January 9, 2024 | Posted in News
I will discuss the increasing demand for the company’s products, its competitive advantages, valuation, and why it’s a sound investment.
Out of all the areas of the market that investors could choose to invest in, I believe cybersecurity stocks have one of the largest and best secular growth trends to ride on. Despite that belief, I have only written about one cybersecurity company on Seeking Alpha, CrowdStrike Holdings, Inc. (CRWD), on November 4, 2021. Today, I will begin coverage of Palo Alto Networks, Inc. (NASDAQ:PANW). The Cybersecurity industry is starting to consolidate, and an investment in any company in the space means the investor believes the company will survive the coming shakeout. For instance, Palo Alto Networks Chief Executive Officer (“CEO”) Nikesh Arora said the following at a recent UBS Technology Conference:
So, if you think about it 5 years ago, there were north of 10 players in the endpoint space. Some of them are sort of naturally attriting. Some of them are up for sale, some of them being shut down. So, there’s a lot of movement. I think we’re down to 4 or 5 real contenders in that space. I think we probably end up with 2 or 3 as it starts to consolidate around AI plus soft management plus sort of the endpoint capability. It’s not hard to figure out who those 3 are likely to be.
Source: UBS Technology Conference Seeking Alpha Transcript.
The thesis for investing in Palo Alto Network is that it will evolve into one of the top three players in the cybersecurity industry over the next five years as customers consolidate multiple security needs onto only one platform instead of using diverse solutions from different companies. In the process of becoming one of the top players in the industry, the investments the company made over the last several years will pay off in solid growth, attractive margins, and robust free cash flow (“FCF”).
This article will discuss the demand for cybersecurity solutions, how Palo Alto Networks transformed from a single product company into a platform providing multiple cybersecurity solutions, its current business fundamentals, the competitive environment, the stock’s valuation, and why I believe the company is a buy.
The cybersecurity market fosters intense competition because customer demand for viable solutions is large and rapidly increasing as bad actors threaten enterprises more frequently. AAG IT Services said the following in an article highlighting 2023 Cyber Crime statistics:
It is clear that the rate and cost of data breaches are increasing. Since 2001, the victim count has increased from 6 victims per hour to 97, a 1517% increase over 20 years. The average cost of data breaches per hour worldwide has also increased. In 2001, the average cost per hour to individuals was $2054. Since then, the hourly loss rate has increased, standing in 2021 at $787,671.
Source: AAG IT Services
Another website, Embroker, published a blog on January 4, 2024, stating:
Cyber attacks have been rated the fifth top rated risk in 2020 and become the new norm across public and private sectors. This risky industry continues to grow in 2024 as IoT cyber attacks alone are expected to double by 2025. Plus, the World Economic Forum’s 2020 Global Risk Report states that the rate of detection (or prosecution) is as low as 0.05 percent in the U.S.
Source: Embroker
Ransomware attacks have become a public scourge and have increased in frequency and severity over the last several years. Bad actors are extracting data from companies at an ever-increasing pace. Companies can’t afford data breaches or ransomware attacks for monetary and reputational reasons. A data breach can also result in expensive litigation for the company, its board, and company officers.
Factors like increased internet usage, expanding Internet of Things use cases, and growing adoption of cloud and edge computing might also contribute to cybersecurity market expansion. Statista projects the cybersecurity market to grow from $296.1 billion in 2022 to $538.3 billion by 2030, a Compound Annual Growth Rate of 7.75%.
