QLYS - NASDAQ

Good day, and thank you for standing by. Welcome to the Qualys First Quarter 2024 Investor Call. [Operator Instructions] Please be advised that today's conference is being recorded. I would now like to hand the conference over to speaker today, Blair King. Please go ahead.

Good afternoon, and welcome to Qualys' First Quarter 2024 Earnings Call. Joining me today to discuss our results are Sumedh Thakar, our President and CEO; and Joo Mi Kim, our CFO. Before we get started, I would like to remind you that our remarks today will include forward-looking statements that generally relate to future events or our future financial or operating performance. Actual results may differ materially from these statements. The factors that could cause results to differ materially are set forth in today's press release in our filings with the SEC, including our latest Form 10-Q and 10-K. Any forward-looking statements that we make on this call are based on assumptions as of today, and we undertake no obligation to update these statements as a result of new information or future events. During this call, we will present both GAAP and non-GAAP financial measures. A reconciliation of GAAP to non-GAAP measures is included in today's earnings press release, and as a reminder, the press release, prepared remarks and investor presentation, all available on the Investor Relations section of our website. So with that, I'll turn the call over to you, Sumedh.

Thank you, Blair, and welcome to our first quarter earnings call. Qualys delivered another quarter of healthy revenue growth, strong profitability and cash flow generation, reflecting our ongoing commitment to rapid innovation and customer success. Given the accelerated growth in scope and complexity of cyber threats alongside an intensifying regulatory environment, boards and C-level executives are increasingly focused on the business outcome of cybersecurity. This requirement makes seamlessly integrated security solutions and necessity for customers to effectively measure, communicate and fortify the security posture. We believe the Qualys Enterprise TruRisk Platform designed to reduce friction, risk and cost provides organizations with a foundational risk management platform for the future and serves as a structural competitive advantage for both our customers and for Qualys. As a result, our VMDR solution with TruRisk is not only fueling new logo lands but also increases platform adoption, especially in the areas of the CyberSecurity Asset Management with External Attack Surface Management, Patch Management and Cloud Security. In Q1, health care, technology, retail and financial services verticals all demonstrated strong VMDR demand with large deal sizes. Further underscoring the power of our platform, I will take a moment to share a couple of examples of how our customers and partners continue to expand their use of Qualys' capabilities to consolidate their security stack. On the customer front, a marquee high 6-figure bookings enterprise customer win in Q1 was with a leading business services company in the Forbes 1000. The customer expanded its VMDR with TruRisk and Patch Management deployments with -- while adopting CyberSecurity Asset Management with EASM as part of an initiative to detect end-of-life and end-of-service software, monitor subdomains of its infrastructure and transform its IT security architecture, while replacing point solutions from 3 vendors with a single platform. The ability for this customer to significantly enhance its security program with comprehensive internal and external asset criticality, holistic risk scoring, ticketing and automated patching across its on-prem cloud and container environments through a natively integrated platform and unified dashboard were all key differentiators compared to alternative next-gen and legacy technologies. The next win demonstrates how Qualys helped an existing Forbes 100 manufacturing company standardized on Qualys Enterprise TruRisk Platform. and consolidate risk factors from different Qualys modules into a single risk score with business context. This existing VMDR and total cloud customer was struggling with connecting disparate asset management tools and business processes across several subsidiaries and environments and needed to gain better visibility into its attack surface to uniformly contextualized, communicate and manage risk. Recognizing the increased value they would gain by further consolidating on Qualys, this customer replaced its existing asset management tool and adopted our CyberSecurity Asset Management with EASM solution in a 6-figure bookings upsell. This customer is now leveraging multiple aspects of Qualys Enterprise TruRisk Platform, spanning on-prem cloud and multi-cloud assets to quantify and prioritize risk reduction initiatives, increase organizational resilience and give its CISO a peace of mind. Investing in our partner program continues to be a key pillar of our go-to-market agenda as it bolsters our capacities, harness transformative solution sales and bring new business to Qualys. Through these investments, we continue to advance our evolving partner ecosystem with 2 leading managed service providers in America, one that recently expanded its offering beyond VMDR to include our Patch Management capability and the other standardized on Qualys as its preferred partner for VMDR CyberSecurity Asset Management with EASM and Patch Management, spanning both its federal and commercial verticals. The latter of these 2 wins is a testament to the investment we are making to expand our federal business, and we're looking forward to hosting our first public sector Cyber Risk Conference later this month. And with nearly 50 partners already on our recently announced new MSSP partner portal to simplify their operations, launch and manage