Check Point Software Technologies Ltd. (CHKP) Earnings Call Transcript & Summary

Okay. Well, hey, good morning, everyone, and welcome to Day 2 of the Barclays TMT Conference. My name is Saket Kalia, I cover software here at Barclays. Very honored to have the team from Check Point here with us this morning. We've got Gil Shwed, Chief Executive Officer; as well as Tal Payne, Chief Financial Officer, as well as COO; and as well as Kip Meintzer, Head of Global Investor Relations. We've got about 25 to 30 minutes together. So maybe what we'll do is I'll lead some fireside chat for about 15 or 20 minutes, and then we'd love to make this interactive. [Operator Instructions] So maybe with all of that as a preamble, 2 things first. First and foremost, Gil, Tal, Kip, thank you so much for being with us here this morning. Maybe secondly, Kip, I'm going to shoot it over to you just to kind of get us started from a regulatory perspective.

Thank you, Saket. During the course of this presentation, Check Point representatives may make forward-looking statements, these forward-looking statements within the meaning of the Securities and Exchange Acts of the early 1900s. Because these statements pertain to future events, they are subject to risks and uncertainties. Actual results could differ materially from Check Point's current expectations and beliefs. Factors that could cause or contribute to such differences are contained in Check Point's latest earnings release or its 20-F filed both of them with the SEC. And with that, I'll throw it back to you, Saket, and have a great day.

Excellent. Thank you, Kip. Gil, thanks so much for being with us again here this morning. Really appreciate it.

Gil, you have talked about different generations of attack types. And most recently, you said we're seeing what I think you referred to as fifth generation attacks. Can you just talk about what makes these attacks different? And I know you spend a lot of time with customers. What are you hearing from customers about how they intend to protect themselves against these types of attacks.

Wonderful. Thank you very much. And again, love to be here. Yes, we are today in what we call the fifth generation of cyber attack. We formed this terminology about 3 years ago. Three years ago, fifth-generation cyber attack existed. They were fairly rare. Today, it's the norm. And we see this year or almost every week a new Gen V attack, attacking critical infrastructure around the world. Now to your question, what are Gen V cyber attacks and how they are different. So Gen V cyber attacks are typically what we call polymorphic, which means you can't identify them through a simple pattern or through something, they look every time differently. So let's think about an attack when you get an infected file and when you open this file, it attacks your computer. Gen III attacks like that would be -- the file would be almost the same or will be some kind of signature when you can identify the file. In Gen V, it will always kind of rebuild itself and each file will look completely differently. So with no way to identify it through some kind of a pattern. Second -- but that's not all, that's just the beginning. The second thing is that the Gen V attacks are what we call multi-vector. Again, if in the previous file, you open the file, it would take over your computer and that's it, bingo, you've been attacked. Gen V attack, you can download the mobile app, the mobile app might look pretty straightforward. That attack will send something to another computer, that computer will send something else to some place on a server or in the cloud. And only in the third or fourth or fifth stage of the attack, what we call the malicious payload, will be downloaded and will start the attack. So these attacks can span. They can -- it's very hard to identify them, and they are very sneaky. You can't even know what they are. I mean If you look at a mobile app that download some content from the Web, it won't look anything suspicious. And even if you analyze that payload, it won't be that suspicious. Only a few stages later, it will cause the damage. On top of it, these attacks tend to be -- some of them are large scale. Some of them exploit very sophisticated what we call zero-day bags in applications. So it's things that are unknown. And all these things make these attacks very, very hard to stop and very hard to identify.

Got it, got it. Very helpful foundation there, Gil. Tal, maybe just to level set us. So we talked a little bit about the threat environment. Maybe just to level set us a little bit on the business, can you just recap some of the financial metrics from the last quarter that you were particularly proud of. Again, so just we're all on the same page.

So if you remember, the focus for us is new business, new versus renews, so the new business. Most of the new business you can see in the subscription line. So you can also see the financial metrics very clearly. You can see that the subscription revenues are increasing 9%, 10%, 11%, 12%, 13%. So that's very nice to see. The main drivers beneath that growth is cloud, which was strong; Harmony, which was strong. New customers was strong last quarter as well. So that's like the business that we're looking at. And if you look at Infinity, which is the full package, selling customers the entire product portfolio of Check Point, Cloud Harmony or Cloud Harmony and Quantum, any combination of 2 pillars and above, that was a huge increase in deals that we signed in Infinity. I think we talked about more than 300% growth. So triple-digit growth, which was very nice to see. So double digit in Harmony and Cloud and triple digit in Infinity. So all of it is a reflection of the new business that -- which is exactly what we're looking for. So we need that to continue and to be strong, and that will drive the growth that we're looking for through the subscription line all the way to the total.

