NSE8-812 Free PDF - NSE 8 - Network Security Expert 8 Written Updated: 2024

A good way to minimize errors in investment is to align it with macrotrends. Cybersecurity is one such trend as it deals with protecting the vast amount of data generated globally on a daily basis. Fortinet (NASDAQ:FTNT) is a good way to gain exposure to this sector as it combines several aspects I appreciate in a high-quality business: a founder at the helm who is aligned, competitive advantages, strong margins and returns, and low debt. Despite the technical challenges in the sector, I believe we can approach the investment in Fortinet from a less technical and more qualitative perspective.

Business Model

Fortinet, Inc. is one of the leading companies in the cybersecurity sector. It is a technically challenging industry with constant disruption and change. The company provides multiple solutions in the form of software and hardware for its clients. In Q3, the management announced its sales segmentation into Secure Networking, Secure Operations, and Universal SASE. They indicated their intention to expedite the transition of the business to the latter two, as they are cloud-based components. To achieve this, Fortinet has invested significantly in Point of Presence (POPs) infrastructure. A POP is a physical location in a network where devices, users, or services can connect to access other points in the network. According to Barclays Global Technology, Media & Telecommunications Conference, over the past two years, Fortinet has built 30 POPs (with another 35 in progress). Through a partnership with Google, they now have access to 180 new POPs, enabling them to catch up with competitors who typically have between 100 and 200. POPs often refer to facilities that include data centers. Nevertheless, Fortinet's strategy of building their own POPs is beneficial for future cost savings and greater vertical integration, despite the higher current capital expenditure. Additionally, Fortinet manufactures its own ASICs (application-specific integrated circuits), chips created exclusively for Fortinet's hardware and software. This in-house production enhances performance and, in the long run, reduces costs.

Market

Fortinet's Total Addressable Market is enormous, standing at $125 billion. The company's billings in 2023 are projected to reach around $5.3 billion, indicating that Fortinet currently holds only a 4% market share. This is within a highly fragmented market that is experiencing annual growth rates of 10%.

Fortinet combines a business model that sells both software and hardware. Although the hardware segment experiences slower growth and lower margins, it contributes to building an ecosystem. Once a device is installed at a customer's site, cross-selling becomes much easier. They anticipate double-digit growth for the hardware segment in the coming years. Fortinet attributes this expected growth to their superior product in this area, positioning them to gain market share when it's time for competitors' hardware replacements, as they are the largest player in this domain. However, it is highly likely that the services segment will grow at a faster rate, and since it has higher margins, we can anticipate future operational leverage for the company. Within the subscription services, there is the AI product, along with customer support, training, and repairs services.

The slowdown experienced in the Secure Networking segment (which constitutes 70% of sales), especially in the Hardware division, follows an absolute boom post-COVID, during which customers made substantial purchases. Currently, customers are more cautious about their buying decisions, leading to inventory accumulation. However, there is an expectation that inventories will return to normal levels, allowing for the satisfaction of future demand. Given the technological nature of this product, the extent of obsolescence during inventory holding is uncertain. It's worth noting that this segment has still achieved a solid 9% growth, though it previously grew at a rapid pace of 40%. Despite facing a challenging comparison base, the company has managed to maintain a commendable growth rate.

Moreover, it's essential to consider that these cycles typically last two years, implying that we might be at the midpoint of the cycle, and the market could soon start factoring in its conclusion. As illustrated, sales are a lagging indicator, and attention should be directed towards Billings for a more timely assessment.

Management and Capital Allocation

If management by itself is one of the most important aspects of a company, in a sector as disruptive as cybersecurity, investing in a management team we can trust is extremely important. The founders, Ken Xie and Michael Xie, have been with the company since the year 2000, and together they control more than 15% of the outstanding shares. Their interests are fully aligned with the shareholders. Their extensive knowledge of the sector is significant, and their capital allocation strategy has been very effective.

The Net Income to Free Cash Flow conversion is over 100%, thanks to it being a subscription-based business. Most of the free cash flow has been allocated to share buybacks (reducing outstanding shares by -10% over the last 7 years) and some small acquisitions. Stock options represent 5% of sales and 14% of Operating Cash Flow, with a decreasing trend. This is quite favorable for a technology company. The company operates without debt and S&P Global rates Fortinet's credit category as BBB+. 90% of the capital allocated to "innovation" has been invested in research and development, with the remaining portion dedicated to merger and acquisition activities.

