Fortinet (TICKER: FTNT) Fortinet Inc Ftnt Management Presents J P Morgans 50th Annual Global Technology Media And
Fortinet, Inc. (NASDAQ:FTNT) J.P. Morgan's 50th Annual Global
Technology, Media and Communications Conference Call May 23, 2022 8:40
AM ET
Company Participants
Keith Jensen - Chief Financial Officer
Peter Salkowski - Vice President, Investor Relations
Conference Call Participants
Raquel Betesh - JPMorgan
Raquel Betesh
Good morning, everyone, and welcome to JPMorgan's 50th Annual Global
Technology, Media and Communications Conference. Thank you, everyone,
for being here. We're excited to be back in person. I'm Raquel Betesh.
I'm a software analyst here in research at JPMorgan. And today, I have
the pleasure of speaking with Keith Jensen, the CFO of Fortinet; and
Peter Salkowski, the Vice President of Investor Relations at Fortinet.
Thank you both for being here today.
Keith Jensen
Thank you.
Raquel Betesh
So now I'm going to pass it over to Keith and Peter to do the
disclaimers.
Peter Salkowski
Just a quick one. I'd like to remind everyone that we may be making
forward-looking statements during today's fireside chat. These
forward-looking statements are subject to risks and uncertainties that
could cause actual results to differ materially from those projected in
these statements. Please refer to our SEC filings, in particular, the
risk factors in our most recent 10-K and Forms 10-Q and to other
reports that we may file from time to time with the SEC for additional
information on factors that may cause actual results to differ
materially from our current expectations.
All forward-looking statements reflect our opinions only as of the date
of this presentation, and we undertake no obligation and specifically
disclaim any obligation to update forward-looking statements. With
that, we are ready to go. I know that was the best part but...
Question-and-Answer Session
Q - Raquel Betesh
Keith and Peter, thanks again for joining us. So to get the ball
rolling here, can you give us a brief introduction of your product and
platform offerings and how they fit into the security landscape?
Keith Jensen
Yes. I'll kick it off and Peter may join in a little bit. Simply put,
our primary product is a firewall, represents about 70% of our
business. And I think the - what makes us successful is our proprietary
ASIC, which creates a significant amount of speed but also capacity.
And the capacity is important because we use that to create embed more
features and function in our operating system, around OS7. And that's
the cornerstone of our platform strategy. And from there, we expanded
out to - depending on the on at 30 or 40 different products that are
virtually all homegrown, we are very much a build-versus-buy strategy
in terms of our company. And with that in mind, you'll see those other
products that are all integrated on a single platform that includes
things, in addition to the firewall, things like EDR and SIM and SOR
and the sandbox, etcetera. And we're really promoting and believing in
the consolidation of vendors. We understand there is a role for point
solutions in the market. But we think that we agree with Gartner and
others there that is a significant amount of consolidation going on
with platform vendors.
Raquel Betesh
Let's talk about the competitive landscape now. Who do you guys see as
your primary competition?
Keith Jensen
Yes. On the firewall side, it's pretty much the same and probably in
order, I would say Cisco, Palo Alto and Check Point. I think the things
that have evolved over the last, say, 12 to 24 months would probably be
that we're getting significantly more at bats in these competitive
opportunities than we have historically. Pipeline is very strong and
very robust.
I think the other part of it is seeing more of the platform
competitors, if you will, show up in the competitive landscape. We do
track the mix of how many times we're in each of these different
firewall companies, but also the other security vendors. And as the
platform has continued to grow, we've seen the mix naturally shift a
little bit to some of these other platform competitors.
Raquel Betesh
On the topic of your firewall, you recently announced five new
FortiGuard services for your next-generation firewall in your Analyst
Day. How do these enhance the functionality and protection?
