Logo of jester cap with thought bubble.

Image source: The Motley Fool.

Check Point Software Technologies Ltd (CHKP -0.65%)
Q4 2020 Earnings Call
Feb 3, 2021, 8:30 a.m. ET

Contents:

  • Prepared Remarks
  • Questions and Answers
  • Call Participants

Prepared Remarks:

Kip E. Meintzer -- Global Head of Investor Relations

Greetings. My name is Kip Meintzer, Global Head of Investor Relations for Check Point Software. I'd like to welcome you to our Fourth Quarter and Full Year 2020 Financial Results Video Conference. At this time, all participants are in listen-only mode during the formal presentation, which will be followed by a question-and-answer session.

Joining me remotely today on the call are Gil Shwed, Founder and CEO along with our CFO and COO, Tal Payne. As a reminder, the video conference is live on our website and recorded for replay. To access the live conference and replay information, please visit the Company's website at checkpoint.com. For your convenience the replay will be available on our website. If you'd like to reach us after the call, please contact Investor Relations by email at [email protected].

Before we begin with management's presentation, I'd like to highlight the following. During the course of this presentation, Check Point's representatives may make certain forward-looking statements. These forward-looking statements within the meaning of Section 27A of the Securities and Exchange Act of 1933 and Section 21E of the Securities and Exchange Act of 1934 include, but are not limited to, statements related to Check Point's expectations regarding business, financial performance and customers, the introduction of new products, programs, success of those products and programs; the environment for security threats and trends in the market, our strategy, focus areas and demand for our solution, the impact of COVID-19 on our business, including on our product development, sales and marketing efforts and our financial condition and results of operations; the impact of COVID-19 on our customers, suppliers and business partners and the macroeconomic environment as a whole, our business and financial outlook, including our guidance for Q1 and full year 2021. Because these statements pertain to future events, they are subject to risks and uncertainty. Actual results could differ materially from Check Point's current expectations and beliefs. Factors that could cause or contribute to such differences are contained in Check Point's earnings release issued on February 3rd, 2021, which is available on our website and other factors and risks, including those discussed in Check Point's latest annual report on Form 20-F filed with the SEC. Check Point assumes no obligation to update information concerning its expectations or beliefs, except as required by law. In our press release, which has been posted on our website, we present GAAP and non-GAAP results along with a reconciliation of such results as well as the reasons for our presentation of non-GAAP information.

Now it's my pleasure to turn the call over to Tal Payne for a review of our financial results.

Tal Payne -- Chief Financial Officer and Chief Operating Officer

Thank you. Good morning and good afternoon to everyone joining us on the call today. I'm pleased to begin the review of the fourth quarter and the full year. Revenues for the fourth quarter increased by 4% year-over-year, reaching $564 million and our non-GAAP EPS grew by 7% to $2.17, both above the midpoint of our guidance.

Before I proceed further into the numbers, let me remind you that our GAAP financial results include stock-based compensation charges, amortization of acquired intangible assets and acquisition related expenses, as well as the related tax effect. Keep in mind as applicable, non-GAAP information is presented excluding these items.

Now let's take a look at the financial highlights for the quarter. Revenues for the quarter reached $564 million, $14 million above the mid point of our guidance. Product and security subscription revenues were $340 million, a 6% increase year-over-year. Our subscription revenues continued to be strong with 10% growth year-over-year, reaching $180 million. Software update and maintenance revenues increased to $224 million. We've seen strength in our strategic areas. Our CloudGuard family had great results with high double-digit growth. Infinity continued the momentum with significant transactions in different verticals and impressive growth in the business we do with these customers.

During the year we launched the vast majority of our Quantum appliances series. The family was well received in the market and we finished the year with over 90% transition. Deferred revenues reached $1,482 million, a growth of $95 million, 7% growth year-over-year. Short-term deferred revenues increased by 10%.

Revenue distribution by geography for the quarter was as follows. 43% of revenues came from Americas, 45% of revenues came from Europe, Middle East and Africa and the remaining 12% came from Asia-Pacific. We delivered strong gross profit of 89% and non-GAAP operating margin of 51%, similar to last year. Our financial income for the quarter was $14 million. As a reminder, interest rates in the US sharply dropped earlier this year. Hence the reduction in the financial income versus last year. Actually this reduction is also part of the cash flow.

Effective non-GAAP tax rates for the quarter was 0% as we expected. This quarter, similar to last year, our tax expenses include tax benefits from lapse of statute limitation on certain provisions.

GAAP net income was $271 million or $1.95 per diluted share. Non-GAAP net income was $301 million or $2.17 per diluted share, an increase of 7% from fourth quarter of 2019 and $0.08 above the mid of our guidance. The accelerated growth is related to the continued reduction in our diluted outstanding shares. Our cash balances as of December 31st reached $4 billion again. Operating cash flow for the quarter increased by 19% to $293 million with strong collections from customers.

As a reminder, we hedge our balance sheet against currency fluctuation. The hedge affect our cash flow with a minimal effect on the P&L as intended. During the quarter, the dollar weakened against the Israeli shekel resulting in a hedge income of $26 million in our cash flow compared to $2 million last year. In addition, during the fourth quarter of last year we completed the acquisition of Protego and Cymplify.

Net of hedge and acquisition related costs, our operating cash flow increased by 4% year-over-year. During the quarter, we continued the purchase of our shares. We purchased 2.7 million shares for $323 million at an average price of $119.

