Good afternoon, everyone, and welcome to this Capital Markets Day. We thought it was about time to have another one. The last one Enea had was 5 November 2019. 5 November 2019, and after that came COVID, the war in Ukraine, rising inflation, rising interest rates. Trump lost the election, and then he won the election again a couple of weeks ago. And for Enea, a lot has happened as well. We acquired a Wi-Fi business during COVID. We sold our global support, global services organization. We got fairly well paid for that. And we acquired a global or a security business, Adaptive Mobile. We also had our issues, and since 18 months or so, I'm back as the interim CEO. So here we are now, 4 December 2024. Stronger than ever, I argue.
That's why I'm so excited to have you all here and be able to share that and invite you into our world for a few hours. I met one of you guys last week, and you were limping after Capital Markets Day because the chairs were so bad, and you had to sit for four hours. You felt you came out of the event more confused than you walked into the event. I hope that will not be the case here. If you feel that the chairs are too bad, we have stools, we have high stools, and we have sofas. We will really try to be transparent and tell you about our business. That's our sincere intention here, is to, you know, discuss the things that we feel important. We've only chosen to make this half a day.
And the reason for that is what I just described. But based on that, we will not go through our entire business. We will spend some time on the totality, but then we'll hone in on our security business. And that's really one of the key objectives I have for this afternoon, is to be able to, you know, explain a very different position that Enea has today compared to 2019 or 2022, or when I was CEO in 2018. All that we've talked about today about the firewall side, we could not have talked about before we acquired Adaptive Mobile. So what you have at your fingertips, actually, is a leader in cybersecurity, a leader in the firewall business. 2016, we acquired a company called Qosmos, the DPI functionality. That's also security. A representative from that entity will be here today.
That becomes our security business, and that's one of the objectives today. The other objective I have is to talk about our revenues. Given everything that's happening in the world, and given the fact that when I started here, which is quite some years ago now, in 2009, our software business was 95% OSE. When we divested our Nordic consulting business, the business was OSE. Then we had some weird software called NetBricks and Elements that never was anything. So it was OSE. That business is almost gone. We have reinvented Enea in these 15 years to something completely different. But we've done that with high profitability, with good cash flows, or strong cash flows. What you see on the top line, there is actually a lot of changes underneath that.
That I also hope to be able to discuss a bit more in detail. Our financial ambition that we've had for a few years now, I want to discuss that as well. It's well within reach, and the smaller the OS business becomes, the bigger portion, obviously, the focus areas are, and the bigger probability that that entire ambition will be the ambition of the company. I also have a fourth objective with this afternoon, and that is to introduce some members of my management team. These guys, I will not be able to introduce everyone, but these guys are key. First of all, they're super fun to work with. They're super skilled individuals, but they're also super important for the investors because they are the people that make our ambitions and our promises come reality. So I want to introduce them.
I want you to have the opportunity to ask some questions and interact with them, and then I have a fifth objective, and that is to introduce you to SS7, and SS7, anyone but Daniel and Pierre that knows what SS7 is? Great. Because we'll spend a few minutes on SS7 because it's important for our business. So that's, you know, again, don't walk away here more confused than you came. And if nothing else, I hope that you will be able to talk about SS7 at the Christmas table. All right. With that, to achieve this, we will follow this agenda, and what is carved in stone here is the wrap-up. We will end at 5:00 P.M.
At 4:30 P.M., a bit more than that, or around that time, we will have an online introduction, or Teemu Salmi, the incoming CEO, will call in from an event in Helsinki, and you will be able to hear him and maybe ask one or two questions. And we will also fit in a coffee break in the middle of this agenda. So without further ado, let's jump into the agenda. And I would like to say, while Osvaldo comes up on stage here. So we are online. I will have, on this monitor here, I have questions online. There is a mic behind you, so if you have a pressing question that you want to ask during the presentation, don't be shy or don't feel that you're interrupting. It's actually good that it becomes interactive. Ask the question. If not, we'll make room during the different sessions here for questions.
Okay, so Osvaldo. Some of you have known Osvaldo, met Osvaldo. Osvaldo was one of the guys that I promoted fairly quickly when I came back as an interim CEO into Enea. Enea is a software company, and you will know Northvolt. If you're a production company of electric batteries, you know how you need to understand and know how to produce batteries. Manufacturing is important. A software company, sometimes people think, especially at board level, that, you know, the software is just happening. It's something that you take for granted, but that is actually absolutely not the case. The software has to be built, and when you are in a competitive situation with the customer, you either win or lose, also based on the quality of your software.
And your salespeople need to feel really reassured that the software that we're sending them out with is top-notch quality software, competitive, right-priced, and quality in the build of the software. So promoting Osvaldo and making sure that we had a CTO, Chief Technology and Product Officer was very important for me. But you might have experienced this yourself. Sometimes when you have a CTO, these guys create their own reality almost. They have their own budget, and they start doing things that might not be super connected to the business. So for me, one of the absolute, very most amazing qualities of Osvaldo is that he has the commercial background. He's actually, once upon a time, was awarded Salesperson of the Year in his native Argentina before he chose to go on a technology career. So I'm very happy to have Osvaldo.
Osvaldo, please share a bit of your background.
Okay, thank you very much, so my journey to the current role has been shaped by 30 years of telco experience. I started in the mid-1990s. At that time, the mobile phones had the size of a brick, and probably you still remember that to connect to the internet, you had some sketchy noises before you get there. Since then, I have the privilege to work in some of the most transformative technologies in the industry, where I have contributed some of that. I've been 25 years working in Ericsson, having different roles, heading different positions, but mainly around the intersection between technology, sales, and product development, so in addition to the technology competence or experience that Anders mentioned, I have a global sales experience. I have the privilege also to work and live in different places in Latin America, Europe, and also China.
I like to combine these two things. My goal is to put Enea in the forefront of the technology, but not for the sake of technology, having a very clear sight of the business and the return on investment of those.
So Osvaldo, why did you choose to join Enea?
The very first thing that I saw when I looked at Enea was this company making the transformation from a service-led into a product software-centric. So then I saw that with my background of technical and sales roles, this was a perfect opportunity for me to contribute in that journey, for me to shape the vision of where we want to go, to scale the operation in order to have reusability and to be able to have tools in the hands of our salespeople to grow that business. It's an amazing opportunity. So I saw that I can make a contribution. Also, what I really liked was that I saw this small, medium company from Sweden with the headquarters in Stockholm, but with a truly global operation scale. We have customers all around the world.
I connect very well to my broad understanding of different cultures and doing business in different ways. So I saw that's something that also resonated with me. And finally, the focus that Anders mentioned about cybersecurity and network performance. I truly believe that in security, privacy, and reliability as the foundation for modern communication. So I think for me it's not only buzzwords. I think it's essential for the business or the communication that we rely on today and also the generations coming where my kids even depend on. So for me, Enea is an inspiring mission, and it's also an opportunity to get progress with scale.
Yeah, thank you for that, Osvaldo, and thank you for being here.
Thank you.
Before you take control, where I give you control of the crash course in SS7.
Okay, there will be some questions at the end, maybe. So thank you very much. Let's start just getting started into Enea. I think one probably good way to start to understand who we are is basically to look at which are the markets that we serve, so which are our customers. So I will start with that angle. So Enea is today serving three main market segments. The first one is the telecom operators. Telecom operators are the ones building infrastructure and delivering the service to end users, like mobile communications. The second segment is called communication platform as a service. It's a complicated name, but this is a group of players or companies that they play a role in between telecom operators and enterprise. In this domain, we call enterprise, we call it brands.
But basically, it's about when PostNord sends you a message that you can pick up your package. The CPaaS vendors are the ones that are routing that message from PostNord into all telecom operators. And the third segment here is the cybersecurity vendors and large enterprise. Here, what we do is we embed our technology into the products that many, many cybersecurity companies they have. Something around 70 companies are taking our technology and embedding this into either for creating or delivering a product or service or for their own use, as we will see some examples. So that's the market we serve.
If we now have a look into our portfolio, and I know this is one of the difficult slides because it gives a full picture about what we are doing, I will try to break it down into pieces and see if I can pick up some examples to make it easier to understand. If we start on the top left part, this is what our customers, they call the brain of the network. The reason why they call it brain is because this is where we have the definition of the users and the services that the user is allowed to do. If you look down there, down there is this traffic management. This is where we accelerate networks.
So we help our customers to make sure that their networks perform better than anyone else, that the content, like a video, it downloads faster than if you don't have this solution. Then if we move to the more right side, there you see in the middle network security. This is where it's important, this SS7, because this is where we have our firewalls, where we protect the signaling, or we protect the control channels of communications, and also we protect users about scam with messages. So we filter those messages so it doesn't reach the user. And then you see the embedded security. That is the technology that we do not sell directly to the end user, but we sell it to companies that integrate that into their own products and services. And then finally, you see operating systems.
Operating system is something that Anders mentioned in the introduction. It has been in the company for many, many years. It has been the operating system from mobile phones and radio stations. Today, some of those radio stations are still in production, and we are having royalties because we are expanding some of that installed base with our public reference, Ericsson and Nokia. So that is the portfolio. Let me now pick up one example just to see if I can break this into something more easy to understand. Every time that I need to pick up one example that is easy, I pick up my mother. But let's suppose that my mother sent me a message. So when my mother connects to the network, she gets authenticated. So basically, the data management access part, look at her number, what are the services that she's allowed to do.
She sends me a message. She will send me a text message. That text message will go into our firewalls. The firewalls will scan in real time based on an AI technology. They will scan the URL. Let's say that she put a URL for a link or to watch something. Even if I trust my mother, our firewalls will scan that and will check that there are no malware or malicious links. If I click that link and I start to watch that video, the traffic management will optimize the video delivery. We'll make sure that I have the best customer experience to download this and to watch this movie.
And if this will not be a text message, but it will be an email that is sent to my company, then I think, of course, that will go into this embedded security because embedded security will scan the email that I get in my computer. And then it will look like if that doesn't contain any malware, for instance. That is why we look at the scanning threats. And of course, as you need mobility and connectivity, I think OS is there for in the radio stations providing that connectivity. Hope that it was a little bit more easier or clear. Working in technology, I have two roles. One is to deliver results. The other one is to explain to my mother why her phone doesn't work. Then moving into connecting the two things that we have seen so far, we look at the market we serve.
We look at the portfolio, so very quickly here, on the left side, basically, that is the portfolio that we sell to telecom operators. In the middle, network security, we sell it to both telecom operators and CPaaS providers, while embedded security, we sell it mainly to both cybersecurity vendors and large enterprise, and of course, operating systems, we are selling only to large enterprises like Ericsson, Nokia, Fujitsu. Those are using this part of the portfolio. Now, switching gears into another piece, a layer of information that we want to put on, is the concept of business-focused areas. When we talk to the market, we talk to you, we try to describe the dynamics, the underlying dynamics of our portfolio, our business. We try to describe it under something that is called business-focused areas, so what is that? Well, it's basically the whole portfolio except the operating systems.
So we are carrying out the operating systems. We know that that is in a trajectory that we have expected declines in sales. And that's why we don't take it into when we talk about business-focused areas where we look at where we see growth. And to describe that type of growth, we see it in two motions, in two dynamics. And that's what we have when we talk about business-focused areas. We talk about networks and securities. And the reason why we split these two things is because they have followed different dynamics. They follow different carriers or growth in the market. And that's why we want to measure and we want to compare what we are doing in these two parts of the portfolio. Now, I will go one step further into what we are doing on the right side here, on the security side.
To describe that, I would like to start again with the angle of where we are in terms of our market position. So today, we are serving a global scale. As I mentioned before, we are in more than 80 countries where we are serving more than 100 operators or networks. We serve tier-one operators here in the Nordics. You will hear soon from Telia. But we also have tier-one players in North America and in all key markets. And we have these three segments that I mentioned before. In terms of operation, we run an operation at a very large scale. We have 2.4 billion subscriptions, users that are getting protected by our software. In order to give that protection, we analyze this huge number of events.
So we process real-time analysis around 50 billion events that we continuously scan, look out for threats, and block if there is any kind of threat to the user. To do that, we work on a global intel base. So basically, we have a combination of experts plus AI tools that we combined in order to build this type of global analysis about where are the threats and where are the incoming threats for our country. In addition to that, we are a reference. We write in specifications in the specific bodies. There is an organization called GSMA. That is where we write our recommendations, specifications. But in addition to that, we are also a reference in the broader media. When the media need to cover topics around security for communications, typically, we are providing insights of that. That's about the market or market presence or credentials.
If we switch gears into our portfolio, our portfolio is designed to protect three things. It protects users, people, countries, and data, so if we look at start with people, imagine having at your control or your disposal the experts and the technology to be able to protect your privacy. What we do here is like a digital shield. We protect users for that important information, like your location information, so that you are not here today in photography, can be said. It's not leakage to other players, other actors, especially foreign actors trying to attack some country networks. We also do a protection about that you don't receive fake calls. There is something you will hear from my colleagues later, CLI spoofing, but it's basically manipulation of the number to pretend that it's the bank that is calling you instead of an international call from another country.
And we also protect users from receiving fake messages or messages that include a threat, like a link to a malicious malware that can do an exfiltration of data. When we talk about protecting companies, it's very much about protecting the borders. What we do with our firewalls is to protect the international calls coming to a country. And the reason why we are doing this is because networks are a matter of national security. So there are actors that are attacking, and we receive even state-sponsored attacks into some other countries. And what we do here is to have a line of defense where we protect all incoming traffic into any of the countries where we serve with our firewalls.
So, what we do here is to protect that traffic doesn't leakage information or that doesn't create a following location for a specific user or implanting some malware in your phone. We will come back to a little bit more details about that. And then finally, it's data. And what we do here is, if you think in the environment of a company, I guess everyone takes for granted that you cannot only protect the perimeter in your companies because if someone wants to get in, most likely will get in. So, what we have to do is to have the mechanism inside the network to be able to detect if there is an activity and to be able to follow up that. And that's what we do when we talk about threat detection.
