Guardicore Ltd. (AKAM) Earnings Call Transcript & Summary

Good day, and thank you for standing by. Welcome to the Akamai Technologies Investor Call. [Operator Instructions] Please be advised that today's conference may be recorded. [Operator Instructions] I'd now like to hand the conference over to Tom Barth, Head of Investor Relations.

Good morning, and thank you for joining us to discuss Akamai's execution of a definitive agreement to acquire Guardicore Limited. Participating on the call today will be Dr. Tom Leighton, Akamai's Chief Executive Officer; and Ed McGowan, Akamai's Chief Financial Officer. A press release with information on today's announcement can be found under the Press Releases portion of the Investor Relations section of akamai.com. The agenda for today's call is straightforward. We will begin with prepared remarks regarding Guardicore, its technology, the opportunity and potential synergies in front of us, and additional color on expected longer-term financial impact. And then we'll open up the call for a question-and-answer session. Given that we are still within the fiscal third quarter, and the acquisition is not yet closed, we do not intend to discuss any Q3 financial results or near-term financial impact of Guardicore today. We do expect to provide the customary quarterly color as well as any potential Guardicore impact to our Q4 outlook on our next quarterly earnings call scheduled for November 2. A replay of this call will be available via webcast on the Akamai Investor Relations website. But before we get started, please note that certain comments made today may be characterized as forward-looking statements including comments about the expected financial impact of the acquisition. Actual results may differ materially from those indicated by these forward-looking statements due to various important factors. These include, but are not limited to, such things as substantial delay in the expected closing of the proposed transaction, inability to satisfy all conditions necessary to complete the acquisition, any failure to realize the expected benefits of the acquisition and difficulty integrating Guardicore into Akamai, and other factors that are discussed in our annual report on Form 10-K, our quarterly reports on Form 10-Q and other documents periodically filed with the SEC. Any forward-looking statements discussed in this call represent the company's view on today's date. Akamai disclaims any obligation to update these statements to reflect future events or circumstances. During the call, we will be referring to some non-GAAP financial measures that we believe are helpful to understand our financial expectations with respect to the proposed acquisition. These non-GAAP measures are not prepared in accordance with generally accepted accounting principles. A detailed reconciliation of GAAP and non-GAAP metrics can be found under the News and Events portion of the Investor Relations section of our website. Now I'd like to turn the call over to Tom.