Got it, got it. That's really helpful and I definitely want to come back to a couple of those products in a second. But Gil, maybe just to build on that a little bit with you. Infinity Total Protect, or ITP for short, has been, I think, a really unique way of delivering value to your customers. Can you just remind us what products customers have access to with ITP? And one of the things I think is really interesting is just sort of seeing, obviously, customers have access to everything. I'm really interested in what customers you find are using the most, right, once they have all that access. Any perspective that you can offer there?

An excellent point. So first what they do when people buy the Infinity Total Protection, they get access to the entire portfolio. They get unlimited use for the entire thing -- for everything for end users, for Harmony. So they can use -- every user can have it I mean they can use it on all their iPhone, laptop, desktop and so on and can use all the different functionalities. They get almost unlimited software use for everything with software. They do get access to the hardware portfolio and that's kind of unique. You buy something with a subscription, that's kind of onetime, but you can get hardware for it. The hardware is capped by actually a pretty big number, but it's still capped because we don't want people to get unlimited amount of hardware. And they get access to all the cloud functions. And again, that depends on the situation. It's also limited because it also has some costs associated with it. But overall, when a company buys Infinity Total Protection, we've budget it in such a way that the company can be fully protected. And they want me to send anything else and get the entire enterprise protected with the highest level of Gen V prevention for attacks on, again, on users, on the network, on the cloud, on everything.

Got it. Users, network and cloud, that's a helpful way of thinking about kind of what the what end game is here in terms of the portfolio. Tal, I want to build on that a little bit, maybe just from a pricing perspective. And we've talked about this a little bit in the past as well. But I was wondering if you could just walk us through an example of an ITP contract? And hit on something interesting just around sort of the product and how it's unique. Particularly, if you could just talk about how the amount that is carved out for product could be different with an ITP contract compared to what we've all gotten to know and love, right, with firewall -- traditional firewall plus Blade packages. How does the pricing sort of different between different -- how is the pricing different between the 2?

So think about it -- I'll give an example, it will be easier. But think about it that you're a user and you're a company of 10 people or 100 people and you pay, let's say, $300 per user. So you will pay us $30,000 a year. And in this $30,000 a year, you'll be able to use all of Harmony, which is the user subscription, like Gil said, anything that you need to protect the end user, protecting his laptop, with desktop, his mobile and so on. So that's there, everything the subscription in the cloud as well. So you cover everything. And then you get a bucket or think about it as a credit to purchase appliances as well. So when you go to the revenue recognition or to the accounting, what you need to do is you split this $300 value between all the components they included. Subscription components have been recognized in the subscription ratably over the period. Support is recognized ratably over the period. And the product is sitting there as the credit and waiting until the customer pulls it. The minute the customer uses that credit and takes their clients, for example, and we ship it, definitely recognize the revenues. And then you see it in the product line. Naturally, though, because then the question comes, so why does it change between the lines? The answer is that because there's so many we offer, majority of the dollars are being drawn into the subscription line and less is being allocated value-wise into the product line and the support line. And that's why not only you wait for the revenues for the product, it's also lower amount versus if you would have just purchased it stand-alone because you take an entire $300 and distribute it between all the components.

Got it, got it. So I mean just maybe just to kind of put a bow on that topic. It feels like then there is -- as ITP gains more traction, there's arguably more deferred product sitting in deferred, right, as customers sort of subscribe to it a little bit more.

Absolutely. That's partly why you see the deferred growing and when you calculate the implied booking of every quarter, you see quite strong implied booking.

Right, right. Got it. Very helpful. Gil, maybe just to shift gears slightly, too. I just want to talk about the traditional firewall part of the business. Let's just put sort of pricing aside. Obviously, the main offering here is Quantum. Again, I mean, you've been in the industry for literally decades now. I guess how do you think about the growth in the traditional network security market? And how much of this -- I mean, the topic of refresh is always a hot topic each year. How much do you think the market growth in -- around this time is sort of being driven by refreshing existing appliances versus adding more use cases for firewall. Does that make sense?

