Fortinet, Inc. (FTNT) Earnings Call Transcript & Summary

All right. Fantastic. I think we have critical mass. I'm going to kick off with our disclosures and Fortinet's disclosures as well, and then we can open it up. So we are required to make certain disclosures and public appearances about Goldman Sachs' relationships with companies that we discuss. These disclosures are available in our research reports and available to you as clients on our firm portal. Christiane, over to you on the safe harbor.

Yes. Good morning, everyone, and thank you for joining us today. Before we begin, I'd like to remind everyone that we may make forward-looking statements during today's fireside chat. These forward-looking statements are subject to risks and uncertainties that could cause actual results to differ materially from those projected in these statements. Please refer to our SEC filings in particular, the risk factors in our most recent Form 10-K and Forms 10-Q and to other reports that we may file from time to time with the SEC for additional information on factors that may cause actual results to differ materially from our current expectations. All forward-looking statements reflect our opinions only as of the date of this presentation, and we undertake no obligation and specifically disclaim any obligation to update the forward-looking statements.

Fantastic. Well, thanks, everyone, for joining us this morning, and particular thanks to the Fortinet team with us on the webinar. We had decided to run this event and pull forward essentially part of our September conversation at Communacopia because of how much volatility there was post the earnings report. And so we have some questions that essentially dig into the firewall refresh, dig into Fortinet's longer-term opportunity with the goal of being able to answer how should we as analysts and as investors be thinking about growth from cycle to cycle in any given year. We will not be taking live Q&A, but there is an opportunity to ask questions in the Q&A box. What I mean by that is if you have a question, please do pop it in the Q&A box, and I will ask the Fortinet team as we go where it makes sense.

Good stuff. Well, with that, Ken, Christiane, thanks for your time today. I wanted to start on 2Q. So maybe just level set us on the quarter. We have all your prepared remarks from the earnings call. If you were to put it simply, where do you think things went better in 2Q? And where do you think things may be disappointed relative to your expectations?

Yes. Thank you for hosting. Actually, last quarter, we are actually pretty happy with our results. So we beat both on the top line and also achieved record margin. And especially the area we see whether in the unified SASE in the AI-driven Secure Op and also the OT security all grew over 20%. And yes, the momentum is very, very good, especially in the enterprise side. You can see in the enterprise, the deal over $1 million, from the dollar value, we achieved over 50% year-over-year growth. And the deal -- number of deal over $1 million, probably like a 29% year-over-year growth. I think that's where across all, I think it's a pretty good execution result. The only thing I look at internal, we probably can [indiscernible] a little bit more aggressively. So that's where we believe besides the technology, all the good product position, if we have additional sales capacity, that definitely can drive even more growth. So that's the area we feel we will keep improving.

Yes, absolutely. I want to come back to that sales capacity comment, but maybe let's spend a few minutes upfront on the firewall refresh. So Ken, you've seen firewall refresh cycles through many, many years now. Tell us a little bit about this 2026 cohort. Why was this a cohort that you wanted to feature at the Analyst Day? What is unique about 2026 relative to some of the other cohorts?

Yes. Maybe I take this question. So the refresh is part of our normal business. So there's always a run rate of refresh in our business historically. And so there are different reasons for the refresh. Typically, it's technology. Sometimes products are used longer and then they reach end of life. But again, it's a technology upgrade. Why did we feature the end of support cohort? Because it's a lot of products across different form -- not form factors, but different sizes. And so it impacted our overall business in all market segments. And we thought it would support our thesis that we can continue to grow, especially if you look at the previous year where after COVID, we didn't have as much growth. And so it supported our stance that we will go back into a growth mode and expand not only with our existing customers but beyond.

Yes, absolutely. Okay. So tell us a little bit more about your methodology. How did you calculate the number of units? And how did you calculate that dollar amount that's associated with the 2026 refresh cohort?