In 2017, although Palo Alto was a significant network security appliance company, it faced challenges from new technology and an evolving market that was adopting cloud computing. That began to change in June 2018, as the Palo Alto Networks board of directors hired former Google executive and former President of Softbank Nikesh Arora as Chief Executive Officer (“CEO”) of Palo Alto Networks, and the company adopted a new strategic focus. Within five years, Nikesh Arora led the transformation of the company from a single-product firewall-focused network security vendor, which ended 2018 with $2.2 billion in revenue, to a three-product line Cybersecurity company specializing in network security, cloud security, and endpoint and SOC (Security Operations Center) generating $6.89 billion in revenue at the end of the fiscal year (“FY”) 2023. Those three product lines are today all billion-dollar-plus businesses in terms of Total Contract Value (“TCV”) or potential future revenue, according to CEO Nikesh Arora. At the Morgan Stanley Technology, Media & Telecom Conference in March 2023, he said about the transformation:
We’ve got $1 billion plus SaaS business, we’ve got $1 billion-plus endpoint of SOC business all over the last years. That required us to go invest in technology. So we took our R&D spend up, which is why our operating margins went down. Now we’re beginning to see scale benefits. All these businesses with their large amount of RPO is beginning to spin out revenue. So we think the continued amortization of costs will happen our margins should continue to trend upwards over the next few years. And we see no reason why we can’t double this business again.
Source: Morgan Stanley Technology, Media & Telecom Conference Transcript
The above commentary from Nikesh Arora is a thesis for investing in Palo Alto. I expect revenue to double from here over the next five years while margins continue to improve as the R&D costs get amortized over time and economies of scale kick in. The chart below shows GAAP (Generally Accepted Accounting Principles) operating margins were negative and reached a low in 2021, rising to 11.46% at the end of the September quarter.
Let’s look at the company’s three major business lines.
This category includes the company’s original core products of hardware and software Machine Learning-Powered Next-Generation Firewalls that protect on-premises resources and newer, innovative, cloud-delivered Secure Access Service Edge (“SASE”) solutions that protect customer’s cloud resources. The company believes the industry is potentially evolving toward networking and security merging, and SASE is a product of that belief. Companies adopting more remote work, cloud, IoT, and edge computing solutions drive SASE adoption.
SASE is one of the hottest areas in security and networking, with Gartner, Inc. (IT) projecting it to grow at a compound average annual rate greater than 30% through 2027. The company’s SASE ARR growth was 60% year-on-year in the first quarter, outpacing the industry’s growth. The company has invested heavily in SASE recently and completed its acquisition of Talon Cyber Security, a first mover in enterprise browser technology, on December 28, 2023. Talon protects users against phishing attacks, web-based attacks, and malicious browser extensions. Palo Alto is far and away the leader in the SASE category and states the following on its website:
We’re pleased to announce that Palo Alto Networks has been named a Leader in the 2023 Gartner® Magic Quadrant™ for Single-Vendor SASE. Not only is Palo Alto Networks a Leader for its Prisma® SASE solution, we are the only Leader, and also placed the highest and furthest for ability to execute and completeness of vision.
Source: Palo Alto Networks website
The company is also a leader in the crucial building blocks of SASE, SD-WAN “Software-Defined Wide Area Network) a modern networking solution, and Security Service Edge (“SSE”), which are cloud-delivered security services that protect devices and applications wherever a company’s computing resources are accessed. Palo Alto’s strength in networking is one thing in the company’s favor that should help it survive consolidation in the cybersecurity industry.
The company’s primary product in this category is Prisma Cloud, a Cloud Native Application Protection Platform (“CNAPP”), which provides security for the entire set of technologies enabling cloud-native applications. It also has products for network security in multi- and hybrid-cloud environments, firewalls for Virtual Machine workloads, and firewalls for Kubernetes clusters.
Prisma Cloud uses a “land and expand” sales model to sell its twelve modules to customers. The above chart shows Palo Alto’s cloud clients are rapidly adopting modules, with customers that purchase five or more modules up 166% in the first fiscal quarter. The company is also investing heavily in Prisma Cloud. It completed the acquisition of Dig Security, a provider of DSPM (Data Security Posture Management) solutions, on December 5, 2023.
