Check Point Software Technologies Ltd (CHKP) 2020 Q4 法說會逐字稿

Welcome Everyone to our fourth quarter and full Year 2020 financial results video conference. (Operator Instructions). Joining me remotely today on the call are Gil Shwed, Founder and CEO; along with our CFO and COO, Tal Payne.

As a reminder, the video conference is live on our website and recorded for replay. To access the live conference and replay information, please visit the company's website at checkpoint.com. For your convenience, the replay will be available on our website. If you'd like to reach us after the call, please contact Investor Relations by e-mail at kip@checkpoint.com.

Before we begin with management's presentation, I'd like to highlight the following during the course of this presentation, Check Point's representatives may make certain forward-looking statements. These forward-looking statements within the meaning of Section 27A of the Securities and Exchange Act of 1933 and Section 21E of the Securities and Exchange Act of 1934 include, but are not limited to, statements related to Check Point's expectations regarding business, financial performance and customers, the introduction of new products and programs, success of those products and programs, the environment for security threats and trends in the market, our strategy focus areas and demand for solutions, the impact of COVID-19 on our business, including our product development, sales, marketing efforts and our financial conditions and results of operations, the impact of COVID-19 on our customer suppliers, business partners and the macroeconomic environment as a whole, our business and financial outlook, including our guidance for Q1 and full year 2021.

Because these statements pertain to future events, they are subject to risks and uncertainty. Actual results could differ materially from Check Point's current expectations or beliefs. Factors that could cause or contribute to such differences are contained in Check Point's earnings release issued on February 3, 2021, which is available on our website, and other factors and risks, including those discussed in Check Point's latest annual report on Form 20-F filed with the SEC.

Check Point assumes no obligation to update information concerning its expectations or beliefs, except as required by law. In our press release, which has been posted on our website, we present GAAP and non-GAAP results along with a reconciliation of such results, as well as the reasons for our presentation of non-GAAP information.

Now it's my pleasure to turn the call over to Tal Payne for a review of our financial results.

Great, Keith. Thank you. Good morning and good afternoon to everyone joining us on the call today. I'm pleased to begin the review of the fourth quarter and the full year.

Revenues for the fourth quarter increased by 4% year-over-year, reaching $564 million, and our non-GAAP EPS grew by 7% to $2.17, both above the midpoint of our guidance. Before I proceed further into the numbers, let me remind you that our GAAP financial results include stock-based compensation charges, amortization of acquired intangible assets and acquisition-related expenses as well as the related tax effect. Keep in mind, as applicable, non-GAAP information is presented excluding these items.

Now let's take a look at the financial highlights for the quarter. Revenues for the quarter reached $564 million, $14 million above the midpoint of our guidance. Product and security subscription revenues were $340 million, a 6% increase year-over-year. Our subscription revenues continue to be strong with 10% growth year-over-year, reaching $180 million. Software update and maintenance revenues increased to $224 million.

We've seen strength in our strategic areas, our CloudGuard Family had great results with high double-digit growth. Infinity continued the momentum with significant transactions in different verticals and impressive growth in the business we do with these customers. During the year, we launched the vast majority of our Quantum Appliances series. The family was well received in the market, and we finished the year with over 90% transition. Deferred revenues reached $1.482 billion, a growth of $95 million, 7% growth year-over-year. Short-term deferred revenues increased by 10%.

Revenue distribution by geographies for the quarter was as follows: 43% of revenues came from Americas; 45% of revenues came from Europe, Middle East and Africa; and the remaining 12% came from Asia Pacific. We delivered strong gross profit of 89% and non-GAAP operating margin of 51%, similar to last year. Our financial income for the quarter was $40 million. As a reminder, interest rates in the U.S. sharply dropped earlier this year. Hence, the reduction in the financial income versus last year. Naturally, this reduction is also part of the cash flow.

Effective non-GAAP tax rate for the quarter was 0% as we expected. This quarter, similar to last year, our tax expenses include tax benefits from lapse of Statute of Limitation on certain provisions. GAAP net income was $271 million, a $1.95 per diluted share. Non-GAAP net income was $301 million or $2.17 per diluted share, an increase of 7% from fourth quarter of 2019 and $0.08 above the mid of our guidance. The accelerated growth is related to the continued reduction in our diluted outstanding shares. Our cash balances as of December 31 reached $4 billion again. Operating cash flow for the quarter increased by 19% to $293 million with strong collection from customers.

As a reminder, we hedge our balance sheet against currency fluctuation. The hedge affects our cash flow with a minimal effect on the P&L as intended. During the quarter, the dollar weakened against the Israeli Shekel, resulting in a hedge income of $26 million in our cash flow compared to $2 million last year.