So I think the tricky part is that we don't have full visibility, and we've always maintained that position because we sell through a 2-tier channel, and we have customers from SMB to large enterprise. So where we draw our insights from is often from enterprise, but everything that happens in the lower end of the market is more channel-driven and they have the insights. So when we looked at the cohort, we looked at what was still available to us as registered units. And because we didn't know what was going on with these units because a larger number is in the lower end of the market, we tried to validate this cohort by looking at what was still pinging. And when we said pinging, we kind of qualified it with -- it showed signs of life. It is still available. So as a result, we thought this is a great number of devices and associated customers that we as well as the channel can go back and sell more or replace these devices. And as we said, we've calculated the value with an assumed replacement value to us. But what we did not know exactly is when these replacements happen and also whether these devices may have been replaced already. So that's where the uncertainty came in. And we've always qualified the uncertainty that we don't have full visibility except for in the enterprise space.

Yes. Okay. So maybe just a clarification here. How -- what is the scenario where a device would be pinging and showing signs of life and being available. But in reality, it's possible that the device was already replaced. How does that happen?

If you look at our 2-tier distribution model, we sell into the distributor. And it takes a while until the distributor receives the goods, sells it to the reseller and then it gets to the end customer. So there could be easily a time lag of a quarter, 2 quarters or more and then the customer needs to deploy it, and they have time to deploy it. So while we still see devices that are online, a customer may have already bought a replacement device, which in the lower end of the market is hard to quantify. In the higher-end market, and I talked on the call sometimes about enterprise agreements, we have better visibility because these customers -- the enterprise customers are also more likely to decommission devices they don't use anymore.

Also, the average 5-year refresh also can be easily confused with the end of service, which lasts normally after we stop shipping the product. 5 years later, we say, if there's some new whatever functional upgrade or fix, whatever, we should no longer support because product had to be like designed 10, 15 years ago. So that's what happened in 2021, end of 2021. From beginning 2021, you have -- we usually keep about 6 months inventory. Then end of 2021 because supply chain issue, everything from excess inventory to our backlog because if you look at last year, the product revenue grew like 30%, 40%, right? So that's where when some products supposed to be last additional maybe a couple or a few more years because some old products have some long tail. And then suddenly, because no inventory anymore, we say, okay, let's just announce end of service. That's making some kind of jump. But I have to say in the field, a lot of time, the refresh and end of service starting very confusing because a lot of customers when they deploy, sometimes they deploy in some different scenario, some just basic networking, some firewall, some additional security function. And also because our tech service also increased, sometimes they have like a multiple layer protection and they cover different part of infrastructure. So even some old device supposed to be end of service, they may be still in use. So we feel whether tracking refresh or end of service may not be the best way to reflect what customers really need, what do they really buy going forward. I feel the bigger drive probably more like a new function technology, better infrastructure, different like working from home, ZTNA, all this probably will be more better way to drive the customer buying instead of tracking how customers being used or what function or kind of how old the device. That's probably caused some kind of confusing. That's our understanding.

Yes. Yes, this makes sense. Okay. So I want to close the loop on 2 comments from the earnings call. Christiane, one was your comment that we are 40% to 50% through the 2026 end of service upgrade cycle. Understanding all the caveats on you don't have perfect visibility, tell us how you arrived at that conclusion and why those numbers are meaningful?

So I think they were meaningful in a way that so many analysts were so focused on this upgrade cycle as a growth driver versus looking at the overall growth drivers for Fortinet. And so the way we arrived at it was in a similar way as we looked at the cohort, right? But we focused on what is still pinging, which doesn't mean, as what Ken just said, that there aren't more out there that can be refreshed because they are used differently. But overall, that's what we see, and that's what we updated on.

Yes. And so to the extent you're willing to share, you think it's a relevant question, the original $400 million to $450 million revenue opportunity that you talked about, Ken had also said on the earnings call, well, it could be less than 10% of product. So if we connect those dots as analysts, my takeaway was, well, actually, the original number was probably overstated. So maybe tell us, would you agree with that conclusion? Or is there another way that we should be looking at it? And how do we think about the right size of the opportunity today, understanding that there are a lot of other things that we'll talk about that are drivers of growth?

