Check Point Software Technologies Ltd. (CHKP) Earnings Call Transcript & Summary

Thanks, everyone, for joining us for our next session here at the 49th Annual TMC Conference here at JPMorgan. My name is Sterling Auty. I'm one of the Software Analyst. Very happy to have with us the team from Check Point. Gil Shwed, Co-Founder and CEO; Tal Payne, CFO; and of course, Kip Meintzer, Head of Investor Relations. To get us kicked off, let me turn it over to Kip.

All right. We'll get quick safe harbor in. During the course of the presentation, there may be forward-looking statements covered by the safe harbor provided by the Securities and Exchange Act of the early 1900s. As with any of these forward-looking statements, there's lots of uncertainties and et cetera. You can find a nice list of these in our latest press release or our Form 20-F filed with the SEC. As with all forward-looking statements, we only require a duty to update where required by law. Thank you, and I'll throw it back to you, Sterling.

I could just picture like Kip running that through his head as he's falling asleep. How many times he must reiterate. And I'll say, I've got 43 fireside chats at the conference this year. There's only 2 companies that are reading safe harbor statements. They're both security companies. It's Check Point and Fortinet. So again, it goes to show you cover all your bases.

There you go.

Gil, thanks so much for being here. It's great to see you, and I'm going to take advantage of the fact that for those that don't know, you are one of the founding pioneers of cybersecurity. There's not too many people that we can sit and talk with that has seen the entire kind of spectrum of how this industry has evolved. So just to kind of kick off, when you look at the kind of current state of affairs in terms of the magnitude of the attacks, the type of attacks, how would you kind of characterize where the industry has evolved even over the last 10 years?

Thank you for the words and for the introduction. But definitely, the world is greatly changed. And I think we are now in what we call the fifth generation or Gen 5 of attacks. And these attacks are far more sophisticated than ever before. And the danger to environment, by the way, is built up on 2 things. One is that the attacks are far more sophisticated; but second, that there is much more in stake. I mean 20 years ago, when I started -- almost 28 years ago, what we had to protect is hackers want to show up their names and stuff like that. It wasn't the oil and gas pipes were all dependent on the Internet or that our commerce was all dependent on the Internet. So first, we have much more in stake; and second, the attacks are far more sophisticated. And also the attacks today are dominated by -- I mean, whether it's government or whether it's criminal organization, people that can do -- that have stronger interest and stronger resources behind them than kids in universities that are trying to show their technical skills. So we are now in Gen 5. These attacks are attacking us in multiple vectors. It's much harder to identify them. It's much harder to block them because, in many cases, will cause the damage, not when you like download the file. The initial file may be dangerous, may be benign. But in stage 3 or 4 or 5 beyond that, then the malicious payload will get somewhere and then we'll start sealing the data, causing the damage and they're really doing the real bad stuff.

Absolutely. And the other thing, I was thinking about this the other day is how Check Point has evolved through the years. Dating ourselves, I remember in the late '90s and early 2000s, if I think about Check Point really was a software initially, you had to meet in the channel where the software was loaded on hardware that was then delivered to customers, then along came these appliance companies and you evolved. And acquisition of Nokia appliance business, you became more of an appliance from factor, et cetera. Now as we think about the shift to the cloud and we think about how security services are being delivered to the cloud, how would you kind of compare this evolution in terms of its challenges and opportunities versus those like the shift from software to appliance form factors that you've had in the past?

So I think we've really evolved as a company exactly all the aspects that you mentioned. We've moved from being software only to delivering security appliances. We moved from being network security or just firewall to being, I think, today that grow this security platform in the industry with the Infinity platform that you see right behind me. We've moved our sales organization from an organization that's fully reliant on the channel to an organization where we have very strong relationship with our largest customers, and we do a lot of direct touch to customers. And I think when we speak about the change in the cloud and the challenges that we face, this is actually all plays into our strength. Because our strength is the software. We're not producing dedicated ASICs. We are not a hardware company. We are a software company at our heart. It moves to our strength because one of the things we were strong from day 1 and separates us from the rest of the market is our security management platform. And when the environment becomes so sophisticated and so complicated and we need to consolidate different solutions, the strength of security management is becoming even more important. So I feel that our new Infinity platform that talks about managing the whole spectrum, the future of security is actually working very, very well with our heritage on one side and with the huge investments that we make today in the future, in the remote user access, in the cloud and everything.

