Earnings Call
Allot Ltd. (ALLT)
Earnings Call Transcript - ALLT Q4 2025
Operator, Operator
Good day to all of you, and welcome to Allot's conference call to discuss its results for the fourth quarter and full year 2025. I would like to thank Allot's management for hosting this conference call. As a reminder, this conference call is being recorded. If you have not received the company's press release, please check the company's website at www.allot.com. With me today on the line are Mr. Eyal Harari, CEO; and Ms. Liat Nahum, CFO. Following Eyal's prepared remarks, we will open the call for the question-and-answer session. Both Eyal and Liat will be available to answer those questions. You can all find the highlights of the quarter, including the financial highlights and metrics, including those we typically discuss on the conference call in today's earnings press release. Before we start, I'd like to point out the following safe harbor statement. This conference call may contain projections or other forward-looking statements regarding future events or the future performance of the company. Those statements are early predictions and Allot cannot guarantee that they will, in fact, occur. Allot does not assume any obligation to update that information. Actual events or results may differ materially from those projected, including as a result of changing market trends, delays in the launch of services by Allot customers, reduced demand and the competitive nature of the security services industry as well as other risks identified in the documents filed by the company with the Securities and Exchange Commission. Also, the financial results in this call will be presented mainly on a non-GAAP basis. Allot believes that these non-GAAP financial measures provide more consistent and comparable measures to help investors understand Allot's operating performance in the quarter for all the data, please refer to the financial tables published in the results press release issued earlier today, which also include the GAAP to non-GAAP reconciliation tables. And with that, I would now like to hand the call over to Eyal Harari, CEO of Allot. Eyal, please go ahead.
Eyal Harari, CEO
Thank you, Kenny. We delivered a strong fourth quarter, concluding a year of accelerated revenue growth, significant expansion in cybersecurity ARR and solid improvements in profitability and operating cash flow. In 2025, we returned to double-digit year-over-year revenue growth, reaching $102 million, up 11% versus 2024. We reported our highest level of profit and cash flow in over a decade, reflecting a significant step-up in operating leverage and demonstrating the scalability of our business model. Our primary driver of growth, our Cybersecurity as a Service offering continues to scale rapidly and is increasingly driving the quality and predictability of our revenue base. As of year-end 2025, the ARR was up 69% year-over-year, and we continue to experience very strong traction. Recurring revenue continued to grow as a share of total revenue and increased to 28% of revenues for the fourth quarter, underlying our transition towards a structurally recurring and more resilient revenue model. For the full year, recurring revenue representing 62% of total revenue, significantly enhancing our revenue visibility. We ended the year with the strongest balance sheet in many years with over $88 million in cash and no debt, providing strategic flexibility to invest in growth initiatives while maintaining financial discipline. Overall, our results illustrate the success of our go-to-market focus and the power of our Cybersecurity-first strategy. At the start of 2025, I laid out Allot's strategy for renewed growth. We are focused on being a cybersecurity-first company operating globally under a unified business unit with a proven synergetic capabilities of cybersecurity and network intelligence. Our success in 2025 demonstrates that this strategy is working. We believe our integrated cybersecurity and network intelligence solutions uniquely position us within the service provider ecosystem. Our subscription-based cybersecurity offering as a service generates recurring monthly revenue and provides us with good visibility. The pipeline of new potential business continues to be strong, and our offering is gaining broad traction. The growth from cybersecurity as a Service offering is built on four pillars. First, we are constantly working to expand the number of CSPs and telcos that we work with to launch cybersecurity protection. Every new CSP we partner with immediately expands our addressable market as it brings us a large new customer base. We recently reported that Compax Venture selected us as a cybersecurity partner, enabling its brands and community-based MVNO customers to differentiate their services with built-in cybersecurity powered by our solution. This partnership significantly enhanced the value proposition that these MVNOs offer to their customers and opens for us another scalable avenue of recurring revenue, extending our reach into new customer segments and use cases. The second pillar, after launch, we expand our services to new end-user segments at the CSP or telco, for example, from broadband to mobile customers. Third, we focus on growing penetration of our cybersecurity protection services among our end-users by partnering with the customer to market the solution and ensure those subscribers understand the significant added protection they will get at the marginal increase to the monthly bill. Finally, the fourth, we look to upsell new applications and products to customers. As part of this strategy, we recently released our OffNet solution, an example of a product with significant value added because it ensures that the end user can remain connected and protected to the CSPs or telcos even when the end user is not on their network. These innovations enable our customers to introduce high-tier security plans to their subscribers, increasing ARPU and driving incremental recurring revenue for both the