According to the press release announcing the acquisition, “Dig’s cutting-edge capabilities, seamlessly integrated into Palo Alto Networks Prisma® Cloud platform, will provide organizations with near-real-time data protection across the entire cloud estate.” The combination of Prisma and Dig can provide customers with data protection when using Generative AI (GenAI) resources.
The company’s Cortex portfolio contains the latest approaches to security automation, security analytics, endpoint security, and attack surface management solutions. Management also refers to its Cortex security products as Next Generation Security or NGS. The following are Palo Alto’s NGS solutions, which include:
The above products come as either software-as-a-service (“SaaS”) or software subscriptions. Although CrowdStrike Holdings, Inc. (CRWD), McAfee, and others developed security-related products first, and Cisco Systems, Inc. (CSCO) and Trend Micro Incorporated (OTCPK:TMICY) (OTCPK:TMICF) may have arguably invented the XDR category, Palo Alto invested heavily in the area over the last five years to catch up with the rest of the security industry quickly. For instance, Cortex XDR was the only product in that category to achieve 100% protection in the 2023 Mitre tests, which is a big deal in the security community. MITRE describes its Engenuity ATT&CK® Evaluations as a “resource for understanding how security solution providers might protect your organization’s unique needs against known adversaries.”
The above image shows Cortex gained 25% more customers in its first quarter 2024 earnings report compared to the previous fiscal year’s comparable quarter. It also shows that it won several awards for its products, from GigaOM and Kuppingercole. A reputable research outfit like GigaOM rating it as a leader in the rapidly growing XSIAM opportunity is vital for credibility and validation.
Palo Alto appears to believe the opportunity for growth is ripe in the XSIAM opportunity for SOC management. The older technology for SOC management, SIEM (Security Information and Event Management), is rapidly becoming obsolete, as it is a reactive technology with limited real-time data processing and poor AI effectiveness due to insufficient data quality or not having enough data. The Palo Alto solution was to create an alternative to SIEM by building a product from scratch to handle real-time data and AI more effectively. As a result, XSIAM can reduce the incident resolution from five to six days to one to three hours. Palo Alto’s management believes they have an 18-24-month window to capitalize on the opportunity before competitors catch up. The company has focused on building a massive data advantage to gain an edge in this area. CEO Nikesh Arora said at the UBS Technology Conference:
When we see anomalous behavior, we need to know what normal looks like. I need to watch everything to be able to find what’s anomalous. You can’t look at a little bit and say, a little bit tells me the answer. I got to look at everything. As a consequence, we have on a daily basis, we ingest five petabytes of data. We have one exabyte of security data stored in Google Cloud. We are the largest storers, if that’s a word, of security data in the world. Not only that, we’re the largest storage in Google Cloud of any company in the world, after Google. And we only have 35 customers running our XSIAM products so far. We want to have hundreds of them getting there.
Source: UBS Technology Conference Seeking Alpha Transcript.
XSIAM has become a hot opportunity recently as the Security and Exchange Commission (“SEC”) adopted a new rule on December 18, 2023, that requires companies to report data breaches within four business days after the incident in an SEC filing 8-K. Companies now have a massive incentive to resolve security incidents before reporting them to the public, so fixing them in five to six days is no longer viable. The image below shows Palo Alto’s XSIAM progress in the market since it launched the product in the first quarter of fiscal 2023.
If you decide to invest in Palo Alto, pay attention to what management says about XSIAM in future investing conferences and earnings calls, as this opportunity will likely evolve into a vital growth area for the company. It also has a consulting and incident response team comprising threat researchers, incident responders, and security consultants to help customers manage cyber risk. The company calls this team Threat Intelligence and Security Consulting (Unit 42).
One thing that is important to remember with some of Palo Alto’s newer innovations in areas like SASE and XSIAM is that the early bird catches the worm, meaning that the early innovators in technology inflections have a greater chance of capturing significant market share in a new product category if they put out a quality product early. When you see organizations like Gartner, Forrester Research, Inc. (FORR), GigaOM, and others rating Palo Alto as a leader in a specific technology, that may be a clue the company is putting out a quality product.