In addition, during the fourth quarter of last year, we completed the acquisition of Protego and Simplify. Net of hedge and acquisition-related costs, our operating cash flow increased by 4% year-over-year. During the quarter, we continued the purchase of our shares. We purchased 2.7 million shares for $323 million at an average price of $119. Now let's take a look at the financial results for the full year. Our revenues for the year reached $2.065 billion, an increase of 4% year-over-year, $15 million above the midpoint of our original guidance in the beginning of the year.

Subscription revenues continue to be the main growth drivers, with Infinity and CloudGuard solutions leading the growth. Infinity deals continued to gain momentum, crossing the $100 million booking bar. Annual contract value of Infinity customers shows significant growth of tens or even hundreds of percentage as customers adopt the full Infinity threat protection solution. This is great news.

CloudGuard solution already reached more than 3,000 customers; both CloudGuard IaaS and CloudGuard SaaS are growing fast with a strong double digit. Non-GAAP operating margin for the year was strong, 50%, as we had higher level of revenues on the one hand and about $40 million less expenses as a result of COVID-19 impact on the other hand.

During the year, the dollar weakened against many currencies around the world. The effects on our results in 2020 was minimal as we recovered effectively by our hedge. The dollar continued to weaken after the year-end, as you could all see. Based on the current rates, the effect is expected to be an increase of our operating expenses for next year of about $25 million. Our financial income in 2020 reduced to $67 million from $81 million last year as a result of the reduction in the yield on our portfolio, as we discussed. We expect again to see the continued drop of $1 million to $2 million a quarter with a total financial income for next year off a busier 2021 of $42 million. Effective non-GAAP tax rate for the year was 13%, in line with our expectation. For 2021, assuming no regulatory changes, we expect the tax rate for the year to be similar, 12%, 13%. Quarterly tax rate for next year, from Q1 to Q3, 17%, same like this year and around 0% around Q4 as a result of the lapse of Statue of Limitation that's also expected to happen in Q4 next year. GAAP net income for the year was $847 million or $5.96 per diluted share.

Non-GAAP net income for the year was $963 million or $6.78 per diluted share. The EPS was $0.13 above the high end of the original guidance for the year and is reflecting an increase of 11%. Cash flow from operation increased by 4% to $1.152 billion. During the year, the company repurchased approximately 11.4 million shares at the cost of $1.3 billion at an average price of $114. For 2021, based on the current buyback rates and the current share price, we expect our average diluted number of shares to be around $136 million for the year -- sorry, 136 million shares for the year starting at 138 million in Q1 and moving down to 134 million by Q4.

Now I'll turn the call over to Gil for his comments.

Thank you, Tal, and happy belated New Year to all of you joining us on the call today. I hope that you are and your family are safe and healthy. I'm glad to report the results for 2020. What a year it was. As you've heard from Tal, we delivered good numbers for the fourth quarter and for the entire year. But more importantly what we achieved throughout the year. Despite the pandemic, we launched an entirely new product line for our core network security business, the Quantum family, and the results were quite positive, from negative product growth in 2019 to positive one in 2020. Our cloud business delivered double-digit growth in 2020, a trend that intensified in the second half of the year.

Finally, our Infinity solution, that delivered the industry only presentative architecture for cyber security across the entire spectrum of attack vectors, network, cloud and endpoint, more than doubled its number of customers and contract value. We augmented all our products families with plenty of technologies, serverless protection for cloud, IoT and autonomous threat prevention on the network, EBR capabilities for the endpoint and our new Infinity SOC security research and management tool, just to name a few key technologies that are now part of our products in Infinity architecture.

The importance of cyber and the internet has risen significantly over the last year. The network became the lifeline of our lives and businesses, and I believe I've said it before, but our industry can be proud. We kept the world running. The world faced big increases in traffic and with that it also faced a huge increase in cyber-attacks. I can go on and on and describe our achievements in 2020, but I'd like to focus more on talking about the state of cyber security and our plan for 2021.

I've been speaking about the 5th generation or Gen V cyber-attacks for the past couple of years. 2020 demonstrated that it is not a theory or a projection, but the Gen V attacks are here; sophisticated multi-vector attacks that are fully morphing, disguise themselves very well, start the attack in one place and end it few steps later, deep in the enterprise. This was the hallmark of many of the attacks in 2020, including the Emotet Bot, which was one of the most popular launch pads for attacks last year. The Emotet network was taken down in a sophisticated operation involving the Law Enforcement agencies from 8 countries, a great achievement for cyber law enforcement, but also an important signal for all of us.

Emotet has been active since 2014. We saw it in 1 out of 5 enterprises in the world. We can't allow attacks to go on for 7 years. We have to defend against it ourselves, which we do. Check Point advanced threat prevention's uniquely designed to prevent these attacks on Patient Zero, even when the malware is polymorphic and appears differently on each attack. In the middle of 2020, we coined the term "cyber pandemic," which was underscored by the World Economic Forum, emphasizing the world is indeed facing a cyber pandemic. In December 2020, the Sunburst attack demonstrated the impact that the Gen V cyber pandemic can cause, an attack that was seen in over 18,000 organizations, including the top U.S. government agencies and the world's largest companies.

Sunburst started with an attack vector that is almost impossible to detect embedded into the SolarWinds software, but once executed, it's made its way into multiple systems in the network and presented major challenges to cloud environments that were the most vulnerable to the Sunburst attack, a true Gen V attack. This nightmare and worst case scenarios of executives and CISOs have now become a terrible reality.

Most leaders in 2020 characterized last year as one stuck in survival mode. Everyone needed to operate in environments they've never experienced, faced level of uncertainty the world has never seen before and challenges the world has never faced in this modern era. Looking at the state of cyber security, it is time to move from survival mode into revival mode. It's a new world, and we have the opportunity to protect it. We're starting 2021 with a strong, focused and ambitious strategy to make our customers secure in this new era of Gen V cyber-attack, a strategy that relies on the technologies we've developed over many years, a strategy that will make achieving the required level of security much simpler than ever before.

We have over 80 products and technologies today. In 2021, we are going to provide them under 3 key families with unified management and control tool for the entire environment. Let me describe briefly these 3 families. First, let me start with the newest family to our portfolio. Work from anywhere has become the new norm. Over 70% of businesses believe that it will become a major part of operations post corona. CISOs saw the prioritize securing the work from anywhere is a top priority for the next 2 years, a very new phenomenon in cyber. We're going to tackle this challenge head on and provide the best solution for that, secure connectivity from anywhere and secure work environment on any device, company-managed, personal and mobile. It involves unifying over 7 different security categories from endpoint to clientless remote access. We believe no single vendor except Check Point has all these technologies to date. It presents a great opportunity for us and for our customers.

The second pillar will be a continued focus on cloud security. We intend to continue and are driving to make the CloudGuard family the most comprehensive cloud security solution in the industry. In 2021, we are going to augment it with the next-generation of web application firewall, one that is powered by what we call contextual AI, where the system deployment and learning phase can be reduced from 48 days on legacy systems to 48 hours with our automated technology.

Our new application security capabilities will secure multiple cloud workloads: API web application as well as hosted and on-premise web servers, a $1.5 billion market potential that will augment our total addressable market just within the cloud security space.

The third pillar is our Quantum family, a comprehensive set of solutions for network security. In 2021, our Quantum family will include all network security technologies for all sizes of networks, from nanosecurity on IoT devices to terabit security on major networks. Today, we introduced the Quantum Spark appliances, creating a full set of solutions for branch offices and small businesses. This family will utilize an intuitive web-based installation and management, a mobile app for monitoring that will make enterprise security simple and achievable for all. Quantum Spark joins the other Quantum models and technologies, making it what we believe to be the most comprehensive network security solution in the industry.

So the 3 pillars are going to be quite simple, securing the users wherever they are: CloudGuard for the cloud and Quantum for the network. Simple, isn't it? And one more thing: these 3 families are going to enjoy a single management suite, called -- the new suite will be called Infinity-Vision. It includes the ability to manage the entire portfolio with a single portal. Some users will prefer to run parts of it on-premise, but the fully enabled cloud-based management is going to be provided.

Infinity-Vision will also include our SOC and XDR tools; many of them will be delivered in 2021 and will provide sophisticated intelligence tools. All are going to enjoy unified policies, monitoring tools, and most important, the ThreatCloud service that will relay the attack information across the world and across all attack vectors and turn security information into actionable prevention.

Overall, I believe that the revolution of our product portfolio is going to provide the world what it needs: unified strong cyber security. On the business front, we are going to augment these technologies and innovation with increased investment in our sales and R&D organization. We've started the year with our sales kickoff meetings. For the first time, we held them virtually, we received excellent scores for our employees and partners on the event, and more important, on the clarity of the vision and the market fit of the solutions. Today, we are finishing the last event. We started 2 weeks ago with our APAC sales kickoff, continued with the Americas sales kickoff, and just now finishing our European sales kickoff meeting.

At the end of the month, we're going to hold our first virtual Check Point Experience customer conference, and we expect record attendance at the coming CPX. I believe that we're entering a new world in 2021, a world that presents new cyber challenges and new opportunities for everyone; new opportunities for the way we work, the way we live and opportunities to secure this world. This is a good transition to our 2021 projection. As you know my regular caveat, it's hard to predict the future, especially with the challenges we are implementing to our technology business and the pandemic around the world.

The level of uncertainty in our world remains high, but I will do my best to share with you our guiding principle. Bear in mind that many things can change. Keep that in mind, our revenues for 2021 are expected to be in the range of $2.080 billion to $2.180 billion for the entire year. As for earnings, in 2021 we plan to invest more in our business. I believe that the new opportunities ahead of us warrant more investment than what we did last year. Keep in mind that the level of expenses in 2020 was extraordinarily low as a result of the cancellation of almost all physical activity. This had a positive impact on our earnings in 2020 of approximately $0.25. We expect partial return of these expenses in 2021.

On top of that, just like Tal said, the dollar is weakened and that has a big effect on us, as more than 50% of our expenses are not in U.S. dollars, about $0.16 impact as of today. And interest has gone down, which reduced our interest income, also about 16% impact. The total impact of the three factors is approximately $0.52. So we are starting 2021 with minus $0.52 to annual EPS, mostly, by the way, in the latter part of the year.

So based on this assumption, our non-GAAP earnings per share is expected to be in the range of $6.45 to $6.85. GAAP EPS is expected to be approximately $0.90 lower. For the first quarter, we expect revenues in the range of $485 million to $550 million and non-GAAP EPS in the range of $1.45 to $1.55. GAAP EPS is expected to be approximately $0.22 less for the first quarter.

Thank you for being with us today, and we'd love to hear your questions.

(Operator Instructions). Our first question today is going to come from Adam Tindle from Raymond James, followed by Fatima Boolani from UBS Equities. Adam?

Okay. I just want to start with the near-term and long-term repercussions of Sunburst, and maybe Tal could start on the near term. Could you maybe talk about the cadence of Q4? Did you see any acceleration in conjunction with this? Looks like you're guiding revenue above seasonal in Q1 based on what I can tell from the quick math here. So just wondering if maybe there's some first thing that you're seeing to give you confidence in that above seasonal? And then maybe Gil can tackle the long term. Just speak to the repercussions for security architecture changes. And does this open opportunity for M&A for Check Point? Or do you think you can attack it with your existing portfolio?

Tal, go ahead.

Yes. So I wouldn't say I saw something specific relating to that. Q1 guidance is based -- a lot of it is mathematical, in the sense that some of it's coming from the deferred revenues, so we know already how much we have in hand, both in the subscription and in the support. And the product is the area where we have the range, where it can be higher or lower, depends on what will show up in the product revenue. So it's not relating really to any increased demand or decreased demand we see in the market. We expect it to be in line with our expectations.

And again, for the strategic impact, for the first, I think it highlighted the fact that these attacks -- sophisticated, disguised very well -- true Gen V attack like we've described, and this is real, this is something we have to face. Is it going to have a direct impact on our revenues? I hope it will, because I think we're the only one that can actually address that. Companies were like frozen with "What should we do?". Companies invested tons of energy just investigating what happened 6-months before, trying to realize if they were attacked. By the way, I think it's very hard to know. Sunburst was an attack that most companies cannot know if they were affected by it. It got in, did what it did, and in many organizations just deleted itself and left almost no traces. But -- and again, I think the secret against it is not to know that you were hacked and your secrets were stolen 6 months ago. The key is to prevent it and make sure that whatever gets inside, doesn't proliferate, doesn't cause damage, and that's all about prevention. And I think we're doing that, we're doing that quite effectively, and I think we can face these attacks. And I think our challenge remains to show customers the huge difference in deploying our technology and deploying our solution compared to everything else that I know in the marketplace.

Okay. Maybe I'll repeat the guidance since I'm not sure everyone heard it. So for the first quarter, $485 million to $515 million and non-GAAP EPS in the range of $1.45 to $1.55. GAAP EPS, $0.22 below. And for the year, $2.080 billion to $2.180 billion, and the EPS, non-GAAP, $6.45 to $6.85. GAAP EPS expected to be $0.90 lower.

The high-end of revenue guidance $515 million not $550 million?

$485 million to $515 million, yes.

I heard $550 million. Okay, that's helpful.

All right. Our next question is going to come from Fatima Boolani, followed by Brad Zelnick at Crédit Suisse.

Gil, maybe to start with you very quickly. You are very explicit that 2021 is going to be characterized by investments in R&D and sales and marketing. And so as I think about the new product families and the vision you have around your new product families, can you talk to us around how that's going to impact your go-to-market efforts, specifically around any changes to incentives, compensation structures, to your direct sales force,

and how it's going to move down the pipe with one of your channel partners as you build and continue to build your channel partner relationships. And then I do have a follow-up for Tal, please.

So first, in terms of our go-to-market, I mean the general structure remains the same, and we have a big and good sales organization that doesn't need major changes, needs some small ones. We do have 2 overlays, one that will focus on the CloudGuard technology and another overlay that supports the sales with regards to the new user-centric security.

We haven't formally launched the name for that, but you'll see that in a couple of weeks. And I think that's going to be a very, very focused approach. So now, if before -- again, if I'm a sales guy, or if I'm a customer and I need a solution, Check Point probably has that solution amongst the 80 different technologies. Now it's extremely simple. If you want cloud, CloudGuard is the solution. If you want something about remote connectivity end user, Harmony is the solution. And that will work both in positioning it, in getting the technologies in it, and by the way, also in the ability to sell it, because some of these solutions are going to be much simpler to purchase, like one price for the entire suite and not having to deal with tons of different SKUs and sizing for the different elements.

And of course, if you need a network solution, it's part of the Quantum family that still remains -- and by the way, has a huge potential in it for the main market. So I think from a go to market, this is a very good strategy, [end-to-end] Infinity that enables customers to get the full architecture. And again, Infinity is still small, but it's growing fast, and again, I think Tal mentioned, doubled the number of customers, doubled the contract value last year. So I mean it's hitting on all the right things. Still a way to go, still few years before all these three components will become a huge part of the business. But I think we're now seeing that it's -- when we analyze our internal measures and everything in 2020 and in '21, they're going to be very important for the growth. And if they will be successful, we will see their impact on the overall business. So I think overall, it has good impact -- by the way, I think everything that I've said now is not just for our sales force,

it's for the [customer], it's for the partners, it's for everyone. Again, if you're a partner, you have a cloud issue. You don't know all the different few hundred vendors, dozens of solutions, CloudGuard is a good solution. Quantum is a good solution. And I mean, for connectivity and end user, good family for that. So I think it will make things much simpler for everyone for the customer -- and again, I got feedback from customers that say, "Now it's simple for me, now I understand that I need that solution."

Tal, just very quickly for you. How should we see these efforts consolidating around these 3 product families show up in the financials? If you can give us just some finer points based on how the revenue segmentation and growth trends within the revenue segmentation should trend over 2021?

Shouldn't really -- sorry, shouldn't really change. And remember, things happen not the next day, right? But the same thing. When you talk about the appliances, you're going to see it in the product line. When you talk about the subscription, it doesn't matter if it's just a subscription that relates to the remote access or if it's a subscription that relates to NGTP or NGFW or (inaudible). All of them are subscription, so all of them will be in the subscription line and support.

Infinity is the only one -- not the only one, but the major one -- that when you do a transaction of Infinity, it's actually split between the entire lines. Some of it go into products, some of it go into support and some of it to subscription. And a major part of it, probably more than 50%, go into the subscription line because it encapsulate everything that Check Point has to offer. Hence, majority of it go into subscription line.

Our next question comes from Brad Zelnick at Crédit Suisse, followed by Sterling Auty at JPMorgan. And please try to keep to the one question at a time going forward.

And congrats on a really strong Q4. Gil, as we think about Sunburst and the future of other supply chain attacks, at the end of the day, don't they all rely on lateral movements across the network? And if so, do you think this accelerates a broader shift to zero trust security models? And can you maybe speak about not only how Check Point succeeds in a zero trust world, but also the extent to which it might be a headwind to the core business?

I think, first, you're absolutely right. These attacks underscore the importance of network segmentation, of zero trust, of all the network security capabilities that at the end are the main capabilities to stop an attack. We know that there is no way to -- we are in a world that things can get in in some way. What we need to do is to stop them and contain them that they are there. And network security is the most effective one. We can't get to every workload in the world and every application in the world -- we are trying, by the way, we have plenty of technologies and plenty of market space to secure many workloads, and we are doing that. But at the end of the day, the main one is the network security capabilities that see the attack and stop it right there and contain it. And I think that's the -- should provide us with an opportunity and more opportunity to our network security portfolio.

Our next question is with Sterling Auty at JPMorgan, followed by Joel Fishbein from Truist Securities.

I wanted to return back to the go-to-market discussion. Wondering, the success that you've seen in the Americas channel in particular in 2020 was there anything that you did differently or any learnings that you can now take and apply to both Europe and Asia?

I think we've seen good traction and good cooperation with channels in America, but I think it's the other way around. Asia, and especially Europe are working better with the channel. And I think in America, we can learn from the cooperation that we have in Europe -- I think it's now unified under our Head of Worldwide Channels, Frank, you may have seen some exposure to him -- and I think we are trying to learn -- again, first, every region and every place can learn from others, but I think Europe is the place where we have the best cooperation with the channel, the best joint go to market. There's a lot of cooperation that we do -- can do and do much more in the U.S. in getting to new customers and so on. And I think it's a little bit more challenging actually in the U.S. than in other places.

Our next call is going to be with Philip Winslow from Wells Fargo, followed by Ben Bollin at Cleveland Research.

Question for Gil. When you compare Sunburst to, let's say, prior attacks like NotPetya, some of the things we saw at Target years ago. What do you think the implications are? What's different this time in your mind versus those prior attacks that similarly were widespread, or in some cases, very focused on specific companies. What's different this time and what you think the ramifications are?

I think, first, with each attack you learn new techniques, and the level of creativity that the attackers there is unbelievable. I'm saying it all the time. I'm meeting with our researchers and seeing the vulnerabilities that they find in applications, in infrastructure and everything, it is truly unbelievable. Maybe one day we should do a seminar for you guys to show you some of what the researchers find. I meet with them every week or 2, and every time I'm getting shocked from the level of vulnerabilities that they find and the attacks that are being found.

I think what's unique about Sunburst is the fact that it was super, super professional. It hides itself very, very well. I mean, it was really hard to detect that. I think, by the way, that we will never know the extent of the damage and the information that was stolen. Because we really saw that it got in, took a lot of stuff. And in many or in some organizations, it stayed in. Many organizations, it simply erased itself and left almost no traces. With our researchers and our -- all our incident response team, all the teams that we have are very good security professionals, helped many customers, analyzed many environments, and almost left no traces.

And on the other hand, by the way, took something that was an internal attack. It actually started from within the core network of the company, with SolarWinds and so on, and took active directory certificates and to cloud certificates and used them to penetrate the cloud from the outside. So the cloud, actually, in many cases, remained vulnerable because, by the way, the cloud, in many cases, is not shielded as well with gateways and firewall like the core of the network, like the data center inside the network.

So SolarWinds, to that extent, is -- we will -- Sunburst, will remain an attack that I think we'll hear a lot more about it in the future as more and more research will get published. So far, I think the world -- not Check Point, the world in general, knows -- doesn't know enough about that and who's behind it and what we've done. And I think that's the unique part. It was an attack that was -- seems like a state-sponsored, with all that sophistication, and especially with the fact that they left no traces and no information was leaked or disclosed. But find itself -- found itself into the wrong hands, for sure.

I think we all would want to hear from your researchers on a webinar. I like that idea.

We'll schedule that.

All right. Our next question is coming from Ben Bollin, followed by Shaul Eyal of Oppenheimer.

Could you tell us a little bit about maybe the mix of revenue and/or billings attributable to cloud and SaaS subscriptions in 4Q or for the year and how this has developed over time? And then as you get more of that revenue mix over time, take us through the impact on support and maintenance revenue?

I'm not sure I understand what you mean when you say the mix, can you elaborate a bit?

So if you look at Infinity, Dome9, could you take us through how much revenue you're generating from those products and how that's developed and then where that's going?

Okay. So it's still not very big, but I'll just give you a sense. Cloud, when you say Dome9, it's part of the CloudGuard solution. So you have mainly CloudGuard IaaS, which is Dome9 and our IaaS solution. And you have a CloudGuard SaaS, when I call it all together the CloudGuard. It's over 10% of the subscription line already. So it's already quite material, but not material enough to pull all the numbers up enough, but that's a good trend because it is growing in a double-digit and a fast double digit, it's over 50% growth. Then over time, it will become bigger and bigger, and we will see that pulling all the numbers up. So cloud is a great success. When you talk about -- and majority of it, if not all of it, is in the subscription line. I think very small portion might be in product, but I think majority by far is in the subscription. When you talk about Infinity, it's smaller, maybe about half, just for high level size in the revenues already, which means already also becoming a significant low tens of millions in the revenues.

So it's no longer $1 million, $2 million, $3 million. It's already getting to a few low tens of millions. And that's, again, growing also quite fast. I gave an example that when we signed an Infinity Total Protection transaction, the annual contract value of the customer can grow in tens of percent or it can grow in hundreds of percent, depends what was the starting point.

If we had very few solutions of Check Point, and now he gets everything, it can grow in hundreds of percentage. And if it's already was a customer that was very well covered, then it can grow maybe in tens of percent. But that's a wonderful opportunity. That dollars are showing up in 3 different lines. Because remember, it provides to the customer everything we have. So he gets in that bucket products, a budget for the year, he gets all the subscription solutions of Check Point, and he gets the support for the appliances. So that actually appears in all of the lines, although still majority of it, probably over 50%, is in the subscription line.

Our next question is from Shaul Eyal at Oppenheimer, followed by Gray Powell at BTIG.

Gil, quick question on your threat intelligence capabilities, are these home-grown solutions? Or are you partnering with some other companies, maybe some emerging start-ups, in Israel, outside of Israel? Just curious how you approach threat intelligence.

So first in intelligence, you need to collect it from many, many sources, and that's something we learned. So our threat intelligence technology is our own. We have amazing capabilities for research, but we are also cooperating and subscribing to many, many other services. I mean some of it is cooperation, which is quite good. We're even, by the way, part of an organization that shares threat intelligence with our competitors, CTA, which is an organization, that's an industry-wide organization between us and our direct competitors.

We are subscribing to many other threat feeds from other companies. And we are cooperating with a few start-ups that are providing threat intelligence, even though I'm not sure that we have a direct link or a direct subscription to their feed.

