Play Offense with Palo Alto Networks’ Cybersecurity Defense

By Jim Krapfel, CFA, CFP

December 1, 2023

Background

My introduction to Palo Alto Networks (PANW) dates back to the company’s initial public offering (IPO) in 2012 when I followed the IPO market for Morningstar, Inc. (in addition to providing research coverage of various industrial and housing stocks). The company had already made a name for itself in “smart” firewalls that can be told to keep out only certain pieces of information within an application.

Fast forwarding to earlier this year, I became convinced that my clients needed direct exposure to the cybersecurity industry because of the explosion in, and greater sophistication of, cybersecurity incidents facing companies. After researching a few companies, I settled on Palo Alto and established a small position across client accounts on June 2 at approximately $218/share.

The purchase timing was fortuitous in that it was completed just a couple hours before the company announced it would join the S&P 500 (the stock rallied 4.4% the next trading day). I have since bought more PANW stock for client accounts at under $250/share. It is currently a medium-sized position.

Company Introduction

Palo Alto Networks is a cybersecurity platform and services provider that helps secure enterprise users, networks, clouds, and endpoints. Its security solutions are designed to reduce customers’ total cost of ownership by improving operational efficiency and eliminating the need for siloed point products.

It is focused on delivering value in four areas:

• Network Security – – hardware and software ML-powered firewalls, as well as cloud-delivered Secure Access Service Edge (“SASE”), Prisma Access, Security Services Edge (“SSE”) solution, when combined with Prisma SD-WAN, provides a SASE offering that is used to secure remote workforces and enable the cloud-delivered branch. Platform also includes its cloud-delivered security services, such as Advanced Threat Prevention, Advanced WildFire, Advanced URL Filtering, DNS Security, IoT/OT Security, Global Protect, Enterprise Data Loss Prevention, AI for Operations, SaaS Security API, and SaaS Security Inline

• Cloud Security -- cloud-native security through its Prisma Cloud platform, which secures multi- and hybrid-cloud environments for applications, data, and the entire cloud native technology stack across the full development lifecycle, from code to runtime

• Security Operations -- security automation, security analytics, endpoint security, and attack surface management solutions through its Cortex portfolio

• Threat Intelligence & Security Consulting (Unit 42) – brings together world-renowned threat researchers with an elite team of incident responders and security consultants to create an intelligence-driven, response-ready organization to help customers proactively manage cyber risk. Its consultants serve as trusted advisors to its customers by assessing and testing their security controls against the right threats, transforming their security strategy with a threat-informed approach, and responding to security incidents on behalf of its clients

Below is Palo Alto’s revenue breakdown by type and geography.

Figure 1: Sales by Type and Geography in Fiscal 2023*

Palo Alto was founded in 2005, went public in 2012 at a split-adjusted price of $14, and has a market capitalization of $93 billion. Former Google and SoftBank executive Nikesh Arora became CEO in 2018. It is headquartered in Santa Clara, California.

Investment Thesis

I recently purchased Palo Alto as a long-term investment primarily because: (1) it participates in a rapidly growing cybersecurity industry; (2) its track record of innovation should allow for continued market share gains; and (3) favorable mix shift to higher-margin and more predictable recurring revenue. Let us dive into each of these points.

1)     Rapidly growing cybersecurity industry

According to a July 2023 Palo Alto investor presentation that cites IT research outfit Gartner, Palo Alto participates in the $104 billion portion of the $213 billion enterprise cybersecurity market. Over the past five years its total addressable market has grown at a cumulative average growth rate (CAGR) of 22%. Over the next three years, Gartner expects a 16% CAGR.

In my opinion, industry growth rates could easily surpass these figures for a few reasons. First, cybersecurity threats that its medium- to large-sized businesses and government agency customers face are becoming more frequent and complex. Costs to clean up a breach are growing too, and can exceed $100 million, according to cybersecurity peer CrowdStrike (ticker CRWD).

Second, the rise of artificial intelligence (AI) is likely to supercharge the threat landscape. As AI systems proliferate and become smarter, they can be unleashed as weapons of evil by bad actors, thus driving greater demand for cybersecurity solutions.

Finally, a recent Securities and Exchange Commission rule, announced on July 26 and taking effect shortly, states that public companies must disclose material cybersecurity incidents within four business days of its finding. Properly assessing and correcting for the breach, or avoiding the incident altogether, should be further impetus to tackle cybersecurity in a comprehensive way.

2)     Track record of innovation should allow for continued market share gains

Palo Alto has successfully demonstrated that it can outperform its competition. Over the past five years Palo Alto has grown revenue at a 25% CAGR, surpassing industry growth. It has achieved this by transforming itself from a market leader in next generation firewalls into one of the preeminent cybersecurity companies across network security, cloud security, and security operations.

It routinely spends around 25% of its revenue on research and development (R&D), versus just 12% for its closest competitor Fortinet (ticker FTNT). The increased R&D spend has driven an acceleration in major product releases, as depicted in Figure 2. Among its recent product releases is its AI-based security automation platform, to which the company is “delighted” by the market reception.

Figure 2: Palo Alto’s Hefty R&D Spend is Driving an Acceleration in Major Product Releases

3) Favorable mix shift to higher margin recurring revenue

The financial makeup of the company ought to continue to improve. Its one-time, more cyclical, and lower margin product revenue (largely comprised of firewall hardware) has shrunk to 23% of total revenue, down from 39% five years ago. Growing faster are its annual and multi-year subscriptions, which now make up about 30% of total revenue. Total recurring revenue reached 83% in its most recently reported quarter, up from 77% in the year-ago period.

