All right, well, welcome everyone to our 28th annual Needham Growth Conference. I'm Matt Calitri from our Infrastructure Software Equity Research team. A great pleasure today to be joined by Allot CEO, Eyal Harari, and CFO, Liat Nahum. Thank you guys for being here.
Thank you very much, Matt.
Maybe just to start, for any investors that are newer to the Allot story, if you could just provide a quick overview of the value proposition that you guys are delivering?
So, Allot is offering today. We are focusing on cybersecurity services for consumer and small businesses, leveraging our networking technology and relationship with CSP, communication service providers, as strategic channels in order to help protect and give the right cyber defense to those customers. Our legacy is coming from being a network intelligence solution. So, we have over two decades of experience on building carrier-grade solutions to help monetize, optimize, and secure networks. And in the last few years, we took the same technology and relationship and diverted it into how we can monetize those by partnering with the communication service provider and become an added value service to protect their customers.
Awesome. And so then, as we look forward over the next two, three years, how would you outline the growth strategy?
So today we have two business lines. One is the networking side that is today about 70% of our business. And the second one is the cybersecurity as a service, SECaaS in short, that is about 30% of our business. What we demonstrated during the last few years is a very high growth rate of strong double digits in the security services. This year we guided that we should cross the 60% year- over- year. Last year we grew, last year I mean 2024, we grew more than 50%. And this becomes a sizable part of our business and driving our top-line growth. On the networking side, this year we guided that this should be stable with slight growth. And we expect this to continue in a similar way.
So we get some scale from the networking side, but most of the growth is coming from the cybersecurity investment that we do. And as the cybersecurity reached an inflection point that today it's about 30% of our business, this strong double digit starts to affect significantly on our top line. Last quarter, Q3, we reported about six weeks ago, we reported 14%, 14% growth rate on the top-line revenue. And it shows that the investment in this CCaaS growth driver starts to really make the difference.
Yeah. I want to stay on that CCaaS strength for a second. You've seen strong recent deal signing traction there, including the win of Verizon as a new CCaaS customer, which has been great for momentum. What's driving this momentum and the wins with these major telcos?
What we are seeing is that cybersecurity is becoming more and more critical in the last few years. This is not secret. Over the last over a decade, most enterprise companies understand they need to have multiple solutions to really protect themselves from the threats out there. What we realized is there is a layer of all of us as consumers, as well as small businesses, that are left unprotected. Why? Because most of the solutions available today are too complicated, too expensive. They don't have the means and the knowledge how to operate them. We realize this end-user segment potentially can be addressed by the communication service provider that's already selling them connectivity. As you sell connectivity, the cybersecurity protection could be an add-on on top of this connectivity. And this resonates very well with the go-to-market of the carriers.
We invested in recent years in four drivers that are promoting our security offering. First is we expanded our sales team to go after new partnerships with new CSPs. Every new CSP we partner with is opening us an addressable market of their customers. So many of the CSPs, the tier ones around the world, they work with millions of subscribers. By partnering them and implementing our solution in their network, we now have the option to upsell into their install base. The second part, we already gathered over a dozen leading CSPs around the world. Usually, we are starting with one part of the network we are protecting. It could be consumers or businesses. It could be fixed or mobile. It could be at the Wi-Fi or on fiber.
Those that we partner with, they usually start with an initial project, and then they look at how to further expand and protect other parts of the network. In the last year, we shared the expansion of Verizon, starting with us to protect their FWA, fixed wireless access customers, which is a niche. Now they're also protecting their mobile business customers, which is a much bigger segment. Vodafone was working with us on the consumer side. They expanded with us into the home network, the fiber connectivity. Those drive another level of expansion. Third, those services that we have, we see typically between three and four years until we get to maturity with the service.
