Check Point Software Technologies Ltd. (CHKP) Earnings Call Transcript & Summary

Welcome, everyone, to the 26th Annual Technology Conference hosted by Credit Suisse. My name is Phil Winslow, the Software Analyst. We're very excited to have Check Point joining us for many years in a row. So, thank you for your continued attendance at this conference, first off. It wouldn't be the same without Kevin, but very excited to have Rupal join us this year. So, thank you for taking time to come down.

Thank you. Thanks for having us.

So, it's your first, you just have like 20-something to go and you'll catch, Kip.

Yes. Unfortunate.

That's right. Kip, you want to say some stuff.

Yes.

So, the Safe harbor.

We'll do the lovely Safe harbor. So during the presentation, there may be forward-looking statements. These are in accordance with the Securities and Exchange Commission regulations of the early 1930s or early 1900s as it would be. As with any forward-looking statements, there's risks and uncertainties. And if you'd want an elaborate list, check out our latest press release or the 20-F, filed with the SEC. And as with all forward-looking statements, we only reserve a duty to update where required by law. With that, back to you, Phil.

I guess, Rupal, I've been asking this question to everyone to start out with. Obviously, there's a lot of macroeconomic, geopolitical headwinds and crosscurrents out there. From your customer conversations, where are you seeing the most strength and resiliency in these conversations today sort of in light of all these things versus, let's say, the beginning of the year?

Yes. I think -- so I get this question a lot. And what I've seen is twofold. #1, investment in cybersecurity, if you think about the technology landscape overall, it's probably the one place where we feel the most comfortable, the most assured in organizations continuing to invest in securing their enterprise. So, first thing I hear is that continued investment. Now, we're seeing some puts and takes. We're seeing a little bit of volatility among quarters inside of a year or things here and there. But by and large, infrastructures continue to be invested in. We continue to see investment in cybersecurity, both hardware and software. And we continue to see upticks in certain growth areas of cybersecurity and it's promising.

Awesome. Well, let's drill into that a little bit. When you think about sort of how priorities have let's say, changed, what are the projects that you think have seen more sort of being at risk of being pushed versus those other projects that are saying, hey, look, I have to invest in Check Point now?

Yes. Well, I think I think the investments continue across the board in all areas of Check Point. The thing with our portfolio is just that. We've gone from being a player very firmly planted in the network security business to being a full-service provider across a whole host of areas from traditional network security to cloud security and all of the product lines inside of that to Harmony, our product line focused on remote access, connectivity, e-mail, things like that, as well as a management layer across all 3. And so as I think about businesses today, they continue to be on the path that they're on. Cloud migration continues. They're looking at their hybrid cloud and their multi-cloud strategy, which is what most companies are employing. And that means more complexity in their cybersecurity infrastructure. And so the places where we see considerable growth and opportunity, first, network security still. We see investment. We see natural refresh cycles continuing. Cloud security, a big uptick in cloud security. We see a lot of demand here and a lot of interest in partnership with those kinds of partners that are able to provide the consultancy and the service to look across the landscape of cloud security from application security to posture management, et cetera. And then, of course, the threat landscape has continuously evolved during this time. And you see the emergence of more and more threats coming through devices, whether it's BYOD in the enterprise or it's consumer IoT devices. This means much more play in demand in our Harmony product line. So, I would say we see growth across the board from a smaller base, much more growth in cloud security and in remote access.

Interesting. Now, Kip, I'd love for you to comment on this and Rupal if you could follow up. Product revenue growth has been particularly strong, growing north of 11% in the past 2 quarters. Can you walk us through the puts and takes here? Like how much is coming from like price increases? Rupal, you mentioned you have refresh cycles or early ordering, et cetera, supply chain constraints? Maybe just kind of help us unpack that.

Well, on the price increase, we haven't seen much on that. We've been very clear. Most of it's been discounted away, et cetera, et cetera. As far as the strength in the hardware, I think it's been bolstered by our offering, what we have in Maestro, what we're able to deliver to customers that nobody else quite frankly, can deliver. And I think you're just seeing continued refresh and expansion of use of our products. And the network is not dead, no matter what anybody wants to tell you.

