Great. So I want to welcome John Maddison, Chief Marketing Officer and Keith Jensen many years, and we have a lot of discussion, a lot of topics to discuss. Before we start, I think you need to read us something from here so we can-
Do the Safe Harbor language, which I, Peter nods his head, tells me is on the screen?
Here we go.
There we go.
Now it's on the screen.
Okay. Bore people with my reading skills, and we'll, we'll move on.
So I wanna talk about, the discussion is gonna be twofold. We're gonna talk about technology, we're gonna talk about financials, and I wanna actually start with the financials. Just reported, you know, like kind of there was just a series of results from companies. How is the environment currently about demand? I'm not talking about backlog and just the demand environment for firewalls and what you used to call Non-FortiGate before.
Yeah, certainly, we've written and others have written as well, about a lot of people are citing the macroeconomy in terms of as part of their earnings call conversation. And I think there's, yeah, that is certainly an aspect. Somebody also talked about Fortinet maybe seeing some signs of green shoots as we talked about the first quarter earnings. And I would say that those, you know, that's largely how we continue to feel. There is some pressure from the macro, very early indications of some positive movement. I don't want people to think that we're talking about growth rates that we had in 2022 or something like that, but, you know, maybe as we look out through the second half of the year and into 2025.
Yeah. So John, forget the 2021 to 2023. That was abnormal. But let's talk about before. Think the environment for your platform, FortiGate platform, do you think the environment for the platform changes in 2025 and beyond versus the less demand for this platform? Just fundamentally, less demand for firewalls, SASE may be replacing it. Is there anything different that may drive a slower growth rate? And the reason why I'm asking it is because Fortinet, above and beyond the market growth before. And the question I'm always getting to, from investors is: do you think if everything normalizes, the company can still have before?
Well, I don't want to talk about growth rates 'cause I'm not allowed to do that.
I'm talking about just fundamentally about product.
Fundamentally, I think, you know, what the company's been on for the last 20-odd years, and I think that given the threat landscape and given where infrastructure is going and the other things coming in, like new technologies and compliance and regulatory, fundamental change between networking and security is gonna accelerate, and that people are not gonna build networks anymore if they're not secure. And people are gonna go to a platform approach if certain parts... And that trend is happening and will continue to happen. So I think our fundamental investments match what's happening in the marketplace.
Right. But my question, there are firewalls in data centers, there are firewalls in branches, there are firewalls in campuses. Do you think that going forward, the, the need, the basic need for firewalls remains the same, or because traffic moves to the cloud, et c?
No, because I just think, as I said, because of the infrastructure changes and the threat landscape changes, will always bend. So now you have 10, 12 different firewall use cases where it used to be 2 or 3. So you used to have... The edge used to be at the data center, and you used to have perimeter firewalls, and then you used to have, seven, eight branch firewalls. You've got campus firewalls, you've got virtual firewalls, containerized firewalls, firewalls as a service, operational technology firewalls. So what's happened to the firewall functionality, it's now just, just, and that, that's the key. The overall marketplace will grow, but maybe certain parts of the use cases will come down a bit, but the overall marketplace will continue to grow because that's what between two networks, you have to put a firewall there.
Where is the balance between demand for firewall and demand for SASE? I know you're playing both ends now, but let's think about the market itself. You know that SASE, and let's say that hypothetically speaking, you're not in SASE. If Zscaler is very successful, does it do demand?
No, 'cause I think, you know, when I look at Zscaler's model, is everyone's gonna go to a 5G phone and go into the office, and that's it, the network doesn't exist. So if that's the, if that's the paradigm, then yes, we have an issue. Think there, there's definitely the remote users, which is, which are gonna come into an SSE network. And we also see what we call thin edges, thin branches, which may be 10 users or a couple of access points. That will go straight into the SSE as well. But after that, branches and campuses and factories, because of the technology or the security required, like or SD-WAN, you have to have a device there on, on the, on the edge of that network, providing the capabilities back into the LAN, out into the cloud.
So yes, there's some, I would say, thin use cases where maybe you don't need a firewall there. Maybe you can't put the security functionality because the hardware there is not enough to run it. But and a lot of that firewall, SD-WAN, Wi-Fi controllers, 5G, micro-segmentation, NAC add that function there.
