How Does Fortinet Stack Up Against Cisco?

Integer Investments profile picture
Integer Investments
3.34K Followers

Summary

  • The cybersecurity market is growing, and a number of key drivers point to continued industry growth.
  • Fortinet has a differentiated product and service suite that is currently competing well with larger players, building up a large pool of deferred revenue.
  • Future growth justifying its price will have to come from Fortinet continuing to establish its niche and a positive consumer response to innovations such as Fabric.
  • We recommend a SELL on the stock and target price of $25.

Article authored by Jesse Medcalf, Integer Investments analyst.

Introduction

Earlier this month we wrote about Cisco Systems (CSCO), arguing that its move into the security market should be met with some caution. Today, we continue analysing the security market by looking at one of its competitors in the industry, Fortinet.

Fortinet (NASDAQ:FTNT) provides cybersecurity solutions for enterprises, service providers, and government organizations worldwide. Its product suite is perhaps more limited compared to some larger competitors but includes a number of differentiated products.

FortiGate is its largest, a set of physical and software licenses that provide various security and networking functions, including firewall, intrusion prevention, anti-malware, virtual private network, application control, web filtering, anti-spam, and wide area network acceleration. FortiManager is a central management solution for FortiGate products comprising software updates, configuration, policy settings, and security updates. FortiAnalyzer offers a single point of network log data collection.

It also provides secure wireless access points, a web application firewall, email security as well as targeted database security appliances and cloud-ready security information and event management solutions.

Market Potential

In our Cisco article, we noted that much of the potential for growth in this segment comes from a global uptick in awareness of the importance of cybersecurity. As our personal and financial data continues its relentless march online, many firms have been publicly found out for a want of protection over these key assets.

(Source: Network World)

Cisco itself released an annual cybersecurity report this year, which noted that 29% of organisations that faced an online security breach lost revenue, with 38% of those losses accounting for more than 20% of those companies' revenue. A quarter of businesses facing breaches cited lost business opportunities, with 42% of them losing more than 20%. Aside from the obvious detrimental effects on operational and finance systems, brand reputation and customer retention can take a lengthy period to recover. Businesses are becoming more aware of this risk every day.

Fortinet's research mirrors these broad trends and offers some insights as to the pace of growth in security spending. It suggests that there is still room to grow as top level decision makers lag behind in realising the importance of cybersecurity. According to their figures, 48% of IT decision makers believe that IT security is still not a top priority discussion for the board, despite recognising that 71% said their IT security budget has increased from the previous year. 77% of the respondents noted that they believed their boards should put IT security under greater scrutiny.

As such, it seems the group of IT decision makers are clashing with their boards to try and bring security spending up to match perceived threat levels. What will help to close this gap in perceptions and remove the disjunct are three key drivers.

First is an Increase in security breaches and global cyberattacks. To quote the research:

In the last two years, 85% of businesses have experienced a security breach, with the most common vector of attack being malware and ransomware for 47% of respondents. 49% of ITDMs said there has been an increased focus on IT security following global cyberattacks, such as WannaCry. The scale and profile of global cyberattacks is bringing security to the attention of the board. Security is no longer just an IT department discussion.

(Source: news.com.au)

Second, increasing regulatory pressure can compel top level executives to act. If major fines are large enough to threaten the bottom line, boards have an imperative to take interest. One clear example of this increasing pressure is the European Union's General Data Protection Regulation due to be implemented in May 2018. This gives power regulators to impose fines up to "4% of the annual worldwide turnover of the preceding financial year in case of an enterprise" which could be devastating for the bottom lines of even large companies. The law would extend EU data protection laws to all foreign companies processing data of EU residents, which goes for just about every global business.

(Source: EIMF)

Third, the transition to the cloud presents new opportunities. 50% of those surveyed in Fortinet's research are planning fresh investment solely into cloud security in the next year. Companies recognise that this changing landscape provides new security challenges and most importantly uncertainty. Money is poised to follow as companies seek to hedge against an uncertain new world.

Firewalls

The security industry is multifaceted and complex. Gartner's latest firewall report posits that firewalls are perhaps a good barometer to begin analysing overall company success:

"This is the largest security product market (fast approaching $10 billion), and incremental market growth is significant."

