Key Takeaways
- Which segments in cybersecurity are growing the fastest—and why that matters.
- The case for cybersecurity stocks now.
- The impact AI may have on cybersecurity companies and their economic moats.
- How cybersecurity companies differ from each other.
- The best cybersecurity stocks to invest in today.
In this bonus episode of The Morning Filter podcast, co-host Dave Sekera talks with Morningstar senior analyst Malik Ahmed Khan about cybersecurity stocks. They discuss which cybersecurity segments are driving the industry’s growth and whether consolidation will play out in the industry. Tune in to find out what key risks the industry is facing today—and why AI isn’t one of them.
They unpack what it takes for cybersecurity companies to carve out economic moats and why so many of them earn wide economic moat ratings from Morningstar. They cover key differentiators among the biggest cybersecurity names. They close with a conversation about the three cybersecurity stocks that look most attractive today.
Have an idea for a bonus episode? Send it to themorningfilter@morningstar.com.
David Sekera: Hi, I’m Dave Sekera, and welcome to a bonus episode of The Morning Filter podcast. Now, as regular viewers and listeners know, we’ve been trying several different bonus episodes of our podcast, sitting down with various experts from Morningstar to discuss different topics that you told us that you want to hear more about. If you have an idea for other bonus episodes, please send it to us at our email address, the morningfilter@morningstar.com.
Now, longtime listeners of The Morning Filter have heard me mention numerous times over the past several years why I really like the attributes of investing in the cybersecurity industry. So on today’s bonus episode, I have with me Ahmed Khan, Morningstar’s senior equity analyst on the technology team, who covers the cybersecurity industry for us. Ahmed, thank you for joining us today.
Malik Ahmed Khan: Great to be here, Dave. Thank you.
Cybersecurity Sector Overview
Sekera: Now, I think most people are pretty familiar with cybersecurity overall and thinking about it really as a broad term. I think most people are certainly familiar with their own antivirus and firewalls on their home PCs, but I also think cybersecurity is just one of those terms that encompasses a lot more than I think people may necessarily realize. So I was actually hoping if you could start us off here with a brief overview of what is cybersecurity and what all does cybersecurity entail?
Khan: For sure. So I think when people think about cybersecurity, their core intuition is right. There’s bad guys and then there’s good guys who are defending against the bad guys. So an antivirus, for example, is protecting your computer against the bad viruses. Once we take that same sort of theoretical standpoint and apply it across an enterprise, what we see is three key buckets, or areas of spending, emerge in cybersecurity. One is services, so that’s like people spending. So you’re spending on actual talent. Then you have software, which is pretty self-explanatory. You’re spending on security software. You have hardware. This is primarily hardware firewalls, security networking equipment. So these are the three main key buckets when we’re thinking about the broader security market and how spending is allocated. And all these buckets are, again, serving the same goal, which we intuitively understand cybersecurity to do, which is protecting your enterprise, your organization, your local school, hospital, whatever it is, from nefarious actors trying to get access to your data, to your organizations.
Fastest-Growing Cybersecurity Segments
Sekera: Now, when I think about cybersecurity and think about all the different types of segments that are in there, whether that’s endpoint, identity, cloud security, networking, and the other segments, are there certain segments out there that you find are growing faster than others? And if so, what is driving that?
Khan: So first of all, going back to services, software and hardware, services and hardware are not growing as fast. The most of the growth that we’ve seen is coming actually from software spending, and software spending actually encompasses some of the segments that you mentioned. Some of the very high growth segments have been endpoint, cloud identity, parts of network security that are more software-focused. And all these things, all these sort of subsegments may seem a bit abstract, but they’re pretty accessible for regular investors to understand. For example, endpoint, you can think of it as just an updated version of an antivirus. So protecting your endpoint, which would be a computer or your tablet or your device. Identity obviously is just protecting … You think of it as a badge swipe when you’re entering an office building to verify your identity and so forth. But to answer your question, software-based cybersecurity segments have actually outgrown the hardware and services segments, and we expect that trend to continue.
