Let's go ahead and get started. Good morning, everyone. I'm Aaron Ovadia, Senior Director of Investor Relations at Fortinet. It's my pleasure to welcome you all to our 2024 Analyst Day as we celebrate the 15th year anniversary of our IPO. Today you'll hear about Fortinet's vision for cybersecurity and how our strategic positioning drives sustained profitable growth. Before we begin, I'd like to remind everyone that we will be making forward-looking statements during today's presentation. These forward-looking statements are subject to risks and uncertainties that could cause our actual results to differ materially from those projected. Please refer to our SEC filings, in particular the risk factors in our most recent Form 10-K and Forms 10-Q for additional information on factors that could cause our actual result to differ materially from current expectations.
Also, the presentations from today's event will be available on our Investor Relations website within 24 hours after the event concludes. Next on our agenda, we'll start things off with Ken Xie, our founder, chairman, and CEO. He'll talk about Fortinet's growth drivers and our long-term customer loyalty. Then you'll hear from John Maddison and Robert May on Fortinet's large market opportunity, the customer journey, and our technology vision. Then John Whittle will lead a fireside chat on our go-to-market strategy with four of our sales leaders.
We will then take a 10-minute break. After the break, Keith Jensen and Christiane Ohlgart will provide a financial overview of our business, including a new midterm model. Afterwards, we will host a Q&A session where you will have the opportunity to ask our executive leadership team questions. With that, I'd like to introduce Ken Xie, our founder, chairman, and CEO.
Thank you, Aaron, and thank you, everyone, joining today. Good morning. Welcome. The next 20 minutes, I probably will do some quick review of what we have achieved in the last 15 years, and also, more important, how we feel we can keep on growing faster than the market in the next 15 years. Actually, the presentation is kind of a three-L, so the first L is leadership. You can see when we started the company 24 years ago, so we have a vision. We see the convergence of a network for network security, and so you can see the market from 2000, network security less than half of the networking. And now, in the next two years, by 2026 is the year actually. This is the data from Gartner, so by 2026, network security will pass the traditional networking.
So we do believe this trend will continue to drive forward. So what's unique about Fortinet from day one, we feel we need to target this market. We need to build technology, a lot of investment. The team and product also are prepared for this moment. So in the next two years, we see things happening, and we feel the trend will continue to grow. So we have a lot of unique advantage I will present going forward. You can see in the last 24 years, we achieved a position as the number one network security vendor. From the unit shipment, so we have over 50% of the market share.
Basically, it's about 53%, 54%. That's last year's number. On the product revenue, we also achieved the number one. And also on the number of customers, we also achieved the number one. This is our founding kind of an advantage. The founding block will keep on driving the additional growth going forward. Most of the customers' first buy-in is already buying network security. Over 90% of customers' first buy-in is on network security. We have a huge advantage on network security compared to any other competitor, both on the function, on the performance, on the energy saving.
Every product we release on the FortiGate, we do give a Common Criteria Secure Compute Rating. For the top seven, eight functions, every function we perform like 5 to 10 times better than competitor. All these functions in the same OS, in the same FortiGate system. That is a huge advantage. That is the dedication the team did in the last 24 years.
We're keeping driving, growing network security, and we already reached the number one leader. The market will continue to grow, and we do believe we're keeping growing faster than the market. The second leadership is SD-WAN. It's relatively new. You can see the Gartner Magic Quadrant on the left. We are in the best position, both on execution and also on the vision there. In the last four or five years, you can see how quickly we gained market share, become the number one here. Also 90% SD-WAN customer has also come from the FortiGate firewall customer. That's where you can see we quickly get all these customer transitions from traditional network firewall into the SD-WAN. The other differentiation is really compared to all other top five players in the space in SD-WAN.
So we are the only company building technology internally ourselves. All the other top 5 competitors, whether Cisco, Palo Alto, VMware, HP, all come from acquisition. So we're the only one building internally, integrate together with all the security functions. And also a lot of these functions, including SD-WAN itself, using ASIC to accelerate. That's given us a huge advantage on the performance, on the cost, and also can make it working together with other functions together.
So that's the advantage not all other competitors have that. So that's given us a huge advantage keeping driving growth, becoming the number one leader in SD-WAN. The third number one leadership is OT security, operational technology security. So in the next 5 to 10 years, we feel this is probably the fast growing area because we'll be 10 times more device will be connected online compared to all the people connected.
This is a huge growing area. Fortinet, on the Forrester report, is the only leader. We are the only leader in OT security. Because OT security is also very different than other security, whether your laptop or mobile phone. Most OT devices have a different operating system. They have very, very limited computing power. Most of the time, the only way to secure it is by network security.
That's where we have been keeping investments for the last 10 years. We are the leader, and we have a lot of technology, including how to deal with different kinds of hardware ASIC, different OS, and different network environments. That's also a huge advantage compared to any other competitor. We feel this will drive additional growth for us. The other leadership is really that we are also number one in innovation with all the patents we have.
Actually, one thing to note is really of this almost 2,000 patents, about 500 is related to AI. So we're also leading not only traditional network security on the networking side, but also going forward, a lot of AI, a lot of other new technology. We're also the leader number one leader there. So that's the leadership. Now, to achieve this leadership, we feel we also differentiate from a lot of competitors. We have a lot of long-term investment from day one, from our beginning. So that's differentiate Fortinet compared to other players in the space. So the first most differentiate is really the FortiOS. This is the same FortiOS in all five Gartner Magic Quadrants. So we don't see any other player have this broad coverage.
And the most functions also not only this function in the OS, but also leading in the space, with security, SD-WAN, SASE functions there. So that's given us a huge advantage. Basically, that's also the story called convergence happening in the space compared to a lot of other companies. When they do acquisition, it's very difficult. They're kind of diverging. So they're kind of diverging from their whatever the product, the focus, the platform.
So we will keep on integrating and keep on developing all these FortiOS because every year there's a new function needed in the network security space. And on the other side, the old function never goes away. So you need to keep on adding functions and at the same time make sure it's all working together. And the customer doesn't want to deploy multiple systems, multiple boxes in line.
That's where the strategy we have from day one, how to make sure develop OS, not only you can keep on adding functions, but also keep on improving the performance, keeping all these functions working together. That's the key to drive our growth. The second long-term investment from day one is our ASIC. None of our competitors developed this ASIC technology to accelerate all these functions because today's FortiOS has about 30 functions now. Half the functions we can use in ASIC to accelerate. When you run ASIC, all these functions is an average about 10 times better performance. The power consumption dropped probably between 5%-7%. The same kind of cost also much lower. That's the advantage we have from day one. We developed. There's quite a few different generations of ASIC chip.
A Content Processor accelerates all this CPU computation, and the Network Processor bypasses all this PCIe architecture. They can do very, very low-latency processing of the traffic, and then for SPU, we call security processing unit, integrate multiple core CPU and other functions together, including CPU, some NP function there, so that's the advantage we have compared to other competitors. You see ASIC to accelerate the function and then leave the CPU to handle the new function because ASIC on average takes about three years to develop, but each generation of ASIC, we improve in performance probably average about four-to-five times and almost double the function, so you can see we keep on investing. We spend $ billions and over 20 years in this technology. It's a very long-term investment, so far, none of our competitors have this.
And even going forward, we will see even in the cloud player, they also feel very, very important to have this computing using ASIC to perform, giving them much lower costs and also much better energy saving. So that's the differentiation we have for the long-term investment. And then that's also we also spent probably 10 years in this SASE, including SD-WAN area. And that's where we feel will be driving the next growth for us. And we have a huge advantage compared to a lot of other competitors.
First, the SASE function, all SASE functions in the same FortiOS together with a security firewall, together with all the SD-WAN. So that's given us ramp up for customer adopt the SASE much quicker than any other competitor. Because when they have the FortiGate, they have the FortiOS. They already have all the SASE functions.
They can turn on in a few minutes. You can enable all the SASE if they need. And that's also given us a second advantage. We can use in SASE, we call private SASE before. Now they call it sovereign SASE by Gartner. So a lot of SASE customers have a concern whether their data has to be forward to the cloud to be processed back and forth. So the sovereign SASE, private SASE, because we have all in the same OS, they don't have to forward all the data go to cloud to be processed. They can be processed locally. So the data never leaves customer premise there. They can keep the data local, process all this traffic local.
So that's a lot of finance customers, a lot of other like government, they feel this is really the future of they want to deal with all the SASE function there. So that's the second differentiation advantage compared to other competitors. The third one combined, we have all this global deployment of network security. All SASE can be both used in the software agent or the hardware agent. So instead, you have to install all the software on your device through the SASE if you already have a Fortinet device.
And the Fortinet device can do the things for you. So that's other advantage, including AP switch. So making all the SASE supporting both in the working environment or from home there. And then the fourth, also we feel we differentiate from other competitors. We're building our own infrastructure. We talk about this actually for the last few years.
You can see we have over 3 million sq ft owned by ourselves, not only for the data center, but also for the EBC, and also for the office building there, which we have all the technical people on site there. So that's given us much better advantage of the expert to manage it. And at the same time, the cost is about half of one-third compared to colo. It's about 10%-20% compared to cloud provider. So that's where when SASE eventually have more and more traffic, so we have more cost advantage, more expert advantage. And also we have other technology developed we call the FortiStack. It's our own technology to manage all this data center. So that's also very different than other SASE players. This is a long-term investment.
We already spent over $1 billion there and we're keeping building this one. So when there's a real competition in the SASE space, we feel we have more advantage than other competitors. So now let me go to a lot of other long-term investments I mentioned, including AI, including quantum computing, including edge computing, OT. We'll continue to keep on investing long-term in the IoT space to meet the demand in the next 10, 15 years.
So let me go to the third L. It's loyalty to all the customers, the partners, investors. You can see from the customer support, customer satisfaction. So we rate highest compared to all the other competitors. There's a reason behind it. First, all support team is all local. So we don't use any low-cost support center. All the support people want to stay with the customer.
That's very different than other competitors sometimes use: a lot of low-cost supporting call center. We also build our own supporting software for FortiCare . They can handle more functions. They can expand the functions we needed. That's also not a competitor build their own software, rather than just outsource supporting. So we have all supporting people in-house and local with the customer. So that's where we have more customers. We build more supporting team.
Plus our own infrastructure can do all this demonstration, can do all this kind of testing, all these things. That's what gives a customer the best local support, can be on site if needed. You can see the NRR from customer return and also the other community we build up also give us huge advantage on the supporting side. So we feel in the space, security support is very, very important.
We really want to build the best ourselves. This is also important really. We run the biggest training program for cybersecurity worldwide, bigger than any other competitor, so there's over two million people trained and over 1.6 million people certified for this program. Some program even target high school. Some others target a lot of veterans, some other people not come from IT background, so they have all different layer training program. We continue to invest in the community in the training because once people get trained, they also will feel more comfortable using our product technology. Worldwide, there's still a four million shortage of people handle security, cybersecurity. In the U.S. alone, there's a two million people shortage for experts to handle cybersecurity. We'll continue to invest. Most of the training is all free.
Working with almost a hundred universities, hundreds of universities and all the other communities, we're continuing to develop all the training programs and free for all this community and try to close the gap of this shortage of a security expert. Channel, you can talk to a lot of channel partners. I know a lot of analysts do the check. We are probably viewed as the most channel-friendly vendor.
So channels do well working with us when they do make good money, good margins. So you can look, in the last we have developed probably like over 100,000 partners and a lot of them stay with us for a very, very long time, 87% keeping working with us in the last five plus years. And then they also keep on training, learning, sell multiple solutions. So that's really the channel loyalty is also very, very important.
I leave this one probably more for finance since we IPO 15 years ago. The stock keeping growing and the value, I think it's really the team's great effort to make this happen. The other reason actually is a buyback, return to investor. So I don't see any other cybersecurity company do this kind of buyback. So you can see we actually reduce the share count by 35%. And we spent probably $6.4 billion since IPO.
And we also try to make sure we have a buyback program continue going forward. We still have $2 billion to spend, also really good board. So we'll continue to return to the shareholder. The other part is really we feel we need to be very disciplined. Like from day one, we say we need to be GAAP profitable. It's GAAP profitable, not just non-GAAP profitable every year since IPO.
So we achieve that. And that's continuing its options. And then the Rule of 40, probably there's some rule to upgrade later. So that's pretty much my presentation for 20 minutes. You can see the three L from a long-term investment, like FortiOS, Fortinet ASIC for all this kind of training, for all this infrastructure. We become a leadership in network firewall, in SD-WAN, in OT security, and also in the cybersecurity innovation. That's actually also what's helping us drive all the customer loyalty, the investor loyalty. And all this is helping us to continue to grow. We want to grow faster than the market, keeping gaining market share. And we also keep on investing for the future growth for the next 15 years. So with that, thank you.
Thank you, Ken. John Maddison, CMO here at Fortinet. And good to see some familiar faces down here. Usually we're online. I'm going to give you a quick overview of opportunity and the major trends and then some of our customer journeys, then Robert May is going to go through in a bit more technical detail on those journeys. All right. We always need a TAM slide, of course. So here's our TAM, and we go through a lot of detail on which products we have or which are capable.
If you look at this, the first one, Secure Networking, as Ken said, is really convergence, but more of a hardware physical convergence, so network security, Wi-Fi switching, and firewalling, growing at around 7%, about $75 billion. The fastest growing one is Unified SASE, so that's convergence again, but convergence more around cloud and software.
