Earnings Call
Check Point Software Technologies Ltd (CHKP)
Earnings Call Transcript - CHKP Q4 2020
Operator, Operator
I'd like to welcome you to our Fourth Quarter and Full Year 2020 Financial Results Video Conference. At this time, all participants are in listen-only mode during the formal presentation, which will be followed by a question-and-answer session. Joining me remotely today on the call are Gil Shwed, Founder and CEO along with our CFO and COO, Tal Payne. As a reminder, the video conference is live on our website and is recorded for replay. To access the live conference replay information, please visit the company’s website at checkpoint.com. For your convenience, the replay will be available on our website. If you’d like to reach us after the call, please contact investor relations by e-mail at Kip@checkpoint.com.
Tal Payne, CFO and COO
Great Kip, thank you. And good morning and good afternoon to everyone joining us on the call today. I am pleased to begin the review of the fourth quarter and the full year. Revenues for the fourth quarter increased by 4% year-over-year, reaching $564 million, and our non-GAAP EPS grew by 7% to $2.17, both above the midpoint of our guidance. Before I proceed further into the numbers, let me remind you that our GAAP financial results include stock-based compensation charges, amortization of acquired intangible assets, acquisition-related expenses, as well as the related tax effect. Keep in mind, as applicable, non-GAAP information is presented excluding these items.
Gil Shwed, Founder and CEO
Thank you, Tal, and happy belated New Year to all of you joining us on the call today. I hope that you and your family are safe and healthy. I’m glad to report the results for 2020. What a year it was. As you've heard from Tal, we delivered good numbers for the fourth quarter and for the entire year. But more important is what we achieved throughout the year. Despite the pandemic, we launched an entirely new product line for our core network security business, the quantum family, and the results are quite positive, going from negative product growth in 2019 to positive growth in 2020. Our cloud business delivered double-digit growth in 2020, a trend that intensified in the second half of the year. Finally, with our Infinity Solution, we delivered the industry's only presented architecture for cyber security across the entire spectrum of attack vectors: network, cloud, and endpoint. We more than doubled its number of customers and contract value. We've augmented all our product families with plenty of technology, including serverless protection for cloud IoT and autonomous Threat Prevention on the network, EDR capabilities for the endpoint, and our new Infinity Stock security research and management tool, just to name a few key technologies that are now part of our products in Infinity architecture. The importance of cyber security and the Internet has risen significantly over the last year. The network became the lifeline of our lives and businesses. And I believe I've said it before, but our industry can be proud; we kept the world running. The world faced significant increases in traffic, and with that, it also faced a huge increase in cyber attacks. I can go on and on and describe our achievements in 2020, but I'd like to focus more on talking about the state of cyber security and our plan for 2021. I've been speaking about the fifth generation or Gen 5 cyber attacks for the past couple of years. 2020 demonstrated that it is not a theory or a projection, but that the Gen 5 attacks are here—sophisticated, multi-vector attacks that are fully morphing, disguise themselves very well, start the attack in one place, and end a few steps later deep in the enterprise. This was the hallmark of many of the attacks in 2020, including the Emotet bot, which was one of the most popular launch pads for attacks last year. The Emotet network was taken down in a sophisticated operation involving law enforcement agents from eight countries— a great achievement for cyber law enforcement, but also an important signal for all of us.
Operator, Operator
Thank you, Gil. Before we begin with the Q&A session, due to content constraints, and in consideration of other participants, please limit yourself to one question. If you run into technical difficulty, please type your question into the chat. Our first question today is going to come from Adam Tindle from Raymond James, followed by Fatima Boolani from UBS Equities. Adam?
Adam Tindle, Analyst
Okay. Thanks, Kip. I just wanted to start with the near-term and long-term repercussions of Sunburst. Maybe Tal could start on the near term. Could you maybe talk about the cadence of Q4? Did you see any acceleration in conjunction with this? Looks like you're guiding revenue above seasonal in Q1 based on what I can tell from the quick math here. So just wondering if maybe there's some bursting that you're seeing to give you confidence in that above seasonal. And then maybe Gil can tackle the long-term question. Just speak to the repercussions for security architecture changes. And does this open opportunity for M&A for Check Point? Or do you think you can attack it with your existing portfolio? Thank you.
Gil Shwed, Founder and CEO
Tal, go ahead.