Yes. In fact, network is the core, and it is absolutely a necessary and continued component of anyone's cybersecurity strategy. It's just table stakes. And so it's the beginning, it's not the end. And so you're going to see network security infrastructure spending and investment continue, and we're very bullish on it. It's just that it's no longer enough. Having a true cybersecurity play inside your company and really when a CISO is discussing risk with the Board, it's not a network security conversation. It's a broad conversation across all those devices where threats can happen. And that landscape is getting bigger, it's getting more complex. And so we expect demand across the board. And it's one of the reasons we've really taken these last few years to invest both organically and inorganically in shoring up that portfolio.

Yes. And then I want to double-click on that to your point, sort of the network is not going away, so to speak, but also where workloads are though, is changing, too. How do you think about sort of the, they call it, unit growth from sort of an on-prem perspective, from a hardware -- sorry, a hardware firewall, firewall hardware perspective versus, let's say, some of the cloud-based offerings, whether it be a virtual firewall, Check Point Harmony, how do you see these 2 playing each other?

Yes. I think that -- so first, when you think about network security, it's not just a data center conversation. And so network security, in general, is expanding technologies like Kip mentioned with Maestro, give you an opportunity to orchestrate inside network security that you've never had before, and it's a true differentiator for us. And so I think even inside network security, what we think of as a traditional cybersecurity play really isn't because things are changing, especially then when you think about branch office and the end. And so network security is becoming much more complex. And so continuing to invest in innovation there is important. Having said that, there is a lot of growth in cloud security. You mentioned the virtual firewall. That's just the beginning. And so cloud security continues to build out and we're addressing new and new capabilities by the quarter inside of our CloudGuard portfolio. And then that works hand-in-hand with Harmony. Harmony is our portfolio that's focused on endpoints, remote access and e-mail security. And really, the magic happens when you pull all these together because risk happens in the seams, risk happens when you don't have an overall view of your cybersecurity landscape. And so one of the things that gets us excited and as a true point of differentiation for us is this notion of the Infinity architecture and really being able to look at that landscape in its entirety and equipping CISOs with an opportunity to look at risk across the board in one place.

Actually, that dovetails right into my next question, which is on Infinity, can you walk us through how we should think about sort of win rates with Infinity? Because you said it's sort of, different sales, more holistic sale across multiple points? And are there any particular customer types, whether it be like a region or a vertical or a size where you're seeing, call it, outsized success?

Yes. Infinity has an interesting value proposition up and down the stack. So, at our largest installed bases, the magic of Infinity is it gives you an opportunity to meet CISOs where they are. Different CISOs are at different places in the way they look at their risk portfolio in the way they look at their greatest areas of risk. And so they're going to test and try new technology at their pace. And so this is complicated. Infrastructures are becoming more and more complicated. And so what Infinity provides a large company is that opportunity to test and that opportunity to ebb and flow their demand as they need inside the portfolio through one integrated portal called the Infinity portal. Now for a smaller enterprise, there's an equally exciting value proposition, but it's different. This is about an organization that may not have its own dedicated IT department. They may not have a CISO, but they know that they need to think about security across the board because of the complexity of their operation. For them, Infinity provides them with something very different. It's one-stop shop and it's the opportunity to test without risk and test without exorbitant cost of buying full solutions. They're able to test in limited fashion and in keeping with their own sort of appetite for the size of their cybersecurity infrastructure. And so there's a different value proposition up and down the stack, but they're equally important. We've seen Infinity resonate very well with large customers from manufacturing to financial services to services play, system integrators. We've seen -- we've also seen it play equally with some of our smaller partners who offer it to small and medium enterprises.

Makes sense. Now, we continue to believe that there's a sizable advantage here from a, call it, a telemetry perspective. When you think about hybrid providers, people have a unified security portfolio policy such as yourselves. Can you walk us through how you're leveraging this from both like a product standpoint but also just a go-to-market perspective?