Keith Jensen
Yes. I think the - we've been very successful over the years with what
we call our bundle strategy for services. We offer two different
services. One is traditional support. We call that FortiCare, bug
fixes, call support, etcetera. But the other one is FortiGuard, which
is a bundle of security subscriptions. And if you look back at the
history of the company, historically, it started off being extremely
successful through the distributor model, primarily with an SMB focus
already in its life. And I think those bundles were very successful for
that particular market segment and some of the verticals that the
company was in, including service providers or MSSBs. Over the last
several years and you've seen some the of numbers, we've seen success
come our way now. And in the Enterprise segment, we talked about our
G2000 growth. And I think it was 90% or something like that in the
fourth quarter and over 60% in the first quarter. These are very strong
numbers for us. And as we've gotten into it a little bit deeper, we
start to understand that the enterprise customers, while they have an
appetite for the bundles as well, but they are also interested in
individual security offerings. And it gives them a good chance - they
tend to have larger budgets, bigger staffs. And it gives them an
opportunity to cherrypick some of the security offerings that are
attached to the firewall.
Peter Salkowski
Yes. I think one of the things to point out that some of the things
that Keith has already said is that Fortinet is a very diversified
business, right? He talked about the fact that 70% of our business
comes from the core firewall business, which is not just the firewall
itself, but also the services that you just mentioned in FortiGuard and
FortiCare that get attached to that. So it's not just a hardware
component of it. But more importantly, we're diversified with another
30% of our business that's growing probably in the high - mid to high
30s in terms of its growth in all these other products that are
software-based, that are the point products that you would see from a
variety of different companies, whether that's mail or sandbox or SIM
or SOR or whatever. And there is 30 to 40 different products that at
least that we track, probably more than that, that we track in the
non-firewall side of the business.
So there is a diversification across the landscape of different
security capabilities. There is also a diversification across different
customer segments, whether it's very large enterprises, which Keith
mentioned, was growing 60% plus in this last quarter for a G2000, which
is kind of what we look at from a proxy for large enterprises, to
mid-enterprise to SME, small and medium-sized type enterprises. And we
have a capability across all those different customer segments, I don't
know, 60, 75 different SKUs on the firewall side from an entry-level
firewall that might have two digits, the 60F or the 70F to a 7000
series firewall that's a very high-end, very expensive machine that can
run a lot of different capabilities into 400 gigs of throughput in
terms of its networking capabilities or firewall capabilities. But not
only diversified by geo or by customer segment, but also by geo, right?
Only 27% of my revenue in 2021 came from the United States. We are a
much more international business with 40% of our revenue from the
Americas, 40% of our revenue from EMEA and 20% of our revenue from Asia
Pac. So it's a very diversified business across not only product, but
customer segments as well as geographies.
Raquel Betesh
To kind of elaborate on functionality here, what security gaps do you
commonly see in between functional areas and enterprise security
strategies? And how do you think about mitigating these potential entry
points with your platform and products?
Keith Jensen
Yes. I think when you're looking at a large enterprise, particularly
you're looking at a company that probably has 30, 40, 50 different
security vendors with disparate technologies. And this comes back to
the platform conversation. And the challenge is when you have - there
is a number of challenges when you have that many security vendors. One
is how do you integrate them? And how do you create automation? How do
you ensure that when one functionality, one security product sees
something that it can communicate to the other 49 products or services
inside your threat landscape and that you can automate your response.
One thing that we're seeing here over the last year or so was the speed
with which the bad actors are not only evolving but the tools they are
using. And why that's important is because there is a premium to CISOs
and CIOs to stop the kill chain, to stop the spread inside your
organization. And when you're dealing with that many security vendors
and you have some poor guys sitting in your SOC or your NOC that's
trying to track alerts and determine what your false positives and
which are real and get the response that you need across your entire
security landscape. I think that gap, if you will, continues to be
exposed in the current threat environment. And I think it also speaks
to why again we believe in the platform strategy.