Yes, there's some SASE inside there, but long term, that's going to be very much focused on cloud delivery, growing at around 16%. And then our Security Operations, which is the largest marketplace, growing at around 13%. And we recently added about $20 billion worth of TAM to that through our acquisition of Lacework, which is CNAPP, which is made of cloud workload and security posture management, and then DLP through Next DLP. Overall, the marketplace is growing across all those at around 12%, or by 2028, a $284 billion marketplace. If you dig down in a bit more detail around each of those marketplaces, as I said, the first one is Secure Networking, which is mainly made up of wireless LAN, LAN, and firewalling. The big two trends there are convergence still and new use cases.
We've gone from maybe two or three use cases, perimeter firewall, the integrated firewall for segmentation, to many more use cases. We're seeing firewalls now deployed right at the edge to ATM machines, for example. And the other one is Cyber-P hysical. We've been calling that OT security. There will be a new Gartner Magic Quadrant coming out called Cyber-P hysical security. It's the same sort of thing, but you can see the recognition of that marketplace from even Gartner. And by the way, we're already in nine Gartner Magic Quadrants. Ken pointed out five of them. The other trend on the Unified SASE side is obviously SASE itself, which is convergence of maybe four or five different technologies. So if you look at Unified SASE, it's made up of cloud. It's made up of SSE and SD WAN.
The SSE piece, which will combine with SD-WAN to provide SASE for a single-vendor SASE. That's starting to happen in the mid-market, and it's making its way up into enterprise. Of course, hybrid multi-cloud. Most companies now have multiple clouds. The application architecture is changing to services, to AI architectures. Cloud security is also very important. Across both of these is AIOps, the ability to automate the operations from the user edge all the way into the application. The most fragmented marketplace is SecOps. If you imagine for each of those slices there, there's probably, well, for endpoint, there's 50+ vendors. For other slices, there's probably 10-15 vendors. That marketplace is ripe for consolidation through a platform approach. The other part of this marketplace is the skills shortage.
I don't know, three million odd cyber jobs. So using GenAI inside this marketplace to provide automated assistance, it's going to be very, very important. And then hopefully one day, given the amount of data that we have coming in, billions of events on a daily basis, we can maybe connect the dots and start to identify campaigns in the wild which will attack our customers going forward. Now this slide, please pay attention to, because this is a slide that you've asked many questions about.
About a year ago, we broke out our business into Secure Networking, unified SASE, and SecOps. And every question we got thereafter was, what are they made up of in terms of our business? And this is the first time we presented this. So let's start with Secure Networking. These are rough percentages. So for Secure N etworking, it's about 66% of our billings.
Within Secure Networking, you can see firewalling is around 75%, switching around 20%. By the way, for the last three years, this marketplace has grown at around 9%. We've grown at 14%, faster than the overall marketplace last three years. Unified SASE, which is made up of SD-WAN, cloud, and SSE. You can see SD-WAN is just over half of the billings inside there. But I can tell you that SSE slice has been growing dramatically from over a year ago. Again, the marketplace is the fastest growing here, so around 19%. But again, we've been growing faster. And that represents around 23 and a bit percent of our total billings.
And then Security Operations, very, very fragmented still, even though our kind of main marketplace there is in the SOC, SIEM, analytics, but many different products around email, DLP, identification, and growing around 10%, but being growing at 22.3%. These are all Q3 numbers. So hopefully that gives you some idea of these pillars and the businesses inside there. That's not all the products, of course, because we have over 50, but those are the main categories. All right, I talked a bit about customer journey.
And again, I can't go through every single customer journey here. These are the main ones. By the way, for Secure Networking, we are the only vendor to be in the firewall market, firewall Magic Quadrant, as well as the wireless LAN and LAN. The only vendor to be a leader in both of those Magic Quadrants. No one else is.
And again, as Ken says, over 50% of firewall shipments are from Fortinet. Most customers start with a firewall order from Fortinet. Most of the time it's in the data center, but it could be in the branch, either or. Let's assume they started in the data center. The natural evolution for customers is then to go to the branch and add firewalls in the branch. That multiplies the original dollar deal by one and a half or one and a half the original dollar deal. Then what we're seeing recently now is customers add more advanced services. So yes, they might take IPS, et cetera, but now they're adding, for example, inline sandboxing or inline CASB. Again, that increases the size of the deal to about 2x.
And then, quite a few customers—the finance team and Keith will talk a bit about this in terms of how many—then expand towards the LAN. They add Wi-Fi and switching, which really multiplies the size of the deal, especially around the branch. Now you can see we've added about 700,000, what I call edge firewalls in the last 12 months, which is ripe for that subscription service, as well as expansion into something called SD-Branch. Across all of this, a very important technology that Robert will talk about is AIOps, automating the experience all the way from the data center, all the way from the edge, and across all those services. The second journey that customers are going on is this journey into SASE.
So again, if we have that firewall edge at the branch, 40,000+ installed SD-WAN customers over the last six years, the upgrade from our firewall is very simple. It's a software upgrade. It's a service upgrade straight into SD-WAN. And then our main action going forward is to cross-sell from SD-WAN into SSE and SASE. And you can see some of the numbers there for SASE, over 300% increase in deals. The pipeline has increased 100% into nine figures. And so we think this migration from edge branch firewall to SD-WAN to SASE, and then eventually adding in more software capabilities such as zero trust or Universal Zero Trust. And again, the digital experience is the most important thing here.
If you're a remote user, you're in a branch or on a campus, wherever the application may be, measuring that digital experience is really, really important. And again, we're in three magic quadrants for these technologies. And then the third journey is more focused on the CISO, Security Operations. And again, usually you start with the firewall footprint. Over 30,000 customers have installed our analytics data lake already. Okay? And this is our connection back into the CISO world, the SOC world, the endpoint world, the CNAP world, all those capabilities. And what we start off with is with our data engine, and then we add advanced subscriptions to that, things like SOC as a service or IOC, for example, or attack surface monitoring directly on top of that data lake.
Then there's a whole array of products which can be connected via our mesh, whether again, it be in the cloud for CNAPP, whether it be our SIEM SOAR, whether it be our endpoint product, it's all connected through our one platform and fabric. And then what we're seeing here, we've added in the last six months over seven different what we call FortiAI or GenAI capabilities to these products. We really do think this area is really important for assistance because of the complexity of all the different vendors inside here, getting the skilled people to operate, to be a SOC analyst.
And so this journey for our customers, again, starts with the firewall, evolves into the data lake, evolves into services on top of that, and then evolves into a whole array of different capabilities from the cloud to the network to the endpoint. So those are three common journeys. There are other journeys that we have, but the connectivity between all that through our single management console, through our single subscription and FortiOS allows customers to run very smoothly through those. So I'm now going to hand you over to Robert May, who's going to talk about some of those journeys in a bit more technical detail. Thank you.
Good morning, everybody. Great to be here and see everybody face to face this time. John usually introduces me by saying I was born at Fortinet. No, I was not born at Fortinet, but I have been here for 20 years working in R&D side. And I would really like to share with you guys today both how, what our customers are telling us about the technologies that John and Ken have explained, and also how we use the technologies internally, because of course, we are a large enterprise. We use all of the same products.
And so it really helps to understand how we see them being used and adopted both internally and with our customers. Now, we've gone through kind of a lot of what the long-term investments are. And I can tell you from the experience that this isn't just investing today for the long term. It's also, these are the same principles that we've used to build and guide the product evolution since the beginning. So for example, Ken mentioned around FortiOS, around the single OS.
This has really been a consistent guiding principle throughout all of the years where we started with firewall and antivirus and integrated with ASIC technology, and then we continue to build out and consolidate more and more capabilities over the years, and so we'll kind of go through a little bit of kind of how that evolved, and then alongside that was the ASIC technology itself, because as we introduce more features and functions, we, of course, want to keep the performance as high as possible for our customers and driving up the competitive advantages that we have by integrating the ASIC technology. When we talk about cloud as well, it's not just about providing tools and specific components to help customers manage their cloud.
It's also about all of the different SaaS services that we provide, because we provide over 40 different SaaS services that we host either locally or through public clouds, and we have to secure all of that environment as well. So we use all of those same tools and technologies when doing that. Another area that we've started way at the beginning, of course, was the security research and the threat research and analytics part, because that obviously feeds down all of the intelligence into the products that do all of the security inspection, detection, and handle the responses eventually, and then over the years, John mentioned the Security Operations portfolio is the largest portfolio in terms of the number of products, and there's a lot of different tools and technologies within that that all go together.
On this slide, I'm showing, of course, FortiAI, because this is something that sits across many of those products today. You'll see the GenAI coming in many more of them very, very soon, because it really helps the operations. I think one of the guiding principles across all five of these areas is the operations, because as we consolidate and optimize more and more, it's really to help those ops teams that are struggling or need more automation within the environment. Having this integration between the products is something that's really been beneficial over the years. Now, all of those kind of guiding principles sit across all 50+ products, but I think look at it a little bit different perspective. It's more like how an enterprise typically puts them together. How do they use them day to day?
You can look at the portfolio across these kind of three teams. These three teams are exactly how we run the business as well. On first level, you've got the global IT, which manages the office locations and the remote users, right? They're deploying the firewalls, the SD-WAN to interconnect everything, zero trust and remote access solutions to help secure and connect those remote users together. This is kind of that first, let's say, work stream. The second work stream is the cloud operations. As I mentioned, there's 40+ different SaaS services. Obviously, we don't have or don't want each dev team to have to go out and get their own resources and secure all of that.
There's a common platform that sits across all of these different cloud environments and basically providing that as a public, just like a public cloud service provider for our own development team. So this is an internal operation. And then the third area, of course, is the InfoSec, which is collecting the logs and doing the incident response and detection, using a lot of different products to do that and building up the operations around compliance and around securing the supply chain and everything else.
So this is kind of how all of the different products fit together in a real enterprise operation. Now, we talked a bit about the single OS, right? What does that mean and how is that an advantage? And what we've seen over the years, FortiOS started with a few functions that we continued to rapidly consolidate and converge more capabilities.
One of the early ones we introduced was the switch and wireless controller, and this was immediately seen as a big advantage for the operations people because suddenly I've gone from having two separate platforms to having one plus the configuration and everything was much, much simpler, so it made their daily life and how they continue to manage those networks much, much easier, both on the switching and the wireless level.
We saw the same kind of trend with SD WAN, so when SD WAN started to become a coined term, we looked at each other and said, "Hey, we have all of this capability already, at least 90%+ of the difficult, hard parts of the technology," and with a little bit of refinement and a bit more automation on the management side, we quickly became the leader within the SD WAN segment.
And this is because the operations, again, was much, much easier. And so when we get into looking at SASE, you see the exact same trend happening here because at the end of the day, we use the same OS to deploy in SASE. So that means you have basically all of those capabilities of FortiGate built in. So if you're connecting that SASE environment to an SD-WAN network, it's the same technology on both sides. It's using all of the same capabilities that you have already deployed. Now, in the kind of the early deployments of SASE, what we saw is a lot of times companies would select something as a separate project.
So they now have a separate deployment trying to interconnect two parts of their network that was very, very cumbersome, and they need obviously to have dedicated resources to learn that new part of the network. What you see Gartner and others talking about now is, of course, single vendor SASE, but it's not really just single vendor because that could just be a support contract, right? It's actually the single technology that you have on both sides. And what that means is that from a management perspective, all of my knowledge that I've got for managing my local environment now extends to that SASE environment. So I have already the skills and resources internally to manage both parts.
It also extends to the logs because on the logging side, obviously, the SecOps have to collect that and build SOC use cases around it. I've already been doing that with the same technology. So it very, very simply extends the operations there. And of course, it has things like SD-WAN built in. So if I'm trying to, there's a failure in some part of the network, it can automatically reconcile that and reconnect and everything runs smoothly because it's the same SD-WAN technology running everywhere. Now, one thing our customers have started to, let's say, observe in the last six to 12 months has been really just how easy it is to enable SASE when they're deploying SD-WAN because it literally takes five minutes, right?
You're already doing the work of defining the application priorities, the health checks, and the other parts of the SD-WAN network. Deploying SASE is simply enabling a few additional locations as part of that SD-WAN network. So it becomes very, very simple to do that and easy to scale up how they can ramp that up. And when you look at MSSPs, we have a lot of MSSP customers who provide SD-WAN services using our technology. This also enables them to suddenly add SASE as a component, either as a differentiator for their service or to add additional services to their offering.
So it becomes very, very simple to do that. Now, as we look a bit further into the future, we can see a lot of things coming into SASE as well. There will continue to be more and more features and capabilities within SASE, such as the consolidation of DSPM or DLP in there and more inspection and acceleration of the SASE environment itself. We're also looking at around the endpoint side. One thing we announced this year was a new consolidated or unified agent, which combined the technologies around zero trust and EPP and vulnerability detection, which was already one agent with EDR. So now you have EDR combined in that same agent, which will be able to be managed and deployed from the SASE cloud in the future.
And you'll see more and more things integrated around DLP, around deception. And another one we introduced this year as well was around the digital experience monitoring. This is another component that's part of that unified agent already. And on the edge side, there's a lot of different, obviously, orchestration and automation tools that can go into managing SD-WAN networks and what have you. These are rapidly being integrated with the SASE management console and controllers.