Yes. So from a product perspective, it's built in everything, speaking to a customer today starts with Infinity. It starts with Infinity and it ends with Infinity. Now, depending on where our customer is, we want to meet them where they are in terms of their cybersecurity journey. So, we're going to offer them the right solutions for them based on where they are and what their migration plan is. But it always starts with Infinity from a product perspective. From a go-to-market perspective, this has been the real transformation of the company. We have been largely a marketing and sales workforce that has focused on network security and selling firewalls and managing installed bases and we continue to do that. And that's a really important part of the infrastructure. But it's no longer enough. And so we have got -- we are on this journey of transforming our sales force, our marketing and the way we tell our story to tell it in a much more comprehensive way so that we're not speaking to the network security team alone anymore. We're speaking to the needs and the desires of the CISO. And I say that we -- the CISO is the hero of our story. And everything that we do is centered around enabling that CISO to derisk the organization for their business and for their customers.

Yes. Now, Kip, question for you. We talked about this on the call back after Q3. It was about Harmony and e-mail. So, switching gears here a little bit. I mean, e-mail was a stand out again, Q3 and Q2, you called it out with over 50% growth in that segment, so well above sort of average versus Harmony broadly. What is the biggest driver of strength? Why e-mail, any noticeable trends that you'd highlight?

It's the biggest risk factor for any organization. e-mail touches every employee. And if you're not stopping the phishing e-mails or the targeted e-mails that are malware from reaching those employees, your organization is at risk. And time and time again, we win with Avanon because we come in and we show them what the prior solution or their current solution is missing. There's a couple of PE companies that have bought a couple of guys. I feel sorry for them. I'm not sure what they bought, a shrinking business maybe, but yes, Avanon has separated itself along with the rest of the Harmony portfolio. And I think it's just the beginning for us.

Yes. You mentioned Harmony Email, and this is such a great example of how we're really sticking to our guns here in the notion that prevention matters. Detection and risk mitigation, yes, that's table stakes. But really where we want every CISO to be and where we want them thinking is that it's prevention first. How do we keep the bad guys from getting to the door. And Harmony Email is a great example of an acquisition that we did just over a year ago and Avanon, their prevention-first approach to the e-mail solution fit in so well with our prevention first-approach to the portfolio. And so it was just -- it was wonderfully synergistic. And we're reaping the rewards of it now and we're really excited to see the growth. And we think that, that growth is just the tip of the iceberg and we think it's an opportunity to lift the entire Harmony portfolio.

Yes. Let's stick with Harmony but switch over to the access side, the SASE front. I wonder if you can talk about just the win rates that you're seeing there. And similar to my prior question, is there any sort of type of customer, whether it be a vertical size, et cetera, that you're seeing outsized strength?

Yes. I think that -- so relatively, I would say, relatively newer in the space, of course. We're learning as we go. And we've got some really great traction. I would say that the traction team seems to center in that sort of mid-market space. So, I'd like to see more traction in the big enterprise, and we focus there. I think there's an interesting SMB play as well, especially through our partners and leveraging their access out into the SMB market, but we've seen some really good success in that mid-market space. And I think our product really shines there.

Yes. And then Kip, I know we've talked about this. The SASE market is somewhat split between those that call it own and operate their own PoPs, their own networks, Zscaler and NetScaler and those that leverage hyperscalers, Palo Alto, Check Point, et cetera. Can you walk us through sort of how you view leveraging hyperscalers and sort of like call it the optimal architecture? And how do you view sort of the competitive dynamics of these 2 cohorts?

I think it's the difference in when you started your company with those types of products. I think if you looked at those other companies that are dealing with PoPs in their own physical infrastructure, I'm sure they wish they could go back and have the choices that we've been able to make, right? We have the hyperscalers. Winter, winter. Anyway, so I'm sure they wish they had that chance to start their infrastructure in that same way. And so I think it allows us to scale. It allows us to give Five9 uptime. One of the biggest critical problems that people have is they don't have that same uptime with those guys. And so when you have the hyperscalers, you do have the Five9s and we're able to deliver a higher velocity pipe. And the biggest difference is they're getting enterprise class security from us. They're getting prevention first. When you're dealing with those other guys, you're either dealing with whatever you can find or the open source technology that they've adopted to throw it through there. And so I think -- I always like to say it's the example of FireEye. FireEye had a nice lead. It was an old company. It wasn't a young company when it had success. It was at the right time at the right place. But the guys that win are the guys that have the foundation, the firewall, the rest of the infrastructure because that's what people want. They want something that works together, not just as a point solution.

