Imperva's CEO Presents at UBS Global Technology and Services Conference (Transcript)

Nov.15.12 | About: Imperva (IMPV)

Imperva Inc. (NYSE:IMPV)

UBS Global Technology and Services Conference

November 14, 2012 1:00 PM ET

Executives

Shlomo Kramer – President and CEO

Terry Schmid – CFO

Analysts

Steve Milunovich – UBS Securities

Steve Milunovich [ph] – UBS Securities

Let's turn to our next presenter is Imperva, Shlomo Kramer, CEO and Terry Schmid, CFO. Shlomo started Imperva and prior to that time, he was co-founder at Check Point. He served in various executives roles through 1998 and is a member of Board of Directors at Check Point through 2003. Terry Schmid, CFO has been in finance for over 20 years. I think many of you got to know Terry has getting – to known his ability to be very straight and upfront with a lot of the components of the story. So anyone that’s just appreciate your approach to the business. So thanks for joining us. There is a full disclosure. I do not formally follow the company but I spend a lot of time. I think this is a really unique asset in security space. I cover a lot of the security firewall companies and going to RSA this year I think it was interesting when you walk to Chevron, there was a lot of burning in the lines of what’s going on in the firewall market and then you passed by what these guys are doing.

It’s a very, very unique segment of the market. So with that, thank you for joining us. Just from your perspective when you look at the tamper security is $32 billion, you know the market extremely well from your history at Check Point but from your perspective maybe talk a little bit about CAM [ph] and the size of the market that you’re addressing currently today?

Shlomo Kramer

So the security and software and hardware market is around $30 billion and its largely divided today between two major security stacks. One is the network security stack, $12 billion under that and the endpoint security stack which is similar in size and then management and a bunch of others. What Imperva does is really focus on the data center and so the next generation, the modern malware, the APT, the hacktivism, the financial crime, the cyber warfare all targets the data center asset business application and business data. And that’s a really different geography with very different assets and use cases than the network and the endpoint and require a different security stack.

And that’s what we are focused on. And today its about $1 billion market. So much smaller than still than the network endpoint but when you look at where at needs to be as it matures, it really needs to be similar in target as important if not more important that’s where the counters of the organizations are, that’s where the entire modern threat is going after. So we really expect many years of rapid growth in this segment.

Steve Milunovich – UBS Securities

I guess the one thing that’s been interesting to me is just in terms of how unique you are, maybe talk a little bit about when you started the company what drew you this that segment of the market versus going to some of the innovative security startups. What’s the big thing that jumped out to you?

Shlomo Kramer

So basically as one of the co-founders of Check Point, I was not interested personally to do another point solution or capability or product in the network security stack or as to that endpoint, okay, but really looking for Greenfield opportunity well in the organization, is there a need for a kind of a new security solution. Securities are always in overlay, right, so when network in the early 90s started to emerge, wide-area network, internet connections, network security emerged with it, the same with endpoint security in the late 80s around antivirus and PCs. And I really believe in 10 years ago that the world that is all about online transaction, ecommerce and availability of business data online, requires a new security overlay.

And that 10 years focus that really moved into the aspect, there wasn’t real 10 years ago but now they are absolutely there in the data center, relation legislation at end of the day really focus on the data center. So it really approved to be a good assumption.

Steve Milunovich – UBS Securities

I guess in three broader buckets in terms of your business, correct me if I am wrong but when you think about the database segment file and then the WAF or web application firewall, how do you see that evolving over time and maybe just talk through the dynamics to each of these markets where you think you have the biggest opportunities?

Shlomo Kramer

Sure. So when you look at the security in the data center, you ask what is in the data center and there are two main things in the data center. There is business data and there are business applications and that’s when we started Imperva. And traditionally on the business data we are focused initially on the structure of the data. So databases of all types and providing visibility and control into how this data is being used by who stopping bad usage or bad data, auditing and reporting on the good usage of this data for compliance agents.