It's an excellent -- absolutely, that's an excellent point. And I think for years, people were predicting that the firewall business is going to go away, and I think what we're seeing is the opposite. What we are seeing is actually in the last year we're seeing strength in the network security business, I think, by the way, rightfully so. When we actually analyze the attacks and so on, what we see is that firewalls are the best line of defense. At the end, they notice they stop the attacks. Even though people are speaking about other architectures, they are still very, very important and the most effective in containing and blocking sophisticated attacks. So that's one. From what I see, I don't have accurate industry statistics. I assume that the growth rate for the network security right now is about 10% to 20%. We've seen some of our competitors growing on that even faster, like 30%, which is, I mean, it should be ours and I think we'll fight for that, but it shows that the market is healthy. And I think if there's any strategic thing I would do differently is actually invest more in the network security business because I think there's plenty of potential. Now about what are people doing? So part of it is refresh. Part of it is adding capacity. And even the corona, even though it put some freeze into people going into data center and making changes, at the end, it did create more network traffic. Things that we -- before we did at the office and we never used any bandwidth, now we are contacting in our trading floor or our development application from home, that creates a lot more network traffic. So that needs increased capacity. Places that were never open to the Internet, like our trading floor or manufacturing floors, are now open. And branch offices are also moving to the Internet architecture from more traditional networks. So I think overall, network security remains very, very important, and I hope that it will continue to grow.

Absolutely, absolutely. Tal, maybe just to go back to the prior point. I mean, as we kind of established, right, like with ITP, you will -- you can end up having a little bit more product sort of sitting in the deferred. Ultimately, though, a customer will use that credit, right, to enhance or to build on their Quantum footprint. I have to imagine as a CFO, I mean, it's -- how do you sort of forecast that, right, that deferred sort of -- that deferred product kind of coming out. How do you think about that sort of as customers kind of come use that deferred and how it comes out of -- how it goes into the product line. Sorry, a lot there. Does that make sense?

Yes, yes. But it's not like if it would have been hundreds of millions, it would have been tough to consider, right? But it's almost like how do you focus how much products will you sell a quarter. You have a forecast, you have the expectation of the field. They have the opportunity. So like you have the expectations of the field of how much they will close in terms of product and how much I will deliver, I know how much backlog of product I have with Infinity customers and we expect them to tell us how much they think the customer is going to implement in the coming quarter.

Okay. So that's actually...

We are trying to do more and more deployment plan with the customers. And I think the more we -- I mean, with Infinity, it's 2 things. It's, one, getting the customer to have the access to the portfolio and the whole architecture. The second element of Infinity, which we're working very hard is working with them on the implementation because at the end that's what counts, how they use the technology and are they activating and using all the Gen V prevention function. And I think we're getting better and better with that to develop with the customer deployment plans. And that also says when they will consume each technology, which, again, sooner rather than later from our standpoint because that's how you get better security.

Yes. Absolutely, absolutely. So got it. I mean we've dug a bunch into firewall and to the appliance business. I'd love to talk about the cloud part of the business and maybe start with CloudGuard. It's been a great addition to the portfolio. Gil, maybe the question for you is how do you think about security in the cloud market? And why you think CloudGuard is positioned well?

I think, first, talking about cloud security, it sounds like a simple -- that's the product, that's the technology. It's the opposite because the cloud actually embodies today pretty much everything that we used to have on our traditional network plus much, much more. I mean the cloud has in it today new forms of computing, whether it's SaaS application or server-less functions or things that we've never seen before with our innovation. On top of it, we have servers. We have applications. We have all the things that used to be in the traditional networks except for one thing that the cloud is actually imposes, in some cases much higher risk than a traditional network. And I'll give you a simple example. If you leave the key to your server on your desk, nothing really happens. If you leave the key to your server on your virtual desk on the cloud, it will be penetrated within a few minutes. So you need to take much different measures of security to prevent that. So not only that cloud applications, and that's the changes that the world is going, are built in a much more distributed way. And traditional application used to be very monolithic. One big application built on one big server may be connected at the back-end server to the storage system or to the storage server. The cloud application, you may -- you'll have typically 15 elements connecting with one another and some of them are not in your control. Some of them are in another cloud or controlled by a different entity. All of these create huge vulnerability, huge security holes. That's actually the security challenges that we see every day. A lot of them are in these links. You rely on some party. And when this party infects you or you infect them without even knowing and noticing. So now in terms of our CloudGuard family, it's one of the broadest cloud families in the marketplace. We know how to do what's called cloud posture management, verifying that your cloud is configured right. That every -- that whenever something is open that shouldn't open, it's being closed. We know how to secure workloads from servers, containers, networks, all the way one area that we specialize and that we are very, very good, fairly unique to us is the server-less function, which is very important. And we keep developing more and more functionalities in order to secure the cloud. And I think it will unlikely to end any time soon. There's so much innovation that can be done to secure cloud workloads. So I think -- and I think cloud customers that deploy CloudGuard will get maybe the best platform or the broadest platform to secure the different workloads that we have.

