Allot Ltd. (ALLT) Earnings Call Transcript & Summary

Okay. So we're going to get started now. Thank you for your patience for that. I'm Barry Spielman, Product Marketing Director of Security Product in Allot, and I'm very excited to be hosting this webinar today. And just to make sure you're all in the right place, SMBs are under cyberattack, what they are saying and how telcos can protect them. So cyberattacks continued to increase dramatically across the Board, and small businesses are no exception. SMBs are highly aware of the threats that they face with the limited budgets, lack of skills and IT staff leave them vulnerable. So what are small businesses willing and able to do to protect themselves? Now to find out, we joined forces with Coleman Parkes Research to survey small businesses across North America and Europe. And we asked questions such as how many cyberattacks have SMBs experienced in the last 12 months, how much did the attack cost in terms of remediation and lost revenue, what are the most important criteria for selecting cyber sec solutions and how much are SMBs willing to pay per month for a cybersecurity protection. Now in today's webinar, we'll be discussing SMB attitudes and trends regarding cybersecurity. And I'm very pleased to have with me, again, Ian Parkes, Director of the London-based Coleman Parkes Research; as well as Itay Glick, Vice President for Cybersecurity Products here at Allot; and Eduardo Holgado, Senior Product Manager for Cybersecurity. Ian, Itay, Eduardo, thank you so much for joining me.

Good morning.

All right. Great. So in a moment, we're going to get started with the webinar. But before we do, as always, we have a few quick housekeeping items. And so firstly, the webinar is being recorded and will be available on demand on the Resources section of the Allot website. Now we'll be having a Q&A at the end of the webinar today. [Operator Instructions]. I also want to point out that all of you will be receiving our latest telco trend report, which is based on the SMB survey that we're going to be discussing in today's webinar. So as I usually do, to get us started, I'd like to ask a couple of quick questions to know who's online. I'm about to launch a first question and if you folks could just answer who you are, what kind of CSP are you, maybe you're not a CSP, maybe an enterprise, who you are, giving about 20 seconds, everyone joining. This is information that is useful for us as the panelists understand who is on the call and I think maybe also for you, folks. Just another 10 seconds, and we'll move to the second question, and we will start. Okay. So I'm going to end the poll. I see people still responding, so another 5 seconds. And that's it. All right. So here, I'm going to share the results. We could see that -- all right, a very nice spread of folks coming from all different types of CSPs or enterprises. Thank you for that. That is very useful information. And I want to go now to a second poll. Let's see if I know how to do this correctly. Second poll. Okay. I don't know how to do it correctly. And so we're not going to go to the second poll. All right, folks, we're going to skip on that. Let's get started on this webinar. So to kick things off, Ian, I think that I'm going to pass the ball over to you.

Yes. Thanks, Barry. Good morning, everyone. So as Barry said, we're going to look at some research that we've undertaken for Allot independently of them, looking at the challenges that SMBs face with regards to cybersecurity. Could you put me over to my next slide and just maybe I'll able to give it...

You will have to double click there and we'll get there.

Yes, no problem. That's okay. Okay. Just a little bit of background to what we did. I'll apologize now that some of my slides are fairly busy, but I'm not going to take you through absolutely everything. I'll take you through the important bits really. So in September of this year, I would like to have said post COVID, but there doesn't appear to be any such term as post COVID at the moment. We spoke to -- sorry, we interviewed through an online portal and online research data collection methodology, 400 SMBs split across in the bottom right-hand corner. You can see that the countries that we went to, U.S., Germany, Sweden and the U.K., I'm going to keep this very top level across the whole of the sector and the number of interviews that we did and all of the responders as opposed to getting and drilling down too much into country. But there are 1 or 2 slides that you'll see where I've drawn out a couple of country differences. But the report that Barry has alluded to, we'll give you more detail on the country-specific one. So if you have a particular -- for wanting to know about a particular trend in the marketplace. We also -- the SMBs that we spoke to had between 5 and 200 employees. So it's the true heart and mind of the SMB market. Our respondents were anything in the top right-hand corner from the MD, the owner, manager founder, another manager, and occasionally, an IT director. And the interesting point, I think, if you look on the left there, we've got the IT team structure. You can see that for around about 1/3 of the SMBs, they've got an IT department in-house that's got 2 or more specialists. So that typically was sort of large -- midsized to large SMBs. They have 1 skilled IT person in-house, and he or she is dedicated to IT issues was another [indiscernible]. But then you've got this rate of SMB approximately 40% that don't have an IT team in place. They have someone who perhaps fulfills part of the role or they use an external provider. And that's an important element as we go through the findings in terms of how SMBs are tackling the cyber issues. And then also from a cloud transformation point of view, then some of them are doing a lot of their production and business online and in the cloud. Many user mixed cloud and some local server, and very few are doing it on local servers only. So enough about the background, let's go and see what we found. Could we move on, please? Okay. So just to get you all used to the way that I've structured the charts, you'll see across the top, the question or questions that we asked and then right down on the bottom corner, if you can see it, there's a thing called either a single code or multi code. That means that they could have answered just one option or multiple options in that question. And then the number of people -- most of it will be the 400, and it will be broken down. So the first thing we want you to understand was really in terms of information applications and connectivity, is it important to their business? Is it not important? And it won't surprise anyone that connectivity is critical to the daily operations of around about 4 -- sorry, 2 in 5 of our SMBs. And a similar proportion said that connectivity is critical. All or most of their production and business are done online. Now clearly, it's really important that they are connected. So they are going to be on WiFi, broadband, whatever. And therefore, that does open them up to the issue of how do they manage that connectivity and protect themselves against cybersecurity and cyberattacks. If we go on to the next one, please. We then said a typical research question using a 5-point Likert Scale. If 1 is not at all important and 5 is critical, how important is cybersecurity for each of the following areas? So the first one is to protect the business. And you can see what I've done here is I've grouped together the people that have said critical or somewhat important. So essentially, it's important to them. So well over half, 58% said that it's important to protect the business. Another 57% said it's important that they protect the network. And obviously, in the days of COVID and so on, there's a lot more BOYD, and a lot more access into the company network via the employees themselves via their own devices. So it's not surprising to see just over half saying that it really is important that they have some form of cybersecurity protection for the employees' mobile devices because they are going to be accessing them while they're working from home. Let's see what's been happening on the -- another set of statements. So -- and to me, these are quite critical, and I've put a box around 2. But by all means, click while I'm talking them through, take the time to read the others. But again, we just said tell me whether you agree or disagree with each one of these. So I'll take the second one in from the left first. So cyberattacks are going to be more common for small businesses. 79%, so almost 4 out of our 5 SMBs said that, that is going to be the case. Going to the far right-hand side. Small businesses are under the radar of the cyber criminals and therefore, the threat of attack is low. So here, I'm using a double negative, but only 21% agreed with us. So 79% disagreed with it, which says, we are on the radar. We are going to -- we are prone and therefore, a target of attack. And then...

