Good morning, everyone, and thank you for attending and joining us for the A10 Investor Day. As many of you know, FNK IR has been supporting A10's investor relations effort since the first half of 2020. We've had the opportunity to see the significant transformation that has taken place at the company from the early part of Dhrupad's tenure. Before we get started today, I'd like to call everyone's attention to the safe harbor statement on slide 2 of the investor presentation deck that is currently being shown on your screen. With that, share that this webcast will contain forward-looking statements that are based on management's current beliefs and assumptions. These forward-looking statements are subject to known and unknown risks, uncertainties and other factors that could cause A10's actual results to differ materially from those anticipated or implied.
For a discussion of such risks and uncertainties, please see the Risk Factors section as described in A10's annual report on Form 10-K and their quarterly reports on Form 10-Q that are all filed with the SEC. In addition, the presentations you will see today include certain non-GAAP financial measures. A10 Networks considers these non-GAAP financial measures to be important because they provide useful measures of the operating performance of the company, exclusive of unusual events or factors that do not directly affect what they consider to be core to its operating performance and are used by the company's management only for that purpose. Non-GAAP financial measures should not be considered in isolation from, or as a substitution for financial information prepared in accordance with GAAP.
A reconciliation between GAAP and non-GAAP financial measures can be found in the appendix of today's presentation deck, as well as in the company's financial results press release that was issued last night. With that, I'd like to overview what you can expect today. In a minute, Dhrupad will start by providing an overview of A10's recent progress, highlight the company's evolution to a differentiated security-led solutions partner, and showcase how improved operational execution can aid in the potential acceleration of the company's valuation. We will then welcome Fernando Montenegro, an independent industry analyst covering the cybersecurity market from Omdia, for a brief discussion of the trends, threats for enterprise and security. Matt Bruening, A10's EVP, Worldwide Sales and Marketing, will focus on delivering better business outcomes for customers and showcase two customer case studies today.
Tina Stewart, Vice President of Commercial Marketing, will then review how A10 is transforming its go-to-market strategy in light of the evolution to a security-led approach. Rich Groves, Director of Security Research, will overview A10's advantages in the security market. Terry Young, Director of Service Provider Product Marketing, will do the same for the infrastructure market. Brian Becker, A10 CFO, will conclude with a financial overview focused on the company's 2021 financial results, its financial priorities, and its go-forward outlook before we open the floor for an interactive Q&A session. If I could just ask everybody in the room today, if you haven't already, please silence your cell phones and your computers. With that, I'd now like to turn the podium over to Dhrupad, A10's President and CEO.
Thank you. Thank you, Rob, for the introduction, and welcome. Welcome to all the attendees to our annual investor day today, for those in person and those joining us remotely. In terms of our safety protocols, we have taken measures to ensure safe distancing as well as other steps to improve our facilities, as well as host this event in a more effective and meaningful manner. To that end, we will have some of the presentations also fed in remotely and via recording to ensure safety for all the presenters as well. With that, I would like to move on to talking about the business and our results. Yesterday, we released our Q4 and full-year earnings.
To note, we were able to achieve record revenue of $250 million for the year, which results in 11% year-over-year growth, and an EPS of $0.63. With that, we were also able to grow our deferred revenue 12% year-over-year, continuing to build upon the progress that we have made in the last two years. Details of our financials will be covered further in Brian's section. As we move through the day today, I hope you will get a better sense for how we are evolving as a company and what is enabling us to continue to make progress on our strategic initiatives and deliver the results that we have.
The themes that I want to talk about today, and our day is built upon, are the ones of evolution, execution, and acceleration. A10 had a tremendous legacy as a company in terms of our technology, install base, and world-class products. We have, in the last several years, evolved building upon that foundation from a legacy hardware company with purpose-built software and hardware to one where we are leading into growing markets with a security-led solution that allows us to participate in faster growth segments of the market while we deliver profitability. We have done this by continuing to focus more on cybersecurity and infrastructure solutions that are aligned with secular tailwinds and market transitions to cloud and 5G, among other things. We have expanded our addressable market through several commercial initiatives, and you will hear some of these later in the day today.
Lastly, we have continued to globally diversify our sources of revenue, which ultimately allows us to focus on our differentiation, but also create more predictability and less variability in our business going into the future. We are accelerating our growth by capitalizing on large global install base with differentiated technology that we continue to build upon. We are creating new routes to market, and you will hear about some of them in the commercial sections today as well. Last, over the last two years, we have demonstrated operating leverage, and we believe that as we continue to expand our strategy and we continue to deliver consistent results, there is an opportunity for multiple expansion, for us as a company, as we progress further. Simply put, we are enabling business-critical networks that are secure, available, and efficient.
If you think of the history of the company, it was founded in 2004 by Lee Chen, who built upon a very strong technology expertise and insight into customer needs. Over a period of years, including when the company went IPO in 2014, we built an industry-leading platform for high-performance application delivery controllers. We clearly demonstrated globally technical differentiation through low latency, high throughput, and more scalability, and doing all of that with integrated software and hardware platforms. Further, we built an IP portfolio during that period that was directly relevant to the trends in IT infrastructure as well as cybersecurity. While doing that, we continued to develop a highly engaged global customer base, which you will see in subsequent slides as well. The next step for us, like for many people, 2020 marked an inflection point.
In addition to the global pandemic and the challenges that came from business interruptions and other issues, we also underwent our own business transformation to leverage our historical strengths and strong customer base to better realign with market trends, customer buying behavior, and verticals and applications where we can create the most differentiation. Building around secular tailwinds on things like cybersecurity and infrastructure, which includes 5G, we achieved organic growth in spite of the challenges with the pandemic. We set a foundation for sustainable, profitable growth, and I will show that in more detail. We shifted to strategic partnerships and created new routes to market that helped us improve our reach and breadth into more integrated solutions with partners. Last, we accelerated our focus and redeployed or reallocated resources to areas where we provided the most technical differentiation, which directly contributed to creating value for our customers.
Positioning us for a profitable growth in 2021 and beyond. I mentioned earlier we announced our results yesterday. To me, the most important bar chart I would like to highlight is organic growth. After the company had done a great job growing for a period of time, with the changes in market and buying behavior, there was a slowdown. I think in 2020 and 2021, independent of market challenges, we see a very promising trend in terms of resumption to organic growth that we believe is consistent with where the market is going and where our strategy and initiatives we put in place directly help us continue to build upon that.
In parallel, we also ensured that we right-size the business and continue to find ways to do things more efficiently, all the while focusing our resources and energies on the most important priorities which led to creating customer value. As a consequence, you can see our EBITDA and EPS numbers continue to trend, very favorably as well. 2021 full year, our revenue, EBITDA, and EPS were all records for the company. Coming back to the point of how we have continued to evolve our positioning and market, perception, here's snapshot of 2 Gartner Hype Cycle reports. The only thing I want you to take away from this is A10 is named as a sample vendor for 5G network security and for TLS decryption.
The reason this is relevant is that through a conscious shift in terms of how we create value, where do we create product innovation, and how do we take it to market, our perception has continued to evolve as well, to be seen as a critical network security partner, as well as someone who has expertise of value to customers in cybersecurity, including things like TLS and others that we'll review later. Here's an interesting snapshot of that. We are capitalizing on higher growth markets also with this portfolio evolution. One of the bases for our improving growth on an annual basis comes from the fact that as we go from 2019 - 2021, our standalone ADC products, which are best in class as it relates to performance, but becoming more viewed as a niche purpose-built solution, have actually become 26% of revenue.
By the way, still growing year-over-year because we continue to innovate on that with security features. As the other portions of our portfolio, such as DDoS, SSLi, encryption, and carrier-class firewall and CGNAT, become larger portions of our total portfolio, those segments are growing at rates in the market that are much faster than the standalone ADC portion. As a result of that, we also see that our blended or weighted average market rate has improved and should continue to improve with our focus on security-led solutions as well as sales.
Ultimately, when you see our product portfolio and where we are seen today and positioned, we believe that compared to our peers now versus, say, five years ago, we continue to believe that as the company executes on a consistent basis and delivers results in line with what I have been committing to, there is an opportunity for expansion of value through multiple expansion when you look at our EV/Sales and EV/EBITDA relative to peers, in that product categories that we just reviewed. An important thing for us to build a business in a sustainable and durable manner is to make sure that we are driving balanced outcomes for employees, customers, and investors. We do this by being environmentally responsible member of the community, and we participate in several initiatives, including the 1.5°C global initiative.
We foster a diverse, inclusive, and safe environment for employees and customers alike around the world in all our global locations. Lastly, continue to maintain focus on strong governance. There is obviously a lot more we can continue to be doing along these lines, and we are absolutely committed to do that, and you'll hear more about it, including on our website. Last, I want to talk about how we have set the foundation for balanced and durable growth going into the future. First, I talked a little bit about our global install base. We have 7,000 customers in our global install base today. If you see the box on the bottom, the nature of those customers is 15 of top 25 video gaming companies, 21 of top 50 Fortune 500.
What is unique is these are customers that handle a large amount of data, are worried about network performance, and are continuously worried about new types and new volume of cyberattacks. We believe that resonates very well with our technical differentiation and where we can directly create value for them. Second, many or most of these customers plan to utilize a combination of some level of applications or equipment on-prem, in public cloud, and private cloud. In fact, survey results show that 85% of them still plan to have on-prem applications or infrastructure as part of their strategy for several years to come, while they also use cloud. An interesting data point is for A10, 16% of our 2021 revenue was directly as a result of somebody building a public cloud or private cloud with our products.
While transition to cloud is clearly a secular tailwind for A10, I think our opportunity we see is even broader, where we are engaged with large customers to operate in complex multiple environments while we provide consistency of how they can still achieve their business goals. Last interesting data point, if you look at our customer group in 2019, for that same customer group in 2021, our product revenue retention rate was 118%. The reason that is important is it highlights two factors. One is, as we develop more capabilities and features, our customers are very interested in buying more of those categories from us because they work seamlessly together, and they bring together technical advantages which are not possible with independent standalone products that our competitors might have gotten through multiple acquisitions.
Second factor that's really important is our customers are in the business typically of having to deal with growth in internet traffic, complexity of networks, whether it's because of remote work, whether it's because more people wanna watch Netflix, while at the same time the absolute volume of cyberattacks continues to rise, and they become more and more complex and state-sponsored, et cetera. We'll hear a little bit more about this in our section on cybersecurity. With the same customer base, there is a growing attack surface that we can help them protect. There's new capabilities that they consume from us. Last part is they continue to expand their networks in the most effective manner that they can. A simple snapshot is how we think about our hybrid solution. We can have traffic in the network coming from web, from bots, from IoT devices.
A10 solutions, and we show just a few illustrative ones here, which are Zero Trust, load balancing, and CGNAT, are all managed or handled by a single A10 management plane, which is designed to cover these across public cloud, on-prem, or private cloud. Our position with our largest customers is, we will help you make that transition at your pace in the right way so that you achieve your business goals, as opposed to saying the correct answer is to put everything here or there.
We see certainly with large customers, if you think of some of our target customers as somebody who's building and operating a large mobile network or a finance trading platform, they certainly believe their critical applications are very important to them and are closely aligned with us to ensure that while they take full advantage of transition to cloud, we also help them do it in the right way at their pace. On one of the previous slides, we talked about how we are seen in 5G network security. I wanted to give a little snapshot of where we fit in and why that's relevant to us. There are unique challenges or new challenges with security in 5G networks. First is the 5G latency and time to mitigation.
There is at least a 10 times improvement in latency and theoretically even bigger than that versus a 4G network. Second, the sheer number of things that are getting connected creates tremendous fragmentation of that solution. In 2019, there were less than 10 devices that were certified to work with 5G, and today it's 900, right? It's gonna be much more as that grows. Third, I would say as you visualize more IoT, more connected factories, and putting more and more connectivity everywhere, there's more than 100 times increase in traffic that needs to be now monitored, managed, and remediated. Last, if you are a mobile operator who is looking at the business case to put in 5G, your cost of ownership of putting in and running that network is typically 70% higher.
The way you justify it is you're gonna get more ARPU because customers are gonna have a better experience or more devices will be connected, or you will enable things like remote cars and things like that need very low latency. We believe that in that situation, working closely with our customers as they look at their existing infrastructure and look at how to bring on 5G at the right pace, we are uniquely positioned to guide them in achieving their goals while they deploy 5G. As we have spoken in the past, several marquee 5G deployments around the world have used A10 security. How do our solutions fit in?
I'm not gonna read all the schematic here, but it shows a visual of different parts of the network and where our products fit in to do what we call 5G network security. On the right are some of the elements. First is, our TPS, which is automated multi-vector DDoS protection. What is unique about it is the degree to which we can detect and remediate, including automatic remediation, while at the same time enabling very flexible scalability and deployment models, while we continue to demonstrate our efficacy on protecting those networks. Our CFW or converged firewall, once again combines multiple critical capabilities needed by these service providers that combine to give them lower latency, higher throughput, and ability to run many more concurrent sessions than competitors.