Now there are specific places that we think that security at the moment
needs to be looked at very, very closely, and we would call that an
edge, virtually any place that an organization has a device exposed to
the Internet, which can be in a branch, which could be on a device of
some sort. It could be on the manufacturing floor. In all those areas,
now there is a premium to securing your edges. And then also
internally, because the reality is, a patient, well-funded bad actor
will oftentimes be successful, you then need to create micro
segmentation. What that is prevent them from moving laterally inside
the organization if they do get in.
Peter Salkowski
And even, I mean, the new concept that - well, but the concept a lot of
people are talking about in the last 12 months is Zero Trust. And the
reason they are talking about Zero Trust is it's basically trust no one
that's inside your network. No matter where they are, don't trust them.
And that really has accelerated over the last 12 months because of
ransomware. And the concept that if you look at the data from what
happened in 2021 from a ransomware perspective, our data shows that the
level of ransomware attacks increased tenfold during 2021. And so
everyone is worried about how do I handle that? Well, one of the ways
they handle that is micro segmentation, limit where they can go within
your network and/or Zero Trust, follow them everywhere, don't let them
go anywhere they are not supposed to go. But for that concept to really
play out and work, you have to see the network from the data center to
the edge to the cloud. And our operating system, which really we get
called a hardware company all the time because we design our own ASICs
and we have these firewalls at 70% of our business, keep in mind,
again, that 70% of the business includes the services that get attached
to those firewalls. So it's not just all product.
Our business is about 30% product when you look at the income
statement. But you have to be able to follow that person or that thing
across that entire network. And our operating system - he said 7.0,
it's actually 7.2. Our latest operating system that came out a few
months ago is built for Zero Trust. It has all the Zero Trust
capabilities built into it, and it's an integrated solution. So, if the
endpoint sees something, it can inform the other parts of the network
and communicate with the other parts of the network. So if it's a
laptop, for example, just don't let that laptop go anywhere. If you're
a point solution and all you see is the endpoint and you can't inform
because you're not working with the rest of the network to inform it,
that isn't very useful to you. And so Fortinet's from the beginning has
had this belief that for - by the way, for those who don't know the
company, we started in 2000. Our first product came out in 2002. So
we've been building this for 20 years. The platform has probably been
built since the mid-2010, 2012 kind of time frame. So that's been going
for 10 years. We've been continuing adding functionality to the
operating system. And we can add that functionality to the operating
system and expand that operating system because we have these ASICs
that allow us to have a lot more capability within our operating system
to run that without slowing the network down.
And at the end of the day, we haven't mentioned the word yet, so we
will use it, it's all about convergence. It's the converging of
networking and security that are coming closer together. And those two
buying centers are starting to communicate more with each other so that
the networking people are working with the security people as they are
trying to today reconfigure their networks for things like the cloud.
There are a lot of companies that aren't ready to go to the cloud today
even though everybody does it. Everybody is in the cloud. And in order
to do that, they have to reconfigure their networks. And as they are
reconfiguring their networks, they are rethinking about their security
that 5 years ago, they weren't considering the cloud for. And that
reconfiguring of their network is an opportunity for us to sell them
more security on top of that, but also to reconfigure their networks
and be it network speeds with our firewall capabilities that literally
can do 400 gigs of throughput with our ASIC capabilities. And there is
no one else in the security space that can do that. No one else has
their own ASICs. There is a couple of players out there now that have
gone out and bought ASICs from an ASIC company. And they are basically
realizing they need to have ASICs, but they are not building their own.
We have built them from the beginning. The inception of the company in
2000 was the point that security is so much more compute-intensive the
networking that you need to have your own computer chips to do that,
and we have three of them.
Raquel Betesh
So on the topic of your computer chips, actually, you recently touched
on chip shortages for FortiGate hardware. How are you managing the
worldwide shortage? And do you have any expectations on the duration of
this?
