Check Point Software Technologies Ltd.

So thank you everyone for joining us. My name is Keith Weiss. I run the US Equity Research Software franchise here at Morgan Stanley. And very pleased to have from Check Point both CEO Nidav Zaferer, as well as head of IR Kit Meinsner. Brief disclosure on our side of the equation for important disclosures, please see the Morgan Stanley Research, the disclosure website at .morgansanley.com backslash research disclosures. And not to be outdone, Kip has his own disclosure.

Yes, the obligatory safe harbor. During the course of this presentation, there may be forward-looking statements. As with all forward-looking statements, they have risks and uncertainties. If you would like to get some good sleep, you can read our 20F and get a comprehensive view of all of those risks and uncertainties. And as with all forward-looking statements, we only have a duty to update where required by law. And with that, back to you, Keith. Excellent, well done.

Sunil, thank you so much for joining us. You've completed your first quarter as CEO, but I wanna take a step back and kind of tap into your expertise as someone who's spent decades in the cybersecurity industry, unit commander in IDF 8200, leading VC efforts in the space. And to kind of get your perspective on where we are right now within the cybersecurity industry, what are the sort of changes, the evolution that you're seeing, and what made you excited about coming to Check Point to kind of leverage those on a go-forward basis? Yeah, thanks, and thanks

for all for being here. So I've been in this industry for the last 30 odd years. For me, at least, when I think about where we are, cyber has always been a learning competition between offense and defense. It's one of those industries which is quite unique in that sense. You have two parties constantly competing, and the competition is around understanding where the challenges are, seeing new, I've got one thing, seeing new technologies, adjusting. And I think that for the most part, when we look at the last 30 years or the last 20 years, you have to appreciate that it's an asymmetrical sort of situation so that if you're on the offense, you have some advantages, and if you are in defense, you have some disadvantages. A lot of this is table stakes, you know it already. But in essence, attackers have an easier time learning and harnessing new technologies. And we're always sort of in this gap between offense and defense. That hasn't changed. I think what's happening right now is interesting because we're entering a new era, which is obviously the AI dimension. And AI does have the possibility at least to impact this learning competition dramatically. And sort of the way we look at AI is we say, look, you gotta look at it in three buckets. What's not gonna change, what's already changed, and what might change everything? The first thing that's not gonna change is that in a hyper-connected digital infrastructure, what we call the mesh, we are not going away in the foreseeable future. So at the end of every node, there's a human. We need to remember that humans get lazy, they make stupid mistakes, they become useful idiots, at least I do. So we need to remember that's one thing that's not changing, and what we are focusing on is providing a hybrid security for the mesh. What's already changed is the attack surface. So attackers now have new components to go after, which we know less about. Some of them are pretty straightforward. So your friendly email phishing attacks have just become much more sophisticated, personalized, et cetera, we know that. Deepfake is out there, we know that. But some are more sophisticated. We're seeing in the wild and in theory, data poisoning attacks that will impact the explainability of AI models, which are making it very, very difficult to deal with. And then finally, there's what's around the corner that's gonna change everything. The only problem with that is we don't know what it's gonna be. And so we need to be very humble and appreciate our limitation of imagination. And this is where we need to look at different futures with different possibilities and different scenarios. And we need to come back to the present and assign different resources to those different possibilities, without fooling ourselves to think that we actually know what's around the corner.

Right, got it. I definitely wanna dig into sort of the AI opportunity. There's elements of the portfolio, you guys are already starting to exploit this. Before we get there, a high level question in terms of your strategy at Checkpoint, you're joining truly a store company. These guys founded the network security marketplace. It's hard to find sort of lineage within cybersecurity that doesn't sort of come back to Checkpoint. But as a new leader, as a new CEO, I'm sure there's ways that you think you could impact change and change for the better within Checkpoint. So what's your kind of initial thoughts on that strategy of where you want to sort of take Checkpoint to?