Yes. So I think how to think about it is that the recognition of that amount is probably over a longer period and may have started already earlier. So that -- our understanding of when customers refresh is not perfect. And so I think that's what we need to understand that we don't really -- that we cannot easily quantify while we are still pursuing the opportunity. I think it's important to understand there's always refresh. We need to make sure whatever the reasons for refresh are, our channel partners need to have visibility into what customers use and what the ability is for them to upsell or replace. And so that's what we are still extremely focused on that we can continue to replace, upgrade in our customer base as well as deploy new use cases.

And Christiane, your comment on 40% to 50%, that already takes into account your learnings from the past 2 quarters where perhaps you've gone to upgrade an end of service unit and found that actually it wasn't really eligible for upgrade because of all the reasons we've already discussed. It may have already been upgraded.

Yes.

Yes. Okay. Okay. So maybe then talk to us a little bit about the 2027 cohort because we've talked about 2027 also having a volume of business associated with end of service. Having already discovered or having all the learnings from the 2026 cohort, how are you now thinking about the 2027 cohort?

I think it's important to understand that this is even harder to estimate because it's a lot of low-end units. And it's only one model that's going end of support. So I wanted to make sure that the community understands and our shareholders and analysts that this is a large number of units that gives us the ability to talk to customers, but value-wise, it's not a lot of product revenue because it's the lowest -- low end of the FortiGates. And I think that's -- because there was so much discussion around the 2026 cohort, which was more significant from a value perspective, we needed to make sure that everyone understands that there is not a second wave from that perspective, but there is a second wave or another refresh opportunity that's baked into our base from everything we've sold in previous years. So refresh isn't going away. The question is what is driving the refresh, what is driving the upgrade.

Yes, yes. And so then tell us a little bit about your conversations with the 2021, the 2020 -- I think it was 2020 and 2021, maybe some quarters in 2022 where you had really, really healthy product revenue growth. Tell us a little bit about your conversations with those customers, particularly at the high end, maybe where you have more visibility. When do you think those customers will start contributing to the refresh cycle because they have 2021 era boxes that are ready for refresh, independent of any end of service?

It really depends on the use cases. The more secure -- the more customers use these for security, the higher the likelihood that they will look at upgrades with all the SASE deployments, all the security needs, all the -- I mean, Ken can talk to the technology improvements that we've done over the last 5 years more than I can. But we see a lot of interest in securing the edge. And then OT is a big other use case and driver for that cohort as well.

Yes. Example, like in the retail space, you look in '21, '22, the growth like over 100%. The reason like when they worry about certain supply chain, worry about maybe the price may risen, sometimes they buy ahead of time. And also, the retail, like each branch office has some one or low mid-range FortiGate, they're probably more heavily used pretty much with all the function and both networking, security, all these kind of things. So when you're heavily using some of our Forti -- using all these devices, they're probably more close to the 5-year refresh. So that's why like Christiane said, it depends on the vertical, right? So sometimes you deploy in some different area, whether to do some internal segmentation or secure certain [ IT/IoT ] OT area, that's probably sometimes can last a little bit longer. Sometimes they even have a multiple layer protection. That means sometimes old devices as long are still working, they may still keep in there, then add on top of that additional security layer. So that's making a little bit difficult to track by vertical, by the use case. That we feel we probably no longer want to track all this. We more want to sell customers what's the best new function they needed, what's the best solution to address their issue instead of helping them -- how old your device is over there.

Yes. Yes, absolutely. So I want to hit a couple of questions from the audience here. So is there a risk that there has been a change in your market share positioning at the low end? Meaning is it possible that the refresh opportunity tied to the 2026 cohort is smaller than you expected because of market share changes?