Keith Jensen
Well, I think we - I'm here to announce, look, I think that everybody
that we - when we read reports, if you will, the common theme seems to
be, to paraphrase it, look out about 6 months and nobody really willing
to commit at this point that it's going to get better within that
6-month time frame, which kind of puts us now into early 2023. And I
think there seems to be a bit of a rolling conversation point. If you
ask people 6 months ago, you probably got a similar statement, it's
probably at least 6 months away. And it just seems to continue to push
out. And I would expect that we're going to be into 2023 before we
start to see only - because I don't see it in 2022 a significant
improvement in the supply chain.
In terms of how we manage the supply chain, I think we've done a number
of things. We talked about some of these at our Analyst Day a couple of
weeks ago. One is we've gone through - we continue to reconfigure
products, if you will, our engineering team. For whatever reason, we
seem to see this and respond to it perhaps earlier than some other
reports that I read recently. And by that, I mean, when we are in the
third quarter, we started this of last year, we started to see the chip
shortage starting to appear on the landscape. And with that, we went
back to the engineering team and talked to them about how we may
redesign certain products such that there is a multivendor strategy or
supply strategy for those or design around certain functionality that
maybe really isn't in high demand in terms of from our customers, but
isn't a limited supply. We've also spent a fair amount of time talking
to our suppliers, working with them very closely in terms of what's
going to be available and when. We have - I would also add to that,
made significant commitments to our contract manufacturers and to our
suppliers about how much inventory we plan to buy in the future, both
in terms of dollar amounts, but also how far out. Historically, you're
probably looking at everything that was probably an order was maybe 6
to 9 months out with a contract manufacturer. It's probably twice that
much now. And I think that's important to the contract manufacturers,
given they are in a very difficult situation at the moment or could be
perhaps with some working capital challenges because they are being
forced to assemble, if you will, all the different components that are
required for finished goods. And until they have all the components,
they are really just sitting on that inventory and they can't
manufacture it, and they can't sell and convert it to cash. And so we
are hopeful that by giving them some visibility in the long-term, that,
that is some information that they can plan around that they can use to
help their situation. But I think that's probably been the,
financially, the largest part of it is in terms of commitments that
we've made to our contract manufacturers.
And the last element, you've probably heard about the concept of
expedite fees. We do have contractual relationships with many
suppliers, whether they are chips or power supplies or what have you.
And then you receive what we call the dreaded midnight phone call when
they call and they say, "We are not going to be able to deliver
tomorrow." And for a variety of reasons. It could be because of a COVID
wave. It can be because of poor capacity. It could be because of
capacity within the system. It doesn't really matter why. And while we
have a contractual arrangement that says they are going to deliver, the
reality is there is not much you can do about that. Putting them in
breach isn't going to do you any good. So, instead, you work with the
chip manufacturers. They will sometimes come back to you with a subset
of products that they are willing to sell to you if you are paying
expedite fee, a premium, if you will. And from the very beginning of
this phase of the pandemic or the supply chain crisis, whatever you
want to call it, I think we have shown a high degree of willingness to
pay those expedite fees so that we can ensure delivery of products not
only to ourselves, but to our customers.
Peter Salkowski
I think, Keith, might be important in that conversation to talk about
backlog. Like what was our backlog at the end of the first quarter? How
has that looked from a year ago and size it in terms of the size of the
business?
Keith Jensen
Yes. Thanks for the question, Peter.
Peter Salkowski
You're welcome.
Keith Jensen
We are a company that strategically over the years, there was always a
bit of a conversation between the CEO and myself about inventory turns.
He likes inventory turns low. Shockingly as a CFO, I would like to see
them high. And so one effect of that was as we got into the supply
chain, we came into with a high level of inventory and no real backlog.