In recent years we have expanded to unstructured data which we believe is really important because almost 80% of data in the data center is unstructured. So if you’re looking to protect your IP against a commercial (inaudible) for example there is huge problem today, you need to control the unstructured data depository just as much as the structured data depositories. And then we’ve expanded to semi-structured data like SharePoint for example, definitely big data is in the future for us and we’re going to expand the footprint of every type of report. So in the data center both on premise as well as in the cloud and putting the data in the cloud is a very big opportunity for us.

On the application side, we see two major trends. One is going up the stack in terms of threat, if traditionally things work like SQL injects technical attacks all days issues of the applications because still data through the application was key. We’ve seen the hackers move over the last three years up this stack to business logic effects like the recent application level DDoS attacks on the U.S. banks or screen scraping or anyone of these attacks that really used the business logic of the applications versus the structure of the application finally slowed this kind of the third bucket of the threat around applications. And we’re seeing huge surge in further on web, the web application is really important category for us and we are the only ones that are able to direct all three types of threat.

The second is the fact that when we started, we really focused on the large organization. That will be targets of these attacks. But today everybody is a target. The threat really went to threat economy. Really went to almost an industrialized revolution. It’s not a human attacker anymore, it’s really global automated processes both national malware, it goes after these application so we don’t need to be a large bank, you can be a mom-and-pop ecommerce shop to be attacked.

So we came into the market with solutions that also protect the smaller site whether a smaller ecommerce site or one of the many hundreds of thousands of sites that large organization has and that’s a cloud-based solutions. That’s kind of a CBM type of solution that really focuses on security.

Steve Milunovich – UBS Securities

We’ve seen some fairly mediocre attack results as of late but it seems like your results suggests otherwise you had good momentum maybe talk through how you think about what you see in the pipeline given what’s going on, it feels like you’re slightly – in slightly more defensive area where spending will continue and we’ve heard a lot of companies talk about how they are pulling back to run or pulling back to grow part but they just want to stick with the run. It seems like you fit in the run category?

Shlomo Kramer

Exactly, and we’ve seen this both historically as well as lately that our categories whether is very resilience to tough financial times. Even if the economy is bad, hackers continue, they don’t get fired and you still need to be in compliance. So our product are really important for organization and they view them as a mush have. Also this is an early type of category so less vulnerable to kind of muckle threats like this.

Steve Milunovich – UBS Securities

The go-to-market strategy maybe talk a little bit about what you’re doing to build out to go after this and…

Shlomo Kramer

So we’ve been at the company from beginning with a view that this is a broad category. And we’ve invested early on in a large global network of partners. So we are a channel company in the sense that almost 100% of our revenues are fulfilled. So a channel but more importantly more than 50% of our pipeline comes from the channel. And what happens in between it really depends on the geography, some geographies channels are fully independent and carry retail sales by themselves with some others, their main contribution is to influence over the account where they are embedded.

Our channels are primarily the security channels so the same channels and the same buyers that you’re familiar with other categories in security but we have some emerging interesting partnership especially around the hosters and MSSPs that has been growing very rapidly to over 10% of our revenues companies such as (inaudible) and many other hosters and MSSPs around the world.

Steve Milunovich – UBS Securities

Another unique advantage I think you have is you’re very horizontal, right. There is no vertical that’s not out of your scope, right?

Shlomo Kramer

Yes, every organization that puts a major information in the data center and critical businesses that needs to be protected. So it clearly doesn’t matter which vertical you are, our solutions are very much. Historically the financials were the stronger just because financials are early adopters but we are seeing different needs in the other verticals going across.

Steve Milunovich – UBS Securities

From a sales go-to-market perspective you don’t need a vertical swat team, you’re going geographical.

Shlomo Kramer

This is geographic, our breakdown of our sales organization is between geographical teams and strategic countries, we’ve seen the market really maturing to the point where we need to focus – have a separate focus on the high end enterprise level.

