Case Study: Fortinet

Our coverage of Fortinet provides a good example of how our research approach, outlined on the Why Convequity page, has led to alpha rich, excess returns. We have been relatively more bullish versus the consensus since we first published Fortinet research to clients in January 2020. Since then, the share price has appreciated 160%.  


At the product level, we had a clearer understanding of the importance of Fortinet's custom silicon development and how that was to give them substantial competitive advantages.

Fortinet, driven by the long-term vision of co-Founder and CEO Ken Xie, has been a unique vendor inasmuch that they are the only pure-play cybersecurity player to have developed its own custom silicon. For over two decades, they have developed ASICs specialised for specific network/security functionalities and built them into a SoC (System-on-Chip). This compact, multi-functional SoC delivers superior processing speeds and TCO (Total Cost of Ownership) compared to standard CPUs. Additionally, it allows Fortinet to pack together various networking and security functions, that are conventionally in separate appliances, into one box, known as the FortiGate.

When it was crystallising that COVID-19 was reshaping enterprises, forcing them to adopt hybrid environments (cloud + on-prem, remote + office), we informed our clients that Fortinet's hardware focus ought to be a significant business driver.
As hybrid environments increased in number and complexity, it was inevitable that latency also had to increase. Traffic must pass through more gateways and ZTNA (Zero Trust Network Access) entails continual user/machine identity verifications. Collectively, these add a lot of network latency. Therefore, Fortinet's superior computational power, thanks to its custom SoC, offsets much of this incremental latency of hybrid environments. For enterprises looking to maintain or improve network latency while controlling costs, Fortinet has been an ideal vendor to choose.

Fortinet's custom silicon's advantages amid hybrid environments, is what we believed to be a significant source of alpha - mainly because no other analysts (Wall Street or FinTwit) were discussing the connection.

Fortinet further differentiates its product at the software level, by being one of the early vendors to fully leverage SDN (Software-Defined Networking). SDN separates the data plane from the control plane in a networking device. It allows for the control plane to be centralised, so that SysAdmins can centrally control and update hundreds or thousands of individual routers and switches. Fortinet developed its capabilities in SDN early on, which, combined with its custom silicon resources, gave them an opportunity to develop SD-WAN solutions.

SD-WAN is a technology that enables NetOps to prioritise different network traffic types and utilise a broader range of connectivity in order to lower costs. The technology had been around during the 2010s, but it received more attention in 2019 when it was considered a key enabler of SASE (Secure Access Service Edge). Gartner coined the SASE term in 2019, causing a stir in the market and compelling vendors to rush toward being one of the first to release a SASE service.

It was the younger vendors that began life in the cloud that received most of the attention in regards to SASE. Fortinet, being considered a legacy name, did not receive the same attention, and this is reflected in the 2020 share price performance, when tech investors were focused on cloud-delivered or cloud-native vendors.

During this period, however, we viewed Fortinet as being the most complete SASE vendor. One of the key principles of SASE is the convergence of networking and security, such that data packets can be processed at faster speeds. Another key principle of SASE is for it to be off-prem, thus alleviating SysAdmins of the workloads and burdens of managing a plethora of appliances on-prem.

Hence, with its specialised SoC, advanced SD-WAN capabilities, and global presence of PoPs (Points of Presence, or data centres), we believed Fortinet was the strongest vendor for the convergence of networking/security component of SASE. Furthermore, the multi-functional SoC enables various networking and security functions (router, switch, VPN, firewall, IPS, SWG, etc.) to be packed into one appliance, making life far easier for SysAdmins.

Even before the COVID outbreak, we concluded that Fortinet was the most accommodative SASE vendor. Because they could/can deliver SASE in the Gartner sense - that is, off-prem in a PoP - but unlike any other vendor, they can also deliver SASE, or converged networking/security, in a single appliance that can be deployed on-prem, in a home office, or in a cloud environment.

This 'most accommodative' label is attributed to Fortinet's unique product that consists of specialised chips, standard COTS (Commodity-Off-The-Shelf) hardware, and advanced SDN technologies. And in the wake of the pandemic, these attributes have made Fortinet very appealing for enterprises that have hybrid environments and those that are deploying Zero Trust. So much so, that during 2021 and 2022, Fortinet accelerated growth from < 20% to > 30%.


Since we began covering Fortinet, we also felt that there was an information edge to be gained by understanding the longer-term implications of the architectural decisions they've made. While vendors, analysts, and the general market, have been beating the drum for cloud-only vendors, Fortinet has been steadily building out its own network of PoPs.

The company cannot put its custom SoC into public clouds, so it has invested in expanding its network of PoPs around the globe. It has colocation arrangements whereby it can setup its own hardware at a data centre provider, like Equinix. Colocation data centres don't have the benefits of public clouds, and hence are cheaper in opex and can be customised to specific requirements.

