 Hello and welcome to this episode of the security angle. I'm your host Shelly Kringer, Managing Director and Principal Analyst here at theCUBE Research and today I'm joined by my long-time friend and fellow Anas, Zia Sikiravala. Zia, welcome. It's great to have you. Hey Shelly, how are you? I am great. Thank you. So today, obviously the security angle, we're going to talk about something security related and I thought that it made sense. I know this last week you were in Vegas at a Fortinet event, so that's what we're going to dive into. So to set the stage here a little bit, in November of 2023, first part of November, Fortinet announced somewhat of a reorg of the company's focus areas and with a view toward focusing on high growth, differentiated markets, smart strategy, right? The three key market focus areas that they that they honed in on at that point in time were secure networking, universal SASE and security operations, converging networking and security, consolidating their product points into an integrated platform was according to their CEO and co-founder, Ken Sia, very, you know, that was their path forward. So again, I'm a strategist. That makes perfect sense. And speaking about these three areas of focus, you know, the TM in these three realms is pretty significant. You've got a total TM in 2023 of about 125 billion, expected to rise to about 199 billion in by 2027. So that is, you know, there's every reason for vendors to be focusing in on these markets, right? So when we talk about just briefly, we talk about secure networking. It's about a $62 billion market today. That's network firewalls, secure switches, access points, 5G gateways. This is expected to grow at about 9% annually, reaching 86 billion by 2027 security operations, also important area of focus, EDR, SOAR, CM, NDR, integrated enterprise grade security tech, all these things enterprises need, right to get insight into operations that are distributed today. This is expected to grow at 14% annually, hitting about 78 billion by 2027. Lots of opportunity there. And universal sassy. It's kind of a hot topic these days. That's at 17 billion today. And this is all different kinds of things, you know, SD-WAN, SWG, CASB, DLP, all different kinds of things, cloud networking, cloud native networking, security tech, everything around designing to simplify the implementation of zero trust strategy, which most organizations are focused on today. Sassy is expected to grow at about 28, 20% annually, hitting 78 billion. So 17 billion today, expected to hit 78 billion by 2027. So there's every reason for them to be focusing on these three market areas. And of course, you know, Sassy has lots of opportunities there. So we've got not quite six months into that shift for Fortinet. And as I said, they had their annual event, Fortinet Accelerate in Vegas this past week. I know the audience was kind of big. I mean, I saw there were like some 4,000 people in attendance. So CSY, do you see the audience, the Fortinet audience growing so quickly? Yeah. And by the way, I think you could say any given week you were in Vegas. So yeah, it was interesting to see the growth. I think part of that is what you reflected is there is a change going on at Fortinet. I think historically thought I was a security company. They've certainly got networking chops now. And so there were more network professionals there. I think also just the relative importance that security is continuing to grow, right, especially the AI cloud driven hybrid work era, where you need more security and more places, the breadth of solutions has grown. I think those three key areas you mentioned as well, reflected at the event. In fact, in Kenzie's keynote, he actually put up a slide which talked about the transition and this next wave of green 4 shorted net where they started off as a just a really good firewall company. And then they can solve a bunch of features, IPS, things like that. And they created a next generation firewall and they did a good job of becoming one of the leaders in that. And now they're moving into the sassy space where it's about taking these new functions. You mentioned a bunch of them, Swig and CASB and in a ZTNA and bringing those into one platform as well. And that's actually going to fuel the next wave of growth and they've coincidentally grown out their networking for portfolio quite nicely. So all those were all the things that you brought up, I think were reflected the security operations piece. I think they're going to address through AI. They gave a nice little demo of how it could work. We're obviously really early at the stages of, you know, I of this, I talked to John Madison as their CMO, but he's also a head of product there about, you know, are we at the point now where you could use a generative AI interface to be your buddy sock analyst, kind of like Iron Man had Jarvis. And I think you could. It's a big leap of faith. I don't think most people would fully trust it yet. But I think that's certainly the path we're heading down. I think once these things got trained a little more on the data, I do think that that we're heading that way. So I think the reorg that you talked about was well reflected Alex, Alex, and I think the increased audience is because of the increased breadth of product, both in as well as depth that they have today. Well, yeah, that makes perfect sense. So tell me, you know, what, you know, there's just nothing better, you know, when you track an event online, you only get so much, right? But when you're actually there, you're sitting in on the keynotes and having, you know, briefings and stuff like that, you really get a sense of, you know, kind of the company's messaging and strategic focus and that sort of thing. So, you know, talk with me a little bit about what you hear from Fortinet about how they talk about the value of their platform and what they feel is unique and differentiating about their story. Yeah, this concept of platformization and security isn't new or unique, right? Powell talks about it, Cisco talks about it. Everybody approaches a little differently. Fortinet's approach is to deliver their breadth of products through one hardware