Fortinet, Inc. (FTNT) Earnings Call Transcript & Summary

Let's go ahead and get started. Good morning, everyone. I'm Aaron Ovadia, Senior Director of Investor Relations at Fortinet. And it's my pleasure to welcome you all to our 2024 Analyst Day as we celebrate the 15th year anniversary of our IPO. Today, you'll hear about Fortinet's vision for cybersecurity and how our strategic positioning drives sustained profitable growth. Before we begin, I'd like to remind everyone that we will be making forward-looking statements during today's presentation. These forward-looking statements are subject to risks and uncertainties that could cause our actual results to differ materially from those projected. Please refer to our SEC filings, in particular the risk factors in our most recent Form 10-K and Forms 10-Q for additional information on factors that could cause our actual results to differ materially from current expectations. Also, the presentations from today's event will be available on our Investor Relations website within 24 hours after the event concludes. Next, our agenda, we'll start things off with Ken Xie, our Founder, Chairman and CEO, who'll talk about Fortinet's growth drivers and our long-term customer loyalty. Then you'll hear from John Maddison and Robert May on Fortinet's large market opportunity, the customer journey and our technology vision. Then John Whittle will leave a fireside chat on our go-to-market strategy with 4 of our sales leaders. We will then take a 10-minute break. After the break, Keith Jensen and Christiane Ohlgart will provide a financial overview of our business, including a new midterm model. Afterwards, we will host a Q&A session where you will have the opportunity to ask our executive leadership team questions. And with that, I'd like to introduce Ken Xie, our Founder, Chairman and CEO.

Thank you, Aaron and thank you, everyone joined today. Good morning. Welcome. So the next 20 minutes I probably do some quick review of what we have achieved in the last 15 years. And also, more important, how we feel we can keep it growing faster than market in the next 15 years. Actually, the presentation is kind of a 3L. So the first L is the leadership. You can see when we started the company 24 years ago, so we have a vision, we see the converge of a network to network security. And so that's -- you can see the market from 2000, network security, less than half of the networking. And now in the next 2 years by 2026 is the year -- actually, this is data from Gartner. So by 2026, network security will pass the traditional networking. So we do believe this trend will continue to drive forward. So what's unique about Fortinet? From day 1, we feel we need to target this market. We need to build technology, lot of investment, the team and product, also prepare for this moment. So in the next 2 years, we see things happening and we feel the trend will continue to grow. So we have a lot of unique advantage I will present going forward. You can see, in the last 24 years, we achieved a position as the #1 network security vendor. From the unit shipment, so we have over 50% of market share. Basically, it's about 53%, 54%, that's last year's number. On the product revenue, we also achieved the #1 and also on the number of customers, we also achieved the #1. So this is our funding kind of advantage and also the funding block will keeping driving additional growth going forward because most of the customer, the first buying is already buying network security, over 90% customer first buying is our network security. So we have huge advantage on network security compared to any other competitor both on the function, on the performance, on the energy saving. And that's where every product we released on the FortiGate we do here, we call the secure computing region. So for the top 7, 8 function, every function we perform like 5 to 10x better than competitor and all this function in the same OS, in the same FortiGate system. So that's a huge advantage. That's the dedication the team did in the last 24 years. We're keeping driving growing network security and we already reached #1 leader. But the market will continue to grow and we do believe we're keeping growth faster than the market. The second leadership is SD-WAN. It's relatively new. You can see the Gartner Magic Quadrant on the left. So we are in the best position, both on execution and also on the vision there. And in the last 4, 5 years, you can see how quickly we're gaining market share, become the #1 here. And also 90% SD-WAN customer has also come from the FortiGate firewall customer. So that's where you can see we quickly get all this customer from -- transition from traditional network firewall into the SD-WAN. And the other differentiation is really compared to all other top 5 players in the space in SD-WAN. So we're the only company build technology internally ourself. All the other top 5 competitors, whether Cisco, Palo Alto, VMware, HP, all come from acquisition. So we're the only one building internally, integrate together without security function and also a lot of this function, including SD-WAN itself, using ASIC to accelerate. That gives us a huge advantage on the performance, on the cost and also kind of making, working together with other functions together. So that's the advantage none of other competitors have that. So that give us a huge advantage, keeping driving growth, become the #1 leader in SD-WAN. The third #1 leadership is OT security, operation tech security. So in the next 5 to 10 years, we feel this probably the fast-growing area because there will be 10x more device will be connected online compared to all the people connect. So this is a huge growing area and Fortinet on the Westland report, we are the only leader. We're the only leader in OT security. Because security -- OT security is also very different than other security, whether your laptop, mobile phone. Most OT device, they have a different operation system. They have a very, very limited computing power. Most time the only way to secure it is by network security. So that's where we're keeping investors for the last 10 years. We are the leader and we have a lot of technology, including how to deal with different kind of hardware ASIC, different OS, different network environment. So that's also have a huge advantage compared to any other competitor. So we feel this will drive additional growth for us. And the other leadership is really, we're also #1 on the innovation without the patent we have, actually 1 thing to notice really of this almost 2,000 patents, about 500 is related to AI. So we're also leading not only traditional network security on some networking side but also going forward, lot of AI and lot of other new technology. We're also the leader, #1 leader there. So that's the leadership. Now to achieve this leadership, we feel we also differentiate from a lot of competitor. We have a lot of long-term investment from day 1, from very beginning. So that's differentiate Fortinet compared to other player in the space. So the first most differentiates really the FortiOS. This -- the same FortiOS in [indiscernible] 5 Gartner Magic Quadrant. So we don't see any other player have this broad coverage and the most functions also not only this function in the OS but also leading in the space, whether security, SD-WAN, SASE function there. So that gave us a huge advantage. Basically, that's also the story how converge happening in the space compared to a lot of other company when they do acquisition, it's very difficult, there kind of divergence. So they're kind of divergent of their, whatever the product, focus, the platform. So we are keeping integrate -- keeping develop of this FortiOS because every year, there's a new function needed in the network security space. And on the other side, the old function never goes away. So you do keep adding function. At the same time, make sure it's all working together and the customer don't want to deploy multiple system, multiple boxes in line. So that's where the strategy we have from day 1, how to make sure develop OS, not only you can keep adding function but also keeping -- improving the performance, keeping all this function working together. So that's the key to drive our growth. The second long-term investment from day 1 is our ASIC. So none of our competitor develop this ASIC technology to accelerate all this function because today's FortiOS has about 30 function now. So the -- half the function we can use in ASIC to accelerate. When you run ASIC all this function is average about 10x better performance and the power consumption dropped probably between 5% to 7%. And the same time, the cost also much lower. So that's the advantage we have from day 1, we developed -- there's a few -- quite a few different generation of ASIC chip. Like content ASIC -- content processor accelerate all this CPU competition and the network processor bypass all this PCIe architecture. They can do very, very low latency, process the traffic. And then for ASCI, we call security process that integrate multiple core CPU and other functions together included CPE, some NP function there. So that's the advantage we have compared to other competitor, using ASIC to accelerate function and then leave the CPU to handle a new function because ASIC on average take about 3 years to develop. But each generation of ASIC, we're improving performance, probably average about 4 to 5x and almost double the function. So you can see we're keeping invest, we spent billions of dollars and over 20 years in this technology. It's a very long-term investment. So far, none our competitor have this. And even going forward, we will see -- even in a cloud player, they also feel very, very important to have this compute in using ASIC to perform given the much lower costs and also much better energy saving. So that's the differentiation we have for the long-term investment. And then that's also -- we also spent probably 10 years in this SASE including SD-WAN area. And that we feel will be drive the next growth for us and we have a huge advantage compared a lot of other competitor. First, the SASE function -- all SASE function in the same FortiOS, together with the security firewall, together with all the SD-WAN. So that give us a ramp-up for customer adopt SASE much quicker than any other competitor because when they have the FortiGate, they have the FortiOS, they already have all the SASE function. They can turn on, in a few minutes you can enable all the SASE if they need. And that also gave us a second advantage. We can use in SASE we call private SASE before, now they call sovereign SASE by Gartner. So lot of SASE customer has a concern whether their data have to be forward to the cloud to be processed, back and forth. So the sovereign SASE, private SASE because we have all in the same OS they don't have to forward the data, go to cloud to be processed. They can be processed locally. So the data never leave customer premise there. They can keep the data local, process all the traffic local. So that's a lot of finance customer, a lot of other like government, they feel this is really the future of they want to deal with all the SASE function there. So that's the second differentiation advantage compared to other competitor. And the third one, combined, we have all this global deployment of network security. Our SASE can be both used in the software agent or the hardware agent. So instead of you have to install all the software on your device to the SASE, if you already have a Fortinet device and the Fortinet device can do the things for you. So that's other advantage, including AP switch, so making all the SASE supporting both in the working environment, now work from home there. And then the fourth, also we feel we differentiate from other competitor. We're building our own infrastructure. We talk about this actually for the last few years. You can see we have over 3 million square foot footage owned by ourself, not only for the data center but also for the EPC and also for the office building there, which we have all the technical people on site there. So that gave us much better advantage of the expert to manage that. And at the same time, the cost is about 1/2 or 1/3 compared to colo. It's about 10% to 20% compared to cloud provider. So that's where when SASE eventually have more and more traffic, so we have more cost advantage, more expert advantage. And also, we have other technology developed, we call the FortiStack. It's our own technology to manage all this data center. So that's also very different than other SASE player. This is a long-term investment. We already spent over $1 billion there and have -- we're keeping building this one. So when there's a real competition in the SASE space, we feel we have more advantage than other competitors. So now let me go a lot of other long-term investment. I mentioned, including AI, including quantum computing, including edge computing, OT, we'll continue to keep investing long term in the R&D space to meet the demand in the next 10, 15 years. So let me go to the third is loyal to all the customer, the partner investor. You can see from the customer support, customer satisfaction, so we really the highest compared to all the other competitors. There's a reason behind it. First, our supporting team is all local. So we don't use any low-cost supporting center. All supporting people want to stay with the customer. That's very different than other competitors sometimes they use a lot of low-cost supporting call center. We also build our own supporting software, FortiCare. They can handle more function, they can expand the function when needed. That's also not a competitor build their own software, a lot of them just outsource supporting. So we have our supporting people in-house and local with the customer. So that's where we have more customers, we build more supportive team, plus our own infrastructure, can do all this demonstration, can do all this kind of testing, all these things. That's what we give customer the best local support, can be on site if needed. You can see the [indiscernible] from customer return and also the other community we built up also give us huge advantage on the supporting side. So we feel in the space, security supporting is very, very important. So we really want to build the best ourselves. So this is also important really, we run the biggest training program and training program for cybersecurity worldwide, bigger than another competitor. So there's over 2 million people trained and over 1.6 million people certified for this program. Some program even target high school, some other target a lot of veterans, some other people not come from IT background. So they have all different layer training program. So we continue to invest. It's a community in the training because once people get trained, they also feel more comfortable using our product technology. And worldwide, there are still 4 million shortage of people handle security, cybersecurity. In the U.S. alone, there's 2 million people shortage for expert to handle cybersecurity. We will continue to invest. This -- most of the trainings are free. Working with almost 100 universities, hundreds of universities and all the other community. We're keeping, develop all the training program and free for all these community and try to close the gap of this shortage of security experts. Channel. You can talk to a lot of channel partners. I know a lot of analysts do the check. We are probably viewed as the most channel-friendly vendor. So channel do working with us when they do make good money, good margin. So you can look in the last -- we have developed probably like over 100,000 partner and a lot of stay with us for a very, very long time, 87%, keeping working with in the last 5-plus years. And then they're also keeping training, learning and sell multiple solution. So that's really -- the channel loyalty is also very, very important. I leave this one, probably more for finance since we IPO 15 years ago and the stock keeping growing. And the value, I think, it's really the team's great effort to make this happen. The other reason actually is our buyback return, to investor. So I don't see any other cybersecurity company do this kind of a buyback. So you can see we actually reduced the share count by 35%. And we spent probably $6.4 billion since the IPO and we also try to make sure we have a buyback program continue going forward with still $2 billion to spend, also by the board. So we'll continue to probably return to the shareholder. The other part is really, we feel we need to be very disciplined. Like from day 1, we said we need to be GAAP profit. It's GAAP profit, not just non-GAAP profit, every year since the IPO. So we've achieved that and that's continued all since. And then the Rule of 40, probably there's are some room to upgrade later. So that's pretty much my presentation for 20 minutes. You can see the 3L from a long-term investment like a FortiOS, FortiASIC, for all this kind of training, for all this infrastructure, we've become a leadership in network firewall, in SD-WAN, in OT security and also in the cybersecurity innovation. That's actually also were helping us drive all the customer loyalty, the investor loyalty. And all this were helping us to continue to grow. We want to grow faster than the market, keeping gaining market share and we're also keeping invest for the future growth for the next 15 years. So with that, thank you.

