Allot Ltd. (ALLT)
NASDAQ: ALLT · Real-Time Price · USD
7.81
+0.16 (2.09%)
At close: May 8, 2026, 4:00 PM EDT
7.90
+0.09 (1.15%)
After-hours: May 8, 2026, 7:17 PM EDT
← View all transcripts
Investor Day 2021
May 11, 2021
Hello, everyone, and welcome to the Allot Investor Day 2021. It's a big day for us. Today, we're going to share a lot about our company and where we're headed. And we're very excited about the future. I'm Barry Spielman, Director of Product Marketing for Cybersecurity.
You're going to hear quite a bit about cybersecurity over the next couple of hours and how it's becoming a central pillar in the company's growth strategy. In that context, this virtual Investor Day and the information we will be sharing marks an important milestone on Allot's journey, and we're thrilled to have you with us for the ride. Today, I'm joined by Allot's senior management: our Chief Executive Officer, Erezentebi our Senior Vice President for Cybersecurity and Head of the Cybersecurity Business Unit, Doctor. Yael Vila and Allot's Chief Financial Officer, Ziv Leitman. Now before we begin our presentations, I'd like to remind everyone of our safe harbor disclaimer.
Certain statements in today's presentation and responses to various questions may constitute forward looking statements that represent our outlook and current expectations. We caution you that other additional factors not anticipated by management may cause actual results to differ materially from those projected in these forward looking statements. We recommend that you refer to the risk factors contained in our most recent Annual Report on Form 20 F and subsequent filings with the U. S. Securities and Exchange Commission.
In addition, on this call, we will make reference to certain non GAAP financial measures, including non GAAP gross profit and non GAAP net income. The reconciliation of these non GAAP measures to the most directly comparable GAAP measures can be found in the appendix to the investor presentation and in the company's Q1 2021 earnings release, which is posted on the company's Investor Relations website. I want to point out that a recording of today's session will be available on the Investors section of the Allot website as well. Now to get things rolling, I'd like to kick off the day with a short video clip about Allot's cybersecurity business, setting the stage for today's sessions, which will demonstrate to you, we believe, why Allot is literally revolutionizing consumer cybersecurity.
According to the FBI, over the past 3 years, cyber attacks on American consumers have nearly tripled. In 2020 alone, 86% of UK consumers experienced such attacks. Almost 2% of all emails are phishing attempts and the Although research shows that they are willing to pay for and even switch to a communication service provider that provides them with cybersecurity services, current solutions aren't working as less than 5% of consumers actually adopt them. Why? Because they're just not willing or able to go through the hassle required to find a trusted app, download it and then configure it to all of their devices.
In other words, consumers can't be their own CISO. A lot is revolutionizing consumer cybersecurity. Consumers enjoy 0 touch clientless security from their broadband provider wherever they are, blocking malware, phishing attacks, viruses and bots. In some countries where it was launched, it has gained adoption rates up to 50% of consumers who paid a 5% to 8% premium for the communications service provider cybersecurity service. This offering turns the communication service provider from a transparent broadband provider
into
a secure one, increasing revenue and customer loyalty. With Allot's revenue sharing business model, communication service providers can finally benefit from the huge addressable market of 3,000,000,000 potential subscribers willing to pay for trusted cybersecurity services.
Before I turn over the microphone, I want to quickly go through the agenda and what we have planned for you today. We will start with a briefing by our CEO, Erez Antebi, who will show you how Allot is revolutionizing consumer cybersecurity. He will describe the huge business opportunity for both CSPs and for Allot. We will then share with you a discussion our CEO recently had with Mark Ruan, Executive Vice President and Chief Network Officer at DISH. Allot recently signed a deal with DISH to provide end to end user plane protection against DDoS and botnet attacks on DISH's cloud native Open RAN based 5 gs network as well as to provide cybersecurity threat protection for DISH consumer, MVNO and SMB customers.
We will then move on to Doctor. Jael Vila, our SVP for cybersecurity, who will give an overview on the technology that makes it all happen. Following Yael's presentation, we will share a couple of additional short testimonials from our customers, who will discuss how Allot's solutions help them achieve significant growth. And finally, Ziv Leitman, our CFO, will discuss Allot's revenue sharing business model. We will have plenty of time to answer your questions during the Q and A session.
If you have any questions, feel free to send them via the Questions tab on the platform at any time, and we will answer them during the Q and A. Okay. I think we're ready to get started. I'm pleased to hand it over to our CEO, Erez Entebbe. Erez?
Thank you, Barry. Good day, everyone. Welcome to Allot Investor Day. Thank you very much for joining us. I want to talk today about Allot and how we are revolutionizing consumer cybersecurity.
So Allot, in general, as a company, we are a software company, and we are selling hundreds of customers, operators around the world. Many of them are Tier 1 operators. Allot has been growing nicely. We've been growing with a CAGR of 18% during the last few years. And last year, dollars 23,000,000 out of our $136,000,000 of revenue or cybersecurity revenues.
We have a strong management team with proven experience in the areas of both service providers and cybersecurity. Later today, you will hear from Ziv Leitman, who is our CFO and from Yael Vila, who is our Senior Vice President for Cybersecurity. The technology that Allot uses, the heritage of the company, if you will, is extremely mature. Our technology is deployed with operators around the world, with Vodafone in Europe, Telefonica in both Europe and Latin America, with Rakuten in Japan, with Jio in India, Optus in Australia and many, many others. We have as a company, we have a telco grade software.
This is different than enterprise software. This technology heritage coming from the telco world is an extremely significant barrier to entry for many competitors from around the enterprise software world. Because we have come from the telco world, our software is capable of handling extremely high throughputs, multi tenancy having millions of customers that can each have different profiles, different logics joining the service, coming off the service and with extremely high quality. We operate in 5 gs networks. We operate in cloud native environments and we're based to a large degree on AI technology.
As we will see later today and during this presentation and in the presentation from Yael, this is an extremely important factor. When we look at the Allot secure platform, which is our cybersecurity platform, That too is deployed worldwide with many customers, many Tier 1 and Tier 2 operators both in Europe, Latin America, United States, Asia. Customers like Vodafone, Hutchison, Telefonica, Rakuten and many others. More than 20,000,000 subscribers globally are protected by Allot Secure. Tier 1 operators really do trust us.
We believe today there is a big challenge in protecting the consumer and small business environment. Most cybersecurity companies today focus on protecting large enterprises. They built their technology and solutions with the enterprises in mind. We are taking a look at consumers and small businesses, really the small businesses, the guys without an IT department, if you like the small lawyer's office or the restaurant, small businesses that don't have extensive IT knowledge. We're looking at families.
Really each and every one of us as an individual at home with our family, with our kids. Who is responsible to protect us as individuals, as a family from the threats on the Internet? Well, the answer is surprisingly that we are individually, each and every one of us. And as you will see here, this is a very, very big challenge. When we look at the threats on the Internet, we are seeing that threats that are attacking consumers and small businesses are growing, and actually, they're growing exponentially.
Look at these graphs. I'll start from the right hand side graph. The number of new malware apps that are detected worldwide is growing dramatically year over year, and it's expected to continue to grow at these rates. If you look at the left hand side graph, this is a graph showing some of the results of what we in Allot are catching and protecting consumers against in Europe. You can see that both the adware and phishing attacks are growing very significantly.
Why is this happening? First of all, because unfortunately cybercrime is a business and it's a growing business. But not only that, what's happening these days is all accelerating that. The border between office and work has blurred. We work from our home.
We will work using our broadband connection at home. We are using our own devices, our personal devices to do our work. COVID is accelerating this change. People are looking, for example, for information. It's very easy to send somebody a message and tell them, just click on this.
I'll give you information on what's happening with COVID in your neighborhood. And you click on it or somebody clicks on it and boom, that's a phishing attempt. This is happening today and it's accelerating. 5 gs networks will accelerate it even further because as 5 gs networks, they come with much, much higher bandwidth and many, many more unprotected IoT devices. So the attack surface is growing.
So overall, when we look at this threat on consumers and small businesses, that threat on the Internet is growing and it's growing worldwide. So what is really the solution today? How are we expected to protect ourselves from this? Well, the answer is that what we're expected to do is to go online, choose some security app, pay for it, download it, then start installing it on all our devices, on our phones, on our computers, on our smart TV, figure out a way to customers don customers don't want to do this. They don't download these apps.
