QLYS - NASDAQ

Ladies and gentlemen, thank you for standing by, and welcome to Qualys First Quarter 2025 Investors Call. [Operator Instructions] Please be advised that today's conference is being recorded. I would like now to turn the conference over to Blair King, Investor Relations. Please go ahead, sir.

Thank you, Michelle. Good afternoon, and welcome to Qualys' first quarter 2025 earnings call. Joining me today to discuss our results are Sumedh Thakar, our President and CEO; and Joo Mi Kim, our CFO. Before we get started, I'd like to remind you that our remarks today will include forward-looking statements, that generally relate to future events or future financial operating performance. Actual results may differ materially from these statements. Factors that could cause results to differ materially are set forth in today's press release and our filings with the SEC, including our latest Form 10-Q and 10-K. Any forward-looking statements that we make on this call are based on assumptions as of today, and we undertake no obligation to update these statements as a result of new information or future events. During this call, we will present both GAAP and non-GAAP financial measures. A reconciliation of GAAP to non-GAAP measures is included in today's earnings press release. And as a reminder, the press release, prepared remarks and investor presentation are all available on the Investor Relations section of our website. So with that, I'll turn the call now over to Sumedh.

Thanks, Blair, and welcome all to our first quarter earnings call. We are entering a new era for cybersecurity risk management powered by real-time data, automation and AI. Against this backdrop, we executed well in this quarter, resulting in a better-than-expected revenue growth, strong profitability, and solid cash flow generation. Fueled by customer insights, Qualys' mission is to bring innovative new security solutions to the market. With over 25 years of evolving our platform to meet the next generation of modern security challenges, we have established a strong track record of converting operational challenges into secular competitive advantages while maximizing lifetime value, ensuring frictionless outcomes at scale and driving immediate ROI on security spend. In doing so, we believe we have built a new security industry paradigm, which today leverages our powerful real-time data processing capabilities across more than 18 trillion data points on a natively integrated platform to help organizations streamline their cybersecurity risk management program with the Risk Operations Center, ROC. While a security operation center SOC is used for detection of threat actors after a breach, the ROC is needed by organizations for proactive risk management to reduce the chance of breaches by deploying the cyber budgets where the highest risk of loss is. Unlike other CTEM solutions that only reveal exposures without providing effective remediation, Qualys' cloud-native Enterprise TruRisk Management, ETM solution is purpose built to deliver a single comprehensive AI powered orchestration layer unifying security findings from multiple Qualys and non-Qualys sources to implement an effective ROC. By unleashing the scale of the Qualys platform, we inject data from multiple sources, including Tenable, CrowdStrike, Wiz normalize risk signals enriched with threat intelligence, analyze adversary behavior, and provide organizations with actionable enterprise wide insights to prioritize and remediate cyber risk through a common language of business context and financial impact. This holistic approach uniquely ensures organizations not only understand their cyber risk in quantifiable terms, but can take immediate action to reduce the risk that matters the most. With prospects of POCs more than doubling from last quarter and over 25 active POCs already underway since launching of GA short while ago, we continue to see many parallels between this new market opportunity and the early days of VMDR launch, including significant greenfield opportunity and a growing demand. Embracing this momentum in the market, we further evolved our ETM solution through an expanding ecosystem of remediation solutions. In doing so, we have advanced our TruRisk Eliminate agenda by enabling organizations to amplify third-party remediation tools with security insights from Qualys to prioritize patching or activate other compensating controls available through the Qualys platform. With this latest innovation, organizations can soon leverage a unified Qualys workflow with end-to-end automation, CMDB, and ITSM integration to prioritize rapid remediation across all environments from their patching vendors of choice. This is a strong competitive differentiator for Qualys, further neutralizes IT and SecOp procurement friction, and significantly expands our market opportunity by going well beyond patch management. Continuing this rapid pace of innovation, we're expanding our Qualys TotalAI and TruRisk capabilities to help organizations address the evolving threats associated with LLMs. With this latest release, TotalAI brings full visibility across ML supply chains, data, applications, and pipelines to detect malicious code, policy violations, and advanced multimodal exploits hidden within images, audio, or video files. By enhancing our AI Security Posture Management AI-SPM with native internal LLM scanning, expanded jailbreak detection, and seamless integration into MLOps pipelines, we're equipping security teams with the agility and insight needed to protect modern, AI-driven workloads from development all the way through runtime while building what we believe is the most advanced AI security solution available in the market. In addition, with the launch of Policy Audit and Audit Fix, we are also now providing organizations of all sizes with the ability to streamline audit operations by providing audit-readiness reporting and automated evidence collection across 450 plus technologies and over 1,000 out of the box audit processes for frameworks like PCI, NIST, DORA, HIPAA, et cetera. This solution addresses a growing area of focus and cyber spend for CISOs as they are under pressure to ensure the organizations