But still the majority of the technology on most of our findings there is our own technology. We have, by the way, plenty of sensors around the world that find plenty of things. That's the nice thing about it. For example, when we analyze files that are being sent all around the world, and when we find a malicious file, immediately the file signature or the file characteristics that arise from that is added to the ThreatCloud for all customers, and that happens in real time. So if I find one file in my mailbox, suddenly, millions of Check Point customers are being protected in the same second.

And not only that, by the way, it's not just knowing that this specific file is insecure -- and by the way, this is the unique thing about ThreatCloud: in other solution, one endpoint will find the signature, the same endpoints, other endpoints might stop that file. Here, the file won't be downloaded on the web, the file won't pass through the network. We will have the ability to identify that everywhere. But on top of that, we will extract from these files and many others what's called IOCs. So for example, if that malware communicates with a command and control server somewhere over the Internet, we can take down that command and control or stop the communication to that command and control for all customers worldwide. And I think that's the unique thing about our ThreatCloud and what's behind a lot of our threat intelligence.

Our next question is going to come from Gray Powell at BTIG, followed by Rob Owens of Piper Sandler.

Okay. Great. This might sound like I'm getting a little bit into the weeds here, but I'm actually looking for more of a high-level answer. If I just kind of run through the numbers, if I take current billings and I back out product revenue as sort of a proxy for annual subscription or annual recurring billings, the growth there really accelerated nicely in Q4, and it was actually the best performance we've seen from Check Point in about 3 years. So can you just talk about the drivers there, either in terms of attack subscription or -- on the cloud side -- and just the overall sustainability of that trend?

Are you basically calculating your implied booking?

Yes.

Okay. Just wanted to make sure I understand. So you're right. The implied booking was high. I think in the short term, it was 10%, and the total implied was about 8%, so it's very high. We did have very good booking. We did have a very good implied booking. We had a good quarter. You know that because we're transitioning into cloud, into Infinity, then it takes time to see that translating into the P&L and into the revenues.

So probably #1 reason is that fact. We got a lot of Infinity and cloud transaction and subscription in general. I gave a hint about the Infinity, over $100 million booking. It's quite significant. So hopefully it will continue, this trend of these drivers. If you remember, we defined the growth, when we talked about what we need to do in order to grow over time, we said it will take a while, but the 3 main pillars are cloud, Infinity, and now we're talking also about remote access, hopefully that will start next year with the new plan that you presented.

So this is in line with our efforts to focus on those growth areas.

Rob Owens from Piper Sandler next, followed by Michael Turits of KeyBanc.

As we contemplate kind of the shift towards more of the remote user and potentially more user-centric models, does this potentially change the pricing dynamic for Check Point moving forward and then have TAM implications moving forward?

I think we definitely grow the addressable market. I specifically didn't talk about the threat size because all the sizes about remote access and endpoint security are giant markets. I'm not attempting to take on all these markets and replace all these solutions there. We are focusing on the new world of connecting the mobile workforce, of connecting work from everywhere, work from anywhere, anyway we want to call it, and securing that. Again, I think it's many, many different categories. And I think what we found when we analyzed the market trend is: A, this market that wasn't the top priority for customers shifted from mid or low priority into the top priority on customer mindset, and we have all the technologies. It's unbelievable. I mean when we looked at our portfolio, we found out that we have, let's say, more than a dozen solutions that address all the elements. So now we need to take them, put them together. There's still work that we need to do. I'm not trying to say that it's trivial. It's not. But I think what we have with no other company has.

Just remember, by the way, we completed another acquisition in that field in -- I think it was September or October, the acquisition of ADO. So we were very, very active on that. And now we -- it all came together and say, no, it doesn't need to be a dozen different solutions, one-point solution for every one point problem, but a unified one. And I think it can change the whole thing, the pricing dynamics, the simplicity, everything around that because we will make it very, very simple to acquire and to implement and mainly to get the security level.

Our next caller is Michael Turits with KeyBanc, followed by Saket Kalia from Barclays.

So I just want to ask about product, which, as you pointed out, was really strong this year in turning -- coming back to a positive. Was there a lag in people's abilities to refresh firewalls last year? And does that start to come back? And if so, why wouldn't that provide a little bit more visibility into Q1 and potential for upside to revenue, given strong billings this quarter?

First, in terms of the product business. In many cases, we supply the products right away. So actually, where we have the deferred revenues and the predictability is more on all the other subscription lines. Products, we are usually very fast to supply them, even within the last few days of the quarter. As for last year, on one hand, we saw some demand, some increased demand for capacity. For example, in April, we -- and March, we saw companies that pushing big order, not -- I mean, for these specific customers, big orders to increase capacity on the network.

On the other hand, customers generally last year tried to avoid getting into the data center because we were all working from home, and we didn't want to touch anything physical unless it's absolutely necessary. So I think last year was characterized by somewhat of a slowdown of everything that's physical. Despite that, I think we turned from negative into positive, which means that it has potential. My belief, by the way, is that the market for network security and gateways and firewall has a huge potential. That's the main point when we -- the most effective point to block these new cyber pandemic attacks. We really need that.