So first of all, my excitement is about, I'm passionate about security. I've been doing this for the last 30 years in different aspects of it. It really excites me and I'm really passionate about it. And I see it as a mission. The opportunity at Checkpoint is to do it at scale. Right, so in the last 10 years, I was having a lot of fun innovating at the edge. I was involved in starting 20 new startups. Some of them are now a part of the industry and other companies are leading some of the different components of cybersecurity. The opportunity at Checkpoint is to do it at scale. And in my first 80 days of my first 90 days, I've got 10 days left from my honeymoon. One thing that pleasantly surprised me is that this scale actually matters, especially when you speak about AI, because we have 100,000 customers, some of them with 30 years of data. So we've seen every mutation, every permutation. We have incredible amount of data. And AI ultimately is about what kind of data you can feed it. And so putting that together, the scale and our iconic stance and reputation and really the fact that we do have the best security, on top of that, you now go out there and you say, okay, now everything is changing. I think that's an incredible opportunity for us. And when we speak about AI, we look at it from different aspects. So number one, we're already doing, we are securing AI. So wherever you're employed, somebody in your organization is scratching their head for the last couple of years to try to understand how to allow you to use these LLMs. What are you allowed? What are you not allowed? Compliance, sensitivity, cost, cloud, et cetera. That's something that we're already providing our customers with. And because we are at the network level and because we have this capability to look at the whole of the mesh, on-prem, multi-cloud, edge, workforce, distributed, browser, et cetera, we have that capability, which is pretty much going to become table stakes, right? So to protect and to allow you to use LLMs. And remember, this is artificial intelligence is what we call it, but it's still augmented intelligence that humans use, at least in the foreseeable future. And so we need to provide the usability with security. So that's number one. Number two around AI is we're establishing an AI cybersecurity research center, because we also understand that our limitation of imagination. And so we're hiring some of the best talent in the world, some of them coming from the attacker's perspective so that they can think like, what are the attackers going to be doing? Some are researchers, some are looking at it from an academic perspective, some are ex-practitioners, because we appreciate the fact that we're not gonna get it right. Nobody's gonna get it right. We're gonna have to assume, not assume, we're gonna have to forget the mark, X on the word assume, we're not gonna assume anything. We have to play different scenarios

all

the time and see if we're ready for those scenarios. Ultimately, come back to the present. And what we're doing in this present is what we call the hybrid mesh approach. So we're going out to the market and saying, listen, don't think about point solutions. Think about your mesh, think about how you become competitive, think about how you do three things, which we think this, our infinity platform provides you. Number one is think about security. Number two, think about usability. So if you're in your hotel room tonight, watching YouTube, we wanna give you a good experience and we don't want a bling, bling, bling cloud cost. And number three is provide the security when it matters best on intent, identity and intent and the multiple of those two.

Got it. So you touched on scale, you touched on the infinity platform, which is the consolidated platform the Checkpoint brings to the marketplace. And you have a broad set of functionality enabled within that overall platform. One of the things that we've been talking about forever is the potential for consolidation within the security space. This is a space that traditionally has been driven by a lot of best of breed buying. So how does, two things, like one, how does Checkpoint look to sort of drive that behavior of to drive a more consolidated purchasing? And is the market ready for that? Is the market willing to sort of come into a more consolidated solution? Yeah, it's a great question.

I think it's happening in the last few years and different entities and different companies and different leaders call it different things. The need for consolidation, I think, is real. Our approach is we're not gonna be a one-stop shop and we're not gonna be everything for everyone. We don't think that's the right approach, at least not for complicated enterprise networks. If you're an SMB, that's fine. If you're enterprise level and you've got your data centers, you've got your branches, you've got your workforce, you're multinational, you've got sensitivities, you've got different regulations in different parts of the world, one-stop shop will not fit you. Our approach is to become the platform, consolidated, but a real platform for mesh providing hybrid security based on some of the stuff that's already best in class that we have out there, like our firewalls, our IPS, our prevention, new stuff that we're building and integrating into that system, which we think we have a unique solution for like Saase. And talking not about point products, but about a consolidated solution that provides security, usability, and cost management and is ready for the future. And that's the Infinity platform. So it's a different approach. It's also a different way to consume it. So you have your ELA Infinity agreements where you consume as you go. You're not buying a product. You're buying a solution. You're buying the ability to stay secure and always find your place on that continuum between order and chaos so that you can provide the best usability and competitiveness for your network. I think the really smart forward-looking CISOs understand that they're not securing a network. They're securing a business and that business needs to

perform. And maybe even one step further, over the past couple of years, because we've seen more of that consolidated activity take place, is also a broader understanding that the data being sort of driven from all these point solutions is increasingly important. That perspective on data across different vectors and different modes of attack become increasingly important. And I would suspect that even accelerates with AI because that's where we're gonna be able to utilize that data even more effectively. Am I overstepping in terms of like generative AI? Could be a further push towards this consolidation trend?

