Thank you everyone for joining our Needham Tech, Media and Consumer Conference. I'm Matthew Calitri. I run the infrastructure and cybersecurity software equity research team here at Needham. It's a pleasure to be joined by Allot CEO, Eyal Harari, and CFO, Liat Nahum. Thank you guys so much for being here.
Thank you, Matt. Thank you all for joining us in person and online.
Yeah.
Happy to be here.
Awesome. Maybe just to start here for anyone that might be new to the story or revisiting it, can you provide a quick overview of Allot and the value proposition?
Sure. Allot has been around for a while, and we started our business focusing on network intelligence, making sure that we add product and solution that help you monetize and make the most out of your network assets. Over the years, we identified that with the same technology, we can leverage it into cybersecurity and start not only to optimize the network and monetize it, but protect it, focusing on relationship with CSPs, Communication Service Providers. Working with this industry, we realized there is a gap that is underserved population that today are not protected by any cybersecurity solutions in a proper way, which is consumer and small businesses.
We pivot the company a few years back from being a network infrastructure focus to becoming a cybersecurity expert, leveraging our networking and cybersecurity to create a distribution product that with zero touch protect millions of subscribers, leveraging our CSPs as distribution partners and creating a value-added service for them. Today as a company, we have those two product lines, the networking infrastructure asset we call network intelligence or Smart product, and the Security-as-a-Service, SECaaS in short, which is today our very fast-growing growth engine, growing over more than 50% year over year for the last three years. We are looking to see how we can provide more value for those underserved population to make sure they are protected in this, the new digital life, digital environment, ever-growing cyber concerns.
That's great. We've talked in the past about the different growth pillars that you guys are executing about. Can you help us outline those?
Sure. Most of our growth is coming from the SECaaS product line. Again, what's driving us to grow more than 50% year-over-year is the fact that four pillars are working in parallel to drive this product growth. First is that we work and we have teams that are looking for new partnerships with new CSPs. Each CSP that we partner with expand our TAM into its own subscriber base. If we close the new deals with the CSP with 30 million subs, suddenly those 30 million subs are potentially to sell our cyber solutions. On the second level, those that we already work with, we usually start in a certain part of the network. Like we start on the mobile network, but then we can expand into the fixed.
We start with a consumer domain. We move into the business domain. Carriers usually have multiple services we can expand to. Third is what we call organic growth. After we launch a service with a certain CSP, we start with the first subscribers. We have sustainable growth of like three, four, five , sometimes we see even seven and eight years, that we capture more and more share out of the customer base. It's related to the sales cycle of the carriers to the customers. This allow us to grow with the customers we already have, with the services we already offer. Last is we continue to innovate, create new cyber protection engines, new products that we can upsell and cross-sell to the same customers, to the same end customers. One example is the OffNetSecure product we launched last year.
If we protected mobile devices when they are connected to the network, we introduce a new product that keep them protected even if they are moving to a Wi-Fi, whether it's a Starbucks or at home. This product brings more value to the same end user and therefore, create an opportunity to capture more revenues. All of them, what's nice about it, they're working in parallel. We have hunter sales team going after new carriers. We have our customer success working closely with our customers to make sure we have new projects and new product and new customers joining to the service. Our marketing team working on churn and adoption of new end customers. Last, our R&Ds and product works to create new product offering.
If we are successful in most of them, this what translate to the very high growth year-over-year.
Yeah, a lot of different avenues you got there.
Yes.
Always makes our job a little bit easier. Today's fireside was very timely with you guys just releasing earnings results yesterday. Strong results too, might I add, awesome to see.
Thank you.
Can you help us with some of the key takeaways from the quarter?
We had, as you say, a very strong first quarter, a good start for the year. Our revenue was $26.4 million, up 14% year-over-year, and that makes the third consecutive quarter we are growing double-digit growth.
Our SECaaS ARR, which basically represent this growth pillar of the security service, was $33.7 million for the quarter, up 59% year-over-year. We had a very good operating margin of 9.9%. Overall, very good results. We also indicated our guidelines for the year. We indicated as last quarter reiterating our guidelines for revenue of $113 million-$117 million. We added that we feel increasingly optimistic about reaching the higher end of this range. In addition, we introduced some more color around the SECaaS growth, and we indicated that we will grow the SECaaS revenue, the Security-as-a-Service revenue this year, by 40% or more year-over-year. Overall, very strong Q1, and looking ahead to a very good year.