don't fail audits and at the same time reducing their spend in audit readiness with automation in not only detecting gaps but automation and also fixing them. Moving to our business update. We've hosted several risk quantification workshops attended by many of the most forward-thinking CISOs around the world in recent quarters, and the message is clear: Organizations are increasingly anchoring pre-breach cyber spend to quantifiable risk reduction in their business, which is easily articulated to Boards and business partners. CISOs want a platform that speaks a unified language of risk, while letting their teams choose their own tools within various components of the stack rather than trying to consolidate multiple vendors into single platform. This requirement necessitates a centralized risk fabric that seamlessly unifies the underlying tools of choice to effectively measure, communicate, and fortify an organization's risk posture while reducing complexity, operating costs, and time to reduction -- time to remediation. As a result, our technologies are not only fueling new logo lands, but also helping to increase broader platform adoption, especially in the areas of VMDR, cybersecurity, asset management, patch management, cloud security and increasingly the ROC delivered through Qualys' ETM solution. With thousands of customers consolidating on Qualys Enterprise TruRisk Management platform, let me share a couple of recent wins, which illustrate why these companies are turning to Qualys to help unify their security tools, quantify as immediate cyber risk in their environments and achieve better security outcomes. First, an existing Global 100 multi-national media company with a rapidly growing multi-cloud and container environment determined that managing siloed tools added complexity to their operations, lag integration and misdetection while hindering their ability to assess risk and centralized remediation. This customer chose Qualys to transform siloed risk factors spanning core repositories, endpoints, identity, cloud container, IT, IoT and network assets into a cohesive real-time risk management solution by consolidating Qualys and non-Qualys data. This included purchasing eight Qualys modules and deploying ETM to begin operationalizing their ROC and consolidating ingested data from WIS resulting in a seven-figure annual bookings deal, including a mid six-figure TotalCloud CNAPP upsell. We are now quickly migrating numerous data sources in the Qualys platform and delivering a vendor agnostic orchestration layer with full visibility of the attack surface, centralized risk assessment, quantification prioritization and remediation while unleashing the operational efficiencies of security stack consolidation. Looking ahead, this customer is now in the process of planning to power its ROC with ETM across 30 separate entities worldwide. Further advancing our TotalCloud CNAPP momentum is another marquee seven-figure annual bookings win with a Global 50 financial services company. This existing customer launch initiative to strengthen its cloud and container security solution against advanced threats, closed security gaps and remediate risk with ITSM integration through a single dashboard. It also needed to meet increasingly stringent global regulatory requirement and extended its on-prem visibility to multi-cloud and container environment. Through its evaluation, this customer chose our TotalCloud CNAPP solution and is now leveraging the Qualys Enterprise through risk platform for complete visibility across this entire attack surface to quantify and prioritize risk reduction initiatives and increase operational resolution and compliance. Our growing leadership in the cloud market was further evident in GigaOm radar report ranking Qualys as a leading outperformer in cloud workload security. With customers beginning to perceive Qualys as a leading risk management platform that consolidates and orchestrates multiple security solutions and workloads, we are growing increasingly confident in our ability to drive long-term growth and gain market-share. This confidence was again bolstered in Q1 as customers spending $5,000 -- $500,000 or more with us grew 6% from a year ago to 203. Consolidating workflows isn't just happening with customers, it's also embraced and prioritized by our partners, underscored by an increasingly strong mix of new business and significant growth. As we continue to endorse a partner-first sales motion, partner-led deal registration increased again in Q1. In addition, we have now certified six leading partners who are actively marketing the delivery of fresh new Managed Risk Corporations, mROC services and just beginning their efforts to capitalize on a centralized and automated approach to pre-breach risk management on top of ETM. Further advancing our momentum toward a global ROC ecosystem, we look forward to certifying a few additional strategic partners in the months ahead who have already demonstrated a firm commitment to spearheading these new initiatives with Qualys as their mROC partner of choice. And finally, as the Federal government seeks to show efficiency and replace outdated and costly on-prem deployments from years past with modern cloud-native risk management solutions, we're especially excited to host our second annual Federal conference in Washington DC toward the end of this month. We've recently made good progress advancing our FedRAMP High certification status, and we continue to believe we're on track to achieve the authorized milestone later this year, fueling a new leg of growth for the company. In summary, Qualys is increasingly well armed with fresh new capabilities to further strengthen our strategic position as the partner of choice for customers ready to centralize their response to cyber risk, solve modern security challenges, and reduce costs. Looking ahead, we believe we'll continue to outpace our competitors, extend our leadership in the market, and build upon a already strong foundation to drive durable long-term growth in the business. With that, I'll turn the call over to Joo Mi to further discuss our first quarter results and look for the second quarter and the year ahead.

