Allot

Earnings Release • Mar 7, 2021

INDEPENDENT EQUITY RESEARCH

th Allot – Q4 Update , ²⁰²¹

March 7

23% increase in 2020 revenue YoY; COVID19 has had a tremendous impact on the network-security industry; target price increase to NIS 60.6

Allot consistently meets our progress expectations and exceeds them; we update our target equity based on the company's progress and achievements. We update Allot's stock price target to NIS 60.6.

Allot generates revenues from two sources: (1) sales of Network Intelligence Solutions which show communication service providers (CSPs) exactly what is happening on their networks allowing them to control network traffic for a high quality experience for subscribers (2) sales of Network-based Security solutions, such as security as a value added service (SecaaS) that communication service providers can offer to their subscribers in order to protect them from cyber threats. These offerings solve major problems for communication service providers such as creating new streams of monthly recurring revenue to deal with serious pricing pressures and allow providers to navigate the new 5G ecosystem successfully.

Exploring the fourth quarter and recent months of 2021 indicates the following:

• Fourth quarter revenues were \$39.1 million, up 28% year-over-year;
• Full year revenues were \$135.9 million, up 23% year-over-year;
• Gross margin on a non-GAAP basis increased in 2020 to 71% compared to 70% in 2019;
• MAR *(maximum annual revenue potential of concluded transactions) reported for 2020 reached \$192 million;
• Non-GAAP operating profit for Q4 2020 was \$0.5 million compared to a loss of \$1.8 million in Q4 2019;
• Management expects 2021 revenues to grow to between \$145-150 million; additional recurring security deals to be executed in 2021 with MAR expected to exceed \$180 million and recurring security revenues in 2021 to be between \$6 -\$8 million, and expected to exceed \$25 million in 2022.

We value Allot's equity at NIS 2.1B; price target to be in the range of NIS 56.6 to NIS 65.6 with a mean of NIS 60.6.

Allot March 7 th , 2021

Information security (infosec) refers to technology and services that protect enterprises from digital threats to business operations. We estimate the infosec vertical to have reached \$148.2 billion in 2020 as the industry has been able to increase spending during the pandemic, and we expect low double-digit growth to resume in 2021. Looking at the network security market, CAGR is higher:

Infosec momentum is on the rise also with VC deal activity set a record in 2020 with \$9.9 billion invested across 626 deals, a 16.1% increase in deal value despite an 8.6% decline in deal count. VC deal value was led by fraud prevention, data privacy & compliance, managed security services, and endpoint security, which all raised over \$700 million in funding in 2020.

Read our annual initiation report here in order to get a comprehensive understanding of Allot's executive investment thesis, offering, market, competition, and growth drivers.

Executive Investment Thesis

Today's forms of communication have made the world into a very small place. We can easily communicate with our families, friends, and colleagues, on the other side of the world, via our cellular network, to message them about the latest episode of our favorite Netflix show, streamed via our home WiFi network. Because these networks have become such a vital part of our lives they have become a vital asset for communication service providers (CSPs) that supply us with cellular, internet, and other services.

The problem is that as our networks become more advanced to meet our expectations, by supplying us with capabilities such as 8K video streaming, gaming, virtual reality, ultra-reliable low latency/low bandwidth V2X collision avoidance systems and other machine-to-machine communications on a massive scale, we expect to pay less to use them. That is, network costs are rising for CSPs but Average Revenue per User (ARPU) is not.

New Applications Empowered by 5G

From the figures below it is evident that mobile networks have given users increasingly better download and upload speed as well as significantly improved latency but all the while have drastically dropped prices (both in developed and developing countries).

The second major problem that arises is that as more and more devices utilize CSP networks, there are more and more targets for cyber-attacks. Imagine a hacker infecting two million IoT devices and using them to launch a massive DDoS attack on vital city infrastructure.

The new Mobile Edge Computing (MEC) architecture of 5G networks only exacerbates this problem. Edge computing is a term to describe the migration of computing processes from a centralized cloud at the center of a network to a distributed cloud with nodes at the edge of the network, meaning, as close to the end user as possible. The edge computing nodes could be a local data center or even the user's device itself. The bottom-line is that there are many more points for attackers to target in the new 5G architecture.

So why are our networks migrating to a distributed architecture? This migration from a centralized computing entity to many small distributed computing entities on the edge of the network is happening for two reasons. The first is that as more and more devices connect to networks it becomes more expensive to support their needed capacity to communicate with one central cloud as opposed to many local distributed cloud entities. The second is that more and more applications are requiring ultra-low latency and this is significantly easier to achieve with computing nodes closer to the end user at the edge of the network.

The two major problems above- 1) increasing data capacity pressure with increasing pricing pressure and 2) increased attack surface are exactly the issues that Allot solves.

1) Increased Attack Surface- Allot attempts to turn the security problem into an opportunity for CSPs by creating an added source of revenue for them with their Network Security Solutions. If we think about it, we quickly realize that our homes have become mini IT organizations with at least 10 connected devices that surround us and that we surrender our most intimate details to. Because Allot's solution is network based (it is located on the CSP network) and not endpoint based (the Company also provides end-point security where necessary) users do not have to download or install anything. They are automatically protected.

The graph to the left shows the subscriber penetration rates for Allot's security solution over months for different CSPs. We can see that gradually Allot's Network Security solution is achieving penetration rates of over 50% of subscribers of some cellular CSPs in certain geographies. Should CSPs communicate the need for this solution clearly and awareness develop with end users, the revenue potential for Allot is significant. Vodafone's (one of the largest Tier 1 CSPs in the world) CEO Vittorio Colao stated, "Our Secure Net product (provided by Allot) is already generating 160 million in revenue… we have been building quietly and we will leverage on."

Allot has made a strategic decision to focus its marketing and sales efforts on Network-based Security reaching out to what seems like the blue ocean of cyber security. We expect Allot to show a significant increase in revenues over the next 5 years due to the high growth expected in this sector and importantly due to the company's transition from a

CAPEX to a Rev-Share business model. The solution is offered in a SecaaS model and for every new CSP end user (subscriber) that chooses to secure their online experience, the CSP and Allot share the monthly user fee. With each CSP servicing millions of subscribers the revenue potential of this value added service is great both for the CSP and Allot. Allot is constantly onboarding Tier 1 and 2 telecom customers that offer Allot's security value added service to end users.

Allot's security solutions are also inherently designed to work well with the new 5G distributed architecture model. With the transition to mobile edge computing, large centralized computing clouds are replaced by smaller ones at the edge which are therefore highly sensitive to changes in bandwidth capacity. In relation to many of its competitors, Allot's solution sits inline with these edge computing nodes, meaning it does not take from their bandwidth and slow the network. Solutions such as those provided by Arbor/Netscout for example, send suspicous data to a scrubbing center which both takes up network capacity and costs more because of increased bandwidth for the CSP. Providing security solutions designed for 5G is critical for competing in this new market space. Thus Allot is well suited to address the challenges of 5G architecture and sees possible additional business offering focused securing the Network Infrastructure of the CSP itself from both inbound and "home-generated" attacks.

2) Increasing Data Capacity Pressure with Increasing Pricing Pressure- One of the cardinal challenges for CSPs is dealing with decreasing profitability in this new generation of communication networks. Tailored offerings have become crucial to providing added value to basic connectivity. In order to provide tailored services, CSPs need to have high resolution Network Intelligence termed Network Visibility or Deep Packet Inspection (DPI) in order to understand what data is flowing through their pipes and how they can capitalize on it. The higher the level of DPI sophistication, the more detailed a picture the CSP can obtain of the data flowing through their network pipes and in turn they are better able to act on this insight.

Allot's DPI solution provides insight that allows CSPs to get more out of their existing network bandwidth without intensive CAPEX investment from the part of CSPs. That is, simple broadband pipes, where data flows, become smart and sophisticated allowing CSPs to see what type of data is flowing and to adapt to points of congestion. By more efficiently using their existing infrastructure, CSPs are able to save significantly on CAPEX. In addition to this major benefit, Allot's solution also allows CSPs to offer a plethora of new services to customers such as parental controls, monetization (real-time data package offers based on user behavior), and most importantly, high Quality of Experience (QoE) to ensure that customers remain happy with their CSP no matter what their user behavior or application use case is.

In 5G, Network Intelligence or DPI are essential to meeting user needs. 5G by its very nature was designed to handle a wide variety of applications shown on the Venn diagram above. Each of these applications has unique requirements and therefore it is necessary for the data flowing through the network to be identified and categorized in order to meet these requirements. For example, data to stream an 8K video requires more bandwidth while data to perform a remote surgery requires ultra-low latency, and data to support smart utility meters requires high scalability but very little bandwidth, while data to support mobile banking requires high levels of security. The allocation of network resources to support these different market segments is known as 5G Network Slicing. Network slicing virtually slices networks from the core to the RAN (meaning throughout all parts of the network) in order to allocate resources for specific use cases. 5G Network slicing utilizes network functions virtualization (NFV) and software defined networking (SDN) to create different virtual networks on physical infrastructure. Network visibility or DPI is critical to 5G slicing to ensure Quality of

Experience (QoE) analysis and management. This is also true from a security perspective; DPI allows identifying suspicious traffic patterns that could signal DDoS attacks or malware.

5G Network Slicing

In conclusion, Allot's DPI solution allows CSPs to 1) manage network traffic in order to relieve congestion and minimize CAPEX expenditure 2) ensure high QoE for users 3) enable policy creation and charging control such as parental controls and data usage limits 4) secure network traffic as an added revenue source for CSPs.

In addition to 5G there are a number of other trends driving adoption of Network Intelligence and Network Security Solutions. These include the heightened use of networks during the COVID pandemic and the ever progressing regulatory landscape. Under the 3GPP 5G standard it is mandatory for CSPs to have DPI capabilities. Other regulatory policies strengthening Allot's offering include examples such as the UK introducing a law requiring all visitors of adult content websites to prove that they are 18 or over. This was done to reduce the risk of children accessing or stumbling into adult content and to set a standard for international child protection online. Sites that do not comply with the law will be blocked by mobile and fixed CSPs. Further regulations such as the implementation of the Network and Information Security Directive (NISD) and the General Data Protection Regulation (GDPR) in the EU that require network operators to ensure that their network and information systems meet minimum standards of cyber security could lead to significant upside for Allot.

Within the competitive landscape Allot is well positioned and provides network awareness and security of the highest quality. The nature of the company can be characterized to investors by its two offerings. The Network Intelligence solution brings in a constant and steady stream of revenues which according to our evaluation will show low two digit growth in the next two years and then transition to high one digit growth. The second offering, mobile Network Security, is a relatively new and growing business which we expect to have significant high double digit CAGRs in the next five years based on Allot's reputation, deep know how on a global scale, and the high potential of the Rev-Share model. Allot's main customer segment is telecom service providers which can leverage both of Allot's solutions. Due to the synergy between these offerings (one allows customers to see and control their networks and the other to secure them) we believe in the investment potential of the company.

Customers

Allot solutions are deployed globally by the world's leading service providers and enterprises to improve network performance, ensure QoE, and deliver value added security services. Allot's combined customer base consists of 3000 installations and over 1 billion end users.

Allot provides its services to 13 tier 1 operators. The graphic below shows the largest mobile CSPs in the world by number of subscribers. Six of them toward the top of the list are publically verified Allot customers. For customer size comparison you can see that AT&T and Verizon are towards the bottom of the list. Allot also provides network intelligence and security solutions to enterprises. Customer breakdown is about 80% CSPs and 20% enterprises.

# of SUBSCRIBERS for TOP 20 TELCOS in Millions

Some Allot Smart Customers Include:

Major Allot Secure Customers Include:

About Frost & Sullivan

Frost & Sullivan* is a leading global consulting, and market & technology research firm that employs staff of 1,800, which includes analysts, experts, and growth strategy consultants at approximately 50 branches across 6 continents, including in Herzliya Pituach, Israel. Frost & Sullivan's equity research utilizes the experience and know-how accumulated over the course of 55 years in medical technologies, life sciences, technology, energy, and other industrial fields, including the publication of tens of thousands of market and technology research reports, economic analyses and valuations. For additional information on Frost & Sullivan's capabilities, visit: www.frost.com. For access to our reports and further information on our Independent Equity Research program visit www.frost.com/equityresearch.

*Frost & Sullivan Research and Consulting Ltd., a wholly owned subsidiary of Frost & Sullivan, is registered and licensed in Israel to practice as an investment adviser.

What is Independent Equity Research?

Nearly all equity research is nowadays performed by stock brokers, investment banks, and other entities which have a financial interest in the stock being analyzed. On the other hand, Independent Equity Research is a boutique service offered by only a few firms worldwide. The aim of such research is to provide an unbiased opinion on the state of the company and potential forthcoming changes, including in their share price. The analysis does not constitute investment advice, and analysts are prohibited from trading any securities being analyzed. Furthermore, a company like Frost & Sullivan conducting Independent Equity Research services is reimbursed by a third party entity and not the company directly. Compensation is received up front to further secure the independence of the coverage.

Analysis Program with the Tel Aviv Stock Exchange (TASE)

Frost & Sullivan is delighted to have been selected to participate in the Analysis Program initiated by the Tel Aviv Stock Exchange Analysis (TASE). Within the framework of the program, Frost & Sullivan produces equity research reports on Technology and Biomed (Healthcare) companies that are listed on the TASE, and disseminates them on exchange message boards and through leading business media channels. Key goals of the program are to enhance global awareness of these companies and to enable more informed investment decisions by investors that are interested in "hot" Israeli Hi-Tech and Healthcare companies. The terms of the program are governed by the agreement that we signed with the TASE and the Israel Securities Authority (ISA) regulations.

For further inquiries, please contact our lead analyst:

Dr. Tiran Rothman T: +972 (0) 9 950 2888 E: equity.research@frost.com

Disclaimers, disclosures, and insights for more responsible investment decisions

Definitions: "Frost & Sullivan" – A company registered in California, USA with branches and subsidiaries in other regions, including in Israel, and including any other relevant Frost & Sullivan entities, such as Frost & Sullivan Research & Consulting Ltd. ("FSRC"), a wholly owned subsidiary of Frost & Sullivan that is registered in Israel – as applicable. "The Company" or "Participant" – The company that is analyzed in a report and participates in the TASE Scheme; "Report", "Research Note" or "Analysis" – The content, or any part thereof where applicable, contained in a document such as a Research Note and/or any other previous or later document authored by "Frost & Sullivan", regardless if it has been authored in the frame of the "Analysis Program", if included in the database at www.frost.com and regardless of the Analysis format-online, a digital file or hard copy; "Invest", "Investment" or "Investment decision" – Any decision and/or a recommendation to Buy, Hold or Sell any security of The Company. The purpose of the Report is to enable a more informed investment decision. Yet, nothing in a Report shall constitute a recommendation or solicitation to make any Investment Decision, so Frost & Sullivan takes no responsibility and shall not be deemed responsible for any specific decision, including an Investment Decision, and will not be liable for any actual, consequential, or punitive damages directly or indirectly related to The Report. Without derogating from the generality of the above, you shall consider the following clarifications, disclosure recommendations, and disclaimers. The Report does not include any personal or personalized advice as it cannot consider the particular investment criteria, needs, preferences, priorities, limitations, financial situation, risk aversion, and any other particular circumstances and factors that shall impact an investment decision. Nevertheless, according to the Israeli law, this report can serve as a raison d'etre off which an individual/entity may make an investment decision.

Frost & Sullivan makes no warranty nor representation, expressed or implied, as to the completeness and accuracy of the Report at the time of any investment decision, and no liability shall attach thereto, considering the following among other reasons: The Report may not include the most updated and relevant information from all relevant sources, including later Reports, if any, at the time of the investment decision, so any investment decision shall consider these; The Analysis considers data, information and assessments provided by the company and from sources that were published by third parties (however, even reliable sources contain unknown errors from time to time); the methodology focused on major known products, activities and target markets of the Company that may have a significant impact on its performance as per our discretion, but it may ignore other elements; the Company was not allowed to share any insider information; any investment decision must be based on a clear understanding of the technologies, products, business environments, and any other drivers and restraints of the company's performance, regardless if such information is mentioned in the Report or not; an investment decision shall consider any relevant updated information, such as the company's website and reports on Magna; information and assessments contained in the Report are obtained from sources believed by us to be reliable (however, any source may contain unknown errors. All expressions of opinions, forecasts or estimates reflect the judgment at the time of writing, based on the Company's latest financial report, and some additional information (they are subject to change without any notice). You shall consider the entire analysis contained in the Reports. No specific part of a Report, including any summary that is provided for convenience only, shall serve per se as a basis for any investment decision. In case you perceive a contradiction between any parts of the Report, you shall avoid any investment decision before such contradiction is resolved. Frost and Sullivan only produces research that falls under the non-monetary minor benefit group in MiFID II. As we do not seek payment from the asset management community and do not have any execution function, you are able to continue receiving our research under the new MiFiD II regime. This applies to all forms of transmission, including email, website and financial platforms such as Bloomberg and Thomson.

Risks, valuation, and projections: Any stock price or equity value referred to in The Report may fluctuate. Past performance is not indicative of future performance, future returns are not guaranteed, and a loss of original capital may occur. Nothing contained in the Report is or should be relied on as, a promise or representation as to the future. The projected financial information is prepared expressly for use herein and is based upon the stated assumptions and Frost & Sullivan's analysis of information available at the time that this Report was prepared. There is no representation, warranty, or other assurance that any of the projections will be realized. The Report contains forward-looking statements, such as "anticipate", "continue", "estimate", "expect", "may", "will", "project", "should", "believe" and similar expressions. Undue reliance should not be placed on the forward-looking statements because there is no assurance that they will prove to be correct. Since forward-looking statements address future events and conditions, they involve inherent risks and uncertainties. Forward-looking information or statements contain information that is based on assumptions, forecasts of future results, estimates of amounts not yet determinable, and therefore involve known and unknown risks, uncertainties and other factors which may cause the actual results to be materially different from current projections. Macro level factors that are not directly analyzed in the Report, such as interest rates and exchange rates, any events related to the eco-system, clients, suppliers, competitors, regulators, and others may fluctuate at any time. An investment decision must consider the Risks described in the Report and any other relevant Reports, if any, including the latest financial reports of the company. R&D activities shall be considered as high risk, even if such risks are not specifically discussed in the Report. Any investment decision shall consider the impact of negative and even worst case scenarios. Any relevant forwardlooking statements as defined in Section 27A of the Securities Act of 1933 and Section 21E the Securities Exchange Act of 1934 (as amended) are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995.

TASE Analysis Scheme: The Report is authored by Frost & Sullivan Research & Consulting Ltd. within the framework of the Analysis Scheme of the Tel Aviv Stock Exchange ("TASE") regarding the provision of analysis services on companies that participate in the analysis scheme (see details: www.tase.co.il/LPages/TechAnalysis/Tase\_Analysis\_Site/index.html, www.tase.co.il/LPages/InvestorRelations/english/tase-analysis-program.html), an agreement that the company has signed with TASE ("The Agreement") and the regulation and supervision of the Israel Security Authority (ISA). FSRC and its lead analyst are licensed by the ISA as investment advisors. Accordingly, the following implications and disclosure requirements shall apply. The agreement with the Tel-Aviv Stock Exchange Ltd. regarding participation in the scheme for research analysis of public companies does not and shall not constitute an agreement on the part of the Tel-Aviv Stock Exchange Ltd. or the Israel Securities Authority to the content of the Equity Research Notes or to the recommendations contained therein. As per the Agreement and/or ISA regulations: A summary of the Report shall also be published in Hebrew. In the event of any contradiction, inconsistency, discrepancy, ambiguity or variance between the English Report and the Hebrew summary of said Report, the English version shall prevail. The Report shall include a description of the Participant and its business activities, which shall inter alia relate to matters such as: shareholders; management; products; relevant intellectual property; the business environment in which the Participant operates; the Participant's standing in such an environment including current and forecasted trends; a description of past and current financial positions of the Participant; and a forecast regarding future developments and any other matter which in the professional view of Frost & Sullivan (as defined below) should be addressed in a research Report (of the nature published) and which may affect the decision of a reasonable investor contemplating an investment in the Participant's securities. An equity research abstract shall accompany each Equity Research Report, describing the main points addressed. A thorough analysis and discussion will be included in Reports where the investment case has materially changed. Short update notes, in which the investment case has not materially changed, will include a summary valuation discussion. Subject to the agreement, Frost & Sullivan Research & Consulting Ltd. is entitled to an annual fee to be paid directly by the TASE. Each participant shall pay fees for its participation in the Scheme directly to the TASE. The named lead analyst and analysts responsible for this Report certify that the views expressed in the Report accurately reflect their personal views about the Company and its securities and that no part of their compensation was, is, or will be directly or indirectly related to the specific recommendation or view contained in the Report. Neither said analysts nor Frost & Sullivan trade or directly own any securities in the company. The lead analyst has a limited investment advisor license for analysis only.

© 2021 All rights reserved to Frost & Sullivan and Frost & Sullivan Research & Consulting Ltd. Any content, including any documents, may not be published, lent, reproduced, quoted or resold without the written permission of the companies.