Fortinet, Inc. (FTNT) Earnings Call Transcript & Summary

So I want to welcome John Maddison, Chief Marketing Officer; and Keith Jensen, CFO. I've known both of them for many years, and we have a lot of discussion, a lot of topics to discuss. Before we start, I think you need to read us something from here. So we can...

Yes, that I would just point everybody's attention to the safe harbor language, which I -- [ Peter Nogus ] had tell me is on the screen. More people with my reading skills, and we'll move on to the questions.

Perfect. We are covered. So I want to talk about -- the discussion is going to be twofold. We're going to talk about technology, we were going to talk about financials. And I want to actually start with the financials just because we just reported is like kind of a -- there was just a series of results from companies. How is the environment currently, the demand environment currently? And I'm talking about demand. I'm not talking about backlog and just the demand environment for [ virals ] and what you used to call non-FortiGate before.

Yes. Certainly, we've read the same reports that you've written and others have written as well, that a lot of people are citing the macro economy in terms of -- as part of their earnings call conversation. And I think there's is certainly an aspect of the business. Somebody also talked about were maybe seeing some times of green shoots as we talked about the first quarter earnings. And I would say that those -- that's largely how we continue to feel. There is some pressure from the macro, but we do see some very early indications of some positive movement. I don't want people to think that we're talking about growth rates that we had in 2022 or something like that. But maybe I think the team feels a little more positive as we look out through the second half of the year and into 2025.

Yes. So John, forget the 2021 to 2023, that was abnormal. But let's talk about before and after. Do you think the environment for your platform, FortiGate platform, do you think the environment for the platform changes in 2025 and beyond versus the previous year, meaning, is there less demand for this platform, fundamentally less demand for firewall, SASE may be replacing it. Is there anything different that may drive a slower growth rate? And the reason why I'm asking it is because Fortinet was able to grow above and beyond the market growth before. And the question I'm always getting to from investors is, do you think if everything normalizes, the company can go back to the same growth rate it used to have before.

Well, I don't want to talk about growth rates because I'm not allowed to do that.

I'm talking about -- just fundamentally about product.

But fundamentally, I think what the company has bet on for the last 20-odd years is convergence and platform. And I think that given the threat landscape and given where infrastructure is going and the other things coming in like new technologies and compliance and regulatory, that fundamental change between networking and security is going to accelerate and that people are not going to build networks anymore if they're not secure. And people are going to go to a platform approach if certain parts of the technology become commoditized. And that trend is happening and will continue to happen. So I think our fundamental investments match what's happening in the marketplace.

Right. But my question was more specific. So there are firewalls in data centers. There are firewalls in branches. There are firewall in campuses. Do you think that going forward, the need -- the basic need for firewalls remains the same or it changed because there are new technologies because traffic moves to the cloud, et cetera.

No, because I just think -- as I said, because of the infrastructure changes and the threat landscape changes, there will always be a need for that protection at a niche. So now you have 10, 12 different firewall use cases where it used to be [indiscernible]. So you used to have -- the edge used to be at the data center and used to have permits to the firewalls and then you used to have segmentation firewalls. Now you've got branch firewalls, you've got campus firewalls, you've got virtual firewalls, containerized firewalls, firewalls as a service, operational technology firewalls. So what's happened to the firewall functionality is now distributed because you've got more edges. And that's the key. The overall marketplace will grow, but maybe some parts of the use cases will come down a bit, but the overall marketplace, we can need to grow because that's what defines -- when you've got different trust levels between 2 networks you have to put a firewall there.

Where is the balance between demand for firewall and demand for SASE. I know you're playing both ends now, but let's think about the market itself, not about Fortinet. Do you think that SASE and let's say that hypothetically speaking, you are not in SASE. Zscaler is very, very, very successful. Does it mean that necessarily that you're going to see lower demand?

No, because I think when I look at Zscaler's model is everyone is going to go to a 5G phone and go into the office and that's it, the network doesn't exist. So that's the past the paradigm, then yes, we do have an issue. It's not going to be that way, though. I think there's definitely the remote users, which are going to come into an SSE network. And we also see what we call FIN Edges, FIN branches, which maybe 10 users or 12 users than maybe just have a couple of access points. That will go straight into the SSE as well. But after that, branches and campuses and factories because of the technology or the security is required like micro segmentation or NAC, or SD-WAN, you have to have a device there on the edge of that network, providing the capabilities back into the LAN, out into the cloud and out into SSE. And so yes, I would say FIN use cases where maybe you don't need a firewall there. Maybe you can't get the security functionality because the hardware there is not enough to run it. But in a lot of other cases, you absolutely need to have that firewall, SD-WAN, WiFi controls, 5G microsegmentation NAC at that function.