And also, if you think about it in the long term, there's obviously benefits of deploying ASICs in specific locations to boost performance and immediately upgrade parts of the network. Today, of course, this may oftentimes require IT to actually have a lot of knowledge of how to do that effectively and how to balance the traffic and keep it the right optimal level. Down the road, you can easily start to see now how GenAI will be able to be used to actually recommend how to do that and actually provide suggestion of how to orchestrate and define those rule bases so that it takes advantage of the ASICs automatically.
So you just take a new ASIC, plug it into the network, and now you have an orchestration system that's able to actually recommend the best way to take advantage of it. Now, going one level down, but still sticking with, say, the SASE area, now our global ops team has been able to obviously deploy a lot of different SaaS services, right? Some of those are going to be deployed on cloud native, but locally hosted environments. Others may be deployed exclusively in public cloud environments. And then you've got others like SASE where obviously we want to take advantage of both environments.
So we need or want to use the global public cloud, obviously, to reach all of those different points of presence globally, but then leverage the private cloud for offering additional value that can happen there and also give more cost flexibility to actually deploy the larger environments. Now, as kind of discussed a little bit, what we have is an internal team that builds what we call FortiStack. This is really operating like a public cloud service provider, but providing it for our internal customers. So this is a layer that sits across all of the public clouds, plus the co-locations, plus our own data centers. It uses our own technologies in terms of the FortiGate, of course, the FortiWeb for web application firewall, load balancing technology, and CNAPP as well.
So it uses all of these capabilities that we develop for our customers to actually secure that entire platform that our application developers sit on top of. Some of the other kind of interesting things that we can obviously do with our own data centers. It provides more opportunity there to introduce ASIC technology to accelerate a lot of the SD-WAN networks and connections coming into it. Then we talked a little bit earlier about GenAI or LLMs.
This is something, obviously, again, we can use from the public cloud, especially in the early stages of developing a new GenAI tool or chatbot or whatever the application is, but eventually, you can shift that internally, and then, of course, we need to secure all of these LLM environments and then we can provide additional services going forward from our own data centers. So it gives a lot of flexibility and a lot of options as we build this out further. Last point maybe to talk about on SASE is really the options and flexibility that we provide to different deployments. Now, Ken mentioned this earlier as well, but there is a few different layers in here. So, of course, there's the public SASE that anyone can consume and connect to their own network.
We also provide a white label version of that for the service provider customers who are, say, deploying an SD-WAN network or SD-WAN service today. They can plug that directly in for their customers under their own labeling and everything else, so this is still the public SASE environment, and then you kind of get into the private SASE or sovereign SASE deployments where, and for specific use cases, it could be a service provider that has a very large financial customer that wants to provide a dedicated SASE environment.
It could be for various kind of geographies where they have a whole country under a single service provider and a lot of different ways that we've seen requests already to take that technology that we've developed as a public service and be able to run that as a local option. And again, as we continue introducing more features and capabilities on the public service, this comes back into the private version as well. Now, the last part I wanted to talk about a little bit here is around how the SecOps portfolio fits together and how customers can quickly adopt new capabilities.
Because at the end of the day, you have large enterprises which obviously have more resources and dedicated teams to manage it, but everybody else needs all the same capabilities and coverage when it comes to Security Operations. Now, one of the things that is kind of interesting here is that one of our products called FortiAnalyzer is almost always sold whenever there is a customer buying SD-WAN or next-gen firewall deployments. And the reason is because, obviously, it is made to work tightly together.
It provides a lot of automation out of the box to be able to quickly see what's going on in the network, investigate any type of IT or technical issues. It also saves them money on the rest of their operations. So it's almost a no-brainer to acquire it as part of that initial project. The second thing to note is that within the SASE deployment, it's actually built in behind the scenes. So it's already there. So a lot of the majority of our enterprise customers already have this technology, and they're starting to kind of realize now how they can turn on more and more capabilities that we've introduced in the last one to two years.
Now, another piece, I guess, to mention is around the interconnectivity between all these products because, especially in the SecOps area with so many tools and limited resources, there's a lot of development that's gone into what we call the security fabric to make that information sharing between those tools very, very rich. So from one product, I can quickly get the information or take action on the other products and build that DevOps automation. And this is something we've worked on for the last 10 or so years. Now, what that actually, let's say, looks like under the covers here is many of our customers start to realize really what's inside FortiAnalyzer that they didn't know. Number one, it's got built-in SIEM, it's got built-in SOAR, and it's got built-in XDR capabilities.
This means they simply need to start taking advantage of that, and quickly they start to scale up their SOC maturity, and so as they've done that, they see that, "Oh, I just need to enable these other components, and I can immediately get coverage on parts of the network or parts of the endpoints that I didn't have before," and FortiAnalyzer can be scaled up horizontally or vertically very easily, so as I grow and expand my maturity, I'm actually able to quickly and easily scale out that data lake as well. Another component is around the AI, and this is something where most products can introduce a new chatbot or AI chatbot that you've seen a lot of different companies offering, right, but usually, that chatbot is going to be constrained to the domain that that product does.
So whatever data it has locally or whatever actions it can take. Now, with the security fabric, what we've built over the years has been these interconnections between the products. And what we're able to do is allow that GenAI to sit across end to end. So that means that everything, if I have a security incident, everything from that initial detection to all the triage and investigation actions that I do, all the way to the final actions that I take, even if this involves five or 10 different products, I'm actually driving that from one single location. So GenAI is able to quickly expand. And we've made many, many demos on this already, both for the security and the networking operations to really show how this can work.
And again, it goes back to having those kind of connections between the different products as well. I guess the last point to make is, over the years, we've introduced many different products, right? But operationally, what we've done is tried to see what are the things that the ops team struggle with, both the network operations and the Security Operations. And the things around the security fabric and all the different evolution of the products over the years have been really with that one common thing in mind is how do we make it simple for our customers to adopt something and then continue to expand their operations?
Because I think it feels like maybe 12 years we've been talking about the skill shortage. And with things like AI, it just keeps going even further away from solving the problem. So having these connections between the products and all of the different architecture integration really starts to make it now closing that gap as we go forward. Okay, so thank you very much.
Heavier than it looks. You're strong, man. Yeah, [Prevenshaw]? Why don't I sit here? Okay. All right. Go down. Great. Thank you. All right. Good morning, everybody. Thank you for joining us. I'm John Whittle. I'm Chief Operating Officer. And we have a sales panel. We have our sales leaders here to give you a little bit of a view from the field. And I'll moderate that panel. Matt, and let me get their faces up here so you can see everybody. You have them. So I'll start with our longest tenured person, Joe Sarno, joined us from Switzerland. And he's been at Fortinet for 20 years and runs all of international, EMEA and APAC.
And Matt and Pedro and Trevor are our sales leaders in the Americas. And we've got a talented sales team, a talented team of sales leaders as well. So with that, let's just dive in. And starting with you, Joe, you have a view from the field talking to customers about Fortinet's competitive differentiators. What do you hear from customers about how Fortinet is differentiated versus our competitors?
Okay, good morning, everybody. Good afternoon. Sorry, a bit of jet lag. Nice to be here, obviously. And I don't know how much time we have because after 20 years of experience, clearly the advantages of Fortinet are really enormous. But I will limit myself to a couple of points. One thing I've experienced through this long tenure in the company is the incredible speed that Fortinet has to go to market, right?
In the early stages of our existence, Fortinet, obviously being a small startup, it was incredibly important to get new products out, new solutions, new feature sets. This hasn't changed during the last two decades. The great thing about this company, the great thing that I see myself, the great thing that keeps me here, I honestly thought I was going to stay two, three years and then move on. I'm still here after 20 years, is that today, the speed that we go to market with new solutions and new products is still incredible. Sometimes I define that we are a cybersecurity leader, but still act like a startup.
We still have that startup mindset, which really helps go to market, keep customers happy, build that trusted relationship with the customers, and really engage with what we are doing and building with our customers. Excuse me. The other element is innovation. So we saw 1,800 patents out there that we've been building over the last 20 years. That's, I think, two, three, I can't remember, four times more than our closest rival. Another thing, I'm not sure if you picked it up on the slides, 500 AI patents. 500. That's more than what our closest rival has in the general patents.
So innovation is what's also keeping me here. Innovation in terms of what I can bring to my customers to sell, which is super important. And that has brought also another advantage, which is the tenure of the teams. So I have 12 direct reports, 10 of which have more than 15 years in the company. That's another important element that goes to show how the company is really building on trust, building on having the same interface for our customers and keeping that going. So I'll pause there for my.
That's great. Thank you.
[audio distortion]
Matt, Pedro, Trevor, anything to add about the competitive differentiator?
Yeah, I'll start. I was recently with a Fortune 50 company. And through that conversation, it was very clear to me that our competitive advantage is the convergence and consolidation. I mean, ASIC is a very clear advantage. We've known that for years. And I would just add on to that, that consolidation and convergence, they're going from 200 solutions down to 60, and seven of those are SaaS delivered just in security. So that particular customer is looking to consolidate in a meaningful way. It's not a theoretical objective. It's a real objective in which we're engaged in multiple RFPs through that process. And very clearly, they see that our competitive platform advantage being organically innovated is a unique differentiator in the market.
That's great.
Say a word, [Adam]. Not just for our customers, right, but from our partners' perspective, right? The integration, the performance that Ken mentioned, the integration that Robert May mentioned about the FortiOS everywhere, it's also for our partners. If you think that a lot of cybersecurity today is managed through service providers, managed security service providers, by having all of this integration, they can sell a lot more services.
They can consolidate a lot more services. They can offer better service at a lower price, at scale, with better support, with the shortage of skilled professionals doing it quicker, time to market, and having better solutions for our customers that are looking for security and are inundated with alerts, flooded with 200 different platforms that they need to manage. So the consolidation is a real thing, not just for the end user, but for the partners and the managed security service providers out there that choose Fortinet because we bring all of these things together in one tight little package.
That's great. That's great. Thank you, Trevor.
I don't even need to add.
Okay. No, that's great. I should also note, Matt, you've been here, Joe, 20 years. Matt, you've been here.
16 and a half.
16 and a half.
Pedro.
18.
18. There's a lot of passion. You can look at the results that have been delivered. Trevor joined us a year ago. A lot of fresh ideas, which are super helpful, but a lot of contribution up here to the results that you're seeing up on the screen. So Joe, tell us a little bit about EMEA and APAC sales. How are we currently doing in international? Where do you see the biggest opportunities? Selling not only Fortinet, FortiGate, and Secure Networking, but also expanding with SASE and SecOps, where Fortinet is less than 10% penetrated in its current installed base.
Yeah, so I'll just explain maybe for the audience how we are organized in international. It's three GOs. The first one is continental Europe. So that's all UK, Germany, France, Italy, Spain, and the Nordics. We have international emerging, which are the emerging regions that are not emerging anymore because they've become a very big number, which is Middle East, Africa, and Eastern Europe. And then we have the APAC region. So three geographies. We have 3,700 employees in that region, and it's close to around $4 billion of the company's numbers. So as you can see, it's roughly 65% of the global revenue. Now, we've been extremely successful in international.
I must admit, I've had the honor and privilege of growing this company this way for many years. For sure, the biggest success we had was the months through COVID. We had massive growth rates and for sure, many of you will remember. Obviously, that after the COVID period came down, but we're still having successful and consistent results and performances across EMEA in particular. In particular, I would highlight the international emerging regions where for the last six quarters, we're still growing in the high teens. Very successful region, very honored to have been part of this long journey. Now, where are we seeing opportunities? For sure, this journey that we heard about this morning around moving from the network, the next-gen firewall to the SD-WAN, SD-Branch to the SASE on one single platform and then zero trust.
So this is where we are capitalizing on our amazing success in SD-WAN to follow up on those customers and add on new cloud services like SASE, right? And this hybrid approach, this mixed hybrid and on-prem CPE approach has been really well accepted by the market. The other areas, and clearly SASE is a big part of that. The other areas is the AI-driven SecOps. Now, I started around three years ago in emerging, taking that as a testbed. We added specialized security operation technical people, SMEs, BDMs, to understand if this was, since it's a little bit of a different language that they speak, there's different personas that you have to address. So we started as like a testbed. That actually was very, very successful.
Emerging was the highest contributor for SecOps products or SIEM/SOAR, EDR, and the other elements of the offering and the unified SecOps offering that you saw, and now we're going to replicate that in the other regions, so that's where I see some amazing opportunities other than the SASE. And of course, where we are concentrating a lot of efforts is on MSSPs. Pedro, you mentioned it before, helping those types of partners building on all these amazing cloud services.
We're looking into securing the GPUs, so a lot of telcos, a lot of our big telco players are starting to build these massive data centers with GPUs, so now we're looking at and we're studying with our PMs and our experts how we can help them protect those data centers, and of course, there's many other areas, and in particular, in my region, I have over 190 countries. We're still exploring new countries to penetrate or build more on. And I'll close that.
Great. Thank you. As Ken mentioned, Fortinet leads in operational technology. Joe, where do you see our competitive advantages there and also the big opportunities there to secure OT and critical infrastructure?
You're picking on me today.
I'll switch off of you in a second.
You can relax out.
You've traveled so far.
So yeah, as you know, that's kind of my little baby, right? So roughly the story is that roughly around eight years ago, working in some of the big customers across EMEA, we started to notice this convergence between IT and OT, right? So why was this happening? Because the CEOs of the companies, they wanted more analytics. They wanted more data. The OT environments were typically air-gapped. There were no connections between IT environments and OT environments.