Thanks, Sumedh, and good afternoon. Before I start, I'd like to note that, except for revenues, all financial figures are non-GAAP, and growth rates are based on comparisons to the prior year period, unless stated otherwise. Turning to first quarter results, revenues grew 10% to $159.9 million. The channel continued to increase its contribution, making up 49% of total revenues compared to 45% a year ago. As a result of our continued commitment to leverage our partner ecosystem to drive growth, we were able to grow revenues from channel partners by 19%, outpacing direct, which grew 2%. By geo, 16% growth outside the U.S. was ahead of our domestic business, which grew 6%. U.S. and international revenue mix was 57% and 43%, respectively. In Q1, we were pleased to see some improvement in our gross retention rate. However, growing macroeconomic uncertainty toward the end of the quarter presented an increasingly challenging upsell environment with our net dollar expansion rate at 103%, unchanged from last quarter. In terms of product contribution to bookings, Patch Management and Cybersecurity Asset Management combined made up 15% of total bookings and 24% of new bookings on an LTM basis. Our Cloud Security solutions, TotalCloud CNAPP, made up 5% of LTM bookings. We credit this momentum to customer demand for a more comprehensive and contextual understanding of their expanding attack surface, supported by seamlessly integrated risk management and remediation workflows across all environments within a unified platform. Turning to profitability. Adjusted EBITDA for the first quarter of 2025 was $74.8 million, representing a 47% margin, in line with last year. Operating expenses in Q1 increased by 10% to $62.5 million, primarily driven by investments in sales and marketing, which grew 15%. Demonstrating our ability to innovate and invest in our long-term growth initiatives while remaining capital efficient, EPS for the first quarter of 2025 was $1.67, and our free cash flow was $107.6 million, representing a 67% margin, compared to 57% in the prior year. In Q1, we continued to invest the cash we generated from operations back into Qualys, including $2 million on capital expenditures and $39.6 million to repurchase 292,000 of our outstanding shares. Since commencing our share repurchase program in February of 2018, we've repurchased 9.6 million shares and returned nearly $1.1 billion in cash to shareholders. As of the end of the quarter, we had $303.8 million remaining in our share repurchase program. With that, let us turn to guidance, starting with revenues. For the full year 2025, we expect revenues to be in the range of $648 million to $657 million, which represents a growth rate of 7% to 8%. This compares to prior guidance of $645 million to $657 million. For the second quarter of 2025, we expect revenues to be in the range of $159.7 million to $162.7 million, representing a growth rate of 7% to 9%. While we believe our platform approach to cyber risk management provides some insulation amidst ongoing macro volatility, this guidance assumes increased budget scrutiny and a more challenging environment for new business growth in 2025. Shifting to profitability guidance. Given our strong Q1 performance, for the full year 2025, we expect an EBITDA margin in the low-to-mid 40s, implying a 15% to 17% increase in operating expenses and a free cash flow margin in the mid 30s. We expect full-year EPS to be in the range of $6 to $6.3, up from prior range of $5.5 to $5.9. For the second quarter of 2025, we expect EPS to be in the range of $1.4 to $1.5. Our planned capital expenditures in 2025 are expected to be in the range of $8 million to $11 million, and for the second quarter of 2025 in the range of $1.5 million to $3 million. We continue to believe organizations will increasingly adopt cloud-native full stack security and compliance coverage to meet the demands of today's threaten landscape and reduce costs. As the impact of the macro-economy is still unfolding, we are closely monitoring the business environment and adjusting our priorities accordingly. That said, considering the long-term growth opportunities ahead of us and our industry leading margins implying further room for investment, we intend to continue to responsibly align our product and marketing investments to focus on high impact initiatives aimed at driving more pipeline, accelerating our partner program and expanding our federal vertical. As a percentage of revenues, we expect to prioritize increased investment in sales and marketing and engineering with a more modest increase in G&A, consistent with our commitment of balancing long-term growth and profitability. With that, Sumedh and I would be happy to answer any of your questions.

[Operator Instructions] And the first question will come from Jonathan Ho with William Blair. Your line is open.

Hi, good afternoon and congrats on the strong quarter. I just wanted to maybe understand a little bit better what your thoughts are around the macro-environment, perhaps what you're seeing from customer spending so-far and maybe what underpins your confidence to tighten the guidance range a little bit higher?

Yes, I would say that at a high-level, what we're seeing is similar to what we've seen in the last couple of years where cybersecurity still continues to be an important aspect of risk management for the company, and there is continued focus. However, as we have seen, there is more scrutiny on the spend, ROI of the spend is important and we're seeing longer cycles because people are taking longer time to make the decision. So I think that is what we continue to see right now, of course, given more recent changes, there is a little bit of uncertainty, I would say. And so a little bit of that is factored into how we're thinking about the rest of the year, though we haven't particularly seen anything specific yet. We're just being prudent about sort of what we see now and a little bit of expectation around people scrutinizing things a little bit more and continuing to inspect budget spend, not just in cyber, but overall budget spend across the board with everything.