(Source: FirewallShop)

In 2016, FortiGate suite of firewall appliances drove the significant majority of revenue, and this is where investors should look to see any significant shifts to Fortinet's bottom line.

There is though some fear that this market is already saturated, with most companies simply updating rather than pursuing new firewall purchases.

Its latest annual report also cautions that because they recognize revenue from FortiGuard security subscription and FortiCare technical support services over the term of the relevant service period, which may cut across multiple quarters, "downturns or upturns in sales of FortiGuard security subscription and FortiCare technical support services are not immediately reflected in full in our operating results".

Fabric

Though the saturation of base firewalls may pose issues as companies have become more cyber savvy, the complexity of IT has never been higher. As more companies move from just being online to being online in multifaceted and diverse ways, this increased complexity creates multiple ingress and egress points to a consumer's online connection. This makes securing online platforms more difficult, especially across multiple platforms.

Fortinet's Security Fabric is posed as the answer to much of this complexity, which makes all services available to all points in the environment.

Networkworld notes:

"The best example of an industry that has taken advantage of fabrics is storage area networks (SANs). With a storage network, all services must be available to all points at wire speed or it will fail. In essence, the storage fabric is so fast and so tightly knit that the servers think the storage is directly connected. This is the only way distributed storage will work, so the industry had to solve that problem."

The publication claimed that this differentiation will aid Fortinet differentiating its products over those of competitors like Cisco.

This is a necessary task if it wishes to grow, as despite Cisco's long and tumultuous history, it is still held up as a larger and on the whole more trusted player in the industry. This brand name recognition can often be the differentiator between IT decision makers going with Fortinet, Cisco, or one of their other competitors when the products compare similarly in technical stature. No one wants to be responsible for a cybersecurity scandal, and even less so when one has to justify a decision to rely on a smaller and less well known player.

Fortinet notes in its latest annual report that some larger competitors: "have substantially broader product offerings and leverage their relationships based on other products or incorporate functionality into existing products in a manner that discourages users from purchasing our products". They note that their response to this has been to lower prices or attempt to add "incremental features and functionality", as discussed in the Fabric section.

Financial Comparison

In terms of revenue, Fortinet's total revenue was $363.5 million for the second quarter of 2017, an increase of 17% year on year. While Fortinet rose 17%, Cisco's security revenues have increased 9%. Quarter by quarter, these rises have been 11.0%, 14.3%, 9.3%, and 3.0% respectively. While Cisco attempts to turn its large ship around by pivoting to security, Fortinet is out in front in terms of current growth. While this is the relevant direct comparison for security segment growth, as noted in our Cisco article, security revenues make up only 5% of Cisco's total revenues currently. So investors should be wary not to base too large a proportion of their investment decisions on this segment.

Fortinet's product revenue rose 4%, while service revenue increased 26% compared to the same quarter of 2016. This is a valuable shift in terms of the sales mix as services tend to have notably higher gross margins than products in the industry.

(Source: Simply Wall St)

Both companies' deferred revenues have been growing substantially, which is a positive sign for future consistent growth. Fortinet's total deferred revenue was $1.16 billion as of June 30, 2017, compared to $904.0 million as of June 30, 2016, a rise of 28%. Cisco's numbers are not broken down specifically into the security segment, but total deferred revenues grew at 12% year on year, led by a 50% increase in deferred revenues for recurring software and subscription businesses - the types of revenues particularly suited to high margin security service subscriptions vaunted as a revenue driver above.

Fortinet's return on Equity is above the software industry average of 13.7% and sits at 19.8%, with an improvement expected over the next three years. It has not yet paid a dividend, and the company has stated that it does not expect to for the foreseeable future. It has no debt which lowers its risk profile, though it is important to be aware that many of its creditors are overseas and without substantial financial hedging practices could see currency fluctuations affecting the bottom line.