Awesome. Yeah. The SECaaS revenue guide, that previously you had mentioned you expect SECaaS ARR to grow robust double digits, and now we've got a more specific 40%+ revenue target. I guess, what did you see driving strength there to start the year, and what gave you the confidence to give that sort of updated guide?
We saw Q1 was, landed with very high ARR goals. Which is reflecting the potential for the year. We saw very good attach rates with our current launch services. This give us the visibility and confidence that already now in this early stage of the year, we see 40% growth potential or even more with the current project, with the current customers. We are obviously working to continue to engage with more customers and upsell into more products with our existing ones. This would be starting to support growth towards end of the year and mainly support 2027 growth. We really feel strong with the first quarter start.
Mostly it became by, some of our important partners investing a lot in the marketing to their customers, which led into, higher conversion and more end customer joining our cyber protection service.
When we think about the relationship between ARR and revenue there, and understanding that it takes some time for these deals to ramp into revenue and start to be recognized, like how do you expect that to trend?
Overall, you can see that our ARR and revenue is quite correlated as we take very conservative approach. ARR for us is only if we have high confidence of visibility to translate to revenue, and they are quite correlated well. We are not taking non-committed agreement into our ARR KPI, and therefore this should continue to correlate quite well. Sometimes, as you mentioned, if you during the quarter, you see an increase month by month, this increase higher, it has more effect on the ARR goals than the revenue that within the quarter might grow. As we become bigger and stronger, eventually this is not as material, and we see that the correlation is very high.
Got it. That makes sense. On the other side of the revenue equation, with the Smart Network Intelligence business, you mentioned you saw strong demand there during the quarter. We had already known that that business had stabilized. Are you seeing potential for regrowth there with some of the new offerings? What are you seeing on that side?
We are first of all staying very focused on our Security-as-a-Service. This is our strategic investment. This is where we put most of our chips. This is where we put our R&D to continue to innovate. This being said, we see that our customers are do create demand. We released last year the Tera III platform, which is one of the best in the market, if not the best, with very high scalability and rich function sets that merge between the security and the network intelligence capabilities. We see that the demand is coming mainly from larger customers, usually driving $7-figure deals that we announced multiple of those last year, and we also announced this quarter another existing customer that decide to upgrade from previous platform into this new Tera III.
This create stable demand and as you mentioned in previous years, we saw this product was shrinking, so we see it as now much more stable and driving it into a multi-year revenue potential. We try to frame our deals in a multi-year in order to support our business, but most of the goals we are counting on the security. Many people like yourself asking us whether there could be an upside. Definitely yes, there could be an upside both ways. One is depends on project timelines.
Those are CapEx deals. If we are able to execute faster on some of the projects, revenue can come faster, and by that come as an upside, as well as there are multi-million dollar deals and winning, you know, one or two more that definitely in the pipeline could create an upside on this business and start to drive growth also from there. Looking on the long term, our focus is growing from the cybersecurity.
Absolutely, yeah. Liat, I know I asked you this yesterday on the call, but just in case anyone had missed it, can you help us think through, like the strong free cash flow performance and how that related to sort of reaching the milestones on some of those Smart deals and the way that flows through the income statement?
Yeah, sure. We had an amazing operating cash flow for the quarter, $10.6 million. Indeed, as I shared on the call, it relate to those deals that we announced a few quarters ago, the DNI deals. Basically, the way that it works is once we start executing the deal and we are delivering part of the milestones, we are getting some advanced payment. As you can see in our balance sheet, this prepayment is going to our deferred revenue, and it will be materialized into revenue during this year, mainly around the second half of the year. Overall, it's a very good positive sign for us that we are executing, we are being paid, and then the revenue will follow.
Yeah. No, it was great to see. Moving away from the quarter specifically, I think everyone's sort of seeing the impact that some of this AI scare has had on software. It's a funny thing 'cause, like, we don't really talk to anyone who necessarily believes this bear case that, like, these open model tools are gonna take over software. Like, it does have an impact on valuations when you start to think how that flows through. Maybe just to address it head-on, like what would you say to someone who's wondering what is Allot's moat against-
Yeah.
...in the world of AI, I guess?
I would start with first that we believe that it's create much more tailwind for us than headwind. First and foremost, that we are addressing the end consumers that are mostly today unprotected. What we see and hear in the market, that the awareness for the need for AI protection from AI-based fraud and cyberattacks is increasing. We see that most consumers today globally are not protected, and the awareness that now the AI drives, that it's very easy to create fraud, you know, impersonate with a website or impersonate even with a video call and a voice call. The only way to really protect from that is to create an automated AI-based protection.