All right. Excellent. So there's 3 big topic areas I want to touch on our session: growth, cloud and kind of some of the overall industry dynamics. So let's start with growth. First, in terms of the pandemic, how did it impact your business in 2020? And does it create any easy or tough compares as we look at '21?

Okay. When I look at the overall of the years, I don't think it has a huge change in the top line growth or in the company operation. It did increase a little bit our profit -- or decreased the spending because we all were suffering from no travel and many of the events moved from these for physical to virtual events. And this -- on the earnings side, it might create some tougher compare for 2021 because we are slowly resuming these activities or even without resuming them the compare is now apples-to-apples and not the decline that we had last year. On the revenue side, which is the main challenge and the main growth driver that we have and which should increase the growth rate, here, I think we had a reasonable year in 2020. I think our aim is to grow much faster. So I'm not -- and I think we remain with that goal for 2021. I think we've built a strong foundation in the sales force. We've built a strong foundation with the technology platform. Yet on the same time, our business is constantly shifting from new product to subscription. I think for the long term, it's terrific because it's more predictable business. It's repeatable business. But for the short term, it actually creates a lot of pressure. For example, last year, we came up with the new family of network security and appliances. We call it Quantum, and it now captures everything we do in network security, but it started with a new appliance family. Now more and more of the appliances are now software subscription, which means that the software revenue recognition moved to be more subscription and less on the product side. Now that on the short and midterm impacts the growth. On the long term, it's actually very positive for the growth because you're not dependent just on clients' refresh cycles and the revenue is a little bit more predictive. So these are -- and by way, this will keep happening because every new model that we bring to market is more -- some of it -- some of the new products are 100% subscription. And they replace perpetual licenses. And some of it like the appliances, which are still the vast majority of our new product business will be moving more and more towards the subscription side.

Excellent. And I believe we talked about some goals on increasing new business in particular this year. What is that goal? And how do you plan to achieve it?

So I think one of the realizations that in a business like us that's -- we've been growing for 28 years now and struggling all the time, by the way, in the early days. We were in hyper growth mode. But since 2000, the business is always -- let's find a new challenge, let's find the new market and so on. I think we've been able to grow the business and be successful all the 28 years that we've been in business. We've been able to keep it profitable and again, keep it, I think, with very, very healthy metrics. So -- but I think one of the realization is how to focus the sales force, not on renewing the subscription model that we created in the last 7 or 8 years, but how to grow the real new business. And I think now this year, we are getting into that with much stronger measures. On one hand, yes, we want to retain the customer, take care of them. And especially when you deal with large customers, it's important that there will be full ownership of the customer success. On the other hand, we focus the sales force on what we call new business. A new business is any new business opportunities, any new customer. It's any new project, but it's not the renewal of last year contract. And I think the measure today for the sales force is very clear. You have to grow the new business portion very fast. And I mean once you run the mathematics, you see that in the short term -- again, when you win a new business project, sometimes it doesn't show up this quarter because it's a subscription and annuity. But within 2 or 3 years, the growth in the new business becomes the growth of the overall business, and we are aiming at strong double-digit growth for the new business. We are -- I think, in most of the geos, we are almost -- already there, not almost there, already there. In some, we're still struggling to get there. But I think we need to set the business return. That's the way we measure ourselves, and that's the focus of everyone on the Check Point team.

You mentioned margins. I think you're understating that how impressive -- I mean, for the longest time, you were the most profitable software company in the entire industry. We have seen those margins come down a few hundred basis points over the last couple of years. But to your point, the revenue growth is still kind of in that low to mid-single-digit range. What do you see as the big catalyst? You kind of laid some of the foundation, some of your answers already. But what do you see as the big catalyst to really start to drive meaningful acceleration?