Yes. Now let's switch gears Rupal to CloudGuard. You mentioned that earlier. It's obviously a favorite topic. But from our customer checks, obviously, CloudGuard is continuing to see traction. You mentioned it on the last multiple calls. Can you talk to sort of once again, sort of which areas within CloudGuard, you point is really a portfolio? They have seen the most traction lately, is CSPM versus Cloud Workload Protection, et cetera?

Yes. I think there's a couple of things I'll mention. One is CSPM. CSPM is a really natural place to start the conversation. It doesn't end there and we clearly have the bigger conversation. But I would say 2 things. One is we usually start in a position from posture management. The second is a recent acquisition we did called Spectral, is also reaping some great rewards for us. It's a technology that just -- it hits the sweet spot because it's really fund a demo. It's got a great sort of I see it, I understand it, I understand the value proposition. And so that's a great door opener as well. And so I would say CSPM and Spectral provide great starting points to have the conversation and then it becomes a much larger conversation. The thing about meeting CISOs where they are is that we start the conversation literally where they are with their infrastructure. We go in and we'll do comprehensive infrastructure evaluations through a security workshop where we actually see where they are. And then we have the conversation that's accustomed to them. We have the conversation that's right for them. A recent deal that we were involved in last quarter, we did just that. And while the client thought they wanted thing 1, what they really wanted is thing 1, 2 and 3 with a road map to 4, but they didn't really understand that until we got deep and we have the history, the technology and the talent to be able to go in and have those conversations. We employ a really large number of former CISOs who are in-house who know how to have these conversations with our clients. But usually, in CloudGuard, we start with technology like CSPM and the Spectral acquisition to get things started.

Interesting. Let's just talk about just sort of just the cloud security landscape because you've seen a lot of people try to move into this space from sort of, call it, different areas of original strength within security. Obviously, you've had -- they call it the hyperscalers, they have some cloud-native offerings, the endpoint players like a CrowdStrike have tried to move in. Obviously, the network player is expanding their offerings. The question I often get is like, when you think about these different cohorts here, who has sort of the right to win, so to speak, or the right to win the customer business and why?

Well, the nice thing is I feel like we've got the right to win. And I believe it and I've got 29.5 years to tell you so. And so I think -- look, I -- and I make no bones about it, in the cybersecurity game, history matters. Your legacy and what you've been able to protect on this planet really matters. And so I think about, look, the Internet runs our life, cybersecurity make sure the Internet runs well for us and keeps us safe. And we are cybersecurity. And so this is one place where I think we have absolute permission and our legacy really matters and works really hard for us. Now, what does the future bring? And will there be hundreds, if not thousands of small cybersecurity players that pop up with point solutions? Absolutely. And I actually think that all that innovation makes the industry itself better. I think it raises the game for all of us. And the nice thing is we've got the talent and the wherewithal and the capability to go invest in the places that matter both organically and inorganically to shape up that portfolio. So, it's where a CISO needs to be 2 years from now, 4 years from now. And we're going to continue to invest. We've been here for 29.5 years and I'm guessing that in 29 years, if we're still around, we'll be sitting here and having this conversation again.

So, it will be the next thing, next few things.

That's right.

I will not be here in 29 years. If I'm here in 29 years, that's a problem.

All right. Well, let's talk about go-to-market because obviously, we spent a lot of time focused on product and competitive landscape. So, let's talk about go-to-market. Sales and marketing this year, if you look at sort of, a mid-teens growth in just dollar spent, I mean, that's versus 1% in 2020, about -- a little north of 4% in '21. How are you thinking about continued just go-to-market investment, call it, leaning in there versus also just productivity that you're seeing?

