Fortinet Inc. today issued emergency patches for a number of its products after a severe vulnerability was discovered and exposed last week.
The vulnerability, designated CVE-2022-40684, is described by Fortinet as an authentication bypass. The bypass uses an alternate path or channel vulnerability in FortiOS, FortiProxy and FortiSwitchManager that may allow an unauthenticated attacker to perform operations on the administrative interface via a specifically crafted HTTP or HTPPS request. Fortinet noted that it’s aware of an instance where the vulnerability has been exploited.
Fortinet first let “select customers” know of the vulnerability via email last week. According to Security Week, copies of the email were shared on social media and Fortinet forums in the following days.
Versions of Fortinet software that are exposed to the vulnerability are FortiOS 7.0.0 to 7.06, 7.2.0 and 7.2.1; FortiProxy 7.0.0 to 7.0.6 and 7.2.0; and FortiSwitchManager 7.0.0 and 7.2.0. FortiOS has released patched versions for FortiOS 7.0.7 and 7.2.2 and above, FortiProxy 7.0.7 and 7.2.1 and above and FortiSwitchManager 7.2.1 or above.
Along with installing patches or newer versions of the affected software, Fortinet recommends users validate their systems against the user=”Local_Process_Access” in device logs. For those unable to install a patch, at least immediately, there are other options to address the vulnerability.
The workaround options for FortiOS and FortProxy include disabling the HTTP/HTTPS administrative access or limiting IP addresses that can reach the administrative interface. For FortiSwitchManager, the only option is to disable the HTTP/HTTPS administrative access. With all options, customers can also contact Fortinet customer support for assistance.
Although Fortinet has released patches and workarounds, the risk of the vulnerability being exploited continues to grow. The Horizon3 Attack Team posted on Twitter Inc. that it’s working on a proof-of-concept exploit that it plans to release later this week.
Fortinet did not disclose how many customers may be affected. However, cyberthreat intelligence platform company Cyberthint estimates that there are more than 150,000 Fortinet devices exposed.
Concerns over a critical authentication bypass vulnerability in certain Fortinet appliances heightened this week with the release of proof-of-concept (PoC) exploit code and a big uptick in vulnerability scans for the flaw.
The bug (CVE-2022-40684) is present in multiple versions of Fortinet's FortiOS, FortiProxy and FortiSwitchManager technologies. It allows an unauthenticated attacker to gain administrative access to affected products via specially crafted HTTPS and HTTP requests, and potentially use that as entry point to the rest of the network.
Bharat Jogi, director of vulnerability threat research at Qualys says researchers at the company have observed mass scans being carried out by various threat actors to identify Internet facing vulnerable systems for compromise.
"They are compromising these systems to create a super_admin user which provides them with complete access and control," Jogi says. "Once this level of access is achieved, they have the ability to delete any trace of their successful exploitation attempt, making it difficult for organizations to track compromised assets in their environment."
If this flaw is successfully exploited, an attacker would have complete access to the organization's internal systems that were previously protected by Fortinet's firewalls, he says. "Having a compromised firewall is like laying out a red carpet for threat actors to stroll right into your organization's environment," Jogi notes.
Added to CISA's Known Exploited Vulnerabilities Catalog
The US Cybersecurity and Infrastructure Security Agency (CISA) earlier this week added the vulnerability to its Known Exploited Vulnerabilities catalog. Federal executive branch agencies—which are required to remediate vulnerabilities in the catalog within specific deadlines—have until Nov. 1 to address it. Though the deadline applies only to federal agencies, security experts have previously noted how it is a good idea for all organizations to monitor the vulnerabilities in the catalog and follow CISA's deadline for implementing fixes.
Fortinet privately notified customers of the affected products about the vulnerability last Friday, along with instructions to immediately update to patched versions of the technology the company had just released. It advised companies that could not update for any reason to immediately disable Internet-facing HTTPS administration until they could upgrade to the patched versions.
"Due to the ability to exploit this issue remotely, Fortinet is strongly recommending all customers with the vulnerable versions to perform an immediate upgrade," Fortinet said in its private notification, a copy of which was posted on Twitter the same day.