Sekera: And then thinking about cybersecurity, of course, it’s vitally important to any organization, whether it’s corporate or public. I’m just curious, what have you seen among really the underlying fundamental trends over the past couple years, and what are your expectations towards those trends over the next few years?
Khan: First of all, as soon as, obviously when covid happened, I think that was a regime change, both in terms of the intensity and the frequency of cyberattacks. So the FBI actually collects this data and you can go back into the early 2000s and you can see cybercrime, and you can see a clear inflection point during the covid pandemic when people basically … Everyone was online, but the security apparatus hadn’t properly adjusted. And now we’re seeing a further regime change due to AI. So I’m sure you’re getting them and I’m getting them—emails that don’t look that suspicious anymore but still are phishing emails, etc., etc., that are just generated with AI. And you can do that en masse. So that has been one sort of key differentiator or key trend that we’ve seen in the cybersecurity segment: rising frequency and intensity of cyberattacks.
The second thing to keep in mind is that the actual dollar loss per breach has actually increased. The Ponemon Institute collects this data where they look at the cost of a cyberbreach, again, longitudinally, over a period of time. And that is, it continues to inflect upward, which means that, if you’re a company now, you have the reputational risk of getting breached but you also have a real financial risk, that is, like you’re going to have financial impacts of both first-order and second-order financial impacts from that breach. So those are some of the key drivers that continue to make cybersecurity that important for organizations.
The Case for Cybersecurity Stocks
Sekera: Now I do want to get to some individual stock picks at the end of the podcast, but before we even get there, just thinking about the cybersecurity industry overall, how would you really give us a synopsis of what is the general investment thesis overall as far as where you see these trends going in the future?
Khan: For sure. So first of all, the broader thesis that we have in cyber, and this will really show when we sort of discuss the individual stock picks, is one about vendor consolidation. So right now cyber is an incredibly fragmented market. We expect that that, over time, will consolidate, and you will have large vendors that will be able to increase their market share and dominance and be able to create platforms that are multimodules across various end markets and create and capture market share. Now, within looking at the contours of that growth, though, there are certain drivers. So you have increased digitization, which obviously was catalyzed or further accelerated by covid. Obviously, if you’re getting another leg of growth with AI, you have compliance-related drivers such as increased SEC regulations, increased European regulations that force companies to spend more on cyber. So you have, I mean, structurally, the industry is primed for strong growth because of secular tailwinds, whether it’s things such as increased digitization or shift to cloud, or some of the compliance-related factors that I mentioned as well.
AI’s Influence on Cybersecurity
Sekera: You mentioned a little bit and touched on your artificial intelligence and the longer-term impact there. And what I’ve seen across the market in general and the software space in particular is a lot of those software stocks really have been under intense pressure over the past year, if not longer. Some of those stocks falling 20%, 30%, even 40%, just because so many investors are concerned that artificial intelligence either could disrupt or in some cases even completely displace the businesses and products of these software companies. As an investor, how would you recommend, how should they think about the difference between investing in more of those software-as-a-service stocks versus cybersecurity stocks?
Khan: First of all, it’s important to understand that cyber has never been purely software. And at the top, I mentioned services and hardware, which are not really impacted or are not clear, they’re not software-driven per se. The second thing I would mention is that, especially when we’re thinking about the effect or the impact of AI on cyber, and then juxtaposing that or comparing that with software, one key differentiator is that there is an adversarial dynamic when we’re thinking about AI and cybersecurity. So a good example of this would be, let’s say you have a large language model that makes detection of threats 5X better. Now that, by definition, also means that an attacker can use the same model and actually detect vulnerabilities 5X faster or 5X in a more efficient way. So I guess what I’m trying to say is that since AI is dual-use for both the adversaries and the defenders, it actually means that the overall cyberspending has to elevate, which is not a dynamic that you see in other parts of software.
