Fortinet, Inc. (FTNT) Earnings Call Transcript & Summary

All right. Good afternoon, everybody. Thank you for joining us. My name is Hamza. I'm the cybersecurity analyst here at Morgan Stanley. And with me, I'm really excited to have the team from Fortinet here. We have Ken Xie, Chairman and CEO; and we have Keith Jensen, CFO as well. Before we begin, a brief reprogramming note. First from me, for important disclosures, please see the Morgan Stanley research disclosure website at www.morganstanley.com/researchdisclosures. And I believe, Keith, you had a safe harbor yourself?

Something equally important. Yes. I'd like to remind everyone that we may make forward-looking statements during today's fireside chat. These forward-looking statements are subject to risks and uncertainties that could cause actual results to differ materially from those projected in these statements. Please refer to our SEC filings, in particular, the risk factors in our recent -- most recent Form 10-K and Form 10-Q and to other reports that we may file from time to time with the SEC for additional information on factors that may cause actual results to differ materially from our current expectations. All forward-looking statements reflect our opinions only as of the date of this presentation, and we undertake no obligation to specifically disclaim any obligation to update forward-looking statements. Thank you.

All right. Great. Well, thank you again, gentlemen, for joining us. Ken, I'll start with you. A lot of changes going around the cybersecurity market today. When I think about the Fortinet platform, a big part of it has been around the convergence between networking and security. Talk a little bit about that, how that is progressing? And then a little bit about how you're expanding beyond traditional network security into areas like SASE and SecOps?

Yes. So the network security give customers to manage the content application, the data, which networking don't have. So networking just connect it together, but in order to manage the higher layer from user device counter application, you do need network security. So that's also going to say in the next like 5, 6 years by 2030. So the network security market will be bigger than network market. There will be a lot of new use case beyond the traditional enterprise firewall. So you can go inside the enterprise to the internal segmentation, replace some of the switch there. You also can secure within the data center, including certain AI data center there. You're also kind of supporting work from home and remote access. And at the same time, the new fast-growing here it is the OT/IoT area, a lot of connected device also need security, network security. And the most important, the only way to secure a lot of this device, it's been network security because end point cannot apply there because they all have a different operating system and they may not have enough company and power to run a software agent on there. So the only way to secure a lot of OT/IoT device is by network security. And we see all this will drive the growth of network security. And in 5, 6 years, the network security is bigger than networking. That's where I do believe in the next 5 to 10 years, the network security will continue to grow like in the last 3 years, 10% to 20%. So we're keeping growing, and a lot of new use case will be in the network security space.

Okay. So it's a really important point. So I think what you said, network security could potentially be larger than the networking market overall. I think today, it's maybe about 1/3 or 1/4 of the networking market network security. So definitely a bold statement there. Some of the use cases driving that you mentioned was OT/IoT, micro segmentation, anything else that sort of bridges that gap?

Work from home, all the SD-WAN, and that's not I'm [indiscernible] saying that. By 2030 the network security will bigger than networking. So we do see a lot of new use case, and we see customers definitely more interested. The only issue today is really network security on average is about 10x more expensive than the networking device with the same report is in bandwidth there. So that's really how to drive the cost lower. So our solution from day 1, 24 years ago is rather develop ASIC technology. So we're still the only company to develop our own ASIC for the network security. At the same time, how to integrate more function into the single operation system and accelerate this function using ASIC to lower the cost and improve the performance and also to lower the energy consumption there. So that's really the way, I think, can drive the whole market.

Okay. All right. You mentioned the growth rate. So I mean we set up here last year. And your view was that the market that you're going after within network security should grow 10% to 20% on an annual basis. Obviously, there are cycles. This year, you're forecasting an overall growth rate in the single digits. So talk to me about where we are in that cycle? Do you think we're nearing a bottom here? And when do you think we'll start to see growth rates converge back to that 10%, 20%?

