Fortinet (TICKER: FTNT) Fortinet Inc S Ftnt Ceo Ken Xie Presents Nasdaq 45th Investor Conference Transcript

Fortinet, Inc. (NASDAQ:FTNT) Nasdaq 45th Investor Conference Call December 1, 2021 11:00 AM ET Company Participants Ken Xie - Chairman, Chief Executive Officer, and Founder Peter Salkowski - Head, Investor Relations Conference Call Participants Hamza Fodderwala - Morgan Stanley Disclaimer*: This transcript is designed to be used alongside the freely available audio recording on this page. Timestamps within the transcript are designed to help you navigate the audio should the corresponding text be unclear. The machine-assisted output provided is partly edited and is designed as a guide. Hamza Fodderwala 00:04 Good morning everybody from New York. My name is Hamza Fodderwala, I'm the Cyber Security Analyst here at Morgan Stanley and this morning I have the pleasure of hosting the team from Fortinet. We have the Chairman, CEO and Founder of Fortinet, Ken Xie; as well as Peter Salkowski, the Head of Investor Relations. Before we begin, just a brief disclosure from our end, for forward disclosures please see the Morgan Stanley Research Disclosure website at www.morganstanley.com/researchdisclosures. 00:38 Peter, I believe you have a safe harbor statement to make as well before we dive in. Peter Salkowski 00:42 I do. I don't want to make this a whole disclosure [conversation] [ph], but I do want to show our safe harbor slide for those of you can speed read, I'll let you read that very quickly. Just basically anything we say today is as of today, and if we have any forward-looking statements in there, this is our safe harbor statement to adhere to them. That's it. Back to you Hamza. Hamza Fodderwala 01:05 Alright. Great. Let's jump right into it. Well, thank you guys for joining us. Ken, my first question for you, just around obviously, Fortinet's had a really strong run year to date, really surprised many of us. I'm curious if you could just speak a little bit on the demand environment in terms of, as I guess, some of us are coming back into the office or debating between [Technical Difficulty] or not. What's really driving that demand and how is it aligning with how people are designing their networks, the rising threat environment just from a general standpoint, if you could give us some of the drivers of this really strong demand that you're seeing in twenty twenty one? Ken Xie 01:50 Yeah, like we mentioned in the earning we see three driver for the growth. Definitely like you mentioned the threat environment has kind of much worse especially when people work from and there's a lot of tax service exposed right now, and also the [indiscernible] where from our study is to grow more than ten times compared to one years ago. So that's a lot of business need to be protect their data, their infrastructure. 02:22 The second part we also see, slightly, we see some consolidation whether within the cybersecurity space or within the network security space. You can see like a ten years ago, the top five vendor has less than fifty percent of market share on our security and now the top three are at fifty percent. So, there's some consolidation in the [same scene] [ph] like a network security vendor study like us employing some other email web or cloud all just kind of working together. 02:54 We call the fabric approach, government call a Mesh Architecture, which consolidate approach will be much lower cost and easy to manage and defense security much efficiently. So that's pretty much all the enterprise agree with this kind of consolidation will be the [indiscernible] trend. So, we do see that the [indiscernible] product growth much faster than the forty eight and in the last few years basically. 03:23 So that consultation was still going on, and we have better position because most our other products more internal developed, which [indiscernible] ultimately from day one compared to other vendor mostly comp acquisition or will be more difficult to integrate automate. And the third one is, probably the region we have for, like, over twenty years, when we started a company in two thousand, we call secured driven networking, we do believe the networking space will be convergent into to a security of driven network because this networking is still running the same protocol design forty fifty years ago, just to give you the connectivity and speed. But anything above that, like, how the content or the application, the user, the device or the location all these things [indiscernible] security. 04:13 But more and more [indiscernible] company in that local area network and the wide area network in the WAN they do see the importance of before you do the networking or know what's the content? What's the application? What's the device behind the user behind all [indiscernible]? So that's where we see the business we call, like a Secure SD-WAN or call internal inside a campus or data center through the segmentation study have a strong growth, and we do believe long term and see the percentage of network security compared with the - of market size and the network security compared to the network and network is pretty much flat in the last five to ten years, but network is secured to be more much faster. 04:56 And especially when we compare, like SD-WAN with security, we see wherever strong growth almost double year over year and we believe we are the number one leader now. So, it's a strong demand for the security driven network, eventually to believe the secured driven networking will be replacing the traditional networking will be in total addressable market where we owe one hundred billion dollars. 