What we do is to understand if there is any actor coming inside the network and implanting some kind of software, that it could be a malware, that it can be dormant for a while, but then after that, we'll extract data. So we have the technology here to be able to detect those types of events. So now I would like to tell you a little bit of kind of story, and this is more an introduction to what Anders mentioned before about this SS7. Maybe you recognize the young guys in the picture, and probably you recognize them from the Apple Computer Company, but do you know what they have done before that? That was not the first startup that they did. The first startup they did was something that was called Blue Box back in the 1970s.
Blue Box was a DTMF, or it was a box that it was a very simple thing. It was just sending tones into a speaker, and what this was doing basically is to hijack the mobile telephony network, so this was the very first case where they have seen a flaw in the telephony system, and it was basically because at that time, you could have an international call. International calls were pretty expensive, but they wanted to prove that they could call someone in Europe for free, and what they did was to use this Blue Box, which was sending these tones in the line, and you could hear the tones, and that was routing the information. It was establishing the call to the other end, so with this, they managed to call for free the Pope, and you can probably follow this interview.
I think there's a very funny story where they have been trying to wake up the pope because he was sleeping at that time, and then they realized it was a fake call, but this was the very first time that it was proven how easy it was to manipulate those networks, and of course, they realized that that flow was very much based on that control communication was sent into the channel where you could listen to that. With the introduction of mobile phones back in the 1990s, this technology came, which was called outband control, which was basically to split these two things. On one channel, you send the information, like the control information to establish the call. On the other channel, you send the voice, and with that, we have introduced this, what we call SS7. SS7 stands for Signaling System Number 7.
And it's the way to be able to tell to the other end that I need to call this number. And then the call gets routed to that. It's like in an IP network, it's like the IP address that is sent into this specific channel. The reason why this is important for us to be able to explain to you a little bit more what we do is because this is not a problem from the '90s. This is very much here now. What I'm showing to you is a letter sent from Senator Ron Wyden to the Biden administration that highlights the risk that the U.S. has today in terms of threats and attacks into U.S. citizens from foreign actors, which is recognized as national security matters because there have been incidents where foreign actors have followed the location of people in the U.S.
That is something that is not only happening in that part of the world. It's also something that this type of event, unfortunately, happens all over. This is very much the problem that we are trying to solve. We are providing the technology to be able to protect users against these types of attacks. You could wonder why we have so many of these attacks and why no one has done anything before. The reason is because if you look back, Anders liked to talk about this global village. Telecom world was a global village. It was based on trust. The interconnection between operators was based on trust. It was only in a very small community that those connections had been done. Over the years, I think there were more and more players coming in. With that, a lot more threats.
But it was never considered from the very beginning in the design of these networks that you need to have a firewall for signaling to protect about this. So today, what we are doing is basically to provide that to the market. We provide the technology to protect these communications. And we are one of the few in the industry that has a very strong position to provide these SS7 firewalls. Let's listen now. I think Anders and I, we have met Niklas from Telia. So I will invite you to listen directly from him, what he thinks about this.
Security. There's always a lot of opportunities to address. What is then the current state? The whole digitalization is going at a speed that is giving. If you go back like a decade in time, it feels like something is especially in the media. Second. Force.
AI is definitely something.
Sorry for that. Le t's try to see this from the beginning.
Hi everyone. When you are in security, there is always a lot of opportunities to address. So what is then the current state? The whole digitalization is going at a speed that increases on a daily basis. If you go back like a decade in time, it feels like a few months. At that time, it's like two days today, especially having in mind that the AI is coming in with full effect or full force. AI is definitely something that you can use in order to become smarter or become quicker on your end. But definitely, AI is something that also the threat actor will use against you potentially. There are also some other things going on.
The geopolitical situation, and as I said, the speed of digitalization also brings forward something when I talk to my colleagues in the industries, new vulnerabilities, and that brings forward these vulnerabilities in a speed or in pace that has not been seen before. We also see that when a vulnerability becomes public until it actually gets exploited, that time period is just getting shorter and shorter. When you are a telco, you also, among a lot of other things, need to look into the signaling security side, the SS7, the Diameter, the GRX, etc., and we have, during the last years, been together with Enea, been revisiting, updating, tweaking this area in order for us to be able to detect potential threats a lot earlier. We have also been subscribing to the threat intel feeds.
These feeds actually make us a lot smarter because these feeds might be new threats coming in, might be new indicators of compromise. And it's not only coming from one source, but it's actually coming from a global source of companies. And in the end, it's all about the speed that gives us an advantage to be able to react. The teams that have been part of this program, they are constantly saying that they really appreciate the deep professionalism, for sure, in a company like Enea, but also the ways of working, the ways of challenging us to say, "Hey, having in mind the new threats coming in or having in mind the new modus, you need to look into the people dimension." And potentially, you need to educate the people in certain areas. You might need to update the processes.
Or in the end, you might need to do the tuning of the tooling in a new way. And this always has been done with a good spirit. And the spirit comes the whole way from the sales organization into the engineering and also in a few cases that we've had also in Enea's R&D team. I wish you a great continuation of the day. And thanks also for great cooperation.
So we have a number of customer interviews that we've done. And we've done them online. And we're going to present them here instead of inviting the customer here. But Osvaldo, what's your main takeaway from this interview with Niklas?
Very good. So Niklas began explaining that industries are getting digitalized and that mobile telephony is the backbone for many of those digitalizations. He also pointed out that the number of threats is increasing.
This is also something that we see. What we do together with Telia is to do an analysis of all the incoming traffic and to scan for threats. We bring that data. We compare it to a global view we have about all threats, and then we block all traffics in all Nordic operations, so we are deploying our firewalls around the six operations that they have around the Nordics, so we are providing that protection to Telia. What he also said is that there is a need to keep tools updated, education, and fine-tuning processes because what we see is that this number of threats and issues are scaling. That type of need for security is also something that we see not only in Telia, but we see it all around the world.
And that connects very well also to what we see market analysts are describing. So if we have a look at the outlook for next year, our job is basically to understand and identify where we see pockets of growth. And as you see here on this, there is a significant growth in the intersection between telecom and security. That's where we are positioned and serving that market. There is also growth in the IT security that we do through our embedded solution. And we have growth also related to communication service providers that will also drive some of our AI tools that we use in our firewalls. And this is what you see here in this summary. So from those pockets of growth, we also see that there are market drivers that they are pulling growth or possibility for us to do more in these domains.
How we bring this into our strategy for growth, this is what we do here. Of course, we want to capitalize or to use the opportunity to be able to grow in our business in both network security. The way we do this is based on this strategy, which is based on three pillars. We call it the triple E. The first one is about Enhance. Enhance is very much to improve the existing product offerings by looking into how we can do things better and also to work very close to customers in order to get feedback about what are the things that they want to do next. Here you see things like the CLI protection on the voice firewall to prevent fake calls. You see the threat detections in malware in DPI.
But also, you see this cyber defense that later Jean-Pierre will talk about in government. The next one is about expand. And what it means is that based on a strong foothold that we have today, what we want is to expand into an adjacent area. That could be an adjacent market or it could be an adjacent solution. So basically, we are topping up what we are doing today with extra functionalities and offerings. And what we see is mainly around the introduction of AI for a number of things. One is about what I described before, the message classification and filtering. We also introduce AI in these signaling networks in order to understand what is the reputation of that communication coming from another country where we do a reputation base. And we analyze on AI patterns what is the type of threat coming associated with that information.
And also, we want to take a step forward into we have been embedding our technology into some of the other companies that they are putting this into some products. We also want to take one step into giving a product ready-made solution for cyber defense, mainly targeting the managed security service providers. And then in the bulk, it's not only about what is the business we have here now. We also want to invest, do cautious investments into areas where we see growth and potential evolution in the future. And that is things like very much what I mentioned before. You should not only protect a defense line.
We should also have something that is we call it zero trust protection, which is basically also to have the mechanism inside the signaling network to be able to detect if there is a player, what the player is doing, and how to protect you even behind these firewalls. Also, we think that there is a unification needed in order to be done in IT versus telecom when we meet our customers. Typically, when we meet the CSOs organizations, they are really good at IT security. Telecom has been a little bit more a niche or more secret. So what we are doing here is to bring our threat detection from the telecom world into the IT space, and by that, what we will do is basically to bring Enea more visible into the CSOs organizations, which are very good versus in IT securities, but not so much in telco.
And of course, there is something that I think Jean-Pierre will talk later, which is that we are doubling down with our capabilities on AI-based classification of traffic. And that is because there is a number of technologies coming along the way. One is TLS 1.3, which is a complete encryption, total blind of the communication. And what we are doing is basically to be one step ahead to be able to work with AI to classify that traffic before that happens. Those three is, I think, is setting up for us the agenda for where we see the potential for expanding what we are doing today, growing from our current business, and also evolving this for future reference.
Thank you, Osvaldo.
My pleasure.
So now I would like to invite John Hughes up on stage. John has worked more than 10 years in the firewall security business.
He's coming here from Dublin, Ireland, where we are running that operation. And John, how come you ended up in the security business when your family is all into horses?
Yeah, I suppose my family might laugh at that question because whilst I grew up loving horses and my family loved horses, I'm not so sure the same could be said from the horses loving me. And I think that was especially the case when I grew to be over two meters tall. It just, I needed to pursue a different passion. I had an uncle involved in the electronic industry around the same time as Steve Jobs and Wozniak founded a company in the U.S. called Telematics and successfully sold it. And that intrigued me. And 25 years or more later, as I got into the mobile telecoms industry and now into security, I still find it fascinating.
It's something that excites me and drives me every day.
Yeah, thank you for making that choice. I can really sympathize with the horses. You know the ins and the outs of this business, but you're also incoming to Enea through an acquisition. Can you please share some views and thoughts on how it is to come into Enea through an acquisition?
Sure. At the time, I suppose we were looking around as a management team for an acquirer. We had plenty of different options available to us. We'd spoken to a number of different companies. I have to say, we were excited about the prospect of joining Enea. We felt it was time for us to take that next step. We needed the solid foundation that Enea brings. Yeah, everyone in the leadership team thought it was a really good choice.
I remember it being said to us that it's okay if one plus one equals two. Our biggest fear was that the value and integrity of what we had built up over many years might be diluted if it was private equity or something else, and I just thought the synergies, and it's true today. We thought it at the time. It's true today three years later. The synergies between what we were doing and what Enea does really solidified what we were doing.
That's great to hear. Thank you for that, John, so I'll give you the control. Please take us through your business group.
Thank you, so as Anders said, John Hughes, I'm based in Dublin, Ireland, where Adaptive Mobile was originally founded over 20 years ago. I've been with Adaptive for 18, almost 19 years now, joining Enea just approximately three years ago.
As Osvaldo described a little earlier, the markets that we serve, so my business group is referred to as the network security business group and the markets we serve are the telecoms operators and the CPaaS players, communication platform as a service players. Just to quickly describe again what CPaaS is, they're the companies that enable businesses to send messages, so it's your dentist wanting to send you your appointment reminder, but it's also at much larger scale. In the U.S. recently, the CPaaS providers were used extensively by political campaigns to send messages at mass and at scale. Our value proposition, so we're focused on cybersecurity in telecoms, and specifically, what we primarily do is we sell firewalls to protect the operators and CPaaS networks, so we have messaging firewalls for operators, messaging firewalls for CPaaS.
And there are distinctions between the two, which is why we decided to separate them. And then there are signaling firewalls, voice, and 5G. And maybe I'll just briefly touch on signaling to again explain how I explain it at the dinner table, which is with my family, which is if you imagine the postal network and letters are coming in and out to the main sorting office. Well, the core network of the operator is like that sorting office. And we sit right in the heart of that. And we're checking that the source of the messages or the letters, the messages are legitimate. We're checking that the destination is legitimate. We're checking that the person is paying the right price for what they're sending, et cetera, et cetera. So we're validating all of the signaling flows as they fly through the network in real time.
And the same with voice and now moving into 5G. How we go to market? Primarily direct to our customers, the operators and CPaaS. In some cases, indirect, that would mostly be in the cases where we need a local in-country partner. Maybe they hold the contract or the operator wants us to work with a local partner. And then we've got monetization partners. And I'll come back to this in a little bit. I'll explain further what this means later in my presentation. The majority of our go-to-market is perpetual license sales to operators and to CPaaS. And then term and volume-based pricing with CPaaS. Quick breakdown of the network security organization. The 125 number there, I won't go through all of this. You can see it there for yourself. The 125 number does not include the corporate functions in gray.
And also, there's some shared sales resources with another business group, the network performance business group, because we are selling to the same customer. And there's upsell and cross-sell opportunities that we take advantage of in that way. Okay, so we are world leaders in security. We're very well known in the industry. And we built that up as Adaptive Mobile. And we've spent the last three years transitioning that name and that brand and that reputation to Enea, and I think quite successfully. Signaling, messaging, and 5G will be what we're best known for. Voice, which I mentioned, is more of a greenfield market. And we're building our name in that space. And that's a target for us. And threat intelligence is another area that we would be very well known for. It's a big differentiator for us from our competition.
So this threat intelligence is community-based knowledge that we gather from all of our customers around the world. And we can use it to enhance the security of networks in the Americas when we see something happening in the APAC region and vice versa. And then we're building and continue to build AI and ML into our offerings to enable the experience for the customers. And as I said, we sit in the heart of the network. We're known as a very stable solution, very fast. It needs to be real time. Like in milliseconds, we need to be making these decisions and delivering the messages. And we've won many industry awards over the years in recognizing our leadership position in this space, the most recent one from the Kaleido industry analyst team. So I'll change flow for just a second.
I'd like to talk about some use cases with our customers where we're deployed and how they use us. Just before I do, to set the scene, I think everyone knows that your mobile phone, it's your identity. Everything we do these days is on our mobile phone. Scam calls and scam texts are, I would call, a scourge on society. They're a real pain. People just hate them. More than that, they cause a lot of damage. 25% of the global population has been defrauded. The numbers they've been defrauded of are astronomical in the trillions. 78% of the people in this survey that I'm quoting from experienced at least one scam in the last year. I think that's even probably underestimating it. I think everyone here in the room has probably experienced many more than that in recent times.
