Fortinet, Inc. (FTNT) Earnings Call Transcript & Summary

Good afternoon, everyone. Before we get started, if you are a member of the press or media, please disconnect at this time. This is a restricted line. Any unauthorized party in this meeting or any unauthorized use of the information communicated in this meeting is subject to prosecution to the fullest extent of the law. Any unauthorized person, including the media that is on the line at this time, please disconnect. Please note, today's call is being recorded.

Good afternoon, everyone. My name is Andy Nowinski. I'm the software analyst at Wells Fargo. And today, it's my pleasure to introduce you to the team at Fortinet. So we have Keith Jensen, Chief Financial Officer; John Maddison, the Chief Marketing Officer; and Peter Salkowski, the Head of Investor Relations. So welcome to the Wells Fargo TMT conference, guys.

Thank you, Andrew. Good to be here.

Great. So we have about 30 minutes today. We'll be done at 2:30 Eastern Time, so maybe we'll just jump right in.

I think one of the main questions we hear from investors, obviously, is the supply chain constraints as a top concern. So why don't we start by explaining why Fortnite -- Fortinet might be more insulated as it relates to the shortage versus the other vendors in the market?

Sure. I think there's a couple of few points that makes us a little bit different. One is, historically, we'd like to keep our inventory turns, say, the 3% to 4% range. We've moved those down earlier in the pandemic to trying to target between 2% and 3%. So you're looking at having about 5 months of inventory on hand, I think some of our competitors have probably have done well historically, the just-in-time inventory models and maybe that has not sold on fairly well during the pandemic. And I think some of it is also just numbers. REITs control 38% of the unit ships of all firewalls worldwide. We've got about 70 different products, and we use about a dozen different contract manufacturers. While that makes a lot of complication, it makes my operating team -- operations seem a little challenging. It does give us a lot of flexibility and a lot of leverage. We can do things like if there's a shortage of a current firewall product, we can do a customer up and down the price list to the adjacent product and where that works out for them. We can also move components between our contract manufacturers, one manufacturer going to an critical components complete, we may be able to move it from another contract manufacturer. So I think it's given us net-net, a lot more flexibility, a lot more leverage than others.

That makes sense, Keith. So I guess you talked about having 5 months of inventory on hand I assume that's more finished goods. But do you also keep, I guess, one of the main components of a firewall, one of the key attributes of Fortinet's firewalls you're custom ASIC. Do you actually keep a supply of those -- just those individual components that you could send to your contract manufacturers you used?

Yes, you're absolutely right that when I talk about the inventory turns, I'm talking about finished goods. And specifically to the chips, our model historically has been to try and forward stage about 3 months of inventory of the chips in our warehouses that are available to move over to the contract manufacturers and another 3 months for a total of 6 altogether, 4 states at the contract manufacturers ready to go into production.

Got you. And I think you noted that some of your competitors were leveraging more of a just in time type inventory process, whereas you always had more of a build in advance and it sounds like that's one of the key areas that you're different from the other vendors in the market that maybe also seeing a supply shortage?

Yes. And I think that as part of our culture, we're very hands-on when it comes with the inventory I feel very close to the manufacturing process of that. And while we do work with -- as I say, about a dozen different contract manufacturers, we're very engaged with them several times a day in terms of planning and the scheduling of inventory and future deliveries. We do, as I say, we take title for that inventory as soon as it leaves the contract manufacturer and switch to our warehouses, and we store them there.

Got it. And just a clarification as well as it relates to that inventory of chips that you have. The questions are coming up now. But actually, I believe this, you actually started building inventory of chips and components at the start of the pandemic back in early 2020. So it's not something that you just are reacting to now. This has been something you've been doing for a while. Is that correct?

You're absolutely right. The reason may be a little bit different. In the very beginning of the pandemic, we were a little concerned about getting shipments out of Asia, whether it was ocean or in the belly of an airplane. And we started building up our inventory levels in response to that. And as now as the pandemic has continued to lack of better term mature, I guess, it's created a different type of supply chain challenge. But throughout 2020 and in 2021, wherever we've had the chance, we continue to build up our inventories.