I believe our position even enhanced. If you look at the competitive landscape, so we are a very clear leader, whether in the secure networking, all this kind of branch solution, all these things. The smaller players get smaller or even disappear. Some other bigger players try to shift into software cloud solution. So we do believe our position with our technology like FortiASIC and all the additional function like Unified SASE, all these things, our position really improved. And that's compared to 5 years ago, we feel probably feel very, very comfortable we're keeping growing above the market, keeping gaining market share, not only in this low-end branch solution, but also the overall secure networking and also overall Unified SASE area.

Yes, absolutely. And we touched on the second question here on the earnings call, this idea of excess capacity. More specifically, is it possible that parts of the firewall refresh cycle are being driven by customers realizing that they had too many boxes, essentially customers realizing that they actually need fewer firewalls and the end of support process highlighted that fact. Ken, you had started talking about this on the earnings call. Maybe a few more comments here would be really helpful.

So if you look at the firewall function alone, that may be the case. But in customer use case today, they need more function beyond the firewall. That's why we have this called the new generation SASE firewall. So in today's environment, with all this new ZTNA approach, remote work-from-home approach, customers need more function beyond the firewall. So that's where you have to add like DLP, the CASB, the WAF, the SASE, all these things. So that needs a lot of additional computing power. And not only the network speed could be increased and then there's more connection connect to OT/IoT all this device, but also because of additional function needed, they need much more computing power. So that's where we see drive the growth. And the old device cannot handle all this new function because they have very limited computing power to add additional all this DLP, all this kind of secure computing. So that's really drive the customer want to upgrade because if they want to have the new function, whether the new SASE function, some other function, they probably need to upgrade to the newer device, give them much more computing power, leveraging new FortiASIC technology.

Yes, yes. Okay. So I want to come back to -- there were a few comments earlier talking about visibility. And I'll ask this question as a 2-parter. One is, how is your channel, your partners, your distributors, how are they engaging with you now on the refresh? And what has the response been to some of the comments that we've heard over the last 3 months on the opportunity perhaps being smaller? And then very much related to that, are there steps you can take as a company to tighten up the reporting between the support system, the distributors, the resellers to essentially give you more visibility in the forecasting process and give your partners more visibility?

Yes. Actually, we are probably not trying to focus on this refresh or this -- we're more focused on what will be the better solution for customer.

Yes.

That's the new generation SASE firewall, that's how an additional security can customer better secure all this infrastructure. So that's probably because the focus we have and then that's driving the additional growth, whether you can look at whether the Unified SASE, the AI-driven Secure Op and also the OT/IoT solution there. So that's the customer needed right now instead of just try to focus on some old device.

And as Ken said, so in order to enable our channel to upsell the customers, we are trying to make sure that the channel understands the installed base of what they have. So we are working on more tightly integration beyond just the sale.

Yes. Yes. Well, maybe this is a good time to come back to Ken, one of your opening comments, which was, we could be investing more from a sales capacity growth standpoint. And clearly, we saw in the market all the overperformance on operating margin last year. And I think you've been consistent in messaging part of that margin will go towards investing in sales capacity. So give us an update on how you're planning and how you're tracking for sales capacity adds this year and what that means from a [ ramp to rep ] standpoint?

I think right now, we are trying to more directly engage with the customer, try to understand how their security -- network security need is. That's where we need a lot of additional sales engagement. Last, you can see the growth in the enterprise sector. So most of the time, you do need the sales and also the field engineer working directly with the customer. So we feel we are a little bit behind on that part. So we try to grow that one because I do believe the sales capacity kind of more directly linked with the top line growth. We have a super technology, very differentiated technology compared to other competitors. So we definitely will keep gaining market share, keep improving the efficiency. But on the other side, compared to some of our competitors, our sales capacity, especially in U.S., is still less than half of some of our major competitors. That's what we try to increase.

Yes. Yes, very helpful. Okay. So I want to come to SASE in a little bit more detail. So you talked about the new gen SASE firewall. I'm getting a few questions from the listeners from the investing base on how to think about SASE. So a couple of questions embedded here. One is, how are you seeing SASE deployed at the branch level versus the physical firewall? To what extent can traffic be offloaded from the physical firewall to the SASE deployment? And maybe as part of this, we can talk about new gen SASE.