Since the company uses a platform approach, once it gains a new customer, it can build a switching cost advantage by selling the customer other products, making it more expensive for customers to leave the platform and more difficult for competitors to pry its customers loose. So, Palo Alto is in the initial stages of building up a significant switching cost moat.
Palo Alto Networks total revenue consists of three reported revenue streams:
Chief Financial Officer (“CFO”) Dipak Golechha reported subscription revenue grew 29% to $988 million and support revenue grew 17% year-over-year to $549 million during the first quarter. Total first quarter fiscal year (“FY”) revenue was $1.88 billion, 20% above the previous year’s comparable quarter.
The market didn’t initially care for this earnings report because billings only grew 16% year-over-year versus revenue growing only 20%. The company also projected billings to only increase 16% to 17% in FY 2024 compared to projected FY 2024 revenue growth of 18% to 19%. Investors can grow concerned when billings growth is slower than revenue growth because it could indicate that demand has declined and revenue growth could further slow in future quarters. The CFO and CEO responded to these concerns about billings growth by explaining that they still see strong demand for the company’s services; however, customers have become a lot more cautious about spending large sums upfront due to the “higher interest rates for longer” economic environment and the potential for slowing economic growth. So many customers have decided to conserve their cash. Instead of upfront payment terms, more customers seek deferred payment terms in the form of annual billing plans and through the company’s PANFS [Palo Alto Networks Financing Services] financing capability. CFO Dipak Golechha said during the earnings call:
We saw the rising cost of money have an important and incremental impact on customer behavior in Q1. We’re responding to this in the ways we have discussed previously, including using annual billing plans, financing through PANFS, and partner financing. In Q1, this had a negative impact on our billings, although as you can see, we saw strength in NGS [Next Generation Security] ARR [Annual Recurring Revenue] and revenue.
Source: Palo Alto First Quarter FY 2024 Earnings Call
On the positive side, Remaining Performance Obligations, or RPO, grew at 26% year-over-year, faster than revenue growth, a great sign. Investors also use RPO as a leading indicator of growth. When RPO grows faster than revenue, it could indicate a strong sales pipeline, and as these customers fulfill these obligations, revenue should eventually rise.
Notice on the above slide that the company included NGS ARR growth, and that is because the next-gen security products are:
In the fourth quarter FY 2023 earnings call, the CEO said:
We’ve been investing in our next-generation security portfolio for some time now to position ourselves in the leadership position for the future of the cybersecurity market. It is this next-gen portfolio driving — that is our growth transformation and enabling our leverage.
Source: Palo Alto Networks Fourth Quarter FY 2023 Earnings Call
The fact that NGS ARR grew 53% to $3.227 billion in the first quarter likely convinced investors that demand still exists for Palo Alto’s products — a potential reason the stock price didn’t stay down long after the initial disappointment with the earnings report.
Let’s move to the bottom line. You can see the benefits of scale kicking in with the gross margin, which improved by 370 basis points from the previous year’s comparable quarter to 78%. The chart below shows the first quarter FY 2024 Non-GAAP operating margin improved by 760 basis points over the prior year’s comparable quarter to 28%. Non-GAAP operating income increased 64% year-over-year to $529 million. The CFO attributed these improvements to higher gross margins and increased efficiencies across the company’s three operating expense lines.
The company reported non-GAAP earnings per share (“EPS”), growing 66% year-over-year to $1.38, considerably ahead of company guidance. The company attributed this growth to the significant increase in non-GAAP operating margins. GAAP earnings rose from 0.06 EPS in the first quarter of FY 2023 to 0.56 EPS in FY 2024. Palo Alto produced a robust trailing 12-month (“TTM”) non-GAAP adjusted FCF of nearly $3 billion with TTM FCF margins of 41% — a solid number. A good Software-as-a-Service company will produce around 25% TTM FCF long term in my view. Cybersecurity companies are usually in the TTM FCF range of 30% to 40%. Palo Alto had $3.89 billion in cash and short-term investments against $1.94 billion in long-term debt on the balance sheet at the end of the first quarter.