Thank you, Ken. John Maddison, CMO here at Fortinet and good to see some familiar faces down here. Usually we're online. I'm going to give you a quick overview of opportunity and the major trends. And then some of our customer journeys, then Robert May is going to go through in a bit more technical detail on those journeys. All right. We always need a TAM slide, of course, so here's our TAM. And we go through a lot of detail on which products we have, which are capable. If you look at this, the first one, secure networking, as Ken said, is really convergence but more of a hardware physical convergence. So network security, WiFi, switching and firewalling, growing at around 7%, about $75 billion. The fastest-growing one is Unified SASE, so that's convergence again but convergence more around cloud and software. Yes, there's some SD-WAN side there. But long term, that's going to be very much focused on cloud delivery, growing at around 16%. And then our security operations, which is the largest marketplace, growing around 13%. And we recently added about $20 billion worth of TAM to that through our acquisition of Lacework, which is CNAPP, which is made up of cloud workload and security posture management and then DLP to the next DLP. Overall, the marketplace is growing across all those at around 12% or by 2028 to $284 billion marketplace. If you dig down in a bit more detail around each of those marketplaces, as I said, the first one is secure networking, which is mainly made up of wireless LAN, LAN and firewalling. The big 2 trends there, again, are convergence still and new use cases. We've gone from maybe 2 or 3 use cases, perimeter firewall, the integrated firewall for segmentation to many more use cases. We're seeing firewalls now deployed right at the edge to ATM machines, for example. And the other one is cyber-physical we have been calling that OT security -- there will be a new Gartner Magic Quadrant coming out called cyber-physical security, it's the same sort of thing. But you can see the recognition of that marketplace from -- even from Gartner. By the way, we're already in 9 Gartner Magic Quadrants, Ken pointed out 5 of them. The other trend on the Unified SASE side is obviously SASE itself, which is convergence of maybe 4 or 5 different technologies. So if you look at Unified SASE it's made up of cloud, it's made up of SSE and SD-WAN. And the SSE piece, which will combine with SD-WAN to provide SASE for a single vendor SASE. And that's starting to happen in the mid-market and it's making its way up into enterprise and then, of course, hybrid multi-cloud. Most companies now have multiple clouds. The application architecture is changing to services, to AI architectures. And so that cloud security is also very important. And across both of these is AIOps, the ability to automate the operations from the user edge all the way into the application. And then the most fragmented marketplace is SecOps. If you imagine for each of those slices there, there's probably -- well, for Endpoint, there's 50 vendors plus, for other slices, there's probably 10 to 15 vendors. That marketplace is ripe for consolidation through a platform approach. The other part of this marketplace is the skill shortage. I don't know, 3 million-odd cyber jobs. So using GenAI inside this marketplace to provide automated assistance is going to be very, very important. And then hopefully, one day, given the amount of data that we have coming in, billions of events on a daily basis, we can maybe connect the dots and start to identify campaigns in the wild, which will attack our customers going forward. Now this slide, please pay attention to because this is a slide that you've asked many questions about. About 1 year ago, we broke out our business into secure networking, Unified SASE and SecOps. And every question we got thereafter was, what are they made up of in terms of our business and this is the first time we presented this. So let's start with secure networking. These are rough percentages. So for secure networking, it's about 66% of our billings. Within secure networking, you can see firewalling is around 75%, switching around 20%. And by the way, for the last 3 years, this marketplace has grown at around 9%, we've grown at 14% faster than the overall marketplace in the last 3 years. Then Unified SASE, which is made up of SD-WAN, cloud and SSE -- and you can see SD-WAN is just over half of the billings inside there but I can tell you that SSE slice has been growing dramatically from over 1 year ago. And again, the marketplace is the fastest growing here, so around 19%. But again, we've been growing faster and that represents around 23% and a bit percent of our total billings. And then security operations, very, very fragmented still, even though our kind of main marketplace there is in the SOC, SIEM analytics but many different products around e-mail, DLP, identification in around 10% but been growing at 22.3%. These are all Q3 numbers. So hopefully, that gives you some idea of these pillars and the businesses inside there. That's not all the products, of course, because we have over 50 but those are the main categories. All right. Talked a bit about customer journey. And again, I can't go through every single customer journey here. These are the main ones. By the way, for secure networking, we are the only vendor to be in the firewall market -- firewall magic quadrant as well as the wireless LAN and LAN, the only vendor to be a leader in both of those magic quadrants. No one else is. And again, as Ken says, over 50% of firewall shipments are from Fortinet. Most customers start with a firewall order from Fortinet. Most of the time, it's in the data center but it could be in the branch either/or. Let's assume they started in the data center. The natural evolution for customers is then to go to the branch and add firewalls in the branch. That multiplies the original dollar deal by 1.5 -- by 0.5, or 1.5 the original dollar deal. Then what we're seeing recently now is customers add more advanced services. So yes, they might take IPS, et cetera. But now they're adding, for example, in-line sandboxing or in-line CASB and that increases the size of the deal to about 2x. And then quite a few customers -- and the finance team and Keith will talk a bit about this in terms of how many then expand towards the LAN. They add WiFi and switching which really multiplies the size of the deal, especially around the branch. Now you can see we've added about 700,000, what I call edge firewalls in the last 12 months, which is right for a subscription service as well as expansion into something called SD-Branch. Across all of this, a very important technology that Rob will talk about is AIOps, automating the experience all the way from the data center, all the way from the edge and across all those services. The second journey that customers are going on is this journey into SASE. So again, if we have that firewall edge of the branch, 40,000-plus installed SD-WAN customers over the last 6 years. The upgrade from our firewall is very simple. It's a software upgrade. It's a service upgrade straight into SD-WAN. And then our main action going forward is to cross-sell from SD-WAN into SSE and SASE. And you can see some of the numbers there for SASE, over 300% increase in deals. The pipeline has increased 100% into 9 figures. And so we think this migration from edge branch firewall to SD-WAN to SASE and then eventually adding in more software capabilities such as Zero Trust or universal Zero Trust. And again, the digital experience is the most important thing here. If you're a remote user, you're in a branch or in a campus, wherever the application may be, measuring that digital experience is really, really important. And again, we're in 3 magic quadrants for these technologies. And then the third journey is more focused on the CISO, security operations. And again, usually start with a firewall footprint. Over 30,000 customers have installed our analytics data lake already, okay? And this is our connection back into the CISO world, the SOC world, the Endpoint world, the CNAPP world, all those capabilities. And what we start off with is with our data engine and then we add advanced subscriptions to that, things like SOC-as-a-Service or IOC, for example, or attack surface monitoring directly on top of that data lake. And then there's a whole array of products, which then can be connected via our mesh, whether again, it'd be in the cloud or CNAPP, whether it be our SIEM, SOAR or whether it'd be our Endpoint product, it's all connected through our own platform and fabric. And then what we're seeing here, we've added in the last 6 months over 7 different, what we call FortiAI or GenAI capabilities to these products. We really do think this area is really important for assistance because of the complexity of all the different vendors inside here, getting the skilled people to operate to be a SOC analyst. And so this journey for our customers, again, start with the firewall, evolves into the data lake, evolves into services on top of that and it involves into a whole array of different capabilities from the cloud, to the network, to the Endpoint. So those are 3 common journeys. There are other journeys that we have but the connectivity between all of that through our single management console, through our single subscription and FortiOS allows customers to run very smoothly through this. So I'm now going to hand you over to Robert May, who's going to talk about some of those journeys in a bit more technical detail. Thank you.