When you saw a backlog for us before, it may have been $10 million, $20
million. And it was primarily services, professional services and
things like that, that would be delivered in the future. And that's
really where we are at for the first half of 2021. And as we got into
the third quarter, we started talking about backlog, and it was getting
larger or maybe be something that we disclosed. And then in the fourth
quarter, we did indeed disclose it. And I believe that number was $160
million, if I am not mistaken, $162 million, and provided some mix of
it. Switches with the lion's share at that point in time. And we also
shared that we expected backlog to continue to increase. And I think we
ended the first quarter with backlog at about $280 million. And the now
mix is probably about 50% switches and access points and 50% firewalls.
Now you are talking about a company that's going to be $5 billion. So,
that's not a huge backlog. One metric that we have provided with people
is just to measure what is the - what's the incremental increase in
backlog in the last two quarters as a percentage of bookings. And that
increase runs about 10%. So, we are starting to see some trend lines
develop that we are using for some of our planning processes and so
forth. For context, one of the very large networking companies reported
last week, I think it was a $15 billion backlog number. So, I suspect
we are a little bit smaller than that.
Peter Salkowski
And I think we guided a little bit. We did say that by the end of the
year, we thought our backlog would be at least $500 million. Again,
that's on a $5 billion revenue number. I think a little over $5 billion
revenue number. I can't remember the exact numbers, but less than 10%
of our overall business sitting in backlog. We have an audience
question there.
Raquel Betesh
Yes?
Unidentified Analyst
I don't think that the market is associated with switching. And so
maybe can you just elaborate on your how much of the business that is?
It seems like you are doing well on [indiscernible]
Peter Salkowski
Can you just talk about your switching business, I don't think the
market really associates you too much with that. It sounds like it's
going well given your backlog and how do you play in that? You use your
own ASIC, who are you competing with and stuff like that.
Keith Jensen
Sure. I don't think we think of ourselves as a switching company
either. We think of ourselves as a secure switching company. Switch for
us is part of the platform strategy. It's secure switching and as part
of that automation that you are trying to create if there is an event
also to communicate things. I am not aware of us selling to a new logo
switches for the first sale. It's almost always the firewall. It could
be one of the other platform products. But as part of that extension,
we do look to opportunities to sell access points and switches and
other platform products as well. We have commented in the past that if
you look at our platform suite of products outside the firewall, you
can roughly measure that out at about one-third switches and access
points and one-third software and one-third other hardware products
that are part of the platform. For further sizing, and Peter, and, I
were talking about this earlier today, he was doing some advanced math
on me in terms of what our - what our switches are for backlog, and I
think the number that we came up with was something on the order of
maybe $100 million or something like that or something a little bit
less.
Peter Salkowski
Was that before coffee?
Keith Jensen
Yes. Perfect. And again, let's say, it's $100 million, rounding $25
million up or down, again, comparing that to a true switching
networking company of $15 billion, we are not there. That's not where
we are at. We are not responding to RFPs or large switch deals. They
are sole source. If you are not a security customer of ours, you are
not going to be a switching customer.
Peter Salkowski
It really goes back to that convergence idea of networking and security
and the fact that we are going to get into SD-WAN, but I will bring it
up anyway because it always comes up. If you are doing an SD-WAN
implementation, and we call secure SD-WAN, you are probably buying our
firewalls to get the operating system to get the SD-WAN functionality
that we built into the operating system 5 years or 6 years ago. By the
way, we didn't buy it like our competitors did. We didn't spend $0.5
billion each to buy an SD-WAN functionality. We built it into our
operating system. And so it's integrated as part of that solution. And
if you are implementing that, even if you are just buying it for
SD-WAN, which we do have some customers that have done that as a
start-up, they are now buying other stuff. We may also do what we call
SD branch, which means we will come in and we will replace all your
access points, which are Wi-Fi access points and all your routers in
that branch location, put them all on Fortinet equipment, and so now
that entire branch location is going to be able to communicate with
that operating system, and we have sold use of networking equipment.