05:19 So that that's the third trend, but also the key is really a security need multiple company in power to close the gap because that's also the reason when you handle the same day the same traffic whether using security approach compared to the traditional network [indiscernible] security approach need, like, [indiscernible] hundred more company power processing traffic compared to the traditional routing and switching. 05:44 I think we have to check the content application, the device user obviously is behind, which the traditional routing switch and just cable connectivity. So, that's the reason that ASIC can increase the company and how lower the cost is our important tool to gather secure driven networking go in. So that's also the reason why you invest this ASIC technology strategy twenty one years ago when we started the company, and we do see the benefit of that, and we do believe with a long-term huge potential and the huge benefit going forward when the network and security converge together. Peter Salkowski 06:22 I think, just to add to what Ken said, I think the operating system is extremely important for Fortinet. FortiOS 7.0 came out earlier this year, we usually send out an updated version of the operating system every year. It's interesting in this space, you know, people get a [indiscernible] or focused on specific capabilities. So, you know, way back when it was mail, then it was sandbox, that it was endpoint. Today, things like Cloud or Zero Trust Network Access get a lot of attention. 07:02 Fortinet is all of those capabilities built in our operating system, right. We can do things in the cloud. We can do things on premise. We can do both. We get a hybrid cloud world. It will be a hybrid cloud world for a really long time. We have endpoint capabilities. We have for client or what we call EDR transferring and moving into an XDR, sort of capability. 07:22 We have Zero Trust Network Access; we also can do what we call micro segmentation with our firewall. So, there's all these [indiscernible] the new theme that gets a lot of attention because the ransomware guys continue the - the bad actors continue to find different ways to attack. But in Fortinet's case, we can address all of those through one common operating system, an operating system that runs well and fast and has the computing power because of our ASIC strategy, but can also take that operating system and make it virtual and go into a cloud scenario if that's where the security needs to be. 08:02 So, it's the ability to go across what Ken was saying, the security driven networking concept of being able to do a lot of the network functionality because the network is important, but also being able to add the security layer on top of that is really been this - basically the operating system working across all of that. Hamza Fodderwala 08:24 Got it. That's helpful. Definitely a lot to unpack there. If I could just take it, maybe please by peace, maybe just starting a little bit on the FortiGate side, I know, you have a lot of used cases beyond just traditional firewalling, but it seems to make a lot of sense, you're seeing a lot of consolidation in the market if you will towards solutions like yourself, a lot of share gain, but the market for firewalling has also been really strong. I think we're seeing that in other vendor of results as well. Can you talk about maybe what is driving that? How long you expect that demand environment to remain elevated? Is that people are returning to the office, is it perhaps more investment of the data, there it was obviously a lot of things that we'd be moving more towards cloud and this, you know, Zero Trust Network Access model which would shift away from some of these on-premise components, but obviously, you believe that it's going to be more hybrid? 09:27 So, just maybe if you could talk a little bit about what's driving the demand and how you expect the pace of that demand to evolve over time? Ken Xie 09:37 I do think in the network security what we say for [indiscernible] long term be the top finish in the cybersecurity for me in the network security for [thirty years] [ph], three company. And you can see that - because network securities were a unique provision. You can more device more people being connected and the network security is the one in the middle kind of helping like, apply some kind of whether the policy or the way you want to handle the data, secure the data in the middle, compared to other approach whether some application or have to move data that to the cloud or have to, like install a software in your own device. 10:21 The network security is a much unique provision and also, especially when comparing the network security with the networking is a huge advantage because you have to have network device there anyway, and just to this network device cannot go highly see other kind of application, but network security can apply that. 10:41 So that I do believe with move sense got connected, especially whether the 5G or some other - how to connect a [indiscernible], whatever. Then the network security will get a more and more important in an infrastructure will continue keeping growing. And it's also no longer just secured a boarder. That's only when company connect internet agency and put a firewall there because there are so many different ways to connect internet also work from home. 10:21 So that's where you can see that now network security starting apply into the internal segmentation inside the company and into the work from home environment, into the OT IoT space. And that's where we see [indiscernible] and because the position of the network security compared to other cybersecurity approach and to believe even there are some move to the cloud but in order to access the cloud, access application you still need the network, and the network security there to make sure you are secure. And so that's where, I think network security will be continue to have strong growth and continue need whole cybersecurity space be the number one market there. Peter Salkowski 11:49 To just highlight one area that Ken just mentioned, operational technology, OT, right. Companies are connecting their manufacturing floors to the Internet and trying to manage them and efficiently run their businesses through an AI or ML sort of situation. You physically need to be able to protect those locations with physical devices because those are physical locations that are doing manufacturing and they're not going to shoot it to the cloud, have it protected and come back. That's not an efficient way to run that manufacturing or that operation. 