Good morning, everybody. Great to be here and see everybody face-to-face this time. John usually introduces me by saying I was born at Fortinet. I was not born at Fortinet but I had been here for 20 years, working in R&D side. And would really like to share with you guys today both how -- what our customers are telling us about the technologies that John and Ken have explained and also how we use the technologies internally because, of course, we are a large enterprise. We use all of the same products. And so it really helps to understand how we see them being used and adopted both internally and with our customers. Now we've gone through kind of a lot of what the long-term investments are. And I can tell you from the experience that -- this isn't just investing today for the long term. It's also -- these are the same principles that we've used to build and guide the product evolution since the beginning. So for example, Ken mentioned around FortiOS, around the single OS. This has really been a consistent guiding principle throughout all of the years where we started with firewall and antivirus and integrated with ASIC technology and then we continue to build out and consolidate more and more capabilities over the years. And so we'll kind of go through a little bit of kind of how that evolved. And then alongside that was the ASIC technology itself because as we introduce more features and functions, we, of course, want to keep the performance as high as possible for our customers and driving up the competitive advantages that we have by integrating the ASIC technology. When we talk about cloud as well, it's not just about providing tools and specific components to help customers manage their cloud. It's also about all of the different SaaS services that we provide because we provide over 40 different SaaS services that we host either locally or through public clouds and we have to secure all of that environment as well. So we use all of those same tools and technologies when doing that. Another area that we've started way at the beginning, of course, was the security research and the treat research and analytics part because that obviously feeds down all of the intelligence into the products that do all of the security inspection, detection and handle the responses eventually. And then over the years, we've -- John mentioned like the security operations portfolio is the largest portfolio in terms of the number of products. And there's a lot of different tools and technologies within that all go together. And on this slide, I'm showing, of course, FortiAI because this is something that sits across many of those products today. You'll see the Gen AI coming in and many more of them very, very soon because it really helps the operations. And I think one of the guiding principles across all 5 of these areas is the operations because as we consolidate and optimize more and more, it's really to help those ops teams that are struggling or need more automation within the environment and having this integration between the products is something that's really been beneficial over the years. Now all of those kind of guiding principles sit across all 50-plus products. But I think, look at it in a little bit different perspective, it's more like how an enterprise typically puts them together. How do they use them day-to-day? And you can look at the portfolio across these kind of 3 teams. And these 3 teams are exactly how we run the business as well. So on the first level, you've got the global IT, which manage the office locations and the remote users, right? So they're deploying the firewalls, the SD-WAN to interconnect everything, zero trust and remote access solutions to help secure and connect those remote users together. So this is kind of that first, let's say, work stream. The second work stream is the cloud operations. So as I mentioned, there's 40-plus different SaaS services. Obviously, we don't have -- or don't want each dev team to have to go out and get their own resources and secure all of that. There's a common platform that goes sitting across all of these different cloud environments and basically providing that as a -- just like a public cloud service provider for our own development team. So this is an internal operation. And then the third area, of course, is the InfoSec, which is collecting the logs and doing the incident response and detection, using a lot of different products to do that and building up the operations around compliance and around securing the supply chain and everything else. So this is kind of how all of the different products fit together in a real enterprise operation. Now we talked a bit about the single OS, right? What does that mean? And how is that an advantage? And what we've seen over the years, FortiOS started with a few functions that we continue to rapidly consolidate and converge more capabilities. One of the early ones we introduced was the switch and wireless controller. And this was immediately seen as a big advantage for the operations people because suddenly have gone from having 2 separate platforms to having 1 plus the configuration and everything was much, much simpler. So it made their daily life and how they continue to manage those networks much, much easier, both on the switching and the wireless level. We saw the same kind of trend with SD-WAN. So when SD-WAN started to become a coined term, we looked at each other and said, "Hey, we have all of this capability already, at least 90% plus of the difficult hard parts of the technology." And so with a little bit of refinement and a bit more automation on the management side, we quickly became the leader within the SD-WAN segment. And this is because the operations, again, was much, much easier. And so when we get into looking at SASE, you see the exact same trend happening here because in the end of the day, we use the same OS to deploy in SASE. So that means you have basically all of those capabilities of FortiGate built in. So if you're connecting that SASE environment to an SD-WAN network, it's the same technology on both sides. It's using all of the same capabilities that you have already deployed. Now in the kind of the early deployments of SASE, what we saw is, a lot of times, companies would select something as a separate project. So they now have a separate deployment trying to interconnect 2 parts of their network that was very, very cumbersome and they need, obviously, to have dedicated resources to learn that new part of the network. What you see Gartner and others talking about now is, of course, single-vendor SASE but it's not really just single vendor because that could just be a support contract, right? It's actually the single technology that you have on both sides. And what that means is that from a management perspective, all of my knowledge that I've got for managing my local environment now extends to that SASE environment. So I have already the skills and resources internally to manage both parts. It also extends to the logs because on the logging side, obviously, the SecOps have to collect that and build SOC use cases around it. Well, I've already been doing that with the same technology. So it very, very simply extends the operations there. And of course, it has things like SD-WAN built in. So if I'm trying to -- there's a failure in some part of the network, it can automatically reconcile that and reconnect and everything runs smoothly because it's the same SD-WAN technology running everywhere. Now 1 thing our customers have started to, let's say, observed in the last 6 to 12 months has been really just how easy it is to enable SASE when they're deploying SD-WAN because it literally takes 5 minutes, right? You're already doing the work of defining the application priorities, the health checks and the other parts of the SD-WAN network, deploying SASE is simply enabling a few additional locations as part of that SD-WAN network. So it becomes very, very simple to do that and easy to scale up how they can ramp that up. And when you look at MSSPs, we have a lot of MSSP customers who provide SD-WAN services using our technology. This also enables them to suddenly add SASE as a component, either as a differentiator for their service or to add additional services to their offering. So it becomes very, very simple to do that. Now as we look a bit further into the future, we can see a lot of things coming into SASE as well. There will continue to be more and more features and capabilities within SASE such as the consolidation of DSPM or DLP in there and more inspection and acceleration of the SASE environment itself. We're also looking at around the Endpoint side. And 1 thing we announced this year was a new consolidated or unified agent, which combined the technologies around Zero Trust and EPP and vulnerability detection, which was already 1 agent with EDR. So now you have EDR combined in that same agent, which will be able to be managed and deployed from the SASE cloud in the future. And you'll see more and more things integrated around DLP around deception and another one we introduced this year as well, was around the digital experience monitoring. This is another component that's part of that unified agent already. And on the edge side, there's a lot of different, obviously, orchestration and automation tools that can go into managing SD-WAN networks and what have you. These are rapidly being integrated with the SASE management console and controllers. And also, if you think about it, in the long term, there's obviously benefits of deploying ASICs in specific locations to boost performance and immediately upgrade parts of the network. Today, of course, this may oftentimes require IT to actually have a lot of knowledge of how to do that effectively and how to balance the traffic and keep it the right optimal level. Down the road, you can easily start to see now how GenAI will be able to be used to actually recommend how to do that and actually provide suggestion of how to orchestrate and define those rule bases so that it takes advantage of the ASICs automatically. So you just take a new ASIC, plug it into the network and now you have an orchestration system that's able to actually recommend the best way to take advantage of it. Now going 1 level down but still sticking with, say, the SASE area, now our global ops team has been able to obviously deploy a lot of different SaaS services, right? Some of those are going to be deployed on cloud native but locally hosted environments, others may be deployed exclusively in public cloud environments. And then you've got others like SASE where, obviously, we want to take advantage of both environments. So we need -- or want to use the global public cloud obviously, to reach all of those different points of presence globally. But then leverage the private cloud for offering additional value that can happen there and also give more cost flexibility to actually deploy the larger environments. Now as kind of discussed a little bit, what we have as an internal team that builds what we call FortiStack. And this is really operating like a public cloud service provider but providing it for our internal customers. And so this is a layer that sits across all of the public clouds, plus the co-locations, plus our own data centers. And it uses our own technologies in terms of the FortiGate of course, the FortiWeb for web application firewall, load balancing technology and CNAPP as well. So it uses all of these capabilities that we develop for our customers to actually secure that entire platform that our application developers sit on top of. Some of the other kind of interesting things that we can obviously do with our own data centers, it provides more opportunity there to introduce ASIC technology to accelerate a lot of the SD-WAN networks and connections coming into it. And then we talked a little bit about -- earlier about GenAI or LLMs. This is something, obviously, again, we can use from the public cloud especially in the early stages of developing a new GenAI tool or chat bot or whatever the application is but eventually, you can shift that internally. And then, of course, we need to secure all of these LLM environments and then provide -- we can provide additional services going forward from our own data centers. So it gives a lot of flexibility and a lot of options as we build this out further. Last point maybe to talk about on SASE is really the options and flexibility that we provide to different deployments. Now Ken mentioned this earlier as well but there is a few different layers in here. So of course, there's the public SASE that anyone could consume and connect to their own network. We also provide a white label version of that for the service provider customers who are, say, deploying an SD-WAN network or SD-WAN service today they can plug that directly in for their customers under their own labeling and everything else. So this is still the public SASE environment. And then you kind of get into the private SASE or sovereign SASE deployments, where -- and for specific use cases, it could be a service provider that has a very large financial customer that wants to provide a dedicated SASE environment. It could be for various kind of geographies where they have a whole country under a single service provider and a lot of different ways that we've seen requests already to take that technology that we've developed as a public service and be able to run that as a local option. So -- and again, as we continue introducing more features and capabilities on the public service, this comes back into the private version as well. Now last part I want to talk about a little bit here is around how does the SecOps portfolio fit together and how can customers quickly adopt new capabilities. Because at the end of the day, you've got large enterprises, which obviously have more resources and dedicated teams to manage it but everybody else needs all the same capabilities and coverage when it comes to security operations. Now one of the things that is kind of interesting here is that one of our products called the FortiAnalyzer is almost always sold whenever there's a customer buying SD-WAN or next-gen firewall deployments. And the reason is because, obviously, it's made to work tightly together. It provides a lot of automation out of the box to be able to quickly see what's going on in the network, investigate any type of IT or technical issues. It also saves them money on the rest of their operations. So it's almost a no-brainer to acquire it as part of that initial project. The second thing to note is that within the SASE deployment, it's actually built in behind the scenes. So it's already there. So a lot of -- majority of our, say, enterprise customers, already have this technology and they're starting to kind of realize now how they can turn on more and more capabilities that we've introduced in the last 1 to 2 years. Now another piece, I guess, to mention is around the interconnectivity between all these products because especially in the SecOps area with so many tools and limited resources, there's a lot of development that's gone into what we call the security fabric to make that information sharing between those tools very, very rich. So I can -- from 1 product, I can quickly get the information or take action on the other products and build that DevOps automation. And this is something we've worked on for the last 10 or so years. Now what that actually, let's say, looks like under the covers here, is many of our customers start to realize really what's inside FortiAnalyzer that they didn't know. #1, it's got built-in SIM. It's got built-in SOAR and it's got built-in XDR capabilities. This means they simply need to start taking advantage of that and quickly, they start to scale up their SOC maturity. And so as they've done that, they see that, oh, I just need to enable these other components and I can immediately get coverage on parts of the network or parts of the endpoints that I didn't have before. And FortiAnalyzer can be scaled up horizontally or vertically very easily. So as I grow and expand my maturity, I'm actually able to quickly and easily scale out that data lake as well. Another component is around the AI. And this is something where most products can introduce a new chatbot or AI chatbot that you've seen a lot of different companies offering, right? But usually, that chatbot is going to be constrained to the domain that, that product does. So whatever data it has locally or whatever actions it can take. Now with the Security Fabric, what we've built over the years has been these interconnections between the products. And what we're able to do is allow that GenAI to sit across end to end. So that means that everything, if I have a security incident, everything from that initial detection to all the triage and investigation actions that I do, all the way to the final actions that I take, even if this involves 5 or 10 different products, I'm actually driving that from 1 single location. So GenAI is able to quickly expand and we've made many, many demos on this already, both for the security and the networking operations to really show how this can work. And again, it goes back to having those kind of connections between the different products as well. I guess the last point to make is, over the years, we've introduced many different products, right? But operationally, what we've done is try to see what are the -- what are the things that the ops teams struggle with, both the network operations and the security operations. And the things around the security fabric and all the different evolution of the products over the years have been really with that 1 common thing in mind, is how do we make it simple for our customers to adopt something and then continue to expand their operations because I think it feels like maybe 12 years we've been talking about the skill shortage. And with things like AI, it just keeps going even further away from solving the problem. So having these connections between the products and all of the different architecture integration really starts to make it now closing that gap as we go forward. Okay. So thank you very much.

All right. Good morning, everybody. Thank you for joining us. I'm John Whittle, I'm Chief Operating Officer and we have a sales panel. We have our sales leaders here to give you a little bit of a view from the field and I'll moderate that panel, Matt and let me get their faces up here, so you can see everybody. So I'll start with our longest tenured person, Joe Sarno joined us Switzerland and he's been at Fortinet for 20 years and runs all of international, EMEA and APAC. And Matt and Pedro and Trevor are our sales leaders in the Americas. And we've got a talented sales team, a talented team of sales leaders as well. So with that, let's just dive in and starting with you, Joe. You have a view from the field talking to customers about Fortinet's competitive differentiators. What do you hear from customers about how Fortinet is differentiated versus our competitors.

Okay. Good morning, everybody, or is it just afternoon. Sorry, a bit of jet lag. Nice to be here, obviously and I don't know how much time we have because after 20 years of experience, clearly, the advantages of Fortinet, they are really enormous. But I will limit myself to a couple of points. One thing I've experienced through this long tenure in the company is the incredible speed that Fortinet has to go to market, right? In the early stages of our existence, Fortinet obviously being a small start-up, it was incredibly important to get new products out, new solutions, new feature sets. This hasn't changed during the last 2 decades. The great thing about this company, the great thing that I see myself, the great thing that keeps me here, I honestly thought I was going to stay 2, 3 years and then move on, I'm still here after 20 years, is that today, the speed that we go to market with new solutions and new products is still incredible. Sometimes I define that we are a cybersecurity leader but still act like a startup. We still have that start-up mindset, which really helps go-to-market, keep customers happy, build that trusted relationship with the customers and really engage with what we are doing and building with our customers. The other element is innovation. So we saw 1,800 patents out there that we've been building over the last 20 years, I'd say, again, 2, 3, I can't remember, 4x more than our closest rival. Another thing, I'm not sure if you picked it up on the slides, 500 AI patents, 500. That's more than what our closest rival has and -- in the general patents. So innovation is what's also keeping me here, innovation in terms of what I can bring to my customers to sell, which is super important. And that has brought also another advantage, which is the tenure of the teams. So I have 12 direct reports, 10 of which have more than 15 years in the company. That's another important element that goes to show how the company is really building on trust, building on having the same interface for our customers and keeping that going. So I'll pause there for a while.

That's great. Thank you. Matt, Pedro, Trevor, anything to add about the competitive differentiator.

Yes, I'll start. I was recently with a Fortune 50 company. And through that conversation, it was very clear to me that our competitive advantage is the convergence and consolidation. I mean ASIC is a very clear advantage. We've known that for years. And I would just add on to that, that consolidation and convergence, they're going from 200 solutions down to 60, and 7 of those are SaaS delivered just in security. So that particular customer is looking to consolidate in a meaningful way. It's not a theoretical objective. It's a real objective and which we're engaged in multiple RFPs through that process. And very clearly, they see that our competitive platform advantage being organically innovated is a unique differentiator in the market.

[indiscernible] I would add. Not just for our customers, right? But from our partners' perspective, right, the integration, the performance that Ken mentioned, the integration that Robert May mentioned about the FortiOS everywhere. It's also for our partners. If you think that a lot of cybersecurity today is managed through service providers, managed security service providers. By having all of this integration, they can sell a lot more services, they can consolidate a lot more services. They can offer better service at a lower price, at scale, with better support with the shortage of skilled professionals doing it quicker time to market and having a better solutions for our customers that are looking for security and are inundated with alerts, with 200 different platforms that they need to manage. So the consolidation is the real thing, not just for the end user but for the partners and the managed security service providers out there that choose Fortinet because we bring all of these things together in 1 tight little package.

That's great. That's great. Thank you. Trevor?

I don't have anything to add.

Okay. No, that's great. I should also note Matt, you've been here -- Joe, 20 years, Matt, you've been here...

16.5 years.

16.5 years. Pedro.

18 years.

18 years. There's a lot of passion. You can look at the results that have been delivered. Trevor joined us 1 year ago, lot of fresh ideas, which are super helpful. But a lot of contribution up here to the results that you're seeing up on the screen. So Joe, tell us a little bit about EMEA and APAC sales, how are we currently doing in international? Where do you see the biggest opportunities, selling not only FortiGates and secure networking but also expanding with SASE and SecOps where Fortinet is less than 10% penetrated in its current installed base.

Yes. So I'll just explain maybe for the audience, how we are organized in international. It's 3 geos. The first one is Continental Europe. So that's all U.K., Germany, France, Italy, Spain and the Nordics. We have international emerging, which are the emerging regions that are not emerging anymore because they've become a very big number, which is Middle East, Africa and Eastern Europe. And then we have the APAC region. So 3 geographies. We have 3,700 employees in that region and it's close to around $4 billion of the company's numbers. So as you can see, it's roughly 65% of the global revenue. Now we've been extremely successful in international. I must admit I've had the honor and privilege of being -- growing this company this way for many years. And the -- for sure, the biggest success we had was the movement through COVID. We had massive growth rates. And for sure, many of you will remember. Obviously, that after the COVID period came down but we're still having successful and consistent results and performances across EMEA in particular. And in particular, I would highlight the international emerging regions where for the last 6 quarters we're still growing in the high teens. So very successful region, very honored to have been part of this long journey. Now where are we seeing opportunities? So for sure, this journey that we heard about this morning around moving from the network, the next-gen firewall, so the SD-WAN, SD-Branch-to the SASE on 1 single platform and then Zero Trust. So this is where we are capitalizing on our amazing success in SD-WAN to follow up on those customers and add on new cloud services like SASE, right? And this hybrid approach, this mixed hybrid and on CPE approach has been really well accepted by the market. The other areas -- and clearly, SASE is a big part of that, the other areas is the AI-driven SecOps. Now in -- I started around 3 years ago in emerging, taking that as a test bed. We added specialized security operation, technical people, SMEs, BDMs, to understand if this was -- since it's a little bit of a different language that they speak, there's different personas that you have to address. So we started as like a test bed -- test bench, that was very, very successful. Emerging was the highest contributor for SecOps products or same-store EDR and the other elements of the offering and the Unified SecOps offering that you saw. And now we're going to replicate that in the other regions. So that's where I see some amazing opportunities other than the SASE. And of course, where we are concentrating a lot of efforts is on MSSPs. Pedro, you mentioned it before, helping those types of partners building on all these amazing cloud services. We are looking into securing the GPUs. So a lot of telcos, a lot of our big telco players are starting to build these massive data centers with GPUs. So now we're looking at and we're studying with our PMs and our experts, how we can help them protect those data centers. And of course, there's many other areas. And in particular, in my region, I have over 190 countries. So we're still exploring new countries to penetrate or build more on.