Steve Milunovich – UBS Securities

Okay. Oracle and IBM is kind of bought their way in, obviously they are only protecting their environment, so you can offer the neutrality of walking in and saying, we can protect any environment, maybe talk through what you’re seeing from those guys and then on the WAF side, what you’re seeing on that side anything now?

Shlomo Kramer

So the competition has been the same for the last four years I would say, on the data side, it’s mainly IBM. And IBM bought Guardium which was the main competitor to us in this category. We’re doing very well against IBM and Guardium and Fortinet [ph] actually it’s easier to compete in the many senses against IBM than it was to compete against Guardium. And we are seeing really that it’s too bought too bay side application. Our competition in both cases are infrastructure companies that security is an add-on and an afterthought and we really believe that being the only pure play security with a focus the entire security stack in data center is going to be the winning opportunity.

When we look at a traditional security markets such as the network security markets, if you look at the Gartner Magic Quadrant, the two leaders are Palo Alto Networks and Check Point, so the pure play is not Cisco and Juniper that were kind of pushed out of there. And for good reasons, the best guys continue to innovate so you have to innovate and you need to have a absolute focus on security in order to do that. We believe the same outcome is going to be in the data center. Oracle is also playing, you asked about Oracle on the data side.

They have been a player for many years but far from being a strong competitor. On the applications side, the main competitors is F5 and again been with us in the market for the last six years. Haven't seen always been there and some competitors always had a really good win/loss ratio against and when we lose, it’s not about the product, the product fell apart, we have a much superior both on security as well as scalability and manageability, capabilities sometimes the single books approach is more enticing to the network engineering I believe that’s going away with virtual switching in the data center but that is a different discussion.

So we are doing very well against F5. The other content delivery vendor such as hardware, Citrix are also playing but much that like Oracle, they are not the first line competitor.

Steve Milunovich – UBS Securities

You’re a founder of one of the highest operating margins business in technology today. Anything structurally that you see over the long-term not talking next two years but do you feel like that the business can exist the same type of margin structure given some of the setup of the businesses that you have?

Shlomo Kramer

So I think that we have fairly a specific target in terms of the long-term model which Schmid will be glad to talk about.

Terry Schmid

So our target long-term model has operating margins in the mid 20. So we are obviously targeting in different model in Check Point. One is invest a lot more back into business, continue to have innovation and continue to drive product improvements and distribution growth around the world.

Steve Milunovich – UBS Securities

Okay. You guys are pretty confident when you address questions and it’s a great think but anything what worries you, I mean it seems that you’ve got everything kind of tuned in but what are the – for your things – in terms of growth what is the – what do you think are the bottlenecks, just awareness now of your solution is it feet on the street, what’s the idol?

Shlomo Kramer

I think that it’s about execution. Right now I think that the opportunity is big and I think we are well positioned against this execution – against this opportunity. And now we need to make sure that we continue to execute in the right way in order to take advantage of this opportunity. For example, recently we decided to accelerate our investment in sales and marketing and to aggressively increase the number of our sales team in general and particular, we’ve identified a growing opportunity to high end enterprise sales and much more willingness from organization today to invest in this technology strategically so there are bigger deals, more of them organizations are little tired from the non-scalable solutions out there.

So we are going to go after that. We are going after that quite aggressively and we’ve been successful in that. And we are on the market size also the beginning of a pool in the market, always been a push market. We are seeing that the awareness of the threat and the recognition of organization that all that investment network firewall and antivirus has nothing to do with the threats on their data center and they need something here in order to direct critical geography in the organization, so we are going to continue and do a much better job in positioning ourselves against these kind of muckle trend of the next generation malware, the web born threats for to take advantage of the pool is a must.

Steve Milunovich – UBS Securities

Do you see as there is a lot of firewalls under I think there is 15, 16 I don’t know the exact number, there is a lot, right? Do you see callers Check Point trying to meet each other Fortinet and (inaudible) I mean you see what’s going on. Your kind of up in the corner playing in your own little sandbox which is nice but do you see at all a risk that these vendors start to say, well this is an area we want to try to differentiate and try to be able more to your strategy or not.