Having its own customisable data centres, consisting of the custom SoC and its SD-WAN technologies, has made Fortinet a favourite among telcos. Such service providers have been preparing for the 5G era. 5G, especially the mmWave band, requires a greater number of cell towers, and this creates additional traffic management complexity. Fortinet's SD-WAN can simplify these operations for telcos and speed up last-mile connectivity.

Fortinet has such an abundance of both hardware and software innovations, that the potential would have been stifled had they become overly dependent on the hyperscalers (AWS, Azure, GCP). Now they are in control of their own dense network of data centres, packed with specialised chips and advanced SD-WAN, they are strongly positioned to shine as the world demands increasingly more connectivity within limited bandwidth. This divergent architectural bet, is already paying off, but it's also likely to be a long-term sustainable advantage.


To date, Fortinet has been driven by the founding Xie brothers' vision of converging networking and security via custom chip development. Back in 2000, when Fortinet was founded, it was incredibly visionary to envision that standard CPUs would be inadequate for the needs of networking and security 15 years into the future.

Though, many people have visions of the future, so in itself, that is not what is impressive. Rather, it is the Xie brothers' commitment to their vision that is truly remarkable. 10 to 20 years ago, and even today, it requires several hundred million dollars to develop and build custom ASIC chips, and the lead times are measured in years. The risks to custom silicon development are colossal, indeed. This makes it apparent that Ken and Michael Xie had a really crystallised vision of how the future would unfold, because if they didn't have such clarity then they wouldn't have taken such mega risks.

We think the vision of tighter integrations between software and hardware still has a long way to go. Moore's Law, in its original definition, has faltered. Indeed, there are ongoing innovations at the hardware level to squeeze out further performance gains. However, it seems as though making hardware and software more compatible is another avenue that will be further explored - in other words, designing software to run on specialised chips (or vice versa) rather than on standard CPUs to accelerate the rate of progression. Fortinet is one of only a few companies that have gone down the road of custom silicon development. The others are much more well-known names - Apple, Amazon, Tesla. So, if greater hardware/software compatibility is to be a forthcoming trend, Fortinet is ideally positioned to prosper.

The Xie brothers' current long-term vision is to propel Fortinet to a leader within another new-ish Gartner term, Cybersecurity Mesh. As described by Gartner and Fortinet, a cybersecurity mesh is a highly interoperable platform that connects with disparate security technologies via plug-in APIs, and provides a unified view of the enterprise's entire defense posture.

To us, pushing Fortinet along this path makes a lot of sense. Fortinet will continue to benefit from vendor consolidation, but cybersecurity is so dynamic that there will invariably be new startups and new point solutions pop up in the market. We view the mesh approach as somewhat accepting this and capitalising on these industry dynamics by being the connective security glue for modern enterprises.

Business Fundamentals

Fortinet's upstream integration - developing its own silicon - allows it to extract more value out of the value chain, and this is reflected in the 77% gross margin, 30% FCF margin, 20% EBIT margin, and attractive 40% ROIC.

The healthy margins and returns are also attributed to Fortinet's decision to build out its own PoP network rather than rely on the public clouds. Using the hyperscalers can generate great business value, but at a certain level of revenue diminishing returns creep in. Being aware of this, Fortinet has adapted itself accordingly to generate incremental value gains over the long-term.

This level of vertical integration helps Fortinet extract more value, leading to higher margins and returns. However, the downside is that Fortinet can sometimes be slow in adapting to the latest trends. This is partly because of the engineering culture that wants to build everything in-house, but partly because of them being integrated and a more capital-intensive business compared to peers. Though, where they might not be the first to react to the market, building in-house (limited M&A) has resulted in Fortinet being known for smooth deployments and ease of use.


When we first began researching Fortinet, the valuation looked attractive, both relatively and from a DCF perspective. We periodically checked Fortinet against a group of ~ 100 peers, and the company always had a top 5% Rule of 40 (revenue growth plus FCF margin), while its EV/FCF was in the lowest quintile. And given the outlook and Fortinet's unique competitive advantages to capitalise on the emerging hybrid trends, we were bullish that c. 30% growth and c. 60% Rule of 40 could be sustained to increase the valuation.

Over the course of about 18 months, Fortinet's multiples had more than doubled and our DCF valuation indicated a fair value range. We cut our position and bought again on significant corrections, and advised clients to do also.

Going forward, given Fortinet's unique business characteristics and the tailwinds of networking/security convergence and greater hardware/software compatibility, we believe growth will be more durable than market expectations. This ought to support its elite Rule of 40 and improve its GAAP profitability.

Among the peer distribution, when comparing Fortinet's Rule of 40 percentile with its EV/FCF percentile, there still appears to be a notable value discrepancy and our DCF valuation supports that. Hence, we have high conviction that this is a good stock to hold for long-term investors.

!DOCTYPE html> Contact Footer Example