operator and Allot. We have already upsold this product to both existing and new customers. Looking ahead to 2026, as cybersecurity threats continue to intensify, we remain focused on protecting the consumer and SMB markets, segments that we believe remain underserved by traditional security solutions. Our ambition is to evolve from providing 360 degrees protection of data to delivering 360 degrees protection of the digital life of the consumer. This expands security beyond networks and devices to the individual encompassing identity protection, scam prevention and AI-driven security services. This vision reflects how we see consumer cybersecurity evolving over time and is supported by a pipeline of new AI-enabled products that we have been developing for over a year, strengthening our competitiveness and long-term differentiation. AI is fundamentally reshaping the cybersecurity landscape. Attackers are increasingly using AI to operate at greater scale, speed, precision and personalization. At the same time, enterprises and consumers are rapidly adopting AI-driven applications, introducing new and often unmanaged attack surfaces. This shift requires a rethinking of traditional security approaches. An AI-enabled world must be proactive, seamlessly embedded into everyday digital usage and require minimal to no end-user configuration. Our Cybersecurity as a Service platform already delivers real-time zero effort protection, providing scalable, always-on security that evolves in step with rapidly advancing AI-driven threats. In parallel, we are actively leveraging the latest AI technology to further enhance our solutions, addressing current risks while anticipating emerging AI-powered threats. The significant global investment in AI infrastructure is creating a growing need for advanced cybersecurity protections, and it is a meaningful opportunity for Allot. Within the SMB segment, we are executing aggressively to deliver more competitive end-to-end security solutions. We believe the small and midsized business market remains underserved in the cybersecurity landscape and that delivering protection via the network is the most effective approach. We now offer immense protection beyond the business network with OffNetSecure, have launched Firewall as a Service, which is already live and deployed, and we introduced DDoS protection for SMBs, enabling protection of inbound traffic, not just outbound. In addition, we expanded into identity with domain-level identity theft monitoring, helping SMBs protect the digital identity of all the users across the organization. Together, these capabilities bring enterprise-grade security to SMBs through a simple cloud-delivered model. Today, our Smart product is sold as part of our unified cybersecurity first platform with its best-in-class technology continuing to drive strong demand. We are executing on recently won projects, including SG Tera redeployments and upgrades while continuing to invest to maintain our technology leadership. Interest in the SG Tera platform remains strong, supported by the healthy pipeline from both existing customers upgrading and new customer wins. We were recently selected by a Tier 1 telecom provider in Asia in a multiyear deal worth high single-digit millions to deploy our network intelligence solution. This deployment will enable the operator to gain detailed application level visibility into network traffic and extract actionable insights. This follows our largest customer win in over five years, a tens of millions of dollar agreement signed last year with a Tier 1 operator in the EMEA region. The deals include a long-term recurring maintenance and support component, underscoring the strength of our cybersecurity first strategy. Together, these two deals provide increased revenue visibility with Smart product revenues expected to be recognized in 2026 and 2027. Looking ahead, we have a pipeline of solid opportunities for Smart. While SECaaS is our primary growth engine, the recent multimillion-dollar project wins reinforce Smart's role in providing multiyear revenue visibility and supporting the overall profitability with potential upside depending on the project conversion timing. We continue to invest in marketing and sales. These investments are focused on strengthening our go-to-market capabilities, supporting new product launches and driving demand across both service providers and enterprise segments. As part of this effort, we will be participating in major industry events in the coming months. In a few weeks, we will attend Mobile World Congress in Barcelona, where we plan to meet with many of our existing and new potential customers and partners and showcase our latest products and services. We will also participate in the RSA Conference in March, one of the leading global cybersecurity conferences. At RSA, we will demonstrate our cybersecurity solutions and capabilities. Our goal is to generate increased traction with new potential customers interested in our Cybersecurity as a Service offering. In summary, we are pleased with our 2025 performance, highlighted by the strong fourth quarter, double-digit revenue growth, improved profitability and cash flow and a significantly strengthened balance sheet. We believe 2025 marks a structural transition for Allot to a more scalable and profitable growth model, driven by our differentiated security first strategy and expanding recurring revenue base. Given the continued growth in our cybersecurity business, strong visibility and solid backlog, our momentum is set to continue in 2026. We expect SECaaS to continue delivering strong double-digit ARR growth, increasing its contribution to the total revenue and driving overall revenue growth in 2026 to between $113 million and $117 million alongside continued profitability improvements. Overall, I'm increasingly optimistic about Allot's future and excited to continue executing on our cybersecurity first strategy. And now I would like to hand it over to our CFO, Liat Nahum, for the financial summary.