Makes sense, Keith. Okay. Maybe in the same vein as it relates to the supply constraints, you did have a backlog exiting Q3 Well, maybe if you could just give us a little bit more color around that backlog. What percentage of orders are actually from existing customers in that backlog versus new customers? And ultimately, what I'm trying to understand is, how easy is it for that backlog to be perhaps canceled?

Yes. The company has historically not had a lot of backlog. We do see a small pickup in the backlog in the third quarter. And I think we'd characterize that as being about 70% of that backlog related to switches and access points. I think there's also the question of how much of that is from new customers, which would be perhaps more likely to be canceled versus existing customers. And our mix of -- even though we had 6,000 new logos signed up for the quarter, and I think that was for 2 quarters in a row, our top line mix in terms of revenue billings was very consistent between existing customers and new customers. And our backlog mix was actually very consistent as well. I didn't see anything that really spiked up there. And then lastly, I would note that when it comes to what we saw in backlog, switches and access points, that's more likely to go -- it's going to be sold to an existing customer as part of our land and expand strategy, typically leave the firewall, then we want to sell the platform on subsequently. But I don't think that what we saw in the third quarter or in this quarter was companies trying to gain the system or customer trying to gain the system by playing they do orders in good multiple vendors.

That's great that you're not seeing that. So do you -- I guess, as it relates to maybe not placing double orders, but do you -- is it possible that customers might be placing orders now for firewalls that they may not have needed until perhaps the end of next year knowing that there is this delay? Do you think there's any sort of build up, I guess, it would be in your billings where they place an order that you might not have expected until next year?

It's a good question and get some clarification. You would not see that type of order in our financial statements. It would not be revenue and it would not be billing. So it would be backlog. What I think we're seeing in this phase of pandemic. One is kind of to your point, a lot more collaboration between our sales team and some of our enterprise customers about their planned deployments for the future, which I think is a good and healthy thing. If you think about what the types of customers and whether or not they're going to go vendor shopping, if you look at large enterprises, if you're the incumbent in a large enterprise, it's very unlikely they're going to make a move because of the architectural demands that go with that. If it's a large enterprise that has a dual vendor strategy, and there's a new use case, and you, like Fortinet, have product available, you're probably going to win that opportunity. If it's a displacement opportunity and you may be mature to the POC phase where it's become -- where you've proven that you have the capability. You probably -- I think we see a better chance of winning at that point because we do have the products available. If you move down to the smaller enterprises, I think those companies are more reacting to ransomware. They need it now I think that their real focus is perhaps more on cost of performance and availability. And I do think that helped us with a 6,000 new logos, but we were able to deliver on that. And again, no real difference in the mix in terms of billings of revenue between new and existing.

That's great. Just to wrap this up, it does seem like the backlog will likely persist at the end of Q4. And most likely, I would guess, throughout 2022, unless this gets resolved a lot quicker than people think. So would you consider giving any sort of like a book-to-bill type metric to investors knowing that this backlog will likely persist?

Yes, it's a great question, and it's one that we've talked about internally. Specifically, when we're getting ready for the third quarter earnings call and looking at that 51% product growth and knowing that we had a bit of an uptick in the backlog. And the question internally was, would that be helpful to investors to understand more about that. And I think at the level of backlog, I would call it a bit of an uptick. We thought beyond the 61% product revenue growth, we thought that was a good way to approach things. Now as we continue to move forward through the pandemic and backlog and shipments continue to grow, I think it's quite possible we we'll definitely revisit that conversation as part of the fourth quarter earnings call. And it's certainly possible that we'll add some sort of disclosure saying, here's our billings, here's our revenue, and here's a new metric talking about backlog.