Fortinet followed up with a public vulnerability advisory on Monday describing the flaw and warning customers of potential exploit activity. The company said it was aware of instances where attackers had exploited the vulnerability to get the configuration file from affected systems and to add a malicious super_admin account called "fortigate-tech-support".
Since then, penetration testing from Horizon3.ai has released proof-of-concept code for exploiting the vulnerability along with a technical deep dive of the flaw. A template for scanning for the vulnerability has also become available on GitHub.
Exacerbating the concerns is the relatively low bar for exploiting the flaw. "This vulnerability is extremely easy for an attacker to exploit. All that is required is access to the management interface on a vulnerable system," Zach Hanley, chief attack engineer at Horizon3.ai, tells Dark Reading
Increase in Scanning Activity for the Flaw
Qualys isn't the only company observing increased vulnerability scanning for the flaw. James Horseman, exploit developer at Horizon3.ai says public data from GreyNoise—which tracks Internet scanning activity hitting security tools—shows the number of unique IPs using the exploit has grown from the single digits a few days ago, to over forty as of Oct. 14.
"We expect the number of unique IPs using this exploit to rapidly increase in the coming days," Horseman says. It is not hard for attackers to find vulnerable systems, he adds: A Shodan search for instance shows more than 100,000 Fortinet systems worldwide.
"Not all of these will be vulnerable, but a large percentage will be," Horseman says.
Johannes Ullrich, dean of research at the SANS Institute, says he has observed scans associated with an older FortiGate vulnerability (CVE-2018-13379,) hitting SANS' honeypots in the days following disclosure of the new bug. He says there are two theories why that might be happening.
One of them is that an attacker may have tried to catch as many devices as possible that had not yet been patched for the old vulnerability. Given the attention the new vulnerability has gotten it is likely the old vulnerability will get patched as well now, he says.
"Or the attacker was trying to find Fortinet devices to exploit using the new vulnerability once it is available," he theorizes. "The old vulnerability scanner they had sitting on the shelf may still work to identify Fortinet devices."
A Popular Attacker Target
Concerns over vulnerabilities in Fortinet products are not new. The company's technologies—and those of others selling similar appliance—have been frequently targeted by attackers trying to gain an initial foothold on target network.
Last November. The FBI, CISA and others issued an advisory warning of Iranian advanced persistent threat actors exploiting vulnerabilities in Fortinet and Microsoft products. A similar alert in April 2021 warned of attackers exploiting flaws in FortiOS to break into multiple government, commercial, and technology services.
"These vulnerable devices are often edge devices, so an attacker could potentially use this vulnerability to gain access to an organization's internal networks to launch further attacks," Hanley says.
Fortinet itself has recommended that organizations that are able to, must update to the newly patched versions of FortiOS, FortiProxy and FortiSwitch Manager. For organizations that cannot immediately update, Fortinet has provided guidance on how to disable the HTTP/HTTPS interface or limit IP addresses that can reach the administrate interface of the affected products.
Hanley says organizations sometimes may not be able to patch due to the potential downtime associated with updating a device. "However, an organization should be able to apply [the] workaround to prevent this vulnerability from being exploited on unpatched machines by following Fortinet’s guidance."
Qualys' Jogi adds, "It is also crucial to review any attempts of exploit to identify systems that may have already been compromised. If an organization is unable to patch their systems, then they must disable the system admin interface immediately."
The Cybersecurity and Infrastructure Security Agency (CISA) has added a Fortinet critical flaw to its known exploited vulnerabilities catalog.
CISA on Tuesday added the flaw to the KEV catalog, a day after Fortinet revealed an authentication bypass CVE-2022-40684 that it patched last week was already being exploited in the wild.
"Fortinet is aware of an instance where this vulnerability was exploited, and recommends immediately validating your systems against the following indicator of compromise in the device's logs," Fortinet said.
The firm has released updates for FortiOS, FortiProxy and FortiSwitchManager to address the flaw, which affects several of its security appliances.
"An authentication bypass using an alternate path or channel vulnerability [CWE-288] in FortiOS, FortiProxy and FortiSwitchManager may allow an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests."
However, for customers that can't apply updates immediately, it has also provided workarounds to disable HTTP/HTTPS administrative interface or limit IP addresses that can reach the administrative interface.
