The cybersecurity sector had a rough ride last week as Palo Alto Networks (a portfolio company), one of the industry leaders, announced an underwhelming billings guidance for both the current quarter (only +2-4%, after +16% in CQ4) and the full year (+10-11% vs +16-17% previously).
Amid healthy cybersecurity spending, Palo Alto’s figures clearly came as a shock. The main reason behind this sudden revenue slowdown is linked to Palo Alto’s strategic shift towards a “platformization” of its product offering. In other words, the company is seeking to entice its customers to switch away from security vendors offering single solutions and to subscribe to Palo Alto’s all-in-one solution. To gain traction in this initiative, Palo Alto has decided to pursue an aggressive commercial policy, offering free use of its Cortex platform to customers until they transition away from rival offerings with a revenue impact expected to last for 12 to 18 months. According to Palo Alto CEO, about 400 out of 1,500 top customers took up the offer for free incident response offer over the past 90 days.
In our view, Palo Alto’s strategy makes sense as it matches customer demand. We have commented several times that cybersecurity firms have indeed no choice but to offer comprehensive platforms as customer enterprises roll out an increasing number of security tools and demand packaged solutions from their security vendors to reduce costs and complexity.
From a financial standpoint, the short-term impact of this strategy appears manageable (reduced revenue growth for 12-18 months but unchanged FY24 FCF outlook thanks to cost savings and other efficiency measures) while the long-term implications are positive (more recurring business as customers are locked up in long-term contracts with high barriers to exit, higher margins per customer).
That said, the aggressive approach by Palo Alto raises two concerns. First, we wonder if Palo Alto is not seeking to hide some revenue weakness (especially in its core firewall business) with this “platformization” talk, notably as its CEO commented about “spending fatigue in cybersecurity”.
Second, the initiative could spark short-term disruption in the cybersecurity landscape, with Palo Alto’s main rivals potentially following suit and introducing their own incentives to retain customers. It will be interesting to hear CrowdStrike and Zscaler react to Palo Alto’s “platformization” effort during their earnings calls in coming days…
Overall, while we would expect the short term to be lumpy, we believe that the valuation correction of the last few days (in a 10-25% range) already discounts a significant portion of the risks. And importantly, the long-term opportunity outweighs these short-term risks in our view, at least for the platforms that will succeed in covering all or most security needs (from identity & access management to threat prevention, detection and response). Here, we’re thinking of pure players (Palo Alto, Fortinet), Tech giants (Microsoft, Google, Cisco) and… one private equity firm (Thoma Bravo) that has collected a large number of security assets in recent years.
Against this backdrop, most cybersecurity firms that still have a niche positioning (e.g. Okta or CyberArk in identity & access management, Varonis in data governance…) will end up as natural takeover targets for the leading platforms, suggesting that M&A should remain a powerful theme in the foreseeable future.