Okay. Great. Let's shift gears now as it relates to more of the sustainability of growth and some of the growth drivers you have. Consolidation of vendors is one thing that we certainly have, as I would say, a cornerstone of our thesis on Fortinet, but we're definitely seeing in the marketplace a lot of resellers telling us that CISO just have too many vendors in their data center and they want to reduce the number of vendors they're working with and move to more of an integrated platform. You've talked about it on your Q3 earnings call as well. I'm just wondering what type of products or vendors perhaps are you seeing that are getting consolidated out if this trend is actually occurring and which vendors are losing out because of this consolidation trend?

Yes. Let me comment on that. I'll just speak to a lot of customers each week and CTOs, CIOs, CSOs, I think there's 2 types that are happening. One is what we call a convergence where multiple functions are coming together. A good example for us is where we converge SD-WAN and firewall together. So that's taking 2 separate solutions and converting it into 1. It gives you an operational savings. It gives you the security on that networking device. So there's a -- coming together on networking and secure convergence. And the second area is consolidation. And it's not so much that you're taking out of products. So maybe you still have endpoint email firewall, but what's really hard for the customer is to make more work together. If there's vendor A, vendor B, vendor C get into exchange policy or threat intelligence is really hard. And so that's where I'm seeing the consolidation plans happen when they will take a use case and select the same vendor to consolidate the solution because that solution works better as a platform versus individual point products. So those are the 2 main areas, which are convergence and consolidation, which coming together I don't know exactly. You'll see some additional networking vendors losing some market share to SD-WAN. IP routing is definitely shrinking. You'll see some smaller security players and maybe being pushed out because they don't have that platform approach.

Okay. That makes sense. One thing I just -- before we go on, I forgot to mention any investors that are on the call right now. If you do have a question you'd like me to weave into the discussion, feel free to e-mail me at [email protected]. I'm happy to weave it into the discussion. So maybe moving on for John or Keith, I want to talk about your FortiGate products, and then we'll get to some non-FortiGate questions. So last quarter, in Q3, you had 51% growth in product revenue. That was clearly amazing the best it's been since your IPO in 2009. I know SD-WAN was strong. I think it grew by maybe 50% year-over-year, which is pretty consistent with where it's been growing. But what are the other firewall use cases that contributed to that growth? Could you just help us understand what really popped that growth to such a high level?

Yes. Yes. Definitely SD-WAN was a big driver. We consider that to be foundational technology going forward, both for things like SD-Branch or the cloud. But other use cases, one of them is operational technology security and OT networks whether it be manufacturing or gas or energy. And what we've seen is maybe some of this was driven by the pandemic. in that access now remote access is allowed. And what used to be an air gap between the OT world and the IT world has gone away. And we're seeing a really big growth there because we do need to protect those OT environments more and more especially since ransomware as it comes to before, we've seen almost a 10x increase in ransomware and rental haven't go in there and hold production, et cetera, it's all from pipeline as an example. And so I think firewalls in that environment has a big growth opportunity. We mentioned SD-WAN. I think customers are also -- as they build, they build out their digital world, they're going to make sure that they've got segmentation in place. Segmentation is one of a very important criteria to stop ransomware from spreading inside the organization. So we're seeing ransomware. We're also seeing certain companies, especially in certain sectors want to do more inspection of SSL traffic. So that's a big component of our system. It can do SSL inspection unlike many other files outside there. And I would say, overall, just additional services on top of next-gen firewalls as well, whether it be IPS or whether it be application control or single as well. So services, new markets, the OT, SD-WAN driving, the edge and then also, as I said, segmentation being important not only in the campus but in the data center.

That's a great explanation. I think the common understanding of ransomware is that it's in affecting endpoints, you need endpoint security, which I know Fortinet has, but I don't think many people relate ransomware attacks to the need for upgrading your network firewalls. So that's a good link.