Got it. And then just in terms of your discussion of the rock, can you talk a little bit about how that works from a customer journey perspective, what they maybe add to their existing solutions and what that looks from a -- looks like from a financial perspective? Thank you.

Yes, that's a great question. I think really where everybody is struggling right now is all their investments across multiple tools are generating tons and tons of risk signals and we routinely see that if you take vulnerabilities as an example, less than 95% of those vulnerabilities are -- or I would say like less than 5% of the vulnerabilities are even have some form of potential immediate attack vector. And so customers, as they are trying to figure out how they don't end up with 10 different consoles from 10 different solutions when they look at risk, what we're seeing is our ability to take the risk operation center idea of consolidating all assets from all tools, all findings, applying threat intelligence, providing contextual from a business perspective, adding dollar values to the business potential loss that they could have and then providing remediation plans as well as board reporting is what is sort of the journey of a risk operation center and it starts with consolidation of assets. And for us, what we are seeing with ETM, we're able to walk into customers who today have multiple solutions and not necessarily start off with a conversation of replacing something that they have. And so I took some of the vendor names that we are currently pulling data from. And so we're able to say, look, if you have this particular VM solution, if you have this particular integration solution, if you have this particular identity solution, you can keep that. We can ingest the data from these tools and provide you a higher-level visibility of what your actual risk is that is aligned with your dollar value risk from your business entities that you have and then provide you reporting that you can take to the Board and also to IT teams in terms of prioritizing what is the most important thing that they need to fix. And what we're finding is that this approach is helping them partner with the IT team to not spend time on fixing hundreds and thousands of issues that actually are not exploitable or not attackable right now. And so this is actually creating potential cost-savings for the company in terms of not wasting developer and our time as well as not wasting IT team's time on fixing things that are not immediately actionable and then going back and focusing on the things that are immediately actionable. So from a customer journey perspective, they look at it as something that layers on top of what they have, so they don't need to work through a replacement plan and they essentially pay an additional amount to Qualys for the cost-saving that they end up getting in terms of consolidation and not having to waste time on fixing things that are not important. And so they are able to walk in and make a case for additional budget for risk operation center because they see the savings that are coming out from the outcome of the risk operation center.

Got it. Thank you.

And the next question will come from Patrick Colville with Scotiabank. Your line is open.

Thank you guys for taking my question. I guess let me just ask one to Sumedh and Joo Mi. I mean in your prepared remarks, there was a comment that macro at the end of the quarter was a challenge. Did that -- I mean, were there any deals that pushed at the end of 1Q into 2Q or pulled? Or was that comment kind of in isolation and didn't have an impact on current billings?

Yes, there wasn't any material deals that was pushed or pulled in the current quarter. That was more of the commentary around the fact that like, let's say, a customer that was set to renew in the quarter, we had anticipated a higher upsell rate potentially from that customer increasing their spend with us. We saw some pushback. And so that doesn't necessarily mean that it's a push. It's going to be closed in Q2. It's in the quarter impact I was calling out.

Okay. Crystal-clear. And congrats on all these some terrific announcements made by Qualys at RSA conference. I want to actually touch on the announcement made by a competitor, best-known for endpoint security, they GA the product expanding into network-based VM. I mean, would you mind just commenting on like your thoughts on -- I guess, are the cybersecurity players moving into network-based VM and how Qualys is defending against these guys? Thank you.

Yes, great question. And I think we're actually pretty happy to see that competitors are acknowledging that their current solutions, which are agent-only are not enough to give customers a full view of what their overall attack surfaces from a vulnerability perspective. And so while we haven't really seen that solution with any of our current customer engagements or prospect engagements, we've heard about it. To me, I think as I had mentioned earlier, and even going back four or five years ago, Qualys really has been talking about the evolution of vulnerability management and less about finding more vulnerabilities that you're not able to fix and more about focusing on the ones that actually matter to the risk and then actually helping them remediate and so our focus really has been about how do we help them prioritize and remediate the findings rather than just finding more findings which are not being fixed anyway. And to that extent we are taking data of those findings from the competitor and providing customers a higher value capability around taking that information, which is just a big blob of findings that are hard to decipher and adding the right context. With over 20 plus years of significant research that we have done in vulnerabilities and vulnerability exploitation and using that to provide additional value on top of that. And so I think it's really leading to the customer having the choice that they can either use Qualys or if the other solution is something that satisfies their need for that particular environment, we will still be able to take that data. And we're already seeing consuming data from competitors. So I think when the solution comes out, we will take a look at it and see how our customers feel about that. But having said that, we're not dependent on the customers leveraging Qualys scanner necessarily to find the vulnerabilities as we move forward with our focus on risk operation center and ATM.

