Good morning, everyone. So quiet. It's like church all of a sudden. Scary. So hope you enjoyed the video there.
I did notice I think one of the slides wasn't completely up to date as the stock has moved a lot since I made that slide. But anyway, quick logistics, so we're all on the same page before I bring up the speakers. Just want to let you know the timing. We'll start now. At about 11:15, we'll do a Q and A session after Ken and John speak for about 15 minutes.
We're going to try to do a brief one there and then we'll do a 30 minute Q and A at the end after Keith's presentation. Couple of logistics things, if that wall does come down, which we talked about doing, there will be a door open to get to the restrooms, which are right behind us. And then secondly, going to do a lunch in this room starting at 1 It'll be a box lunch. So we'll just have it in the back and we will also be handing out gifts as you leave. So if you do depart, please grab the Fortinet swag as we'd like to call it on your way out.
Obligatory Safe Harbor statement, I'd to remind everyone that we are making forward looking statements today during the presentation. These forward looking statements are subject to risks and uncertainties that could cause actual results to differ materially from those projected in these statements. Please refer to our SEC filings, in particular, the risk factors in our most recent Form 10 ks and Form 10 Q and to other reports that we may file from time to time with the SEC for additional information on factors that may cause actual results to differ materially from our recent or current expectations. All forward looking statements are our opinions only as of the date of this presentation today, and we undertake no obligation and specifically disclaim any obligation to update forward looking statements. That was from my legal group who is in the back somewhere.
Also of note, logistically, the slides will be posted after the presentation this afternoon. So you don't need to take pictures and try to memorize everything that we show today because they will be posted immediately following the presentation. And with that, I'd like to invite up Ken Xie, Founder and CEO of Fortinet. By the way, if you weren't aware, we did celebrate our 10 year anniversary this morning as a publicly traded company by opening the bell on the NASDAQ. And today is the actual anniversary date.
Ken?
Thank you, Peter, and welcome. Thank you for joining us. So I will go through the industry overview and company vision quick with John together and then we'll go over a quick Q and A. First, a lot of talking about was the refresh what happened in the industry. So you see network security over 90% deployed in the hardware base, which they need to install whatever software or the service into a system.
And after like 5, 6, 7 years, it will be too like slow or kind of all and need to be refreshed. So the last refresh happened in about 6, 7 years ago starting in 2012, 2013. So that's where the 1st generation network security firewall, which is traditional connection based, whether the NAT or whatever is being replaced by what we call the 2nd generation next generation firewall or UTM, which can look inside connection, look inside the content, detect the intrusion, detect the virus, the web content. So that's where today probably like most firewall deployed in the border already been the 2nd generation firewall compared to my previous company NetScreen, which almost 20 years ago is a 1st generation firewall VPN, which are connection based. So that's where and today also we're starting to face similar issue after like 6, 7 years.
So this firewall still got the border. They're starting to get slower and all need to be replaced. But what happened this time is different than the last few times refresh. And the reason really there's a lot of mobile device, a lot of application move to the cloud and also some other like IoT, other things happening in the industry. So this time, the border is still there, but got weakened.
And also a lot of security issues come from inside the company, majority actually come from inside the company now. And also a lot of data go to the cloud, go to the IoT device. So this time, the traditional border security having the last 2 generation still there, but they have not increased a lot. So that's where you see if the company is still using the traditional way to develop the firewall of network security device, So their growth was very flat. So they are now seeing much growth.
But overall market still grow over 10%, because they're starting to expand inside the company through the internal segmentation, we call security driven networking. They also started to expand into the WAN like SD WAN. Actually, 10 years ago, we also developed the Wi Fi security, which FortiGate also is a Wi Fi controller. But 10 years ago, probably internal Wi Fi, they all view internal inside the company line still very secure. So that did not quite take off like today SD WAN, SD WAN more expand to the WAN side, which need more 80% need more security.
So that's what happened in this time, the 3rd generation refresh, little bit different than the last few generation refresh. It's already expanding beyond the border now. So the border security is still there. That's where some old company enterprise firewall and they still kind of replace the border. The whole traditional border firewall is now decreased, but also will not increase.
And then internal security growing a lot, internal segmentation including the Wi Fi and also go to the WAN, SD WAN and also the cloud side, IoT security also expanding a lot. So that's what we call the infrastructure security or security driven networking. This is Gartner's size, looking in the last like 40, 50 years. So initially, you can see the server PC that eat up the mainframe terminal. And now the cloud and the mobile study eat up the traditional server and PC.
Going forward, maybe still like a few weeks away or 5, 10 years later, by Gartner they say the age and immersive, whatever the wearable, automotive will be starting either on the mobile and also the cloud. So that's where the long term trend happen in the industry. So we have the technology. We can embed a lot of security, whether inside edge or inside immersive technology. And then that's keeping driving the whole industry.
So that's where we develop a lot of technology today, try to feed the future trend of the security space. So Fortinet is the only company we can cover both edge and cloud. So later Patrice and Mike will present some of our strategy product related to the cloud related to the edge. But by the next 2 years, 40% enterprise will start to deploy edge security because most of the data generated on the edge. And edge also has some advantage, latency advantage, the bandwidth advantage and the cost advantage compared to the cloud.
And also I always say cloud good for certain things like they're good on the management side, they're good on some detection, which not quite need a real time And edge, very good on the prevention. So the prevention device, just like most of network security device, is in line device, need prevention, need to stop the intrusion, stop the virus, stop the bad traffic. They need to process the data in real time. So the latency requirement, the bandwidth cost requirement and also need to be very close to the data. So that's where most fit into the age.
That's where the company's strategy we have from the very beginning, try to more combine the security networking together. And that's where the total addressable market for us is keeping expanding. So the traditional network security is still there. So we grow faster than the market. The market grew about 10%, including the internal segmentation, including some time expand to the other area.
And then on the other side, the cloud also grow very fast. And then there's other we call the secure infrastructure. So that's also keeping expanding. Like I said, SD WAN, the 5 gs, a lot of new network function, they need security, because the traditional network function, you call it a 5 gs or whatever, they only care to connectivity and speed. So anything beyond connectivity speed need to be handled by security, like what's the content, what's the application, what's the user behind, what's the device behind, what's the region, country behind, all has to handle by security.
So that's where we see infrastructure security get more and more important because you need beyond connectivity and speed. So that's how security give a bigger percentage of the total IT spending and especially when the 5 gs IoT taking off. So we all prepared the technology and developed the product for all this going forward. Fabric, you can see in company growth, fabric grow faster, much faster, almost double the growth rate compared to the network security growth. Right?
That's where because the trend in the companies, whether they need a consolidation, too many products from too many different company, they're now working together, difficult to manage, management costs are very high. And also they cannot automate if they're not integrate. So that's why you need to be integrate, you need to be automate. So that's where for us we develop most of the fabric product in house. That's very different than most of our competitors.
They come from acquisition by acquisition. So that's what make the integration both on the product and the team more difficult. So we also do some acquisition, but for our acquisition, they probably need to be first become a FortiFabric partner. We want to make sure the technology, the product can work in together. And then most of our acquisition also in the product technology stage, not quite in when they already expand in the market stage.
So that's why we want to make sure integration automation will be working after the acquisition, so can fit into the whole fabric picture. I think a few months ago, we announced the SoC4 so 4th generation system on a chip, which can be go to the SMB device, go to the edge and also go to the we call the FortiGate 60F. You can see we're starting also introduced in the earnings call, we call it secure computing region. So secure computing region is really in a certain price or price range, like example, is about $1,000 What's the industry average computing security power you can get, including go to the cloud, including go to the appliance, including whatever. So we compare all the competitor, all the cloud on premise solution and then compare to ours.
So what's industry average for like around 1,000 price or could be like 3,000 or could be 10,000 or 100,000. So that's where each one they have a different price range. And then compared with the product, what's our secure computer retail advantage? So that's where you can see the reading here from 4x to 47x, because the chip we introduced here, they are multicore CPU. The customer designed a lot of security function inside and that's what make it performance much better, much huge computing power compared to general purpose CPU.
Because general purpose CPU, they are not designed to run a lot of security function and also they are not designed to run a lot of networking function. So that's where this ISOs chip is so powerful, give us quite an additional component power room to keep in adding network security function like SD WAN, like we already have the Wi Fi, like the 5 gs going forward and also keep adding additional security function also go deeper in security function. Because in security space every year there's a new function, new feature requirement. At the same time, if you can integrate more function into a single device, because this device deploy in line, so the less faster processing and that's giving you better control, better kind of cost and performance advantage. So that's where it is so important.
You can leverage hardware to keeping the performance, the function better faster because security need much more computing power than the networking. On average security need about 50 to 100 times computing power to process the same traffic. And also security need to be in line to stop the bad traffic. That's where most of the time security has become a slowest device and also most expensive device on infrastructure. This technology actually we started from day 1 and also including my previous company, they kind of enhance the function a lot, can easily add a new function.
At the same time, they import performance lower the cost. So the best way to measure use the security and computing region. The other exciting things really, we're waiting for the we spent almost 5 years developing this new one we call the Neo Processor 7. So that's the first time we introduced. Compared to the MP6, which we introduced like almost 5 years ago, the product like 1500 D, 3700 D.
This one is about 5 times faster. So the interface go for the 100 gig and the package per second processing power including to the 200 meg. You can see a lot of new function and also a much faster processing power compared to the last generation network security processor. So in the next few months, we're going to introduce more product which leverage this new chip. This chip will go to the middle and the high end and also can go to inside the cloud, inside the data center, we call it hyperscale, handle all this kind of, they call it, east west traffic compared to most border security, also cross securities and no south traffic.
So because you need a speed internal networking speed tend to be 10 to 100 and faster compared to 1 connection. So without fastening processing power, you can now secure internal wider segmentation inside the data center. But this chip gave us the capability to handle the new market inside the company, inside the data center, secure all the other things. So that's already take almost 5 years to develop as the best technology today in the industry. And they also gave us additional component power.
We do use whatever the latest commercial available CPU chip, but this is very unique. We're the only company designed the chip in this level can process the network speed faster, can process the function much faster than the regular CPU in the industry. Here is some summary comparison to the regular CPU. You can see this CPU actually costs almost $3,000 And then compared to the new MP7 and then compared to the last generation MP6 and also the SoC4. So we also have, we call it, CP9, the other content processor, more processed SSL SIMM001 had been released 2 years ago.
So it's a much faster, much better secure computing region power compared to any other industrial competitor. So that's what keeping us keeping gaining the market share, keeping grow faster because this technology is very, very unique and has much faster computing power, better computing power than any other competitor have today. They use the regular CPU, which we also use. But on the side, we also have this accelerator. Just like the GPU, the TPU can handle different functions.
So this technology we call SPU, Security Process Unit, will give us huge advantage and also can easily add a networking function, add additional security function and still much faster than any other competitor. That's why so far we don't see any competitor can do the SD WAN security SD WAN. They cannot do the Wi Fi with security integrate together. They don't have other whatever. So far, we have not seen them go to the 5 gs with security and also so much security function.
That's where you can see the testing evaluation. When customer engage in the evaluation testing, we always win. And so that's where the power behind this platform, this technology help us. And also making ASIC for us that it more make business sense because the economy of scale also working. So today, we have almost 30% the total unit deployed or unit shipped in the industry.
For the AC chip, because of very high cost, take a long make a big investment to produce the chip. But per chip cost will get lower if you have the quantity. So we believe in the next few years, we can have more than half majority of the total industry unit shipment. So that's where leverage our chip technology, our ASIC chip cost will get lower. We're helping our margin and also other competitors more difficult to get in the space because they don't have the quantity, they don't have the economy of scale working for them.
For us, we spent in the last 20 years, spent 1,000,000,000 of dollars in this technology. We're starting to benefit a lot, including going forward, IoT security, embedded security into different infrastructure, can be networking, can be storage, can be like connected cars and other IoT smart city. So this will also benefit a lot in the long term because we're starting to have the quantity, the economy of scale also starting working for us now. So when we engage customer testing evaluation, we always win, because so far we believe we have the best technology. So you can see this from the independent industry testing certification.
Some a lot of people joke that we spend more money on the testing evaluation certification than the marketing, but it's a part of marketing general present. So we still want to be leading in the technology, key part of the innovation. Let's go to the number of pattern we have. More than 3x than any of our close competitors. So we want to keep the innovation.
We do develop a lot of technology, a lot of product, more broad solution and most in house developed compared to our competitor. So that's what more like I said in open speed there. So the company we still want to keep in the long term investment, the long term focus into this network security industry and develop a lot of technology will benefit customer, benefit all the industry in the next 5 to 10 years. So we talk about merger position. Probably Keith or whatever can spend more time there for our capital strategy.
So we want to make sure the acquisition we make can fit into the fabric. They can work in together. They can integrate together. They can automate together. So that's the strategy.
A lot of acquisition more in the product stage. That's where there's a lot of start up, they can spend like easily $20,000,000 $30,000,000 to develop the product. But in security industry, because most enterprise customer, they're still not quite a test evaluation of product yet. So that's where if you want to go to market for this industry, you can easily need to spend over $100,000,000 to go to the market. So that's where quite a lot of startup company, they develop product, whether the investor, the team not feel comfortable to spend additional $100,000,000 to go to market.
So that's the best stage for us to acquire some of the company. And SD WAN is the data come from Gartner. You can see how quickly it's growing for us as compared to Q1 to Q2. It's quarter to quarter, like more than double and that's the market share we have, because we are the only one security with SD WAN together into a single 40 gig box. And by Gartner also some other IDC data that show over 80% SD WAN is security.
And none of our other competitor have the competing power capability to embed security inside SD WAN or combine together. So we can easily add SD WAN like we add Wi Fi, we add some other security functions, still have a lot of computing power for the future growth, for the future function going forward. So with that, let me pass to John and will give some detail of the product. Thank you.
Thanks, Ken. This mic is a bit high. So I'm John Madison. I've been at Fortinet about 8 years. And probably 7.5 of those years were focused on the product side, meeting with customers and strategy there.
In the last 6 months, I've took over the CMO role as well. As Ken said, I don't think we've got any issue with our products. For sure, our products are the best out there network security wise. I think right now, a lot of people know Fortinet, but they need to know what we stand for. Right now, we're actually the 3rd largest cybersecurity company out there.
And so we'll focus in 2020 and making sure our customers and our potential customers know who we are in more detail. So my title of the slide said Digital Innovation. And I think everyone here has an example of digital innovation. And it's not just one industry, it's all industries. And so whether you think about retail, manufacturing, transport, education, every single industry is being impacted by digital innovation.
And it's very disruptive, very disruptive indeed. You just have to look at the Amazon model to some of the retail stores. Although, I think some of those retail stores are coming back by using digital innovation. Disruption also causes increased risk. And from our perspective, it's causing cybersecurity risk.
Four main reasons. One is what used to be a fairly conservative attack surface, which we now call the digital attack surface, is very much expanded, creating edges in your network, in your compute, in your users and your devices. Secondly, the cyber threats have not gone away. Now breaches are expanding. We saw our 1st cloud breach, major cloud breach this year.
Ransomware has not gone away. You can see it in the U. S. And local authorities, for example. So cyber criminals are still out there and expanding.