Liat Nahum, CFO
Thanks, Eyal. Revenue in the fourth quarter was $28.4 million, up 14% year-over-year. Revenue from our growth engine, Cybersecurity as a Service was $8.1 million in the quarter, up 70% year-over-year and comprising 28% of our revenue in the quarter. Cybersecurity as a Service ARR as of December 2025 was $30.8 million, up 69% year-over-year. For the year, total revenue was $102 million, up 11% versus $92.2 million last year, with Cybersecurity as a Service up to $26.8 million, representing 26% of our overall revenue. We finished 2025 with more than 60% of our total revenue being recurring revenue. I will now discuss the non-GAAP financial measures. For all our financial results, including the GAAP financial measures and the other various breakdowns of our revenue, please refer to the table in our results press release. Non-GAAP gross margin in the quarter was 71.9% compared with 69.7% in the fourth quarter of last year. Non-GAAP gross margin for the full year 2025 was 72% compared with 70.6% for the full year of 2024. Non-GAAP operating expenses were $16.8 million compared with $15.6 million in the fourth quarter of last year. Non-GAAP operating expenses for the full year 2025 were $64.5 million, similar to $64.4 million for the full year of 2024. We reported Q4 non-GAAP operating income of $3.6 million, up 101% compared with $1.8 million in Q4 2024. Non-GAAP operating income for the full year 2025 was $8.9 million, a significant improvement compared with $0.6 million for the full year of 2024. Allot had 490 full-time employees as of December 31, 2025. Non-GAAP net income was $4.1 million in the quarter or a profit of $0.08 per diluted share, up 105% compared with $2 million in Q4 2024 or a profit of $0.05 per diluted share. Non-GAAP net income for the full year 2025 was $10.9 million or a profit of $0.23 per diluted share compared with $1.6 million in 2024 or $0.04 per diluted share. We reported $8.1 million in positive operating cash flow in the fourth quarter and $17.8 million positive operating cash flow for the full year of 2025, significantly improving our liquidity position and demonstrating the cash-generating nature and potential of our business model. Cash, bank deposits and investments as of December 31, 2025, totaled $88 million versus $59 million as of December 31, 2024. As of year-end 2025, Allot has no debt. Looking ahead to 2026. As mentioned in previous quarters, our non-GAAP gross margin depends on the specific product mix sold in the quarter. Our expectations for gross margin in the coming year is in the range of 70% as it has been in previous years. Significant spending on AI data centers has created a sharp increase in demand and supply constraints for key components such as memory and servers. While we are actively managing our supply chain and cost structure, we expect this industry-wide trend to contribute to cost of goods pressure in the near term. As for operating expenses, we expect an increase in our sales and marketing expenses as we invest in sales and building our pipeline for the next 3 years. We also expect a modest increase in R&D expenses as we continue to invest in developing our products. In addition, since the beginning of Q3, the U.S. dollar weakened significantly versus the Israeli shekel. Given the fact that our headquarters are in Israel, we have significant operating expenses in shekels. Although we are hedging part of that expense exposure for 2026, the negative effect of this weaker dollar has been included in our profitability projections for 2026. Despite this FX and cost of hardware challenges, as Eyal noted, we are seeing strong traction with our security-first strategy that integrates cybersecurity and network intelligence, and we are forecasting double-digit revenue growth in 2026, driving revenues to between $113 million and $117 million. We also expect to drive continued profitability improvement. That ends my summary. Eyal and I are now happy to take your questions.
