Fortinet (TICKER: FTNT) Fortinet Inc Ftnt Management Presents Wells Fargo Tmt Summit 2021 Conference Transcript

Fortinet, Inc. (NASDAQ:FTNT) Wells Fargo TMT Summit 2021Conference Transcript November 30, 2021 2:00 PM ET Executives Keith Jensen - Chief Financial Officer John Maddison - Chief Marketing Officer Peter Salkowski - Head, Investor Relations Analysts Andy Niwinski - Wells Fargo Operator Good afternoon, everyone. Before we get started, if you are a member of the press or media, please disconnect at this time. This is a restricted line. Any unauthorized party in this meeting or any unauthorized use of the information communicated in this meeting is subject to prosecution to the fullest extent of the law. Any unauthorized person including the media that is on the line at this time, please disconnect. Please note, Today's call is being recorded. Andy Niwinski Good afternoon, everyone. My name is Andy Niwinski. I am the Software Analyst at Wells Fargo. And today it's my pleasure to introduce you to the team at Fortinet. So we have Keith Jensen, Chief Financial Officer; John Maddison, the Chief Marketing Officer; and Peter Salkowski, the Head of Investor Relations. So welcome to the Wells Fargo TMT Conference, guys. Keith Jensen Thank you, Andrew. Good to be here. Question-and-Answer Session Q - Andy Niwinski Great. So we have about 30 minutes today. We'll be done at 2:30 Eastern Time. So maybe we'll just jump right in. I think one of the main questions we hear from investors, obviously, is the supply chain constraints as a top concern. So why don't we start by explaining why Fortnight -- Fortinet might be more insulated, as it relates to the shortage versus the other vendors in the market? Keith Jensen Sure. I think there's a couple few points that are makes us a little bit different. One is, historically, we'd like to keep our inventory turns at, say, at 3 to 4. We moved those down earlier in the pandemic to try and target between 2 or 3. So you're looking at having about five months of inventory on hand. I think some of our competitors have probably have done well, historically, with just in time inventory models and maybe that has not served them terribly well during the pandemic. And I think some of is also just numbers. We control 38% of the unit ships of all firewalls worldwide, we've got about 70 different products and we use about a dozen different contract manufacturers. While that makes a lot of complication and makes my operating team -- operations team a little challenging. It does give us a lot of flexibility, a lot of leverage. We can do things like, if there's a shortage of a current firewall product, we can move a customer up and down the price list to the adjacent product and that works out for them. We can also move components between our contract manufacturers if one manufacturer doing inventory of one critical component complete, we may be able to move it from another contract manufacturer. So I think it's given a net-net a lot more flexibility, a lot more leverage than others. Andy Niwinski That makes sense, Keith. So, I guess, you talked about having five months of inventory on hand. I assume that's more finished goods. But do you also keep, I guess, one of the main components of a firewall, one of the key attributes of Fortinet's firewalls that your customer may seek. Do you actually keep a supply of those -- just those individual components that you could send to your contract manufacturers used? Keith Jensen Yeah. You're absolutely right that when I talk about the inventory turns, I am talking about finished goods, and specifically, to the chips. Our model, historically, has been trying forward stage about three months of inventory of the chips at our warehouses that are available to move over to the contract manufacturers and another three months, so total of six all together for stage at the contract manufacturers, where they ready to go into production. Andy Niwinski Got you. I think you noted that some of your competitors were leveraging more of a just in time type inventory process, whereas you always had more of a built in advance and it sounds like that's one of the key different key areas that you're different from the other vendors in the market that maybe also seeing a supply shortage? Keith Jensen Yeah. I think that, as part of our culture is that we're very hands on in terms of the inventory so that would be very close to the manufacturing process of that. And while we do work with, as I say, about a dozen different contract manufacturers, we're very engaged with them several times a day in terms of planning and the scheduling of inventory and future deliveries. We do, as I say, we take title for that inventories, so that we use contract manufacturer and ship for warehouses and we store them there. Andy Niwinski Got it. And I -- just like clarification as well as it relates to that inventory of chips that you have. I -- the questions are coming up now, but actually, I believe this, you actually started building inventory of chips and components at the start of the pandemic back in early 2020. So it's not something that you just are reacting to now. This has been something you've been doing for a while, is that correct? Keith Jensen You're absolutely right. The reasons may be a little bit different. In