Check Point Software Technologies Ltd. (CHKP) Earnings Call Transcript & Summary

All right. Thanks, everyone, for joining us. My name is Sterling Auty. I'm the software technology analyst here at JPMorgan. Thank you for joining us for our 48th Annual Technology Media and Communications Conference. Very happy to have with us the management team from Check Point to kick off our first session. We have Gil Shwed, CEO; Tal Payne, CFO; and Kip Meintzer, who's Head of Investor Relations. Let me turn the screen over to Kip just to go ahead and give us our safe harbor and get us started. Kip?

Thank you, Sterling. During the course of the presentation, Check Point representatives may make certain forward-looking statements. These forward-looking statements are within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities and Exchange Act of 1934 include, but are not limited to, statements related to Check Point's expectations. Because these statements pertain to future events, they are subject to various risks and uncertainties. Actual results could differ materially from Check Point's current expectations and beliefs. Factors that could cause or contribute to such differences are contained in Check Point's earnings release issued on April 27, 2020, which is available on our website and other factors and risks, including those discussed in Check Point's annual report on Form 20-F for the year ended December 31, 2019, which is on file with the Securities and Exchange Commission. Check Point assumes no obligation to update information concerning its expectations or beliefs except as required by law. Now I'd like to turn it back to Sterling.

All right. Thanks. Gil, Check Point was actually one of the first software companies to report March quarter earnings. You're one of the first to give us an update on COVID-19. Can you give us a sense of what did you actually see both in the March quarter and in the month of April in terms of the impacts from COVID-19?

First, good morning, everyone, and thank you, Sterling, for hosting us in this new format. It's actually an interesting one. I hope we will learn from it. I think in terms of the March quarter, we definitely experienced a complete change in the operating environment around the world. But I think we only have the only small effect from the corona crisis for the results. First, because it hits the U.S. only in the last few days of the quarter. And Europe, it hits in the last 2 to 3 weeks of the quarter. So overall, I think if we try to quantify the effect it has on us, we probably -- again, it's things that we can easily identify, not random deals, but countries that really suffered. Countries like China, Italy, U.K. suffered greatly. We saw an effect of over $10 million in all these countries. There have been a few deals that may have been accelerated because of corona. People were trying to first build more capacity, enable more remote access VPN and some people tried to accelerate projects because they knew that something is changing. So some people wanted to complete that. I'm sure that there has been a lot of other projects that's been postponed because customer attention shifted to how do we adjust to the new situation. But overall, the financial impact on the March quarter was only very small.

All right. That makes sense. And actually, before I ask my next question, I failed in my intro to remind people that I'm going to go ahead and get us started with a number of questions in terms of fireside chat. But I do want to bring audience questions into the session as we go along. So feel free to make use of the Q&A feature. If you hit the Q&A button and go ahead and enter your questions through that feature, I'll incorporate it into our session. So Gil, you talked a little bit about some of the remote access, maybe VPN capacity buildups. There's a lot of companies that we're starting to hear that may not bring all of their workers back into offices. So do you think that there's perhaps a permanent uptick in demand for some of your VPN solutions moving forward to support just kind of a new way of working?

I think it's definitely a possibility. I mean we look at it like many others, and we see do we -- can we really learn about new modes of operation? Again, if you look at Salesforce, that's one avenue. How do you conduct sales when you never meet the customer physically or maybe will meet less physically, and it can actually increase productivity in some areas. It's much easier to bring a group of experts. It's much easier to run a demo when you do it on Zoom and when everybody is available and everybody is a click away. For us, the challenge was about getting the entire development organization that's used to be exclusively in office, we've lodged to home, and we are actually seeing good results. So I'm pretty sure that we will see more of that in the outside world when companies will -- I'm not sure that permanently have everybody at home, but people will have more opportunity to work from home and more opportunity to access their environment. And I think we're getting very good feedback about our remote access VPN. People love it. They love the performance. We are conducting surveys and the ratings that we're getting are very high, even compared to other solutions, not just competing solutions, but different technologies for remote access.

And Tal, we've heard from various companies kind of their exposure to some of the hardest-hit industries. So ServiceNow talked about 20% exposure to travel, lodging, et cetera. How would you characterize Check Point's exposure to some of those hard-hit industries?

