely affected. In addition, responding to any action will likely result in a significant diversion of management’s attention and resources and an increase in professional fees. Enforcement actions, litigation, and sanctions could harm our business, operating results, and financial condition.

Risks Related to Our Notes and Common Stock

We may not have the ability to raise the funds necessary to settle conversions of our Notes, repurchase our Notes upon a fundamental change, or repay our Notes in cash at their maturity, and our future debt may contain limitations on our ability to pay cash upon conversion or repurchase of our Notes.

In June 2020, we issued our 2025 Notes (the “2025 Notes”). We will need to make cash payments (a) if holders of our 2025 Notes require us to repurchase all, or a portion of, their 2025 Notes upon the occurrence of a fundamental change (e.g., a change of control of Palo Alto Networks, Inc.) before the maturity date, (b) upon conversion of our 2025 Notes, or (c) to repay our 2025 Notes in cash at their maturity unless earlier converted or repurchased. Effective August 1, 2023 through October 31, 2023, all of the 2025 Notes are convertible. If all of the note holders decided to convert their 2025 Notes, we would be obligated to pay the $2.0 billion principal amount of the 2025 Notes in cash. Under the terms of the 2025 Notes, we also have the option to settle the amount of our conversion obligation in excess of the aggregate principal amount of the 2025 Notes in cash or shares of our common stock. If our cash provided by operating activities, together with our existing cash, cash equivalents, and investments, and existing sources of financing, are inadequate to satisfy these obligations, we will need to obtain third-party financing, which may not be available to us on commercially reasonable terms or at all, to meet these payment obligations.

In addition, our ability to repurchase or to pay cash upon conversion of our 2025 Notes may be limited by law, regulatory authority, or agreements governing our future indebtedness. Our failure to repurchase our 2025 Notes at a time when the repurchase is required by the applicable indenture governing such 2025 Notes or to pay cash upon conversion of such 2025 Notes as required by the applicable indenture would constitute a default under the indenture. A default under the applicable indenture or the fundamental change itself could also lead to a default under agreements governing our future indebtedness. If the payment of the related indebtedness were to be accelerated after any applicable notice or grace periods, we may not have sufficient funds to repay the indebtedness and repurchase our 2025 Notes or to pay cash upon conversion of our 2025 Notes.

We may still incur substantially more debt or take other actions that would diminish our ability to make payments on our Notes when due.

We and our subsidiaries may incur substantial additional debt in the future, subject to the restrictions contained in our debt instruments, that could have the effect of diminishing our ability to make payments on our Notes when due.

The market price of our common stock historically has been volatile, and the value of an investment in our common stock could decline.

The market price of our common stock has historically been, and is likely to continue to be, volatile and could be subject to wide fluctuations in response to various factors, some of which are beyond our control and unrelated to our business, operating results, or financial condition. These fluctuations could cause a loss of all or part of an investment in our common stock. Factors that could cause fluctuations in the market price of our common stock include, but are not limited to:

•announcements of new products, subscriptions or technologies, commercial relationships, strategic partnerships, acquisitions, or other events by us or our competitors;

•price and volume fluctuations in the overall stock market from time to time;

•news announcements that affect investor perception of our industry, including reports related to the discovery of significant cyberattacks;

•significant volatility in the market price and trading volume of technology companies in general and of companies in our industry;

•fluctuations in the trading volume of our shares or the size of our public float;

- 31 -

•actual or anticipated changes in our operating results or fluctuations in our operating results;

•whether our operating results meet the expectations of securities analysts or investors;

•actual or anticipated changes in the expectations of securities analysts or investors, whether as a result of our forward-looking statements, our failure to meet such expectations or otherwise;

•inaccurate or unfavorable research reports about our business and industry published by securities analysts or reduced coverage of our company by securities analysts;

•litigation involving us, our industry, or both;

•actions instituted by activist shareholders or others;

•regulatory developments in the United States, foreign countries, or both;

•major catastrophic events;

•sales or repurchases of large blocks of our common stock or substantial future sales by our directors, executive officers, employees, and significant stockholders;

•departures of key personnel; or

•geopolitical or economic uncertainty around the world.

In the past, following periods of volatility in the market price of a company’s securities, securities class action litigation has often been brought against that company. Securities litigation could result in substantial costs, divert our management’s attention and resources from our business, and have a material adverse effect on our business, operating results, and financial condition.

The convertible note hedge and warrant transactions may affect the value of our common stock.

In connection with the sale of our 2025 Notes, we entered into convertible note hedge transactions (the “2025 Note Hedges”) with certain counterparties. In connection with each such sale of the 2025 Notes, we also entered into warrant transactions with the counterparties pursuant to which we sold warrants (the “2025 Warrants”) for the purchase of our common stock. In addition, we also entered into warrant transactions in connection with our 2023 Notes (together with the 2025 Warrants, the “Warrants”). The Note Hedges for our 2025 Notes are generally expected to reduce the potential dilution to our common stock upon any conversion of our 2025 Notes. The Warrants could separately have a dilutive effect to the extent that the market price per share of our common stock exceeds the applicable strike price of the Warrants unless, subject to certain conditions, we elect to cash settle such Warrants.

The applicable counterparties or their respective affiliates may modify their hedge positions by entering into or unwinding various derivatives with respect to our common stock and/or purchasing or selling our common stock or other securities of ours in secondary market transactions prior to the maturity of the outstanding 2025 Notes (and are likely to do so during any applicable observation period related to a conversion of our 2025 Notes). This activity could also cause or prevent an increase or a decrease in the market price of our common stock or our 2025 Notes, which could affect a note holder’s ability to convert its 2025 Notes and, to the extent the activity occurs during any observation period related to a conversion of our 2025 Notes, it could affect the amount and value of the consideration that the note holder will receive upon conversion of our 2025 Notes.

We do not make any representation or prediction as to the direction or magnitude of any potential effect that the transactions described above may have on the price of our 2025 Notes or our common stock. In addition, we do not make any representation that the counterparties or their respective affiliates will engage in these transactions or that these transactions, once commenced, will not be discontinued without notice.

The issuance of additional stock in connection with financings, acquisitions, investments, our stock incentive plans, the conversion of our Notes or exercise of the related Warrants, or otherwise will dilute stock held by all other stockholders.

Our amended and restated certificate of incorporation authorizes us to issue up to 1.0 billion shares of common stock and up to 100.0 million shares of preferred stock with such rights and preferences as may be determined by our board of directors. Subject to compliance with applicable rules and regulations, we may issue shares of common stock or securities convertible into shares of our common stock from time to time in connection with a financing, acquisition, investment, our stock incentive plans, the conversion of our Notes, the settlement of our Warrants related to each such series of the Notes, or otherwise. Any such issuance could result in substantial dilution to our existing stockholders and cause the market price of our common stock to decline.

- 32 -

We cannot guarantee that our share repurchase program will be fully consummated or that it will enhance shareholder value, and share repurchases could affect the price of our common stock.

As of July 31, 2023, we had $750.0 million available under our share repurchase program which will expire on December 31, 2023. Such share repurchase program may be suspended or discontinued by the Company at any time without prior notice. Although our board of directors has authorized a share repurchase program, we are not obligated to repurchase any specific dollar amount or to acquire any specific number of shares under the program. The share repurchase program could affect the price of our common stock, increase volatility, and diminish our cash reserves. In addition, the program may be suspended or terminated at any time, which may result in a decrease in the price of our common stock.