So this is unique to cybersecurity. Second thing I would say is that AI is creating net new markets. So AI runtime security, there’s securing actual AI use cases or actual AI deployments. Then there’s new firewall spending that’s going to happen in data centers. So there’s a lot of net new spending in cybersecurity that companies under our coverage are going to benefit from. And that may be harder to pin down when it comes to the broader software universe, where you see more headwinds than tailwinds, which is not the case when we’re thinking specifically about cybersecurity.
Sekera: Yeah. And so with artificial intelligence, as an investor looking in the cybersecurity space and investing here, just thinking about maybe even like the next 12, 18, 24 months, are there certain things that you’re watching that you think that they’re going to evolve in a certain direction? And if so, do you think that there’s going to be certain cybersecurity companies that are going to be better positioned for those evolving needs here in the medium term?
Khan: For sure. No. So Dave, what we have is we have essentially an AI quality scale, which sort of ranks cybersecurity companies on a variety of different factors related to AI. That could be product monetization, the number of enterprise customers they have, the kind and richness of data the companies actually aggregating and then running their AI models on. So it has a bunch of different factors, and that sort of like AI quality scale, if once we apply that to our coverage, the larger players, so that would be CrowdStrike CRWD, Palo PANW, Fortinet FTNT, and Zscaler ZS, really come to the fore or really rise to the top. And I think that’s the story that we see formulating when it comes to AI. So I mentioned earlier, we’ve seen vendor consolidation, people want to spend more with less. We think AI is going to come and turbocharge that dynamic. So if you’re Palo and historically you’ve gone on acquisition sprees to buy specific modules, well, now AI actually increases your product velocity.
So you can actually see a product and say, “Hey, this is a good product that a competitor may have.” And you can build that in-house and in a much faster pace than you were able to in the past, which lets you gain market share much faster. So when it comes to AI in particular, we expect that there is going to be a tale of two cities here. So one city is going to be the platform vendors, which is going to be beneficiaries of AI. But even in our coverage, we have companies that we think are going to be laggards or companies that we think are going to lose market share. So these are the smaller players like Rapid7 RPD, Tenable TENB, etc.
Impact of AI on Cybersecurity Stocks’ Economic Moats
Sekera: Which also then kind of brings us to our next topic. And when I think about investing and I think about how Morningstar looks and value stocks, one of the key differentiators in my mind is kind of that explicit incorporation of the economic moat concept into our valuations, thinking about companies that have long-term durable competitive advantages and how that helps companies be able to generate excess returns on invested capital over the weighted average cost of capital over the long term. And so I was hoping maybe you could kind of walk us through here for the cybersecurity industry, maybe even using a couple of the different moat sources as specific examples, but what attributes are really required to be able to dig that economic moat here in the cybersecurity industry and anywhere you could give us some specific examples would be much appreciated.
Khan: For sure. Across our cybersecurity coverage, when we see economic moats, the primary moat source is switching costs. So that is the actual sort of tangible cost or intangible cost that a customer has to incur if they want to rip and replace a vendor. The clear sort of evidence of switching costs, by the way, you can find this in retention rates. So a lot of cybersecurity companies and software companies, by the way, will give you retention rates. And that could be a dollar-based retention rate or a logo-based retention rate. It just tells you how many customers they’re keeping or how many dollars those customers are spending, how many dollars they’re keeping year on year. When we’re looking at cyber, moaty companies tend to have a retention rate roughly of 95%ish, on average, which would imply a customer lifetime of around 20 years, which is well in excess of the tenure when we’re thinking about economic moats, we’re thinking about whether the company is more than likely to sustain a competitive advantage over a 10- to 20-year time horizon.
So certainly that passes the retention rates past that check, and that it really shows the switching costs that are there in cyber. I mean, if you’re a technology buyer, the reason you buy cybersecurity is to take uncertainty off the table. And now if you want to switch cybersecurity vendors, you’re actually taking the uncertainty and putting it right back on the table.
