Radware Ltd. (RDWR) Q1 2023 Earnings Report, Transcript and Summary

Ladies and gentlemen, welcome to the Radware Conference Call discussing First Quarter 2023 Results and thank you all for holding. Today's conference is being recorded, and all lines have been placed on mute to prevent any background noise. After the speaker's remarks, there will be a question-and-answer session. [Operator Instructions] Thank you. And I would now like to turn the call over to Yisca Erez, Director of Investor Relations at Radware. Please go ahead.

Thank you, Avi. Good morning, everyone, and welcome to Radware's first quarter 2023 earnings conference call. Joining me today are Roy Zisapel, President and Chief Executive Officer; and Guy Avidan, Chief Financial Officer. A copy of today's press release and financial statements, as well as the investor kit for the first quarter, are available in the Investor Relations section of our website. During today's call, we may make projections or other forward-looking statements regarding future events or the future financial performance of the company. These forward-looking statements are subject to various risks and uncertainties, and actual results could differ materially from Radware's current forecast and estimates. Factors that could cause or contribute to such differences include but are not limited to impact from the changing or severe global economic conditions, the COVID-19 pandemic, general business conditions and our ability to address changes in our industry, changes in demand for products, the timing in the amount of orders and other risks, differences from time to time in Radware's filings. We refer you to the documents the company files and furnishes from time to time with the SEC, specifically the company's last annual report on Form 20-F as on March 30, 2023. We undertake no commitment to revise or update any forward-looking statements in order to reflect events or circumstances after the date of such statement is made. I will now turn the call to Roy Zisapel.

Thank you, Yisca, and thank you all for joining us today. We ended the first quarter of 2023 with revenue of $69 million and earnings per share of $0.14. The macro challenges that we experienced in the first quarter were stronger and broader than in previous quarters. These challenges translated into longer sales cycles, more cautious spending and closing delays across all regions. Despite that, we saw strong cloud security bookings, and our cloud ARR grew 21% year-over-year, in line with Q4 2022 growth rate, highlighting the strength of our offering and the critical nature of our solutions. While the macro environment is creating business challenges, organizations remain under pressure as they face more frequent and more complex cyber-attacks. Attacks accelerated during the first four months of the year. There were significant attack campaigns against the U.S. healthcare sector, the Canadian government, Australian ports and government websites, Israeli government and banks, as well as airlines and airports in Scandinavia, to name a few. Russia's invasion of Ukraine has ushered in a whole new wave of activism that is generally bolder and more determined than ever before. Any organization, independent of size and industry, can become a target for activists who desire to advance their cause. According to our recent Threat Intelligence Report, three activist groups claimed responsibility for more than 60% of DDoS attacks between February and April. As a result of the escalation in attacks and downtime in enterprise networks, we saw multiple emergency onboarding to our cloud platform by organizations under attack. We estimate that many of the companies that were onboarded under attack during the first quarter will convert into longer term customer contracts. It's clear that so-called good enough security is not good at all. You need best-of-breed security, and Radware by any technical and analyst evaluation is best of grade. We believe that while security purchasing decisions might be delayed, they can be ignored indefinitely without creating added business risk and exposure. This, combined with the operational and cost benefits that our fully managed cloud security solution offers, continues to give us confidence in our positioning and long-term growth prospects. Just last week, I attended the RSA conference. Compared to 2022, we saw a significant increase in customer activity. We believe this is one more indicator that the increase in cyber-attack is driving a critical business need and causing organizations to rethink and reprioritize security spending despite budget scrutiny. Consistent with the strategy that we shared during our Investor Day in February, we have continued to focus on transitioning our business to a subscription-based model and doubling down on our cloud security offerings. During the first quarter, subscription booking crossed for the first time, 50% of our total bookings, highlighting our progress. Furthermore, we are pleased to report a strong cloud security business. We recorded close to 30% year-over-year growth in cloud total bookings, strong growth in the total number of cloud customers, many of which were mid-sized enterprises. And in addition, as I highlighted before, we saw 21% growth year-over-year in cloud ARR. Our cloud performance was backed by several major wins. For example, we signed a $1 million cloud DDoS deal with a world leader in data center design and operation. The company was hit by several large attacks that resulted in downtime for its largest customers triggering this deal. We also won the cloud app of a major digital entertainment services provider in the Americas. The customer was faced with both attacks and technical issues while dealing with an incumbent provider. Our proof of concept demonstrated our superior cloud security solution. On the product front, we announced major new product launches. For instance, we released new algorithms to mitigate web DDoS attacks, a new AI algorithm that automatically detects false positives and false negatives and supervises our cloud systems. We strongly believe our algorithms are an important competitive differentiator and in lockstep with what customers need in order to withstand the type of attacks we are seeing today. In addition, we rolled out our new best of suite offering for the cloud application protection, which delivers seamless 360 degree application protection from the user's browser to the application. This best-of-suite offering includes Cloud DDoS protection, Cloud WAF services, API, and bot management, and it also includes our newly introduced client site protection solution, which secures the less protected and further monitored client-side supply chain. During the first quarter, we also introduced our next-generation DDoS mitigators, DefensePro X and Radware Cyber Controller, a new state-of-the-art management, security operation, and orchestration system. Together, this next-generation solution combines industry-leading performance with enriched usability and visibility to defend against encrypted attacks and application layer DDoS attacks in real time. This is a major advancement in on-premise DDoS protection, which was traditionally focused on just mitigating network effects. DefensePro X uses our hardware mitigation engine rather internally developed high capacity security FPGA. Leveraging the HME, DefensePro X is the fastest and most scalable mitigation platform in the market today. Its superior performance and scale provide us with a long-term competitive advantage. Our state-of-the-art solutions continue to earn industry recognition in the first quarter, our API discovery solution and SecurePass architecture won gold (ph) Cybersecurity Excellence Award for innovation and leadership in application security. SecurePass also received owners when it was named a gold winner in the 2023 Global Cybersecurity Awards for its innovative approach in ensuring security in the digital age. In closing, while we experienced strong macro headwinds, we believe that the slowdown is temporary. We are confident that the organization will have to resume investments in real-time attack mitigation and cyber protection regardless of the environment. In order to capitalize on future opportunities and to be the natural cybersecurity provider of choice for organizations, we are determined to grow a strong and sustainable business with a core focus on our fully managed cloud security offerings. We remain mindful of the macro environment and disciplined in our expense management so that we can deliver profitable growth. With that, I will now turn the call over to Guy.