I've spoken to a lot of customers who are just fed up of buying one more security point product. Too many point products, it's too complex the ecosystem, They can't fit it all together. They can't build workflows across there. And then finally, something that's not going away is regulatory and compliance. We're based in California.
There's a recent California Privacy Act that came into play. So there's global, there's regional, there's industry wide, there's government compliance, which will always be there. So let me start with the first one, the digital attack surface. Obviously, you want to make sure all your devices and users can get to the right compute and applications. Okay.
So making sure that all users before they get on the network have a trust level whether they're known, unknown or trusted, very important going forward. As a lot of these devices are always headless and you can't get agents on there and they're part of the IoT and OT infrastructure. Then, of course, there's compute. Everyone talks about the cloud. Well, the cloud is many different things.
It's multiple public clouds. It's multiple SaaS clouds. It's edge compute. It's hyperscale going forward. A lot of companies have call centers and, of course, edge compute going forward as well.
But what's really important is you've got to connect all those devices to all those applications and compute. So people forget they need a very secure and fast network. Otherwise, all they build out inside the cloud, all they build out inside their factories and campuses offer nothing if you haven't got a very fast, very reliable network. I was talking to a customer about 6 months ago. They've got about 4,000 sites around the world.
They were getting in average 120 outages each week on the network. This affected their business greatly. You've got to make sure the network and by the way, the campus and the branch and the factory are not moving into the cloud nor is the network. The cloud is very important, but so is the network and so is the infrastructure that onboards your devices and users. The other piece is the cyber threat landscape.
Now I'm not going to go through this in a lot of detail. If you go back a while from 2000 to 2010, the biggest thing that was changing was the attack vectors, e mail, network, Code Red, Nimda, web drive by downloads. And so the threat landscape was changing very rapidly every year. And that's why you had a lot of different point solutions from a marketing perspective from a cybersecurity perspective. Now what's happened in the last 5 to 6 years is the infrastructure is changing even more rapidly.
Not so much creating new threat vectors, but as I said before, creating new edges, new ways in. You can see now that breaches are $5,000,000,000 to $6,000,000,000 plus compared to in the 1,000,000 or tens of 1,000,000 5 years ago. But not only breaches, ransomware reached over will reach over 1,000,000,000 attacks in 2019, a very different approach. What's ransomware trying to do? Is trying to hold your infrastructure or destroy your infrastructure and then allow you to operate it once you pay that ransomware.
So it's not only breaches, it's also ransomware. And look at the numbers for ransomware and breaches still going up. So that threat has not gone away whatsoever. So for us, we absolutely think that the cybersecurity platform will enable companies' digital transformation and digital innovation. It's absolutely essential to allow those companies to move forward with their innovation.
We feel there's 4 main components of the platform going forward. First of all, at the core, what we call security driven networking need a very fast network to enable all your devices and users to connect to your applications and compute and data. So securely and accelerating the user experience or even the device experience in some ways. Next, we want to make sure that every device and user is securely attached to the network. Then of course, we want to make sure you have that dynamic cloud security, making sure that all your compute and applications and data are safe in whatever cloud that you're using.
And then once we've done all that, we want to apply the most advanced AI based or machine learning based threat intelligence to any part of that network. And Ken talked about this is what we call our fabric, our fabric platform. We believe it's the broadest cybersecurity platform out there. We can cover everything from IoT to OT to endpoint to access, secure access through Wi Fi and switching to core network security to application security to cloud security. So the full length segmented all the way from IoT devices all the way into the compute.
Again, we believe this is the BRUISE cybersecurity platform and this reduces risk for customers because they get that visibility of everything on the network. Also, we believe it's the most integrated and again Ken touched on this. We do some acquisitions, but not big acquisitions, because it's very hard to integrate products, mature products from other companies into your platform. So we do a lot of organic development. Again, we believe the most integrated platform out there.
This absolutely reduces cost in terms of having to buy point products for every single attack vector or every different infrastructure component inside your network. And then most importantly and probably the conversation I have most with customers is automation. I want to build workflows to enable my infrastructure to be dynamically operated. And when I find something, I want to be able to automate the response very, very quickly. So we believe our fabric is a complete differentiator out there in terms of how broad it is, in terms of how integrated it is and in terms of how we can automate workflows across everything.
What does that mean in terms of products? We have quite a few products. And for those of you familiar with Fortinet, they have a very simple naming system. It's the Forti whatever it does, okay? So everyone can follow that.
Even our sales team can follow that process. And there's a few salespeople in here. And I definitely haven't got a spare 6 hours to go through every product here. So rest assured, I'm not going through every product here in a lot of detail. Going to focus a bit more on the network security piece component here.
But you can see we go all the way from our 40 NAC solution authenticator and token to authenticate everything going on to the network. Our endpoint, we made a recent acquisition on the EDR, in the EDR space to increase that capability, our secure access through FortiAP and FortiSwitch, our core product, where all the controllers are around FortiGate. We've actually been working very hard on our cloud portfolio around FortiGate VM, virtualization, cloud workload protection, application protection through WAF and FortiMail, analytics and then of course, probably one of the biggest differentiators for us is a single console across all of those products, a single point of visibility, a single point of policy. Again, that's extremely hard to build if you do that with different vendors and try and mash it together. Running across all of this is SportyGuard Services, which allows you to apply that AI based threat intelligence at any point.
Now interestingly enough, we try and provide all these products with different consumption models as well. So obviously, we're very well known for our appliances because we build some of our own SPUs and ASICs inside there. But we also make available as many products as possible through virtual machine, through cloud. We've actually rolled out a lot of SaaS delivery services in the last 12 months. Obviously, some of their agents and software, but you'll see us roll out things like container security going forward.
So definitely, the consumption model change depending on where the application is or depending what the customer wants to focus on in terms of deployment. Very important to us is our FortiGuard Labs, which is our threat intelligence. Given that we have almost 5,000,000 firewalls deployed, that's a huge footprint in terms of visibility. It gives us a huge advantage over our competition as we can just see more of what's going on across the world. Not only network security and firewalls, but also WAFs, e mails, clients, enterprises, and we continue to roll this out.
We bring all of that information into our AI based and machine learning cloud, process it and send it back out so those sensors then become protective nodes going forward. This is a huge operation, almost 10,000,000,000 plus events on a daily basis get processed through our 40 Guard Labs. Now Ken showed this slide as well. This is what we think the total addressable marketplace is for Fortinet's current products and solutions. Obviously, the core of that is network security, about SEK 24,000,000,000 Secure Infrastructure, which includes access points and switching, secure access to the network, endpoint and IoT and OT security and then, of course, cloud, about a $60,000,000,000 TAM by 2023.
Let me zoom in to the network security marketplace. Obviously, this is our core marketplace in terms of products, billings and revenue. You can see network security is absolutely dominated by network firewall. So if you look at the current situation, almost 2 thirds of revenue is network firewall. And the 2nd largest marketplace is web gateway, sometimes called secure web gateway.
Then right now, it's IPS and then secure SD WAN. And as you go forward, you can see actually Network File remains the predominant market inside Netwilscript. These by the way are coming from Gartner. You can look these up. They have individual reports for one of these marketplaces.
IPS declines a bit, mainly because of the movement into cloud, data center movement into the cloud. Web gateway is still very important as it secures users and their access to the traffic. And then SD WAN increases as well. So moving from $18,000,000,000 market to a $24,000,000,000 $25,000,000,000 marketplace by 2023, about an 8% growth. Now what's also interesting, let's just zoom down in more detail into the network security marketplace, into the firewall marketplace.
Here right now, again, according to Gartner, about 5% of all firewalls are virtualized. In their mind, this is going to move to about 15% by 2023. So going from 90% to some 80%, about a 10% decline in hardware, but that's just a percentage. The overall marketplace for civil appliances will still increase and still be large. There's something else called firewall as a service, not quite sure what the market is for that, ranging between 1% 2%, but still very, very tiny.
So network security use cases. So network firewall to manage all your risks. We're going to talk a bit about the hyperscale firewall. This is a marketplace that's not served right now. Technology cannot serve this marketplace.
Secure SD WAN, which has absolutely exploded for us in terms of marketplace and Secure Web Gateway. We continue to see new use cases for network firewall, not just firewall, but IPS, induction firewall. Internal segmentation is still a very, very important application and use case as those edges appear inside the network and the network expands. And then something else, which is very important, that's SSL inspection. Almost 80% to 85% of the traffic is encrypted now.
A lot of companies don't open up and look at this encrypted traffic because of the performance issues, and I'll talk a bit about that. So most of you should be familiar with the Gartner Magic Quadrant. Anybody not familiar with the Gartner Magic Quadrant? Don't be embarrassed, you can admit it. It's fine.
This is what Gartner used to define, obviously, and categorize the different vendors. This one's about 2 weeks old. It came out about a couple of weeks ago. Excuse me, these glasses slipping down the table here. And you can see there's definitely 2 leaders in this marketplace, in our opinion.
In fact, whenever we're in deals, we usually see 2 leaders bidding for new deals. And we continue to kind of make that difference in terms of separating us from maybe Cisco and Checkpoint, but definitely doing extremely well. This is actually the 10th time, I know Ken said 3rd time, but now the UTM Magic Quadrant has been incorporated inside here. So now this is actually if you include UTM and network firewall, enterprise firewall, this is the 10th time we've been inside there. So from a network firewall perspective, as I said, 2 main consumption models.
1 is the appliance and one is virtual machine. We've seen virtual machine take hold maybe in the East West SDN environment. We've also seen it obviously in the cloud. But we still a lot of people deploy those appliances, especially against the Internet, where it needs to be hardened against the Internet. We see a lot of people making sure that they have high performance, but a hardened machine against the Internet.
Now this is the analogy we use for something we call our security processing units, the SPUs. And there's something else in the industry called the GPUs. And obviously, this is for gaming. And what it does is just offload the CPU from a lot of those computes to render the graphics. In fact, a medium level, in fact, a low entry CPU plus a GPU will easily outperform a very high end CPU.
This is the same concept we have for our network security appliances. So obviously, we still use CPUs. We still need to add new features. We still need to make sure we can support cloud and software, etcetera. But then we offload the CPU.
And 2 main CPUs we have, 1 is the network processor, which offloads all the network processing, all the firewalling, the NAT ing, policy, etcetera. And then we also have another SPU, which is on the content side, called the content processor, content 9. And this provides all our deep security processing as well as, for example, as SSL inspection. And how do we scale our systems? Well, our entry level systems start with 1 of them.
And then as we scale up in the marketplace, we just add more network processes. In fact, we add more CPUs and more content processes. We have 1 firewall, for example, today that runs at 1 terabits per second. That's pretty fast. And if you look, we can have this slide for our entry level systems.
This is one of our mid level, mid range systems. You can see again, there's such a huge advantage. We refer to this as the security compute rating by taking an industry average across different vendors in the marketplace, coming up with an average, comparing it with our system and then giving you a security compute rating. Again, this is ranging from 4 to 12x faster. That's huge when you're putting in your network and making sure it works at those sort of speeds.
So we believe we have a huge advantage now, but we believe going forward, we'll have an even bigger advantage. Now I talked a bit about SSL inspection. This is a very important area because most customers have it switched off because of the poor performance of their network security firewalls. Most customers are looking at making sure they can turn that on going forward because guess what, the bad guys absolutely know that's turned off and all their attacks are going through that encrypted channel. This is actually a report done by Enesys Labs, probably one of the most independent test houses out there.
The actual test was this was actually 2018 test for next gen firewall. And as a part of that, they switch on this encrypted test. So where they encrypt, for example, I think the IPS traffic here. Now every vendor is going to get some degradation. We get about 18% here.
So we go from about 6.1 down to 5.8 gigs. But just look at some of the other vendors here. Now again, these are not our results. These are Enes' labs. It's independent testing.
They've almost got 80% degradation. So your 10 gig firewall goes down to 1.5 gig firewall. These are this year's results. Not much change. I think Cisco has got slightly better there.
We actually got slightly better. So our FortiGate 500, for example, still maintains about 5.8 gigs. Palo Alto 5,220 is about 2 gigs. But also remember that our 500 is about $10,000 and the Palo Alto is about $50,000 So it's not even just the performance, it's the price as well. This is why we're taking market share in network security.
Now also, as you follow the progress of network firewalls, more and more use cases are added on. So again, if you go back in history here, Ken will say the history should go back a bit further, from when he was building at Stanford University's firewalls. But let's start in 2000, where you had mainly firewalling. Pretty quickly, it came along to add VPN inside there. As we went forward, because of some of the attacks, the network attacks, network worms, we started adding IPS inside there.
Then UTM came along. And we started adding in next gen firewalls, so you could see the applications. Around 2010, 2012, you had to support IPv6. As you went forward, SDN, segmentation is a big application. As I said, SSL inspection is very important.
We've also seen now that putting SD WAN inside the firewall is also extremely important. So each time you add these applications, you put more pressure on the CPU and the processing capability there. And that's why as we go through this history, what Fortinet has done is look to these different applications that are coming along and make sure we offload that going forward. So a lot of our SPU technology has been put in place to make sure we can keep adding new applications to our network security firewalls. And what's coming next, in our opinion, is hyperscale firewalling.
And what is hyperscale? Towards is a completely new marketplace, new set of applications that even some of our systems can't get to today just because of the performance and criteria. Here's some examples, and there are others that's come along as well. So something called elephant flows. These are big research centers that have to get big chunks of data to different research centers around the U.
S, around the world. Most firewalls today just give up at 10 gig. They can't process it anymore. So firewalls are not even in the path, some of these research centers because they can't cope. 2nd one coming along, edge compute.
Edge compute 40% of enterprises by 2024, 2023. Dotnet gaming and e commerce sites that spin up 100 of thousands of users within seconds. Massive attacks, DDoS attacks, we're seeing them still on the application level. Ultra high definition streaming 8 ks TV, the next Olympics will be broadcast in 8 ks, for example, in Tokyo, 5 gs Networks. Core segmentation, firewalls, you can't put today's firewalls in the CorView network.
They're just not fast enough. They can't cope. They can't deal with some of the segmentation that you need to do today. And then finally, large inter data center, large connectivity to the cloud. To do these things, you need a totally different type of capability.
For example, on Elephant Flows, you need 100 gig at least interfaces to provide those flows. Ultra low microsecond latency for edge compute. Millions of connections per second. We're not talking 100,000 here. We're talking 2,000,000 to 3,000,000 to 4,000,000 connections per second to cope with these very large sites.
DDoS built into the hardware. Software just won't work with the volume and the scale of DDoS attacks. 200 gigabits per second of throughput at ultra low jitter for streaming of high definition TV, carrier grade accelerated VXLAN, sorry VXLAN is a bit of one of those terms. It's a technology used in the core of your network from a switching and tagging perspective and then 75 gigabits of IPSec connectivity. It's what we call our MP7, our hyperscale SPU.
Now we're introducing it now. In Q1, we'll introduce some of the first products. Right now, it's just the chip, obviously. You can't send the chip to the customer and connect it. You need Ethernet ports and systems and software, etcetera.
So as Ken said, we've been working on this for about 5 years, and we'll roll out systems in Q1. This will absolutely open up a new marketplace for us in what we call the hyperscale. And again, here's some of the comparisons of MP6 to MP7. Most of it is a 3x to 5x comparison in terms of performance, but it absolutely opens up a lot of new applications for us in terms of network security. And we'll provide more detail on how big we think this is going forward in 2020.