So it’s not really like … I mean, based on our conversations with actual operators, it’s really, really unlikely that you take an operating, well-functioning cyber system and cyber platform and you’d rip and replace because somebody gave you a 10%, 20%, 30% discount. So that’s number one. Number two is network effects. So all cybersecurity moats have switching costs; not all cybersecurity modes have network effects. Network effects primarily stem from what is the richness and the quality of the data the company’s aggregating from all of its different customers and how it’s able to operationalize that data to improve security outcomes. The cleanest example of this in our coverage is CrowdStrike. So if you, for example, are a CrowdStrike customer, you will download the CrowdStrike agent on your laptop. If, let’s say, your laptop gets breached or there’s an attack on your laptop, CrowdStrike is able to detect that attack, hopefully mitigate it on your laptop, but at the same time, essentially update all the laptops that are connected on CrowdStrike simultaneously to ensure that none of them can get attacked by the same attack sort of vector that was used in the hack that was being conducted on your laptop.
So this network effect where adding more customers actually leads to better security outcomes for customers that are already existing on CrowdStrike’s platform is super powerful. And we see this in other instances as well. With Zscaler and with Cloudflare and with Palo, we see network effects there as well, and the story is very similar. More data means better solutions, better solutions mean more customers, more customers means more data, and you have this vicious cycle or virtuous cycle that goes on.
Sekera: And out of curiosity, too, thinking about the network effect there and its impact, is that also part of the reason why you expect to see just more and more consolidation in the sector as well?
Khan: Yes, yes, yes. Because I mean, again, if a CrowdStrike, the access that they have with trillions of signals daily that they’re monitoring, and you take that and you compare that with an upstart that may have a percent of that, a fraction of that. So just the advantage that the incumbents have, and then they can build on that advantage using AI, we certainly see the gulf widening between the platform vendors and everyone else.
Sekera: Well, let’s just dial it back here to talking about our valuations a little bit more. Now, when I think about what is a stock worth, it is, of course, the present value of all the future free cash flow that a company is going to generate. And so to do valuation, we have a standardized discounted cash flow model that we use. Now, when I’m thinking about that model, you can look at what the guidance might be for the next quarter or even for the next year for some companies, but I’m thinking about forecasting in the out years, forecasted year three, four, and five, or even longer than that, I’m curious, could you walk us through, what is your thought process as far as how you make those kind of projections over the longer term and incorporate that into our valuation model?
Khan: For sure. What I like doing is I like using a mixture of a top-down approach and a bottom-up approach. So a top-down approach would basically be looking at some of the key spending categories within cybersecurity, looking at where the growth is inflecting for those spending segments. So those would be the segments that we discussed at the top of our discussion, cloud, endpoint, where do we see growth, and then also layering in which vendors we think will benefit. So if I’m discussing endpoint, I think CrowdStrike’s going to gain market share. So that tells me that, OK, CrowdStrike should be outgrowing the sort of overall endpoint market. So that tells you something about what CrowdStrike’s growth profile would be. So that’s top-down. Now bottom-up, then you look at, you try to size the market, you’re looking at average sales prices, or ASPs, number of customers, average revenue per customer, how we think that’s going to inflect.
So there’s a bit of both that happens, especially, you’re absolutely right, quarterly visibility is pretty good. You could make the argument that annual visibility is pretty good, but when it comes to year three and onward, it gets more challenging. One thing I will say is that whenever we have a forecast of the overall market, so again, going back to the top-down approach, you’ll notice that if you look at our forecast from 2019 and compare it with 2024 or 2020 with 2025, there’s a big gap, and we always end up underestimating the size of the cybersecurity market. And that’s not hopefully because we’re not doing a good job or other analysts that are not doing a good job sizing the overall space. It’s more structural because there’s new areas of cybersecurity spending that just come up. So if somebody told you in 2019 that, “Oh, cloud security is going to be a multi-billion-dollar subsegment,” you would be like, “Oh, OK, it could, but probably not” because that requires that segment to grow at a 90% CAGR for the next five years.