Thank you all for joining us. Today is an exciting day for Akamai. This morning, we announced that we've signed a definitive agreement to acquire Guardicore, a privately held company that offers security services to protect enterprises from ransomware and malware. Enterprises today are confronting a rapidly evolving threat landscape with sophisticated attackers who are trying to steal their data, disrupt their operations and extort them for large sums of money. The recent growth of ransomware and other malware-based attacks has been explosive. One firm estimates that the number of devices infected with ransomware grew 35 fold last year. This has caused significant damage for companies, governments and end users all over the world. Recently, we've seen such attacks impact critical infrastructure at a major energy pipeline and at the world's largest meat packer. One target Colonial Pipeline said, it paid $5 million to attackers to make the problem go away. IBS reportedly paid $11 million. Globally, the costs associated with ransomware are expected to reach $20 billion this year. These growing impacts illustrate why stronger enterprise defenses are urgently needed. One weakness is that traditional firewalls are no longer sufficient to prevent malware from entering and spreading undetected within a corporate network. There are just too many ways for malware to sneak inside an enterprise today. It can be imported as a result of compromised supply chains, phishing schemes, infected third-party content, stolen credentials or employees connecting infected devices to corporate networks and applications. And the problem has gotten even worse with so many employees working remotely. Once a malware gets inside the enterprise, it's critical to stop it from spreading. For that, you need micro-segmentation, also known as Zero Trust segmentation. Guardicore's best-in-class micro-segmentation solution works by limiting access to only those applications that are authorized to communicate with each other. By denying communication as the default, the threat surface and risk exposure are drastically reduced. This limits the spread of malware and protects the flow of enterprise data across the network. And this protection extends beyond the data center to the cloud including bare metal, virtual machines and containers. We believe that Guardicore solution is the perfect addition to Akamai's Zero Trust portfolio, enabling Akamai to offer customers a comprehensive solution to stop the spread of ransomware and malware. Akamai's existing solutions help prevent attackers from gaining access to enterprise infrastructure and applications. But to be secure in today's world, you also need a second layer of defense to block the spread of malware when it gains a foothold in the enterprise, and that's where Guardicore comes in. Their solution helps detect that a breach has occurred through unparalleled visibility into the core of the enterprise and immediately limits the damage that it can cause. In addition, and importantly, Guardicore solution is relatively simple to implement. It features easy-to-use policy-based controls and interfaces well with the legacy application environments present in most enterprises today. Guardicore protects hundreds of enterprises today, including global financial institutions, top retail brands, leading tech companies, carriers, manufacturers, utilities, law firms and other major companies that can't afford to take risk with their operations or data. Guardicore is based in Tel Aviv, close to our existing office that is home to about 200 Akamai engineers, most of whom work in our security products. We believe Guardicore's highly talented team and strong culture will be an excellent fit for Akamai, and we're very excited about what the combination will mean for our customers and our growth strategy as we fulfill our mission to power and protect life online. As we previously reported, our security business generated $325 million of revenue in Q2, growing 25% over Q2 in the prior year. Akamai already leads the security market in DDoS prevention, web app firewalls and bot management. In fact, Gartner has recognized Akamai as a leader in web application and API protection for 5 years in a row. And Forrester named Akamai as a leader for web app firewalls, bot management and Zero Trust for enterprise security. We're confident in our ability to build upon this very successful track record as we combine with Guardicore to stop ransomware and other threats. Given the rapidly increasing demand for micro-segmentation solutions as a result of ransomware attacks and regulatory requirements, we believe that this acquisition will help drive substantial continued growth for Akamai security services going forward. In fact, with the addition of Guardicore, we expect that the revenue generated by our Access Control security solutions to more than double from over $100 million this year to well over $200 million in 2023. Together, Akamai and Guardicore have a great base of products, customers and channel partners as well as a great team of security experts. And together, we have an exciting opportunity to do even more to make life better for billions of people, billions of times per day. I'll now turn the call over to Ed, who will cover the financial aspects of the acquisition. Ed?

Thank you, Tom. As Tom mentioned, today, we announced the acquisition of Guardicore, a company that offers security services to protect enterprises from ransomware and malware. We're very excited to add Guardicore to our impressive and growing list of Zero Trust Access Control capabilities. Under the terms of the agreement, Akamai will acquire all of the outstanding stock of Guardicore in exchange for approximately $600 million of cash. The transaction, which is subject to customary closing conditions, is expected to close in the fourth quarter. Therefore, the acquisition will not have any impact on our Q3 results. We plan to update our annual guidance as well as provide Q4 guidance, both of which will include the impact of the acquisition when we report Q3 results in early November. Looking ahead to 2022, we expect the acquisition will add roughly $30 million to $35 million to our security revenue in 2022, and will lower Akamai's non-GAAP operating margin. We currently expect our 2022 non-GAAP operating margin to be in the range of 29% to 30% as we work through the integration of Guardicore. We do, however, expect to get back to at least 30% non-GAAP operating margin for 2023. We will provide more detailed revenue and EPS guidance for 2022, which will include the impact of Guardicore on our fourth quarter earnings conference call, which will be held in early February 2022. Acquisitions remain a key component of our innovation and growth strategy. We believe we have demonstrated a disciplined approach for evaluating and prioritizing opportunities with a specific focus on creating shareholder value. As Tom mentioned, Guardicore is a great addition to our security business. Along with its best-in-class technology, Guardicore also brings an experienced leadership team and a very talented team of security experts. Importantly, the acquisition expands our existing employee footprint in Israel, which is already a key technology hub for our security business. Upon the close of the acquisition, Guardicore's roughly 300 employees will be integrated into our security technology group. While we expect Guardicore to be dilutive to earnings in the near term as we integrate the companies, we are confident that we can grow and scale the business to drive significant revenue and profit growth over the longer term. With that, I'd like to ask the operator to open up the call for Q&A. Operator?