But don't forget virtual machines. So as I said, our FortiGate virtual machine, APIs and software works the same. We have a lot of customers rolling out our FortiGate virtual machine in SDN, in NFV for service providers, and cloud, for example. We're very flexible. We're still trying to accelerate it.
We're still trying to make sure we can scale it horizontally or vertically. We have different flexible licensing models. So we're still investing heavily in virtual machine as well as our hardware. Now the next big area, which has already been very successful for us is secure SD WAN. And Secure SD WAN, we think is extremely important.
Again, here's the Gartner Magic Quadrant from last year. I believe the 2019 Gartner Magic Quadrant, what they call One Edge, is coming out any second now or any day now. It's late by a few weeks, but you'll see the new one coming out. Definitely take a look at that. Obviously, I can't say a thing about it.
I can't even hint in the tone of my voice or anything what's going to happen in that. But definitely otherwise, Gartner will be after me, but definitely take a look at the new one that should be coming out any day now. Now to us, SD WAN technology is not just having multiple connections to your branch and making it more secure. SD WAN Path Controller technology, which is the upgrade from routing technology, can be used anywhere in your network. It can be used in your core network.
It can be used to connect campuses. It can be used to connect your data centers to the cloud. So don't think of SD WAN technology as just branch office technology. We also think because that's the edge, you need to make sure that edge not only has that secure technology, but also has the security stack as well at that edge, not somewhere else, but at that edge. It provides obviously a different transport components.
It allows you to connect internally. But most importantly going forward, SD WAN will be your on ramp into the clouds. It's the base technology. A sophisticated SD WAN, once you add on the SD WAN on ramp capability, becomes absolutely critical technology. And by the way, as we go forward, there's a lot of people positioning what they call, Gartner call this the SASE, it's a great name, for cloud security.
But what's also happening is that a lot of the telcos, a lot of the ISPs, a lot of the big major cloud vendors want to be that 1st on ramp capability. They want to be the 1st cloud you go to. So Fortinet will provide SD WAN plus the cloud on ramp into whatever cloud it may be. We're not going to say you have to go to this cloud to do security. We're going to give you flexibility to go to any cloud, even our own cloud to do security going forward.
So what is SD WAN? You get this question a lot. We believe SD WAN or secure SD WAN is more broad than just a WAN edge controller. Yes, it's very important. And where did this marketplace really start?
It started in routing, where the routing used to do hub and spoke and get everything back to the data center. People wanted more flexibility, so they brought out something called the SD WAN controller. But as I said, as you do that, what's very important is you secure that. As you break out into local Internet access, you need to make sure you have that next gen firewall capability. For us, run it about 10x faster than our competitors on a system on a Chip 4.
We do put it on virtual as well. And then you need to make sure you have that orchestration system because that's going to be key in providing your cloud on ramp API connectivity going forward. But what we've also seen a lot of customers when they see this because we've got an inbuilt unified AP switch and NAT controller inside our FortiGate expand that all the way to the edge, to the device edge and user edge. A lot of the deals we've done for SD WAN add in what we call our SD branch. It adds in Wi Fi access, it adds in Ethernet access, it adds in network access control and IoT security.
And as I said, as we go forward, we've already announced 2 cloud on ramp capabilities with Azure a couple of weeks ago with our vWAN. We already have AWS Transit Gateway. Each one of our clouds will build a separate cloud on ramp for to make sure we have the most optimized traffic path, QoS path into those clouds for whatever application it may be. So Fortinet so far in SD WAN has been very successful in the enterprise space, winning a lot of large enterprise deals. We talked about on our analyst call last time about the number of enterprise, very large enterprise deals we won.
One space where we still need to work on is service provider, because SD WAN to service providers is just as important because it's taking away MPLS revenue. So about 50% of the marketplace we think is enterprise, 50% is service provider. You'll see us start to announce in the first one, we announced this morning new SD WAN deals for service providers going forward. Sometimes you refer to this as network based SD WAN. So we're starting to make inroads into the service provider marketplace.
We've already been successful in enterprise and Orange is one of the first big announcements. We announced some other service providers early in the year. So we announced this morning that Orange will be using our technology to build. And Orange, by the way, is one of the biggest, most global network service providers in the world will be using our SD WAN technology to power their offering to their customers going forward. We also announced SoftBank this morning, same.
They're going to be using in fact, they already are using our SD WAN technology to provide their customers with the best WAN edge capabilities across their global network. So these are two examples we announced today, more to come for sure. So in terms of cloud, definitely cloud is very important to us. We have public cloud infrastructure, there's also private cloud and SDN. We also have worked very heavily on our SaaS offerings.
So remember what I said about this is that applications when they move somewhere else, you really need to move where the security control points are. So if your e mail has moved to the cloud or some of your applications have moved to the cloud, really need to move that e mail security and that WAF is Web Application Firewall, which protects your applications into the cloud as well. And what better than moving them onto a SaaS platform that's on that cloud itself. So SaaS today is lots of different data centers people have built. Long term going forward, we believe our SaaS offerings built natively on AWS and Azure and Google going forward is the best way to protect those applications, which sit inside those clouds.
0 Trust Network Access absolutely becoming more important as more IoT devices are out there, as more OT infrastructure is put in place and IP enabled. Obviously, endpoint is the 2nd largest security marketplace, very important indeed. Our network access control is doing extremely well in the marketplace. It's very unique. It's API based.
And also, we can roll out identity on top of that. So making sure you have 0 trust for anything coming onto the network, making sure you provide that application control in terms of making sure it's authorized to get on your network, making sure it's got the right agents on there, making sure you can see it is extremely important. Today, our 3rd announcement, quite a few announcements today, the PR team were busy, is with Siemens, because operational technology is going to be it's already extremely important. But to be able to provide that security, you need to know those OT systems. And every single vendor out there, large OT vendor has propriety systems.
So unless you partner very closely with them to understand their systems, to understand their protocols, you can't really provide true security. So this is, again, one of our first announcements around operational technology partnerships, which are extremely important for that marketplace going forward. AI threat intelligence. So if you go 10 years ago, most threat intelligence was really focused on protection, making sure you protect against known threats. I would say customers have spent absolutely more money these days on detection or unknown threats.
So we've actually implemented a lot of machine learning inside our systems to make sure we can scale with the size of the threats. And then, of course, once you find something, you need to respond in an automated way. Again, all part of our security fabric. And probably one of the most difficult developments. Yes, we develop our SPUs and ASICs and appliances and software here, But what the industry has struggled with the most, and it's not just cybersecurity, it's infrastructure, it's endpoint, it's cloud, is bringing a unified management center together.
We call it our Fabric Management Center. You can bring up our fabric management center. You can see all of our products that I talked about today and earlier in that visibility view and a topology view. It's very hard to do. We can see how they're connected.
We can implement workflows across everyone. For example, if an endpoint finds something bad, we can tell the switch to take it off the network. That's just a simple case of building workflow, which is absolutely impossible when you've got 10 to 20 vendors inside your infrastructure. Having said all of that, it's very important that we have an open fabric, that we have partners that can connect into our fabric and we have systems that we can connect into as well. We call out our Open Fabric Ecosystem.
We have 4 types of different integrations. We have fabric connectors where we build into the orchestration systems of companies because those orchestration systems are extremely important. They know where all the infrastructure is. Examples will be Cisco or VMware or AWS, all the big orchestration systems know exactly where the infrastructure is. We don't want to be the orchestration system, we want to know where the infrastructure is.
So we provide deep connectivity. We build it ourselves, deep connector into these orchestration systems. We've got 135 partners who have built our API, providing specific applications. We have a very active DevOps environment, which usually become connectors long term. And then since we've added components to our fabric such as NAC, we also expanded, for example, our NAC system supports over 60 different vendors, including all our competitors' switches and APs, for example, to make sure we have a completely open ecosystem.
And I don't expect you to remember all of these vendors in 10 minutes. This is just a sample of them. Obviously, in the market today with a fabric and an ecosystem that goes so far, there's a bit of competition going on. But in the end, it's the customer's choice. If they have certain vendors they really want to keep inside their infrastructure or they want to use going forward, then we're absolutely okay with that as long as it fits inside our fabric integration.
So finishing up. Again, I can't possibly go through all the opportunities and markets or all the different products and solutions. But I've summarized here what I think are some of the growth drivers for Fortinet going forward. Obviously, network security, growing much faster than the average rate of 8%, that's for sure. So we're still taking market share in network firewalls and segmentation.
SD WAN was a completely new market to us 3 years ago. You can see we're already 3rd in Gartner's market share after only a year. Hyperscale. Again, we don't really know how big this may be. We think it's big.
Hyper means big, I think. But I think that's going
to be huge next year
and making sure we can go where no firewall has gone before into the center, into the core, looking at applications, etcetera, which a firewall is a game, could not cope with in current technology. As I said, we just acquired an EDR company to bolster our endpoint solution, but io2 secondurity is also being very doing very well for us with our next solution OT, hybrid cloud, edge compute starting to roll out that needs a completely different architecture, SaaS delivery and across all of that, we can sell our advanced AI based threat intelligence across every single part of that fabric to make sure it's secure. So I'm going to stop there. Thank you.
Thank you, John. Right away, she's quick. So we're going to turn to Q and A. Fatima is reading the screens quickly. I'm going to invite Ken up to join John up on stage to take questions on their presentations before we move forward.
We're running a little ahead of schedule, which is shocking because I didn't know how long John was actually going to speak because you never know. You never know a John. And so we'll take questions for the next 15 or so minutes. We'll see how it goes. Yes, please do wait for the mic.
I will run around.
Good morning. Fatima Boolani from UBS. Thank you for taking the questions. John, a question for you. You made a very specific point around security controls moving to where the applications have the most gravity.
So in the instance of emails and other applications moving, having native security controls in the cloud becomes all that much more important. So kind of a 2 part question for you. From a competitive standpoint, how do you how does Fortinet interface with cloud native capabilities? So from the likes of AWS and Azure. And secondarily, as a company with certainly more of an hardware engineering culture, how does that change the R and D calculus for Fortinet going forward as you think about that?
Okay. So I think by 2022, 75% of e mail will go through Google or Microsoft. That's the gravity of going towards that. So that those e mail applications are moving there. And so what you have to do is make sure you reengineer so we have obviously an e mail security appliance.
But those exchange servers are not there anymore in the data center. This is the reason the data center a lot of data center applications have moved into the cloud there, either through SaaS or through native public cloud. And so for us, we just need to take we engineer the security and move that into the cloud. Now what's the difference is, it's not just having a virtual machine, email security running in the cloud, you need to connect to their APIs. Cloud API security is very important, but the API gives you visibility.
And in fact, long term, those applications may not even look at the traffic through traditional path traffic paths, but look through it through APIs. So we reengineer those, as I said, for appliances, for virtual machines and for cloud and for API going forward, it's very important. But what's still very important is that you have a total solution. So if I've got an end user somewhere and we know, for example, that they've had a phishing attack and we can see it through the API in Office 365, then we can apply some security policy back onto the campus to make sure that doesn't spread across. So it's not just that point product instance on its own, it's the total fabric solution across everywhere that's very important.
But you're right, we have to reengineer it differently in the cloud versus the network versus the campus. And I always have a problem with 2 part questions because once I've answered the first part, I totally forgot what the second part
I think the cloud native capabilities are potentially just low confidence.
Well, this has always been the case for the big platform vendors. Before Fortinet, I worked at Trend Micro. And back in 2005, at least, they were saying Microsoft is going to come and take everyone's lunch. And it's kind of happening now a bit, I think. You can see Microsoft now is by far the leader in the Magic Quadrant.
Not that everything should be guided by the Magic Quadrant, of course, but it's always going to be there. So you have to make sure sometimes you'll use their capabilities and build on top of it. Sometimes you always have to find added value though. So for us today, for example, our sandboxing technology where we do file is more advanced we think than Microsoft. But again, the biggest advantage is the workflow once we found something to go back into the campus on the network and provide some mitigation of that threat upfront or afterwards.
I'll also mention even we developed the hardware DTP chip, but we do have a more software engineer than hardware engineer. And also that tend to be working together much better compared to we have to use in commercial hardware. We do use commercial hardware whenever possible, but the dedicated hardware actually helping the performance, helping the function a lot.
Sterling Gautier with JPMorgan. John, I actually want to touch upon very early in presentation, you actually mentioned marketing and your CMO title. And you talked a little bit about maybe 2020 being more brand marketing. I wonder if you could just go into how much of your marketing resources were dedicated in 2019 to top of funnel pipeline generation versus brand and how that might change in 2020?
Yes, good question. So I think last 2 years at least for sure, we've been very focused on getting a seat at the table. We weren't at the table a lot of the times. And so definitely a lot of ABM programs, for example, definitely a lot of events on the road and making sure we get access to the highest levels and getting access to those customers. I think in 2020, we're going to change that slightly in trying to create a bit more of a brand guidance.
We've done some survey so far. And as I said, most people know us. They've heard of us. They kind of think maybe at least they were a firewall vendor, but they don't realize, A, the scope of the company, the size of the company. They don't realize how broad we are in terms of products.
And we're not as well known, I would say, in the Fortune 50 or Fortune 100 in terms of CIOs and CISOs. So we're really focused on that. It won't be you won't be seeing advertising billboards all over the place. But you'll see some very focused branding to make sure people understand who we are.
Thank you. Melissa Franchi from Morgan Stanley. Ken, we've talked a lot about SD WAN becoming a key point of differentiation for you all. But I want to ask about the competitive environment in that market. You have Palo Alto that just recently announced capabilities, which is obviously a validation of your market strategy, but also represents a new competitive threat.
So can you just talk about how you sustain differentiation moving forward when you have new entrants in the market?
Yes. Actually, we started to develop SD WAN in the FortiOS 5.4, which we released almost 4 years ago. So that's where and also leverage hardware ASIC, we have much better performance compared to competitor, which they just got into the space. And we from early testing, they're still way, way behind probably even like not quite much with 3, 4 years ago's function there. But I do believe now SD WANs become more important especially secure SD WAN.
And so we'll be huge growing market. And also we'll have room for more player, but we are gaining market share very, very quick. And also we have a unique advantage compared to any other competitor, especially SD WAN combined with security need a lot of computing power. So whether the vendor come from security or come from network side, which they don't have extra power to add an additional function. That's the biggest struggle they're facing, because in the networking side performance is also important and more easy to test in the network function compared to security function.
So that's where so customer can more clearly see the advantage from SD WAN, who is better and with security and who is not because like what's the network function is more easy to test.
I'll just add to that. You can announce it. That's great. I think there are in terms of SD WAN functionality controller, it's difficult to build. That's why no one's really done on the security side except us.
And to build an enterprise SD WAN controller is not easy. It's taken us 4 years to get where we are, where we compete head to head against network inventors who don't have any security whatsoever. And I think I don't want to speak on Palo Alto's behalf, but I will. I think they're long term more focused on Zscaler because their services are Zscaler plus SD WAN. And the reason they want to do that is because, as Ken says, their appliances can't compute the security and SD WAN capabilities.
So let's just shift it all to the cloud. I think long term, people want a choice on which clouds they go to and which security they go to. That's why we keep saying put that security edge straight away.