Competitive Advantages

In my opinion, the key strength of this company lies in its unified platform, FortiOS (Fortinet Investor Relations Presentation, slide 31), which integrates various products and services rather than creating standalone solutions that are difficult to integrate. This not only generates a network effect but also presents high switching costs for customers, potentially leading to pricing power. The ecosystem created by the company makes it indispensable for the customer.

Financials

Fortinet's financials are impeccable. It has experienced very high double-digit growth in all its figures. For example, sales have grown at a rate of 23.5% (6-year CAGR), while FCF/share has grown at a rate of 63.5% (6-year CAGR), driven by operational leverage and share buybacks. This operational leverage has been due to a significant expansion of margins; for instance, the EBIT margin has increased from 7% in 2017 to an estimated 27% for the fiscal year 2023, although I will provide further commentary on this below. The returns are impressive, with average ROICs exceeding 100% in accurate years. They also maintain a net cash position, with only around $1 billion in debt. Lastly, they follow an asset-light business model, where maintenance CAPEX ranges from 2% to 3% of sales.

In the Barclays Conference, management also discussed something about the margins. In the long term, their target is 25%, but the senior vice president mentioned that he wanted the flexibility to invest in marketing, R&D, or whatever was necessary to grow the business without being constrained by the margin. In their models, a 25% margin is feasible, especially as the services segment is expected to grow more than hardware. The 27% margin from last year was attributed to the strength of the dollar, as they invoiced in dollars but paid 70% of their staff in their local currencies (which were depreciated at that time). I always appreciate a management team focused on the long-term sustainability of the business, even if it means impacting current accounting with investments that enhance their competitive advantages.

Valuation

To evaluate Fortinet, I will use a discounted cash flow model, incorporating a discount rate of 10%, a terminal growth rate of 3%, and a free cash flow growth of 15% (historically, it has been 60% CAGR in accurate years). With these assumptions, the calculated fair value for Fortinet is $60 per share. If we consider a scenario with higher growth, such as 20%, the fair value would be $85 per share. However, to account for this increased growth, it might be more appropriate to raise the discount rate to 12%, in which case the fair value would be $63. In any case, I believe that Fortinet's stock is undervalued, and that's why I rate the stock as a buy.

Risks

It is worth noting that 57% of total sales come from only three distributors. In the FY21 annual report, it's mentioned that the Exclusive distributor accounted for 31% of sales. This significant concentration not only poses a risk in itself but also raises the consideration that these distributors might resell products from competitors and could be incentivized to favor these competitors in the future, potentially at the expense of Fortinet. Nevertheless, the risk of these distributors severing ties with Fortinet, one of the top companies in the sector, seems remote. It's akin to a sports channel specializing in football, breaking agreements with the Premier League and ceasing to broadcast it. Clearly, it's a lose-lose situation for both parties. Furthermore, another major client would likely seek to absorb this new volume and gain an advantage over others. The situation appears unlikely, despite the increasing customer concentration, as these dynamics are inherent to the sector. For example, Palo Alto Networks also has 50% of its sales with three clients (cybersecurity application providers).

Inventory Risks: The accumulation of hardware devices in inventories may not always be favorable. While it enables the company to meet growing demand when the cycle changes, there is a risk of obsolescence in a rapidly evolving sector. Furthermore, 88% of their hardware is produced in Taiwan, which could be impacted in the event of a future conflict with China. However, the company likely has contingency plans in place to address this potential issue if it arises.

Disruption Risk: Given the rapid emergence and evolution of new threats today, Fortinet has a dedicated department responsible for identifying these emerging threats. They investigate these threats using AI and subsequently develop corresponding mitigations to distribute to subscribed customers. It's noteworthy that customers pay for subscriptions to benefit from these services for a period ranging from 1 to 5 years. Furthermore, thanks to its scale, Fortinet has a very high R&D budget in absolute terms, as well as an extensive customer distribution. All of this is complemented by founders at the helm with deep knowledge of the industry.

Conclusion

In conclusion, I believe Fortinet is a great company for having exposure to the cybersecurity sector. The lack of expertise can be mitigated by placing trust in a well-aligned management team with expertise in the field. Additionally, the fantastic fundamentals and scale provide protection against disruptive threats. The company can also defend itself through the ecosystem it creates by combining software and hardware, even as it increasingly focuses on the more profitable segments of services. Overall, I find the price attractive, and I anticipate satisfactory long-term results.

Copyright © 2024 CyberRisk Alliance, LLC All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.

Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms & Conditions.