Lastly, when we engage with these customers, as I mentioned before, increasingly we are able to work with them on a solution-based approach, which typically is focused on understanding their business goals and then creating a solution that fits it. Oftentimes these solutions will include many other elements, including technical support, Deep Packet Inspection, maybe SSL encryption. If I bring you back to the original point, our products are all built on a common hardware and software foundation, which makes this much more efficient and effective for us and directly results in better performance and optimized CapEx and OpEx for customers. If you look across our business around the world, we really look at it as, how do we deliver better business outcomes in cybersecurity and infrastructure solutions for customers across multiple geographies and verticals?
We are focused on solving those most important application problems that align with our technical strengths. It could be in Japan or it could be in Europe or it could be in North America. Our focus is on which customers can we create the most value for and focus on those verticals and applications, whether it's on product development or commercial initiatives. This is again a snapshot of just some of our product categories, if you will, that include ADC, CGN, SSLi, and the Harmony Controller that has integrated machine learning, data analytics, and threat intelligence, which by the way, the easiest connection point to that is if you are trying to detect and remediate complex unknown security attacks, there is a point at which you cannot do it with people. That's why it's critical to have that capability integrated.
In addition, of course, customers also engage with us on long-term support contracts, and so forth. We have spoken before a little bit about Zero Trust security framework, and I want to calibrate all of us again on what are we talking about, right? First thing to note is the notion of cybersecurity has evolved from a perimeter-based defense to a new paradigm. What does that mean? Few years ago, the concept was, if you are in an enterprise, it is like a castle. You can build high walls, you can have a moat around it, and you can have guards waiting outside. The belief is if you are inside the castle, you're fine. You don't need to worry.
When you think about co-location, common cloud infrastructure, common data centers, that's no longer valid because your threat could be the person, you know, two buildings away in your own complex, and they are bringing a device from home which could be infected, so it doesn't even mean it's malicious. That's a change in that thinking, right? The second is, as you bring in more devices and you start connecting things with IoT, whether it's in the industrial environment or home environment, it simply creates more ways to plant new types of attacks. We have seen examples, right, where that is done through a retailer's POS system or an air conditioning system, repair, maintenance, et cetera. Networks also need to support different deployment models now because you can't tell people what they can or cannot do and where and so forth.
The concept of Zero Trust security framework, the picture in the middle is from NIST, which is a standards body. The concept is you never trust, always verify, which, you know, we have heard before. Zero Trust eliminates the notion of any implicit trust. Every device, user, network, and application flow is secure. It removes excessive access privileges and threat vectors. What that means is, from 100 people who have access to a production tool, you make sure that only 40 of them really need it. Just by doing that, you have reduced at least some risk of those 60 people causing an issue when they don't even need that access. That's a very simplistic example, but hopefully it illustrates the point. It's a very sound, common sense-based approach.
What I want to note here is it is not a product. We engage with our customers to say, "You should take this approach to become more secure. To do that might require you to do, you know, training of your employees on phishing attacks. It might need you to do encryption of data, and we can help you with products and software to do that. Or it might need you to do better user authentication." We work with our customers on how they can become more secure using this framework independent of just A10 products, right? That's where we fit in. Our products like DDoS, SSLi, et cetera, are of course, directly at the forefront of enabling that. Why do we win? Our differentiators are unified product architecture that delivers lower latency, higher throughput, and higher scalability.
State-of-the-art cybersecurity expertise with machine learning, detecting and remediating complex high-volume attacks. We support multiple security and IT infrastructure categories, flexible deployment models in hybrid environment, and best-in-class technical support for mission-critical applications and infrastructure. In fact, when we survey our customers, we get validation of some of those as well. 82% of our organizations are likely to recommend us again, and 79% experience a positive ROI in less than 24 months. The way we help them is through better performance, lower CapEx, lower OpEx. Consistent with all the things I covered before, the reason they choose our products are features, scalability, usability, reliability, and quality of support. You will hear later about how we have evolved our global go-to-market approach.
This includes more collaboration to drive an outcome-driven approach, a solution selling strategy aligned with changes in buyer behavior, and increased and expanded relationships to get more leverage out of our global partners. As a result of some of these measures, you can see that security-led portfolio continues to drive our sales and revenue. We believe that this is, once again, a favorable mix for us as the security-led solutions typically are growing faster in the market as well. Our revenue diversification is based on geography, vertical, and revenue type, and fundamentally, this provides durability to our revenue and forecast.
What this means is we do not have goals on getting any of these to be a specific percentage, but what it tells you is by focusing on the types of applications where we create most value, we are able to find the best ways to deploy it and find a way to drive consistent growth and revenue, without worrying or being overly dependent on a specific product or region or vertical. Here's an interesting chart that shows you how we have progressed. If you look at how cybersecurity-oriented companies typically look at their business model, you often hear about Rule of 40, which is the combination of revenue growth and EBITDA percentage.
Over the years, as we have been able to improve our top-line growth, while at the same time we have been able to manage OpEx and deliver EBITDA, in 2021, we were able to get to 36%, for the full year. In Q4 2021, we did a little better, but that's seasonally the strongest quarter in the year. At the same time, it provides a data point or a proof point that this is a good goal for us to continue to work towards, and as we become more and more of a security-driven company, this is an important factor. We have a robust balance sheet with low CapEx requirements, strong free cash flow generation, and capital allocation priorities aligned with driving growth and return to investors.
Once again, I'll come back to the themes of how we have evolved from our historical strengths and tremendous foundation to growing and profitable security solutions partner, focused on cybersecurity and infrastructure while expanding market and globally diversifying our sources and continuing to accelerate growth. As we continue to execute on our business model and moving towards, for example, as I showed the Rule of 40, we believe that we have the opportunity to have sustainable top-line growth, which obviously will translate into bottom-line growth as well. We do that by focusing on customers the most and delivering solutions that create value.
Ultimately, this results in the best outcome for our employees, our customers, and our investors. Through the rest of the day, you will hear a lot more detail on some of these topics, but I hope that was a good foundation for the context on what we have been doing and where we are going. Next, we are gonna hear from Fernando Montenegro on the cybersecurity market. Thank you.
Hello. Welcome to this presentation by Omdia on 2022 outlook: Trends and Threats for Enterprise and Security. My name is Fernando Montenegro, and I'm a senior principal analyst for cybersecurity with Omdia. We'll just get by the quick copyright note and disclaimer, and as we get started, allow me to do a brief introduction. My name is Fernando Montenegro, and as it says here, I'm an analyst on Omdia's cybersecurity industry research team, and I focus specifically on infrastructure security. Now, this includes several areas, including cloud security, network security, and others. My previous experience includes significant exposure to enterprise security in different roles as analyst, as practitioner, in professional services, and so on.
As I like to say, I particularly like to think about security from the perspective of economics and organizational design, and hopefully you'll see this reflected in our presentation. My contact information is below. Feel free to reach out as needed. Now, as we get started, let's take a quick look at our agenda for today. First and foremost, I want to be able to set the scene for how Omdia looks at cybersecurity. Then we'll take a quick scroll through 2021. What did we see there? Then we'll focus on enterprise trends and challenges overall. Wrapping up with a look into trends we see for 2022, as well as what next steps might be for organizations moving forward. Without further ado, let's just talk about how we like to see the world.
Here at Omdia, we look at cybersecurity as a subcomponent of a broader information security practice, where we look at confidentiality, integrity and availability of information overall, focusing specifically on cybersecurity. We like to take a more holistic approach, as you can see the diagram on the right, and we start at the core with data security as a key component, and then moving around that we have more identity and access. From around that we have infrastructure security operations, enterprise security management, and other areas. The basic approach is that at the periphery, where we are looking at areas such as governance, risk and compliance, people, processes and technology. All of these areas deeply overlap. There's significant collaboration on all of our research.
That also includes bringing in other aspects of Omdia research, including IT and other areas. Without further ado, let's take a look into what 2021 has brought us in terms of security. Let's go back all the way to early January 2021. At that time, as you may have seen that the World Economic Forum usually releases a report on what they call the Global Risks Report. The 2021 edition was released in early January 2021, and it included top key risks for the world overall. Infectious diseases, of course, we're still in the middle of the pandemic. That crisis leads to issues of livelihood across the world, right? How can people support themselves?
Moving on from there, extreme weather was listed as a key concern on the environmental aspect, and incredibly, cybersecurity was listed as number 4. Right? Significant technological concern. Now, of course, this is due to the increasing technological nature of society. It's also interesting that the 2022 report was just released and numbers are not exactly the same, but they are very similar. We're still in a scenario where cybersecurity is a key concern all over the world. Now, that was January 2021. What did we see happen since then? Well, you may recall, just looking at headlines all over the world, 2021 realistically started, let's say December 2020, when there was a significant breach disclosed at SolarWinds that affected 1,000 of organizations. That was far from the only one.
We've seen ransomware and supply chain attacks take their pick all over the world. We lost count of how many hospitals or financial institutions and so many others were hit by ransomware. We had, of course, the Colonial Pipeline attack in the spring and Kaseya as a key service provider technology provider that was affected. That was far from the only one, right? Throughout the year, we've had issues of, again, ransomware being a key concern. We also had issues related to cloud security being affected in a few environments. Then finally, the year wrapped up with a significant effort worldwide in trying to clean up the consequences of the Log4j vulnerability that was disclosed in early December. All in all, a very active year.
We have no reason to expect that 2022 is gonna be significantly different. Now, that's what 2021 brought us. What kind of high-level trends and challenges are we seeing in this environment now? We like to think about what's affecting security. Well, first of all, we see security being affected from multiple directions. Not only you have the attacks themselves affecting security, but there's also significant concern in terms of outside regulation that is now increasingly affecting cybersecurity, whether it's compliance to industry regulations or public requirements and so on. On the other hand, there is the issue of how do we support innovation, right? Digital transformation is a reality for most organizations, and security is a key component of that, as we'll see throughout the presentation. Then finally, we have the issue of resilience.
How can security move beyond fighting the current fire? How can it be more proactive, moving from a reactive position to a more proactive position? These are some of the pressures that are affecting security. Well, let's take a different look into this. This is a slightly more nuanced view, a deeper view. Just going from the top there. Vulnerabilities. There are 1,000 of vulnerabilities that are reported, right? Ransomware, as I keep saying, it remains a significant factor for most organizations. How do you support hybrid and multi-cloud environments? How do you harmonize security between different environments? Compliance is a key area. Again, tying to compliance regulations. Cloud native is important. By cloud native, we mean how do you support how software is built in a different way? How do you insert yourself into that pipeline?
The skill shortage is a key issue. How we handle security operations for teams becomes increasingly important as well. Teams have to cover a wide range of technologies. When we think about the importance of critical infrastructure, that's again driven by IT. Just wrapping up with, at the high level there, the user community aspect. How do we get our users to be more engaged with security in a way that they are contributing to how the organization does? Security, in that sense, security is being challenged in virtually every direction. I do want to double-click briefly on ransomware. Ransomware is a phenomenon that has shifted, right, over the years, starting from back in 2016 when it really came up and it started become more popular.
What we've seen with ransomware is that ransomware has changed to the point where it's now no longer a simple infection of a computer here or a computer there. Rather, ransomware became a multi-stage attack, if you will, where the actual encryption or extortion is really the last chain, the last link in a chain of a campaign where attackers break into an organization through a variety of means and then move laterally and escalate privilege and so on, so that they are able to have a deeper impact on the organization when they do strike.
It's a little concerning that based on the survey results, a survey we did with Arcading, where we see that only 22.6% of respondents indicate that they are confident about how they would be able to withstand ransomware attacks. It's definitely an area of focus, and it's something that will remain a concern about how organizations move ahead. Now, it's not the only thing, of course. When we think about cloud security, again, it's an area of deep interest. In the context of cloud, security is a key concern, right? Projects even beyond other areas such as actual delivery. Now, this means that practitioners will be hard pressed to find security solutions that can support the different cloud initiatives that the organization has.
This may be in combination with the significant resources that the providers themselves are applying to security, but the onus remains on the organization to take those services, et cetera, and harmonize them with their existing security operations practices. Now, this is, of course, a significant endeavor, and that would be fine if it was the only thing that security had to worry about. We saw that it was not. The results come from similar survey that from the other data where we asked 310 practitioners about what are the common challenges they face and more than securing new technology, it's interesting that they highlight how they manage incident response, incident management across the organization, and at the same time, how do they deal with the limited resources that they may have, right?