Tal Payne, CFO and COO
Yes, so I wouldn't say I saw something specific relating to that. Q1 guidance is based mostly on mathematical aspects in the sense that some of it is coming from the deferred revenue. So we already know how much we have in hand, both in subscription and support. The product area varies where you can be higher or lower depending on what will show up in product revenue, so it's not really related to any increased demand or decreased demand we see in the market. We expect it to be in line with our expectations.
Gil Shwed, Founder and CEO
And again, for the strategic impact for the first, I think it's highlighted the fact that these attacks are sophisticated, they disguise themselves very well. With Gen 5 attacks, this is really something we have to say. Is it going to have a direct impact on our revenues? I hope it will since I think we're the only ones that can actually address it. Companies were semi-frozen, thinking, 'What should we do?' A company has invested tons of energy just investigating what happened six months prior, trying to realize if they were attacked. I think it's very hard to know if Sunburst affected them; it infiltrated and then deleted itself in many organizations, leaving almost no traces. The key is not to know that we were hacked and your secrets were stolen six months ago. The key is to prevent it and ensure that whatever gets inside doesn't proliferate or cause damage. And that's all about prevention. I think we're doing that quite effectively, and I think we can face these attacks. Our challenge remains to show customers the significant difference in deploying our technology and solutions compared to everything else in the marketplace.
Tal Payne, CFO and COO
Okay, and maybe I'll repeat the guidance since I'm not sure everyone heard it. So, for the first quarter, we're looking at $485 million to $515 million, and non-GAAP EPS in the range of $1.45 to $1.55. GAAP EPS expected to be $0.22 lower, and for the year, $2.80 billion to $2.180 billion. The EPS non-GAAP is $6.45 to $6.85, with GAAP EPS expected to be $0.90 lower.
Adam Tindle, Analyst
Thank you. High end of revenue guidance is $515 million, not $550?
Tal Payne, CFO and COO
$485 million to $515 million, yes.
Adam Tindle, Analyst
I heard $550. Okay, that's helpful. Thank you.
Operator, Operator
All right. Our next question is going to come from Fatima Boolani, followed by Brad Zelnick at Credit Suisse.
Fatima Boolani, Analyst
Good morning, thank you for taking the question. Gil, maybe I’ll start with you very quickly. You were very explicit that 2021 is going to be characterized by investments in R&D and sales and marketing. As I think about the new product families and the vision you have around them, can you talk about how that's going to impact your go-to-market efforts, specifically around any changes to incentives, compensation structures to your direct sales force, and how this is going to move down the pike with some of your channel partners as you build and continue to build your channel partner relationships? And then another quick follow-up for Tal.
Gil Shwed, Founder and CEO
So first, in terms of our go-to-market, the general structure remains the same. We have a large and capable sales organization that doesn't need major changes; just some small ones. We do have two overlays, one focusing on CloudGuard technology and another overlay that supports sales regarding the new user-centric security. We haven't formally launched the name for that, but you'll see it in a couple of weeks. I think that’s going to be a very, very focused approach. Now, if I'm a sales guy or if I'm a customer and I need a solution, Check Point probably has that solution amongst the 280 different technologies. Now, it’s extremely simple. If you want Cloud, CloudGuard is the solution. If you want something about remote connectivity, then Harmony is the solution. That will work both in terms of positioning and in getting the technologies. By the way, it will also simplify purchasing, allowing one price for the entire suite instead of dealing with a ton of different skews in sizes for the different elements. If you need a network solution, it's part of the Quantum family, which still has huge potential in it for the main markets. I think this go-to-market strategy is very effective and to that Infinity enables customers to receive the full architecture. Again, Infinity is still small, but it's growing fast. Tal noted that we doubled the number of customers and contract value last year. So it's hitting on all the right elements, although still a way to go before all three companies become significant parts of the business. But I think we're now seeing it as very important for growth, and as they succeed, we will see their impact on the overall business. Overall, it has good potential. Also, everything I mentioned applies not just to our sales force, but to the customer and the partners as well. Again, partners, if you face a cloud issue, you don’t need to navigate through hundreds of vendors with dozens of solutions. CloudGuard is a solid option. Quantum is a good solution for connectivity and end-user needs.
Fatima Boolani, Analyst
Tal, just very quickly for you. How should we see these efforts consolidating around these three product families show up in the financials? Can you give us just some finer points on how the revenue segmentation and growth trends within the revenue segmentation should trend over 2021?