Thank you, Roy, and good day, everyone. I'm pleased to provide the analysis of our financial results and business performance for the first quarter of 2023 as well as our outlook for the second quarter of 2023. Before beginning the financial overview, I would like to remind you that unless otherwise indicated, all financial results are non-GAAP. A full reconciliation of our results on a GAAP and non-GAAP basis is available in the earnings press release issued earlier today and on the Investors section of our website. First quarter 2023 revenues declined 6% year-over-year to $69 million compared to $73.7 million in the same period of last year. The decline of revenue was on the back of the ongoing and increased macroeconomic environment that we have experienced since the second quarter of last year and which intensified in the first quarter of this year. The impact of the macro environment is still evident in an elongated cell cycle as well as budget scrutiny and extended multiphase deployments. As Roy said, and as we are witnessing for some time, levels of attacks are growing consistently in the last few years. However, these attacks are not fully expressed yet in the demand of organizations for our cyber solution due to budget cuts as a result of macro uncertainties. Despite the macro headwind, our cloud business was strong in the first quarter. Cloud ARR in the first quarter of 2023 grew 21% year-over-year, similar to the growth in the fourth quarter of 2022, and accounted for 27% of total ARR compared to 24% last year. The growth of our cloud business is also reflected in our recurring revenues and increased from 68% in Q1 2022 to 73% in Q1 2023. As we highlighted in our Investor Day in February this year, we are focused on scaling our cloud business and accelerating its growth to improve visibility and profitability. On a regional breakdown, revenue in the Americas in the first quarter of 2023 decreased 8% to $27 million compared to Q1 2022. The trailing 12-month basis, America's revenue decreased by 2%. We are working on multiple fronts to improve our execution in the U.S., as we highlighted in the Investor Day. We are expanding our relationship with OEMs, building the midsized market infrastructure, and apply sales force changes. We believe that these actions will lead to an improvement of performance by the end of the year. EMEA revenue in the first quarter increased 6% compared to Q1 2022 to $30 million and was flat on a trailing 12-month basis. APAC revenue in the first quarter of 2023 was $12 million compared to $16 million in the same period of last year, representing a 24% decrease year-over-year and a 3% decrease on a trailing 12-month basis. Americas accounted for 39% of total revenues. In the first quarter, EMEA accounted for 43% of total revenue, and APAC accounted for the remaining 18% of total revenue in the first quarter. I'll now discuss profit and expenses. Gross margin in Q1 2023 was 82.3% compared to 83.2% in the same period in 2022. The change in gross margin is related mainly to higher costs related to recently launched cloud security centers and these economies of scale. During this time of market challenges, Radware is mindful of its expenses and is agile to adjust the cost structure as needed. Our flexible structure and ability to align expenses with the changing market conditions will enable us to come out stronger. We are committed to improve profitability over time. Operating expenses in the first quarter of 2023 were $52.4 million, below our lower end guidance, representing an increase of 1% compared to the same period of 2022 and a 5% decrease compared to Q4 2022. Operating expenses decreased versus Q4 2022, a decrease attributed mainly to a 3% (ph) headcount reduction. Financial income grew gradually in the last year. In the first quarter of 2023, financial income was $2.7 million, an increase of $1.9 million from Q1 2022. This increase is attributed to higher interest rates in the market. Net income in the first quarter was $6.1 million as compared to $8.8 million in the same period of last year. The average adjusted EBITDA for the first quarter was $6.5 million, which includes $2.7 million negative impact of the loss. Diluted earnings per share for Q1 2023 was $0.14 compared to $0.19 in Q1 2022. Turning to the cash flow statements and balance sheet. Cash flow from operations in Q1 2023 was negative $1.2 million compared to negative cash flow from operation of $10.5 million in the same period of last year. Cash flow from operations in the first quarter of 2023 was impacted mainly by the increase in trade and other receivables and a decrease in other payors. During the first quarter, we repurchased shares in the amount of approximately $12.7 million out of the $100 million share repurchase plan that we have in place. We ended the first quarter with approximately $419 million in cash, bank deposits, and marketable securities. I'll conclude my remarks with guidance. We believe that the current macroeconomics will remain during 2023. And although we cannot estimate the timing, we believe that our current cash position and agile cost structure will help us cross it stronger than others. We expect our revenue for the second quarter of 2023 to be in the range of $68 million to $70 million. We expect Q2 2023 non-GAAP operating expenses to be between $52 million and $54 million. As for Q2 2023, we expect non-GAAP diluted net earnings per share to be between $0.12 and $0.15. I'll now turn the call over to the operator for questions. Operator, please?

Thank you. [Operator Instructions] We will take our first question from Alex Henderson with Needham. Your line is open.

Great. Thanks so much. Just looking at the guide for a second. Can you give us some sense of what you think your interest rate tax rate will do just to round out the numbers a little bit? Obviously, those have been moving around a little bit.

Yeah. So as mentioned before, we expect the interest rate to continue -- financial income to continue to grow based on current interest rates. [Multiple Speakers]

So do you have any guide for that -- for the interest income for the 2Q?

No, we haven't guided. The only thing we said is that we expect to continue to grow at more or less the same pace as we did in the last quarter. And the tax rate same as before.

Okay. And then, if you could just remind us how you're positioned against the FX. Obviously, the shekel is quite weak as a result of the political turmoil there. So how are you positioned on that?

We're hedged for the rest of the year. So new Israeli shekel versus U.S. dollar, FX should not impact our P&L. That's it. For next year, we're not hedged yet.

All right. And then going back to the numbers, it looks to me like the U.S. was the particular problem, but it also looks like the problem was heavily skewed to service providers in the quarter. So could you talk a little bit about what's going on with that vertical? Because obviously, it was a big part of the overall decline here and significantly worse than the corporate averages. Is that a function of the shift in the business mix away from what you've traditionally done for them, and therefore, we should expect that to continue and when does that flatten out?

So I think there are several factors. First, we saw overall weakness across the globe. Yes, America was weak, but I can tell you that was our feeling also on the rest of the theaters. Second, we're definitely now more geared, especially with the focus on cloud security towards enterprises. And I think that you see that over the last several years and also now. And third, I believe that the major weakness was in large CapEx projects. That's where the biggest headwind is. And obviously, carrier deals tend to be larger, tend to be CapEx. And therefore, I think we saw it also there in large magnitude. I think also large enterprise CapEx deals suffered, but this is masked by our cloud performance. So I think in the interior, there's nothing to cover the reduction in the CapEx deals.

Just to clarify, when you said weak globally on demand, that was not company-wide, that was a comment about service providers, specifically, right?

So I think company-wide, we...

So company-wide means globally and also in service provider?

Yes.

Okay. I see. If I could -- just one more question here. So as I'm looking at the mechanics of the U.S. business being down, you've got a reorg going on in your go-to-market there, I believe, that should stabilize things at some point. How do you expect that to progress over the course of the year? When does the realignment there start to improve things?

From a number point of view, we didn't see that in Q1, but from other measures and other KPIs, we do see improvement in the execution in the U.S. We have many KPIs we track before revenues from proof-of-concept to engagements to pipeline and so on. So, all in all, we feel better about the U.S. organization. We feel better about pipeline penetration. I mentioned also the RSA and the customer activity. So while Q1 was difficult, we're actually feeling way better going now into Q2 and beyond.

All right. I’ll see the floor and get back in queue. Thanks.

Thank you, Alex.

And we will take our next question from George Notter with Jefferies. Your line is open.

Hi, guys. Thanks very much. Yeah. I guess I wanted to expand on that. You guys have made a lot of changes, I think, in the sales organization. I know you've changed the compensation plan. You're reorienting folks around more medium-sized enterprise deals, obviously, the cloud products. Could you talk a little bit about what the early returns are there in terms of the new comp plan and the changes you're making? Any more you can tell us would be great.

Okay. So first, obviously, it's early to say, but if I need already to ask to look at one figure, the booking of subscriptions in Q1, for the first time, crossed 50% of our total bookings. So we definitely saw some of our sellers in growing quantity, focusing on everything that is subscription more than a regular product. So that we are already seeing. I think also very strong pipeline and activity in cloud as a result of that because we're highlighting not only subscription but cloud security in specific. So all in all, I think we are moving in the right direction. It's aligned with the focus areas we covered in the Analyst Day. We'll see how it's progressing. But so far, I think it's going in the right direction.

Got it. And then I know you made some changes to the Cisco OEM relationship also. I know that they included Radware and their enterprise-wide license agreements. Can you talk about what you're seeing through that channel?

Yes. It was a very good quarter with Cisco. We actually -- beyond revenues, which I think were a record level, we're seeing a lot of activity in the field. So there's really a big pickup in activity in deals, in engagements, in events. As you've mentioned, we're now part of the enterprise agreement of Cisco. So we're seeing the Cisco security team engaging in discussions with their customers under those frame agreements to include the other portfolio in. We have also the Turbo accounts that we are working to get the large accounts of Cisco that we're working together with them. So all in all, it was a very good quarter, very good momentum there and we have good expectations also for the coming quarters.

Got it. At what point do you think that would be a relationship that you might break out for investors, give us a sense for how big that is? Is that on the horizon?

I hope so. We are progressing. We are progressing well. Let's say, as it grows more, what is the right time.

Okay. Great. Thank you very much, guys.

Thank you, George.

We will take our next question from Chris Reimer with Barclays. Your line is open.

Hi. Thanks for taking my questions. I wonder, if you could touch on the process for onboarding the emergency customers. You said there was an uptick this quarter and a few more of those. Can you just walk us through the process of how they get onboarded, how long can they remain customers until they do become an actual customer and what kind of traction do you see in them converting as a permanent customer?

Yeah. So generally -- thanks for the question. So generally, when we're talking about an emergency onboarding, we mean that the customer is under attack. When they're under attack, they are probably are down, meaning their applications are down, their network is down. And there's -- especially indeed, there's heavy traffic towards their data centers and applications. The onboarding process can be very quick when it can be done in an hour. And definitely can be achieved in several hours. The critical factor there is receiving a letter of authorization from the customer to its ISPs that Radware can act on the network as behalf of the customers. So we can behave as if we are the customer network. Once this is done, it's quite immediate to onboard the customer to our network. As we are onboarding and protecting them, we are providing around a week to 10 days for them to experience the service. Following that, there is an expectation to conclude the contract. Now some enterprises, especially the large ones, the processes are longer in some government entities, the requirements for RFPs. But definitely, the fact that, A, they onboarded our network; B, the service was proven in real-time, in production is a major benefit. So we are seeing anywhere between several days of turnover time or conversion time to several months. And it's a very delicate matter. If we're seeing that it's not progressing and budget is not there. Do you take them off the service? Do you give another great experience? How do you manage that? But overall, customers that are coming in to attack are converting with very high probability, especially that we are very, very good in what we do, and we're really saving them. So I think the latest activity that was predominantly started mid-February and accelerated in terms of cyber-attacks in March and more so in April is definitely generating, I would say, a pipeline with high probability to close, which I think it's a good outcome for us, obviously.