The stock market typically values recurring revenue, especially subscription revenue, higher than other revenue sources, because of their higher margins and greater predictability. Therefore, an ongoing mix shift to subscription revenue ought to drive margins higher and support the stock price over the long run.

Economic Moat

I believe Palo Alto Networks owns a formidable economic moat, or sustainable competitive advantage, due to its significant customer switching costs and network effects. This should allow Palo Alto to price its offerings such that returns on its invested capital easily exceed its cost of capital, thus creating shareholder value.

Palo Alto's three platforms are increasingly entrenched across almost all the Fortune 100 and the majority of the Global 2000 companies it serves. As Palo Alto launches major new products to tackle a particular cybersecurity niche, or acquires smaller companies to round out its offering, it can upsell and cross-sell to existing customers that are looking to consolidate or “platform” their cybersecurity needs with fewer vendors.

Platformization has been a consistent theme across the large cybersecurity firms’ recent earnings conference calls, such as Palo Alto’s. Clients are looking for more holistic solutions (versus point solutions) to reduce cost and complexity. The trend of having more of a firm’s cybersecurity needs met by fewer firms makes the relationship stickier for the firms that can provide holistic solutions. Ripping out one vendor’s platform for another is a daunting task given the necessary staff retraining efforts and the exposure the firm has to security vulnerabilities.  

Palo Alto’s network effects are derived from the threat data that enters its platforms. As threats are uncovered by the firm, it can better detect and mitigate cyber threats across its customer base. As its detection and mitigation capabilities improve, it can attract more customers onto its platform, which feeds more threat data into its platforms, and the flywheel keeps spinning.

Growth, Profitability & Valuation

During its most recent analyst day in August, Palo Alto laid out a series of financial targets for fiscal year 2026. These include a revenue and billings CAGR of 17-19%, adjusted operating margin of 28-29% (up from 24.1% in FY23), and an EPS CAGR of at least 20%.

I expect these targets to be exceeded rather easily because of the company’s market opportunity, strengthening product offering, and strong execution under CEO Nikesh Arora. Further, I believe margins will have enduring tailwinds beyond the next three years because of its growing software revenue mix, operating efficiencies from greater scale, and cost savings from applying artificial intelligence to its product support, sales & marketing, and general and administrative functions.

Figure 3: Palo Alto’s Growth and Profitability Are on a Strong Trajectory

Admittedly, Palo Alto stock is not cheap. It is priced at 52x next 12 months’ (NTM) analyst consensus earnings estimates, well ahead of the S&P 500 at 20.5x NTM. I believe its valuation premium is earned because of the sustainable long-term business drivers that should make earnings growth compound at significantly higher levels than the average company in the S&P 500. Its valuation premium widened over the past couple of months because its financial results positively diverged from some of its peers and amid growing optimism that corporate spending on cybersecurity is about to trough and reaccelerate into 2024.

As excited as I am owning Palo Alto shares over the long run, I believe the stock could struggle to appreciate over the next few months given the tremendous run to record levels it has had recently. If the stock pulls back enough, I will highly consider buying more to make it among our top 10 holdings.

Key Risks

The largest idiosyncratic, or company-specific, risk facing Palo Alto is that it does not keep up with the rapidly evolving cybersecurity landscape and its peers launch more competitive offerings. Misreading security threat trends would be particularly costly for Palo Alto since it spends roughly a quarter of its revenue on research and development.

The firm also faces some risk from declining enterprise budgets due to a weakening economy and/or higher interest rates. Indeed, its industry growth rate slowed over the past year as customers more closely scrutinized and pushed out new deals, which Palo Alto management attributed to the cost of money (higher interest rates for longer). 

Still, Palo Alto’s billings growth has been less impacted than Fortinet’s – Palo Alto’s billings growth slowed from 27% to 16% over the past year, whereas Fortinet’s plummeted from 33% to 6%, with Palo Alto guiding to 15-18% growth in the December quarter versus Fortinet guiding to a 5% decline. Palo Alto’s greater focus on large enterprises (versus more volatile spending from smaller companies) and lesser composition of one-time product revenue helps to dampen its cyclicality.

Disclaimer

Advisory services are offered by Glass Lake Wealth Management LLC, a Registered Investment Advisor in Illinois and North Carolina. Glass Lake is an investments-oriented boutique that offers a wide spectrum of wealth management advice. Visit glasslakewealth.com for more information.

This blog expresses the views of the author as of the date indicated and such views are subject to change without notice. Glass Lake has no duty or obligation to update the information contained herein. Further, Glass Lake makes no representation, and it should not be assumed, that past investment performance is an indication of future results. Moreover, whenever there is the potential for profit there is also the possibility of loss.

This blog is being made available for educational purposes only and should not be used for any other purpose. The information contained herein does not constitute and should not be construed as an offering of advisory, legal, or accounting services or an offer to sell or solicitation to buy any securities or related financial instruments in any jurisdiction. Certain information contained herein concerning economic trends or market statistics is based on or derived from information provided by independent third-party sources. Glass Lake Wealth Management believes that the sources from which such information has been obtained are reliable; however, it cannot guarantee the accuracy of such information and has not independently verified the accuracy or completeness of such information or the assumptions in which such information is based.