In addition, in the past, you were able to grow above and beyond the market growth, you gain share. If any of the factors that drove your share gain change, meaning assuming the market goes back to historical growth rate, let's just make an assumption. Do you think that you can grow with the same gap above the market versus what you had before?

Well, again, I think we have the -- our investments are in convergence and in platform. And I think that's where the market is going. So I think once the digestion period is over, we go back to where the market is.

I think the compelling arguments for the firewall specifically, right, will remain the same, both pre and post, as you refer to it. And that is the ASIC advantage that comes with it, together with the operating system working together create such a compelling value proposition compared to anybody else in the space that will continue to remain both pre and post. And then one of our challenges with our sales team is the gravitational pull to sell firewalls, right, because it is such an "easier" sale, if you will, then as you start moving out to the expansion areas of the suite.

So I'm going to ask a question in a provocative way, I don't need just to make -- to get you to respond. Does a company that is based on ASIC design and the benefits of ASIC does this company knows how to sell SASE, knows how to work on software-only solution. What are the processes that need to be put within the company in order for you to grow in this space?

Well, yes, ASICs are a big part of our engineering development. But I also say to customers that the operating system is, to me, the big investment customers make and that operating system considering our firewalls, it can sit in our clouds, SSE or SASE. You can sit in public clouds and sit in data center. And again, our big focus has been taking the operating system and adding functionality to it. And so if you look at the SSE Magic Quadrant, Magic Quadrant that just came out a few weeks ago, we now suddenly appear in the SSE Magic Quadrant. We're in 5 Magic Quadrants, we're in network firewall. We're in SD-WAN. We're in single vendor SASE, we're in wireless LAN. We're in SSE with the same operating system. And that's the power of organically building that platform. And by the way, for wireless LAN, we're now a leader above Cisco. So it's not -- we're not just sneaking into the Magic Quadrant as a niche vendor. We are a leader in 3 in a challenger. So the fact that someone turns around and says, wow, you can do all these things, but it's just SMB functionality. It's not as enterprise-class functionality, but on the same operating system, but delivered either on an ASIC, delivered from our cloud, delivered in a public cloud, data center, in a factory. That is the key investment we're making.

And I think while that's become really, really important. I think if you would ask that same question, it would have been more provocative 7 or 8 years ago when you would walk into a sales presentation with a customer, and ASIC was on the slide, right? And it was -- it was speeds and feeds, and that's what we were talking about. I think I talked to a lot of customers one-on-one every year, every quarter. John talks to a tremendous number of customers. I've not heard an ASIC conversation for a couple of years. It has become that operating system. It has become the Gartner Magic Quadrant. And I think there's an understanding with our sales team and our go-to-market team that customers aren't really -- they don't care about how you deliver the functionality. They just want to know about the success of the functionality, and that takes you back to the operating system.

But there will be some cases where the ASIC is extremely important. A lot of our larger customers are getting DDoS attacks. They're putting our systems right on the edge. We can do 20 million-plus transactions per second to defend against DDoS attach. So yes, the ASIC will still play a large part going forward, but we also realize there's other deployment factors which are important to ourselves.

So we spoke about the fundamentals of firewall. And I want to talk about 2 other things that are fundamental to your portfolio. One is what used to be called non-FortiGate and the other one is SASE. So let's start with the easy one with the non-FortiGate, it was a big driver for growth before. How -- what is the outlook? Just fundamentally, kind of what is the outlook? What is driving -- what was driving growth in this category? And do you think that any of the market conditions change in the future?