12:28 And so that needs physical devices. And so, we call that on the third quarter earnings call that we saw very strong growth in OT, I think we've provided some data, said it was up seventy seven percent on a year over year basis, and said it was only six percent of our billings in the quarter. 12:45 So, one of those areas, one example of where a physical firewall or networking in firewall and capability that Fortinet can provide is definitely seeing good growth. Micro segmentation is another example of the use of the firewall, in an on-premise capability where you're in a networking setting because you're really running with the network in line with what's going on in the network, but also offering a set of security capabilities that allow you to micro segment or really Zero Trust Network Access capabilities within your network or functionality. Hamza Fodderwala 13:24 Got it. That's super helpful. Maybe taking a step back, so you mentioned the security driven networking strategy clearly that's been working out for you and with the success that you've had with SD-WAN, when did you start to see this conversions and what do you think is driving it? Because I think we were starting to think of security and networking as separate, right? I mean, if security and networking were truly converging, then you would still obviously see Cisco continuing to gain more share than the network security space and some of the other networking vendors. So, why do you think that we've seen decoupling like in the last ten years and now we're seeing more convergence? Ken Xie 14:09 Like I said, the basic gap, I mean, the difference already secured need more company power to process high layer traffic compared to the routing switch in the networking to just handle the layer routing switch in there. So that's where security is much more expensive and difficult to manage. But whenever we can close this gap there is a huge demand. So, SD-WAN that the one space compared to the traditional local area networking always in the data center is relatively slow on the speed, and the gap is smaller. 14:48 So that's where the user adopt the first, but also within the campus network, within the data center they also have a much strong need. Just today the network security speed, [indiscernible] has a difficult time to handle in more high speed environment, which ASIC can help in a lot across this gap, but with a new kind of ASIC technology with some other can apply with the space into this like internal and the local area networking, I think that will also set in change in whole landscape inside the company, inside the data center there. 15:26 [Indiscernible] is a one good example. We do have a, like, including, I thinking I had remember fifteen years ago, we started [indiscernible] WiFi, we secured it together Fortinet also WiFi controller, WiFi also ramp up however quickly, in the beginning people just want to get connected. They did probably don't pay other security that much, but once they get connected, the next thing the worry about, how to handle this security, how to handle the data, the content on application. 15:51 And the same thing, SD-WAN is probably the first protocol is conducting some traffic based on certain application and also apply security there where we have huge advantage, huge benefit as we see our strong growth, especially we have the same OS, the same to hand the networking security. But go inside the company, go inside the data center, especially there's a lot of ransomware, lot of a security spread right now, we can see pretty strong demand, but also have to solve this kind of a performance gap issue and also increase some of the cost for internal networking security, which we see pretty strong demand, but also just starting ramp up right now. Peter Salkowski 16:39 Just to add to that, I think, you know, your example, Cisco for example. I think one of the advantages that Fortinet has is the fact that we've developed everything in-house. So, our capabilities, our operating system is integrated to the point where everything can communicate with each other, other players in the space have gone - coming to the security space through acquisition. 