the very beginning of the pandemic, we were a little concerned about getting shipments out of Asia, whether it was ocean or in the belly of an airplane and we started building up our inventory levels in response to that. And as now as the pandemic has continued to lack of a better term mature, I guess, it's created a different type of supply chain challenge. But throughout 2020 and 2021, wherever we've had the chance we'd continue to build up our inventories. Andy Niwinski Make sense, Keith. Okay. Maybe in the same vein, as it relates to the supply constraints, that -- you did have a backlog exiting Q3. But maybe if you could just give us a little bit more color around that backlog? What percentage of orders are actually from existing customers in that backlog versus new customers, and ultimately, what I'm trying to understand is, how easy is it for that backlog to be perhaps canceled? Keith Jensen Yeah. The company's historically not had a lot of backlog. We do see a small ticked up in the backlog in the third quarter. And I think we characterize that as being about 70% of that backlog related to switches and access points. I think there's also the question of how much of that is from new customers, which would be, perhaps, more likely to be cancelled versus existing customers. In our mix of even though we had 6,000 new logos signed up in the quarter and I think that was for two quarters in a row, our topline mix in terms of revenue billings was very consistent between existing customers and new customers. And our backlog mix was actually very consistent as well, didn't see anything that really spiked up there. And then, lastly, I would note that, when it comes to what we saw in backlog, switches and access points, that's more likely to go, actually, sold to an existing customer as part of our land and expand strategy. Typically, leave the firewall when we want to sell the platform product subsequently. I don't think that what we saw in the third quarter nor this quarter was -- were companies trying to gain the system or customer trying to gain the system by playing -- placing orders in -- with multiple vendors. Andy Niwinski That's great that you're not seeing that. So do you, I guess, as it relates to maybe not placing double orders, but you -- is it possible that customers might be placing orders now for firewalls that they may not have needed till, perhaps, the end of next year, knowing that there is this delay? Do you think there's any sort of build up, I guess, would it -- would be in your billings, where they place an order that you might not have expected until next year? Keith Jensen It's a good question and I think I will give some clarification. You would not see that type of order in our financial statements, it would not be revenue and it would not be billing. So it would be backlog. What I think we're seeing in this phase, the pandemic, one is kind of to your point, a lot more collaboration between our sales team and some of our enterprise customers about their planned deployments for the future, which I think is a good and healthy thing. If you think about what types of customers and whether or not they're going to go vendor shopping, if you look at large enterprises, if you're the incumbent in a large enterprise then it's very unlikely they're going to make a move because of the architectural demands that go with that. If it's a large enterprise that has a dual vendor strategy and there's a new use case, and you, like, Fortinet have product available, you're probably going to win that opportunity. Andy Niwinski Right. Keith Jensen If it's a displacement opportunity and you maybe mature to the POC phase, where it's become -- where you've proven that you have the capability, you probably have, I think, we said a better chance of winning at that point, because we do have the products available. If you move down to the smaller enterprises, I think, those companies are more reacting to ransomware, they need it now. I think that their real focus is perhaps more on cost, performance and availability, and I do think that helped us with a 6,000 new logos, but we were able to deliver on that. And again, no real difference in the mix in terms of billing and revenue between new and existing. Andy Niwinski That's great. I -- just to wrap this up, it does seem like the backlog will likely persist at the end of Q4 and most likely I would guess throughout 2022 unless this gets resolved a lot quicker than people think. So would you consider giving any sort of like a book-to-bill type metric to investors, knowing that this backlog will likely persist? Keith Jensen Yeah. It's a great question and it's one that we talked about internally. Specifically when we're getting ready for the third quarter earnings call and looking at that 51% product growth and knowing that we had a bit of an uptick in the backlog, and the question internally was, would that be helpful for investors to understand more about that. And I think at the level of backlog, I would call it a bit of an uptick. We thought -- beyond the 51% product revenue growth, we thought that was a good way to approach things. Now as we continue to move forward through the pandemic and backlogs continue and shipments continue to grow, I think, it's quite possible what we'll definitely revisit