[Operator Instructions] Our first question comes from Keith Weiss with Morgan Stanley.

It's Matt Wilson on for Keith Weiss. Can you talk about the competitive landscape? Who's Guardicore competing against? And how does that kind of fit into the to -- sorry, to this market?

Yes. Good question. I would say Guardicore's primary competitor is Illumio. Illumio is a private company that offers micro-segmentation services. Hard to know exactly their revenue. They might be a little bit larger in revenue than Guardicore. And both the companies are competing against sort of the old way of doing things, which is putting a device and segmenting the network using hardware. And those would be companies that offer firewalls, for example, Palo Alto, Fortinet, Check Point. But in terms of the much more effective way of doing micro-segmentation, the Zero Trust of the future, I'd say it's Guardicore and Illumio are the only players really out there today. There's a lot of start-ups pre-revenue companies, some of them are bought recently by larger companies. But I would say most of the competition will be with Illumio and of course, really most of it is greenfield.

Awesome. And maybe a second question, just in terms of the talent you acquired, 300 employees. Could you give a breakdown on how many are focused on R&D, and then how many are salespeople?

Yes. Sure, Matt. This is Ed. So if you think about the 300 people, there's roughly called about 130 or so that are in the R&D area. It's north of 100. They also have some resident engineers, technical folks that can work on site as well. So the majority of the company is broken up between sales and R&D.

Our next question comes from Sterling Auty with JPMorgan.

So 2 technical questions. One, can you talk about architecture of Guardicore in terms of how are they delivering the solution today? So are they in -- do they have kind of a small network of PoPs that you're going to be able to expand out across the Akamai network? Or what is the deployment model?

Sure. We'll start with that one. The architecture is pretty unique, and it gives them strong competitive advantages. They place an agent on pretty much every app within the enterprise, within the data center or in the cloud, wherever it exists. And then that application talks to a controller asynchronously. Now the controller can be on the premises of the enterprise, so totally disconnected from any central platform or it can be in the cloud, and connected. And so you could -- the enterprise can do it either way that they want to set it up. And the agents restrict the communications so that apps -- 1 app could only talk to other apps that it's supposed to be talking to. And it monitors it and gives visibility to the manager of the core network and security. Now one of the big advantages of Guardicore's approach over Illumio and others is that not only is it easier to implement. Micro-segmentation has a reputation for being very hard and expensive to do. That's not the case with Illumio -- sorry, not the case with Guardicore. But it also gives great visibility. And so a lot of their customers go out of their way to say how helpful it is they can finally see and understand what's going on in their network. And of course, if there is a breach, it immediately is reported. And because by default, the communication is blocked where it's not supposed to go, you stop the spread automatically of the malware. And so the platform stands alone or can be integrated into the cloud and ultimately, of course, to the Akamai platform.

And the follow-up question, you kind of touched upon it there at the end. When you talk about being able to spot the malware once it's in, it sounds a lot like endpoint detection and response or EDR, companies like CrowdStrike. So how would you say that this solution either complements or competes against some of those endpoint technologies?

It's complementary. So we won't be competing with CrowdStrike, which has software, monitors what's on the device. We're in the process of monitoring the communications. And so that you don't let 1 app talk to another app, if it's not supposed to be. And of course, most apps shouldn't be talking to most other apps. And so you block that. And that has advantages because often the exploit and in malware that's being passed hasn't been diagnosed before. And may not be caught at all by your endpoint protection. And the whole key is to stop it from spreading. And that's exactly what Guardicore does. So if you want to stop ransomware, you need Guardicore.

Our next question comes from James Fish with Piper Sandler.

Actually, I just want to work off of Sterling's there. First, when will the cloud management be put on top of the Akamai network, if ever? And second, could you use this agent-based real estate to really expand into really other security markets and use cases organically? Obviously, we talked about firewalls being replaced here with this technology, but could you even go down the identity access routes, given the ability to tie a policy to the identity of the end user?