Separately, CISA on Tuesday also added the Windows flaw CVE-2022-41033 to its KEV catalog. Microsoft released an update for it on Tuesday to address a Windows COM+ Event System Service elevation of privilege vulnerability. Microsoft confirmed it had been exploited but noted that the vulnerability had not been publicly disclosed.
CISA has ordered federal agencies to apply fixes for both flaws by November 1.
Security researchers with the Horizon3 Attack Team have published early indicators of compromise to help admins discover compromised devices.
The Fortinet authentication bypass vulnerability that was discovered last week and has been confirmed in the wild was the subject of at least two exact research blogs and on Tuesday was entered into the CISA Known Exploited Vulnerabilities (KEV) Catalog.
Fortinet released an update on Monday that detailed how security teams can check their logs for indicators of compromise, a subject that was also covered in a blog yesterday by Horizon3.ai.
Jerrod Piker, competitive intelligence analyst at Deep Instinct, explained that this exploit – CVE-2022-40684 – functions as a vulnerability in the HTTP/S admin access to most Fortinet solutions. Piker said any organizations that deployed Fortinet devices running FortiOS, FortiProxy, or FortiSwitchManager should immediately respond to this alert, especially since CVE-2022-40684 has been exploited in the wild.
Piker added that the vulnerability lets an unauthenticated user perform administrative actions through the HTTP/S administration portal. These actions may include, but are not limited to: admin SSH key modification to allow access by remote attacker; creation of new local users; modification of configuration to reroute traffic; and access to full system configurations.
Mike Parkin, senior technical engineer at Vulcan Cyber, said vulnerabilities in security products are always problematic, especially when it’s on an edge or gateway device.
“While Fortinet has released an update and offers workarounds that could mitigate the risk, because there’s evidence this has already been exploited in the wild, anyone using the affected products should update sooner, rather than later, and at least restrict access to the devices per industry best practices,” Parkin said.
David Farquhar, solutions architect at Nucleus Security, which also published a blog on Tuesday by Ryan Cribelar on this vulnerability, said the Fortinet products are the types of devices that live at the edge of the network, so they are intended to protect it. As a result, Farquhar said they are the very last place that organizations want an attacker getting access to the management interface.
“In theory, you shouldn’t have that management interface accessible on the internet,” Farquhar said. “Unfortunately, sometimes an organization will make that management interface accessible temporarily, but then forget to close it back up, leaving them exposed. This is one reason why it’s very important to make sure that security teams are scanning all of their publicly-facing address space and looking for things that shouldn’t be there, like management interfaces."
Fortinet (NASDAQ:FTNT) is a cybersecurity powerhouse that is a leader in firewalls. According to Check Point Research, global cybersecurity attacks have increased by 32% year over year, with over 1,200 attacks per week globally. The rise of remote working, the cloud and Internet of Things (IoT) devices have widened the attack surface which has made networks more vulnerable to attack. Thus it's no surprise the global cybersecurity market was worth $139 billion in 2021 and is expected to grow at a rapid 13.4% compounded annual growth rate reaching $376 billion by 2029. Fortinet is poised to ride this trend as one of the largest cybersecurity companies in the industry, with best-in-class technology. The company's stock price has slid down by 29% from its all-time highs in December 2021, and the stock now looks to be fairly valued, while being profitable. In this post, I'm going to break down the company's business model, financials, and valuation, let's dive in.
The company's FortiGate Firewall solution makes up over one-third of firewall shipments globally, leaving competitors in the dust.
Fortinet's firewall is also rated as the number one market leader by Gartner and the platform has even won the customer choice award for 2022.
Its firewall solution offers a network security framework that offers threat prevention while also not limiting performance. Customer reviews also indicate the solution is "simple to use" and easier to set up which can be a real selling point for any digital transformation product. From the graphic below you can see the core hardware and software products are complimented by a series of security services that are sold on a subscription, which thus offers recurring revenue.
Fortinet's technological success is driven by its proprietary ASIC (Application Specific Integrated Circuit) technology. This is a custom semiconductor design that enables higher performance to be achieved at a much lower cost than an off-the-shelf non-custom piece of hardware.