How do you balance this? That has become a key concern for practitioners all over the world. When I say this is when we look at the data from the same survey, but we're now breaking it down by industry, and we look at what people consider the top three challenges. Again, they cover cloud security a lot. It's interesting to see that cloud security and securing new technology emerges as either number one or number two in virtually all sectors that we looked at, right? This highlights the importance of thinking through how you're going to secure the modern environment, right?
Now, as we think about securing that environment, I wanted to shift the conversation a little bit and talk about two key technology trends that we find very important in discussing modern security architectures. The first, you may have heard the term, is Zero Trust. Now, Zero Trust has been bandied about as one of the more hyperbolic terms in industry. Rather than discussing is it a product, is it a technology? No. We like to say Zero Trust is more of a concept or a guidance, and it boils down to, as it's being said in the slide, never trust, always verify. What we mean by that is that implementing Zero Trust means eliminating implicit trust. Where someone is coming from, did they authenticate once and that was it?
Can they do anything on the network, right? It means that every device, every user, every network, every application flow is inspected, is secured. Over time, this means removing the as it says here, the excessive access privileges, and thereby removing the threat vectors. Now, is it a one and done thing? Absolutely not. Let me show you a quick visual at a high level what it means. If you imagine that your organization has a logical boundary, right? That's what the organization looks like. There's network access. Zero Trust means that any external entity, whether you are a remote user, bring your own device or not, you may even be in the office, right? It doesn't matter. Your traffic is going to be inspected, maybe anomalous traffic is going to be dropped, right?
You are going to constantly be authenticated, right? That authentication is going to work alongside a risk engine that's going to be gathering security signals about your environment, about that traffic, about that connection, about that transaction. As you clear it and constantly, again, the risk engine is working constantly for continuous authentication, then you can have access to external systems, right? That's Zero Trust at a very high level. The other key concept is hybrid and multi-cloud. I'd like to say that according to our research, virtually every medium and large organization already were operating hybrid. You have a co-location plus data center or cloud provider or other cloud provider.
The thing about multi-cloud is that multi-cloud, we find it's an emergent property of the organization, not of an individual project, and this will play a part in a second. Because for security teams, it means that they have to harmonize security and operations across multiple environments. As they do that, it's absolutely essential that they have a way to have centralized, flexible distribution of security policy, right? How we manage policy across multiple environments, ideally tying that into software engineering efforts such as CI/CD, continuous integration, continuous deployment. Let me just show you how that emergent property comes about. Security is a centralized function, right? Well, it starts with the data center that's mission-critical. Your organization signs up with a tier one cloud provider, and that's your strategic provider for new initiatives.
Lo and behold, there's a particular system that needs to use custom services from another provider. Now you have to support two. A little while later, your company makes an acquisition of a smaller firm that's using yet a third provider. Now you're supporting three. Well, perhaps you have an outreach into a region that needs a specific fourth provider, and because you want to support innovation, some teams may have deployed some skunkworks and a fifth provider, right? Just to wrap up the picture here, you may even have edge locations, such as supporting IoT or 5G, that have cloud-native technology. All of a sudden, here you are in a multi-cloud environment, even though each individual project may be single cloud. Now, as we look into these high-level trends, now let's switch to what trends we're seeing for 2022.
Now, first and foremost, at a very high level, this comes from our IT Enterprise Insight Survey. It's a massive 5,000-person survey that just ran. The key thing here is that across IT executives, they highlight the management of security, identity, and privacy as their top-tier IT concern, right? We are absolutely at a place where organizations are paying attention to this, and it's up to security to work alongside them in a way that makes sense. Now, when we look into security itself, when we look into how security or a subset of that survey, how is security making investments? As you can see from the picture, it's pretty well distributed across different areas.
We like to highlight that specifically, we see some managed services as an area that's seeing some growth, particularly as you bring together the expertise that's needed for some areas as well that don't have the skill shortage that we currently have. That's not the only area. We see significant investments in cloud security operations, network security for firewalls and DDoS prevention, right? Identity and access management as key areas that people are investing in. When we look into what will they be facing from different trends in the different areas, that's when we bring up our different service areas for cybersecurity coverage here at Omdia.
Well, if you look at those six areas, we have data security, identity, authentication, and access, infrastructure, security operations, and security management. At a high level, I'll focus a little bit more on infrastructure security and security operations. For the others, data security, absolutely, ransomware plays a part there, how we protect data. Identity, authentication, and access, concerned with modernizing identity governance practices and introducing better password controls. If you think about infrastructure security, we're definitely seeing a push towards rethinking network security, both in terms of supporting remote work, that's where things like SASE come into play, but very importantly, in supporting cloud security environments, right? How are we building new network security architectures that work alongside cloud environments? Again, going back to that hybrid and multi-cloud environment I spoke about.
On the security operations side, the key trend for 2022 is extended detection and response. How is that going to affect how teams do security operations? Again, a little bit of a push towards managed services as an area that worth paying attention to. On enterprise security management, we see user involvement, we see the use of AI and ML, and on IoT security, we keep thinking about how critical IT has become in mission-critical systems. Right, so that's a key area to pay attention to. Now, if we move into, okay, what's next? What do we see as next steps in core organizations?
Well, first and foremost, we like to think that the quote said it here, "Cybersecurity teams must be recognized as strategic partners in technology and the business decision-making process." What we mean here is that the complexity of the modern organization means that security is not going to be able to do everything itself. It can't. It is going to have to work with other partners within the organization. In order to do that, it absolutely must be able to participate as a meaningful contributor. It means, for example, giving proper guidance and not necessarily taking over how teams are going to implement control. It may take more of an advisory approach sometimes.
In other cases, it will be running processes, but it's this give and take, this complex relationship with other parts of the business that are extremely important for security moving forward. Another way to look at this is what I like to say is that we call the CISO balancing act, right? The CISO, the security executive, they have to maintain this balancing act, which includes, on the one hand, first and foremost, they have their own security organization. So they are a leader for the organization. They have to support their team, whether it's supporting the team growing, retention, attrition, et cetera. Okay?
There's a relationship with the board of directors and other C-level executives, where in most cases, the CISO is recognized as the subject matter expert on cybersecurity and participates in several enterprise risk management efforts. There's a relationship with the CIO to actually run IT for the organization. They'll be running IT, but securing that enterprise IT, that remote access, that user authentication, whether it be the technology, the processes and so on. That's that collaboration. Increasingly, we're seeing the relationship between the CISO and engineering in terms of supporting product security. What we mean is, by this, the actual deliverables of the organization, it's virtually, in virtually every case, there's a heavy degree of security of technology that needs to be secured. Almost, the other element internally is the rest of the organization.
How does the CISO and their team interact with the rest of the organization, driving culture, aligning to objectives, and so on. Last but not least, we have the relationship between the CISO and the externals. What we mean here, it might be customers that are inquiring about security, it might be regulators, it might be other organizations where CISOs are collaborating, joint partnerships, government, et cetera, et cetera, et cetera. CISOs have to maintain this balancing act. In terms of more specific recommendations moving forward, I would say that I'll break them down into both for vendors and service providers as well as enterprise, as you can see on the slides. For vendors, it's really important to understand what your customers are going through and be able to support their needs as diverse as they might be.
One element I'd like to talk about is that when bringing it back to cloud, you have to be able to support hybrid cloud and multi-cloud environments. You have to be able to be flexible and deploy your products, your services in a way that supports these multiple environments and be flexible in how you're going to scale up and down, change things, etc. It's really important for vendors to understand that there is potentially a new set of stakeholders that also have to be included in decisions. Perhaps you are including engineering teams that you weren't before. Perhaps you have to have a deeper conversation with legal or other entities. Anyway, that's on the vendor side.
For enterprise and government, the high-level recommendation is, first of all, you have to build the organizational structure to support this pace of innovation, right? It means, working alongside teams with providing guidance, etc., without necessarily impeding progress. That's number one. Number two is, you only have limited resources, so you have to be very critical about which areas you're going to prioritize. Going back to the data that we had before, we were talking about, incident response, supporting technology innovation, while balancing limited resources. Those may be interesting areas. Finally, I keep saying adopt practices and architectures that may be, that make it possible for the rest of the organization to move faster. Right? That's absolutely key. With that in mind, I do want to thank you for your time.
Here is my contact information if there are any questions or comments. My name is Fernando Montenegro, and thank you very, very much for your time. I hope you have a nice rest of your day. Thank you.
Well, good afternoon. Or good morning, and good afternoon, everyone. Thank you, Fernando. My name is Matt Bruening. I'm Executive Vice President of Sales and Marketing for A10. Today I'll be kicking off the commercial section of our presentation by highlighting how our selling approach creates differentiation and also creates a better experience as we help our customers achieve better outcomes. Before I begin, I'd like to just mention a reminder, and that is, for those of you on the webcast, the Q&A platform is open, so on the webcast platform. Please submit your questions, which Dhrupad and Brian will handle at the conclusion of today's session. Okay?
If you go on the internet and you google sales mantras, sales methodology, sales approaches, you'll find various answers to that question, various quotes that are relevant to answering that question. The one that we think embodies the A10 selling approach more than anything else is, "When the customer comes first, the customer will last." What do we mean by that? We think that this is something that with A10, our approach is one that aligns directly with our sales approach because the most important objective in mind is achieved if we do this and we live by that quote, and that is to achieve customer loyalty. Okay?
Research shows with all the things that go into the customer engagement process with our customers or for our customers, when we engage with them on an opportunity to help them solve their business needs, the business outcome achieve better outcomes is the sales experience. The sales experience itself, in all the surveys taken, was rated the most important to the customer from the customer standpoint. That includes things like product quality, delivery, you know, time of delivery of the solution, support, effectiveness, efficacy, all those other things that could be equal in a sales process. The good news is we perform very high in all of those aspects as well. The key differentiator that we're shooting for to create differentiation is to create the best sales experience possible for the customer. We'll give some examples of why that's important.
Dhrupad Trivedi referenced a key metric earlier in his presentation when he talked about the product revenue retention rate, which is an indicator of growth of the existing customer base, and this is what this loyalty feeds into. Loyalty means growing your customer base by a factor of 118%. 118%, as Dhrupad Trivedi had mentioned, is the net product revenue retention rate that says our returning customers are spending more with us year-over-year, quarter-over-quarter. That means 18% growth in aggregate net of churn, which is a very important indicator of customer loyalty and of customer growth. We want our customers to have a positive sales experience with A10, and that's what our transformation is all about.
That leads the customer to buy again, buy more, and then tell their peers in the industry about their experience with A10, and they become customers, which leads to new logo acquisition, which is also an important indicator of success and growth for A10. A catalyst for our transformation in the sales force is that the sales environment itself is becoming more complex. Now we don't strive to make our sales environment or the selling approach more complex. The reality is that the buying process is more complex. There's more people involved, infrastructure people, security people, compliance people, it's more complex, so we have to be more sophisticated and be prepared for that environment. In the past, sales strategies were about selling products and selling widgets.
The way I grew up in sales, I was trained in selling, you know, features and benefits. Sell features and benefits, Matt. You'll be a great salesperson. That's the old way of selling. We didn't really spend time putting ourselves in the shoes of the customer and building the outcome-based approach where we ask them, what business outcome do you want to achieve, and how can we exceed those expectations and create unexpected value that you didn't expect when you started to put this project together to evaluate different programs or different alternative solutions for your environment.
While selling value and benefits is still a key component of the sale, the industry has transitioned to a much more collaborative approach where the sellers are co-developing solutions with the buyers in a highly complex environment with a goal of, you know, meeting a higher value of needs for the customers. Our sales teams, what they strive to do and what our customers expect of them is to be thought leaders, to be an organization that brings something different, a different perspective to the customer and increases the value of that, focusing on innovative, tailored solutions which prove to be commercially innovative. Not just innovative technically, but commercially innovative. That's a key term here, and we'll talk about what that means in more depth here.
What we're looking to do is the sales team is striving to change the status quo by driving insight that might be counter to the original beliefs of what the customer thought they wanted in a sales process. What we employ is a formula, and this is our sales methodology. It's a formula based on curiosity plus creativity equals innovation, commercial innovation. Commercial innovation embedded in that could be technology innovation, but it's commercial innovation. There is an order of precedence where curiosity has to come first. You can't be creative unless you're curious, unless you're asking the right questions and gaining insight and actually come to the customer with something they didn't expect.
You have to be smarter than the customer in a lot of cases and have more in-depth knowledge about the organization than maybe they do, and you know, have a look ahead over the horizon in terms of what might be anticipated later on in the course of the sales process or in the customer's journey in the life cycle of the organization. Of course, A10 still needs to stand out and create real customer value. As Dhrupad had said earlier, we believe that we have a portfolio of solutions that delivers on all those value streams that the customers expect. These include state-of-the-art cybersecurity with machine learning and AI that detects and mitigates threats before the customer deals with a major problem in their environment.