Yes. Great question. To run Guardicore today, you don't need to be on the Akamai platform. That said, in the future, there could be very strong advantages to doing that. And in particular, the first place you'll see the integration is with our EAA solution, which will operate off the Akamai platform. And let me say a few words about that. Micro-segmentation is often referred to as blocking what's called East-West communications. Communications from 1 app to another. Now the next thing you need adjacent to that is what's called North-South communication. And that's communication between an employee device and an enterprise application. And of course, that's a solution that Akamai offers today with Enterprise Application Access. The goal of North-South is to keep an infected employees device from sending that infection or malware from the employee device into the enterprise application. East-West, keeps it from moving from that enterprise application to all the other enterprise applications. Now today, those 2 products are usually bought separately. But increasingly, we're seeing our customers want to have them be part of the same solution, the same policy controls, the same pane of glass to monitor it. And that puts Akamai in a great position. And that's why we're so excited about the fit with Guardicore. Not only does it stop ransomware, but it fits -- their East-West solution fits very nicely with our North-South solution. And that's where we think the future of Zero Trust is going, is the combination. Now of course, EAA interface is very heavily with the Akamai platform. Because there, the performance matters because if you want to be -- if you're in between the employee device and the enterprise network applications, performance really matters. And that's also a perfect opportunity to insert our market-leading web app firewall. So not only are we blocking communication where it shouldn't be taking place, but where it is allowed, we want to be filtering the communication to get rid of any malware, to detect as malware trying to be spread. And long term, you can think about that within the enterprise as well. And to your point -- I think you have to make a very good point. Once we have this footprint of being -- having an agent on every application, that's tremendously powerful. And I think one of the things that Guardicore has done really well, and probably market-leading is they have figured out how to inter-operate with all of the legacy environments inside the enterprise. And that makes a big difference. And if you think about just deploying the agent, that's not a simple thing because there's all these different environments that it has to work with. And they've also partnered with all the leading players in the market to make sure that their software and agent cooperates and works well with all the other kinds of software and security solutions that an enterprise will have. And those are big advantages for Guardicore. And why -- when our IT department was looking at a micro-segmentation solution and tried all the products that were available, they like Guardicore by far.

Understood. And then if I could follow up on the over 100 sales and marketing employees you're bringing in. I guess, will they be entitled to sell the entire Akamai security suites over time? Or do you intend to keep them as Guardicore specialists? And then Ed, if you could talk about the growth rate of Guardicore, and any purchase accounting adjustments we should think about?

Yes. Sure. Thanks for the question, James. So initially, they're obviously going to be focused on Guardicore. I think over time, we've shown that our sales force can sell any other product. It would be natural as Tom was just talking about for the Guardicore team to start selling our EAA and ETP solutions. And then over time, the web app firewall and that sort of thing. But it's going to integrate into the PJ sales team. We're going to keep the entire team together, integrate it with our overlay team as well. So we do expect to see a lot of synergy there and start introducing Guardicore into our channel partners. As far as growth goes, they were roughly doubling year-over-year. Just one thing to keep in mind, just to spend a minute on revenue here. Guardicore sells both term and SaaS, about maybe 40% of our legacy business was term licenses. Our plan is to be 100% SaaS, maybe there's a few exceptions from time to time. When you -- the other thing they did is they haven't integrated ASC 606. So we had to have to sort of restate that, if you will. And obviously, with purchase accounting, this is going to be a little bit of a haircut. So if you look around and you see any numbers that are out there, it might be a little confusing for anything that's out there in the press. But the numbers that I've provided for next year, we've already taken all that stuff into account, it's just something to think about as you're building your models.

Our next question comes from Colby Synesael with Cowen.

Maybe just a follow-up on that. Does the guidance for 2022 assume the doubling continues? Or were you more conservative? And then secondly, how do you plan to finance the acquisition? Are you intending to potentially raise equity, put that on? Or just reduce the cash balance since you obviously have the cash available? And then lastly, are there any earnouts should we think of the $600 million as the full price?

