Fortinet Stock Analysis & Deep Dive

How you can profit from cyber crime (without being a criminal)

Intro

Since I already own shares of Palo Alto, Crowdstrike, Qualys, and Sentinel One I was screening the market for more interesting cybersecurity companies. These companies profit strongly from the underlying industry trends and I believe cyber security will turn into an insurance-like business for many companies: You can’t just live without it. So let’s dig into a company that for me as an industry outsider was a tough nut to crack.

The Company

Fortinet employs as of September 2023 13.600 employees of which 30% are based in the US and is headquartered in Sunnyvale, California.

Fortinet describes itself as a global leader in cyber security and networking solutions with customers ranging from small and medium-sized businesses all the way to governments. In contrast to many other providers in this space, Fortinet offers both hardware and software. To quote the annual report: “Our product offerings consist of our Core Platform network security products and our Enhanced Platform Technology (previously referred to as Platform Extension) products, which are offered in a broad range of form factors spanning physical appliances, virtual appliances, software and cloudhosted services. This enables us to protect customers across all edges and deployment scenarios including users, devices, networks, cloud and virtual data center. Our cloud- and hosted- products and services include sandboxing, EDR, email security, web application and API security, cloud networking security and cloud-native protection as well as Fortinet Security Fabric management and analytics. The Fortinet operating system has an open architecture designed to integrate Fortinet solutions with third-party solutions in a single ecosystem, enabling automated detection and response across the attack surface.”

Fortinet itself sells rarely to the end customer but focuses instead on sales to networking security distributors and to managed security service providers (MSSP). The manufacturing of the hardware is outsourced to multiple companies and is mostly done in Taiwan. To support the global channel and end-customer base, Fortinet has sales professionals in more than 90 countries.

Writing a deep dive takes me 40+ hours to get a proper understanding of the company and the attributes of the industry it is working in. You will support me a great deal if you a) subscribe to this substack and b) recommend this blog to your friends and family. To all existing subscribers: Thank you for your support! :)

The business is geographically well diversified with the Americas contributing 41% of overall revenue, followed by EMEA with 38% and APAC with 21%.

The majority of Fortinet’s billings originate from secure networking, while universal SASE (more on that later) is growing strongly.

The Industry

Cybersecurity is constantly named in the media as one of the biggest threats to (Western-) civilization. This in turn is great for a company that focuses on exactly that field. As the old saying goes: A rising tide lifts all boats. Choosing a company in a growing industry and then choosing a company that is gaining market share, make life a lot easier.

If these forecasts are only remotely true, you can expect very elevated costs of cybercrime in the next years. Fortinet and the other cyber security companies will profit handsomely from this trend.

Gartner expects the secure networking market to grow with a CAGR of 9% until 2027 and the security operations market to grow with a CAGR of 14% until 2027.

Some words on the industry in general and how Fortinet is positioned among its competitors. In “classic” network firewalls, Fortinet and Palo Alto are leading the way

Fortinet is leading in the most recent Magic Quadrant for SD-WAN (software-defined wide area network). Wikipedia defines SD-WAN as “a wide area network that uses software-defined networking technology, such as communicating over the Internet using overlay tunnels which are encrypted when destined for internal organization locations”.

With the increase in remote work, SD-WAN has become very popular in connecting remote workers, especially since 2020. SD-WAN is replacing traditional WAN and is expected to grow with a CAGR of 15% for the next years.

Over time SD-WAN is expected to converge with SASE (secure access service edge). SASE delivers WAN and security controls directly at the source of the connection (the user or an IoT device) rather than at the data center. The security is based on the digital identity and with the benefit of verifying it at the source of the connection, rather than the data center, the latency is reduced. To put it in simple terms: The user/computer is being verified at its own location, rather than sending all the data to a central hub, which increases speed. SASE therefore combines SD-WAN with network security.

In terms of SASE, Palo Alto is leading by far in the latest Gartner Magic Quadrant, while Fortinet still has to catch up.

Fortinet shared some further insights in the Q1/23 call: “Fortinet is leading the trend of network and security convergence and cybersecurity consolidation. Gartner expects that by the year 2030, the secure networking market will be larger than traditional networking. Traditional networking lacks awareness and control of content, applications, users, device and location and is still using the same network protocol that was developed 50 years ago.” As well as “Looking to Gartner here again, they note 75% of organizations are pursuing a cybersecurity vendor consolidation strategy in 2022, up from 29% in 2020. Our integrated FortiOS platform allows customers to converge networking functionality with security capabilities while consolidating cybersecurity products and functionality with FortiASIC significant computing power advantage, FortiOS can consolidate more security functions and solutions while maintaining our performance and cost advantage.”

The Business

If you want to read the full article and learn about the management, the composition of the segments, takeovers, risks, fundamental analysis, and a conclusion please subscribe and support my work. To all existing subscribers: Thank you for your support and enjoy the rest of the article!