17:03 It's very difficult to integrate these capabilities, especially, if you're buying mature sort of capability, security capabilities to actually integrate them and get them to communicate with each other. And be basically a holistic or one sort of operating system. So, I think that gives us a huge advantage over a lot of the other companies that are in the space. Hamza Fodderwala 17:25 Right. How much of the networking market do you think obviously, right now you're taking, you're doing a lot of good things with SD-WAN, but how much of the networking market you think can capture over time? And do you think other than the fabric approach that you have, is it also the fact that you are the price performance leader, and that just gives you a structural advantage versus many others that are trying to break into, you know, from security networking or vice versa. Ken Xie 17:53 Yeah. The ASIC was a flat to ten more company in power compared to the [indiscernible] can do for the same cost function. And the same time, the poor consumption is about two percent of the general purpose CPU doing the same computing calculation of the working. So, that's what advantaged pretty huge, but also ASIC need a long term investment you need to invest on this like five to ten years. And [indiscernible] billion dollar before you see the benefit of that. 18:21 And also the economy of our skill also working for the ASIC industry, we have the quantity cheap cost contained much lower has more benefit, which we have the quantity in none of our other competitor has. So, basically, we had a quantity more than the number two, number three, number four, number five, I'll have to gather we still have multiple [indiscernible] then they are all together. So, that's also working for us and - but on the other side, I do see, yeah, once those emotions get connected, a lot of edge computing this ASIC advantage we are keeping expanding beyond the traditional networking side. Peter Salkowski 19:00 I think it's important Hamza to realize that we're not just, like we don't sell networking capabilities, you know, switches, routers, whatever that aren't secure or to a customer that probably isn't already a Fortinet firewall customer, right? So, it's not like we're going out and competing against a networking company, specifically on a switch basis, for example. Right. We're going to be doing that in the security capability, sort of offering where we're offering their firewalls [allowing you] [ph]. 19:32 That's the way, a fine example. We have what we call SD-Branch, where the company might be installing our firewalls in their branch locations or their retail locations, for example, you know, three thousand different retail locations and in doing so, not only getting the SD-WAN functionality and security that's built into that operating system, but they might also go into that branch location and replace all the routers and switches there with all Fortinet equipment. So, now it's the entire location is running, on a Fortinet operating system, so the whole thing can communicate with each other. 20:08 So, in that case, we may be selling them switches and routers that go along with that. But we wouldn't just go in and compete on a networking basis simply as a networking company, that's not we're about, we're about security and networking together. Ken Xie 20:22 Yeah. We are doing some study, probably what [indiscernible] of the scale, which would be March next year. Also with, we called our seller at the Partner Customer Conference. You can see the last twenty, thirty years compared to the network inside the market, the network security market you can see the percentage of network security go higher and higher percentage. And the same time, from time to time there are some first [indiscernible] on the networking, whether they're sudden like the WiFi approach, whether the SD-WAN 5G because of some device comes in - when they get connected, so that's where people want, get connected first. But once they connect with vendor, all kind of - they see the importance of knowing what they are connecting to? 21:08 What's the content with application side? Then section security me to be stepped in. And so that's where - and also once like the mature networking market like within the company campus or within the data center, which they also want to know what's the content they are been connected with application and what was, they need to have better visibility beyond to just connections together then the security to step in, and then they are starting to replacing the traditional network device there. Even costs are higher and need more [company] [ph] power, which we also try to helping solve that that issue right now. Hamza Fodderwala 21:46 Ken, so, yeah, you mentioned consolidation and security, and, I mean, at Morgan Stanley we've been calling for consolidation for many years now, and it seems like there's a different point solution that pops up every other day in security and you talked about that a little bit. So, I'm curious, I know we've had conversions in certain areas of security, but just that broad based consolidation? Like where are you seeing it, is it mostly more in the mid-market SMB, are you starting to see a more in larger enterprises? If you could, sort of give me a state of that, and what's finally driving that now? Ken Xie 22:31 On the [price] [ph] definitely see some consolidation. I have to say the SMB, most of the [indiscernible] were service provider, the carrier of some other local service provider, secured service provide, which they also benefit from the consolidation. So, that's what basically, yeah the enterprise definitely see probably the driver for some of that, and then the service provider is also the driver for the consolidation. Hamza Fodderwala 23:02 Got it. Shifting to cloud, I know you've made some investments around cloud security, as well as your ZTNA offering, I'm curious when it comes to the cloud secure access product that I think you're still building out, since one of your acquisitions, how are you thinking about building out a cloud network security model? Is it going to be leveraging the service providers? Are you going to have your own pops? Just curious how you're thinking about the cloud portion of the network security market? Ken Xie 23:43 You know, our approach were both on the cloud and also whether they call [indiscernible] some other service provider model it's different than some other vendor. Basically, we do see a long term, the carrier service provider in a much better position because they have the structure to offer this kind of service based security approach, including SASE. And that's where we are working more closely with them like we announced a partnership with AT&T, with Verizon with Comcast, with BT, with [indiscernible], so we're working with also long on time in front of our beginning like when we start the company. 