Now let's take a look at the financial results for the full year. Our revenues for the year reached $2,065 million, an increase of 4% year-over-year, $50 million above the midpoint of our original guidance at the beginning of the year. Subscription revenues continued to be the main growth driver with Infinity and CloudGuard solution leading the growth. Infinity deals continued to gain momentum crossing the $100 million booking bar. Annual contract value of Infinity customers showed significant growth of 10s or even 100s of percentage as customers adopt the full Infinity threat protection solution. This is great news. CloudGuard solution already reached more than 3,000 customers. Both CloudGuard IaaS and CloudGuard SaaS are growing fast with strong double digit.

Non-GAAP operating margin for the year were strong 50% as we had higher level of revenues on the one hand and about $40 million less expenses as a result of COVID-19 impact on the other hand. During the year the dollar weakened against many currencies around the world. The effects on our result in 2020 was minimal as we were covered effectively by our hedge. The dollar continued to weaken after the year-end as you could all see. Based on the current rates, the effect is expected to be an increase of our operating expenses for next year of about $25 million.

Our financial income in 2020 reduced to $67 million from $81 million last year as a result of the reduction in the yield on our portfolio as we discussed. We expect again to see the continued drop of $1 million to $2 million a quarter with the total financial income for next year of a busy 2021 of $42 million. Effective non-GAAP tax rate for the year was 13%, in line with our expectation. For 2021, assuming no regulatory changes, we expect the tax rate for the year to be similar 12%, 13%. Quarterly tax rate for next year from Q1 to Q3, 17% like -- same like this year and around 0% around Q4. As a result of the lapse of statute limitation, this is also expected to happen in Q4 next year.

GAAP net income for the year was $847 million or $5.96 per diluted share. Non-GAAP net income for the year was $963 million or $6.78 per diluted share. The EPS was $0.13 above the high end of the original guidance for the year and is reflecting an increase of 11%.

Cash flow from operation increased by 4% to $1,152 million. During the year the Company repurchased approximately 11.4 million shares at a cost of $1.3 billion at an average price of $114. For 2021 based on the current buyback rates and the current share price, we expect our average diluted number of shares to be around $136 million for the year -- sorry, 136 million shares for the year, starting at 138 million in Q1 and moving down to 134 million by Q4.

Now I'll turn the call over for Gil -- to Gil for his comments.

Gil Shwed -- Founder and Chief Executive Officer

Thank you, Tal and happy belated new year to all of you joining us on the call today. I hope that you and your family are safe and healthy.

I'm glad to report the results for 2020. What a year it was. As you've heard from Tal, we delivered good numbers for the fourth quarter and for the entire year. But more important is what we achieved throughout the year. Despite the pandemic, we launched an entirely new product line for cloud native security business, the Quantum family and the results are quite positive from negative product growth in 2019 to positive one in 2020.

Our cloud business delivered double-digit growth in 2020, a trend that intensified in the second half of the year. Finally, our Infinity solution delivered the industry only preventative architecture for cyber security across the entire spectrum of attack vectors, network, cloud and endpoint more than doubled its number of customers and contract values. [Phonetic]

We augmented all our product families with plenty of technologies. Serverless protection for cloud, IoT and autonomous threat prevention on the network, EDR capabilities for the endpoint and our new Infinity SOC security research and management tool, just to name a few key technologies that are now part of our products in Infinity architecture.

The importance of cyber and the Internet has risen significantly over the last year. The network became the lifeline of our lives and businesses. And I believe I've said it before, but our industry can be proud, we kept the world running. The world faced big increases in traffic and with that it also faced a huge increase in cyber attacks. I can go on and on and describe our achievements in 2020, but I'd like to focus more on talking about the state of cyber security and our plan for 2021.

I've been speaking about the fifth generation of Gen V cyber attacks for the past couple of years. 2020 demonstrated that it is not a theory or a projection, but the Gen V attacks are here. Sophisticated multi-vector attacks that are polymorphing, disguise themselves very well, start the attack in one place and end it a few steps later deep in the enterprise. This was the hallmark of many of the attacks in 2020, including the Emotet bot which was one of the most popular launch pads for attacks last year. The Emotet network was taken down in a sophisticated operation involving the law enforcement agencies from eight countries. Great achievement for cyber law enforcement, but also an important signal for all of us. Emotet has been active since 2014. We saw it in one out of five enterprises in the world. We can't allow attacks to go on for seven years. We have to defend against it ourselves which we do.

Check Point advanced threat prevention uniquely designed to prevent these attacks on patient zero even when the malware is polymorphic and appears differently on each attack. In the middle of 2020, we coined the term cyber pandemic which was underscored by the World Economic Forum emphasizing the world is indeed facing a cyber pandemic. In December 2020 the Sunburst attack demonstrated the impact that a Gen V cyber pandemic can cause, an attack which was seen in over 18 partner [Phonetic] organization, including the top US government agencies and the world's largest companies.

Sunburst started with an attack vector that is almost impossible to detect, embedded into the SolarWinds software. But once executed it made its way to multiple systems in the network and presented major challenges to cloud environment which were the most vulnerable to the Sunburst attack, a true Gen V attack. This nightmare and worst case scenarios of executive and CSO has now become a terrible reality. Most leaders in 2020 characterized last year as one stuck in survival mode. Everyone needed to operate in environments we've never experienced, faced level of uncertainty the world has never seen before and challenges the world has never faced in this modern era.

Looking at the state of cyber security, it is time to move from survival mode into revival mode. It's a new world and we have the opportunity to protect it. We're starting 2021 with a strong focus and ambitious strategy to make our customers secure in this new era of Gen V cyber attacks, a strategy that relies on the technologies we've developed over many years, a strategy that will make achieving the required level of security much simpler than ever before.

We have over 80 products and technologies today. In 2021 we are going to provide them under three key families with unified management and control tool for the entire environment. Let me describe briefly these three families. First let me start with the newest family to our portfolio.