They typically had some very old technology, NT machines, stuff that was really vulnerable. So once these two networks started to converge, we and I personally saw an opportunity here. So the other element that was interesting at the time was these new IDS visibility vendors, people like Nozomi, Claroty, Dragos. You probably know these guys. So I bumped into Nozomi in particular. We had a look at what they were building, this visibility platform. We decided that this was a great complement to what we were doing on the firewall inside, on the protection and detection side. o we integrated.
And that's where it all began. Now, if I fast forward eight years, what we did is, by the way, Fabric was presented to the market in 2016. So we hear a lot about platformization nowadays, but in reality, we've been doing it for eight years, right? So what we had is the Security Fabric story. We translated that into the OT Fabric story. So we went back to the R&D. We asked for new products, new support for industrial protocols. We followed the Purdue frameworks and the IEC 62443 frameworks.
And we built an OT security fabric, an OT platform that could address all of these layers. And that's where it all started. Eight years down the road, we're going close to $1 billion in this area. We've created partnerships with the biggest and most important ICVs on the market, so all the industrial control vendors, ABB, Siemens, Schneider, Rockwell, Honeywell, GE, you name it, we have them in terms of agreements. We built an OT practice. I hired people coming from those environments because they speak a completely different language. It's all about reliability. It's all about uptime.
And it's all about protecting lives when we talk about critical infrastructure. So very serious arguments. Then we added, obviously, professional services in OT, which is super important. And last but not least, we're, I think, the only vendor out there that has an NSE training level seven in OT environments. We've trained over 300 partners across international. So this is what we put together. It's become extremely successful. We believe we're the strongest player out there in OT, and we will continue to invest in this environment. Sorry for taking it.
That's great. No, no, great. Thank you. Turning to, Ken mentioned the three Ls, loyalty, long-term, and leading. Loyalty to partners has been kind of a mainstay at Fortinet. Service provider and channel. We see a lot of opportunity there. They've helped us along the way a fair bit. Matt, where do you see the opportunities with service provider and channel going forward?
We've had such a strong ecosystem of channel partners for years, and that's really been our advantage for a long time. That business has been evolving uniquely over the past couple of years. They're, like Pedro said, it's an opportunity for us, but they're discovering how to create services to their customers and how do we help monetize, I think, with our channel ecosystem more effectively. We've done an excellent job in service provider for many years that continues our tailwind effect of how successful we are. It really does come down to that consolidation and convergence of those areas. We see a massive amount of effect from the channel ecosystem in those two exact ways.
And of course, again, going back to the ASIC advantage, from a performance perspective, it's just really uniquely different. I would say that some of these technologies that we talked about today, SD-WAN, kind of leading into SASE and how fast and quickly you can deploy SASE and get to market with it, obviously, that's what our customer ecosystem is really looking for. So not only is the technology really good, it's integrated. It offers them ability to monetize in unique ways on services, but also they're able to get deployed faster, which helps them get to profitability faster. And I'll just tell you, I was with one of our large U.S. partners last week for their large conference that they have. And I would tell you that the interest is more renewed and robust than it's ever been.
That's great. Thank you. Opportunity abounds, OT, channel, U.S. enterprise, Trevor. We see great success there with some of the most discerning enterprise customers. Seems like there's a lot of opportunity ahead there. Give us your thoughts there.
Seen tremendous success with our branch solutions, but specifically in retail and financial services.
Yep.
And then specific to enterprise, there's four things that I'm working on. I'll talk about the four: our focus, urgency, accountability, and fun. If I look at focus, if you look at enterprise, the Global 2000, a major account manager today has 12 accounts. Next year, it's going to six. Mid-enterprise or named enterprise, the average number of accounts is 60 today. It's going to about 35. And this will provide us focus. It will provide us the ability to hire more direct quota-carrying sales reps. If you look at the U.S., that's where the opportunity through my lens sits.
I'm obviously biased because I lead the US. But just from a market share perspective, we have an unbelievable opportunity to win market share in the US. So if I look at urgency, early on in my career, I spent time at Parametric Technology and a company called EMC Corporation. I assume everybody knows who those companies are. Those companies gave caffeine a scare, if you will. When I was at Parametric Technology, I used to get to the office at 6:00 A.M. to read through a book of lists when I carried a bag as a sales professional. So that's what I'm trying to institute inside of Fortinet from a sales perspective. I want hunters. I want people out on sales calls, sales meetings, 8 to 12 meetings per week. And so I'm instituting that inside of Fortinet.
It's very, very hard, but it's also a lot of fun. Urgency is a huge thing for me. In my 13 years at EMC, Michael Ruettgers was a CEO. If I look at accountability, Michael used to say, "We have two types of salespeople. We have A players and we have new hires," right? Accountability is paramount to me. I'm pushing that very, very, very hard inside of Fortinet. The fun, right? These are really, really hard jobs. I'm the last of seven in my family. I didn't grow up with a lot. I like to have fun because these are really, really hard jobs. We're making tremendous strides in the market. We're also hiring a lot of strong candidates from our competitors.
And if I go back to hiring and direct quota-carrying salespeople, we are hiring people for access, meaning one of the world's largest airlines. A person that we hired was at Cisco 10 years. We interviewed the CISO, right? Those CISOs are all about trust. They want to do business with companies they trust, and they want to have a sales professional that they trust. And good news is we're going to replace one of our largest competitors at that major airline due to that salesperson's ability to connect with the CISO and all the stakeholders inside that airline. So a lot of really good things are happening inside of the U.S. And those are the four things that I'm laser-focused on.
Speaking of airlines, Trevor Hales from Nashville, Tennessee, but as far as I can tell, he spends his life on a plane. So I do.
So hardworking guy. I'm embarrassed to say I'm a Marriott ambassador, whatever that is this year, but I've been in a hotel 135 nights. But I don't view this as a job. I view this as a lot of fun. And you know I think Fortinet, we have so much momentum in the market today. It's unbelievable. I get calls every single day. I get hit up on LinkedIn every single day from our competitors, right? From our competitors, Cisco, Palo Alto. They want to work here. They want to work at this fine company, right? And that's what gets me excited and why I get up at four o'clock like I did today, right? So it's just an unbelievable time. And I'm a new guy. I've been here 13 months or so, and it's been a phenomenal ride.
I look forward to helping scale this company from $6 billion to $10 billion. Again, the US is where there's a huge opportunity. Pedro to my right, he's crushed it in LatAm and has, what, 65%-70% market share?
70%.
And then how much do you have in EMEA?
About 55%.
About 55%. And so the onus is on me and the team to drive and take away market share from our competitors. And we're doing that in big ways. And it's going to continue to be great in 2025. Great.
Thank you. As Ken mentioned, Fortinet has focused for 24 years on converging networking and security. In 2018, we started focusing on SD-WAN. And soon we saw huge success in terms of sales. We lead in the SD-WAN Gartner Magic Quadrant. Do you see parallels between that focus and what we can do when we focus on something and FortiSASE and solutions beyond FortiSASE?
We already see it, right? You saw the numbers from John. I mean, it's growing exponentially. Like if you look at SSE and SASE and where it's going, the growth is explosive. And what you see is the interest from our SD-WAN install base and that just multiplying so quickly out to the market. Just because the adoption that Robert talked about and the ease of deployment and the use of the solution is really uniquely different to the market. So no question, there is a very strong similarity. And I do want to say also too, if you kind of look at the competitive solutions around, I mean, it's the only integrated solution out there, truly.
So if you look at all the functions inside of SASE, you probably get a lot of different answers when you ask someone what SASE is. But I think Fortinet has really nailed what SASE and the definition is and SSE to make it meaningful and accessible to customers without a massive deployment schedule and timeline. And I think that time to market is so uniquely different. Again, we built in SD-WAN as native to FortiOS, and that is a huge differentiator. SASE is just the same. So it's going to have a very similar, I think, adoption rate and effectiveness that we saw on SD-WAN very early on.
Great.
Maybe sorry, I can add something on that. I was at the WEF annual conference for cybersecurity last week in Geneva. And that gathers roughly 200 CIOs and CISOs and a few of the big GSI partners. I was speaking to one of the GSI partners who is doing probably around $100 million with one of our rivals. They are super convinced to get on board to this new single vendor SASE solution with us because of the things that Matt has just mentioned right now. He exactly said more or less the same things that you said right now. We see this as a massive opportunity with the big GSIs, the big partners, seeing that ease of deployment, that easy journey that they can add SASE and zero trust solutions across the SD-WAN success that we've had over the years.
Also very similar to the SD-WAN story, where a lot of the service providers jumped on the SD-WAN. Actually, 30%-40% of what we sell in my region for SD-WAN goes through a service provider. They're very excited about the white labeling of the SASE, right? And having the sovereign SASE as well for their customers. And so they want to sell more services, and we're a vehicle for them to get there. And so really exciting, really big opportunity for us.
That's great. That's great. Pedro, sticking with you. Pedro, he came up from Florida, lives in Florida, runs LatAm and Canada, also spends a lot of time traveling as well. Describe our Canada and LatAm business at a high level and our top opportunities for growth there.
So Latin America and Canada, when I first joined, we were seven people. We're now over 1,500, close to $1 billion of business net to Fortinet. So it's massive growth over all these years. And I see, and as I've mentioned before, a really high install base, really high market share in this business. So for us, moving beyond the firewall has been a necessity many years ago. And so we had to diversify from the FortiGate. When seven out of every 10 firewalls in your region are a FortiGate, you got to go sell something else.
And so we have been doing that. And SASE and SecOps, as I was just saying, is a natural extension for our customers. So we have a lot of customers that come to us that have invested in Fortinet over the years, saying, "Help us get them to the next step," right? Zero trust, SASE, SecOps. I want more visibility, right? I want to know you guys integrate so many things in every version of FortiOS. Help me understand what I already have. How can I leverage that for the next thing? Because Latin America may be more so than other regions.
You have to do more with less, right? There's no unlimited budgets, right? There's no unlimited know-how. And so if you're in the middle of the Amazon, there's different challenges, right, that come to play. And so it's a very challenging region, but we've been able to execute really well. And I'm actually very excited with the opportunity, the refresh cycle that we have coming up, because it's a huge opportunity for us to upsell all of the new things that we've been introducing. So it's not just about replacing firewalls, right?
There are end of support, but it's about adding all of these new services that we have on top: SASE, SecOps, the visibility, some of the OT, which for Latin America, there's a big push for virtual cities and security, which is a big thing. If you travel in Latin America as tourists or you manage to live there for some time, you know that it's a big thing, right? Feeling safe in Latin America sometimes is a challenge. And so we do extremely well in the region. I'm really excited about the future and the opportunity we have ahead of us.
Great. Thank you. So refresh cycle will be a topic of interest. And Keith and Christiane will talk about it a little bit later in more detail. But give us the field view, Matt. Is there an opportunity not only to sell firewalls, but also to sell beyond the firewall?
Yeah.
What do you see about the refresh cycle?
So we have about a quarter of the population of the devices out there coming up for a refresh year in 2026. But what you're really going to see is the customer interest is going to engage much sooner than that. So you're going to start to see that in early 2025. There's a number of reasons for that, right? Of course, there's the logistics of maintenance windows and those kinds of things. But I also think it's an opportunity for customers to look at the consolidation factor of it all.
How can I consolidate more and then potentially look at where we can take the convergence to it? So I think the unique opportunity of this upgrade cycle that we're going to come to is that it's going to be really powerful in the sense of the cross-sell upsell function for the sales teams to go have the conversation. We're going to strengthen that with our partner ecosystem to come arm in arm with us to make sure that we're really capitalizing on opportunity.
How do we do that? It's really training our channel ecosystem more effectively on the three pillars that we have. And then as we get through that upgrade refresh cycle or however you look at that, that's a big population of assets coming due, right? So obviously customers are going to look at that journey earlier on rather than later. And we're going to create an event for customers to make that journey very seamless and easy to adopt
Right. Thank you. As Ken mentioned, the three Ls, one of them is leading. We've been talking about the convergence of networking and security for 24 years. When Ken interviewed me 18 years ago, we talked about it for a lot of the time and the power of the ASIC. Now others are starting to have that conversation where you see SASE and other kinds of integrations where there are opportunities there. Tell me about that, Matt. Do we see transformational opportunity in terms of our leadership in this convergence of networking and security?
We're seeing it everywhere across these big SIs. Joe talked about one of the SIs we're working very closely with on the transformation. I mean, that's really what they specialize in. That's their complete focus is the transformation. But every enterprise customer down to SMB customer and everybody in between that is really looking at the transformation effect that's happening.
The good thing is, they really look at Fortinet as their trusted partner in that journey, which is something that we've had to build over time with trust, as you mentioned, right? It's about delivering on the solutions. Our solutions, really, when you do put them in side by side, that creates a really unique opportunity for us. It's coming down to the show me kind of show me strategy or the show me that it works, especially as these technologies do converge and consolidate. So they're getting much more disciplined, I would tell you, and taking it off the slideware and bringing it into the lab and saying, "Okay, show me. Tell me what's really working." The transformation is very much real.
I can tell you that there's several SI partners, very large national channel partners who are just completely focused in this area. And again, as Pedro mentioned on services, this drives a massive attach on services. So that's exactly what speaks to them. And then we back that up with the close partnership, enabling them, as Ken mentioned, with training and, of course, all the assets behind, really enabling them to be more effective doing it. So we are seeing that transformation become very, very real, especially this year, kind of in this back half of this year.