that conversation as part of the fourth quarter earnings call and it's certainly possible that we'll add some sort of disclosure saying, here's our billings, here's our revenue and here's a new metric talking about backlog. Andy Niwinski Okay. Great. Let's shift gears now, as it relates to more of the sustainability of growth and some of the growth drivers you have, consolidation of vendors is one thing that, we certainly have, as I would say, a cornerstone of our thesis on Fortinet. But we're definitely seeing in the marketplace a lot of resellers telling us that CISOs just have too many vendors in their data center and they want to reduce the number of vendors they're working with and move to more of an integrated platform. You've talked about it on your Q3 earnings call as well. I'm just wondering, what type of products or vendors, perhaps, are you seeing that are getting consolidated out if this trend is actually occurring and who -- which vendors are losing out because of this consolidation trend? Keith Jensen Yeah. Let me comment on that. I just speak to a lot of customers each week and CTOs, CIOs, CISOs. I think there's two types of happening. One is what we call a convergence where multiple functions are coming together. Good example for us is where we converge SD-WAN and firewall together. So that's taking two separate solutions and converging it into one. It gives you an operational savings. It gives you both security on that networking device. So there's a coming together on networking and security and convergence. And the second area is consolidation and it's not so much that you were taking out a product. So maybe we still have endpoints, email and firewall. But what the -- what's really hard for the customer is to make them all work together. Its vendor A, vendor B, vendor C, get into exchange policy or threat intelligence is really hard. And so that's where I'm seeing the consolidation plans happen, where they'll take a use case and select the same vendor to consolidate the solution, because that solution works better as a platform versus individual point products. So those are the two main areas, which are convergence and consolidation which coming together. I don't know exactly. You'll see some additional networking vendors losing some market share to SD-WAN. I think routing is definitely shrinking. You'll see some smaller security players and maybe be pushed out because they don't have that platform approach. Andy Niwinski Okay. That makes sense. One thing just before we go on, I forgot to mention any investors that are on the call right now, if you do have a question you'd like me to weave into the discussion, feel free to email me at andrew.niwinski@wellsfargo.com. I'm happy to weave it into the discussion. So maybe moving on, for John or Keith, I want to talk about your FortiGate products and then we'll get to some non-FortiGate questions. So last quarter, in Q3, you had 51% growth in product revenue. That was clearly amazing the best it's been since your IPO in 2009. I know SD-WAN was strong. I think it grew by maybe 50% year-over-year, which is pretty consistent with where it's been growing. Well, what are the other firewall use cases that contributed to that growth? Could you just help us understand what really popped that growth to such a high level? Keith Jensen Yeah. Yeah. Definitely SD-WAN was a big driver. We consider that to be foundational technology going forward both for things like SDB branch or the cloud. But other use cases, one of them is operational technology, security and LTE networks, whether it be manufacturing oil and gas or energy. And what we've seen is, maybe some of this was driven by the pandemic and that access now, remote access is allowed and what used to be an air gap between the IoT world and the OT world has gone away and we're seeing a really big growth there, because we do need to protect those IoT environments more and more, especially since ransomware has come to the fore. We've seen almost a 10x increase in ransomware and ransomware can go in there and hold the production, et cetera. It's all kind of pipeline as an example. And so I think firewalls in that environment has a big growth opportunity. You mentioned SD-WAN. I think customers are also as they build they build out their digital world. They're going to make sure that they've got segmentation in place. Segmentation is one of the very important criteria to stop ransomware from spreading inside your organization. So we're seeing ransomware. We're also seeing certain companies, especially in certain sectors want to do more inspection of SSL and SSL traffic. So that's a big component of our system. It can do SSL Inspection unlike many other files outside there. And I would say, overall, just additional services on top of next-gen firewalls as well, whether it would be IPS or whether it be Application Control Center as well. So services, new markets, IoT, SD-WAN driving the edge and then also, as I said, segmentation is being born not only in the campus but in the data center. Andy Niwinski That's a great explanation. I think the common understanding of ransomware is that it's an -- it's affecting endpoints, you need endpoint security, which I know Fortinet has, but I don't think many people relate ransomware attacks to the