We believe that our network-based security embedded in all the way you communicate is the right way to protect, and that is both scalable and affordable for people to really join the service. We see more awareness that we believe over time will increase the adoption rates of our products. On the other front, in terms of the risk, working with CSPs is probably one of the most complicated technological environment. It's a very conservative industry. It's fully, highly regulated. You serve nationwide services, including first responders and critical infrastructure. We are last in line to be disrupted by AI. No one is going to let AI agent manage the critical infrastructure of a CSP. While there are industry that might be disrupted and are being disrupted, it's more on the lower technology stack area.
I think that we are trying to leverage the technology in order to create more value, to increase the, and close a lot of the technology gaps that we have as we want to further protect and add more capabilities. We are trying to take the good of the AI. I believe that we are last in line in terms of the risk to being disrupted. You know, with, like any revolution, there is always a fear. We as an industry and a technology, we always manage to take and do even more with it. There were worries when the internet started. There are worries now. You know, this keeps us focused, and we are trying to make sure we are keeping relevant and leveraging it to our best.
Yeah. Maybe lead in there, like how are you leveraging it internally? I know that was a big discussion yesterday too about-
Yeah.
...using it for innovation.
We initiated AI tracks in the company, looking into three main area. First and foremost is, as mentioned, what kind of AI attack surface is created now that we need to protect our customers from? What products we need to introduce to the market to help our end customers be better prepared to this environment? Obviously, this is what we discussed. AI agents now have access to your personal data. You allow Claude now work on your PC. It can access to your bank account, to your personal data, to your pictures. You don't want all of this to leak. This is one. Second, you are allowing interaction with incoming agents that will allow you to automate, I don't know, Book your dream vacation.
If you wanna get the leverage and the benefit of the AI, you need to let it go. When you let go, it's a great opportunity for attackers to grab your credentials, to grab your identity, to grab your money. This is what we are trying to see how we can provide more value there. I think this is the most important part. Second is obviously R&D. Our R&D is, we have multiple programs to see how we take the very senior R&D guys that we have and make them, like, 10 times more powerful leveraging the automation. I was meeting one of our R&D sites a few weeks ago and I met some people that told me, "Look, we don't write any more any code.
We just speak to, you know, Claude, all code is now being generated. We talked about different tasks and, you know, things that were taking months are taking weeks. Today, it's still in the anecdote phase, so we have some tasks that are being like that, but we are investing that over time we could build with the same force much more innovation. As a company that is still relatively small in the space and the technical depth is high, there is a lot more we wanna do. We really want to see how we can, you know, multiple x innovation with our R&D force. Last is we are trying to see how we can automate the organization. We are very technology-focused organization.
We wanna make sure that all of our operational processes from, you know, customer ticketing to financial reports through contract reviews are embedded with AI processes that will allow us to do a much more efficient operational model. Again, those three tracks are progressing. Still early days. Still, you know, we trial and error. We are afraid to let it go because you don't want AI to start to do things. We all read about Mythos and how dangerous it is. I believe in any management in any company, these are the discussion needs to happen. We believe as a very innovative company, we are in a great position to leverage this faster than others and hopefully get an advantage due to that.
Yeah. It's amazing. It almost feels like, there's an arms race going on between, like, bad actors and...
Definitely.
It's great to hear of, like, not only should it drum up demand, but also the efficiencies you can drive internally too. I'm sure this evolving threat landscape is top of mind for customers too, but what are you hearing from them and where have recent conversations kind of centered?
The customers are more worried today on the CSP level, they are worried about their own infrastructure. As I said, they are even more worried of letting go, they understand the potential, but they are very conservative and very risk-averse. You don't want your mobile network to be down. When we talk to their customers, to the end customer, we see a lot of naive approach. People are not yet aware of the dangerous things could do, but they are starting to get worried because it hit the news, and you hear about those frauds and about people that their AI agent took control and did some bad things. I think there is still a lot of naive approach in the market, but over time people will get more aware.
We are very, very early, so it's more about, you know, it's a fun, cool technology, let's try as individuals. I think organizations start to be really worried. We were in RSA at San Francisco, couple of months ago. This was the main thing, you know. How enterprise organization do the balance between the need for innovation and the concerns and the policy to make sure it doesn't create you a catastrophe in the company.
Yeah. A lot of concern about, like, governance and guardrails and when we think about some of the new products you guys have launched and are looking at, when you're talking with customers, are they more interested in, like, individual capabilities? Or is it more about the breadth of the platform and the coverage layer you can provide?