To grow above and beyond the market growth, you gain share. Did any of the factors that drove your share gain change? Meaning, assuming the market goes back to historical growth rate, let's just make an assumption, do you grow at the same gap above the market versus what you had before?
Well, I think, again, I think we have our investments are in convergence and in platform. So I think once the digestion period is over, we'll go back to where the market is.
I think the compelling arguments for the firewall specifically, right, will remain the same. And that is that the ASIC advantage that comes with it, together with the operating system working together, creates such a compelling value proposition compared to anybody else in the space, both pre and post. And then, you know, one of our challenges with our sales team is the gravitational pull to sell firewalls, right? Because it is such a, quote-unquote, "an easier sale," if you will, than if you start in areas of the suite.
So I'm going to ask a question in a provocative way. I don't mean just to make a to get you to respond. Does the company ASIC design and the benefits of ASIC, does this company knows how to sell SASE, knows how to work on software-only solution? What are the pros company in order for you to grow in this space?
Well, I, yeah, ASICs are a big part of our engineering development, but system is, to me, the big investment our customers make. And that operating system can sit in our firewalls, it can sit in our clouds as SSE or SASE, it can sit in public clouds, it can sit in data centers. Focus has been taking the operating system and adding functionality to it. And so if you look at the SSE Magic Quadrant, Gartner Magic Quadrant, that just came out a few weeks ago, we now... We're in five Magic Quadrants . We're in Network Firewall , we're in SD-WAN, we're in Single-Vendor SASE , we're in Wireless LAN, WAN, we're in SSE with the same operating system. And that's the power. And by the way, for Wireless LAN, WAN, we're now a Leader above Cisco.
So it's not, we're not just sneaking into the Magic Quadrant as a niche vendor. We are a Leader in three and a Challenger. So do all these things, but it's just SMB functionality. It's not, it's enterprise-class functionality, but on the same operating system, but delivered either on an ASIC, delivered from our cloud, delivered in a public cloud. That is the key investment we're making.
I think why that's become really, really important. I think if you were to ask that same question, it would have been more provocative seven or eight years ago when custom and ASIC was on the slide, right?
Yeah.
It was speeds and feeds, and that's what we were talking about. I think I talked to a lot of customers one-on-one every year, every quarter. John talks to a tremendous number of customers. ASIC conversation for a couple of years. It has become that operating system. It has become the Gartner Magic Quadrants. I think there's an understanding with our sales team and our go-to-market team that customers, how you deliver the functionality, they just want to know about the success of the functionality, and that takes you back to the operating system.
Yeah. But there will be some cases where the ASIC is extremely important. A lot of our large... They're putting our systems right on the edge that can do 20 million+ transactions per second to defend against DDoS attack. So yeah, the ASICs will still play. There's other deployment form factors which are important for customers.
So we spoke about the fundamentals of firewall, and I want to talk about two other things that are fundamental to your product, Non-FortiGate, and the other one is SASE. So let's start with the easy one, with the Non-FortiGate. It was a big driver for growth before. Kind of what is the outlook? What is driving—what was driving growth in this category, and, and do you think that the, any of the market conditions change in the future?
Since this FortiGate and Non-FortiGate-
Yeah
... so Secure Networking, Unified SASE, which is a bit broader than Single-Vendor SASE .
Yeah.
And then, AI Security Operations. So those are the three. I think it was 67, 14, 9.
Something, something.
Something like that. I should remember. Something like that. But so if I look at those, so let me, let me leave Secure Networking to one side.
Yeah.
We've talked a bit about that.
Yeah.
Security Operations.
Yeah.
And so inside there, there's three drivers for us. One is SIEM. We're actually in the Magic Quadrant. We're a Challenger in the Magic Quadrant for SIEM. A lot of people talk about SIEM. We have a, we have a SIEM there. The second component inside SecOps is our EDR, detection and response, which includes EDR and NDR and Email Security. And by the way, the Email Security Magic Quadrant is coming back there. And then the third area is identity. So that's multifactor, token, Privileged Access Management , which is becoming very important inside OT. So that, those are the three areas, and all those 9%, and it kind of dropped a percentage point because it's a smaller percentage of our overall business, but we're seeing nice growth in these areas. And if you look at the SIEM marketplace, for example, there's chaos in the SIEM marketplace right now.