I think the market this year is a little bit distorted by the last 2, 3 years. If you look at 3 years ago, we're starting seeing the booking grow over 50%. So that's where you can see 2021, 2022, the business building grow like 30%, 40%. So basically, in like 2, 3 years, we doubled the product revenue, doubled the business there. And then as for mid of last year, we started to say, hey, since study needs to see digestion certain vertical like we see in like a retail space, the last 2, 3 years, when they grow over 100%, now seems relatively flat or even maybe negative there. So some of the customers, they order some extra inventory because when they experience the supply chain issue and also sometimes the price of the product also kind of go up quarter-by-quarter, they turn to order actual product. So -- and also the product [indiscernible] we deploy in the field whatever. [indiscernible] lasts 4 to 5 years after 4, 5 years, just like any other networking product, you do need a new product, which has a faster hardware, more function and all the things there. So that's where I think the supply chain issue even in the COVID in the last 2, 3 years kind of distort the market a little bit. That's where we see some kind of up and down. But we do believe maybe towards the end of the year since we'll go back to normal. And then maybe next year, I think long term, we're not changing the whole landscape there. Probably Keith also have a pretty good comment.

Well, yes, I think the compares, as we call them, get a little bit easier in the third and the fourth quarter of this year. So I think there should be some benefit from there that I think a couple of other early data points in terms of recovery mode, looking at our own pipeline for the second part of the year. And you start looking at pipeline that far out, it's a pretty soft number, but I think the indications are for more strength in the second half of the year at this early stage. And then the other data point I would offer is we were on the road with customers last week. And I think that the conversations with CIOs and CISOs around their plans for 2024 and budgets have improved from a year ago. I think a year ago, everybody was contemplating a hard recession. And I think a lot of the actions and conversations were very soft in terms of what they wanted to accomplish in 2023. And I think as '23 played out, we saw that it's still early in 2024, but I would say the tone was different last week than what we saw a year ago.

Fair enough. And the new way to say CISO, CISOs tomato tomahto, I guess.

Sorry.

No. I think, Keith, you also mentioned towards the back half of this year that Fortinet will grow above market, right? So like I think initially it was after the really strong Q4 performance you had or before the strong Q4 performances that you had, the -- the view was we'll be back to double-digit growth by end of this year. Now it's above market. I guess Ken is saying market growth is 10% plus. So what does that kind of imply?

Ken and I should talk more often, I think.

That's more for long-term, right, in the next few years.

Yes. I think the -- if you go back to the earnings call, and I think we're dumping our chasten offering and note of caution at the same time, around the fact that we had closed 6 8-figure deals in the fourth quarter of 2023. Those deals were a mix of firewall and software solutions. We are very, very proud of that. But we also want to make sure that investors in the Street had visibility to what we saw in the fourth quarter with those large deals to help explain what we would expect to see on a quarter-over-quarter comparison but also a bit of the challenge that we create for ourselves in the fourth quarter of 2024 with that compare.

Fair enough. Fair enough. so on that -- on those lines of sort of the longer-term growth trajectory. So you mentioned, obviously, you had multiple quarters, years of 30%, 40% top line growth, the product revenue doubling through COVID. At the same time, network traffic has increased, bandwidth has increased quite a bit, especially post COVID. I would say typically, in the past, Fortinet hasn't really benefited from the enterprise refresh cycle as much. Today, almost 40% of your billings are coming from large enterprises and -- in the past, we've seen around a 4-year replacement cycle. Do you expect to benefit more from enterprise refresh going forward? And if we assume 4 years, would that imply that we'll see healthier refresh activity by 2025? A bit of a loaded question there, but maybe first part on the enterprise refresh and then whether you see replacement cycles elongating beyond 4 years?

Yes. I won't be shocked if replacement cycles extend a little bit beyond 4 years. And -- are we talking about the age of the unit? Are we talking about the supplier like ourselves or our competitors providing a new generation of firewall? So I think there's a bit of that nuance. I think for Fortinet while 35%, 40% of our business is large enterprise, that's still a fairly smallish percentage of total enterprise space. And why that's important is that we believe when the competitors or the incumbents are coming up for a refresh cycle or renewal cycle, that's the logical time to create opportunities for those same customers to look beyond their incumbent to look at other opportunities and other price points and other performance points from competitors as part of that. So it's an opportunity for us to display some incumbents in the enterprise space further.