24:28 So that's what we feel - they have a infrastructure customer base and more close resources supporting their customer there. Just they also not aggressively invest all kind of more little bit slower compared to some other security vendor there. But long-term, they are more profit based model for them to offer the service. On the other side, we also believe some of these like whether they would trust SASE will be better integrated into the OS level, which will be more easy to manage, more easy to scale and also eventually also can be pushed to the edge to the local process and instead have to always [indiscernible] to the data center for the top or for some cloud infrastructure there. 25:17 That's also the trend calendar upgrade, which the edge contributing would be replacing the cloud in the next five years. So, that's where we kind of announced in March early this year, in the FortiOS7.0 with the building SASE, Zero Trust and 5G as SD-WAN in the same FortiOS7.0, which were announced earlier this year and there is more consolidated, more integrated approach in the same OS for the service compared to like different - serve different box within like the cloud infrastructure there. 25:56 And that's the two approaches kind of unique, but also take a little bit long term to build, for that to believe what we last much longer with more kind of a healthy business model compared to the current rush into the space and is a big loss of the money and try to get some customer base. So, that's why we move working through the long term approach with service provider and with data integration solution, eventually may also accelerate by ASIC has huge [company power] [ph] advantage compared with our current software approach. Peter Salkowski 26:32 I think, comes a couple things that point out. We do have a very strong cloud business. I's a driver for our business. If you look at, I like to put a plugin in for my Investor Relations presentation that's up on our website. Slide twenty five will give a break out of FortiGate versus non-FortiGate billings. It has some cloud data on there I think that people would appreciate. In twenty twenty, our Cloud business is about two thirty seven million of billings growing at two year CAGR of about thirty eight percent. That's accelerated with the rest of our business this year. 27:04 If we assume a forty percent growth rate this year, that cloud business on itself is going to be three thirty million of our billings this year. So, it's a fairly decent size of our business in growing quite rapidly. 27:18 The other side of that though in terms of like rapid move to the cloud, you have to look at our customer wins, right? And where our businesses are, you know, fifty percent of my billing comes from a hundred countries, right. Fifty percent of my billings comes from six countries, the U.S. and a couple of - four European companies and countries in Canada. 27:42 The other fifty percent comes from a hundred countries, no one of which is more than three percent of my billings. So, you started talking about cloud access, you start talking about Internet access and all those kinds of things that we take for granted here in the United States. There weren't in a lot of countries where that isn't realistic. And so those companies or those customers of ours aren't necessarily looking to go to the cloud tomorrow. 28:07 They're still working on a much different kinds of capabilities at this point. So, we're moving there, we're having certainly very good success there, but we also have, you know, we still believe it's a hybrid cloud world and going to be that way for a long time and our customer base would suggest that. Hamza Fodderwala 28:25 Got it. I know we have a couple minutes left. But I wanted to touch a little bit on the OT opportunity, you've been talking a lot more about that. I noticed that your recent event you had a number of OT vendors there as well. How big do you think that this business could be? Do you think it could be bigger than the SD-WAN business over time just given the demand that you're seeing out there? Ken Xie 28:50 Long-term definitely will be our strong growth driver because when you get all these since connected, IoT connect and also the OT in that we also kind of suffer a lot of ransomware attack that they see the importance of protecting the infrastructure data there. So, we do see pretty strong growth. I think within the data received, we grow like a seventy seven percent year-over-year and is now is probably between six to ten percent for the business. Sometimes a little bit difficult to measure it. 29:23 I think they use the same product [for detail] [ph]. So, that's where we see pretty strong growth, but also it depend on the landscape and depend on how quickly people invest into this whether the 5G or some other part of this, kind of OT infrastructure, but this definitely is one of the strong growth driver for us. Hamza Fodderwala 29:48 Got it Well, with that, unfortunately, we're out of time. Thank you guys very much for joining us this morning, and have a great rest of your day. Ken Xie 29:55 Thanks Hamza. Peter Salkowski 29:56 Thank you. Question-and-Answer Session Q -