We do not intend to pay dividends for the foreseeable future.

We have never declared or paid any dividends on our common stock. We intend to retain any earnings to finance the operation and expansion of our business, and we do not anticipate paying any cash dividends in the future. As a result, stockholders may only receive a return on their investments in our common stock if the market price of our common stock increases.

Our charter documents and Delaware law, as well as certain provisions contained in the indentures governing our Notes, could discourage takeover attempts and lead to management entrenchment, which could also reduce the market price of our common stock.

Provisions in our amended and restated certificate of incorporation and amended and restated bylaws may have the effect of delaying or preventing a change in control of our company or changes in our management. Our amended and restated certificate of incorporation and amended and restated bylaws include provisions that:

•establish that our board of directors is divided into three classes, Class I, Class II, and Class III, with three-year staggered terms;

•authorize our board of directors to issue shares of preferred stock and to determine the price and other terms of those shares, including preferences and voting rights, without stockholder approval;

•provide our board of directors with the exclusive right to elect a director to fill a vacancy created by the expansion of our board of directors or the resignation, death, or removal of a director;

•prohibit our stockholders from taking action by written consent;

•specify that special meetings of our stockholders may be called only by the chairman of our board of directors, our president, our secretary, or a majority vote of our board of directors;

•require the affirmative vote of holders of at least 66 2/3% of the voting power of all of the then outstanding shares of the voting stock, voting together as a single class, to amend the provisions of our amended and restated certificate of incorporation relating to the issuance of preferred stock and management of our business or our amended and restated bylaws;

•authorize our board of directors to amend our bylaws by majority vote; and

•establish advance notice procedures with which our stockholders must comply to nominate candidates to our board of directors or to propose matters to be acted upon at a stockholders’ meeting.

These provisions may frustrate or prevent any attempts by our stockholders to replace or remove our current management by making it more difficult for our stockholders to replace members of our board of directors, which is responsible for appointing the members of management. In addition, as a Delaware corporation, we are subject to Section 203 of the Delaware General Corporation Law. These provisions may prohibit large stockholders, in particular those owning 15% or more of our outstanding voting stock, from merging or combining with us for a certain period of time. Additionally, certain provisions contained in the indenture governing our Notes could make it more difficult or more expensive for a third party to acquire us. The application of Section 203 or certain provisions contained in the indenture governing our Notes also could have the effect of delaying or preventing a change in control of us. Any of these provisions could, under certain circumstances, depress the market price of our common stock.

- 33 -

General Risk Factors

Our business is subject to the risks of earthquakes, fire, power outages, floods, health risks, and other catastrophic events, and to interruption by man-made problems, such as terrorism.

Both our corporate headquarters and the location where our products are manufactured are located in the San Francisco Bay Area, a region known for seismic activity. In addition, other natural disasters, such as fire or floods, a significant power outage, telecommunications failure, terrorism, an armed conflict, cyberattacks, epidemics and pandemics such as COVID-19, or other geo-political unrest could affect our supply chain, manufacturers, logistics providers, channel partners, end-customers, or the economy as a whole, and such disruption could impact our shipments and sales. These risks may be further increased if the disaster recovery plans for us and our suppliers prove to be inadequate. To the extent that any of the above should result in delays or cancellations of customer orders, the loss of customers, or the delay in the manufacture, deployment, or shipment of our products, our business, financial condition, and operating results would be adversely affected.

Our failure to raise additional capital or generate the significant capital necessary to expand our operations and invest in new products and subscriptions could reduce our ability to compete and could harm our business.

We intend to continue to make investments to support our business growth and may require additional funds to respond to business challenges, including the need to develop new features to enhance our portfolio, improve our operating infrastructure, or acquire complementary businesses and technologies. Accordingly, we may need to engage in equity or debt financings to secure additional funds. If we engage in future debt financings, the holders of such additional debt would have priority over the holders of our common stock. Current and future indebtedness may also contain terms that, among other things, restrict our ability to incur additional indebtedness. In addition, we may be required to take other actions that would otherwise be in the interests of the debt holders and would require us to maintain specified liquidity or other ratios, any of which could harm our business, operating results, and financial condition. If we are unable to obtain adequate financing or financing on terms satisfactory to us when we require it, our ability to continue to support our business growth and to respond to business challenges could be significantly impaired, and our business may be adversely affected.

- 34 -

Item 1B. Unresolved Staff Comments

Not applicable.

Item 2. Properties

Our corporate headquarters is located in Santa Clara, California, where we lease approximately 941,000 square feet of space under three lease agreements that expire in July 2028, with options to extend the lease terms through July 2046. We also lease space for personnel around the world, including Israel and India. In addition, we provide our cloud-based subscription offerings through data centers operated under co-location arrangements in the United States, Europe, and Asia. Refer to Note 11. Leases in Part II, Item 8 of this Annual Report on Form 10-K for more information on our operating leases. Additionally, we own 10.4 acres of land adjacent to our headquarters in Santa Clara, California, which we intend to develop to accommodate future expansion, the speed of which development has been slowed due to the current environment.

We believe that our current facilities are adequate to meet our current needs. We intend to expand our facilities or add new facilities as we add employees and enter new geographic markets, and we believe that suitable additional or alternative space will be available as needed to accommodate ongoing operations and any such growth. However, we expect to incur additional expenses in connection with such new or expanded facilities.

Item 3. Legal Proceedings

The information set forth under the “Litigation” subheading in Note 12. Commitments and Contingencies in Part II, Item 8 of this Annual Report on Form 10-K is incorporated herein by reference.

Item 4. Mine Safety Disclosures

Not applicable.

- 35 -

Part II

Item 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities

Market Information

Our common stock, $0.0001 par value per share, is traded on the Nasdaq Global Select Market under the symbol “PANW.” Prior to October 22, 2021, our common stock traded on the New York Stock Exchange (“NYSE”) under the symbol “PANW.”

Holders of Record

As of August 18, 2023, there were 414 holders of record of our common stock. Because many of our shares of common stock are held by brokers and other institutions on behalf of stockholders, we are unable to estimate the total number of stockholders represented by these record holders.

Dividend Policy

We have never declared or paid, and do not anticipate declaring or paying in the foreseeable future, any cash dividends on our capital stock. Any future determination as to the declaration and payment of dividends, if any, will be at the discretion of our board of directors, subject to applicable laws, and will depend on then existing conditions, including our financial condition, operating results, contractual restrictions, capital requirements, business prospects, and other factors our board of directors may deem relevant.

Securities Authorized for Issuance under Equity Compensation Plans

See Part III, Item 12 “Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters” of this Annual Report on Form 10-K for more information regarding securities authorized for issuance.

Recent Sales of Unregistered Equity Securities

During the three months ended July 31, 2023, we issued a total of 3,569 shares of our unregistered common stock in connection with certain of our acquisitions (the “Transactions”).

The Transactions did not involve any underwriters, any underwriting discounts or commissions, or any public offering. The issuances of the securities pursuant to the Transactions were exempt from registration under the Securities Act of 1933, as amended (the “Act”) by virtue of Section 4(a)(2) of the Act and Rule 506 of Regulation D promulgated thereunder.