So I think first, it's the growth of the emerging businesses that we have. And I think if you look at the -- even behind me, in 2021, we started the year with a much more focused strategy and a much simpler one, which would benefit, by the way, customers, which will benefit our internal employees, which will benefit our partners. And we are talking about 3 pillars. We have, one, architecture. And again, that's unique in the industry. No one else has a unified architecture for the entire security stack. But under this architecture -- in the past, we used to have 70 to 80 different products and technology. We still have all those products and technology, but now they are very, very simple to deploy, to develop, to explain under 3 main pillars. Quantum is the network security. CloudGuard, the name says it, for the cloud. And the new one, what we started this year is Harmony, and Harmony is for everything about the remote work, remote access, remote user. And even not the remote, the user that works from everywhere, even within the office, connecting the users, securing them on the mobile, on the endpoint everywhere on there. By the way, even securing the user on their personal home computer, not on the corporate laptop. Now I think what -- where we're seeing very fast growth -- the Quantum, I think we can grow faster and we can gain share and we will accelerate there, but that's the more mature market, and that's where most of the business. I think we're seeing a lot of growth in the Harmony and the CloudGuard market. In the CloudGuard, I think I mentioned that in the first quarter, our growth was around 50%. In Harmony, it's double digit, and the potential very strong. In CloudGuard, it's very consistent -- in both of them, it's very consistent double-digit growth. In CloudGuard, we aim to double digit, maybe even more. They are still relatively small. But again, within 2 or 3 years, I think these 2 markets together will become a significant portion of the business with these growth rates. And if a significant portion at the high-growth rate, they will accelerate the entire business growth rate. So I think we are there. We're investing -- by the way that also talks about the operating margin, again. I think our operating margin, I'm very proud of them. They are now, again, trending around 50%. So I don't think it matters if it's 47%, 49% or 53%. I think anyways, it's very high margin. We are investing very heavily in all these fields. Again, we're investing in a healthy mode, which is very, very hard these days, by the way. Since the '90s, I've been struggling on -- financial conference has always asked, what are your margin. I always say that I don't focus on managing the margin. I focus on managing the growth. We started, by the way, when we went public, '96, '97, when I said I'm not focusing on the margin, they were like 35%. Since then, they've actually expanded. But the real explanation is very simple. The software business should be profitable. When I see companies that for many, many years, are not profitable, I have a very hard time explaining it. When you look at our business model, it's a business with high leverage, with very high productivity for software developers, even higher productivity for salespeople. So to build a business that's not profitable or with struggling for margins, this means that the business is -- I wouldn't characterize very healthy. Now again, within that, I don't think that whether our margins are a little bit higher, a little bit smaller, it matters. What matters is that we invest in the future and that we deliver on the new technology. And eventually, our growth rates become higher. And I think that's the overall goal that we have.

I think that's very fair. I believe you made a couple of new hires in the go-to-market side. Are all the key changes done? And are there any additional moves that you're making?

Well, the key changes are never done because, I mean, we are in a business with constant struggle, with constant change, with constant growth, investing in new markets, investing in new opportunities. And by the way when the market grows, then you make changes because there's new opportunities and there's new areas of growth and you add people. And when the moment seems some markets or some areas are not successful, then there's obviously some replacement. But -- and by the way, even for the most successful business, sometimes after many, many years, people need to move and free the stage for newcomers and for new blood and for new energies, which is by -- for example, this is happening now in our European organization. Six months ago, we added a new leader for Europe, not because Europe wasn't successful or anything, just because after 20 years, we need some people with fresh energy. And I think it's been very, very successful. You see the level of energy that's changing in the organization. In the Asia organization, we made similar change about 2 years ago, and we are already seeing the fruits that the Asian organization that we had has been growing very nicely in the last year. And after the first few months, the first sometimes even year or 2, you're always asking yourself whether the new leader is generating the change. I'm glad to say that in Asia, now we see that the change is extremely positive and answer all of that. Again, in EMEA, we made the change about 6 months ago. And in the Americas, we made the change in April, so less than 2 months ago. And I hope it will bear fruit, too. I'm sure that we'll have more changes just because I think -- to tell you the truth, I think that our potential, we are -- the potential that we have is much, much higher. And we need to find the excellent people that can drive it forward, again, on every aspect, both on the technology side, but in the field side equally. Every subsegment that I look at, we can do more and we have more potential.