It's other vendors joining together, right? QRadar is getting out of it right now. So we see a big opportunity there with our SIEM. Our SIEM is a very powerful SIEM. So that was the Security Operations. Very SecOps focused, that area. Again, we're applying a lot of AI technology inside there, especially to the analytics engines, the SIEM engine, and the SOAR engines, because that's where you can get a lot of benefit. And at our lab event about a couple of months ago at Accelerate in Las Vegas, we demonstrated our virtual SOC analysts, which did the work of maybe three or four people, might take hours to do. And that's the power of AI inside there. Then on this, on this unified SASE perspective, that's where we really focus on the access, secure access of the cloud.
And so there, obviously, we have our SD-WAN marketplace, where we're a Leader. I think we're number two vendor now in terms of SD-WAN. SD-WAN is still a very critical technology to make sure your application, because they're always moving around now, and that application steering is very important. But we spent five years refocusing on that. Over the last two or three years, we're now really focused on the SSE component, web gateway, and the connectivity between those two things. And the other part of that portfolio is our cloud security, which again, is growing very nicely. It's our virtual application, API protection, again, both in a virtual or API platform. So those two businesses are what we used to call Non-FortiGate.
Yeah.
Are doing extremely well, nice growth inside those businesses.
For secure operation. Is it enterprise or is it SMB?
Both. I would say that the SMBs prefer a managed service. I would say some of those products inside there are more focused on the mid-market, commercial marketplace, but we definitely have enterprise customers for our EDR and SIEM products. One product that doesn't get a lot of attention is SOAR. It sits across everybody's products. We support everybody's SIEMs and firewalls outside there, and provides a critical component going forward. I think SOAR is gonna be super important to stop them in the speed needed, and humans won't be able to do that. It's gonna be critical.
Got it. So I wanna maybe ask you about Secure Edge. A very basic question. I wanna understand fundamentally why a company that has a strong position in firewall is well-positioned for the secure edge synergy between the two.
Your definition of secure edge is?
SASE. The SASE, what... Your new SASE solution, unified-
Right.
Unified security, right? I wanna understand. So I let me give you the Zscaler here, and they're saying, all the firewall companies are wrong with their approach. There's not gonna be any firewall, and it's, we call it Zero Trust connection, to us, basically, and there's not gonna be a firewall. And then I see in the market that all the firewall companies are basically offering SASE now, yourself, Cisco, Check Point-
Yeah
... Perimeter 81. So I wanna understand the synergy. Take us through the journey of a current customer of a firewall. Why is it better for them to move with you to a SASE environment?
Yeah, well, I think customer, when SD-WAN first came out, maybe 5, 6 years ago, they replaced the routing functionality. And so they took the router and replaced it with an application steering device. Now, they also had a firewall sitting behind there. Let's make sure that that component, the firewall plus SD-WAN, converges together, okay? Then they also, you know, when, when COVID came along, there was a lot of remote users. Users, now, they usually came back to the data center, but it makes more sense if they're not coming back to the data center or anything, to go into an SSE device, SSE cloud network. So that tech makes total sense. It's not really a firewalling function, and now you've added SaaS kind of capabilities. I think the big area in future there will be AI-based DLP, for example.
That would be a big focus of that area. But they were very separate. These things should work together because most customers' traffic will be on the network or off the network. It'll stay off the network or come back onto the network. And so we believe most customers, there'll be exception. We have some government agencies who just wanna stay on the network completely. "I'm not going off anywhere." And some people say, "I'm born in the cloud, I don't need a network." So I think the Zscaler model is over... We're not over here, we're in the middle, and we think that the ability to integrate the SSE functionality with the SD-WAN functionality.
So if I'm a remote user and I come in through the SSE network, but I want, let me just join the SD-WAN network, get back on the network and go there. Or if I'm on the network and I wanna go off, maybe I'll just go straight off into the network. So our view is that it's not gonna be a model. Everyone's gonna go to the cloud, and you're gonna be there. That's not gonna be the case. It's gonna be, sometimes it makes sense to be there. Sometimes it makes sense to be in the public cloud. Sometimes it makes sense to be in the data center. Sometimes it makes sense to do that security, and I think that's, I think that's where customers will be long term. And that's why you'll see issues about latency and other capabilities.
