Hacking Palo Alto Networks' Growth

In our Large Cap Capital Appreciation Portfolio (LCCAP) checkup, we looked at why Palo Alto Networks (PANW) was among the worst performers since the portfolio’s inception on March 31. We concluded that that was a mainly because of timing: PANW had a great run in the few weeks preceding the inception of the portfolio and was due for a pullback. In this deep dive on Palo Alto, we will examine whether our original thesis on PANW still holds water.

PANW isn’t cheap so it was not a value pick, but few companies have been growing as fast as Palo Alto Networks in the past three years. Palo made the cut into the portfolio as a growth play. So the fundamental question for any would-be investor in PANW is: can it sustain this growth? But before we answer that question, let us look at what other factors went into our original investment thesis for Palo Alto.

What sets PANW apart

The Product

PANW differentiates itself from peers by offering an enterprise security platform that combines next-generation firewall, advanced endpoint protection, and Threat Intelligence Cloud (a threat-assessment database), which it sells predominantly to medium and large enterprises as well as to government entities. The offer of a single integrated security platform has been a unique selling point for the company, compared to peers like Fortinet (FTNT) that offer various platforms for different products. Palo Alto’s platform includes content-based threat prevention technology which does not rely on easily changeable attributes like URL or Filename, in addition to heuristic analysis, which most competitors also offer. Furthermore, its content-based threat prevention technology is built on a single-pass architecture that increases throughput and reduces latency by screening traffic only once but performing all security checks in the single pass. Peers, on the other hand, offer a wide range of security platforms. Fortinet, for example, offers security platforms based on internally designed processors—application-specific integrated circuits (ASICs)—primarily targeted at small to medium sized enterprises (FTNT and PANW are similar in their sales numbers but PANW has a bigger market cap). Fortinet has recently started to push into the large enterprise space, but this isn’t a big threat to PANW because large enterprises are reluctant to completely replace their existing systems as switching to new ones is not only risky but also expensive (FTNT 2015 10-K Risk factors).

High Growth with Little International Exposure

Palo Alto unlike some of its competitors is largely based in the US and has modest international exposure. In 2015 only 36% of Palo Alto’s total revenue was from abroad while the rest was from the United States compared to Fortinet which had 72% of its revenue coming from abroad and only 27% coming from the US (illustrated below), or to Checkpoint (based in Israel) which had 52% of revenue from international markets and 48% from the US.

palo alto networks panw & fortinet ftnt sales by region

This is advantageous in two ways: first, Palo Alto has relatively little currency risk, and two, Palo Alto still has room to grow abroad in the future.

Product Revenue Still Greater than Service Revenue

The mark of a maturing cyber security firm or maturing industry is service revenues exceeding product revenues. Mature peers like Fortinet and Checkpoint (CHKP) get more revenue from support, maintenance, and subscriptions than they do in product sales. But that is not the case with Palo Alto; it is a young company and still gets more in revenue from product sales than it receives from services. However, its service revenue is growing faster than product revenue and should account for majority of the revenue in the future. While this may spell slower growth in the future, there is still plenty of runway as we’ll see, and currently both product and service revenues are growing fast.

In addition to these company-specific factors, Palo Alto stood, and continues, to benefit from strong industry tailwinds. Growing cyber security threats are increasing the demand for security services.

Good Industry Prospects

Not only is Palo Alto is in a growing industry, communication equipment, it is focused on a growing niche of that industry, network security. This contrasts with a security firm such as Symantec (popularly known for Norton antivirus) that is focused on a declining niche of the industry, PC security. PC security faces increasing competition from PC manufacturers and others. PC manufacturers increasingly preinstall their own security software while other players such as Intel (McAfee), Sophos, etc. offer their own free software. On other hand, the rise of enterprise networks and cloud computing has increased demand for network and cloud security which Palo Alto and others offer while Symantec does not.

The cyber security industry will not be slowing down anytime soon. Not while hackers are still hacking. The latest high profile victim was the Bangladesh Central Bank and a possible victim was another cyber security firm, Juniper Networks. The former is a tailwind for cyber security, representative of the increasing need for the industry’s services, while the latter symbolizes a risk for cyber security firms (they are hackable too) that could slow down its growth.

In the Bangladesh Bank case, hackers tried to steal close to $1 billion from the Bangladesh Central Bank’s Settlement Account at the New York Fed. The majority of the requested transfers were blocked but a few made it through and $81 million was sent to accounts in the Philippines. Hackers reportedly breached the Central Banks systems and got payment credentials which they used to request transfers at the New York Fed. FireEye (FEYE), a much smaller competitor of Palo Alto, was hired to help with the investigation. The bottom line is that demand for cyber security will increase as more institutions seek to protect their systems from such attacks. In 2015, security spending rose 24% according to over 10,000 CEOs, CFOs, and CIOs in 127 countries surveyed by PricewaterhouseCoopers.

In the Juniper case, unauthorized code was found in ScreenOS, the embedded operating system for its NetScreen firewall devices, that would give the hacker administrative access. Juniper said it hasn’t received any reports that the vulnerability has been exploited. But that is not to say that it was not exploited. The administrative access, the hacker would get, included the ability to alter the log files “thus effectively eliminating any reliable signature that the device had been compromised.” Such vulnerabilities and potential attacks dampen demand for cyber security services not only from the affected company but its peers. However, this shouldn’t be kryptonite for the industry’s growth as clients are fairly captive because of high switching costs. If they switch from a hacked cyber security provider to a new one, that doesn’t reduce overall industry demand—only for that security provider. Additionally, budget constraints prevent many firms from creating their own solutions or having dedicated IT security departments. Even for large enterprises that may have the funds to do so, lack of talent, time etc. increases the cost of switching.