Our next question is going to come from Saket Kalia from Barclays, followed by our last question from Brian Essex of Goldman Sachs.

Okay. Great. Can you hear me okay, Kip?

Yes.

Okay. Excellent. Tal, maybe the question is for you. There was a nice little hint that you provided just on ITP bookings, I think, crossing $100 million this year. The question is, can you just talk about how big they were last year? And also touch on what's prompting customers to opt for ITP when buying network security versus buying them under sort of the traditional pricing model? Does that make sense?

The first question I got. Yes. Can you hear me?

Yes.

The first question I got, its grown significantly, over 100%. I don't remember the exact number, but it was a significant growth. And the second part of the question, what was that?

The second question is, what do you think is prompting customers to go for ITP pricing versus buying firewall sort of in the traditional model?

So I think first to start before the pricing, it first starts with the need. So when the customers understand what was Gil relating to, that as the world becomes complex and many customers need to adopt more and more solutions, it becomes very [complement] to implement separate spread solutions for many different vendors in many different places with different management capabilities and so on.

So it first comes with the need of increasing your security while trying to keep it, maybe, I would say, as simple as you can in a complicated world. The pricing is complementary to that, where it says, you don't need now to negotiate with us 20 or 50 or 60 different features pricing, one of them based on user, one of them based on gateway, one of them based on throughput, one percentage of the enterprise installed base and so on.

Here, you get one simple pricing. Tell me how many users you have, your price will be x numbers of dollars multiplied, very simple, and you can basically go and install in your case, hopefully fast, everything you need in the organization.

So I would think as the CTO, as the CEO, and as a CFO, everyone will prefer that, both from a financial perspective and from a simplicity perspective.

And our last question is coming from Brian Essex from Goldman Sachs. Let's see if he's -- there he is.

And I really appreciate it. Gil, I just have a question for you. I wanted to hit on the competitive dynamics you're seeing in the market, particularly given the product cycles that you've had. You have R80, R81. You've got Maestro, Quantum, Infinity. How much of that growth is in the installed base, and where do you see share coming from? Is this a dynamic where we have just an installed base of existing customers that you can help them -- or you can help them migrate to the next-generation of threat prevention? Or do you see meaningful uptick from incremental customers on the platform? And where might those be coming from? Is it -- are we seeing, for example, shared donorship from larger legacy vendors like a Cisco or a Juniper, or are these kind of head-to-head competitive new wins in the next-gen market? Just love a little bit of color, right? Kind of around the competitive dynamics.

Sure. So first, my priority has been for the last few years about getting new customers, not just new -- now still, the majority of our business, the vast majority is coming from our installed base, both because that's -- I mean, these are the people with (inaudible), these are the people like us. Also, we have a lot of enterprises that are -- that may be, by the way, small customers now and are growing and becoming more major. Still, we have amazing set of competitive wins, and that's not just, by the way, against the older vendors in the marketplace, but also against some of the other vendors in our marketplace.

And we have a lot of nice wins, a lot of competitive wins when the customers actually evaluate the product, actually see that they come up with a lot of technologies and being innovative and being cool, but at the end, they don't prevent the attacks.

Look at your instruction manual. It will tell you if you got infected by a threat, we will give you an alert after it happened, after it's in and we'll recommend that you disconnect the network. That's taken from the instruction manual of our top competitor. By the way, I'm seeing that some of it, by the way, is how the world understands the solution.

Most of the solutions today in the marketplace are not deployed with the full capability, the full threat prevention capabilities on and with the full prevention on, which means that if we go to a customer and implement the product the right way, the product brings 10x more value. It also, by the way, may be a little bit more complicated, may be a little bit more challenging to operate because it does the work. I mean we replaced competitive products in some customers. The customer complained that it was complicated, but it wasn't as fast. Then we looked what they've done with the competitive product, and they've basically done nothing. It's like going with -- it's like going to a hospital with a serious heart condition, in one place you're being operated and get all the treatment, in the other end, we give you an aspirin and hope that it helps.

So in many cases, our -- when people use our competitors' products, they don't use them to the extent they even need to use them, not just the capabilities, it's how we use them. So I think overall, we've seen all of that. We have very, very nice competitive wins in the last quarter. Some of the biggest names. By the way, we've seen it in health care, we've seen it in hospital. We've seen it with companies that manufactured the COVID-19 vaccines. So we've seen very, very nice competitive wins when we took over competitors and replaced them with solutions that actually provide prevention.

Thank you all for joining us today. That's going to conclude our call. We look forward to speaking to you throughout the quarter. And with that, I'll allow you guys to disconnect, and have a great day. Bye-bye.

Thank you very much.

Thank you, guys.