So awareness is high here, right?

Yes, exactly. And awareness of cyber is high. And then if you take again the one fall from the right -- sorry, fall from the left, second from the right, the likelihood of my business falling victim to a cyber attack is high. Now I didn't just say it's a potential. We said it's high, and you can see 65% of SMBs agreed with that. So you can summarize this so far as they need the connectivity to do their business, but they don't necessarily have anyone in charge of IT per se in a lot of these, but they appreciate and know cyber and cyberattacks are a threat and an ongoing threat to their business. And you'll see that's a trend as we go through.

Okay.

So let's move on to the next one. We then said, well -- the question has jumped around a bit because I've not done all of the questions that we've covered, just in case anyone is thinking we've gone from question 3 to question 7. But what types of cyber risks and cyber-related risk that they can see that is considered to be the biggest threat? Now they could pick one or all of these. So interestingly, on average, there's 2 -- between 2 and 3 of these threats that the SMBs see as being a particular concern to them. But you can see employees introducing vulnerabilities on the business network via personal devices, 1/3 of companies are worried about it. It links back to the working from home. It links back to that employee mobile device thing that we saw in one of the earlier slides, lack of employee IT security awareness. Although the senior management team at the SMB seemed to be aware of the threats, they're worried that their employees are not. And therefore, there's a huge vulnerability there. Clearly, threats via laptops and mobile devices that are connected to corporate assets are in issue, and all the way down to 1 in 5 saying that continuous remote working during the COVID era is continuing to offer a cyber-related risk or threat to the companies. Let's see what else we found. So we then said obvious question. And so you're worried about being attacked, have you actually suffered an attack? Now we've run this question many, many times, both in the business world and in the consumer world. So we've tried to differentiate the awareness of actually what the threat was. So I'm going to take you just through this quite carefully. So the bottom right-hand side, so the first thing we said, have you experienced a cyber incident. Now if you were to ask me that in my business, I would say, I'm really not sure, could have been, might not. I think I've got the protection because I've got a protected device set in, but I'm not sure whether I've had an attack. So down in the bottom right-hand corner, we haven't experienced a cybersecurity incident in the past year, and we're sure that's the case. So about between 1/4 and 1/3 of SMBs felt that, that was the case, and they could categorically say, we have not had an attack. Keep that figure in mind because you'll see when we go on around in whether they've got insurances in place and so on. Moving up to the top right, we haven't experienced a cyberattack instant in the past that we know of, but we can't be sure. So they don't think they've had one, but they may have done and it may be sitting dormant because most attacks is dormant for a good few months before they actually get hit. So they're not, they're in the sort of, I think, I'm okay, but I'm not sure. On the bottom left, 22%. So 1 in 5 have had an incident, but they're not sure if it was cyber-related. So again, there's an exposure there. So far, we've got 48%. Almost half of their companies might have had an incident, have had an instant, but they don't know whether it was cyber-related. And then right in the top left, we have experienced at least one cybersecurity incident in the past year. So 1/4 of our SMBs have experience that they know of an attack and we've got around about half that might have done, but they're not sure. We then said to them, well, how many attacks do you think you had, how many incidents? And on average, they had 2 within the last 12 months. So that was amongst those that know it. It couldn't be amongst those who weren't sure. So you can see they were aware of the threats. They think that they've been immune to them, but they're not sure, but 1/4 have actually had a threat. Let's see amongst that 1/4 what the impact has been. So excuse the number of questions at the top, but we basically just asked them a series of ongoing questions, and some of this is quite to me staggering. So the first one was what was the nature of the attack. So you can see that 64% of our -- and the base at the bottom is 94 companies, which is at 24%. They said it was malware. So it could have been a virus attack. It could have been any form of malware. You can see further to the right, we've actually separated out some of the issues like virus attack and phishing. The interesting one, I think, is the second one because that is the one that we all know is on the rise, ransomware attacks. It's been on the rise for enterprise companies. It's now on the rise for SMBs. So you can see the types of attack fairly varied but focused around malware and ransomware. So we then said, well, in terms of that