I'll tell you where generative AI has a real opportunity to change the asymmetrical nature of this learning competition. We always say that it's asymmetrical because on offense you need to be right only once. On defense you need to be right all the time. I can try to break into your system a million times. I only have to be right once. You have to be right all the time on the defense side. AI does have, harnessing AI has the potential to change the nature of cybersecurity dramatically. And that's the point of harnessing AI for defense. And here we have two aspects. Number one is actually simplification. And so last week in Vegas, in our customer experience convention in Vegas, we have like a dozen different new capabilities that we provide with AI. All the way from consolidating the data to AI ops that goes out there and constantly tries to anticipate what's going to break. So that's one aspect, it's the simplification. On the Intel side, it's a different story. What we're trying to do is, what we have in our platform is we've got the unified management and then the different products. And then on the bottom, feeding all that, we have the threat AI cloud, which constantly has, I think over 60 AI engines running on the cloud, feeding from everything possible on the planet. And being able to consume all that, being able to analyze all that and being able to propagate all that to every node in this mesh in a hybrid way, meaning that maybe tonight, when I want to give you the best protection, it's going to be on-prem, on-device in your hotel room, but propagate that immediately. That's where AI becomes extremely, extremely useful. And then the last thing is, when you go into agentic AI, you can start replacing some of the most, more of the manual work that you're doing.

Right, and that last point gets into one of the sort of problem points within the security industry we've talked about for a long time, which is the lack of security analysts. So now you could augment more of that and sort of offset some of that. Yeah, I think that's one area that will be solved. Yeah, got it. So I want to dig into some product-specific initiatives that you have going. You guys recently announced the Quantum Force Gateway Series, powered by over 50 AI agents. We're hearing a lot of positivity in the channel, a lot of positivity from customers about this. What are some of the areas that you're seeing significant improvement versus kind of prior generations of the Quantum Series? And how does this change your competitive dynamic when we're thinking about the broader next-generation firewall market? So for large enterprise,

our master series allows for scalability. And when you think about AI, scalability and speed matter. And going back to where I think this is our advantage is, is using those, so we really have the best of breed gateways out there. They're scalable, they're dependable, they have the best prevention capability. But when you integrate that into a platform idea of this securing the mesh, the hybrid mesh, with our SAASI, and when you integrate SAASI into that, and when you now can bring a unique SAASI solution, which is hybrid, so it's not cloud only, it allows you for the flexibility. And you propagate, as an example, our ability to propagate, not just the security, but also the policies. When you look at it from a practitioner's perspective, that makes a big difference.

Got it. If you could talk a little bit about your SAASI solution. Late 2023, you acquired a perimeter 81 that expanded out the SAASI solution. We've talked about having 12,000 customers, but mostly in the SMB side of the equation. How is the SAASI solution evolving? How are you upleveling it to a better position for your large enterprise customer base, which has a lot of potential in it? And can you attach onto the momentum from Quantum Force Gateway to drive more penetration of that SAASI solution?

Yeah, so admittedly, we weren't the first ones in the market with SAASI. But there's also an advantage there. I think we learned from the traditional SAASI, what works, what doesn't. And I think we have a unique architecture, which is much more enterprise ready. That's number one. Now, there's a lot of work to do there. There are features that we still need to add to it. There is scalability that we need to add to it. And we are ultra-focused and putting dramatically higher resources in order to do that and do it fast. And so, we're literally hiring hundreds of new engineers and repurposing others to focus on that and do it really, really fast. But there's a lot of work to do there. And 25 in that sense is a transition year. The other aspect of this is the integration into the Quantum. But it's not just the Quantum. It's Quantum, but it's cloud network security. And then it's integrating all that into the Infinity platform. So at the end of the day, if you're a practitioner, you're not concerned about who is working where from. You've got your policy. It propagates across the board. And now you just optimize security for who is using it, where they're using it, and for what purpose they're using it. Because you and I could get different security solution if we're in the main office next to the data center. But then we're in a branch office. And then we're remote in a conference. And everyone's in different geographies. Every one of these geographies is in different spaces. We also have a different intent. If I'm going to consume a SAS with highly sensitive data, I want to give you one connectivity. And I want to provide you with a certain security. If I'm watching, if I'm streaming my favorite ball game tonight, that's a different scenario. And so from a practitioner's perspective, that's the kind of experience that we want to provide. And that's the kind of solution and idea that we want to come to our customers with. Now, there's a lot of work to integrate all of that. But we have the components.