platform built on their ASIC, right? They're, they call it their security processing unit and also a single operating system, 40 OS which runs across all the products. Now, their thesis, I do like their thesis on the SPU, the security processing unit, the analogy they've used is when you think of, you know, why do we have a GPU, right? Because CPUs weren't good at doing graphics, higher graphics. And so we had to create a specialty processor to do graphics and that became the GPU which evolved into other things. Same with network processors. Cisco, Arista, companies like that make their own network processors because CPUs don't do that type of processing well. Similarly, you're off to shelf Intel processors. It doesn't do a great job of, you know, pack a processing for security encryption, decryption, things like that. So Fortinet spins their own. And between that and the operating system, what that does is it gives them a consistent set of features that spans all their products. And so if you want to turn on a certain policy, a certain feature under small firewall that goes in a person's home, you can do that. And it's the same procedure as turning it on. They're a large one. It's the same process of turning it on in the cloud. And so if you're a Fortinet customer and you're all in on Fortinet, you actually have this one operational model. And by conversation with Johnny, he used the analogy that FortiOS for them is like iOS and Apple, right? On an iPhone, the consumer functions, right? The camera, the music player, things like that. And then all the other products are like the watch and the tablet and things like that, which create this big ecosystem. And so I do like their approach. I think one of the misunderstandings of Fortinet is that they're for small businesses only. I think they do have a very significant price performance advantage. Sometimes customers don't believe it, though, because their price points are more in line with SMB pricing than they are with large enterprise. And Ken Z, their CEO has been pretty firm with the fact that he knows the margin he wants to get. That's the price the product is not going to raise them artificially, just to make them seem to be a bigger product. But I do think that that OS combined with silicon is Yeah, it's a differentiator now. They're never going to be first to market, right? With that approach, they do, if you're going to put stuff in silicon, you need to make sure that that market's a real market. And so they wait for products for markets to hit that on hockey stick inflection before they roll that in. So I look at NVIDIA's GTC, Jensen said, we're not share takers, we're market makers. I think that's the opposite. They're not going to make the market, but they're going to take to share once the market matures. Well, you and I've talked about this separately. It's smart strategically to kind of, you know, trying to create the market to be first to market is heavy lift, but trying to see, you know, but when you can see something developing and maturing, and you can slide in there using that momentum and the awareness and everything else. I mean, that's really smart. Yeah. And if you look back into their markets, nobody buys a standalone IPS anymore, it's built into the NG firewall. So they're trying to, that was sassy now that they assume that customers will eventually want this consolidating down from one vendor. And that's what they're building now. And that that was online. And what you had talked about the transformation of the business being, you know, really around sassy as one of the core pillars today. Well, and, you know, Fortnett claims to be the only company with a sassy function that can perform all functions in the cloud, in an appliance supported by that common operating system, networking, security stack and management console. So that, I mean, that makes it a pretty attractive operate. Yeah, part of that is your definition of sassy though. It's a little you know, I suppose their definition. Yeah, every vendor's got a different definition. That's and to me, that's a problem for me is there's no universal definition of what sassy is. Yeah. But they do have a lot of functions. So, you know, for the more functions that customers want, they do have them all and they, they can deliver them out of the cloud or even a lot of them are on prem too. So I think one of the things that's interesting to me about Fortnett is that, you know, so okay, so we think of them, we think of them as a security company, oh wait, they're a network, they're a network security company. Oh, wait, they, you know, they just ended up in the leader quadrant for wireless and wireless land. I mean, you know, now is so people think of Fortnett as a security company, but they keep doing things in areas that we don't expect them to have a presence. Talk a little bit about that. Yeah. Historically, I think if you think of a company like Cisco, they're a networking company that sells security and you thought of it as a security company that sells networking, but they've actually been in the leader quadrant in the wired and wireless land. I think shows that they can stand alone as a networking company. They also have a great SD WAN product and there's been this movement to bring networking and security together and no vendor has done a better job of that than Fortnett. I think they were, before SD WAN, they had relatively, almost no presence in the WAN, but they use that transition and build SD WAN, the Fortnett product and now they're one of the mainstream SD WAN players. They built out a very good Wi-Fi product and a very good LAN product and they're selling a lot of secured wired and wireless LANs. I asked John that question, should we be thinking it was a networking company? He says, no, we should think of it as a security networking company. The problem with that is you don't go to an enterprise and say I'm a secure networking buyer. You have networking people security and they do tend to balance that line. I would say most of their sales are still security led versus being networking led, but their product is getting awfully close to the point where they actually could lead with networking if