Purchases of Equity Securities by the Issuer and Affiliated Purchasers

In February 2019, we announced that our board of directors authorized a $1.0 billion share repurchase program, which is funded from available working capital. In December 2020, August 2021, and August 2022, we announced additional $700.0 million, $676.1 million, and $915.0 million increases to this share repurchase program, respectively, bringing the total authorization to $3.3 billion, with $750.0 million remaining as of July 31, 2023. The expiration date of this repurchase authorization was extended to December 31, 2023, and our repurchase program may be suspended or discontinued at any time. Repurchases under our program are to be made at management’s discretion on the open market, through privately negotiated transactions, transactions structured through investment banking institutions, block purchase techniques, 10b5-1 trading plans, or a combination of the foregoing. During the three months ended July 31, 2023, we did not repurchase any shares pursuant to our share repurchase program.

- 36 -

Between June 1, 2023 and June 30, 2023 and July 1, 2023 and July 31, 2023, shares of restricted stock were delivered by certain employees upon vesting of equity awards to satisfy tax withholding requirements. The average value of shares delivered to satisfy tax withholding requirements during these periods were $246.53 per share and $243.33 per share, respectively. The number of shares delivered to satisfy tax withholding requirements during these periods was not significant.

Stock Price Performance Graph

This performance graph shall not be deemed “filed” for purposes of Section 18 of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), or incorporated by reference into any filing of Palo Alto Networks, Inc. under the Securities Act of 1933, as amended, or the Exchange Act, except as shall be expressly set forth by specific reference in such filing.

This performance graph compares the cumulative total return on our common stock with that of the Nasdaq 100 Index, the Standard & Poor’s 500 Index, and the Standard & Poor’s 500 Information Technology Index for the five years ended July 31, 2023. This performance graph assumes $100 was invested on July 31, 2018, in each of the common stock of Palo Alto Networks, Inc., the Nasdaq 100 Index, the Standard & Poor’s 500 Index, and the Standard & Poor’s 500 Information Technology Index, and assumes the reinvestment of any dividends. The stock price performance on this performance graph is not necessarily indicative of future stock price performance.

Palo Alto Networks, Inc. Comparison of Total Return Performance

Company/Index	7/31/2018		7/31/2019		7/31/2020		7/31/2021		7/31/2022		7/31/2023
Palo Alto Networks, Inc.	$	100.00	$	114.26	$	129.08	$	201.28	$	251.74	$	378.23
Nasdaq 100 Index	$	100.00	$	109.74	$	154.04	$	212.86	$	185.61	$	227.88
S&P 500 Index	$	100.00	$	107.99	$	120.90	$	164.96	$	157.31	$	177.78
S&P 500 Information Technology Index	$	100.00	$	115.72	$	160.75	$	225.10	$	212.69	$	269.79

Item 6. [Reserved]

- 37 -

Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations

The following discussion and analysis of our financial condition and results of operations should be read in conjunction with our consolidated financial statements and related notes appearing elsewhere in this Annual Report on Form 10-K. The following discussion and analysis contains forward-looking statements based on current expectations and assumptions that are subject to risks and uncertainties, which could cause our actual results to differ materially from those anticipated or implied by any forward-looking statements. Factors that could cause or contribute to such differences include, but are not limited to, those discussed in this Annual Report on Form 10-K, and in particular, the risks discussed under the caption “Risk Factors” in Part I, Item 1A of this report.

Our Management’s Discussion and Analysis of Financial Condition and Results of Operations (“MD&A”) is organized as follows:

•Overview. A discussion of our business and overall analysis of financial and other highlights in order to provide context for the remainder of MD&A.

•Key Financial Metrics. A summary of our U.S. GAAP and non-GAAP key financial metrics, which management monitors to evaluate our performance.

•Results of Operations. A discussion of the nature and trends in our financial results and an analysis of our financial results comparing fiscal 2023 to fiscal 2022. For discussion and analysis related to our financial results comparing fiscal 2022 to 2021, refer to Part II, Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations in our Annual Report on Form 10-K for fiscal 2022, which was filed with the Securities and Exchange Commission on September 6, 2022.

•Liquidity and Capital Resources. An analysis of changes on our balance sheets and cash flows, and a discussion of our financial condition and our ability to meet cash needs.

•Critical Accounting Estimates. A discussion of our accounting policies that require critical estimates, assumptions, and judgments.

Overview

We empower enterprises, organizations, service providers, and government entities to protect themselves against today’s most sophisticated cyber threats. Our cybersecurity platforms and services help secure enterprise users, networks, clouds, and endpoints by delivering comprehensive cybersecurity backed by industry-leading artificial intelligence and automation. We are a leading provider of zero trust solutions, starting with next-generation zero trust network access to secure today’s remote hybrid workforces and extending to securing all users, applications, and infrastructure with zero trust principles. Our security solutions are designed to reduce customers’ total cost of ownership by improving operational efficiency and eliminating the need for siloed point products. Our company focuses on delivering value in four fundamental areas:

Network Security:

•Our network security platform, designed to deliver complete zero trust solutions to our customers, includes our hardware and software ML-Powered Next-Generation Firewalls, as well as a cloud-delivered Secure Access Service Edge (“SASE”). Prisma® Access, our Security Services Edge (“SSE”) solution, when combined with Prisma SD-WAN, provides a comprehensive single-vendor SASE offering that is used to secure remote workforces and enable the cloud-delivered branch. We have been recognized as a leader in network firewalls, SSE, and SD-WAN. Our network security platform also includes our cloud-delivered security services, such as Advanced Threat Prevention, Advanced WildFire®, Advanced URL Filtering, DNS Security, IoT/OT Security, GlobalProtect®, Enterprise Data Loss Prevention (“Enterprise DLP”), Artificial Intelligence for Operations (“AIOps”), SaaS Security API, and SaaS Security Inline. Through these add-on security services, our customers are able to secure their content, applications, users, and devices across their entire organization. Panorama®, our network security management solution, can centrally manage our network security platform irrespective of form factor, location, or scale.

Cloud Security:

•We enable cloud-native security through our Prisma Cloud platform. As a comprehensive Cloud Native Application Protection Platform (“CNAPP”), Prisma Cloud secures multi- and hybrid-cloud environments for applications, data, and the entire cloud native technology stack across the full development lifecycle; from code to runtime. For inline network security on multi- and hybrid-cloud environments, we also offer our VM-Series and CN-Series Firewall offerings.

- 38 -

Security Operations:

•We deliver the next generation of security automation, security analytics, endpoint security, and attack surface management solutions through our Cortex portfolio. These include Cortex XSIAM, our AI security automation platform, Cortex XDR® for the prevention, detection, and response to complex cybersecurity attacks on the endpoint, Cortex XSOAR® for security orchestration, automation, and response (“SOAR”), and Cortex XpanseTM for attack surface management (“ASM”). These products are delivered as SaaS or software subscriptions.

Threat Intelligence and Security Consulting (Unit 42):

•Unit 42 brings together world-renowned threat researchers with an elite team of incident responders and security consultants to create an intelligence-driven, response-ready organization to help customers proactively manage cyber risk. Our consultants serve as trusted advisors to our customers by assessing and testing their security controls against the right threats, transforming their security strategy with a threat-informed approach, and responding to security incidents on behalf of our clients.