Can the pace continue?

Over the past three years, Palo Alto has been growing faster than any of its peers. Its 40% sales growth rate in the past year was only beaten by Imperva which posted a 40.7% growth rate, seen in the table below.

cyber security growth rates

Given the fast growth Palo Alto has had, can it continue? I answer yes primarily because Palo Alto is still doing more in product revenues than services revenues. When the market begins to saturate in the future, Palo Alto can continue to upsell the new clients adopting its products while peers who are already upselling their existing clients may have little room to do so. The following two charts illustrate this:

palo alto networks panw & fortinet ftnt revenue sources

Palo Alto’s chart above is simply showing that product revenues (blue bar) still account for the majority of its total revenue although service revenues (red bar) are increasing rapidly and will soon surpass product revenues. Even though its total client base growth may begin to taper, the company still has some distance to go before this chart inverts and stabilizes, which is what we are seeing with Fortinet. Fortinet’s chart shows that service revenues account for the majority of its overall revenue and that the relative contributions of product and services sales have been constant for the past two years.

But we can’t ignore the fact that PANW is increasingly selling more to existing customers (service revenues progressively contributing more to overall revenue) than it is selling in new customers (product revenues contributing less and less to aggregate revenue). This suggests a deceleration of growth perhaps because of market saturation.

The deceleration in growth will no doubt adversely affect Palo Alto but even more so peers like Fortinet who are trying to break into the large enterprise space. Palo Alto’s 40% sales growth will come down into the middle 30s and high 20s in the near term. Smaller peers like FireEye will also see their growth slow down. However, new and increased cyber-attacks on enterprises can break the deceleration as organizations with legacy products seek to find new and improved security platforms.

The Upcoming Earnings Release

Generally, most cyber security stocks are down after Imperva (IMPV) and FireEye posted mixed Q1 results early this month. Palo Alto was not spared but it hasn’t reported fiscal Q3 2016 earnings yet; that is scheduled for May 26. The Street has PANW making $339M in total revenue, up from $334.7M the past quarter, and $0.41 per share in non-GAAP earnings, up from $0.40 the previous quarter. However, the company is still making GAAP losses; in fiscal Q2 2016 it registered losses per share of $0.72. I expect the GAAP losses to continue because management reported in their Q2 2016 filing that they “expect sales and marketing expenses to increase in absolute dollars.” However, the increased expenses are justifiable because they contribute directly to growing sales and increasing PANW’s market share. The major threat to PANW’s GAAP profitability would be c-suite compensation. For example, CEO Mark D. McLaughlin is one of the highest paid executives in the United States—ranking fifth on the Bloomberg Pay Index for 2015. In addition to the approximately $1.2M in cash compensation he received, McLaughlin was granted 600,000 in stock awards for 2015 which at the current price of around $130 amounts to $78M. For 2015, total c-suite cash compensation (i.e. excluding stock awards) grew 95% to $4.1M as shown below:

palo alto networks panw executive c-suite compensation

Other executives received far less than McLaughlin but still substantial amounts in stock awards. Executive compensation—although essential for attracting and keeping talent—was and remains a key concern for Palo Alto. Independent of this concern, I expect a solid performance based on growing service revenues, although I do expect performance to be slightly muted given the trends among peers.

The Selling Price

Growth companies are almost always expensive. Tech companies also tend to be expensive. Additionally, young companies tend to be expensive. Palo Alto is all three so naturally it is very expensive. It was expensive when our portfolio was started but the recent pullback has made PANW relatively undervalued compared to some peers like Barracuda Networks (CUDA) or FireEye (FEYE), as shown below.

palo alto networks panw valuation

The older, stable and slower growing companies—Checkpoint, Symantec, BT and Fortinet except Imperva—are cheaper than Palo Alto, which ranks 6 out of 9 based on the following weighted valuation criteria:

palo alto networks panw valuation criteria and weights

Given the difficulty of valuing tech companies, it is hard to accurately value Palo Alto but fundamentally it boils down to the product. Is PANW’s product better than that of its competitors? The rapid uptake of the product especially by large enterprises seems to suggest so. Can PANW maintain that edge and prevent someone else from doing to them what they are doing to old-timers like Checkpoint and Symantec? I don’t know, but I do believe Palo Alto will maintain its edge in the next few years, unless a dark horse emerges. Ultimately, valuing these companies is a question of risk appetite. If steady growth, little debt, and positive FCF are most important for an investor, then Checkpoint would be a better pick. However, if explosive growth, rising market share, and the other factors mentioned earlier are more important, then Palo Alto currently might be a good choice.


Despite Palo Alto’s near-term growth decelerating, its fundamental long term drivers have not changed. Palo Alto continues to grow faster than most of its peers and is taking market share from them. Its highly integrated security platform is a product that clients may find easier to adopt than the various platforms offered by competitors. Its focus on medium and large enterprises and not small businesses targets a highly lucrative customer segment and a captive one (because of high switching costs). Its low international exposure leaves room for future growth while limiting currency risk. Additionally, the company will enjoy strong industry tailwinds given that having robust cyber security is becoming increasingly important for businesses. All these factors combined give Palo Alto some economic moat that will protect it for the next few years. The beating the stock has taken lately might offer a favorable entry point.


You can track the performance of the Large Cap Capital Appreciation Portfolio by downloading it from the Library.