Qualys' capabilities and significantly reduce remediation times for their customers, we are increasingly well positioned to expand our reach to customers of all sizes. Additionally, we strengthened our alliance with a leading system integrator, which is now actively bringing our TotalCloud CNAPP solution to its customers. We believe the broad expansion of our partner program over the past several quarters continues to reflect our strengthening brand awareness, strategic position and value position in the market. With tightly integrated solutions delivered through a natively integrated platform to solve modern security challenges, more and more Qualys customers are beginning to understand how cybersecurity transformation drives better security outcomes, saves times and costs less. As a result, customers spending $500,000 or more with us in Q1 grew 19% from a year ago to 192. Since our inception driving innovation is at the core of Qualys' mission. We are excited with our upcoming enterprise TruRisk Management application, which marks the next phase of expansion of our platform, building on top of the success we have seen with VMDR -- with TruRisk. The ETM capability will enable VMDR customers to upgrade to a more holistic cyber risk management platform that goes beyond vulnerability management. the enterprise tourist management solution holistically aggregates and normalizes trillions of first- and third-party data signals, correlates risk factors with assets, threats and business context, detects visualizes, quantifies and prioritize risk and makes remediation frictionless with immediate -- and immediate with simple click of a button. With these newest capabilities all natively integrated off single unified dashboard Qualys is once again well armed with powerful new platform capabilities that broadly measure, communicate and remediate risk across our attack surface including IT, OT, applications, cloud and multi-cloud assets. Moreover, our comprehensive AI-powered insights are now converting detected risk into optimized remediation actions across our platform solutions with our out-of-the-box instant and actionable insights mapped to our organization's own data to preemptively reduce risk in their environment. The feedback from many of the CISOs I met at our recent QSC EMEA event in London has been very positive with respect to the deployment agenda, the excitement about the rapid pace of new capabilities that we are delivering and their ability to monitor and measure risk reduction ROI for the cybersecurity spend. Further advancing our TruRisk capabilities, I'm pleased to announce we recently brought MITRE ATT&CK Matrix Prioritization into the Qualys Enterprise TruRisk Platform. By combining over 25 sources of threat intelligence with the MITRE ATT&CK framework, we are now further enabling organizations with a holistic attacker centric view to predict and identify critical risks to their business based on the attack tactics and techniques. While this advancement -- with this advancement, we believe Qualys stands out as the only enterprise scale solution to combine contextualized risk quantification and the MITRE ATT&CK framework to help organizations proactively prioritize, manage and reduce cyber risk with enhanced detection, integrated risk quantification and automated response for a threat-informed defense in a single platform. Continuing the pace of disruptive innovation, we are now organically unifying cloud infrastructure entitlement management, CIEM into our TotalCloud CNAPP solution. With this new capability, customers can manage cloud entities, entitlements and enforce the principle of least privilege access to cloud infrastructure and resources. Combined with additional newly introduced capabilities such as container runtime security and Kubernetes posture management, we have created what we believe is one of the most comprehensive cloud-native security solutions in the market with a unified actionable dashboard for immediate threat prioritization and remediation for build through runtime with built-in threat detection capabilities. Finally, we -- as we continue to extend our technology leadership across the entire platform, I'm pleased to announce our CyberSecurity Risk Management 3.0 solution with highly differentiated new capabilities and external attack surface success management and third-party integrations for comprehensive asset inventory. With these innovations, security teams can now leverage our patent pending technology to reduce accuracy and detection gaps with immediate lightweight vulnerability scanning, seamlessly attribute previously unmanaged external assets to the organization with confidence and evaluate asset-based business risk per subsidiary or acquired entity. Combining this unique approach to EASM with integrated TruRisk scoring capabilities and actionable dashboards to proactively manage tech debt further strengthens our position in the market while enabling customers to derisk the entire attack surface. In summary, company's uniformly recognized security transformation is fundamental in combat in today's heightened threat and regulatory environment. As a result, customers are increasingly looking to reduce the risk exposure through the adoption of natively integrated risk management platform instead of deploying a collection of disparate point solutions stitched together through the invoice. We believe that with our organically integrated cloud-native platform built to holistically measure, communicate and ultimately eliminate cyber risk, Qualys is laying a foundation for future growth and is well positioned to drive long-term shareholder value with a balanced approach to growth and profitability. With that, I will turn the call over to Joo Mi to further discuss our first quarter results and outlook for the second quarter and full year 2024.