Great. Thank you. As Ken mentioned, Fortinet leads in operational technology Joe, where do you see our competitive advantages there and also the big opportunities there to secure OT and critical infrastructure.

You're picking on me today.

I'll switch off with you in a second. You traveled so far.

So yes, that's -- as you know, that's kind of my little baby, right? So roughly -- the story is that roughly around 8 years ago, working in some of the big customers across EMEA. We started to notice this convergence between IT and OT, right? So why was this happening? Because the CEOs of the companies, they wanted more analytics, they wanted more data. The OT environment was typically air gaps. There were no connections between IT environments and OT environments. And they typically had some very old technology, AT machines, stuff that was really vulnerable. So once these 2 networks started to converge, we -- and I personally saw an opportunity here. So the other element that was interesting at the time was these new IDS visibility vendors, people like Nozomi, Clarity, Dragos, you probably know these guys. So I bumped into Nozomi in particular. We had a look at what they were building, this visibility platform. We decided that this was a great complement to what we were doing on the firewalling side on the protection and detection side. So we integrated. And that's where it all began. Now if I fast forward 8 years, what we did is, by the way, Fabric was presented to the market in 2016. So we hear a lot about platformization nowadays. But in reality, we've been doing it for 8 years, right? So what we had is the IT fabric story, we translated that into the OT Fabric story. So we went back to the R&D. We asked for new products, new support for industrial protocols. We followed the Purdue frameworks and the IAC 62443 frameworks, and we built an OT security fabric, an OT platform that could address all of these layers. And that's where it all started 8 years down the road, we are going close to $1 billion in this area. We've created partnerships with the biggest and most important ICVs on the market, so all the industrial control vendors, ABB, Siemens, Schneider, Rockwell, Honeywell, GE, we have them in terms of agreements. We built an OT practice. I hired people coming from those environments because they speak a completely different language. It's all about reliability. It's all about uptime, and it's all about protecting lives when we talk about critical infrastructure. So very serious arguments. Then we added obviously professional services in OT, which is super important. And last but not least, we're, I think, the only vendor out there that has an NSE training Level 7 in OT environments. We've trained over 300 partners across international. So this is what we put together. It's become extremely successful. We believe we are the strongest player out there in OT, and we will continue to invest in this environment. Sorry.

No, great. Thank you. Turning to -- Ken mentioned the 3 Ls, loyalty, long term and leading. Loyalty to partners has been kind of a mainstay at Fortinet. Service provider and channel, we see a lot of opportunity there. They've helped us along the way, a fair bit. And so Matt, where do you see the opportunities with service provider and channel going forward?

We've had such a strong ecosystem of channel partners for years, and that's really been our advantage for a longer time. That business has been evolving uniquely over the past couple of years. And they're -- like Pedro said, it's an opportunity for us, but they're discovering how to create services to their customers and how do we help monetize, I think, with our channel ecosystem more effectively. We've done an excellent job in service provider for many years. That continues our tailwind effect of how successful we are. But it really does come down to that consolidation and convergence of those areas. We see a massive amount of effect from the channel ecosystem in those 2 exact ways. And of course, again, going back to the ASIC advantage from a performance perspective, it's just really uniquely different. I would say that -- some of these technologies that we talked about today, SD-WAN kind of leading into SASE and how fast and quickly you can deploy SASE and get to market with it. Obviously, that's what our customer ecosystem is really looking for. So not only is the technology really good, it's integrated. It offers them ability to monetize in unique ways on services, but also they're able to get deployed faster, which helps them get to profitability faster. And I'll just tell you, I was with one of our large U.S. partners last week for their large conference that they have. And I would tell you that the interest is more renewed and robust than it's ever been.

That's great. Thank you. Opportunity bounds, OT channel, U.S. enterprise, Trevor. We see great success there with some of the most discerning enterprise customers. It seems like there's a lot of opportunity ahead there. Give us your thoughts there.

Seeing tremendous success in our -- with our branch solutions, but specifically in retail and financial services. And then specific to enterprise, there's 4 things that I'm working on. I'll talk what are focus, urgency, accountability and fun. If I look at focus, if you look at enterprise, the Global 2000, a major account manager day has 12 accounts. Next year, it's going to 6. Mid enterprise or name enterprise, the average number of accounts is 60 today. It's going to about 35. And this will provide us focus. It will provide us the ability to hire more direct quota carrying sales reps. If you look at the U.S., that's where the opportunity through my lens sits. I'm obviously biased because I lead the U.S. But just from a market share perspective, we have an unbelievable opportunity to win market share in the U.S. So if I look at urgency, early on in my career, I spent time at Parametric Technology and a company called EMC Corporation. I assume everybody knows who those companies are. Those companies gave Kafina scare, if you will. When I was at Parametric Technology, I used to get to the office at 6:00 in the morning to read through book of list when I carried a bag as a sales professional. So that's what I'm trying to institute inside of Fortinet from a sales perspective. I want hunters. I want people out on sales calls, sales meetings, 8 to 12 meetings per week. And so I'm instituting that inside of Fortinet. It's very, very hard, but it's also a lot of fun. So urgency is a huge thing for me. And in my 13 years at EMC, Michael Ruckers was a CEO. If I look at accountability, Michael used to say we have 2 types of salespeople. We have A players and we have new hires, right? And so accountability is paramount to me. So I'm pushing that very, very, very hard inside of Fortinet. And the fun, right? These are really, really hard jobs. I'm the last 7 in my family. I did grew up with a lot. I like to have fun because these are really, really hard jobs. And we're making tremendous strides in the market. We're also hiring a lot of strong candidates from our competitors. And if I go back to hiring and direct quota-carrying salespeople, we are hiring people for access, meaning one of the world's largest airlines a person that we hired was at Cisco 10 years, we interviewed the CISO, right? Those CISOs are all about trust. They want to do business with companies they trust and they want to have a sales professional that they trust. And good news is we're going to replace one of our largest competitors at that major airline due to that salesperson's ability to connect with the CISO and all the stakeholders inside that airline. So a lot of really good things are happening inside of the U.S., and those are the 4 things that I'm laser-focused on.

Speaking of airlines, Trevor Hil is from Nashville, Tennessee, but as far as I can tell, he spends his life on a plane. So a hard working guy.

I'm embarrassed to say I'm a Marriott ambassador, whatever that is, this year, but I've been in a hotel 135 nights. But I don't view this as a job. I view this as a lot of fun. And I think Fortinet we have so much momentum in the market today. It's unbelievable. I get calls every single day. I get hit up on LinkedIn every single day from our competitors, right, from our competitors. Cisco, Palo, they want to work here. They want to work at the spine company, right? And that's what gets me excited and why I get up at 4:00 like I did today, right? So it's just an unbelievable time. And I'm the new guy. I've been here 13 months or so, and it's been a phenomenal ride and I look forward to helping scale this company from $6 billion to $10 billion. And again, the U.S. is where there's a huge opportunity. Pedro to my right, he's crushed it in Lat Am and has, what, 65%, 70% market share. And then how much do you have in EMEA?

About 55%.

55%. And so the onus is on me and the team to drive and take away market share from our competitors, and we're doing that in big ways and it's going to continue to be great in 2025.

Great. Thank you. As Ken mentioned, Fortinet is focused for 24 years on converging networking and security. 2018, we started focusing on SD-WAN. And soon, we saw huge success in terms of sales. We lead in the SD-WAN Gartner Magic Quadrant. Do you see parallels between that focus and what we can do when we focus on something and FortiSASE and solutions beyond FortiSASE?

We already see it, right? You saw the numbers from John. I mean it's growing exponentially. Like if you look at SSE and SASE and where it's going, the growth is explosive. And what you see is the interest from our SD-WAN installed base and that just multiplying so quickly out to the market just because the adoption that Robert talked about and the ease of deployment and the use of the solution is really uniquely different to the market. So no question, there is a very strong similarity. And I do want to say also, too, if you kind of look at the competitive solutions around, mean it's the only integrated solution out there truly. So if you look at all the functions inside of SASE, probably get a lot of different answers when you ask someone what SASE is. But I think the Fortinet has really nailed what SASE and the definition is and SSE to make it meaningful and accessible to customers without a massive deployment schedule and time line. And I think that time to market is so uniquely different. Again, we built in SD-WAN as native to FortiOS, and that is a huge differentiator. SASE is just the same. So it's going to have a very similar, I think, adoption rate and effectiveness that we saw on SD-WAN very early on.

Maybe I can add something on that. I was in at the WEF Annual Conference for cybersecurity last week in Geneva, and that gathers roughly 200 CIOs and CISOs and a few of the big GSI partners. And I was speaking to one of the GSI partners who is doing probably around $100 million with one of our rivals, and they are super convinced to get on board to this new single vendor SASE solution with us because of the things that Matt has just mentioned right now. He exactly said more or less the same thing that you said right now. So this is a -- we see this as a massive opportunity with the big GSIs, the big partners seeing that ease of deployment, that easy journey that they can add SASE and Zero trust solutions across the SD-WAN success that we've had over the years.

And also very similar to the SD-WAN story where a lot of the service providers jumped on the SD-WAN. And actually 30% to 40% of what we sell in my region of SD-WAN goes through a service provider. They're very excited about the white labeling of the SaaS, right? And having the sovereign SASE as well for their customers. And so they want to sell more services, and we're a vehicle for them to get there. And so really exciting, really big opportunity for us.

That's great. That's great. Pedro, sticking with you. Pedro, came up from Florida, lives in Florida, runs Lat Am and Canada also spends a lot of time traveling as well I describe our Canada and Lat Am business at a high level and our top opportunities for growth there.

So Latin America and Canada, when I first joined, we were 7 people. We're now over 1,500 close to $1 billion of business net of Fortinet. So it's massive growth over all these years. And I see -- and as I've mentioned before, a really high installed base, really high market share in this business. So for us, moving beyond the firewall has been a necessity many years ago. And so we have to diversify from the FortiGate when 7 out of every 10 firewalls in your region are FortiGate, you got to go sell something else. And so we have been doing that. And SASE and SecOps, as I was just saying, is a natural extension for our customers. So we have a lot of customers that come to us that have invested in Fortinet over the years, saying help us get to the next step, right, Zero Trust, SASE, SecOps. I want more visibility, right? I want to know you guys integrate so many things in every version of FortiUS, help me understand what I already have how can I leverage that for the next thing because Latin America may be more so than other regions. You have to do more with less, right? There's no unlimited budgets, right? There is no unlimited know-how. And so if you're in the middle of the Amazon, there's different challenges, right, that come to play. And so it's a very challenging region, but we've been able to execute really well. And I'm actually very excited with the opportunity the refresh cycle that we have coming up because it's a huge opportunity for us to upsell all of the new things that we've been introducing. So it's not just about replacing firewalls, right, that are end of support, but it's about adding all of these new services that we have on top SASE, SecOps, the visibility some of the OT, which for Latin America, there's a big push for virtual cities and security, which is a big thing. If you travel in Latin America as tourists or you managed to live there for some time, you know that it's a big thing, right? Feeling safe in Latin America sometimes is a challenge. And so we do extremely well in the region. I'm really excited about the future and the opportunity we have ahead of us.

Great. Thank you. So refresh cycle will be a topic of interest, and Keith and Christiane will talk about it a little bit later in more detail. But give us the field view, Matt, is there an opportunity not only to sell firewalls but also to sell beyond the firewall? What do you see about the refresh cycle?

So we have about 1/4 of the population of the devices out there coming up for refresh here in 2026. But what you're really going to see is the customer interest is going to engage much sooner than that. So you're going to start to see that in early 2025. There's a number of reasons for that, right? Of course, there's, of course, the logistics of maintenance windows and those kinds of things. But I also think it's an opportunity for customers to look at the consolidation factor of it all. How can I consolidate more and then potentially look at where we can take the convergence to it. So I think the unique opportunity of this upgrade cycle that we're going to come to is that it's going to be really powerful in the sense of the cross-sell, upsell function for the sales teams to go have the conversation. We're going to strengthen that with our partner ecosystem to come arm in arm with us to make sure that we're really capitalizing on that opportunity. How do we do that? It's really training our channel ecosystem more effectively on the 3 pillars that we have. And then as we get through that upgrade refresh cycle or however you look at that, that's a big population of assets coming due, right? So obviously, customers are going to look at that journey earlier on rather than later, and we're going to create an event for customers to make that journey very seamless and easy to adopt.

Great. Thank you. As Ken mentioned, the 3Ls, one of them is Leading. We've been talking about the convergence of networking and security for 24 years. When Ken interviewed me 18 years ago, we talked about it for a lot of the time and the power of the ASIC. Now others are starting to have that conversation where you see SASE and other kind of integrations where there are opportunities there. Tell me about that, Matt. Do we see transformational opportunity in terms of our leadership and this convergence of networking and so.