Solutions that support multiple security and IT infrastructure categories with optimized OpEx and CapEx models, and flexible technical support, that works in both, you know, private cloud, public cloud, hybrid environments, which is exactly what our customers are asking us about right now. All of this has relevance to what Fernando talked about when he talked about, you know, the importance of being able to operate in a flexible environment, both private cloud, public cloud, and a hybrid environment, and make sure that the customer has the same experience with your solutions in all those environments combined. Consistency of the solution in terms of its performance, efficacy, and overall value.
Then finally, this is a key differentiator, our best-in-class support, which makes sure that the customer is not left stranded when we sell them a solution to operate on their own. You know, our world-class support organization makes sure that the mission-critical applications and infrastructure meets the expectations from day one when we sold the solution to the customer. These differentiators and our commitment to the market, you know, are things that we continue to innovate, both commercially and technically, to help create a happy and loyal customer base. This is all critical to the future of A10 and our customers. Speaking of customers, we're going to hear more from our customers here. We have a couple customer vignettes. We sat down with a couple customers of very different makeups and characteristics.
The first being a telecommunications provider based in Edinburg, Virginia, Shentel Communications. I'm gonna turn it over to Shentel, and they're gonna walk through how they derive value from A10 solutions.
I am VP of Network Engineering here at Shentel. My team and I oversee the planning, design, and engineering, and deployment of all Shentel network infrastructure that supports all of our lines of business. That's from video to voice to data. My team also includes the network operations center, who is responsible for the monitoring and management of those networks. Under the Glo Fiber brand, Shentel offers fiber optic broadband services to our business and residential customers. Under the legacy Shentel brand, we offer video and data and regulated and unregulated services through the cable network, because we are a cable operator as well as the DSL internet access in some areas. We're also an RLEC in our area in the part of Virginia.
Under the Beam Internet brand, Shentel offers, you know, fixed wireless internet service using existing cell towers in our network, all of which of course are owned by Shentel. We're seeing more and more networks transition to v4, but there still remains a large portion of that legacy internet that is moving away from v4 more slowly than we would like. There is no expiration date set at this time on v4, so we have to have an expectation that v4 has to continue to exist in our ecosystem for who knows how long. The A10 platform really allows Shentel to continue to support our v4 space as we continue our transition to v6. Payback's immediate. A typical Shentel market generally requires...
When we launch a market, it generally requires on average at least a /20, which will support a little bit more than 4,000 subs. In the beginning, when people were selling, you know, excess IPv4 space, you know, the cost per IP was between $10-$15, depending on the block size. The bigger the block, the lower the cost. Today, that cost is around $50-$55 an IP, again, depending on the block size. Us deploying or Shentel deploying the A10 appliances from the very beginning, it resulted in immediate savings on day one because we were not required to continuously acquire that IP space to support the increasing demand that our customers had.
A10 Thunder appliances are currently supporting, I would say around 90,000+ subs today, which is expected to increase another 15,000 subs in 2022. If you use the market pricing for v4 space over the past 5 years, conservatively, we're estimating a savings of more than $2 million. That's savings that we did not have to spend to acquire additional v4 space. Well, simply, you know, a solution that exceeds all of our requirements backed by really a team of great professionals. You want to partner for success. The relationship between Shentel and A10 has been just absolutely phenomenal. It is absolutely vital that the reputation and commitment of the vendor that you're partnering with can support all your business objectives.
There's an extreme value when you can partner with a strong vendor who continues to evolve as Shentel grows. That describes A10 perfectly.
Okay. Our second customer is a diversified Turkish industrial group, based in Istanbul, and they implemented our SSL inspection solution to help detect and mitigate threats earlier than they or faster than they ever have before. Let's turn it over to hear from Borusan Holding.
Borusan Holding is a group companies, you know. It has different group companies in different fields, something like energy, logistics, and production. My role is group information security architect, and then I'm responsible for SOC operation, information security, and also security infra planning. The challenge for today is to analyze the whole traffic against cyberattacks. All the traffic needs to be visible, needs to be analyzed by all our security devices to actually detect all the cyber threats in today's world. Also, we check our traffic, and then more than 99% of our outbound internet traffic is SSL. It goes through via HTTPS. That's the thing, you know, we need to cover.
We need to analyze all this traffic and even every phishing attacks or every, you know, credential theft, credential attacks, you know, use HTTPS. We definitely need to detect that. A10 actually Thunder SSLi has really straightforward SSL interception operation. It was very smooth. It is so easy to troubleshoot on SSL traffic. For example, because it's the working model is very easy, and it actually translates the ports and recaptures the ports somewhere on our upstream and encrypts again. It is so easy to manage, and it is so easy to troubleshoot any issue on this SSL traffic. It is very simple way to intercept traffic.
A10 has a load balancer feature on it by default. Other than the solutions we actually have in POC, we can load balance our security devices, especially the proxies, with A10. This is a good benefit to choose A10. IPS actually, you know, detects much more threats than before A10. For example, today, in a one month, we actually detect some more than 1 million, you know, intrusion events. Before A10, it was something like 400 or 500, something like that. We can say more than 100% traffic we can analyze with A10.
It's always important to get the customer's perspective, isn't it? As one of our recent new logo customers that we're working on told us, "It's interesting to hear your value proposition from an A10 employee. It's even more valuable to hear. I wanna know what your customers are saying about you." These testimonials are very key in a validation in terms of what we've been telling the market and our shareholders for several years now. We're gonna shift our attention. I'm gonna introduce Tina Stewart, who's our Vice President of Commercial Marketing.
Tina is gonna highlight some more elements of our go-to-market transformation and how we're changing the outcome-based approach for the market and for our customers and provide some insight in terms of how do we do that, you know, what partners do we need to make us more successful to reach those customer business outcomes.
Hi, I'm Tina Stewart, Vice President of Commercial Marketing for A10 Networks. Today I'm gonna discuss transformation in our go-to-market strategy, but first, I'm gonna talk a little bit about the CIO transformation journey. CIOs have been driving significant business change during COVID-19 in order to keep business running in the work-from-home era. As the new year starts, they're looking forward and assessing new realities and new priorities on-prem and in the cloud, and how it all blends together in the hybrid world. There's plenty to keep them busy, of course, from tackling talent gaps, to keeping the business operational, to firming up cybersecurity protection strategies. The CFO and board are right in the thick of the planning process as they rethink technology strategies. The clear CIO reality is the operational and cybersecurity resilience is the top of organizations' concerns as they move to the cloud.
Simply put, it's about the CIO having a plan that includes the right people, the right processes, and the right business partners to deal with problems as they occur, as they continue to migrate to the cloud. This is why CIOs are really rethinking their third-party relationships and how they best operate in a hybrid ecosystem. This reality positions A10 squarely in C-level priorities. A10 supports both on-prem and cloud-native systems in a hybrid manner to ensure digital and cyber resiliency. With this as context setting, I'm now gonna turn the discussion to our transformation journey and how we, at A10, are meeting our current customer and market demands. Accelerating solution adoption. How the heck have we been doing this? A10 was founded based on a great product idea that aligned to customer needs, and we are still delivering on that promise today.
However, the market has changed since we launched our product 15 years ago, and even more so due to COVID and remote working requirements. With so many competing priorities in the market, we have to have a maniacal focus on the customer in this never normal world. Our ambition is simple. We want to make it easier for customers to choose A10 Networks. We are winning because we have gone through our very own go-to-market transformation that includes cross-functional collaboration, an aligned solution portfolio, and measurable partner traction. We considered this through the entire customer journey, from awareness to decision to loyalty and everything in between, with a very clear focus on outcomes, the market, and a much greater sales alignment. Let me go a little deeper. In fact, I wanna go to an entire level deeper on what I mean by outcome-driven approach.
As a business, we took overt actions to differentiate our go-to-market strategy based on customer outcomes, customer experience, market segmentation, time to value, and consistency with a digitized approach. By having an outcome-focused approach combined with the maniacal focus on the customer, we have improved our customer loyalty and have grown new logos. That's huge. We are effectively investing in efficient and effective activities aimed at improving our sales productivity. Hey, for example, we invested in sales, marketing, and partner training. The outcome is a consistent experience throughout the entire customer life cycle. In addition, the training is aligned with the right set of tools to automate repeatable processes and track our incremental progress. It's worth noting that A10 has spent more on sales, marketing, and partner training in the last two years than it has, well, since its inception.
We believe customer engagement and thus sales success are highly correlated with the aligned training and process. That is why for every $1 invested in improving the customer experience, we have seen clear value to the business. Simply put, we are aligning our products, our go-to market, and support for our customer and market needs. When all is added up together, we have succeeded in diversifying our customers across multiple verticals while keeping focus on security and critical infrastructure. When COVID has honestly impacted just about every industry and definitely many industries for sure, we have grown. We have grown by focusing on the right target audience, key partnerships for ourselves with a differentiated message and multiple consistent touch points that have really been yielding results.
Now I'm gonna jump a little bit more into our market opportunity and the GTM motion within service providers and enterprises. Service providers are a diverse group of organizations, including telcos, mobile operators, cable and broadband providers, universities, and many others who are deploying 5G networks. Our 270+ service provider customers are supporting over 1 billion subscribers. Yes, 1 billion subscribers. Service providers depend on critical functions such as carrier grade networking and firewalls, DDoS protection, and load balancing to absolutely ensure proper network performance and security. Service providers, they rely on A10 solutions for the highest standards of reliability, performance and security. Some of our successes include SK Telecom, who deployed the first 5G network ever with the goal to be the most secure network in the world.
We also help smaller regional service providers to grow their subscribers without spending too much money on acquiring new IP addresses. One final example is our partnership with Ericsson. We partnered with Ericsson on its packet core firewall, which is built around the carrier class firewall. More about this in the future. These are just a few examples, but you will hear more about our service provider strategy later on in the session with Terry Young. In the enterprise, we are aligning our go-to-market strategy where we see the greatest market opportunity, just like service provider. For example, cybersecurity threats are on the rise, including ransomware and malware, which are reaching an all-time high. Our solutions and security partnerships support a Zero Trust strategy and can help enterprises combat rising threats. By removing implicit trust, enterprises can ensure the integrity of their networks and drive greater digital resilience.
Some key examples of our successes in the enterprise include. Well, let me start with one of the largest cloud providers are using A10, and they're doing so by protecting compute and back-office applications from crippling DDoS attacks. Gaming, and for those of you who have kids out there, gaming is a big deal. Gaming is another huge area of success for A10. We are the vendor of choice with 15 of the top 25 gaming organizations deeply invested in A10. Gaming companies honestly are among the most cyber-conscious customers we have. Finally, the financial service sector. They also rely on A10 for use cases such as low latency trading, security, and routing. We continue to grow our footprint in the enterprise, but we can't do it alone.
Partners are a huge, huge part of solving challenges for our customers and extending our reach. We have joined forces with a number of leading cloud security and solution partners. We do this so our customers can confidently deploy A10 into their existing infrastructures to protect against data center threats, simplify security operations, and improve traffic visibility. We're also working with a major partner to create a set of turnkey solutions that help enterprises overcome the operational and security complexities they face with application delivery, whether from on-prem data center or a hybrid cloud infrastructure. This is pretty cool news. As I mentioned earlier, a Zero Trust strategy can significantly increase an organization's ability to protect against cyber threats. The ability to inspect encrypted traffic is absolutely foundational to a Zero Trust architecture.
Our technology helps an ecosystem of security providers to efficiently enhance their protection at scale. These vendors range from industry giants such as Cisco, who's just right down the road, to security-specific solutions from companies such as OPSWAT. Finally, cloud transformation. Cloud transformation is now nearly part of every organization, particularly as the pandemic pushed businesses to truly rethink how they service their employees, partners, and customers. Our software solutions ease that transition, and again, this pandemic has really pushed businesses to rethink how they serve their employees, partners, and customers. As our software solutions ease the transition to hybrid cloud environments, they're available in multiple form factors, from pure software to cloud marketplaces like Azure and Oracle. These solutions can be highly automated with DevOps tools to help drive efficiency and accelerate digital transformation. Many organizations are rethinking their technology and vendor relationships.
Our strategy around meeting the customer wherever they are with regards to their journey, with the right solution at the right time as the right partner, and we are winning as a result of our efforts. As a closing note and a validation to our customers and partner support, it is truly gratifying to receive so many awards and recognition over the past two years from partners like Intel to industry organizations like RSA, Interop, and Frost & Sullivan. We are focused on driving innovation through our go-to-market strategy to help our customers solve their most critical cybersecurity infrastructure challenges to ensure digital resiliency. I really appreciate your time. Thank you, and again, thank you for your time.
Thank you, Tina, and I trust that Tina's overview provided a little bit more insight into the market dynamics, the market opportunity, and the importance of a unified sales and marketing approach that defines our overall go-to-market strategy. Let's drill down on security for a minute. I think it's very well known that the sophistication and complexity of cyberattacks has intensified a lot in recent months and recent years. The second thing that we all know very much in the cybersecurity realm is that the adversaries have more opportunities at their disposal, right? Playing defense is more difficult than playing offense. The other thing that's happening is that the volume of attacks has increased.