For fiscal 2023 and 2022, total revenue was $6.9 billion and $5.5 billion, respectively, representing year-over-year growth of 25.3%. Our growth reflects the increased adoption of our portfolio, which consists of product, subscriptions, and support. We believe our portfolio will enable us to benefit from recurring revenues and new revenues as we continue to grow our end-customer base. As of July 31, 2023, we had end-customers in over 180 countries. Our end-customers represent a broad range of industries, including education, energy, financial services, government entities, healthcare, Internet and media, manufacturing, public sector, and telecommunications, and include almost all of the Fortune 100 companies and a majority of the Global 2000 companies. We maintain a field sales force that works closely with our channel partners in developing sales opportunities. We primarily use a two-tiered, indirect fulfillment model whereby we sell our products, subscriptions, and support to our distributors, which, in turn, sell to our resellers, which then sell to our end-customers.

Our product revenue grew to $1.6 billion or 22.9% of total revenue for fiscal 2023, representing year-over-year growth of 15.8%. Product revenue is derived from sales of our appliances, primarily our ML-Powered Next-Generation Firewall. Product revenue also includes revenue derived from software licenses of Panorama, SD-WAN, and the VM-Series. Our ML-Powered Next-Generation Firewall incorporates our PAN-OS operating system, which provides a consistent set of capabilities across our entire network security product line. Our appliances and software licenses include a broad set of built-in networking and security features and functionalities. Our products are designed for different performance requirements throughout an organization, ranging from our PA-410, which is designed for small organizations and remote or branch offices, to our top-of-the-line PA-7080, which is designed for large-scale data centers and service provider use. The same firewall functionality that is delivered in our physical appliances is also available in our VM-Series virtual firewalls, which secure virtualized and cloud-based computing environments, and in our CN-Series container firewalls, which secure container environments and traffic.

Our subscription and support revenue grew to $5.3 billion or 77.1% of total revenue for fiscal 2023, representing year-over-year growth of 28.4%. Our subscriptions provide our end-customers with near real-time access to the latest antivirus, intrusion prevention, web filtering, modern malware prevention, data loss prevention, and cloud access security broker capabilities across the network, endpoints, and the cloud. When end-customers purchase our physical, virtual, or container firewall appliances, or certain cloud offerings, they typically purchase support in order to receive ongoing security updates, upgrades, bug fixes, and repairs. In addition to the subscriptions purchased with these appliances, end-customers may also purchase other subscriptions on a per-user, per-endpoint, or capacity-based basis. We also offer professional services, including incident response, risk management, and digital forensic services.

We continue to invest in innovation as we evolve and further extend the capabilities of our portfolio, as we believe that innovation and timely development of new features and products are essential to meeting the needs of our end-customers and improving our competitive position. During fiscal 2023, we introduced several new offerings, including: Cortex XSIAM 1.0, major updates to Prisma Cloud (including three new security modules), Prisma Access 4.0, PAN-OS 11.0, Cloud NGFW for AWS, and Cloud NGFW for Azure. Additionally, we acquired productive investments that fit well within our long-term strategy. For example, in December 2022, we acquired Cider, which we expect will support our Prisma Cloud’s platform approach to securing the entire application security lifecycle from code to cloud.

We believe that the growth of our business and our short-term and long-term success are dependent upon many factors, including our ability to extend our technology leadership, grow our base of end-customers, expand deployment of our portfolio and support offerings within existing end-customers, and focus on end-customer satisfaction. To manage any future growth effectively, we must continue to improve and expand our information technology and financial infrastructure, our operating and administrative systems and controls, and our ability to manage headcount, capital, and processes in an efficient manner. While these areas present significant opportunities for us, they also pose challenges and risks that we must successfully address in order to sustain the growth of our business and improve our operating results. For additional information regarding the challenges and risks we face, see the “Risk Factors” section in Part I, Item 1A of this Annual Report on Form 10-K.

- 39 -

Impact of Macroeconomic Developments and Other Factors on Our Business

Our overall performance depends in part on worldwide economic and geopolitical conditions and their impact on customer behavior. Worsening economic conditions, including inflation, higher interest rates, slower growth, fluctuations in foreign exchange rates, and other conditions, may adversely affect our results of operations and financial performance.

We continue to experience supply chain disruption and incur increased costs resulting from inflationary pressures. We are monitoring the tensions between China and Taiwan, and between the U.S. and China, which could have an adverse impact on our business or results of operations in future periods.

Key Financial Metrics

We monitor the key financial metrics set forth in the tables below to help us evaluate growth trends, establish budgets, measure the effectiveness of our sales and marketing efforts, and assess operational efficiencies. We discuss revenue, gross margin, and the components of operating income (loss) and margin below under “Results of Operations.”

	July 31,
	2023		2022
	(in millions)
Total deferred revenue	$	9,296.4	$	6,994.0
Cash, cash equivalents, and investments	$	5,437.9	$	4,686.4

	Year Ended July 31,
	2023			2022			2021
	(dollars in millions)
Total revenue	$	6,892.7		$	5,501.5		$	4,256.1
Total revenue year-over-year percentage increase	25.3		%	29.3		%	24.9		%
Gross margin	72.3		%	68.8		%	70.0		%
Operating income (loss)	$	387.3		$	(188.8)		$	(304.1)
Operating margin	5.6		%	(3.4)		%	(7.1)		%
Billings	$	9,194.4		$	7,471.5		$	5,452.2
Billings year-over-year percentage increase	23.1		%	37.0		%	26.7		%
Cash flow provided by operating activities	$	2,777.5		$	1,984.7		$	1,503.0
Free cash flow (non-GAAP)	$	2,631.2		$	1,791.9		$	1,387.0

•Deferred Revenue. Our deferred revenue primarily consists of amounts that have been invoiced but have not been recognized as revenue as of the period end. The majority of our deferred revenue balance consists of subscription and support revenue that is recognized ratably over the contractual service period. We monitor our deferred revenue balance because it represents a significant portion of revenue to be recognized in future periods.

•Billings. We define billings as total revenue plus the change in total deferred revenue, net of acquired deferred revenue, during the period. We consider billings to be a key metric used by management to manage our business. We believe billings provides investors with an important indicator of the health and visibility of our business because it includes subscription and support revenue, which is recognized ratably over the contractual service period, and product revenue, which is recognized at the time of hardware shipment or delivery of software license, provided that all other conditions for revenue recognition have been met. We consider billings to be a useful metric for management and investors, particularly if we continue to experience increased sales of subscriptions and strong renewal rates for subscription and support offerings, and as we monitor our near-term cash flows. While we believe that billings provides useful information to investors and others in understanding and evaluating our operating results in the same manner as our management, it is important to note that other companies, including companies in our industry, may not use billings, may calculate billings differently, may have different billing frequencies, or may use other financial measures to evaluate their performance, all of which could reduce the usefulness of billings as a comparative measure. We calculate billings in the following manner:

- 40 -

	Year Ended July 31,
	2023		2022		2021
	(in millions)
Billings:
Total revenue	$	6,892.7	$	5,501.5	$	4,256.1
Add: change in total deferred revenue, net of acquired deferred revenue	2,301.7		1,970.0		1,196.1
Billings	$	9,194.4	$	7,471.5	$	5,452.2

•Cash Flow Provided by Operating Activities. We monitor cash flow provided by operating activities as a measure of our overall business performance. Our cash flow provided by operating activities is driven in large part by sales of our products and from up-front payments for subscription and support offerings. Monitoring cash flow provided by operating activities enables us to analyze our financial performance without the non-cash effects of certain items such as share-based compensation costs, depreciation and amortization, thereby allowing us to better understand and manage the cash needs of our business.