Yes. Great question, Colby. So financing right off the balance sheet, no need to raise capital. We'll produce more than $600 million in free cash flow next year. So no issues there. No earnouts. There's obviously investments you do with balance sheet as you go or signing to closing and that sort of thing. So $600 million is about the right number to use, maybe a little bit more, a little bit less, but no earnouts. And then your other question as far as doubling, the point I was just making on the first year you do an acquisition, when you have term licenses, you have to, under ASC 606, take most of that upfront and then spread the remaining obligation over the remaining term. So call it the maintenance period. So you have to adjust for that, and you lose a lot of that in purchase accounting. So it won't be a doubling necessarily because of the fact that you're kind of comparing apples and oranges. But as far as the productivity goes, we would expect it to continue to grow very, very rapidly. And if I were to do apples-to-apples, it's probably more than a double going into next year because we're going to be accelerating their growth rate. But there's just that -- we have to work out through in the first year of purchase accounting, which gets us kind of a little messy in terms of sort of trying to compare to historical numbers, especially since they weren't -- they hadn't adopted ASC 606.

Our next question comes from Frank Louthan with Raymond James.

All right. Great. And just to follow up on that a little bit more on the growth side. So can you give us an apples-to-apples on the $30 million to $35 million? On apples-to-apples, what would that growth represent or maybe going into '23 on that new accounting? Can you give us an idea there? And then what are you doing? Are there any sort of key employees or founders there that you -- and how have you incentivized them to stay with the company to keep that knowledge base with the business?

Yes. Sure. So it's really hard to say since they weren't using that method. But if I sort of look at kind of the comparing the old way of doing things with the continuing -- if we were to follow that going forward, it's roughly doubling. So I think that's a good way to think about it. I don't want to give guidance for '23. We think this could be a significant part of our business going forward. We'd hope to be able to deliver those type of results or even better. But it's early days. I don't want to give any guidance beyond what I've already provided. In terms of the funds, yes, they're going to be staying with us. Obviously, our incentives are tied to stock and whatnot. So they're going to be have a heavy incentive statistic with us. Their founder will be reporting directly into Rick. Very excited to get that leadership team, some folks that have a lot of experience in this area. So very excited to add them to the team. In fact, we have an adequate incentive structure to keep them around for a while.

All right. Great. Just one quick follow-up. On the R&D investment. Do you expect that level of spend to stay the same? Or are you looking at this opportunity to ramp up the R&D in this area? How should we think about that going forward?

Yes. I mean, this is certainly an area of investment for us across the company. Enterprise security in general has been a pretty big area of investment. There will obviously be some natural synergy, not in terms of cost cutting, but just in terms of just sharing of technology and mind share as we put the 2 engineering teams together, but we're going to continue to invest in this business going forward.

Our next question comes from James Breen with William Blair.

Can you just talk about their existing customer base and any overlap it has to your existing customers in terms of opportunities to upsell some of the customers?

The customer base has good synergy with us. I would say they're strong in the major financials, retail, big tech companies. Obviously, there's a lot more regulations now being put in place requiring micro-segmentation. That's very helpful. And so I think there is very strong cross-sell opportunities. So our field, as Ed talked about, is looking forward to bringing their solution into our base where there should be a strong positive reception.

Our next question comes from Will Power with Baird.

This is actually Charlie Erlikh on for Will. Most of mine have actually been asked already, but I guess I'll just ask a quick one on the COVID impacts to Guardicore's business. Is there any color you can provide on how COVID impacted revenue trends from '19 to '20 into '21?

I don't think COVID is a primary driver. Of course, that said, with a lot of more people working remotely, which I think will continue past COVID, that does increase the exposure. And we have certainly seen a huge increase in ransomware attacks since the start of COVID. Now did COVID cause that or not? Hard to say. But the increase in ransomware makes a big difference, obviously, for Guardicore's business because they're the leader in stopping ransomware.

Our next question comes from Alex Henderson with Needham.