The third thing is that with digital transformation accelerating within the enterprise sector and in the service provider sector, the attack surface has widely expanded, providing more opportunities for the adversary. No one at A10 knows the adversary more than Rich Groves, who is our Director of Security Research. Rich is gonna talk about his perspective on the adversary, what's going on in security, what are we seeing in terms of recent cyberattacks, and most importantly, how are we implementing a Zero Trust strategy to help protect our customers short-term and over the long haul. Rich.
Hello, my name is Rich Groves, and I'm Director of Security Research here at A10 Networks. The attack surface is growing. There's a steady growth in connectivity and digital transformation. Cloud adoption is on the rise, so cloud infrastructure has become cheaper and easier to use, and therefore people are using more, taking more of their infrastructure and moving it into the cloud. But also enterprises are relying on software as a service more and more over the years. So people are subscribing to services like Office 365, for example, and exposing more of their infrastructure to these software as a service systems. The IoT growth is 1 billion devices year over year, as you can see on the left. Within this, cameras, smart plugs, lights, et cetera, pretty much anything that's connected to the internet. But these...
The real growth is in all of these, what I would call sensor systems like cameras, smart plugs, et cetera. Each one of them has to have an API interaction, a cloud API interaction to even function. Therefore, there's more exposure there as well. Bottlenecks in the internet are always being removed. This past year has been no exception. People are utilizing faster CPUs, certainly more cores, and that is enabling pushing artificial intelligence, machine learning closer to the edge. Finally, faster switch chips are being deployed all the time, because they're being commoditized. They're actually very cheap. Because of that, it's enabling huge increases in network speed and port counts, which we all benefit from in having a faster internet, but also malicious actors benefit from this as well.
Unethical and ethical hackers alike are incentivized to create new exploits of these IoT systems. As you can see off to the right here, the growth year-over-year of the number of vulnerabilities that are disclosed and found. Some, of course, are not disclosed, but have been found. There are a bunch of zero-days that aren't shown here as well. What do we use those for? Well, the ethical hackers would end up utilizing bug bounties to go on fishing expeditions for new vulnerabilities, right? It's a valid and noble business. You know, they're a community that's helping us not just as a vendor, but as an industry as a whole, create more secure software.
By doing this, it's also enabling hackers to actually utilize these CVEs, these well-documented exploits, to incorporate that into malware that allows them to expand their botnets, enable data exfiltration, ransomware installs. It helps them exploit current security parameters, basically. Now they have the ability to not just launch attacks inbound, but also outbound from your network and also from east to west within your network as well, finding new information to attempt to steal or utilize as a weapon. This IoT growth, coupled with the CVE growth that I'm showing here, it's growing at such a rate that it's really challenging for humans to deal with.
We believe strongly here at A10 in machine learning, and we think that machine learning is a necessary tool for effective detection and remediation of these threats. The latest example of this is Apache Log4j. Apache Log4j is a framework for logging. It's event logging. Events like security events, performance events, et cetera. It was disclosed on the ninth of December. It's an exploit that is called an unauthenticated remote command execution exploit. Really what that enables the malicious actor to do is to take control over the system that is exploited. That allows them to install malware if they have malware to do that. This affects more than 35,000 Java packages across the internet. This is based on Google's research.
Across potentially billions of devices, actually more than 1 billion, because you know Java is so ubiquitously installed. Scanning primarily started from Russia on the tenth. We issued guidance soon after that. Soon after that, we noticed malware being uploaded with Log4j being used as an infection vector. After this, a more distributed pattern of scanning traffic was seen, which is a really good indicator of viral spread and incorporation into botnets themselves. What you end up seeing down here to the right is a graph of utilization of this malware on a single host. So at T zero of this line, you'll notice that bots begin scanning for exploited systems about 3 seconds after the exploit actually happens.
We were lucky enough to catch at 26 seconds the command and control actually sending a command to this bot and launching this high-speed UDP flood that you can see, that comes next, at around 26 seconds after exploit. The important part of this graph that I want to show is that the system is exploited and then is used as a weapon in under a minute. At these speeds, humans have difficulty. This is why we think a more automated approach is actually needed. DDoS attacks and weapons continue to grow. We have 15 million DDoS weapons that we track here at A10. UDP amplification sources are very large numbers of systems within this dataset that I'm showing.
Systems that generate a lot of traffic during attack. You've seen these in the terabit attacks that hit Azure, AWS, and Cloudflare. But also we're tracking bots and bot-like behavior as you saw on the previous slide. In December alone, we observed 44,000 attacks, but this is just from our vantage point as a company. Worldwide, it's far more. An example of a technology that we've created to deal with these attacks is called ZAP, and it's our AI, ML-based Zero Trust technology. ZAP is used to create a dynamic signature of an attack on the fly. It's difficult to mitigate with static signatures for DDoS. Attacks themselves are ephemeral in nature, so signature-based systems create a lot of collateral damage.
In time frames sub-10 seconds, we're capable of utilizing machine learning to come up with the exact signature at that one point in time, the exact filter, to protect the end user. What this means, since we're coming up with the filter on the fly, that we can handle new protocols, new attack types, et cetera, with very little tweaking. Essentially attempting to future-proof this Zero Trust system. A10 Networks enables Zero Trust architecture with technology that allows for deep visibility, zero-day DDoS protection, as you've seen. Micro-segmentation of services, protecting one service from another so that trust does not have to be transitive. Large-scale user authentication and verification is built into our systems. Protecting against malicious traffic within encrypted protocols is something that we do very quickly. Thanks for listening.
Based on what Rich sees and knows every day, I'm not quite sure how he maintains such a calm demeanor. It'd make me a lot nervous than it appears to make him, but he's been doing this for a long time, so great piece. Next, we're gonna turn to Terry Young, who's the Director of Service Provider Product Marketing for A10, and she's gonna talk about that specific service provider sector in terms of the business drivers, why it's one of the most well-funded segments that we do business with today, and finally, how A10 enables and secures critical infrastructure expansion globally for customers in this segment. Please welcome Terry Young.
Hello, everyone. I'm Terry Young. I'm Director of Service Provider Product Marketing here at A10 Networks. I'm gonna talk a little bit about the work that we do with service providers across the globe, and more specifically about our recent work with regional service providers that are trying to bridge the digital divide. Catch up or leap forward. If you read anything in the news or in industry publications, you might get the impression that the purpose of all these funding initiatives that are happening in the U.S. and across the world, that the purpose is to allow these communities to catch up with where the rest of us are that have the urban broadband, the better broadband service here in the U.S. But really, I don't think that's what those communities want at all. They don't want to just catch up.
They want to leap forward. They want to bring a better quality of life to the residents. They want to encourage new business and to allow their communities to compete on the global market. They want to leap forward. For those service providers that are looking to build out to these underserved or unserved communities, they have to consider both their last mile access that they have to build, but also how they can augment the capacity and the capabilities within their core network so that they can allow their communities to leap forward or even leap ahead of the current broadband capabilities in the more urban areas of the country. That's where A10 Networks comes in. A10 provides critical functions across the service provider landscape.
What that means is, regardless of whether you're a mobile operator, a telco, a cable operator, a CLEC, a small regional ISP, or a very large tier one mobile operator that has millions and millions of subscribers and moving to 5G, we provide functions that all these companies provide that secure, help secure and scale the core part of their network. We have approximately 270 service providers globally, and we are proud that with those service providers, we connect approximately 1 billion subscribers globally through one of our core technologies. Service providers have lots of different networks, actually. They have data centers and networks for their internal operations and their websites and their retail stores, just like any large organization would have.
When we talk about service provider networks, what we're really talking about is the production network. That's the customer-facing network, the network that you use to make a phone call, send a text message, or do any Internet browsing. That production network is what faces the public, and that's what service providers of all types, you know, have in common that providing access and providing the highest security and highest capability to that core network is of ultimate importance. For an enterprise, for example, the core network is the network, and their data centers are critically important to the functionality of their business. For a service provider, the network is their business.
That means the technologies that we sell them that sits in the core of the network has to have the highest availability, highest reliability, and highest security for them to be willing to put it in their network. Our TPS functionality solution, for example, is used by large data center operators to not only secure their own infrastructure against DDoS threats, but also to offer DDoS protection as a service to their client, to their enterprise clients. Our convergent firewall capability, convergent firewall product is used by tier one mobile operators to provide a seamless transition between 4G and 5G for IP connectivity and also to secure the network infrastructure as well.
Our carrier grade networking, CGN solution is used by regional service providers to preserve their existing investment in their IPv4 infrastructure and also to allow them a path to migration between the two protocols. There's a lot of discussion these days about the digital divide and the importance of the digital divide, of bridging the digital divide. This has really been kind of the focus has been increased due to the pandemic. The pandemic really made everyone aware of how critical broadband capabilities are. This is true not only in the U.S., but really across the world. In the U.K., for example, there's a Project Gigabit that is allocating GBP 5 billion to invest in broadband infrastructure across the country, and this is true in many, many countries.
In the U.S., there's an estimated 23 million households that do not have any kind of broadband connectivity at all. That's the official FCC estimate, which most analysts agree is really undercounting the number. The number analysts have estimated that the number is actually double that. It's more like, you know, 43 million, and that's because of some of the processes the FCC does as far as estimating serving areas and the census maps that they use and so forth. But whatever the right number is, it's too many. These problems have been brought into sharp focus in the pandemic.
That's more acute in the most rural markets, where the percentage of households that have no broadband connectivity is much higher than it is in urban areas. As a result, there have been a series of funding initiatives through the FCC and from the USDA to try to close the gap. It needs to address the problems of not only the last mile connectivity, but also some of the affordability and just lack of technology is also present in either low-income and/or in rural areas. The Emergency Broadband Benefit Program is now part of the Affordable Connectivity Program, and again, is a response to the COVID pandemic and the need for the broadband service for schools and just people in general.
Most recently, the FCC's Rural Digital Opportunity Fund completed its auctions late in 2020 for the first portion of this $20.4 billion initiative, allocating about $5 billion to about 180 service providers to connect about 5 million homes in the first phase of this initiative. Of course, most recently, the Infrastructure Investment and Jobs Act of $1.2 trillion includes a large portion of funding for broadband connectivity. This has resulted in a lot of activity, you know, within the industry of service providers, the smaller service providers trying to figure out where the funds are, how to get them, and how to manage them, and how to apply them.
We've been working with the industry to make them aware of the capabilities that we offer and to offer our expertise, where needed. One thing I think that's really interesting about how this industry is different than, say, what you might be more familiar with, which is some of the build out, say, for the mobile industry, is that this is a very fragmented area. I mean, what you really have is pockets of connectivity that are urban areas that have been built out by the tier one operators, and then everything else is kind of rural. These service providers have a lot more territory, a lot fewer people, a lot fewer resources, and a lot, and less funding, obviously, to try to bridge the digital divide.
Over the years, it's resulted in a lot of kind of innovative approaches that try to create that funding and unique partnerships and different types of companies, including electric cooperatives, fixed wireless access providers, fiber to the home providers, incumbent local exchange carriers, just a wide assortment of smaller companies that are looking to try to fill this gap. It's very fragmented. You have a community that's trying to have the same technical challenges and same network challenges as the Tier 1 operators, but really doing with a lot less expertise, a lot less funding and a lot less resources available to them.
What we try to do is provide the capabilities that we have, both in our expertise and as well as our carrier grade technology that we offer to the largest Tier One, and make that available to the smaller operators as well, so that they can start building a network that's carrier grade end-to-end. Another area that we talk to our service provider customers about is, like, how much subscriber expectations have changed over the last couple of years, and again, largely due to the pandemic. The pandemic has raised the awareness of the criticality to broadband subscribers in a way that's very personal. And most of you probably have had experiences of your own, you know, during the initial shutdown. But I think now when subscribers or potential subscribers think about broadband, they're not thinking about entertainment anymore.
They're thinking about, "Gee, if I don't have good enough broadband, I may not be able to work, I may not be able to get the medical care that I need, and I may not be able to educate my children." It's now very personal, and I think as a result, the expectations that subscribers now have for service providers, regional service providers as well as the larger ones, the expectations have risen quite a bit. I mean, 'cause they know how critical connectivity and accessibility and reliability is. What's also increased is the level of subscriber or cyber criminal activity and the subscriber awareness of that activity. I think consumers today realize that security is no longer a nice-to-have.
They've seen enough programs and news flashes about ransomware or different types of DDoS attacks that they have a much higher level of understanding and awareness of the necessity for cybersecurity. I think you guys heard a little bit about our TPS threat protection system and how we protect against DDoS threats. I wanna point out for the rural communities. I think these threats are actually quite a bit higher. You know, those 15 million DDoS weapons that are referenced in our DDoS report can be just as easily turned to rural subscribers as they can to urban. I mean, after all, the 23 million additional Americans is just another IP address to a cyber criminal.
Most DDoS attacks are quite a bit smaller than the ones you read about in the news. They're under 10 gigabits. Like a 5 gigabit attack or even smaller can easily take out a small enterprise data center or something like a small hospital. For rural communities where they may have only one hospital, a DDoS attack on that facility can be devastating. I really think that rural communities are actually more vulnerable than urban communities because of that need. A second problem that we help address for these regional service providers is their IP connectivity. That is how they're managing their IPv4 and IPv6 connectivity and an existing investment in IPv4 infrastructure.
Now, this is kind of getting into the weeds a little bit about technology that's deep in the core network, so I'm just gonna explain this a little bit about what I'm talking about. Every connected device on the internet has to have an IP address, otherwise the internet doesn't know where they are. The original IP addressing scheme was called IP version four, IPv4, and it had a set number of IP addresses. We ran out of those addresses about 10 years ago. Twenty years ago, IPv6 was proposed and released as a replacement for IPv4. From then until now, there's been a serious level of adoption of moving from IPv4 to IPv6. The problem for service providers is that the adoption is not complete.
You still have, today, most websites are still IPv4. Many old devices are still IPv4. So basically, service providers have to manage both. They have to provide connectivity to everywhere. This is gonna be true for some time. The Tier One mobile operators, or Tier One operators, not just mobile operators. This is an area that they have already come up with a solution for, and many of them use our technology as a part of that solution. For many of these smaller regional operators, they haven't really had this growth of subscribers in some time. They've had an existing pool of IPv4 addresses, and now they're gonna run out.
They now have to reconsider what they're going to do and how they're gonna manage that continued connectivity as they grow their network and try to augment and increase the capabilities for the new environment. This is kind of the basic problem that they run into, is that because IPv4 addresses have run out, the only way to acquire them, usually the only way to acquire them is on the open market through a broker. The price has risen significantly. You can see from 2015 to now. The last time I checked, the high price in July was $60 for IPv4 address. What that means, if you have 10,000 subscribers, that's $590,000, you know, just for the IPv4 addresses that you're trying.
If you're trying to add new subscribers. That's a significant amount of money for a small SP. Most of these regional SPs are going to be running out of their existing IPv4 address pool within the next 1-3 years. This is a problem, an urgent problem that they have to address, and that we try to help them with and provide some solutions for. This is an example of a regional operator that we've worked with, and this is kind of a typical operator scenario. This is a fiber-to-the-home operator. They have an existing pool of IPv4 addresses that they've had for a long time, and they're at about 55,000 subscribers, and they wanna grow, you know, to about 11,000 more subscribers.
They are expecting to run out of their existing allocation of IPv4 in about a year and a half. The cost of the IPv4 addresses at that time was about $45, which means that they're looking at over $500,000 just for the IPv4 addresses. With our solution, they were able to oversubscribe the IP addresses. That means that they can provide; one IPv4 can serve 32 subscribers instead of just one. Savings with our solution was in the range of about $400,000 total, including the cost of the solution. This is a typical scenario and one that many of the companies that we've worked with have found very attractive.
Finally, we work with operators, both large and small, regardless of the access technology that they use. Our recommendations for all these operators really is to first of all, prioritize security investment, and for the smaller operators, that might mean using a partner, and double down on basic cybersecurity hygiene, upgrade DDoS protection as possible. Many smaller operators have found that difficult to do in the past. Recoup costs if possible through some kind of security monetization with your enterprise customers, for example, DDoS protection as a service.
For our regional SPs, we encourage them to drive innovation across all the business models, and although there's a lot of excitement about the funding that's available now, they've realized that funding of partnerships for that funding is just the first step, and they need to consider the technology choices from the core all the way through the access, so they can continue to supply new services and meet the needs of their customers. Lastly, to understand the IP connectivity market, what's happening today, and what the options are to address that, so that you don't overspend unnecessarily, and you have a plan for IPv4 to IPv6 migration. Thank you very much.
Well, that puts a cap on our commercial section for today's presentations. As you've heard from our business leaders, A10's commercial strategy focuses on helping our customer achieve their business needs, right? And that means ensuring that the critical infrastructure that we help secure is done so they can be, you know, more successful in the future as they grow their businesses and available at all times. Let's kinda talk about all the types of organizations we do business with, right? From the largest service providers to the smallest, from the most complex and diverse enterprises and government agencies worldwide, our approach is directly aligned with helping them achieve their business outcomes, and we feel we do that better than any other player in our sector today.
What I wanna do now is transition to Brian Becker, hand it off to him, where he's going to outline our priorities towards driving A10's continued financial success. Brian?
Great. Thanks, Matt, and thanks everyone for joining. Today, we've discussed our focus on security-led solutions, the steady and intentional shift in our revenue mix from a heavy reliance on legacy ADC revenue to a much more diversified revenue base influenced by recurring revenue and differentiated security revenue. We've also discussed our solutions-based approach to customer relationships. I'd like to discuss how the evolution and our improved execution have driven acceleration in our financial results and how that acceleration should continue. I'll also discuss our business model and how we look at capital allocation. This event is being held in lieu of a formal quarterly earnings call, so I'll also discuss our quarterly and full-year results at a high level and, of course, answer any questions you have. I will reference our earnings release throughout my discussion.
I do think it is important to view the quarter and full-year results as clear proof points of the key messages we are delivering today. The evolution from selling a hardware-centric product to a more solutions-based security-led offering has produced significant benefits for our growth rate, and this is evidenced in our Q4 results. Our execution has changed the earnings power of the company. This progress is also clearly evident in our Q4 results. Starting with the Q4 , quarterly revenue was $70.7 million, up 12.8% year-over-year. Our deferred revenue was $121.6 million as of December 31, 2021, up 11.9% compared to prior year. With the exception of revenue, all the metrics I will discuss are on a non-GAAP basis unless otherwise stated.
A full reconciliation of GAAP to non-GAAP results are provided in our press release and on our website. Gross margin in the Q4 was 80.7%. We continue to successfully mitigate the impact of industry-wide global supply chain constraints and price increases. Non-GAAP operating expenses in Q4 were $39.4 million compared to $36 million in the Q4 last year. This reflects increasing investments in our priorities, including cybersecurity and commercial execution. We reported $17.6 million in non-GAAP operating income, and we continued to improve our adjusted EBITDA significantly, delivering a record $19.4 million for the quarter, a $3.3 million improvement year over year. This represented a 28% adjusted EBITDA margin. Non-GAAP net income for the quarter was $16.4 million, representing 23.3% of revenue, or $0.20 on a per-share basis.
Diluted weighted shares used for computing non-GAAP EPS for the Q4 were approximately 80.3 million. On a GAAP basis, net income for the quarter was $10.7 million or $0.13 per share, compared with net income of $7.8 million or $0.10 per share on the Q4 last year. During the Q4 , we repurchased 469,000 shares. Since 2020, we have repurchased 6.6 million shares at an average price of $7.68. We have $93 million left remaining of our $100 million share repurchase program. In addition, we also made our first dividend payment of $0.05 per share during the quarter.
Turning to the full year results, revenue for the year was $250 million, compared to $225.5 million last year. The 10.9% full year growth exceeded our growth targets of 6%-8% and exceeds the industry's growth rate, demonstrating that we have successfully captured market share and are benefiting from security-led solutions. We achieved this growth despite the ongoing impact of the pandemic and the associated supply chain challenges. We reported $54 million in non-GAAP operating income, and full year adjusted EBITDA was $62.4 million, a $16.8 million or 36.9% improvement year over year. On a GAAP basis, full year net income was $94.9 million or $1.19 per share.
That compares with net income of $17.8 million or $0.22 per share last year. Non-GAAP net income was $50.1 million or $0.63 per share. For the year, we generated $50.1 million of cash from operating activities as a result of robust revenue growth and the financial leverage of our business model. We generated $44.9 million in free cash flow for the year. As a reminder, we define free cash flow as net cash provided by operating activities less capital expenditures. Capital expenditures is the purchase of property and equipment. As of December 31, 2021, we had $185 million in total cash and cash equivalents, compared with $158.1 million at the end of 2020.
To put this in context, we increased our cash balances by nearly $27 million while returning value to shareholders through share repurchases and dividends, as well as investing in initiatives to accelerate our growth, and we continue to carry no debt. Taking a step back and looking at our progress over the past few years, you can see that we've delivered three consecutive years of growth and our rate of growth is accelerating. More importantly, we have significantly increased our profitability, growing our adjusted EBITDA margin to 25% and our diluted non-GAAP earnings per share to $0.63. Let me now spend some time looking ahead, discussing our longer-term outlook, our business model, and our 2022 outlook.
Our strategy to create shareholder value is simple: grow revenue and maintain a sound business model with solid earnings power, and invest our cash in a balanced approach to benefit shareholders, employees, and customers. Over the past two years, we have demonstrated our ability to follow this simple strategy, accelerating our growth, growing our cash reserves even as we invest in our business, and return capital to shareholders in the form of significant share repurchase program and cash dividend. Let me speak first to revenue growth. Over the past two years, our product revenue has increased by 22%. Product revenue is a leading indicator of total revenue as it drives downstream service and other recurring revenue. As a reminder, product revenue includes hardware and software revenue. Our annual recurring revenue, defined as annualized support and subscription revenue, has increased by 44% during the same two-year period.
The result is an 18% increase in consolidated revenue over the past two years, including an 11% growth in just the last year. This growth exceeds industry growth and our 2021 growth target of 6%-8%. Our deferred revenue growth includes both short-term and long-term deferred revenue. The growth in our deferred revenue provides better visibility and reduces the volatility of our quarterly results. As of the end of 2021, deferred revenue was $121.6 million and equates to 49% of our total revenue. A10 has always maintained solid gross margins with relatively little quarter-to-quarter variance. However, we have been steadily increasing our gross margins. The reason for this growth is a continued focus on operational efficiencies, including supply chain optimization and the benefit of a shift in our product mix.
During 2020, we spent a lot of time on reducing our expenses and reallocating resources, particularly in our sales and marketing functions, to position us for the highest value opportunities. You can see in the results of this effort on this slide, and our adjusted EBITDA has increased substantially. With the cost reduction efforts behind us, we continue to focus on operational efficiency and maintaining our business model in 2021. This further improved our operating margin with our adjusted EBITDA margin reaching 25% for the full year, which is inclusive of our strategic investments, which enabled us to grow further faster. With $185 million in cash and cash equivalents, a model with significant earnings power and sustained track record of profitability and cash generation, our board and management have been evaluating our capital allocation strategy.
First and foremost, we will allocate capital to organic growth opportunities, investing in research and development to maintain our technological lead, as well as focus on cybersecurity and hybrid solutions. These investments are key for our long-term success. As I mentioned earlier, on October 28, 2021, we announced a new $100 million share repurchase program and also initiated a $0.05 per share cash dividend. This dividend represents approximately 25% of our 12-month cash generation, which overall our target is to return value to shareholders in the form of stock buybacks and cash dividends. To this end, our board plans to evaluate the amount of our dividend periodically, adjusting as our cash generation levels change.
Finally, we plan to retain a portion of our free cash flow to monitor for targeted growth opportunities, and we will maintain a disciplined approach in ensuring strategic fit and financial fit. We have clearly built a solid financial framework and continue to deliver acceleration in our financial results. Let me now turn to our mid and long-term financial models. First, let's discuss Q1 and full year 2022 outlook. We're targeting revenue growth of 10%-12%, significantly above our 2021 targets of 6%-8%. This growth target takes into account the persisting supply chain and pandemic-related business realities and is inclusive of our continued investment in strategic opportunities for growth. We expect to maintain our business model going forward.
Shifting to our longer-term model, midterm, over the next 2 years, we expect a similar growth rate of 10%-12%, with our annualized recurring revenue growing faster than our consolidated revenue. In addition, we expect product revenue to grow faster than our total revenue. We expect security-led revenue to approach 65% of total revenue, which will set the stage for accelerated growth in our longer-term model. From a profit perspective, gross margin is expected to be 78%-80%, driving adjusted EBITDA margin of 26%-28%, which is ahead of our 2021 levels. With an increasingly favorable revenue mix, including more security-led revenue and more recurring revenue, our long-term growth outlook over the next 3-5 years is expected to be 12% at least, with security-led revenue accelerating.
Our target gross margins will be 80%-82%, and we are targeting adjusted EBITDA margin of greater than 30%. In summary, A10 has evolved from a provider of high performance but limited growth hardware products to a differentiated security-focused solutions partner. Our model has evolved, and we now have sustainable profitability. Thank you for your time. Thanks for joining. I'll turn it back over for Dhrupad for closing remarks.
Thank you, Brian. I think today we have gone through several different facets of how the business has evolved, how we are focused differently, and what we are doing to make that sustainable. About a year ago, when we were entering 2021 and were still dealing with a lot of uncertainty, we had spoken about the market leading indicators as it relates to IT spending, cybersecurity, et cetera, and expected to be able to grow 6%-8%, while at the same time we had focused clearly on a few strategic initiatives that were aligned with our differentiation and with customer needs where we can create value. In addition, like many companies, we had to navigate through the year with supply chain shortages, input cost inflation, business shutdowns, et cetera.
I would say I'm proud of the A10 team as well as our partners and customers that we have continued to build upon our strength and our position now towards the future. As you heard today, the way we are approaching customers, the way we sell, the way we are addressing needs like crossing the digital divide or helping customers become more secure against threats that are too sophisticated otherwise, are ways that we will continue to create value. As we enter the year, we once again are optimistic that our initiatives will continue to make us more relevant to our customers, create more value for them, and continue to align with secular tailwinds.
Hopefully you have gotten a chance to understand after a period of maybe two years when we didn't have too many events on what has changed at A10, how we have evolved from our strength and foundation too, being more aligned with secular tailwinds, new buyer behavior, and phenomena such as increase in cybersecurity, which is not related to whether people work from home or not. It's related simply to the idea of more connectivity, more data, and more threats. We believe that these secular tailwinds provide a durable foundation for us to have sustainable growth going forward. As Brian mentioned, we have taken steps to right size and have a strong business model in place, which is now, in fact, allowing us to invest more in higher growth opportunities.
That is part of the reason where, versus one year ago, we were able to grow faster because we made investments to improve our North America commercial execution. We made investments on the product side to focus more on security features and attributes, that were released through the year and continue to help us. Our goal is, as I mentioned before, we like the Rule of 40, but we absolutely want to drive top-line growth while we continue to maintain and continue to improve upon our business model as well. Thank you again for the time. As I said, we hope this gives you an understanding of where we are, what is the sustainable nature of the opportunity, and as we continue to execute that there is also an expansion opportunity in the value as well as the company itself.
Thank you once again for the time for everyone here in person. Thank you very much for being here and for all the remote attendees as well. Thank you. I will pause there.
The Q&A portion. For virtual attendees, there's a Q&A widget on the left side of your screen. You can type a question in there and I will moderate and ask the questions to Brian and Dhrupad. If you're in the room and have a question, just raise your hand and I'll come over to you. I'm gonna start with a question that came in from Anja Soderstrom from Sidoti, who put this in earlier during the program. Growth rates across the industry have trended down, but you seem to be outperforming relative to the market. What is enabling that outperformance, and is it sustainable?
Yeah, no, that's a great question, right? When we look at our end markets, really if I segregate into different segments, the lead indicators for us are looking at things like projected IT spending from Gartner, looking at service provider and cloud provider CapEx cycles and spending patterns, and we also look at secular trends on spending in cybersecurity. As many companies who are more broadly exposed to small and mid enterprise have seen that the general IT spending that was related to digital transformation category has been deferred because there are more urgent requirements like getting people access or VPN and so forth.
For us, however, that phenomenon ultimately still leads to growth of network and traffic and data in the core of the network, and in fact creates more pressure for our customers to better handle that in terms of cost effectiveness. The second part is, as you heard a little bit today, the increasing volume of cyberattacks and sophistication creates two further vectors for us. One is the sheer volume means they need to do more protection in more points in the network. The growing sophistication ultimately means at some point, every company cannot have on staff experts in cybersecurity. Customers increasingly also rely upon us to provide that expertise. You saw some examples today of where we are able to see patterns, detect anomalies, and alert or remediate them.
For us, I think, and the third element is a broader context of improvement in infrastructure has a component within it that is related to IT infrastructure. We have also tailored our products and messaging along those lines to help those customers to better understand options they have, which are not always to rip and replace everything, the most cost-effective way to deploy them and help them be an advisor on how to become more secure over time. I think our focus on areas where we are differentiated, but further aligning our product roadmap and commercial strategy, to those has continued to help us, do better than the market average.
Great. Thank you. The next question comes from Hamed Khorsand from BWS Financial. How has the partner landscape changed over the last couple of years for you? Which partners have been important in your current growth and your forward-looking growth?
Yeah, no. Thank you, Hamed. Good question. You know, as a company, we have always used partners as a way to fulfill demand. I think the way the landscape has changed in the last two years is in two ways. One is we are much more focused now on also ourselves having end user engagement that gives us insight into the customer patterns, the customer buying need and then collaborating with our partners to drive that in terms of a broader solution or more integrated solution. I think we have continued to become a better partner to our partners. The other way the partner landscape has changed is we have evolved from maybe more specialized regional niche partners to ones that are larger and more global, and give us much better reach and expansion, whether it's in North America or Europe or Asia.
In that sense, we are also working with bigger partners with more scale that have the potential to give us reach in addition to system integration or VAR type orientation. I think in that sense, we believe that our partner ecosystem is evolving to where they can be a more and more direct contributor to our own growth and opportunities as we move forward.
Great. Our next question was submitted by Hendi Susanto from Gabelli Funds. Hendi wanted to know, within the 10%-12% year-over-year revenue growth target for 2022, can you break down qualitatively the growth of enterprise and service providers and which may be growing faster? Then the second part to that is within the growth expectations across geographies in 2022, how does that look?
I can start, and then Brian, you can add to that. I think first of all, when, you know, we talk about our customer vertical segmentation, as we mentioned a little bit, we don't deliberately try to make a product for enterprise versus service provider versus cloud provider, right? We have common platforms. Our focus in enterprise is typically on large enterprise, like financials, who handle a lot of data, are very worried about security, and network performance is very important to them, versus being focused on very large section in small and mid enterprise, but which is not our sweet spot on differentiation. When we think of where our growth comes from next year, we tend to think of it as coming from people who will be dealing with more data and are more concerned about security.
Within that, I think we certainly expect service provider cycles around the world to change. We also expect our enterprise business, which is large enterprise, but increasingly by the way, the demarcation between those categories starts blurring as some of the service providers also sell to enterprise. We don't hard segment it in that sense. Overall, we expect, you know, both those segments to be growing next year. It's hard to predict now in Q3, Q4 what customer sentiment might be in enterprise versus SP CapEx. We certainly our plans support both of them growing healthy next year, like we saw this year. In terms of regions, it's the same, right? We did talk about focus on growth in North America last year, and we made investments along those lines, including commercial and product.
I think our results, including Q4 and full year, reflect that now. I feel we are now at a point where, you know, all our regions are contributing effectively to where we need to be. One year ago, we had said we thought there was opportunity with North America with improving execution, and we feel we have made tremendous progress there. As of now, I think, you know, we feel pretty balanced. In 2021, all our regions came within 5% of what we expected or did much better. We are trying to achieve these goals in a very balanced way, and we expect the same next year. I don't know, Brian, if you wanna add.
Right. On a go-forward basis, it's important for us to consider, you know, what does that mean from a planning perspective? I mean, the balance across verticals, the balance across product lines, the balance across geographies really provides us stability and diversification that we're planning on for future growth. You know, it's really a benefit to us to look at all areas in combination and as well as, you know, individually. Really, it's a diversification to really mitigate the risk we have around, you know, challenges in different regions, verticals, or product lines, depending on what's happening in the market.
Hendi also wanted to know, in the context of the metaverse and this emerging area, where do you see A10 and are there opportunities for you?
Yeah, no, I think that's a good question. I think, you know, what is interesting about how our business is positioned and how and what we focus on the most, ultimately, a lot of these phenomena, including metaverse, creates more content, more data, more video, more traffic on the networks. As a consequence of that, it ultimately requires people to be more effective at handling that traffic and making it more secure. As we look at that, similar to a lot of the other trends we mentioned, like IoT and others, while we will not participate in an endpoint device like an iPhone, we certainly participate when that traffic gets aggregated, whether it's at a regional service provider, a global service provider, a cloud provider, or large enterprise, right?
For us, it is an indirect positive that leads to further kind of affirmation of the trends that we are serving into, as people look to solve these problems effectively, but also be more secure.
Great. After watching the Shentel customer vignette, Christian Schwab from Craig-Hallum asked, "How many rural carrier customers do you guys currently have in the U.S.? Can you give a sense for the type of revenue levels they contribute? And as part of that, does the proposed government stimulus serve as a catalyst in this area, in this segment?
Yeah. No, good question, and I'll probably, Christian, answer them in reverse order. I think the government stimulus does create a catalyst for us. We are not probably astute enough to figure out exactly how that money will be spent and by whom and where. We certainly see that as a trend, where there will be promotion of increasing connectivity in rural areas, and therefore supporting those smaller service providers, for literally regions where a big service provider has concluded it's not profitable enough for them to go there, right?
We absolutely think that an infrastructure bill that is focused on bridging the digital divide is favorable to our solutions, particularly because our solutions are focused on solving the problems they face, which are constrained budget, lack of expertise, and so forth, as opposed to a metro where, you know, they might just rip and replace with a brand-new network. We think that is certainly a positive. As it relates to the number and dollar per, we don't disclose that. But it's, you know, at least in tens of customers, and the rollout is not in one shot, right? You might do a first order, and then they expand capacity, then they expand capacity.
You know, we don't split it out on sort of packet size by customer type. Based on the example you heard, you can imagine a typical customer probably, you know, has so many sites, has 8, 10 sites, and per site, if they spend that much, what it could be over time. We think it's a good opportunity, which is very well aligned to what we can do. It's against the backdrop of an area which we expect will have budget, right? The two things we look for in market selection is attractive market, where there is a need and a budget, and our fit in the sense of what do we bring to it and can we win, right?
In that sense, we feel from market selection perspective, we are very optimistic that that's a good play for us here as well as actually globally, right? We think that's important part of the growth.
Great. Thank you. The next question is in for Brian, and this is from Anja from Sidoti & Company again. When we think about 2022 guidance, how should investors think about bottom line growth given, you know, the midpoint of 11% revenue growth in your outlook?
Right. Yeah. You know, the guidance we're giving is 10%-12% for Q1 of 2022 and ongoing. You know, we look at 2022 as a transitional year to some extent. You know, we're growing the business by investing in R&D to keep up with technological advantages that we have, as well as in commercial execution, which means that, you know, we continue to maintain our business model, accelerating growth while continuing to flow through to bottom line, adjusted EBITDA and EPS accordingly. You know, from a bottom line perspective, I could expect that we're expanding EBITDA as a percent of revenue.
I wouldn't say that we would be accelerating at the same rate that we've seen, but absolutely, we continue to grow that at a faster rate than top line.
Great. We're down to our last two questions here. The next one, Brian, also for you. How should investors think about product revenue growth from Q3 to Q4? There was a decline in Q3 to Q4, and I just wanted to understand what that shows as an indicator for future recurring revenues.
Great. Yeah. Thank you for the question. You know, product revenue, we see as a lead indicator for future growth, as I mentioned in my comments. You know, I look at seasonality as something that we are impacted by. If you look at quarter-over-quarter, you know, it's one way to look at the business, but we typically look at it either in full year or year-over-year. We did see 16% growth in product revenue year-over-year, and for the full year, we see 14%, so that's outpacing our current revenue growth, and I see that as an excellent lead indicator for future growth.
Yeah. I think, Brian, just to add to that, the other way to also look at that is in addition to that seasonality, if you look at our product growth in second half 2022 versus second half 2021, it correlates really well with the fact that in Q1, Q2 of 2021, we had a series of new product releases on software side that really drove home the security features and points. When we look at that, we still feel that the full year product growth is still faster, Q4 is still faster. Q3 is a function of two things, right? Obviously, we had a good Q3 2021, but we also had a slightly soft previous year. If you net all that out, it's not a concern.
It's clearly growing faster than total, which, with an attach rate in the future, means it's a good lead indicator for future growth. Yeah.
Hey, guys. Thanks for hosting us here today. Appreciate it. It's good to be kind of back in person again. My question is actually. I have two questions. One's for Matt, if that's okay, and then the second question will probably be for all three of you. Matt, you've been here for a couple of years now. I would love to hear sort of the changes that you've made to the sales organization since you've been here, whether that's relating to you know the interaction of overlays to reps or our marketing organization as well. Comp, if there's any sort of changes you can share about sales comp.
Secondly, you know, as the sales organization's matured under Matt, for all three of you, how has that impacted sort of your visibility and your confidence in terms of calling a quarter when you look at attainment of reps across-
Mm.
Across the landscape and then the evolution of the pipelines throughout the quarter.
Mm.
Maybe you can just give us some color as to how that's changed over time.