•Free Cash Flow (non-GAAP). We define free cash flow, a non-GAAP financial measure, as cash provided by operating activities less purchases of property, equipment, and other assets. We consider free cash flow to be a profitability and liquidity measure that provides useful information to management and investors about the amount of cash generated by the business after necessary capital expenditures. A limitation of the utility of free cash flow as a measure of our financial performance and liquidity is that it does not represent the total increase or decrease in our cash balance for the period. In addition, it is important to note that other companies, including companies in our industry, may not use free cash flow, may calculate free cash flow in a different manner than we do, or may use other financial measures to evaluate their performance, all of which could reduce the usefulness of free cash flow as a comparative measure. A reconciliation of free cash flow to cash flow provided by operating activities, the most directly comparable financial measure calculated and presented in accordance with U.S. GAAP, is provided below:

	Year Ended July 31,
	2023		2022		2021
	(in millions)
Free cash flow (non-GAAP):
Net cash provided by operating activities	$	2,777.5	$	1,984.7	$	1,503.0
Less: purchases of property, equipment, and other assets	146.3		192.8		116.0
Free cash flow (non-GAAP)	$	2,631.2	$	1,791.9	$	1,387.0
Net cash used in investing activities	$	(2,033.8)	$	(933.4)	$	(1,480.6)
Net cash used in financing activities	$	(1,726.3)	$	(806.6)	$	(1,104.0)

- 41 -

Results of Operations

The following table summarizes our results of operations for the periods presented and as a percentage of our total revenue for those periods based on our consolidated statements of operations data. The period-to-period comparison of results is not necessarily indicative of results for future periods.

	Year Ended July 31,
	2023				2022				2021
	Amount		% of Revenue		Amount		% of Revenue		Amount		% of Revenue
	(dollars in millions)
Revenue:
Product	$	1,578.4	22.9	%	$	1,363.1	24.8	%	$	1,120.3	26.3	%
Subscription and support	5,314.3		77.1	%	4,138.4		75.2	%	3,135.8		73.7	%
Total revenue	6,892.7		100.0	%	5,501.5		100.0	%	4,256.1		100.0	%
Cost of revenue:
Product	418.3		6.1	%	455.5		8.3	%	308.5		7.2	%
Subscription and support	1,491.4		21.6	%	1,263.2		22.9	%	966.4		22.8	%
Total cost of revenue(1)	1,909.7		27.7	%	1,718.7		31.2	%	1,274.9		30.0	%
Total gross profit	4,983.0		72.3	%	3,782.8		68.8	%	2,981.2		70.0	%
Operating expenses:
Research and development	1,604.0		23.3	%	1,417.7		25.8	%	1,140.4		26.8	%
Sales and marketing	2,544.0		36.9	%	2,148.9		39.0	%	1,753.8		41.1	%
General and administrative	447.7		6.5	%	405.0		7.4	%	391.1		9.2	%
Total operating expenses(1)	4,595.7		66.7	%	3,971.6		72.2	%	3,285.3		77.1	%
Operating income (loss)	387.3		5.6	%	(188.8)		(3.4)	%	(304.1)		(7.1)	%
Interest expense	(27.2)		(0.4)	%	(27.4)		(0.5)	%	(163.3)		(3.8)	%
Other income, net	206.2		3.0	%	9.0		0.1	%	2.4		—	%
Income (loss) before income taxes	566.3		8.2	%	(207.2)		(3.8)	%	(465.0)		(10.9)	%
Provision for income taxes	126.6		1.8	%	59.8		1.1	%	33.9		0.8	%
Net income (loss)	$	439.7	6.4	%	$	(267.0)	(4.9)	%	$	(498.9)	(11.7)	%

(1)Includes share-based compensation as follows:

	Year Ended July 31,
	2023		2022		2021
	(in millions)
Cost of product revenue	$	9.8	$	9.3	$	6.2
Cost of subscription and support revenue	123.4		110.2		93.0
Research and development	488.4		471.1		428.9
Sales and marketing	335.3		304.7		269.9
General and administrative	130.4		118.1		128.9
Total share-based compensation	$	1,087.3	$	1,013.4	$	926.9

- 42 -

REVENUE

Our revenue consists of product revenue and subscription and support revenue. Revenue is recognized upon transfer of control of the corresponding promised products and subscriptions and support to our customers in an amount that reflects the consideration we expect to be entitled to in exchange for those products and subscriptions and support. We expect our revenue to vary from quarter to quarter based on seasonal and cyclical factors.

PRODUCT REVENUE

Product revenue is derived from sales of our appliances, primarily our ML-Powered Next-Generation Firewall. Product revenue also includes revenue derived from software licenses of Panorama, SD-WAN, and the VM-Series. Our appliances and software licenses include a broad set of built-in networking and security features and functionalities. We recognize product revenue at the time of hardware shipment or delivery of software license.

	Year Ended July 31,								Year Ended July 31,
	2023		2022		Change				2022		2021		Change
	Amount		Amount		Amount		%		Amount		Amount		Amount		%
	(dollars in millions)
Product	$	1,578.4	$	1,363.1	$	215.3	15.8	%	$	1,363.1	$	1,120.3	$	242.8	21.7	%

Product revenue increased for fiscal 2023 compared to fiscal 2022 driven by increased demand for our new generation of hardware products, increased software revenue primarily due to a new go-to-market strategy for certain Network Security offerings and an increased demand for our VM-Series virtual firewalls, partially offset by decreased revenue from our prior generation of hardware products.

SUBSCRIPTION AND SUPPORT REVENUE

Subscription and support revenue is derived primarily from sales of our subscription and support offerings. Our subscription and support contracts are typically one to five years. We recognize revenue from subscriptions and support over time as the services are performed. As a percentage of total revenue, we expect our subscription and support revenue to vary from quarter to quarter and increase over the long term as we introduce new subscriptions, renew existing subscription and support contracts, and expand our installed end-customer base.

	Year Ended July 31,								Year Ended July 31,
	2023		2022		Change				2022		2021		Change
	Amount		Amount		Amount		%		Amount		Amount		Amount		%
	(dollars in millions)
Subscription	$	3,335.4	$	2,539.0	$	796.4	31.4	%	$	2,539.0	$	1,898.8	$	640.2	33.7	%
Support	1,978.9		1,599.4		379.5		23.7	%	1,599.4		1,237.0		362.4		29.3	%
Total subscription and support	$	5,314.3	$	4,138.4	$	1,175.9	28.4	%	$	4,138.4	$	3,135.8	$	1,002.6	32.0	%

Subscription and support revenue increased for fiscal 2023 compared to fiscal 2022 due to increased demand for our subscription and support offerings from our end-customers. The mix between subscription revenue and support revenue will fluctuate over time, depending on the introduction of new subscription offerings, renewals of support services, and our ability to increase sales to new and existing end-customers.