Yes, that's very clear. And keep up with good work. Thank you so much.

And the next question comes from Kingsley Crane with Canaccord. Your line is open.

Hi, thanks for taking the question. I appreciated your comments on TotalAI. Curious how you would characterize the competitive market in AI/SBM? And then how do you think security budgets are going to play out with respect to that market? Do you think that they need to lag as we wait for more upstream adoption or are you already seeing some nice uptick? Thanks.

Great question. I right now, everybody seems more in the exploratory phase rather than obviously there are some very, very early adopters. But I think overall, we feel like a lot of customers are just trying to understand the risk vectors that are coming out from potentially AI, they are looking at what are the solutions out there. So I don't think this is more of a competitor thing as much as an educational phase that customers are going through as they're looking at various AI security solutions that are out there and trying to figure out where within the AI joining is the place that have the maximum risk from a business perspective that they need to mitigate. And so we have had some great conversations around TotalAI. We already have a couple of customers that are engaged with POC with us on TotalAI in terms of being able to focus in on LLMs that they're going to put out. And now with our new announcement that we will -- they will be able to run LLM scans within their dev environment means that they can actually test these LLMs in the pre-production before they go out. And the dynamic that is playing out right now is IT teams are ready to say, hey, here's a few LLMs we are ready to go to production with, they're asking the security team for a sign-off before they go and the security team doesn't necessarily have a good knowledge or idea of what they can do from a sign-off perspective. And so with the Qualys TotalAI solution, it's like a point and shoot scanner, you pointed at the LLM, it gives you a green, yellow or red signal to say whether this LLM is good to go or not. So that's the dynamic in terms of people who are evaluating, looking at it and trying to figure out. I think the second dynamic is given that overall security budgets are not increased significantly even with the onset of AI, people are in the mode right now of trying to figure out what the potential loss that they could have from an AI security related incident perspective and then using that this year to formulate their ask for budgets for next year. So while we will continue to see more interest and more adoption in terms of POCs this year and maybe a few customers signing out for a few more AI related scans, I think this is a journey that is going to take a couple more years where people really have to go and make the case for why they need additional budget for AI security and then the willingness of the business to give them additional versus asking them to adjust against existing budget that's been allocated to them. I think that remains to be seen.

Thanks, Sumedh. That's really helpful. And then for Joo Mi, a quarter ago, we were looking at EPS guidance that was down year-over-year and now we've meaningfully raised it this quarter. I think the midpoint is roughly flat from last year. But can you speak to what went into the change over the past quarter? I think last quarter you had called out investments in data centers and aligning some product marketing with to break into federal. Just kind of curious any specific points that have changed? Thanks.

Yes. Last quarter, the guidance was informed by our annual planning. And so what we like to do is we'd like to set aside the sufficient funds to be able to execute on the priorities that we had set at the beginning of the year. And as we move through the quarter, you see that our EBITDA margin came in at 47%, with our sales and marketing growing by 15%, which is a healthy growth in and of itself. But with that said, looking back at Q1 performance and achievements and the initiatives that we have set for ourselves for the rest of the year, we felt that the growth right now we're expecting on the OpEx is more along the lines of 15% to 17%. What we've seen a great success or traction in is in our ability to work very closely with our partners, which may not really translate to a significant increase in sales and marketing spend this year. And so that kind of speaks to why the margin contraction is not as significant as what we had anticipated at the beginning of the year.

Okay. Helpful. Thank you.

And the next question comes from Rudy Kessinger with D.A. Davidson. Your line is open.

Hi, thanks for taking my questions. I saw the LTM 500K plus ACV customer count actually dropped by four versus Q4. One of your competitors had called out a record quarter of seven-figure deals. At the same time, I heard you guys call out, I believe, improved gross retention. So were there any large customer losses or some downfall that push customers below that threshold or just any comment on that?

Hi, Rudy, nothing out of the ordinary to call out for. Our win rates have been stable and as you saw, we improved our gross retention. And so that metric you talk about is an LTM metric. And so we continue to see in some quarters, sometimes customers might have a downsell bit that has been offset by a larger upsell with another customer or we might -- that sometimes can drop them below the 500K. But again, I think we're good -- we're glad to see that there continues to be growth in that area and -- year-over-year and from our perspective, we're glad to see that with our focused efforts, we're seeing some good incremental improvement in our retention.

Got it. Okay. And then Joo Mi, for you, apologies, I joined the call a bit late. I just want to understand maybe some of the increased conservatism in the guide for the macro for the remainder of the year. I guess, are you now expecting net retention rate to maybe come down a point or two versus kind of staying flat at the 103%? And what are you expecting on the new book -- new logo bookings standpoint for the rest of the year, I guess, versus prior guidance and versus last year?