I mean from a customer perspective. So they are our customers. But my estimate is probably somewhere like around 10%. But I will -- still remember that a lot of the businesses, they renew for support and subscription. So it's not something that is shut down just because the employees have been moved remotely because you still need to protect your environment. So I think it's obviously sensitive as well, but it's not as a capital expense that you can just stop doing just because you are under a lower volume of employment. And remember, when I'm comparing to previous crisis, so I think when I'm looking at the influence, you can differentiate between a shrinking of capacity in organization, where if your model is based on users, then the lower the number of the users, the more you will be affected versus something that is 1 or 2 or 3 gateways per organization, and that is typically you don't just shut it down and no longer have gateways. So...

I would tell that in general, the Internet capacity is not going down. I'm sure that our macroeconomy will be affected. I'm sure that we'll see changes. I don't know if there will be upside or downside, there will be changes. But in terms of Internet capacity, Internet capacity is just going up because what the corona shows us is how critical is the Internet is for our -- everything. Business, life, we all moved from a hybrid model when 70% of our life are physical when we go outside and 30% on the Internet. So situation will become almost 100%, or not 100%, but 90% to 95% on the Internet.

Yes, absolutely. One of the other things that investors are asking about is kind of exposure to SMB. I don't think anyone's ever really thought of Check Point as an SMB provider. But what part of your business actually comes from some of those smaller companies that might be more at risk during this downturn?

Unfortunately, very small portion. It's actually a big -- for me, it's a big upside opportunity right now, enabling more of SMBs. We have -- again, we have probably a very large number of them. But in terms of percentage, it's 2% to 5% of business right now.

Yes. That's what I would expect. Now Check Point's has always been one of the most profitable software companies in all of software. How are you guys thinking about managing your expenses and your hiring through this environment?

Right now, we are keeping hiring. We're keeping business. We are trying to keep business as usual. I think, by the way, one of the good things I'm hearing from many of our customers, from almost all of our partners, is we're trying to run business as usual. And I think that's critical to the economy because if we all say we stop, then the economy will crash. So at least what I'm hearing is from everyone, we are trying to run business as usual. We're doing the same. We are hiring. We are trying to hire, maybe we can get better talent during the period. We are hiring. We are -- we keep all our employees. We sent a very strong message to all our employees that we are behind them. And by the way, it pays off. The level of employee engagement, commitment, hard work that I'm seeing is second to none. It's -- I mean, I'm very happy with what I'm seeing in the Check Point community, both all the employees and many, many of the partners of showing extra commitment.

But if you look at -- Tal, in terms of the type of expenses, how much of the Check Point expense are fixed versus variable? Or maybe the other way is how much of the expense structure is really tied directly to headcount?

Actually, it's interesting because in economy, you count employees as variable. But it's actually quite fixed. So I would say if I'm looking at it, majority of it is our employees and employee-related. We are a software company. We don't have a lot of CapEx and cost of goods sold. You can see cost of goods sold is about 10% of the revenues and the rest of the expenses are majority related to our employees. So I will say since we are keeping our head count and increasing, I will say we treat it as here for the long run. And -- so we don't expect to see a material change in our cost structure in this corona period.

And looking back, Gil, Check Point has been in public for a long time. You do have the benefit of wisdom of experience and history. Most of the companies I'm asking about 2008 to 2010. But as you look back through the 3 or 4 economic downturns, 2001, 1996, 2008, 2010, what are some of the things that you learned in terms of how you manage through those downturns? And how you might be applying that to the current environment?

An excellent question. I think first, every crisis is different, and this one is something that we've never seen before because it's the first time when it affects 100% of the people, 100% of the world, and it's not just a few sectors or a few geos. I think the big -- but I think what we -- what I've learned during crisis is actually, well, if you keep your focus, if you keep being stable, if you keep being consistent, you go through that in a very -- again, in our condition, when we remain very profitable, when we have a strong balance sheet, of course, it's different if you have -- if you can't run your business. But if you do get right, I think we've been able in the 2000 -- let's put it that way, in the 2001 or in the dot-com era and the post 9/11, we faced a real change in culture. From a culture of doubling every year to a culture of markets that's much more stable. And I think we've crossed that culture change in a very good way. Since then, I think we have a very solid culture of doing the right things, being responsible, sometimes accelerating, sometimes slowing down, but keeping consistent. I mean I can say that in 27 years, we never had layoffs in Check Point. We never had to do cutbacks even though we went through all these 3 or 4 -- and we were affected by the different crisis that's happened in the world. And I'd like to think that, again, depending on the world economy, that we can cross this crisis in the same way and come stronger out of it.