Hi, guys. Michael Turits for Maybe James. Actually that's exactly where I'd like to start off where you finished. Both Palo and Zscaler providing security, let's call it broadly speaking, from the cloud. It sounds like you're working to partner more with the carriers and others to create access to the cloud.
Can you just clarify that strategy and whether or not you need to be in a true security from the cloud position?
Yes. That's our strategy a few years ago when whether this killer launched whatever the service. We feel the service provider some cloud provider has the best position. If the in the in the last few years. And also you can see today we announced some of the carrier service provider also starting working with us closely launching a similar service.
So we do feel, because sometimes like John mentioned who get touch of the first touch of whatever the travel to the cloud is very important for a lot of service provider, cloud providers will be pretty hot competing space and also need a lot of infrastructure investment, data center all these kind of things, because whoever can have data center close customer, they have latency, they have a cost advantage, but also need a huge investment. That's where the carrier service provider, cloud provider, they probably already have some infrastructure compared to some other network security vendor. They have to build something there and also whether they are renting the data center. That's where you can look at the economy behind whether they can be profit or what's the when you forward the data from the customer promise to their data center or POP, sometimes also unencrypted and also not secure. And also there's some other regulation requirement whether they can forward out or not.
Like for us, when we do the R and D, we never let any data out of our R and D center there. So that's where there's a lot of issue, a lot of kind of debate in the space. So we do believe stay with the service provider is the best strategy. We're supporting them. They also understand better in the space.
Hi, Ken and John over here. Keith Bachman from Bank of Montreal. I wanted to stay on the SD WAN space if I could. And every system you ship out has SD WAN functionality and customers can use it or they don't need to use it and you don't get paid incremental dollars. So my question is, how do you have good data surrounding what the impact SD WAN is?
On your largest customers, I'm guessing that your sales force gives you very direct feedback about who saw it as a key deployment feature or enabling a win for Fortinet. But if you think more broadly or how would you want us to think about over the next 12 to 18 months? If you provide this functionality and users don't have to pay for it, how do you think about what it's enabling for a growth rate? What's the difference you think you can make in that regard? And how do you measure it?
So for instance, when you say Gartner is going to provide our IDC market share number, I'm curious how they gather their information on that market share. It seems like it's a huge opportunity, but I'm just trying to drill a little bit lower. And how do you think about it internally in terms of metrics? And how should we think about it when we think about your total growth rate? Thank you.
I think that the way we measure later, I think as Keith, Patrice and Matt represent, that's where sales finance, they have a market way to measure. We have a market too right now. And also there's a lot of market use case right now. We may be after the presentation we can do the Q and A in the end. I hope it's okay.
Thank you.
Yes. But in terms of what it means for us is we used to we are still very strong in what we call the UTM marketplace, which is more of a retail distributed. This is allowing us now to go into enterprises, the branch offices. Those are marketplaces we couldn't go before. So when we get in there with our SD WAN solution, they also switch on our SM firewall.
So to us, it's incremental marketplace we couldn't get into. Long term, we're also rolling out orchestration type services, which will be charged for as Now obviously, our competition are a bit annoyed today that it's free of charge inside our operating system. But long term, we'll add some enhanced features, which allow us to charge for it
as well.
Great. Hi, Brad Zelnick with Credit Suisse. Thanks so much for the presentations. Excuse me, very informative. I wanted to go back to that slide talking about the mix of virtual form factor versus hardware and the small sliver of firewall as a service.
If you were to reflect back to when you introduced the virtual product, I think it's a few years ago or so now, I'd be curious to know how has adoption been relative to what you would have expected? And even more interestingly, looking forward, if we think about where that goes, I mean, this is only a Gartner forecast, who knows what the adoption patterns might be. But can you talk a bit about the impact that it has to your business and why you feel that Fortinet is well positioned to succeed regardless of what that mix looks like?
Yes. So we treat it as the same in some ways. So as I said, the operating system works the same on both. We make it the same. We make all the features the same, make the APIs the same.
So the customer can choose in the end. What I've seen basically is that anything that's facing the Internet that needs to be high performance and hardened, they go with the appliance. Where's virtual machine done well? Obviously, in the data center, east west in SDN. Obviously, you can't take your appliance under your hand and take it into the cloud.
That's all virtualized there. But we've seen resistance. And even this kind of universal CPE concept that people are trying to roll out has not done that well at all. So we still see anything that's facing the Internet to be very appliance focused. So I think Gartner's forecast, it's probably reasonably accurate.
I don't know. We've seen it tracking in the last couple of years to what they've said. But again, we want to be flexible that if you really want to go virtualized. So obviously, the benefits of virtualization is you've got more flexibility and you can bring it up and down wherever you want. But right now, we're up 10x in terms of network speed and about 3x in terms of next gen firewall speed.
That network speed will be 50x next year for us. So that's our balance of performance versus flexibility versus hardening versus licensing. We want to be able to provide both depending on where the customer goes.
Hi, good morning. Brian Essex from Goldman Sachs. Thank you for taking the question. I was wondering if you could touch a little bit on MP7 hyperscale. If you could maybe give us a little bit of insight in terms of where are we in the stages of that?
Is it just in the preplanning stages? Do you have involvement with partners and potential customers involved in that roadmap? And how do we think about the discipline in terms of how you're going to invest in that platform versus what the opportunity might be going forward? Do you have visibility into any kind of a pipeline yet? Or is
it still very early stages?
Yes. The MP7 chip we announced actually has been come back in the summer. We've been testing for a few months. So we feel very confident about the progress and also both on the product technology auditions. We do have a very good market share almost dominant in the care service provider, which they need a lot of high performance data center technology to secure their all kind of huge data or huge traffic there.
And also we do have a lot of other bigger customer, which also using to secure inside segmentation all the security there. So we do working with them. And it's like I said, we do develop a lot of technology including going forward the 5 gs, some other like SD WAN, SDN, some other things with customer together. I think it's in the testing stage, I'd say. Once we announce the product in the next few months so every quarter, we do announce 1 or 2 new products.
So that's where we'll give some more detail. But right now it's still a little bit early, but we are confident about the chip level. And but we're using the chip to build a new system, a couple 2, 3 systems every quarter to announce it. Thank you.
I would say, as Ken says, we've got a system out yet. But think about that MP7, that's one chip. We scale multiple chips across there. And I think my simplest example is research centers when they're trying to send maybe a 50 gigabyte flow between research centers. Today's firewalls can't deal with that.
In fact, they have software built in to bypass it. Most firewalls just bypass it. So we'll start training our sales force those what we call hyperscale applications going forward in Q1 and start working with some of those big, big customers to see if those use cases will work for them.
So I have a question from email from an analyst who isn't here today who couldn't make it. So John, I think this kind of goes back to what you were just talking about in hyperscale. The question is, it sounds like the strategy is to be at the core of the hyperscale network. Does that mean you need to win those entities as an appliance customer, I. E.
AWS needs to put the service provider SP based appliances in their network?
I think initially, it's going to be more for some of the applications, which are more focused on data and transfer of data or some e commerce sites. I think it's going to be hard on the AWS side initially. It's going to be some long conversations. But there's a lot more hyperscalers out there than you can imagine. Some of these universities are building $1,000,000,000 data centers to transfer data.
I was in Europe recently at the World Economic Forum and there was a big debate on how we get this data safely across different educational institutions. So I wouldn't say AWS is our prime target, to be honest, but there's lots of different applications out there, which need this type of functionality that you just can't do today. Just impossible to
put a firewall in the middle of it.
Ken Talanian, Evercore ISI. I just want to talk about the OT opportunity. I saw the Siemens announcement. I thought that was interesting. So 2 part question.
1, you've had ruggedized appliances for some time, but is there any other product initiatives as part of that? And then second, are Siemens sales reps compensated differently than a traditional channel partner as part of that agreement? Or is it does it look more like what we've seen with the traditional 2 tiered distribution?
Thank you.
Yes. So for the OT stuff, definitely a big market opportunity as a lot of those companies are bringing together their physical and their virtual worlds. And I don't think it's a point solution that's going to work for them. Definitely, we have ruggedized devices, but that's only a very small part of it. Another part of it is recognize the applications through our FortiGuard lab service.
And we've had real trouble in getting some of those samples so we know what it is. You can say, oh, it's some sort of device, but you need to know what it is to give it a trust level. Is it something you don't even know about or whatever? So for us, it's making sure we can work with Siemens across all their infrastructure gear, so we can make sure we can tag and identify it going forward. But OT is going all the way from wherever the factory is through the campus, through the network.
It could be edge compute. It could be data. So again, the end to end solution is very important, not just a specific point solution that can identify something. So for us, working with Siemens, it's really our fabric approach all the way from the device all the way into the compute. As for the kind of the business relationship, I think we're still working on some of those deals, so we can come back to you on that.
Hi. It's Atas Kugelgi from Guggenheim Partners. Can you comment on the ASP trends in the last couple of quarters as you've seen growth in SD WAN? Has the average ASP of the appliance changed a lot given the SD WAN growth?
Well, I think we can be charging a lot more actually, to be honest. But the ASP price, I mean, some of our competitors are probably 5, 6x's in terms of their prices. And so we think there is a lot of room to actually increase the ASP. We're extremely competitive, whether it's just basic SD WAN functionality or whether it's a full secure SD WAN, whether it includes that orchestration component as well. So anyway, we see us kind of off for those sort of price that sort of pricing.
But when you compare your own ASP, say, from a year ago, has the ASP now gone up with the increased, I guess, blend of SD WAN
in your So initially, it's more a question of taking market, taking gaining market share in branch offices, which we weren't in before. So initially, so it's a land grab right now. So like any marketplace is happening SD WAN, okay, it's 3 or 4 years old in some ways, but there's still a lot of greenfield opportunity out there we need to go after. So right now, our goal is to make sure we win as much SD WAN business as possible and then build on services on top of that going forward.
I do believe our ASP go up and Keith will have some presentation and give the detail. And also the sales and also partner also be able to sell multiple products also better that's also going to help in ASP. That's also one of the reason our gross margin our operation margin also go up. So we'll have some detailed data present by Keith, so we have a Q and A in the end.
Yes. I think the one thing I mentioned before was SD branch. So definitely the big upsell and cross sell for us is not just SD WAN or secure SD WAN, it's the SD branch sale right on top of that, which is Wi Fi and access points and NAC, for example.
I don't want to steal all Keith's fun in his presentation. We knew SD WAN is going to be a question that we would get. We've been getting it a lot lately. So there's definitely some statistics that Keith will share in his presentation. It's about 11:25.
I didn't build a break in because we only had 3 hours. If you do need to use the restrooms, they are out that door on the left. Please just get up and help yourself to the area. We're going to take one more question and then I think we're going to start again with the presentations and bring up Patrice, who is our Head of Worldwide Sales, followed by Matt Pillay and Keith Jensen as well.
But one
more question and we'll move on.
Sterling Auty from JPMorgan. I just want to sneak one follow-up. Ken, I want to make sure that I understand this correctly. If I think about SD WAN, I think of it traditionally as MPLS replacement, So branch office to headquarter. And when I see some of the charts that you have up there from Gartner IDC, you have SD WAN broken out separate from web gateway.
And I think about that local Internet breakout and that Internet traffic is traditionally being a web gateway portion, so a la Zscaler. So are you at a point right now with secure SD WAN that you can apply all the same policy to Internet facing traffic that you would normally get in an Internet breakout going through somebody's security cloud like a Zscaler? Or is that an opportunity for you to develop additional services and revenue opportunities moving forward on top of what you're doing with SD WAN today?
Yes. We definitely handle much more than the web traffic. And basically, that's one of the SD WAN, they can base on application, based on different type of traffic, have different security policy or networking policy. So our customer base for SD WAN is much broader than the WAF. And at the same time, they're also not just the traditional it's traditional MPLS.
There's a lot of a case whether the enterprise branch office or retail, which they traditionally use in some other 4 gs or some other connection or some other like a leased LAN connect like some different kind of connection there, which using SD WAN can lower the cost a lot at the same time can be more secure, can be more like responsible what application need in real time. So that's where we see a lot of use case. And I think it's because we have like more than 5,000,000 deployment actually we just see so many customers starting interest to use in even some other device already deployed, they're starting kind of using IC1, add some additional service. So that's where some is new sales, some is using existing box to enable some function that also will help and also give us kind of a more like stickiness or whatever more stay close with the customer. So we see it's a very good function helping grow the business and also enable bigger deal and also better service and helping more margin.
Thank you. Again, I would say that our goal is definitely to win that SD WAN controller footprint. We believe you need to protect into the LAN, so you're going to need security services for that. The bare minimum, you're going to need firewall and VPN services. We can add secure gateway if you want that right there.
We can add SaaS data. We can add a whole level of services. We have a lot of customers who have Zscaler as well inside there. So for us, it's winning that controller piece to make sure we can secure the LAN and the WAN and the edge there going forward. And then we'll support different cloud on ramps going
Okay. On that note, who's got the clicker? So next presentation will be actually 2 folks, Patrice Perch from actually based in Europe of all great places, Our Senior Executive Vice President of Worldwide Sales will present and then we'll have Matt Play, our VP of Cloud and Service Providers come up and talk about some of our cloud strategies, followed by Keith on the CFO slides, which is the only reason you're all here. We all know that. And we'll end with another Q and A at the end about 12:30.
Again, if you do need to do the restrooms, that door sticks. I'm going to try to get it to stay open. With that, Patrice?
Thank you, Peter. Now if we need Peter, do we need to wait before starting or? Okay. So I'm Patrice Perch. I'm leading the global sales.
I've been 15 years in the company. Ken asked me to build international business, which we've been very successful. We are number 1, so much bigger than 2 direct completers, both on revenue and unit ship. And we acquired many countries almost like 20% over 20% market share. So and 4 years ago Ken asked me to of course talk about how we can transform the North America market to capture in fact the bigger market size here.
So with all what we have seen in terms of product, I think the company has the best product, and the more or say broadest offering in the market. So and my experience is that it's not in fact the technology that potentially avoid us to penetrate in fact the wider market especially the enterprise market. We have been proving that that's happening. We are acquiring the biggest in fact enterprise customer outside North America. So you have seen that of course there is a lot of opportunity that with the innovation that we bring can accelerate in fact the growth.
We are growing above almost 3 times the market growth. You have seen our Q3 result and since 2019, so very strong, I will say, result. But let me share what has been driving, in fact, this great result and looking how we can even grow faster in the near future. So the product offering, as I was mentioning, is quite unique, and we are unique on the market as we are able to address the 3 market segments. So we are not just only playing on the enterprise segment.
We are able to play on SMB market, enterprise, very large enterprise and service provider. And we have been very strong, especially on North America on serving the main market, especially service provider going up. And of course, outside the U. S, we have been very strong, delivering in fact all the 3 market segments. That's of course offer us a very large opportunity much wider than our direct competitor that are mostly paying on the enterprise segment.
But it's all about sales execution. And the go to market when you address these 3 market segments are slightly different. When you're entering on the mid and the low end part of market, it's mostly sales and the channel motion. And it's of course rely on a lot on the partner. I will come back on this aspect.
When you address the enterprise or the service provider space, we're talking about direct touch engagements. And that's what we have built in fact in the last 2 years. And that's starting to generate a very strong result across the board, but more specifically North America. And so knowing that we are going very deeper on this segmentation per segment, but inside the enterprise segment, we're also going on the verticalization. So we are going much deeper on FSI, Healthcare, Government.