Got it. Thanks. That’s really helpful. And just following on your comments around the reorganization in the U.S. and getting to the point where you feel execution is optimal. Looking at the other regions, do you see that execution there is also optimal or might there be a need for reorganization in the other geographical areas as well?

We're not looking to have further sales reorganization in the field. We are focused also through, for example, the compensation plan and other corporate initiatives, the alignment with the OEMs, the midsized enterprise, we are looking to improve our go-to-market. But it's not going -- at least it's not on our plans currently to do any restructuring of sales reorganization.

Got it. Thanks. That’s all for me.

Thank you.

We will take a follow-up question from Alex Henderson with Needham. Your line is open.

Yeah. If I could go back to that service provider question for a second. So are you, in fact, delivering stuff to -- in the security space to the service providers or is that more your traditional business that's going over there? Can you talk a little bit about what you're selling and how you define those service provider categories?

Yeah. So I think the three buckets there. So first, we're selling the application delivery controller to the carriers, predominantly to their IT and network services organization to load balance and do traffic management for key applications. So that's the first bucket. The second bucket we sell our high end mitigation devices, secure the DDoS mitigation devices when they are generally using them on their network to clean DDoS attacks. Those are generally large projects, large CapEx. The third is, we are delivering our mitigation devices and our web application firewalls to their MSSP businesses to those carriers that are engaged in an MSSP business, although there obviously, it depends about the traction with their customers. If they grow, if they scale it, they will probably purchase more. If not, they would not need more capacity and more solutions. So those are the three buckets that we are engaged with the terriers. I would say that the major I would say, headwind, is on the first two buckets, the ADC and the large security mitigators. Those are the large CapEx equipment purchased by the carriers.

Could you give us any sense of what the scaling of these three are? Are these similar sizes or is the ADC business actually the largest piece? How do we think about this scaling?

I think actually, the DDoS mitigation is the largest piece of the network. Also there, I believe they cannot hold those purchases for long because attacks are growing, and the asset that they need is growing. And we do see increases in the pipeline in this segment. We just didn't see a lot of purchases that were actually done in the first quarter. But I don't believe they can carry on with this approach for long because it's against the dynamics we see in the market, more capacity, and more attacks.

I see. Okay. I get the gist of it. Going back to the pipeline comments you made earlier. It sounds like you felt the pipeline was improving, at least in the Cisco piece and somewhat in the U.S. piece. Could you comment on the company-wide pipeline has? Is the linearity during the quarter an issue, i.e., the late March time frame with all the financial debacle cause a perturbation in the closure rates but your pipelines are healthy. What's the flavoring there?

The pipeline is improving. So we feel better about that. I think also the velocity of the pipeline, especially those that I've mentioned that are triggered by attacks, those deals generally are accelerating faster to close. So all in all, I think the quality of the pipeline and the velocity is better. As you pointed out, both America, Cisco, those are key areas. Cloud, obviously, is a key area and so on.

Okay. And so again, was there any impact because of the banking issues that happened in March? Did that perturbate the linearity or cause anything to slide out of the quarter that would have stopped what closed normally. Any thoughts on…

I don't know. I don't know, how to say. I don't think so, though.

None of our -- or let's say, none of the banks that were impacted for actually our customers. So nothing direct, that being said. There is some kind of uncertainty in that segment. Therefore, we see the longer sales cycle.

Okay. A lot of companies doing risks. Any thought about maybe doing something more aggressive on the cost side to mitigate some of the pressure on margins? Thanks.

At this point, we don't plan one. We think we are positioned well. We think we can -- with cloud security and the subscriptions growing, we think we need to keep the investment as we have. We want to continue to create a competitive advantage on the product side to provide good service to customers. As we said, we think this halt is temporary. We think the attacks are creating a real need, and we want to be there for the customers. So we are mindful of the expenses, but we believe profitability would grow as we will grow the business and scale back our results -- scale up again our results.

Great. Thank you so much.

And there are no further questions at this time. I will now turn the call back to Mr. Roy Zisapel for closing remarks.

Thank you very much for joining us today, and have a great day.

Ladies and gentlemen, this concludes today's conference call and we thank you for your participation. You may now disconnect.