So I want to switch gears and talk a little bit just technology and technology direction. Obviously, a lot of discussion around the shift to the cloud by your customers in terms of workloads and what that means for cybersecurity. So how are you viewing this transition? And what are the moves that you're making at Check Point to be in a position to capitalize on it?

So we -- first, we are making and we made huge investments in the cloud space in the last 3 years, 4 years, building technology, acquiring technology and building the Infinity architecture, that's the architecture for the future, and cloud is a huge part of it. In this crisis, I don't see a huge change in the mix. I mean still there is a demand for cloud. Still people are putting more things on the cloud. But actually, many people also realize that we need to strengthen the on-site infrastructure, and I think we've seen it. Much more shipments from Intel and other vendors in the first few days when offices here in Tel Aviv got closed. I met the delivery guy of the computer. And I said, you probably have less work because there is a complete shutdown. He says I am working every day until 2 a.m. Everybody is buying all the equipment which they get to strengthen the infrastructure: servers, laptops, everything. So we can function and we know that we have the bandwidth. I don't know if it's a onetime, but I think we do understand -- even with Check Point, we've looked at projects that we have to do very fast in transitioning to the situation. Some projects, it was easier to do through the cloud because you can just turn it on. Some projects, we realized the benefits of on-site when you have faster latency, when you control the environment and so on. So I would say that most of the projects that we did, for example, were physical projects and not cloud projects. But we are heavily invested in the cloud. We've seen companies that realize how critical is their cloud. So for example, our Dome9 solution, more and more people realize that when the cloud becomes so mission-critical, we have to start monitoring it, controlling it, securing it, tightening it up, which is exactly what the Dome9 platform does. So we're actually seeing a nice level of interest there.

When we get past COVID-19, do you think there's a risk that traditional on-premise firewall VPN just goes in the secular decline?

I think the risk first existed before corona. I think the situation that we've seen so far in corona is actually improving the situation there. Again, the overall economy may be affected, but people realize how important is their equipment, because we've just seen this huge uptick in traffic and remote access and all of that, and people are now seeing that we need strong infrastructure. So if you have -- and this is really the case that 8,000 remote access users and now we have 80,000. And you need to realize that you need stronger infrastructure. And by the way, you'll keep upgrading that infrastructure now. And you'll keep augmenting that. So I see, overall, the demand for bandwidth, the demand for the equipment that we make is not going to change because of the corona, maybe changing because of other things.

Makes sense. Just a reminder for the attendees. Feel free to click on the Q&A button. Go ahead and enter questions there and I'll incorporate them into the session. One area that's very, let's say, topical is Fortinet has seen some success, rejuvenating their firewall sales on the back of incorporating SD-WAN into the platform. And now we've seen Palo Alto, not only invest organically, but make an acquisition to go down that line. You had an interesting comment on last quarter call around SD-WAN. Can you kind of give us a sense of what do you think about that technology or area as an opportunity for Check Point moving forward?

So I think SD-WAN is a very interesting area. It's more about connectivity and how we run connectivity than how we run security. And I'm not 100% sure of what's the right strategy, because in markets of connectivity, there are networking vendors, and they are usually doing a good job. The Ciscos and even the telcos from a different angle, usually, they are being -- they are controlling the communication part. And our job as a security vendor is to augment what they're doing and provide an extra layer of security. So I'm not convinced at this point that getting into SD-WAN is the right thing. I'm also not excluding that because I'm looking around and seeing what's going on. We are -- we definitely need to provide that additional level of security on top of SD-WAN. And I think we're doing it with all the major partners in the marketplace, VMware, Cisco, with all and several other dominant companies in the SD-WAN space. And I think the partnership here -- the partnership strategy here has a good chance to capture a bigger market share.