So in terms of level-setting expectations for investors, 2025, still a year of investment, building out the integrations, building out the capabilities, 2026 would be more of where we could expect it to start ramping and maybe sort of traverse towards that $100 million plus ARR front rate?

Yeah, I think that makes sense. One of the things that I remind myself, coming from a startup environment in the last 10 years, so my nature is you have an idea. You start working on it today. Next quarter, you try it out. A couple of quarters later, you've got product market fit. And then next year, you want to do 10x. That's not going to happen at Check Point. And I remind myself that. So it's a journey. And we need to do it prudently. What we do have, I think, is a real strategy, real components, great people that are passionate to do it. The last few months, we're getting this is resonating with our customers, with our partners. And remember, our customers are large, sophisticated, and complicated environments. They have regulation. And they have a distributed workforce. And they're multinational. So they have different regulations in different countries. That's where we shine. And so we're getting, so it resonates. Now we need to do changes to our, we need to work on the product. We need to work on the integration. We need to work on the business side. We need to train our field. We need to get Lighthouse customers that start using this and help us tell the story. Got it.

Got it. Switching gears a little bit, a product that you guys recently talked about surpassing $100 million in ARR was the email security product. And you expanded into this market around four years ago. And I would say much to the surprise of investors. We had looked at this as a pretty penetrated market, one that Microsoft was largely taking over. The sort of the goal private proof point was kind of a proof point of that sort of market saturation. Other network security vendors had really shied away from email security. But you guys took the bull by the horns. And it's been a very successful product. Where did, like where was the opportunity that you saw that other people were missing? And what's made that successful for Checkpoint thus far? So first, the

credit definitely doesn't go to me. I was doing other stuff when this happened. So the credit goes to our newly appointed CRO, Itai, and to Gil Schwed, and the rest of the team. But I'll take the credit for it if you want. I'll tell you this. It is something to look at. Because this is like one of the most mature industries, like email. It's been around for whatever, 40 years. Somebody asked me in one of the talks today, are we even going to be using email in a couple of years? My answer is yes. And what Avanon was able to do was, and I think it proves the point. If you really differentiate the product, if you come with a real better product that gives you better security, easier to consume, customers are going to listen. Now for us at Checkpoint, this is not a part of this hybrid mesh connectivity layer. But it's a great product that helps us talk to customers about other issues. And this is not the only one. So a few months ago, we also did the acquisition of CyberInk with ERM. We are adamantly looking for, or we're looking for, and if you have any ideas, tell us about new cyber AI companies. Because we want to have that arm that talks to CISOs, not just CISOs, CISOs, CIOs, CTOs, and help them navigate this new journey. And it's a different door from a sales motion. It's a different door. Different buyers, different door. If you look at our client base from the email side and the hybrid mesh side, most of them, there's no correlation there. So it allows us to go and cross-sale. And ultimately, I think to Gil Friedrich and the team, you look at the product versus the cloud native, or some of the traditionals that are out there, it's just a different product. And when you go back to where the attacks are coming from, a lot, you'd be surprised. But email and phishing is still one of the main entry points into an organization. And what they've been able to do, which is really exciting, is to create this again. And this is what I'm passionate about, is coming to the partitions and say, listen, I hope you're not, I won't make you just more secure. I'll make you more successful. Because the usability, your ability to compete, your ability to provide senior management and employees with ease of use is paramount. And that's what they've done.

It sounds to me like this is a little bit of a validation point in terms of what we were talking about previously with SASE, not necessarily first to market, but bringing a differentiated solution, taking the learnings from prior generations to make a better product for the market.

Exactly. Exactly. And that's exactly what we need to replicate with SASE. Now, SASE is different because it's front and center and very integral to our overarching platform solution for the hybrid mesh. Got it.

I want to talk about the WIS partnership. Can you talk a little bit about the opportunity there? What was interesting about getting together with WIS? And what does this mean for the CloudGuard product portfolio?