But at the end of the day, we have really sold you a secure SD-WAN
implementation where you are getting the security. And we are doing it
in a single box, right. You are buying one box, installing it. Whereas
if you are going to buy someone else's SD-WAN that isn't a security
company, you are going to have to partner with the security company to
do that location. Then you are going to have another company doing the
networking inside of that location. And then you are going to have your
SD-WAN. You are going to deal with three, four vendors in that
scenario. We can do that all in one operating system across the entire
thing. And so that reduces their total cost of ownership, gives them
one visibility into that entire location. And when you come to visit
our new headquarters, you can see an entire SD campus that's all
Fortinet. So, that's where we get the networking aspect of it. It's not
that we are out there competing directly against Cisco and their switch
business. That's just - I mean like you said, they had a much higher
backlog than we did last quarter.
Unidentified Analyst
[Question Inaudible]
Peter Salkowski
No, a lot of that is going to be common CPUs. The ASICs, the security
ASICs that we have, there is a system on a chip, a content processor
and a network processor. They are all security based. They are all on
that firewalls.
Raquel Betesh
So, to speak a little bit more to SD-WAN, bookings grew 54% and OT grew
76%. Can you talk a little bit more about the SD-WAN and OT use cases
and how that's driving growth in the company?
Keith Jensen
You cover like overall the good stuff already, Peter.
Peter Salkowski
Sorry.
Keith Jensen
Yes. SD-WAN, I think is - obviously, we have been very, very
successful. And Peter described some of the competitive advantages that
we have there. For those of you that aren't really familiar with
SD-WAN, I would just offer that the compelling ROI or payback period on
SD-WAN, which is generated by avoiding or minimizing MPLS fees, I think
that has been a significant driver to that market, and you have seen
significant growth from us. And now and while not every company and
many, many companies have yet to adopt an SD-WAN strategy, some of them
were coming up on a bit of a refresh technology as an opportunity. We
are starting to see new use cases appear in the landscape for SD-WAN,
things like cloud on-ramp, things like SASE [ph] and SD-WAN. So, we
think that - well, Arne would talk about the market growing, I think,
25% over the next several years, Obviously, our growth numbers are
much, much higher than that. And it is our goal to be number one in the
SD-WAN marketplace. OT, I think that when we kind of talked around some
of the key data points on what may be driving the OT business. One is
it can be sometimes a smaller device, and we are very successful with
that. But I think it's really the elevated threat landscape. You are
seeing so many other places now in so many other industries, whether
it's places like manufacturing, utilities, transportation, etcetera,
that previously may have been air gapped and not connected to the
Internet or some of these devices and technologies tend to be very old
with low compute, but yet their exposure point. There is part of the
edge where a bad actor can attack. And I think with that combination of
events, you are seeing the see OT marketplace do extremely well in this
current environment. And I would expect that to continue.
Peter Salkowski
Yes. I would expect that to expand actually as 5G becomes more
ubiquitous because what 5G allows a lot of companies to do is just
connecting more things to their network and in that process open up a
lot more vulnerability to things that weren't necessarily connected
before and then they need to protect. They knew - one, they need to
know it's there. They didn't even know it's actually connected to the
network, and then they need to find a way to secure it. And in some
cases, I don't see a thermostat on the wall here, some of it, sometimes
there is going to be a thermostat on the wall. It's got an IP address,
and therefore, that's an attackable situation. And you can't
necessarily protect the thermostat at the thermostat because it doesn't
have enough compute power in it. But you can protect it at the network
level and be aware that it's actually attached to the network.
Unidentified Analyst
So OT, are you defining this as sort of industrial use cases where it
wouldn't be like a regular enterprise firewall deployment, but you are
protecting a factory or a utility that normally wouldn't have a
traditional firewall, but now it is having that?
Peter Salkowski
It becomes our OT room at the new headquarters. And you will see
ruggedized firewall...
Unidentified Analyst
So, it's ruggedized, industrialized?
Peter Salkowski
In some cases, yes.
Keith Jensen
It can - we can define it by either the appliance itself, the size, the
ruggedized nature of it or by the use case that we talked about. But
those would be OT uses.