When we speak with our existing customers, they really like the platform, as you mentioned, approach, because once they trust you, once they implement your solution, they want to do more. They get the appetite, they get the trust, and it's not easy to trust new players in the market. Once they see the numbers and how much they are able to scale this in a very profitable way, they can scale the cybersecurity products, they want to see more. Because we are serving the low market, we start with the very basic protections, and we are increasing our protection stack into more sophisticated products that is evolving with the awareness for the need for cyber protection. It also evolves with AI being more dangerous, and we need more tools to protect from that.
Definitely when we talk with our customers, there is a lot of excitement about the fact they can easily add more add-ons into the platform, and today I think we have 12 different options. Some of them came last year, some came early this year and more to come and as well from network firewall to DDoS protection, so protecting you from the router or from mobile and, or your DNS, as well as identity, making sure your data doesn't leak to the dark web. When you take the holistic view as a carrier, you really create a comprehensive protection. When we go to new customers, they wanna start small. Typically, they wanna telcos are being constrained with resource, and always they have something that they're already doing because it's a saturated market, the CSP.
They are already been there for a while, and many of them already have something that they offer to their customers, so they really wanna get first step, see the success, and then expand. Our approach is that our platform is very modular, so you can start with any one of the core services that we offer. We don't try to come only with a full-blown solution. Get the trust, get the market feedback, and expand after you are successful.
What, how about on, I guess it'd be interesting for both existing and potential new customers, is there anything that CSPs are missing right now that they're looking for you guys, and how's that influencing your roadmap?
mostly it's, what people are missing is how I protect better from AI-based fraud. How I can be taking the new cyber surface of attacks that are not only about, you know, identify problematic domains because the AI creates domains on the fly. You create a one dynamic, very dynamic world that there is always a new content. You know, things you never heard about a week ago are becoming the new hot, big thing. You wanna enable this innovation, it's a place for bad actors to react fast as well. We see this area is still, the industry didn't solve it, and it's across, you know, all verticals, both on the enterprise space it's not solved, but for sure for consumers.
We are in a lot of discussions now to see what is the best way and what is the balance to keep allowing the innovation, but do it in a more protected way. This is the area we really invest now our development into.
That's great. We've also spoken on outside of just the new product opportunities, new market opportunity with some of the MVNO opportunities and the partnership with Compax Ventures. Can you help us think through what the opportunity looks like there and where you guys are with that relationship?
Yeah. We announced a few months ago about this new agreement with Compax that they are MVNO enablers, and they actually came to us as a cybersecurity leader, and they realized that when they launch an MVNO, usually they need to differentiate with a different offering. When you build a network like T-Mobile, AT&T, Verizon, you are proud on your connectivity, you are proud on your speed, your coverage. When you launch an MVNO, it's more about the marketing, and this should be really a differentiated brand. What they realized is that you can take the cybersecurity and build a whole brand around it. Now they are looking into launch multiple brands. The first one, they're already launching these days, it's in an early launch into religious communities.
They, what they realize is there is a lot of people that choose to be more protected. They don't like the wild internet that is having a lot of interesting stuff, but a lot of threats that are increasing with AI, both in terms of the content that there is out there, as well as the risk. They really set the brand around a lot security protection. They'll, their whole value, unique value proposition compared to the normal, basic, communication package is that you are in a closed, protected environment. For people that choose that, this is wonderful.
They are relying on T-Mobile network as MVNO in the first brand, which is, you know, they get the benefit of Tier 1 network in America, and they use our cybersecurity solution as the core differentiated offering, and we hope they will be successful and, you know, their success will be our success, as we are with every one of their subscribers. You cannot join them without signing up to the Allot cybersecurity protection, because this is in the core of the offering, unlike others. We mentioned, you know, other, the Tier 1 s, that we are an optional service. You don't have to get cybersecurity. It's a service you need to pay for, you need to sign for, but it's not a must.
They are really making it as an integral part of the solution. By that, it will be 100% attach rate. If they are successful, it will be translated to our success.
That's such an interesting use case and not that the whole opportunity revolves around that sort of closed system, but I'd imagine you're gonna hear more and more about that when people are like I feel like there's a lot of chattering about, like, parental controls and access for, like, young kids and stuff.
We see also an increased concern about parents because-
Yeah.
...elderly population that needs to be navigated in this very-
Oh, yeah.
...complicated, technology world are from the first to be attacked. While we are worried about our kids, usually they don't have a lot in their bank account. Our parents are, you know, addressed by charity organization, by credit card, fake credit card, steal their Social Security credentials. There is a lot more to lose. Many parents that do not able to track what's going on are also embarrassed from getting assistance or admitting they were being under fraud. We see an increased demand coming also from this direction. Overall, how we protect our families, how we protect ourself is something that is a growing concerns in some communities.