particular attack that you know of, how many hours did it take for you to sort out the incident? And you can say, on average, it costs an SMB -- an average of 16 man hours to sort out that attack. We then said, well, how much did it cost in terms of changing the systems, putting in new systems, all the time and effort and so on to actually get yourself back to the point where you feel you're immune to that attack? And you can see that on average, it was a staggeringly high, in my opinion, $70,000. But that encompasses all new hardware and everything else. But to me, the biggest issue was loss of revenue. The average loss of revenue to the business during that cyber attack and before they got back into business was around about $146,000. Now in the U.S., I put a figure in there. The U.S. was much, much higher. In research terms, we have these things called outliers, and there were 2 companies there that had major attacks well above that particular average, which has really pushed the average up. If you exclude them, it goes down a little bit to around about $100,000. But no matter I left it in there because these guys have had a major attack and I looked at them and they were major online traders. And you can see it's a really, really important figure. So it's not only the cost of the reputational impact or the time, there's a lot of cost involved in being attacked via the cyber issues. It's staggering. So we then said, well, what if anything, is blocking the company from improving its current IT security position? Because we've seen they're leaving themselves open. 24% already know they've been attacked. So what's surprising in inverted commas to me is that the 2 that mentioned the word cost, so cost of IT security professionals, cost of technology and service. Now to me, when you look at the previous figure, if it's costing you $60,000-odd to rectify an incident or it's costing you revenues of $100,000-plus and, let's say, a gross margin of anything from 50% up, it's going to be a lot less to actually invest properly in the right security measures. So the cost element in here is a little bit of a misnomer for me, but it's clearly an important element for the SMBs. There's also this thing of lack of leadership or ownership of IT security in-house because, again, there's not necessarily anyone charged with that responsibility. They're all focused on the trading activity like all small businesses are. Lack of knowledge or understanding of what needs to be done was another one for a quarter of them. And then to be honest, for some of them that are aware, there's too many products or services to secure. So they're just not sure what to do. So there's a role that I think will come on to later for a lot of people to be able to play in terms of helping these SMBs become a bit more focused on that security issue. And then to the right other thing, I also said, well, what's their plans for their security budget in the coming year? And I'm slightly concerned by the 22% that said that they would decrease their budget compared to the current year. They must be with greatest issue -- unless they have done a full-scale implementation and a complete review, which is possible, but not for 22% of them, they are going to be leaving themselves open to additional attack. The good news is they're outnumbered at 34%, but those that are going to increase their IT security budget. So we are seeing the pendulum swing towards the investment in that activity and the investment in needing to be secure.

Yes. And I think it's also important to mention the fact that we are going through a pandemic, right? So many of these guys were affected in that sense, and their business has suffered, and they have to increase their expenses across the Board. And of course, security is one of the items that unfortunately will get less budget. But in general, what we can see here is that they are aware of the issue. There is definitely a problem with the cost of the solutions out there. So the solution has to be affordable for the businesses. And at the same time, they don't have the skills to choose that right solution that they need, right? So those, I would say, are the main problems, right? So cost and lack of skills to identify the right solution for them.

Yes, you're absolutely right. And I don't want to be undermining of SMBs because we, as common parts, are one, but they are focused on running their business. They're running -- they're creating their revenue, making sure their people are happy. So all the things that the big enterprises have, i.e., big infrastructure teams and IT teams and so on, they are really -- they are able to focus on those, whereas the SMB is literally around doing business, working on the business and making sure that, that business is sustainable. And Eduardo, as you say, with the pandemic hitting and a lot more people working from home, therefore, there exposure with individual devices and so on as we've seen, and the whole thing becomes a much, much harder thing for all of these guys to manage quite frankly. And they are focused on the day-to-day business issues for themselves. So they want that support and they want that help. So let's now look at what we then asked.

Let's move on.