We're seeing it everywhere across these big SIs. Joe talked about one of the SIs. We're working very closely with on the transformation. I mean that's really what they specialize in. That's their complete focus is the transformation. But every enterprise customer down to SMB customer and everybody in between that is really looking at the transformation effect that's happening. And good thing is they really look at Fortinet as their trusted partner in that journey, which is something that we've had to build over time with trust, as you mentioned, right? It's about delivering on the solutions. And our solutions really, when you do put them in side-by-side, that creates a really unique opportunity for us. It's coming down to the show-me kind of show me strategy or the show-me that it works, especially as these technologies do converge and consolidate in. So they're getting much more disciplined, I would tell you, in taking it off the slideware and bringing it into the lab and saying, okay, show me, tell me what's really working. But the transformation is very much real. And I can tell you that there are several SI partners, very large national channel partners who are just completely focused in this area. And again, as Pedro mentioned on services, this drives a massive attach on services. So that's exactly what speaks to them and then we back that up with the close partnership, enabling them, as Ken mentioned, with training and of course, all the assets behind really enabling them to be more effective doing it. So we are seeing that transformation become very, very real, especially this year, kind of in this back half of this year.

And I've witnessed you have a security silo sometimes and a networking silo in big organizations. A lot of big organizations are looking for a cost-effective solution. If you get above those silos and you have a solution that's very cost effective, it can be transformational.

Yes. I mean there's a lot of personas, right? When we talk about platform. There's a number of personas that we have to obviously meet and I think, take on the journey with us and we talked about some of those journeys and the transformations that we have. But you are engaging and interfacing with the CFO, the CIO, the CISO, and sometimes even the CEO, we see that often, right, because they want to understand what the evolution is going to be. But you're absolutely right, and educating our sales teams more effectively, communicating through those personas has been part of our journey this year.

That's great. And it's also expanding with the new acquisitions that we did around CNAPP and DLP, different personas, SecOps people. So that's going to be an evolution for our sales to understand and be more aware of.

Yes. Great. Okay. Last question, and I'll start with Trevor, but I'd love multiple inputs here. So Trevor, as you said, we're seeing a lot of people want to come to Fortinet. I think it's a combination of opportunity, culture plays a part in that in any company's success, strategy, track record of execution, as you can see on the screen, those are important. Culture is very, very important. And Ken has really set a consistent culture at Fortinet. We've had a steady strategy. We've got the proven track record of execution. How does that culture factor into our success?

It's everything, honestly. So if you look at -- first of all, congratulations to Ken in building this fine company because he has built a great culture. Most of the people that work at Fortinet have been here a decade, which is a testament to Ken and the culture that he's built and all the people that are on the stage with me. So inside the company, the culture is unbelievable. As I mentioned earlier, we have people that want to come work at Fortinet, not only because our tech is great, because our culture is great. We have really, really good human beings. I'll give you a little story. So as John mentioned, I live in Nashville, Tennessee. I'm on the road a lot. This summer, we had a gentleman flying us on his own dime from one of the largest home retailers in the world out of the Carolinas. And he came to speak at an event at the 12:30 club in downtown Nashville. Anyone been to Nashville? Yes, it's on Broadway. It's pretty neat place. And so he came to speak to two other retailers, one who uses one of our competitors, another retailer who is a Fortinet customer we're trying to expand, right? And he talked about his journey ripping out Palo Alto Networks and putting in Fortinet. So he talked about not only the great price performance that he sees in his environment with Palo Alto Networks, but he also talked about your're company, Fortinet, that we'd like to do business with, right? Your founder, Ken and his brother, Michael, the most humble individuals he's ever met in his life. That's great, right? You don't get that very much in high tech. And I've been in high-tech 25 years, and it's a tribute to Ken and his brother, Michael. And culture is everything. And the other thing is winning, right? I love to win? I didn't come to Fortinet to compete. To me, that's table stakes, and I want to build upon what's been built here, but I want everyone to be thirsty to win. It's fun. It's like getting a B12 shot. I get a few of those every night because I'm tired of a lot. I travel all the time. So -- but it's -- so it's culture is so important, right? And as I mentioned earlier, we have so much momentum in the market. I get lit up every single day. on LinkedIn, my cell phone for people who want to work at this fine company. And that's what's so exciting, especially about the U.S. market because we have so much white space market takeaway from our competition. So winning in culture is everything to me, and it's not only a Trevor and Fortinet thing, it's also a customer thing, as I indicated in that story about that retailer. So that's a tribute to Ken and his brother, Michael, for building such a fine company built around great culture and great people.

That's great. I was just going to say -- why I think that is, is customer first, customer obsessed. We've always been that way. That's really our ethos as a company. And I can think back, I could probably give 1,000 examples over the years of some of those situations that we find ourselves in. Technology is just inherently hard, right? So -- but it's about how we support our customer that makes a huge difference and us being available as a team. I think what you'll find throughout the entire Fortinet team is that anyone is available at any given time, and everybody wants to be available. And I think that really translates to our customer, and they feel that authenticity from us in a very unique way. But really customer first, customer obsessed, you can't go wrong if you leave that position.

Yes, And it's an engineering company, right? So we are all more or less engineers working every day in and out. And the other great thing that I found over the course of the last 2 decades is that we have a really flat -- a little bit of what Matt was saying, have really a flat organization. So when you're speaking to the customers, if there's any type of problems, any type of request, any files, whatever it is, that the hops to get to where it should go, where that request should go are very short. It's not a complicated organization, extremely flat. Everybody is available, humble and reactive. So I think that's a little bit of what I said at the beginning, speed to market.

And to me, I think a lot -- I think you guys see on stage, the tenure here is very long, right? We've been almost 20 years here. And that to me means that we honor our commitments because we sit in front of the customers today and tomorrow and the day after. So when we promise something that we're going to deliver, we will deliver, right? So we're not mercenaries and trying to do a sell one time and then disappear. And if you go around in the industry, it's very common to someone to stay, especially at our levels couple of years and then move on. This doesn't happen at Fortinet. It's not very common that happens at Fortinet. And so we've been here a long time supporting our business, supporting our customers. We honor what we say. We stand behind our product, and we're convinced that we're continuing to do it. So I think that, that was a key ingredient because at the end of the day, sometimes it's hard for the customers to distinguish between feature A and feature B and in PowerPoint, everything works beautifully well. But at the end of the day, people make a difference, right? And as Joe, Matt and Trevor said, we are the people, we're the ones behind the machine, and we'll be here when things go well and when things don't go so well. We will stand behind the customers that trust us.

I agree 100%. And from my standpoint, it feels like family in some ways. We've got a lot of passion for Fortinet for the mission. We all really care. It's more than a day job. We believe in the mission. We have confidence in the mission. We love Ken and Michael's story. This is a great company to get behind. And I think that hopefully comes through in this panel discussion and otherwise. All right. Well, thank you, panelists. Thank you all. We have a 10-minute break right now. Really appreciate it. Great discussion. Thank you very much. [Break]

Welcome back. Thank you, everybody. I don't know about you, but I certainly enjoyed hearing yet again Ken's story, his vision of not only where the company has come from, but where it's going. And at the same time, then to move into, I think, a very robust and helpful conversation about SASE and SecOps from John Maddison and also Robert May. And then, of course, I particularly enjoy the roundtable of the sales team. I don't know that we've done that in the past. I think my takeaway with all that bullishness is that quotas are going up. So we'll take that offline in a moment. Everybody is okay with that. Everybody here says it's fine, right? So I think as we kick off the finance section, right? Maybe there's about a dozen slides that we'll get through, hopefully, fairly quickly. I'll cover off probably 4 or 5 to start. Then I'll bring up Christiane, who'll cover off some of the media things that I think you're interested in, things like operating margins, what we see in the future, what we -- how we reconcile to what we just went through. Also that upgrade cohort, the 2026 firewall is giving you a lot of information about that. And then also build out a little more detail around the customer journey for SASE and for SecOps, okay? As as we started off, I'll come back with a bit of a call back here for Ken's slide where he talked about the Rule of 40. He's a little bit shy, but he didn't say that 12 out of 14 years as a public company. He set the Rule of 40. You should watch this slide very carefully. I can't tell you how much longer it may survive, okay? All right. One thing that when we look at our business in terms of our strategic investments and what our mix has been historically, that chart on the left, it gives you the mix between M&A and between our engineering costs. And we use this slide frequently with customers to really talk to them about this notion of we are a build versus buy company. We want to build it ourselves. We want to preserve that single operating system that you heard Robert and John talked about earlier, right? And then also the fact that the mix of our engineering staff is more software-centric than it is hardware-centric. As you've seen the shift over the years from what this ASIC has empowered to what the operating system has now become across all those different Gartner Magic Quadrants. And then if you look at the mix of our buyback and our M&A, you can see, as Ken pointed out, a very rich population of buyback. And again, very consistent with the M&A strategy that we've evolved. We've talked in the past about the diversification of our business model. It's extremely diversified. If you look at the customer mix, a very large set of customers but spread across small, medium and large. If you take that MSSP wedge, and I'll let you divide it up however you want to amongst the 3, you're getting to a business model that's fairly close to 1/3, 1/3, 1/3. It's a very significant customer base. And it's needed for what we're going to go through now with SASE and SecOps and this cross-sell and leveraging that 2026 cohort that's going to refresh. Geographically, it's also a very diversified business. And you also heard very different in the geographies. You heard Pedro talk about Latin America and you heard Joe talk about EMEA, where they're the incumbent. 70% of all firewalls in Pedro's region are Fortinet firewalls, very different than what Matt and Trevor have in the U.S. where it's a smaller footprint. And so when you look at the go-to-market strategy and what's needed, Joe and Matt need things -- Trevor and Matt need more access into the enterprise. They need that footprint to grow where Trevor and -- pardon me, where Joe and Pedro are, they need more things to sell into that installed base. And that's why you hear Joe talk about the OT journey and how soon he got on it and why you hear Trevor talk about SASE and SecOps. When you look at the industries, the only thing I would call out is I think that the manufacturing wedge now coming back into the top 5 really is consistent with the OT market. It's not a direct relationship, but it's pretty close to that and then also the retail space now getting back into the top 5. It's a business that provides a very rich cash flow. We've talked about this frequently, and we use that cash flow for innovation purposes, obviously I also wanted to call out just in terms of the question that continues to come up about average contract term. You can see that for the last 2 years plus this year, we think we're going to be at 28 months, very consistent. As we continue to see growth in SASE and SecOps, we do anticipate that it will create some headwind to that monthly number. However, the sheer size right now of the networking and security in the firewall market is such that it's really going to support that longer contract term during this midterm frame that we're in. If it doesn't, that really means that SASE and SecOps have done something truly outstanding, and I think we'd be extremely happy with that. Adjusted free cash flow, you can look at where the margins are on the left-hand side. We've been very successful over the last several years and you adjusted, for the real estate of putting a number up that's kind of in that mid-35% range, mid-30s, maybe just a tad bit higher. On the revenues, as you watch the firewall market go through this trough, right? And you've seen our mix shift from product to services in '23 and '24, right, a pretty significant mix shift. And in a rough math, I would tell you that every 5 points of mix shift moves the gross margin 1 point. So I'm getting about a 1 point tailwind right now on gross margins because of the mix shift. As we start to see things like the 2026 firewall refresh or cohort come through, that mix should start to turn, and we all know that services are a lagging indicator and product revenue is a leading indicator. On the right-hand side, you'll notice a term we've not used publicly before, RPO. RPO at the moment is not significantly different for us from our deferred revenue, but with the addition of Lacework and its $50 million, if you will, of RPO, just not in deferred revenue. And in anticipation of what SASE and SecOps could become, we wanted to introduce the term here, including the notion that the current RPO, CRPO in the sub-header you see is about a 16% growth rate. And I think, as promised, I'm going to bring Christiane up for the good stuff.