Tal Payne, CFO and COO
Shouldn’t really change. Remember, developments do not happen overnight. When you talk about appliances, you're going to see the product line shifting. When you discuss subscription, it doesn’t matter if it's a subscription related to remote access, NGCP, NGFW, or some plus. All are subscriptions, and they will be recorded under the subscription line and support. Infinity is one of the major ones where when you initiate a transaction, it's actually split between the entire lines. Some of it goes into products, some going to support, and some into subscription. A major part, probably over 50%, will go into the subscription line because it encapsulates everything that Check Point has to offer, hence the majority will reflect in the subscription line.
Operator, Operator
Thank you, Fatima. Our next question comes from Brad Zelnick at Credit Suisse, followed by Sterling Auty at JPMorgan. And please try to keep to one question at a time going forward.
Brad Zelnick, Analyst
Great. Thank you so much. Kip, nice to see everybody and congrats on a really strong Q4. Gil, as we think about Sunburst and the future other supply chain attacks, at the end of the day, don't they all rely on lateral movements across the network? And if so, do you think this accelerates a broader shift to Zero Trust Security models? And can you speak about not only how Check Point succeeds in a Zero Trust world, but also the extent to which it might be a headwind to your core business?
Gil Shwed, Founder and CEO
I think you're absolutely right. These attacks underscore the importance of network segmentation and Zero Trust, as all network security capabilities ultimately aim to stop an attack. We know there is no way to fully prevent access in the current environment. Our focus is to stop the attacks and contain them as they occur. Network security remains the most effective means of achieving this. We cannot know every workload or every application in the world, but we are making efforts to secure various workloads and expanding our reach. Ultimately, effective network security capabilities are crucial for identifying attacks and stopping them before they escalate, which should provide us with greater opportunities within our network security portfolio.
Brad Zelnick, Analyst
Okay. Thank you. That's all for me.
Operator, Operator
All right. Our next question is with Sterling Auty at JPMorgan, followed by Joel Fishbein from Truist Securities.
Sterling Auty, Analyst
Thanks. Hi, guys. I want to return back to the go-to-market discussion. Wondering the success you've seen in the Americas channel in particular in 2020. Was there anything you did differently or any learnings that you can now take and apply to both Europe and Asia?
Gil Shwed, Founder and CEO
I think we've seen good traction and cooperation with channels in America, but I believe it works the other way around. Asia, especially Europe, has more effective cooperation with the channel. We're trying to learn from their cooperation in Europe. Our channels are now unified under our head of worldwide channels. I believe every region can learn from others, but I think Europe offers the best cooperation with the channel and the most effective go-to-market strategies. There's a lot we can do and a lot more to leverage in the U.S. for reaching new customers. I think it is more challenging in the U.S. than in other regions.
Operator, Operator
Thank you, Sterling. Our next question comes from Philip Winslow from Wells Fargo, followed by Ben Bollin at Cleveland Research.
Philip Winslow, Analyst
Hi. Thanks for taking my question. Gil, would you compare Sunburst to, let's say, prior attacks, like some of the ones we saw years ago? What do you think the implications are? What's different this time in your mind versus these prior attacks that were similarly widespread?
Gil Shwed, Founder and CEO
I think first, with each attack, you learn new techniques; the creativity that attackers display is astounding. Every time I meet with our researchers, I'm amazed at the vulnerabilities they find in applications and infrastructure. What's unique about Sunburst is its professionalism and its high level of stealth; it was exceptionally hard to detect. We may never fully know the extent of the damage and the information that was exfiltrated. Many organizations may simply not know they were breached, as the intruder deleted its traces. The Sunburst attack originated from within the organization's core network, specifically with SolarWinds. It took active directory certificates and used them to penetrate the cloud. In many cases, the cloud remains vulnerable as it's not as well shielded as the core network. Sunburst will likely remain a prominent topic in cybersecurity conversations for the foreseeable future.
Philip Winslow, Analyst
I think we all would want to hear from your researchers on a webinar. I like that idea.
Gil Shwed, Founder and CEO
So we'll schedule that.
Operator, Operator
Thank you, Philip. Our next question is coming from Ben Bollin, followed by Shaul Eyal of Oppenheimer.