Operator, Operator
The first question is from Jonathan Ho from William Blair.
Jonathan Ho, Analyst
Congratulations on the strong results and guidance. I just wanted to see if you could give us a little bit of additional detail on maybe what drove the strength in the SECaaS business this quarter as well as any additional detail on your comments about robust double-digit ARR growth in 2026. Is there any way you can maybe triangulate that for us in terms of what that ARR growth could look like?
Eyal Harari, CEO
Thank you, Jonathan. The results for the SECaaS ARR this quarter were strong and exceeded our expectations. This was driven by solid adoption rates for the security services we've launched with our customers. Over the last four quarters, we've achieved several wins with Verizon and Vodafone, as well as new successes with MasMovil in Panama and additional services for both new and existing customers. This has broadened our addressable market, and the positive momentum for the security service remains strong, contributing to an increase in both ARR and revenue. As for next year, we're at the start of the year and are still seeing high demand for our security services. We anticipate strong double-digit growth, with our overall company revenue projected to be in the range of 13% to 14% at the midpoint, while we expect the SECaaS ARR to grow at an even higher rate. Although we don't have specific figures to provide at this time, we believe it will be significantly robust. Most of our growth this year is expected to come from the SECaaS ARR, which, as a final point, has now surpassed a quarter of our total revenue, indicating its impact on our overall revenue.
Jonathan Ho, Analyst
Excellent. And then just in terms of your opportunity with the MVNOs, can you talk a little bit about what that could mean in terms of unlocking additional total addressable market? How long does it take for that partnership to maybe translate into revenue and bookings? Yes. Just help us with a little bit more detail there.
Eyal Harari, CEO
So I will start with the general comment about the MVNO market. We identified that our cybersecurity as an add-on is a unique value proposition. While we started focusing on the MNOs, the network providers, we identified that if we target MVNOs that are coming with a unique business proposition, this might make a lot of sense because they are typically looking for a differentiator. And we are working to offer different MVNOs to add cyber to their base package. And by that come with a more secure network proposition. They are typically not differentiated by the network quality or the big network provider brand like Verizon or Vodafone. And we believe cybersecurity could be a nice differentiator. The partnership with Compax, which is an enabler to an MVNO launch is around embedded our security in their infrastructure, which makes it easier for the MVNOs to launch new services. We are currently targeting two new MVNOs that are about to launch during Q2 that will have the cybersecurity embedded in their offering. It's hard to know the exact influence because our success relies on their success. We know they are targeting millions of new subscribers, and therefore, it could be significant, but we really are dependent on their success in the market, and it's very hard for us to assess it internally at Allot. So overall, we believe it's a new seed we planted that might evolve into something bigger over time. It's not going to influence in the next couple of quarters. But over time, with their subscriber growth and their new network launch, this is another addition to the mix. And we are hoping that following the successful two new MVNOs, we will be able to continue to market to additional MVNOs across the world.
Operator, Operator
The next question is from Nehal Chokshi of Northland.
Nehal Chokshi, Analyst
Congratulations on the impressive results and strong cash flow from operations. Regarding the SECaaS annual recurring revenue, you've already provided a lot of insight into the qualitative factors. Could you remind us what you mentioned a year ago about your expectations for SECaaS ARR, which seemed a bit vague at the time, but indicated double-digit growth? Is the language you are using now more optimistic compared to last year?
Eyal Harari, CEO
I don't want anyone to speculate. We do see good demand for the solution. We are giving the visibility we have, as we shared before. We are dependent on when we will bring the new customer wins, when those new wins will be launched and go to market, and the timing of those launches are not always in our control and also different marketing campaigns that our customers are having. We believe that the overall strong growth will continue, and this is reflected in our overall top line growth. And we will share more visibility as the quarters progress, and we have more certainty and clarity on service launches. I would say that a significant part of our growth is coming from services that are already launched and already in the market. And we don't see any reason why this should not continue to drive strongly.