No, I'll kick off, and then you can get the microphone to add. I think to answer your second question first, and then we'll go back to the first one. You know, I think I joined about 9 quarters ago, roughly. We look at a variety of metrics that help us get better at that. We look at lead indicators, we look at funnel, we look at participation rate, we look at performance to quota, we look at what is the threshold, what is the max, what is the distribution we expect and what do we get versus that. We have made changes, of course, as it relates to sales incentive plan, but they were all designed to reward growth and more variable pay, not less, right?
I think additionally, we made a bunch of other changes which actually simplified the plan. So instead of having, you know, salesperson spending 30 minutes trying to calculate what their payout would be, it would be obvious to them, right? Focused on our strategic priorities, on what we need to do. That was a big part of it. Matt joined in January or about February of 2020, the 2 months after me. Yeah, yeah. You can walk through it.
I think just even before Matt joined, we restructured the region structures, because we had regions that were $10 million a year, regions that were $100 million a year, you know, there's like the usual, all the sales planning, like cell division, where you had saturation, you break it into two territories, and give both people quota. A lot of just basic metrics-driven commercial execution. Through that process, of course, we made a series of leadership changes on people who are aligned to that, right? Simplest example would be, you might be a great salesperson who says, "Don't bother me all year. I'm gonna book one big PO for $6 million. I just don't know when." We're like, "You're gonna be miserable then, right?
You're not gonna like it 'cause we are gonna ask you January, February, March, April, right? I think just changing our operating cadence expectation, and then additionally bringing in talent aligned with selling solutions, versus being great at selling a box, right? Which is an ongoing thing, not overnight. But you can add to that now you have the mic.
Yeah. I think I'm mic'd up now.
Yeah.
Yeah. Auggie, happy to give you more context. Really good question. I think there's a couple different things that, you know, we have worked on since I started with the company back in, you know, early spring of 2020. Things that we measure, talent that we look to acquire into the organization, there's a formula and there's a difference. For instance, in terms of the makeup of the people we look for that we've recruited into the organization the last two years, Dhrupad hit on this a second ago. It's looking for people that are good at selling fully, you know, more broad solutions. People that have adopted our new sales methodology, which is based on curiosity plus creativity equals innovation.
People that can adopt that and do something with it, practically and operationally in the field when they're with customers. The other thing we look for in terms of the makeup of the rep is, historically, we had people that were, I don't wanna say good, but they were farmers in nature. We need a hunting mentality. Hunters can farm, farmers can't hunt, right? It doesn't flow both ways. What we have right now is obviously we have established accounts that give us a good run rate of business. We talked about our customer, you know, our product revenue retention rate, which means that existing customers continue to buy and buy more and then refer us to other customers. We need new logos too.
We need our hunters to hunt within the existing account base and to acquire new logos. Both are essential to grow. The last thing I'll say is that we have an important metric that we use to determine where resource allocation is placed, meaning where are we gonna put reps for the best rate of return. We use a metric called commercial productivity, which we continue to advance and improve on each year, each quarter, each year incrementally. It's a journey, but we've improved it in the last two years by a pretty, you know, material factor. Commercial productivity is a factor of your gross profit divided by OpEx. Each dollar you spend, what's the rate of return on each dollar, and what kind of profit does that yield?
That's something we use across our sales and marketing team to make sure that we're putting the right resources in the right regions for the best rate of return.
Okay. Great question. Thank you.
Yeah.
Yes.
Same.
Yes. Yeah. Thank you. Great question.
I have a question regarding supply chain.
Mm-hmm.
You guys were talking about how that has been challenging. I'm curious maybe what the impact of that was on top line, if you can quantify it or just describe it in 2021.
Mm-hmm.
In 2022, maybe you can elaborate on if you think it's gonna be the same, better, or worse. I know some of these supply chain issues started impacting other companies in the back half of the year. Now going to 2022, they have a full year of that sort of impact. I'm wondering if that's the same case for you guys or maybe a little bit better.
Yeah. Well, I'll kick off at least. I think for us, we have not had at least a situation where we were unable to get revenue because of a supply chain outage, right? We of course buy the same chips, type of chips from the same type of chip suppliers, so we had to deal with input cost increases that were 20%+ in many cases. But we have had two sides of it. One is from a supply continuity perspective. You know, six, seven quarters ago, we put a lot of processes in place around much better supply and demand planning and interlock, so that we don't end up where, you know, we are able to achieve our bookings, but we are not able to ship it.
We would be preempting that discussion, you know, three months before that happens, right? Saying, "Well, we need to sell this that we can ship." We have gotten better at that. Second is we had a lot of initiatives in place on gross margin related to footprint, freight, logistics, PPV, all kinds of stuff that we had to, in effect, use to offset the input cost increases. That's why our gross margins did not deteriorate. Going forward, right, it's difficult to say. You know, we are optimistic like many that it starts easing up in Q2, but there's no guarantee, right? That could change. We certainly don't see it being getting worse right now for us. I don't know, Brian, anything to add there?
Yeah. No, I think that you touched all the most salient points. I mean, in planning for next year, you know, obviously we've made a lot of progress in 2021, you know, through the challenging marketplace, you know, mitigating some of the cost increases that we've seen with chips and other components as well as freight and logistics. Going forward, you know, we've made a lot of progress in 2021, and we're seeing the benefits of that. Absent any major changes in the marketplace or some new development in, you know, availability for supply chain parts and chips, you know, we're expecting to continue to be able to see that benefit. As I mentioned, you know, we're expecting 80%-82% in the next year growth, from a margin perspective.
You know, we don't see any challenges absent something unusual happening this year.
Okay, I think you mentioned in your prepared remarks that the 10%-12% growth it was inclusive of supply chain-
Mm-hmm.
challenges. If you're not, I guess.
Yeah.
I'm trying to understand what the top-line impact is. You're saying you're not seeing any really in 2021 or.
I would say that our 10%-12% takes into account any challenges.
Yeah.
Part of it, you know, we have our sales cycle is 6-9 months. You know, lead time for supplying that is about the same. We have good visibility. You know, it's about planning and interlocking all of our processes together to ensure that we don't have a miss.
Just a couple other housekeeping questions. Can you remind me of recurring revenue, what that was at the end of the year, and what you expect that to be going forward?
Recurring revenue. Get my notes, so I don't misquote something. You know, recurring revenue for the year grew 5%. In total, recurring revenue was, you know, I define recurring revenue as service revenue, not including professional services, but including some product revenue related to subscription. The recurring revenue at the end of the year was $29.1 million for Q4. For the full year was a 111.1 Million. That was a 5% growth over the prior year.
Should it continue at that rate, 5%, or what do you think?
We expect that to expand.
Okay. You mentioned share purchases in the quarter of 469,000 shares. Have you disclosed at what price or where?
No, I didn't speak to it. Yeah, for the quarter, 469,000 shares repurchased in Q4 2021 at an average price of $15.04.
$15.04. Okay. I guess lastly, there wasn't a huge amount of detail on your product roadmap. Dhrupad, could you expand where you guys might, any new markets that you might be focused on or any new products that we should be focused on as well? Thank you.
Yeah, sure. I think, you know, when you think about that, right, the subtlety there is, right, as a predominantly software-oriented roadmap, it's difficult to show progression of like widgets, right? Over time. I think for us, the roadmap is more about features we are integrating or capabilities we are adding to enable customers to operate in a hybrid environment. That means we have to support, you know, native cloud, multiple cloud, private cloud, on-prem. Similarly, as we look at new features that customers need to expand what they do, it's sort of a progression. No new hardware boxes, right? That's my point. It's predominantly around enabling new operating environments like hybrid.
It's around enabling customers to use our products and deliver sort of microservices and other things based upon that. It's based upon new capabilities that we can continue to add, whether it's through OEM partnerships or something else that just continues to expand that security things we can do, right? Those are probably the main dimensions of it.
Great. We've actually had a couple more questions come in through the virtual window, so I'm gonna take this question from Jonathan Hart. Can you discuss the components of services? How much is maintenance, and what is the retention rate of that maintenance? And then also, how much are one-time services, and how much are growth-oriented subscriptions, and what does that retention look like?
Yeah, no, thank you for the question. Two parts to the answer here. Services includes support and maintenance contracts, so technical support for our products and services. A portion of our service revenue also includes professional services, so it's the configuration, installation services. That portion of the revenue, the professional services portion of the revenue is not material. The second part of the question, you know, what can I look at from a... Actually, what was
Well, I think the retention.
Retention rate. Thank you.
I mean, our renewal rate is like 90%.
90%. I think, you know, we looked at, you know, product, you know, net retention rate at 118%. Looking at the support element of it, what turns into services revenue, you know, our retention rate of our existing customers is approximately 90%.
Great. The next question comes from Alex Henderson of Needham. Alex, thank you for hosting the Analyst Day. He asked, two of the key trends driven partially by COVID are, number one, increased traffic that is encrypted, jumping from 30% several years ago to over 70% today.
Mm-hmm.
The second is the dispersion of employees using collaboration technologies. Both of these trends stress enterprise and service provider networks as more traffic is pushed across the IT stack. Does this drive your business up? If so, is there risk that when workforce returns to the office, that could shift traffic lower?
Yeah, no, great question, Alex. Thanks. I'll answer them separately. The first question I think is correct. Recently, you know, we have spoken a lot about, and one of the customer case today was around our SSLi product, which is about decrypting and encrypting traffic and then monitoring for whatever you want to monitor for, and we work with partners on that. We certainly see growth in that encryption, which makes it harder because even the threats are encrypted, so it becomes more important to decrypt it, to do things with it and then put it back on the network. We have obviously partners that align with us as well to do that in the decrypt zone.
Yes, for us, that is absolutely a trend that is directly in line, and it's actually one of the areas where we did focus and increase our investment as well, right? It is the same hardware box and same software platform that enables that capability for them. For us, certainly that encryption is a favorable trend, and we saw that we were cited also in the Gartner report on that. The other area on remote work, for us, I think if you look at our results over several quarters, remote work for us was more a phenomenon of increase in complexity and volume of traffic that needed to be handled, whether it was a large bank or a service provider.
For us, it was not directly linked to the actual, you know, remote office environment or devices people used to connect from home or VPN or things like that, right? It was still more about what happens when that data gets aggregated back. I would say in cases like large enterprise, where people got dispersed, where instead of 1,000 people in a building, you had 900 at home, that doesn't materially change what the main location was doing. We don't think that people coming back to work for us is negative, just as people going remote was not a huge positive either, right? In both cases, the fundamental growth on network traffic and security was what was favorable to us.
Great. I'm gonna wrap here with one last question. I'm actually gonna consolidate a couple questions about subscriptions into one. I just also note if you asked a question that we didn't address here today, we're running short on time, we'll follow up via email and if necessary, schedule time with you, Brad, Brian, or Matt or whoever else your question was directed at. But in terms of subscriptions, one, are you selling subscriptions for hardware? Separately, what percentage of software is sold on subscription, and do you see any trends there changing?
Yes, I think, you know, I'll probably give you the customer-oriented answer, and then Brian can add to the details. I think the important part for us really is aligning our solutions and roadmap to the customer needs. If you visualize our customers as large global service providers, whether it's MSO, cloud, telco, doesn't matter, their business model is not to start consuming everything as a subscription from us, right? On enterprise side, clearly there is more of a shift to that. Where we are really focused in the market is what is it that they consume from us as a subscription that is creating value for them? Example is obviously cybersecurity updates or things like that. That's where we are growing that base.
We have not gone down the route of selling hardware as a subscription, like some companies have. That is not counted for us as a subscription today, right? Clearly, we are directed more by aligning with our customers' needs as it relates to CapEx, OpEx planning, priorities. There are places where we participate with our customers on a number of users that we true up, and we get paid more if they get more, so we share in that. There are customers where we participate with data that goes through our devices, right? Those are all evolving models for us, but because of the nature of our customer base, it's not sort of a mid-enterprise orientation where there is much stronger push to move everything to subscription. Right. Right. You can add to any more.
Yeah. Excuse me. I think, you know, just as Dhrupad mentioned, you know, we look at our customer base as either currently vertical, either as, you know, service provider or enterprise. You know, today our service provider companies are providing subscriptions to their customers. We're obviously working through developing or at least offering their infrastructure products, our infrastructure products for them to enable that. As we see, you know, we're beginning to roll out new features around security, and a lot of that is content-based, which drives subscription revenue. We're also investing in hybrid solutions, which will also drive increased subscription revenue. You know, while it's a smaller portion of our revenue stream today, it is growing, and we expect to see that continue to grow and be a huge driver of growth in the future.
Okay. Very good. Thank you, Rob, for the last question. Thanks to everyone once again. Appreciate it and hope that was informative. We are certainly happy to follow up with any questions after the event as well. Thanks once again, and thanks to everyone that helped put it together. Appreciate it. Thanks.
Just as a matter of practice, there will be a webcast of this event and a transcript available on the company's website later today and tomorrow, once those are processed.
Thank you.