need for upgrading your network firewalls. Keith Jensen You have got to... Andy Niwinski But that's a good link. Keith Jensen Yeah. You got to stop that lateral movement. But we also think the platform going forward is not just a platform for saving money. The major one was a study done by Gartner last year, saying, yes, you save money, you don't need as many trained people across many different products. The real reason, CISOs want platforms is to get a better security posture, to be able to automate the response. And so it's not just endpoint standalone, its endpoint plus Zero-Trust, plus firewall, plus weapon, all these things taken together will give you a better solution more integrated. That's how you stop ransomware and not with a standalone product. Andy Niwinski I guess that goes back to your integrated platform and I am having all those different threat vectors integrated is what the bigger larger enterprises are looking for versus deploying point products that aren't integrated across the various threat vectors? Keith Jensen Yeah. Well, it's, I think, cybersecurity industries poor in our opinion and working together, just put it that way to say the least. And having a vendor A, vendor B and vendor C, getting two vendors together, it's not enough in line three or four vendors. In fact, Gartner has just come out with something called the Cybersecurity Mesh Architecture. It's a -- it's the -- it's kind of recognizing that our platform projects are needed. It's not just that you've got individual point products that don't talk to each other, that the architecture we built over the last 10 years is to send all the information to a SIM or do the operations through a single management console. And that just doesn't work to the -- it's the lowest common denominator you're dealing with. So the ability for a platform for products, for an endpoint product to talk to a firewall, for a firewall to talk to a laptop, to talk to an identity based system. In fact, if you look at the endpoint marketplace, it's migrating from EDR already to something called XDR. This is extended detection response, which includes the ability to look at other threat vectors. So I think what's happening is industry is realizing or CISOs already realized that they need to build a platform for use case that involves multiple products that talk to each other, that share threat intelligence, that share policy. Andy Niwinski That makes sense. Just to wrap up the discussion as it relates to endpoint security and ransomware attacks. I mean, do you see a Fortinet winning in the endpoint security market with just a standalone sale of your endpoint solutions or is it -- when you win in the endpoint market is it part of a bigger platform deal? So I am -- I guess, I'm asking, are you competing against the CrowdStrike SentinelOne or are you more competing against vendors, I guess, that have more of a platform and those types of bake offs where they're buying everything, they're not just buying one of your point solutions? Keith Jensen I think both, absolutely our FortiEDR products will go against CrowdStrike and anybody else out there. There's a test house called MITRE. They do some very detailed testing, even with the test results of them, I think, they're coming out in January, again, every six months. So we can go head-to-head, product-to-product with any of the endpoint EDR vendors out there. But I think a lot of the customers also want to see your vision. In fact, this is not just for endpoint, it's -- whether it's network and cloud. They want to see where you're going with the vision and the vision is definitely that you take that EDR and integrate it with Zero-Trust, which is replacing obviously VPN right now. You integrate it when you work from anywhere solution, that's what they really want to get to. They want to work from anywhere solution that is just as good when you're traveling or at the home or in the office, the user experience is the same across all those and automatically the systems reconfigure for wherever you are in that location. And so that plus contextual information as you go forward, you need that conception information, depending on where you are. So, yes, we'll go head-to-head mainly as point but customers want to see that vision of a platform really. Andy Niwinski That makes sense. Okay. Let's shift gears to the non-FortiGate side. On the Q3 earnings call, you mentioned the top five non-FortiGate solutions were mail, SIM, sandbox, switches and virtual firewalls. And I certainly understand why virtual firewalls would be strong as more applications moved to the cloud. But can you explain why maybe some of the other areas had such strong growth last quarter? Keith Jensen Well, again, this is another example of a platform email. So email, 25% of infections still happen through social engineering. And so if you haven't got visibility to that email component, you're missing a huge part of the threat vector. And so, again, yes, I can get my email security from Microsoft or Google or maybe a standalone vendor and that's good. That provides a protection. But if you can find something inside your email account, you can link that to your sandbox and you can link that to a policy that goes out and shuts down either some access from a certain endpoint automatically. That's