Work from anywhere has become the new norm. Over 70% of businesses believe it will become a major part of operations post corona. CSOs have prioritized securing the work from anywhere as the top priority for the next two years, a very new phenomenon in cyber. We're going to tackle this challenge head-on and provide the best solution for [Indecipherable]. Secure connectivity from anywhere and secure work environment on any device, company managed personnel and mobile which involves unifying over seven different security categories from endpoint to clientless remote access. We believe no single vendor except Check Point has all these technologies today. Presents a great opportunity for us and for our customers.

The second pillar will be a continued focused on cloud security. We intend to continue and are driving to make the CloudGuard family the most comprehensive cloud security solution in the industry. In 2021 we are going to augment it with the next generation of web application firewall, one which is powered by what we call contextual AI where the system deployment and learning phase can be reduced from 48 days on legacy system to 48 hours with our automated technology. Our new application security capabilities will secure multiple cloud workloads, APIs, web application as well as hosted and on-premise web servers, a $1.5 billion market potential which will augment our total addressable market just within the cloud security space.

The third pillar is our Quantum family, a comprehensive set of solutions for network security. In 2021 our Quantum family will include all network security technologies for all sizes of network, from nano security on IoT devices to terabit security on major networks. Today, we introduced the Quantum Spark appliances, creating a full set of solutions for branch offices and small businesses. This family will utilize an intuitive web-based installation and management and mobile apps for monitoring that will make enterprise security simple and achievable for all. Quantum Spark joins the other Quantum models and technologies, making it what we believe to be the most comprehensive network security solution in the industry. So the three pillars are going to be quite simple, securing the users wherever they are, CloudGuard for the cloud and Quantum for the network, simple, isn't it? But one more thing, these three families are going to enjoy a single management suite called -- the new suite will be called Infinity vision. It includes the ability to manage the entire portfolio with a single portal. Some users will prefer to run parts of it on-premise, but the fully enabled cloud-based management is going to be provided. Infinity vision will also include our SOC and SDI [Phonetic] tools, many of them will be delivered in 2021 and will provide sophisticated intelligence tools. All are going to enjoy unified policies, monitoring tools and most important the ThreatCloud service that will relay the attack information across the world and across all attack vectors and turn security information into actionable prevention. Overall, I believe that the revolution of our product portfolio is going to provide the world what it needs, unified strong cyber security.

On the business front, we are going to augment these technologies with innovation with increased investment in our sales and R&D organization. We've started the year with our sales kickoff meeting. For the first time we held it virtually. We received excellent scores from our employees and partners on these end and more important on the clarity of the vision and the market feet [Phonetic] of this solution.

Today we're finishing the last event. We started two weeks ago with our APAC Sales Kickoff continuing with the Americas Sales Kickoff and just now finishing our European Sales Kickoff meeting. At the end of the month we are going to hold our first virtual Check Point Experience Customer Conference and we expect record attendance at the coming CPX.

I believe that we are entering a new world in 2021, a word that presents new cyber challenges and new opportunities for everyone, new opportunities for the way we work, the way we live and opportunities to secure this world. This is a good transition to our 2021 projection.

As you know, my regular caveat it's hard to predict the future, especially with the challenges we are implementing to our technology, business and the pandemic around the world. The level of uncertainty in our world remains high, but I will do my best to share with you our guiding principle. Bear in mind that many things can change. With that in mind, our revenues for 2021 are expected to be in the range of $2,080 million to $2,180 million for the entire year. As for earnings, in 2021 we plan to invest more in our business. I believe that the new opportunities ahead of us warrant more investments than what we did last year.

Keep in mind that the level of expenses in 2020 was extraordinary low as a result of the cancellation of almost all physical activity which had a positive impact on our earnings in 2020 of approximately $0.25. We expect partial return of these expenses in 2021. On top of that, just like Tal said, the dollar has weakened and that has a big effect on us as more than 50% of our expenses are not in US dollar, about 16% impact as of today. And interests have gone down, which reduced our interest income also about 16% impact. The total impact of these three factors is approximately $0.52.

So we are starting 2021 with minus $0.52 to our annual EPS, mostly by the way in the latter part of the year. So based on these assumptions, our non-GAAP earnings per share is expected to be in the range of $6.45 to $6.85. GAAP EPS is expected to be approximately $0.90 lower. For the first quarter we expect revenues in the range of $485 million to $515 million and non-GAAP EPS in the range of $1.45 to $1.55. GAAP EPS is expected to be approximately $0.22 less for the first quarter.

Thank you for being with us today and we'd love to hear your questions.

Questions and Answers:

Kip E. Meintzer -- Global Head of Investor Relations

Thank you, Gil. Before we begin with the Q&A session due to time constraints and then consideration of other participants, please limit yourself to one question. If you run into technical difficulty, please type your question into the chat. Our first question today is going to come from Adam Tindle from Raymond James followed by Fatima Boolani from UBS Equities.

Adam?

Adam Tindle -- Raymond James -- Analyst

Okay. Thanks, Kip. I just wanted to start with the near term and long-term repercussions of Sunburst and maybe Tal could start on the near term. Could you maybe talk about the cadence of Q4? Did you see any acceleration in conjunction with this? It looks like you're guiding revenue above seasonal in Q1 based on what I can tell from the quick math here. So just wondering if maybe there is some bursting that you're seeing to give you confidence in that above seasonal? And then maybe Gil can tackle the long term. Just speak to the repercussions for security architecture changes and does this open opportunity for M&A for Check Point or do you think you can attack it with your existing portfolio? Thank you.

Kip E. Meintzer -- Global Head of Investor Relations

Gil, unmute -- [Phonetic]

Gil Shwed -- Founder and Chief Executive Officer

Tal, go ahead.