Got it. Got it. One of the other things you announced in the last 6 months, Ken, was revamping sort of the go-to-market to align more to some of these newer areas like SaaS and SecOps. Maybe talk a little bit about that and what some of the initiatives you put in place to drive growth beyond secure networking?

Yes. Like November last year, 4 months ago, we started to divide the market into secure networking, which is about 70% of the business and then SASE is about 20%, then the secure is about 10%. And we do see that during the current environment, economy slowed down. The money kind of cost pretty high. this kind of OpEx consumption model like SASE will be more attractive to a lot of enterprise customers. And -- so the strategy actually is not new to us. We have all the function FortiOS for about 5 years, that's like SD-WAN. Just the go-to-market strategy we have in the first few years or we try to go to a service provider carrier first. Because a carrier service provider usually is the biggest market for us. So when the IPO 14 years ago, it's about 30% business come from carrier service provider. So today, it's only about 10%. So that's where we want to have all these service provider carriers go back and keeping growing off of the secure service with their customers, leverage their infrastructure. But somehow in the last few years, they are moving too slow. So much lower compared to the SASE players. So that's where November last year, we decided we do ourselves now. So we quickly increased the number of PoP from 30 PoPs, which are owned by ourselves to sign up for the Google some other partners there to increase PoP like over 150. And at the same time, so we launched the SASE to the sales force of the partner. You can see in the last quarter in 2 months, we sign up the like an 8-figure deal. We signed up a lot of customers. I think if you talk to some other SASE players, they usually say the sales cycle is probably between 9 to 18 months. But for us, we see close with much quicker, much shorter there. And also, we do believe we are also probably the only player offer the SMB customer a SASE solution. And also, what's differentiated from Fortinet and other competitors where the first, we have a huge installation base. So we're #1 on the firewall network security, we're #1, #2 on the SD-WAN. It's all built in the same operating system. And the same operating system you can turn on the SASE function now. And that gave us huge advantage for the current customer installation base. At the same time, we also have a kind of a single OS SASE approach. So a lot of SASE state customers, you have to -- have a go to PoP or some other one. We put all the SASE function in the same operation system using hardware to deploy locally that we call local SASE or kind of a private SASE or you can go to cloud due to the PoP or this approach. And we also differentiate ourselves. We do have what we call the hardware agent, like the FortiAP FortiSwitch, FortiWiFi can be the hardware agent to enable customer using SASEs. They don't have to lower software in their device. If you're using a WiFi or switch and FortiGate and then you can able to SASE to secure the SASE traffic there. So that gave us a huge advantage. So we do believe we see the SASE ramp-up probably very similar like with ramp-up SD-WAN like 4, 5 years ago. So in like a few years, we become #1, #2 in SD-WAN market, we see the SASE also have the same growth. The pipeline is to grow like over 150% and just in the quarter, and we also see a pretty strong demand. And the only thing we feel we need to quickly move is really train the sales force, train the partner because they are working on selling the firewall, but SASE is relatively new for them. Even the product is all ready, the infrastructure is all ready. So I think if we can get a sales force the partner quickly and get a SASE selling, we do believe we will be better, bigger than any other SASE player in the space.

Got it. Got a lot to unpack there. And I should mention the 8-figure deal, I think it was 350,000 seats as well. So quite notable. If I recall, you weren't early to the SD-WAN market either and now you're #1, #2. Do you foresee -- I mean I'm sure you do, but do you foresee a similar type of playbook in SASE, like you have with SD-WAN, where you can sort of naturally upsell into your branch customer base?