the key. So, again, it is some of its standalone email securities and not sure your web application firewall does very well, as API security becomes very important. Some of its standalone, but again, they kind of put it together. I'm buying a standalone product, but I wanted to link to my SEC ops. I wanted to link it to my network to provide that overall solution. And the other component that customers are talking about today besides the security element is this digital experience. They're building out digital -- accelerating their digital projects, but they want to measure it. Well, how does that use of that device? How does it connect to my applications? What is the experience in terms of latency, in terms of throughput, in terms of availability of the application? So measurements of the security and measurements of the user experience becoming very important? Andy Niwinski Okay. That makes sense. It does sound like it all boils back to the consolidation play, where you have a fully integrated platform with many different, covering many different threat vectors that continue to drive growth for Fortinet. Maybe another area of that I wanted to touch on was Zero-Trust. I think this is, yeah, I'm not sure if SASE in the Zero or... Keith Jensen Yes. Andy Niwinski ... drives your Zero-Trust wins. But is that part of the non-FortiGate portfolio? Keith Jensen Yes. So Zero-Trust to us is a really important concept, as part of that, device and user awareness that needs to sit and link into the networking proxy component and then a policy engine across it. So for us our FortiClient provides that Zero-Trust, the proxy enforcement can be either one of our FortiGate with the FortiOS in the data center. It can be one of our FortiSASE in ops. So now you can see the integration of our SASE and Zero-Trust and that really -- just really focuses on our work from anywhere solution. So remote access, private access, securing devices on and off the network, they all come together with Zero-Trust, SASE and endpoint security and also proxy and identity integration. Andy Niwinski Okay. I suspect I know the answer to this. And it's likely goes back again you're fully integrated platform. But why do you think in the Zero-Trust space, I mean, Zscaler certainly has a very comprehensive solution, routing everything through their cloud service. But why do you think Fortinet might be better positioned than Zscaler to win deals in a Zero-Trust space? Keith Jensen So I think I was -- again, I was talking to a large bank, European bank yesterday. And they were trying to work out what is the point, today that the hub and spokes and everything back to the data center, and they said, well, if I did go to the cloud, I sent everything to the cloud, it's the same concept. So they just think that a hybrid approach is going to be very much what's needed going forward. And so have everything in the cloud, we need something in the network, the network is very important, we need something in the endpoint OT, for example, they're going to put the compute next to the OT. There's no point in sending it back to the cloud back there if you need latency. So we think the -- again it's a platform approach, but also the location. We need to be able to put security at the WAN Edge, at the LAN Edge and the OT. It can't just sit in the cloud. And so that's why I think we've got an advantage over Zscaler. We have other platform advantages. We have a full blown EDR that can detect the device posture and feed that into our Zero-Trust engine. We can put our proxy enforcement anywhere across the edges of the network. So I think -- again, I think, if you are just cloud or you're just endpoint or you just network, that's not going to work as a platform in the future. Andy Niwinski Right. That makes sense. Do you feel like your Zero-Trust portfolio is where it needs to be to effectively compete in that market, which seems to be in the very nascent stages right now. But do you feel like there's more that Fortinet can add to it or do you feel like you're in already a really good driver's seat position in that space? Keith Jensen Then we've got a very good solution. I think our end user is making sure that we got our partners and our salespeople trained on it correctly. Andy Niwinski Got it. Okay. We've got about six minutes left. I just got a few more questions for you. Another big growth driver that I think we can start with, we may see next year is really the build out of 5G networks. And I think the OT market may be also related to this. But I was just wondering if you could give us an update on both the OT? I know you kind of touched on earlier with OT Security. But just curious how that in the 5G rollouts might be potential growth drivers for Fortinet in 2022? Keith Jensen Yeah. Two areas and I think it's the mobile edge compute. It is very much linked to OT. We're seeing and I think SD-WAN, again, is a foundational building block, because from SD-WAN we can provide that connectivity to OT sites. We can then move that to SDB branch, because we've got WiFi controllers, Ethernet controllers, 5G, extended controls built into our core next gen firewall and SD-WAN, then we're going to extend that to that SDB branch concept, where we provided WiFi and switching into the OT environments. Now you may