Now how do you split that opportunity from an area that you do have a good presence in through the years is the branch office, and controlling branch office access to the Internet through a firewall, et cetera. And we have seen the emergence of Zscaler and others in that space, and even Palo Alto trying to create a firewall in the cloud with Prisma. What offerings do you have currently for that opportunity? And is that something that you view different than SD-WAN?

I think, first, we're all in same family of how you combine connectivity and security, and we definitely are going to be in all the security aspect. We are providing what we call CloudGuard Connect and CloudGuard -- and that family of CloudGuard Connect enables that security from the cloud and security incorporated into SD-WAN. So no surprise. It's the same family from us, and some of it is embedded into the SD-WAN device. And some of it is provided from the cloud. And I think that's a play that we are already in. There's a few other alternatives to do that. And again, we are investing. We're learning. We are gaining experience in that. And I think it will all pan out somehow to the right solution.

So when you look at the Infinity logo behind you, can you help investors understand what does the Infinity platform bring to customers that you didn't have before?

So I think the Infinity platform gives the customer the ability to control all their security or almost all of your security using one platform. And when you think about it -- and by the way, these days, we are running into that situation. You need to connect people remotely from home. You need to enable them to use applications like Zoom from home, you need to enable to provide geographies. Each one of that requires multiple companies. You need to secure the cloud place when they are accessing. You need to connect the data center that they are accessing to and they're accessing both. You need to secure the endpoint to make sure that when I'm now on my end point, when I'm playing around, people don't hack to our conversation and to our data and to everything basically that's going on. And today, when you need to do that, you need 6, 7 different security vendors just to solve these small things. And with Infinity, you have one control panel, one architecture, one vendor, and I think we can give you a much, much easier and much more secure approach to securing all these places. And I think especially now when people have to make changes fast, they will learn about that benefit. Well, before, you had a yearlong to do this project, now you have a week or 2 weeks to enable that service. So you need something that will either won't be secure or will be secured and will do it in an effective manner.

But how does that differ from some of the orchestration or SOAR tools that are out there? And within a -- does it need to be Check Point technology products deployed at all of those enforcement points? Or is it meant to integrate with other vendor solutions as well?

First, we know how to integrate, and we are integrated, and there are elements that we don't provide like authentication or in the cloud application itself, which we connect to every cloud. The strength is what we have, we are connecting to every environment. We are supporting all the relevant places. It's very different from SOAR. Most of the focus in SOAR is around incident response. It's around response to a breach that you've found. And we are taking an approach which I think is much more effective. Let's avoid the breacher. Let's not say that's the playbook of doing what -- of how to deal when the breach happen. But if we can reduce the number of breaches by 90% to 99.9%, I think you'll get a much more effective solution. And that's the focus of what we do. It's integrated from the beginning, and mainly, it prevents the attack. And the prevention not detection mentality is the strongest differentiator, I think, that we have today in Check Point.

Makes sense. And as you think about the cloud strategy as you move forward, you had mentioned that you've made some acquisitions. Where do you see the opportunity to continue to innovate through organic development? And is there still a focus to fill in some of the cloud opportunities through acquisition?

I think it's both. Cloud is such a wide perspective of technologies and solutions. It's connecting to the application, it's connecting to the infrastructure. The infrastructure in the cloud is composed from different environment, different operating systems, containers, serverless functions, services, web services. There's so many things in the cloud that I think it's -- I wouldn't say it's endless, but it's -- actually, it's close to endless. So there is a room for both organic development, which is mostly what we do, and some acquisitions. I think it's about gaining first the platform, and I think that's what we are doing with Infinity and with the next-generation Infinity, to be able easily -- I mean, I'll just give a number. We have, today -- we are supporting 60 different platforms through the Infinity architecture. These platforms can be your traditional IP network. But in the cloud space, there is around 30-plus platforms that we already -- that we're supporting in 2020. That's a huge number of platforms, more than we ever did before. And again, it's not just the cloud when you need the IoT and you need to secure the whole IT environment. It's not just one or the other. It's secure -- what we call Secure Your Everything.

And is that because -- I remember when you launched the OPSEC alliance all those years ago, you've had deep integration from partnerships and a lot of work that were done by other companies to tie into the Check Point platform. Is everything that you just described really just an evolution of the deep integrations that started through those alliance programs?