Tal Payne -- Chief Financial Officer and Chief Operating Officer

Yeah. So I wouldn't say I saw something specific relating to that. Q1 guidance is based -- a lot of it is mathematical in the sense that some of it's coming from the deferred revenue. So we know already how much we have in hand both in the subscription and in the support. And the product is the area where you have the range, where you can be higher or lower, depends on what will show up in the product revenue. So it's not relating really to any increased demand or decreased demand we see in the market. We expect it to be in line with our expectations.

Gil Shwed -- Founder and Chief Executive Officer

And again for the strategic impact for the -- first, I think it highlighted the fact that these attacks are sophisticated, disguise very well, true Gen V attack like we described. And this is -- really this is something we have to face. Is it going to have a direct impact on our revenues, I hope it will because I think we're the only ones that can actually address that. Companies were like frozen with what should we do. Companies invested tons of energy just investigating what happened six months before trying to realize if they were attacked. By the way, I think it's very hard to know. Sunburst was an attack that most companies cannot know if they were affected by it. [Indecipherable] deep. And in many organization it just deleted itself and left almost no traces. But -- again, I think the secret against is not to know that we were hacked and your secrets were stolen six months ago, the key is to prevent it and make sure that whatever gets inside doesn't proliferate, doesn't cause damage and that's all about prevention. And I think we're doing that, we're doing that effectively and I think we can face these attacks. And I think our challenge remains to show customers the huge difference in deploying our technology and deploying our solution compared to everything else that they know in the marketplace.

Tal Payne -- Chief Financial Officer and Chief Operating Officer

Okay. And maybe I'll repeat the guidance since I'm not sure everyone heard it. So for the first quarter $485 million to $515 million and non-GAAP EPS in the range of $1.45 to $1.55, GAAP EPS $0.22 below. And for the year $2,080 million to $2,180 million and the EPS, non-GAAP, $6.45 to $6.85. GAAP EPS is expected to be $0.90 lower.

Kip E. Meintzer -- Global Head of Investor Relations

Thank you, Tal.

Adam Tindle -- Raymond James -- Analyst

The high end of revenue guidance $515 million, not $550 million.

Tal Payne -- Chief Financial Officer and Chief Operating Officer

$485 million to $515 million, yeah.

Adam Tindle -- Raymond James -- Analyst

I heard $550 million. Okay, that's helpful. Thank you.

Tal Payne -- Chief Financial Officer and Chief Operating Officer

Sure.

Kip E. Meintzer -- Global Head of Investor Relations

All right. Our next question is going to come from Fatima Boolani followed by Brad Zelnick at Credit Suisse.

Fatima Boolani -- UBS Equities -- Analyst

Good morning. Thank you for taking the questions. Gil maybe to start with you very quickly. You were very explicit that 2021 is going to be characterized by investments in R&D and sales and marketing.

And so when I think about the new product families and the vision you have around your new product families, can you talk to us around how that's going to impact your go-to-market efforts, specifically around any changes to incentives, compensation structures, your direct sales force and how this is going to move down the pike with some of your channel partners as you build and continue to build your channel partner relationships? And I have a quick follow-up for Tal, please.

Gil Shwed -- Founder and Chief Executive Officer

Sure. So first in terms of go to market, I mean the general structure remains the same. And good sales organization with -- doesn't need the major changes, need some small ones. We do have two overlays, one which will focus on the CloudGuard technology and another overlay that supports the same with regards to the new user-centric security. We haven't formally launched the name for that. But you will see that in a couple of weeks. And I think that's going to be a very, very focused approach.

So now before -- again, if I am a sales guy assigned a customer and they need a solution, Check Point probably has that solution among the 80 different technologies. Now it's extremely simple. If you want cloud, CloudGuard is the solution. If you want cloud, CloudGuard is the solution. If you want something about remote connectivity end user, Harmony is the solution and that will work both in positioning it, in getting the technologies in it and by the way also in the ability to sell it because some of these solutions are going to be much simpler to purchase. I mean, like one price for the entire suite and not having to deal with tons of different SKUs and sizing for the different elements. And, of course, if you need a network solution, it's part of the Quantum family that still remains -- and by the way, has a huge potential in it for the main markets.

I think from a go-to-market, which is a very good strategy, and to work [Phonetic] Infinity that enables customer to get the full architecture, and again Infinity is still small, but is growing fast, and again I think Tal mentioned doubled the number of customers, doubled the contract value last year. So I mean it's hitting on all the right -- on all the right things. Still a way to go. Still few years before all these three components will become the huge part of the business. But I think we're now seeing that it's -- I mean when we analyzed our internal measures and everything in 2022 and in '21, they are going to be very important for the growth. And if they will be successful, we will see their impact on the overall business.

So I think overall, it has good impact. By the way I think everything that I've said now is not just for our sales force, it's for the customers, it's for the partners and for everyone. Again if you are a partner, you have a cloud issue, you don't know all the different -- few hundred vendors, dozens of solutions, CloudGuard is a good solution, Quantum is a good solution. I mean for your connectivity and end-user, good family for that. So I think it will make things much simpler for everyone.

For the -- again, I got feedback from customers that say now it's simple for me, now I understand, that I need that solution.

Fatima Boolani -- UBS Equities -- Analyst

Tal, just very quickly for you. How should we see these efforts consolidating around these three product families show up in the financials? If you can give us just some finer points just on how the revenue segmentation and growth trends within the revenue segmentation should trend over 2021?