If you just do the cloud model, that just won't work long term for all.
Right. So, and sorry, I'm asking the same, another question on the same topic, but for my own understanding.
Sure.
Does it mean that if I'm sitting at the Starbucks and I'm on FortiBranch, I'm sitting at the Starbucks and I'm connecting to Salesforce.com, does it mean the fact that your SASE is integrated with your firewall, is the firewall at traffic? Meaning-
Well, it's different because if you think about a firewall, it's very different from a proxy. I think people, this is a very subtle difference. Like, the secure web gateway originally was built as a proxy in the data center. Firewalling was to look at network access and protect networks.
Yep.
They're fundamentally different. Okay, so they've taken that secure web gateway, and you put it in the cloud, which is fine, it's a firewall. Now, you have firewall as a service there, that's fine, but you still, from a network edge perspective, you need a firewall. And that's the difference. So I think about that Starbucks situation. For us, for example, we could put... For us, is that we don't just stop at the edge with the firewall on the branch. We have access point, secure access points, and secure switches, which are critical to provide micro-segmentation and things like NAC, network access control. Okay, so for that Starbucks situation, we could easily put, like, three access points there. Lead access point would connect to our SASE network.
In our SSE console, you can see the, you can see the access points, you can apply the security, you can configure the SSIDs of those access points. That's the difference between merged network and security vendor. Now, on the other side, we also have all the SSE functionality. We have the proxy, we have CASB, we have DLP, we have IPS and all that functionality. And that's what I think the difference is. One, the networks are going away, and I'm taking my 5G phone, that's it. We differ in that we think there's gonna be a network presence, a very important network presence, that needs to be part of that set. It's not SSE-
Yeah
... It's SD-WAN and SSE managed by the same console.
Got it.
That was too technical, sorry.
No, it was great.
Okay.
Keith.
All right. My English.
With your accent, everything you say sounds intelligent, so you don't...
Thank you, that's well.
Keith, your last quarter, you reported 7% growth, 6% decline in billings, or 6%, not decline in billings, sorry, expectations. Talk to us about the cycles of revenues and cycles of billings and how should we think about it?
Yeah, I think Dr. Xie go over the numbers, but I think we're pretty close with this. I think what you really-
It's the first time I'm wrong. Don't worry about it.
If you try the British accent, you'll something out.
Yeah. Yeah.
English accent, not British, but...
Excuse me. I think the question is to talk a little bit more, and I think one, to remind everybody, you know, we had the difficult comparison on the billings line because of backlog.
... that existed, we benefited from in Q1 of 2023 that we saw 2024, and we've given a range of numbers there that, you know, that really accounts for it. I think that if you look at bookings, we commented on the earnings call that bookings were very, very slightly negative in the quarter, and I think that's a reflection of demand. Revenue grew nicely in the quarter, but again, I think that's a part of the business model because two-thirds of the business comes from services, and so forth, and free cash flow was very, very strong at well over $600 million. And then again, you're gonna get some volatility in those numbers, but I think when you really look back at it, what you saw there was the impact of backlog into the revenue.
So we spoke about—I went deep into the products on purpose to, because one of the hints coordinate is that the growth may not go back to historical levels. Forget COVID, pre-COVID, and I wanted to go into the depths of the portfolio just to see and to show that actually can generate growth.
Yep.
So now I'm going back to firewall, and I'm going back to kind of time to recovery. What kind of leading indicators do you have that beginning, we start to see hints of the beginning of a recovery?
Yeah, and, and, and one of the data points we talked about is somewhat arcane to us, which is how long does it take our customers to register the service contract? And what we saw, challenge was that time increased by about 50%, and there's a chart in the investor deck that you can take your ruler out and figure out what that means. But over the last two quarters, we've seen come back to normalize. And on the current pace, you know, we would expect it to be back to normal by the end of the year. And why we believe that's relevant is this, this concept of inventory digestion, you know, to the extent that that existed, or maybe doing a very large SD-WAN deployment.