Yes. You've got to stop that lateral movement. But we also think the platform going forward is not just a platform for saving money. The major rumors are cerviden like Gartner last year are saying, yes, you save money, you don't mean to us many trained people across many different products. The real reason CISO's one platform is to get a better security posture to be able to automate the response. And so it's not just endpoints down the road, it's endpoint plus 0 trust plus firewall plus WAP, and all these things talking together to give you a better solution, more integrated, that's how you stop runs not with a stand-alone product.

I guess it goes back to your integrated platform, having all those different threat vectors integrated is what the bigger larger enterprises are looking for versus deploying point products that aren't integrated across the various threat vectors?

Yes. Well, it's I think the cybersecurity industry is poor in our opinion, is working together, to put it that way, to say the least. And having an vendor A vendor B and vendor C getting 2 vendors look together, it's not enough the mine 3 or 4 vendors. And in fact, Gartner has just come out with something called the cybersecurity mesh architecture. It's kind of recognizing that our platform process is needed. It's not just that you've got individual point products that don't talk to each other. The architecture we've built over the last 10 years is to send all the information to assume or do the operations to a single management console. And that just doesn't work to the lowest common denominator you're dealing with. So the ability for a platform for products for an endpoint product to talk to a firewall, from a firewall to talk to a WAP product to talk to an identity-based system. In fact, if you look at the Endpoint marketplace, it's migrating from EDR already into something called XDR. This is extended detection response, which includes the ability to look at other threat vectors. So I think what's happening is the industry is realizing or CISO has already realized that they need to build a platform for a use case that involves multiple products that talk to each other for shared threat intelligence that share the policy.

That makes sense. Just to wrap up the discussion as it relates to endpoint security and ransomware attacks. I mean do you see Fortinet winning in the endpoint security market with just a standalone sale of your endpoint solutions? Or is it -- when you win in the endpoint market, is it a part of a bigger platform deal? So I guess I'm asking, are you competing against the CrowdStrike like SentinelOne? Or are you more competing against vendors I guess, that have more of a platform and those types of backups? So they're buying everything and they're not just buying one of your point solutions.

I think both absolutely are for the EDR product will go against CrowdStrike and anybody out there. It was a test house called MITRE. They do some very detailed testing. We both test results on them. I think they're coming out of January, again, we do it every 6 months. So we didn't go head-to-head product to product with any of the endpoint EDR that is out there. But I think a lot of the customers also want to see our vision. In fact, this is not just for endpoint, whether it's network and cloud. They want to see where you go into the vision. And the vision is definitely that you take that EDR and integrate it with your Zero-Trust, which is replacing obviously, VPN right now. And you integrate it with you work from anywhere solution. That's what they really want to get to. They want to work from anywhere solution that is just as good when you're traveling or at the home or in the office, and the user experience is the same across all those. And automatically, the systems we can figure for wherever you are in that location. So that plus some contextual information as you go forward. You need that contextual information depending on where you are. So yes, we'll go head-to-head mainly as a point product, but customers want to see that vision of a platform going forward.

That makes sense. Okay. Let's shift gears to the non-FortiGate side. On the Q3 earnings call, you mentioned the top 5 non-FortiGate solutions were mail, SIM, sandbox, switches and virtual firewalls. I certainly understand why virtual firewalls would be strong as more applications move to the cloud. But can you explain why maybe some of the other areas had such strong growth as last quarter?

Well, again, this is another example of a platform e-mail to e-mail. 25% of infection still happen through social engineering. And so if you haven't go visit that e-mail component, you're missing a huge part of the threat vector. And so again, yes, I can get my e-mail security from Microsoft or Google or maybe a stand-alone vendor. And that's good, and that provides a protection. But if you can find something inside your e-mail account, you can link that to your sandbox and you link that to a policy that goes out and shuts down either some access from a certain endpoint automatically. That's the key. So again, it is some of it stand-alone e-mail securities and actually, our web application firewall does very well as API security becomes very important. Some of it stand-alone, but again, they kind of put it together. I'm buying a stand-alone product, but I wanted to link to my SecOps. So I wanted to think it's on my network to provide that overall solution. And the other component that customers are talking about today besides the security element is this digital experience. They're building out accelerating their digital projects, but they want to measure it. How does that use or a device, how does it connect to my applications? What is the experience in terms of latency in terms of throughput, in terms of availability of that application. So measurement of the security and measurements of the user experience becoming very important.