Yes. Sorry, yes, I'm conscious of time. So we then asked a series of questions around ransomware because we saw that it was on the increase, and we all know it's on the increase. We can't deny it. We've seen some high-profile ransomware attacks. So we then said, well, look, what would the impact be of a ransomware attack on your business? And you can see in the top left-hand corner -- apologies it's a busy chart, but you can see that 40% of the impact would be at least high. And for 8% it will be devastating. It will probably put -- potentially put them out of business. And only 10%, so literally 1 in 10 or so, said there will be no impact at all. Okay. The majority said a low impact. My personal opinion is some of them were underestimating it, but it could be a low impact. We then said, well, look, if you were attacked, would you pay the ransom? And you can see that 1/4 said they definitely would, and another 47% said we're getting into, 2/3 said that they probably would pay the ransom. Now they don't know how much it is. And then if you look to the right, what do they think the ransom might be. On average, it's going to be around $7,000. Now my opinion is that they are massively underestimating that. Given the cost of the impact of it, the ransomware attack is going to be significantly more than that. And funny enough, I pulled out the Swedish figures, which was significantly over the $7,000. However, they then -- the other interesting question. We said, well, actually, do you think it should be illegal to pay a ransom? And you can see that the majority of people said, yes, it should be illegal, although they're saying if they were attacked, they would pay it. So again, there's an element of a disconnect between this. And it's just the newness of this phenomenon to the SMB community just highlights that they're not sure exactly how to go. Let's have a look at the next question, so we then said, well, the obvious thing is to take out insurance, what insurance do you have to protect the company from things from like a ransom attack or some form of cyber threat? So the bottom one is the key one. So the second one down is the key one. We have a specific policy in place for cyber insurance. Only 1/3 of companies have a specific cyber insurance policy in place. 44% think, operative term, that the business insurance policy covers them for cyber insurance. If my company is anything to go by, that's not true because I've got both because I know that my standard insurance does not cover cyber. And I think, again, there's a lot of companies leaving themselves prone to attack and the inability to claim on insurance. And then you've got the 16% and the 11% said they don't have a policy in place at all or they're going to be planning it in the 12 months. So again, with the volume of attacks, with the connectivity issues, they don't have the right -- 7 out of 10 failed to have the right level of insurance in place.

I think a lot of what we're seeing here, Ian, is the newness of this whole thing?

Yes. Yes, and I think there's an expectation. And as I said, I felt foul of that as well. But luckily, I had the cyber insurance as well. But I would have looked at my -- one of my colleagues to look at the standard insurers, and it doesn't mention cyber at all. It almost explicitly excludes it. So that's why I think they do need to think about cyber insurance because the specifics have all made sure that they're ordinary business insurance and their continuity insurance would enable them to claim if it was a cyber attack. And I just don't think that many of those really cover it.

A free tip to everyone, go ahead and check it.

Yes, exactly. Back in 2018, the National Cyber Security Alliance reported that 60% of small and medium-sized business that are hacked go out our business within 6 months. So we then said, well, for 2021, how do you think this is relevant? Do you think it's relevant today? Do you think it's changed? So you can still say, 54% think it's still accurate, and it was 63% much higher in the U.K. 42% said, I don't think the situation is as bad as it was in 2018, but obviously, it's still an issue. And then the -- a small proportion said the situation is much worse. So I think, again, this sums up this whole element of SMBs are aware of the issues. They're aware of those potential challenges, and they don't see it changing over time. If anything, it's getting worse. So if we can go on. So we then said, well, think about cybersecurity now, where do you think you should -- or who do you get your security solutions from? So you can see a range of companies. And I think this goes back to the earlier point of there's an element of confusion of where they can go to get the level of cybersecurity that they need. So they purchase from suppliers that specialize in security. Fine, that's 1/3 of them. They go to a general IT supplier around about 1/5. And 1/5 go to their telco. Now I think here, there is a role for the telco and the CSP to play and probably more upfront and central to be honest, in terms of being able to communicate with the CSP. They've got that relationship. They've got the connectivity. They're providing the broadband, they arguably could be a go-to organization to impact the uptake of cybersecurity for these companies. So if we move on to the next one quickly. We then said, well, who do you think should be responsible for providing SMBs' cybersecurity services? Whoops, back one. I'll move on quickly because my time is running out.

I don't want to be to clock guy. But this is good stuff.

Yes. that's okay. Yes, yes. No, no. I'm very aware of it. So my existing IT team system integrated supplier. But here again, this is where I said, there's a role for the telco service providers to play because 27% or over 1/4 approaching, 1/3 want the CSP to help them provide those cybersecurity services. And we then said, well, look, how much would you be willing to pay per month? Barry mentioned it in the intro, and between $6 and $7 per month is what we're talking about. Now you can all do the maths. You can multiply that up by the number of SMBs in your local community, and you can start to think about the mega millions of dollars that, that adds up to and in your local currency as well. So there is a huge opportunity, in my opinion, for those CSPs to be able to provide that cybersecurity. Go on to the next one. My penultimate slide, but I'm not going to go through my key takeaways. We then said, well, look, we're all in the COVID era, what proportion of your workforce is working exclusively from home now, and what proportion will work from home in 3 years' time? You can see there's a slight reduction, but I think that's because everyone is going to be moving towards hybrid working. But then we say, well, do you think the connection issue is secure enough? Only 12% said definitely. Again, there's a concern around it's probably secure. Again, they're taking the risk. They're not absolutely certain that they are secure, ready to operate in a secure environment. If we move on to my last one, I'm not going to read these out guys. I think everyone is listening to me.

You could also see them in the reports.

You can see them in the report. I'm going to stop there and hand back to Barry.