No one was modeling that, but it happened. And right now we’re seeing the same thing with AI. So a lot of new AI spending, AI security spending, if we sort of think about our forecasts five years from now, we have to build some optional value for all this spending that we can’t see right now, which makes our job that much more fun and challenging. But yeah, just to give you some perspective on how we think about growth for some of these companies.
Sekera: Yeah. And to some degree, I think that also is going to be encapsulated in our Uncertainty Rating, where we’re trying to model out kind of that cone of variability. But it almost sounds to me like you’re saying that if I had to think about the risk here, it’s probably going to be more risk to the upside that’s actually going to be larger and more spending over the longer term than we may even necessarily be conceptualizing at this point.
Khan: Yeah, for sure.
Key Differentiators for Cybersecurity Companies
Sekera: Yeah. Now, actually, I kind of want to turn the tables here. I got a lot of questions in from our viewers on the cybersecurity industry, and I think probably the most common one I get are, what are the key differentiators among the companies under our coverage? Thinking about maybe the big four, if you could kind of walk me through what you think those key differentiators are, and then if there’s maybe some of the smaller ones that you think are interesting as well.
Khan: For sure. So again, as I said, the way we envision the cyberspace is you’re going to see the big get bigger and the small vendors get squeezed. The big vendors that I’m talking about are Palo, CrowdStrike, Fortinet, and Zscaler, in that order. What differentiates these companies is that these companies have understood that we live in a different reality than we did five years ago. So now companies actually want to buy more from less vendors, which means that you can actually have multi … If you can have multidomain solutions, you can actually go ahead and go to market with those solutions and be able to gain traction, customer traction across multiple end markets, which is what we’ve been seeing CrowdStrike do, Palo do, Fortinet and Zscaler are also sort of moving in that direction as well. Now on the other side, you have vendors that are stuck in smaller segments, but also in just singular segments.
And we think those vendors are going to struggle. Now, obviously we cover some of them, but also, I mean, if you think about the overall shape of the cybersecurity industry, it’s very much like a hockey stick. So you have some large vendors at the front of the stick, but then you have a litany of smaller vendors, most of them privately held, that are just focusing on one module within one platform. And I think over time, those vendors are going to get squeezed.
Stock Pick: PANW
Sekera: All right. Well, actually, that’s a great segue to get into the part of the show that everybody loves the most. And that is going through our individual stock picks, and you’ve bought three stock picks, each of them with an economic moat for us today. So that first pick is Palo Alto. I was wondering if you could just walk us through overall what the investment thesis is, what your outlook is, and then where that stock is trading compared to your fair value today.
Khan: For sure. So the stock roughly has more than 30% upside. Our fair value is $225. The key investment thesis on Palo, if you want to invest in Palo, you’re basically underwriting our vendor consolidation thesis. If you believe in our vendor consolidation thesis—that the large will get larger, and Palo will be able to gain market share across a variety of end markets, whether it’s identity, security operations, cloud, etc.–I think Palo is definitely the way to go to play cybersecurity or to invest in cybersecurity. Clearly, the company is seeing traction across those end markets. So it’s not like we’re speculating something that we don’t see the data points and the trends for right now. We think, again, speaking about our investment thesis on Palo, we think that AI is going to be a general sort of tailwind for cyber, but it’s going to uniquely benefit companies that actually have the scale to benefit from AI and have the engineering talent, the data, etc., to actually take those products to market. We’re seeing this already come into Palo’s annual recurring revenue.
So we’re pretty excited for what the future holds for Palo. We think the market is right now slightly worried about the company’s recent acquisition of CyberArk, which is roughly $20-ish billion. So that’s the big bite. And investors are worried about execution risk when it comes to CyberArk. We think the company’s track record of actually going ahead, acquiring companies, and being able to integrate them into their overall business is pretty solid. They’ve conducted more than a dozen acquisitions over the last seven, eight years, spent billions of dollars, and hands down, they’ve been great allocators of capital, and we think that they’re going to be able to get the cyber acquisition and the identity platform at large worked out.