So if you go back to Q3 last year, we changed this FortiGate and non-FortiGate secure networking, unified SASE, which is a bit broader than single vendor SASE and then AI secured operations. So those are the 3 areas. In the last quarter, I think it was [indiscernible], I can't remember. Something like that. But so I look at this. So let me leave secure network into one side. We've talked a bit about that. Let's look at security operations. And so inside there, there's 3 drivers for us. One is SIM. We're actually in the magic -- we're a challenger in the magic quadrant for SIM. A lot of people talk about SIM. We have a nice SIM business and analytics business in there. The second component of size SecOps is our EDR detection and response, which includes EDR and MDR and e-mail security. And by the way, the email security Magic Quadrant's coming back soon as well because there's technology change there. And then the third area is Identity. So that's multifactor token, Privileged Access Management is becoming very important inside OT. So that -- those are the 3 areas. And all those areas are driving very well. Now it's 9% and it kind of dropped a percentage point because it's a smaller percentage of our overall business. But we're seeing nice growth in those areas. And if you look at the SIM marketplace, for example, there's chaos in the SIM marketplace right now with the acquisition of Splunk with other vendors joining together, right? Few radars getting out of it right now. So we see a big opportunity there without SIM, our SIM is very powerful SIM. So that was secure operations, very CISO focused, very SecOps focus in that area. Again, we're applying a lot of AI technology inside there, especially to the analytics engines, the SIM engine and the SOAR engines. Because that's where you can get a lot of benefit in our last partner and customer event about a couple of months ago at Accelerate in Las Vegas, we demonstrated our virtual SOC analyst, which did the work of maybe 3 or 4 people in a few minutes, which we would have normally taken hours to do. And that's the power of AI inside there. Then on this unified SASE perspective, that's where we really focus on the access, secure access, as the name suggest, SASE, out into the cloud. So there, obviously, we have our SD-WAN marketplace, where we're the leader, I think we're the #2 vendor now in terms of SD-WAN. SD-WAN is still a very critical technology to make sure you separate the users and devices from the application because they're always moving around now. And that application steering is very important. But we -- and we spent 5 years refocusing on that over the last 2 or 3 years. We're now really focused on the SSE component, which, as you know, is the replacement of secure web gateway and the connectivity between those 2 things. And the other part of that portfolio is our cloud security, which again is growing very nicely. It's our virtual machine, cloud-native, web application and API protection, again, both in a virtual or API. So those 2 businesses are what we used to call Non-FortiGate doing extremely well, nice growth inside those businesses.

Who are the target customers for Secure operation? Is it enterprise? Or is it SMB?

Both. I would say that the SMBs prefer managed service, and so we provide MSSPs. I would say some of those progress inside there are more focused on the mid-market, commercial marketplace, but we definitely have enterprise customers for our EDR and SIM products. And one product that doesn't get a lot of attention is SOAR is orchestration product. I can sit across everybody's products. We support everybody's SIMs and firewalls outside there and provides a critical component going forward. I think SOAR is going to be super important as these attacks are getting faster and be able to stop them and the speed needed and humans won't be able to do that, it's going to be critical.

Got it. So I want to maybe ask you about Secure Edge I want to understand just a fundamentally very basic question. I want to understand fundamentally why a company that has a strong position in firewall is well positioned for the secure edge market. Where is the synergy between the [indiscernible] and your definition of secure edge is SASE. Your new SASE solution, unified secured, right? I want to understand -- so let me give you the background. We have Zscaler here, and they're saying, all the firewall companies are wrong with their approach. There's not going to be any firewall and it's -- we call it Zero Trust connection. The edge is going to move to us basically, and there's not going to be a firewall. And then I see in the market that all the firewall companies are basically offering SASE now. Yourself, Cisco, Check Point, Perimeter 81. So I want to understand the synergy between -- for -- take us through the journey of a current customer of a firewall. Why is it better for them to move with you to a SASE environment?

Yes. Well, I think in the end, if you take a customer when SD-WAN first came out, maybe 5, 6 years ago, they replaced the routing functionality. And so they took the router and replaced it with an application steering device. Now they also had a firewall sitting behind them. And so our strategy was to say, let's make sure that, that component, the firewall plus SD-WAN converges together. Then they also -- when COVID came along, there's a lot of remote users. So it was a bit of a tailwind for users, now they usually came back to the data center, but it makes more sense if they're not coming back to the data center or anything to go into an SSE device, SSE cloud network. So that makes total sense. It's not really a firewalling function. It's more of a proxy function. And now you've added SaaS kind of capabilities. I think the big area in the future there will be AI-based DLP, for example, that will be a big focus of that area. And so they were very separate. Now SASE says, why they separate? These things should work together because most customers' traffic will be on the network or off the network, it will stay off the network or come back on to the network. And so we believe most customers, they'll be exceptions, of course, either end of the spectrum where we have some government agency who does want to stay on the network complete. I'm not going off anywhere. And somebody, people sound born in the cloud, I don't need a network. So I think the Zscaler model is over here, like you don't need a network. We're not over here. We're in the middle. And we think that the ability to integrate the SSE functionality with the SD-WAN functionality. So if I'm a remote user, and I come in through the SSE network, but I want to go to a private applications. Let me just join the SD-WAN network, get back on the network and go there. Or if I'm on the network, and I want to go off, maybe I'll just go straight off into the network. So our view is that it's not going to be a [ monolithic ] cloud. Everyone is going to go to the cloud and you're going to be there. That's not going to be the case. It's going to be -- sometimes it makes sense to be there. Sometimes it makes sense to be in a public cloud. Sometimes it makes sense to be in the data center. Sometimes it makes sense to do that security right on the edge of that branch there. And I think that's where customers will be long term. And that's why you'll see issues about latency and other capabilities. If you just do the cloud model that just won't work long term for all the traffic.