SUNNYVALE, Calif., Dec. 18, 2023 (GLOBE NEWSWIRE) -- Fortinet® (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, today announced the latest release of new, integrated operational technology (OT) security solutions and services. These additions further distance Fortinet’s industry-leading OT Security Platform from the rest of the market.

“We understand that OT differs significantly from traditional IT systems, and that’s why our OT Security Platform was purpose-built to provide integrated protection and risk management specific to industrial environments,” said John Maddison, Chief Marketing Officer and EVP, Product Strategy at Fortinet. “Rising attacks on critical infrastructure have made OT security more important than ever before. With today’s news, Fortinet continues to empower customers with the most sophisticated OT solutions and intelligence in the industry.”

The Need for Integrated OT-Specific Security
The number of industrial devices connected beyond their network boundaries is rapidly increasing, and CISOs now face skyrocketing risks across their OT environments. In fact, Fortinet found that three-fourths of OT organizations reported at least one intrusion in the last year, and nearly one-third reported being victims of a ransomware attack. To solve this challenge, organizations need an integrated security approach designed specifically for industrial solutions that enables policy enforcement across the entire attack surface, consolidates point products, and reduces operational overhead.

Bolstering the Fortinet OT Security Platform with New and Enhanced Offerings
The Fortinet OT Security Platform is an integrated portfolio of cybersecurity products, solutions, and security services designed specifically for industrial networks and powered by real-time OT threat intelligence. Because the OT Security Platform is a part of the Fortinet Security Fabric, it empowers customers with deep visibility across their entire environment and securely facilitates IT/OT convergence. The platform also gives organizations the ability to implement a zero-trust model within OT environments, including secure remote access to OT assets and systems for remote employees and contractors.

OT Security Platform updates announced today, which build on improvements unveiled earlier this year, span two key pillars of the Security Fabric:

Secure Networking for OT

• The new FortiSwitch Rugged 424F is an industrial-class ethernet switch (IES) designed to address the requirements of digital substations and the power utility industry. The switch supports real-time OT networking protocols and integrates with FortiGate Next-Generation Firewalls (NGFWs) for comprehensive security and access control.
• The new FortiAP 432F access point meets Class 1, Division 2 requirements for use in hazardous OT environments. It can segment industrial Wi-Fi networks to prevent attacks from spreading across unprotected devices and systems. This expansion of the IP67-rated access-point line now enables the deployment of additional OT applications in industries such as oil and gas.
• The new FortiExtender Vehicle 211F wireless gateway is a semi-ruggedized mobility solution for connected fleets, mobile systems, and OT deployments. It was also designed to meet the requirements of the AT&T FirstNet wireless communications network for first responders.
• FortiOS, Fortinet’s operating system, has been updated with the OT View dashboard, which correlates and displays important OT data. This dashboard makes it easy for organizations to understand their entire attack surface—both IT and OT—and take action from a single console.

Security Operations and Services for OT

• FortiAnalyzer now includes OT-specific analytics, risk, and compliance reports, providing security operations teams with faster threat detection, asset and vulnerability correlation, and reporting.
• FortiNDR, which supports on-premises, cloud, and hybrid deployments, can now analyze more than 15 different OT-network protocols. It also includes AI-powered OT-network behavior analysis to identify malicious network activity and files.
• FortiDeceptor, Fortinet’s deception technology for early breach and attack isolation, now supports 30 OT protocols and additional OT decoys to protect diverse industrial environments.
• The FortiGuard OT Security Service boasts the industry’s deepest OT threat intelligence database and now covers more than 70 OT protocols and more than 4,000 OT application and device vulnerability signatures. These signatures enable strict access control policies on network traffic and provide virtual patching for vulnerable OT assets.
• FortiGuard Outbreak Alerts, an industry-leading cybersecurity resource, now includes critical information about OT-specific threats. This empowers customers with the information they need to harden their systems against new and emerging attacks following the NIST Cyber Security Framework.

"IT and OT are converging and these colliding environments are increasing overall risk. Our clients require robust OT solutions and services without extensive deployments that complicate administration and place additional strain on IT and security teams. Through the Fortinet OT Security Platform, we can provide clients with a unified approach of safeguarding both the carpeted side of a business as well as the concrete side of the business. We eagerly anticipate introducing these updated and novel offerings to our customer community." – Dan Sanderson, VP of Strategy, Cyber Advisors

Additional Resources

• Learn more about the Fortinet OT Security Platform and the enhancements announced today.
• Watch the video to learn more about how Fortinet delivers cybersecurity for industrial controls and OT environments.
• Read about how Fortinet OT customers are securing their organizations.
• Learn more about the Fortinet Open Ecosystem and Fabric-Ready Technology Alliance Partner Program.
• Learn more about Fortinet’s free cybersecurity training, which includes broad cyber awareness and product training. As part of the Fortinet Training Advancement Agenda (TAA), the Fortinet Training Institute also provides training and certification through the Network Security Expert (NSE) Certification, Academic Partner, and Education Outreach programs.
• Follow Fortinet on Twitter, LinkedIn, Facebook, and Instagram. Subscribe to Fortinet on our blog or YouTube.