According to a exact survey of Chief Information Security Officers (CISOs) by Gartner, 75% of them are overwhelmed by the number of vendors and would like to consolidate with a small number of security providers. This is a large increase from 29% of CISOs in 2020. The cybersecurity industry is extremely fragmented with no one company making up over 10% market share. This offers an opportunity for Fortinet as they already have the second largest revenue, just behind Palo Alto Networks (PANW). Therefore as the industry consolidates Fortinet can offer customers its MESH platform that offers security from endpoint devices to the data center and hybrid cloud.
Fortinet is also a Gartner Magic Quadrant leader in the software-defined WAN Edge Infrastructure. WAN stands for "Wide Area Network" and is basically the network that connects together a corporation's branch offices. The "software" part makes it much easier to scale, manage and extend this network.
Fortinet generated solid financial results for the second quarter of 2022. Revenue was $1.03 billion which popped by 28.6% year over year and beat analyst estimates by $2.43 million. This growth was driven by strong product revenue of $400.7 million, which grew by a rapid 34.3% year over year, while its core platform grew revenue by 35% and extension products by 33%, which was a positive sign that its "land and expand" model is working.
Total service revenue was $629 million, which increased by a rapid 25.2% year over year. This was driven mainly by security subscription service revenue which increased by 25% year over year to $340 million. Support service revenue also increased by a rapid 26% year over year to $289 million. Overall these revenue trends were pretty strong with diverse growth generated across the board.
If we take a step back, Billings which is the amount actually invoiced to customers and is the true "top line" for SaaS companies, also showed solid growth. Billings were $1.3 billion which increased by 36% year over year. This was driven by a strong 50% YoY increase in the number of larger customers, which transact over $1 million. This strategy of "growing upmarket" makes a lot of sense as larger customers tend to be more "sticky", have larger budgets, and more upsell opportunities. Fortinet's focus on vendor consolidation has been a key selling point that has made the platform popular with CISOs (Chief Information Security Officers). Service billings also accelerated with a 36% increase year over year. This was driven by pricing actions that offset headwinds from Russian services that had been halted.
Another great indicator to analyze with SaaS companies is "Bookings", this is a forward-looking metric that indicates the value of contracts signed by a customer. In this case, Bookings were $1.376 billion in the second quarter of 2022, which increased by 42% year over year. This was driven by strong Secure SD-WAN bookings which increased by 60% year over year, as the IT industry begins to converge networking and security together. The company also scored a larger number of global 2000 companies, which increased by 65% year over year.
Total Backlog which is the "unbilled" portion of the contract value was $350 million, which increased by $72 million and represented strong product demand. This was mainly driven by networking equipment, which made up ~50%, while FortiGates made up 40%. The track record shows this backlog is extremely strong and "sticky". Fortinet's, current customers make up over 95% of Backlog, and it is well diversified across customers. Management believes its Backlog will continue to increase in 2022, despite supply chain constraints which are making product shipping a challenge.
Fortinet is extremely diversified across various customer categories. For instance, larger enterprises make up 40% of its customer base which is the "safest" and most lucrative customer type, due to the aforementioned reasons. By geography, over 100 countries make up 47% of revenue, followed by 28% for the US. This is especially important given the increasing geopolitical uncertainty, driven by the Russia-Ukraine war. Its Industry diversification is also strong with its service being most popular by worldwide governments at 16% and "other industries" at 39%.
Moving onto profitability, Fortinet is solidly profitable with a GAAP operating margin of 19% and income of $147.5 million in Q2,22, which is fantastic. This is in sharp contrast to many other cybersecurity companies out there such as SentinelOne (S) which is unprofitable. Fortinet generated solid earnings per share of $0.21 in the second quarter, which beat analyst estimates by $0.05.
Fortinet also generated strong free cash flow of $283.5 million in Q2,22, although it was down from the $394.7 million generated in the prior year. This was driven by an increase in Days Sales Outstanding (DSO) to 14 days, this indicates the company is experiencing delays on its payments. This can be attributed to the timing of inventory deliveries from various contract manufacturers. The new R&D capitalization rules have impacted many businesses across the board and have caused a tax increase of between $85 million and $110 million for Fortinet.