Thanks, Sumedh, and good afternoon. Before I start, I'd like to note that except for revenue, all financial figures are non-GAAP, and growth rates are based on comparisons to the prior year periods unless stated otherwise. Turning to first quarter results. Revenues grew 12% to $145.8 million with channel continuing to increase its contribution, making up 45% of total revenues compared to 43% a year ago. As a result of our continued commitment to leverage our partner ecosystem to drive growth, we were able to grow revenues channel partners by 18%, outpacing direct, which grew 7%. By deal, 13% growth outside the U.S. was ahead of our domestic business, which grew 11%. Looking ahead, we expect our U.S. and international revenue mix to remain roughly at 60% and 40%, respectively. Turning to land and expand results. We continue to witness deal scrutiny persisting for many organizations with the upsell environment remaining challenging, resulting in 104% net dollar expansion rate down from 105% last quarter. Offsetting this was a positive growth trend in new business, achieving double-digit growth rate for the third consecutive quarter. As we continue to prioritize increasing market share in 2024, we plan to launch new customer acquisition campaigns and incentives in addition to streamlining sales cycle and operations with better use of technology and systems. In terms of product contribution to bookings, patch management and CyberSecurity Asset Management, combined made up 13% of LTM bookings and 23% of LTM new bookings in Q1. With the rapid pace of innovation associated with our TotalCloud CNAPP offering, our cloudsecurity solutions made up 4% of LTM bookings. We attribute the success to an increasingly complex threat and regulatory environment that underscoring the relevance of our enterprise TruRisk platform to holistically assess, manage and remediate risk. Turning to profitability. Adjusted EBITDA for the first quarter of 2024 was $69 million, representing a 47% margin compared to a 45% margin a year ago. Operating expenses in Q1 increased by 5% to $56.8 million, primarily driven by an 11% increase in sales and marketing investments. As we continue to increase our investment intensity and focus on sales and marketing enablement, customer success and productivity, we believe we will be able to drive wallet share and long-term returns while balancing growth and profitability. EPS for the first quarter of 2024 was $1.45, and our free cash flow was $83.5 million, representing a 57% margin compared to 48% in the prior year. In Q1, we continued to invest the cash we generated from operations back into Qualys, including $2.1 million on capital expenditures and $18 million to repurchase 105,000 of our outstanding shares. As of the end of the quarter, we had $265.7 million remaining in our share repurchase program. With that, let us turn to guidance, starting with revenue. For the full year 2024, we are now expecting our revenue to be in the range of $601.5 million to $608.5 million, which represents a growth rate of 8% to 10%. This compares to revenue guidance of $600 million to $610 million last quarter. For the second quarter of 2024, we expect revenue to be in the range of $147.5 million to $149.5 million, representing a growth rate of 8% to 9%. This guidance assumes continued deal scrutiny, resulting in a tougher upsell environment, partially offset by investments in the business to drive new customer growth. Shifting to profitability guidance. For the full year 2024, we continue to expect EBITDA margin to be in the low 40s and free cash flow margin in the mid-30s. We expect full year EPS to be in the range of $5.06 to $5.30 up from the prior range of $4.95 to $5.27. For the second quarter of 2024, we expect EPS to be in the range of $1.27 to $1.35. Our planned capital expenditures in 2024 are expected to be in the range of $13 million to $18 million and for the second quarter of 2024 in the range of $4 million to $6 million. Consistent with prior guidance, for the remainder of 2024, we intend to outline our product and marketing investments to focus on specific initiatives aimed at driving more pipeline, enhancing our partner program, expanding our federal vertical and supporting sales while maintaining a disciplined approach to unit economics. As a percentage of revenue, we expect to prioritize an increase in investment in sales and marketing as well as the related support functions, and people with more modest increases in engineering and G&A. In conclusion, in Q1, we delivered healthy top line growth and industry-leading profitability, while making progress in executing long-term strategic agenda. With our comprehensive risk management platform, delivering immediate time to value for our customers, we're confident in our ability to deliver on our growth opportunity long term and remain committed to maximizing shareholder value. With that, Sumedh, and I would be happy to answer any of your questions.