Nehal Chokshi, Analyst
Okay. And then as far as the sequencing of incremental ARR as we go through calendar '26 by quarter, what are your initial thoughts on what that profile would most likely look like? I understand that there's a lot of uncertainty still.
Eyal Harari, CEO
We are aiming for strong double-digit growth. If you look at our incremental growth each quarter, you'll notice we are making significant progress. Comparing our Q4 numbers to Q1, you can see an increase. We expect the additional revenue and annual recurring revenue to be in a similar range. However, this depends on the go-to-market strategies of our customers, which could elevate our numbers as we anticipate robust campaigns starting early in the year. We will gain more insight as we receive results from these ongoing campaigns to assess their success. In the first quarter, we are mainly building on what we have already launched, focusing on short-term growth as outlined in our various growth pillars. As the year progresses, we will rely on new service launches to stimulate additional growth in the latter half. Overall, we are very optimistic about our SECaaS opportunities this year.
Nehal Chokshi, Analyst
Okay. Great. Last question for me is that in the beginning part of your prepared remarks, you talked about a new SKU already being adopted by existing customers. Can you just give a little bit more detail around that?
Eyal Harari, CEO
I mentioned the OffNet product. Last quarter, we announced the first customer win since we are continuing to work with both our existing and new customers to add this OffNet security component. While our key differentiator is that our security is embedded with the network, we identified additional demand for customers that they want to keep the same best-in-class protection even when they are not on the home network of their customer or their carrier. So if I am now moving from a cellular connectivity to WiFi, I want to make sure that I don't lose the same high level of protection. And this is where the off-net protection steps in. This is an increased value that helps our customers to increase the revenue from the security package. It's like a higher deal of security. By that is another revenue generator for Allot. As I also added, we are adding additional new products that are being launched as we speak. We are going to share more information as part of the product launch campaign to further increase and add more cybersecurity protections and capabilities that will add to our upsell, cross-sell growth opportunity and drive the shorter and midterm growth for the company.
Operator, Operator
The next question is from Shaul Eyal of TD Cowen.
Shaul Eyal, Analyst
Congrats on completing a very solid year. Eyal, one of the topics in recent weeks is whether AI is hitting software. And in that context, the more resilient cyber arena was not immune to sharp stock declines, although a lot shares showed great stability. Talk to us about what your customers are telling you in that context as you drive a different model than other pure security companies? And I have a follow-up.
Eyal Harari, CEO
Thank you, Shaul. So we do see that AI is increasing the awareness of the cybersecurity threat. I remind you that we are focusing on the lower-tier customers, the consumer and the SMBs that are typically more open markets for cybersecurity. Most of us as consumers and small business owners are still very much unprotected, and the awareness is much lower compared to where other enterprise customers are. We see that it's easier to explain to consumers that cyber threats are real and the whole buzz around AI and with all the good that it brings, but also the cybersecurity hazards that are created by it. This is something that we believe overall increases the demand and helps carriers to sell more cybersecurity protection. In Israel, we see some commercial ads that are targeting for this audience. This is why we believe that this will drive our demand for our product. The beauty is that it comes from the network, and therefore, it's always on embedded in the solution and provides a more secured service.
Shaul Eyal, Analyst
Eyal, maybe talk to us about progress at Verizon, maybe as an example. And how do you envision any potential upsells you haven't seen previously? In other words, how long does it take you to penetrate one of those CPSs and then start and upsell new capabilities that, for example, were not under the master agreement? Just curious.
Eyal Harari, CEO
Working with CSPs involves a lengthy sales cycle, but once we establish a relationship and prove ourselves as a trusted partner within the existing contractual framework, the cycle tends to shorten. This has been evident in previous expansions, such as our recent work with Verizon, where we transitioned from protecting fixed wireless access to securing mobile business customers. While I can't discuss specific opportunities with individual customers, I can say that the new additions to our OffNet offerings and other cyber protection solutions I mentioned earlier are creating opportunities to boost our revenue and ARR from our existing customer base.