Yes. So, I joined the company in March and I joined the company from the Board of Directors. And what we saw up until about a year ago is this great investment in technology and shoring up this portfolio that we talk about. But we turn to sort of face the other half of the organization in go-to market and saw that they were relatively unchanged, right? Because we had really focused on the technology, not the -- not messaging and marketing and things like that. We were focused on that technology. Now, with this wonderful portfolio, we've got to turn our attention to the go-to-market. And so I joined the -- I came inside the company from the Board in March of this year. And I've been on a steady path to transform the way we go to market and really focused in 4 areas. The first area is growing the size and shape of our sales force. So, we are on track absolutely to stand by my CEO's comments, Gill's comments that we would be growing our frontline sales force by 25% around the world and we did. Last few weeks of the year, people are running in the door, but we are there. We have grown our sales force net 25%. That's super exciting. Now, I have to activate them. Now, I have to get them productive. As we know in this game, in technology, adding go-to-market professionals, it takes time to get them fully ramped and productive and that's a journey. So, I'm focused now there. But tick, we've grown that sales force. Now, let's enable them. Part of how we enable them is by growing our specialist sales force. So, every time a network expert walks out the door, how do I go find the cloud security expert to take their place? How do I balance my specialists so that I'm offering that support to my frontline sales force in the areas that they need it, whether it's e-mail security, whether it's application security, whether it's XDR. So, finding those specialists is sort of the next area of focus. The third is marketing. I mentioned that we need to tell a fundamentally different story in the marketplace and we need to tell it consistently. And we need to educate our valued customers on the robustness of our offering. So, that's the third. And then the last one is channels and partners. Our traditional, our tried and true channel partners that continue to perform for us and we continue to perform for them, but that's not enough. We've got to go out there and recruit new channel partners, channel partners who understand new growth areas, they're partners that we've never worked with before. And then finally, there are new kinds of partners that we're going to work with and go to market with in a bigger way like global system integrators, like CSPs. And so that just fundamentally changes the way you look at your partners in your go-to-market. So, those are the 4 areas that I'm really focused on as we make this turn towards a portfolio company and accelerating our business growth across it.

All right. Now, I know you just said we came off of a big focus on R&D and call it pivoted sales and marketing. But when you do think of R&D? I mean, obviously, this, talking about the security is always the new attack vector. There's always the new thing to protect. What are the areas that you as a company are focused on right now when you think about your R&D spend? Where you want the leaning into, whether it be a new area or solidifying existing position?

Yes. Well, gosh, we've built quite a big portfolio of offerings. And what I mean by that is many areas from Quantum to CloudGuard to Harmony and then Horizon that cuts across. And so I think that from an R&D perspective, I'm sure that Dorit, our Chief Product Officer, and I agree that fortifying that portfolio is job one. There is -- and that's a big landscape, right? When you think cloud security. So, fortifying the portfolio that we have is job one. And I think we'll continue to do that in 2 ways. One is continued focus on investment in organic growth. So, how do we build innovative products inside the shop. And then I think we will surgically continue to look at M&A. We'll look at acquisitions that carefully fill a hole and we'll do that surgically as we have. So, both are open to us, but I would say, absolutely, it's about solidifying the portfolio that we have.

All right. Last question in the last few minutes we have here. Let's say, we're sitting back up on the stage in 2 years.

Not 29.

Not 29.5, but 2 years, 2 years from now, what do you think you'll look back on or we'll look back on and say, hey, sort of this technology, this trend was call it more impactful to Check Point's customers than maybe people were giving it credit for back in 2022?

Yes, yes. I definitely have my answer. Kip, do you have an answer?

I think it's Infinity and our prevention and protection. I think how important prevention and protection is over just detection and remediation. And that's always been our hallmark since the beginning. And I think that's what people are going to start to realize that just playing whack-a-mole with these other vendors is just it's not palatable and it's not a way forward. And what we've done with Infinity and delivering the level of protection and prevention is going to be the mainstay going forward. And I think it's something you're going to see other people strive to try and attain and most will fail.

Yes. And I would even -- I would hit that even harder and say, absolutely, 2 years from now, I'd be -- I predict that I would be sitting here with you and saying, here are the 12 things that are -- here are the 12 attacks that our prevention-first approach has stopped for our client base that we're really proud of. And that typical cybersecurity point solutions would not have found and did not find. I hope those haven't caused a lot of turmoil in the world, but really, it's about solidifying that prevention-first approach.

Awesome. All right. Well, thank you for coming down again. I appreciate the time as always. And so look forward -- have great rest of the conference.

Thank you.

Awesome.

Thanks for having us.

Thanks, Philip.