No material change as indicated by their annual revenue guidance, Rudy. Right now what we're seeing in the business today is at the end of the -- close to the end of the quarter, we did see some push down and some impact from the macro. And what that resulted in is even with the lower than what we would have liked the upsell rate to be, it was more than offset by the fact that our retention rate was a little bit better. And so all in all, we did end the quarter at 103%. So we're assuming 103% will pull throughout the rest of the year. We do expect to continue to see some headwinds in the new bookings and its ability to contribute to revenue growth. And hence, we're guiding to a revenue growth rate of 7% to 8% for the full year.

And the next question comes from Trevor Walsh with Citizens. Your line is open.

Great. Hi, team. Thanks for taking the questions. Sumedh, maybe for you, could you just walk us through how you're thinking about the MROC kind of rollout with partners and how you're gaining mind share with them when they've got a lot of different managed services that they are probably trying to bring to market? And then kind of with that, why not -- why just kind of the six to start? There's probably a lot of other players you go after out there to partner with. So is there kind of more to follow or how you're thinking about just onboarding of those? Thanks.

Yes, that's a really good question. And we're pretty excited about this because as you know, the last three years or so, we have really been focused on a partner strategy and a partner-first strategy and you can see that in the numbers and the way the business is moving more towards partners. And so part of that, we really felt like we wanted to do something that was meaningful to our partners and wasn't just about a few points here or there in terms of resell. And when we talk to some of the partners, as you said, they are -- have managed services today, but a lot of their managed services are around MDR, which is becoming more and more commoditized or price-sensitive because everybody is offering some sort of an MDR service. However, MDR services are post-breach detection, right? Is there somebody in my environment or that I can detect and be able to alert and take action by looking at data from all of the different tools and that's a different architecture. What we talk -- when we talk to our partners, they felt like they did not have really great services from a managed service perspective other than sort of point solution type services for scanning service as a managed service or patching as a managed service. And so when we introduced the concept of a risk operation center, it was also pretty clear that the implementing the risk operation center, we have a great platform that we have with ETM that consolidates all these findings. However, the customer does need help with risk quantification, putting dollar value terms in terms of how their business is evolving with the risk card, they need some help with connectors, they need help with actively monitoring risk because today the issues they have millions and millions of findings, which out of those once Qualys has prioritized truly actually impact their environment by looking at their environment, so sort of a risk monitoring service and then ultimately a risk remediation service. And so these are fairly new services that most MSSPs don't have when we talk to them. And so they were excited about the ability to launch new or different services in the market rather than just launching another MDR, which is pretty saturated. So -- but from that perspective, we wanted to work closely and prioritize with the partners that truly understand the vision and are investing together with us in terms of their resources, hiring the right people on their side for quantification-type services and working with us to provide a tightly bundled service. And so today, we focused on those first six. These are the launch partners. There are a few others we're talking to as well. And ability -- the excitement for them is, can they make a few more dollars of services on a dollar of Qualys ETM that they sell is the exciting part for them. So we are going to continue to work with selected strategic partners that are really working closely investing rather than just sort of making it available on the shelf and they are reselling. So that's really the focus. And our thought there is that mROC partners will be more excited to bring more customers to Qualys because that will allow them to create more dollars of services versus maybe a competitor who is competing with them on services or offering professional services and does not provide a lot of capability to add additional services on-top of just reselling. So it's a very strategic move for us and we're excited to see globally multiple partners actually signing up and excited about this.

Awesome. That's great. I appreciate all the color there. Joo Mi, maybe just one quick follow-up for you kind of along the same lines. I think last quarter you had mentioned some gross margin pressure as these partner programs are rolled-out, but it looks like at least from just the results in this quarter that you were a little bit ahead of kind of where expectations generally were around gross margin. So was that just a function of maybe these partner programs still kind of basically still launching and so you're not seeing the kind of added gross margin requirements there? Or do you have kind of a new perspective on kind of where gross margin should track kind of heading into the rest of the year?

Yes, we had talked about the gross margin contraction, primarily due to the data center operations investments that we plan to continue to make throughout the year. So that really hasn't changed from the pressure on the partner side, I think that we've ever actually seen it. We don't expect it to be material. If you take a look at our revenue, it continued to tick-up with 49% of our revenue coming from the channel side. And so from that perspective, unless there is any meaningful change to the pricing or incentive program, which we don't foresee for this year, we kind of see no impact on gross margin due to our partner initiatives.

Awesome. Thanks both. Appreciate the time.

The next question comes from Joshua Tilton with Wolfe Research. Your line is open.

Hi guys, thanks for taking my questions. I have two, and I also apologize if they've been addressed just jumping around on a few calls tonight. My first question is on billings. I think it's kind of been asked a few times, but I'm just going to be a little bit more direct. Was the billings growth that you saw in the quarter like in-line below or above your expectations for the quarter? And then going-forward, how should we think about billings growth relative to revenue growth and specifically 2Q given the interest income from last year?

Yes. Current billings, because we don't manage to it, we don't really have the necessary expectations for the current quarter. But what we did comment on is, last quarter, we did expect current billings to be more or less in-line with the annual revenue growth rate guidance of 6% to 8%. So 7% current billings for the quarter wasn't a surprise to us. And I would say that even though we don't actively manage to it, if you were to look for a color for the annual current billings growth, it will be more or less the same as our prior guidance of 6% to 8%.

Super helpful. And maybe just one follow-up here. I think in response to a question about the bottom line beat, you talked about how your plans for the year talked about some potential investments that you guys are going to the year setting yourself cushioned for in case you can execute. I guess from your perspective, like what would it take to ignite growth on the direct side of the business to kind of trend towards or be more in-line with what you're seeing on the partner side?

I think for the direct side of the business, we are not expecting an acceleration on that side just because we are taking the partner first approach for this year, whether it's from a new business perspective as well as existing customer perspective. So what this year we're really focused on is making sure that we're building the channel partner team in-house as well as working closely with our top partners to come out with different programs and initiatives so that they can help us with lead generation as well as us kind of discussing with them for our existing Qualys customers who are currently direct with us where it makes sense for them to go indirect, where the partners could add more value. And so for us, it's about the partner kind of driving growth versus trying to moderate the deceleration on the direct side.

Makes sense. Thank you, guys. I appreciate it.

And the next question comes from Shrenik Kothari with Baird. Your line is open.

Hi, congrats team. Thanks for squeezing me in. Again, it was running a bit late. So apologies. Sumedh, you disclosed the TotalCloud CNAPP kind of now 5% of bookings and a mid six figure CNAPP deal in that seven-figure analyzed deal. So can you help kind of break-down the elements of that win? How are you differentiating and what is arguably audit space with? And did the -- I believe you said the audit readiness message, integrated risk, all of that is serving as a key wedge. So just curious how this translating to wins and how fast overall the CNAPP is growing and is it mostly greenfield? And then I had a quick follow-up.

Yes, we are still early days with the cloud solution. I think we're happy with having increased that 5% LTM as a percentage of our bookings again shows that our solution is at the level our investment in getting our sales force trained and our partners working with us is working even though it's early days. As you said, the market is crowded. I think customers have different requirements. It's not that every customer has the exact same requirements for cloud. And what we see is that there are times when customers prefer to take the program that they have built with Qualys in all these years. And also from the auditor perspective, just expand that into the cloud. In some cases, they might want to go with some other provider for some part of the cloud and still continue with Qualys on the workload side. So today, our approach really is we have a pretty mature solution now that is offering all kinds of different capabilities, including CSPM, including identity, cloud identity management. We have attack path in our toxic combination. So we're seeing those wins when we're going head-to-head depending on what that particular customer wants. In some cases, we see the customers adopting Qualys for one part of the environment and maybe somebody else for CSPM. I think the exciting thing for us is that with the ETM risk operation center solution, we have customers where they might be using a different cloud provider for part of their cloud estate and we're actually now able to bring the data from that cloud provider in Qualys to give the customer a unified view of all of their different capabilities, whether it's on laptops, whether it's on their on-prem environments, whether it's on their cloud. They are able to see a unified view of the risk. And so for us, whenever it makes sense for the customer to leverage our cloud-native solution, we're working with them. In some cases, it's a partnership with other providers and in some cases, they are using other providers. We're still able to look at production revenue from them because we're pulling the findings and data, adding meaningful context to the vulnerability and misconfiguration side of it. And to your point on the audit readiness, this is what we see as a big area of focus and spend for CISOs where part of it is on risk management, other part of the spend for budget for them is around audit readiness, ensuring that they don't fail audits because that's fully within your control as organization to make sure that you don't fail your audit by putting the right controls in-place. And so the audits are costly and they -- whether it's cloud -- in the cloud or whether it's on-prem and the amount of work that goes into manually collecting evidence and once the auditor is on board, then they go and ask you to find some data. So we're seeing the combination of Qualys, not just about finding buckets, but also helping them put the findings in the bigger context of risk, but also in the context of audit readiness so that they can be completely prepared for audits, is helping drive that focus on saying, well, maybe we should just leverage the Qualys plug-in for cloud security. But if it's not and they have something else, we're more than happy to take the data which we're already seeing in the current POC where we are taking data from other cloud providers already and giving the customer single view.

Got it. Thanks a lot, Sumedh. Very helpful. And Joo Mi, just quick follow-up to some of the previous line of questioning and you have definitely add on to the longstanding margin discipline targeting, of course, low 40s EBITDA margins. Just as you're shifting your bookings overall towards high-value kind of module CNAPP patch management, just curious like how are you deciding and also Sumedh, feel free to chime in as kind of how to deploy the incremental OpEx along the lines of kind of new sales leadership, kind of investments in TotalCloud which is, I think to accelerate that, just broader S&M and product. Just curious how you're thinking about it?