- 43 -

REVENUE BY GEOGRAPHIC THEATER

	Year Ended July 31,								Year Ended July 31,
	2023		2022		Change				2022		2021		Change
	Amount		Amount		Amount		%		Amount		Amount		Amount		%
	(dollars in millions)
Americas	$	4,719.9	$	3,802.6	$	917.3	24.1	%	$	3,802.6	$	2,937.5	$	865.1	29.5	%
EMEA	1,359.6		1,055.8		303.8		28.8	%	1,055.8		817.3		238.5		29.2	%
APAC	813.2		643.1		170.1		26.5	%	643.1		501.3		141.8		28.3	%
Total revenue	$	6,892.7	$	5,501.5	$	1,391.2	25.3	%	$	5,501.5	$	4,256.1	$	1,245.4	29.3	%

Revenue from the Americas, Europe, the Middle East, and Africa (“EMEA”) and Asia Pacific and Japan (“APAC”) increased year-over-year for fiscal 2023 as we continued to increase investment in our global sales force in order to support our growth and innovation. Our three geographic theaters had similar year-over-year revenue growth rates for fiscal 2023, with the Americas contributing the highest increase in revenue due to its larger scale.

COST OF REVENUE

Our cost of revenue consists of cost of product revenue and cost of subscription and support revenue.

COST OF PRODUCT REVENUE

Cost of product revenue primarily includes costs paid to our manufacturing partners for procuring components and manufacturing our products. Our cost of product revenue also includes personnel costs, which consist of salaries, benefits, bonuses, share-based compensation, and travel associated with our operations organization, amortization of intellectual property licenses, product testing costs, shipping and tariff costs, and shared costs. Shared costs consist of certain facilities, depreciation, benefits, recruiting, and information technology costs that we allocate based on headcount. We expect our cost of product revenue to fluctuate with our revenue from hardware products.

	Year Ended July 31,								Year Ended July 31,
	2023		2022		Change				2022		2021		Change
	Amount		Amount		Amount		%		Amount		Amount		Amount		%
	(dollars in millions)
Cost of product revenue	$	418.3	$	455.5	$	(37.2)	(8.2)	%	$	455.5	$	308.5	$	147.0	47.6	%

Cost of product revenue decreased for fiscal 2023 compared to fiscal 2022 due to a favorable hardware product mix.

COST OF SUBSCRIPTION AND SUPPORT REVENUE

Cost of subscription and support revenue includes personnel costs for our global customer support and technical operations organizations, customer support and repair costs, third-party professional services costs, data center and cloud hosting service costs, amortization of acquired intangible assets and capitalized software development costs, and shared costs. We expect our cost of subscription and support revenue to increase as our installed end-customer base grows and adoption of our cloud-based subscription offerings increases.

	Year Ended July 31,								Year Ended July 31,
	2023		2022		Change				2022		2021		Change
	Amount		Amount		Amount		%		Amount		Amount		Amount		%
	(dollars in millions)
Cost of subscription and support revenue	$	1,491.4	$	1,263.2	$	228.2	18.1	%	$	1,263.2	$	966.4	$	296.8	30.7	%

Cost of subscription and support revenue increased for fiscal 2023 compared to fiscal 2022 primarily due to increased costs to support the growth of our subscription and support offerings. Cloud hosting service costs, which support our cloud-based subscription offerings, increased $101.0 million for fiscal 2023 compared to fiscal 2022. Personnel costs grew $97.0 million for fiscal 2023 compared to fiscal 2022 primarily due to headcount growth.

- 44 -

GROSS MARGIN

Gross margin has been and will continue to be affected by a variety of factors, including the introduction of new products, manufacturing costs, the average sales price of our products, cloud hosting service costs, personnel costs, the mix of products sold, and the mix of revenue between product and subscription and support offerings. Our virtual and higher-end firewall products generally have higher gross margins than our lower-end firewall products within each product series. We expect our gross margins to vary over time depending on the factors described above.

	Year Ended July 31,
	2023				2022				2021
	Amount		Gross Margin		Amount		Gross Margin		Amount		Gross Margin
	(dollars in millions)
Product	$	1,160.1	73.5	%	$	907.6	66.6	%	$	811.8	72.5	%
Subscription and support	3,822.9		71.9	%	2,875.2		69.5	%	2,169.4		69.2	%
Total gross profit	$	4,983.0	72.3	%	$	3,782.8	68.8	%	$	2,981.2	70.0	%

Product gross margin increased for fiscal 2023 compared to fiscal 2022 primarily due to increased software revenue and a favorable hardware product mix.

Subscription and support gross margin increased for fiscal 2023 compared to fiscal 2022, primarily due to our growth in subscription and support revenue, which outpaced the subscription and support costs.

OPERATING EXPENSES

Our operating expenses consist of research and development, sales and marketing, and general and administrative expenses. Personnel costs are the most significant component of operating expenses and consist of salaries, benefits, bonuses, share-based compensation, travel and entertainment, and with regard to sales and marketing expense, sales commissions. Our operating expenses also include shared costs, which consist of certain facilities, depreciation, benefits, recruiting, and information technology costs that we allocate based on headcount to each department. We expect operating expenses generally to increase in absolute dollars and decrease over the long term as a percentage of revenue as we continue to scale our business. As of July 31, 2023, we expect to recognize approximately $2.0 billion of share-based compensation expense over a weighted-average period of approximately 2.6 years, excluding additional share-based compensation expense related to any future grants of share-based awards. Share-based compensation expense is generally recognized on a straight-line basis over the requisite service periods of the awards.

RESEARCH AND DEVELOPMENT

Research and development expense consists primarily of personnel costs. Research and development expense also includes prototype-related expenses and shared costs. We expect research and development expense to increase in absolute dollars as we continue to invest in our future products and services, although our research and development expense may fluctuate as a percentage of total revenue.

	Year Ended July 31,								Year Ended July 31,
	2023		2022		Change				2022		2021		Change
	Amount		Amount		Amount		%		Amount		Amount		Amount		%
	(dollars in millions)
Research and development	$	1,604.0	$	1,417.7	$	186.3	13.1	%	$	1,417.7	$	1,140.4	$	277.3	24.3	%

Research and development expense increased for fiscal 2023 compared to fiscal 2022 primarily due to increased personnel costs, which grew $154.2 million, largely due to headcount growth.

- 45 -

SALES AND MARKETING

Sales and marketing expense consists primarily of personnel costs, including commission expense. Sales and marketing expense also includes costs for market development programs, promotional and other marketing costs, professional services, and shared costs. We continue to strategically invest in headcount and have grown our sales presence. We expect sales and marketing expense to continue to increase in absolute dollars as we increase the size of our sales and marketing organizations to grow our customer base, increase touch points with end-customers, and expand our global presence, although our sales and marketing expense may fluctuate as a percentage of total revenue.

	Year Ended July 31,								Year Ended July 31,
	2023		2022		Change				2022		2021		Change
	Amount		Amount		Amount		%		Amount		Amount		Amount		%
	(dollars in millions)
Sales and marketing	$	2,544.0	$	2,148.9	$	395.1	18.4	%	$	2,148.9	$	1,753.8	$	395.1	22.5	%

Sales and marketing expense increased for fiscal 2023 compared to fiscal 2022 primarily due to increased personnel costs, which grew $290.7 million, largely due to headcount growth and increased travel and entertainment expenses. The increase in sales and marketing expense was further driven by increased costs associated with sales and marketing events and go-to-market initiatives.