need, you've also built out rugged devices, switches, access points, firewalls, which allow us to kind of deploy there. And then there's the whole SD-WAN marketplace. This -- I've spoken to retailers, for example, who want to use 5G as their primary link. So we've got that 5G connectivity that's going to happen in the next few years. There's still a lot of areas that don't have a 5G connectivity. But as 5G rolls out, we're seeing many of our customers want that 5G as sometimes their primary connection. And then in the core of 5G networks, we're starting to implement and put our devices in there, because they need security in the call, in the radio access, in the Internet Gateway. And these things -- these devices need to run a terabit per second, not hundreds of megabits per second. So we see 5G as a big opportunity, as connectivity to the 5G network, but also in the core of the 5G network providing us security there. Andy Niwinski Yeah. I want to maybe just drill into that core component. I know on the earnings call, like, Ken -- I'd asked Ken about 5G rollouts and how it may have been driving your large, I guess, large enterprise growth, which was really strong in Q3, but he said it was more actually just the large enterprise side, it was, excuse me, the low, mid and high end firewall appliances were being driven more by large enterprise. Why do you think it's taking a little bit longer for the 5G rollouts really start, because that seems like that's the sweet spot for Fortinet, you have always historically been really strong in the carrier market? Keith Jensen Yeah. Just the function of the service providers rolling out that 5G networks and elements of that, and so, we sit in maybe three or four different places of the 5G network, okay. Maybe it's the radio access security, maybe it's the Internet Gateway security, even the mobile edge compute security, for example. So I think it's just a function of them rolling that out. But there is some debate within service providers, whether I want to make that completely virtual software versus appliance. We're seeing -- as in the universal CPE marketplace, you've seen people start with virtual and come back to appliances actually there, so I just think it's a function of rolling it out. It's the same on the connectivity side, which I think, Ken, was answering more than anything else is, it's a function of what the 5G availability to those enterprises wherever they are. Andy Niwinski Got it. Okay. Maybe to wrap up the discussion this afternoon, I wanted to talk about that recent acquisition you made, because you don't make many of them. But the AlaxalA acquisition, I think it added about $5 -- $15 million in revenue in Q3, which I believe was one month of sales. So clearly, not a big contributor to your -- to the upside in your quarter, but if you net that out, how do we think about the contribution that that acquisition might potentially make in Q4 as it relates to the big guidance raise you gave? Keith Jensen Yeah. Great pick up on that, Andrew. Like, AlaxalA, I think, you can see $15 million at the topline benefit in the third quarter wasn't the one month. AlaxalA is going to represent low-single digits of our business going forward. So I really don't want to get into a protracted discussion every quarter about guidance. That said, let me give some points of validated, so $15 million a month free. We expect that AlaxalA will behave like other tech companies. And by that I mean, linearity, 50% of their business is in the third month of each quarter. So you can kind of do that math. And they're a -- as a Japanese company, their year-end is in March, so you're not going to get the corporate budget flesh in our December quarter, rather we expect that their December quarter is going to look an awful lot like their Q3 gains. So I think people can kind of piece that together and get some validation for the numbers. But I think we're excited about the opportunity with it. It brought a host of R&D resources that we very much interested in. It brings a chassis switch, which is something that's missing in our product suite. They have very good traction in the enterprise sector of Japan, as well as in the public sector. So while it was an inexpensive acquisition, $64 million, I think, it took a lot of boxes for us that we're very pleased with. Andy Niwinski Did you have a big presence in Japan and what other competitors do you anticipate seeing in Japan with this acquisition? Keith Jensen Yeah. I think for most tech companies Japan's in the top five or six, so there are other countries and it is for us as well. I don't know that the competitive landscape is terribly different than Japan. Go-to-market there's a little bit different, maybe you want to talk about that. John Maddison No. I -- just the same competitors interesting in there that we find here in U.S. and Japan is one of our top five, top six countries that's listed in IR deck. Andy Niwinski Okay. Got it. Well, guys, that's -- we're out of time today. I will turn it back to you if there's any thoughts you'd like to leave investors with as we wrap up this call. It was great seeing you and I wish you the best of luck. Keith Jensen Thank you. John Maddison Thank you. Keith Jensen Thank you, Andrew. Okay. Andy Niwinski Thanks, guys. Keith Jensen Okay.