So and we have been building inside our sales organization the motion that address the true value proposition for each of the segment. And that's what make a significant difference on generating in fact constant results and growth. I will highlight that, as you know, that the service provider space has been a bit soft. We have been growing very nicely in North America and that's been mostly driving by enterprise growth. So it's really starting to generate in fact the result of this sales strategy.
So my goal is of course to fuel the engine. So hire more people and be able to align the people, the right people for each market segment. And you will learn that we have a significant white space opportunity. As we have been able to grow very nicely on this enterprise segment outside as I mentioned, North America that's where we are now getting back and capturing in fact a much wider portion. But I will say even if some of our competitor has been maybe strong on capturing the core business or the we are getting back with the edge.
And this SD WAN opportunity also opened the door to enter on this enterprise edge segment. So it's a strong, I will say vector to penetrate enterprise wide, of course, leveraging our platform and the value of the platform. When I met CISO across the world, they all concerned about what cybersecurity can provide as a business outcome. They want to see us helping them to go on this digital transformation journey. So it's all about unlocking, I will say, the digital innovation.
And cybersecurity has been the biggest challenge. The second point is all about how cybersecurity can they need to increase and increase their security posture, but they can't spend more. So how we can also provide cost saving? And there is multiple area where we can provide cost saving. SD WAN is a perfect example where instead of spending a lot of money on WAN and MPLS, you can of course invest on more, let's say, advanced technology that can secure your data and your networks.
So this verticalization and of course segmentation is critical. It has been really the pillar of our sales strategy since now 3 years. It takes time to build the motion. What I'm pleased to say is that we are able to hire the best people in this industry because Fortinet now, especially in North America, we are known as a very strong player. We are onboarding a lot of our strong talent.
So it's capacity, which of course has been driving a lot and Hakan has been sharing this for many, many, I will say, presentations. So really generating, in fact, and we continue to fuel the engine by increasing, in fact, our direct touch team and with the right people. And then, of course, as you can see, it's about how we drive while we're increasing the capacity, how we drive in fact the pipeline growth. So we are of course able to capture new opportunity, especially in fact gaining white space or new customer. We definitely as I was mentioning growing 3 times the market.
So we are of course replacing legacy vendor. So we are acquiring net new customer every week every day. So that's part of the strategy why we will have also a strong reserve of growth by expanding our product for customer that already acquired FortiGate and are expanding with the platform. So let me go to the pipeline grow and where is the pipeline going. So you can see here in this chart that we have been able to grow very nicely in fact our pipeline, thanks to the marketing effort.
I know that companies pursue us more as an engineering company, but we're making a lot of effort and spending on generating in fact the right branding and the right communication to the market. But it's also directly fueled by the investment we did. So half of this growth over half of this growth in terms of the pipeline come from our direct touch team. So it's a direct seller that engaging business customer expanding in fact or present and building the pipeline. About 30% is coming from our channel, which is seen now winning a lot of projects.
So they also thanks to the deal registration portal that we build in place are able to generate also pipeline at about 20% of our investment done on BDR and BDS, which of course drive also additional impact opportunity for us. So of course, we have, as John was presenting and Ken, we have multiple opportunity. The platform, the fabric platform is really embraced by most of the enterprise, main enterprise. So we see, in fact, very big project where we are selling like up to 10 different products. Why?
Because that's provide the simplification that you require, the automation and a better coverage. When you go up on the market, it's made a bit more latency in terms of this and the changing and going for 1 main provider in cybersecurity. So they are more using and transforming their infrastructure by use case. And that's typically the different use case where we are leveraging on the enterprise to penetrate the enterprise where we see clearly that this message about cost reduction, business outcome is resonated very well and becoming in fact very mature even on the enterprise level. So the go to market strategy has been very stable from the beginning.
We decided to go through partners. So we have an indirect sales strategy. Why we invest heavily so most of the what's the investment on headcount is for the direct touch people. So we engage directly with end user, but we leverage, in fact, our anti channel ecosystem to grow and penetrate the market. So we the service and the telcos service provider space as well as we mentioned it was 2 great enhancement.
We use them to leverage both mid market, small market and even growing more on the enterprise market. On the cloud, we have now a very large in fact partnership with all the public cloud provider. And again, this cloud provider are able to address different market segment where we already play. So it's an extension of our say channel community. But the rest of course reside among very strong dynamics in term of the existing strong key cybersecurity, especially SIs and large companies that help to bring this all.
We definitely continue to maintain this strategy, which is really paying off. The challenge we see is that I was mentioning some of the, I will say, SD WAN or maybe cloud vendor on security that try to go to the partner to the service provider. What we see that they are the service provider is losing in fact their, I will say, control to people like Zscaler or the other one. And they see that they have less in value, less in the less value. Why what they're asking us?
They ask us to help building the same motion and also to build based on our technology, in fact to and leveraging the service provider data center around the world to push the same technology to the customer. And that's what's resonated very well because at the end of the day, they have their business to grow and the NPLAC is going out. If they lose the control from the cybersecurity, they will have very challenging situation. So I can tell you that while it was easy for the service provider to click and use some of those provider, they are changing and shifting. And we are there to provide infrastructure to deliver similar services to the end user.
Of course, one way we have our largest, I would say, grow opportunity is on the Global 1,000, a very large customer. So again, here, we have a very great in fact strategy on moving up the market. And you will see very nice result and nice announcement that's coming on this space. So overall, I'll say, we are able to maintain very high growth. Enterprise segment, that's where in fact we are fueling in fact the accretion of the growth above the 20%.
Talking about white space. Of course, you can maybe see, are we limited? So you understand that, yes, we have 3 major opportunity to drive the market. When you look only on the enterprise segment, while we are hiring our people and we have been able to, of course, continue to increase the capacity. We also tried to reduce the number of account they manage.
So it's about sales discipline and be able to have much more focus per account. So we bring more people on board. We start reducing the number of accounts that reps are managing both on a major account manager with target enterprise, but also on the mid market with NEM account manager. And you see here that we have a significant opportunity almost like 2 thirds of the pipeline that can continue to in fact be generating this approach. So what can we do, of course, to continue to fuel the engine?
So it's about capacity. And of course, as we hire new people, costs. So it's how we can get those new reps on board more productive and very fast. So we did invest this year, in fact, heavily on system and tools. So we was using our CRM, which is Salesforce.
We have been acquiring a new module. It's called CPQ from Salesforce, which allow us to do quote to cash. So we continue to invest on system. As you know, we have a significant sales population to increase the productivity and increase in fact the ability to generate revenue on the very short time frame. We also have a lot of data.
We have more than 5,000,000 appliance and over 700,000 customers worldwide. So the data are stored in a system. So what we do with the NDM, we are now consolidating all the data, be able to leverage our salespeople to upsell with the right visibility about what is the current customer inventory in terms of product. So that's another level of growth for the future. Sales development part of, of course, the sales strategy to increase productivity is critical.
So we have also built with the sales training team a lot of value leveraging our NSE Academy to train our own people, but as well training on the sales approach to pitch them how to address these different segments depending on the role they have on the company. And we're also leveraging a lot of new tools to generate customer intelligence to be more efficient and addressing and targeting the customer that are ready, in fact, for those transformation. And also the marketing, we are building a very strong lead, I will say, demand generation team by sales rep, BDR. So we continue to fuel this aspect as well to help driving the pipeline. As was mentioned earlier, it's contributed already by 20% growth.
So it's an important emotion. So again, I was mentioning about the channel. I will say our channel strategy has been very strong and I think we have been considered as a trusted partner from day 1. And that's what I think make the Fortinet successful. You can see here that we have very different profile.
We are about to launch in fact early next year. We announced already Accelerate in 2019 kind of revamping our program to make sure that all the different category of partner can fit and benefit from a business development in fact this program. So and as you can see, we have a lot of accolades and great reward and award from the market in terms of our channel strategy. So I can just confirm that we are very cautious about our channel because that's been driving our business and we are moving with an advanced in fact channel program that will even accelerate in fact the collaboration with our partner. So the fabric really resonates across the board, as we was mentioning earlier.
This chart show you, in fact, how our sales rep are able to sell. So as you see, like almost 2 third of our sales population, including the new high that we hired this year are able have been able to sell more than 5 products of the fabric. So I mean the fabric is really now in the real motion inside our sales organization. And that of course drive the value of expanding in fact the wallet expanding the share that we can get from the customer and of course increasing the value per deal and of course delivering business outcome for our customer. So what we'll do for 2020 as we continue to move forward?
I don't think there is no rocket science here. We are very constant on trying to continue to execute well. You have seen result has been there. We will continue to high and fuel the engine by sales high, looking about where we have white space, how we can quickly put more people on board, getting the best people on market. The goal is to move up also Pataji from 3 to 3.5 times pipeline, so in quarter pipe.
You see my previous slide where we measure every quarter the pipeline and how we grow. So this sale discipline has really landed to a great in fact acceleration of the pipeline. It also give us in fact I would say, a longer term visibility on how we can generate. And I'm sure that will reassure investor about how we control the growth. And of course, focus will be about productivity, as I was mentioning, getting those people on board quick, making sure they have the right tools, we can automate.
So we continue to invest. There's new tools coming on early January that also should help to better control, in fact, this big engine that we have on the sales side. And we, of course, on the sales strategy and product, we continue to sell the platform. So platform resonates and that will be the key focus for 2020. So I know that many questions sit about you are more like an appliance or hardware company.
As Ken was mentioning of FortiWaste, it's very strong. So the engineering team delivering the software is maybe the biggest aspect as well. And not necessarily very well known outside, but I can tell you that's drive, in fact, a lot of value with our customer. Today, we have the broadest cloud offering, private and public cloud offering. So every product that you have seen, which is built on hardware and physical appliance is available on virtual appliance.
And we are able to provide one single pane of glass, leveraging in fact the different scenario to cover the cloud, the core, the edge and data center. And that's what customers are asking for. So but I know that there's of course many questions. So I'll ask Matt to come on board to share more about the cloud strategy, so you can understand that we are very strong here and we are getting share as well here. So it's not that we will if the market is moving out of the I would say the appliance, there will be disruption.
Our vision is that we will be a hybrid and of course a much more complex environment to secure. And cloud is important and cloud is strategic. So let me introduce Matt Clay. Thank you.
Thank you, Patrice. Good morning.
Still morning, I guess.
So some of you were at our Cloud Analyst Day back in August. So I already heard a few questions about cloud, which is fantastic. Sorry, I'll get close to the mic. But I think there is a lot of confusion around cloud or at least questions around cloud. What does cloud mean to you?
And how do you use it? How do you adopt it? I think we're here to solve some of that. So the opening slide that I had back in August was, how do you set the market for cloud? How should we think about cloud?
And how are businesses or enterprises adopting cloud? So I think the first part of this, when looking at how do you get to the cloud, what is the experience while using cloud, such a big part of I think how clouds are used. When you say cloud, is that public cloud, is that private cloud, are those clouds talking together? And so that connectivity is such an important element to the user experience. And then you layer on top of that, you layer on dynamic cloud, which we call dynamic cloud, which is workloads moving back and forth through public cloud and private cloud.
You see, I think, the market data for supporting that is, on average, most people use 1.5 clouds, which I'm not really sure how they got to that statistic, but in any event. So 1.5 public clouds is typically what customers use. And because of that, they're also obviously using private cloud on top of that. And then the cloud really is broad. The landscape is pretty vast.
And I think there was a question about the native integrations with cloud and I'll talk about that in a second. But it is a good point. And then I think we talked about Brad, I think we talked about one time some of the product offerings they have and how do we integrate with those product offerings. So the cloud creates just a unique attack surface. It's not because cloud is bad.
It's just because cloud is used differently from usually ingress, egress coming off an enterprise. And then I think we all know this, but there is a shortage of people in the industry. And so that compounds all of these things and making cloud work effectively. And that's what Fortinet is here to solve. So this is a very busy slide.
So I'll try to talk through this as best I can. But really the solve for us is secure SD WAN to on ramp to the cloud. That's such an important element how to use and get to cloud. And John to your point what you said earlier, I think a lot of people think of SD WAN as a branched to campus or hub and spoke, if you will, back to it. But what we're seeing is actually private cloud to public cloud use.
That's a big element of why people connect I think those two elements together. And we believe that the SD WAN on ramp, the cloud on ramp will serve as a big competitive advantage for us. And then dynamic multi cloud, so private public SaaS, so delivering from the public cloud or down at native services. So the cloud native services for us is that when we talked about our SaaS WAF as an example that's built in AWS. So I think you had a question about some of the native integrations, so GuardDuty or Macie and those kinds of integrations in AWS.
Well, our solutions absolutely plug into there what we call through a connector. So for those automation stitches, we call that a stitch for the automation through the API call into those native integrations. So when using some of the services either native or built natively into the cloud for us as a SaaS offering, those are absolutely paramount to how to work with these environments and then of course CASB on top of that. And then so how we're looking at the attack surface is really offering multiple products together via the fabric. So really taking not only just the FortiGate itself, but then using WAF, using SandBox, some of those native integrations alongside of our products is very important and key in Paramount.
And then single pane and glass, how do you see and view all of this together is the biggest I think challenge that you'll see in public cloud. Having a unified security posture is the key element. So there was a slide that I showed back in August, which essentially showing the broader picture of your environment from a topology view and viewpoint. So it's really not about where you're using or how you're using it and what form factor. It's about how the security enforcement takes place.
And then I just put down a couple of use cases at least from customer standpoint. But I did want to provide how cloud expands our market opportunity pretty uniquely I think in the market. So we do a number of things when we market to cloud and one of the key I think parts of cloud is the web app firewall. So web app firewall for us is you can use it natively or you can use it SaaS based in cloud. And so what we do is we feel that engine by marketing to the impression.
So you'll see 14,000,000 impressions is what we get from the advertisement of cloud. Of those 45,000 visitors come to our website. And then of those 45,000 turn into trials, 3,500 of those turn into trials, which then equals about 1400 new customers. So if you do that, it's about 60% conversion of trials for us. And then on top of that, as an example, 75% of those also have hardware for us.
So this serves as a very big opportunity for us because it brings brand awareness, but it also brings the ability to stitch together multiple products together in public cloud. So with that, I'd like to invite up Keith Jensen, our CFO.
Good morning, and thank you for joining our Analyst Day and our 10 year anniversary celebration. As Matt noted, I'm Keith Jensen, the CFO of Fortinet. I've been with Fortinet for about 5 years. A little legalese stuff to call and follow-up on Peter's Safe Harbor language. Keep that in mind as I go through my presentation.
Also before I start, I'd like to share that references to 2019 full year results are based upon our midpoint of our guidance that we gave on October 31, unless we say otherwise. And of course, financial amounts that we provide today are non GAAP, except for revenue unless we know it otherwise, okay? During the course of the presentation, I'll share some key concepts and metrics that are designed to show the consistency, the visibility and the predictability of our business model. And that together with our diversification enables us to grow faster than the market, increase our profitability and execute consistently. I'll frame up the presentation by starting with revenue and margins, then I'll move on to billings.
I'll go a little bit deeper on a couple of areas like fabric and SD WAN that been talked about, perhaps a little bit on some metrics as well and wrap up with cash flow, some discussion about capital and then of course the model. I'm going to guess red is backwards. That green button. Do you know there's 2 green buttons on here? Big one.
