- 2 -
SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS
This Annual Report on Form 10-K, including the sections entitled “Business,” “Risk Factors,” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. The words “believe,” “may,” “will,” “potentially,” “estimate,” “continue,” “anticipate,” “intend,” “could,” “would,” “project,” “plan” “expect,” and similar expressions that convey uncertainty of future events or outcomes are intended to identify forward-looking statements.
These forward-looking statements include, but are not limited to, statements concerning the following:
These forward-looking statements are subject to a number of risks, uncertainties, and assumptions, including those described in “Risk Factors” included in Part I, Item 1a and elsewhere in this Annual Report on Form 10-K. Moreover, we operate in a very competitive and rapidly changing environment, and new risks emerge from time to time. It is not possible for our management to predict all risks, nor can we assess the impact of all factors on our business or the extent to which any factor, or combination of factors, may cause actual results to differ materially from those contained in any forward-looking statements we may make. In light of these risks, uncertainties, and assumptions, the forward-looking events and circumstances discussed in this Annual Report on Form 10-K may not occur, and actual results could differ materially and adversely from those anticipated or implied in the forward-looking statements. We undertake no obligation to revise or publicly release the results of any revision to these forward-looking statements, except as required by law. Given these risks and uncertainties, readers are cautioned not to place undue reliance on such forward-looking statements.
ITEM 1. BUSINESS
General
We have pioneered the next generation of network security with our innovative platform that allows enterprises, service providers, and government entities to secure their networks and safely enable the increasingly complex and rapidly growing number of applications running on their networks. The core of our platform is our Next-Generation Firewall, which delivers application, user, and content visibility and control as well as protection against cyber threats integrated within the firewall through our proprietary hardware and software architecture. Our platform offers a number of compelling benefits for our end-customers, including the ability to identify, control, and safely enable applications while offering protection against cyber threats in real time. We believe our platform also offers
- 3 -
superior performance compared to legacy approaches and reduces the total cost of ownership for organizations by simplifying their network security infrastructure and eliminating the need for multiple, stand-alone security appliances. Our products and services can address a broad range of our end-customers’ network security requirements, from the data center to the network perimeter, as well as the distributed enterprise, which includes branch offices and a growing number of mobile devices.
Our platform is based on an innovative traffic classification engine that identifies network traffic by application, user, and content. As a result, it provides in-depth visibility into all traffic and all applications, at the user level, at all times, and at the full speed of the network in order to control usage, content, risks, and cyber threats. This enables our end-customers to transform their organizations by safely enabling applications through a positive security model with fine-grained policy implementation capabilities.
Our platform is delivered in the form of a hardware or virtual appliance and includes a suite of subscription services as well as support and maintenance. Our subscription services can be easily activated on any of our appliances without requiring additional hardware or processing resources, thereby providing a seamless implementation path for our end-customers. All of our appliances incorporate our PAN-OS operating system and are based on our proprietary identification technologies, application visibility and control (App-ID), user identification (User-ID), and Content-ID, which allow security policies to be defined within the context of applications, users, and content. We deliver these capabilities through an innovative, Single Pass Parallel Processing (SP3) architecture that simultaneously performs multiple identification, security, and networking functions. As a result, our end-customers achieve safe application enablement and advanced levels of cybersecurity, while maintaining high network performance.
We serve the enterprise network security market, which consists of Firewall, Unified Threat Management (UTM), Web Gateway, Intrusion Detection and Prevention (IDS/IPS), and Virtual Private Network (VPN) technologies.
We sell our platform through a high touch, channel fulfilled sales model. Our business is geographically diversified, with 63% of our total revenue from the Americas, 23% from Europe, the Middle East, and Africa (EMEA), and 14% from Asia Pacific and Japan (APAC) in fiscal 2013. As of July 31, 2013, we had over 13,500 end-customers in more than 120 countries.
We were incorporated in 2005 as Palo Alto Networks, Inc., a Delaware corporation. Our principal executive offices are located in Santa Clara, California, and our telephone number is (408) 753-4000. Our website is www.paloaltonetworks.com.
We are organized and operate in a single segment. See Note 12 to Consolidated Financial Statements included in Part II, Item 8 of this Annual Report on Form 10-K.
Products and Services
Appliances. All firewall appliances come with the same rich set of features ensuring consistent operation across the entire product line. These features include: App-ID, User-ID, site-to-site VPN, remote access SSL VPN, and Quality-of-Service (QoS). We classify our appliances based on throughput. In addition to firewall appliances, we offer dedicated Panorama and WildFire appliances.
Panorama. Panorama is our centralized security management solution for global control of all of our appliances deployed on an end-customer’s network as a virtual appliance or a physical appliance. Panorama is used for centralized policy management, device management, software licensing and updates, centralized logging and reporting, and log storage. Panorama controls the security, network address translation (NAT), QoS, policy based forwarding, decryption, application override, captive portal, and DDoS/DoS protection aspects of the appliances and virtual systems under management. Panorama centrally manages device software and associated updates, including SSL-VPN clients, GlobalProtect clients, dynamic content updates, and software licenses. Panorama offers the ability to view logs and run reports from all managed appliances without the need to forward the logs and to report on aggregate user activity for all users, including mobile users. Panorama reliably expands the log storage for long-term event investigation and analysis through high-availability features for central management.
Virtual System Upgrades. Virtual System Upgrades are available as extensions to the Virtual System capacity that ships with the appliance. Virtual Systems provide a virtualization solution to our large enterprise and service provider end-customers that implement large data centers, private cloud, and public cloud security infrastructures and need to support a multi-tenant firewall environment.
Subscription Services. We offer a number of subscription services as part of our platform. These services include: