Check Point Software Technologies Ltd

NASDAQ:CHKP

I'd like to welcome you to our Fourth Quarter and Full Year 2020 Financial Results Video Conference. At this time all participants are in listen-only mode during the formal presentation, which will be followed by a question-and-answer session.

Joining me remotely today on the call are Gil Shwed, Founder and CEO along with our CFO and COO, Tal Payne. As a reminder, the video conference is live on our website and is recorded for replay. To access the live conference replay information please visit the company’s website at checkpoint.com. For your convenience the replay will be available on our website. If you’d like to reach us after the call, please contact investor relations by e-mail at Kip@checkpoint.com.

Before we begin with management's presentation, I'd like to highlight the following. During the course of this presentation, Check Point representatives may make certain forward-looking statements. These forward-looking statements within the meaning of Section 27A of the Securities & Exchange Act of 1933, and Section 21E of the Securities & Exchange Act of 1934 include, but are not limited to statements related to Check Point's expectations regarding business, financial performance and customers. The introduction of new products programs and the success of those products and programs, the environment for security threats and trends in the market. Our strategy focus areas in demand for our solutions, the impact of COVID-19 on our business, including our product development, sales marketing efforts and our financial condition and results of operation; the impact of COVID-19 on our customers, suppliers and business partners and the macroeconomic environment as a whole, our business and financial outlook, including our guidance for Q1 and full year 2021. Because these statements pertain to future events, they're subject to risks and uncertainties. Actual results could differ materially from Check Points current expectations, belief, factors that could cause or contribute to such differences are contained in Check Point's earnings release issued on February 3, 2021, which is available on our website and other factors and risks including those discussed in Check Point's latest annual report on Form 20-F filed with the SEC. Check Point assumes no obligation to update information concerning its expectations or beliefs expect as required by law. In our press release, which has been posted on the website, we present GAAP and non-GAAP results along with the reconciliation of such results, as well as reasons for our presentations of non-GAAP information.

Now, it's my pleasure to turn the call over to Tal Payne for a review of our financial results.

Great Kip, thank you. And good morning and good afternoon to everyone joining us on the call today. I am pleased to begin the review of the fourth quarter and the full year. Revenues for the fourth quarter increased by 4% year-over-year reaching $564 million and our non-GAAP EPS grew by 7% to $2.17 both above the mid-point of our guidance. Before I proceed further into the numbers, let me remind you that our GAAP financial results include stock-based compensation charges, amortization of acquired intangible assets and acquisition related expenses, as well as the related tax effect. Keep in mind as applicable non-GAAP information is presented excluding these items.

Now let's take a look at the financial highlights for the quarter. Revenues for the quarter reached $564 million, $14 million above the midpoint of our guidance. Product and Security subscription revenues were $340 million, a 6% increase year-over-year. Our subscription revenues continue to be strong with 10% growth year-over-year, reaching $180 million. Software Update and Maintenance revenues increased to $224 million.

We have seen strength in our strategic areas; our CloudGuard family had great results with high double-digit growth. Infinity continued the momentum with significant transactions in different verticals, and impressive growth in the business we do with these customers. During the year, we launched the vast majority of our Quantum appliances series. The family was well received in the market and we finished the year with over 90% transition.

Deferred revenues reached $1,482 million a growth of $95 million 7% growth year-over-year, short term deferred revenues increased by 10%. Revenue distribution by geography for the quarter was as follows; 43% of revenues came from America, 45% of revenues came from Europe, Middle East and Africa, and the remaining 12% came from Asia Pacific.

We delivered strong gross profit of 89% and non-GAAP operating margin of 51% similar to last year. Our financial income for the quarter was $14 million. As a reminder, interest rates in the U.S. sharply dropped earlier this year, hence the reduction in the financial income versus last year. Naturally, this reduction is also part of the cash flow.

Effective non-GAAP tax rates for the quarter was 0% as we expected. This quarter similar to last year, our tax expenses include tax benefits from lapse of tax’s limitation on certain provision. GAAP net income was $271 million, a $1.95 per diluted share.

Non-GAAP net income was $301 million, or $2.17 per diluted share, an increase of 7% from fourth quarter of 2019 and $0.08 above the mid of our guidance. The accelerated growth is related to the continued reduction in our diluted outstanding shares.

Our cash balances as of December 31 reach $4 billion again, operating cash flow for the quarter increased by 19% to $293 million with strong collection from customers. As a reminder, we had your balance sheet against currency fluctuation, the hedge effect to our cash flow with a minimal effect on the P&L as intended.

During the quarter, the dollar weakened against the Israeli shekel, resulting in a hedge income of $26 million in our cash flow compared to $2 million last year. In addition, during the fourth quarter of last year, we completed the acquisition of Protego and Cymplify.

Metal [ph] hedge and acquisition related costs, our operating cash flow increased by 4% year-over-year. During the quarter, we continued the purchase of our shares we purchased 2.7 million shares for $323 million at an average price of $119.

Now let's take a look at the financial results for the full year. Our revenues for the year reached $2,065 million, an increase of 4% year-over-year $60 [ph] million above the midpoint of our original guidance in the beginning of the year.

Subscription revenues continued to be the main growth drivers with Infinity and CloudGuard Solution leading the growth. Infinity deals continued to gain momentum crossing the $100 million booking bar. Annual contract value of Infinity customer shows significant growth of 10s or even hundreds of percentage as customers adopt the full Infinity Threat Protection Solution. This is great news.

CloudGuard solution already reached more than 3000 customers. Both CloudGuard -- and CloudGuard SaaS are growing fast with a strong double digit. Non-GAAP operating margin for the year were strong 50% as we had higher level of revenues on the one hand, and about $40 million less expenses as a result of COVID-19 impact on the other hand.

During the year, the dollar weakened against many currencies around the world. The effects on our results in 2020 was minimal as we recovered effectively by our hedge. The dollar continued to weaken after the year end as you could all see. Based on the current rates, the effect is expected to be an increase of operating expenses for next year of about $25 million.

Our financial income in 2020 reduced to $67 million from $81 million last year as a result of the reduction in the yield on our portfolio as we discussed. We expect again to see the continued drop of $1 million to $2 million a quarter with the total financial income for next year of this year 2021 of $42 million.

Effective non-GAAP tax rates for the year was 13% in line with our expectation for 2021. Assuming no regulatory changes, we expect the tax rate for the year to be similar 12%, 13% quarterly tax rate for next year from Q1 to Q3 17% like, same like this year, and around 0% around Q4.As a result of the lapse of statute of limitations is also expected to happen in Q4 next year.

GAAP net income for the year was $847 million, or $5.96 per diluted share. Non-GAAP net income for the year was $963 million, or $6.78 per diluted share. The EPS was $0.13 above the high end of the original guidance for the year and is reflecting an increase of 11%.

Cash flow from operation increased by 4% to $1,152 million. During the year, the company repurchased approximately 11.4 million shares at the cost of $1.3 billion at an average price of $114.

For 2021 based on the current buyback rates and the current share price, we expect our average diluted number of shares to be around 136 million shares for the year starting at 138 million in Q1 and moving down to 134 billion by Q4.

Now turn the call over for Gil, for his comments.

Thank you, Tal, and happy belated New Year for to all of you joining us on the call today. I hope that you are in your family are safe and healthy. I’m glad to report the results for 2020. What a year it was. As you've heard from Tal, we delivered good numbers for the fourth quarter and for the entire year. But more important is what we achieved throughout the year. Despite the pandemic, we launched an entirely new product line for our core network security business, the quantum family and the results are quite positive from negative product growth in 2019 to positive one in 2020.

Our cloud business delivered double digit growth in 2020, a trend that intensified in the second half of the year. Finally our Infinity Solution, we delivered the industry only presented architecture for cyber security across the entire spectrum of attack connectors, network cloud and endpoint more than double its number of customers in contract value.

We've augumented all our products families with plenty of technology, serverless protection for cloud IoT and autonomous Threat Prevention on the network, EDR capabilities for the endpoint and our new Infinity Stock security research and management tool, just to name a few key technologies that are now part of our products in Infinity architecture.

The importance of cyber and the Internet has risen significantly over the last year. The network became the lifeline of our lives and businesses. And I believe I've said it before, but our industry can be proud, we kept the world running. The world face big increases in traffic and with that it also faced a huge increase in cyber-attack. I can go on and on and describe our achievement in 2020. But I'd like to focus more on talking about the state of cyber security and our plan for 2021.

I've been speaking about the fifth generation or Gen 5 cyber-attacks for the past couple of years. 2020 demonstrated that it is not a theory or a projection, but the Gen 5 attacks are here sophisticated, multi vector attacks that are fully morphing, disguise themselves very well, start the attack in one place, and end a few steps later deep in the enterprise, which was the hallmark of many of the attacks in 2020, including the Emotet board that was one of the most popular launch pad for attacks last year, the Emotet network was taken down in a sophisticated operation involving the law enforcement agents from eight countries, great achievement for cyber law enforcement, but also an important signal for all of us.

Emotet has been active since 2014. We saw it in one out of five enterprises in the world. We can't allow attacks to go on for seven years. We have to defend against it ourselves, which we do. Check Points Advanced Threat Prevention uniquely designed to prevent these attacks on patient zero, even when the malware is polymorphic and appears differently on each attack.

In the middle of 2020, we coined the term cyber pandemic, which was underscored by the World Economic Forum emphasizing the world is indeed facing a cyber-pandemic. In December 2020, the Sunburst attacks demonstrated the impact with the Gen 5 cyber pandemic can cause, an attack which was seen in over 18,000 organizations, including the top U.S. government agencies in the world's largest company. Sunburst started with an attack vector which is almost impossible to detect embedded into the solar wind software. But once executed, it's made its way into multiple systems in the network and presented major challenges to cloud environments which were the most vulnerable to December's attacks, a true Gen 5 attack.

These nightmare and worst case scenarios of executive and CECL's [ph] has now become a terrible realities. Mostly there is in 2020 characterize last year as one stock in survival mode, everyone needed to operate in environments we've never experienced, safe level of uncertainty the world has never seen before, and challenges the world has never faced in this modern era.

Looking at the state of cyber security, it is time to move from survival mode into revival mode. It's a new world and we have the opportunity to protect it. We're starting 2021 with a strong, focused and ambitious strategy to make our customers secure in this new era of Gen 5 cyber-attack, a strategy that relies on technologies we’ve developed over many years, a strategy that will make achieving the required level of security much simpler than ever before. We have over 80 products and technologies today, in 2021 we are going to provide them under three key families with unified management and control tool for the entire environment.

Let me describe briefly these three families. First, let's start with the U.S. family to our portfolio. Work from anywhere, become the new norm. Over 70% of businesses believe that it will become a major part of operations post-Corona. Seesaw [ph] the prioritize securing the work from anywhere it's a top priority for the next two years, a very new phenomenon cyber. We're going to tackle this challenge head on and provide the best solution for that secure connectivity from anywhere and secure work environment on any device, company managed personnel and mobile. It involves unifying over seven different security categories from endpoint to clientless remote access. We believe no single vendor except Check Point has all these technologies today. It presents a great opportunity for us and for our customers.

The second pillar will be a continued focus on Cloud Security. We intend to continue and are driving to make the CloudGuard family the most comprehensive cloud security solution in the industry. In 2021 we are going to augment it with the next generation of web application firewall, one which is powered by what we call contextual AI, where the system deployment and learning phase can be reduced from 48 days on legacy systems to 48 hours with our automated technology.

Our new applications security capabilities will secure multiple cloud workloads, API's web application as well as hosted an on-premise web server and one and a half billion dollar market potential which will augment our total addressable market just within the cloud security space.

The third pillar is our Quantum family, a comprehensive set of solution for network security. In 2021 our Quantum family will include all network security technologies for all sizes of networks, from managed security on IoT devices to terabit security on major networks. Today, we introduced the Quantum Spark appliances creating a full set of solution for branch offices and small businesses, which family will utilize an intuitive web based installation and management and mobile app for monitoring that will make Enterprise Security simple and achievable for all.

Quantum Spark joins the other Quantum models and technologies making it what we believe to be the most comprehensive network security solution in the industry. So our three pillars are going to be quite simple, securing the users wherever they are, CloudGuard for the Cloud and Quantum for the network. Simple isn't it.

But one more thing, these three families are going to enjoy a single management suite called, the new suite will be called Infinity Vision. It includes the ability to manage the entire portfolio with a single portal. Some users will prefer to run parts of it on-premise, but the fully enabled cloud based management is going to be provided.

Infinity Vision will also include the word SOC and XDR tools, many of them will be delivered in 2021 and will provide sophisticated intelligence tools. All are going to enjoy unified policies, monitoring tools, and most important the threat cloud service which will relay the attack information across the world and across all attack vectors and turn security information into actionable prevention.

Overall, I believe that the revolution of our product portfolio is going to provide the world what it is, unified, strong cyber security. On the business front, we are going to augment these technologies and innovation with increased investment in our sales and R&D organization. We've started the year with our sales kick-off meetings. For the first time, we have virtually received excellent scores for our employees and partners on these events and more important on the clarity of the vision and the market feeds of the solutions.

Today we're finishing the last event. We started two weeks ago with our APAC sales kick-off continued with the American sales kick-off, and just now finishing our European sales kick-off meeting. At the end of the month, we're going to hold our first virtual Check Point experience customer conference, and we expect record attendance at the coming CTX. I believe that we're entering a new world in 2021, a world which presents new cyber challenges and new opportunities for everyone. New opportunities for the way we work, the way we live and the opportunities to secure this world.

This is a good transition to our 2021 projection. As you know on my regular caveat, it's hard to predict the future, especially with the challenges we're implementing to our technology, business and the pandemic around the world. The level of uncertainty in our world remains high, but will do my best to share with you our guiding principle. Bear in mind that many things can change.

With that in mind our revenues for 2021 are expected to be in the range of $2.080 billion to $2,180 billion [ph] for the entire year. As for earnings in 2021, we plan to invest more in our business. I believe that the new opportunities ahead of us weren't more investments than what we did last year.

Keep in mind that the level of expenses in 2020 was extraordinarily low as a result of the cancellation of almost all physical activity, which had the positive impacts on earning in 2020 of approximately $0.25. We expect partial return of these expenses in 2021. On top of that, just like Tal says, the dollar is weakened and has a big effect on us as more than 50% of our expenses are not in U.S. dollar, about $0.16 impacts as of today, and interest have gone down which reduce our interest income also about 16% impact. The total impact of these three factors is approximately $0.52. So we are starting 2021 with minus $0.52 to our annual EPS mostly by the way, in the larger part of the year. So based on these assumptions, our non-GAAP earnings per share is expected to be in the range of $6.45 to $6.85.

GAAP EPS is expected to be approximately $0.90 lower. For the first quarter, we expect revenues in the range of $485 million to $550 million and non-GAAP EPS in the range of $1.45 to $1.55.

GAAP EPS is expected to be approximately $0.22 less for the first quarter. Thank you for being with us today. And we'd love to hear your questions.

Thank you, Gil. Before we begin with the Q&A session, due to content constraints, and in consideration of other participants, please limit yourself to one question. If you run into technical difficulty, please type your question into the chat. Our first question today is going to come from Adam Tindle from Raymond James, followed by Fatima Boolani from UBS Equities. Adam?

Okay. Thanks, Kip. I just wanted to start with the near term and long term repercussions of Sunburst and maybe Tal could start on the near term. Could you maybe talk about the cadence of Q4? Did you see any acceleration in conjunction with this? Looks like you're guiding revenue above seasonal in Q1 based on what I can tell from the quick math here. So just wondering if maybe there's some bursting that you're seeing to give you confidence and that above seasonal.

And then maybe Gil can tackle the long term. Just speak to the repercussions for security architecture changes. And does this open opportunity for M&A for Check Point? Or do you think you can attack it with your existing portfolio? Thank you.

Tal, go ahead.

Yes, so I wouldn't say I saw something specific relating to that. Q1 guidance is based, a lot of it is mathematical in the sense that some of its coming from the deferred revenue. So we know already how much we have in hand, both in the subscription and in the support. And the product is area we have the range where you can be higher or lower depends on what will show up in the in the product revenue, so it's not relating really to any increased demand or decrease demand, we see in the market. We expect it to be in line with our expectations.

And again, for the strategic impact for the first, I think it's highlighted the fact that these attacks sophisticated, describe themselves very well, through Gen 5 attack like with describing this is really this is something we have to say. Is it going to have a direct impact on our revenues? I hope it will, because I think we're the only one that can actually address it. Companies were like frozen we -- what should we do? A company has invested tons of their energy, just investigating what happened six months before trying to realize if they were a tax, by the way. I think it's very hard to know. Sunburst was in [Indiscernible] most companies cannot know if they were affected by it. It got in, did what he did. And in many organizations he just deleted itself and left almost no traces.

But I and again, I think the secret again to it is not to know that we were hacked and your secrets were stolen there six months ago. The key is to present it and make sure that whatever gets inside doesn't proliferate, doesn't cause damage. And that's all about prevention. And I think we're doing that. We're doing that quite effectively. And I think we can face these attacks. And I think our challenge remains to show customers the huge difference in deploying our technology and deploying our solution compared to everything else that I know in the marketplace.

Okay, and maybe I'll repeat the guidance, since I'm not sure everyone heard it. So for the first quarter, $485 million to $515 million, and non-GAAP EPS in the range of $1.45 to $1.55. GAAP EPS $0.22 below and for the year $2.80 billion to $2.180 billion. And the EPS non-GAAP $6.45 to $6.85. GAAP EPS expected to be $0.90 lower.

Thank you. High end of revenue guidance $515 not $550?

$485 to $515. Yes.

I heard $550. Okay, that's helpful. Thank you.

All right. Our next question is going to come from Fatima Boolani, followed by Brad Zelnick at Credit Suisse.

Good morning, thank you for taking the question. Gil, maybe I’ll start with you very quickly. You were very explicit that 2021 is going to be characterized by investments in R&D, and sales and marketing. And so as I think about the new product families, and the vision you have around your new product families, can you talk to us around how that's going to impact your go-to-market efforts, specifically around any changes to incentives, compensation structures to your direct sales force, and how this is going to move down the pike with some of your channel partners as you build and continue to build your channel partner relationship. And then another quick follow up for policies [ph].

So first, in terms of our go-to-market, I mean, the general structure remains the same. And we have a big and good sales organization that doesn't need the major changes need some small ones. We do have two overlays, one which will focus on the CloudGuard the technology and another overlay that supports the sale with regards to the new user centric security. We haven't formally launched the name for that. But you'll see that in a couple of weeks. And I think that's going to be a very, very focused approach.

So now if before again, if I'm a sales guy, or if I'm a customer, and I need a solution, Check Point probably has that solution amongst the 280 different technologies. Now, it's extremely simple. If you want Cloud, CloudGuard is the solution. If you want something about remote connectivity, and user Harmony is the solution. And that will work both in positioning it, in getting the technologies in it. And by the way, also in the ability to sell it because some of the solutions are going to be much simpler to purchase, like one price for the entire suite and not having to deal with a tons of different skews in the sizing for the different elements.

And of course, if you need a network solution, it's part of the Quantum family which still remains, and by the way, has a huge potential in it for the main markets. I think from a-go-to market, which is a very good strategy and to that Infinity that enables customers to get the full architecture. And again, Infinity is still small, but it's growing fast. And again, I think Tal mentioned, doubled the number of customers, doubled the contract value last year. So I mean, it's a – it’s hitting on all the rights on all the right things, still a way to go still few years before all these three companies will become the huge part of the business. But I think we're now seeing that it's -- I mean, when we analyze our internal measures and everything in 2020 and in 2021, we're going to be very important for the growth.

And if they will be successful, we will see their impact on the overall business. So I think overall, it has good impact. By the way, I think everything that I've said now is not just for our sales force. It for the customer. It's for the partners, for everyone. Again, you're a partners, you have the cloud issue, you don't know all the different -- few 100 vendors, dozens of solution. CloudGuard is a good solution. Quantum is a good solution. And I mean, for connectivity and end user, good family for that. So I think it will make things much simpler for everyone. For the customer, again, I got feedback from customers that say, now it's simple for me. Now I understand that I need that solution.

Tal, just very quickly for you. How should we see these efforts, consolidating around these three product families show up in this financials. Can give us just some finer points on how the revenue segmentation and growth trends within the revenue segmentation should trend over 2021?

Shouldn't really changed. And remember, things happen not the next day, right? But the same thing. When you talk about the appliances, you're going to see the product line. When you talks about the subscription, it doesn't matter if it's a subscription that relates to the remote access, or is the subscription that relates to NGCP or NGFW or some plus. All of them are subscriptions, so all of them will be in the subscription line and support and support. Infinity is the only one -- not the only one, but the major one that when you do a transaction of Infinity, it's actually split between the entire lines. Some of it go into products, some of it going to support and some of which in subscription. And major part of it probably more than 50% going to the subscription line, because it encapsulate everything that Check Point has to offer, hence majority of it going to subscription line.

Alright. Thank you Fatima. Our next question comes from Brad Zelnick at Credit Suisse, followed by Sterling Auty at JPMorgan. And please try to keep to the one question at a time going forward. Thank you.

Great. Thank you so much. Kip, nice to see everybody and congrats on a really strong Q4. Gil, as we think about Sunburst and the future other supply chain attacks. At the end of the day, don't they all rely on lateral movements across the network? And if so, do you think this accelerates a broader shift to Zero Trust Security models? And can you maybe speak about not only how Check Point succeeds in a Zero Trust world, but also the extent to which it might be a headwind to the core business?

I think first you're absolutely right. These attacks underscored the importance of network segmentation of zero trust as all the network security capabilities at the end are the main capabilities to stop an attack. When we know that there is no way to where -- we are in the world that things can get in some way. What we need to do is to stop them and contain them that they are there. And network security is the most effective one. We can't get to know every workload in the world and every application in the world. We are trying by the way. We have plenty of technologies and plenty of market space to secure many workloads and we are doing that. But at the end of the day, the main one is the network security capabilities that see the attack and stop it right there and contain it. And I think that should provide us with an opportunity and more opportunity to our network security portfolio.

Okay. Thank you. That's it for me.

All right. Our next question, it was with Sterling Auty at JPMorgan, followed by Joel Fishbein from Truist Securities.

Yes. Thanks. Hi, guys. I want to return back to the go-to-market discussion. Wondering the success that you've seen in the Americas channel in particular in 2020. Was there anything that you did differently or any learnings that you can now take and apply to both Europe and Asia?

I think we've seen good traction and good cooperation with channels in America, but I think is the other way around. Asia and especially Europe are working better with the channel. And I think in America, we can learn from their cooperation that we have in Europe. I think it's now unified under our a head of worldwide channels. Frank, you may have seen some exposure to him. And I think we are trying to learn -- again, first every region and every place can learn from others. But I think Europe is the place when we have the best cooperation with the channel, the best point go-to-market. There's a lot of cooperation that we do can do, and do much more in the U.S. in getting to new customers and so on. And I think it's a little bit more challenging actually in the U.S. than in other places.

Thank you.

And next call is going to be with Philip Winslow from Wells Fargo followed by Ben Bollin at Cleveland Research.

Hi. Thanks for taking my question. The question for Gil. Would you compare a Sunburst to let's say, fire attack like [Indiscernible] some of the things we saw at your target years ago? What do you think the implications? Or what's different this time in your mind versus this prior attacks that similarly were widespread. And in some cases very focused on specific companies. What's different this time? What do you think the ramifications are?

I think first, with each attack you learn new techniques and the level of creativity that the attackers there is unbelievable. I'm saying all the time. I'm meeting with our researchers, and seeing the vulnerabilities that they find in applications, in infrastructure, in everything, which is truly unbelievable. Maybe one day we should do a seminar for you guys to show you some of the -- or the researcher. I meet with them every week or two. And every time I'm getting shocked from the level of vulnerabilities that they find, and the attacks that are being found.

I think what's unique about Sunburst is the fact that it was super, super professional. It hides itself very, very well. I mean, it was really hard to detect that. I think, by the way, what we will never know the extent of the damage and the information that was stolen, because we really saw which their team took a lot of stuff and in many or some organization it stayed in. Many organizations it simply erased itself and left almost no traces. Our researchers and all our Incident Response Team, all the teams, we have a very good security professional, helps many customers, analyzed many environments, and almost left no traces.

And on the other hand, by the way, took something that was an internal attack. It's actually started from within the core network of the company with SolarWinds, and so on. And it took active directory certificates and took cloud certificates and use them to penetrate the cloud from the outside. So the cloud actually, in many cases remain vulnerable. Because by the way, the cloud in many cases is not shielded, as well with gateways and firewall like the core of the network, like the data center inside the network.

So SolarWinds to that extent is -- Sunburst will remain an attack with -- I think we'll hear a lot more about it in the future, as more and more research will get published. So far, I think the world, not Check Point. The world in general knows -- doesn't know enough about that and who's behind it and what we've done. And I think that's the unique part. It was an attack which was seems like a state sponsored. We've all with a you know in a way sophistication. And especially with the fact that they left no traces and no information was leaked or disclosed, but find itself -- found itself into the wrong hands, for sure.

I think we all would want to hear from your researchers on webinar. I like that idea.

So we'll schedule that.

Alright. Thank you, Philip. Our next question is coming from Ben Bollin followed by Shaul Eyal of Oppenheimer.

Good afternoon. Good morning. Thank you for taking the question. Could you tell us a little bit about maybe the mix of revenue and/or billings attributable to cloud and SaaS subscriptions in 4Q or for the year? And how this has developed over time? And then as you get more of that revenue mix over time, take us through the impact on support and maintenance revenue? Thank you.

I'm not sure I understand what you mean, when you say the mix. Can you elaborate a bit?

So, if you look at Infinity Dome9. Can you take us through how much revenue you're generating from those products? And how that's developed? And then, where that's going?

Okay. So, it's still not very big, but I'll just give you a sense. A cloud, when you say Dome9, its part of the CloudGuard solution. So you have mainly CloudGuard, yes, which is Dome9 in our yes solution. And we have a CloudGuard SAS when I call it all together the CloudGuard. It's over 10% of the subscription line already. So it's already quite material, but not material enough to pull on the number up enough. But that's a good trend because it is growing in a double digit and a fast double digit, it's over 50% growth. Then over time, it will become bigger and bigger. And we will see that the pulling all the numbers up. So Cloud is a great success.

When you talk about a majority of it, if not all of it, is in the subscription line. I think very small portion might be broader, but I think majority by far is in the subscription. When you talk about Infinity, it's smaller, maybe about half, just for a high level size in the revenues already, which means, already also becoming a significant low 10s of millions in the revenues. So it's no longer one, two to three million, its already getting to a few low 10s of millions. And that's again growing also quite fast. I gave an example that when we signed the Infinity Total Protection transaction, the annual contract value of the customer can grow in 10s of percent or it can grow in 100s of percent, depends what was the starting point.

If he had very few solutions of Check Point, and now he gets everything, it can grow in there 100s of percentage. And if it's there already was a customer that was very well covered then it can go maybe in 10s of percent. But that's a wonderful opportunity. Those dollars are showing up in three different lines. Because remember, it's provide to the customer everything we have. So yes, in that bucket product, the budget for the year, He gets all the subscription solutions of Check Point and he gets the support for the appliances. So that actually appears these all of the lines, although still majority of it probably over 50% is in the subscription line.

Thanks, Ben. Our next question is from Shaul Eyal at Oppenheimer, followed by Gray Powell at BTIG.

Thank you. Hi, good afternoon, guys. Gil, quick question on your threat intelligence capabilities. Are these homegrown solutions? Or are you partnering with some other companies? Maybe some emerging startups in Israel, outside of Israel? Just curious, how do you approach threat intelligence?

So first thing intelligence, you need to collect it from many, many sources, and that's something we learn. So our threat intelligence technologies is our own. We have amazing capabilities for research. But we are also cooperating and subscribing to many, many other services. I mean, some of which is cooperation, which is quite good. We're even by the way part of an organization which shared threat intelligence with other competitors, CTA, which is an organization. That's an industry wide organization between us and our direct competitors.

We are subscribing to many other threat feeds from other companies. And we are cooperating with few startups that are providing threat intelligence, even though I'm not sure that we have a direct link or a direct subscription to their feed. But still the majority of the technology and most of our findings there is our own technology. We have by the way, plenty of sensors around the world that's find plenty of things. That's the nice thing about it. For example, when we analyze files that are being sent all around the world. And when we find the malicious file, immediately, the file signature or the file characteristics that derived from that is added to the threat count for all customers. And that happens in real time.

So if we find one file in my mailbox, suddenly, millions of Check Point customers are being protected in the same second. And not only that by the way, it's not just knowing that this specific file is insecure. And by the way, this is the unique thing about threat cloud. In our solution, one endpoint will find the signature, the same endpoint, other endpoints might stop that file. Here if the file won't be downloaded on the web, the file won't pass through the network. We will have the ability to identify that everywhere. But on top of that, we will extract from these files many other what's called IOC.

So for example, if that malware communicates with a command and control server somewhere over the internet, we can take down that command and control or stop the communication to that command and control for all customers worldwide. And I think that's the unique thing about our threat cloud and what's behind the lot of our threat intelligence.

Thank you.

Thank you, Shaul. Our next question is going to come from Gray Powell at BTIG, followed by Rob Owens of Piper Sandler.

Okay, great. Thanks for taking the question. This might sound like I'm getting a little bit into the weeds here, but actually looking for more of a high level answer. If I just kind of run through the numbers. If I take correct billings, and I back out product revenue, it sort of proxy for annual subscription or annual recurring billings? The growth there really accelerated nicely in Q4. It was actually the best performance we've seen from Check Point about three years. So can you just talk about the drivers there either in terms of attack subscription or on the cloud side? And just the overall sustainability of that trip.

Are you basically calculating your implied booking?

Yes.

Okay. Just wanted to make sure I understand. So you're right, the implied booking was high. I think in the short term, it was 10%. And the total implied was about 8%. So it's very high. We did a very good booking. We did have a very good implied booking. We had a good quarter. You know that because we transitioning into Cloud, into Infinity, then it take time to see that translating into the P&L and into the revenues. So probably number one reason is that fact, we got a lot of Infinity in the cloud transaction and subscription in general. I gave a hint about the Infinity over $100 million booking, it's quite significant.

So hopefully, it will continue this trend of these drivers. To remember, we defined the growth. When we talked about what we need to do in order to grow over time, we said it will take a while, but the three main pillars are Cloud, Infinity, and now we're talking also about remote access. Hopefully, they will start next year with a new plan that's Gil presented. So this is in line with our efforts to focus on those growth areas.

Got it. Okay. Thank you very much.

Thank you. Kate?

We'll go to Rob. Next, followed by Michael Turits at KeyBanc. Sorry, guys.

That's all right. Thank you guys. As we contemplate kind of this shift towards more remote user and potentially more user centric models? Does this potentially change the pricing dynamic for Check Point moving forward and then have TAM implications moving forward? Thanks.

I think we definitely grow the addressable market. I specifically didn't talk about the right size, because all the sizes about remote access and endpoint security are giant markets and not attempting to take on all these markets and replace all the solutions there. We are focusing on the new world of connecting the mobile workforce of connecting work from everywhere, work from anywhere, any way we want to call it and securing that. Again, I think it's many, many different categories. And I think what we've found, what we analyzed the market trend is A, this market, which wasn't the top priority for customers, shifted from mid or low priority into the top priority on customer mindset. And we have all the technologies, it's unbelievable. I mean, when we looked at our portfolio, we found out that we have let's say more than a dozen solutions with address all the elements. So now we need to take them, put them together, we're still in work what we need to do, I'm not trying to say that it's trivial. It's not. But I think what we have what no other company. And just remember by the way, we completed another acquisition that sealed in a -- I think it was September or October, the acquisition of Odo. So we were very, very active on that.

And now, we all came together and say, no, it doesn't need to be a dozen different solutions. One point solution for every one point problem, but unified one. And I think it can change the whole thing. The pricing dynamics, the simplicity, everything around it, because we will make it very, very simple to where to acquire and to where implement and mainly to get the security level.

Thanks, Rob. Appreciated. Our next caller is Michael Turits with Keybanc followed by Saket Kalia from Barclays.

Thanks. So congrats, Tal and everybody. So I just want to ask a product, which as you pointed out was really strong this year and turning -- coming back to a positive. Was there a lag in people's abilities to refresh firewalls last year? And does that start to come back? And if so, why wouldn't that provide a little bit more visibility into Q1 and potential for upside to revenue given strong billings this quarter?

First in terms of the product business, in many cases, we supply the product right away. So actually where we have the deferred revenues and their predictability is more on all the other subscription line. Products we are usually very fast to supply them even within the last few days of the quarter. As for last year on one hand we saw some demand, some increased demand for capacity. For example, in April -- in March, we saw companies that are pushing big orders not for these specific customers -- big orders to increase capacity on the network.

On the other end, customers generally last year tried to avoid getting into the data center because we were all working from home and we didn't want to touch anything physical unless it's absolutely necessary. So I think last year was characterized by somewhat of a slowdown of everything that's physical, despite whether people turn from negative into positive, which means that it has potential. My belief, by the way, is that the market for network security and gateways and firewall has a huge potential. But the main point, when we -- and the most effective point to block this new cyber pandemic attacks, we really need that.