All right. Well, I appreciate that. Thank you very much. As always, what you do for us, we appreciate. Good insights. And so at this point, I love team here. Now that you've seen the survey, I'm going to turn it over to Eduardo, that's seen a lot perspective on some of these trends and what we're doing about it. So Eduardo, I'll turn it over to you.

First of all, thank you, Ian. That was very, very interesting. Thank you, Barry. Good morning, everyone. Yes, the SMB new normal. This is the new reality. This is the way we have affectionally called this section of the presentation. Why? Because the SMBs were forced due to the pandemic to move to a work-from-home model, many of them, not to say most of them, were not ready for that. They had to adapt to that. And now as we are slowly coming out of the pandemic times, what we are seeing is that there is a switch to a hybrid working model whereby users and employees are starting to come to the office every now and again. Now these have advantages and disadvantages, but from a cybersecurity perspective, it definitely has consequences. So that's why we have entitled the SMB New Normal. It's the new reality. There is an expanded perimeter that they have to protect, and there are infections that are going to come from the work-from-home model. So let's talk about the work-from-home risk. Now as we were saying, work-from-home is here to stay, right, mostly in hybrid mode, meaning sometimes I go to the office, sometimes I work from home. When we look at businesses and employees and ask that question, and this is a separate independent report, we see that the majority of them is saying, hey, I expect a mix of office and remote work. Why? Because on the one hand, for the business, they are saving on real estate expenses. They don't have to have as much of a bigger office, right? They don't have to have all of the employees sitting there at the same time. But on the other hand, for a small business, it's critical to have visibility. It's critical to be maybe on the high street, maybe on a banner somewhere. So for them, visibility is very important. From the employee point of view, on the one hand, they are not dedicating as much time to commuting and going to the office, but let's be honest, working from home all the time, you can go nuts, right? So you really want to go to the office. You really want to have that social interaction, that social touch. So it just makes sense that we are moving to this hybrid model.

100%, I agree with that.

So what does it mean, though, from a cybersecurity perspective? So definitely, the network perimeter has not only expanded, but the main issue here is that these devices are constantly exposed to unmanaged networks. Sometimes this can be the home network of the employee. Sometimes it might be this employee going to Starbucks or a coffee shop and connecting from there and being exposed to unknown people that are sitting there connected to the same network. So it's definitely a big risk because those devices are going to come to the office. So it's no surprise that 22% of small businesses have suffered a security breach due to this, right? It just makes sense. As we said at the beginning, they have to adapt very quickly to this work-from-home model, probably they focused too much on connectivity and neglected security, and now we have the consequences. So the employees -- I mean, this is the first takeaway. The employee device has to be protected wherever that device goes, okay? This is a must. And then, of course, when that device comes back to the office, there is an increased risk because, again, that device has been connecting from home and managed network, there might be infected devices at the employees' home, that device might have connected from a coffee shop, for example, again, no network, unknown people connected there. So when these devices come back to the office, to your office, you can be infected. And this is adding on top of the well-known SMB risks, right? And we covered some of those during Ian's presentation. So first of all, they are a target. I mean, today, this is no longer the large enterprise stuff, right? The SMBs are not only a target, sometimes they are even the main target. 76% of cyberattacks occur at businesses with under 100 employees. Why? That makes sense, right? The hacker, the threat actor knows these guys don't have the security measures in place to protect themselves most commonly. So they just attack them. They are an easy target. They are the low-hanging fruit. Ransomware, of course, is a top threat. I mean, that came up what -- it became, let's say, a buzzword 5 or 7 years ago and still here with us, right, and I think for a long time. 55% of those are attacking businesses with under 100 employees. So again, very, very small businesses are being a target for ransomware. And what is interesting is that even the employees and these guys are not technical people necessarily. They are aware of this risk. So I'm working for an SMB, and I know there is an issue, right? So 23% of this, and this is for very, very small companies up to 50, which again are not technical people, they believe their digital information is not secure, which is a big issue. And why? What is the main thing here? There are no skills, right? So