And sorry, I'm asking another question on the same topic, but probably my own understanding. Does it mean that if I'm sitting at the Starbucks and I'm on Fortinet SASE, Fortinet firewall in my branch. I'm sitting at the Starbucks I'm connecting to salesforce.com. Does it mean the fact that your SASE is integrated with your firewall? Is the firewall actually being part of the traffic?

It's different because if you think about a firewall is very different from a proxy. I think people -- this is a very subtle difference. Like the secure of Gateway originally was built as a proxy in the data center to protect users against the Internet. Firewalling was to look at network access and protect networks. They're fundamentally different. Okay. So they're taking that secure gateway, you put it in the cloud, which is fine. But it behaves more as a proxy than does a firewall. They have files a service there, that's fine, but you still -- from a network edge perspective, you need a firewall and that's the difference. So I think about that Starbucks situation for us, for example, we could put a couple of access points in there. So the key for us is that we don't just stop at the edge with the firewalling branch. We have access point, secure access points and secure switches, which are critical when all those devices start attaching to provide micro segmentation and things like network access control. Okay. So that Starbucks situation, we could easily put like 3 access points there. The lead access point would connect to our SASE network, you can manage that whole network in our SSE console. You can see the access points, you can apply the security, you can configure the SSIDs of those access points. That's the difference between a truly converged network and security band. Now on the other side, we also have all SSE's functionality, we have the proxy of CASB, we have DLP, we have IPS and all that functionality. And that's what I think the difference is. One, I think the pure cloud vendors are saying, the networks are going away, and I'm taking my 5G phone that's it. We differ in that we think there's going to be a network presence, a very important network presence that needs to be part of that SASE solution. The definition of SASE is not SSD. It's SD-WAN and SSE managed by the same console. That was too [indiscernible].

No, it was great. Maybe not passionate. All right. My English is not good.

With your accent, everything you say sounds intelligent. So you don't worry about it. Keith, your last quarter, you reported 7% growth, 6% decline in billings or -- not declining billing, sorry. The billing was 6% below Street expectations. Talk to us about the cycles of revenues and cycles of billings? And how should we think about it?

Yes. I think not to call on the numbers, but I think we're pretty close to where the Street was, maybe a point or 2 below, but I think what you ...

The first time I'm wrong. Don't worry about it.

If you try the British accent, you'll sound [indiscernible]. I think the question is talk a little bit more about Q1 in terms of what you saw there. And I think I want to remind everybody, we had the difficult comparison on the billings line because of backlog that existed, we benefited from in Q1 of '23 that we saw no benefit from in Q1 of '24. And we've given a range of numbers there that really accounts for it. I think that if you look at bookings, we commented on the earnings call that bookings were very, very slightly negative in the quarter, and I think that's a more accurate reflection of demand. Revenue grew nicely in the quarter. But again, I think that's a part of the business model because 2/3 of the business comes from services and you get the benefit of when revenue is recognized and so forth. And free cash flow was very, very strong, well over $600 million. And then again, you're going to get some volatility in those numbers. But I think when you really look back at it, what you saw there was the impact of backlog into the end of the business model, pulling it in the other direction.

How long the -- so we spoke about -- I went deep into the product on purpose to -- because one of the arguments against Fortinet is that the growth may not go back to historical levels, forget pre-COVID, and I wanted to go into the depth of the portfolio just to see and to show that actually there is -- there are a lot of products that can generate growth. So now I'm going back to firewall and I'm going back to kind of time to recovery, what kind of leading indicators do you have that give you the confidence to say what you said at the beginning, we started to see hints of the beginning of a recovery.

Yes. And one of the data points we talked about is somewhat arcane to us, which is how long does it take our customers to register the service contract. And what we saw during the supply chain challenge was that time increased by about 50%. And there's a chart in the investor deck that you can take your ruler out and figure out what that means. But over the last 2 quarters, we've seen 25% that has come back to normalize. And on the current pace, we would expect it to be back to normal by the end of the year. And why we believe that's relevant is this concept of inventory digestion. To the extent that, that existed, what that probably meant was that customers were maybe doing a very large SD-WAN deployment. They wanted to make sure they had all the products so they acquired those in advance as opposed to staging it and then put them on their shelves and then as they take them off their shelves and deployed it, you start to see that coming down. So I think that's one example. The second place we look are that we observe is that we do monitor with a 2-tier distribution model, we have inventory. Our distributors are holding our inventory. Our resellers are holding our inventory and then the end user gets it. And we have very good visibility to what we see with the distributors in terms of inventory there. And we saw improvement in that number as well. So it's creating some opportunities for us. I think that those are the types of things that we look at numerically, and then you have that. When you look at the salesperson in the eye, how do they feel and how they're talking about their pipeline.