That is a scary overlap where this, these fraud schemes getting hyper-realistic while, like, maybe still not so tech-savvy on the...
Yeah, exactly.
I wanna make sure I'm not taking up all the time here too. Do we have any questions from the audience? All right, keep going then. Increase awareness of cybersecurity, we talked about the AI opportunity. Where are customers finding budget for cybersecurity, where, like you said, a lot of them are unprotected, and this hasn't been something they've been paying for in the past?
We don't feel that budget is in our case, the concern, as we are a very incremental cost. If you are paying for your mobile subscription, $50 today or by average, for $1 or $2, you get a cyber protection. It's not a budget issue. It's cheaper than a cup of coffee. It's more about the ability to convey very quickly the value. In some cases, we are being bundled with a package, so we are used to be a reason for them to use a premium package as opposed to the basic. In some cases, we are an additional extra cost. I believe communication packages today are super cheap.
Even if you pay $50, $100, it's not a lot of money compared to the criticality of those in our lives. Most people will not see this as concerning their budget. Sometimes it's more important than bread. We are not so much relied on the CSP budget because we are a monetization service. Our ROI is great, so it's not that they need to spend infrastructure CapEx cost, well, or, like, enterprises that we are fighting on the internal budgets. In this, our security is actually revenue generating and a very profitable revenue generating because you can sell it to millions of your end customers. Therefore we see that this is not really the decision-making.
What we see sometimes the constraint, as mentioned, is that they don't always have the people in the organization to run new programs because they are cutting their OpEx, they're cutting their CapEx in the organization, and they become less capable to run new initiatives, and they need to choose where do they focus. We had a customer that we met a few months back that really wanted to work with us, but they had the launch of the iPhone 17. We fight on the attention of the organization, and because the organization become leaner, there is not so much that they can do. It's again, it's not a directly budget concern, but the ability of the organization, that they have a lot on their plate, and they need to choose where to focus.
A lot of that driving that awareness is falls on the CSP, but I know you guys work with them. What are you finding has been most successful in gaining awareness, and how is that how has that changed, like, across maybe geographies or?
We see that in the developed countries, the awareness is there and increasing mainly by the news. We cannot really influence as Allot. Even the CSP, their ability to influence is limited, but we're really working with them to crystallize and crisp the message to the customer. What we believe is if you cannot convince in 1 minute your end customer that they need to onboard to this service, we are already losing money together. Like you, it should be super quick.
We have, very simple synthesized message, and what driving the demand is what happened in the world. If they see in Fox News or CNN that some story about fraud, and we all see that now, this is what's causing the demand. It's really supporting us in this way. When we come, we go to developing area, the awareness is in a different place because the attackers are usually going after the deep pocket population, and this is in the richer countries. We do see a surprisingly to, I must admit, to our research that the higher tier population in developing country are starting to be worried as well. Attackers are also going into those countries and as it becomes simpler to attack.
If in the past you need to invest a lot in order to plant the seeds and create the control, command and control channels and sit and wait, you do it now with AI. The attackers, as we said, they're always smarter and faster. We are starting to see, like the customers in Panama that we mentioned, that we launched a few months ago. When we look on our pipeline, we surprisingly start to see more demand also from developing countries, which shows that the maturity of the market is starting to evolve. What makes us optimistic we can further expand in this space.
That's great. Maybe just one more here to close us out. What do you think is most misunderstood about the Allot story right now, and what would you like investors to walk away from our conversation here?
I think what people, many people remember Allot is the networking company that was a few years back, and not everyone understand the transformation of the cybersecurity. We do have two product lines, and what really make us unique is where the synergy between the networking and the cybersecurity meet the customer. Changing our traditional customer, the CSPs, to our partners, and leveraging that in order to reach to their customer and becoming a monetization opportunity is something that really excite us. Not everyone understand the story because they, some remember us as the networking infrastructure company. We are very well known in the market in this space. It's still the majority of our revenue coming from there.
Only those that follow the story see how in very high pace we grow in the cybersecurity, and if all goes well, in two years, this should be the majority of our business. We are in the midst of a transformation. It shows on the numbers, our top line growth, our profitability expands. This should only accelerate as we become more and more a cybersecurity-focused company.
It really has been an amazing transition and very complementary too when you think about moving from network to securing. With that, we're out of time. Eyal, Liat, thank you so much.
Thank you.
for being here and for doing this. For anyone who's interested in the story, we'd be more than happy to connect you with these guys.