And I've witnessed you have a security silo sometimes and a networking silo in big organizations. A lot of big organizations are looking for a cost-effective solution. If you get above those silos and you have a solution that's very cost-effective, it can be transformational
Yeah. I mean, there's a lot of personas, right? When we talk about platform, there's a number of personas that we have to obviously meet and I think take on the journey with us, and we talked about some of those journeys and the transformations that we have, but you are engaging and interfacing with the CFO, the CIO, the CISO, and sometimes even the CEO. We see that often, right? Because they want to understand what the evolution is going to be, but you're absolutely right, and educating our sales teams more effectively, communicating through those personas has been part of our journey this year.
That's great.
and it's also expanding with the new acquisitions that we did around CNAPP and DLP, different personas. You're looking at the DevOps, DevSecOps people. So that's going to be an evolution for our sales to understand and be more aware of.
Yep.
Yep. Great. Okay. Last question, and I'll start with Trevor, but I'd love multiple inputs here. So Trevor, as you said, we're seeing a lot of people want to come to Fortinet.
Sure.
I think it's a combination of opportunity. Culture plays a big part in that. In any company's success, strategy, track record of execution, as you can see on this screen, those are important. Culture is very, very important. And Ken has really set a consistent culture at Fortinet. We've had a steady strategy. We've got the proven track record of execution. How does our culture factor into our success?
It's everything, honestly. So if you look at, first of all, congratulations to Ken and building this fine company because he has built a great culture. Most of the people that work at Fortinet have been here a decade, which is a testament to Ken and the culture that he's built and all the people that are on the stage with me. So inside the company, the culture is unbelievable. As I mentioned earlier, we have people that want to come work at Fortinet, not only because our tech is great, because our culture is great.
We have really, really good human beings. I'll give you a little story. So as John mentioned, I live in Nashville, Tennessee. I'm on the road a lot. This summer, we had a gentleman flying us on his own dime from one of the largest home retailers in the world out of the Carolinas. And he came to speak at an event at the Twelve Thirty Club in downtown Nashville. Anyone been to Nashville? Yay. It's on Broadway. It's a pretty neat place. And so he came to speak to two other retailers, one who uses one of our competitors, another retailer who is a Fortinet customer we're trying to expand, right?
And he talked about his journey ripping out Palo Alto Networks and putting it in Fortinet. So he talked about not only the great price performance that he sees in his environment with Palo Alto Networks, but he also talked about your company, Fortinet, that we like to do business with, right? Your founder, Ken, and his brother, Michael, two of the most humble individuals he's ever met in his life. That's great, right? You don't get that very much in high tech. And I've been in high tech 25 years. And it's a tribute to Ken and his brother, Michael. And culture is everything. And the other thing is winning, right? I love to win.
I didn't come to Fortinet to compete. To me, that's table stakes. And I want to build upon what's been built here, but I want everyone to be thirsty to win. It's fun. It's like getting a B12 shot. I get a few of those every now because I'm tired a lot because I travel all the time. But culture is so important, right? And as I mentioned earlier, we have so much momentum in the market. I get lit up every single day on LinkedIn, my cell phone, for people who want to work at this fine company. And that's what's so exciting, especially about the U.S. market, because we have so much white space market to take away from our competition. So winning and culture is everything to me.
And it's not only a Trevor and Fortinet thing. It's also a customer thing, as I indicate in that story about that retailer. So that's a tribute to Ken and his brother, Michael, for building such a fine company built around great culture and great people.
Oh, in order? Oh, that's great. I was just going to say, why I think that is, is customer first, customer obsessed. We've always been that way. That's really our ethos as a company. And I can think back. I could probably give a thousand examples over the years of some of those situations that we find ourselves in. Technology is just inherently hard, right? But it's about how we support our customer that makes a huge difference.
And us being available as a team, I think what you'll find throughout the entire Fortinet team is that anyone's available at any given time. And everybody wants to be available. And I think that really translates to our customer. And they feel that authenticity from us in a very unique way. But really, customer first, customer obsessed. You can't go wrong if you lead in that position.
Yeah. And it's an engineering company, right? So we are all more or less engineers working every day in and out. And the other great thing that I found over the course of the last two decades is that we have a really flat, a little bit of what Matt was saying, have really a flat organization. So when you're speaking to the customers, if there's any type of problems, any type of request, any files, whatever it is, that the hops to get to where it should go, where that request should go, are very short. It's not a complicated organization. Extremely flat. Everybody is available, humble, and reactive. So I think that's a little bit of what I said at the beginning, speed to market.
And to me, I think a lot, I think you guys see on stage, the tenure here is very long, right? We've been almost 20 years here. And that to me means that we honor our commitments because we sit in front of the customers today and tomorrow and the day after. So when we promise something that we're going to deliver, we will deliver, right? So we're not mercenaries in trying to do a sale one time and then disappear. And if you go around in the industry, it's very common to someone to stay, especially at our levels, a couple of years and then move on. This doesn't happen at Fortinet. It's not very common that that happens at Fortinet.
And so we've been here a long time supporting our business, supporting our customers. We honor what we say. We stand behind our product. And we're convinced that we're continuing to do it. So I think that that was a key ingredient. Because at the end of the day, sometimes it's hard for the customers to distinguish between feature A and feature B. And in PowerPoint, everything works beautifully well. But at the end of the day, people make a difference, right? And as Joe, Matt, Trevor said, we are the people. We're the ones behind the machine. And we'll be here when things go well and when things don't go so well. We will stand behind the customers that trust us.
Agree 100%. And from my standpoint, it feels like family in some sense. We've got a lot of passion for Fortinet, for the mission. We all really care. It's more than a day job. We believe in the mission. We have confidence in the mission. We love Ken and Michael's story. This is a great company to get behind, and I think that hopefully comes through in this panel discussion and otherwise. All right, well, thank you, panelists. Thank you all. We have a 10-minute break right now. Really appreciate it. Great discussion. Thank you very much.
Thank you.
Welcome back. Thank you, everybody. I don't know about you, but I certainly enjoyed hearing yet again Ken's story, his vision of not only where the company comes from, but where it's going, and at the same time, then to move into, I think, a very robust and helpful conversation about SASE and SecOps from John Maddison and also Robert May, and then, of course, I particularly enjoyed the roundtable of the sales team. I don't know that we've done that in the past. I think my takeaway with all that bullishness is that quotas are going up. So we'll take that offline in a moment.
Everybody's okay with that? Everybody over here says it's fine, right? So I think as we kick off the finance section, right, maybe a, there's about a dozen slides that we'll get through, hopefully fairly quickly. I'll cover off probably four or five to start. Then I'll bring up Christiane, who'll cover off some of the meatier things that I think you're interested in, things like operating margins, what we see in the future, what we, how we reconcile to what we just went through. Also that upgrade cohort, the 2026 firewall, is giving you a lot of information about that.
And then also build out a little more detail around the customer journey for SASE and for SecOps. Okay. And if we started off, I'll come back with a bit of a callback here for Ken's slide, where he talked about the Rule of 40. He's a little bit shy, but he didn't say that 12 out of 14 years as a public company, he set the Rule of 40. You should watch this slide very carefully. I can't tell you how much longer it may survive. Okay. All right. One thing that when we look at our business in terms of our strategic investments and what our mix has been historically, that chart on the left, pardon me, on the left, it gives you the mix between M&A and between our engineering costs.
And we use this slide frequently with customers to really talk to them about this notion of a, we are a build versus buy company. We want to build it ourselves. We want to preserve that single operating system that you heard Robert and John talk about earlier, right? And then also the fact that the mix of our engineering staff is more software centric than it is hardware centric, as you've seen the shift over the years from what this ASIC has empowered to what the operating system has now become across all those different Gartner Magic Quadrants.
And then if you look at the mix of our buyback and our M&A, you can see, as Ken pointed out, a very rich population of buyback. And again, very consistent with the M&A strategy that we've evolved. We've talked in the past about the diversification of our business model. It's extremely diversified. If you look at the customer mix, a very large set of customers, but spread across small, medium, and large. If you take that MSSP wedge, and I'll let you divide it up however you want to amongst the three, you're getting to a business model that's fairly close to one third, one third, one third, right? It's a very significant customer base.
And it's needed for what we're going to go through now with SASE and SecOps and this cross-sale and leveraging that 2026 cohort that's going to refresh. Geographically, it's also a very diversified business. And you also heard very different in the geographies. You heard Pedro talk about Latin America, and you heard Joe talk about EMEA. Where they're the incumbent, 70% of all firewalls in Pedro's region are Fortinet firewalls.
Very different than what Matt and Trevor have in the US, where it's a smaller footprint. And so when you look at the go-to-market strategy and what's needed, Joe and Matt need things like, or Trevor and Matt need more access into the enterprise. They need that footprint to grow. Where Trevor and, pardon me, where Joe and Pedro are, they need more things to sell into that installed base.
And that's why you hear Joe talk about the OT journey and how soon he got on it, and why you hear Trevor talk about SASE and SecOps. When you look at the industries, the only thing I would call out is I think that the manufacturing wedge now coming back into the top five really is consistent with the OT market. It's not a direct relationship, but it's pretty close to that. And then also the retail space now getting back into the top five. It's a business that provides a very rich cash flow. We've talked about this recently, and we use that cash flow for innovation purposes, obviously. I also wanted to call out just in terms of a question that continues to come up about average contract term.
You can see that for the last two years, plus this year, we think we're going to be at 28, at 28 months, very consistent. As we continue to see growth in SASE and SecOps, we do anticipate that it will create some headwind to that, to that monthly number. However, the sheer size right now of the networking security and the firewall market is such that it's really going to support that longer contract term during this midterm frame that we're in.
If it doesn't, that really means that SASE and SecOps have done something truly outstanding, and I think we'd be extremely happy with that. Right? Adjusted free cash flow, you can look at the, where the margins are on the left-hand side. We've been very successful over the last several years, new adjusted for the real estate of putting a number up that's kind of in that mid-35% range, mid-30s, maybe just a tad bit higher. On the revenues, as you watch the firewall market go through this trough, right? And you've seen our mix shift from product to services in 2023 and 2024, right? A pretty significant mix shift. And in a rough math, I would tell you that every five points of mix shift moves the gross margin one point.
So I'm getting about a one point tailwind right now in gross margins because of the mix shift. As we start to see things like the 2026 firewall refresh or cohort come through, that mix should start to turn. And we all know that services are a lagging indicator and product revenues is a leading indicator. Right? On the right-hand side, you'll notice a term we've not used publicly before, RPO. RPO at the moment is not significantly different for us from our deferred revenue.
But with the addition of Lacework and its $50 million, if you will, of RPO, this not in deferred revenue, and in anticipation of what SASE and SecOps could become, we wanted to introduce the term here, including the notion that the current RPO, CRPO, in the subheader you see is about a 16% growth rate. And I think, as promised, I'm going to bring Christiane up for the good stuff.
Keith.
You're welcome.
So, as Keith said, we want to bring some of the numbers into perspective that you've seen and kind of related back to the story that you heard. We are a globally diversified company, and so we've benefited from the shift to more services in our gross margin. But if you look into the future, you will see that there's a little bit of a normalization that will happen. We expect fewer inventory reserves that will keep up the gross margin, especially for hardware. On the other hand, we may see a little bit of a mix shift.
If you normalize what you've seen over the last two or three years, we expect going forward about 79%-80% gross margin for your modeling because we expect a little bit more product to sell. That brings down the overall gross margin, but not significantly now. You also notice that our operating margin has increased significantly, and this is a little bit the start for Keith's final words on, like, where do we end up? What are we maybe committing to in the future? The current gross margin, the current operating margin that we are predicting for 2024 may be a little bit on the high end for the future. As I just mentioned, we expect gross margin to come down slightly.
We also want to invest more in sales and marketing, as this year our growth rates have not been where we want it to be. So the normalized operating margin will also be slightly lower, but not significantly. And we hope that we can offset it with some really good growth in the future. Some more metrics that might be of interest to you and on the kind of success of our other pillars that we are really focused on to give the sales teams more to sell, more to talk to our customers, to support the story of convergence. Our Unified SASE growth this year has been, or in Q3 has been 11%, and SecOps has grown 14%.
In these numbers, no, sorry, Unified SASE has grown 11% last year, 14% this year, clearly outgrowing the market. And SecOps has grown even 32%. So while the numbers, as you can see from RPO and ARR, are still small components of the total business, it's growing faster. And we expect it to grow faster because we have a huge install base, and we are trying to sell into the install base as the sales team just explained. Of course, in the U.S., we have also a massive market still to be tapped in because we are not the market leaders.
So you will, you will see a very balanced growth between the different pillars in the future. Why are we showing RPO for Unified SASE and SecOps? It's really that we expect a little bit more of a change in RPO, specifically for SecOps, which has more SaaS solutions compared to deferred revenue. In the other parts that are more hardware-centric, RPO and deferred revenue may be pretty similar in the future as well.
What I'm really focused about is also ARR because this normalizes our billings a little bit and gives us a better idea of how we are growing, how we are grabbing market share. While billings is a great metric for cash flow, ARR is a better predictor for revenue in the future. This is an important metric that we will track in the future, and not only for Unified SASE and Security Operations, also, of course, for our Secure Networking pillar, because there is a lot of services that we sell with our FortiGates, and that is really where the convergence and the security comes in.