Do you find -- we had another company kind of call out just the level of activity of companies that are coming public with a number of SPACs that are out there, just making it more challenging than ever luring away key talent with the possibility of wealth creation through that move to the public markets. Are you seeing that same phenomenon?

Yes. I mean when I'm looking around, I think our market is maybe the most competitive these days on people, not just on people, by the way, on customers too. And by the way, that's not -- it's tough for us. And for us, as management team, it's very challenging. It's not terrible from the outset from the standpoint that there is growth in the marketplace. There is real growth in the marketplace. And even if the growth is going to continue, then we are all going to enjoy it. And if there's going to be some slowdown, that means that we'll have plenty of technologies and start-up available for us to acquire because the funding will stop and we'll have plenty of that available. But again, on the macro, the market is good. People are buying. That's the good news. It's actually even slightly better than the -- what we had, let's say, 20 years ago when there was the dot-com bubble. I think in cyber specifically, the growth trajectory now is not a bad one and the market is much, much bigger. It is very, very hard to recruit good people and it's very hard to retain staff -- not a lot, again, when I'm talking about changes in people -- and again, for us, in Check Point or internally in the company, it's a very big drama when a few good people, senior or junior, leave. In the overall percentages, it's now 1 or 2 points more people that leave compared to a regular year. It's very hard to do. But then it's not just simply, by the way, the financial incentive. It's the dream. And I mean we've, on the last few years, the people that left Check Point generated the 2 or 3 unicorns and 2 or 3 companies with less than 3 years after they were started got sold for hundreds of millions of dollars. And now if you're a software developer, that becomes your dream. And it's nothing -- again, it's not a financial reward. It's the fact that you want to own it, you want to be there and you want to be the star. That's even stronger than the financial reward. And sometimes that's hard on all of us. But again, I think we are -- overall, we have excellent people. I'm not trying to make it any better because when somebody good -- again, it doesn't matter if it's a 5-year developer with 5 years of experience or a Vice President with 25 years of experience. It's painful by all means because they all take a big body of knowledge. It does allow some people to grow with the organization -- and we -- and some -- and actually, the nice thing is that we do find some new stars that suddenly get the opportunity to step up.

Absolutely. When you talk about kind of the new business -- the new business goals, obviously, at your size, you have to add significantly more than, let's say, a smaller company that's in hyper growth. But what are the big challenges in winning those new logos or those new projects at this point? Is it just getting your products in those proof of concepts and awareness and get customers to realize that the pace of innovation over the last couple of years has stepped up.

So first, you're absolutely right about the challenges. It is a big challenge, and we see it all the time. We get -- sometimes people criticize as you're stronger, not strong enough, let's say, in the cloud. And then we did an audit internally and we checked with everything, and we found out that we are one of the largest cloud software companies, that we have one of the biggest installed base in cloud. And again, we are competing in Israel, for example, on the talent. And again, some people you need to show them that -- and when you look at it, again, we had more customers on the cloud side every quarter than maybe all of the average start-ups combined. And we have higher revenues than most of the leading ones combined. So I think that's -- and the cloud is the emerging part and the small part for us, not the one that we already reached the potential or reach the full installed base. And now I think for -- that's competing on talent. There's also competition on the customer. And I think with the customer, it's twofold. One is to raise their interest. And again, when you were competing on something, sometimes we compete with companies that entire -- live or die on that feature, and they will do everything to win. And for us, for the salesperson, where is this opportunity and there's a few others. It's really convincing us that we need to fight for every opportunity and convincing the customer, we will do so. Sometimes it's getting a little bit outside our boundaries. I think the salespeople need -- sometimes they tend to be a little bit more conservative. They like to deal with the people they know, and we need to challenge them to get -- to struggle on the people they don't know. They are very good in dealing with the network security guys. They are not always -- and again, it's hard to motivate them to go and meet with, let's say, the cloud guys because these people speak a different language and they don't have the relationship. And last but not least, I think we have one big advantage that every customer says that our brand -- that our brand is very well known. I think we have a good reputation. But sometimes it also takes us back. People don't know our new story about Infinity and the breadth and depth of what we do. So we need to tell people, no, it's not the Check Point that you used to know from 10 and 20 years ago. We've really -- by the way, it's a challenge for every large company to explain that. And in some cases, it also takes you back because that how you see -- we have your products. We have this list of requests. Before we deal, we are going to introduce you to a new team. Let's make sure we solve all the existing challenges and all the existing projects. And we need to convince, no, it's -- not no, yes, we are going to work very hard on everything that's current, but we also want to show you the depth and breadth of the Infinity architecture.