They wanted to make sure they had all the products, so they acquired those in advance as opposed to staging it, and then put them on their shelves, and then as they've taken them off their shelves, that coming down. So I think that's one example. The second place we look, or that we observe, is that we do monitor, you know, with a two-tier distribution model. We have inventory. Our distributors are holding our inventory, our resellers get it, and we have very good visibility to what we see with the distributors, in terms of inventory there.
We saw improvement in that number as well. You know, those are the types of things that we look at, you know, numerically, and then you have the, you know, when you look at the salesperson in the eye, you know, how do they feel, and how are they talking about their pipeline?
What kind of investment for Unified SASE, given that it requires a cloud, it requires data centers, et cetera?
Yeah, when you, maybe when you look at the selling part of it, and we'll kind of come back to that a little bit, but I think, you know, from an infrastructure viewpoint, there's different ways to deliver the SASE solution. You can go with one of our competitors that uses Google to deliver everything, purely through colos. I think where we've settled down is that we will use a bit of a hybrid, and part of this is to get to market quickly, but we do want to use our own physical FortiSASE POP for a data center. They're very, very different. We do think there's economies there to be generated with that strategy, but so that we don't miss the market while we build out that infrastructure, we signed up with a Google program to make use of colos.
What's easier for me or nice for me is I can go look at these competitors and their financial statement and see what percentage of their revenue are they devoting to CapEx or equipment. I think that gives me a pretty good indication of what I'm going to need to make, and those investments, you know, I was pleasantly surprised that as a percentage of revenue, certainly seem to be very, very manageable.
Yeah.
To bring it to market, to sell it-
first step you go through is when you got to... You have to train the salespeople, and you have to build confidence in the sales team that you have a good product and you're committed to it. I believe the Google announcement sent a very committed to SASE, and that was important. We've gone through the first iteration of training for all of our sales team and various subsequent iterations. We've also added training to channel partners and other outside parties. Two big milestones for us now is to gain more and more traction with our channel, with our resellers, that, you know, we're here, we're serious about this, will be an important one. And then some we've signed very early on in the SASE journey, you know, we need to get them live and to become reference accounts.
I think those are two key milestones going forward then. I'll ask my last question. Are your customers for Security Operations, for Unified SASE, are the target customers the existing customers, or are you also going outside of your-
The existing base? The reality is it's, as everybody knows, it's easier to sell to customers that you already have, and if I were a salesperson, that's probably exactly where I would go is initially, especially in SD-WAN customers, John talked about the natural relationship. I am very pleasantly surprised to see whitespace accounts come in and to see us get phone calls, about our SASE offering and saying, you know, being included, expanded in RFP into us as opposed to us chasing it.
It's kind of like connecting the dots in the Magic Quadrants. We go firewall, SD-WAN, SD-Branch, SASE.
Got it. Is there any questions? Wait for the microphone, if you don't mind. Two, one second. Behind you. There we go.
Hello. Thanks for making time, guys. I think one, a great deal of the services business is obviously FortiCare, FortiGuard, attached to the product sales, and so, like, in a lot of ways, the product sales are a leading indicator for the service. Tell me if you agree with that characterization, but to frame it, my real question is, you know, there was a lot of supply chain dynamics that were unique to this cycle, really make me believe shouldn't have the same timeline as prior cycles. And I know you guys are kind of seeing the time to service, et cetera, normalize, and so that's a great indicator. But I'd be curious, spots come and bite, folks. Software's been really tough.
Where do you guys see the blind spots could be at this juncture, just to kinda like, think about managing risk as it pertains to the cycle?
Very macro factors out there. I mean, when you meet with customers and sales teams worldwide, and it's been written about, it's not just the U.S. election that's creating uncertainty, that, you know, each of these, Brazil, I think, have been talked about. Each of those have, you know, some impact. I believe that my sales team has done a very good job of forecasting around what I think those impacts are. I think there's other... Where does AI go? You know, how, more specifically, how will the bad actors deploy that technology, and how will that change the threat landscape and how people have to go about protecting themselves? I think that's a little bit unusual. You know, the threat actors benefit. They don't have to go through product release cycles.
They don't have market. If they work great, if they don't work, then try another one. So they tend to be, unfortunately, a leading indicator in our industry of what drives us.
Awesome. Thanks.
Any other question? 18 seconds to do whatever you want.
Sing, sing a song?
Yeah. Thank you. Thank you so much.