What we wanted to put into numbers or more explanations are some of the customer journeys. Of course, in the large enterprise that we've used as an example here, you see more of an adoption. And please also keep in mind, large enterprise is predominantly outside the US. Of course, we have large enterprises here as well, but a lot of the numbers are impacted by the success outside the US. So our customers typically start with firewall, but not only. We see a lot of customers that meanwhile are hybrid.
So they buy virtual as well as physical firewalls to satisfy their cloud edge. Then the next journey is enabling SD-WAN. We have a lot of customers that even as we see slower growth rates in SD-WAN, are adopting the SD-WAN by just flipping the switch on and enabling the respective services. And then, of course, the next journey that we just started, and we're at the start here, is the SSE expansion.
This is going to be one of the biggest growth pillars that we expect, which you may have seen on the previous slide. The ARR for just the SSE component has grown 500%, which is reflected in this deep curve of adoption in large enterprise. If we can roll it out to our huge customer base in SMB, it's going to be really powerful. You heard a lot about convergence today. This gives you a little bit of an idea and an example of how much our customers actually buying into these convergence strategy and journey. So we can see a lot of customers buying switches, and we see a 10-point increase over two years. APs, we've always sold to large enterprise quite a lot.
And if you look at the left, the OT penetration in large enterprise is quite significant because, as Joe explained, more and more customers are looking at the convergence of networks and operations. And so, especially in EMEA, we have a huge customer base that is buying into the OT strategy, and we will continue to capitalize on that one. I think this is what everybody has been waiting for today. So let me put this a little bit into perspective. We've been talking about the refresh or what we would actually call the upgrade cycle. And in 2026, we will see a significant number of Fortinet firewalls come end of support.
What we've done here is give you a little bit of a perspective of how many models each year were marked end of support and how does this work at Fortinet. Basically, at some point in time, we decide that we are not selling certain FortiGates anymore and that the next model is introduced. So then we are declaring a product end of sale, but we give the customer the guarantee that from the end of sale time, we support it for 60 more months. So that every customer has a five-year guaranteed life cycle or even longer.
Typically, from the market introduction, it's between, I would say, eight to 10 years. But at some point in time, we decide we don't have enough components anymore. We want to bring out the new models. So we declare it end of sale from that time onward. So you can see if these are these devices, these 11 models are end of support in 2026, they were declared end of sale in 2021. Why is it such a steep increase?
First of all, it's 11 models, and these were high-volume models. Second, Fortinet has grown over time. So you would expect that with high-volume models coming end of support, the number is growing. To put it into perspective, the 2026 cohort is about a fourth of all the registered devices, FortiGate devices that we currently have. And because it's such a large number, it's mainly 65%-70% is the low-end firewalls. We do have some large firewalls, the 1500D, that's also coming end of support. So, but it's dwarfed in the numbers here. In 2027, we have another cohort that comes end of support.
And then, as you know, we've sold a lot of FortiGates in 2022. You can see it from our product revenue. We expect that even though there is not an end of support cycle in 2028, these devices registered in 2023. So many of these devices here will come up for an upgrade cycle, maybe not forced through an end of support cycle, but as well. We expect more upgrade capabilities, opportunities for us. And then over the next three years, three to four years, combined with all the other products that we've currently introduced or that we are currently innovating to give us the ability to sell more services as well. Because that's why we are introducing ARR.
An upgrade or replacement or refresh cycle of a hardware doesn't mean we are selling more services, right? So ARR is really critical for us to measure how we expand because we may not directly see it from billings. That's a critical measure for our sales teams to see how good are we in capturing more market share, broadening the service space, and making sure that we keep that one-third, two-third delineation between product and services because we want to be a service company.
This is where a lot of the value is as well. With that explanation, I'll hand it over to Keith, who will give you the guidance for the next couple of the new model targets, the models.
Please. And get off the stage.
Now you're guiding them to the model.
I don't know what I'll call that. Nothing that can compare to that, I have to admit. All right, thank you, Christiane. I think that's fantastic. I think, you know, hopefully we provided the bridge, if you will, how to normalize the gross margin and by extension, the operating margin. You can see the unusual events in 2023 and 2024 to help you with that process. I think also the cohort of the 2026, I think gives context, but now also following on for your benefit, a cohort of 2027, right?
And you can kind of, I'll leave it to you to model what year you think those products will actually drop and how you split that between years, but it also gives you a sense of the tail that's coming, but also most importantly, that opportunity for cross-selling into SASE and into SecOps. I stole the thunder before, didn't I? So the Rule of 40, which we've been talking about for many, many, many years quite proudly, we wanted to provide this as kind of an insight.
If we had been operating under the Rule of 45 for the last five or six years, what would it have looked like? And how much of a stretch for us is it to start targeting a Rule of 45? And with that, for the midterm model, we're targeting a growth rate of both billings and per revenue of 12% or more on a CAGR basis. Operating margins of over 30%, 500 basis points higher than our last floor, again, over this midterm period. And officially bringing in the Rule of 45, raising that by five points from the Rule of 40. And adjusted free cash flow margins in the mid-30s, perhaps a little bit higher as we go forward.
We believe that the cohorts that we talked about in 2026 and 2027, together with the opportunities that we see in SASE and SecOps solutions, and the continuing success in taking market share penetration, whether it's internationally or in the US, all provide tailwinds to this new model. Just some modeling points. It's just as a recap. We didn't change anything from what we gave before. Right? Okay. And then some more modeling points for you in terms of cash paid for taxes, capital expenditures, and the non-GAAP rate. Aaron will post this presentation on the website soon for me, within 24 hours, maybe a little bit sooner. Okay. There's a lot of pictures have been taken, Aaron. You might want to help him out. Okay.
If I would just kind of take all the presentations today and put them into four different buckets in terms of what we think the key takeaways are about Fortinet, about our messages today, whether it was Ken's vision, whether it was the go-to-market strategy and the roadmap for SASE and SecOps, or the information from our sales leaders, and then all supplemented with the great data that Christiane provided.
You know, I think you would look at this and we would, you know, we'd want to emphasize that our TAM is now up to $284 million, and I think that reflects what we see in this industry, which is there's always a demand for new technologies. It's an extremely dynamic industry and it has its own set of catalysts, whether it's threat actors or adversaries of any shape or fashion or regulators or what have you.
We think we've established that foundation for growth. That unique combination of the ASIC investment, probably total several billions of dollars, together with the operating system, creates a moat that we don't think competitors have. They can't compare that to us. At the same time, it positions us to deliver what we see from our customers in terms of what they're looking to buy as we go forward, and we talked about the upsell opportunity.
Again, to belabor that point, that 2026 cohort and now with the addition of the 2027 cohort and the context of how many of our units that we're really talking about there in terms of our total population, together with the acceleration of that chart, when you offer a trend line, suggests that we should be able to continue on that growth curve, and then our history of growth and profitability.
I think we're very pleased with the profitability that we've delivered and in exchange or as part of that, delivering that profitability back to shareholders in the form of what has been a very rich buyback program for several years. I think what we'll do now, Aaron's going to come up. You can come on up, Aaron. It's fine. Right? Because we didn't have a break after the business section, right, for the salespeople and so forth.
We're going to bring everybody back on stage. I thought the presentations today were fantastic. I really think that the sales leadership as well, providing context and getting you one step closer to the customer, the understanding of how our markets differ. We want to get everybody back on stage so you can ask them questions, including how they modeled 2026, right? Okay. All right. Thank you.
I have to turn on the mic.
I'm going to bring that. Chair's up. It's a BYOC. It's the chair. I did it earlier. I don't know if you saw that. All right. That's chair for. Oh, thanks. Where are you going to send to this? John, John. Okay. Thank you. I'll stand. I'll stand at the side. People that sit have to answer the question. Go ahead. You don't mind, Keith. I'm not going to show them how to service us. You sit down.
Hamza Fodderwala and Morgan Stanley, thank you so much for your time today. Just two quick ones. Ken, about five years ago, you talked about how the edge was going to eat the cloud, right? I'm curious. When you think about your SASE strategy, particularly the sovereign private SASE portfolio that you have, how is that differentiated relative to some of what some of your competitors are doing? And then secondly, for Keith, you talked about over 30% EBIT margin, three to five-year target. Is that an average over four or three to five years? Like in some years could it dip below 30%? All right. Thank you.
Thank you. It's a great question. I do believe long-term the edge computing will be probably overtaking a lot of secure computing right now because the next wave of connection, like I mentioned, probably more on the device level and OT security, all this area. You can see that's where like also some other trends really, the GDPR, whether we call private SASE, sovereign SASE, that's also kind of making certain centralized cloud solution may not really fit for all the customer needs.
So that's where a big lot of devices like connected cars and modern sensors, you really need to make a computation on the edge side instead of all depending on the cloud. So that's why we kind of have a hybrid structure, infrastructure is more important. It's always a debate whether all cloud or edge, all these kind of things, but I do believe a hybrid approach, if you can have the same user interface or operating system, customer have the freedom to move from edge to the cloud or on-premise to whatever the virtual, that will be always the best. So that's what we try to achieve and also try to differentiate ourselves. It's really kind of give the customer their kind of a freedom to move among edge or cloud or applied or virtual.
Now, the second question, I think I would go back and look at the journey of the 25%, how we talked about it. First, it was a target, and then it was an average, and then it became a floor. I think we've already skipped past targeting 30%, and we're really now talking about the average during the midterm period of being 30% or more.
Keep in mind that, you know, whatever we end up with with the current year, that operating margin number that we have right now still faces about a 230 basis point headwind from Lacework. That headwind should ease over time as Lacework grows and we absorb some of that cost structure. On the other side, I think the need to invest or the opportunity to invest in the go-to-market part of the business still is very significant, and I would see us easily wanting to spend at least another point or so there.
Okay. I'll go next. Patrick Colville from Scotiabank. Thank you so much for doing this. You know, congrats on everything you guys have achieved, and the vision is super exciting. Again, one for Ken, one for Keith. Ken, one of your competitors announced this platformization initiative nine months ago. I guess define platformization how you wish, but one component is performing buyouts. Do you think Fortinet need to perform buyouts in order to penetrate the U.S. enterprise? And then Keith, one for you. What's the linearity of that billings target over the next three to five years? You know, will there be an arc or is it 12% all the way? Thank you.
For the enterprise buyout, let me introduce Trevor. He's an enterprise expert.
Can you define buyout just so I understand through your lens?
Yeah. Let's say you've got, you know, Cisco, Palo Alto. Juniper, the contracts. Yeah. Let's say you've got Cisco, Juniper, Palo Alto, the contracts expire at different times.
Yes.
Removing that friction so the customer says, "I don't want to standardize on Fortinet because I have these contracts expiring at different times." You know, Fortinet covers the cost or provides free during those contracts expiring. Yeah. So a couple, that's a great question. A couple of things. We do do buyouts in advance of a PAN renewal or a Cisco renewal.
We just hired PAN's one of their top financial services person to help us in that endeavor, if you will. And also, you know, respectfully, and I respect PAN. I know people from my time at EMC that work there, but we've capitalized in a big way on PAN because they go into, when renewals come up, they'll take a $20 million renewal and raise it to $40 million with no new product, right? So that's great for us, but we do do buyouts. We've done them creatively, and we have a person that we just hired from Palo Alto Networks to help us in that endeavor.
Yep.
Yeah. I think what I encourage Trevor and Matt is kind of the 80/20 rule in that, you know, I want 80% of my business just to go like it goes, right? There's a price list that goes to the channel and so forth. But when you have a knockdown drag-out opportunity to go toe-to-toe on the channel, particularly in the U.S., I mean, go find out how the customer wants to acquire and purchase and what it's going to take to dislodge the incumbent and then start that conversation.
So I think they know they have a fair amount of latitude, and that's what Trevor's talking about a little bit there. And that way I've avoided the 12% question that you asked him.
And real fast on the platform.
What we will be back in early February to have guidance for 2025.
And we talked about this today. We are the only security and networking company in the world that has a single OS. We are the only one, right? PAN does not have a unified OS. They've bought a lot of companies and cobbled them together. When the sales team does their job and they sell a FortiGate, which is the tip of the spear, that's land, and we can expand into SD-WAN into SASE. It's unbelievable. And our customers, if you look at most CIOs and most CISOs, they want to do more business with fewer vendors. And that falls right to us, right? The onus is on us to go out and execute on what we've talked about today. So it's just, like I said earlier, it's a phenomenal opportunity right now to be at Fortinet.
Good morning. Good afternoon. Thank you very much for taking the questions, Fatima Boolani with Citi. Ken, I wanted to start with you. You know, I think there is a prevailing misconception about Fortinet as it relates to your advantages being translatable as you move to cloud and multimodal delivery architecture.
So specifically, what I wanted to ask you is, can you spend a little bit of time talking about the cloud ASIC and the virtual SPU investments that you've made in the context of, I think, $1 billion or more that you've spent in R&D and proprietary chips? Where is that architectural distinction and how does it not cannibalize what you are all phenomenal at from a hardware acceleration standpoint? And if you could just help demystify some of those misconceptions and maybe misperceptions and then have a follow-up for Matt and the sales team.