Shlomo Kramer

So the main competitors that we have, all the tier 1 competitors are in data center company. The companies that have the DNA of the data center which is very, very different than the DNA that the network security companies have. And the security stack in the data center is not a mutation or adaptation of the network security stack, if the network security company decides to play in the data centers they need to build or buy something from a full sketch it’s completely new.

And an example for that would be Fortinet. When Fortinet a few years ago did exactly what you said, decided that the data center is an interesting area for them. They bought FortiWeb, the product that is now FortiWeb and the product is now FortiDB and decided to create a data center UTM as they call it. They weren’t very successful. They are the two tier 2 players, they are not tier 1 competitor but as they have recognized that they need something new. And the same goes for everyone else who is trying and playing.

Steve Milunovich – UBS Securities

Okay. You’ve brought out the term earlier and I just – I thought we can tap your thoughts security knowledge bank, but we keep hearing this work APT.

Shlomo Kramer

Yes.

Steve Milunovich – UBS Securities

And I was wondering if you could just give us a one-on-one because Sourcefire, Palo Alto, also a number of these companies has been releasing (inaudible) highly successful private company that’s talking about ATPs, can you talk about what this is and help people understand what you’re seeing and does that have any impacts on you or not?

Shlomo Kramer

So it mainly means that some is targeting you, not you but your organization personally. So it’s going after that organization. It’s not a broad based attack against anyone, but it’s going after you and going after you in various ways. There is the most common way is to compromise the insider, skill the credential and use this credential then to go after data center assets and take whatever they are looking to take, whether its IP or credit card information or whatever other data they are interested.

So the critical element here is with all the investments are made in perimeter security, in organization they are penetrate, every organization that is large enough has the bad guys in them. So what we do about it? You have two options and most probably you need to expect two options together. One is chase the mind [ph], always focus if you’re talking about chasing the mind, all right, whether it’s a perimeter solution kind of FireEye or WildFire or something like that, or an endpoint solutions such as (inaudible) or whatever, that’s chasing the minds but you also have to garbage it, because you will never catch all the minds and it’s enough to have a few mice, so one mice breakout to it, so what we do is essentially garbage it.

And the databases, there are business applications and the functions.

Steve Milunovich – UBS Securities

So APTs can have an impact on your addressing in the different?

Shlomo Kramer

Yes, basically ATP is a big driver to many of our customers, because they are recognizing the fact that the bad guys are in the network, we better have a tight control of out here.

Steve Milunovich – UBS Securities

The new James Bond movie made a pretty good point of how bad these guys are.

Shlomo Kramer

Okay.

Steve Milunovich – UBS Securities

We’re seeing.

Shlomo Kramer

I’ll make a point of watching that movie.

Steve Milunovich – UBS Securities

Any questions? How do you balance that this is to me you’re sitting in Kaspersky [ph] versus you mean you could just run out and hire as many as sales reps take your margin way down, I mean how do you thinking about this from its kind of your market to have right now it seems like we’re not just accelerated it and...

Terry Schmid

Well we think there is a pretty pragmatic view towards revenue growth versus profitability. That being said, I don’t think we’re leaving things on the table maybe put it that way, right, so it’s an early market. It’s a smaller market what’s out there. now they’re growing quickly. We think – we’re taking advantage of the opportunities that are there for us. Our pipeline has been growing extremely fast which is why we’ve accelerated hiring our sales and marketing organization to take advantage of the pipeline that's there.

We try to react to empirical data and not in the end hurt ourselves by driving our own margins down by growing too quickly. I think that would be problematic in the long run. And we try to react to what’s really happening in the market, bigger pipeline gives us a good indication of that, so that’s generally how we drive our spending growth despite...

Shlomo Kramer

I think we balance between gaining market share and building machine and in company that will work long-term.