I think, first, I love the OPSEC model that we had. It was in the 90s. So it was many, many years ago, and it was great. I think there's definitely more potential to revive that. And we have, today, a lot of partners. I think we can do a better job opening up and connecting things. But I think it was very, very different times. But when we were small vendor with 50 developers and we have to provide tons of functionality, so the best way to do that was to connect to all the other vendors and utilize their skills. With times, customer needed more integrated solutions. We have, today, 1,500 developers. So obviously, we can do much more. And on the same time, there is also a lot of other third parties. So the entire dynamics changed. We became from a tiny start-up that's trying to be a platform to a platform that wants to work with big and small vendors, but the platform itself is 100x bigger.

Now, Tal, how do we think about -- with all these opportunities for investment, especially as we move into the cloud, how do you balance off the need to invest for growth versus maintaining the margin profile that you have?

I think I said it many times. We don't really manage the margin profile. We manage the investment in the sense if it makes sense and it has a good ROI and is the right place to invest in the technology and for the future growth of the company, we will do it. It doesn't really matter if the margin is 48% or 53%, and you see us implementing it. Having said that, you know us. You shouldn't be concerned that we will do things that don't make sense. So we -- every investment that we do, we review regularly to see if it makes sense or not. If it brings the fruits that we expected, we know how to start things, we know how to slow things if it's needed. So I think the margin is not the goal. The increase of the revenues and hence, as a result of our profit, this is what we're focused on.

But along those lines, maybe talk about the deployment of capital. You continue to steadily increase your share repurchase. Where are you in terms of the pace of share repurchases at this point? And how do you -- do you dedicate a certain amount of your capital that you want to use for M&A? Or it's more just driven by as targets arise?

So we have the cash. We have the ability and we have the desire to do M&A. We can do a small one or a large one. It's more about finding the right fit, a good company with the right technology in the right place. Can you hear me? Yes. Sorry, I saw the screen freeze, sorry. So we have the will, and we're looking at many companies. And if we find the right technology and it makes sense, we will do it. Actually, we don't limit our M&A people to say only small one, only large one or only in that little area. We're very open-minded here. And as a result, when we find the right thing, we acquire it. We have a buyback program. We know we have approved $2 billion, up to $325 million a quarter. We are utilizing all the amount that is allowed, and we used it fully in the previous quarter, and we intend to continue with it.

Yes. One of the acquisitions that you did last year was really kind of focused on serverless. As I think about serverless and containers and the emergence of no-code environments, what particular hurdles does that bring from a cybersecurity perspective? And what opportunity does it give you to help your customers?

I think there's huge hurdles in that, both because it's much harder. In the data center, you put a gateway or you secure it from the outside. And you know that even if it's -- that even if inside nothing is -- not everything is perfect, it's still secured very -- in a very high way. Once you move to these kind of environments where you don't have any environment to secure, each instance run on its own and each instance needs to be secured, you need to go into what I call nano or micro security securing these elements. So that's one element. The second element is because the way these applications are being built, they are so insecure, it's unbelievable. I mean it's not a simple code that a developer wrote. And if they did a decent job, it's decently secured. It's a collection of multiple pieces of utilities, not just code from many different places. And usually, the connections between them provide -- I mean, not every hacker in a simple way and ability to crack through that, it's horrible to see that. Our research team -- and our research team publish new findings every few weeks. It's unbelievable what we can find. Every system like that where you can pick, they find how to hack it in the relatively -- again, it's professionals, but in standard ways.

Well, how do you think about -- you talked about kind of micro security. I would think about traditional cybersecurity, especially from a network perspective, is having a particular enforcement point with each workload or each element that you're trying to protect. We have seen the emergence of some technologies to kind of do ring-fencing around it. But especially for these technologies that have the ability to auto-spawn to basically build up to meet capacity requirements, how do you build a cybersecurity solution that's as flexible and can actually expand and contract with the underlying elements that you're trying to protect?