Yes, because like we are the #1, #2, both in the firewall and the SD-WAN, which we have probably the biggest customer base, over 700,000 [indiscernible] customers on which we can easily turn around the SASE because they're using the same FortiOS, which is running their firewall, running their SD-WAN, now they have all the SASE, whether DLP, CASB, web all in the same OS. And then with all this agent, whether software, hardware agent. So that's why we're starting probably to try and buy a program this week and then you can see customer interest are pretty high. So that we believe will run past SASE faster than any other SASE player because the installation base because a single OS approach because the hardware from ASIC acceleration to the hardware agent supporting the SASE deployment.

Got it. So really from what I'm hearing is, you've been doing SASE for really a number of years. If we think about SASE, just security at effectively every edge, whether it's the WAN Edge, remote user, cloud, et cetera. Is it just the flexibility of having a more software-led OpEx as opposed to CapEx approach? And do you think that your SASE portfolio ultimately will be complementary to what is still a very large branch firewall estate that for now?

I think the SASE is more related to the business model, little bit more like OpEx consumption. But if you look at the function wise, it's a very similar like in the last 3 years, how this is evolving in the network security space. From like 20-some years ago, my previous company, NetScreen, we do just a firewall VPN. And then whether we started Fortinet 24 years ago, we call the next-gen firewall or the UTM basically add intrusion prevention and antivirus and other functions into the old traditional firewall become an agent firewall. Now a lot of enterprise, they need additional function like a DLP, like a CASB like all the [indiscernible] there. And at the same time, the working environment also changing, people work from home now and also within the enterprise, there's so many ways to connect online. It no longer just go through the Internet gateway anymore. You can do WiFi, you can do wireless, you can do all these kind of 3G, 4G, 5G even 6G connection there. So that's where you need to build all this network security to fit the current environment and the new function and all this kind of huge connection everywhere there. So to build kind of a little bit more in the zero trust environment. But on the other side, the function you needed in the current enterprise environment still need to go through something like [indiscernible] competing in the process, whether you process within the cloud using a general purpose CPU or like us, we can process locally. You in the FortiAP, FortiOS, that's probably the same. That's why we see a lot of big enterprise customers. Now they approach us. They not feel comfortable to send their data when they work in office, send their data outside PoP to process. The more prefer the data being processed locally in the data center. If you work from home, it all makes sense, right? There are certain data, you have to go to cloud or whatever to make connection there. But if you're in the office or if you are in the data center there, you will rather process all this news function within the same local network environment. So that we see additional use case, additional opportunity for us to keep it growing because the technology we have in a single OS with [indiscernible] salaried can run up in this high-speed environment, local environment, the traditional sizing play there. And the same thing on hardware agent, like we mentioned, the AP WiFi space and also the FortiSwitch also enable a lot of customers in the WiFi switch environment to enable the SASE without using the software agent.

Basically, security embedded in every networking device effectively vis-a-vis on a single operating system powered by Fortinet. Got it. Just on the sales cycle. So I mean, when I think about the SD-WAN part of the SASE market, largely you're solving for network optimization and then you have security on top of that vis-a-vis the firewall. When I think about or Secure Service Edge, the other part of the SASE market, where you're talking about things like secure gateway, DLP, et cetera, Zero Trust Network Access. When you're selling that portion, is that more of a complicated sale to the enterprise? And does that elongate sales cycles relative to maybe what you were seeing when you were selling SD-WAN?

Actually, Keith set the number. Like last year, we have 22,000 new customers...

It's 25,000, yes.

25,000. But 93% is really firewall first. Yes, go ahead.

Yes. I think that the -- no 2 customers are exactly the same. But I think there's the common approach of Fortinet, and if of those 25,000 customers, 93% of them bought a firewall to start with. And with that firewall, they got the operating system. The use case for the firewall could have been the data center, it could have been SD-WAN, it could have been micro-segmentation, what have you. But you see customers getting comfortable with the operating system, SSL encryption, de-encryption, the SD-WAN functionality. And now you bring SASE to the party as well. And in this case, SASE includes the SSE functionality that you're making reference to, and that is now part of the operating system. On the road last week with customers, I would say that 90% of the meetings, and these were all with customers, the first question was, tell me about SASE because they see the progression of the firewall combined the ASIC combination with the operating system, see this functionality, all in 1 operating system. It makes logical sense for them to have a conversation with us about SASE and how it will continue to move forward. I do think this SASE is a little bit unusual compared to some of the other SecOps or SaaS solutions in that I do see a little bit more of first-time customers coming to us and inquiring about the SASE solution. And I say normally, it's a progression, firewall, SD-WAN, SASE, Zero Trust, here a little bit, people are kind of jumping the line, particularly in the smaller enterprises and wanted to have a conversation about the SASE solution.