Yeah. I think for the ASIC, it's really try to lower the secure computing cost. So if you look at today in the cloud, secure computing probably only counted 1%-2%, the total computing in the secure computing there. But we do believe that number will keep increasing. When that increases, just like how AI, how the GPU being lowered, some other like AI cost, some other things there. So we do believe eventually the secure computing cost also need to leverage ASIC technology because the cost, not just the computing cost, but also the energy cost and also the performance improvement. And so not only just benefit our clients in the field, but also benefit the cloud data center.
So that's also [how] we use our internal ourselves, like in all these SASE data centers. We can see how much we can leverage our ASIC chip to all the secure computing, all the SASE functions because security tends to need about 30-100 times more computing compared to the general routing switching. So you need to have a lot of computing go through all this kind of, whether in the data center or in our clients there. So traditionally, we try to use ASIC more into the appliance space. That's where customer sees some benefit on performance there. But there's more computing to the cloud and also some kind of service-based SASE. We also feel that kind of part of secure computing also can leverage ASIC technology. And also including the OT, which Joe is an expert there.
Actually, he's also an engineer, I think, for Siemens before he joined Fortinet 20 years ago. So you can see also in the OT environment is the same thing. A lot of OT have to be using legacy network security to secure it. A lot has to go through all this kind of computing. That's also we do believe the ASIC chip eventually, just like how the GPU benefit AI. So the ASIC chip we call SPU can also benefit a lot of secure computing, whether in the cloud or appliance.
Appreciate that. Thank you. And for the sales leadership, I wanted to go back to some of the new disclosure that you shared with respect to the enterprise net retention rates and a lot of the opportunity that you have in the large enterprise. That was abundantly clear. But those are companies I think that you've defined or classified as companies doing 10 billion or more in revenue, which is fantastic. But you have this massive long tail of customers in an 800,000 install base, right? So large enterprise is great, a lot of opportunity there. But within kind of the meaty, meaty mid-market, I was hoping you could spend a little bit of time talking about sales segmentation strategies and, you know, potential shifts because the buying behavior might be different, but I think the opportunity might be better.
Good to see you.
You too, Matt.
Yeah, absolutely. Right. That meat of the market, as you describe, is really where Fortinet's strength really translates really effectively. And there's a reason for that, right? Because the complexity and the sheer manpower that typically companies have in those areas, you know, you don't really necessarily have the workforce in place to be able to effectively do that with tons of people. So how do you automate that? And that's where Fortinet really comes, you know, in that consolidation and convergence strategy really translates extremely well to these companies that are trying to solve something.
It's extremely complex. How do you get over, you know, the if it is an incumbent situation, but how do you get over the conversion of incumbent technologies? How do you do that? And we have tools that do that for. We have a ton of services available, again, with our partners. And that plays a huge role in this mid-market is that they're extremely focused on that part of the market.
So we're DMRs, national partners, and of course, our focus partners. But that ecosystem of companies helping us to push in those areas along with our ability to consolidate and converge is a huge differentiator because it's not just about cost, right? It's also about complexity and risk. And those are the kind of three elements that I think drives the consumption better in those markets for Fortinet than anyone else out there.
Hi. Brad Zelnick over here, Deutsche Bank. Thanks so much as always. Great day and congrats on 15 years of public company. I wanted to talk about that refresh slide. So very, very helpful disclosure. I'm curious to understand, would it look much different on a dollar basis as opposed to looking at units? When we think about your midterm guidance, how does the yield that you're assuming on that refresh opportunity compare to prior refresh opportunities that you've seen? Is there an argument that yield can actually be greater because you've got a much broader, more compelling converged offering today to go cross-sell and upsell than maybe you had at any point in the past? Thank you.
Want to talk about it?
What is the yield? So I would say because it's mostly smaller units, right? The yield is probably around net to Fortinet over the next two years, around $400 million-$450 million in product revenue with normal churn and an average price. So that's, if you put it into perspective to the total revenue and it refreshes over two years, is definitely helping product revenue.
Total revenue is probably up 4% or 5%. So depending on the rest. From a billings perspective, it's a billings event. It gives us the ability to sell more and to sell more attached services and have a discussion with the customer about all the other products that may help them. So I think it's a compelling event for us to go out to the customers. And that's why we have our sales teams here to really explain how they capture the minds of the customers.
I think we're certainly aware of the opportunity as we set midterm targets. The nature of your question kind of suggested I should raise those midterm targets. After 15 minutes, I'm going to pass on that opportunity. I think that the math that Christiane is referring to, and we'll let you make your own assumptions about things, you can take the units that are up there, call it 650,000 units, and you know what our price points are. We're very open about our discounting and so forth.
And one thing that we did do to add to a data point to this conversation, and Christiane worked through it, was of those units that are coming up for an upgrade cycle in 2027, what percentage of those are still pinging home? And the answer to that was 85% in the last week. I can't tell you what they're doing with them, right? But I think that's a pretty good indicator that there's life out there and there's going to be an opportunity and there's going to be a reason to talk to customers.
As you go through that math, you probably need to make some assumptions about ELA agreements and how many of those units already may have kind of gone through there. So I'd probably be a little bit shy about giving a specific number, but I'll defer to you to refine the math that maybe you've already done previously.
Yeah. Question over here. This is Max Gamperl from Goldman Sachs. Thanks so much for the time. I wanted to ask, with the growing traction in your secure service edge business, has your view changed at all on how this might impact the firewall appliance market? Do you expect SASE to impact the hardware side of the business at all, or should we expect similar growth rates in appliances regardless of secure service edge adoption? Thank you.
Maybe I can tackle that one. So I think we haven't seen any change in what we thought would happen. And that is remote users are transferring from VPN technology to SASE technology. And that's probably the best use case there. The next use case is what I call the thin edge. People are calling it the coffee shop, where you can't get a substantial hardware footprint there. And so that will be a SASE implementation as well. But for branch, large campus, OT factories, etc., there's still going to be a hardware footprint. Even if it's just for SD-WAN, there'll be a hardware footprint there, which we think will add security and the combination of SASE. So those environments will become more hybrid as you install SD-WAN and SSE.
But you're going to need something there, whatever it is at those locations, because you need to direct and steer the traffic out, whether it's going to SSE or whether it's going to data center or multi-cloud. But again, I don't think it's going to affect that entry-level firewall, entry-level where SD-WAN locates for those use cases.
This is Jonathan Ho from William Blair. I just wanted to offer my congratulations for the past 15 years. It's been a great ride. In terms of Fortinet's success internationally, this has clearly been an area that I think is underappreciated by investors. Can you help us understand how you can bring some of what you've seen on the international side to the U.S. and perhaps maybe what's baked into your guidance around the ability to gain traction on the domestic side? Thank you.
Oh, I can talk about the success we've had in international, but how we bring that to the U.S., I think.
I can teach them if you want.
I was thinking about it. The competition begins.
They have to pay.
Yeah. So Joe and I work really closely in obviously getting the commonalities and synergies that each one of the geos represents and what it is, it's very different for Pedro, for instance. As he said, seven out of 10 firewalls are Fortinet, so you naturally have to move outside of the Gate in order to be successful. But how we replicate those is pretty simple.
It really comes back to a really strong channel ecosystem, direct relationships with customers, building that segmentation strategy, as we talked about a little bit earlier today, really having the focus in those markets, in the verticals and segments as you approach each one of those markets. So we're very much aligned in the sense of how we think about genetic makeup of the sales organization. And then finally, enabling the field to be most effective at selling platform rather than point solutions, but really understanding how to sell and position the fabric in a more effective way is critical to the success. And so we're very unified in that approach.
It's also about sales enablement, right? So we have been very strong at selling firewalls in the past. The market from this year onwards, we've redefined our strategy. Having that extra sales enablement for the SASE journeys and the AI-driven SecOps journeys is what we're going through right now, especially in the U.S. As I mentioned on the panel, we started a few years before. It was just an intuition. And that was extremely successful. And that's why international grew slightly faster than the U.S. But they will catch up fast, hopefully.
Great. It's Keith Bachman here from Bank of Montreal. Excuse me. I wanted to ask two questions. The first one is a product one. And then, of course, Keith, I have one for you on the guidance. On the product targets, just beg your pardon, targets. On the solution side, the broader question is, is the software portfolio excluding SD-WAN, is it enterprise ready? And so the genesis of the question is the SecOps and the SASE solution, again, excluding SD-WAN.
As an example, you talked a lot about SASE, and you talked about going through service providers, which by definition is going to small and medium business, not to enterprises. And so typically, the SASE solution that might be relevant for small and medium business is typically different than it might be for enterprise. And so, again, Lacework is still an emerging. I think there's some R&D you're adding to it. But just broadly speaking, as you're thinking about this yield opportunity, is the non-SD-WAN portion, is it enterprise ready?
Well, absolutely. So, I mean, for the U.S., like the core has been built over the last 24 years through organic engineering, which is deployed in everything from, like you say, small business all the way to telco, data centers, and high-capacity environments, right? These have been organically integrated in a planned fashion with the ASIC as well as the software working together for that entire lifetime. From that point of view, the software is very much enterprise ready from both the software running as well as the management layer. When we go to SASE, it's really taking that same core components and being able to run them in cloud environments as well.
I want to push back. I still think large enterprises, we're going to buy at BMO, we're going to buy our SASE solution because it's relevant to that area. And we're going to buy our endpoint because it's relevant to that particular area. And it's a bake-off based on that. And I'm just trying to understand whether you will win in those solutions. I get that your management layer is frankly probably better than everybody else.
But on a standalone basis, when you're going head-to-head in the enterprise, I think it's a hard conversation. Well, I think the sales can comment, but when we go into POCs and bake-offs, this is really when we tend to shine. Yeah, right? It doesn't go to POCs. It's the 70% of my business is in the enterprise business. We are seeing deals. I mean, to your question, where the rubber meets the road is our enterprise is buying. We see seven, eight-figure deals in SASE and SecOps. And so we see we compete very, very well. I think if you look at, we talked about it earlier, the focus on SD-WAN starting in 2018, and then the success we had, we've had a lot of focus on SASE and now SecOps as well.
And so I think when we focus on something, it really kind of reaches that success point pretty quickly. And that's the plan. Okay. I'll give you a customer lens to that. Maybe that will help solve some of that. But typically, when we meet with CIOs or CISOs, I think point solutions were the thought process. And what you're suggesting is they come in and you have to do a bake-off and it's going to be against the point solutions and the best of the best of the market. That has changed dramatically in the last few years. I would say the approach is more about looking at the organization holistically. So looking at the security posture and understanding what's going to be effective, time to detect and time to remediate is extremely important. I gave the example of the Fortune 50 customer that has 200 different security solutions.
How in the world do you manage that? Yeah. How is that effective, and so that rationalization process is real. Going from 200 to 60 in the enterprise is a real problem. There's shelfware, there's all kinds of tech debt, there's just a number of things that happen inside of these environments where I think it's changing the mindset of point solutions versus platform. Now, will you have more than one platform? Potentially. That is possible. John and I talk with customers and it's about resiliency, so you're going to have one or you're going to have two. We're hearing more of that, right, and that gives us some tailwind there.
Yeah, well, clearly, consolidation is a trend, so that's your friend. Keith, the question for you is, I think many investors are looking at 2025 and we're trying to understand the shape of that. But the most nearest relevant point is 2022, where you had a pretty healthy upgrade cycle. And so a lot of investors are looking at the dollar revenues you added in that year and trying to superimpose that on to 2025. Yet trying to distill that down in 2022, you also had a lot of net new buying.
It wasn't just upgrade. And so is there a way that you, without asking you how you're going to guide to 2025, is there a way that you could just at least help us understand the dynamics of 2022 and what was the impact of upgrades versus the impact of net new? Any way to peel that onion apart to give us a reference point on 2025?
Yeah. I'm excited about 2025 in that I don't have anything really lumpy that's going on. There's no more supply chain, there's no more inflation, etc. And so we kind of get pure compares. Unfortunately, I'm now back looking at 2022 that had some unusual things in it. One is we had the Alaxala acquisition, which was a $150 million switch company. And so you were getting inorganic growth in that number. If I recall correctly, 2022's product revenue growth was 42%. And if we were running previously at mid-teens to higher, maybe a little bit higher, normalized, I mean, maybe that's a good data point to kind of keep in your head.
I think one aspect about that is the fact that while those products end of serviced that cohort in 2023 that Christiane showed on the chart, you really saw the impact earlier than that in some way. But like you, we're trying to understand how much of that was early buying because of the supply chain, which was certainly significant in 2022, versus how much of it is this cohort. And I can't give you a great—I mean, you're asking the right question, but I don't have a great number behind it.
All right. Over here, Adam Tindle, Raymond James, thanks for doing this. I wanted to ask, you had the slide on billings mix in the three major areas, and you showed the CAGR relative to the market. Couldn't help but notice SASE was the lowest spread relative to the market. So first question for Ken, if you were to maybe qualitatively look at your SASE product, how would you say it's most important to close the gap or widen that spread, I should say? And specifically, you talked about a third to half the cost when we own.
I'm wondering if it makes sense to more vertically integrate your SASE solution and own the points of presence. And for Keith on that, I think the free cash flow margin targets were maybe a little bit light relative to what investors were expecting. And I know we have high expectations. I wonder if any of that is associated with some of the CapEx to build out the SASE platform or any other bridge you could help provide on free cash flow margin targets. Thanks.