Ben Bollin, Analyst
Good afternoon, good morning. Thank you for taking the question. Could you tell us a little bit about the mix of revenue and/or billings attributable to cloud and SaaS subscriptions in Q4 or for the year? And how this has developed over time? As you get more of that revenue mix over time, take us through the impact on support and maintenance revenue?
Tal Payne, CFO and COO
I'm not sure I understand what you mean. Can you elaborate a bit?
Ben Bollin, Analyst
If you look at Infinity Dome9, can you take us through how much revenue you're generating from those products? And how that's developed?
Tal Payne, CFO and COO
Okay, so it's still not very big, but I'll give you a sense. Cloud, when you say Dome9, it’s part of the CloudGuard solution. The total for CloudGuard is over 10% of the subscription line already, which is quite material, but not enough to significantly impact numbers yet. However, it is growing fast, showing significant growth over 50%. This trend indicates that it will continue to expand. Infinity is smaller, but we are seeing significant progress in revenues, reaching low double-digits in millions. That segment is also growing quickly. One example would be when we signed the Infinity Total Protection transaction, the annual contract value of those customers can grow significantly depending on their existing solutions, with one customer seeing 100% growth. Most of this revenue appears across three lines. However, more than 50% will go into the subscription line.
Operator, Operator
Thanks, Ben. Our next question is from Shaul Eyal at Oppenheimer, followed by Gray Powell at BTIG.
Shaul Eyal, Analyst
Thank you. Hi, good afternoon, guys. Gil, quick question on your threat intelligence capabilities. Are these homegrown solutions, or are you partnering with some other companies? Maybe some emerging startups in Israel, outside of Israel? Just curious, how do you approach threat intelligence?
Gil Shwed, Founder and CEO
First, for intelligence, you need to collect it from many sources. Our threat intelligence technologies are our own. We have strong research capabilities, but we also cooperate and subscribe to many other services. We even participate in an organization that shares threat intelligence with competitors. We subscribe to other threat feeds from various companies and partner with a few startups providing threat intelligence. However, most of our findings derive from our own technology. We have numerous sensors worldwide that can identify threats in real time. For example, if we analyze a malicious file that is being sent globally, we can immediately add its signature to protect all customers. This event-driven approach protects customers as soon as a threat is identified, which distinguishes our threat cloud technology.
Shaul Eyal, Analyst
Thank you.
Operator, Operator
Thank you, Shaul. Our next question comes from Gray Powell at BTIG, followed by Rob Owens of Piper Sandler.
Gray Powell, Analyst
Okay, great. Thanks for taking the question. This might sound like I'm getting a little into the weeds here, but actually looking for more of a high-level answer. If I just kind of run through the numbers. If I take correct billings, and I back out product revenue, it sort of proxies for annual subscription or annual recurring billings? The growth there really accelerated nicely in Q4. It was actually the best performance we've seen from Check Point in about three years. So can you just talk about the drivers there either in terms of attack subscription or on the cloud side, and just the overall sustainability of that trend?
Tal Payne, CFO and COO
Are you basically calculating your implied bookings?
Gray Powell, Analyst
Yes.
Tal Payne, CFO and COO
Okay. Just wanted to ensure I understand. You're right; the implied bookings were high. I think in the short term, it was high by 10%. The total implied was about 8%, so very high. We had a solid quarter. Transitioning into Cloud and Infinity takes time to translate into the P&L and revenues. The top reason for the notable spike in implied bookings is a fact that we saw numerous Infinity and cloud transactions drive our subscription growth. I mentioned that we saw over $100 million in booking for Infinity, which is quite significant. We're hoping that this trend will continue, aligned with our focus on growth in the Cloud, Infinity, and remote access areas that Gil has outlined.
Gray Powell, Analyst
Got it. Okay. Thank you very much.
Operator, Operator
Next, we go to Rob Owens, followed by Michael Turits at KeyBanc.
Rob Owens, Analyst
Thank you guys. As we contemplate this shift towards more remote user and potentially more user-centric models, does this potentially change the pricing dynamic for Check Point moving forward, and then have implications for your Total Addressable Market moving forward? Thanks.