Comparables Valuation

Company

Weighting

EV ($m)

EBITDA ($m)

EV/EBITDA

P/E Ratio

Fortinet

-

5,882

139

42.39

95.09

Cisco

20%

132,829

15,434

8.61

15.72

Check Point (CHKP)

20%

18,069

896

20.17

25.16

Symantec (SYMC)

20%

23,967

421

56.93

27.63

F5 Network (FFIV)

20%

6,578

638

10.81

17.53

Juniper Networks (JNPR)

20%

8,889

1,180

7.53

14.52

Implied Value

20.81

20.11

Implied Overvaluation

-51%

-79%

We have done a simple multiples analysis to value Fortinet. We used an EV/EBITDA metric to value the business. We used EV to strip out any capital structure differences. We also used an EBITDA metric to nullify any D&A differences between companies.

Fortinet is overvalued based on our multiples analysis. The company is trading at a price 103.7% higher than comparable companies based on the EV/EBITDA comparable. To be priced in line, stock prices should come down more than 50%.

One should rightfully question however whether this is justified. Below is a table demonstrating expected performance of EPS growth over the next three to five years, alongside debt to equity ratios for the same set of comparable companies. Our analysis shows that Fortinet is on track to generate significantly more growth than comparable companies. The company is also less leveraged, meaning the investment comparatively less risky. For these reasons, we believe that that the company's position of ostensible overvaluation might be justified.

Company

Exp EPS Growth (3-5yr)

Debt-to-equity Ratio

Fortinet

16.80%

0

Cisco

6.20%

0.51

Check Point

9.80%

0

Symantec

11.20%

1.83

F5 Network

10.80%

0

Juniper Networks

9.30%

0.42

Average Excluding FTNT

9.50%

0.552

(Source: Figures provided by Guru Focus and Zacks)

In order to check whether this appreciation makes sense, we conduct a DCF model. Assuming the expected growth rate of 16.8% for 10 years (quite substantial), an 8% discount and terminal growth rate of 3%, and a starting EPS of 0.42 (expected for 2017), we obtain a fair value of $19 (including book value). We feel that the stock might deserve a premium of 25% due to the importance of cybersecurity, leaving us with $25 per share.

However, even with strong EPS growth, the stock is way overvalued. In order to justify the current price, EPS would need to grow at CAGR of 30.4% for the next 10 years. This would make EPS to grow 13-fold in 10 years. This tremendous growth would only offer an 8% IRR. Also, let's not forget that, over the last 5 years, Fortinet EPS decreased by 26% while FCF and book value increased by approximately 15% per year, hence below what we plugged inside the model.

Conclusion

Fortinet has a different appeal to Cisco, a rapidly growing company poised to take advantage of a market that is set to continue its march to the forefront of business purchasing decisions. Its technical differentiation has set it up to always have a fan base distinct from some of the larger players in the industry, and as such, revenues look set to continue their upward trajectory for the foreseeable future. Whether this is enough to justify investment will depend on how consumers respond to the increasing complexity of security systems and whether big brand names like Cisco do enough to market their appeal. Its lack of debt and high growth potential might offer potential, especially if cyber threats increase. However, the current price of $40.32 is just too high. At this stage, we recommend a SELL on the stock and a target price of $25.

As always, thank you for reading. If you wish to follow our future articles, just click the "Follow" button next to our name at the top. If you would like us to cover a company, please let us know in the comments. Thank you for reading.

This article was written by

Integer Investments profile picture
3.34K Followers
At Integer Investments we focus on US and European equities with a value/GARP strategy. Most articles are written by our portfolio manager Cristiano Bellavitis, Ph.D. Articles written by our analysts will be signed at the top. To view the profile of our analysts please visit our website.Cristiano is also an Assistant Professor at the Whitman School of Management, Syracuse University (United States). He earned a Ph.D. from Cass Business School, City University of London. He applies academic rigour to our investment strategy. If you want us to follow certain stocks or if you are interested to learn more about Integer Investments feel free to get in touch.(www.integerinvestments.com)
Follow

Disclosure: I/we have no positions in any stocks mentioned, and no plans to initiate any positions within the next 72 hours. I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.

To ensure this doesn’t happen in the future, please enable Javascript and cookies in your browser.
Is this happening to you frequently? Please report it on our feedback forum.
If you have an ad-blocker enabled you may be blocked from proceeding. Please disable your ad-blocker and refresh.