GENERAL AND ADMINISTRATIVE

General and administrative expense consists primarily of personnel costs and shared costs for our executive, finance, human resources, information technology, and legal organizations, and professional services costs, which consist primarily of legal, auditing, accounting, and other consulting costs. We expect general and administrative expense to increase in absolute dollars over time as we increase the size of our general and administrative organizations and incur additional costs to support our business growth, although our general and administrative expense may fluctuate as a percentage of total revenue.

	Year Ended July 31,								Year Ended July 31,
	2023		2022		Change				2022		2021		Change
	Amount		Amount		Amount		%		Amount		Amount		Amount		%
	(dollars in millions)
General and administrative	$	447.7	$	405.0	$	42.7	10.5	%	$	405.0	$	391.1	$	13.9	3.6	%

General and administrative expenses increased for fiscal 2023 compared to fiscal 2022 primarily due to increased personnel costs, which grew $23.2 million, largely due to share-based compensation related to our recent acquisitions and headcount growth. The increase in general and administrative expense was further driven by slightly higher reserves due to increased receivables as a result of our business growth.

INTEREST EXPENSE

Interest expense primarily consists of interest expense related to our 0.75% Convertible Senior Notes due 2023 (the “2023 Notes”) and the 0.375% Convertible Senior Notes due 2025 (the “2025 Notes,” and together with “2023 Notes,” the “Notes”).

	Year Ended July 31,								Year Ended July 31,
	2023		2022		Change				2022		2021		Change
	Amount		Amount		Amount		%		Amount		Amount		Amount		%
	(dollars in millions)
Interest expense	$	27.2	$	27.4	$	(0.2)	(0.7)	%	$	27.4	$	163.3	$	(135.9)	(83.2)	%

Interest expense remained relatively flat for fiscal 2023 compared to fiscal 2022.

- 46 -

OTHER INCOME, NET

Other income, net includes interest income earned on our cash, cash equivalents, and investments, and gains and losses from foreign currency remeasurement and foreign currency transactions.

	Year Ended July 31,								Year Ended July 31,
	2023		2022		Change				2022		2021		Change
	Amount		Amount		Amount		%		Amount		Amount		Amount		%
	(dollars in millions)
Other income, net	$	206.2	$	9.0	$	197.2	2,191.1	%	$	9.0	$	2.4	$	6.6	275.0	%

Other income, net increased for fiscal 2023 compared to fiscal 2022 primarily due to higher interest income as a result of higher interest rates and higher average cash, cash equivalent, and investments balances for fiscal 2023 compared to fiscal 2022.

PROVISION FOR INCOME TAXES

Provision for income taxes consists primarily of U.S. taxes driven by capitalization of research and development expenditures, foreign income taxes, and withholding taxes. We maintain a full valuation allowance for domestic and certain foreign deferred tax assets, including net operating loss carryforwards and certain domestic tax credits. Our valuation allowance has caused, and may continue to cause, disproportionate relationships between our overall effective tax rate and other jurisdictional measures. We regularly evaluate the need for a valuation allowance. Due to recent profitability, a reversal of our valuation allowance in certain jurisdictions in the foreseeable future is reasonably possible.

	Year Ended July 31,										Year Ended July 31,
	2023			2022			Change				2022			2021			Change
	Amount			Amount			Amount		%		Amount			Amount			Amount		%
	(dollars in millions)
Provision for income taxes	$	126.6		$	59.8		$	66.8	111.7	%	$	59.8		$	33.9		$	25.9	76.4	%
Effective tax rate	22.4		%	(28.9)		%					(28.9)		%	(7.3)		%

Our provision for income taxes for fiscal 2023 was primarily due to U.S. federal and state income taxes, withholding taxes, and foreign income taxes. Our effective tax rate varied for fiscal 2023 compared to fiscal 2022, primarily due to our profitability in fiscal 2023 and an increase in U.S. taxes driven by capitalization of research and development expenditures with no offsetting deferred benefit due to our valuation allowance. This increase was offset by releases of uncertain tax positions during fiscal 2023 resulting from tax settlements. Refer to Note 15. Income Taxes in Part II, Item 8 of this Annual Report on Form 10-K for more information.

Liquidity and Capital Resources

	July 31,
	2023		2022
	(in millions)
Working capital(1)	$	(1,689.5)	$	(1,891.4)
Cash, cash equivalents, and investments:
Cash and cash equivalents	$	1,135.3	$	2,118.5
Investments	4,302.6		2,567.9
Total cash, cash equivalents, and investments	$	5,437.9	$	4,686.4

(1)Current liabilities included net carrying amounts of convertible senior notes of $2.0 billion and $3.7 billion as of July 31, 2023 and 2022, respectively. Refer to Note 10. Debt in Part II, Item 8 of this Annual Report on Form 10-K for information on the Notes.

As of July 31, 2023, our total cash, cash equivalents, and investments of $5.4 billion were held for general corporate purposes. As of July 31, 2023, we had no unremitted earnings when evaluating our outside basis difference relating to our U.S. investment in foreign subsidiaries. However, there could be local withholding taxes due to various foreign countries if certain lower tier earnings are distributed. Withholding taxes that would be payable upon remittance of these lower tier earnings are not expected to be material.

- 47 -

DEBT

In July 2018, we issued the 2023 Notes with an aggregate principal amount of $1.7 billion. The 2023 Notes were converted prior to or settled on the maturity date of July 1, 2023. During fiscal 2023, we repaid in cash $1.7 billion in aggregate principal amount of the 2023 Notes and issued 11.4 million shares of common stock to the holders for the conversion value in excess of the principal amount of the 2023 Notes converted, which were fully offset by shares we received from our exercise of the associated note hedges. In June 2020, we issued the 2025 Notes with an aggregate principal amount of $2.0 billion. The 2025 Notes mature on June 1, 2025; however, under certain circumstances, holders may surrender their 2025 Notes for conversion prior to the applicable maturity date. Upon conversion of the 2025 Notes, we will pay cash equal to the aggregate principal amount of the 2025 Notes to be converted, and, at our election, will pay or deliver cash and/or shares of our common stock for the amount of our conversion obligation in excess of the aggregate principal amount of the 2025 Notes being converted. The sale price condition for the 2025 Notes was met during the fiscal quarter ended July 31, 2023, and as a result, holders may convert their 2025 Notes during the fiscal quarter ending October 31, 2023. If all of the holders convert their 2025 Notes during this period, we would be obligated to settle the $2.0 billion principal amount of the 2025 Notes in cash. We believe that our cash provided by operating activities, our existing cash, cash equivalents and investments, and existing sources of and access to financing will be sufficient to meet our anticipated cash needs should the holders choose to convert their 2025 Notes during the fiscal quarter ending October 31, 2023 or hold the 2025 Notes until maturity on June 1, 2025. As of July 31, 2023, substantially all of our 2025 Notes remained outstanding. Refer to Note 10. Debt in Part II, Item 8 of this Annual Report on Form 10-K for more information on the Notes.