Tal Payne -- Chief Financial Officer and Chief Operating Officer

Shouldn't really -- sorry -- shouldn't really change. And remember things happen not the next day, right. But the same thing, when you talk about the appliances, you're going to see the product line, when you talk about the subscription, it doesn't matter if it's a subscription that relates to the remote access or if it's a subscription that relates to NGCB or NGFW or SandBlast, all of them are subscriptions, all of them will be in the subscription line and supporting support. [Phonetic]

Infinity is the only one -- not the only one, but the major one that when you do a transaction of Infinity it's actually split between the entire line. Some of it going to products, some of it going to support and some of it is subscription. And a major part of it, probably more than 50% going to the subscription line, decoding, encapsulate everything that Check Point has to offer. Hence majority of it going to more subscription line.

Fatima Boolani -- UBS Equities -- Analyst

Appreciate it. Thank you so much.

Kip E. Meintzer -- Global Head of Investor Relations

All right. Thank you, Fatima. Our next question comes from Brad Zelnick at Credit Suisse followed by Sterling Auty at JP Morgan. And please try to keep to the one question at a time going forward. Thank you.

Brad A. Zelnick -- Credit Suisse -- Analyst

Great. Thank you so much, Kip. Nice to see everybody and congrats on a really strong Q4. Gil, as we think about Sunburst and the future of other supply chain attacks, at the end of the day don't they all rely on lateral movements across the network? And if so, do you think this accelerates a broader shift to zero trust security models? And can you maybe speak about not only how Check Point succeeds in a zero trust world, but also the extent to which it might be a headwind to the core business?

Gil Shwed -- Founder and Chief Executive Officer

Yeah. I think first you're absolutely right. These attacks underscore the importance of network segmentation of zero trust. Of all the network security capabilities, the end or the main capability is to stop an attack. When we know that there is no way to a -- I mean we are in a world where things can get in in some way. What we need to do is to stop them and contain them that they are there and network security is the most affected one. You can't get to every workload in the world and every application in the world. We are trying by the way. We have plenty of technologies and plenty of market space to secure many workloads and we are doing that. But at the end of the day the main one is the network security capabilities that see the attack and stop it right there and contain. And I think that's -- should provide us with an opportunity and more opportunity to our network security portfolio.

Brad A. Zelnick -- Credit Suisse -- Analyst

Okay. Thank you. That's it for me.

Kip E. Meintzer -- Global Head of Investor Relations

All right. Our next question is with Sterling Auty at JP Morgan, followed by Joel Fishbein from Truist Securities.

Sterling Auty -- JPMorgan -- Analyst

Yeah. Thanks. Hi, guys. Wanted to return back to the go-to-market discussion. Wondering the success that you've seen in the Americas channel in particular in 2020, was there anything that you did differently or any learnings that you can now take and apply to both Europe and Asia?

Gil Shwed -- Founder and Chief Executive Officer

I think we've seen good traction and good cooperation with channels in America, but I think it's the other way around. Asia, and especially Europe, are working better with the channel. And I think in America we can learn from their cooperation that we have in Europe. I think it's now unified under our Head of Worldwide Channels, Frank, you may have received some exposure to him. And I think we are trying to learn -- again, first every region and every place can learn from others. But I think Europe is the place where we have the best cooperation with the channel, the best joint go to market. There is a lot of cooperation that we do can do and do much more in the US in getting to new customers and so on. And I think it's a little bit more challenging actually in the US than in other place.

Sterling Auty -- JPMorgan -- Analyst

Thank you.

Kip E. Meintzer -- Global Head of Investor Relations

Our next call is going to be with Philip Winslow from Wells Fargo followed by Ben Bollin at Cleveland Research.

Philip Winslow -- Wells Fargo Securities, LLC -- Analyst

Great. Thanks for taking my question. The question for Gil. When you compare a Sunburst to, let's say, fire attacks like [Indecipherable] some of the things we saw at your target years ago, what do you think the implications are, what's different this time in your mind versus those prior attacks that similarly were widespread, where in some cases very focused on specific companies. What's different this time and what you think the ramifications are?

Gil Shwed -- Founder and Chief Executive Officer

I think first, with each attack you learn new techniques and the level of creativity with the attackers there is unbelievable. I'm saying it all the time. I meet with our researchers and seeing the vulnerabilities that they find in applications, in infrastructure and everything which is truly unbelievable.

Might be one day we should do a seminar for you guys to show you some of the -- what the researcher find. I meet with them every week or two and every time I am getting shocked from the level of vulnerabilities that they find and their talks with our big firm. [Phonetic] I think what's unique about Sunburst is that fact that it was super, super professional. It hides itself very, very well. I mean it was really hard to detect that. I think, by the way, we will never know the extent of the damage and the information that was stolen because we really saw it got in, took a lot of stuff and in many -- some organizations it stayed it, in many organizations it simply erased itself and left almost no traces.

Our researchers and our -- all our incident response team, all the teams that we have a very good security professional, helped many customers, analyzed many environments and almost left no trace. And on the other hand by the way took something that was an internal attack. It's actually started from within the core network of the company with SolarWinds and so on and took active directory certificates and took cloud certificate and used them to penetrate the cloud from the outside. So the cloud actually, in many cases, remain vulnerable because by the way the cloud in many cases is not shielded as well with gateways and firewall like the core of the network, like the data center inside the network. So SolarWinds to that extent is -- Surburst will remain an attack that I think we'll hear a lot more about it in the future as more and more research will get published.

So far, I think the world, not Check Point, the world in general knows -- doesn't know enough about what and who is behind it and what we've done and I think that's the unique part. It was an attack that was seemed like a state sponsored with all sophistication and especially with the fact that they left no traces and no information was leaked or disclosed, but find itself -- found itself into the wrong hands for sure.