there is no one there that knows what to do here. So that's a problem. And those skills are very scarce in the market and they are very expensive. So definitely not at the reach of SMBs. Consequences, very high cost, okay? So in any case, I mean, you will see, depending on the source you are checking, you will see a different figure, but in any case, it's a very high figure always, always. For a small business, I mean, think of it like I have 20 employees, and I have to pay $40,000 or close to $40,000, that can basically mean that I am out of business, right? Because these guys are -- most of them are just starting. They are very tight on money. They have gone through a pandemic. Many of them have closed anyway for other reasons. So if on top of that, they are hit by a cyberattack, that's the end of the story. So now let's talk about the tailor-made security solutions for the SMB, okay? This is the Allot secured value. This is what we are bringing to the table. And this is shared from the CSP, the operator. First of all, the solution has to be straightforward. We are talking about an SMB, an SMB that very typically is a consumer that created a company with a bunch of people. So they are not technical. The budget is very tight, and the solution has to be so easy that they don't have to hire someone to manage it. However, that cannot come at a compromise of security. So the security has to be robust. You have to have good security there because otherwise, what's the point, right? The way we do it is you have one bottle, you activate security, but in the background, there are multiple layers kicking in to protect their network. It has to be modular as well. This is for the CSP perfect, right, because they can create their own offering. They can decide what is interesting for them, for their network, for their customers. They might create different packages according to different type of customers. So we give full flexibility in that sense in terms of modules, as we call it, that you can have in the products, and we will cover them in the next slide. But also in terms of the offering itself. 360 protection, as we said, very, very, very important to protect the guy that is working from home or working maybe from a coffee shop. We have to protect that device because that device is coming back to the office, right? So it has to be always on even off-net protection. And the solution that you are deploying at the end of the day, you have to offer this for very little money, money that any SMB size can afford. We were talking about the budget is very tight. So in order to achieve that, this has to be a solution that is built for multi-tenancy. Why? Because that way -- that is the only way actually to reduce the footprint and to be able to offer a solution to the end user that they can afford that you are going to make money as a CSP. So let's look at the -- let's call it typical network layout for an operator, right? So we have here the CSP network, that cloud at the center, right? On the top left, we have radio access. So phones, devices, even IoT space, right, connecting through 4G, 5G. At the bottom, we have a router access so that can be a fixed network or can be a fixed wireless access, whatever it is, goes through a router. And then of course, we have the work-from-home or public WiFi essentially. So that guy that is connecting from somewhere else to the resources in the office. Now when we look at our solutions, we are going to refer to them as modules, right? So we have 2 modules that we secure and DNA secure, they are sitting on the CSP network. That has advantages and disadvantages as we will see later, okay? Then on top of that, we can also have an agent on the router, okay, which is what we call BusinessSecure. So this gives us additional functionality because we are now sitting on the router and we are able to see what is happening inside the network, and we are able to provide protection for that internal traffic. To add to that and to complete the picture, as we said, critical to have a solution that is covering those devices that are going somewhere else, connecting from somewhere else, for that reason, we have EndpointSecure. It's an application that you install on your device and goes with the device wherever the demand goes, okay? But the main value that we are bringing to the table here is unification for configuration and reporting. This is provided by Allot Secure. Allot Secure is the umbrella. So it's the orchestrator that is putting all the pieces together and making sure that everything in the background is working, right? So you as an operator and also as an SMB owner, you are interacting with Allot Secure and Allot Secure instructs, directs the different modules to do their job, okay? So this is the main value that unified configuration reporting and essentially vision that you get. So let's look at it. I mean, so let's say that I am an SMB owner, right? I have my app, and this app that I am showing here is only for a presentation purposes. Typically, an operator will customize it according to their look and feeling, right? So -- but this is the app that allows me to make configuration changes to take a look at reporting. So now let's say that I want to configure a couple of policies, okay? So Barry?