Thank you. This is well rehearsed, if anybody's wondering. Okay. The chart on the left tracks our annual revenue growth. It highlights our combined compounded annual growth rate for the last 3 years or our CAGR, which has been 19%, and that's well above market average growth rates, as you know.
Product and service CAGRs during that same period of time were 13% 23%, respectively. These growth rates are driving the mix shift that you see in services. We're seeing a shift from product revenue to the highly predict more predictable higher margin service revenue, specifically 57 points to 63% of our revenue over a 3 year period of time, so roughly 2 points per year in MVMT. And as we talked, 63% of our revenue right now comes from service revenue. A total of 95% of that service revenue comes from 2 security FortiCare and FortiGuard.
We typically attach these 2 security offerings to each of our appliance sales. And as you'll see later on, we often attach them also to our fabric product and software solutions. FortiGuard is now the fastest growing of the 2. Represents about 55% of that service. If I talk a little bit more about the growth drivers on those two service offerings, I will share with you that we've seen FortiGuard an evolution move from single individual security sales to bundles of securities.
Specifically, FortiGuard now represents about 85% of the mix in bundles. That's up 15% in just over 3 years. In FortiCare Support, we've talked before about the continuing mix shift from 8x5 to 20 fourseven. That mix shift has continued and we expect it to continue. Currently, 20 fourseven represents 56% of the mix, 44% is 8x5.
This slide tells us several things about our business model. The first thing you'll note is our 2 year CAGRs are fairly consistent across geographies. We see APAC at 17%, the EMEAs and the Americas at 19%. We talked in our 3rd quarter earnings call that we had some work to do with APAC related to hiring, as Patrice talked about, increasing capacity and that work has started and I'm pleased with the results. The second aspect of this is that it highlights that we are somewhat unusual for a U.
S. Tech company and that the majority of our business is international, it's not in the U. S. And with that, it sets up a discussion for us about the opportunity that we see in the Americas. We note that 42% of the business is in the Americas, but keep in mind that includes Latin America, the U.
S. And Canada. If you tease out just the U. S. Subset of that, the U.
S. Is less than onethree of our worldwide revenue. And with that in mind, that's why we view it as an opportunity for growth, and Patrice talked a moment ago about the enterprise opportunity in the U. S. Okay, staying with the income statement and just going through margins quickly.
The chart on the left tracks our 3 year trend in gross margin. And a very simple explanation for that is that's that mix shift we just talked about of moving from product to services and the move up that we're seeing in our gross margins. The chart on the right tracks both non GAAP and GAAP operating margins. Our non GAAP operating margin is expected this year with this year to be 9 20 basis points in total growth over that period of time. The driver one of the drivers for this, course, is the gross margin, but it's also the CAGR in revenue that we talked about a moment ago at 19%.
If you look at our revenue growth and our CAGR growth, and if you take revenue growth and add to that the operating margin number, if you will, and you apply the rule of 40%, what's interesting to note is for 8 of the last 10 years, we've ticked above that milestone for the Rule of 40. The second chart on the the second line provides the operating margin on a GAAP basis. Unlike some of our cybersecurity peers, Fortinet has been GAAP profitable and has been GAAP profitable for every year as an IP every year as a public company. Let's pivot to billings. This chart provides a breakdown between FortiGate and Non FortiGate.
As you can see that FortiGate represents or firewalls about 75% of our billings and the CAGR for FortiGate is about 17% for the 3 year period ended this year. Non FortiGate, which includes fabric and cloud, represents 25% of billings. We expect fabric and cloud portion of that to have a CAGR by the end of this year of 35% for that 3 year period. Non FortiGate also includes other. Other is that little purple part at the very, very top.
It includes things like professional services, training and non FortiGate or non fabric products such as phones and cameras and legacy access points. The other portion of our business does not contribute meaningfully, if at all, to our growth rate. Okay, let's look a little bit deeper in what we call non FortiGate. This segment, we've taken out the cats and dogs that are in other, and you can see the mix between fabric and cloud and the dollar amounts involved. Combined, Fabric and Cloud will grow probably a little bit over 31% this year, and we expect billings for the entire year for Fabric and Cloud to be $525,000,000 Okay, we're going to get really detailed and this is designed to ask answer the question of what's what.
People understand what's in fabric and what's in non fabric. If you look at the two main headings, you can see FortiGate and Non FortiGate. And right below that, you see the subheadings or groups of products and solutions that are included in each. And below those subheadings, you see the actual product that's in each of those groups. As John mentioned earlier, our marketing convention is for the sake of salespeople and finance people, 40 whatever it does, right?
It also tells you what FortiCare and FortiGuard's security subscriptions attached to those products. So if you take as an example, underneath analyzer or underneath solutions, you see FortiAnalyzer, very top line. You can see that, that particular solution is included in the fabric group of products. You can also see that it's part of non FortiGate. If you look across an analyzer, you can see that it's available in a hardware form factor.
It's also available in a virtual form factor, And you can also acquire it through the cloud providers on a pay as you go basis. And if you continue on, you can see that it actually comes with FortiCare FortiCard and FortiCare as well. It's a bit of a reference sheet, okay, but I want to make sure that you have an example and understanding of it, and we'll post it to help people understand the business a little bit more. I also want to call out the far left hand side. And there you see our 3 segments of firewalls, entry point, mid range and high end.
You'll also note the numbers in parens. Those are the number of models of firewalls that we provide. That's about 90 different firewalls. I think some of our competitors are about 15 firewalls. I want to offer a couple of points about these 90 different firewall models that we provide.
First, they're designed to address a wide range of use cases from large data center applications, branch, campus and edge applications. The second part of this is that we upgrade and replace our own products, as you heard earlier today about some new chips that are coming out very, very frequently. This internal refresh process is continual. And typically, when a new product comes out, you will not notice a spike in revenue for an individual period. It is a continual process.
One element that's improved to the consistency in our financial performance is the diversity of our business, whether that's by customer segments, whether that's by geographies or whether that's by industries. There's 3 pie charts here, and I'll start in the middle. That middle pie chart talks about each of these our billings for the 1st 9 months of this year. What you see in the first pie chart is that the larger economies dominate the percentage of billings that we have. Specifically, 6 countries, those larger economies represented 51% of our billings in the 1st 9 months.
What's interesting about Fortinet is that 49%, the remaining portion of that came from countries with smaller billings. Specifically, no one country of those 80 had more than 3% of our total billings. Very, very diversified. And part of that is it helps us mitigate when something pops up in a certain country, whether it's a geopolitical event or something else. We often get questions about what's happening in a economy, but with that diversification, you get a sense of why one individual company doesn't necessarily cause us concern when we're setting our guidance, okay?
Moving to the left, you can see the mix of our customers, right? 34% is SMB. We add to that 24% for mid enterprise and 43% for enterprise. I apologize that doesn't total 100%. We'll fix that later on.
Keep in mind that 43%, it also includes the telcos, right? Over the past 2 years, we've seen each of those segments outgrow the market. But with telco included in the enterprise segment, in terms of measuring our actual market growth in the Enterprise segment, if I move the Telco group out, you'd actually see that, yes, that segment would be a little bit smaller, but the move up market that I track would be even larger. Moving to the right hand side is our buildings by geography. Typically, just about every quarter that we look at this, about 2 thirds of our billings come from our 5 largest verticals.
That really hasn't changed. What we have seen is that while we continue to dominate in carrier or pardon me, be a leader in carrier and managed service providers, We see more diversification now in our verticals and that diversification is really coming from outsides growth and other verticals such as financial services, local governments, state governments and international governments. Lots to digest there right now. All right. Staying with our billings, let's review some of the key metrics that we have that have led to our more consistent and predictable growth and margin improvement.
We framed each of these metrics, establishing a baseline and then measuring our actual results within a band of plus or minus two points of that baseline. Or in the case of contract term in the bottom, 2 plus or minus 2 months. The first thing that jumps out at you is if you look from Q3 20 17 onward on each of those metrics, we stayed inside the band. We've been extremely consistent for about 2 years on each of these metrics. Let's go around the horn a little bit and talk about each of them specifically.
On the top left, we have renewals. This sets as a baseline our average renewal rate for 3 years and then establishes guardrails sort of plus and minus 2% of that renewal rate. Having now explained it a bit, you can see that for over 2 years, the renewal rate has remained very, very consistent. We stayed inside the guardrails. Moving clockwise to the top right hand corner, we use a similar concept here, but in this case, it's our 3 year discount average.
So again, I've established a baseline, put 2 guardrails, 1 plus two points, 1 minus two points, So you can see how we're comparing on our discounting period over period and the consistency of it. One twist here, when that particular dotted line moves down, that's a good thing in this chart, okay, less discounting. Moving down to the bottom right hand corner. This chart illustrates the predictability of our service revenue. It tracks the percentage of service revenue each quarter that was recognized from deferred revenue as of the beginning of that quarter.
We've talked publicly that it's at least 90% every quarter. So remember, we're shifting more and more of the revenues to higher margin, more predictable service revenue. In terms of predictability, you can see each quarter when we start off and I'm setting guidance, I know where 91% of my service revenue is coming from. It's coming from my balance sheet. Lastly, and back over to the lower left hand corner.
In this chart, we're showing our average contract term or trend. You can see that for a period of about 18 months in 2016 to 2018, our contract term moved up about 4 months from 21 months to 25 months. That's a 20% increase. And for the benefit of all the sales people who have joined us from my New York office, I keep track of this because I judge the quality of your billings. I judge that same quality use discounting in the same way.
During discounting contract term, I have a pretty good idea of the quality of the billings that we're seeing each and every quarter. I mentioned earlier that we've been in the Rule of 40 Club for 8 of the last 10 years. The last time we were not was 2017. It's interesting when you look at 2017 on this particular chart, you see that 2017 was a period of volatile discounting, higher renewals and increasing contract terms.
Okay.
So is my ASP going up? Yes. That was the question. ASPs could go up for a lot of different reasons. Distributors can order in larger quantities.
We can change the price list and so forth. But yes, ASP is going up. What I have for you here, I got to
get on the right page, I apologize.
So what I've done in the left hand chart, what we've done on the left hand chart is track deals over $500,000 and deals over $1,000,000 The $1,000,000 deals are in the dark blue. Keep in mind, we've also talked that no one deal since Q1 of 2017 has represented more than 2% of any quarter's billings. So I have a lot of $1,000,000 deals, but they're not multi mega $1,000,000 deals, right? The chart on the right represents the dollar value that we received from the $1,000,000 deals. You can see that in the for the 1st 9 months of this year, the total is $268,000,000 which is up about 34% year over year.
We yes, we do see our newest firewall use case, secure SD WAN, providing a tailwind to these metrics. I say the newest firewall metric, and I'll pause here to emphasize 2 points and follow on comments that have been made earlier this morning about the history of the FortiGate firewall. First, the FortiGate firewall has shown to be the cornerstone for consolidating security functionality over an extended period of time. And second, with the ASIC compute power, this means expanding capacity. Expanding capacity means adding more functionality.
Most recently SSL encryption, de encryption and secure SD WAN. And now for the star of the show. Okay. Industry analysts have been very kind to us recently talking about our secure SD WAN solution. In the Q2, they noted that our market share had basically moved in 1 year period from 0% to 11%.
They commented that our secure SD WAN billings were about $45,000,000 in the Q2 of 2019. And they've also pointed out that we're the only firewall vendor that has secure SD WAN functionality built into the application. Secure SD WAN has been a feature in our operating system for a few years now and it's really come to life as companies have recently focused on securing the edge, minimizing the number of applications that they have to manage and reducing their MPLS and other transportation costs. The chart on the left provides year over year billings for the Q3. It also breaks it down into product and service mix.
The product is the light blue chart bar and the services are the dark blue bar. When you look at our largest deals represented here, those deals over $250,000 The mix between product and services runs 35% thereabouts for product and 65% for services. A few things to note then. As we've commented before, we do not charge separately for a secure SD WAN. It is built into the operating system.
It is part of a firewall sale. That product and service mix I just gave to you is very similar to other product and service mixes for all of our other use cases. And in terms of revenue recognition, it's just like everything else, product upfront, services over time. So now more detail about Secure SD WAN. There's a series of pie charts that are based upon our billings for the 1st 9 months of this year.
It'll give you a sense of some of the characteristics and the customers that are acquiring secure SD WAN. I'll offer probably a point on each of these. First, the pie chart on the left provides the firewall mix. Again, it's part of a firewall. You can see that 25% of it is, pardon me, high end, but the majority is mid range at 44%.
In terms of geographies, as you typically see with a newer technology sale, it's dominated first in the Americas and then the European continents with APAC to follow. And that's the purpose of the 2nd pie chart. The 3rd pie chart tells you what type of customer we classify them as small business, medium sized or large enterprise. And yes, it is obviously a larger enterprise sale. And yes, again, it is opening the door and creating opportunities for us inside organizations that we currently or previously were not a part of.
So John and I are going to have a debate afterwards about how to measure fabric partners. He's in the 100. I'm not quite there yet. This is a subset of our fabric partners. I measure that at 74 currently and we're growing those at about 50% per year.
We'll probably retire this metric, but I want to make the point while we're here about the importance of our fabric partners, right? The fabric partner program enables other security vendors to integrate their technology into ours and provide greater automation and centralized management. No matter how John and I count them, that's the purpose. Strong billings, deferred revenue growth, profitability and better inventory management have all contributed to a significant step up in our free cash flow margin. Specifically, we've gone from 24% in 2016 to year to date this year at 39%.
We expect deferred revenue, one of the largest drivers to our free cash flow, It will surpass $2,000,000,000 this year and it will grow over 20%. Historically, we've been described as a build versus buy shop. And I think we've made the point today that this strategy is consistent with our belief that it's critical that the fabric platform remain tightly integrated to the product suite. It's no surprise then to see that we spent about $850,000,000 in R and D since 2015 or that we have over 600 patents outstanding and that our M and As have been largely described as tuck ins.
When you look at our
tuck in M and As, we've used about $100,000,000 since 2015 to acquire technologies like SIEM, Endpoint, NAC and others. In terms of returning capital to our shareholders, starting in 2017 through the end of Q3 of 2019, we returned about $773,000,000 of capital through share repurchases to our shareholders. And that's about 40% of our adjusted free cash flow during that period of time. And Ken wants me to make sure I make this point very clear. Last week, our Board of Directors approved an additional $1,000,000,000 for share repurchases, bringing the remaining total that's authorized to $1,600,000,000 The Board also extended the expiration date to February of 2021.
No changes to guidance for Q4 or for the full year. And this is a legacy slide that helps with some of the modeling of 2019, if you're looking at it for any reason. One item to note though is that I have added to this slide a first look at total CapEx for the year 2020 at the bottom. The second building of our campus is scheduled to be completed in the Q4 of 2020. We expect to move in partially in October and again to the rest of the company in November.
As such, we expect elevated total CapEx in 2020. A few years ago, we described a balanced operating framework that we want to operate in. That included increasing revenue faster than market and increasing our profitability. The table on the left grades our performance on that first element, revenue growth faster than market. We expect to organically grow the cybersecurity outgrow the market by more than 7% on average from 2017 to 2019.