Philip Winslow -- Wells Fargo Securities, LLC -- Analyst

I think we all would want to hear from your researchers on a webinar. I like that idea.

Gil Shwed -- Founder and Chief Executive Officer

Sure. We'll schedule that.

Kip E. Meintzer -- Global Head of Investor Relations

All right. Thank you, Philip. Our next question is coming from Ben Bollin followed by Shaul Eyal of Oppenheimer.

Ben Bollin -- Cleveland Research Company -- Analyst

Good afternoon and good morning. Thank you for taking the question. Could you tell us a little bit about maybe the mix of revenue and/or billings attributable to cloud and SaaS subscriptions in 4Q or for the year and how this has developed over time? And then as you get more of that revenue mix over time, take us through the impact on support and maintenance revenue. Thank you.

Tal Payne -- Chief Financial Officer and Chief Operating Officer

I'm not sure -- I'm not sure I understand what you mean when you say the mix. Can you elaborate a bit?

Ben Bollin -- Cleveland Research Company -- Analyst

So if you look at Infinity, Dome9, could you take us through how much revenue you're generating from those products, how that's developed and then where that's going?

Tal Payne -- Chief Financial Officer and Chief Operating Officer

Okay. So, it's still not very big, but I will just give you a sense. Cloud, when you say Dome9, it's part of the CloudGuard solution. So you have mainly CloudGuard IaaS, which is Dome9 and our IaaS solution and you have CloudGuard SaaS, we're now calling those together the CloudGuard. It's over 10% of the subscription line already. So it's already quite material, but not material enough to pull on the number up enough, but there is a good trend because it is growing in a double-digit and a fast double digit with over 50% growth. And over time, it will become bigger and bigger and we will see that pulling all the numbers up. So cloud is a great success. When you talk about -- a majority of it, if not all of it, is in the subscription line. I think, a very small portion might be in product. But I think majority by far is in the subscription.

When you talk about Infinity, it's smaller, maybe one-half, just for high-level size, in the revenues already, which means already also becoming significant. Low tens of millions in the revenues. So it's no longer $1 million, $2 million, $3 million, it's already getting to a few low tens of millions. And that's again growing also quite fast. I gave an example that when we signed an Infinity Total Protection transaction, the annual contract value of the customer can grow in tens of percent or it can grow in hundreds of percent, depends what was the starting point. If he had very few solutions of Check Point and now he gets everything it can grow in the hundreds of percentage. And if it's already was a customer that was very well covered then it can grow maybe in tens of percent. But that's a wonderful opportunity. That dollars are showing up in three different lines because remember it provides the customer everything we have. So he gets in that bucket product, the budgets for the year. He gets all the subscription solutions of Check Point and he gets the support for the appliances. So that actually appears in all of the lines, although still majority of it, probably over 50%, is in the subscription line.

Kip E. Meintzer -- Global Head of Investor Relations

Thanks, Ben. Our next question is from Shaul Eyal at Oppenheimer followed by Gray Powell at BTIG.

Shaul Eyal -- Oppenheimer & Co., Inc. -- Analyst

Thank you. Hi. Good afternoon, guys. Gil, quick question on your threat intelligence capabilities, are these homegrown solutions or are you partnering with some other companies, maybe some emerging start-ups in Israel, outside of Israel? Just curious how you approach threat intelligence.

Gil Shwed -- Founder and Chief Executive Officer

So first in intelligence, you need to collect it from many, many sources and that's something we learned. So our threat intelligence technology is our own. We have amazing capabilities for research, but we are also cooperating and subscribing to many, many other services. I mean, some of it is cooperation, which is quite good. We're even, by the way, part of an organization which chose threat intelligence with our competitors, CTA which is an organization -- that's an industrywide organization between us and our direct competitors.

We are subscribing to many other threat feeds from other companies. And we are cooperating with a few start-ups that are providing threat intelligence even though I am not sure that we have a direct link or a direct subscription to their feed [Phonetic], but still the majority of the technology or most of our findings there is our own technology. We have, by the way, plenty of sensors around the world that find plenty of things. That's the nice thing about that.

For example, when we analyzed files that are being sent all around the world and when we find a malicious file immediately the file signature or the file characteristics derived from that is added to the ThreatCloud for all customers and that happens in real time. So if we find one file in my mailbox suddenly millions of Check Point customers are being protected in the same second. And not only that by the way, it's not just knowing which specific file is insecure, and by the way this is the unique thing about ThreatCloud.

In our solution one endpoint will find the signature, the same endpoint -- other endpoints might stop this file. Here the file won't be downloaded on the web, the file won't pass through the network, we will have to have the ability to identify that everywhere. But on top of that we will extract from these files many other what's called IOC. So for example if that malware communicates with a command and control server somewhere over the Internet we can take down that command and control or stop the communication to that command and control for all customers worldwide. And I think that's the unique thing about our ThreatCloud and what's behind a lot of our threat intelligence.

Shaul Eyal -- Oppenheimer & Co., Inc. -- Analyst

Thank you.

Kip E. Meintzer -- Global Head of Investor Relations

Thank you, Shaul. Our next question is going to come from Gray Powell at BTIG followed by Rob Owens of Piper Sandler.

Gray Powell -- BTIG -- Analyst

Okay. Great. Thanks for taking the question. This might sound like I'm getting a little bit into the weeds here, but I'm actually looking for more of a high-level answer. If I just kind of run through the numbers, if I take current billings and I back out product revenue and sort of a proxy for annual subscription or annual recurring billings the growth there really accelerated nicely in Q4. It was actually the best performance we've seen from Check Point in about three years. So can you just talk about the drivers there, either in terms of attack subscription or -- on the cloud side and just the overall sustainability of that trend?