The good news is Fortinet has a robust balance sheet with $1.755 billion in cash and short-term investments. In addition, the business has long-term debt of $984.9 million. In the six months ending on June 30th, 2022, Fortinet bought back over 25.8 million shares of stock at an average price of ~$57.82 per share, for approximately $1.49 billion. Management has also authorized a $1 billion increase in its share repurchase program.
In order to value Fortinet, I have plugged the latest financials into my advanced valuation model which uses the discounted cash flow method of valuation. I have forecasted a 24% compounded annual growth rate on its revenue over the next 5 years, based on analyst estimates.
I have forecasted the business's margin to increase to 27% over the next 8 years, as the company continues to upsell products and offer its high-margin security software solution. It should be noted that this margin includes an adjustment for R&D expenses which I have capitalized. Thus the reported base margin is actually 19% as mentioned prior and I expect this to increase to ~23%.
Given these factors I get a fair value of $48.81 per share, the stock is trading at $51 per share and thus is "fairly valued" in my eyes, given the strong profitability of the business.
As an extra data point, Fortinet trades at a Price to Earnings ratio = 48, which is fairly high but this is ~1% cheaper than its 5-year average.
Relative to other cybersecurity companies, Fortinet trades at a mid-range price-to-sales ratio = 9.2. For example, Palo Alto Networks is slightly cheaper with a PS ratio = 7.4.
The high inflation and rising interest rate environment have caused many analysts to forecast a recession. Therefore I expect purchasing deals to take longer to close, as IT security teams delay new spending. The good news is Fortinet has increasingly focused on the Return on Investment (ROI) of its service and they even have an ROI calculator on its website. Thus longer term, the value proposition is still strong for businesses.
There are many competitors in the Cybersecurity industry. Top competitors according to Gartner include; Palo Alto Networks, Juniper (JNPR), Cisco (CSCO), Forcepoint, F5 (FFIV) and more. However, Fortinet has the highest-rated network firewall platform as mentioned prior.
Fortinet is a leading cybersecurity company that dominates the firewall industry. The company has expanded its product range and is now poised to benefit from trends such as industry growth and vendor consolidation. The stock is fairly valued, profitable, and growing steadily, thus this looks to be a great investment for the long term.
If you are looking for a stock that has a solid history of beating earnings estimates and is in a good position to maintain the trend in its next quarterly report, you should consider Fortinet (FTNT). This company, which is in the Zacks Security industry, shows potential for another earnings beat.
This network security company has an established record of topping earnings estimates, especially when looking at the previous two reports. The company boasts an average surprise for the past two quarters of 13.92%.
For the most exact quarter, Fortinet was expected to post earnings of $0.22 per share, but it reported $0.24 per share instead, representing a surprise of 9.09%. For the previous quarter, the consensus estimate was $0.16 per share, while it actually produced $0.19 per share, a surprise of 18.75%.
Price and EPS Surprise
For Fortinet, estimates have been trending higher, thanks in part to this earnings surprise history. And when you look at the stock's positive Zacks Earnings ESP (Expected Surprise Prediction), it's a great indicator of a future earnings beat, especially when combined with its solid Zacks Rank.
Our research shows that stocks with the combination of a positive Earnings ESP and a Zacks Rank #3 (Hold) or better produce a positive surprise nearly 70% of the time. In other words, if you have 10 stocks with this combination, the number of stocks that beat the consensus estimate could be as high as seven.
The Zacks Earnings ESP compares the Most Accurate Estimate to the Zacks Consensus Estimate for the quarter; the Most Accurate Estimate is a version of the Zacks Consensus whose definition is related to change. The idea here is that analysts revising their estimates right before an earnings release have the latest information, which could potentially be more accurate than what they and others contributing to the consensus had predicted earlier.
Fortinet currently has an Earnings ESP of +0.31%, which suggests that analysts have recently become bullish on the company's earnings prospects. This positive Earnings ESP when combined with the stock's Zacks Rank #1 (Strong Buy) indicates that another beat is possibly around the corner. We expect the company's next earnings report to be released on November 2, 2022.
When the Earnings ESP comes up negative, investors should note that this will reduce the predictive power of the metric. But, a negative value is not indicative of a stock's earnings miss.