Steve Milunovich – UBS Securities

When you think about acceleration to sales growth, did you talked about you were running an x percent, now you’re running at an x percent or is it just where increasing hiring that’s the way you’re going to leave it?

Terry Schmid

That was – what we’ve talked about for the growth in sales is that on a year-over-year percentage basis our growth in our sales and marketing spend will be higher than it was from ‘012 to ‘013 than it was until ‘011 and ‘012. So it’s not just an acceleration on an absolute basis but it’s an acceleration on a year-over-year percentage basis as well. So it’s a meaningful increase in sales and marketing spend for us.

Steve Milunovich – UBS Securities

Where you find the best reps?

Shlomo Kramer

Reps, I think are able to do the enterprise sales, that’s not necessarily from security can be also enterprise infrastructure (inaudible).

Steve Milunovich – UBS Securities

Any questions? Can I ask one question just as it relates to, I got to think this is going all the way to CEO now where you’re looking at your inside your company what happened from these attacks when these banks were – it seemed like they were trying to compromise, correct me if I’m wrong, the inside of the company they were just trying to bring down the website, but like you’re sitting there going and you’re the CEO of JP Morgan and you’re starting to say look I am worried about basically what he said.

Shlomo Kramer

If you’re asking about security, all we can talk about is compromising factors and how did we control the compromising factor and what are they are doing to the system. And so absolutely (inaudible). When you’re talking with CSOs they would tell you we’ve been here 12 years in the first 10 years nobody talked with me. I sit in the corner, leave my things there, last couple of years, I am getting calls all the time from my CIO, from the CEO, and asking us about Coca-Cola, asking us about Bank of America, asking us about Goldman Sachs, all these events how we protect and that’s kind of been a definitely the shift which we see in the market in terms of awareness. At one point something has to give, at one point organization will broadly recognize the fact that network firewall and antivirus are not effective against these next generation threats against the latest threat.

So we are not saying that is kind of an immediate change in inflection point but we are definitely seeing an acceleration in that recognition.

Steve Milunovich – UBS Securities

It’s a great story. Thank you for sharing it. I appreciate it.

Shlomo Kramer

All right, thanks.

Question-and-Answer Session

[No Q&A session for this event]

Copyright policy: All transcripts on this site are the copyright of Seeking Alpha. However, we view them as an important resource for bloggers and journalists, and are excited to contribute to the democratization of financial information on the Internet. (Until now investors have had to pay thousands of dollars in subscription fees for transcripts.) So our reproduction policy is as follows: You may quote up to 400 words of any transcript on the condition that you attribute the transcript to Seeking Alpha and either link to the original transcript or to www.SeekingAlpha.com. All other use is prohibited.

THE INFORMATION CONTAINED HERE IS A TEXTUAL REPRESENTATION OF THE APPLICABLE COMPANY'S CONFERENCE CALL, CONFERENCE PRESENTATION OR OTHER AUDIO PRESENTATION, AND WHILE EFFORTS ARE MADE TO PROVIDE AN ACCURATE TRANSCRIPTION, THERE MAY BE MATERIAL ERRORS, OMISSIONS, OR INACCURACIES IN THE REPORTING OF THE SUBSTANCE OF THE AUDIO PRESENTATIONS. IN NO WAY DOES SEEKING ALPHA ASSUME ANY RESPONSIBILITY FOR ANY INVESTMENT OR OTHER DECISIONS MADE BASED UPON THE INFORMATION PROVIDED ON THIS WEB SITE OR IN ANY TRANSCRIPT. USERS ARE ADVISED TO REVIEW THE APPLICABLE COMPANY'S AUDIO PRESENTATION ITSELF AND THE APPLICABLE COMPANY'S SEC FILINGS BEFORE MAKING ANY INVESTMENT OR OTHER DECISIONS.

If you have any additional questions about our online transcripts, please contact us at: transcripts@seekingalpha.com. Thank you!