Sekera: And out of curiosity, thinking about that acquisition, in your model, do you have different types of top-line revenue synergies once they acquire that company, kind of incorporate it into their own business? And then same thing, are there going to be different operating margin assumptions where you’ve been able to capture some synergies from the cost side as well?
Khan: Yeah. So definitely from the cost side, you’re going to have … The company has already talked about what that would look like. We think the forecast that management has put out for the free cash flow projections that they have is pretty reasonable. On the top line, I think there’s a ton more upside because identity is at an inflection point as we think about agentic and what that would mean for agentic identities to actually come in, and you’ll need some security apparatus around agents. And we think that CyberArk’s nonhuman identity, or NHI, security apparatus is pretty solid. And then you have Palo, which has essentially all of the large enterprises in their Rolodex. So they can actually go ahead and pitch CyberArk’s identity solution to these companies that are already adopting agents. So I think that sort of combination is pretty attractive and that should lead to strong top-line growth, and I think that was the industrial logic behind the acquisition in the first place.
Stock Pick: ZS
Sekera: Got it. Moving on here. So your second pick is Zscaler, and I’m curious, can you just maybe define specifically what exactly Zscaler does and then whether or not it’s slightly smaller size than some of the others might be a concern to you. You’ve already mentioned earlier about some of the smaller companies being more at risk of being either acquisition candidates or getting squeezed.
Khan: For sure. So in a nutshell, what Zscaler does is that, I mean, I talked about covid and what that did when everyone went digital. Essentially, historically, how network traffic has worked is that—you’re network traffic. So if I’m sitting in Toronto, my traffic would actually go to the headquarters, Morningstar headquarters in Chicago, and there would be a firewall that would sort of defend against any nefarious attacks that may come alongside my traffic. What Zscaler did is that if Ahmed is sitting in Toronto and he wants to access a cloud application, we actually don’t need to route his traffic through Chicago. We can just create a tunnel from Ahmed over to the cloud where the application actually resides. So these secure web gateways is what Zscaler’s claim to fame was, and they primarily operate in the network security market. Now, obviously, as I mentioned about platformization and vendor consolidation, they have moved on to other end markets as well, but that was their core business.
To your point about whether Zscaler, since it’s smaller than Palo and Fortinet and CrowdStrike, whether it could get squeezed as well, I think the company definitely has an enterprise-leaning customer base, has incredibly high retention rates. We’re talking late 90s%. And then we think that there’s plenty of growth ahead of it, especially as network traffic continues to grow. So again, as I mentioned before, we’re going to have a ton more agents than human beings actually use networks and actually use the internet, which is going to lead to a ton more traffic, and that’s exactly what Zscaler is out there to secure. So I think, I mean, there was some data that the company provided in the most recent quarterly report with model context protocol, or MCP, requests that the company’s processing have risen to millions, up from basically zero just a few quarters ago. So there’s clear traction when we think about agentic and we think about AI usage driving Zscaler’s sales.
I think what investors right now are worried about is, again, kind of similar to Palo, Zscaler had this acquisition, which was I think $675 million for this company called Red Canary. And Red Canary operates in a very different segment than network security where Zscaler does not have a ton of expertise in. And then company, the management mentioned increased churn in the Red Canary ARR base, or annual recurring revenue base. I think that spooked investors because you’re entering into a new market that you don’t really have expertise in. And then you’re talking about increased churn. And then there was some, I think they could have done disclosures better in terms of what the ARR that they were getting from Red Canary and what the organic growth rate for Zscaler’s own ARR was. Now from our perspective, since we’re not, obviously quarters matter and the next quarter matters and the quarter offer that, but if you’re thinking with a long-term trajectory of Zscaler, we think the long-term growth story very well remains intact.