So when you launch a new solution, let's assume you protect your mobile customers, the cycle of the CSP selling to the end customer, it takes them usually between 36 to 48 months to really utilize the opportunity. And this depends on the cycle of their engagement, like how often you change your phone, how often you change your plan. And therefore, any new service we launch gives us three or four years of growth. We call it organic growth within this option by more customers joining through the operator we work with, through the network we cover. And last is we have our R&D investing in innovation. We are keeping enhancing our cyber protections by adding more and more models. For example, we launched a couple of quarters ago a new product called OffNet that protects you also when you are disconnected from your home network.
We launched a firewall product, and we are continuing to add more innovation and introducing new cybersecurity protection engines. They are adding to the security portfolio, and they are creating upsell and cross-sell opportunity, so new CSPs as partners, new parts of the network, additional customers on the service we launch, and then new cybersecurity engines that add the output from the customers. All are working in parallel, and this is eventually what drives our extraordinary growth this year, and we are looking to further grow in the years to come.
When you think about winning a CSP, how are you deciding who to target there? And what does that sales cycle look like?
So the sales cycle for CSPs is relatively long. We are talking between 12-24 months typically. We are prioritizing. We are really working on targeted accounts as we really try to analyze the opportunity with the specific carrier. It's a small market in terms of number of customers, and most of them are very large and the way we prioritize is first how much cybersecurity is important. This changes between territories and also between carriers in the same country. Some put more emphasis on cybersecurity, and therefore it resonates very well with their offering. Some, it's less important. Second is what is the value of the customer? What is the output? The higher the output, the easier it is to have an add-on of cybersecurity, and of course, the number of subscribers. We also analyze the competitive offering in the territory.
So if one carrier is already offering something, usually it drives demands for others to also offer cybersecurity products. And by that, we prioritize really target account base, really going after the larger carriers that have millions of customers that are willing to pay and therefore can try and generate for us a sizable addressable market by partnering with them. We are really working across all territories. And one of the advantages of Allot, we are very well known in the industry. We have a lot of relationships with CSPs for the last two decades, w e are known for our networking side a nd this opened the door for us either by our brand and a lot of those customers are doing with us something on the networking, and we are expanding into the cybersecurity.
And when we think about those different vectors within those deals, right, we're like winning CSPs, ramping penetration within those, and then expanding to different aspects of their business, what factors should we be looking at to measure progress there? And how do you think about the relative importance of those over time?
So they're all important. They are mainly looking on different timelines. So the short term, in terms of a few quarters, this is mainly driven by the adoption of the service by the customers we have. On the midterm, it's more products and more network segments that we cover because you already have the infrastructure in place. You just need to build a new service. And this supports the midterm growth. And the longer-term growth comes from new channels, new CSPs that we partner with. As I said, the beauty is that we are working in parallel on all of them. The main KPI we view is the ARR, the security ARR. And this is the main way to view our progress. And we are showing good results, as you saw, consistently in the last few years. And it's now about making sure we are sustaining these goals moving forward.
Yeah. It's a good problem to have having too many growth vectors to focus on, huh?
Again, it's not a problem, but more really to work in parallel, so we know not everything works perfectly in life. In some areas, you have better success. In some areas, you have lesser success, but the beauty, because it's working in parallel, we need to be somehow successful in some of them in order to drive growth, and if multiple of them are working well, we get extremely high growth, like this year that was even faster than last year.
Yeah. And speaking of the recent momentum, congratulations on the partnership with Compax Ventures that was signed yesterday or announced yesterday. Can you explain what Compax is doing with their telco as a service model? And why was DNS ecure and OffNetSecure like a perfect fit for that model?
So Compax is not a traditional carrier like the Verizons and the Vodafone. They are mainly focused on MVNOs, virtual carriers. They are riding on top of another traditional carrier to provide the infrastructure. Like T-Mobile is their partner in the U.S., and they work with other partners globally. And they're more focused on the business side. They are creating brands and communities. And they are promoting their own mobile service that is targeted for a specific audience. What they decided to do is to create brands that put security in focus. They are looking to put a differentiated package, not only compare they cannot go and compete with AT&T, Verizon, or T-Mobile on the same game because they must have real differentiation. And they are trying to create a unique value proposition for the customer with the content, with the applications, a nd one of them is security.