The chart on the right evaluates our performance on the second element of that framework, increasing profitability. Here you can see the expected margin improvement over the 3 year period of time taking us to 24.3%. Clearly, we're pretty pleased with our execution. All right. With that in mind, let's talk about what we see for the next 3 years.
And as I tee this up, I'll say, including the 2019 guidance we noted earlier, again, that rule of 40 tests, you take the sum of revenue growth and the sum of margin, 8 of the last 10 years, we've been in the rule of 40. So with that in mind, our expectations for the next 3 years, we expect billings and revenue growth to be at least 15% in each of those 3 years. It's organic growth and yes, it's higher than the current Street estimates for each of the next 3 years. We expect our non GAAP operating margin to average at least 25% over the next 3 years. We will provide more detailed guidance for 2020 in our Q4 earnings call in early February.
In the interim, I'll offer just a little bit of commentary about setting these expectations in our modeling. Multiple factors were considered and we determined our expectations, including market growth rates and our ability to continue to outgrow the market. When looking at market growth rates, we also consider that IT budgets will continue to grow, but the security portion of that budget will grow faster than IT budgets as companies continue to prioritize their security spending. We're looking at our ability to outgrow the market, We consider our ASIC advantage. We believe we'll continue to have a lower total cost of ownership and that the security compute advantage will continue to provide an advantage to us.
We believe we'll continue to add new firewall use cases as we have done with secure SD WAN. We expect revenues from our existing fabric product suite to continue to grow and we expect to add new products to the fabric suite. And we plan to continue to increase sales capacity in consideration of our pipeline growth and our revenue growth. As a result, these models indicate that we will continue to achieve the Rule of 40 in each of the next 3 years. All right.
The next slide kind of summarizes the drivers for our business, and I'm going to leave it up while I invite Ken, Patrice, Matt, John and the rest back up for questions, okay?
Okay. As I said earlier, the goal is to end at about 1 o'clock. We're at 12:21 at this point. So we've got about 40 minutes for questions. I'm sure you guys can fill it.
If not, we'll finish early. But we will start taking questions The panel again, guys, on the podium, please do use the microphone so they can hear it on the webcast. And for those that have questions, please wait for the microphone. And as a reminder, the slides should be up momentarily.
Hi, Sterling Auty with JPMorgan. So just on that 3 year guidance, I think the one that immediately jumps out a lot of us is the operating margin. If you're 24.3 percent in 2019, you're talking about greater than or equal to 25% for the 3 years. How should we think about that? So how much is the greater than versus the equal and where are those investments going to go?
Well, first of all, Sterling, you told me you're leaving early today and so we made sure you got a chance to ask your question. So you can leave now. I think that, again, I thought we I purposely framed it up by showing the operating improvement, operating margin improvement with a slide preceding it. I believe that we feel continually, we feel very good our ability to continue to improve margins while continuing to grow the company. I think the next logical step we've gone through, I think a very nice quarter in the Q3.
We raised our guidance for the Q3. We provided the long term model now, which I think represents an increase. And I think the next time really talk more in-depth would be in our guidance that we've provided in the Q1 of 2019.
Keith Bachman from Bank of Montreal. I'm always confident by the fact that I don't think you'll forget my name. I had two questions. One is the follow-up though on that I asked previously. I appreciate you indicated that SD WAN billings have grown 5x.
But I come back to how do you know? And again, I go I assure the largest
customers are you probably have pretty good feedback,
but the breadth including
Yes. I think the
what we don't know is,
Yes. I think the what we don't know is if a customer has an existing firewall on prem and they're going to convert that to secure SD WAN, we don't have visibility to that, right? So what you're seeing in terms of this growth and what Gartner is talking about in terms of our percentage of the market share, that's excluding whatever may be happening behind the scenes inside of an organization. This is just the purely additive part of the business that I'm getting paid for. Right.
So it could be larger? Yes. I would expect that it is, but I don't have visibility to it.
Okay. Then thank you. My follow-up question is just talking a little bit about fabric and how should we think about that in terms of customer segmentation?
So in
other words, for email or SIM or those kind of areas, is that more of an SMB solution? Because I was impressed by the when you talked about the number of sales reps and the wins they were having. But if you could just help us think about enterprise versus SMB in terms of the adoption of fabric and where you're actually gaining traction? Thank you.
I may ask Patrice a little bit to comment in terms of where he's seeing the sales. I will before I do, I'll offer one anecdote that we were out visiting with customers in the Pacific Northwest recently and some very, very large organizations up there obviously. And there was really within that very large company set a polarization. I mean, I had certain scientists tell me flat out, we are a best of breed shop. We don't care about platform products.
We don't want to talk about it. And I had other sizes from equally large companies say exactly the opposite in terms of the enterprise. But do want to talk about it, please? Yes.
So we do see a strong adoption about the platform to the fabric, selling on like 6, 7 different product to the enterprise segment and the enterprise segment. So they may be moving a bit faster. Why? Mostly because there is a scale shortage worldwide, so they need to automate and that's what and also we drive a lot of the cost benefit. When talking about the enterprise, we mentioned about the branch and the I will say the next generation age branch.
And where we're selling here, we're not just selling FortiGate. We're replacing Cisco AP. We're replacing switches from Juniper. So we're expanding in fact the branch. Those customers are looking I'm talking about very large customer, large branch, large financial.
They are looking in fact to automate the branch without any like the 0 touch deployment and everything which is managed. So that's part of the fabric expansion that we see and driving a lot of, I would say, revenue. And last to maybe answer about, do we have our customer using existing FoliGate to do this SD WAN? If you have seen the chart from KISS, you see that there is the model that we're selling is more and more mid and high end. So the need to manage those different device inside the edge is quite important.
So they need also to refresh the hardware. So I think we mostly see, in fact, new business coming on this SD WAN.
Hi, it's Greg Moskowitz from Mizuho. Keith, on that SD WAN pipeline chart that you showed, I think you made a mistake. The Y axis actually was not included. So just wanted to
I apologize.
So two questions for you. First, in terms of the billings and revenue CAGR over that medium term basis over 15 percentage, you said it is north of where the Street is at this point. At the same time, you have a recent you have a competitor who very recently talked about a 20% billings and CAGR billings revenue CAGR over that same time period. Now you have a lot of tailwinds associated with your business, not the least of which is SD WAN. So I guess the question is, are there any perhaps offsetting headwinds that you think about that might kind of sort of take that average growth rate down to mid teens as opposed to higher over the next few years?
Or is that just some function of conservatism? And then a second quick question, just a clarification on the CapEx for 2020. How much of that $210,000,000 to $230,000,000 is related to the HQ as opposed to being maintenance CapEx?
I think you can I'm going to take the second question first, then hopefully forget the first one because that's what John said I could do. I think the building will run about $150,000,000 and you can probably put about $60,000,000 of run rate on top of that and then give me a few extra bucks as we continue to expand the organization. What was the first question? Growth. Look, I think without going into specifics of what we got into very specific modeling when we built the model, I don't think that's this is the appropriate place to have that conversation.
And without tying any of my commentary to the specific percentages, I would say I feel very good about the team's ability to execute going forward. When people ask me what do I worry about, what keeps me up at night, it's a black swan event. It's not something that I'm seeing from competitors or something else. It's something that I just don't anticipate that's extremely unusual.
I think one of the things that Keith pointed out in his presentation was that our guidance for revenue growth for the next 3 years at 15% plus is all organic. There are no acquisitions built into that guidance as opposed to maybe somebody else's guidance.
Thanks. Thanks guys. Saket Kalia from Barclays. Thanks for taking the question. Maybe 2 parter on the same topic here, right?
So Keith, can you just talk about what your assumptions are around public cloud as part of the midterm model? I think it's about $124,000,000 in billings as part of the non FortiGate. That's the portion that I'm specifically referring to. And perhaps what the profile of those billings will be meaning pay as you go versus fixed subscription, right? So that's the first question, essentially on pricing around that, right?
And then secondly, maybe for you, Patrice, just as you're out there with customers, how is that preference for pricing evolving as more customers adopt virtual firewall? Is there will the market gravitate towards 1 or the other? So that's the second question.
Yes. I think in terms of perhaps not answering Saket, your question, all that directly. Part of the analysis we're going through and building the model is looking at what growth rate assumptions are for the different TAMs that we talked about. I think obviously given the history of the company and the product suite that we have, we can look at the standalone firewall market if you want to call it that. We know what that percentage is.
We feel very good about our ability to grow at that rate and above. We can have a discussion with Gartner about whether or not SD WAN actually belongs in a separate Magic Quadrant or separate TAM or not. But I think we have pretty good visibility in terms of what our expectations are for secure SD WAN. When we look at cloud, I think we also again some of the I know what my cloud growth has been. I know what the market growth rates are expected to be and that can layer some of that into it.
And yes, there's a lot of what if analysis that go into that, a lot of Monte Carlo type work, if you will. But I think we're in a comfortable spot doing what the market is going to grow at and what our expectations are.
So to answer to your question about the cloud, so we do see, of course, demand about VM. You see the large enterprise of course are now embracing about the cloud and moving workload to the cloud, but they still have quite an extensive, in fact, infrastructure or whatever on the core data center and the edge. So if we look from the mix about, we'll say, when we re embrace the untie, I will say, attach your files and providing the fabric, we are about like 10% of the VM and the rest is more appliance based. So it's really about depending on use case. If the performance is required, they may go with better I will say ARI on using the appliance.
If it's more like VM, that's maybe also a bit more agile and all the automation that's already in it. So it's really the different use case may land to different choice. But we see of course adoption on VM and we call BYO property license on this one. The on demand is more like if you look from the large enterprise, they may have project where people are starting evaluating and using in fact those cloud public cloud provider. That's where they consume in fact on demand security.
It's not necessarily long term investment. So at some point, they look about the overall cost may go for better than license. Or I will say that overall, the shift about the cloud is a bit less than expected because there was a lot of noise on here. Maybe behind the scene is the cost of this because it's to deliver the same performance, to deliver the same value, you need to invest a lot on, I will say, generic computer computing. And that's what may be driving a bit the challenge.
And the perception about the cloud, which is secure, it's also a big challenge because people feel that, okay, because the global private provider, they have the right security. They may have the right infrastructure to do and high availability, but not securing the cloud. So all this aspect in fact is I would say slowing down this exchange. And we do see in fact a very hybrid environment.
I'm just going to add one point to that. So in public cloud, you can do for enterprise, you can do what they call private offer. So private offer is not show up to marketplace and buy, but rather work together in tandem with the cloud provider itself. Then additionally, what we're layering on top of that is going to market with our channel providers or channel partners, I should say, and a program called CPPO. So it really accelerates the adoption and a broader message with it can be hardware and software together, it can be private and it can also be public altogether.
It's a pretty unique offer and we're kind of first in from that perspective.
I had a question for Keith and a question for Patrice. So Keith, I'll start with you. I think about the discounting slide or the chart on the discounting rate that you put up. And then I also think about the mix shift you've seen on the Forta Care side. So that's naturally giving you a pricing uplift.
But on the FortaGuard side, as you consolidate a lot of this functionality, as you talk about lowering the TCO to the customer, it seems like there's a disparity between what you are charging on the bundles today versus your theoretical ability given the consolidation of the automation and all these other benefits that you're providing. So I wanted to understand to what extent pricing power is contemplated in your forecast going forward, I. E. Outright pricing increases, because I don't think you've done that in a while?
And we do not in terms of the modeling, I do not ascribe anything specific to increases in pricing.
And a question for Patrice. As you move into more networking oriented conversations for the SD WAN type of sales capacity that you're bringing online? Is that profile very different from the direct sales hire that you maybe hired 2 years ago?
Yes, it's a good point. Especially the SD WAN, so which started almost 3 years ago, it was more like a networking discussion. So I think with the network, I will say, networking people within the enterprise. So on the large enterprise, we definitely have these 2 different groups, security, CISO groups and then the networking. And I will say that we definitely see a lot of conversion.
So very large banks are starting to in fact consolidate this aspect having network security in fact approach. But what we have done is we have been of course training our salespeople very specifically to start engaging with the networking tool within the enterprise. That's what's landed to this discussion because otherwise if you stay with the security buyer, you may be stuck because a lot of decision reside on the networking side. The announcement we just released today with Orange, so one of the largest European in fact player in this space is with the networking side, the people selling 1. So selling the in fact the connectivity.
So it's not the cyber defense, which have different business unit. We do have a lot of engagement with them as well. But just to show you that you're right, you need to address a bit this market. We see a conversion between the two roles, but the sales motion has been and the sales team has been trained to address in fact the 2 markets, which of course we discover a lot of legacy Juniper, routing, all very long product that have been at the branch. And there is definitely a discussion about refreshing the branch at this anti environment.
Hi. Michael Turits from Raymond James. Keith, back to margins. The guide one way or another no matter how you take that 25% definitely contemplates less annual increase or expansion than we had in the prior 150 to 200. So how should we think of that?
Is it just that you were starting off a lower base a few years ago, you're getting closer to long term margins? Or is it a different philosophy relative to balancing growth and margins at this point?
Yes, I don't think it's a different philosophy in terms of balancing revenue margins. I think it is just starting from a different starting point than we were 2 or 3 years ago when we sort of let out the framework. I think this notion of balanced revenue growth together with increasing profitability has benefited the company very, very nicely for the last several years and I would expect that we're going to continue in that direction. And I think that's why in the commentary about what went into the guidance, I made a reference to increasing sales capacity in consideration of first the pipeline growth, but also the revenue growth and I'm alluding to that there.
And then just a quick addendum to that. I think you can help us out with relative to expansion in cash flow from ops margins. Should they be at the same pace as
Yes. I think we did a very good job a couple of years ago in terms of changing the inventory turns on management. Drew did a very good job of that. If you look at the large drivers, I mean profitability and margins, of course, will be a large part of it. Buildings growth will be a large part of it and the inventory management.
We're not anticipating anything, any dramatic changes in our business. We're not expecting to change contract terms or things like that. Obviously, you saw the slide up there. If you go to a shorter duration, it does have an solution tends solution tends because it's an enterprise sale to tick up just a little bit longer in terms of contract term. So you get a little bit of a lift there, but we're not really seeing anything else other than that.
One quick public service announcement. If you are leaving or as you do leave, please make sure you grab 1 of the Forta bags with
a Florida
hat. And then as you register, it is a Florida hat, it's a Florida hat. And then over on the left by the windows, if you pre register, you register for a jacket and a size, they are arranged by size. Please grab one on your way out. Also more importantly, we have Florida Cupcakes to celebrate our 10 year anniversary as a publicly traded company and box lunches are out.
So please do grab them. We have this room for a little while afterwards, so you can see here if you'd like to have lunch and mill around a little bit, although some of my management teams got to travel, so they may be departing on me. And we'll wrap up in a little bit. I forgot who I was going to next though.
It's Brian Essex from Goldman Sachs. Thanks for taking the question. Real easy one for you, Keith. Cash on the balance sheet is now 11% of market cap and I heard you highlight the share repurchase authorization. Is there a level where you think you might get kind of I guess maybe if you can frame out how you think about capital efficiency?
And is there a level where cash might get to a point where you might be more creative? And how do we think about and I've gotten a lot of questions from investors recently just kind of setting the baseline of how you think about deploying cash and capital?