What kind of investment do you need to make in order to support your unified SASE, given that it needs -- it requires a cloud, it requires data centers, et cetera.

Yes. When you -- maybe when you look at the investments, I'll take the people and the selling part of it, we'll kind of come back to that a little bit. But I think from an infrastructure viewpoint there's different ways to deliver the SASE solution. You can go with one of our competitors that uses Google deliver everything. We have another competitor that's doing it purely through [indiscernible]. I think what we settle down is that we will use a bit of a hybrid, and part of this is to get to market quickly, but we do want to use our own physical data centers and [ POPs ] don't confuse a POP for a data center, they're very, very different. We do think there's economies there to be generated without a strategy. But so that we don't miss the market while we build out that infrastructure, we signed up with a Google program to make sure that we had the POP access, and we are using colos. It was easier for me or nice for me if I can go look at these competitors and their financial statements, see what percentage of their revenue are they devoting to CapEx or equipment, what are they spending with colos. And I think that gives me a pretty good indication of what I'm going to need to make. And those investments, I was pleasantly surprised that as a percentage of revenue, certainly seem to be very, very manageable. To bring it to market, to sell it. I think the very first step you go through is when you got a -- you have to train the salespeople and you have to build the confidence in the sales team that you have a good product and you're committed to it, I believe the Google announcement sent a very clear message to our sales team that we are very committed to SASE, and that was important. We've gone through the first iteration of training for all of our sales team in various subsequent iterations, we've also added training to channel partners and other outside parties. I think the next area, the 2 big milestones for us now is to gain more and more traction with our channel with our resellers. We're here, we're serious about this. Will be an important one. And then some of these larger enterprises that we've signed very early on in the SASE journey, we need to get them live and to become reference accounts. I think those are 2 key milestones going forward.

I'll ask my last question and then I'll open it up for a quick Q&A. Are your customers for security operations for unified SASE, are the target customers, the existing customers? Or are you also going outside of your existing base?

We're going outside the existing base. And the reality is it's easier to sell to customers that you already have. And if I were a salesperson, that's probably exactly where I would go as initially, especially in SD-WAN customers, as John talked about the natural relationship. And we've given that [indiscernible]. I am pleasantly surprised to see white space accounts come in and to see us get phone calls about our SASE offering and saying being included expanded in RFPs from customers calling into us as opposed to us chasing it.

There's kind of like connecting the dots in the magic quadrant. They go firewall, SD-WAN, SD Branch, SASE.

Is there any question? Yes. Just wait for the microphone, if you don't mind, one second. Behind you.

Thanks for making time. I think one dynamic I'd like to understand a great deal of the services business is, obviously, FortiCare, FortiGuard attached to the product sales. And like, in a lot of ways, the product sales are a leading indicator for the services business. And tell me if you agree with that characterization. But my -- to frame it, my real question is, there was a lot of supply chain dynamics that were unique to this cycle, which would intuitively make me believe it shouldn't have the same time line as prior cycles. And I know you guys are kind of seeing the time to service, et cetera, normalize, and so that's a great indicator. But I'd be curious, in this world, we've seen a lot of blind spots come and bite folks. Software has been really tough. Where do you guys see the blind spots could be at this juncture just to kind of like think about managing risk as it pertains to the cycle?

Those are very macro factors out there. I mean, when you meet with customers and sales teams worldwide, and it's been written. It's not just a U.S. election, that's creating uncertainty. There's elections we saw Mexico and so forth that each of these, Brazil, I think I've got to talk about each of those have some impact. I believe that my sales team has done a very good job of forecasting around what those impact are. I think there's other uncertainty in terms of where does AI go? How -- more specifically, how will the bad actors deploy that technology and how quickly and what are those threats going to look like? And how will that change the threat landscape and how people have to go about protecting themselves. I think that's a little bit unusual. The threat actors benefit, they don't have to go through product release cycles. They don't have regulatory requirements. They just bring products to market and they work great, they don't work and try another one. So they tend to be, unfortunately, a leading indicator in our industry of what drives us.

Any other question? Great. 18 seconds to do whatever you want.

Thank you so much.