[Operator Instructions] Our first question will come from the line of Mike Walkley from Canaccord Genuity.

It's Daniel on for Mike. So it seems like that dollar retention came down a little bit to 104%. I think you guys called out the tough upsell environment despite the new or, I guess, improvements in new additions. Can you just provide maybe some color for us on what's impacting your upsell business and some of the changes you're making to make some improvements here?

That's a great question. So with existing customers who have invested with Qualys and other security platforms, they are continuing to work with us to, in many cases, sort of optimize the spend that they have done with Qualys continuing to get additional value. We talked a little bit about this last time, in some cases, they might be looking at adjusting some of the VMDR licenses, but bringing in patch management and cybersecurity Asset Management as part of that, which is where you see the percentage of bookings that are going up. So overall, in the longer term is good because it gives us an opportunity to introduce additional products in smaller quantities right now that will help us get the upsells to be better and increasing in the future. But currently, it is -- the review times are long as they have been and customers just continue to take longer to make decisions on larger projects where they're looking to bring on like a whole new product from Qualys. And that's where we are working with them to, first of all, make sure that we are putting some of our marketing engine behind, generating additional opportunities. We are doing a lot of CISO education right now. The CISO Connect programs we have recently launched have been quite helpful as we talk the language of risk management, which is really where our ETM platform is quite interesting for the CISOs, which is all of our CISO events recently have been completely overlooked because they really want to come in and talk more about how Qualys is going to help them with cyber risk quantification and being able to look at cyber risk holistically and then eliminate that. So there's a few things that we're doing on that side. But right now, while new business, we're seeing good execution, we do definitely see opportunity for us to execute better in the tougher climate that we are seeing for upsells with existing customers.

Great. And just as a quick follow-up, maybe, Joo Mi, for you. Maybe could you maybe walk us through some of the assumptions within your decision to narrow the full year revenue guidance spend?

Yes. The primary reason why we decided to narrow was because Q1 became in more or less in line with what we had anticipated at the midpoint of the revenue guidance. And the way we see it right now is, of course, we had hoped to do a little bit better with the net dollar expansion having ticked down by a percentage. And the underlying assumption for the full year revenue guidance is that we don't anticipate any material improvement and then the dollar expansion rate today. Especially because we do see continued challenges kind of at least continuing into Q2. So because of that, we're assuming that net dollar expansion rate stays as is or maybe took down a percentage. On the new business, though, we are seeing some trends, and we were pleased to see the traction in the business today. But law of smaller numbers. It is a smaller portion of our business. So even if it continues at the current growth rate that we see today, it won't have a material impact in terms of the uplift to revenue.

Our next question will come from the line of Shrenik Kothari from Baird.

So for Sumedh, you mentioned that you're looking to expand the federal business and expand the public sector presence and kind of hosting your first public sector conference. Just curious, like, can you elaborate on the traction of the GovCloud platform. So far what trends are you seeing there? And how has it performed relative to your expectations? And can you discuss like the opportunity that you see in terms of expanding it within the public sector?