The market for enterprise security solutions is intensively competitive. Although Palo Alto Networks management may present itself as a leader in many categories, other companies’ competing solutions may be just as good or better for some customers. For instance, while important, Palo Alto’s top ranking in MITRE ATT&CK Evaluations is not the sole factor in completing an XDR sale. Other factors influencing sales performance are price, product features and functionality, customer needs, ease of deployment, scalability, integration with existing infrastructure, and ongoing support. Plus, real-world performance is more critical than MITRE evaluations, and some companies have a solid history of providing reliable real-world solutions.
Another thing investors should consider is that although Palo Alto is a first mover in several rapidly growing new cybersecurity categories, early entry into a category doesn’t guarantee victory. Other companies can quickly follow and offer a better version, potentially surpassing the early mover. Palo Alto management must continue investing in the area, strongly executing, and creating customer value, which is vital for maintaining market share.
Palo Alto’s competition falls into three broad baskets:
Companies in any of the above categories could introduce new technology that could throw a monkey wrench in Palo Alto’s plans. In addition, its approach to building a platform to address multiple cybersecurity needs is not unique. Several other companies use a platform approach, and once a customer joins a competing platform, switching cost moats can make it difficult to pry that customer loose, potentially limiting growth Palo Alto’s future growth prospects.
The macroeconomy is not out of the woods yet. Although some experts have predicted interest rate cuts this year, the Federal Reserve (“Fed”) has yet to announce an end to its interest rate hike campaign officially. No one knows whether the Fed’s next move is to lower rates early in the year, later in the year, remain paused throughout the year, or, in a worst-case scenario, resume raising rates, which would likely be terrible for Palo Alto’s business. While the cybersecurity business is resistant to rising interest rates or a slowing economy, it is not immune.
Suppose the economic environment worsens and customers continue to prefer financing deals or deferring payments. In that case, the market may eventually become concerned about future revenue growth and profitability despite the excellent NGS ARR growth, potentially sparking a sell-off. The company will also need to execute flawlessly. The CEO’s belief that he can double the company’s revenue while continuing to expand operating margins is quite aggressive.
Palo Alto has a price-to-sales ratio of 13.55 and a forward price-to-earnings ratio of 51. Seeking Alpha Quant grades the stock an F. The market has placed a high valuation on this stock. The chart below compares the company to a few of its competitors on a price-to-FCF basis. Only Crowdstrike and ZScaler have a higher valuation on this basis.
The following chart shows a comparison with competitors on FCF and quarterly year-over-year revenue growth basis, which offers a possible reason why CrowdStrike and Zscaler are valued higher. Both companies are growing revenue faster than Palo Alto and have far more room to grow their FCF margin.
Let’s look at Palo Alto’s reverse discounted cash flow to see what free cash flow growth rates the market assumes over the next ten years.
Reverse DCF
Palo Alto may be unable to expand its FCF margins much further than it already has. Still, if management can execute its plan, the company can potentially achieve the above double-digit FCF growth rate at a minimum over the next ten years. Consensus analysts’ EPS growth over the next five years is 22.49. Although EPS and FCF are not the same, if you assume over the longer term that EPS and FCF will grow roughly in line with each other, the market may value Palo Alto a tad too low.
Assuming an FCF growth rate of 18%, the Estimated Fair Value is $377 or 33% above the January 5 closing price. Taking a more aggressive FCF growth rate of 20%, the Estimated Fair Value is $436 or 54% above the January 5 closing price.
If you are a value investor, you may still want to avoid investing in this company. However, this stock is still a solid buy for growth investors. I rate this stock a buy.