So as Keith said, we want to bring some of the numbers into perspective that you've seen and kind of related back to the story that you heard. We are a globally diversified company. And so we've benefited from the shift to more services in our gross margin. But if you look into the future, you will see that there's a little bit of a normalization that will happen. We expect fewer inventory reserves that will keep up the gross margin, especially for hardware. On the other hand, we may see a little bit of a mix shift. So if you normalize what you've seen over the last 2 or 3 years, we expect going forward about 79% to 80% gross margin for your modeling because we expect a little bit more product to sell, but that brings down the overall gross margin, but not significantly. You also noticed that our operating margin has increased significantly, and this is a little bit the start for Keith's final words on like where do we end up? What are we maybe committing to in the future? And the current gross margin -- the current operating margin that we are predicting for 2024, maybe a little bit on the high end for the future as -- as I just mentioned, we expect gross margin to come down slightly. And we also want to invest more in sales and marketing as this year, our growth rates have not been where we want it to be. So the normalized operating margin will also be slightly lower, but not significantly. And we hope that we can offset it with some really good growth in the future. Some more metrics that might be of interest to you. And on the kind of success of our other pillars that we are really focused on to give the sales teams more to sell, more to talk to our customers to support the story of convergence. Our unified SASE growth this year has been -- or in Q3 has been 11% and SecOps has grown 14%. And these numbers -- no, sorry, Unified SASE has grown 11% last year, 14% this year, clearly outgrowing the market and SecOps has grown even 32%. So while the numbers, as you can see from RPO and ARR are still small components of the total business, it's growing faster. And we expect it to grow faster because we have a huge installed base, and we are trying to sell into the installed base as the sales teams just explained. Of course, in the U.S., we have also a massive market still to be tapped in because we are not the market leaders. So you will see a very balanced growth between the different pillars in the future. Why are we showing RPO for Unified SASE and SecOps is, really that we expect a little bit more of a change in RPO, specifically for SecOps, which has more SaaS solutions compared to deferred revenue. In the other parts that are more hardware-centric, RPO and deferred revenue may be pretty similar in the future as well. And what I'm really focused about is also ARR because this normalizes our billings a little bit and gives us a better idea of how we are growing, how we are grabbing market share. And while billings is a great metric for cash flow. ARR is a better predictor for revenue in the future. So this is an important metric that we will track in the future and not only for Unified SASE and security operations, also, of course, for our secure networking pillar because there's a lot of services that we sell with our FortiGate, and that is really where the convergence and the security comes in. What we wanted to put into numbers or more explanations are some of the customer journeys. Of course, in the large enterprise that we've used as an example here, you see more of an adoption. And please also keep in mind, large enterprise is predominantly outside the U.S. Of course, we have large enterprises here as well, but a lot of the numbers are impacted by the success outside the U.S. So our customers typically start with firewall, but not only. We see a lot of customers that meanwhile are hybrid. So they buy virtual as well as physical firewalls to satisfy their cloud edge. Then the next journey is enabling SD-WAN. We have a lot of customers that even as we see slower growth rates in SD-WAN are adopting the SD-WAN by just flipping the switch on and enabling the respective services. And then, of course, the next journey that we just started and we are at the start here is the SSE expansion and this is going to be one of the biggest growth pillars that we expect. And we -- which you may have seen on the previous slide, the ARR for just the SSE component has grown 500%, which is reflected in the steep curve of adoption in large enterprise. And if we can roll it out to our huge customer base in SMB, it's going to be really powerful. You heard a lot about convergence today. This gives you a little bit of an idea and an example for how much are our customers actually buying into these convergence strategy and journey. And so we can see a lot of customers buying switches, and we see a 10-point increase over 2 years APs. We've always sold to large enterprise quite a lot. And if you look at the left, the OT penetration in large enterprise is quite significant because, as Joe explained, more and more customers are looking at the convergence of networks and operations. And so especially in EMEA, we have a huge customer base that is buying into the OT strategy, and we will continue to capitalize on that one. I think this is what everybody has been waiting for today. So let me put this a little bit into perspective. We've been talking about the refresh or what we would actually call the upgrade cycle. And in 2026, we will see a significant number of Fortinet firewalls come end of support. What we've done here is give you a little bit of a perspective how many models each year were marked end of support. And how does this work at Fortinet? Basically, at some point in time, we decide that we are not selling certain FortiGates anymore and that the next model is introduced. So then we are declaring a product end of sale, but we give the customer the guarantee that from the end of sale time, we support it for 60 more months. So that every customer has a 5-year guaranteed life cycle or even longer. Typically from the market introduction, it's between I would say, 8 to 10 years. But at some point in time, we decide not -- don't have enough components anymore. We want to bring out the new models. So we declare it end of sale from that time onwards. So you can see -- and if these are -- these devices, these 11 models are end of support in 2026, they were declared end of sale in '21. Why is it such a steep increase? First of all, it's 11 models and these were high-volume models. Second, Fortinet has grown over time. So you would expect that with high-volume models coming end of support, the number is growing. To put it into perspective, the 2026 cohort is about a 1/4 of all the registered devices, FortiGate devices that we currently have. And because it's such a large number, it's mainly 65% to 70% is the low-end firewalls. We do have some large firewalls, the 1500D that's also coming end of support. So -- but it's dwarfed in the numbers here. In 2027, we have another cohort that comes end of support. And then as you know, we've sold a lot of FortiGate in 2022. You can see it from our product revenue. We expect that even though there is not an end of support cycle in '28. These devices registered in '23. So many of these devices here will come up for an upgrade cycle, maybe not forced to an end of support cycle, but as well. So we expect more upgrade capabilities, opportunities for us. And then over the next 3 years -- next 3 to 4 years, combined with all the other products that we've currently introduced or that we are currently innovating to give us the ability to sell more services as well because that's why we are introducing ARR. An upgrade or replacement or refresh cycle of the hardware, it doesn't mean we are selling more services, right? So ARR is really critical for us to measure are we expanding because we may not directly see it from billings. And so that's a critical measure for our sales teams to see how good are we in capturing more market share, broadening the service base and making sure that we keep that 1/3, 2/3 delineation between product and services because we want to be a service company. This is where a lot of the value is as well. So with that explanation, I'll hand it over to Keith, who will give you the guidance for the next couple of the new model targets, the model -- Now you're guiding them to the model.

Nothing that can compare to that. I have to admit. All right. Thank you, Christiane. I think that's fantastic. I think -- hopefully, we provided the bridge, if you will, how to normalize the gross margin and by extension, the operating margin. You can see the unusual events in '23 and '24 to help you with that process. I think also the cohort of the 2026, I think, gives context, but now also following on for your benefit, a cohort of '27, right? And you can kind of -- I'll leave it to you to model what year you think those products will actually drop and how you split that between years, but it also gives you a sense of the tail that's coming. But most importantly, that opportunity for cross-selling into SASE and into SecOps. I stole the thunder before, didn't I? So the Rule of 40, which we've been talking about for many, many, many years, quite proudly. We wanted to provide this as kind of an insight if we had been operating under the Rule of 45 for the last 5 or 6 years, what would it have looked like? And how much of a stretch for us is it to start targeting a Rule of 45. And with that, for the midterm model, we're targeting a growth rate of both billings and revenue of 12% or more on a CAGR basis. Operating margins of over 30%, 500 basis points higher than our last floor, again, over this midterm period and officially bringing in the Rule of 45 raising that by 5 points from the Rule of 40. And adjusted free cash flow margins in the mid-30s, perhaps a little bit higher as we go forward. We believe that the cohorts that we talked about in '26 and '27, together with the opportunities that we see in SASE and SecOps solutions and the continuing success in taking market share penetration, whether it's internationally or in the U.S., all provide tailwinds to this new model. Just some modeling points, just as a recap. We didn't change anything from what we gave before, right? Okay. And then some more modeling points for you in terms of cash paid for taxes, capital expenditures and the non-GAAP rate. Aaron will post this presentation on the website soon for me. Within 24 hours, maybe a little bit sooner. Okay. There's a lot of pictures have been taken there, you might want to help them out. Okay. If I would just kind of take all the presentations today and put them into 4 different buckets in terms of what we think the key takeaways are about Fortinet, about our messages today, whether it was Ken's vision, whether it was the go-to-market strategy and the road map for SASE and SecOps or the information from our sales leaders and then all supplemented with the great data that Christiane provided. I think you would look at this and we want to emphasize that our TAM is now up to $284 million. And I think that reflects what we see in this industry, which is there's always a demand for new technologies. It's an extremely dynamic industry, and it has its own set of catalysts, whether it's threat actors or adversaries of any shape or fashion or regulators or what have you. We think we've established that foundation for growth. That unique combination of the ASIC investment probably total several billions of dollars, together with the operating system, creates a moat that we don't think competitors have. They can't compare that to us. At the same time, it positions us to deliver what we see from our customers in terms of what they're looking to buy as we go forward. And we talked about the upsell opportunity. Again, to believe at that point, that 2026 cohort and now with the addition of the 2027 cohort and the context of how many of our units that we're really talking about there in terms of our total population together with the acceleration of that chart when you offer a trend line suggests that we should be able to continue on that growth curve. And then our history of growth and profitability. I think we're very pleased with the profitability that we've delivered and in exchange or as part of that, delivering that profitability back to shareholders in the form of what has been a very rich buyback program for several years. Okay. And I think what we'll do now, Aaron is going to come up. You can come on up here, it's fine, because we didn't have a break after the business section, right, for the salespeople and so forth. We're going to bring everybody back on stage. I thought the presentations today were fantastic. I really think that the sales leadership as well providing context and getting you one step closer to the customer, the understanding of how our markets differ. We want to get everybody back on stage so you can ask them questions, including how they model 2026, right?

Hamza Fodderwala, Morgan Stanley. Just 2 quick ones. Ken, about 5 years ago, you talked about how the edge was going to eat the cloud, right? I'm curious, when you think about your SASE strategy, particularly the sovereign private SASE portfolio that you have -- how is that differentiated relative to some of -- what some of your competitors are doing? And then secondly, for Keith, you talked about over 30% EBIT margin 3- to 5-year target. Is that an average over 4 or 3 to 5 years? Like in some years, could it dip below 30%?

Thank you. It's a great question. I do believe long term, the edge computing will be probably overtaking a lot of secure computing right now because the next wave of connection, like I mentioned, probably more on the device level and OT security, all this area. And you can see that's where like also some other trend is really the GDPR, whether we call private SASE, sovereign SASE. That's also kind of making certain centralized cloud solution may not really fit for all the customer needs. So that's where a lot of devices like connected cars and other things, you really need to make a computation on the edge side instead of well depending on the cloud. So that's why we feel kind of have a hybrid structure infrastructure is more important. It's always debate whether cloud or edge, all these kind of things, but I do believe a hybrid approach, if you can have the same user interface or operation system, customers have the freedom to move from edge to the cloud or on-premise to whatever the virtual, that's what we offer the best. So that's what we try to achieve and also try to differentiate ourselves. It's really kind of give the customer their kind of freedom to move among AG cloud or virtual.

And the second question, I think I would go back and look at the journey of the 25%, how we talked about it. First, it was a target and then it was an average and then it became a floor. I think we've already skipped past targeting 30%, and we're really now talking about the average during the midterm period being 30% or more. Keep in mind that whatever we end up with the current year -- that operating margin number that we have right now still faces about a 230 basis point headwind from Lacework. That headwind should ease over time as Lacework grows and we absorb some of that cost structure. On the other side, I think the need to invest or the opportunity to invest in the go-to-market part of the business still is very significant, and I would see us easily wanting to spend at least another point or so there.

Patrick Colville from Scotiabank. Thank you so much for doing this. Congrats on everything you guys have achieved and the vision is super exciting. Again, one for Ken, one for Keith. Ken, one of your competitors announced this platformization initiative 9 months ago, I guess, define platformization how you wish, but one component is performing buyouts do you think Fortinet need to perform buyouts in order to penetrate the U.S. enterprise? And then, Keith, one for you what's the linearity of that billings target over the next 3 to 5 years? Will there be an arc or is it 12% all the way?

For the enterprise buyout, let me introduce Trevor. He's our enterprise expert.

Can you define buyout, just so I understand through your lens?

Yes. Let's say you've got Cisco, Palo, Juniper, the contracts -- let's say you've got Cisco, Juniper, Palo, the contracts expire at different times removing that friction to the customer says, "I don't want to standardize on Fortinet because I have these contracts expiring at different times. Fortinet covers the cost or provides free during those contracts expiring?

Yes. So a couple -- that's a great question. A couple of things. We do buyouts in advance of a PAN renewal or a Cisco renewal. We just hired PAN's one of their top financial services person to help us in that endeavor, if you will. And also, respectfully, and I respect PAN. I know people from my time at EMC that work there, but we've capitalized in a big way of PAN because they go into -- when renewals come up, they'll take a $20 million renewal and raise it to $40 million with no new product, right? So that's great for us. But we do buyouts. We've done them creatively, and we have a person that we just hired from Palo Alto Networks to help us in that endeavor.

Yes. I think what I encourage Trevor and Matt is kind of the 80-20 rule and that I want 80% of my business just to go like it goes, right? There's a price list that goes through the channel and so forth. But when you have a knockdown drag-out opportunity to go toe-to-toe in the channel, particularly in the U.S., I mean, go find out how the customer wants to acquire and purchase and what it's going to take to dislodge the incumbent and thus have that conversation. So I think they know they have a fair amount of latitude, and that's what Trevor is talking about a little bit there. And that way, I've avoided the 12% question that you asked. And real fast on that platform. We will be back in early February to have guidance for 2025.

And we talked about this today. We are the only security and networking company in the world. that has a single OS. We are the only one, right? And does not have a unified OS. They've bought a lot of companies and cobbled them together. When the sales team does their job, and they sell a FortiGate, which is the tip of the spear, that's land and we can expand into SD-WAN into SASE. It's unbelievable. And our customers, if you look at most CIOs and most CISOs, they want to do more business with fewer vendors, and that falls right to us, right? The onus is on us to go out and execute on what we've talked about today. So it's just like I said earlier, it's a phenomenal opportunity right now to be at Fortinet.

Fatima Boolani from Citi. Ken, I wanted to start with you. I think there is a prevailing misconception about Fortinet as it relates to your advantages being translatable as you move to cloud and multimodal delivery architecture. So specifically, what I wanted to ask you was, can you spend a little bit of time talking about the cloud ASIC and the virtual SPU investments that you've made in the context of, I think, $1 billion or more that you spent in R&D and proprietary chips. Where is that architectural distinction? And how does it not cannibalize what you are all phenomenal at from a hardware acceleration standpoint? And if you could just help demystify some of those misconceptions and maybe misperceptions. And then I have a follow-up for Matt and the sales team.