The ramp-up very similar like we did on SD-WAN because including FortiOS because they can easily turn on and then they can try and then eventually it will be become a SASE customer, SD-WAN customer.

Got it. You very purposely didn't really monetize the SD-WAN base really that much at all. I think you have tens of thousands of SD-WAN customers. Now that you're trying to sell SASE, are you going back to the SD-WAN base and saying, hey, we have a great SSE product now, so we can do full single vendor SASE? Has that been a natural area of upsell for you? And if they don't adopt the product, is the alternative, maybe you now pay us for the SD-WAN. So it was a bit of a [indiscernible] mistake, if you will.

So the SD-WAN, we see very quickly begin the market share in the last few years. And because part of FortiOS offer kind of a free and also we did not charge the service. Now we're starting to offer additional annual overlay service for SD-WAN. We see the service study ramp up pretty quick now. And we -- we're probably the similar strategy for SASE. We'll let the customers to try to see the benefit of that, and we eventually leverage our customer base, the infrastructure to quickly ramp up the additional service. And so we do with all the skills we have and all the customer base we have, we can quickly turn customers into our SASE and eventually will benefit from the huge installation base we have.

I think [indiscernible] the fact that at the same time that we brought SD-WAN in the market, we also had the dual objective of penetrating the enterprise space as well. And I think SD-WAN was a logical place for the larger enterprises for us to gain a foothold inside those enterprises. And whether we charge for SD-WAN separately or not, that same customer base, that same foothold that we got creates the opportunity now for us to come back and have the SASE conversation, which yes, we are charging for.

Got it. Got it. And then on the price point, I think, Keith, you're about 1/3 of the price per seat relative to your competitors? How are you able to charge so effectively given that a lot of the SASE services may not necessarily be tied with the hardware portion. Because I understand the hardware side, you've got the ASIC. And obviously, Ken mentioned that a big part of the SASE portfolio does underlie some of that. But just curious how you guys are able to charge?

Yes, I think it's no great secret that when you're bringing a product to market, you're pretty excited about, you may lean into it from the investment side a little bit, and you can lean into it in a number of different ways, whether that's incentives for your sales team for your channel team. or price point for the market. I'm not trying to build a point solution company around SASE. I have a very large network engineer -- or pardon me, network security business as well as SecOps. So -- if you look at our total gross margins, you can see that I'm able to make -- we're able to make those investments in SASE and at the same time, maintaining our total gross margin.

Okay. Maybe shifting to SecOp. So that's about 11% of billings, I believe, in Q4. XDR, SIEM, I think the EDR in there as well. Any other big pieces that is noteworthy within that Secop portfolio? And how do you think, going back to Ken's point on 1 integrated operating system, 1 fabric. How do you think it allows you to more effectively pull data from these different vectors?

Yes, we see the FortiSIEM, FortiSOAR, especially we have the FortiAI or the generative AI already in the FortiSIEM, FortiSOAR now grow very, very strong. At the same time, the [indiscernible] is controlled other things we see pretty strong growth. The same thing for e-mail security, also as I mentioned, endpoint security also had pretty strong growth. But a lot of it is our current customer. So it's more easy to upsell, cross-sell. It's really how to train the sales force, the partner to sell that different kind of security than the network security.

Do you think on the Secop side, is that an area that you foresee a lot of success in the very large enterprise? Or do you think it's going to be more in that mid-market very similar to how in the early days in the firewall when you were selling that, it was more mid-market then you moved up naturally?