Gil Shwed, Founder and CEO
I think we will definitely grow the addressable market. I specifically didn’t talk about the market size because all the markets regarding remote access and endpoint security are enormous without aiming to take over every vendor’s market. Our focus is on connecting the mobile workforce while ensuring security in any environment they operate in. This market, previously mid to low priority, shifted into the top tier of customers’ objectives. Our portfolio consists of numerous solutions available to meet all security elements. Now we need to coordinate them; while it’s challenging, we are making progress. Another acquisition we completed last year, Odo, showcases our proactive approach. We're unifying solutions instead of diluting our offerings into separate products, simplifying the purchasing and implementation process and substantially enhancing security levels up to the end-users.
Operator, Operator
Thanks, Rob. I appreciate it. Our next caller is Michael Turits with KeyBanc, followed by Saket Kalia from Barclays.
Michael Turits, Analyst
Thanks. So congrats, Tal and everyone. I want to ask about product sales, which as you pointed out, was really strong this year, turning back to a positive. Was there a lag in people's abilities to refresh firewalls last year? And does that start to come back? If so, why wouldn't that provide a little bit more visibility into Q1 and potential for upside to revenue given strong billings this quarter?
Gil Shwed, Founder and CEO
First, regarding the product business, we generally supply products right away, which is why our deferred revenues are largely predictive of subscription revenue. In many cases, we see increased capacity demands. For example, in March, we observed companies pushing significant orders to increase network capacity. However, last year, customers generally avoided physical interactions, which slowed demand in data centers. This was a year marked by a slight slowdown in physical transactions, even if we saw product growth turning positive, indicating potential for significant demand. In my opinion, the market for network security, gateways, and firewalls is very promising. We genuinely need to act swiftly against these new cyber attack threats and understand the necessity of such measures.
Operator, Operator
Thanks, Michael. Our next question comes from Saket Kalia from Barclays, followed by our last question from Brian Essex of Goldman Sachs.
Saket Kalia, Analyst
Hey, great. Can you hear me okay, Kip?
Operator, Operator
Yes.
Saket Kalia, Analyst
Okay. Excellent. Thanks for taking my question here, guys, and fitting me in. Tal, maybe the question is for you. You hinted that ITP bookings crossed $100 million this year. The question is, can you discuss how much they were last year? And what's prompting customers to opt for ITP when buying network security versus the traditional pricing model?
Tal Payne, CFO and COO
The first question I got. Yes, I can hear you. They scored significantly over 100%. I don’t remember the exact number, but it was a significant growth. The second part of the question?
Saket Kalia, Analyst
What do you think is prompting customers to go for ITP pricing versus buying firewalls under the traditional model?
Tal Payne, CFO and COO
It starts with need. When customers realize that as their environment becomes more complex, adopting solutions from many different vendors becomes challenging. It seeks to provide integrated security, making it simpler for customers. The pricing model offers an easy option where customers can purchase a single solution instead of negotiating with numerous vendors based on various parameters. You only need to tell us how many users you have – your price will be set accordingly. It simplifies the security process for organizations.
Operator, Operator
Very helpful. Thanks, Saket. Our last question is coming from Brian Essex from Goldman Sachs.
Brian Essex, Analyst
Hi. Thank you for fitting me in, I really appreciate it. Gil, I wanted to ask about competitive dynamics you're observing in the market, particularly considering the product cycles you've held. How much of that growth is coming from the installed base? Where do you see your share coming from? Are you getting success largely from existing customers upgrading to the next generation, or are we seeing growth from new customers? Which vendors are you competing against;
Gil Shwed, Founder and CEO
First of all, my priority over the past few years has been acquiring new customers, not just those already in our base. The majority of our business does still come from the installed base, as these clients are aware of our capabilities. However, we have captured several significant competitive wins. It's not only against older market vendors, but also some highly established companies. Many customers evaluate our products, and we have continually impressed them with our innovation. We're regularly met with feedback about how our technological capabilities effectively stop attacks. Some solutions practically require post-incident responses while ours provide 10 times the value when correctly deployed. We've seen various sectors—healthcare, vaccine manufacturers—give us substantial competitive wins and replace competitors with our comprehensive solutions.
Brian Essex, Analyst
That is helpful. Thank you.
Gil Shwed, Founder and CEO
Thanks, Brian.
Operator, Operator
Thank you all for joining us today. That's going to conclude our call. We'll look forward to speaking to you throughout the quarter. And with that, I'll allow you guys to disconnect and have a great day. Bye-bye.
Gil Shwed, Founder and CEO
Thank you very much.
Tal Payne, CFO and COO
Thank you, guys.