Unidentified Analyst
And do you disclose the sales of that?
Keith Jensen
We did disclose total OT growth in 74%, I believe. I don't know that we
actually disclose the dollar amount. I have described it as being not
as large as SD-WAN, but growing faster. And I think we have
expectations that it's going to continue to grow dramatically.
Peter Salkowski
I think we didn't say in the first quarter. It was a very busy quarter
with a lot of other things going on, closing backlog and all the other
fun stuff. But I think in the fourth quarter, we said it was probably
high-single digits as a percentage of billings. And it's growing, like
I think it's 74%, 76% just last quarter, something like that.
Raquel Betesh
I want to continue to offer an opportunity for the audience to ask any
questions you may have.
Peter Salkowski
While we are taking a pause. If you haven't, by the way, we did do an
Analyst Day two weeks ago on May 10th, which was on our campus for some
folks, limited availability in space. But if you haven't had a chance
to listen to that, there is a two-hour presentation for the Analyst Day
portion of it. Obviously, Keith did 45 minutes of that. Our Chief
Marketing Officer also is our EVP of Products, John Madison, spends an
hour in 15 minutes. You would say that's a really boring presentation.
But it was actually a Q&A session with the analysts and some of the
investors were that there. I don't know a few people that I took
questions offline or through the online portal. But it's a great
presentation by John to really answer a lot of the questions that we
get. We get a lot of questions about cloud, obviously, because people
say you are a hardware company, which is true and really addressing
things like VPN and cloud and Zero Trust and SASE and all those kinds
of questions. So, if you get a chance, I really recommend that
presentation. It was quite well received by The Street. That's my plug.
I got to get one in. It's my job.
Unidentified Analyst
Can you talk a bit about the pricing strategy, right? I mean we have
seen a lot of input costs rise significantly. That may also be the
effect on sort of the chip side and a number of other inputs for you.
Can you tell us what you have done on the pricing side or what you plan
to do?
Keith Jensen
Yes. We had - we announced price increases, first, in August of last
year, then again in November, and then the third time in February. And
then it's very, very small, almost unnoticeable actions in May. We came
into this situation, if you will, with the reputation of being the cost
and performance leader. And we believe that we are starting to see the
channel surveys suggest that and the feedback from our customers and
our partners are reflective of that. And numbers we have heard is that
our price for performance advantage could be as high as 30%, even 40%.
So, with that, it was a fairly easy process for us to go through it and
say, we can cover some of the cost increases, whether they are expedite
fees or whether they are freight or general inflation or labor or what
have you. And you saw us take those pricing actions that I mentioned.
And we knew that there was a risk that we would eat into that
competitive advantage on cost or performance. However, what we are -
certain of is how our competitors were going to react to their own
supply chain challenges. And we have certainly seen that our
competitors have also raised prices. So, that price or performance
advantage has remained intact, we believe. No doubt about that. Our
goal is to try and, particularly as it relates to expedite fees, look
and model out the cost, the increases from expedite fees and cover
those through price increases. And if we are successful on that, it
will still leave a little bit of cost for freight and other components,
if you will, that we are absorbing. And the phrase that we have
described to our customers is that, yes, we have had price increases
and we have passed on some of those cost increases, but not all of the
cost increases and you see that in the gross margin.
Peter Salkowski
And Keith had a great slide during the Analyst Day that shows the gross
margin impact on product from increasing the price that we didn't pass
along. There as a yin and a yang between how much you raise prices and
protect margin versus how much market share. And at the end of the day,
we do want to be the number one player in this space, and we think we
have a very unique differentiated sort of solution with our operating
system. And so there is a little bit of that challenge as well.
Keith Jensen
Yes. And I am going to clarify that when Peter says that how much we
could pass along, we actually believe that we could pass along more.