I think probably more mid large enterprise. So the SMB, they tend to be like using multiple product already, but it's really the big enterprise like they tend to network security first and then keep expanding, keeping integrate, automate other things together.

Got it. Ken, just a high-level question. There's been a lot of debate around platform versus best of breed lately. Where do you fall on that? Obviously, you're trying to consolidate. You have a big portfolio, too. But do you think that at some point, key concepts that we loan in cybersecurity, things like defense and depth and not having too much vendor concentration. Do you think those act as natural barriers for ultimate consolidation of cybersecurity?

I see the consolidation makes sense because most of the bigger customers, they don't want to manage like a 30, 40 different vendor. But also, we talked to a lot of customers. They also don't want to have a single vendor point out [ egg ] in a single basket. They would rather have a few vendor they can manage and reduce the number of vendors to manage, but not the single vendor approach. So that's for the most of the customer, they don't feel comfortable to have a single vendor approach.

Got it. And Keith, just to add to that, I think obviously, you and Palo Alto are the largest vendors in the network security market. But outside of that, what percentage of the market is still not addressed by the top 2 players?

[indiscernible] top 2. Yes, it's quite -- it remains very fragmented. And maybe to bridge that to the comment a moment ago, I don't know that if you were to compare and contrast, say, security platforms to ERP platforms, a company typically has 1 ERP, 1 platform. I don't think that's the vision for security. I think you're going to see several platforms on the side of an organization, but not 1 single platform.

Yes. Security is pretty interesting. It's very dynamic. And every year, there's a new strategy, you do need some solution come out quick to address this new threat there. So that's where the point solution will always there to quickly catch up the new threat to protect the customer there. But then you do need to starting to keep integrated, especially in the network security because customers don't want to have multiple box in line, try to help them secure the network in there. So that's where when the platform understanding integrate some of the points are real function into their own kind of OS than the point solution starting to losing the market share there. And that's happened to whether there's a few point solution company in the past or disappear now. On the other side, kind of -- because we are the only one to leverage ASIC to improving the performance, lower the cost, lower power consumption. You can see the economy skill also started more working for us. So like we have over 50% market share on the unit shipment and also the #1 in the network security on the revenue side also. So that's what kind of helping us to drive the cost even lower, whether on the ASIC chip, on whatever the new product we launched there. So that will give us more advantage both on the product and the infrastructure side to supporting the customer. So that's why I feel in the security market, you can [indiscernible] network security like 15, 20 years ago, the top 5 vendor has less than 50% of market share. Now the top 2 vendors already approached 50% market share today, like Fortinet, Palo Alto or some other. So you can see they do have some consolidation going on. But on the other side, we do see a lot of new market opportunity like OT/IoT space and like the internal segmentation, replacing some of the switch in their removal for home or other is a relatively new market and not existing 20 years ago. So all this new market will continue to drive. So that's the reason I believe the network security and including hardware keeping growing 10% to 20% in the next 5 to 10 years.

Got it. I'm going to ask one last question about OT security and I want to open up to the audience. But on the OT side, this has been a really strong area of growth for you. Ken, you've talked about OT security potentially being larger than the SD-WAN market over time. Talk a little bit about what's driving that, the need to secure critical infrastructure and how Fortinet is addressing those needs?

Yes. Because OT security really you have to deal with a lot of device connect online, and most of them don't have a standard operation system. They also have very limited computing power. So the only way to secure them probably by network security. Because endpoint were not very difficult to work in there. And you can see even the 5G 6G will connect 10x more device than people connect online there. So there's a huge opportunity. A lot of vertical like whether the health care, the manufacturer, they just have so many device need to be secured. So that's where we see the huge opportunity keeping growing in that areas. And we invest very early in the market. And we're the #1 leader in OT/IoT security there. So we just see the growth pretty strong right now. .

Got it. Any questions from the audience? I don't see any hands raised. Okay. I'll ask a few more. So you talked about a massive installed base, 50% of hardware units in the firewall market are Fortinet massive installed base, how do you think about monetizing that more effectively? I think today, by our estimate, every dollar of hardware you're selling, you may be getting about $0.50 of software ARR attached, which is below some of your peers. So when you go back and you refresh some of these customers or you're selling your units, what are some of the things that you're doing as far as attaching more software, more services, higher-margin services to this space?