They really want to emphasize security as something that is different, and any customer they are going to offer, they will automatically offer them the security of Allot, and they take really the comprehensive package of our cyber protection in order for you to be really getting the tools you need. The beauty of that, it's really put us as a strategic partner of them, and it's not just an add-on, but a strategic part of the offering, and we are very excited because now it's another seed that we plant, and now we are hoping for them to be as successful as possible, and with their subscriber growth, this could be driving growth for us.
That's great. So is it fair to think about that as, like you said, it's tough to compete with these bigger providers? They need a more complete solution. And as we've seen in some of the reports you guys have put out, that cybersecurity is a growing focus for.
Yes. And you see in the States, you have, for example, Mint Mobile, Boost Mobile, Cricket. You have different virtual brands that some of them were eventually acquired by the larger carriers. Some of them were independent. And they managed to get, with a different marketing approach, they managed to get a specific audience by really creating a package for them. So this is what Compax is trying to do worldwide. They're also active in the States a nd I believe this is a very interesting business model a nd we're very happy with this partnership.
As the CCaaS business continues to grow, how should we think about margin and scalability on that side?
In general, we see that our CCaaS business, which is a SaaS-based business, usually run on the cloud infrastructure, has gross margins of the ranges around 80%, more or less. We have the network intelligence part, which is in the ranges, as we shared before, of 70%. Overall, when we look at the last few quarters, as CCaaS is becoming more and more material as part of our revenue and is growing, then we see that we are reaching the ranges of around 70%, for example, in Q3. Those are the ranges that we need to think about looking ahead.
And as the CCAS expands, the gross margin should improve. And in the long run, some of our analysts are modeling up to 80% when cybersecurity is the dominant part of our business.
That's excellent. I want to hit on the legacy side of the business as well because you guys are seeing strength there, which is great. Reaching double-digit win in traffic management deal in EMEA, what gives you confidence that this part of the business is stabilized?
So this is something that Allot was doing for a long while. We have great technology and a great customer base. About half of these businesses are recurring, mainly on support and maintenance services, which is quite sustainable over time. And about half of this is new product sales, product and professional services. We managed to score some new deals. One of them is this tens of millions of dollars that was won about four or five months ago that is giving us the visibility into 2026 and 2027 in terms of revenue. We also announced we won several multi-million-dollar deals with new logos. So we really have a great product. And we launched a new platform called Tera III, which is today the most scalable platform in the market. We have a very wide set of capabilities from the network optimization through analytics to cyber protection.
This is really positioning us very attractive in the 5G environment where network scale and capacity and scale and cost per capacity is becoming very critical. With a very large install base, we have both upsell opportunity or refresh opportunity with our install base that takes happens in cycles. As well as we see that the market really accepts well the new platform. People are excited about the capabilities. This is why we see also some new logo wins. We are still seeing the cybersecurity as our main focus. This is where we are driving. We're looking to take the company more and more into the cybersecurity. We guided this year, I mean, 2025, that we will do about the same, but with a great execution. We already increased our guidance that we will have slight growth.
And as we already have some multi-year, multi-million-dollar wins, we believe in the next couple of years there is good visibility to at least do the same with slight growth and potential for upside. If we win and repeat the same success, winning more new logos, some of them are sizable. This is not all ARR like the CCaaS. So it's a lot about winning new projects and executing on those projects.
You mentioned Tera III, which is a major innovation. Can you help us understand how that's allowing you to place more competitive bids when previously it would have been more expensive on your end?
So we see that we are unmatched in our scale, both in terms of functionality on the same platform as well as reaching those high speeds up to 3 Tbs. So if you are a tier one carrier that you need very high capacity, this platform becomes very, very attractive, not only because it's future-proof, but because it allows you to be creating a very efficient operation. One of the challenges with the growing traffic with AI, 5G, driving more and more capacities, a lot of videos, that it becomes very expensive, not only in terms of buying those solutions, but also managing them.