Operator, Operator
The next question is from Jonathan Ruykhaver from Cantor Fitzgerald.
Jonathan Ruykhaver, Analyst
So the first question I have is about the opportunity you're seeing from Sandvine. From what I've read, it appears that Sandvine has become a new entity. It seems the focus may have shifted more towards enterprise, cloud, and managed service providers instead of Tier 1 carriers. I'm interested to know if you're noticing any incremental changes regarding market share gains related to Sandvine.
Eyal Harari, CEO
In general, we are not commenting on competition. I would say that most of our focus, as you see in our plans and results is around cybersecurity. This is where we are mainly putting most of our R&D efforts and our strategic investment. We do see, as mentioned before, that our Smart product line is performing very well. As mentioned in my prepared remarks, we added another high 7-digit new agreement during the last few months that is adding to our backlog of opportunities around the Smart that gives us good visibility into '26 and '27 to continue to have the Smart product line as an important contributor to our revenue growth and profitability. While executing well and capturing the opportunity in the network intelligence space, we continue to grow and invest strongly into cyber and continue to grow strongly in this space.
Jonathan Ruykhaver, Analyst
I completely understand. It seems to me that the Smart business is still quite significant overall. Regarding AI as a potential disruptor, I'm curious about how you plan to allocate resources and make future investments, and how that aligns with the anticipated increase in network traffic driven by AI. This appears to be a potential advantage for the SG-Tera III platform.
Eyal Harari, CEO
Yes. Definitely, AI adds some network traffic in the AI data centers, and we are looking for ways how this adds more demand for traffic intelligence like giving more visibility on the AI use cases that are implemented, getting the right priority to ensure that AI critical workloads are getting the right quality of service. This is why we believe part of the Smart product line should add more capabilities that are in this space.
Jonathan Ruykhaver, Analyst
Yes, that makes sense. For my final question, and as you've hinted at earlier, it appears that being integrated into the telco infrastructure offers significant advantages compared to the traditional endpoint deployment of most consumer cybersecurity vendors today. You've mentioned new capabilities in the cybersecurity area. Can you provide more information on the timing and specific products? It seems that issues like AI-driven malware, phishing scams, and identity theft are inherently network-related problems that you are well-prepared to tackle. Any additional details on that?
Eyal Harari, CEO
Yes. One of the things I mentioned before that we see that consumers are looking for a higher level of protection, not only from network threats, but more from, as you indicated, fraud-related concerns. Part of our innovation and where we are going to add more value is how we can further enhance our protection around identity, how we can use the network data to identify fraud. For example, if you are trying to go into your bank account and suddenly you get a fraudulent domain like phishing attempts or that become today much easier to create. We see that with AI, you create a new domain almost instantaneously. This is something we want to add as an additional level of protection to our customers.
Jonathan Ruykhaver, Analyst
So from a timing perspective, are these opportunities that become monetizable as we look into 2027?
Eyal Harari, CEO
Yes. We are going to launch those capabilities during 2026, the first batch of capabilities. Therefore, we believe this will start to contribute to our revenue, some of them even in '26 and some of them into 2027.
Operator, Operator
The next question is from Matthew Calitri of Needham & Co.
Matthew Calitri, Analyst
This is Matt Calitri over at Needham. I wanted to stick on the fraud point for a second here. And I was wondering if you guys have any anecdotes you can share on what end-users are seeing in regards to the rapid evolution and increased occurrence of AI-generated fraud attempts and how Allot's technology is keeping pace with these more sophisticated attacks.
Eyal Harari, CEO
Yes. I don't know if there is, again, a specific anecdote, but as pointed before, we see increased sophistication and speed in how often you encounter sophisticated impersonation when it's so easy to create new applications and websites. It's easier for attackers now to go and target you with those fraudulent activities. While in the past, maybe it was done for larger enterprises because it required a lot of effort to implement, we see that today, it's so easy that also all of us as consumers and small businesses are under attack. What we are trying to do is leverage the unique visibility we have to the network, the fact we see the whole network traffic. We see new network patterns that are happening, and by that, we are well positioned to identify those frauds in a faster and more accurate way and give this level of protection to our customers.