Sorry.

That's okay. So let's say that I configure one for salespeople and simple as, I want security to be on, and we take care of the complex staff in the background. And on top of that, I don't want them to do any gambling. So there is an important element here of content filtering. With content filtering, you can increase productivity for your business by preventing people from going to the wrong content. So I can do that for the salespeople. Format, the finance guy also security zone. But in his case, on top of gambling, he likes being on Facebook every now and again. So I don't want to allow him to do any social network. So from the SMB owner point of view, that's all I do. That is sent to the Allot Secure umbrella. Allot Secure does the processing of that and pushes that policy to BusinessSecure and EndpointSecure, just 2 examples, 2 modules that you can have in the platform and enforces those policies for these guys. But the main thing is, again, is a solution that is group and user-centric. So as an SMB owner, as the manager, it has to be super straightforward. It has to be very simple to manage. All I know is that I am configuring a couple of policies for these guys and then Allot Secure is in charge of doing that enforcement at the device level. Let's take a look at the Allot Secure modules. Let's start with BusinessSecure. So as we said before, BusinessSecure is bringing that visibility into the network, and that will allow the SMB to be further protected, right? So let's start from the basics, actually. So there are 2 modules, 2 items that persist across all the Allot Secure modules. Those are threat protection and content retail. So those exist across all the different modules. Threat protection, what is that? It's protection against malware, phishing, botnets, spyware, you name it. Again, all of that complexity are not exposed to the end user. They don't really have to know what malware is or what phishing is. They don't really care. All they want to know is that they are protected. So for them, it's just switching it to on, and that's it. That's what we call threat protection. Content filtering and productive content or content that the SMB owner doesn't want the employees to visit. So here we are talking about categories essentially. I might be blocking social networking, gambling to give a couple of examples. Now if we remember the picture that we saw earlier, this is essentially a piece of code, an agent that is being installed on the router of the business of the SMB. And because of that, we have additional advantages. For example, something we can do is blocking share access to the devices in the network. So typically, when your network gets infected, okay, so that will try to do what is known as lateral movement. So that means the malicious code will try to jump from one device to another device and then to another device. Normally, that happens over the command shell. So that an SMB will not normally use, that will be used by the malware. So with this, we are blocking their access. So it's a very effective measure to prevent that kind of lateral movement. We can also identify weak WiFi passwords, right? Because at the end of the day, if there is someone -- WiFi is open. I mean, there is no way to restrict that, right? If there is someone somewhere near the office, they can also hack that code and potentially get into your network. So with this feature, you are able to know if the password that you configured is not strong enough. Then on top of that, we're going to also do router hardening. So for example, there is no reason for the router itself, okay, the router itself to be contacting a server, I don't know, in India, just to give the name of a random country. Why? Because my operator is in the U.K., for example. So why should the router be contacting an external server in a different country? That makes no sense. So what we are able to do is to restrict that traffic so that the router can only communicate with the update server from the operator and also with the DNS server of the operator. That's all it makes. A completely different story is the devices that are sitting from behind the router, right? Those have to connect to the Internet. But the router itself only needs to talk to these 2 elements. DNS tampering detection and mitigation. This is an interesting one and a relatively common attack. So what they do is they compromise the router, they change the DNS settings. And effectively, what they are doing is getting all their requests, potentially all the traffic from your network, okay? Because when the device is trying to ask, hey, what is google.com? There will be a malicious DNS server answering that and saying, hey, here it is, and it will get all the traffic. So we are able to identify DNA stamping and also mitigate, meaning we replace it again by the ones defined by the operator. So you are back in a safe state. And on top of that, automated classification of connected devices, because these days not only laptops, tablets, there is a whole bunch of IoT devices that we can have -- I mean even if we talk about consumer, right, the regular house can have like 15, 20 IoT devices. When you look at the business, the number is way higher. So this is giving you visibility in terms of what devices are connecting, what type of devices those are and allows them -- allows you to bring them under management. NetworkSecure is fully zero-touch solution, sitting on the network. It's a premium solution. So it allows you to do very cool stuff. Like, for example, you can do antivirus from the network. So for example, if you have an IoT device, there is no way you can install an antivirus on an IoT device. With NetworkSecure, you can do antivirus for that device. We're going to also get full visibility just to see where exactly you are going. And on top of that, because one of the main advantages is to be able to penetrate the market, right, to be able to reach a lot of people and make sure people have visibility of the product and also the value it brings. With it, you can do what we call marketing campaigns to create awareness of the solution. And once again, it also includes, as you see at the top, threat protection and content filtering. DNS Secure, quite similar to NetworkSecure in the sense that this is a network-based solution. It's also 0 touch. It allows you to have very high penetration. Benefit is that it's very lightweight filtering, okay? Because you are only looking at DNS queries. It allows you to have a very lightweight solution. And then finally, EndpointSecure. So EndpointSecure, as we said, is your module to protect those devices working from home. It leverages award-winning Bitdefender categorization. So the engine, what is doing the filtering, is Bitdefender, okay? However, it has a wrapping on top, let's put it that way, and that wrapping is interacting and communicating with Allot Secure for configuration and reporting purposes, okay? Benefits, because you have an agent installed, you are able to identify existing malware in the device. So let's say that I just bought the Allot Secure solution, whatever name the operator is giving to that, okay, that's a different story. But let's say that I buy Allot Secure, I install EndpointSecure, right? And I already have a virus. With this, I am able to run a scan and identify that virus. And on top of that, it gives you additional benefits like, for example, device tracking and theft protection. So you know where the device is and you have threat protection capabilities like, for example, play an alarm on the device. But very, very important and critical for these days, it provides filtering event of net. So wherever you go, the protection goes with you, okay? So just to summarize, you have EndpointSecure, BusinessSecure, NetworkSecure, DNS Secure and as an operator, you can choose the module that is more interesting for your needs. And then from there, you can create a tailored offering for different businesses. Some of them might be mobile, some of them might be fixed, some of them might be converged, some of them might be willing to pay for a premium price. It's totally up to you. We give you the flexibility.

Eduardo, thank you very much. This is all good stuff. I kind of feel like the guy here in the fourth quarter of the football game watching the clock, having 10 minutes left, there's a lot of things. And I've got some questions that I want to ask you as a panel, and I want to take advantage of the fact that Itay, our VP, Products and Cybersecurity, is with us too. So let me start with this question. We'll see how much time we've got. Also a couple of questions from the audience, but it's likely that we're going to answer them off-line. But here, let me start with this. Do you think the SMB market and the focus on cybersecurity could be the growth area for CSPs over the next 2, 3 years? Or in short, what do you see the demand, how do you see this growing? When you see this market going? Maybe Itay, we'll start with you and then a few other guys, Ian and Eduardo want to chime in.

Sure. So I think that the SMBs are just like you said, are now going to be more effective, more concerned about cybersecurity, and they would look for somebody to help them. I believe that the first call that they would do is for their service provider. So we will be able to address your needs immediately. And with the click of a button, they would get secured with our solutions.

Right. Eduardo, do you want to add to that?

Totally right, at the end of the day, as an SMB, what I am looking for is simplicity and not only from the solution point of view, but also from a, let's call it, process point of view. If I already have an existing contract with my operator and my operator is giving me a security solution, why do I have to go somewhere else to find it, right? I already have that existing relationship. I can leverage it. And if that operator is offering me a solution such as what we have here, then, yes, so no-brainer.

And Barry, you mentioned a cool example about the water pipes, which I love.

What, the water pipes?