Okay. That makes sense. It does sound like it all boils back to the consolidation play, where you have a fully integrated platform with many different -- covering many different threat vectors that should continue to drive growth for Fortinet. Maybe another area that I wanted to touch on was Zero-Trust. I think this -- I'm not sure if is FortiSASE in the it drives your Zero-Trust wins. But is that part of the non-FortiGate portfolio?

Yes. So Zero-Trust to us is a really important concept. As part of that device and user awareness that needs to sit and link into the networking and proxy component and then a policy engine across it. And so for us, our 40 client provides that Zero-Trust. The proxy enforcement can be either one of our FortiGates with the FortiOS in the data center. It can be one of our FortiSASE pots. And so now you can see is integration of SASE and Zero-Trust. And that really just really focuses on our work from anywhere solution. So remote access, private access, securing devices on and off the network. They all come together with Zero-Trust and SASE, endpoint security and also proxy and identity integration.

Okay. I suspect I know the answer to this, and it slightly goes back again, your fully integrated platform. But why do you think in the Zero-Trust space, I mean Zscaler certainly has a very comprehensive solution, routing everything through their cloud service. But why do you think Fortinet might be better positioned than Zscaler to win deals in the Zero-Trust space?

I think I was -- again, I was talking to a large bank -- European bank yesterday. And they were trying to work out what is the point -- today, they've and everything back to the data center. And they said, well, if I go to the cloud, I send everything to the cloud, it's the same concept. So they just think that a hybrid approach is going to be very much what's needed going forward. And so have everything in the cloud, when you need something in the network, the network is very important. You need something on the endpoint. OT, for example, they're going to put the compute next to the OT. There's no point in sending it back to the cloud or back there if you need latency. So we think, again, it's the platform approach, but also the location. We need to be able to put security at the LAN Edge in the OT. I can't just sit in the cloud. And so that's why I think we've got an advantage over Zscaler. We have other platform advantages. We have a full-blown EDR that can detect the device posture and feed that into our Zero-Trust engine. We can put our proxy enforcement anywhere across the edges of the network. So I think -- again, I think if you just cloud or you're just endpoint or you're just network, that's not going to work as a platform in the future.

Right. That makes sense. Do you feel like your Zero-Trust portfolio is where it needs to be to effectively compete in that market, which seems to be in the very nascent stages right now? But do you feel like there's more that Fortinet can add to? Or do you feel like you're already a really good driver seat position in that space?

I think we've got a very good solution. I think our only issue is making sure that we've got our partners and our sales people train on it correctly.

Got it. Okay. We've got about 6 minutes left. I've just got a few more questions for you. Another big growth driver that I think we can start -- what we may start to see next year is really the build-out of 5G networks. And I think the OT market may be also related to this, but I was just wondering if you could give us an update on both the OT. I know you kind of touched on it earlier with OT security. But just curious how that -- and the 5G rollouts might be potential growth drivers for Fortinet in 2022?

Yes. Two areas. And I think it's the mobile edge compute is very much linked to OT. We're seeing -- and I think SD-WAN, again, is a foundational building block because from SD-WAN, we can provide that connectivity to overseas sites. We can then move that to SD-Branch because we've got Wi-Fi controllers, Ethernet controllers, 5G, extended controllers built into our core nex-gen firewall and SD-WAN then we can extend that to that SD-Branch concept where we provide Wi-Fi and switching into the OT environment. Now you may need -- we've also built out rugged devices, switches, access points, firewalls, which allow us to kind of deploy there. And then there's the whole SD-WAN marketplace that I've spoken to retailers, for example, we want to use 5G as the primary link. So we've got that 5G connectivity that's going to happen over the next few years. There's still a lot of areas that don't have a 5G connectivity. But as 5G rolls out, we're seeing many of our customers want that 5G asset, sometimes a primary connection. And then in the core of 5G networks, we're starting to implement and put our devices in that because they need security in the core in the radio access in the Internet gateway. And these devices need to run at terabit per second, not hundreds of megabits per second. So we see 5G as a big opportunity as connectivity to the 5G network, but also in the core of the 5G network, providing that security there.