Matthew Calitri, Analyst
Got it. Very helpful. And then are you seeing any acceleration in pipeline progression? Specifically, I'm wondering if you're hearing from CSPs that they've either lost deals because they don't have a security offering or they've had customers get breached and need more protection there? Anything in that regard would be helpful.
Eyal Harari, CEO
Yes. We definitely see around the globe different occasions of cybersecurity events that dramatically affect the carriers. This usually gets front page news in the country. We all see that the risk on the consumer is higher, and we see different use cases and events that are becoming more prevalent. We are seeing that cybersecurity services are becoming more and more popular, but there are still many CSPs in different countries that are not yet offering that. We do see some countries where we start to work with and then other carriers also wanting to add this service. We see regions in certain countries where there is no offering, and they are looking to get cybersecurity services as it becomes more important. Overall, the awareness for cybersecurity for the consumer market is getting higher. SMBs, which weren't so concerned years ago, are now being more and more concerned with this and asking for higher levels of protection. For example, we launched a new firewall as a service. Firewall is very well known and commoditized in the enterprise space, and we see that now also small businesses want to get the same level of protection for incoming traffic, not only ensuring that their outbound is protected. We are also looking to add DDoS protection based on the assets we have from the Smart product line that we are introducing as part of the SECaaS, so small businesses could get higher care of protection with the higher risk evolving.
Operator, Operator
The next question is from Rory Wallace of Outerbridge.
Rory Wallace, Analyst
I was wondering if you could comment on book-to-bill in the Smart business in 2025. I know you mentioned securing the additional high single-digit million order from an APAC customer in Q4 on top of the tens of millions order earlier in the year. So is it safe to assume that the book-to-bill was fairly positive? And if so, maybe you could contextualize the guidance for 2026 and what you're baking in as far as how much of the pipeline converts to revenue and backlog?
Eyal Harari, CEO
So the book-to-bill we have is way over 1, as we announced during the year. Starting the year, we announced multiple new accounts of multimillion dollars, then further updating about the tens of millions of dollars and then another new opportunity that we talked about with high 7 digits. All of that is accumulated to many millions of dollars that are still not recognized, and our backlog is in very good shape. As we start '26, we have very good visibility with the mix of those new wins that add to the backlog and add to the recurring revenue that we ended the year with over 60%. We are very well positioned for the year, and this is why we guided for continued accelerated double-digit growth in total revenue for the company.
Rory Wallace, Analyst
Got it. And with the new product launches, for example, the Firewall as a Service and even identity protection at the domain level, which you mentioned, I believe, for the first time today, how is Allot specifically well positioned to sort of modularly add on these additional products for SMBs and consumers? And is this something that's allowing you to stand out in current RFPs or bids with new carriers that see that you can offer more than just a simple anti-malware product, but you can actually bring this one-stop-shop solution.
Eyal Harari, CEO
So Rory, it's both. First of all, as we move into new customer segments, our cybersecurity engine offerings have become more enhanced, allowing us to meet a wider range of requirements and demands. Part of our strategy has always been to provide comprehensive protection. Through years of product innovation, we've developed protections from the network, WiFi routers, and DNS. We introduced OffNet protection and added more capabilities at these various touchpoints. The additions of firewall, DDoS, and identity services make our portfolio stronger and more appealing, especially as we attract new customers. As you mentioned, it's extremely important for our existing customers. We have over a dozen clients that contribute significantly to our annual recurring revenue today, including large Tier 1 customers who utilize our current services. These additions are easier to secure because we already have established relationships, agreements, and market success with our existing offerings. They are eager to explore ways to increase profitability together, and all these enhancements will foster growth in the upcoming years.
Rory Wallace, Analyst
Got it. And then with the vision on the consumer side and how you plan to sort of extend capabilities beyond just data protection to digital life cycle. Could you maybe elaborate a little bit on how you see that unfolding?