Thanks, Michael. Our next question is going to come from Saket Kalia from Barclays followed by our last question from Brian Essex of Goldman Sachs. Go ahead, Saket.

Hey, great. Can you hear me okay, Kip?

Yes.

Okay. Excellent. Thanks for taking my question here, guys, and fitting me in. Tal, maybe the question is for you. That was a nice little hint that you provided just on IPP bookings, I think crossing 100 million this year. The question is, can you just talk about how big they were last year? And and also touch on what's prompting customers to opt for IPP when buying network security versus buying buying them under sort of the traditional pricing model? Does that make sense?

The first question I got. Yes. Can you hear me? Yes. The first question, I got it score significantly over 100%. I don't remember the exact number. But it was a significant growth. And and the second part of the question, what was that?

The second question is what do you think is prompting customers to go for ITP pricing versus buying firewalls sort of in a traditional model?

So I think first to start before the pricing, it first starts with the need. So when the customers understand what we're relating to that, as the world become complex, and many customers need to adopt more and more solutions, it becomes very complementary to implement separate spread solutions for many different vendors in many different places with different management capabilities, and so on. So it first comes with the need of increasing your security while trying to keep it maybe I will say, as simple as you can, in a complicated world.

The pricing is a complimentary to that where it says, you don't need now to negotiate with us 20 or 50 or 60 different features pricing one of them based on user one of them based on gateway, one of them based on throughput, one percentage of the enterprise installed base and so on. Here, you get one simple pricing. Tell me how many users you have, your price will be x numbers of dollars multiplied, very simple. And you can basically go and install in your pace, hopefully fast, everything you need in the organization. So I would think as a CTO and as a CFO, everyone, you will prefer that both from financial perspective and from simplicity perspective.

Very helpful.

Thanks Saket. And our last question is coming from Brian Essex from Goldman Sachs.

Let's see if he's. There he is.

Hi. Thank you for fitting me in and I really appreciate it. Gil, I just have a question for you. I wanted to hit on the competitive dynamics you're seeing in the market, particularly given the product cycles that you've had, you have already, now already one, you've got Maestro, Quantum, Infinity. How much of that growth is in the installed base? And where do you see share coming from? Is this a dynamic where we have just an installed base of existing customers that you can help them -- where you can help them migrate to the next generation of threat prevention? Or do you see meaningful uptick from incremental customers on the platform? And where might those be coming from? Is it -- are we seeing, for example, shared ownership from larger legacy vendors like Cisco, or Juniper? Or are these kind of head to head competitive new wins in the next gen market? Just love a little bit of color what kind of around the competitive dynamics?

Sure. So first, my priority has been for the last few years about getting new customers, not just new -- now, still, the majority of our business, the vast majority is coming from our installed base both because these are the people that -- these are the people like us. Also we have a lot of enterprises that maybe by the way, small customers now in growing and becoming more major. Still we have an amazing set of competitive wins. And that's not just by the way against the older vendors in the marketplace, but also against some of the some other vendors in our marketplace. And we have a lot of nice wins, a lot of competitive wins when the customers actually evaluate the product actually, that, you know, they come up with a lot of technologies and being innovative and being cool. But at the end, we don't present the attack. Look at your instruction manual, they'll tell you, if you got infected by a fret, we will give you, we will give you an alert after it happened. After receiving them, we recommend that you disconnect the network, that's taken from the structure menu, all of our top competitors.

And by the way, I'm seeing -- I'm seeing with some of it, by the way, how the world understanding the solution. And most of the solutions today in the marketplace are not deployed with the full capability, the footprint prevention capabilities on and with the full prevention on, which means that if we go to a customer and implement the product the right way, the product has reached 10 times more value. It also by the way, may be a little bit more complicated, maybe a little bit more challenging, operate because it does the work. When we replaced competitive product in some customers, the customer complained that it was complicated, but it wasn't as fast. And then we looked what we've done with the competitive product. And we've basically done nothing. It's like going with a, it's like going to a hospital with a serious heart condition. In one place, you’re being you know operated and get all the treatment. In the other end, we give you an aspirin and hope that it helps.

So in many cases, our when people use our competitor's products, well don't use them to the extent we even need to use them. Most of the capabilities is how we use them. So I think overall, we've seen all of that. We had a very, very nice competitive wins in the last quarter. Some of the biggest names, by the way. We've seen it in healthcare, we've seen it in the hospital, we've seen it with companies that manufacture the, the COVID-19 vaccines. So we've seen very, very nice competitive wins when we took over competitors and replaced them with solutions that they actually provide prevention.

All right. That’s it. Powerful, thank you.

Thanks, Brian.

Thank you all for joining us today. That's going to conclude our call. We'll look forward to speaking to you throughout the quarter. And with that, I'll allow you guys to disconnect and have a great day. Bye bye.

Thank you very much.

Thank you guys.