Yes. I think we believe long-term-wise, SASE just part of the gateway function customer need. It doesn't matter whether certain application, whether in the cloud or they try to protect the branch office or try to secure internally. You can look at the network security history like 20 years ago, the intrusion prevention kind of starting to disappear once that function being integrated into the firewall. Even like 30 years ago, when I started my previous company, we integrated firewall VPN together, then no longer the company only do firewall VPN, they all started to integrate together. That's the approach. And then like 10 years ago, when the sandbox function being integrated into the next-gen firewall and then that stand-alone company also started to disappear. And the same thing for whether the WAF or some a lot of other things. So I do believe SASE, a lot of SASE function there, like whether the DLP or some CASB [ other things ], once they've been integrated into the hardware platform appliance, then a lot of customers have the flexibility. They have -- if customer choice, they can -- whether using a cloud deployed solution or on-premise deployed solution, whether they can process all this data in the cloud or on-premise. So that's the advantage of all these functions, SASE functions that integrate in the same OS and also can use in the hardware ASIC to accelerate all this processing power, computing power there. So that gives the customer flexibility and especially in certain enterprise or certain country, whether they call the private SASE, sovereign SASE solution there, they really want to keep the data processed locally. At the same time, like if you work from home or if you want to protect your home appliance or branch office and the same thing for like connected car, you do need to protect all the kind of home or branch office or connected car itself, especially in the OT/IoT area. So a lot of device also need to get protection instead of just try to get everything to the cloud to secure from there. So that's why I do believe the hybrid approach is a long-term solution. The only issue is right now, SASE do need a lot of additional function computing power. That's making most other competitors, they cannot really put all this into the same OS using ASIC to accelerate. So that's the limitation some of the old technology, old OS has. That's where we believe we are the first one who introduced the SASE firewall just like 25 years ago. We are the first one introduced the next-gen firewall UTM with firewall VPN intrusion prevention, all integrated the same OS. So we do believe now is the time have all the SASE in the same OS, give the customer flexibility how they want to process the data with all the SASE function, whether in the cloud or in local layer. So we see very, very good adoption, very, very good like growth and the customer pretty happy about it.

So I think this leads nicely into a question on deal sizes and unit economics because one of the points that you're making here is that the amount of functionality that the customer buys from Fortinet goes up. So I think this question is for both of you. Could you talk a little bit about the unit economics of an SSE product versus a firewall equivalent? If the ASP on SSE is around $40 per user per month, is there enough margin in SSE to replace the firewall margin as customers upgrade? Now I think, Ken, what you're alluding to is you may actually keep the firewall in certain instance and add the SSE as a complement. So I would love to get both of your comments here. Anything on deal sizes, anything on unit economics?

I think the SSE per seat is additional on top of what we already have, whether the traditional firewall, which we will sell for the bandwidth all the things there. So that actually give customer additional function, protect additional attack surface. That go beyond. At the same time, like use SSE, you can more access by application and also can track in the data inside the application. So that's the additional protection customer got, but they are also keeping the traditional firewall network function there. That's what I keep saying from the beginning, sometimes they start to have some layers of the protection, right? So some will protect the traditional access from the firewall side. Some maybe just add additional function, how to do the ZTNA like tracking per application and also the DLP tracking, how the data download, all these kind of things there. So that's the additional protection combine both the networking and endpoint together. So that's how this solution come up like in the ZTNA environment.

Yes. Yes. Okay. I want to bring some of these points together in a discussion about growth rates, and then we can also spend a little bit of time on M&A. So the long-term target from the Analyst Day is to grow revenue at over a 12% CAGR over the next 3 to 5 years. Your 2025 number, your estimated guidance for the full year is for 13%. So maybe just wrap some of these points together. For 2026 specifically, it's too early to guide, but help us understand directionally how to think about drivers of 2026 product revenue growth, excluding any impact from macro. So what are the scenarios where 2026 revenue growth is stronger than 2025? And maybe we take it as product versus subscription separately?