Yes. Great question. Look, the opportunity in federal is definitely large, and we are really working towards investing in the right way so that we can take advantage of that opportunity. And so from that perspective, we have recently hired a leader for federal that we're happy about. We have expanded our federal team. We have hired somebody to focus on federal marketing. As you can see, we're really putting in place our first conference for federal, which already, we have over 200 people who signed up kind of more than what we were anticipating from a capacity perspective. So those are really positive signs in the last few quarters. We've talked about certain wins that we have had with government, federal government agency. So the way we look at that is it's an extremely small percentage of our overall bookings, and we have a good opportunity to grow in that direction. And so we're making the right investments. But of course, as it is with the federal market, it is something that takes time, and we are building the relationships with partners. As you can see, we signed up our federal partner that's taking Qualys and our patch management along with the VMDR. Two agencies we invested in the FedRAMP program. So we have already FedRAMP moderate, which we have a large number of ATOs from many government agencies that were providing us ATO. And then we are on track now working with the PMO's office to get our FedRAMP High final certification. We already FedRAMP high ready right now. And so once you get our FedRAMP High, certification which we anticipate towards the end of the year, that is something that will give us even additional opportunity to take our GovCloud platform a deeper into more agencies that are looking to go and modernize their infrastructure and go into a federal sort of a SaaS platform and move out of current very heavily on-prem solutions. And so with the FedRAMP High, that will enable us to be the only FedRAMP High vulnerability and patch management combined solution together that will be available for these customers. And as we saw with some of our federal wins as well, the reason for them to change out the current provider is because the current providers are only doing scanning and they have to have a separate patch management tool. So even in the federal government, some of the recent wins that we have seen have enabled us to feel confident in our direction so that we can continue to take the Qualys combined platform with patch management, et cetera. And that is something that federal agencies are also looking for to reduce their tools prov as well as expand into the cloud environment as well. So it's an area that we are continuing to invest. We're just at the very early stages of that investment, and we are pleased with the traction that we are seeing in this early stage.

Got it. Helpful. And quick follow-up for Joo Mi. So you mentioned that you guys, of course, plan to launch new customer acquisition campaigns. Can you elaborate who are you targeting? And where is your -- the increase in investment intensity in S&M going in? Is it going to be more focused on sales incentives geared towards new logos, much more headcount growth, partnership investments, of course, public sector. Just curious like how increasing the investment intensity there?

Yes. So our priority has been for a while to grow our new business. And it's part of the reason why we're really pleased to see the continued traction and the momentum. And the way we see it right now, where we've been really successful is on the enterprise side because that's where our strength is. However, we're pleased to see traction on both the enterprise and SME and SMB. The way we are trying to continue to invest to support that growth is, number one, we are planning to hire more sales reps to support that growth. And that's one of our initiatives. We are planning to increase our sales and marketing headcount by double digits this year as we had planned before. And so that hasn't changed. And number two, our partner channel, it's been really successful for us. We're seeing increase in investments in several different fronts, including the MSSP portal that we just announced as well as deal reg. It continues to be healthy, it continues to increase and are continued kind of revisiting the incentive structure, whether it's partner or direct to make sure that it's structured in a way to incentivize both direct and indirect sales force to really drive the new logo growth.

Our next question will come from the line of Patrick Colville from Scotiabank.

This is Joe Vandrick on for Patrick Colville. So it seems like cloud security is a big opportunity for Qualys. And you mentioned the CNAPP solution getting some solid market traction. Are you typically selling it as a bundle? Or are customers kind of deciding to buy each solution separately? And then part 2 of that question, are you seeing stronger demand within any one area of CNAPP for example, CSPM or workload protection or maybe something else?