I was just telling that it's also the size of the market, right? Like the cloud market versus the network is still a small one. So you need to also see that market growing enough to be -- to have enough weight. So if you go above 50%, you still need to get to a big enough dollars in order for it to pull the entire number up. It will happen in the future, but it would take some time.

And just to -- and again, this is not accurate number, but just so the people here on the line understand the order of magnitude. On the network security side, it's approximately a $10 billion market with, let's say, 4 major competitors and maybe 3 to 5 more small competitors. But most of it, 80% is within the 4 big ones. And that's the competition. It's tough competition, but it's very hard to -- it's very easy to explain who you are when you are amongst these 4. On the cloud market side, the order of magnitude of the cloud security market is around $1 billion at this point. And I think the number of competitors ranges anything from, I don't know, 25 to 100. There's not 1 or 2 that stand out, and I don't think that there is one that captures a huge portion of the market. So it's much, much harder to show and it's much harder inside the company or not inside to prove it. I think it's also the struggle internally because that's the characteristic of the market, we need to invest in many, many technologies in the cloud to make sure that we are not missing out the key points. For us, it actually works well because we've committed to the Infinity platform, and we've committed that CloudGuard will secure the cloud, not some aspects of the cloud, but the entire spectrum of private, public, workload, network security, posture management, all the different elements of the cloud. So for us, it's a big investment and we have to look at many, many technological aspects. At the end, I think this will pay off very, very well because the customer will not be able to get 2 dozen security solutions to secure their cloud. And I think we are going to end up having the most complete suite and the only one that's connected to the rest of the security infrastructure to the network, to the endpoints and so on. So I think at the end, it will pay off very, very well.

So that's a good segue into the cloud. You mentioned the 50% growth in ARR last quarter. Can you help investors understand? Because I think investors are confused about -- for on-premise security network secure, I think they understand we've got firewalls. We have endpoint protection. We have identity, et cetera. I think they're clearly defined and investors have dealt with them long enough that they have a good comprehension. But when it comes to the cloud, it's so wide open. To your point, there's not a clear leader. And I don't think there's clearly defined segments of cloud security. So within your solution set, what part of the cloud security solution are you providing today? And to your point, what's that road map to that complete vision?