Eyal Harari, CEO
Yes. If we take the value of networking as the anchor and the base of our protection, once we are already offering a solution to the customer and with AI coming and creating those additional worries and threats, we want to have wider and more robust protection for all of these capabilities or requirements. Identity is one example. Even if your identity is transverse in the network and exposed from different websites and different applications, while this is not a network security that we are providing, we believe that for the same customers that we have already sold from the CSP, they want to see and hear how we can protect them from identity theft and how we can help them with fraud, for example, and how we can help them with increased phishing attempts. We all get those messages. With the current technology, there are still a lot of concerns from customers. We are trying to answer this demand and create upsell opportunities for us. Networking is our anchor. This is our secret sauce, and this is where we see a lot of data. We are taking this not only to protect the data part of the customer but the whole identity, the whole experience and trying to minimize threats in the digital environment.
Rory Wallace, Analyst
Got it. And then with the near-term environment, you mentioned kind of the incremental SECaaS ARR that we saw in Q4 of around $3.3 million. That's sort of a good level to use in Q1. You mentioned promotional activity and go-to-markets that are ongoing. It seems like Verizon, in particular, is really leaning into the FWA business Internet security product. Is that something that you think could bode well for the SECaaS business this year?
Eyal Harari, CEO
Yes. We see a lot of potential and demand for the SECaaS. As mentioned, our existing customers are promoting the services in different campaigns without specifying which customer is doing what. As you saw, the incremental revenue and ARR this quarter was very strong, and we don't have any reason to assume it's going to be softer in the coming quarters. We still see a lot of potential demand coming from our base. On top of that, we want to add more upsells and cross-sells with new customer launches that our sales team are working on to add new CSPs to the mix and upsell into existing CSPs, these new cyber protections. So we have all the reasons to believe that the SECaaS growth will continue to be very strong this year. We are working to ensure that it's going to be a multi-year opportunity, and some of our investments are already to secure additional very strong growth in the following years.
Rory Wallace, Analyst
Got it. And sorry, I'm running on here, but one more question just on the cost side. Liat mentioned the DRAM shortages impacting margins, which I think is no surprise for people in the networking space. With the Smart gross margins at around 70%, is it safe to assume that the percent of the BOM of the product that's DRAM is likely not too material? And so this is maybe a few hundred basis points of margin headwind? Or is there any way that you could help us think a little bit more about gross margin and the DRAM impact in 2026?
Liat Nahum, CFO
Yes, sure. So in general, as we said, we factored some of the cost constraints that we see around hardware due to the demand and the constraints that we see with AI and specific chips and related items. We are still forecasting the 70% gross margin. And as we also stated, SECaaS is becoming more and more material as a percentage of our revenue. So of course, it also compensates. We don't expect to be on the lower range like previous years, still in the range of 70%, factoring in those constraints as we currently know.
Eyal Harari, CEO
Just to add to this, Rory, we still believe that our profitability will continue to improve. We are experiencing external pressures, but there is an opportunity to raise prices with customers since we cannot control the entire supply chain cost. Additionally, we expect improved profitability from SECaaS, which Liat mentioned, as it contributes higher margins to our overall revenue. Despite these pressures, we are focused on expanding our profitability. With the anticipated growth, both our top line and bottom line are expected to improve significantly.
Rory Wallace, Analyst
Understood. It's more of an acknowledgment of the DRAM cost rather than a warning that it will significantly hinder progress. Great job with the results in the call. You clearly laid out the vision for Allot, highlighting how both traffic management and security capabilities are relevant in the current environment, especially with AI acting as a multiplier for hacking threats, necessitating protection for small and medium businesses as well as consumers. You also mentioned the benefits for Smart. In light of today’s stock volatility, I encourage you and the Board to consider a share buyback authorization to take advantage of days like this. With $88 million in net cash and projected cash flow of $18 million in 2025, you are well-capitalized. As we know, markets can be volatile and irrational in the short term. Just a few thoughts from a long-term committed shareholder.
Eyal Harari, CEO
Thank you Rory, noted.
Operator, Operator
There are no further questions at this time. Allot's replay will be available on Allot's website in the next day. Thank you for your participation. You can go ahead and disconnect.