they wanted to. Speaking of that though, if we begin to think of Fortnett as a networking company, then all of a sudden their competitors are Cisco and Palo Alto and Juniper and Sonic Wall and Trip Point. How do they stack up against those players in the market? Well, I'd say it's a different play. It's a bit of a different competitor of landscape. I think even from a channel perspective, they need to get more networking channel partners. They need to be able to speak the language of network administrators versus security administrators that buy networking. There's obviously a learning curve to do there. I think being in the leader quadrant of the MQ certainly validates their approach, but they are up against, like you said, Juniper, HPE, Cisco, Xtreme, some big heavy weights in there. I do think in the mid-sized enterprises, I have seen a lot of companies consolidate network unit security functions. It'll be interesting to see as they go up market though, when the larger companies where those fiefdoms still live, how successful it will be. I thought Cisco was the same problem the other way though. By far, the market share leader in networking and they've been trying to crack the code on how it went security for a long time, but bringing those two functions together isn't easy. I think Fortinet has done a good job with product, but now there's a bunch of other things that revolve around it, including go to market, your partner community, certifications, things like that. Yeah, no, absolutely. Your point on Cisco is well said. We were just actually together at some Cisco briefings in the last couple of weeks, but I think that the fact that Cisco has deep security chops is not new. That's been a foundational part of what Cisco does for a very long time, but you're absolutely right. That's part of the challenge for them. Yeah, there's still only a single percentage. The market doesn't know this. Yeah. And it's clear when you spend time with Cisco leaders, it is clear their passion for security and how important it is and how it's baked into everything, but they do have a similar challenge here, the opposite challenge is communicating that to the market. And a lot of this comes down to messaging and marketing, market perceptions. I feel like one of the big challenges here is for a company that is largely thought to be an SMB solution to crack the enterprise opportunities, I think that becomes more challenging. And that's really where your messaging and your market presence plays such a big role. Yeah, they do have, for it does have a lot of big customers. I just think the perception of them tends to be more midsize. And I'm not sure why they're there. I guess part of it is that's where they came from. I think initially people thought of them as almost like a Barracuda competitor, but I do know there's, when they get a bake off against the other large enterprise players, they do very well. It's a matter of perception right now. And you got to get the opportunity for that bake off, right? Yeah. Yeah, you got to fight your way to the table. So I noticed as I was tracking the event online that unlike most events today, there was not a huge focus on AI. I mean, we're all the same events. It's just AI this and AI this. And that surprised me a little bit because especially with regard to its Fordegard AI, which is its AI-powered security offering, security services offering, but that was released in 2018. So Fortinet is not new to baking AI into its solutions. And one would assume over the course of the last five years, five or six years, that that's really, their focus there, their sophistication there has increased. So this security services portfolio integrates with security system solutions across the Fortinet portfolio provides capabilities of tech apps, content, web traffic, devices, users, regardless of where they're located. So talk with me a little bit about, you know, again, this isn't this portfolio is not newly launched or anything else, but you indicated they didn't really talk all that much about AI. Why do you think that is? I actually, why do you think that is? Well, yeah, I did make it into the keynote. It wasn't, you're reading a kid over the head with it, like I have been at every other conference. And actually it was refreshing. I do think too, Shelley, when it comes to cyber, there's a lot of caution around security. I think the downside risk of doing security raw is, I mean, I'm not even sure you can quantify it, right? But people lose their jobs, companies shut down, data gets stolen, right? So companies lose their job. Eyes are going to be dotted and he's going to be crossed before companies roll this up production. What they did show though was a gen AI demo where someone was able to interface, and it's funny too, because the investors were sitting right behind the analysts, and that was the area they were most interested in. The rest of it, I think it went over their heads or whatever, but they were really interested in this where somebody could interface with the foreign net system and ask you questions about which systems are most at risk and how should I patch them. And so it's there. I think the first phase of what they're going to do is what John Madison mentioned and just almost have it be this just another SecOps analyst that you can bounce things off of. Security operations perspective, it's a way of just maybe doing some balance and checks initially and then being able to roll it there to a recommendations engine and an implementation engine. But I think in security in particular, this is going to be a long road to hoe. And so they brought out some practical things you can, they're looking at right now. But I think the days of having a fully autonomous AI driven security operations that are, I think we're a long way up from that. And the one thing I can say about that is they never outmarket their capabilities. You're not going to see them on TV talking about these pithy things where they can go, they're a very practical company. And I think right now the reality of where we are with AI and security at the very early stages and they treated us. So they didn't want to, I think they were, they're talk