By having this platform providing multiple value-added capabilities like analytics, security, and traffic management in one platform, this is really making it much more valuable. And the fact that it's highly scalable and very efficient makes it also affordable for them. We see our existing customers really looking to upgrade to this platform, and we see some new customers that they scout the market, and they see that this is unmatched by our competitors, and they're really considering swaps, which drives additional growth to our networking business.
Awesome. You guys presented a good set of third-quarter results back in November. We've hit on a lot of the strength here. But any other key takeaways that you want to make sure that we're paying attention to?
I think that, as Eyal mentioned, we have a very nice backlog and visibility for 2026 and 2027. And one more important KPI from our end is our recurring revenue. So almost 70% of our revenue is recurring, either maintenance and support from our network intelligence, as well as, of course, the CCaaS ARR. So overall, more than 2/3 of our revenue is recurring, good visibility, very optimistic.
Profitability expense.
And so when we think about the raise to the 2025 CCaaS guidance, is that it's the backlog, it's the recurring revenue, just?
It's all those four drivers, new customers, new services within existing customers, higher attach rates of adding more end customers to the services, and new products that we launched, all of them working well. And this drives this above 60% that we guided. We raised the guidance twice along the year. And we are hoping to continue to grow very rapidly in the years to come.
That's great. When you think about recent customer conversations, is there, besides just like a push for cybersecurity in general, are there any key themes that stick out? Are there any key features? Or is it more just the thought of having a unified platform that's driving a lot of success?
One of the things we see is that the awareness of cybersecurity on the lower market, on the consumer and SMB, is getting higher. People are looking for better protection. And it resonates very well with our addition of new cybersecurity engines, like the firewall capabilities and OffNet, things that are very much commodity on the larger enterprise. People are understanding they need those levels of protections. AI creates a big worry of fraud. Fraud becomes very easy to do. If in the past, as an attacker, you had to invest quite a lot in order to build attack vectors, now you can run AI agents tailored to attack even a smaller business very, very cheap. And this segment is unprotected today. And they start to see, and I'm sure you also follow the news, there are Deepfake voice, Deepfake videos, social engineering, very easy to implement today.
And if in the past this was going through the enterprises in order to take the hundreds of millions of dollars or millions of dollars, now we see the attacks even to grab tens of thousands of dollars from smaller businesses or individuals. And people understand they need some technology to help them to be protected. You cannot be protected against AI-based fraud if you don't have any technology to help you because it's too sophisticated. You really cannot tell if you don't have something that helps you. And this is where already the technology we have can help. And we are continuing to enhance it in order to have another layer of protection, as this is an ongoing battle between the attackers and the defenders. And AI is definitely changing the game here.
My mom came really close to falling for an AI Deepfake the other day. They're getting good.
Yeah. We all get so many phishing attempts. They invest, t he agent has time. It's built gradually. It's not like brute force. Someone is calling you with a weird accent and trying to convince you that it's the IRS. Now they have time. You get 10 or 20 calls and emails, and they try to build your confidence. They have time because these are AI agents. And I hear more and more about people that are falling into those errors.
And I think it's going to be worse before it's going to be better. And this is our responsibility as a cyber community to give tools not only for the bigger companies. A lot of efforts there, I'm sure those that follow, all the big cyber companies, are trying to really address those sophisticated attacks. But there are those smaller businesses and consumers they also need tools and w e are there to help them.
Like you said, the customer awareness certainly seems to be growing, too. And you guys issued the 2025 Allot Global Consumer Security Survey, which showed that consumers are certainly willing to pay for it. You guys have also had some blog posts out sort of talking about some friction and adoption barriers for CSPs getting there. What are those adoption barriers? And how are you helping to alleviate some of those?
So our advantage is that we implement our technology on the backbone of the network. This is where we have unique technology. We have unique engines. But you do have this one-time, let's say, setup that you need to implement and integrate our technology into the backbone. Once you do that, the incremental customer is very easy. It's zero touch, hassle-free. You just need to subscribe to the solution. Your traffic, your network connectivity goes through our software. You can call it like a secure slice. And we are protecting you from the incoming attacks and outgoing attacks. But you have this one-time investment that you need to do. And in a CSP environment, this takes time, a nd you need to build the infrastructure. So you really need to have the vision. And you really need to be strategic around it.
And this one-time setup and one-time effort is sometimes a barrier that you need to cross. It takes them resources to implement. It takes them resources to buy the infrastructure. And then once they are ready to launch and go live on the product side, this is going very smoothly. They just need maybe to do some traffic expansion with more customers. But this is a good problem to have. But today, where CSPs are CapEx-tight and resource-tight, this is where we need to convince them really. And we need to see that they believe cyber is a core part of the strategy. Good thing we see more and more carriers are viewing that.
When you think about the growing end customer demand and people like Compax Venture Partners, like putting packaged solutions out there to compete, do you feel like at a certain point, like these CSPs, you're going to have no choice but to move to having an offering?
I think, yeah. Most CSPs already have no choice. They have some kind of offering, but there are different solutions you can provide. There are solutions provided today by an endpoint application. Many of the CSPs offer that today. All of us as customers don't like it. No one wants to use it or download it, but at least they check a box. We do see some competition coming from the DNS providers. This is considered the lower level of cyber protection, but it's easier to implement, so companies like Akamai or Cisco or Infoblox, they can offer cyber protection through the DNS. It's a nice step towards that. Many times, it's not something you can monetize because it's too basic, but again, it's check a box, and the overall direction is to have more and more offering in the, let's say, developed market, like North America, Europe.
We see many of the carriers offering something, and the demand is to have better and better protections. In the developing markets, some of them are not protected at all, and this is usually lagging in a few years, but this will come, so overall, we see that the awareness of the CSPs is there. They need to see that they can monetize it because this is where we really focus on those that can monetize this as a service and not just be part of the CapEx spend or cost-based as part of the network. Because then you are getting into tight budgets and this CapEx squeeze many of the CSPs elsewhere. We are focusing on how we can not only protect but monetize these services and add on.
Does that incremental CSP get any easier as they see, oh, my competitor's using this and they're monetizing it?
Of course. When you have customers like Vodafone, Verizon, and Telefónica as a reference account, it makes everyone easier. The CSP is a small village. Everyone is following the big guys they want to see. There is also competitive dynamics that if someone offers in the country and suddenly there is a differentiator, let's say I'm in Operator A and I'm being offered a cybersecurity package and now I'm in Operator B and they cannot offer a similar level of protection. It's a differentiator, and we know it's very hard to differentiate today in the mobile space. We see reports showing that once you implement cybersecurity, you improve the churn rates. You see lower churn for customers that are using the service because they have a differentiated value to offer, so this definitely helps the dynamic. On the other end, of course, no one wants to be me too.
So, we are trying. Sometimes we have opportunities with multiple carriers in the same country. They're trying to build it in a different way. And part of our advantage is we have 360 degrees of protection. So we can have a different mix and match, a nd it's a lot about the marketing. Seeing partners like Compax, that is not a traditional telco, also seeing security as so important, this has really got us excited how important cybersecurity becomes because they can take any marketing approach they want. And they decide to take cybersecurity as an anchor value. So I believe it shows the market maturing to acknowledgment of the importance. And this will drive more and more demand in the years to come.
That was great. I want to make sure I'm not chewing up all the airtime here, too. Any questions from the audience?
Yeah. I mean, I know I wrote some time. I think you're doing a really good job.
Thank you.
Definitely much clearer vision. What percentage of the customers, the legacy customers, actually moved to the cybersecurity?
So in terms of numbers, we have on the legacy, we have more than 1,000 customers. And on the cybersecurity, we focus on the larger ones, on the tier ones. We have less than two dozens. Not everyone that is a customer of the networking is a potential. Some of them are, I would say, too small to have a business case. But definitely, there are many existing larger tier ones across the globe that are working with us or worked with us in the last few years that are still a potential to upsell, cross-sell into the cybersecurity.