Yes. I think for the ASIC, it's really try to lower the secure computing cost. So if you look at today in the cloud, secure computing probably only count 1% to 2% of the total computing in the secure computing there. But we do believe that number will keep increase. And when not increase just like how AI, how the GPU being lower, some other like AI costs, some other things there. So we do believe eventually the secure computing cost also even leverage ASIC technology because the cost, not just the computing cost, but also the energy cost and also the performance improvement and so not only just benefit appliance in the field, but also benefit the cloud, the data center. So that's also we use internally ourselves, like each all the SASE data center, we can see how much CV can have leveraged our ASIC chip to all the secure computing, all the SASE function because security tend to be -- need about 30 to 100x more computing compared to the general routing switching. So you need to have a lot of computing go through all this kind of -- whether in the data center or in appliance there. So traditionally, we try to use ASIC more into the appliance space. That's where customers see some benefit on performance there. But there's more computing more to the cloud and also some kind of service-based SASE. We also feel that kind of part of secure computing also can leverage ASIC technology. And also including OT, which Joe is an expert there. Actually, he's also engineer. I think for Siemens before he enjoyed Fortinet 20 years ago. So you can see also in the OT environment, it's the same thing. . A lot of OT has to be using this network security to security, a lot has to go through all this kind of computing. That's what we do believe the ASIC eventually just like how the GPU benefit AI. So the ASIC chip, we call SPU can also benefit a lot of secure computing, whether in the cloud or appliance.

I appreciate that. And for the sales leadership, I wanted to go back to some of the new disclosure that you shared with respect to the enterprise net retention rates and a lot of the opportunity that you have in the large enterprise, that was abundantly clear. But those are companies, I think, that you've defined or classified as companies doing $10 billion or more in revenue, which is fantastic. But this massive long tail of customers in an 800,000 installed base, right? So large enterprise is great, a lot of opportunity there. But within kind of the meaty mid-market, I was hoping you could spend a little bit of time talking about sales segmentation strategies and potential shifts because the buying behavior might be different, but I think the opportunity might be better?

Good to see you. Yes, absolutely, right? That meat of the market, as you described, is really where Fortinet strength really translates really effectively. And there's a reason for that, right, because the complexity and the sheer manpower that typically companies have in those areas, you don't really necessarily have the workforce in place to be able to effectively do that with tons of people. So how do you automate that? And that's where Fortinet really comes in that consolidation and conversion strategy really translates extremely well to these companies that are trying to solve something that's extremely complex. How do you get over the -- if it is an incumbent situation, but how do you get over the conversion of incumbent technologies? How do you do that? And then we have tools that do that for -- we have a ton of services available again with our partners, and that plays a huge role in this meat of the market is that they're extremely focused on that part of the market. Some are DMRs, national partners and, of course, our focus partners. But that ecosystem of companies helping us to push in those areas along with our ability to consolidate and converge is a huge differentiator because it's not just about cost, right? It's also about complexity and risk. Those are the kind of 3 elements that I think drives the consumption better in those markets for Fortinet than anyone else out there.

Brad Zelnick over here at Deutsche Bank. Thanks so much. As always, great day, and congrats on 15 years as a public company. I wanted to talk about that refresh slide. So very, very helpful disclosure. I'm curious to understand would it look much different on a dollar basis as opposed to looking at units. And when we think about your midterm guidance, how does the yield that you're assuming on that refresh opportunity compared to prior refresh opportunities that you've seen. Is there an argument that yield can actually be greater because you've got a much broader, more compelling converged offering today to go cross-sell and upsell than maybe you had any in the past?

Do you want to talk about it?

What is the yield. So I would say because it's mostly smaller units, right? The yield is probably around net to 40 net over the next 2 years, around $400 million to $450 million in product revenue if -- with normal churn and an average price. So that's -- if you put it into perspective to the total revenue, and it refreshes over 2 years is definitely helping product revenue. Total revenue is probably up 4% or 5%. So depending on the rest. From a billings perspective, it's a billings event. It gives us the ability to sell more and to sell more attached services and have a discussion with the customer about all the other products that may help them. So I think it's a compelling event for us to go out to the customers, and that's what -- why we have our sales teams here to really explain how they capture the minds of the customers.

I think the -- we're certainly aware of the opportunity, as we said midterm targets. The nature of your question kind of suggested I should raise those midterm targets after 15 minutes, I'm going to pass on that opportunity. I think the math that Christiane was referring to, and we'll let you make your own assumptions about things. You can take the units that are up there, call it 650,000 units. And you know what our price points are. We're very open about our discounting and so forth. And one thing that we did do to add to a data point to this conversation, and Christiane worked through it was of those units that are coming up for an upgrade cycle in 2027, what percentage of those are still pinging home. And the answer to that was 85% in the last week. I can't tell you what they're doing with them, right? But I think that's a pretty good indicator that there's life out there and there's going to be an opportunity and there's going to be a reason to talk to customers. If you go through that math, you probably need to make some assumptions about ELA agreements and how many of those units already may have kind of gone through there. So I'd probably be a little bit shy about giving a specific number, but I'll defer to you to refine the math that maybe you've already done previously.

Yes, question over here. This is Max Gamperl from Goldman Sachs. I wanted to ask, with the growing traction in your Secure Service Edge business, has your view changed at all on how this might impact the firewall appliance market? Do you expect SASE to impact the hardware side of the business at all? Or should we expect similar growth rates in appliances regardless of Secure Service Edge adoption?

Maybe I can take a tack of that one. So I think we haven't seen any change in what we thought would happen. And that is remote users are transferring from VPN technology to SASE technology. And that's probably the best use case there. The next use case is what I call the FIN Edge, people are calling it the coffee shop. Well, you can't get a substantial hardware footprint there. And so that will be a SASE implementation as well. But for branch, large campus, OT factories, et cetera, there's still going to be a hardware footprint. Even if it's just for SD-WAN, there will be a hardware footprint there, which we think will add security and the combination of SASE. So those environments will become more hybrid as you install SD-WAN and SSD but you're going to need something there, whatever it is, those locations because you need to direct and steer the traffic out, whether it's going to SSD or it's going to data center or multi-cloud. So we don't -- again, I don't think it's going to affect that entry level, firewall, entry level or SD-WAN located for those use cases.

This is Jonathan Ho from William Blair. I just wanted to offer my congratulations for the past 15 years. It's been a great ride. In terms of Fortinet's success internationally, this has clearly been an area that I think is underappreciated by investors. Can you help us understand how you can bring some of what you've seen on the international side to the U.S. and perhaps maybe what's baked into your guidance around the ability to gain traction on the domestic side?

So I can talk about the success we've had in international, but how we bring that to the U.S. -- I can teach them if you want.

The competition begins.

They have to pay.

Yes, so and I work really closely and obviously getting the commonalities and synergies that each one of the geos represents and what is -- it's very different for Pedro, for instance, as you said, 7 out of 10 firewalls are Fortinet, so you naturally have to move outside of the gate in order to be successful. But how we replicate those is pretty simple. It really comes back to a really strong channel ecosystem, direct relationships with customers, building that segmentation strategy as we talked about a little bit earlier today, really having the focus in those markets, in the verticals and segments as you approach each one of those markets. So we're very much aligned in the sense of how we think about genetic makeup of the sales organization and then finally, enabling the field to be most effective at selling platform, rather than point solutions, but really understanding how to sell and position the fabric in a more effective way is critical to the success. And so we're very unified in that approach.

It's also about sales enablement, right? So we have been very strong at selling firewalls in the past. The market from this year onwards, we've redefined our strategy. So having that extra sales enablement for the -- so the SASE journeys and the AI-driven SecOps journey is what we're going through right now, especially in the U.S. As I mentioned on the panel, we started a few years before. It was just an intuition and that was extremely successful, and that's why international grew slightly faster than the U.S., but they will catch up fast. Hopefully.

Great. It's Keith Bachman here from Bank of Montreal. I wanted to ask 2 questions. The first one is a product one and then, of course, Keith, I have one for you on the guidance.

The targets.

Beg your pardon. Targets. On the solutions side, the broader question is, is the software portfolio, excluding SD-WAN, is it enterprise-ready? And so the genesis of the question is the SecOps and the SASE solution, again, excluding SD-WAN. As an example, you talked a lot about SASE and you talked about going through service providers, which, by definition, is going to small and medium business, not to enterprises. And so typically, the SASE solution that might be relevant for small and medium business is typically different than it might be for enterprise. And so again, Lacework is still an emerging -- I think there's some R&D you're adding to it. But just broadly speaking, as you're thinking about this yield opportunity, is the non-SD-WAN portion? Is it enterprise ready?

Well, absolutely. So I mean Fortinet U.S., like the core has been built over the last 24 years through organic engineering, which is deployed in everything from, like you say, small business all the way to telco, data centers and high capacity environments, right? And these have been organically integrated in like a planned fashion with the ASIC as well as the software working together for that entire lifetime. So from that point of view, the software is very much enterprise ready from both the software running as well as the management layer. And then when we go to SASE, it's really taking that same core components and being able to run them in cloud environments as well.

I want to push back, I still think large enterprises, we're going to buy at [indiscernible] , we're going to buy our SASE solution because it's relevant to that area. And we're going to buy our endpoint because it's relevant to that particular area, and it's a bake-off based on that. And I'm just trying to understand whether you will win in those solutions. I get that your management layers, frankly, probably better than everybody else. But on a stand-alone basis, when you're going head-to-head in the enterprise, I think it's -- it's a hard conversation.

Well, I think the sales can comment, but when we go into POCs and makeups, this is really when we tend to shine, right? It's -- it doesn't go to POCs...

70% of my business is in the enterprise.

The way we're seeing deal -- I mean, to your question, where the rubber meets the road is our enterprise is buying. We see 7, 8-figure deals in SASE and SecOps. So we see -- we compete very, very well. I think if you look at -- we talked about it earlier, the focus on SD-WAN starting in 2018 and then the success we had, we've had a lot of focus on SASE and now SecOps as well. And so I think when we focus on something, it really kind of reaches that success point pretty quickly, and that's the plan.

Okay. I give you a customer lens to that, maybe that will help solve some of that. But typically, when we meet with CIOs or CISOs. I think point solutions were the thought process. And what you're suggesting is, as they come in and you have to do a bake-off and it's going to be against the point solutions and the best of the best of the market. That has changed dramatically in the last few years. I would say the approach is more about looking at the organization holistically. So looking at the security posture and understanding what's going to be effective, time to detect and time to remediate is extremely important. I gave the example of the Fortune 50 customer that has 200 different security solutions. How in the world do you manage that? How is that effective? And so that rationalization process is real going from 200 to 60 in the enterprise is a real problem. There's shelfware, there's all kinds of tech debt. There's just a number of things that happen inside of these environments where I think it's changing the mindset of point solutions versus platform. Now will you have more than 1 platform? Potentially. That is possible -- John and I talk with customers and it's about resiliency. So you're going to have 1 or you're going to have 2. We're hearing more of that, right? And that gives us some tailwind there.

Well, clearly, consolidation is a trend. So that's your friend. Keith, a question for you is I think many investors are looking at 2025, and we're trying to understand the shape of that. But the most nearest relevant point is 2022 where you had a pretty healthy upgrade cycle. And so a lot of investors are looking at the dollar of revenues you added in that year and trying to super impose that on to 2025, yet trying to distill that down in 2022, you also had a lot of net new buying. It wasn't just upgrade. And so is there a way that you can -- without asking you how you're going to guide to 2025? Is there a way that you could just at least help us understand the dynamics of '22 and what was the impact of upgrades versus the impact of net new, any way to peel that onion apart to give us a reference point on '25?

Yes. I'm excited about 2025 and that I don't have anything really lumpy that's going on. There's no more supply chain. There's no more inflation, et cetera. And so we kind of get pure compares. Unfortunately, I'm now back looking at 2022 that had some unusual things in it. One is we have the ALAXALA acquisition, which was a $150 million switch company. And so you're getting inorganic growth in that number. If I recall correctly, 2022's product revenue growth was 42%. And if we were running previously at mid-teens to higher, maybe a little bit higher normalized, I mean, maybe that's a good data point to kind of keep in your head. I think one aspect about that is the fact that, that -- while those products end of service in that cohort in 2023 that Christiane showed on the chart, you really saw the impact earlier than that in some way, but it's -- we're like you, we're trying to understand how much of that was early buying because of the supply chain, which was certainly significant in 2022 versus how much of it is this cohort. And I can't give you a great -- I mean you're asking the right question, but I don't have a great number behind it.

All right. Over here. Adam Tindle, Raymond James. I wanted to ask, you had the slide on billings mix in the 3 major areas, and you showed the CAGR relative to the market, couldn't help but notice SASE was the lowest spread relative to the market? So first question for Ken. If you were to maybe qualitatively look at your SASE product, how would you say it's most important to close the gap or widen that spread, I should say? And specifically, you talked about 1/3 to half the cost when we own. I'm wondering if it makes sense to more vertically integrate your SASE solution and own the points of presence? And for Keith on that, I think the free cash flow margin targets were maybe a little bit light relative to what investors were expecting, and I know we have high expectations. I wonder if any of that is associated with some of the CapEx in -- to build out the SASE platform or any other bridge you could help provide on free cash flow margin targets.