About Fortinet

Fortinet (NASDAQ: FTNT) is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today we deliver cybersecurity everywhere you need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinet's solutions, which are among the most deployed, most patented, and most validated in the industry. The Fortinet Training Institute, one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. FortiGuard Labs, Fortinet’s elite threat intelligence and research organization, develops and utilizes leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence. Learn more at https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs.

FTNT-O

Copyright © 2023 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet’s trademarks include, but are not limited to, the following: Fortinet, the Fortinet logo, FortiGate, FortiOS, FortiGuard, FortiCare, FortiAnalyzer, FortiManager, FortiASIC, FortiClient, FortiCloud, FortiMail, FortiSandbox, FortiADC, FortiAI, FortiAIOps, FortiAntenna, FortiAP, FortiAPCam, FortiAuthenticator, FortiCache, FortiCall, FortiCam, FortiCamera, FortiCarrier, FortiCASB, FortiCentral, FortiConnect, FortiController, FortiConverter, FortiCWP, FortiDB, FortiDDoS, FortiDeceptor, FortiDeploy, FortiDevSec, FortiEdge, FortiEDR, FortiExplorer, FortiExtender, FortiFirewall, FortiFone, FortiGSLB, FortiHypervisor, FortiInsight, FortiIsolator, FortiLAN, FortiLink, FortiMoM, FortiMonitor, FortiNAC, FortiNDR, FortiPenTest, FortiPhish, FortiPlanner, FortiPolicy, FortiPortal, FortiPresence, FortiProxy, FortiRecon, FortiRecorder, FortiSASE, FortiSDNConnector, FortiSIEM, FortiSMS, FortiSOAR, FortiSwitch, FortiTester, FortiToken, FortiTrust, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLM and FortiXDR. Other trademarks belong to their respective owners. Fortinet has not independently Checked statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments.

Cybersecurity firm Fortinet Inc. today announced a new generative artificial intelligence assistant that accelerates threat investigation and remediation.

Called Fortinet Advisor, the new AI service is designed to augment the capabilities of security operations teams. Integrated with Fortinet’s security information and event management service, called FortiSIEM, and security orchestration, automation and response solution, called FortiSOAR, the AI analyzes security incidents and provides easy-to-understand summaries, context and potential impact assessments.

Fortinet Advisor assists in building complex investigation queries and creating efficient remediation plans. In doing so, it significantly reduces the time required for threat detection and response, enhancing the overall efficiency and effectiveness of SecOps teams in managing cybersecurity threats and incidents.

The tool’s integration with FortiSIEM and FortiSOAR is part of Fortinet’s commitment to providing comprehensive cybersecurity solutions. Working within the established framework of these platforms, Fortinet Advisor ensures a seamless workflow for security professionals, allowing them to focus on strategic decision-making rather than getting bogged down by the intricacies of data analysis.

Part of Fortinet’s Security Operations portfolio, the service can help organizations move from a reactive to a proactive security posture and quickly detect and disrupt cyber threats. Fortinet’s Security Operations solutions utilize AI and advanced analytics to identify sophisticated threats early in the kill chain and automate response activity across the Fortinet Security Fabric to speed investigation and remediation.

The new AI is not Fortinet’s first entry into AI, with the company now having a portfolio of more than 40 AI-powered offerings. “We’re excited to build on our legacy as a leader in AI cybersecurity innovation with Fortinet Advisor, which combines Fortinet’s vast intelligence network with the benefits of GenAI to increase security team productivity and speed threat detection and mitigation,” Michael Xie, founder, president and chief technology officer at Fortinet, said ahead of the release.

Fortinet was previously in the news last month when it announced a company restructuring to sharpen its focus on core growth areas after its revenue and outlook fell short in its fiscal third quarter. The plans include leveraging scale, go-to-market capabilities and engineering expertise to focus attention on the fast-growing SASE and security operations markets.

Image: Fortinet