Palo Alto Networks (PANW): Uncertain Outlook Amid Business Transformation
Source: TradingView
Investment Thesis
TradingKey - Palo Alto is the biggest player in the area of network cybersecurity. The revenue growth of the company has been slowing down in the last year due to an aggressive discounting policy, which is a consequence of revamping their sales approach from selling stand-alone products to providing more holistic platform-style services. We believe this approach has quite an uncertain outcome, as it will be a difficult task for the company to persuade their clients to choose Palo Alto products over the competitors’. This will imminently lead to margin headwinds, and this combined with the modest growth does not justify the high valuation of above 100X PE.
The Importance of Network Security
Network security is protecting the transfer of data within the network and data being transferred within the network. Some of the major technologies include firewalls, intrusion detection & prevention systems, virtual private networks, secure web gateways, and secure access service edge (SASE). Network security is the biggest segment of the cybersecurity industry, underlining its overall importance.
Firewalls are the centerpiece of network security, as they control the traffic as it enters or exits the network. Firewalls can be in the form of both software and hardware, as software firewalls are programs installed on devices, while hardware firewalls are physical devices that can be gatekeepers between the global internet and the local organization network. Their core technology is packet inspection, where the firewall will inspect where data is coming from and where it’s going. Advanced firewalls can monitor traffic patterns and apply several additional controls to secure networks. Market leaders include Palo Alto Networks, Fortinet, and Check Point.
Company Business Model
Palo Alto is the largest pure-play cybersecurity company both in terms of market cap and revenue. As the largest player in the industry, Palo Alto has a wide range of product offerings spanning across the whole cybersecurity value chain, but their main specialty is network security (firewalls).
The revenue of the company is recorded in two separate segments: 1) product and 2) subscription and support:
Source: SEC Filings, TradingKey
Product: Revenue which comes primarily from their ML-powered Next Generation Firewall (NGFW) devices, as well as software licenses related to security. This kind of revenue is recognized at the time of deployment.
Subscription and Support: This revenue is recognized throughout time (typically 1 to 5 years). The subscription part is a typical SaaS model for Palo Alto products (similar to what we see in CrowdStrike), while the support part is mostly from post-sales support and training.
When it comes to distribution strategy, Palo Alto combines the use of a direct sales approach to customers combined with the use of extensive distribution networks where their products are sold to third parties (distributors) which are then sold to the end customers.
Source: Generating Value
In terms of cost structure, Palo Alto cost of revenue consists of manufacturing costs of their firewall devices, as well as shipping, tariffs, data center costs, customer support costs and cloud hosting costs.
When we compare Palo Alto with CrowdStrike, the second largest cybersecurity firm we will discover some major differences in their business models: 1) Palo Alto has a significant portion of a hardware business, unlike CrowdStrike which is almost entirely cloud-native SaaS – implying the differences in the cost structure; 2) Palo Alto recognizes a big portion of its revenue at the point of deployment, unlike CRWD revenue that is recognized over time
Financial Analysis and Outlook
Source: SEC Filings, TradingKey
In recent quarters we are observing a slowdown in Palo Alto revenue growth. The main reason for this is the transition of its strategy towards platformization, which means Palo Alto is gradually starting to sell their products and services as a platform (or a bundle), not on a stand-alone basis. Considering that most clients have predominantly separate stand-alone products, Palo Alto is in the process of renegotiating the terms with them and persuading them to switch to a bundle of extra services. As clients usually have pre-existing products from other vendors, they are not willing to spend extra on the same product, thus Palo Alto is trying to provide generous discounts and free trials for over 6 months.
This means the company will not be billing a significant portion of the services they provide, lowering the revenue growth in the coming period.
With the platformization strategy, Palo Alto has the following goals: 1) The company wants to lock its clients with a comprehensive set of services and thus will move away from on-point revenue model to revenue model that is recurring and easily predictable; 2) use its solid financial position ($3.3 billion cash reserves and zero debt) to outcompete peers and aggressively gain market share.
However, there are some significant risks inherited with this strategy:
Short-term tailwinds in the company’s financials: By providing generous free trials and discounts to onboard its clients on their holistic platform solutions, Palo Alto will sacrifice a portion of its revenue growth and profitability, as the growth towards low-teen digits and the gross margin is inching down from previous periods.
Source: SEC Filings, TradingKey
Free trials and discounts are not a guarantee: By being provided with free trials, many customers may just not opt for continuing after the trial expiry, as they don’t want to over-rely on a single cybersecurity vendor.
More intensified competition: With the goal of providing products and services across a wide range of cybersecurity categories, Palo Alto will have to come up with the best products in class so the clients will choose them over other competitors. We know that in other spheres of cybersecurity, different from network security, there are other platers with top-level products (e.g. CrowdStrike and Microsoft in endpoint security), thus it will be challenging for Palo Alto to gain market share there. This will lead to increased capex, marketing and R&D spending, which will affect the operating margins negatively.
Evidence that the platformization strategy will be a challenging path ahead is the fact that we already see signs of slowdown. In Q1, the management announced the closing of 100 deals with clients related to platformization, while in Q2 (the most recently reported quarter) these deals were down to 50.
Source: Investors’ Presentation
Source: SEC Filings, TradingKey
Valuation
The valuation of the company is currently not cheap, 113 times the expected 2025 GAAP earnings. We believe this is not an attractive price to enter due to:
- Revenue growth prospects are modest, expected to be around 15% for the coming years, mostly due to aggressive free trials and discounts.
- Limited upside in margin expansion, as we will observe more aggressive user acquisition translating into higher marketing costs, and more spending on product improvement (more R&D costs).
Risks to the Investment Thesis
Despite the near-term outlook for the company being complex. There can be some positive developments for the company.
A big advantage for Palo Alto is their strong balance and solid operating cash flow record. Currently, the company has $3.3 billion in cash and cash equivalents, $1 billion in securities and no debt at all. This is all supported with a strong track record of positive operating cash flows:
Source: SEC Filings
Source: SEC Filings, Bloomberg Intelligence
With the second-best cash position among the pure-play cybersecurity stocks, the company can invest in the development and the improvement of their product line (especially products related to AI and cloud computing, which are in huge demand right now).
Another way the company may develop is inorganically – through M&A and taking smaller innovating players.
The downside risks to our thesis are 1) intensified competition from other players; 2) more aggressive discounts on products, as well as 3) potential IT outage that we saw with CrowdStrike last year.