The water -- so when you have water in your house, you get clean from germs. And the same approach is a project I really like here. I personally have a very dedicated system in my house, but I think that SMBs usually would look for a clean pipe, a clean water pipe for them.

Good analogy. Good analogy. Ian, you're sitting over there anxious to jump in.

No, no. I would agree with both Itay and Eduardo really. I think there is that move that SMBs are going to be prone to more and more attacks. Obviously, the CSP market or the CSPs have been focusing on the enterprise and the consumer market. I understand that and the SMB market is much harder to penetrate just by its very nature. But I do think Itay's point is very true. You've got -- there is an ongoing relationship between the CSP and the SMB. So it's just natural to harness that relationship and provide those additional services because that's where people will want to go.

All right. Well, let me ask you another. I'm going to -- with your permission put on my glasses, just did this laser surgery, so it's still getting used to this whole thing. So looking at it from a CSP point of view, what would the role be to help better facilitate the protection for SMBs? Expand on that a little bit from the CSP point of view? Who wants to start? Don't all jump in at once. Maybe it's a good question.

Well, okay. I think from the CSP's point of view, it is around having the product available. I think the key thing to me from Eduardo's presentation is the 0 touch for the SMB. I said during my presentation, we are an SMB and the last thing I want to be worrying about is what's going on with my IT, what's going on with my connectivity, what's going on with my network. So -- and it's a bit like my house to take that -- and I love the pipe analogy as well and the water analogy. But take the same thing. I have a house alarm. I want to make sure that, that's continuously operated and it's operational and it's maintained and so on. So I think from the CSP's point of view, there is that massive opportunity to give them a level of consultancy initially and then the level of service that just takes away the headache and that's what SMBs want. They just don't want the natural headache. So managing IT, managing security, they just want everything to be operational, so they can focus on doing business, which is really what they're good at and what they want to do.

Exactly. And now we are using analogies and you are talking about the alarm, right? So the user doesn't have to understand how that alarm operates, what is being connected to? All the user wants to know is that I am paying this money, I want to know when someone is breaking into my house, right? Or I want to know when my house is on fire. That's all. I don't care about anything else.

Yes. All right. So here I don't know if Itay wants to say something or I'll go to one last question here just in the interest of time and then we're going to basically conclude. So what are the similarities you see between consumer and SMB needs or SMB security needs? Maybe Eduardo, why don't you start with that?

Yes, sure. I can go first. So basically, I think there is a massive overlap between consumers and especially the lower end of the SMBs, right? Because, again, if we think about it, more SMB like a micro business with 1 to 10 employees or even the small businesses, right, this is essentially a consumer that created a business. What that means is that they don't have the skills, and they don't know how to address this cybersecurity issue that they are facing, yet they know that there is something to be addressed, okay? Because if you're a consumer, of course, you are affected. But if you are a business, then that's your likelihood, right? If your business is affected by a cyberattack and you have to close your business as a result of that, then that's it. You have no money to buy it back, to put it simply. So yes, they are very similar in that sense. So the solution that they are looking for is a solution that doesn't demand them to hire people or to pay money to consultants to manage that solution. So it has to be so simple that anyone can manage it. That's the critical point.

Simplicity, simplicity, simplicity.

Correct.

Okay. Guys, do you want to add to that or any other last points to put forth?

I would just add to that a little bit. The commonality is also Eduardo mentioned it during his presentation, which is infamous IoT, the level of connectivity, the level of exposure through the different devices is becoming common now between the consumer with all of the IoT devices and the SMB. The SMB might be multiple mobile phones across their employee group as well as other IoT devices in the consumer world, you've got all the other things going on. So I just think you're seeing the proliferation of potential vulnerabilities both within the consumer and the SMB world. So they are pretty much matched in that context and not for a great opportunity.

Itay, I'll give you the last word here before we close out. Any last comments, if you want to say, put an emphasis on something.

Sure. So I think that the SMB is a very high-potential market. Many, many potential subscribers would be interested to something that will solve their problem in a very simple manner. And the threats are rising, okay? There is more and more threats, and they need to make sure that they are protected, this would cost on their business.

That's correct.

Right. And as Ian was saying, right, the environment is getting more and more complex. We have a work-from-home, we have lots of IoT devices. We have the move to the cloud. So there are so many things going on at the same time that the SMB doesn't know what to do here. They only know is that they need security and they need it fast and simple.

All right, guys, listen, we can talk more, and I see there's a bunch of questions from the crowd. We will get back to you guys off-line. But we are out of time. So let me, at this point, conclude the webinar. I want to take the opportunity to thank Ian Parkes, Director of London-based Coleman Parkes Research as well as Itay Glick, Vice President for Cybersecurity Products; and Eduardo Holgado, Senior Product Manager Cybersecurity, both from Allot. I also want to thank all of you guys out there, the audience for taking time to participate. We don't take it for granted. We know it's taking time for today. I want to remind everybody that this webinar has been recorded and will be available on demand. And that we will be sending you today the telco trend report, which is based on the SMB survey that was presented today earlier by Ian on the webinar. And so that brings us to the conclusion of today's event. Thank you all for joining. Stay safe and enjoy the rest of your day.

Thanks.