Yeah. So when we say platform, I think we synonymously, or not synonymously, but the next thing is open platform. I have a lot of respect for many people in the industry. And they all have their own philosophy and strategy. I don't think that platformization means platform. I think a real platform is real integration with a unified management with one set of data and intelligence. And in order to do that, you need to acknowledge what you're not good at. And you need to focus. And we're going to be focused on this hybrid mesh. Now, the workloads in the cloud, the CNAP, et cetera, I think we're just better off in repurposing our effort in creating the best cloud network security and joining forces with the best of breed in the cloud native and the CNAP with WIS. Now, it's on us to show that we can actually integrate this in a seamless manner. And I think we can. But that's what it's about. It's about focusing on what we do best, having an open platform, understanding that enterprise customers do need. Look, I don't recommend that our enterprise customers do what they did like 10 years ago, which is say, listen, I'm going to have 70 different vendors and I'm going to integrate it. It's a nightmare. And the attackers are going to come through the cracks. But I think going to the other extreme doesn't work either. I think a one-stop shop doesn't get you anywhere either. I wouldn't do it if I were in their shoes. I didn't do it. And I wouldn't do it now. So you need best of breed. And if you have best of breed platform that collaborate with each other. And by the way, we're not going to just do this with WIS, where they're like with a partnership. We're actually going to do this even if our customers choose to have a multi-vendor environment with something that is ultra competitive to us. And obviously, we would like to tell them, listen, use only Check Point. Many of them are not going to. And so we're also going to work together with other providers on prem that are sitting side by side with us, either because they have a multi-vendor strategy or because it's an acquisition or they made an acquisition so that we can propagate what we know to other firewalls so that they can become more effective to secure our customers. Got

it. So if we take that perspective and think about the M&A strategy from Check Point, from the outside, it feels like it's picked up recently in terms of the Check Point has leaned a little bit more into M&A. With that focus on integration, that focus on sort of ensuring best of breed, how should we think about that perhaps changing if it does the M&A strategy on a go-forward basis?

So very simple. I mean, we have the war chest. You know it. And we're going to use it when needed. But the strategy is going to be very, very simple. We're going to make acquisitions where they fulfill the strategy. And we're not going to make acquisitions in order to get a strategy. Our strategy is not M&A and having everything. Our strategy is the hybrid mesh and provide the best platform in the world for the hybrid mesh. Anything that can help us accelerate either a point solution or intelligence or unifying, that's a great target for acquisition. And the other area is AI just because it's moving so fast and nobody's going to get it right the first time. And so we want to see more and more startups and what they're doing and how we can incorporate there. So you're going to see more investments there as well.

Got it. Checkpoint has, for a long time, had an extraordinary margin profile. You're talking about investments into stuff like SASE. You're talking about investments into integration. How should investors think about your perspective on the balance of growth and profitability on a go-forward basis?

So the way we're starting off, at least, is to be prudent about it in the sense that there is leeway there and you are going to see change, but it's not going to be dramatic change. It's going to be low single points that we're going to use in order to make investments and where we think we know exactly where we're going. 2025, we're already making significant investments in SASE, significant investments in AI. But at least in the foreseeable future, you're not going to see a major shift that says, listen, let's cut our profitability by 50% so that we can grow really, really fast out of the bat. The idea is healthy, sustainable growth over years. Gill has built this company over 32 years. I don't suspect I'll be here in 32 years, but I want someone to be here representing Checkpoint as a podium player that will look back and say, they were prudent. They knew what they were doing. They had a long vision.

Got it. And on the investment side of the equation, and knowing it's going to be measured investments, any significant changes we should expect on the -to-market side of the equation to make more effective or maybe perhaps more

efficient? Yeah. The answer is yes on three different levels. Number one is organizational changes that we already started to announce. So a very simple example is that instead of having two people that are -to-market on the leadership team, we're going to have six. Marketing will be reporting directly into me. I intend to be much more focused on that and being out there. That's number one. Number two is changing the tone, but changing it in a measured manner. Don't expect us to become a marketing machine and start having celebrities flying out of space and banners on really fast cars. That's not where I want to put our dollars, but we are going to become more vocal. I think I want to remain sort of the humbleness of real security, real products, understanding that we don't know what's coming. That's going to stay there. However, I think we need to be less shy. And where we think we have best of breed, where some of the stuff that I learned in the last 80 days blows my mind. But nobody knows about it, or not many people know about it. We blocked 99% of 0 plus 1s, 99.8%. The runner-up does 90%. If you make the math and you look at how many 0 plus 1s are out there, the chances of being breached with CheckPoint are dramatically lower. We're not talking about that enough. I don't want to be shy, but where I have the proof. And I don't want to make promises that we're not going to be able to keep. Unfortunately, that takes us to

the end for a lot of time. But thank you so much for joining us. Thank you. Fascinating conversation.