So I think we provide the broader scheme of technologies to secure the cloud. It starts with what we call cloud posture management. These are processes that constantly scan all your cloud assets and analyze their state of security. The biggest weakness in security in general but 10x more critical in the cloud is that things are misconfigured. And the reason I'm saying it's 10x more critical in the cloud, I'll just give a simple example. If you buy a new server, you install it on your new data center on the first night or any night, you do an upgrade and the end the server remains open. That's a security weakness. But usually nothing happens because that stands behind the 3, 4 layers of security barriers, virtual, physical to the network to everything. So nobody gets into that server and the fact that only tomorrow or next month, you'll take care of the security doesn't really impact the operation. In the cloud, it's the complete opposite. You press a button -- and by the way, on the physical data center, you don't bring hundreds of servers every day. On the cloud, you press a button, and automatically, many, many servers are being created. By many, by the way, many different people. The cloud is much less organized in the way IT departments manage it. Actually, in the data center, the IT departments operation are very well structured to introduce new assets. In the cloud, any developer is now putting a new server up there, a new virtual server. And now that server is exposed to the entire Internet. And there's automatic robots or automatic bots that scan the network and find these links and find these weaknesses. And they will get in and they will expose your server and take over your server, in some cases, within minutes. And we've seen many, many examples of that. So that's the big weakness of the cloud. So that's why you need on the cloud these processes that constantly ensure that every asset is configured according to the organization security policy, and we got that. Then you need to create the right network security control between the different cloud segments. That's another strong element that we have. And then you need to secure each one of the assets. And again, if in the physical world, the assets were relatively simple, I would say, servers in the cloud, we have much more than servers. We have servers, virtual servers, and again, there is many, many types. And by the way, each cloud provider, Microsoft Azure or AWS and a few others, have their own specific controls and characteristics. So you have the virtual servers. You have the containers that reside that are more simpler, smaller entities, a new form of micro server, I would call it, to people that are not familiar with that. And you even have an entity that's called serverless, which is the toughest one. Because in serverless, you are not configuring a serverless entity. It's something that comes up for 0.5 millisecond and disappears. And all -- now we also are on top of it, web servers, other web services. And the other beauty and the strength and the struggle in the cloud is that almost none of these entity is stand-alone. So you can say, this is secure. This is not secure. This is secure well or more well. They're all interconnected. So you can have all of them pretty much secured, but the parameters that's passing each other are those that pass the vulnerabilities. Each entity is expecting the reasonable parameters from the other one and gets the wrong one. So that's the weakness -- now we know how to secure all of them. We're, I think, leaders in server security. We're leaders in the network security on the cloud. We are leaders in the cloud posture management. I think our container security is coming up and coming up very well. We -- in the first quarter, we introduced something that I think is quite revolutionary. We call it [ UpSec ], it's the next generation of web application firewalls. And again, web application firewalls is like a $1 billion industry, which I think we can revolutionize on the cloud. Because we are not just protecting the web server, we are protecting all the interconnects with what we call contextual AI technology that captures all the different behaviors of application and determines automatically what to allow and what to prevent. So I think we have a very, very comprehensive set of technologies on the cloud at this point, and we have plenty to work on for the future.

So with a couple of minutes that we have left, you mentioned 5 to -- I'm sorry, 25 to 100 different competitors. Who do you think is the most formidable competitor that you see developing in that cloud space?

I would tell you the truth, it's very hard to say. Some of our direct competitor in the network security are pretty strong on the cloud, and they are always tough competitors. On the same time, there is a few start-ups that are already in the $20 million, $30 million, $50 million of revenue run rate. Doesn't sound huge, but on the cloud is pretty big. And let me tell you, when we were $30 million in '96 or something, it was considered something that will change the world. And it indeed, by the way, changed the world in the network security space. And then you can see 2 or 3 unicorns that exist a year or so that are worth -- I just read in the paper -- in the newspaper today, one is worth $1.7 billion, another is $1.2 billion. One of them is actually some very good people that left Check Point, and they have close to 0 revenues. But investors must know something if they value them -- I mean today, it was in the paper that one of the first investor in the start-up that exists less than a year already made $120 million in an exit, sold it to another investor, which is, again, unheard of in the market. And that company doesn't have revenues or have single-digit revenue. So who will be the leader in the future? I'm sure that Check Point will be a leader and one of the key leaders. But to tell you who's going to win that market, I mean if I trust investors, there is a lot of competitors on the -- on who's going to be the few next leaders.

Let me sneak one more in. So President Biden signed an executive order focused on cybersecurity. There's a lot of government spend expected to come with it. How is Check Point positioned to benefit from that improvement in cybersecurity focus?

So I think first, the fact that the government raises the level of awareness and state its important is always important. It's important, by the way, both to the public sector, but also to the private sector because people see that and sometimes they do follow the lead. And I think we are investing a lot in the government sector. We are pretty small in the U.S. federal. We are much stronger in the U.S. state and other agencies around the U.S. in the government sector. And I think both can benefit. We are going now for a FedRAMP certification. So products can be used on the government cloud and so on. And I think for us, it's a nice opportunity to grow. But I think, overall, the most important one is raising the awareness and telling everyone, civil agencies or federal agencies, all of them to tell them you need to invest. You need to refresh the things that you did in the past. May be good in the past, but it's now time to refresh the infrastructure. And for us, at least in the federal government, it's pretty much all upside because we can benefit from new cycle.

I think that makes a ton of sense. With that, I think we're up against it. Gil, Tal, Kip, thank you so much. It's great seeing you guys. We really appreciate you joining us.

Thanks, Sterling. Have a great day.

You, too. Thanks.

Bye.