Got it, got it. Gil, maybe if I could just follow up with you. I mean, we've talked about again, going back to that framework, securing the network, securing the user security in the cloud, right. So right, so many parts of the platform strategy here. One question that I'd love to explore with you is why do you think now is the time that customers are ready to buy a suite, right, or a platform, right, versus maybe, I don't want to call it best of breed, but sort of specialized vendors, right? I mean, I think you've seen this again being so many years in the industry sort of this idea of just vendor sprawl, right? It feels like Check Point is talking about much more of a platform, right, than it has in the past. How do you think about that? Where are customers in that journey of picking one strategy versus the other?

First, customers are not fully there yet. And I think we have -- we are seeing huge growth, but there is a lot of room to grow. But the main reason I'm looking at it, I'm a technologist in my heart. And when I'm looking to that is what's the most effective to secure customer environment. And today, customers are not secure. And they are not secure because they are buying piles of technologies in large companies it can go. I mean when I speak to banks like yours, speaking about 300 security technologies, that's quite too much for anyone who can manage and consume. Their time is not spent on defending the enterprise. Their time is spending on buying, configuring, upgrading and so on. And even worse, it's not just the effort that it requires, the head count, the cost and so on. It's the fact that these solutions don't work together. You may fire -- you may know how to block with certain malicious file on one vector, let's say, you get it by e-mail. So let's say that you have a really good e-mail security system like ours and it will block the file. If now I will send you the same file through Gmail and you'll download it over the Web instead of getting it through e-mail, you're still exposed. Only the Check Point system with our ThreatCloud in the middle of all these things, only a strategy that works together will know to block every threat on all the relevant vectors. So actually, in our case, all these solutions work together. So that's the reason why people should deploy grow their platform and get for consolidation. It's the high level of security and it's the fact that they can spend their time and energy on preventing the attacks and not on deploying solution. And again, on top of it, there is a huge economical element not just in the cost of purchasing, but also the cost of purchasing, by the way, very far. I think it can be a saving of 50% to 70%, but also in the cost of managing it. And I think we can then -- and we do demonstrate it every time when customers deploy. So I think that's the right thing to do.

Absolutely. Makes a lot of sense. We've got about 8 to 10 minutes left. I've started to get some e-mail questions from investors, so maybe we'll dip into that. And then any time that we've got left, I definitely want to hit on just the supply chain issue with you, Tal, or just a question around it just in the industry. So a question here from the audience for you, Gil. How do you think about investing in the go-to-market? You talked about competitors that are growing faster. What can Check Point do to capture more of that growth? And as maybe part of that, and I realized this is -- these are 2 different topics, but maybe in the same vein, what can Check Point do to -- when thinking about capital allocation and how that could be different going forward, if at all, to drive value?

I think that's a very good point and that's a very valid point. I think our technology and the level of security that we provide is far higher than any other vendor. I think we are seeing it with customers. We are seeing it with industry research. We're seeing it with benchmarks. We provide, by far, the best security. Our sales and marketing engine may not be the best in that, and I think we need to invest far more in sales and marketing. There's many, many things we can do almost on every front because the opportunity is huge. But I think the main -- but my part of our job is to make it simple and focused. Part of it is simply adding capacity. We should and we can add capacity at the field level, hire more salespeople almost in every territory. In America, there is clearly a huge opportunity right now, by the way, if you're looking at our results. Our Asian operation is performing quite well. Europe had a huge positive change this year, and this year is showing the best results. And with the U.S., we are just at the beginning. We had the new leadership in the middle of the year in the Americas sales organization and right now we are building some parts of the management team. And I think my focus will be to build capacity. It's not easy these days because there's a huge demand for good people all over our markets. But I think that's what we need to do. We need to invest in that, and we'll see the results.