Tal Payne -- Chief Financial Officer and Chief Operating Officer

Are you basically calculating your implied booking?

Gray Powell -- BTIG -- Analyst

Yes.

Tal Payne -- Chief Financial Officer and Chief Operating Officer

Okay. Just wanted to make sure I understand. So you're right. The implied booking was high. I think in the short term, it was 10% and the total implied was about 8%. So it's very high. We did have very good booking. We did have a very good implied booking. We had a good quarter. You know that because we're transitioning into cloud, into Infinity then it takes time to see that translating into the P&L and into the revenues. So probably the number one reason is that fact.

We've got a lot of Infinity and cloud transaction and subscription in general. I gave a hint about the Infinity over $100 million booking. It's quite significant. So, hopefully it will continue this trend of these drivers. If you remember we defined the growth when we talked about what we need to do in order to grow over time. We said it will take a while. But the three main pillars are cloud, Infinity and now we are talking also about remote access. Hopefully that will start next year with a new plan that Gil presented. So this is in line with our efforts to focus on those growth areas.

Gray Powell -- BTIG -- Analyst

Got it. Okay. Thank you very much.

Tal Payne -- Chief Financial Officer and Chief Operating Officer

Thank you. Kip?

Kip E. Meintzer -- Global Head of Investor Relations

Sorry. [Speech Overlap] Rob Owens of Piper Sandler up next followed by Michael Turits of KeyBanc. Sorry, guys.

Rob Owens -- Piper Sandler -- Analyst

That's all right. Thank you, guys. As we contemplate kind of the shift toward more remote user and potentially more user centric models, does this potentially change the pricing dynamic for Check Point moving forward and then have TAM implications moving forward? Thanks.

Gil Shwed -- Founder and Chief Executive Officer

I think we definitely grow the addressable market, specifically we will talk about the threat size because all the sizes about remote access an endpoint security are giant markets. I am not attempting to take on all these markets and replace all these solutions there. We are focusing on the new world of connecting the mobile workforce of connecting work from everywhere, work from anywhere, anyway we want to call it, and securing that.

Again, I think it's many, many different categories. And I think what we've found when we analyzed the market trend is, A, this market which wasn't the top priority for customers shifted from mid or low priority into the top priority on customer mindset and we have all the technologies. It's unbelievable. I mean, when we look at our portfolio, we found out that we have, let's say, more than a dozen solutions that address all the elements. So now, we need to take them, put them together, still a work that we need to do. I am not trying to say that it's trivial, it's not. But I think what we have what no other company has.

Just remember by the way, we completed another acquisition in Red Field in I think it was September or October, the acquisition of Odo. So we we're very, very active on that. And now we all came together and say, no, it doesn't need to be a dozen different solution, one point solution for every one point problem, but a unified one. And I think it can change the whole scene. The pricing dynamics, the simplicity, everything around that, because we will make it very, very simple to acquire and to implement and mainly to get the security level.

Kip E. Meintzer -- Global Head of Investor Relations

Thanks, Rob.

Rob Owens -- Piper Sandler -- Analyst

Thank you.

Kip E. Meintzer -- Global Head of Investor Relations

Appreciate it. Our next caller as Michael Turits with KeyBanc. Followed by Saket Kalia from Barclays.

Michael Turits -- KeyBanc -- Analyst

Thanks, Kip. So congrats Tal and Gil and everybody. So I just wanted to ask about a product which, as you pointed out, was really strong this year and trying to coming back to a positive. Was there a lag in people's abilities to refresh firewalls last year and does that start to come back? And if so why wouldn't that provide a little bit more visibility into Q1 and potential for upside to revenue given strong billings this quarter?

Gil Shwed -- Founder and Chief Executive Officer

First, in terms of the product business, in many cases we supply the products right away. So actually where we have the deferred revenues and the predictability is more on all the other subscription line, products we are usually very fast to supply them even within the last few days of the quarter. As for last year on one hand, we sold some demand, some increased demand for capacity. For example, in April we -- in March, we saw companies that pushing big order -- not, I mean -- for these specific customers big orders to increase capacity on the network. On the other hand customers generally love to try to avoid getting into the data center, because we are all working from home and we didn't want to touch anything physical unless it's absolutely necessary. So I think last year was characterized by somewhat of a slowdown of everything that physical. Despite that, I think we turned from negative into positive, which means that it has potential.

My belief by the way with the market for network security and gateways and firewall has a huge potential with the main point when we -- the most effective point to block this new cyber pandemic attacks. We really need that.

Kip E. Meintzer -- Global Head of Investor Relations

Thanks, Michael. Our next question is going to come from Saket Kalia from Barclays, followed by our last question from Brian Essex of Goldman Sachs. Go ahead, Saket.

Saket Kalia -- Barclays -- Analyst

Hey. Great. Can you hear me OK, Kip?

Kip E. Meintzer -- Global Head of Investor Relations

Yes.

Saket Kalia -- Barclays -- Analyst

Okay. Excellent. Thanks for taking my question here guys and fitting me in. Tal, maybe the question is for you. There was a nice little hint that you provided just on ITP bookings I think crossing $100 million this year. The question is can you just talk about how big they were last year and also touch on what's prompting customers to opt for ITP when buying network security versus buying that under sort of the traditional pricing model? Does that make sense?

Tal Payne -- Chief Financial Officer and Chief Operating Officer

The first question, I got -- yeah. Can you hear me?

Saket Kalia -- Barclays -- Analyst

Yeah.

Tal Payne -- Chief Financial Officer and Chief Operating Officer

The first question I got. It grew significantly over 100%. I don't remember the exact number, but it was significant growth. And the second part of the question, what was that?