Definitely, there is much more potential there. And as we scale, we are trying to see how we make it easier to implement. And if you have already a platform like the Tera III on the same platform, it is easy to have an add-on to cybersecurity. So if someone upgrades to this new networking part, it's really an incremental investment to go into the cybersecurity services.
Just another question. As far as long-term, where do you want to take this company? I mean, what will be the next part of the next area? Where do you want to go?
We have in our plan three phases. We just completed the first wave, which was to start to turn around the company, move into break-even, and start to generate profitability and come back to growth. 2025-2027 is about profitable growth, mainly organically with the products that we have. The third phase is we are looking to further evolve the company. We have how we drive the ARR to $100 million. Now we are also looking at how we take it from $100 million to $200 million. Some of that could come from the current product. We are looking to further enhance our cybersecurity offering and looking for ways how we can accelerate our transformation. We believe that in a few years, it depends how fast we grow in cybersecurity and how much we grow in the networking.
The majority of our revenue will come from the security services, and we are looking for ways to bring more value, more cyber protection so we can go from we are starting from the lower market and going up. This is the classical disruption approach, so we are looking to increase our cyber protections with more and more engines. And this will allow us also to go to larger business customers, and this is one, and second, we are looking to further enhance our channels to find additional ways to get and protect the businesses, mainly, and mainly also consumers, not rely only on the CSPs.
So in the, let's say, 2025 to 2027, we are mainly focusing on CSPs. They are a great match for us because we know them. We have a lot of them as our customers. And it's very efficient. You can work with a few very large organizations and reach millions of millions of potential customers. But on the long run, we believe we can expand and reach using other channels and have an additional set of protections.
Does it mean that you're going to be in a different segment of the market or customers o r are you going to stay with carriers?
No. So we're going to stay with the carrier but add additional channels to reach the consumers and the businesses with additional channels that will allow us to further accelerate our reach.
Yes. Can you elaborate on your comment on your security around AI, video, fake videos? How do you participate in that?
Security AI is becoming something that is creating a higher level of fraud. You really need to be up to speed because you don't have time to react. This is in general for the whole industry. The problem of today, the assumption is that you have time between the attack starts to happen until you can respond. Sometimes it takes years that you plug it. Sometimes it takes months or days. It consists of a lot of manual work involving the cyber defense. It's clear that today what you are not going to automate is not going to be enough because we are too slow. It means that we need to learn about new threats.
For example, if there is a phishing attempt site, you are trying to go to your bank account and you are somehow going to a fraudulent site that is impersonating to, I don't know, Bank of America. It's not that this site will be there for a year, and then you can mark it. It can come and go in seconds or minutes, and we are adding technology to identify those automatically using our AI technology because the only way to fight AI is to use AI. It needs to be automated, and therefore, for example, we would be able to identify those frauds immediately. If we are talking about, for example, DDoS attacks that are usually today identified by patterns, and you identify the attackers or the patterns of attack that evolve. You have now attacks that are new and generated every time in a different way.
You cannot learn from the past. You really need to assess in real time what's going on and respond immediately. The fact we are coming from the network and we see the millions of customers in the carrier, also in other carriers, allows us to spot very quickly patterns that are considered to be anomalies and not know the specific attacker but know how attackers in general view. We have the scale advantage. Therefore, we can react immediately and protect you as a customer. Remember, we are addressing the lower market, us as consumers, small businesses.
They don't have any other way to protect themselves. The damage that could happen to them is huge. Of course, some of the AI technology is how to build a product faster, more efficiently. This is, I believe, with all companies. All companies today are focused on how you can develop software faster and richer and more affordable using the AI tools. But for us, it's also about how you create this cyber defense in leveraging the AI.
With that, we're out of time. Eyal Harari, thank you so much for joining us. We're so excited to keep following the Allot story.
Thank you, Matt. Thank you, everyone.