And it really is a matter of market share gain versus the margin while
we stay faithful to our 25% operating margin target. And I would expand
a little bit as probably what most companies do, we track in our CRM
tool our wins and losses. And I am particularly interested in when we
are not successful, why do we lose and what the response can be.
Oftentimes, there is an incumbent and with the spirit of the Golden
State Warriors about we go to the final soon, having the home court
advantage is a very nice thing. But part of that is looking at pricing.
Does the salesperson say they lost the deal on pricing, we saw no
change in that metric in terms of what percentage of time we lost on
pricing in the fourth quarter. In the first quarter of this year, it
actually improved. So, it got smaller as a percentage of the mix. So, I
believe that the key to the - going back to the strategy question and
Peter's response is we know we have the ability to, but it's a bit of a
trade-off for market share gain and growth and profitability.
Peter Salkowski
And I would be surprised that - it's a very low percentage that we lose
on price. And I would be really I would like to know which ones those
are because it's got to be at the low end where it's a little bit more
competitive on a price perspective. We are not going to lose it on the
high end on price.
Keith Jensen
For further context, the only other category that we give them choice
on that has a lower loss rate than pricing is poor sales execution.
Peter Salkowski
They don't pick that one.
Unidentified Analyst
I have two questions. Would you address the upgrade cycle and whether
it's lengthening or shortening? How often do the customers come back
and really refresh their whole system? And how does that impact you?
And then the concentration of your customer base, how many customers
make up most of your business? And how is that changing?
Peter Salkowski
Do you want to start?
Keith Jensen
Sure. We have hundreds of thousands of customers. So, it's - the
concept of refresh cycles is something that if you are a company
focused on large enterprises and large devices, you are more apt to see
a refresh cycle appear in the income statement. When you have as many
products as we do, I think it's 70 different firewalls plus the high
volume of platform products, you just see a constant overlap of product
cycles, and it's really hard to discern one over the other. In terms of
the life cycle of a product itself, you can probably figure like with
any other technology solution or many others, you are probably about a
5-year life. Keep in mind, when you are selling into, say, a large
service provider or MSSP, they are constantly buying appliances. Or if
you are selling into a very large enterprise, maybe it's a retail
organization with branches or financial services organization, they are
constantly installing and replacing devices. It's not that you have a
massive air drop of appliances one day in one quarter. We have made the
comment previously that I think it's been 5 years since we saw a
customer be more than 2% of our business in the quarter. So, it's a
very - it ends up being a very smooth process in that regard.
Peter Salkowski
I would add to that. So, the comment I made earlier, 27% of our revenue
comes from the United States. That's split between very large
enterprises that are going to do a refresh once every 5 years or
whatever, medium-sized enterprises and SMEs, small and medium-sized
enterprises. So, if we just look at the very large enterprises and
assume it's about a third of our business, that's 10% of my revenue. In
the United States, that's a large enterprise. Go compare that to my
competition. And what you are going to find is a multiple times smaller
than them in the United States. So, when they have a refresh, which is
what they are going through right now, they have just talked about it
last week on their earnings call, that's an opportunity for Fortinet to
get invited into an RFP scenario, where 5 years ago, we might not have
been invited in because we weren't thought of as an enterprise-level
firewall company. But in 2017, we moved into the Gartner Magic Quadrant
as a leader in enterprise firewalls. And over the last 4 years, we have
used that as a calling card to get into RFPs. And you get don't fired
if you are the CISO inviting in the leaders. And so now I can actually
compete directly against all the other firewall vendors when they are
doing a refresh because it probably wasn't my product. They didn't buy
my product 5 years ago. They didn't even think I was an enterprise
level fire 5 years ago. It's an opportunity.
Keith Jensen
And last comment in five seconds here about our competitors'
commentary. We are very pleased to see them also talk about how data
volumes in the current environment are driving an extremely healthy
firewall market and will in the future.
Raquel Betesh
Thank you, Keith and Peter both for joining us. Thank you everybody for
being here.