In April 2023, we entered into a new credit agreement (the “2023 Credit Agreement”) that provides for a $400.0 million unsecured revolving credit facility (the “2023 Credit Facility”), with an option to increase the amount of the 2023 Credit Facility by up to an additional $350.0 million, subject to certain conditions. The interest rates and commitment fees are also subject to upward and downward adjustments based on our progress towards the achievement of certain sustainability goals related to greenhouse gas emissions. As of July 31, 2023, there were no amounts outstanding, and we were in compliance with all covenants under the 2023 Credit Agreement. Refer to Note 10. Debt in Part II, Item 8 of this Annual Report on Form 10-K for more information on the Credit Agreement.

CAPITAL RETURN

In February 2019, our board of directors authorized a $1.0 billion share repurchase program. In December 2020, August 2021, and August 2022, our board of directors authorized additional $700.0 million, $676.1 million, and $915.0 million increases to this share repurchase program, respectively, bringing the total authorization under this share repurchase program to $3.3 billion. Repurchases will be funded from available working capital and may be made at management’s discretion from time to time. The expiration date of this repurchase authorization was extended to December 31, 2023, and our repurchase program may be suspended or discontinued at any time. As of July 31, 2023, $750.0 million remained available for future share repurchases under this repurchase program. Refer to Note 13. Stockholders’ Equity in Part II, Item 8 of this Annual Report on Form 10-K for information on these repurchase programs.

LEASES AND OTHER MATERIAL CASH REQUIREMENTS

We have entered into various non-cancelable operating leases primarily for our facilities with original lease periods expiring through the year ending July 31, 2033, with the most significant leases relating to our corporate headquarters in Santa Clara, California. As of July 31, 2023, we have total operating lease obligations of $339.4 million recorded on our consolidated balance sheet.

As of July 31, 2023, our commitments to purchase products, components, cloud and other services totaled $1.8 billion. Refer to Note 12. Commitments and Contingencies in Part II, Item 8 of this Annual Report on Form 10-K for more information on these commitments.

CASH FLOWS

The following table summarizes our cash flows for the years ended July 31, 2023, 2022, and 2021:

	Year Ended July 31,
	2023		2022		2021
	(in millions)
Net cash provided by operating activities	$	2,777.5	$	1,984.7	$	1,503.0
Net cash used in investing activities	(2,033.8)		(933.4)		(1,480.6)
Net cash used in financing activities	(1,726.3)		(806.6)		(1,104.0)
Net increase (decrease) in cash, cash equivalents, and restricted cash	$	(982.6)	$	244.7	$	(1,081.6)

- 48 -

Cash from operations could be affected by various risks and uncertainties detailed in Part I, Item 1A “Risk Factors” in this Form 10-K. We believe that our cash flow from operations with existing cash and cash equivalents will be sufficient to meet our anticipated cash needs for at least the next 12 months and thereafter for the foreseeable future. Our future capital requirements will depend on many factors including our growth rate, the timing and extent of spending to support development efforts, the expansion of sales and marketing activities, the introduction of new and enhanced products and subscription and support offerings, the costs to acquire or invest in complementary businesses and technologies, the costs to ensure access to adequate manufacturing capacity, the investments in our infrastructure to support the adoption of our cloud-based subscription offerings, the repayment obligations associated with our Notes, the continuing market acceptance of our products and subscription and support offerings and macroeconomic events. In addition, from time to time, we may incur additional tax liability in connection with certain corporate structuring decisions.

We may also choose to seek additional equity or debt financing. In the event that additional financing is required from outside sources, we may not be able to raise it on terms acceptable to us or at all. If we are unable to raise additional capital when desired, our business, operating results, and financial condition may be adversely affected.

OPERATING ACTIVITIES

Our operating activities have consisted of net income (losses) adjusted for certain non-cash items and changes in assets and liabilities. Our largest source of cash provided by our operations is receipts from our billings.

Cash provided by operating activities during fiscal 2023 was $2.8 billion, an increase of $792.8 million compared to fiscal 2022. The increase was primarily due to growth of our business as reflected by increases in collections during fiscal 2023, partially offset by higher cash expenditure to support our business growth.

INVESTING ACTIVITIES

Our investing activities have consisted of capital expenditures, net investment purchases, sales, and maturities, and business acquisitions. We expect to continue such activities as our business grows.

Cash used in investing activities during fiscal 2023 was $2.0 billion, an increase of $1.1 billion compared to fiscal 2022. The increase was primarily due to an increase in purchases of investments and an increase in net cash payments for business acquisitions, partially offset by an increase in proceeds from sales and maturities of investments during fiscal 2023.

FINANCING ACTIVITIES

Our financing activities have consisted of cash used to repurchase shares of our common stock, proceeds from sales of shares through employee equity incentive plans, and payments for tax withholding obligations of certain employees related to the net share settlement of equity awards.

Cash used in financing activities during fiscal 2023 was $1.7 billion, an increase of $919.7 million compared to fiscal 2022. The increase was primarily due to repayments of our 2023 Notes upon maturity, partially offset by a decrease in repurchases of our common stock during fiscal 2023.

Critical Accounting Estimates

Our consolidated financial statements have been prepared in accordance with U.S. GAAP. The preparation of these consolidated financial statements requires us to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenue, expenses, and related disclosures. We base our estimates on historical experience and on various other assumptions that we believe are reasonable under the circumstances. We evaluate our estimates and assumptions on an ongoing basis. Actual results could differ materially from those estimates due to risks and uncertainties, including uncertainty in the current economic environment. To the extent that there are material differences between these estimates and our actual results, our future consolidated financial statements will be affected.

We believe that of our significant accounting policies described in Note 1. Description of Business and Summary of Significant Accounting Policies in Part II, Item 8 of this Annual Report on Form 10-K, the critical accounting estimates, assumptions, and judgments that have the most significant impact on our consolidated financial statements are described below.

- 49 -

REVENUE RECOGNITION

The majority of our contracts with our customers include various combinations of our products and subscriptions and support. Our appliances and software licenses have significant standalone functionalities and capabilities. Accordingly, these appliances and software licenses are distinct from our subscriptions and support services as the customer can benefit from the product without these services and such services are separately identifiable within the contract. We account for multiple agreements with a single customer as a single contract if the contractual terms and/or substance of those agreements indicate that they may be so closely related that they are, in effect, parts of a single contract. The amount of consideration we expect to receive in exchange for delivering on the contract is allocated to each performance obligation based on its relative standalone selling price.

We establish standalone selling price using the prices charged for a deliverable when sold separately. If the standalone selling price is not observable through past transactions, we estimate the standalone selling price based on our pricing model and our go-to-market strategy, which include factors such as type of sales channel (channel partner or end-customer), the geographies in which our offerings were sold (domestic or international), and offering type (products, subscriptions, or support). As our business offerings evolve over time, we may be required to modify our estimated standalone selling prices, and as a result the timing and classification of our revenue could be affected.

INCOME TAXES

We account for income taxes using the asset and liability method, which requires the recognition of deferred tax assets and liabilities for the expected future tax consequences of events that have been recognized in our consolidated financial statements or tax returns. In addition, deferred tax assets are recorded for all future benefits including, but not limited to, net operating losses, research and development credit carryforwards, and basis differences relating to our global intangible low-taxed income. Valuation allowances are provided when necessary to reduce deferred tax assets to the amount more likely than not to be realized.

Significant judgment is required in determining any valuation allowance recorded against deferred tax assets. In assessing the need for a valuation allowance, we consider all available evidence, including past operating results, estimates o