$FTNT and $PANW: How $FTNT rose to become a serious enterprise Security Platform leader
TLDR: This is a brief history of the firewall market and security platform, and how $FTNT rose to compete directly with $PANW. If you’d like to see my active positions, I put them on my Savvy Trader Profile. You can also see my performance there.
A (very) Brief History of Next-Gen Firewalls and Security Platforms
Six years ago, when I started in the space, $PANW was still riding the massive wave it had created in the firewall business with its next-gen firewall capabilities. The next-gen capabilities essentially took what required 3 different hardware appliances from 3 different vendors at an enterprise level, and condensed those requirements down to a single operation on a single $PANW appliance, using what they referred to as their “single pass architecture.”
Prior to $PANW arriving on the scene, its big pure play competitor in the enterprise firewall space, $CHKP, had only offered one of those required appliances and operations. $FTNT was not considered an enterprise firewall vendor until a bit later, when they started making major inroads upmarket in 2018-2019, as firewall features approached better parity with $PANW’s and cost-conscious enterprise customers began looking for something cheaper than $PANW, but more advanced than $CHKP.
Even before $PANW’s arrival, $FTNT was in the UTM space, which was a way for mid-market companies to buy a single appliance that performed all 3 capabilities for a lower cost, but its architecture couldn’t support enterprise network traffic volumes. Single pass architecture made $PANW’s appliance more performant, and able to handle enterprise traffic volumes. When other vendors like $FEYE popped up and added things like sand-boxing, $PANW was able to easily add similar modules to its appliance and maintain its single pass capabilities.
This was really the advent of the security platform. The next step in the evolution of the security platform was all of the security vendors deciding what kind of security platforms they were going to be when they grew up. The answers were somewhat different depending on what area of security the vendor serviced (i.e. network security, endpoint, identity, etc.) but for this piece, I will focus on explaining what it meant for firewall vendors like $PANW and $FTNT.
**Please keep in mind that I just reduced the history of the next-gen firewall market and security platform into a few paragraphs, and that required some simplification.
The Cloud … dun dun dun
Sometime around 2019, while security vendors were starting to add new capabilities to their offerings, the traditional firewall market was cooling off a bit. MSFT’s Azure and AMZN’s AWS cloud platforms were taking off, and that meant fewer hardware firewalls were being bought for customers’ on-prem networks. Firewall vendors were being forced to decide more quickly how they were going to grow their security platforms - and their businesses - going forward. This is where the deviation in strategy between $PANW and $FTNT really became evident.
$PANW, whose customer base is comprised almost entirely of enterprise customers, hired a new CEO and headed down the cloud security path at a rapid pace. They bought up several cloud security startups at big premiums and started integrating them into their platform. We know from looking at the stock price that focusing on cloud security has been a successful strategy for them (if you ignore the recent sell-off and zoom out to 2019). Now, even though $PANW sells all of those cloud modules, it’s important to note that 70% of their business is in what they call “Network Security.” Network Security includes hardware firewall appliances, virtual firewalls, and SASE (their $ZS competitive product). It does not include their Cloud Security or SOC Security offerings. This is important when it comes to competition, especially from $FTNT, and the impact on PANW’s overall business. Pesky $FTNT, who was once an ankle biter, is now a formidable competitor. You may be wondering; how did that happen? I’ve got 4 reasons for you.
Fortinet’s Security Platform Strategy
When forced like other security vendors to decide where to go next due to the shift to cloud, $FTNT took a different approach. It doubled down on on-prem security and network offerings. Initially, that didn’t seem like the best idea, especially to investors who were all abuzz about cloud taking over the world, but it’s actually worked out for them. Here’s how they did it:
$FTNT integrated SD-WAN capabilities into its proprietary firewall appliances, and once customers began to understand the advantages, they were selling like hotcakes. The best part for customers was (and still is) the SD-WAN capabilities were free with firewall appliance purchases. It’s hard to compete with free if you’re $PANW… they’ve been developing their own SD-WAN capabilities for their firewall appliances, but it hasn’t sold well. One might assume it’s because it doesn’t work well since they’ve been successful at selling pretty much everything else. They also bought a cloud SD-WAN company (CloudGenix) and added it as a module, but it’s expensive. Because of this, $PANW has not made much progress in SD-WAN.
$FTNT took an additional step with its platform strategy by building out its security offerings in the OT (Operational Tech) space. OT is all of the equipment running in hospitals, airports, utility companies, on factory floors, like machine tools, automated pumping mechanisms, etc. That OT security business has been growing ~50% a year, granted it was off a small base, but it’s not so small anymore.
Since $FTNT worked its way up-market from servicing SMB and Mid-market customers, it has a smaller share of the enterprise, but its customer base is about 3-4 times the size of $PANW’s. It offers security platforms at each level, which provides additional expansion opportunities and further diversifies its business. One thing to keep in mind is that smaller companies may not fare as well in a recession, so $FTNT does have some exposure there.
$FTNT firewalls are 25-30% cheaper than PANW’s, and lately the channel partners of these companies, and subsequently their customers, are recognizing the capabilities of the firewalls as “good enough’ when compared to $PANW’s. $FTNT’s price performance leadership and “good enough” firewall feature parity are very attractive to enterprise customers, especially in a recession, and extra especially when $PANW’s pricing is fast approaching a ceiling for what customers are willing to pay for it.
This is how $FTNT is narrowing the gap between its own share of the enterprise firewall market and that of $PANW’s.
Both companies have done well, and it would be easy to chalk that up to a healthy firewall market, but I think these nuances are really important if you are an investor in either company going forward, especially given how different their strategies are. I’ll write a lot more about PANW and FTNT in the future, but I thought this would be a good primer if you’re coming into it with no prior knowledge about the firewall market.
What about $CHKP?
I didn’t spend much time on $CHKP, so you might be wondering; how does $CHKP fit into all this? Well, the profile of a $CHKP customer is they are generally slow-moving and not first adopters, or even second or third adopters of new technology. They are not rushing to the cloud right away to try new things, or making massive changes to their network architectures, and as a result, $CHKP has a really steady business. It’s not growing fast, but it’s not going anywhere fast either. Their management team is also quite conservative, which minimizes surprises during earnings season, but frustrates investors who feel they could be doing more to promote and market their business, and to compete with $PANW and $FTNT in other areas. $CHKP is a company I buy as a defensive name when cloud stocks are getting sold. It usually trades in a nice range, and again, there are very few surprises with this company.
If you are an institutional investor and would like to subscribe to our professional research down the road, you can find me on LinkedIn.
Disclosure: I am not an Investment Advisor, and the information I provide through this publication is not investment advice. Do your own research.
You can see my positions, performance, and general market commentary here:
Cybersecurity Portfolio on Savvy Trader
I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than through Substack, when the time comes). I have no business relationship with any company whose stock is mentioned in this article.