Great. So you talked about the EAA section of your business going from $100 million currently to $200 million in '23. That would imply some pretty good growth but nowhere near a doubling. Can you talk about what the baseline is and what's in the EAA segment? How much of that is the Zscaler like-type products? How much of that is other stuff? What else is in the EAA that's in that baseline that's being added -- before this is being added to it?

Yes. Good question, Alex. So if you remember from our Analyst Day, this is the Access Control segment of our business. So that includes our EAA, ETP and MFA solutions as well as our secure business, and that's also where Asavie sits. So this will be added into that product suite.

And if I could, just a follow on. One of the biggest challenges with this type of technology is the unintended consequence of putting a block at joining applications or network components that need to communicate with each other that causes disruption to the existing business. So can you talk about how long it takes to deploy the technology in the context of ensuring that you're not knocking down important communications as you're doing it? And whether this is something that is land and expand or whether this is generally tried to be rolled out across the entire enterprise? It sounds like it's a land-land type of business model. Can you just pick on that a little bit?

Yes. Great question. And this is an area where Guardicore excels. As you point out, micro-segmentation can be really hard to implement and cause problems. And Guardicore has figured out how to do this much more simply. I think land and expand is a good way to think about it. As you add agents to applications, they're added into the framework. You get your visibility. And you don't, initially, as you're deploying it, block everything. You first turn it on and you see what's going on in your network. Some reasonably small number of months would be a typical time to get a enterprise fully up to speed. A very large enterprise might take longer, a large global financial institution that might take longer to do. And there may be people -- that's what their job is to do. In fact, this is an area we look forward to working with our major partners today because this is an area where they could add a lot of value in terms of the major enterprises and getting their networks fully locked down. But the nice thing about the Guardicore solution is you don't have this issue while you're breaking things trying to get the security deployed.

Our next question comes from Amit Daryanani with Evercore.

I guess I have one, a lot of them have been asked, but the one I have for you is I think at the Analyst Day, you talked about Akamai spend, I don't know, $1.3 billion, $1.4 billion in deals over the last 7 years, and you did, I think, 14 deals in that time frame. Maybe just talk to me about deal sizes because this deal alone is $600 million. So I'm just wondering, does that sort of signal an appetite and a desire to scale up the size of deals you do? And what could that mean for your capital allocation as you go forward?

Well, we look at each deal separately. I would compare this Guardicore deal to what we did with Prolexic, that was 7 or 8 years ago. I think it's pretty transformational for us, just the way the Prolexic was. Prolexic established us -- it really established us in DDoS, where we're still the market leader by far today. And I think Guardicore establishes us with enterprise security and stopping ransomware. Very synergistic with our existing business, just as Prolexic was. And so you will see us, I think, rarely do these larger acquisitions. Most of our acquisitions tend to be smaller, tech tuck-ins, product adjacencies. And of course, our capital allocation strategy hasn't changed. We are using the capital primarily for M&A. We also buyback our stock to offset equity dilution programs. And occasionally buyback more stock opportunistically. So no change, I think, to our overall strategy, but we're very excited about this acquisition. And I think it -- we do compare it in a way with the Prolexic acquisition 7 or 8 years ago.

Perfect. And then if I could just follow up with Ed. On the revenue growth you're seeing for Guardicore, maybe just talk about -- I guess, what was the growth rate last couple of years? Maybe you can talk about the SaaS and the rest of the business. And then how do you see that going forward with the scale and synergies that Akamai brings to the table to them?

Yes. Good question, Amit. So They were seeing significant growth, doubling over the last couple of years, and so getting to a meaningful scale. Now of course, you have to think about how that translates into a world where you're moving into a full SaaS. Obviously, we're going to accelerate the go-to-market for them, and it's a pretty significant increase for them in terms of their reach and their access to partners. This -- we're pretty early on in this space. And what's exciting to me is that we have a chance to be the leader here in the market in this particular category, which I think will be great for us for dragging along our other enterprise solutions. So as I said, we're very optimistic about the growth rate. They've been -- they were doing a great job on their own, and I think we can really help accelerate them. Obviously, in the first year, any time you do an acquisition where there's a lot of deferred revenue, you get sort of this haircut that you have to take as you work through purchase accounting. But really, I think the big question will be, what does it look like going into '23, I think. Our goal here is to get this launched into our sales force, get them trained up as fast as possible, get everybody out selling and hopefully exit on a path to double or even do better than that, hopefully, coming out of next year.