Yes. I want to maybe just drill into that core component. I know on the earnings call, Ken had -- I'd asked Ken about 5G rollouts and how it may have been driving your large, I guess, large enterprise growth, which was really strong in Q3, but you said it was more actually just the large enterprise side. It was -- excuse me, the low, mid- and high-end firewall appliances are being driven more by a large enterprise. Why do you think it's taking a little bit longer for the 5G rollout to really start because that seems like that's the sweet spot for Fortinet, you've always historically been really strong in the carrier market?

Yes. Just a function of the service providers rolling out the 5G networks and elements of that. And so we sit in maybe 3 or 4 different places of the 5G network. Again, maybe it's the radio access security, maybe it's the Internet gateway security, even the mobile edge compute security, for example. So I think it's just a function of them rolling that out. But there is some debate within service providers, whether I want to make that completely virtual in software versus appliance. We're seeing -- as in the universe of CP marketplace, we're seeing people start with virtual and come back to appliances, eventually there. So I just think it's a function that we be rolling it out. It's the same on the connectivity side, which I think was away more than anything else, it's a function of what the 5G availability to those enterprises, wherever they are.

Got it. Okay. Maybe to wrap up the discussion this afternoon, I wanted to talk about that recent acquisition you made because you don't make many of them, but the ALAXALA acquisition, I think it added about $15 million in revenue in Q3, which I believe was 1 month of sales. So clearly, not a big contributor to your -- to the upside in your quarter. But if you net that out, how do we think about the contribution that, that acquisition might potentially make in Q4 as it relates to the big guidance raise that you gave?

Yes, great pickup on that, Andrew. ALAXALA, I think you can see $15 million of top line benefit in the third quarter, it wasn't being 1 month. ALAXALA is going to represent low single digits of our business going forward. So I really don't want to get into a protracted discussion every quarter of our guidance. That said, let me get some points of validated. So $15 million a month free we expect that ALAXALA will behave like other tech companies. And by that, I mean, with linearity, 50% of their business is in the third month of each quarter. So you can kind of do that math. And very, as a Japanese company, their year-end is in March. So you're not going to get the corporate budget flush in our December quarter. Rather, we expect that their December quarter is going to look an awful lot like their Q3 hits. So I think people can kind of piece that together and give some validation to the numbers. Look, I think we're excited about the opportunity with it. It brought a host of R&D resources that we very much were interested in. It brings that chassis switch, which is something that's missing in our product suite. They have very good traction in the enterprise sector in Japan as well as in the public sector. So while it was an inexpensive acquisition, at $64 million, I think, and check a lot of boxes for us that we're very pleased with.

Did you have a big presence in Japan? And what other competitors do you anticipate seeing in Japan with this acquisition?

Yes. I think for most tech companies, Japan is in the top 5 or 6 of their other countries than it is for us as well. I don't know that the competitive landscape is terribly different than Japan. The go to market is a little bit different. Maybe you want to talk about that ...

No, it's the same competitors in just fine in the U.S. And Japan is one of our top 5 -- top 6 countries that's listed in the IR deck.

Okay. Got it. Well, guys, we're out of time today. I'm going to turn it back to you if there's any thoughts you'd like to leave investors with as we wrap up this call, but it was great seeing you, and I wish you the best a lot.

Thank you.

Thank you, Andrew. Have a good one.

Thanks, guys.