Well, as
Peter reminds me, prior performance is not an indicator of future performance, right? So I think, again, we've been very committed to the tuck in strategy and to the notion of the fabric and the FortiGates have to be tightly integrated. The types of acquisitions that we've done, whether it's the SIEM acquisition or it's the NAC acquisition or even in silo most recently, typically to emphasize that point, we're in the market typically at $20,000,000 to $40,000,000 and they may have 30 or 40 engineers. These are companies that we feel very good about that we can integrate them very, very quickly. And typically, we have some sort of prior relationship with them.
And Silo was a fabric partner. Bradford was a fabric partner. Xcelos is probably a fabric partner. So I think we're trying to derisk it in that regard. I think we're very, very committed to it.
The second part of your comment is, okay, the buildup of cash. And I think that I would not say that any one quarter we're going to set out milestones or guardrails to use a term from before in terms of how much cash we'll deploy each quarter to buy back stock. When when you look at us over an extended period of time and be able to say that over 40% of our adjusted free cash flow has been returned back to the shareholders in the form of buybacks. I think we feel very, very comfortable about that strategy. Ken, do you want to say anything about
Yes. Dan Ives, Wedbush. Ken, specifically a question for you on 5 gs. I mean, where do you think Fortinet plays on 5 gs in terms of sort of next leg of growth? It seems to me like pretty well positioned there.
I'm just interested to get your thoughts.
Our engineers are already working on all this technology solution. It depends on how quickly this business may ramp up probably can different country region may ramp up differently. Because with our experience like from 10 years ago integrate Wi Fi into FortiGate, But 10 years ago, we had our size too small impact, a little bit small, the market will be not quite mature enough within the enterprise. They do deploy a lot of Wi Fi, but the security Wi Fi is not at high percentage. But now we see the trend starting come up.
And also starting like 4, 5 years ago, the SD WAN development. And also we do have an SD WAN development also in the past, but also that market also not quite take off. So we do have the 5 gs keeping developed and also working closely with all the carrier service provider, but also will be dependent on how quick it ramp up. Some other I think some countries also U. S.
Probably starting ramp up a little bit quicker sooner, but that also kind of match our other strategy like IoT, some other edge computing. So we do believe we are leading this space and we have a very good opportunity once the whole business ramp up.
Thank you.
So I can add for the customer
Sorry, Peter. Just to add on the 5 gs, because I think it's an important topic. So the typical use case of mobile security which is currently 4 gs and 5 gs, we talk about GI firewall, CGNAT, SEC gateway. So we have of course in the past doing a pretty strong in fact solution providing to the customer. So we have both the solution available on virtual appliance and on physical appliance.
5 gs real protocol the change will make complete game change is not yet set. So there's still discussion about to find this protocol and I think all the parties agree. So when we talk about 5 gs today, it's mostly in fact leveraging the 4 gs technology and I think a bit higher speed in fact on the antenna. But it's not necessarily yet leveraging the full power of the 5 gs. So we have a very strong collaboration with those very of course key integrator and provider of the 5 gs technology such as Ericsson.
We recently signed also early this year an agreement with them. So we are co working deeply with them to make sure that the security is tightly integrated on the 5 gs. So we I can say that there was a question about NP7 use case. We have already used case as we were we have been putting in fact the CGNAT and all these GI firewall function in the ASICs, which will deliver in fact the performance that those mobile provider is asking for. So that's one of the future use case of the 5 gs.
So there's much more to come on this 5 gs. And overall, the sales part has been, I will say, pausing in terms of investment. There was a lot of investment about the infrastructure, but they are now in the next, in fact, 2, 3 years, they have to invest very soon about the infrastructure and the security.
Yes. I was speaking in Geneva this week about 5 gs. And think about 5 gs, one of the big differentiations from 4 gs is just the number of devices connected. Instead of 100 and 1,000, it could be 1,000,000. Think about the bandwidth for high speed video and think about the latency for edge applications.
Those are all the attributes of RMP7 and that's why we built it.
Okay. Again, I can vouch for the cupcakes. They're delicious. If you did arrive late or did not, I might have missed you on the registration. There are extra jackets and hats and things.
So please
do get one as well.
Happy tenures. This is Yi in for Shao Wu with Oppenheimer. I just have 2 quick questions, one for Keith and one for Ken. Keith, I just want to try the thank you for the slide with the guardrails on the discount as well as the long term contract. Can you give us a little bit more color on what drove the outperformance in the less discounting as well as the longer duration of the contract?
Is it because of newer innovation? What's the driving factor behind that?
No, I think that we thank you. I think we talked publicly, if you will, almost 2 years ago that a couple of things that Patrice and I were going to spend time with from that point forward was looking at contract duration and discounting. We do spend a lot of time talking about it and messaging it and reporting on it internally. And I thank Patrice and his team for doing a very, very good job with it. I don't know that there's something I guess I would offer on discounting when you come into a bake off and if you already have the lower TCO, you already have the cost advantage that comes with the ASIC chip.
We do try and spend some time making sure our salespeople understanding that going deeper and deeper on discounting is probably not something that we would think you would normally have to do because you're already in a winning position there. It's really probably more about selling the value at that point in time than there is in discounting. Patrice, do you want to talk about? Yes. I'm sorry.
It's also as the sale, I'll engage much more earlier with the accounts. So you're not like coming late on a project where offers about price discussions. So we drive really value. We sell the value as we're engaging more upfront with the customer, so in time of the project.
Thanks, Keith. Thanks, Petrice. And Ken, just more general question in terms of the IT spending environment. We see some noise in our Western Europe politically as well as certain parts of Asia. Can you give us a little bit more color on the general IT spending environment?
Has that impacted any of the region? And with the understanding Fortinet is very well diversified?
For some traditional firewall vendor space, sometimes they do get more pressure like in certain countries in Europe, the spending take longer time to slow down. But for us, we also opened up a lot of new opportunity like all the SD WAN, like some other like IoT security, some other more broad cloud offering. And also you can see a lot of SD WAN also helping the enterprise most of the company enterprise lower their costs. And also the trend also the NOC and SOCs that in combined, the network operation center and security operation centers that are more combined, whether in enterprise and the service providers. So the trend actually helping us.
So that's why we're keeping gaining market share grow faster than market. You can see 2018 the market grow like 12% 2019 probably estimated about 9% to slow down a little bit. But for us, we don't see slowdown. So because whether technology advantage or for the new trend much better and also we have quite strong R and D both on the culture, on the team, on the product side also will help us to lead in the trend, because security and networking is starting like security expanding to inside the company, inside data center and also expand to the one side and not just traditional border security. That's most of our competitors still stay there.
And also the move to the cloud also kind of tricky. We have quite some presentation, quite some discussion with both cloud providers, service providers and customer. So we also want to make sure, so we have a good position and also more long term invest growth in this space. Thank you.
Hey, guys. It's Kas Khozalgi from Google Home Partners. Can you guys comment on the refresh cycle of the appliances? And has that helped any growth in 2018 or 2019? Because across the board, 2014 2015 were good growth years for security.
Has that helped at all in driving your growth in 2018 2019? And Keith, on the earnings call, you deemphasized the refresh impact on your growth. Can you give more color on that?
Yes. I think the when you look at an internal refresh cycle or external refresh cycle, try to cover that off in today's presentation by noting that when you have 90 firewalls, you do some quick math and assume they have a life of say 5 years, that tells you that you're revving a lot of firewalls every year, right? And so it's unlikely that any one firewall is going to do something dramatic into our revenue stream. So from an internal refires cycle, it's just steady state. We use a description of like painting the Golden Gate Bridge.
You start at one end, you go to the end, you finish them. 1 of my competitors stole that from us. So we have to find another explanation for it. But that's really what's going on there. And then in terms of the external product refresh cycle, if you want to look at it that way, I said the impact to us is muted.
And I would offer 2 comments about that. One is I can look at what I would call as my internal renewal opportunity at the start of every year. So if you go back and say 2014, how much did I expect to renew throughout 2014 and look at 2015 2016 in the same way, that metric is very linear. And if I had a refresh cycle that was happening internally, I would expect to see a spike. If I sold a bunch of stuff in 2014 or 2015, it would age out and 2018 it would come up from renewal.
It doesn't it simply doesn't exist. I think more importantly is that keep in mind, we really probably were not viewed as being in the enterprise market space during that last refresh. And so those large legacy enterprise customers that may be going through a refresh cycle currently with a legacy firewall incumbent is creating an opportunity for Patrice and his team to come in and compete during a very high price renewal conversation, if you will. Yes. And I think when you have 400,000 customers, you get the law of big numbers and it's difficult to see that there was a spike.
I mean, was revenue growth in 2018 strong? Yes. But particularly in the U. S. Keep in mind, we had tax reform, we had capital was available, the carriers had a very good year in 2018.
I don't know that I would really ascribe that to a product refresh cycle, if you will.
Mandeep Singh, Bloomberg Intelligence. I just wanted to hone in on the point about partnering with cloud vendors and service providers. Is identity management one of the solutions that you would be looking to add just to kind of complete the platform or is there anything else you want to highlight around integrating with cloud and service providers? Thank you.
Good question. So our 0 Trust network access consists of endpoint security. It consists of identity and it consists of NAT. And we think all 3 of those components are important. If you haven't got anyone against it, you need to use one of them.
So making sure every user, you have that identification coming on. If you've got a client in there, that's great. If you can't see it at all, then maybe use the APIs on the NAC. So we feel like identity, NAC and endpoint security, all three components are needed. In terms of partnering, we also make our products also multi tenant and API driven.
So any one of our MSSPs or service provider customers or even cloud customers can use that. Obviously, there are standards like SANAL right now, which are going about, which will also help as well. So definitely, identity is a component of our fabric going forward.
Public Service Announcement Number 3. I don't know if you've noticed Ken's tie. It is a 4 to tie. I point that out only because John is not wearing a tie.
Hi, Ken Talanian, Evercore ISI. Keith, one for you. Just as we think about the midterm targets, do you expect any meaningful change in headcount growth relative to what we've seen in the past few years?
Ken wants me to hire
more people in finance, if I'm not mistaken.
Well, perhaps not. No, I don't expect other than that, no changes. And I guess just a quick follow-up.
Do you have any changes in expectations around free cash flow conversion relative to the next 3 years? No.
And I think really if you go back to what are the drivers for our free cash flow again, net income, billings, inventory management. And we're not expecting anything significantly different inventory management and we're not expecting anything significant different in contract terms. Great. Thank you.
Melissa Franchi, Morgan Stanley again. Keith, you mentioned that new appliances generally don't tend to drive an uplift in revenue because it's just a regular cadence of releases. But given the new chipset that's coming out, it does seem like it's a material change in the performance and it's enabling new use cases. So with the new appliances on the NP7, do you still think that's the case that you won't see increased activity around those new appliances?
I don't think I said we wouldn't say increase. I said I don't think we see spike, if you will. I wouldn't say that just because we're rolling out, say we rolled out the 1100 or the 2,200 or something like that. The next quarter there's going to be a dramatic spike in revenue. Typically what you're seeing is that we're refreshing our own product line.
So using the 1100 as an example that E product replaced the D product. So the D product is going down, the E product is going up. I'm going to hand it off to Ken and John if they want to talk a little about NP7 because there is a process of 1 announcing the chip and then getting the chips into the product. And in terms of actually modeling that to be dramatically different, I don't think that the advantage that we have conceptually with NP7 is significantly different than we had prior generations of the chips.
Yeah. I think MP7 definitely will open up some new market opportunity, which we are starting working with some customer right now. And at the same time, they do refresh the current product, but will take some time, you're like 2, 3 years gradual refresh, just like in the previous generation. So we have 3 chip. We do have SoC.
Now it's SoC 4. We have a CP content processor. Now it's content processor The content come up probably like 1.5 years ago. Now the MP is 7th generation. So we do believe each generation they can improve in performance as 3x to 5x and it's about same cost.
So that's where but like we have many products. So each quarter we may refresh a few of it and then gradually kind of but even with the current product, we still have a huge company in power, which not even quite utilized. So that's where we can easily add a wider security function or networking function and still much better than competitors. So that's why we believe this technology, this we're using a secure computing rating, which has considered the difference compared to ours compared to other competitors.
So we definitely think MP7 opens up some new markets, but it will take some time because customers in the past have not thought about putting network security there because it's not possible. It's also very important to understand that MP7 will run on our FortiOS operating system. So it will be consistent. So we can apply MP7 not only to hyperscale but also to existing applications. And customers are protected because of existing platforms and new platforms and MP7 platforms will run on FortiOS, so you got the same applications and APIs.
Thanks. Dan Bartus with Bank of America. Quick one for John or Ken. Just curious what percent of the firewall market today do you think is influenced by SD WAN? And what do you see that going to over the next 1 to 2 years, say?
And then for Keith, with such a big innovation like SD WAN added and you have many other services included with FortiCare, why not start to break out more of these services as upsell and change strategy going forward? Thanks.
I think probably like there's a market data SD WAN probably will go to RMB 4,000,000,000, RMB 5,000,000,000 in the next 3, 4 years. I see the more bigger market, more important is really internal security like internal segmentation and all this local LAN security, including the Wi Fi thing, are more important need to be secured. So that market is probably even much bigger, a few times larger than go to the WAN side. Because traditionally, network security can only sit in the border, so that's what between the WAN and the LAN, local area networking and the wide area networking. So now we can expand into the WAN and also the internal security because most intrusion attack today come from internal, whether because more agent based attack or some of your mobile device or some other being infected.
So that's where but internal is very difficult to secure because speed tend to be 10 to 100 times faster than the one connection. So that's where the MP7 will help a lot. And the internal security is huge, because we talk to pretty much all the enterprise and they need to have internal security. But with current technology, it's pretty much impossible because speed is not speed and cost is really the limitation. So we see this is probably even much bigger than the SD WAN opportunity going forward.
And we do have a lot of customer interest into even the service provider interest in secure within data center hyperscale. That's the one we believe this will enable a lot of new upmarket.
So on the security part of SD WAN, it started off as networking technology. And then all of a sudden, you open to local Internet access and you create an edge, you need security. And so what we saw initially was all the networking teams making independent decisions about their SD WAN technology. These days, the CSOs involved and the security team goes out of security aspect. In fact, Gartner was saying that if you look at their report, 80% of SD WAN decisions will include security by 2022.
So I think it started small. It's increasing. I think it will increase greatly as we go forward.
No, go far John. You may want to explain the pricing methodology on FortiGuard here in a second. Yes, 2 different business models. We understand that you can sell the services separately and we do sometimes or our approach is to sell it as a bundle. And there is a constant tension of keeping the price points high for the bundle by having a richness in the offering of the bundles.
And so sometimes you see us adding things into it. There are other services that we do also sell separately. They're just not large enough to tease out and have a part of this conversation.
I would say I'm definitely seeing for SD WAN, for example, they want 2 or 3 specific services. For the other customers in the mid market, they'll say, yes, I'll have unified protection or enterprise protection that covers everything. So it really depends on the customer, the use case and the application. So we're definitely seeing a growth in actually specific a la carte, FortiGuard surfaces and bundles as well.
With that, I want to thank you all for coming today. I want to first of all, most importantly, thank my management team for all their time and effort in putting in this Analyst Day and making it a great event. So thank you very much. Have a good day. We'll end the webcast at this point and let's have lunch.
Have a good day. Take care. Bye bye.