Yes, that definitely is a very good question approach, which we pursue right now is really -- right now, we offer lot of -- there's about 30 functions in the FortiOS. And I think probably most of them we offer for free. So that's a lot of additional services, including SD-WAN, we can start to kind of give additional service to customer and also charge some of service for ourselves also is -- we just see right now is the market share we have, especially in certain verticals or certain area that will make sense for us to really drive additional service from the area there. But on the other side, they are still pretty fragment the market, and there's some other market, we also feel growth probably more important right now. We still want to drive some growth, whether in the SASE or in some other areas. So once we feel we have the market share, we definitely see the opportunity to drive additional service out of that.

Yes. I'd probably add to that, if you think back a little bit in terms of the philosophy of the company, what we were selling during the periods of time to generate those numbers that you're talking about, Hamza. I think we are very committed to providing a very competitive price performance offering for the firewall. But we're also doing the same thing with our service contracts. And we really place a high value on being able to consolidate different security features into bundles. And it was really a model that you sold a firewall, a support contract and a security contract and you were done. I think over the last several years, you've seen us do a lot more of the a la carte services. What we're now talking about as being SecOps and those types of things and SASE. As you look forward, over the next few years, I would imagine that what we've seen recently is a bit of a mix shift from what we used to call non-FortiGate to FortiGate or actually from FortiGate to non-FortiGate, but I think that mix shift continues on, and I think it's really what's being driven there will be more SaaS solutions inside the SecOps offering as well as SASE. So that metric you're referring to, I don't know if we'll ever get to industry norms in the next year or 2, but I do expect to make progress in that direction.

Yes. We setup the price based on our own kind of gross margin, operation margin, probably much less compared to other competitors. That's where when you compare network security, we tend to be like 20%, 30% of the cost compared to other even for SASE are similar there. Because we feel we have a very healthy gross margin, operational margin probably better than our competitors. So with that base, and we leverage our technology with the ASIC basis [indiscernible], I think we can offer pretty competitive price.

Yes. Certainly, on a GAAP basis, the margins are quite higher. Maybe on that topic of margins, Keith, just to bring you in more into the conversation. Just on -- how are you thinking about balancing growth versus profitability right now? I know, obviously, SASE, huge initiative, SecOps, selling some of that stuff. But there's also a lot of leverage -- natural leverage in the model, I presume, from the higher software services mix. So how should we think about the puts and takes there?

Yes. I think we've talked about kind of a baseline of we'd like to talk about 25% operating margin in what was once an aspirational target became an average, became a floor and I think that served us well to talk to people outside the company in that way. And I think we've shown the ability over the last few years to do a little bit better than that floor in terms of the margin. It speaks to the leverage that exists in the business model. . On the cost structure for SecOps and SASE solutions. We've been probably talking for the last year or so in the earnings calls about some headwind around data centers and cloud provider fees and such, not so much that they were hugely meaningful but really to presell the notion that you were going to see us coming to market with more hosted solutions. And the point being, we've absorbed those costs, and I don't think investors on Wall Street are really being concerned about that cost structure rolling through the COGS line. And I think we can continue to absorb those costs. We'll call them out, of course. But I don't see that being disruptive to our margin philosophy.

And this lastly on the hiring front. I think the headcount last 1 or 2 quarters downticked sequentially. Do you foresee yourself sort of picking up the hiring going forward?

We're still hiring and at the same time, headcount probably a little bit flat, but we're still growing, whether last year or every quarter, we're still growing high count right now, and we do see there's a lot of opportunity going forward. And we do need to invest in some of the growth there. And especially in the U.S., we see a huge opportunity. So we're kind of still pretty aggressive in hiring people right now.

Okay. Great. Well, Ken, Keith, thank you so much for your time. Thank you for everyone for joining us, and have a great rest of your day.

Thank you.

Thank you.