Our next question comes from Brandon Nispel with KeyBanc.

Two questions, if I could. Can you talk about the process here? Was this a company that was openly soliciting for bids or competing with somebody else? And secondly, on, I think, the last question, it is the largest acquisition, I think you guys have ever done. Tom, in the past, you've talked about valuations that have been stretched. Really what got you comfortable here? And I guess, is this the new baseline for what you guys would call small tuck-in acquisitions?

Yes. The process was that we have been looking for this solution for some time and discovered Guardicore. And we actually looked at all the companies out there. And also for, as I mentioned, for our own solution in our own IT department, and we like Guardicore. We thought they were the best by far. They were not for sale, but we approached them. And after a long process of talking and working together, they became open to an acquisition. I don't think they were looking to sell. But there's a really good fit between the companies, and not just on the product that we talked about. They have the leading East-West solution. We've got a great North-South solution. We both feel the future is the merge of those 2, but also a great cultural fit. And that obviously is important to them as they merge into a bigger company, and it's always very important for Akamai. So it's not a situation where they were looking to sell the company, actually quite the reverse. And it's not our largest acquisition, but it's certainly the largest one for -- well, probably close to 20 years. And it's probably most comparable, as I mentioned, to the Prolexic acquisition. I think we spent about $400 million for that. And the revenue was -- back then, maybe they had a little more but pretty close to the same revenue. And I think the impact on our business will be at least as large with Guardicore. Because I think there's an enormous future potential for Zero Trust in the enterprise. There's huge potential today to just stop ransomware. And they've got a great solution to do that. Now I would not call this a tech tuck-in, and it's not a new baseline for a tech tuck-in. This is the kind of a deal that we do once in a long while, and we see an incredible opportunity and a fair price for that opportunity. Now there's no cheap security deals today for companies that have really good solutions, as you know. But this was within the zone of reasonableness. And we think a very valuable investment for our shareholders. I would not treat this as a new baseline. And tech tuck-ins when I say that I mean companies that are much, much smaller than this.

Our next question comes from Jeff Van Rhee with Craig Hallum.

Great. Just a couple of loose ends here for me. How many customers are they bringing? What would a typical ARR be on the SaaS side for a customer? And just to get a sense of sort of full penetration of a large customer, who is their -- or what would be the size of their largest customer? And then lastly, along that line, any customer concentration?

Yes. Thanks for the question, Jeff. So roughly 300, a little less than 300 customers coming over. The size of the deals really depends. You could have -- Tom mentioned a few different verticals, say, like a large financial institution that's got tens of thousands of machines and very complex environment could be $1 million or more in a year. And then you've got the smaller ones, say, like a regional law firm or a regional bank that might be a little less complex where it's -- would be smaller maybe in the $100,000, $150,000 to $200,000 something like that per year. So it really depends on the size and the complexity. And then as we talk about land and expand, are they just rolling this out to a portion of their environment or the entire environment. So really there's a lot of variables that go into it. The pricing is based on agent base. We also, with some of the larger more complex engagements, occasionally, there will be a resident engineer that's hired, more on the professional services side. Long-term contracts, which is great. And as I talked about in the past, they were doing more term licenses, which for a startup makes a ton of sense. You get the cash upfront. We're going to be moving more towards all SaaS, if we can, maybe a few exceptions from time to time. But good size ARPUs, especially as you get into those larger environments.

Okay. Well, I think that's it for the questions, operator. Is that correct?

Correct.

Okay. Great. Well, thank you all for joining us today, particularly on short notice. This concludes the call for today, and we look forward to speaking with you all on our scheduled earnings call on November 2. Have a great day.

This concludes today's conference call. Thank you for participating. You may now disconnect.