Saket Kalia -- Barclays -- Analyst

The second question is what do you think is prompting customers to go for ITP pricing versus buying firewall sort of in the traditional model?

Tal Payne -- Chief Financial Officer and Chief Operating Officer

I think first start, before the pricing -- first start with the needs. So when the customers understand what was Gil relating to that as the world become complex and many customers need to adopt more and more solutions it becomes very complement to implement separate spread solutions for many different vendors in many different places with different management capabilities and so on. So it first comes with the need of increasing your security while trying to keep it maybe, I would say, as simple as you can in a complicated world. The pricing is complementary to that where it says you don't need now to negotiate with us 20, 50 or 60 different features, pricing one of them based on user, one of them based on gateway, one of them based on throughput, one percentage of the enterprise installed base and so on. Here you get one simple pricing, tell me how many users you have, your price will be X numbers of dollars multiplied, very simple, and you can basically go and install in your pace, hopefully fast, everything you need in the organization. So I would think as the CTO and as a CFO, everyone will prefer that, both from a financial perspective and from simplicity perspective.

Saket Kalia -- Barclays -- Analyst

Very helpful. Thanks.

Kip E. Meintzer -- Global Head of Investor Relations

Thanks, Saket. And our last question is coming from Brian Essex from Goldman Sachs. Let's see if he is -- there he is.

Brian Essex -- Goldman Sachs -- Analyst

Yeah. All right. Thank you. Thank you for fitting me and I really appreciate it. Gil, I just have a question for you. I wanted to hit on the competitive dynamics you're seeing in the market, particularly given the product cycles that you had. You have RAD, now RAD1, you've got Maestro, Quantum, Infinity. How much of that growth is in the installed base and where do you see share coming from? Is this a dynamic where we have just an installed base of existing customers that you can help them -- where you can help them migrate to the next generation of threat prevention or do you see meaningful uptick from incremental customers on the platform and where might those be coming from? Is it -- are we seeing for example shared ownership from larger legacy vendors like a Cisco or Juniper or are these kind of head-to-head competitive new wins in the next-gen market? Just love a little bit of color right -- kind of around the competitive dynamics.

Gil Shwed -- Founder and Chief Executive Officer

Sure. So first, my priority has been for the last few years about getting new customers, not just new -- now, still the majority of our business, the vast majority coming from our installed base, both because -- I mean, these are the people that [Indecipherable], these are the people that like us. Also we have a lot of enterprises that are -- maybe by the way, small customers now and are growing and becoming more majors. Still we have amazing set of competitive win and that's not just by the way, against the older vendors in the marketplace but also against some of the other vendors in our marketplace.

And we have a lot of nice wins, a lot of competitive wins. When the customers actually evaluate the products, actually see that they come up with a lot of technologies and being innovative and being cool. But at the end we don't prevent the attack. Look at your instruction manual, it will tell you if you got infected by a threat, we will give you an alert after it happened, after it's in the move. Recommend that you disconnect network, it's taken from the instruction manual of our top competitors. By the way, I'm seeing -- some of it by the way how the world understands the solution.

Most of the solutions today in the marketplace are not deployed with the full capability -- the full threat prevention capabilities on and with the full prevention on, which means that if we go to a customer and implement a product the right way, the product brings 10 times more value. It also by the way, maybe a little bit more complicated, maybe a little bit more challenging to operate because it does the work. I mean we replace competitive products in some customers. The customer complained that it was complicated, that it wasn't as fast. Then we looked at what they've done with the competitive product and they've basically done nothing. It's like going with -- it's like going to a hospital with a serious heart condition. In one place you are being operated and get all the treatment, in the other end we give you an aspirin and hope that it helps. So in many cases people use our competitors' products, but don't use them to the extent or even need to use them, not just the capabilities it's how we use them.

So I think overall we've seen all of that. We had very, very nice competitive wins in the last quarter. Some of the biggest names, by the way, we've seen it in healthcare, we've seen it in the hospital, we've seen it with companies. But when you factor the COVID-19 vaccine, so we've seen very, very nice competitive wins. When we took over competitors and replaced them with solutions that actually provide prevention.

Brian Essex -- Goldman Sachs -- Analyst

All right. That's it. Helpful. Thank you.

Kip E. Meintzer -- Global Head of Investor Relations

Thanks, Brian. Thank you all for joining us today. That's going to conclude our call. We'll look forward to speaking to you throughout the quarter. And with that I'll allow you guys to disconnect and have a great day. Bye-bye.

Gil Shwed -- Founder and Chief Executive Officer

Thank you very much.

Tal Payne -- Chief Financial Officer and Chief Operating Officer

Thank you, guys.

Duration: 57 minutes

Call participants:

Kip E. Meintzer -- Global Head of Investor Relations

Tal Payne -- Chief Financial Officer and Chief Operating Officer

Gil Shwed -- Founder and Chief Executive Officer

Adam Tindle -- Raymond James -- Analyst

Fatima Boolani -- UBS Equities -- Analyst

Brad A. Zelnick -- Credit Suisse -- Analyst

Sterling Auty -- JPMorgan -- Analyst

Philip Winslow -- Wells Fargo Securities, LLC -- Analyst

Ben Bollin -- Cleveland Research Company -- Analyst

Shaul Eyal -- Oppenheimer & Co., Inc. -- Analyst

Gray Powell -- BTIG -- Analyst

Rob Owens -- Piper Sandler -- Analyst

Michael Turits -- KeyBanc -- Analyst

Saket Kalia -- Barclays -- Analyst

Brian Essex -- Goldman Sachs -- Analyst

More CHKP analysis

All earnings call transcripts

AlphaStreet Logo