Many companies end up beating the consensus EPS estimate, but that may not be the sole basis for their stocks moving higher. On the other hand, some stocks may hold their ground even if they end up missing the consensus estimate.
Because of this, it's really important to check a company's Earnings ESP ahead of its quarterly release to increase the odds of success. Make sure to utilize our Earnings ESP Filter to uncover the best stocks to buy or sell before they've reported.
Want the latest recommendations from Zacks Investment Research? Today, you can get 7 Best Stocks for the Next 30 Days. Click to get this free report
Fortinet, Inc. (FTNT) : Free Stock Analysis Report
To read this article on Zacks.com click here.
Zacks Investment Research
Fortinet (FTNT) closed the most exact trading day at $48.21, moving -0.76% from the previous trading session. This move lagged the S&P 500's daily loss of 0.33%. Meanwhile, the Dow lost 0.1%, and the Nasdaq, a tech-heavy index, lost 0.22%.
Prior to today's trading, shares of the network security company had lost 6.34% over the past month. This has was narrower than the Computer and Technology sector's loss of 14.71% and the S&P 500's loss of 11.67% in that time.
Investors will be hoping for strength from Fortinet as it approaches its next earnings release, which is expected to be November 2, 2022. On that day, Fortinet is projected to report earnings of $0.27 per share, which would represent year-over-year growth of 35%. Our most exact consensus estimate is calling for quarterly revenue of $1.12 billion, up 29.48% from the year-ago period.
Looking at the full year, our Zacks Consensus Estimates suggest analysts are expecting earnings of $1.05 per share and revenue of $4.38 billion. These totals would mark changes of +31.25% and +31.06%, respectively, from last year.
Investors might also notice exact changes to analyst estimates for Fortinet. These revisions typically reflect the latest short-term business trends, which can change frequently. As such, positive estimate revisions reflect analyst optimism about the company's business and profitability.
Our research shows that these estimate changes are directly correlated with near-term stock prices. Investors can capitalize on this by using the Zacks Rank. This model considers these estimate changes and provides a simple, actionable rating system.
The Zacks Rank system ranges from #1 (Strong Buy) to #5 (Strong Sell). It has a remarkable, outside-audited track record of success, with #1 stocks delivering an average annual return of +25% since 1988. Within the past 30 days, our consensus EPS projection has moved 0.06% higher. Fortinet is currently sporting a Zacks Rank of #1 (Strong Buy).
Looking at its valuation, Fortinet is holding a Forward P/E ratio of 46.39. For comparison, its industry has an average Forward P/E of 42.22, which means Fortinet is trading at a premium to the group.
It is also worth noting that FTNT currently has a PEG ratio of 2.58. This popular metric is similar to the widely-known P/E ratio, with the difference being that the PEG ratio also takes into account the company's expected earnings growth rate. FTNT's industry had an average PEG ratio of 2.32 as of yesterday's close.
The Security industry is part of the Computer and Technology sector. This industry currently has a Zacks Industry Rank of 26, which puts it in the top 11% of all 250+ industries.
The Zacks Industry Rank gauges the strength of our individual industry groups by measuring the average Zacks Rank of the individual stocks within the groups. Our research shows that the top 50% rated industries outperform the bottom half by a factor of 2 to 1.
Be sure to follow all of these stock-moving metrics, and many more, on Zacks.com.
Want the latest recommendations from Zacks Investment Research? Today, you can get 7 Best Stocks for the Next 30 Days. Click to get this free report
Fortinet, Inc. (FTNT) : Free Stock Analysis Report
To read this article on Zacks.com click here.
Zacks Investment Research
IT network security stock Fortinet (FTNT 4.84%) looked relatively secure on Monday. The company's shares fell on the day, but by less than 0.5% -- a less steep slide than the nearly 0.8% decline of the broad S&P 500 index. A positive new research note from a prominent investment bank -- complete with an upgrade and price target lift -- was a key reason why.
Morgan Stanley's Hamza Fodderwala feels that Fortinet is underappreciated by the market, and consequently has upgraded his recommendation on the stock from equal weight to overweight (from neutral to buy, in other words). He also gave its price target a modest bump: He now believes shares of the cybersecurity company will hit $69 within the next year, up from his previous target of $66.