So our architecture today and the future architecture that we are building is based on the fact that, a, we've built an amazing library of security technologies. We want to enable them everywhere. We want to enable them both through the traditional ways, but also through what we call -- but also from new ones, and we call it nano agents. And these nano agents can tap to anything. It can be a serverless function. It can be an IoT device. It can be a container. It can be everything around our world. And we want every nano agent like that to consume all the relevant security from what we call a cloud service. Say, we call it cloud service because in many instances, we call it a fog. It will be a cloud that's closer to you. It maybe even a cloud with on-premise because not everybody wants to export all their data or all their transactions to the outside world. But still, it's cloud -- it's cloud-powered security solution, but you don't need this huge piece of software, but you can get all the benefits of it through a nano engine. And that's the future architecture that we enable now. And I believe it's fairly unique in the marketplace.

Absolutely. I wanted to touch upon Software Blades and also the downturn as well. When you look back on previous downturns, what did you see in terms of maintenance renewal rates? And what did you experience in the March quarter around renewal rates on Software Blades? And what are you expecting might happen in the coming couple of quarters?

I think in general, it remains stable. I mean, again, some people will renew because -- I mean, everybody needs what we are doing. And I think what we're doing is generally mission-critical. Some people will accelerate deployments because it's time to expand. And by the way, I can talk about the last point. There is a huge -- I think that there will be a huge demand for new methods of security with the change with corona now. But even your existing customers, even if you stick to what you have and pay the subscription and pay the support and maintain it, or you accelerate, very, very few people will actually get rid of security. So either you keep stable or you grow, and I think the mix will shift over time.

But you just mentioned -- I want to make sure that it wasn't different than what you stated earlier in the presentation. You mentioned that you do think there is going to be a big change to security because of COVID. What do you think those changes will actually look like?

So first, earlier, I said that corona won't affect the business, corona will affect the business. So that's maybe -- I think I misworded myself. It won't change it in a way that people won't need physical security. It will change the macroeconomy. But the shift that the world has done now, from an IT perspective, it means that we, first, moved -- we did a huge digital transformation. You look at public services, company services moved in a pace that we've never seen before to the -- not just to the cloud, but to be digital. And that means that we opened a lot of new services, and we didn't always secure them right. Second, we opened all the holes and all the access points to a company. And the job of the Chief Information Security Officers now will be to close these gaps, will be to close these holes and create a much stronger layer of security. Because all the things that we didn't do before, we're doing them now, and we did them very fast without taking care of security. So I think the world will now face 2 phenomena: either good investment in closing these gaps from a security standpoint, and the survey which we did showed that 90% of security professionals believe that, that's the situation; or that we'll have a new pandemic of not physical viruses, not biological viruses, but computer viruses or computer hacks that will take advantage of that. And I hope it will be in the prevention mode in the cyber space, and we'll be able to prevent most of these future attacks that are imminent, in my mind.

And do you find that maybe the development of additional solutions along those lines end up just being additional blades on top of the existing platform? Or do you think they have to be standalone products?

No, I think it will be existing technologies on top of what we have. I think we are there. The platform is there. But it's additional investment in either using more capabilities or developing new capabilities that will take care of it. And I think we are seeing that starting to happen. And I think, again, people will -- I mean, again, it will have to happen. Otherwise, we'll have a pandemic of cyberattacks. We've already started seeing that with the information from the World Health Organization and from the Wuhan Institute already being stolen, and that was a direct attack that took advantage of opening everything to remote access.

With our last minute, just real quick, Tal, given the current environment, what's Check Point actually doing with your own internal IT budget in terms of your own spending?

We continue according to the budget. Like Gil said, the main focus was to move to work remotely. We have -- the project that we plan and relevant, we will continue. The ones that might not be relevant because of the situation, of course, there's no point to continue with them. So I think it's more about the relevancy of projects in this new life that we have right now. And also, I think, I see the discussion is much more short term in the sense that we want to do things much, much faster. So in a regular universe, you can have a long-term projects, you may want to execute very quickly projects. So we see actually project implementation. Before, it might have taken a month or 2 months, now we're trying to do it in a week or 2 weeks. So I think it's a good change in terms of the agility of the implementation also internally.

And long term, if the world continues to behave that way, it will drive more demand because we'll be able to do more projects. I don't know if we'll have the budget, but at least we will use more technology.

Absolutely. All right. With that, Gil, Tal, Kip, thank you so much for joining us. We really appreciate it.

Thank you very much.

Thank you very much.

Thank you.

Stay safe.

Bye-bye, everyone.