The number like half one of cost is really compared to colo costs. And also if you compare to the cloud cost for all the SASE data center, probably only 10% to 20% cost. That's where we're keeping built our own infrastructure. And so that's really for the long-term player to be very -- eventually have the cost advantage compared to other SASE player which I don't see none of them building their own infrastructure because it's really a long-term investment, you'll probably see the return in 5 to 10 years, which we already doing this kind of investment probably 10 years ago. On the other side, it's really the strategy of SASE we changing from 1 year ago. Before 1 year ago, we always want to go SASE with a service provider, and that's where we don't mark directly our own SASE solution. We feel which may be a little bit confident with the service provider when they're using their own infrastructure. We give them a product the offer SASE. Because I remember, 15 years ago, when we IPO, the carrier service provider is the biggest our market sector there. It's about -- over 30% of business come from carrier service provider at that time. They do all these managed security service mostly on the fire VPN. But now they have to, say the last 15 years, they are starting falling behind. There's a lot of new security service needed by enterprise, including a lot in the SASE, DLP, CASB this kind in. So they are not offer that one. We feel the SASE if we support and then they can catch up. But like I said, they are kind of moving kind of slow we're still working more closely with them. That's the reason we started more market directly ourselves 1 year ago, and then we see the ramp up very quickly. But also, we still want to support a service provider. We also want to keep in building our own infrastructure, not just for SASE and also for a lot of other service that we have. So we feel that eventually also give us more advantage over other competitors. So that's the things behind.

Yes, maybe I can add some commentary to the CAGR. If you looked at that pie, half of it was SD-WAN right now. And SD-WAN has suffered from the same issues that switching and APs, the whole networking industry, everyone bought a bunch of it, and it went down. I think that will come back eventually. But we didn't give it. But if you look at the growth rate of SSE then everyone gets confused about SASE and SSE, et cetera, that was much higher. So I would say it probably got brought down a bit by the SD-WAN components.

Your question about free cash flow. And yes, I mean, we are holding back. Not dollars have been earmarked specifically, if you will, but are set aside for us to continue to build out the infrastructure to deliver the SASE and the SecOps solutions absolutely. I think one thing that we've seen here, there's a bit of a trade-off as we make those investments in the infrastructure to deliver those solutions, our math always comes back to the ROI longer term is supportive of doing it yourself. And what's interesting about that is we've been doing it for an extended period of time now. We've talked about it for several quarters, if not a few years. But as we've added the SASE and SecOps solutions to the mix, you've not seen a degradation in the service gross margin. So we are using that -- those investments, using our own technology and our own facilities to try and offset some of those start-up costs that you would normally expect in those new solutions and I think doing so successfully.

This is Shrenik from Baird. Great presentation, really useful disclosures and help kind of breaking out the segments. So Ken and John, you guys talked about expanding the portfolio with the Laceworks CNAPP and Next DLP and that helps you tap into an additional $20 billion TAM, which is pretty meaningful. So just wanted to get a sense in terms of how you guys view both Lacework and DLP, specifically shape the growth trajectory both near term as well as in light of the medium-term targets, which is about low double-digits CAGR. And then I have a quick follow-up for Keith as well.

I think the CNAPP definitely part of our future growth and in the SecOps and also the DLP, both in the SASE and also kind of also kind of we sell separately. So we see the total addressable market, like I mentioned, $20 billion is pretty big. But for us, we do have an internal developed technology and also we'll be working together with the new team, new technology integrate together and at the same time, some of them also will be built into the SASE like DLP. I think we really like the team and also kind of the technology they build is pretty strong. We're still in the process to try to integrate better. And at the same time, is a huge potential. We also try to see how we can leverage all kind of a convergence kind of a way to deal with all this merger and acquisition compared to most of our competitors when they acquire keeping separate platform. I call it more kind of the divergence way, which they end up as so many different kind of a platform. So that's the process. We still need some time to keeping go through it because like I said, eventually, customers will prefer easy to upgrade, easy to migrate to the next stage of security. So that's where we feel the technology CNAPP also the DLB is very important. And some of them will be eventually part of the FortiOS, part of SASE. Some of them can be stand-alone, and then we'll see how that ends up, but it's really making some of the part of FortiOS very important for us.

Got it. Just very quickly for Keith. On the margin's target, right, of course, you highlighted more near term, there's a headwind from Lacework, an increased go-to-market investments. Just wanted to get your views on from the medium-term targets perspective, how should we think about the increased investments on the go-to-market side but also further M&A potentially and how that into the overall margin targets?

Yes. I think we've talked in the August earnings call, we talked again in the November earnings call, and we still believe that there's a solid business case for continuing to invest in go-to-market above what we have at this point. Sales capacity. I think, actually, we feel good about sales capacity, although there is a simple math to add more people and you add the top line. But I think there are -- as you hear the different needs, if you will, from Pedro, his geo versus Joe in his versus the U.S., I think there's certainly opportunities and John said a lot of things on very targeted marketing programs there, that we'd want to explore as we go forward. And I think that, that -- those midterm targets anticipate that. I'll let John Whittle talk about what's on his shopping list that I don't know about.

So from an M&A standpoint, we consider a competitive differentiator that we develop mostly organic. You mentioned CNAPP. That's an interesting one because it was an acquisition but Lacework had the same philosophy. They developed it organically, so versus some of the competition where they piece together their CNAPP solution based on a number of acquisitions, we see -- we saw Lacework winning against those competitors. So I think we'll continue the organic focus from an acquisition standpoint. We're going to continue to look for areas that will add value. But we will always tilt towards organic development over the acquisition. We'll keep our flexibility there. We'll see what comes down the pike, but that's definitely one of our competitive differentiators in terms of developing technology organically that works really, really well together on an integrated basis.

Gray Powell, BTIG. Adam more or less had my question a couple of minutes ago, but I just want to make sure that I understand the data center strategy correctly. Are you all building -- like are you physically building your own data centers or building infrastructure in like an Equinix or Digital Realty facility? If you're building your own, I'm just curious like why would you go down that path because it is expensive and like pretty much every major cloud provider is already in like a third party like a network-neutral type data center like Equinix. And then just a follow-up question. As it relates to the midterm targets, that adjusted free cash flow number excludes the real estate investments, right? So like how should we think of backing out some form of real estate investment to get to like a fully loaded free cash flow?

It's a great question for the data center because there's a lot of kind of related question in the last 10 years since we started acquired some real estate. I think for us, really not just a data center but also when we acquire some real estate, we also can building the EBC and also different than a lot of cloud providers or colo, colo they just provide all this facility, then you have to build your own server whatever. So we have actually a few differentiation. One is really, we have the technology in the data center, like a Fortistack we mentioned we can use. We use ourselves also can leverage the customer to use in our one to replace certain like virtual machines and some other things there. And the other part also, we build data center very close to the customer because we have also the engineered resource in the security space. Cloud provider or some other colo they don't have. So that's where helping customers like whether service provider or some big enterprise doing that. So the security expertise we have actually is a huge advantage compared to other colo or whatever they just offer you the rack, you have to field the server, you have to do all the software, all the other things. So that's the expertise we have. And then on the other side is really the additional service addition, all these kind of things. I think that's where from both the cost advantage side, which we feel whether we're using colo compare our own data center, probably half or 1/3 of cost or compared to a cloud provider, they usually charge like 5 to 10x more expensive compared to what we have. But we are not going to compete with cloud provider colo for all the number of centers there. We see probably will be 70-30. So maybe 70% traffic we're using our own kind of facility have the own engineer to handle to manage that. And the other 30% because in the location, we feel will not make an economic sense, we'll probably not build ourselves. So we probably will leverage whatever the colo or whatever the cloud provider have that. And so that's the way we feel we have a better advantage, cost advantage, resource advantage compared to other SASE player or cloud provider or some other one offer the similar service there. So that's where we leverage what we have, whether in the big customer base, the big installation of FortiGate and also the FortiGate device itself can be used for the SASE for the SD-WAN in our own data center compared to whatever the other competitor we feel building our own from our calculation, we have more advantage going forward. But the initial investment, I would say, probably will take about 5 to 10 years to payback. So some quicker side, we probably take 3 years to get payback. -- but some other will probably take 5 to 10 years to pay back. But after 5 to 10 years, it's a huge advantage for us.

Yes. I think the -- we probably use the term data center a little too liberally because the conjures up something that millions of square feet at each individual facility. What really Ken is talking about is, I think, is there are data centers that we have, obviously in Sunnyvale and 1 in Texas and 1 in Europe. But you're really looking for the satellite delivery areas. And oftentimes, they're in the same place as an office building, where we have engineers and salespeople. Keep in mind, there's some natural gating items or limitations in terms of how big those "data centers" could be all the PoPs, if you will. You've got power availability, you've got connectivity, you've got weight on the floor, et cetera. So this is not something that would conjure up, it would be a competitor to Azure or something like that. I think when you look at the cost profile, we do on SASE, we offer customers their choice, if you will, depending on their traffic needs. They can go to Google, and we can -- as a fee for that or a price point for that, whether they can use colos or our internal systems. The price differential is because of the cost differential is massive. And as an effect, while we're really pleased that we have the Google partnership and have satisfied that marketing requirement about how many PoPs do you have that we kept hearing about for a year ago, the reality is a very small amount of traffic, we see customers opting for that cost structure.

Yes, that's also like Keith said, it's really because that's also not just for the data center but also for the training center and for the customer demo DBC and also for supporting center. So that's why if you -- the other way to look at it if you compare the rental costs compared to a similar size of our company and other competitor, we probably have the cost. Because we own all this kind of facility. And the cost saving we got like a couple of hundred dollars per year, we're using that money to keeping invest in new facility. So that's the way we're keeping growing that way. So I think in the long term, we have much more cost advantage, both on the facility like office, supporting center, training center, but also on the data center there. And plus, we have the people local, both supporting people and also the engineered people local there can handle some of data centers, some of the customers supporting, some of the training. So that's actually kind of the hub without the data center, the engineered resource, the training support all there together, just like a Friday, we are opening -- building in Atlanta is a central hub for a lot of this combined together.

Not to mention the testing as well. We use those infrastructures for testing doing POCs for our customers.

Saket at Barclays. Very helpful detail. Christiane, I wanted to ask a couple of questions of you just around sort of the upgrade cycle, right? And some of the assumptions that go into it. So one assumption is just around form factor, right? So I'm curious if you could just talk about -- are we assuming that everything that was bought is appliance before -- as hardware appliance, right? Just is refreshed as a hardware appliance? Or is there any sort of assumption we're making on software form factor, right? That's maybe one assumption that I'm thinking about. The other one is -- and you correct me here if I'm wrong, I think we said $400 million to $450 million in sort of product yield, again, correct me there if I'm wrong. Prices obviously are a lot higher now than they were when they first bought it back in 2022. What are we sort of assuming on prices around that/discount levels? So those are 2 assumptions, just.

So I think the key question is in the upgrade cycle, are they upgrading to the next device or are they downgrading to a device that can do the same capability with because the technology improves, right? So that if you have a model 60E and if you go to G they can do a lot more. It's not so much more price or they going to 50G. So I think it's a question of what is the customer doing? Don't forget we have about 40% in SMB. They may not need all those capabilities. So it's really -- what we modeled as a kind of like-for-like and knowing that some of the like-for-likes are going to be one model below what they may have had, which I think is quite realistic. How much is a replacement going through software. I think software is an addition. I don't necessarily see it as a replacement if you're in a small office. I think you've had a FortiGate before. You will probably buy a FortiGate again and not necessarily go to VMs. And where -- this is why we presented the VM attach in large enterprise. Large enterprise very much has a multiform-factor strategy, and we see that today a pretty big well.

This will be our last question.

Andy Nowinski with Wells Fargo. I just want to start with a clarification on end of sale versus end of life for the refresh cycle. I think Christiane called it end of sale. And maybe on your earnings call, you talked about it as end of life in some of those appliances. Meaning customers have to refresh, they won't be able to run the firewalls in 2026. So can you just clarify end of life? And did you announce an end of life on that prior refresh cycle?

End of life comes 5 years. So end of sale comes 5 years before end of support. And with end of support, you technically -- you can still run your FortiGate, but you don't get new upgrades. You can't get a support on track forward anymore.

So you're not necessarily forcing an upgrade or a refresh next year. Okay. Thank you. And then second question, just it sounds like SASE is really tightly integrated with the firewall. I mean, does that give you an advantage over competitors like Zscaler that do not have a firewall or don't have that captive firewall installed base to sell to? I'm just wondering really if your win rates have really changed against the vendors that don't have that firewall installed base.

For sure, you can use in SD-WAN example. So SD-WAN part of FortiOS, you can see the way we take up SD-WAN market share so quickly become #1 just in a few years. The same we feel SASE. So we have about be part of the Fortinet US. So if customers are already using our firewall already SD-WAN they can very easily to adopt the SASE -- FortiSASE quickly, just even an upgrade can we just take a few minutes. So that's very different than the other competitor that keeping talk about sales cycle, probably take about 18 months for us, if they are an existing customer, they can very easily adopt the SASE just like they did on SD-WAN space.

Okay. So that concludes the Analyst Day. Thank you all for being here. For those of you in person, we have special Fortinet branded jackets for you to pick up on your way out.