In Fodderwala's view, demand for IT security solutions "remains durable" even in this rather shaky macroeconomic environment, in which many individuals and companies are concerned about inflation and growth.
The analyst believes that Fortinet will continue to grow organically and increase market share as the total addressable market for its services rises. That view was bolstered by his exact checks of the company, which reveal an increasing backlog and revisions for 2023.
Fodderwala thinks Fortinet is capable of sustaining its momentum for several years. The company is operating from a low base, as by his estimation it has only 5% revenue penetration. This should, he thinks, allow it to deliver compound annual revenue growth of at least 20% over the next five years.
Leading cybersecurity company Fortinet, Inc. (NASDAQ:FTNT) has been a solid investment for investors over the past ten years, with a 10Y total return CAGR of 26.7%. Notably, the stock has been a massive winner for investors who grabbed it early in the 2020 COVID bottom, with gains that reached over 430% through its December 2021 highs.
We managed to get on board in September 2020 and rode it toward its December 2021 highs, but we have since pared most of our positions in early 2022. We postulate that Fortinet's underlying thesis remains intact. But, with a slowing growth cadence moving ahead, we are not convinced its valuations are sustainable at the levels in early 2022.
FTNT has also been battered in the tech bear market, as the market sent it falling by more than 36% through its exact lows. Hence, we believe investors could be considering buying the dips in FTNT to ride on the next uptrend when the market recovers.
However, we urge investors to be cautious, as we don't think the digestion in FTNT is near completion. Therefore, adding at the current levels could lead to market underperformance moving ahead, despite its robust growth drivers.
As such, we rate FTNT as a Hold for now and urge investors to wait on the sidelines.
As seen above, Fortinet has leveraged an enlarged TAM in its network security leadership by tapping robust growth drivers in the broader cybersecurity space, including in the cloud. Hence, it has been growing faster than the estimates of its TAM expansion (10% CAGR), suggesting that Fortinet has been gaining share against its peers.
However, its billings growth has likely peaked in Q3'21, which is also consistent with FTNT's December 2021 highs. Furthermore, management's FY22 billings guidance suggests that growth in H2'22 is expected to slow further, down to 32.1% in FQ3 and 32.5% in FQ4. Hence, even management's guidance indicates that investors need to expect growth normalization moving forward.
As seen above, even the bullish consensus estimates indicate that Fortinet's growth could have peaked in FY22 before moderating further through FY25.
We believe the estimates are credible, given the guidance in its billings growth. Also, management telegraphed an FY25 model of $8B in revenue. Therefore, investors need to be wary about projecting higher growth estimates than what management has suggested.
Notwithstanding, bullish investors could argue that cybersecurity solutions are non-cyclical and should be impacted less significantly by the looming economic recession.
However, we urge investors to be more cautious in making that assumption. Instead, we encourage investors to pay close attention to whether the company expects enterprise spending to moderate further, impacting its near-term growth momentum.
FTNT has fallen markedly from the overvaluation zones in December 2021 as the market justifiably digested its rapid surge from March 2020.
However, we postulate that FTNT seems far from being considered undervalued, even as we move closer to a global recession. Therefore, coupled with potentially peak growth in FY22, we urge investors to be cautious about adding FTNT at the current levels.
Accordingly, we consider FTNT's valuation as well-balanced at best.
FTNT's long-term chart also indicates that investors need to be cautious about considering adding more positions at the current levels.
We assess that its rapid surge from March 2020 is still being digested by the market, with the distribution phase still in action through September 2022 from its December 2021 highs.
We assess that the distribution phase could find a sustained consolidation phase in the gap between its near-term and long-term support. However, it's still too early to determine where the likely zone could be.
However, we will be watching whether FTNT can sustain its long-term uptrend above its 50-month moving average (blue line). Losing that support level could spell more pain toward its long-term support.
Poring through FTNT's medium-term chart corroborates our view that the digestion is ongoing, as it had already lost its medium-term bullish bias.
Therefore, we urge investors to be patient. We have yet to glean any capitulation price action that could suggest investors have been forced to flee in a panic, de-risking the entry levels for less aggressive buy zones.
We rate FTNT as a Hold for now.