They don't either because they are maybe a bit technically shy of deciding which app it is. Maybe they are not up to the big task of doing this repetitively on many different devices. But at the end of the day, when we talk to operators worldwide and we ask, okay, how many customers actually download security apps? The answer is that less than 5% typically do it. And if they do reach 5% that download it, it's considered a huge, huge number.
So what we're seeing really is that while consumers are expected to be their own CISOs and protect themselves, consumers and small businesses cannot be their own CISOs. Somebody else needs to protect them. Now operators today worldwide are reselling endpoint apps, but they are doing this with very limited success. So if consumers and small businesses cannot be their own CISO, someone else can be and someone else should be. And that's where I believe the opportunity lies.
This is a big opportunity. It's an opportunity really to change the way families, communities, small businesses are being protected from the threats on the Internet. We ask consumers and businesses if they are aware of the threats. And the answer is that overwhelmingly they are. Look at the numbers.
In Gallup polls, we see that 72% of U. S. Consumers do worry about personal or financial data being hacked. 66% of U. S.
Consumers worry about being a victim of identity theft. So there is definitely awareness from consumers and businesses that they are under attack. Who do consumers think that should provide them this service? The answer is that they think overwhelmingly 90% of consumers polled think that the operator, the communication service provider, should be the one providing them a security solution. Why is it the operator?
Because what we basically ask the operator to do is don't just deliver us a transparent pipe that brings all the threats from the Internet to us and then expect us to clean it up ourselves. Provide us a clean pipe, filter out all this bad stuff, the malware, the threats, filter it out in the network before you bring us the Internet access itself, the data that we're actually looking for. So there is a clear expectation from consumers and businesses that the operator will be the one delivering the security for the connection. Are customers willing to pay for it? Well, we polled customers around the world.
We're showing here the results for our polling in the U. S. Market. And we asked them, are you willing to pay for it to be protected? And how much are you willing to pay for it?
And the answer is that roughly 2 out of 3 customers are willing to pay for it a significant amount. They're willing to pay either $3 or more per month for security on the mobile phone and they're willing to pay $6 or more per month for security in their home broadband connection. These are extremely interesting numbers. So we can see that right now, threats are growing. Current solutions of downloading apps do not work.
People are aware. They're willing to pay and they expect the operator to deliver a clean pipe. Are the operators at all positioned to provide these security services? Well, it turns out that they're extremely well positioned to do this because the communication service provider is the sole provider of access to the network. Anytime we access the Internet, no matter by which device, how we do it, there's a communication service provider and operator that's providing us that connection.
As a result of that, that means that the operator sees all the traffic and therefore the operator is capable of blocking all these attacks and threats before they reach us. And not only that, but we all interact with the operator. And the operator interacts with us with multiple touch points. They're a trusted brand. They have a billing relationship with us or us with them.
We have frequent interactions with them, whether we change the plans or we decide to buy something else or we decide to buy another phone or whatever. So this is someone that we know, that we trust and can really provide us a security service. So it turns out that they're really extremely well positioned to do this for us. Now is it worth their while? They're expected to do it.
They can. Should they? Turns out that cybersecurity can really be the next big thing for operators around the world. Today, when you look at operators worldwide, they're being relegated really to a dump pipe. Their revenues are stagnated at best.
In many cases, the revenues of operators are declining. And they're fighting for any kind of differentiation, any kind of new service that will add to their revenues. Security can be exactly that next big thing. But it's not only the revenues. Really, it's 3 different values.
First one, I would say, is brand recognition. Brand recognition means that the operator providing something to the customer that the customer is providing something to the customer that the customer actually wants. Not only that, it brings new revenues. And we saw that customers are willing to pay for it. So this is new revenues for the operator.
And not only that, we'll talk about it a bit later, there is an increased customer loyalty. Customers who are signing up for security services from the operator are less susceptible to churn and increased loyalty and the chose with net promoter scores becoming much higher. Now to add the cherry to the cake, FANG, Facebook, Amazon, Google and so on cannot do this. While they are taking away a lot of the operators' perceived value and relegating them to a dump pipe, they cannot take away securing the access because the operator is the only one who owns the access and the operator is the only one who sees all the traffic. Once a communication service provider launches this service, they will become their customers' heroes.
We are told this by operators who launch the service that the Net Promoter Score of the customers signing up for this is significantly higher and that customers really, really value what the operators are doing for them. In this ecosystem, Allot, our vision is to be the technology company that will enable this revolution to happen, changing the way we protect consumers and small businesses, taking the onus from protecting ourselves from each and every one of us, placing it on the operator, allowing the operator to provide that protection to us as individuals, provide that to us as a service from the network. This is something that we believe in Allot that will not only happen, but we will be the technology company that will enable this to happen. We will provide the technology that enables the communication service providers to become a secure broadband connector instead of just a broadband provider and really protect the family and the small business. How do we do this?
To do this, we have developed what we call the Allot Secure solution. The Allot Secure solution is a solution intended at protecting consumers and businesses from the network, meaning the protection is done at the network level itself without the need for the end user to download anything. You don't need to download an app. You don't need to configure anything. You don't need to do anything.
It's all in the network itself that's owned by the operator. And our vision is to protect families and businesses against many, many different threats against on all their devices wherever we are, in our home, in our car, visiting friends. It's to protect all members of the family, parents, kids, whomever. We need to see the family and the business not just as a collection of devices. Now protections vary, right?
There are differences between how we protect ourselves and how we protect our kids. For example, we want to prevent our kids from accessing harmful content that we may wish to have access to by ourselves. We want the video camera in the kids' room not to stream to a site, say, in a foreign country, but we do want to be able to access sites worldwide with our own computer. So profiles matter. And we need to understand the concept of a family and it's not every device being the same.
We have to differentiate between devices, protect them differently, see who is responsible for what, who has to be protected how and provide this over encompassing digital security for the family and for the business as a whole. Allot built a solution that enables this to happen. We call this solution, like I mentioned, Allot Secure. We believe that this is a 3 60 degree security solution. And it's made really of, I would call it, 3 different layers.
First of all, we have at the bottom of the slide, you see the various enforcement points. We have security enforcement points in the home router or the business router to protect the broadband connection. We're protecting in the network itself, in the core network, the IoT devices and mobile devices. And we're protecting even the DNS access link. All of these are built into the network.
This is software that we provide that resides in the network of the operator. So it's a zero touch onboarding. There's no need to download or install anything. All of these enforcement points are connected to a single unified management system that provides a seamless security experience. It doesn't matter on which device you are.
It doesn't matter what's the access means. It doesn't matter if you're at home or in your car. It's the same security profile. It's the same protection. Now to make sure that it's 100% updated all the time, The management system connects continuously to our cloud, to the Allot cloud that provides updated information on threat intelligence, categorizing websites, device fingerprinting that and it's constantly updated every few minutes to make sure that we have the best protection online all the time.
This solution, such a comprehensive view of this solution is something that I believe is unique to Allot. I am not familiar today with any other company that is offering such a fully unified security blanket for consumers and small businesses. Now to do all this inside the operator's network, looking at all the traffic real time without adding delay and with extremely high resilience requires technology foundations that I talked about earlier and Yael will expand on later today. Now how big is this opportunity? We understand that it's important.
We understand that it can bring tremendous value, but how big is it? How big is it for the whole HUC system? And how big is it for Allot? Let's take a look at the numbers. We start with what are the connectivity revenues worldwide.
Well, worldwide, according to the OECD studies, connectivity revenues of mobile and fixed broadband networks are $1200,000,000,000 per year. Now we believe that the potential revenues coming from security, an operator can charge their customers an incremental 5% or 8% of the connectivity charges that they charge them today. We'll talk about why we believe that these are the right numbers in a couple of minutes. So that means that if these numbers are correct, that means that the operator is looking at somewhere at a total addressable market of somewhere between $60,000,000,000 to $100,000,000,000 annually. Now to be truthful, not all customers will sign up for it.
We believe that realistically, 25% to 40% of customers will really sign up for this service. And we'll show you why we think that those are realistic numbers, which means that the realistic addressable market for operators is between $15,000,000,000 to $40,000,000,000 annually. That's a very large number. How much of this can Allot compete for? Well, we believe that by providing the technology solution to this, operators are willing to share revenue with technology companies such as Allot around 30% to 50% of these revenues, which means that we and Allot are looking at a potential multi $1,000,000,000 market anywhere from $5,000,000,000 to $20,000,000,000 of annual revenues at once this grows to encompass the operators worldwide.
Let's look at how we reached these kinds of numbers. These are examples of operators who actually launched cybersecurity service and how much they are charging consumers and small businesses. Looking at the left side, we see that Vodafone that launched this in 10 different markets across Europe are charging on average around €0.99 or €0.01 per month in addition to their regular access charges for the security. This is around 5% of the average price plan that Vodafone charges. Hutchison that launched this service in Austria is charging €1.5 per month, making it from for consumers, making it roughly an 8% of the average price plan.
And mail, looking at the right hand side is also charging roughly €1 per month in Portugal, which means around 6% of the average price plan. When we're talking about SMBs, we're looking at, for example, Telefonica, they launched this in Spain and is charging €10 per month, which brings it to about 20% of their average price plan to SMBs. So overall, we see that it is realistic to expect operators to charge customers and for customers to actually pay roughly a 5% to 8% premium over their price plan to get cybersecurity protection from the operator. Are customers willing to really pay that? And how many of them are willing to pay that?
These graphs show the percentage of customers that are actually signing up to services over time as these services are getting launched. I'll start with the top left graph that shows the take up rates in several European countries of consumers signing up to this service. And you can see each line here in the graph represents a different market, a different country. And the with the axis the horizontal axis presenting the time from launch of the service. So it's overall over a period of 3 years.
And we can see that the numbers vary. But within a few years, we can see that the most successful countries end up getting 50% and even 55% of their customers to really sign up for the service. Less successful countries will get to around 10%. This depends a lot on the go to market. But an average of 25%, even 30% of take up rate for consumers in Europe, I think is a reasonable number based on what we are seeing today from operators that have actually launched this service.
This is a tremendously successful value added service. If we go to the bottom left graph, this is an interesting one showing what happens specifically in stores. This is an operator that launched the service and is selling it primarily in the stores. So when people walk into the stores and they want to do something, they want to buy a plan, they want to sign up for service, they want to buy a new phone, whatever it is that they want to do, They are also offered by the person in the store. They're also offered to sign up for a security service in addition and pay extra.
This is in Europe. And you can see here that new customers that are walking into a store and signing up with this operator for the first time, take up rates are around 80%. 80% of customers that come in and join the service are also signing up for the security at the same time. With existing customers that walk in and buy something, whether it's a new phone or they change the plan or they do anything, take up rates are between 50% to 60%. These are extremely, extremely high numbers.
Once people sign up on it, and I will share with you that invariably with almost all operators that we work with, customers can opt out and leave the service at any time they want. So once they've signed up for it, do customers stay with the service? Look at the bottom right graph. This shows in months from when a customer signed up, what percentage of customers actually keep the service. And it shows that 18 months from when customers sign up, a year and a half after they've signed up, 64% of the customers still keep the service.
It's a very, very sticky service. People do not give it up. They want to be secured. This is an extremely successful service. We talked until now about consumers.
What about businesses? So the top right graph shows an actual penetration in Europe for an SMB service. And you can see that within a year several months, 16 months from the launch of the service, you can see that 34%, 35% of all the SMBs that, that operator is serving have signed up for the service. Phenomenally high acceptance rate. So what we're seeing here is that once operator launch this service, customers really buy it.
The take up rates are high. They really want this. How do we do the deals with the operators? Well, we believe in this service. As you can see from these numbers, there's a good reason to believe in this service and in the future of it.
So we come to the operators with the easiest deal that we can for them. And I think honestly, the best one for both sides. We're willing to provide the operators everything that they need hardware, software, professional service, marketing support. We have a dedicated marketing team that works with the operators' marketing team to show them how to market this service in the best way and achieve the highest penetration numbers. We provide all of that.
Upfront, no financial commitment. All we ask for is a revenue share. Once customers come online and they start paying for the service, that's when we expect to get a share of those new revenues. Now because we're doing this in such an open fashion with no minimum commitments requested from the operators, operators really see us as a partner. And today, they are willing to share with us up to even 50% of the security revenues that they are expecting to see from their customers.
This is a true partnership model and a very, very interesting recurring revenue model for us. Now when we talk to customers about this and we'll hear testimonies from customers later on today, but I did want to give a few quotes from them to share with you what customers who have launched the service, what they think of it. And here's what some of them are saying. Hutchison are saying, look, up to 80% of new customers sign up for it, tremendous number. Telenor is telling us that simple onboarding is driving customer take up and it's driving a higher net promoter score, So it helps boost their brand.
Vodafone went public and earnings result couple of years ago sharing with the world how much new revenue they are making from this. And Telefonica is telling everyone what a huge potential it is. So operators who launched this service are very, very happy with the results. Now I'm very excited about this transformational opportunity. You can tell that.
And I think it's a huge opportunity for us, but I think that there is even more than this. We are seeing today 5 gs networks starting to become a real reality and starting to be to go online and starting to grow. Now 5 gs networks are much more vulnerable to attacks than LTE networks were until now. And this is for 3 main reasons. One is that they are much higher in bandwidth.
The high bandwidth means that it's a lot easier to provide massive attacks or to attack massively, if you like, the network. There are many connections to the Internet. This is not a centralized network like 4 gs was with everything coming to a centralized core, but it's really a distributed core with many Internet connections. And the vision of 5 gs is to have many, many IoT devices on it. Billions and billions of IoT devices are expected to be connected to the 5 gs network and they are much, much harder to protect than other devices.
So we had a lot we've developed a product we call 5 gs NetProtect that is intended to protect the service provider network itself from malicious attacks on the network itself. Our first customer that we signed up for this product is DISH in the U. S. DISH, as I'm sure you know, is building now a completely new 5 gs cloud native network across the U. S.
And they have selected Allot to be part of what is protecting their network from attacks and threats across the whole platform. Now this is not just for DISH, and we'll be hearing from the DISH Chief Network Officer later today, but it's not just DISH. This is an example of what we expect of things to come. 5 gs network protection, protecting them, protecting the network itself is actually an additional cybersecurity growth engine for Allot. Not only that, but all of that together, we can build on beyond that.
Why? Because Allot Technology is placed in an extremely strategic location. We have a technology that sits inside the operator's network. We see and read all the traffic, all the Internet traffic that's going to and from the customers. We see all of it and we know how to do things with it.
We can decide to clean attacks. We can decide to block malware, But we can do more than that. And as we are working into the future, we will work to provide more value both to the operators and to their customers. We will do this by providing data driven security, which is now in development phase. We will do this by enhancing the ability to protect consumer privacy, and we will do this with other ideas that we have and that we will have going forward.
We are situated in exactly the place that enables us to do this. Yael will expand a lot more on this later on today. As we look to Allot, you can see that we really have today 4 growth vectors to the future. First one is we want to sign up as many operators as we can that will launch customer security from the network. And we are continuously signing up more and more operators that will launch this service.
Each and every customer that launches, we will work with them to increase the number of customers, both consumers and small businesses that actually sign up to the service. And then we will work to increase the value that we provide to those customers. Some customers start with only protecting mobile phones. Some customers start with only protecting the home broadband. As we see with the Allot secure platform that we have built, you can start with mobile only, then expand it to home broadband, then add the DNS security and expand and provide more and more value all the time.
And last but not least, protecting the network itself, protecting the operator network itself, specifically on 5 gs networks, which is a growing business today, starting with DISH, but with many more hopefully operators to come. As a company, we are also undergoing a transformation. Allot up to 2018 was focused mainly on DPI technology. We were selling software to operators, but it was for DPI applications. And the type of deals that we were doing were CapEx deals.
That was until 2018. By 2019, we started signing up security revenue share deals. Last year, 'twenty, and this year, we are starting to see the initial security as a service revenues come to Allot in a meaningful way. And by 2022 and beyond, we expect security as a service revenues for Allot to grow to be very significant and fast growing numbers. Ziv will discuss the time line of how signing these deals turns into security revenues for us and what we expect on the future revenues of Allot to look like.
To summarize, while most cybersecurity companies focus on securing the enterprise, there is a huge opportunity to secure consumers and small businesses. We believe that we are positioned to seize that opportunity. The threats to consumers and businesses are growing. Consumers and small businesses are unprotected. The existing solutions downloading apps don't really work to protect the massive the mass market.
Customers are aware of this. They understand that they are under threat. They understand that they are not well protected. And they look to the operators, to the communication service operators for solutions to protect them and they are willing to pay the operators to do that for them. Allot is revolutionizing the mass market cybersecurity with the network based security service offering because we are the ones enabling the operator to deliver on this promise.
And this overall is a huge revenue generation opportunity, both for communication service providers and for Allot. I believe that this revolution in how consumers, small businesses are being protected from the Internet is happening. It is happening because it is an absolute necessity in my mind. And I believe that we and Allot are best positioned today to be the technology company that drives this revolution and really makes it happen. Thank you very, very much.
Thank you, Erez. Now let's join a conversation Erez recently had with Mark Ruan, Executive Vice President and Chief Network Officer at DISH, following the announcement of the recent deal between our 2 companies.
I'm happy to be here today with Marc Huang, Chief Network Officer and EVP at DISH Network. Thank you, Marc, for taking the time to answer some questions with us. You've stated openly that security is very important to DISH. Yes. Can you share with us a little bit why you think that?
Yes. Actually, it is important because our customers, our prospects, enterprise customers are putting it as a top priority. Every time we talk to them about 5 gs, they understand 5 gs offers much more capabilities. But then their question or their feeling is that if there are more capabilities, if it's more open, if it addresses more devices, what about security, right? And so it's really at the top of their concern.
And so we have to move the security to the next level. It's really the demand they have that if it's just a 4 gs type of security or 5 gs as we know it today in the U. S, not enough. And second thing they're asking is that they want to control a part of that security themselves, right? They want to have visibility, they want to be able to master it, program it, define it.
So it's a demand from our customers. Now for us, why DISH wants to invest in security, because natively, 5 gs offers much more possibilities, because we have access to much more data. We see what's happening in the network real time. We can change. We can secure, isolate, transform, react much faster than in 4 gs.
So why not leveraging it, right? What we have seen is that really at the beginning of the discussions, we feel when people are understand 5 gs. If they understand this cloud native, if they understand the opportunity it brings and if they really master the capability to deploy the software defined network. So that's what we saw. We saw the capability to really protect end to end, which is what you want in 5 gs.
If you have a network of networks, each subnetwork has to be protected end to end. You can't just have a point at the center or at the edge. So that's one thing we wanted to see. We wanted to see as well the capability to react very fast real time with the data. So being data native and understand that if you can observe a lot, you can react fast.
And that's what we wanted to see. And then we also wanted to have, as I said, a win win corporation where we could offer security as a service to our customers, because that's what they want, right? If we just tell them, trust us, the network is secure, it's not enough. That's the basic, but then they say, okay, it's secured. What else can I do on top of your own security?
Like when you have your own device, you want to master your own service we selected Ireland because of this capability to offer security as a service per subnetwork. When it comes to consumers, I think because of the pandemic, because of the way people are working now, we need to be able to expand security across mobility, right? Before, people had different zone where they were, they were at work, they were at home or they were on the move. But this has kind of disappeared. People can work from anywhere.
They are they change places where they live depending on their constraints now. They are remote. So we need to give them access to their own management of security wherever they are for the different use cases. If they are working for their company, for their job, they need to have a certain level of security that is separated from their consumer needs. And people are becoming very sensitive about what data they want to expose, right?
So we think it's going to be at the center of the discussion of 5 gs, the real 5 gs, as I said, not the upgrade of 4 gs networks.
So you see this as a major offering, major importance to consumers as they go into the 5 gs network?
Yes. To be honest, I see it more important than speeds or 5 gs, a lot of people think of higher speeds. I think for a lot of people, 4 gs is very fast already, and I'm not sure many people want to pay for additional speed. They want to pay for additional security.
Mark, thank you very much for taking the time. Thank you for answering our questions. Thank you.
We are pleased to share with you now a few of our customer testimonials.
So thank you, Victor, for being here today with us. And please tell us what is the Connexion Segura service from Telefonica Empresas? Connexion Segura Empresas from Telefonica Empresas is our cybersecurity services, which offers protection against viruses, malware and phishing over the fixed network connection of our customer in SMB. Fusion Empresas is the Telefonica service bundle from IT and Telecoms for the SMB segment in Spain. Is the service being commercialized today?
It is being marketed as a revenue share model with Ballot and McAfee, when terbouartalfonica is responsible for sales, marketing, post sale support and operations. And McCarthy and Allot are responsible for the hardware and software solution over Telefonica network. When was the Conestion Segura service launched? And how it is currently responding to your expectations? It was launched officially in May 2019 after some piloting time.
The market has been responding quite quickly, far beyond our expectations. In 8 months, really, we achieved the results intended for a 4 year plan. Very impressive. Currently, can you please share with us some KPIs about customer satisfaction, penetration? Nearly 70% of customers who tested the solution on the period of 30 days finally contracted the solution.
And customer satisfaction survey that we developed over the customer base rated the satisfaction of the customer in 8 points over 10. Amazing. Wow. Pietro, what were the challenges that you were facing in the SMB market? And why did Telefonica decide to launch a security service for SMBs?
Every year, Telefonica and Prezas develops a survey over IT needs on the SMB segment. So in the last service, we realized that 1 of 5 SMB companies in Spain had a cybersecurity incident. So the market was there and they had the need to resolve the problem, but really they do not have an affordable solution. So our approach was to develop in an industrialized way a solution that can be delivered from the network in order to mitigate these threats and but this having in an affordable way. So how did you first encounter our company?
And how did you select Allot to meet your customers' needs? Well, Telefonica and Allot had a long relationship over the last decade. We selected Allot because of its flexibility, its growing capacity to adapt the prior product to our needs. Finally, we after dropping our solutions, we work with them to design the solution with a lot specifically in the network part and with McAfee for the endpoint part of the solution. And finally, what are the next challenges for the service?
And how do you expect the service to evolve in the future? Okay. We expect to include in future additional functionalities of Allot's platform like application control, advanced threats. And in addition, we extended the protection for the network for the mobile network and even to external links when users are working abroad or connected to external networks. Thank you, Victor, very much and we look forward to working with Telefonica much more.
Thank you very much. It was a pleasure to work with you in this project and especially to have your marketing support for the development solution over these months.
I want to now introduce Doctor. Yael Villa, our Senior Vice President for Cybersecurity. Yael also heads the company's Cybersecurity Business Unit. Yael?
Thank you, Beren. Hi, everyone. My name is Yael Villa. I joined Allot 6 months ago to lead the cybersecurity BU. Today, I would like to share with you a deep dive into the technological backdrop of Allot's consumer cybersecurity offering.
We will start with an overview of our consumer security concept, which is unique in the market. Next, we will briefly describe our security assets and how are we prepared for tomorrow's challenges. The cyber world is very dynamic and sophisticated and we need always to be ahead of the bad guys. The main difference between existing solutions, mainly for enterprises and financial institutes and a lot solution is that existing solutions are extremely hard to manage, different alert system coming from different applications, very long logs and basically enterprises and financial institutes have a CISO to manage the security within the organization. In the consumer world, this is not happening, and nobody is expecting the consumer to be its own CISO.
Therefore, the solution should be seamless and easy to use. Otherwise, it will simply not work. Consumers actually don't know anything about security vulnerabilities. They just want to be protected. Some of you can ask, if Allot can have a comprehensive solution, why can't the big cyber companies, if they are willing to, do the same in no time?
Well, it's not that easy, and we will discuss why. Finally, we will talk a little about the road ahead. What do we need to start thinking today to be always ahead of our competitors and constantly bringing value to our customers. A lot solution is based on the 360 degree security concept. What is 360 degree protection?
Consumers are looking to have a complete end to end protection anywhere at their network, at their home, at their offices, at the coffee bar, at the bus station, everywhere. They are looking to be protected by any threat, phishing, trojan, ransomware, everything. They are looking to be protected in any device they are using, phone, laptop, iPad. They want the same protection in older devices. This is the 360 secondurity protection.
And we need all of this to be easy, zero touch, the user basically doesn't have to do anything, clientless and self management. If they want to do something, they need to be able to do it by themselves. Our research showed that 90% of the consumers believe that the CSP should provide them security. So they expect to have the CSP as the single provider of security solution. So what is the Load Secure 360 concept all about?
The solution is built around the ASM, Allot Secure Management. The Allot Secure Management is designed to provide a unified seamless security experience, not only for the end user, but also for the CSP, for the CSP to be able to be the single security provider. We have different enforcement points: home secured, business secured, IoT secured, network secured, DNS secured and endpoint secured. Network secure is a network based security for mobile consumers and SMBs that includes threat protection and parental control with frictionless onboarding, mass activation, up to 50% penetration, in line customer engagement tools and everything, basically. HomeSecure is a CPE based security protecting all devices, including IoT devices in smart home and offices, home router protection, full home office network visibility.
The different enforcement points are getting the input from our Allot cloud. All the up to date threat intelligence, web categorization and device fingerprint data are stored and constantly updated in our Allot cloud. The design of the ASM was done under the unification concept, the same capabilities and the same look and feel for all the enforcement points. Therefore, we developed all our capabilities once and no need to develop again and again for each enforcement point. For example, if we want to add a new anti bullying algorithm, we develop it once and it will work for all the enforcement points.
We have the same reporting system to all the different products. Due to the flexible architecture, if a lot decided to introduce a new service like privacy protection or the customer wants to use its own enforcement point like McAfee, these additional solutions can easily be integrated in our management system and gain our reporting, notification, account management without the need to develop anything, keep the same look and feel for the end user and for the operator. This user adopted the entire 360 threat protection solution. He can be blocked within the network if he's at home or if he's at his coffee bar. The same protection regardless where he is, the same blocking page, one seamless security experience, one policy, unified reporting and unified event handling, regardless which enforcement point is active.
The user will get a reporting summarizing all the malicious activities he had, like in this example, more than 3,000 blocks, most of them phishing, malware and a little bit of spyware. Robust security is the core of our business. Our comprehensive security comprises URL based filtering for HTTP and HTTPS traffic, antimalware, antiphishing, antivirus and antibodies. Up to 3 antiviruses engines to scan files downloaded Kaspersky, VDefender and our Sophos. We have a dedicated threat intelligence research team to analyze new threats and variants of existing threats.
We developed learning algorithms, including deep learning, anomaly detection, classifiers, behavior analytics and clustering to optimize our detection performance, meaning high detection rate with low false positive. In addition, we developed machine learning algorithms aimed to solve tomorrow's challenges, for example, phishing detection when all the traffic is encrypted. Allot's deployments are in hundreds of CSPs worldwide and since trends spread over different markets, we developed a global information sharing platform to share patterns between different geos and different type of customers, allowing us to detect new types of malicious activities earlier. In our parental control solution, we have more than 120 URL categories. The CSP typically exposes macro categories to the subscribers applicable to HTTP and HTTPS traffic.
We have the ability to completely shut down Internet access for a device during a specific amount of time. The customer or the end user can create a list of allowed unblock domains and URLs. Any good threat protection solution is based on a diversity of data elements and good algorithms that can classify and inspect all sources of information. In our cloud based threat intelligence database, we aggregate data coming from multiple data sources. We have regular classification analysis from top website lists, unclassified URLs received from existing deployments, categorization requests from our customers, external feeds carefully selected under constant examination, regular classification exercise by CSPs, automated tool to find new URLs and get them classified, threat research team dedicated to investigate new threats and a content analysis engine for dynamic and real time analysis of malicious URLs.
And more than 120 categories for detection and from our detection and parental control. Consolidation of threat intelligence from many different sources, internal and external to a lot, it's imperative to reach high detection rates with low false positive. This is unique to Allot as aggregator of threat intelligence even from competing vendors. For a consumer cybersecurity solution to succeed, it should be seamless and easy to use, easy to use for the end user as well as easy to use for the operator. The key of this simplicity is the ASM, Allot Secure Management.
The ASM provides unification of all Allot Secure products under a single management, same profile, same protection, same control access to all of different enforcement points: a unified IT, REST APIs for portals and applications, single integration point, unified provisioning, map subscribers to APIs, map endpoints to subscribers, all of this done very, very easily. In addition, the ASM provides a framework to integrate additional security products, either alerts or customer products. Therefore, this unified management platform empowers the CSP as the single provider of holistic digital security solutions for consumers. On top of the functionality needed to maintain our solution, there is significant additional value a lot is given to the CSP. Flexible and powerful management and monitoring tools like full integration with Prometheus, which is a monitoring and alerting toolkit and Grafana, which is an interactive visualization tool.
Collection of KPIs and system behaviors, user activity, global threats and many more. Advanced reports provide them visibility into subscribers' usage of the Internet, behavior, attacks, devices, patterns that can allow targeted product offering and marketing as a source of additional revenue stream for the CSP. The solutions will be really easy to use by the end user. The average consumer doesn't understand anything about security and our goal is to give Erheem good protection without the concern of onboarding or maintaining a security solution. So first of all, there is no need for any application download.
If you want to use the system as is, you can use it from day 1. The onboarding is seamless. If the consumer wants to do minimal configuration, it's very easy and intuitive. Due to the multi tenant architecture of the solution, the user receives personalized reports of fee security status in which he can appreciate the value of the service. What is the consumer experience unification?
Unified reporting and notification block threats across all its enforcement points, threat distribution, periodic reports, what we did for you, reports for all users in your family plans. The management UI UX is built to prove the value of the service, including security rating, in this case, a very high security level. An overall dashboard, like here, in the last 24 hours, there were 3 threats detected and 0 files infected. Another aspect of the consumer experience unification is a user centric management. Forget about the complexity of managing devices, products and technology and focus on users' persona.
Self reporting tools as an additional mechanism to show value, these reports can be proactively sent to the user. And the unified policy, activate, deactivate malware protection, allow block list, activate, deactivate categories, assign devices to users. You can choose which categories to block. You can easily choose the quiet time you want for your kids. A layered management approach, simple configuration in one click.
Usually, we were asked how long it will take for 1 competitor to build a solution like ours, which is unique today in the market. And the answer will be quite a long time. Why? The reasons can be divided in 2 categories, because we have a very rich telco background and because we have a quite broad security experience. So what assets does our telco background give us?
Scalability, we are able to process more than terabytes per second 15 terabytes per second, sorry, experience to integrate solutions in complex CSP network and visibility. Existing in line Allot deployments in major CSPs worldwide gives Allot a privileged understanding on internal trends, which can drive product evolution to stay ahead of the market. What asset does our security experience give us? Unified end to end security for the consumer market multi tenancy personalized configuration and reports for unlimited number of users existing deployments with more than 7,000,000 opt in configuration and personalized reports. Go to market support, we partnered with the CSP to succeed in adoption rates, allowed us the experience and the tools to create the right marketing journey.
And our proven categorization and threat intelligence, a rich data component that takes a long, long time to compile. In order to stay leaders in the consumer cybersecurity market, we need to constantly think what's next. We should continue adding value to our existing offering, our privacy protection solution, which is a measure conserved these days, broaden our offering in the SMB market. Lots of businesses don't have an IT department at all, And some of them have an IT department, but not the right skills to manage security controls. And many of them will be happy to get security services from the CSP.
The 5 gs new world together with the increase of IoT devices may offer new use cases like securing connected vehicles, mission critical applications to be secure and much more. From the underhand, we are a lot. We sit in the network, and we see the network traffic. Therefore, we can offer additional data driven security services like encrypted traffic analysis, insider fare protection, and we can identify new trends, allowing a lot to be first to market with new product offerings. In summary, our current solution is strong, mature and with top notch technology.
360 degree security, any place, any threat, any device. Bridge threat intelligence, sophisticated machine learning algorithms and automation, global sharing of patterns, a unified management, zero touch personalization due to the multi tenancy architecture. It will not be easy for other companies to close those gaps. Our wide experience in the telco market, including scalability and understanding of CSP's networks and our extensive experience in security, including multi tenancy go to market, give us a great advantage. And finally, we have a significant strategic expansion opportunities: privacy protection, SMB, cybersecurity, 360, 5 gs, new use cases, data driven security services and much more.
Thank you very much for your time and hope you are a little bit more knowledgeable about our cybersecurity offering.
Thank you, Yael. We are pleased to share with you now a few of our customer testimonials.
Welcome, Mr. Yatin Acharya, Senior Vice President of Jio. Thank you for joining me today. Jio is the 3rd largest mobile operator in the world. Jio places great importance on providing cybersecurity protection to consumers.
Why is that?
Well, multiple global surveys of customers have clearly highlighted one thing. The customers look forward to a secure and reliable network from the telecom service provider. Data is a new oil as has been denunciated by our Chairman and hence it needs to be protected and safeguarded. Cyber attacks have been increasing dramatically and it becomes important more than ever that the internet access offered by the telecom company is safe and secure. With this in mind, and especially with the increased emphasis on working from home and schooling from home, secure connection and a home network secure from external threats has become paramount in the list of requirements of our end customers.
Also, for a healthy society, we have to ensure that access to the Internet by children is in keeping with the social values of the country.
What do you look for when selecting a technology partner?
When selecting technology partners, we have a very diligent process, right? We consider the following traits in a technology partner, whether they are the next generation technology that is cutting edge, whether the technology whether their partner itself is highly scalable to meet the existing and growing needs of India, the partner should be nimble execute the project in a swift and efficient manner. There should be a strong technical team having a strong passion to essentially deliver to a large scale project such as ours. And they should have the business attitude to really invest now and then reap perpetually.
Fantastic. Allot was chosen to secure the home access for Jio customers. Can you please share with us why you chose Allot?
Allot's technology is cutting edge and highly scalable, and it really meets the demands of the Indian customers. Allot's engineering team is extremely hungry for developing new features and scaling the technology for large scale implementations such as ours. Ballard's top management was always accessible to us in case any decision need to be taken urgently. While execution, it boils down to trust and the passion of the team, which Allot has demonstrated in ample measure.
Okay, fantastic. And finally, what's next for the Jio and Allot partnership?
The upcoming launches of Jio products with embedded allode technology are being looked at with great promise by Jio. We hope to see that the architectures continues its robustness for scalability, next generation feature development and an ongoing prompt support for all our requirements.
Right now, in Australia, the average home has 17 smart devices connected to their home internet connection. Importantly, that number is expected to double by 2022. And the consideration there around home security is that every white good security camera, air conditioning system, gaming console, light globe, baby monitor is now a digital doorway into your home. And the thing that we like about the HomeSecure solution is that it works and particularly the NetSecure component of it is that it works at the level of the Internet connection. So that kind of talks to that lots and lots of devices being connected to the Internet.
Don't worry, you don't have to worry. You don't have to deal with them all on an individual basis. There is a catchall network level product in HomeSecure as we've branded it that can keep you safe. To be able to differentiate ourselves is something that we've been looking long and hard to do. And particularly in terms of not only differentiating, but actually adding value, driving value in terms of revenue per user, revenue per customer.
So we like the fact there's a proven track record in Europe and what over 20,000,000 subscribers on a platform that had been tried, tried and tested. The fact that NetSecure is a disruptive player, as I've mentioned, it is an Internet level security connection security product. And that makes it ideal to be supplied by an ISP. We also like the intelligence of the platform itself. The fact that it is driven by machine learning, but it's also a product that's supplemented by human input.
And just the overall product design, the layers of redundancy and the data feed that a lot draws from, the breadth of that data feed, the depth of the company's understanding around the subject matter of cybersecurity and content control. Just talking with the team and sort of researching into that, we felt more and more comfortable about the decision to partner with a lot on this journey. And it is a journey and it is a partnership. We are putting a product into our network that fits between the delivery of the Internet, the content of the Internet and the user itself. And that's a fairly significant relationship to enter into.
So you want to make sure that that relationship is built on strong foundations. And we've found that with both the product and the team with a lot. I mean, working with the a lot of marketing consultants is super valuable for me personally. There's a lot of time, effort and energy spent from me and my team around the customer experience and the product design. And having that resource there in terms of insight marketing just kind of doubled our capacity to think around the marketing and positioning side of it.
And also it's just invaluable when you come to a new product to have someone thinking from a marketing perspective that's got a depth of understanding and information about the products.
At this time, I'd like to hand it over to Ziv Leitman, Allot's Chief Financial Officer, to discuss the revenue sharing business model, which has created a win win situation for both CSPs and Allot and a significant opportunity. Ziv?
Thank you, Barry. Hi, everybody. Thank you for attending our event. I would like to share with you few slides, which will better explain our business model. Security is already an integral part of our offering, and we have security revenues from our current installed base.
In 2020, the total security revenues were $23,000,000 which were 17% out of total revenues. Dollars 2,000,000 out of these were CCaaS revenues. The balance of $21,000,000 came from 3 sources: security CapEx deals security and maintenance of CapEx deals from previous years and CapEx deals of Distributed Denial of Service or DDoS for short, which is a security product for protecting the CSP network itself. Our 2025 goal
is that
more than 50% of Allot's total revenue will be derived from security and our hope is that almost all the security revenues will come from CCAS tied deals. In the coming slides, I will walk you through an example of how we are going after this very large total addressable market, which we presented before, so we can understand the process and the time it will take to build and ramp up the revenues. For internal and external purposes, we use a metric by the name of MAR, which stands for maximum annual revenues. The MAR represent total potential revenues from Security as a Service or CCaaS under the assumption of a 100% end customer penetration rate, which of course will never likely happen. Based on our past experience, the penetration rate after few years can vary from anything from single digit percentages to more than 50%.
We find that this mainly depends on the go to market strategy executed by the CSP. In order to make sure that everybody understands the MAR mechanism, I will use a simple example. Let's assume that we are engaging with the mobile operator, which has 5,000,000,000 subscribers. This CSP intends to offer the security service for an additional $1 per month, which is 5% of ARPU of about $20 As part of the revenue share agreement, let's assume that Allot will receive 1 third of the CSP revenues, which is a third of the $12 yearly fee, amounting to $4 per sub. So if we multiply the yearly fee of a lot of $4 by the 5,000,000 subscribers, we get to an MAR of DCSP of $20,000,000 which means if eventually the penetration rate will be 25%, we will get yearly recurring revenues of $5,000,000 I want to stress that the sales cycle of these deals is rather long and can take up to 2 years.
After signing the contract, the implementation period can take even up to 1 year. After the commercial launch, we should see ramp up in the penetration rate. So if you look at the graph, we see an average penetration rate of approximately 4% in the 1st year, about 12% in the 2nd year and about 20% in the 3rd year. The accelerated growth in revenues will generally continue until we get to the $5,000,000 which represent in this simplistic example, a steady state penetration rate of 25%. The accumulated MAR of all deals signed by the end of 2020 was $280,000,000 More than 50% out of it will start generating revenues at the beginning of 2022 due to the long implementation process as I just explained.
I would like also to remind you that we provided guidance for additional MAR in 2021 of $180,000,000 Perhaps, we can also look at it from a different angle. If we take the expected cumulative MAR of 460 at the end of 2021 and assume a steady state penetration rate of 25%, then in a few years, we can expect just from this MAR figure, yearly CCAS revenues of $150,000,000 which is the 25 percent out of the $460,000,000 The actual CCAS revenues in 2020 were $2,000,000 The surprising last wave of COVID and the associated lockdowns around the world might push a little the timetable of some projects' implementations. However, we believe that despite these delays, we can still achieve annual CCAS revenues of at least $6,000,000 of which most should come in the second half of the year. When applying project cycle mechanism, as described previously, keep adding each year MAR of 180, which identical to the guidance of 2021 and reaching penetration rate of 25% after 3 years, we get the following simulation. So for instance, in 2024, we should already come close to the magic number threshold of yearly recurring security revenues of $100,000,000 Most of our current recurring revenues for the entire company are coming from support and maintenance.
So in 2022, we are expecting more than $60,000,000 in recurring revenues. Due to the expected accelerated growth of CCaaS revenues, we anticipate that in a few years, the recurring revenues of the entire company will be more than 50% of total revenues. Of course, the proportion of the CCAS revenues out of total recurring revenues will increase dramatically to more than 2 thirds in a few years from now. I have just one slide regarding the entire company's revenues. As in the last few quarters, we can see the perfect chart of revenues steady growth.
Q1 2021 revenues were $31,000,000 and the gross margin of 70%, both in line with our expectations. Please remember that traditionally, Q1 is the weakest quarter in the year, while Q4 is the strongest. The Q1 OpEx was $24,000,000 which was lower than our plan due to R and D open positions, which we haven't recruited for yet and we hope to fill them in the near future. We would like to reiterate that our 2021 non GAAP guidance is for revenues between $145,000,000 to $150,000,000 gross margin of 70% and operating loss of $6,000,000 to $8,000,000 Let me remind you that even though we were able to grow our DPI revenues in the last 3 years with a CAGR of 19%, we expect that in the future, the growth of our DPI revenues will be just in the single digits. As explained, the accelerated growth of the company is expected to come from the CCAS business.
So now in order to sum up, there is a huge addressable market for our CCAS business in the magnitude of 1,000,000,000 of dollars as Erez presented. We feel comfortable that we can overcome the challenges of the long sales and deployment cycle and choosing the right go to market strategy. We are very excited about opportunity to show accelerated growth in the recurring revenue starting next year and really turn a lot into a large cybersecurity company with a strong CCaaS model. As my last slide, I would like to share with you regression simulation of Allot security valuation versus other security companies. In this graph, the x axis represent projected revenue growth from 2021 to 2022, which is the independent variable.
The y axis represent the ratio of the current enterprise value to projected 2022 revenues, which is the dependent variable. We placed on the graph the data of 14 selected cybersecurity companies. Please note that we took their total revenue, even though for some of the companies, a portion of their revenues are not considered recurring revenues. In addition, these revenue projections for 2022 were not issued by the companies, but by estimates from 3rd party sources. As a comparison, we placed a lot total projected revenue and the current enterprise value, as you can see in the lower left side of the graph.
When we use just the projected CCAS revenues growth of a lot on the regression line, which means calculating the dependent variable, we get a much higher theoretical valuation of a lot, as you can see on the upper right side of the slide. By the way, the R square of this regression is 81%, which is relatively high. However, this simulation is just one metric and shouldn't be considered as a comprehensive comparison or a formal recommendation regarding a lot valuation. Thank you.
Thank you, Ziv. So now we move on to the final part of our program, the Q and A session. We already have a few questions that were sent in. Please continue to send in your questions via the Questions tab on the webinar platform.
Thank you, Barry. Thank you, everyone. Welcome to our Q and A session. Just remind you that if you have questions, please type them in and we'll do our best to answer them. Okay.
We have a few questions already. I'll read the questions out loud and then we'll try to answer. What caused the big rise in deferred revenue this quarter? Ziv?
The deferred revenue this quarter, it was $51,000,000 compared to 36 percent in the previous quarter. The increase is due to payments that we got from customers for deals that which were not recognized yet. Traditionally, in the past few years, the deferred revenues were between $30,000,000 to $40,000,000 So the current level is rather high, and we expect that in the future, it will be a little bit lower as it was in the previous years.
Okay. Does your mobile security product screen robocalls? No, it does not. The product we provide, like Jael explained, is doing anti malware, anti phishing, anti virus, but it does not provide at this stage at least, we do not provide anti robocall. Okay.
Can you elaborate on the impact of COVID to Allot business and has it changed in the last few months? Yes, I can. There has been as you know, there has been in the last few months, there has been a rise in COVID and the COVID, I would say, crisis actually throughout Europe, Asia Pacific and Latin America. Israel is in a really good situation from COVID and the United States is gladly getting there. But there were many lockdowns in the rest of the world during the last few months.
So to some extent, it's also delaying some of the launches that were planned by a bit more. And probably as a result of that, we may have some impact, but we still believe we'll make our $6,000,000 of recurring security revenue for 2021 like Ziv explained earlier. Okay. With the Colonial Pipeline hack, is there an opportunity for you to partner with another cybersecurity provider to capture this market? Yael, you want to take this?
Yes, sure.
So definitely, we are partnering with customers. We don't believe in having an organic solution for every type of malicious activity and this is not something that we are considering right now, but we are going to consider in the future.
Okay. Thank you. Before developing the SaaS I think by and large, the answer is no. There may be some exceptions, but customers who have bought perpetual license really have very little incentives to move to another model where they would actually pay us more money. I think the fundamental of the SaaS model is that we as Allot take a very significant part of the risk upfront and therefore the operator does not have to take any risk or takes a very, very low risk.
And therefore, if the service succeeds, we get paid a lot more. And over time, those who have bought perpetual licenses and have already taken that risk, So the switch between those is not I do not expect that. There may be specific cases, but in general, I do not expect that to happen. When will the Dish deal start to hit your revenue line? Look, DISH is planning to launch their 5 gs network this year and I do not expect them to have too many customers this year.
So I don't expect there to be too much of that during 2021, but it's yet to be seen. We'll see how the launch goes. We'll see the exact timing and it will depend on that. Since signing the deal with Dish, has there been more interest in your 5 gs business? And if so, can you enlighten us?
Well, I'm glad to say that there has been there's ongoing interest in our 5 gs business. It's that started before we signed the deal with Dish and is continuing and actually growing after that. I think there are several accounts that we are currently in active engagement and I hope to be able to share some news once we hopefully close such an account, we will share that with you. But I think in general, I think the outlook is positive. What is the what do you think is the size or potential size for the 5 gs NetProtect market?
Look, it's okay. Continue what I said before. 5 gs networks are getting launched around the world. And like we talked about during the presentations, there is a need to secure 5 gs networks that is larger than was the need even on 4 gs networks. So I think there's a growing interest in our ability to protect the 5 gs network data plane.
I believe that this is potentially a business of 100 of 1,000,000 of dollars, not necessarily for Allot, but as a market, I think it is not that size today because 5 gs networks are very small still, but as it will grow and the need for to protect them will be large. If we look at the size of protection for current 4 gs network and we look at where this will end up being for 5 gs in several years. I think there's a total addressable market that should be in a few 100 of 1,000,000 of dollars for that business. You talked about security for SMB and Consumer. Why doesn't Allot provide security also for enterprises?
Well, I think like we try to explain, it's a totally different market, okay? It's the enterprise market is one where the buying persona is an IT department in an enterprise. They are trying to protect the company or that enterprise itself from many times, not just generic attacks, but many times direct attacks on the enterprise focused on them, trying to get information or other things out of the company. Now there are many security companies that are dealing with that, Checkpoint Palo Alto, CrowdStrike, many security companies that are developing technology to exactly focus on protecting enterprises from those kinds of very, very significant attacks. Comparable to that, consumers, SMBs are also under attack, but not so much under individual targeted attack.
It's more sort of blanket attacks across the board where the attacker is throwing sort of think of it as a fishing net and trying to catch whomever they can. And that is where we excel. We know how to take the technology and massify it in a way that protects the mass market of consumers and SMBs. And it's a different capabilities and is required to the enterprise market. So we are trying to focus at what we are good at and at what the other companies in the security market, the vast majority of them are less good at.
So they are good at targeted attacks for enterprise. We are good at massive attacks on consumer and SMBs and we're focusing on that area. How much latency does your security solution add to subscribers traffic?
I think almost none. Yes, a few almost none security to our basically doesn't perceive any latency issues at all.
Who do you compete with on 5 gs NetProtect? In protecting the network itself, the 5 gs network itself, we're competing I think with the companies that are providing DDoS protection for the 4 gs networks. These would be companies like Arbo, for example, Radware, etcetera. I would expect to find them as what I would expect. I am finding them as the competitors in this area.
There may end up having more competitors in the future, but those are the main ones. Can you discuss any progress you are making with the Broadcom relationship? What are your future expectations for these products? I'll remind everyone that the Broadcom relationship, it's a deal that we signed approximately 1 year ago with Broadcom, where Broadcom had a product line, Pacateer, which is a DPI, traffic management product line for enterprises. And we were in our DPI business, we were competing with them with our DPI product.
And we signed a deal a year ago with Broadcom, where Broadcom basically did end of life for the Packetier platform and interested in that are we're interested in continuing with on-site traffic management like Pacatir and Dalot do to bring them to Alot and refer them to Alot and recommend that they buy the Alot product. I can say that it's going very well. We are signing up more and more value added resellers and distributors that were formally distributing Broadcom product. We are gaining market share and we are growing our bookings and revenues in that business. And I believe that this year we should be growing significantly the enterprise portion of our business to a very large extent due to the Broadcom deal that we did.
Okay. A bit of a long question. Thank you for providing very helpful analysis and revenue build for future years. Is the assumption of $180,000,000 MER per year conservative? It seems possible that a single large operator could represent $300,000,000 or even $500,000,000 of MAR using even the low end of your assumptions.
Connection with this, could you elaborate on traction in North America market outside the recent win with DISH? Look, I think it's I would like the $180,000,000 to be conservative, but I honestly don't know. I think we're taking a realistic target for this year. I hope that we will be able to exceed it, but I don't know. And what is going to be the MAR for any individual customer depends to a large degree on exactly what is the deal that we will sign with them.
Is it possible that a single large operator could present a larger MAR of several 100,000,000 of dollars? It could very well be, but also remember that the larger the operator, there is also a larger leverage in the from their part in striking the deal with us, including the possibility to put some sort of cap on very, very high penetration numbers, cap in terms of what they will pay us. So I think we're taking a realistic number with $180,000,000 We hope to be able to do better than that, but we don't want to create sort of illusions on this. Traction in North America market, I think is now very good. I think I talked about it in the previous earnings call.
What we are seeing now that we did not see a year ago even is significant interest from several North American operators to provide security as a service to their customer base, provide network based security as a service to their customer base. This was not the case a year, 1.5 years ago. We're engaged with several operators in North America. The first one we signed the deal with on protecting the network itself was with DISH like we announced and we expect to sign a deal with DISH also on the security as a service, on network based security as a service for their customers. We are in active engagement and this I mean, some of it in trials, some of it in even in commercial discussions with other operators.
So I'm optimistic, but yet to be seen if we close it or not. I'm hopeful. Can you elaborate on the difference between your offering to DISH and Palo Alto's offering to them in terms of the 5 gs solution. Palo Alto, I'm not an expert on Palo Alto, so I'll phrase it in general terms. Palo Alto is basically offering a firewall that is protecting sort of the entry and exit from the network, mostly the entry into the network from various types of attacks, but this is a firewall.
What we provide is the ability to do real time analysis of the traffic that is going on, on the network and identifying attacks that have managed to pass the firewall. They could have passed it because they were abrupt, They could have passed it because it's an unknown source. There are various reasons why things do pass firewall. To a large extent, we are also the main protection from attacks that originate inside the network, such as bots that are connected to the network and are not trying to attack the network itself, but are actually trying to use the network as a means to attack someone else, which is also very important. So it's really these are I would say, these are solutions that complement each other.
What accounts for gross margin declining from 74% to 70%?
Ziv? So in the last few years, the average gross margin was around 70%. Specifically, in the Q1 of last year, there was an extraordinary one time favorable mix of products, but it was something unusual. So we can expect that the average would be around 70% as it was in this quarter.
Is DISH or other U. S. Providers seriously looking at your recurring revenue technology? The answer is absolutely yes. And I think I answered a similar question.
Yes, there's a lot of interest today in the North American market for this And it's very different than what we saw previously. So I think I'm positive I have a positive outlook on what do I expect to happen in North America on this. Security as a service seems like a no brainer for any operator. Why don't all operators launch this service immediately? Okay.
We would like them to. They are taking their time. Look, I think it's for a few reasons. First of all, let's face it, communication service providers, operators are relatively, I would call it slow moving entities. They have large networks to take care of, they have many millions of customers, they are concerned of disrupting the current business that they have.
So things take time with operators And I think anybody who's worked with operators can appreciate it. That's why it takes between 1 to 2 years to close a deal. And even after we close a deal, all the implementation, testing, integration, etcetera, etcetera would take between 9 to 12 months easily until the service is actually launched. Even though technically we could launch it much, much faster. There is not that much work, but there is a lot of testing, making sure and so on that's going into this.
I think that one of the things that operators are looking at today is that they have launched over the years many different value added services. And when you talk to operators worldwide, they typically think that the value added service is something that will provide a 2%, 3%, 4% penetration, just like security apps that they are selling. That's about what the penetration rates they expect to see. And here we are coming with a different security solution that says, no, this is you can sell this to the market as a value added service, but you are able to get if you have the right go to market, you're able to get much, much higher penetration rates. So this is a relatively new concept and being a bit more conservative and taking time to make such decisions tends to make their decisions a little more prolonged and more delayed than we would like them.
However, having said that, I think that there are more and more operators that are seeing today that this is indeed a significant service. They are seeing the success that other operators are enjoying. It started out with a small number of other operators. It's growing slowly, gradually, but slowly. So more and more operators are starting to be convinced that yes, indeed, they should launch such a service.
So I talked earlier that we're that in answer to a different question that we are seeing North American operators interested in this in a way that we did not see a year, 1.5 years ago. Throughout Europe, for example, we are seeing RFPs to launch for a technology company such as ourselves to partner with the operator and launch security as a service to the consumer and SMB market. And there are many more RFPs now than there were 2 years ago. So it's taking time, it's taking the more time than I would like, but slowly but surely I believe they are getting there. This we talked about.
Does 5 gs NetProtect revenue depend on customers? No, it does not. The NetProtect is a product that protects the 5 gs network itself. So that is a deal that we did with DISH to protect the network itself and our revenues does not depend on customers, it's really the protecting network itself. The other deal that we hope and believe we will sign with Dish for launching security as a service to their consumer and small businesses customers.
That will be a recurring revenue deal like we talked about today during the presentations that will depend our revenue will depend on the number of customers that sign up on it. What type of indemnity agreements do you have in place with your CSP partner? In the event there is a network outage that the CSP partner could allow to be held liable? It varies, but generally we've been working with operators for many years as a company. We've been working with them on and putting in line technology for many years in DPI and recently more and more for security.
We are of course, we do have liability clauses in the contract if we cause major disruptions and so on. We have clauses of penalties and etcetera, but they are I would say they are the standards in the industry. It's not something that suddenly all the revenues of the operator were liable for that. That's not the kind of things. It's you normally sign a deal for a certain amount.
We stand behind our product. There are penalties to pay if we do not meet our obligations. And I believe that I wouldn't say never ever, but it's not we don't pay penalties as a general sentence, so we're okay.
So we have an enforcement point exactly for that use case in which there is no mobile connection of the CPE connection, but Wi Fi connection, our endpoint secure solution is taking care of that.
And it's under the same umbrella?
Under the same ASM umbrella, same look and feel, same management system, everything the same.
I would add to that just a comment that while we have the capability, most people, even when they buy a combined package of network based security and endpoint security, most people don't download the endpoint for the same reasons we talked about today. They just don't bother to do it. So it's there. Technically, we provide a full suite solution, but the same inhibitor to actually downloading exists here as well. What do you guys lose sleep over?
Okay. Personally, I try to sleep well. It helps me work the next day. I think look, I think we explained what we're going after, right? We want to sign up more operators.
We want these operators to go aggressively into the market and sign up and get more and more customers using the network. And I'm not sure losing sleep is the right phrase to use, but if you ask what are we focusing our efforts on, it's that. Azim?
I think we have as was presented, we have a huge addressable market. There is a need for our product, for our solution. And the challenge is the execution. And the execution is the long sales cycle, the long implementation cycle. And this is our challenges that we are focusing.
But we are very optimistic that we will overcome those challenges.
You mentioned your hope is that future revenues in security would be largely CCaaS. Will 5 gs UPP, user plane protection CapEx deals fall in DPI or security revenues? And given your view of a multi $100,000,000 TAM in 5 gs, could this represent upside to growth in non CCaaS? CapEx deals UPP is a security product, So we count it as security revenues. And yes, this is an upside to growth in our non CCaaS security revenues.
Is the revenue model for the deal with DISH recurring also? Is it for again, 2 deals with Dish, one that we signed and closed, which is NetProtect to protect the network itself, user plane protection. That's a CapEx deal, not a recurring revenue, that is signed and done. We have another deal pending with Dish that we've both announced together that we fully expect to sign it, but we have not signed it yet for recurring revenue sorry, for security as a service for their consumers and SMBs, that will be a recurring revenue deal for us. When will your company be sustainably EBITDA positive?
How much cost investment do you need going forward?
So according to our guidance, this year we will have a negative EBITDA of a few 1,000,000 of dollars. Currently, our main priority is to focus on growth, but we know that growth, it's just a mean in order to provide profitability because our goal is to provide profitability and positive EBITDA and positive cash flow. But the mean is to grow the company. So we didn't give we didn't provide guidance for next year, But definitely, in the next few years, we will have we'll be EBITDA positive.
I think I'm going through the questions here. I think many of them are repeating questions we already answered. Okay. Thank you very I want to thank everyone for participating in this day. I really appreciate the time and I appreciate everyone who stayed on until now.
It's not trivial and it's not taken for granted. So thank you for your interest in a lot and I really, really hope to meet with you definitely in the next earnings call, but hopefully with some of you before that and hopefully even face to face. Thank you very much.