Urupong
Palo Alto Networks (NASDAQ:PANW) is one of the largest cybersecurity companies, with almost 80% of revenue coming from services and subscriptions. The business has evolved from network security to cloud security and, most recently, to the next generation of Security Operations Centers (SOC) transformation. Their business has been experiencing growth of more than 20% in revenue over the past years. I believe the SEC’s new rules on cybersecurity will serve as a notable catalyst for Palo Alto, and I commence coverage with a “Buy” rating and a fair value of $290 per share.
Built Network Security Leadership
Palo Alto has established leadership in network security through its firewall products in on-premises network environments. The company has successfully gained significant market share from key competitors, including Check Point (CHKP), and other legacy vendors such as Cisco (CSCO). The chart below illustrates how Palo Alto has solidified its position as a market leader over the past decade.
Palo Alto, Check Point, Fortinet 10Ks
I believe the main reasons for their success can be summarized as follows. Firstly, their network security products were built on a new architecture, allowing them to utilize hardware as a core component. They furnish multiple modules or subscriptions to improve various functions, including anti-DDoS and antivirus capabilities. In contrast, Check Point and other legacy vendors utilize a traditional firewall approach, selling hardware boxes.
Secondly, Palo Alto’s go-to-market strategy has proven highly successful in the past, with their sales force able to display their products to customers in a short period. For instance, Cisco bundles its network security products with system integration and other network devices, lacking a dedicated sales force focusing solely on network security products.
Lastly, Palo Alto has been remarkably successful in expanding its addressable market. As illustrated in the chart below, the company has entered into cloud security and security operations. Even within the network security field, they have launched various subscriptions to encourage leverage their massive customer base.
Palo Alto 2021 Capital Market Day
Fast Growing Cloud Security and SOC Transformation
As enterprises began migrating their workloads to the cloud, the cloud security market emerged. In comparison to traditional on-premises environments, workloads in the cloud are more vulnerable. Enterprises now need to ensure their public cloud, private cloud, SaaS applications, as well as remote working environments, introducing tremendous complexity for cybersecurity.
Palo Alto addresses cloud security challenges with Prisma Cloud. This platform offers cloud security posture management, cloud workload protection, cloud security, and cloud infrastructure entitlement management. Furthermore, Palo Alto utilizes both internal development and external acquisitions to improve their cloud security portfolios.
In the field of cloud security, Palo Alto competes with Zscaler (ZS) and Netskope. According to Gartner, the total spending on public cloud services is estimated to be around $332 billion. As per their management, security currently constitutes approximately 5% of cloud spending. Consequently, the total market size for cloud security is around $17 billion. Gartner reports that this market is experiencing a year-over-year growth rate of more than 20%.
I believe Palo Alto has the potential to gradually establish leadership in the cloud security space, leveraging their extensive client base in traditional network security. Given their existing engagements with enterprise customers, and the significant trend toward adopting multi-cloud infrastructures encompassing public cloud, private cloud, and on-premises structures, Palo Alto’s leadership in traditional network security positions them favorably to capture more market share in the cloud security space.
Furthermore, Security Operations Center (SOC) transformation represents a new market. The traditional SOCs, built decades ago, are ill-suited to the complexities of the current network environment, resulting in extended cyber incident response times. Palo Alto is integrating AI technology into SOC transformation and automation. While CrowdStrike (CRWD) currently leads in SOC automation, I believe Palo Alto has the potential to catch up, and both companies are poised for rapid growth in SOC transformation, given the expansive market. The legacy SOC market is valued at $30 billion, and Palo Alto anticipates it to achieve $80 billion to $90 billion in the next 10 years, fueled by advancements in AI.
New SEC Rules on Cybersecurity
The SEC issued new rules on cybersecurity risk management, governance, strategy, and incident disclosure for public companies on July 26, 2023. The new regulate mandates that public companies file Form 8-K within four business days after a material cybersecurity incident. According to Palo Alto’s management, it typically takes six days to comprehend the details of a major cybersecurity incident. In essence, public companies need to upgrade their Security Operation Centers (SOC) to facilitate a swift incident response.
I believe these enterprises possess extensive data for cybersecurity investigations. However, the challenge lies in the absence of a modern SOC, making it difficult to scrutinize these vast datasets and logs within the required four business days.
The new regulate is poised to become a major catalyst for Palo Alto, as these enterprises will need to upgrade their cybersecurity infrastructure and invest in SOC automation to confront regulatory requirements.
Financial Results and Outlook
Palo Alto has been achieving annual top-line growth of more than 20%, and their gross margin is quite decent, particularly considering that product sales still account for 22% of total revenue. The majority of customers pay Palo Alto upfront fees, leading to the generation of significant deferred revenue for their working capital. Due to these upfront payments, their free cash flow margin is notably high, close to 40%.
Palo Alto 10Ks
They possess a robust balance sheet, ending FY23 with a net cash of $399 million. The majority of their cash from operations has been deployed towards acquisitions and share repurchases, with no dividend payments. Overall, I believe their financials are healthy and robust, notwithstanding the low reported operating margin, which is influenced by high stock option compensations. This will be encourage discussed in the risk section.
During Q1 FY24, they achieved a 20% year-over-year growth in revenue and a remarkable 75% enhance in adjusted net income. As for the full-year guidance, they foresee 18-19% revenue growth and 16%-17% total billing growth, accompanied by a 37%-38% adjusted free cash flow margin and a 26%-26.5% adjusted operating margin. I find their guidance to be quite reasonable and in line with their historical growth range.
Palo Alto Quarterly Results
It’s worth noting that the new SEC regulate has not taken effect as of their Q2 FY24 results, and I believe investors should start to witness this additional growth in the coming quarters.
Key Risks
High Stock Option Compensation: Similar to many other high-growth software companies, Palo Alto has a notably high stock option compensation (SBC) as a percentage of their total revenue. In FY23, they allocated 15.6% of total revenue to their SBC. While I admit that the SBC as a percentage of revenue has been declining in recent years, it remains at a relatively high level at this point.
Hardware Purchase Normalization: Palo Alto’s product sales account for approximately 22% of total revenue. In the post-pandemic period, the demand for hardware has begun to standardize, and supply-chain constraints are easing. The current high-interest-rate environment is not conducive to enterprises increasing hardware purchases. These factors are macro-driven and are expected to better when interest rates come down in the future.
Valuation
As illustrated previously, the total addressable market is growing at 14% for Palo Alto. I believe their leadership in network security and growth in cloud security and SOC transformation will enable them to outpace the market growth. Therefore, I expect their near-term normalized revenue growth rate to be 17%, with acquisitions potentially adding another 1.3% to total growth. Starting from FY29, their revenue growth is expected to moderate to a low double-digit range. As their SBC as a percentage of total revenue is declining over time, their reported operating margin should enlarge. Additionally, with double-digit revenue growth, operating leverage could contribute to encourage margin expansion.
Palo Alto DCF – Author’s Calculations
The model utilizes a 10% discount rate, 4% terminal growth rate, and a 22% tax rate. The fair value of their stock price is calculated to be $290 in the discounted cash flow model.
Verdict
I believe the new SEC regulate is going to impact their financial results in the coming quarters. Additionally, they are poised to benefit from the overarching trends of cloud security and security operation automation. As a result, I am initiating coverage with a “Buy” rating and a fair value of $290 per share.