Yes. So I look at this one, the reason we gave above 12% is if the market grows 12%, we do believe we'll keep gaining market share. We grow above the market growth rate. So the 12% has come from the Gartner, say, the next like 4, 5 years. The Secure Networking will grow probably about 8% and then the Unified SASE maybe 18%, then the AI-driven secure op probably like 10%. So that's where you can look at each segment, secure networking, definitely, we are the #1. We also have very different technology from our own ASIC and all these combined networking and security function together. We believe we're keeping gaining market share there. The same thing for Unified SASE. Secure networking basically is probably like 65% of the market right now. And then the Unified SASE, second biggest one, is 24%, I believe. So we also grow faster than the market because we are the only unified SASE in the same OS and also leverage our big customer base from firewall, from SD-WAN, our customers adopt Unified SASE much quicker than any other competitor. So we definitely will grow faster than market. And then the same thing, you can see the secure op. We also grow much faster than market, actually grow like over 30%. So that's all these 3 combined with the market assumed to grow 12%, we're very confident we will grow above market in the next 3 to 5 years, above 12% with the market growth. If market grows faster, we feel we can also grow faster. If the market is slow, we do believe we'll continue gaining market share because we feel we are much better than any other competitor in each of these 3 segments.

And I mean, I think what are the specific growth drivers, right? There is still -- OT is still growing, and we are clearly a leader in OT and have been recognized and OT consumes also a lot of hardware. So that helps the product growth. We have specific OT subscriptions that helps the subscription side. We just started the SASE journey 2 years ago. And I think as you heard from Ken, we have so many advantages. It's going to take a while until customers go on the journey with us because sometimes we need to displace vendors. Sometimes it's a new -- in the lower end, it may be new functionality for them, but there is tremendous growth opportunity. So we feel very comfortable with our targets that we've given out there. And billings is kind of a leading indicator for revenue, right? So I think as you've seen, we've done well in half year 1. We exceeded our targets, and we guided up for the rest of the year. And so we believe that this is a good indicator for continued growth.

And Christiane, on the subscription revenue in particular. So subscription revenue has been decelerating for 3 quarters now. I think you mentioned specifically some churn in the Lacework acquisition in the first half of the year. Maybe just clarify for us, do you feel like you've now got to the point where churn tied to Lacework is stable? And it sounds like what you're messaging here is you have more opportunities to engage across things like IoT, EDR, SOC on the subscription side. We've already talked about SASE. Those drivers, should we be rolling this up together such that as the emerging products get bigger in scale, it drives reacceleration for the subscription revenue line? How do you think about that?

So I mean, let's be clear, in the end, the billings growth is an indicator for how revenue is going to follow, right? And so billings growth, we need to see billings growth first, and we saw good billings growth for services in the first half year, but it takes a while until it rolls off of the deferred revenue schedule. We have a lot more opportunity to grow our subscriptions attached and unattached, and that's what we are working on because the products that we purchased through M&A are really good products. They enhance our SecOps solutions. You mentioned Lacework. I think we see good interest now into our approach to also integrate it with our own solutions and really allow customers a holistic view across cloud and on-prem environments with the CNAPP solution. So acquisitions take time. They are not always immediately accretive. There is always disruption for the acquired entity. So that's what we saw, but we feel good about the continued growth and the technology we purchased.

Well, maybe this is the opportunity to ask about acquisitions. So if I think about the players at scale in security over the last couple of years, we've just had Palo Alto announced its plans to acquire CyberArk. We know that Microsoft has become more of a force and prioritize security within their own customer relationships over the last 4 years. So I think for both of you, how do you think about the potential for Fortinet doing a larger scale M&A deal? Is that part of what you think would fit with your DNA? Or do you feel like it's necessary given that you've got these 2 big competitors at very big scale?