Yeah. The number, like a half of one-third of cost is really compared to a colo cost. And also, if we compare to the cloud cost for all the SASE data center, probably only 10%-20% cost. That's where we're keeping building our own infrastructure. And so that's really for the long-term player to be really eventually have the cost advantage compared to other SASE players, which I don't see none of them building their own infrastructure because it's really long-term investment.
You'll probably see the return in five to 10 years, which we already do this kind of investment probably 10 years ago. On the other side, it's really the strategy of SASE, we're changing from one year ago. Before one year ago, we always want to go SASE with a service provider. And that's where we don't market directly our own SASE solution. We feel which may be a little bit conflict with service provider when they use their own infrastructure. We give them part of the offer to SASE. Because I remember 15 years ago when we IPO, that the carrier service provider is the biggest market sector there.
It's about over 30% of business comes from carrier service provider at that time. They do all this managed security service, mostly on the firewall VPN. But now, over the last 15 years, they're starting to fall behind. There's a lot of new security service needed by enterprise, including a lot in the SASE, DLP, CASB, all these kinds of things. So they are not offering that one. We feel the SASE, if we support it, then they can catch up. But like I say, they're kind of moving kind of slow. We're still working more closely with them.
That's the reason we started to market directly ourselves one year ago. And then we see the ramp-up quickly. But also, we still want to support a service provider. We also want to keep in building our own infrastructure, not just for SASE, and also for a lot of other service that we have. So we feel that eventually also gave us more advantage over other competitors. So that's the things behind.
Yeah. Maybe I can add some commentary to the CAGR. If you looked at that pie, half of it was SD-WAN right now. And SD-WAN is suffered from the same issues that switching and APs, the whole networking industry. Everyone bought a bunch of it, and it went down. I think that will come back eventually. But we didn't give it. But if you looked at the growth rate of SSE, and I think everyone gets confused about SASE and SSE, etc., that was much higher. So I would say it probably got brought down a bit by the SD-WAN component.
And then on your question about free cash flow, and yes, I mean, we are holding back, not dollars have been earmarked specifically, if you will, but are set aside for us to continue to build out the infrastructure to deliver the SASE and the SecOps solutions. Absolutely. I think one thing that we've seen here. There's a bit of a trade-off as we make those investments in the infrastructure to deliver those solutions.
Our math always comes back to the ROI. Longer term is supportive of doing it yourself. And what's interesting about that is we've been doing it for an extended period of time now. We've talked about it for several quarters, if not a few years. But as we've added these SASE and SecOps solutions to the mix, you've not seen a degradation in the service gross margin. So we are using those investments, using our own technology and our own facilities to try and offset some of those startup costs that you would normally expect in those new solutions. And I think doing so successfully.
Hey, this is Shrani here from BTIG. So great presentation, really useful disclosures and help kind of breaking out the segments. So Ken and John, you guys talked about expanding the portfolio with the Lacework CNAPP and Next DLP, and that helps you tap into an additional $20 billion TAM, which is pretty meaningful. So just wanted to get a sense in terms of how you guys view both Lacework and DLP specifically shape the growth trajectory both near-term as well as in light of the medium-term targets, which is about the low double digits CAGR. And then I have a quick follow-up for Keith as well.
I think the CNAPP is definitely part of future growth and in the sector up and also the DLP both in the SASE and also kind of we sell separately. So we see the total addressable market, like I mentioned, $20 billion is pretty big. But for us, we do have the internally developed technology. And also we'll be working together with a new team, new technology integrate together. And at the same time, some of them also will be built into the SASE, like DLP. I think we really like the team. And also kind of the technology they build is pretty good, pretty strong. And we're still in the process trying to integrate better. And at the same time, it is a huge potential.
We also try to see how can leverage with all kind of a convergence kind of a way to deal with all this merger acquisition compared to most of our competitors when they acquire keeping separate platform. I call it more kind of divergence way, which they end up as so many different kind of a platform. So that's the process.
We still need some time to keep it go through it. Because like I say, eventually, customer will prefer easy to upgrade, easy to migrate to the next stage of a security. So that's where we feel the technology CNAPP, but also the DLP is very, very important. And some of them will be eventually part of the FortiOS, part of SASE. Some of them can be standalone. And then we'll see how that ends up. But it's really making some of the part of FortiOS very important for us.
Got it. Just very quickly for Keith, on the margins target, right? Of course, you highlighted more near-term. There's headwind from Lacework and increased go-to-market investments. Just wanted to get your views on from the medium-term targets perspective, how should we think about the increased investments on the go-to-market side, but also for the M&A potentially and how to get into the overall margin targets?
Yeah, I think we've talked in the August earnings call, and we talked again in the November earnings call. And we still believe that there's a solid business case for continuing to invest in go-to-market above what we have to this point. Sales capacity, I think actually we feel good about sales capacity, although there is a simple math of add more people and you add the top line.
I think there are, as you hear, the different needs, if you will, from Pedro and his geo versus Joe and his versus the US. I think there's certainly opportunities, and John's done a lot of things on very targeted marketing programs there that we'd want to explore as we go forward. I think that those midterm targets anticipate that. I'll let John Whittle talk about what's on his shopping list that I don't know about.
From an M&A standpoint, we considered a competitive differentiator that we develop mostly organic. You mentioned CNAPP. That's an interesting one because it was an acquisition, but Lacework had the same philosophy. They developed it organically. Versus some of the competition where they pieced together their CNAPP solution based on a number of acquisitions, we saw Lacework winning against those competitors.
So I think we'll continue the organic focus from an acquisition standpoint. We're going to continue to look for areas that will add value, but we will always tilt towards organic development over the acquisition. We'll keep our flexibility there. We'll see what comes down the pike. But that's definitely one of our competitive differentiators in terms of developing technology organically that works really, really well together on an integrated basis.
Okay, great. Can you hear me? We can hear you. I don't know the mic. We can hear you. Just not through the microphone. Yeah. All right. All right. Well, great follow-up, BTIG. Adam more or less had my question a couple of minutes ago, but I just want to make sure that I understand the data center strategy correctly. Are you all physically building your own data centers or building infrastructure in an Equinix or Digital Realty facility?
If you're building your own, I'm just curious, why would you go down that path? Because it is expensive and pretty much every major cloud provider is already in a third-party, like a network-neutral type data center like an Equinix. And then just the follow-up question, as it relates to the midterm targets, that adjusted free cash flow number excludes the real estate investments, right? So how should we think of backing out some form of real estate investment to get to a fully loaded free cash flow number?
It's a great question for the data center because there's a lot of kind of related questions in the last 10 years since we started acquiring some real estate.
I think for us, really, not just the data center, but also when we acquire some real estate, we also can build in the EBC and also different than a lot of cloud providers or colo. Colo, they just provide all this facility. Then you have to build your own server, whatever. So we have actually a few differentiations. Why is it really we have the technology in the data center, like FortiStack we mentioned we can use. We use ourselves also can leverage the customer to use in that one to replace certain virtual machines, some other things there. And the other part also, we build data center very close to the customer because we have also the engineer resource in the security space. Cloud provider or some other colo, they don't have.
So that's where we can help customers, like whether service provider or some big enterprise doing that. So the security expertise we have actually is a huge advantage compared to other colo, whatever. They just offer you the rack, right? So you have to rack the server, you have to do all the software, all the other things. So that's the expertise we have. And then on the other side is really the
dditional service, additional all these kinds of things. I think that's where from both the cost advantage side, which we feel whether we're using colo compared to our own data center, probably like half or one-third sort of cost. Or compared to a cloud provider, they usually charge like five to ten times more expensive compared to what we have. But we are not going to compete with cloud provider colo for all this number of centers there.
We say probably will be 70-30 rule. Maybe 70% of traffic we're using our own kind of facility as our own engineer to handle to manage that. The other 30%, because in the location we feel will not make economic sense, we'll probably not build ourselves. We probably will leverage whatever the colo or whatever the cloud provider have that. That's the way we feel we have a better advantage, cost advantage, resource advantage compared to other SASE player or cloud provider or some other one offered similar service there.
So that's where we leverage what we have, whether in the big customer base, the big installation of FortiGate and also the FortiGate device itself can be using for the SASE, for the SD-WAN, our own data center compared to whatever the other competitor we feel build our own from our calculation, we have more advantage going forward. But the initial investment, I would say, probably will take about five to ten years to pay back. So on the quicker side, we probably take three years to get payback, but on the other we probably take five to ten years to pay back. But after five to ten years, it's a huge advantage for us.
Yeah, I think we probably use the term data center a little too liberally because it conjures up something that's millions of sq ft at each individual facility. What really Ken is talking about, I think, is there are data centers that we have, obviously, in Sunnyvale and one in Texas and one in Europe. But you're really looking for these satellite delivery areas.
And oftentimes they're in the same place as an office building where we have engineers and salespeople. Keep in mind, there's some natural gating items or limitations in terms of how big those quote-unquote data centers could be, call them PoPs, if you will. You've got power availability, you've got connectivity, you've got weight on the floor, et cetera. So this is not something that would conjure up, it would be a competitor to Azure or something like that. I think when you look at the cost profile, we do on SASE, we offer customers their choice, if you will, depending on their traffic needs.
They can go to Google and we can; there's a fee for that or a price point for that, or they can use colos or our internal systems. The price differential is because of the cost differential is massive. And as an effect, while we're really pleased that we have the Google partnership and it satisfied that marketing requirement about how many PoPs do you have that we kept hearing about from a year ago, the reality is a very small amount of traffic; we see customers opting for that cost structure.
Yeah, that's also, like he said, it's really because that's also not just for the data center, but also for the training center and for the customer demo, the EBC, and also for our supporting center. So that's where, if you look at it the other way, right, if you compare the rental costs compared to a similar size of our company and other competitor, we probably have that cost because we own all this kind of facility, and the cost saving we got like $200 per year.
We're using that money, keeping invest in new facility, so that's the way we're keeping growing that way, so I think long term we have much more cost advantage both on the facility, like office, support center, training center, but also on the data center there, and plus we have the people local, both the supporting people and also the engineer people local there can handle some of the data centers, some of the customer support, some of the training. So that's actually kind of the hub with all the data center, the engineer resource, the training, supporting all there together. Just like Friday, we are opening the building in Atlanta. It's a central hub for a lot of this combined together.
Not to mention the testing as well.
Yeah.
We use those infrastructures for testing, doing POCs for our customers.
Cool. Hey, everybody, Saket at Barclays. Thanks very much for the session. Very helpful detail. Christiane, I want to ask a couple of questions of you just around sort of the upgrade cycle, right? And so many assumptions that go into it. So one assumption is just around form factor, right? I'm curious if you could just talk about, are we assuming that everything that was bought as appliance before, as hardware appliance, right, just is refreshed as a hardware appliance, or is there any sort of assumption we're making on software form factor, right?
That's maybe one assumption that I'm thinking about. The other one is, and you correct me here if I'm wrong, I think we said $400 million-$450 million in sort of product yield. Again, correct me there if I'm wrong. Prices obviously are a lot higher now than they were when they first bought it back in 2022. What are we sort of assuming on prices around that at slash discount levels? So those are two assumptions just.
So I think that the key question is in the upgrade cycle, are they upgrading to the next device or are they downgrading to a device that can do the same capability with? Because the technology improves, right? So if you have a model 60E and you go to G, that can do a lot more. It's not so much more pricey or they're going to a 50G. So I think it's a question of what is the customer doing? Don't forget we have about 40% in SMB. They may not need all those capabilities. So it's really what we modeled is a kind of like for like.
And knowing that some of the like for likes are going to be one model below what they may have had, which I think is quite realistic. How much is the replacement going through software? I think software is an addition. I don't necessarily see it as a replacement. If you're in a small office, I think you've had a FortiGate before, you will probably buy a FortiGate again and not necessarily go to VMs. This is why we presented the VMs at scale in large enterprise. Large enterprise very much has a multi form factor strategy. We see that play a pretty big role.
This will be our last question.
Thank you, Andy Nowinski with Wells Fargo. I just want to start with a clarification on end of sale versus end of life for the refresh cycle. I think Christiane called it end of sale. Maybe on your earnings call, you talked about it as end of lifing some of those appliances, meaning customers have to refresh. They won't be able to run the firewalls in 2026. So can you just clarify the end of life? And did you announce an end of life on the prior refresh cycle?
End of life comes five years. So end of sale comes five years before end of support. And with end of support, you technically can still run your FortiGate, but you don't get new upgrades. You can't get a support contract for it anymore.
So you're not necessarily forcing an upgrade or a refresh next? Okay, thank you. And then second question, just it sounds like SASE is really tightly integrated with the firewall. I mean, does that give you an advantage over competitors like Zscaler that do not have a firewall or don't have that captive firewall installed base to sell to? I'm just wondering really if your win rates have really changed against the vendors that don't have that firewall installed base. Thanks.
Yeah, for sure. You can use in the SD-WAN example. SD-WAN part of FortiOS. You can see the way we take out the SD-WAN market share so quickly become number one just in a few years. The same thing with SASE. We have all the SASE be part of the FortiOS. If customer already using our firewall, already use our SD-WAN, they can very easily adopt the SASE, FortiSASE there quickly. Just even upgrade can be just take a few minutes, right? That's very different than the other competitor. They keep talking about sales cycle probably take about 18 months. For us, if they are an existing customer, they can very easily adopt the SASE just like they did on the SD-WAN space.
Okay, that concludes the analyst day. Thank you all for being.