And that’s why we think there’s a ton of upside for investors who have a long investment horizon and are willing to stomach some near-term volatility on this name.
Sekera: And out of curiosity, where is the Zsaler stock trading today compared to your intrinsic valuation?
Khan: For sure. It’s trading in the 150s. Our fare value is 300, so that would imply almost 100% upside, in the 90s upside. So yeah, it’s pretty attractive from here.
Sekera: Anything in the near term that you would consider a risk on this one?
Khan: One thing I would highlight with Zscaler is that recently investors have gotten more worried about seat-based pricing because they’re worried about white-collar job loss and what that means or hiring slowdowns in a lot of enterprises and what that would mean for growth. Zscaler’s main business has always been seat-based. Now, management will tell you that 25% of their annual contract value is now consumption-based, which is immune to this scenario of job losses or hiring slowdowns. But I think that’s definitely a near-term risk. If the increased contribution from consumption is not able to offset any weakness that we see in seat-based, that could create a headwind. And that would force us to sort of reevaluate our thesis on Zscaler. But we feel good about the ACV contribution from consumption-based, and we see that sort of growing far in excess of any weakness that we’re going to see on seat-based.
Sekera: So essentially what they would do is they would look to move more and more toward charging for the economic value added that they’re providing as opposed to just trying to sell an individual subscription for an individual seat.
Khan: For sure. I mean, and that’s the trend that we’ve been seeing across cyber. More and more companies are moving to consumption-based because it makes a ton of sense longer term, especially as we think about agents and we think about AI being deployed at large in organizations.
Stock Pick: FTNT
Sekera: Then let’s just wrap things up here. So the last pick you brought for us today is Fortinet. So if you could just walk us through your investment thesis there, your outlook for the next couple of years, and today’s valuation.
Khan: For sure. Fortinet trades at, there’s roughly around 30% upside, so it trades in the mid-80s. Our fair value is 108. Fortinet is a much cleaner story. It doesn’t have some of the execution risks that I mentioned with Palo and Zscaler. What Fortinet has is its core business, its firewalls. And then the company has been selling SASE, which is essentially the convergence of networking and security and security operations on top of its firewall to its firewall customers. So it has more than 800,000 firewall customers and is basically going to those customers and saying, “Hey, we’re also selling SASE and SecOps. Do you guys want to buy them from us?” And that creates a very attractive upsell because you don’t have to go and hunt new customers. So it’s good for your profitability, as cross-selling is much cheaper than landing new clients. And then, as I mentioned, they’re doing this at a time when customers have a ton of appetite for vendor consolidation.
And by the way, when I say vendor consolidation, customers don’t have an appetite because again, it’s going to save them 10%, 20%. They have an appetite for vendor consolidation because it actually improves security outcomes. If you have less security vendors, your cost per breach goes down, the frequency of breaches goes down, and that’s the trend that these companies are playing toward. When it comes to Fortinet, the company’s clearly seeing a ton of growth in SASE and SecOps, while the firewall business also remains pretty healthy. So we’re pretty confident in the company’s long-term trajectory. And I think the market is mispricing some of that long-term growth, specifically when it comes from SASE and SecOps, and how that is going to lead to higher top-line growth for the business.
Sekera: Got it. Ahmed, thank you very much for joining me today on this bonus episode of The Morning Filter. And for those of you who would like more information about any of the cybersecurity companies that we cover, you of course can read Ahmed’s analysis on Morningstar.com or whichever Morningstar platform you use. And I hope you’ll join Susan and I every Monday for The Morning Filter Podcast, which is at 9 a.m. Eastern, 8 a.m. Central. Every week, we cover what should be on your radar for the week ahead. We review what research from Morningstar has been published the prior week you shouldn’t miss. And then we always wrap up with either a couple of new stock picks, a couple of stock pans, or swap ideas. Thank you very much for spending your time with us here today.