I think we need to see why they do the acquisition, right? So the reason is really in the network security, cybersecurity space, every year, there's a new function required. And there's more attack surface you need to protect, and there's a different kind of working environment may even change. So that's where you need a new function and also has to be working together with some other part of our infrastructure, other function, legacy function there. So that's where I do believe the best way to develop all this new function to meet customer need is really internal innovation. So that's why actually a lot of bigger companies when they get bigger, it's more difficult to keep up all this internal innovation, they more depend on acquisition to catch up all this new customer need. But usually, the difficult part is really the integration after acquisition. So if you cannot integrate well, you may end up with multiple products and then very difficult to integrate working together and probably only can enjoy the benefit of acquisition for the first few years, eventually because a separate product, separate solution, we're making the management cost and also customer kind of more difficult to deal with all these multiple product lines, they are not even integrated together. So that's where for us, the #1 priority is still to keep up the internal innovation, which we're working better to integrate with other solutions from day 1 to integrate together, design together, to integrate together. So that's always the company priority. Even if we get bigger now, we also want to make sure we keep up the innovation. We do look at some other acquisitions. And -- but again, for acquisition, I feel the challenge is more on the integration part. So we want to plan the integration like before we even acquire a company, we want to plan like a 90%, 95%, even 98% integration can for sure, be done, integrated together. If that integration is not working that well, we still can have a pretty low risk, will not impact overall company growth. So that's the company kind of philosophy really the innovation internal definitely much better solution than keeping an acquired company to keep up about the new things. And second, integration also super important. That's also see how company can long term drive the growth beyond the first few years after acquisition. So that philosophy has not been changed.

And Ken, specifically because we've spent so much of the last 40 minutes talking about SASE, what do you think the role for privileged access identity is within networking security and within SASE?

I believe that also needs to be integrated into the same like we call the FortiOS network security operation system and also integrating the same infrastructure instead of a separate solution there, whether the access control, identity or some other part, they're better to be integrated together with other like a firewall, with other like DLP or some other ZTNA approach instead of just a separate product, separate solution.

The other question that I think relates here to longer-term growth rates is on the cyclicality of the business as a whole. And we talked a little bit about the 12% plus target, meaning if the industry is growing 12% more than Fortinet should be able to outgrow the industry through share gains. Do you think the industry is becoming less cyclical because of all of these dynamics, and we've spent a lot of time here as well on going from a conversation that's based less on end of support, end of life and more based on new technology functionality and more of an offensive competitive positioning. So I'll pose the question, do you think the industry is becoming less cyclical? And how does that inform the way you think about things like adding sales capacity? Is there more consistency to the margin expansion or the growth algorithm if the industry is becoming less cyclical?

Yes. I think the overall industry is more driven by some like new or better technology, which we keep in developing, leading the industry there. But in certain vertical like retail or certain other area, they may be still depend on how their own kind of -- I mean, their own market condition, their own kind of infrastructure, some other kind of upgrade. But for Fortinet, we are so diversified in different vertical, different geo. So we feel definitely we are less, less cyclical there, right?

Yes, I would agree. I mean we are so diversified geographically. We are diversified across verticals, industries, use cases and customer sizes. So for us, it's not a necessarily cyclical business, especially if you -- maybe 1 quarter is good or bad in one way. But if you look at it on a 12-month continuous basis, it's pretty steady. And I think the drivers for growth, of course, are the increase of the attack surface. And there is always something new for cybersecurity industry to address. And so that's where I think there is continued growth and Fortinet is well positioned.

Fantastic. Well, I think that's an excellent place to end it. I know we covered a lot in 45 minutes. So thank you so much for sharing with us some of your updated thoughts on these topics. We're very much looking forward to continuing the conversation in September on the ground in Communacopia. And thanks to everyone for joining us today. Thanks specifically to the Fortinet team, Ken, Christiane, Aaron, thanks so much for making this happen. We really appreciate it.

Thank you.

Thank you for hosting us. Thank you.

Have a great week. We'll talk soon.