Yes, that's a great question. Look, I think there is no organization out there that is cloud only. And so every time they look at their infrastructure, they have to do cloud and non-cloud assets together. And that's really where we see the advantage for Qualys is when they combine the VMDR capabilities on on-prem assets and then are able to use the exact same platform and expand that licensing into the cloud as well. It just makes it a lot more seamless. They get the benefit of higher volume pricing. And it gives them the ability to combine the risk from their cloud and on-prem platforms together in one place. And so from a -- and that's why it's interesting for us to see that. Even in our new logo lands, customers are starting to buy the total cloud solution combined with VMDR upfront in the first purchase itself. And so while it's early days, that's quite encouraging for us. We continue to work with our existing customers who have the VMDR to expand those capabilities into cloud, in some cases, they don't have any good cloud security solution. In other cases, we are displacing some of the cloud-only solutions because they need a visibility that is broader than that. Our pricing for the cloud solution, given that the assets are so ephemeral, agents are so ephemeral in the cloud environment. It allows them to be flexible with the way that they can consume the cloud licenses. And so that way they can use it for CSPM. They can use the same credits that they have purchased for container security, they can use the same for cloud identity. So the recent cloud identity module that we just announced is another expansion into the cloud-native platform. And so it's a maturity level question for organizations or organizations that are very early in the journey right now are focusing initially on the CSPM part of TotalCloud. Those who are more mature are also taking the workload protection part and then those who are going beyond that are also looking at other things like our ability to detect malware in the cloud in real time, our ability to expand uniquely into SaaS environments for SSP and which is also part of our TotalCloud where we can do SaaS posture assessment. And then now we are looking forward to getting these customers access to our cloud identity entitlement management as well. And so there's a lot that we are now focusing on driving both from marketing and sales enablement perspective for us to create more opportunities in the TotalCloud side, but we definitely are pleased with the conversations and traction we're seeing in the early days of this push that we are making across our sales force.

That's helpful. And maybe one for Joo Mi, if I could. How should we think about capital allocation priorities over the next year. It looks like you bought back $18 million worth of shares in the quarter, which is a bit of a step down compared to last quarter and last year. So just curious what it would take to see you get aggressive on share buybacks.

For sure, the buyback is based on the grid that we have in place right now. And we really think of it from the perspective of making sure that we can offset the equity dilution from the grants that we're making. And as you can see in the last couple of years, our dilutive also has been decreasing consistently incrementally. So the way we think about our cash and the utilization of excess cash is really -- looking into 2024, we are anticipating more and more M&A opportunities, especially at a valuation that we think that makes sense for us. And so we are going to be taking a look at potential acquisition targets opportunistically and then taking action on leveraging our balance sheet.

Our next question will come from the line of Joshua Tilton from Wolfe Research.

Can you hear me? I apologize for the background that I'm at the small cybersecurity conference called RSA.

We can hear you.

Two quick ones for me. The first one is just could you maybe talk about the billings growth in the quarter, whether that was -- how that shook out relative to expectations and how you see billing maybe growing for the rest of the year relative to the revenue guidance you just gave? And then my follow-up is great traction on the new customer -- the new growth customer side of the business. I think you called out 3 straight quarters of double-digit growth. How do we see that? Like where am I looking for that and what you guys disclosed so that I can kind of see this coming through in the numbers. And how -- and I guess is that on the partner -- is that coming from the partner side? Is that coming from the direct side? Just maybe a little bit more color on where that new customer growth is coming from how durable is it? And how I can better see it in the numbers.

Yes. In terms of current billings, 8%, we are hoping to do better. But honestly, I think that it's a fair representative of the business momentum that we see today because it does reflect the net dollar expansion rate having gone down by another percentage in Q1, offset partially by the traction -- continuing traction in the new business. And so I would say that if you were to look for guidance in terms of the calculated current billings for the full year, we would say it would be roughly in line with our revenue guidance today, which is 8% to 10% for the full year. In terms of the new business, the reason why we decided to talk about new business this quarter is because we are seeing a trend like 3 consecutive quarters is something that we thought was meaningful in us -- for us to talk about and disclose and majority of that is driven by our channel partners. So the growth is coming from channel partners. And I think that if you were to look at the magnitude of it, you can probably tell based on the current billings growth of 8%, net dollar expansion rate of 4%, the rest would be coming from the new business.