Got it, got it. Very helpful. And thank you for the question from the audience. Tal, maybe we can -- let's just put a bow on this topic around sort of go-to-market. Can you just remind us qualitatively, right, how Check Point has incentivized partners and salespeople to sell ITP? Again, a really unique offering. How do you incentivize the go-to-market organization to sell ITP? And maybe how that can sort of gets tweaked or changed in the future, if at all?

Yes. I would like to talk less about the conversation plan because this is more a competitive edge. So I wouldn't really discuss it too much. But I would say like any other vendor, when you want to sell more of new business then -- and specifically maybe a new product or specifically a specific package, then you give maybe bonuses [indiscernible] for higher multiples per dollar of booking or annual booking and so on. So whenever we want to create more focus on certain areas, we put more resources around it, be it the commission plan or the [ stiff ] plan and so on.

But one thing that's good in Infinity deals is it sometimes require a lot of effort, it sometime requires a lot of work, but it's also good for both customers and us because it takes customers that -- maybe even small customers and turn them into strategic customers. Think about if you have a customer that in the past purchased a few gateways for $50,000 and that would be a midsized customer that the sales -- and it's a very good customer, don't get me wrong, but not a strategic customer. If they now sign a 3- or 5-year deal for the entire portfolio, they can be turned into a $1 million customer. And then it's become quite significant for everyone: for the customer, for us. We can invest in them and they know that we'll get the best security because we consolidate many, many solutions.

Yes, absolutely, absolutely. And Tal, to your point, just around driving adoption of new products. I mean, right, with sort of dial that you can turn on incentive plans, I think you talked about 300% growth, I think, in emerging products, CloudGuard, Harmony and -- so clearly something that's working.

Triple digit. Triple digit. I corrected myself.

Triple digit. Got it, got it. Triple digit, understood. Tal, maybe just to stay with you, I want to pivot a little bit. Obviously, the -- it feels like the most popular terms of use for any of my stock is supply chain disruption this year, right, and particularly the network security names. And I think the last quarter Check Point actually didn't see much in the way of supply chain disruption, at least from an outsider perspective. Can you just talk a little bit about the resiliency of Check Point's supply chain and how, if at all, you've contemplated this in the Q4 guide?

So first, I would say I'm still proud to say that you still won't see anything from the outside. But from the inside, there's a lot of work that is being done in order to deal with the issues because, like everybody, we see also some raw materials and more and more items are missing. But we deal with it daily and resolving it, buying it from the vendors, buying it in advance, buying it in the open market. So we -- it is like any other industry that we see around in other companies, we see some challenges there, but we're dealing with it daily. So far, we're dealing with it. But I will say, cautioning a general comment that the market is changing very fast and items that didn't miss yesterday suddenly today are missing. So we're resolving that as we're going along. So far, we're dealing with it well. And I hope it will be resolved soon the shortages in the market in general because it's not a nice environment to find raw material in general. But we're working very hard in order to keep it that way.

Got it. Very helpful. The last couple of minutes that we've had here because I want to be very respectful of your time. But again, Gil, just so many decades in security now. And like you always say on the conference call, nobody has a crystal ball. But I'm curious, I mean, as you spend so much time with customers, just open-ended question, how do you feel about the health of security spending going into 2022?

I mean, first, there's a lot of uncertainties. And as we know, what we definitely -- I mean, I'm saying it for the last 25 years, but predicting the future is very, very risky. I think what we learned in the last 2 years that the level of uncertainty and the level of surprises that we get every day is -- can be much bigger than we thought. However, having said all of that, customers are really, really concerned about security. The security challenges are not going away. I think I can, I mean, fairly certainly predict that the challenges and the risks that we see in cyber are going to get higher. And our dependency on cyber has become much, much higher. Remember, 2 years ago, half of our life maybe were on the Internet and half of them were in the physical world. Today, it's 90-10. And even post corona, I think there is going to be a lot more things that we are going to consume on the Internet than we did before. I mean we got now -- my generation of kids don't understand why they should go to the shop. The shops are open. But for them, they've learned that the easy way to shop is online for -- so I think all of that will make our dependency on the Internet and the risks of cyber security much more important and our job to protect that is going to be quite interesting, quite important and very challenging.

Got it. Well, as always, a lot more questions than the time that we've got left. But again, I want to be respectful of your time. Gil, Tal, Kip, thank you so much for taking the time with us today. Really enjoyed the session. Great way to kick off Day 2 at the Barclays TMT Conference. So thank you very much again for the time.

Thank you very much.

Thanks, Saket. Have a nice day.

All right, folks.

All right. You, too.