The way we're thinking about it is at the beginning of the year, we do go through the number of initiatives, whether it's from a product development standpoint, the engineering effort, the investments that we have to make on the R&D side as well as operations and data centers in addition to the sales and marketing, the go-to-market, it's basically based on what we think that we'll be able to achieve in the current year, what the goals we've set-up for ourselves and then the risk-weighted adjusted targets, does that make sense. And then because of that, we have set us aside significant flexibility for us to execute on a number of initiatives we have the bandwidth to do it. Aside from that, we did take into consideration that if we were to onboard a new CRO, there will be some kind of reevaluating, some of the initiatives we want to make sure that we have enough funds available for us to make some of that that are appropriate for our business today.

Got it. Appreciate it. Thanks a lot.

The next question comes from Yun Kim with Loop. Your line is now open.

Thank you. Hi, Sumedh. On your channel strategy around MSP partners, how long does it take for these MSP partners to ramp? And then also, are these MSP partners that you're initially focused on, are they targeting certain customer segments like primarily targeting SMB or mid-markets?

Yes, look, these are new services, right? This is not like MDR, but it's a well-known service. So as they are ramping up, they are also figuring out on operationally on their side, what are the investments that they need and they are making those investments to make sure that they're able to work with the customers that need this kind of a view. So there is excitement around that. I think the time it takes, we're already engaged with a couple of partners who are part of these POCs who brought up these POCs. So we're seeing the excitement and we're seeing that engagement already. And I think the -- what was the last part of the question? I forgot, sorry.

Just are these partners kind of focused on certain customer segments like are they primarily targeting SMB or mid-market?

Yes. I think the -- overall, I feel like the risk operation center solution would pretty much work for anybody who has more than three security solutions, which is pretty much everybody at this point. However, I think the number of findings and the amount of triage that they have to go through to figure out those findings, I think that is a lot more of high priority for the larger customers right now. So most of the POCs that we see engagement are of large enterprises that have multiple tools, multiple solutions and are really struggling to convince their IT teams to focus on fixing things as well as they are struggling with showing ROI of large spend to their CFO and to their Board. And so that's kind of where we are seeing commercial target focus for these customers through their MSSP is the large customers that have a bunch of these large tools and a large number of assets.

Okay, great. Thanks for that. Hi, Joo Mi, if you can remind us how renewals are lined-up for the rest of the year, do you expect the typical seasonal pattern like we saw over the last couple of years or do you see certain renewals kind of shifting between first half and second half?

Yes, I would say assume the same seasonality as the prior year.

Okay, great. Thank you so much.

The next question comes from Rob Owens with Piper Sandler. Your line is open.

Yes, good afternoon. Thanks for taking my question. Just a quick one on geographic mix. And I guess more so from the standpoint, if I look over the last year, North America has been very soft for you guys, growing low-to-mid single-digits, while internationally, you've actually put up some pretty reasonable results. Can you just parse your success internationally and why domestically it's been so difficult for you guys? Thanks.

As I said at the high level, international tends to be more partner oriented business. And as we are focusing more on working with our partners and channel partners and moving business with them, we're naturally seeing a bit more success where already it's a much more partner oriented things. I think we do see opportunity for continuing to improve our execution in North America with our partners. And so that's where part of the mROC services and aligning up with creating abilities for them to be able to provide more services around Qualys can be that -- that sort of a catalyst that we are working with them to see if as we bring them -- we bring our existing direct accounts in North America to them, how do we do a gift to get where they're able to bring us additional new business that we don't have today in return from moving some of these customers to them. So those are the motions that we're going through right now and we're looking-forward to executing on some of these and improving how we can get this business in North America as well.

Thank you.

And our next question comes from Oscar Saavedra with Morgan Stanley. Your line is open.

Hi, thank you for taking my question and congrats on a great quarter. Joo Mi, regarding partners, can you give us an update on performance in terms of need generation and pipeline generation, how has that been tracking against your internal expectations? And when we think about the guidance, to what extent is it assuming that that continues to improve or is it assuming still similar to what you're seeing in the current quarter? Thank you.

Yes, we've been satisfied with the progress that we've been making on the partner side. Relative to the direct business, we've seen like pipeline increase success in increasing the deal reg. In our guidance, what we're kind of assuming is not a meaningful improvement from what we see today. It's kind of stayed the course, given that we are expecting increase in budget scrutiny given the macro. So we've adjusted, we've taken that into consideration when setting guidance. But with that said, we are very happy with the progress that we're making with partners. We kind of are hoping that once the macro improves, we will see meaningful improvements there.

Very clear. Thank you very much.

There are no further questions at this time. This does conclude the Q&A session and today's conference call. Thank you for participating, and you may now disconnect.