And where these scams proliferate, it's primarily on your phone through calls and through text messages at 61% and 58%, respectively. So it's a big, big problem that we're trying to solve here and that the industry is trying to solve. And a good example of where we've done this in the last few years is in the Middle East. It's with Telecom Egypt. So we were working with Telecom Egypt. And they came to us and explained that they had a big problem. This is actually how we got into the voice protection space. They said they had a big problem in the voice space. They were coming under huge pressure from the regulator locally. They were seeing subscribers move off their network, turning off their network. And their brand and reputation was being badly damaged. It was in tatters. And they needed a solution and needed it fast.
So they explained what their problem was. We had built our software recently to be more flexible and configurable. So we said, let's see what we can do. We'll do a proof of concept for you. So we did that proof of concept within weeks. And it worked. And what was a little bit scary about it was the customer said, we want to leave that proof of concept in the network. And that was a little bit nerve-wracking because, like I said, we need to do this at scale with full redundancy. But it worked. And we built the redundancy in over time. 8%, something we realized afterwards, and we were able to show them proof of 8% of the voice traffic on their network was scam. So that's almost one in 10 of the calls on their network.
When we solved this problem, we reduced that down to less than 1% very quickly, and then over time, we reduced it down even further, and of course, that brought back trust in their network. It meant people were using the voice channel, were making phone calls more because now they could trust them. They weren't looking at the number and going, I'm not answering that. They were looking at the number and going, yeah, I think I can trust this. I'm going to talk to this person now, and that increases revenue for the operator. Another example, switching to messaging this time, so in Africa, we work with a tier one operator group in Africa, and what we do with them is we provide a service that we call Gray Route, or this is back to the A2P monetization, so how will I describe this?
So, Gray Route, if we go back to our post office analogy, this is where someone tries to send a letter and pay for a national stamp when they're sending international. And they're able to bypass the checks in the post office. Similarly, in the mobile operator, if somebody's trying to send a message from a person to a person, they might be charged a cheaper rate. But if it's a business sending to a person, they'll be charged a higher rate. And what's very common is that the businesses are using channels that use the lower rates or no rate at all. And operators are losing out to the tune of millions as a result of this. So what do we do? We put our firewalls into the network. And we corral that traffic. We force that traffic down the correct routes.
Again, all in real time, all in milliseconds. By doing so, the operators are now charging their customers at the correct rates, which naturally drives up their revenue. This is a real no-brainer for the operators. We're uniquely positioned to do that as a firewall vendor. This particular operator group in Africa is saving over $50 million per annum by doing this. There's a real strong business case here for this solution. Our key competition, so on the left-hand side, you'll see the messaging. Our key competitors, Proofpoint, would probably be the strongest one in the messaging space. Proofpoint are well known for email protection. They have a division, formerly Cloudmark, that were acquired and are still working as Cloudmark within Proofpoint. They will be our key competition in this space. They're mainly focused in North America.
That's probably where we see the biggest threat from them because if they're selling to the North American market, they can claim that we're American. I think we have a strong base, much stronger base than Proofpoint in North America. I think that serves us well. I think we've proven ourselves over the years in that space. Mobileum and Cellusys work in this space also. Sorry, I should say Proofpoint, they don't really focus on that monetization piece, the A2P piece that I mentioned before. They're more focused on the anti-spam protection. We have a wider breadth of offerings than Proofpoint. Similarly, Mobileum and Cellusys, they're probably more known for working in the A2P monetization space, application-to-person monetization space, more so than the anti-spam or anti-scam area. On the signaling side, again, I'll mention Mobileum. Mobileum are probably our strongest competitor on this side.
They have an equal portfolio or similar to us. They ran into difficulties earlier this year, so they're Indian-backed, U.S.-headquartered, and they actually went into Chapter 11 earlier this year. They've come back from it, but it certainly shook them and shook the confidence of some of their customers, so you'll see in the opportunity section that this is something we're looking to target and focus on, and then Cellusys is a small Irish company that is probably better known for roaming, steering in the mobile space, and also Q more so than messaging, but they are also a competitor along with SecGen. SecGen, they were resurrected from a company that was on the U.S. embargo list because of the Russian links. Cellusys and SecGen will probably be bigger competitors in the tier two and lower markets, whereas Mobileum works with us in the tier one spaces. Okay.
So why do we win? We win because we don't provide security. It's not a tick-box service. A lot of our competitors like to go in and deliver solutions that comply with the standards, comply with the protocols. But as we say to our customers, the bad actors don't care about standards. We go beyond the standards. We want to provide them a full, hardened security solution. And I think our customers respect that. We provide consolidated firewalls. So what does that mean? That's a firewall that covers everything from 2G to 5G and voice and messaging. And it's all on one platform. So it's one piece of software, one screen to administrate everything, one reporting module. That's a competitive advantage we have over all of our competitors. They generally have to deploy different software for different solutions. We're a public company.
This is even more important for us this year because that's seen as offering stability and trustworthiness. Mobileum. One of the reasons they went into Chapter 11 was because of some scandals, fraud-related scandals on a takeover that occurred there a number of years ago. Companies trust us, and they can see it, and we're transparent like we're being today. Research. We have many experts built up over many years, and Osvaldo mentioned the GSMA, the standards body that governs the telecoms industry. Many of our experts have actually contributed to the writing of the standards, in particular in the signaling space, and I think that proves that we are the thought leaders in this space. We're always trying to be innovative and predict the next step and stay ahead of the game. Intelligence that I mentioned. A lot of the operators, they need this intelligence.
They want to know what's happening, and they just don't have the people to invest the time. They also don't have the global view, something that we're able to give them. We're able to tell them what's going on in the industry and how well are they performing because it's like security is when is the job done. We're able to give them kind of feedback on what's happening elsewhere in the world and how you're performing, and we give them insights and advice in that area as well, and then we have a very flexible platform. We invested in the last few years on this flexibility, and you saw with Telecom Egypt how that helped us to react very quickly. Security needs that. This is why we did it. The bad actors, their full-time job is to get around our firewalls.
Their full-time job is to exploit the mobile networks. That's what we're there to do. We need a very flexible platform where we can react quickly to help our customers to close off those vulnerabilities in real time. Okay. So we're going to hear from one of our customers just now. And just before you do, I'll just quickly explain, give some background and context. So I mentioned anti-spam, messaging abuse protection. I would describe this as unwanted traffic. Nobody wants this. Nobody wants those scams hitting your inbox. That's one type of messaging. On the right-hand side, you'll see commercial messaging. This is where we enforce. So in certain countries, there are certain regulations around how you can message customers. So you can't send marketing messages at 2:00 A.M., for example, and many more use cases.
We help customers enforce those regulatory controls, but also their own terms and conditions, make sure customers are abiding by the terms and conditions, so in the middle, you've got the grey routes controls, which I mentioned, so this is wanted traffic. The customer, I want to know my DHL message that my package is arriving tomorrow or my dentist appointment or whatever it might be. This is wanted traffic, but the senders, and it's not always the brands. It can be the aggregators in the middle that are trying to find the cheapest routes, and sometimes they use routes they shouldn't be using to reduce cost, so this is the grey routes traffic, and we help monetize and enforce that. tyntec, German company, they are deployed globally. They are a CPaaS player, but we partner with them specifically around this grey routes area.
Now I'll hand over to their CTO, Thorsten Trapp. He'll tell you a little bit about how Enea works with them.
Thank you very much for having me. Absolutely. I am Torsten Trapp. I'm the co-founder of tyntec. tyntec is 22 years old now. We founded in 2002 and are deeply rooted in the messaging industry. We are currently a, I would say, SMS wholesale aggregator plus a CPaaS player. In the last five years, we've seen different contradicting movements in the market. We've seen the rise of the over-the-top players for the likes of WhatsApp, Viber, Telegram. Now Google's RCS is trying to play a role in this area as well. So all the over-the-top players are putting pressure on the classical telecommunications infrastructure play, like Skype did in the voice world. It did hit the mobile operators hard.
And this happens with messaging currently or since the last five years. In the last few years, where the enterprise solutions of the over-the-top players gotten professional, RCS for business, WhatsApp for business, Telegram, Viber, the pressure increased. But the pressure also increased from the monetization point of view of mobile network operators. They still need to invest into the networks. They need to build it up. And they need to make sure that their revenue actually stays there and is not completely replaced by over-the-top messengers that they are not able to monetize. Okay. So in the end, the operators are writing RFPs or calling us directly when it comes to monetization because historically, we've been transporting the traffic of all the big hyperscalers to them so they know us.
A natural conversation is to talk to the guys who have the traffic anyway to ask, "What can you do to monetize it better?" Because they are also aware that there is leakage in their revenue. The discussion is normally, "Okay, we have a network. You guys have the traffic. Can you help us to do this?" This normally goes in a way that we need to monitor all aspects of the network because the leakage comes from the network setup, which has grown over the last 20 years. This is all not, I would say, not picture perfect. When the operator comes in, there certainly is this commercial thing. The questions are, "Hey, are you connected directly to the Tier 1s, which we are?" All big hyperscalers are directly connected to us. We are fully connected to the aggregator ecosystem.
That is not the problem. This is what we bring to the table. The operator's inner workings, meaning their own network, their own security issues is done by a, I would say, consultancy arm of us. We look into the network diagrams. We look into the gateways they have. We look into the signaling paths for the different technologies. And this is when we bring Enea in because most of the time, there is an underlying network security issue that needs to be fixed first before you can begin the monetization job. This comes with a 3GPP home router. So all the technical stuff the carriers might have and might not be at the right point in the network. So this has to be redone. And in some cases, also basic network security needs to be implemented.
And this is where Enea comes into play because they are specializing in security. They are specializing in monetization. They aren't an aggregator. So therefore, they cannot fulfill the other part of the equation. And this is why the partnership of us works that great because we bring the connectivity, the customers, and in the end, the network. But Enea brings the technology to secure the network so that the entire business case works. So basically, we are firewall agnostic as a company. This is how it started off. We were working what either the carrier has or what the carrier's demands were. And it turned out that Enea was just the best fit to our business because we can build that business case together as partners to the operator so that there is no extra charge for it. So it's one thing.
And Enea has this portfolio of services that works for us. So there's signaling security. There is monetization aspects. There's preemptive security in place. So all those modules are there. And depending on what the operator has and needs, we can stick that solution tailored for that operator and for that specific business together with Enea quite easy because they have it in their own portfolio. We wanted a partner that has the entire portfolio together with us to not need to manage two other suppliers because that will end up in an operational nightmare. So for us, Enea is the natural go-to option when we have new prospects or when there is a security project in play that we have to take a look at Enea as our go-to partner since, I think, six years now.
Okay. So this is a space I am really passionate about.
It's a space I really believe in. And it's something we've moved into in the last number of years. It's important for our growth. For TinTech and for our customers, it's an easy sell. There's a clear return on investment. What Torsten didn't explain there is that they put a business case together for the operators. And they've got certain terms and conditions that they need the operator to sign up to. And then they walk in and they put the business case down and they say, "We will pay you for this business." And then any profits above that, TinTech will take and we will take a share of. And that's almost a no-brainer for the operators. They're being given money upfront and a guarantee of profits upfront for the duration of the contract. So there's a clear ROI. It's revenue share, as I said, between TinTech and Enea.
It's recurring. For me, this is something I'm trying to do, striving to do all the time is build our recurring base. And then time to market, it's all fully in our control and TinTech's control. So we can get it deployed really quickly, get the solution up and running really quickly, and start generating that revenue. So the market outlook, the market dynamics. So we're seeing an increase in regulatory influence in messaging and signaling. And that's globally. In particular, in Europe, we're seeing a lot of activity in this space. And the regulators are finally acting and enforcing operators to put solutions in place. Voice fraud, as I said, it's prolific. It's a huge problem. And it's causing big issues for operators and for people who have mobile phones, which is pretty much everyone. And then we're seeing multiple communication channels in the RCS space.
This is rich communication services. If you haven't seen this on your phone already, Apple have adopted a Google technology called RCS, rich communication services. It's essentially SMS boosted up so that you can get much richer content on your SMS channel. Apple have finally commenced this space alongside Google. We're going to see that change the market dynamic. Challenges. The biggest challenge for us is the evolving threat landscape. You heard Nicholas from Telia earlier saying that AI is everywhere. All you need to do is Google it, ask AI, and it will do it for you these days. You don't need to be. It's not just the governments or big business or the really smart teenager in his bedroom who are doing these things anymore. It's anyone can do it.
If you want to do it, you can figure out how to do it in 10 minutes on the internet, and we have to keep up with that and actually stay ahead of it. Opportunities, the CPaaS A2P space is expected to grow, and it's expected to grow further because of this adoption by Apple of those rich communication services, which will enhance rich media messaging, and we have solutions available for that today. Voice firewall opportunities, as I said, driven by consumers' demands and by regulators, and then we have opportunities to replace competitors that are financially challenged globally, so finally, objectives for 2025, so we want to be recognized as the leading messaging firewall for rich media messaging, and we want to continue to invest in AI/ML in the messaging space, and I think we're really well positioned. We're the only vendor in the CPaaS space.
We have many CPaaS customers already, and our competitors in that area are playing catch-up, so we want to really solidify that. As per point two, we want to consolidate our position in the CPaaS space with the addition of more tier one logos and more monetization partners such as TinTech. We want to be the leader in voice CLI spoofing. As I said earlier, it's a greenfield segment for us, and we really want to seize on that now and make it known that this is our space. We know what we're doing here and take control of this greenfield segment. We want to position Enea's single firewall, so this one single firewall, it's a big competitive advantage we have. It's operationally cheaper for customers to use just one firewall, as Torsten said, instead of having to go out to tender on multiple different solutions to solve one problem.
And we can do that today. And then we want to focus on driving recurring revenue growth and build on that stable and predictable base. And we want to do that because that'll position us strongly to achieve the double-digit growth that we're striving for and that we want to achieve. And that's it for me, Anders.
Thank you so much, John. Thank you. So I now want to invite Jean-Pierre from Paris, running our embedded security business group.
Hello, bonjour everyone.
Ça va, Jean-Pierre?
Oui, ça va très, très bien. I'm happy to be here today.
But you're actually not from Paris, are you?
Actually not. Actually, I left Paris 2000, like 24 years, but I left France 1996, to be precise.
So Jean-Pierre told me the story many times, but I think it's a fascinating story. And I would like you to share it with the crowd here.
So tell me, how did you come to France?
Yes. So my story, so I'm originally Lebanese. And I finished my studies in Lebanon. And I told my parents, "I want to discover the world. I want to live my dream. I have a lot of dreams." They said, "My lovely parents, this is all our economics. We give it to you. And so go ahead, live your dreams. And we give you our values and your education. But we will be always here with you." So I looked at my economics when I left France in 1996. I tried to do the budget forecasted for five years. And five years, and after per year, so I learned how to manage my own budget. And I figured out one thing that I can't call my parents every day. It's so expensive. 1996, no internet, no phones, nothing.
In my budget, I was only allowed to call them once a month. I was struggling. As you know, probably the Lebanese community, they're spread over the world. I have a lot of cousins, brothers. I need to connect with them. I was so frustrated every day. I was feeling this pain inside of me. I decided that day, that first year, I said, "I ask myself, what do I want to do for the future? How can I be useful? How can I help this community? How can I connect better the people, connecting people?" I studied networking and telecommunication in Toulouse together. I was very involved in the Motorola, Airbus, all my professors coming from this world.
And I said, "My driver, my driver in the professional life, it's to work all the time to help people to connect together and in a safer world, safer communication, good communication." So I started my professional world experience working for Nortel Networks, a Canadian company. UMTS, GPRS, it was a dream for me. I was living my dream. And after switching to VoIP to our French startups in 2003, well, again, VoIP, we can call for cheap every day. I was calling my mom every day saying, "Hey, it's cheap. We can connect together." And in 2010, I decided to move to Qosmos in the deep packet inspection world because now we know how to connect, but how we can enable more actually security for this connection, how we can make the world more secure. And in 2016, we were acquired by Enea.
And we announced it publicly at the end of transaction at December 13, which is a very good day for here. I think it's a public holiday. I don't know if it's the lighting day or Santa Lucia. Yeah, which is my mom's name, by the way. So it was the first good sign for me that, "Oh, I'm enjoying this company in a very good day." So how was that being acquired? And you're still here? We were scared. I was scared at the beginning when Anders arrive d and my French CEO, my new Swedish CEO, it was like a super discovery. We discovered a company that they care about people. They care about technology. They care about us. And they said, "You are with us. And we are relying on you. We trust you." This is the magic word when he said, "We trust you.
And we want you to give the best of yourself." So Enea opened up not only for me, for Cosmos at that time, a wider actually way to do our career differently, more global coverage, global mindset. And at the end, the trust. We are trusted in Enea. We feel trusted and supported.
I'm happy to hear, Jean-Pierre. And I'm happy to have you here. So please take control and take us through your business unit.
Thank you. So embedded security. So as Osvaldo mentioned before, we are targeting the cybersecurity vendors and large enterprises. Let's discover what we do actually at our value proposition today. So we are the leader in the embedded security space. And also now we can say also in threat detection because we launched this product last year. So last September, we go public with it.
Of course, we are the expert in the network protocols and applications. In my business group, we have also the old Enea, the operating system as well, portfolio and business. How we are going to market? We are going direct and indirect. But we are targeting again and again the network and security solution vendors. You will see later on our customer actually video talking about us and how we operate with them. Of course, we have the cloud service providers. We are seeing more and more need in the space. Last, we have also a use case more oriented cyber defense with the government where we have directly dealing with the governments today to secure their internal infrastructure. I wanted to share with you the story actually about this project where we are really proud of it.
It's one of the seven magnificent today. We won it and we landed this year. So the story is what is behind the drivers behind this project. So the customer called us. He told us, "We know you very good, Enea, Cosmos. And I have issues. I have pains everywhere." So we tried to discover the pain that our customer is facing. So the first is related to the malware detection. He doesn't have our DPI. So the accuracy issues, he can detect in a very good way actually the malwares in his network. So he has more and more threat exposure. And after, he said, "I need to have more visibility. I don't have enough visibility of my network. I need you guys." Performance, he did try to build it in-house alone. He didn't succeed to scale.
So he said, "You need to help me on the performance side." And the flexibility. We are known as OEM, of course, DPI supplier. But he knows also that we have also the threat detection capabilities using the same DPI engine for both actually features, visibility and detection, also threat detection. And of course, on the TCO side, he was interested in the cost. It's very high if you do it yourself. And he can't. It's not sustainable in the long term. So he has a lot of issues. He said, "Help me, please, Enea." And we started working with him and to upgrade. Of course, he was expecting a very good quality of the product, efficient, of course. And on the cost side, it should also fit with his expectations. So we work with this customer or partner today. And this is what we did.
Of course, we have improved this visibility. This is our main feature about the OEM DPI, so better coverage, precision, and insight into everything in the whole area. On the functionality side, we have deep packet inspection and threat detection in a single solution, so for him, it's easy. I have only one supplier. I can supply both things. Of course, flexibility. Today, we also have, as you know, probably in our portfolio, we have different add-ons. He said, "Today, I need this one. I will integrate it in your solution. It is very flexible. And this is what I like." Strong customer support. We are delivering local support, and this is one of our key strengths, actually. We want to be close to our customers and to understand their challenge and their pains at the end of the day, and he did a PoC with us.
He was amazed by the strong support that we delivered. Lower TCO comparing to him, he said, "It's exactly what we need to see. It's a win-win partnership." Of course, Enea is known as a global DPI supplier. We are the leader. We have also a strong position also saying, "This is our product. And it is recognized for the past 20 years now. And we want to deal with the leader of the market." Talking about being the leader of the market, of course, we have competitions. I selected two competitors today. We have the first one, ipoque from Rohde & Schwartz. They're competing with us only on pricing because they don't have any other feature in their product. Only trying to competing with us on the pricing. They're pushing price-based selling.
We are pushing the value-based selling because we have more value to create for our customers. In some situation, we have also the in-house DPI with all the detection solutions where the customer, for a reason, probably internal reasons, he tries to do it in-house. He started doing in-house using probably sometimes open source solution. A few years after, when he got issues and challenges, and if you want to move to cybersecurity space, he needs to update actually more frequently the signatures. When I say signatures, you have to hear it like WhatsApp, Facebook, all this. We call it signatures or protocols. He's calling us. He's saying, "I need now to integrate you guys." Still, we are not winning from day one because he will take more time to discuss with us.
Probably in some situations, some use cases, he will just keep it with the open source or his in-house development. And that's it. Now we want to move to our customer video. Our customer is Zscaler. Zscaler, it's a U.S. cloud-based security company. And they are doing more than $2 billion and a very significant actually year-over-year increase. And they integrated our product, actually the DPI product for the past 10 years plus. And I will let you hear what he's saying about us.
Sure. My name is Stephan Sebastian. I am the director of product management at Zscaler, looking after our ZIA product line with particular emphasis on firewall, IPS controls, and DNS controls. Yeah. Zscaler is very much focused on cybersecurity, providing cybersecurity for the Global 2000 target customers. So that's the top 2000 largest corporate entities globally.
We're pretty successful at reaching that G2K focus on the Fortune 500 as well and generally trend towards the largest customers. We're just over $2 billion. We're a publicly traded company, so this is public information, so $2 billion per year in annual revenue. Our growth is pretty pronounced. You can look at some of that, and we're there to largely secure the traffic proceeding outbound and make sure that the users, IoT and OT devices, and various different entities around the corporation are secure. Overall, there's a couple of key reasons. First is the visibility and exposure that Cosmos Enea has, so the depth and the breadth of the application identification, of course, was one of the primary concerns for us, and the fact that Cosmos Enea is a market leader made sure that it wasn't just Zscaler.
Yes, we're a big company, but it's not just Zscaler asking for application identifications or providing validation points. It's a whole body of customers that are making demands of Enea. And we're benefiting by those demands. So if there's a detection problem, it's not just Zscaler identifying that detection problem. It's other customers saying, "This detection has to be better." And Zscaler gaining the benefit of that. So the reputation, the visibility that Cosmos has, and the fact that it has a significant footprint all factored into our decision-making with Cosmos. This is one of the real pleasures that we have is working with folks at Enea. I mean, I'm not sure if I should name them, but folks like JP, Danny, Al, the team that we work with is very responsive to our needs.
And what I can do as a guy working on the product side, I can reach out to those folks at Enea. They're very accessible. They provide answers in a timely manner. And I can interrogate them on what should we be doing? How can we get more out of the solution? And they're pretty responsive. So they not only coach me, but they're very accessible to my engineering team.
So just a few words about Zscaler. As you can see, it's very important how we are seen from our customers. We are very robust. We are also a kind of extension of his own team, his own engineering team. So this is what we value proposal. So we live their pains and we give them the solution for it. And of course, the strong support that you are delivering. So it's a long learning journey with our partners.
We bring our vision, our roadmap, and we ask for their feedback, and we build it for the future. What Stefan is saying is we have this positioning, the horizontal positioning, where all the customers are taking benefits from it. We do only products. We don't have services. We have one product. We share it on the DPI side with our customers. We understand their requirements, and we build it based on the customer's feedback. We are the key differentiator that we have. I already talked about we are specialized in the DPI and threat detection. This is unique today in the market. One supplier delivering both actually features. We have the broadest signatures base. As you can see here, the numbers, application, metadata, it's huge that you are. We are continuing investing in this.
Of course, on the AI side, this is the strength of Enea. It's not only embedded security actually that is delivering. We are working jointly with other business groups and headed by Osvaldo on this AI strategy. We are preparing ourselves with the encryption. I'll talk probably later about it. This is one of our solid AI strategies today. We are sharing with our customers to validate our approach. We are getting great feedback from our partners. As I said, it's very driven by our customers. We need to be all the time driven our roadmap based on our customers' feedback and our vision to the future. We have also the challenges. Before I talk about challenges, I will talk about the market dynamics.
So as I started in the beginning the story about the project that you did, it is what we are seeing today. It's a general tendency for cloud service providers to build that in-house security solution, and to do that, they need us, and this is what we are seeing. And also, we are seeing another trend, which is today, the security solutions is seen as a function, the concept of adding a security function from a third party, and this is what we are helping our customers to do, so this is exactly in our positioning today. And this MSSP or system integrators, this is what Osvaldo tried to touch a little bit about it at the beginning. What you are seeing today, it's more and more these actors, they want to have this combined actually technology, the DPI, or we can call it DPI or probes.
Today, we have it in other form factors from our initial DPI, plus the anomaly detection, so we are seeing this also trend today as well. As for challenges, so the main one today, it's the encryption. Osvaldo talked about it. I'll also be talking about it on the DPI side. If the traffic is completely blind, then the customer, the visibility will disappear. This is the question that we are having, so we are preparing ourselves for it, and it could be a challenge, a threat, but also, we are seeing this as an opportunity if we do it, of course, in the right way, so we're seeing these challenges, and I'm seeing this as an opportunity because we have the technology. We are thinking about it, and we are also validating it with our customers today to prepare ourselves for this challenge if it's happening next year.
And of course, the second one is linked to our pricing, pricing with our main competitor where he wants to only compete on the pricing while we are pushing the value-based pricing. In terms of opportunities, we are seeing great actual opportunities around the threat detection. As you can see, the market is on the cybersecurity or the IT or the SASE security that Osvaldo showed. We saw the numbers for the future. We want to be part of it. And we're seeing the opportunities also there. And T1, cloud service providers, in-house security solution. This is what you're seeing as opportunities as well. We continue seeing it. And of course, in cyber defense, we continue our investment to support cyber defense projects as well. Our objective for next year. We want to increase our market share in cybersecurity market. We have everything. We know the market is here.
We have the products, and we have good signals from our partners and also the market. We want to be also part of the governance space in cyber defense. We want to strengthen our position next year, and of course, the challenge related to the encryption, we're seeing as a challenge, but as an opportunity, as I said before. And we will be with our customers, reassuring them and creating more value for them, and we want to explore this market. First objective, the MSSP market. We already started some trials today. We want to learn before actually moving on to production, so we learn in this process from our customers, our proof of conce pts in 2025, and we have the same approach that we did with the threat detection. We launch with our customers. We learn together, and we launch the product.
This is how we want to do with this MSSP. We are seeing a very good sign today, and we'll continue doing it next year. Of course, we are looking to deliver a double-digit growth. Thank you, everyone.
Thank you, Jean-Pierre. Just two seconds. We have a question from the online people. That's if we partner in security to strengthen our offering when we go to market. I hope we've answered that question both in John's side and with Jean-Pierre. Jean-Pierre, part of his business is to embed the technology in other companies' solutions for them to sell it to the market. That's a very clear form of partnering. Jean-Pierre. I'm not sure that you have convinced the people of what you're actually selling. On the T-shirts, some of you have a T-shirt with glasses. With those glasses, you can look into the traffic.
That's the analogy. But we're not selling glasses, are we? So you have one more minute to actually explain what it is that you're selling. And the other question I want to ask you is that I know that you really love selling to small startups in Silicon Valley, small deals, mushroom, planting mushrooms. That's the second question. And you have four minutes to wrap up.
Thank you, Anders. This is a big challenge. You know, on the highways, you have what you call the radar. If you go speed, or your speed, he will control your speed. So we are the radar of the highways, what you call the internet, the packets. So our product, the building block that they're giving to our customers, he will count all the packets. He will get more visibility. If it's Facebook packets, then we classify it in good sessions.
This is what is the visibility we say about the network, about the highways of the network. So this is what you are delivering as a component to our customer. He needs to have full visibility of his network. So I need to have the best radar in the market. And this is what you are delivering today. Deliver this visibility so he can develop his own use case based on real visibility of his network. And that's what Zscaler is doing. Exactly. Exactly. So Zscaler, they didn't develop it in-house. They said, "You are the leader. Give me this OEM or this SDK." They integrate it. They have full visibility. And after they build their own use case and secure the network. About the second questions, we are a technology company. So we like to be always connected to the new technology. And it's being in the US.
We have a strong base in South Bay in the U.S. We're also talking to the startups, and what we like about startups, they want, they are dreaming, of course, about the future, but they're very connected to the tomorrow's, actually, new technology or new features, and they are fast learning thinking, and we want to be part of it, so we're working on them on the technical strategy. We learn from them. They learn from us, and of course, as you know, this world of startups, one day, our good startups will be acquired by the bigger ones, and we want to be part of this, so this is my answer for your question, Anders.
Yeah. It's a great way to scale our business, and you have been successful in at least two or three cases where we sold to the startup. They implemented this in their product.
The startup was acquired by a big company in the US. And that company took this product with our technology inside and sold it through their channels. And all of a sudden, our revenues more than doubled or tenfolded.
Oh, yeah. Exactly. Oh, yeah.
Yeah. No, so it's a great strategy. So thank you for that, Jean-Pierre.
Thank you.
And now, it's time to stretch your legs for a 15-minute coffee break. I'm pretty sure it's right behind you. So thank you for that.
I'm still dreaming of you. I'm still dreaming of you. Baby, baby, to you. I'm still dreaming of you. I'm such a special kind of cloud. It's not an angel. You're a hot breaker. And I'm a soft hot lover. Does that mean we'll never get along? I could write it on the paper. I could be a fire starter. Or just another number.
Does that mean the game is already over? It's not an angel. You're a heartbreaker. And I'm a soft-hearted lover. Does that mean we'll never get along? There's no one who moves me like you do, baby. You gotta know. There's no one who moves me like you do, baby. You gotta know. There's no one who moves me like you do, baby. You gotta know. It's not an angel. You're a heartbreaker. And I'm a soft-hearted lover. Does that mean we'll never get along? I could write it on the paper. I could be a fire starter. Or just another number. Does that mean the game is already over? It's not an angel. You're a heart of steel. And I'm a soft-hearted lover. Does that mean we'll never get along? There's no one who moves me like you do, baby. You gotta know.
There's no one who moves me like you do, baby. You gotta know. There's no one who moves me like you do, baby. You gotta know. You gotta know. You gotta know. You gotta know. You gotta know. Faz-me a tristeza e diz: "Se ela quiser, ela não pode ser." Diz que nenhuma precisa. Que ela lhe quer porque eu não posso mais sofrer. Chega de saudade. Lhe dá jeito. Se ela não é paz, não é beleza. Só tristeza, melancolia. Que não sabe de mim, não sabe de mim, não sei. Mas se ela voltar, se ela voltar, que coisa linda. Que coisa louca. Pois a mim me surge o amor normal. Do que os beijinhos que eu daria na sua boca. Tanto dos meus braços, os abraços são de sete milhões de abraços. Apertados sim, colados sim, calados sim. Abraços e beijinhos e carinhos sem ter fim.
Que traga a vaga sem negócio de viver longe de mim. Não quero mais ser negócio de você viver assim. Desconecta de la pantalla. Te prometo, cumplirás tus sueños. Escapemos de la gran ciudad a un lugar sin tiempo. Para respirar. Para recordar. Para respirar. Para recordar. Siento que me miras a los ojos más de lo normal. Que me quieres y me extrañas todo lo demás. Me dices todo lo que quieres sin poder amar. Es como el eco de tu corazón. Que me miras a los ojos más de lo normal. Y no entiendes si me quieres o mejor te vas. Me dices todo lo que sientes sin poder amar. Es como el eco de tu corazón. No sé por qué lo haces tú. Quiero saber lo que yo no sé por qué lo haces tú. Quiero saber lo que yo no sé por qué lo haces tú.
Quiero saber lo que yo no sé por qué lo haces tú. Quiero saber. Tal vez no es el lugar. Tal vez no es el momento para hablar. Si me dices que me quieres, puede que lo intente una vez más.
All right. I'm sorry to interrupt the break, but I have had some time to speak with some of you guys and understand that there are actually more questions than I have anticipated in the program, so we need to make room for that, and to be able to do that, we need to start, and I guess the coffee will be standing behind you guys, so if you need more coffee, that's, feel free to grab one. So do you remember the Swedish television show from the 1980s, Pojken med guldbyxorna?
Yes. Oh yeah. One of my favorites.
So you're saying that we have a couple of them here in the room?
Yeah, I can imagine.
We actually have, you just met one of them, Jean-Pierre. And for the one of you speaking English, and I think there is, it's difficult to translate Pojken med guldbyxorna, but it's a small kid who one day woke up and understood that he could just pull money out of his pants. And that was the plot. So with those words, I would like to invite our own golden man, Amar Hamdan, from our Dubai office.
Thank you, Anders. Hello, everyone.
Hello. So, Amar, you've worked from the US to Dubai and spent many years not only with Enea, but also with Openwave and Motorola.
Yes.
Can you tell me a bit about your background?
Yeah, so I was very technical, working with Motorola, Qualcomm, between New York, San Diego, California.
Then got an opportunity to, and the challenge to go to Dubai. So moved back to the Middle East, managed many large-scale projects in the ICT sector before coming to Openwave and back to the telco industry. So I've been with the company now 13 years in multiple roles and working with our customers, really.
Yeah.
Yeah.
And doing a grea t job. So you were also coming, you came into Enea through an acquisition. What was your sort of take on that?
It was scary. We woke up in the morning, you're acquired. Acquired Enea. What's going to happen? But I have to say, after these years, Enea does acquisitions in a very different way. Enea acquires a company. This is a successful company. Let it go on and grow and collaborate and integrate with the rest of the business units. Now, why is that important?
The key people within the companies that have been acquired, you'll see them still there, growing and growing Enea as a company, so it's been going very well.
Yeah. I'm really happy to hear that, and I'm happy to have you here.
Thank you
So I'll give you control, but you're actually then you're not selling Jean-Pierre 's product. You're responsible for Enea and APAC, but not selling Jean-Pierre's product.
That is correct, so just to differentiate, we sell also traffic management we call DPI. We have different markets that we're selling to, that was explained earlier in the day. We're selling over to telecom operators, which are service providers all across the globe, and we're selling full-scale solutions. We're understanding what the problem is. We're understanding what the challenge is, and we're coming back with a solution that fits into their networks.
My friend Jean-Pierre sells the component that is sold into vendors that come up with a solution, the Zscaler and others, so we work in quite different markets, but cooperate a lot. So what are we focused on? My name is Amar Hamdan. I'm based in Dubai and across the world because we're traveling almost every week, and responsible for selling our focus area, networks and security. Now, I speak with customers on a weekly basis. What we care about is understanding what challenges they have. What we want to know is how we can help them to give value. That is extremely important, and I keep repeating that. Now, what are the challenges with operators? We talked today about risks, cybersecurity risks, tracing, tracking, messaging. That's huge. Every one of us could be affected with that personally. I'm scared when I think about it for my family.
Operators have to think a little bit more. Their risks go to infrastructure risks. How much are they paying on their infrastructure? Their risks go on to revenue loss. We talked about messaging protection. We talked about how John can help us in that. As one operator told me, "SMS revenue is top-line revenue with almost zero costs. You would do anything to protect that." That's what we help with. They also have issues with customer churn and customer acquisition. Our solutions fit in to help service providers across the board. Let's listen to what customers think about us in network security. Let's start off with that.
My name is Abdullah Al-Barwani. I'm the General Manager for the cybersecurity division at Omantel, which is a national telecom operator in Oman.
The program that I'm responsible for is to manage cybersecurity risks in both IT and telecom environment. And the way we do that is we adopt the best practices, international standards and frameworks, and to implement the right technological controls to minimize the risks. And we also have a 24x7 security operations center that is responsible to monitor and to respond to security incidents, shall they arise. So for a typical telecom operator that has services in mobile, fixed, wholesale, and satellite businesses, we see a very dynamic cybersecurity environment. So one of the things that has increased the threat landscape for us is the adoption of the 5G networks, which means now we have a wider attack surface. We have a wider attack surface from IoT devices as well that is also linked to those networks.
We see now, of course, with the increased dependencies on third parties and cloudification of many services, things like the zero trust architecture becomes super important because it's the only way to guard devices and users, especially third parties, who are allowed now to access our networks for different reasons, including development and L3 support. So we did appreciate, and we still do appreciate the work that Enea is doing to contribute to the industry. And what we particularly like about Enea, of course, I mean, we've gone through a procurement process where we evaluated Enea against their competitors in the market. So our evaluation includes technical and commercial aspects. So on the technical front, we're very happy that Enea perfectly meets our business requirements. They supersede their competitors in this regard. Commercially, they are also quite reasonable comparing to many of the competitors.
We like their perfect matching of our business requirements. In addition to that, we like the adaptability of Enea's solutions. So we've been with Enea for more than five years, and we see new use cases that develop based on new threats in the market. And Enea is always ahead of the game. They are always adapting to these new use cases in an easy way.
Okay. We heard from one of our customers extremely important messages within this, in my opinion. You heard that we are there to help them solve their issues, their challenges. We are there, and we are adaptable, flexible. We're listening to our customers. We're coming back with value. We are there not only for the risks of yesterday, not for the risks of today, but the risks that are coming tomorrow. Extremely important. This is an ever-evolving area.
Technology is changing by the day. Risks are changing by the day. Signatures are changing by the day. We are there to always be ahead and be able to help our customers. We talked about Telecom Egypt before, but Telecom Egypt was very important. It was a risk. A customer came to us, and they said, "Our VIPs, high-profile individuals within the country, are being spoofed." You know what that means? Any one of you sitting there, you get a call, "I'm the Prime Minister. Do this." It's national security. Now, our team was there working with them, understanding their network, and was able to come up with a solution within weeks to help them prevent, stop that risk, and we are working with them now on the second phase. We're working with them on other security threats, and why are they working with us? They trust us.
We help them in the time of need. Our solution was adaptable, and we were able to do that. Another customer in the Middle East for a number of years. We had a crash course on SS7 today. We started with them with SS7. We went on, did GTPC. We did Diameter. Over 11 million potential threats are blocked monthly. They are using our threat intelligence unit. That's big. Once voice threats came up, what did they do? They came to Enea. "We trust you guys. Give us voice." 150,000 potential threats are blocked daily. We're growing our business with them. We started off. This is a group. We started off with the first operator. We grew what we are doing with them. We're growing the use cases. We're already in the second operator, in the third operator. We're landing, and we're expanding.
Now let's shift gears a little bit.
Talk about the other threats. Talk about the revenue lost, increased spend, customer churn and acquisition. What is happening over there? 5G is coming in. Excellent. Operator has to spend more. Where's the revenue? We have to help them be able to manage their spend, protect their existing revenues, acquire new customers, and prevent churn. Our solutions go in and help operators with that. This is another operator. We announced it in Q3 2024. They have a big problem. Their ISP costs are high. We've been talking for years about our solutions and optimization in RAN and others. We're doing it here on the ISP side. They have $25-$35 per mega to transfer data to their customers. It's unsustainable. They came to us. We worked with them. We found a solution. We are saving them over $3 million a year.
There's a direct return on investment on the solution. Not only that, we're helping improve the quality of experience for their customers. We are helping them with the same solution to go into new use cases in fraud detection, zero-rated fraud detection, and reseller detection. This is the first operator within a group. We're already talking to the second and the third. We are growing that business. This one I'm very excited about. It's a little different. We have a customer for a number of years. They want to be the best operator giving quality of experience to their customers in country. For many years, you look at Ookla tests, you look at other tests, they are number one. Is that enough? No. They wanted to ensure that they can get to their customers, give them coverage anywhere in the country.
They can't build a network around to do that, so they said, "We'll go to space. We'll go with Starlink," and they provided connectivity to their users using Starlink. Now, what is the problem there? It's expensive. How am I going to give connectivity to all my customers with very expensive tariffs? It doesn't work. So they needed a solution to ensure that they can give critical connectivity to their users at affordable prices. Our traffic management solution comes in to help create packages catered for critical communication using Starlink across the country while improving the quality of experience. Again, a solution to a problem that an operator has where we step in to help. Why this is exciting? We started with the first operator. If we look in the press, Starlink has already signed up with six different operators, and this will continue to grow.
So we have agility within our solutions. And we keep growing that. Now, where are we going? We have a lot of opportunities across the region. I'm not going to give any numbers definitely today, but it's exciting. We are sitting with the operators, finding, listening, and coming up with value. And I will continue to do value.
Perfect. Thank you, Amor. So just to be clear here also, the last two opportunities you talked about were actually traffic management-based. Correct. So I know that's one of your favorite products that we haven't talked about in the early presentations, but that if you read the press release two days ago, it was also a traffic management win. Tell us why traffic management is such a great product.
Traffic management. I describe it as a toolbox we give to operators and tell them, "You can use this toolbox to solve issues you have. You can improve quality of experience. You can do savings on your infrastructure and sweat out your network. You can understand your customer behavior." We're talking about AI. AI is a very important subject. Everyone is talking about it. Our solution is sitting in a place in the network where we can see and understand the quality of experience, what traffic and where customers are going, the personas, to give the operator the means to better quality of experience, to give the operator the means to operate their network, to give the operator the means to understand their customer's persona, to give differentiated packages to their customers and grow their customer base, so it works.
It works. It's a perfect product for land and expand.
Definitely.
It's actually where the expression comes from. Just stay here for a second. So we've honed in during this afternoon on a security business. So Jean-Pierre and John talked about the security business, but within Enea, you also get traffic management. Think about that. You have this whole security business, and you have the traffic management business.
May I add one thing, Anders?
Of course.
I apologize. The spread of our technology differentiates us than others for a specific reason. We've been talking about messaging this morning. We talked about SMS. We talked about how we're helping protect revenue. But it's also moving to WhatsApp business. It's moving to RCS. Technology is moving. Our product portfolio spans across and is able to complement each other to always be there and give the solution to our operators. I apologize.
No, don't apologize. But because this is like buying.
Do you know what else you get with Enea? The cybersecurity portfolio, the traffic management, the Wi-Fi opportunities, the OS opportunities that we closed the deal with yesterday. Jean-Pierre closed that deal. We announced it this morning. Amar closed the deal we announced a couple of days ago. But what do we get more than this? We don't have time to talk about it, but we also get our Stratum product on which we closed in the beginning of the quarter the biggest deal in modern Enea history, a $27 million recurring business for the coming three years, of which 22 are committed. So it's in the bank. The 22 million, it's not in the bank because it's not paid yet, but it's signed. But at the end of this, between $22 and $27 million will be in the bank account of Enea. So Enea is not only cybersecurity.
It's not only cybersecurity and traffic management and Wi-Fi and Stratum. It's the whole thing, which I think is so amazing, but it also puts a requirement on managing this company because we can't do everything, then the result will be little. We take it step by step, but when we meet again in a few years, don't be surprised if some of these other products have taken the lead. Amar, what do you say about this?
I can say there's a market.
But you're not allowed to sell it.
Soon.
Soon you will.
Yeah.
Let's hope so, so you know the decision here. We had some issues with it a couple of years ago. We focused on the resource. We managed to deliver the product so that the customer was so happy, satisfied. They signed this, and gradually, we might open this up going forward.
But this is not the focus of today. I just felt that we can't have a capital markets day and not talk about the biggest deal in the modern history of Enea. So with that, thank you so much, Amar.
Thank you.
I would actually like to now spend a few minutes on questions to Osvaldo, John, Jean-Pierre, and Amar. And of course, if you have a question for me before we jump into the numbers. So who has the mic? Håkan. Hannah. Anyone? Yeah. We have Frederik. And Osvaldo, Amar, John, and Jean-Pierre, please. We'll open up another window for questions at the wrap-up, but let's take some of the questions now.
Thank you, Frederik Littmarck from Handelsbanken. I'm not sure if this is working, but I'm trying anyhow. I was curious.
I think John, correct me if I'm wrong, on the firewall side, we talked about the gray traffic on the A2P and the CPaaS ecosystem, and the gray traffic has been talked about for anyhow the last 10 years, and it has been a big problem. So, lifting and giving a little bit more perspective on how you have during this time period been able to control it and push it back or minimize it, or is it still equally a big problem? Is it still the same volume? So, are you just chasing the bad guys over and over again, or how does it work? Thank you.
So, can you hear me okay? Yeah. So, the problem has been around for many years. It's something we've been securing with some of our customers for all those years, but it's continually a problem.
Trying to decide how best to describe this. The ecosystem from the brand, so the enterprise who wants to send the message originally to the CPaaS, who are in the middle, and then out to the operator and the subscriber. There are actually tens and tens of what we call aggregators, smaller companies sitting in the middle of that flow. Their costs squeezed. They're trying to find the cheapest way to deliver that to the end user to get their one cent maybe per message out of the flow. Those are the companies that I suppose we can call the problem. They're the main problem. They pop up. They disappear. They're continually looking for profits. They're the ones that are difficult to control. The problem doesn't go away. It's continuous because they're always under pressure to make money. As I said, new ones pop up.
They're trying to make money. Everyone's offering the best deal. Come with us. We'll give you the best deal for delivering your messages, and in actual fact, the originator, the brand, by the time their message is delivered, they have no idea how it got there because of all these different players in the ecosystem, and least cost routing is a way that this is done, but like I said, there's no control over how these messages go, so by the time it gets delivered, maybe there's one bad egg in the flow that's delivering it on a route that they shouldn't deliver it on, and that's where we step in, so it's still a problem. It's been a problem for many years. The example I gave earlier of $50 million per annum, that's with a customer that we've been with for 8 to 10 years.
And the problem is still there. It's not going away as far as we can tell for the foreseeable future.
Thank you, John.
Thank you. Simon Granath here with ABG. So I had a question on AdaptiveM obile. You've had this business since 2021. You have only recently given us detailed revenue breakdown on at least how much your cybersecurity revenue comprised. And the latest growth rates have certainly been strong. But my understanding is that the growth rates were a little bit more lukewarm in 2022, 2023. So can you talk a little bit what has happened over the past 12 months? Has something happened in the market? Something happened with long sales cycles or something with the product offering?
Well, again, I would go back. There's a few different dynamics at play. One of them is what we just talked about.
We didn't focus on this gray route business, the A2P monetization or the acquisition, actually before I became head of the business group in 2022. It's something I immediately felt passionate about. I knew a lot about this space, and I wanted to go after that. So that's something that has certainly helped us to grow our revenues. And as I said, it's helped us build that solid foundation of recurring revenues from which we can go after other businesses. And then on top of that, yeah, we're seeing growth in the Middle East in particular. We saw some really good deals, upsell deals to existing customers in the signaling space. And that's also helped to drive our growth over the last 12-24 months.
Thank you, John. So Håkan, there's a question here. Thank you.
There is a saying in the world of telecom, if not in overall life, "Centralize what you can, distribute what you must." And that, I think, we can take to the art of security also. And that begs the question, where do you draw the line? Should security in the longer run be embedded very, very far out in the network in order to assure security also within the smaller loops, so to say? Thank you.
I can start on this one, and I might hand over. So you answer, and we have to. Yeah, sure. I might hand over to Osvaldo. Our solutions today, they sit at the edge. So we're depending on the solution that it is, but predominantly at the edge. So we're looking at interconnect traffic and trying to protect this.
We actually launched at MWC last year a solution we refer to as our overlay solution. And that's to address exactly the point you just made. And what we're looking to do there is put probes on different elements of the network, distributed probes on different elements of the network, which report back centrally to say if there's anomalies or vulnerabilities. Because especially when we move into 5G with network slicing, the trust and the threats don't just come from external sources. When we move into 5G, they can come from within. So yeah, I hope that answers your question.
Thank you, John. So let's take, well, one final question here.
Thank you. Daniel Huber, Handelsbanken. Question to Osvaldo.
You mentioned that your solution is embedded in many other companies' security products, and you talked also about the potential that you will bring your own more comprehensive product, I guess, to the end market instead of as an embedded product to others. Is that correct? Understood. And can you give us any time frame and any indication of what markets you will go after? Thanks.
Yes. Okay. Very good. Thank you for the question. That's correct. So far, what we have done is to embed our technology into some companies, like Jean-Pierre mentioned the case of Zscaler. In that case, Zscaler have to take our capabilities and to put it in their own code and to put it in the product and to go to market.
What we are exploring is to go directly to market with some product that we call a known code, basically, that they can manage. Security service providers can take on without having to do any coding. So basically, it's a way for us to expand to an adjacent market that we think that there is potential.
Okay. Great, so thank you all, and thank you for the questions, and again, we'll open up the next window at the end of the day. Great, so now we'll switch gear, and we'll talk about the numbers a bit, and to do that, I would like to invite first Ulf up here. Ulf is our CEO, and many of you have met him. Ulf also joined Enea through an acquisition, and I guess you can see a pattern here. We managed to secure some great people.
We make them comfortable in Enea, and sometimes we promote them, but more important, we manage to keep them working for Enea and contributing to our success. So Ulf, can you please share a bit about your background and how you felt being acquired by Enea?
Sure. Thank you, Anders. And a little bit of my background. I spent some 10 years with Ericsson, different financial positions, but also as a design engineer in the beginning. And maybe on the interesting side, also as a sales manager for Ericsson test equipment. So I end up spending a whole day in a back seat of a car in Singapore trying to convince Intel to buy our Ericsson's test equipment. So I have spanned responsibilities within Ericsson, but mostly within the financials.
In the beginning of 2000, I was part of a founding team founding Aptilo Networks that was later acquired by Enea in 2020, and Aptilo was growing from 0 to SEK 120 million in turnover in 20 years. So it was a long ride, but very interesting. And how was it to be acquired? Yeah. I think Enea was very professional in the M&A process, and we felt that we had very clear objectives and targets, and the integration process went very smooth, and it felt like Aptilo actually found a home for the company within Enea and where both competence and profitability could be utilized in Enea Group. And I think that is really key coming in as an acquired company to feel like we actually can contribute in many different ways.
All right. Thank you for that, Ulf. And it's really great to have you here as well.
So please take us through our first nine months 2024.
Thank you. So a little bit of a revisit to the nine-month report. We reported a net sales of SEK 653 million with an EBITDA margin of 33%, ended up with a net debt of SEK 170 million. For the nine months, we reported SEK 2.34 earnings per share, and we had an operating cash flow of SEK 176 million. On the cost side, we spent 24% in relation to sales on R&D activities, which is very important for, of course, our future sales that we have products that are competitive. Diving down a little bit more on the sales side, the nine-month sales is divided by these different shares. And as you can see, security and network have similar size in terms of volume, but we have a little bit different characteristics.
The security area has a higher share of recurring revenue and a higher share of secured business already in the beginning, while the network area has a more scalable model with the larger projects, but with a very high margin, so they are a little bit different in terms of financial characteristics. Looking at the growth, we had double-digit growth in our focus areas for the first nine months. In total, 11% organic year-to-year growth for the first nine months, and looking at the security business, we could end with 13% year-to-year growth for the nine months. And this is achieved through solid customer base, continued order capacity, and functionality upgrades, so the base is actually very important, and we see that our current customers want to expand in capacity as well as functionality and buy upgrades.
Of course, new products generate new business, and we have a high share of recurring revenue, which gives a stable, predictable revenue within this area. For the network business, we can see 9% growth, year-to-year growth for the first nine months, and despite challenging data in this area, posting a nine-month growth is just shy of double-digit, so we are very proud of that figure as well, and here as well, we have a very loyal customer base, and also with capacity upgrades has helped us to meet this growth figure, and we can actually also tick off several new customer wins over the last six months, so a combination of current customer base and new wins with new customers. This leaves us with a stable 33% adjusted EBITDA margin over nine months.
As you can see, it varies a little bit between the quarters, but the red line here indicates the rolling 12-month EBITDA figure. We are just now at just shy of 35, 33%. This is achieved by, of course, growth on the top line, but also as a result of the changes we made and introduced in 2023. Operational expenses were reduced by some SEK 30 million, leaving the operational expenditure going from SEK 390 million to SEK 368 million. The total cost is a combination of, of course, change in depreciations and amortizations, as well as change in the capitalization of R&D expenses. Looking at gross margin and EBITDA margin, we are quite stable on a 78% gross margin. The share of gross margin is distributed as in the left pie chart here.
So, we're quite equal in gross margin between security and networks, and the gross margin contributed from OS is about 9%. And the gross margin or the cost of sales in Enea is mainly built on cost for staff. So, we are quite fixed in that perspective in cost of sales. That means that the gross margin will vary between if the combination of sales is more software or if we have recurring revenue. Security area is slightly above the company level with embedded security solutions, which are a little bit higher in gross margin. And the gross margin will vary depending on revenue mix. If you have a better or higher mix of software, it will report a higher gross margin. Then, looking at the EBITDA, so the total EBITDA is distributed between the segments like this, higher on security.
The big takeaway here is that 83% of the total EBITDA is generated from our focus area. Looking back 10 years, you could say that the OS was probably 83% of the total, at least. Now we actually are in the other way around. A little bit on the cash flow. This is from the Q3 report. We reported a profit before tax on SEK 44 million. We have a quite large share of non-cash items of SEK 135 million. That takes us to SEK 176 million in operational cash flow. That cash is spent on, first of all, investments in our products, capitalized R&D, but also with the buyback program that we're buying back shares from the market. Finally, we have made some amortizations. The nine months in total cash flow was reported SEK 12 million positive.
Yeah.
I think so we'll again come back to this at the wrap-up, but our business now, there are some challenges and opportunities in the business also from a financial perspective. It's not only about reporting the numbers. It's also about managing the business from a financial and legal perspective, and you are in charge of that, so can you share some details of that, please?
Yeah. We have worked quite a lot with control of cash collection. And I think we have made some progress. I think it's really important to always leave Enea with some leverage to keep the leverage in a customer relation until the project is finalized. In many cultures we are exposed to in the world, the negotiation doesn't stop when you sign the agreement. The negotiation stops at the payment, and this is a very interesting and very challenging environment.
But exposed to that environment, you need to keep leverage in the delivery to be able to actually put some effort to and put something against the argument that customers try to postpone payment. Yeah.
And this is actually also when you look at this slide, so what we've done is we've used SEK 100 million of our cash surplus to improve the net debt position and buyback shares during the first nine months of the year.
Correct. Yeah. That's a company that creates cash flows. That's for sure.
All right. Thank you, Ulf.
Thank you.
You will be coming back later. But for now, I would like to say thank you, Ulf.
Thank you.
And I would like to dive a bit deeper into what's under the hood of these numbers.
Because one thing is, again, you see the rolling 12 months, you see the quarterly numbers, but you need to look at it, I think, with a slightly bigger perspective. And the biggest perspective is, of course, that 10 years ago, this didn't exist. Only the OS part existed. 9% of our business that we have discussed today existed. That's kind of interesting. And to help me drill down into these numbers, I would like to invite Håkan. Håkan joined Enea back in 2009. And he worked with me as a corporate development and later CFO when we were trying to sort of find this business beyond OS. But you've left Enea, Håkan. Why are you here?
Well, since I left at the end of 2018, I moved back from the U.S. to Sweden with my family and been doing a little bit of CFO work and consulting.
And since one year, roughly, I'm back supporting Enea on a consulting basis. And that feels actually great.
Yeah. Isn't it great to see Jean-Pierre, Amor, Osvaldo, and all these people, John, delivering these beautiful results?
Oh, yeah. I mean, it's absolutely fantastic. And this is, again, a journey that was initiated many years ago. And still, we're early in the big book of Enea. Early chapters are still. Yeah.
Why do you think we've managed to keep all these great people?
Well, I think there are a couple of reasons here. First, the acquisitions that we made, I mean, clearly, it's about the people. On both ends, I say. Good people is sort of a must. And we have great people both in the acquisitions and on the sort of receiving end here.
Second, I'd say the business model or the integration model, and we touched upon that, whereas centralize what you must to distribute what you can, that was a good one.
If it was.
Okay. The point is this. What we do is we balance a global sort of integration model with keeping strength and leverage on the local level. That balance, I think, is very, very important. Third, I'd like to just add the culture. The people here are very loyal, loyal to the customers, loyal to each other. There's also a great performance culture. These guys like to win. That's also what I think is really important why this works.
I couldn't agree more. Let's jump into the numbers, actually. We skip this because we don't have time. Here, I know that you have something to add, Håkan.
Yeah.
I mean, when you look at the couple of comments then to all this, looking at the top line of Enea, you might look at this. This is a sort of flat business, but there is lots of action going on underneath the surface. So we had a declining legacy OS business, clearly a challenging 2023. We have sort of repositioned the efforts in the focus areas, adjusted investments, and put more efforts into cybersecurity, and also accelerated recurring revenue. And we'll touch upon this. Clearly, the dilution from the declining OS business is coming to an end. Think about this, that in 2015, this was the SEK 331 million revenue business. Now, it's single-digit% as a percentage of the total net sales. Looking at the focus area, as we have heard, we had double-digit growth in these focus areas for both 2022 and year-to-date 2024.
Again, 2023 was a little bit rougher, but very important. We had 15% recurring revenue growth within the focus areas during that period, and over all this time period, we have been propelled by the security growth, so you have an average growth rate here of 14% during these 2.75 years. Now, not all revenues are equal. We've been touching a couple of times here on the recurring revenue. You know all about recurring revenue, repetitive revenues that are typically time-based, such as subscriptions, support and maintenance, time-based production license, those types of things. During the three years, Enea's recurring revenues has grown from 50% of total net sales to 70%, and that's remarkable. Now, remember that the legacy business is 100% recurring, so how do we do in the focus areas?
We've been growing recurring revenues at an annual growth rate of 12%, and the share is now up to 67% in these focus areas. Looking at this on the annual picture, the total annual recurring revenue of Enea is currently, on a 12-month basis, measured end of Q3, SEK 600 million, which represents 67% of net sales. The majority of this, and a growing majority of this, comes from the focus areas. I think this is very, very encouraging in order to sort of think about future growth. Moving on to profitability. Three-year performance of EBITDA, I believe this is a relatively solid picture. We hit 34% adjusted EBITDA, 34%, and 33% year-to-date. About half of the quarters, we were actually above the financial ambition. Almost there, but clearly above the guidance for this year, which was 30%. Cash flow is an interesting measure.
And when you look at the cash flow statement, many of your analysts here, the way I like to look at this is to sort of understand what is actually the raw business producing here. So what I did, I took out the changes in working capital to sort of get away from a little bit of the volatility. I adjusted for non-recurring items. I adjusted for unrealized FX effects. This tends to go a little bit up and down to get sort of to the raw business cash flow. And you see here that we're trending at annualized level of, let's say, 170-200. I'd like to say that Enea produces cash flow of SEK 200 million a year, but okay, 170-200, which is roughly 20% cash margin on net sales. And I think this is fantastic.
If we extend the time period and, looking at the five-year, now in this picture, I choose adjusted EBITDA less CapEx, something that Rasmus at Redeye refers to as EBITDAC, and you'll see also here. I believe this is a solid profit delivery. Normalized level, I'd say, is between $200 million and $240 million a year. Redeye's estimate for this year is 215. So again, a solid performance. However, if you map this with the share price, you'll see that things are not as solid referring to the share price. The interesting thing with this chart is that you both have the EBITDA less CapEx in millions of dollars and the share price in SEK on the same chart, and you'll see there that we clearly experienced a multiple contraction in 2022 and 2023. However, we recovered a little bit, so where do we go from here?
In order to sort of address that, I would like to introduce a reference point. That reference point being something referred to as the Nordic SaaS peer group, software as a service peer group. This is a group of 41 companies that is covered by, among others, Redeye on a quarterly basis. 41 companies with, I'd say, a varying degree of SaaS features. As you'll see here, Enea with 70% recurring revenue, we have, from a business model perspective, clearly some significant SaaS features in that aspect. Okay, so one of the measures that this group is measured on is something called the rule of 40. I'm sure most of you know what this is, but it's a combination of net sales growth and profitability, and sort of the concept goes that being a healthy SaaS company, you should ideally have a combined net sales growth plus profitability above 40%.
If you run this for Enea with, let's say, 11% year-to-date revenue growth focus areas, EBITDA year-to-date 33%, less CapEx 10%, you're at 34% rule of 40 score, 34%. Okay. This group, on average, is 13%. So when we look at this group and sort of try to position ourselves from a rule of 40 perspective, we end up in the upper half and more or less exactly in the middle of the upper half. The upper half has a median rule of 40 score of 32%, and we are at 34%, so slightly above. That's the introduction of the reference point. So where do we go from here? Well, it's actually up to you. The story goes, you should never comment on share price, right? So I will not do that.
I will only stick to the facts and give you some data points and leave the opinions to you. Going from below and up, 2023, SEK 57, Enea's volume-weighted average price during 2023, SEK 100, that's where we were at least a couple of days ago. 2022, somewhere between SEK 25-SEK 130, the average price that year. If we apply now the median enterprise value to sales multiple of 3.6, back to this peer group, full peer group, median multiple to our revenue as estimated, again, by Rasmus, we're somewhere that would mean that the implicit share price would end up at somewhere around SEK 150. Again, two data points being the historical average prices. But remember, I said, we match actually perfectly well with the upper half of this peer group as we score 34% versus 32% being the median score of the upper half.
So here, I'd applied the group median on enterprise value sales of 5.7. I applied the average enterprise value sales multiple of this upper half peer group of 6.5. And finally, I'd applied the implicit EBITDA to EBITDA multiple of almost 40 of this particular peer group. And you'll see what that sort of means implicitly, multiplying these sort of key figures with the relevant metrics of Enea. Again, data points, and I will leave the opinions for you. Thank you so much.
Thank you, Håkan. So before we hand over the responsibility of opinions, you being an outsider now, what's your own opinion on this?
Well, for me, the good news is actually this: that the dilution is coming to an end. Recurring revenue is on a decent level. And to me, that gives me comfort that we have a pretty or actually very good future.
So I feel good about this. I have some share some out.
Okay. Thank you for that. So with that, thank you, Håkan, about this day. Ulf, if you can please come back here. And Hannah, if we could open up for some questions on the numbers, please. Ulf.
Okay. Thank you again. And thanks for the presentation. I forgot to mention that earlier. Simon Granath here with ABG again. And I was wondering a little bit on your financial targets here. You're targeting double-digit growth in your target areas. Do you feel like you have the capacities in place to achieve this regardless or not, whether the market improves? And I say this in wake of the recently still lukewarm telecom market. Thank you.
Yeah. So thank you for that question. And I will come back to that, actually.
But let me try to answer the question anyways right here and right now. So that's nothing I would like to commit to at this point in time. So it's still another culture of Enea and something that we want to instill in all our operations is that to overdeliver, not to overpromise and under-deliver. So I cannot and Enea cannot nor predict the market or change the market. The market conditions are, as you rightly say, we feel them too. It's slightly lukewarm. But we are operating within that market. And I don't think that there are some great niches in that market that we are addressing. But the overall market is a bit lukewarm. And so that's why we're still holding on to our snuttefilt, the focus areas. 10% OS. It's still 9% or 10% OS. It's still slightly below 100 million.
And with that going down at 18%–20%, it is still diluting the numbers, but it will come down further over the next 12-24 months. So the answer is today, we're not going to change the numbers. And we're not going to give you new numbers, new ambitions, new guidance. But the long-term ambition we have is very well within reach. And we've already been there in our focus areas. So that is the answer I will give you on that.
Thank you, Fredrik Lithel from Handelsbanken here again. Thanks for all the presentations. Very interesting to listen to. I wanted to come back to your strategy, the E3 with evolve, enhance, and expand. And you are around 650 employees total, and you have great positions in several subsegments.
How are you going to sort of choose where to invest your R&D capabilities in order not to make you too thin on new areas and all of that? So how do you prioritize your money?
Yeah. So thank you, Fredrik. That is, of course, a million-dollar question and one of the key questions we're working on. We don't lack investment opportunities or requests for investments. On the contrary, we have loads of them, and we took a slight wrong turn here in 2021, 2022, where we overinvested in our own product development, not based on that there wasn't opportunity, but we just simply couldn't deliver on all the opportunities at the same time.
We have a thorough investment board process that Osvaldo and his team is leading, where the majority of our 24% R&D investment goes into the day-to-day improvement of the products, more or less in accordance with what we've already sold. Then the enhancement is also going through the product management process of what of all the requirements we have that we can prioritize. Then the smallest portion goes into adjacent markets, new things. That's a small part of the 24%. As long as we are here, we're going to keep that a very tight process. Both the sales side of things as well as the R&D side of things to keep that a tight ship and invest, but not think that we can sort of invent the most fantastic product never yet invented, because that is simply not Enea.
That's the work of other companies. Do we have?
Thank you, Don, and you, Handelsbanken, again, and also thank you for a great presentation here today. I was thinking, Anders, if you could comment a little bit more on your current M&A strategy in terms of adjacent markets, but also we heard that decryption must be quite important nowadays. We have quantum-safe networks, etc., being sold by some suppliers and so on that should make the network more safer. Just your thought on the white spots.
Yeah. No, but of course, so thank you again, and this is an adjacent question to the question from Fredrik, so we do not think, and I do not think that we should pour hundreds of millions in own R&D to invent the things not yet invented or to invent things that someone else has already invented.
I think we should improve our own product development, and we should enhance it, and we should add what you've heard, a lot of things today about AI, and then gradually improve the product, and instead, we want to increase the portfolio with acquisitions. We've done that successfully, and that's the reason why we, again, can present the company we're presenting today, but we don't want to become an acquisition machine that we have do two, three acquisitions a year and just pumping up the numbers. We want to do strategic acquisitions. We want to be able to integrate them, and when it comes to these acquisitions, it's about channel to market. It's about geographic distribution, but it's also about product, and when it's about product, it's very much so that it is within the cybersecurity space that we would like to strengthen our portfolio.
It's also very much in security outside the telecom operators. So if we meet again in 24 months, I hope that Enea has an even stronger security portfolio, and we have an even stronger operation outside the operators. But I don't want to give you a product. I don't want to give you a white spot. And even that would be weird. So I cannot answer, and I wouldn't want to answer that part of the question.
Andreas Jorsson, Carnegie. Thanks a lot for this. I will have a follow-up to Handelsbanken's fine questions. What is the risk that you have too many focused areas? There has been a lot of examples of companies with too much or too broad product portfolio. So how do you make sure that you have the focus and also how you get the synergies out of the various products that you have?
Thank you for that, Andreas. Yeah, those are very well-connected questions. And for me, it's like I can argue it's what I'm doing, actually. Besides trying to create a winning culture, I'm trimming my hedges. I'm trimming all these beautiful ideas and wonderful thoughts about new markets and new initiatives that are coming from salespeople, great salespeople with great ideas and great initiatives. And they back them up with, "Oh, this is a fantastic opportunity," as well as great engineers and great product managers with amazing products they want to develop. Because I know that was really embedded in your question, that if you have too much focus, too many focus areas, you don't have enough focus to win. And at the end of the day, that's what it's all about. It's not having a great portfolio. It's about winning the deals.
And in a software business, it's very much about winning deals. And in a dull market, it's even more about winning the deals. Because in our industry, if we bid for a deal and we win it, that money is more or less 100% contribution, at least plus 80% contribution. If we bid for the same deal and lose it, it's zero. So there is no price for the number two. And this is a message that I've been preaching all the time. And the way to do it is, first of all, you need to sort of align that that is your opinion. And you need to select a management team that appreciates this and understands this and can run with this message.
If you tell them that this is not like the discussion with Omar, it's not like Stratum cannot create opportunities, but we cannot afford to have more Stratum opportunities right now. Because most certainly, we wouldn't win them against the big guys. And if we would win them, it would dilute our efforts to secure the customers we have. So sorry, I know you have opportunities, but you're not allowed. Focus on traffic management and our firewalls business. And Jean-Pierre, focus on our embedded security products. And so how do we secure that that's not happening going forward? Well, you have to secure it. No one else will do it for you. Because if you leave the organization running, you will have a mess, I guarantee you. That's my best answer. All right. Anyone else? Let me check here. And if not, yeah, we actually have a question here.
Your long-term ambition is including M&A, or is it pure organic growth, and M&A will come on top? Well, the long-term ambition is the organic development of the company, and M&A will come on top. That's the answer. So okay, we will now also have the opportunity. You will have the opportunity to meet our incoming CEO, Teemu Salmi, and he will present himself, and then you will have the opportunity to ask a few questions if you have any. All right, should we try to thank you, Ulf and Håkan? Thank you and welcome, Teemu.
Thank you, Anders. Can you hear me? We can hear you very well. How are you? I'm very fine, thank you. How are you? I hope you've had a great afternoon.
Yeah, we're fine, thank you.
So I just said, maybe you heard that, that I will now give you the opportunity to introduce yourself, and then we'll take any questions from the audience here. So please, Teemu, go ahead.
Thank you so much, Anders. And good afternoon to all of you. And of course, in the perfect conditions, I would have wanted to be there physically myself today on stage with you. But I am also, of course, engaged in another job right now. And I have, right now, actually, a customer event ongoing in Helsinki, Finland. So that's where I am physically right now. But yes, let me give you a short introduction of myself. Teemu Salmi, Finnish name, as you can hear, but Swedish citizen. I'm born in Finland but lived outside of Finland for most of my life.
Now, actually, the last two and a half years, for the first time in my life, worked in Finland as I was recruited as CEO for Finland's and one of the biggest cybersecurity consulting companies in the Nordic called Nixu, a stock-listed company when I joined. And it's been a journey since I joined. We've been acquired. We've been taken off Nasdaq here in Helsinki. And now I'm actually in the process of integrating three companies in the cybersecurity realm that DNV, Det Norske Veritas, has bought. And I'm currently CEO of those three combined companies that we call DNV Cyber. A little bit about my history. Before I joined Nixu two and a half years ago, I spent five years at Stora Enso in the forestry industry as the group CIO and head of the digitalization agenda there.
And also in parallel with that, I was also the managing director of a startup business we had with some consumer products that we were developing. And prior to Stora Enso, I spent a big time of my career, 18 years, with Ericsson. In Ericsson, I held various positions, mostly in the services space. And the last four and a half or four years of my career in Ericsson, I lived in the Middle East. I lived in Dubai, and I was responsible for the security services for 23 countries in the Middle East and Eastern Africa. And the last year of Ericsson, I was responsible for the business of a business unit called IT and Cloud at that point in time, selling and delivering IT and Cloud services of the Ericsson portfolio to the same 23 countries I was running services for prior to that.
I'm a systems engineer as a background, but I haven't worked so much with software development in my life. I actually quickly jumped on the leadership track and held various leadership positions in different industries during my career. Next year, when I join Enea, I will turn 52. So you have my age. I live in Stockholm, actually. Right now, actually, I live in Helsinki and Stockholm, but I have my family in Stockholm, in the southern part of Stockholm. So looking much forward to moving back home and jumping on the job with Enea. And I really look forward to that 1st of April next year. South of Stockholm, I live with my wife. And I have, well, I almost said two kids. They're not kids anymore. They're 20 and 14, but that's still my two young beloved ones at home. I'm a bit of a sports geek.
I love making sure that I keep myself fit, and I'm a runner, so when I'm not working, I run, so I use my energy 24/7 to something, at least. Yeah, a little bit about my history and who I am, and very much open for taking any questions from the audience, even though I can't see you in the audience, but still.
All right. Thank you for that, Teemu, so do we have a question for Teemu or two?
Hi, Teemu. Simon Granath here again with ABG. Thanks for the introduction to yourself. I was wondering, what in particular do you see in Enea and what do you seek to bring to the table, and then I was wondering if you have any learning experience that you might summarize from being at a company that had been acquired. Thank you.
Thank you.
I heard Simon, and then I had a break for 30 seconds. I'm really sorry, Simon. Can you repeat the question? I apparently had some bad network hiccup here. Sorry, but can you repeat the question?
Yes, yes, of course. No problem at all. I was just wondering whether you could summarize on what you seek to bring to the table to Enea and also which learning experiences you might have from being at a company that had been acquired previously. Thank you.
Well, I think that what I can bring to Enea is quite a lot of learnings from the cybersecurity area. I've been working quite a lot with cybersecurity before. And especially now in my last two and a half years leading a cybersecurity consulting business of 500 people, I think I can bring quite a lot of learnings from that.
And of course, also from being on the other side, being a group CIO for five years as well, and that enterprise thinking of cybersecurity. And then, of course, also I think I can bring quite a lot of my telecom experience from my Ericsson time. This is like coming home for me, coming back to Enea. So I hope that. And of course, combined with that, quite passionate leadership. I think also, and I hope that I can bring my passionate leadership also into Enea, and then sprinkle that with quite some M&A experience that I've been having right now the last year and a half, been going through with myself, being now part of a company that has been acquired and now going through quite a major integration of three companies into one. So you said learning experience from that.
I think some of the learning experiences are to be a bit humble and to be proud of the history of all the companies that you acquired. There's a lot of competence and capabilities, and you need to make sure that you bring the best of these worlds together while you, at the same time, are building one new company, right, which is also important so you can reap the benefits of the good things of whatever you're bringing together, right? But that I have been working hands-on with now here for the past year and a half, and I hope to be able to bring that as well with me into my Enea job.
Thank you, Teemu and Simon. Anyone else? This is your last chance before March 31st. Probably not, but okay. Well, thank you so much, Teemu. Thank you for making the time to call in.
It's really appreciated. And we look forward to you coming on board 1st of April next year.
Thank you so much and have a great afternoon ahead. Thank you so much for having me.
Bye-bye. Bye-bye.
Bye.
Okay. So now it's time to wrap up. And how are you feeling? Do you have more questions? Yes. We have some few minutes. So let me again invite Osvaldo, Jean-Pierre, and why not Omar? John got most of the questions last time. So if you have a question for John, he's here. So of course. You're ready, Daniel.
Thank you. My name is Fredrik Lithell from Handelsbanken. A question is to Jean-Pierre.
And it is a little bit on we see some early signs that we have cellular private networks taking off a bit with 5G also and with slicing or non-slicing, also with telcos or without telcos sometimes, but in the enterprise space. So my question is, is this also a deep packet inspection market opportunity, direct or indirect, for Enea and for Cosmos? Thanks.
Yes. Just to make sure that I understand the question, I will answer, and I will see after they have the good answers. Actually, we are seeing more direct, actually, today opportunities, like you say, what we call direct solution vendors, such as these slicers. This is our direct we call it direct selling to the approach.
So yeah, we are seeing it because more and more the customers, they don't want any monolithic solution, less flexible, and they're looking for cost-effective also on the other side. So they want to control their own destiny on the cybersecurity by bringing us. So more flexibility, less expensive, and they're investing a little bit more on the engineering side. So this is the way that this is why we are seeing more opportunities by bringing like in slice by slice, actually. This is the component, we say, on the security feature that the customers are looking to bring into their own products.
Perfect. May I have another question? And that would be, I guess, to John, but it doesn't matter really.
Here's a question for you.
I guess you can talk about it, but that is a little bit on you mentioned initially that you are taking part or working with GSMA on the standard side and that i.e. that you have influence there, and we also now see 5G standalone being finally slowly built globally, and we have some ambitions among operators to have programmable networks, and this is built on the CAMARA organization via something called Open Gateway and so on, and authentication, for example, will be part of this as a network default thing. My question is, if you have looked into this Open Gateway, the 3GPP release 1718, and what it brings to in terms of threats versus opportunities for Enea, a little bit detailed question, perhaps, but yeah.
Why not?
Exactly. It's good to take the opportunity.
I can answer that.
Yes, we are engaged with customers in Europe to work on the CAMARA API. One of the things, in case you are not familiar with the case, what is happening is that networks have been designed for one service, and that is mobile broadband, and that was a very well-defined service for consumer products. Now, in the telco industry, we are trying to repurpose those networks, and to do that, we need an API. Because if you are an enterprise and you want to build a new service on top of these mobile networks, the most efficient way is to do it through an API where you could get services from the network. So there is a definition for that driven by the CAMARA project, and it's a good initiative because I think the whole industry is aligned finally to one single definition about those APIs.
We are engaged with some customers in Europe, and the main reason is because the API is defined in the outbound interface but if you think about the portfolio that we have, we have a very good connection within the network, and what we are doing is to automate the connectivity between the API requests and touching all the nodes that you have in the network, and we are doing a programmable workflow in order to be able to, from one API, to be able to reach out to a wider set of nodes, most of the cases multi-vendor nodes, so we are neutral vendor playing in the native telecom protocols.
Perfect, so yeah, and the last question, I promise, and that would be on the rich communication. You talked about it, that you also do offer solutions there.
You talked about, for example, Google RCS and so on coming in from the side. RCS initially for IMS, old technology. Can your solution be within especially perhaps deep packet inspection, but also in the firewall side? Is it as relevant in RCS messaging as it is within SMS? Or is it a risk that Google takes RCS over the top and brings the security on the level seven, more or less on the layer seven instead of on level three, four, five? Thanks.
Yeah, sure. Definitely, we are working and collaborating with Google on the RCS. I think the way that we are positioning our messaging firewall is as a multi-channel protection, meaning that when we deploy this into one of our CPaaS clients, basically, we protect all the different channels where they distribute this message. We are trying to simplify that for our customers.
So we have one single protection rules, regardless of if that message is SMS, MMS, RCS, or even API calls. That's why we want to extend, and that's what we are doing today. We are extending from an SMS firewall to a multi-channel to cover all these possible angles.
All right. Anyone else? So I would also like to then sorry, Simon.
Yeah, sorry. I'll take one more. And as you and I have discussed many times that you probably add more value than you're able to extract in terms of pricing. So I'm not exactly whom to direct this question to, but how can you describe in brief terms how you make sure that you actually get the value that you bring to the table, so to speak?
So I think I answered the last time that, yes, we bring more value to the table than we're getting paid for. I'm not sure. I think it's a negative all the time because that is how it works. What's the value of a car? Is it the value of the car? Is it the value that it can take you to the job? And that value is different between different people. But what John talked about, and I think it's a really important message here, is that you asked also the question, how come that it seems like your security business is growing? And John took over in 2022, and the guy before John was sort of a pure play security individual that didn't really think that the CPaaS business wasn't revenue that was as good as firewall revenue from the telecom operators.
John saw the opportunity here, and one of the opportunities is actually to get our fair share of what we're creating. So we have a revenue share opportunity. So it's not the big deals that you're looking for, the $2 million perpetual deals that we can announce, but it's a smaller deal in the beginning. But we're generating recurring revenues, and we're generating a revenue share that gives us the fair share of the value. And the same what I was trying to highlight with Jean-Pierre here. It's another example. We're not bringing in the $2 million deals. It might be a $500,000 deal with a startup in Silicon Valley, but that is scaled up by Cisco. And all of a sudden, it's recurring revenues of a lot of money. So those are examples of that.
But going forward, Enea, the way to be able to take a bigger part of the value here is that we need to become a bigger company discussing with the operators and being able not just to sell the product, but to sell a bigger solution that we can price a bit independent of the actual individual product that you can buy from Celsius or from Obilium. But this solution, you can only buy from Enea, and that we can price it more of a value. But that's a journey, and we're not there today for all the products. But going forward, that's certainly an area that we want to explore. Sorry? Yeah, you can add a small one, both of you.
Earlier, something else we did almost immediately after I took over was to look at how we were defining our product management.
And to your question, how we carved up value, how we sold value, and how we ensured that we got the best return for the value we gave, we worked very closely with Osvaldo. He'd already done this in other parts of the business. We introduced value packs. So we carved up our products into different value packs, and it allows us to only sell what the customer is looking for and still give us opportunities to upsell additional value. We probably weren't as stringent on that in our former capacity as Adaptive Mobile. And maybe we gave a little bit too much of the right to use to our customers. They bought our solution. It's so flexible. They can do anything. But now it's very boxed off so that we can upsell the value.
All right. Thank you for that, John. All right.
I also want to take the opportunity to further answer your question, Anders. How do we make sure that we keep the focus and that we are not becoming diluted, and someone might have asked, how do we make sure we create the synergies, and I think behind me here, you have a perfect example on how you try to implement that in reality, so Jean-Pierre here, he doesn't sell traffic management. He doesn't sell firewalls. He's not really involved in that. He lives and dies with the embedded security business. John lives and dies with the firewall business and sleeps about that, dreams about that. How can I improve that, so those are separate business groups focused very much on their own thing.
Osvaldo is having a position where we're trying to create the synergies not by taking over the responsibility of the different business units, but working on a higher level to make sure that we have a corporate strategy that's also impacting the different business units, and I would like to Roland, if you quickly come here, so we haven't spoken about our telecom portfolio today because we don't have time to do that, but Roland is responsible for our business group only working with the other telecom products, so he lives and sleeps and dreams about those products, and he has a P&L responsibility on that, so Osvaldo goes across. These are our business units, and Amar, who runs the EMEA and APAC sales organization, is selling Roland's and John's products.
So keeping the focus, trying to get the synergies but not doing everything at the same time, and with that, killing the different acquired businesses. That's another way on how we implement in reality the answer to the question you asked. Roland, who are you?
Sorry?
Who are you?
Yeah. I think some of you may know me. I was maybe the only one who was there in 2019 on the last capital market day already. I'm also coming from an acquisition. I'm actually based in Vienna, so my roots are Siemens, Nokia Siemens. And I was running the kind of brain on Osvaldo's picture for the last 20 years. So the classical telecom stuff, which is not the focus of today, but still a big portion of Enea's business, yeah.
Yeah. Thank you. All right. So with that, I think if there is nothing further, yeah, there is one.
Thank you. So now you have a great choice now. The one you direct that question to, you will have a slightly different answer from very positive to very positive to little less positive to very strict. So choose. So we are not taking this product through the sales organization in 2024. We are focusing in on making sure that the delivery to the few customers we have are successful. It's SEK 27 million. I said it's not yet in the bank, but that will be in the bank at the end of this. But still, it has to be delivered. And that's Roland's responsibility. We have opened up for how to take this great product investment and how to use it on a smaller scale in existing projects or in projects that we're trying to win. And we actually have some success already with that.
So again, if we meet in 12 months, you might see more of this product. But the corporate answer today is we're not changing plans based on that big deal. But it can be a dream. It's allowed. Okay. Thank you very much, all of you. And thanks for your job well done. It's time to answer Simon's question again then. We are simply reiterating our financial ambition and guidance. I think you've already noted that for 2024, we're more or less spot on this or above this guidance for the year. When it comes to the long-term ambition to generate double-digit growth in our focus business areas and an EBITDA margin of 25%, I hope that we've been able to show you that we're very much on that trajectory, and we've already delivered that in a couple of quarters. And it's not little. It's not nothing.
It's done with a declining OS business and with some products in our portfolio that are still not growing as the rest. We have been able to achieve this while generating SEK 170 million-SEK 200 million free cash flows or operating cash flows over the years. And this year, we have spent SEK 100 million in lowering our net debt, buying back shares, and still improved our bank account a bit. So lots of this is happening. And that was really my ambition starting this afternoon that we should be able to give you some information into this so that you feel confident that this is actually not so far away. I also said that I wanted you to better appreciate our cybersecurity or security portfolio. Enea is not anymore an OS business. It's not anymore a consulting business. It's not anymore a telecom business.
It's also a cybersecurity business just the subway from Stureplan, and you'll find one of the world's leading cybersecurity companies in the world. And I also wanted you the crash course on SS7. And I'm not sure who I'm going to ask if that's been delivered. But it's actually instead of having one line of communication, you actually first check if this is the correct call. That is the purpose of the SS7, and that is what we're protecting. So if you didn't catch it, that's the simple answer. And not the least important thing, what I wanted to achieve today was for you to meet the leadership team of Enea or a bigger part of the leadership team of Enea. You haven't met Anna today. She's HR and people and culture. And you haven't met Stephanie, who is in Australia at the moment, who's marketing.
But you've met a group of people that I think are outstanding. And I hope that you feel that you had the opportunity to understand who we are apart from the normal CEO and CFO conversations that you normally have after the quarterly reports. So with that, thank you so much for coming here and spending a few hours with us. And hope you feel it has been hours well spent or worthwhile. And thank you so much again.