tracking them in the, in their key lifts was much more about the here and now and how I can help you do your job today versus what I might be able to do for the future. They did give a glimpse of what that does look like. They just, like I said, was overhead with it. And I do think for this type of event that was refreshing. Yeah, I like that as well. And I will say that I tend to be a very pragmatic person. And I think some of this comes from early in my career. I spent about a decade as a paralegal working for a trial attorney. I think about risk mitigation. I think about risk management. I think about, oh, how exciting it is to go all in on something new and somewhat unproven and untested. But I also think about the guard rails that you need and how you need to approach it with caution and what we need to do internally to train people, you know, all those sorts. There's so many moving pieces here and not just from a security standpoint, just from a utilization of AI throughout the enterprise in general and all that sort of thing. So I like that more pragmatic approach. I like, you know, being grounded in here's what we can deliver today. There are great things ahead on the horizon and we are very much demarced in looking at those things. But here's what we're able to, here's what we're delivering today and we're excited about that that resonates. It depends on the market, sort of, you know, Zoom screws up your meeting summary. You know, you might go into a meeting looking a little foolish. If Fortinet gives a wrong recommendation on how to protect against a threat, like we said, there's some big implications that, right? So I think, you know, they know their swim lane and they know the importance that they play. And because of that, they're being very pragmatic and like I said about Fortinet, they never want to really market ahead of their capabilities. Excellent. I like that. So I want to wrap this conversation. I think, I mean, I know my answer to this question, I'll be interested to see yours, you know, the challenges ahead for Fortinet to my way of thinking, it's, you know, it's brand messaging. It's, you know, marketing. It's really kind of working to gain more share of voice because more share of voice leads to more share of market. I mean, this is a crowded space, especially in the three areas that they are focusing in. So to me, you know, sometimes that investment in marketing and customs and that's, that's a really important part of the equation. But what do you see as the biggest challenge ahead and, you know, what Fortinet should do in the next six months? Yeah. Well, I'd like to see Fortinet become more of a marketing machine than I'm going to. I mean, they are who they are. They're an engineering company, NZ's an engineer, Michael Z is brothers and engineer, right? John Madison, there's CMO's an engineer. So when you're marketing person, engineer, what does it tell you about the company? I do think for the security industry and Fortinet's back in the middle of this, I guess that the concept of convergence and consolidation down to a platform is real. I do believe customers want to come down, bring down the number of vendors. I think highlighting how your platform is different and the value that brings like you look at the approach between Palo Alto and them couldn't be any more different. Palo Alto's platformers do a lots of acquisitions. They, they very much market ahead of their capabilities to try and set the vision for the industry. For and it builds on capabilities, they market to where the, to where the industry is now, but they can both legitimately say they're a platform, right? And so how customers view these and how they test them largely depends on the vendor they're looking at. Unfortunately, they're the partner they use. And I think so for a Fortinet perspective, it's actually been able to quantify the value of their platform. What does it mean to you operationally? What does it mean to you for cost perspective? Things like that. And so I think it's going to be interesting to see what other vendors pop up their head in the platform game, crowd-strakes making some noise there as the skitters are picking up, but Cisco certainly is. And so the word platform in security isn't a new one. It's becoming more used by more companies, which creates confusion in the industry. So I don't think there's any question that Fortinet from a product perspective will make the shift to sassy. But as that becomes the foundation of their platform, they do need to be able to, to your point, be able to, to market tells customer stories, be able to qualify the value a little bit more. And you know, that's something historically that they've struggled with. And the, they rely, I can tell you one thing, the customers love them, right? You talk to the customers there, but, but sometimes they don't get as many swings at the bat because of perception. And well, that's really, that's really where marketing comes in. And you know what? I've worked with engineers my whole career. And I love engineers, but there's more to success with a product and growing and scaling a company and grabbing market share than just having a great product because, you know, it is that awareness and it is. And again, you're, we're talking about, you know, almost a 200 billion market by 2027. There's so much opportunity here. I'm not suggesting that they, that Fortinet, you know, sit around and, you know, be quiet or rest on its laurels in any way. But, but the reality of it is a great product and great messaging work together to grab more market share. So that's what I look forward to seeing from Fortinet, moving forward. And you know what? We'll see what happens, right? Yeah. You know, like I said, that from a product perspective, they do an excellent job. But it's, I think it's helping customers understand the value of their platform with respect to all the other ones out there. Yeah. We'll see you as Caravella. I thank you so much for joining me today on this episode of the security angle. It is always a pleasure and to our viewing and listening audience. Thanks for spending time with us. And we'll see you here again next week. All right. Thanks, Sean.