VRNS - NASDAQ

Greetings, and welcome to Varonis Systems, Inc. First Quarter 2024 Earnings Conference Call. [Operator Instructions] As a reminder, this conference is being recorded. It is now my pleasure to introduce your host, Mr. Tim Perz, Investor Relations. Thank you, Mr. Perz. You may begin.

Thank you, operator. Good afternoon. Thank you for joining us today to review Varonis' first quarter financial results. With me on the call today are Yaki Faitelson, Chief Executive Officer; Guy Melamed, Chief Financial Officer and Chief Operating Officer of Varonis. After preliminary remarks, we will open the call to a question-and-answer session. During this call, we may make statements related to our business that will be considered forward-looking statements under federal securities laws, including projections of future operating results for our second quarter and full year ending December 31, 2024. Due to a number of factors, actual results may differ materially from those set forth in such statements. These factors are set forth in the earnings press release that we issued today under the section captioned forward-looking statements, and these and other important risk factors are described more fully in our reports filed with the Securities and Exchange Commission. We encourage all investors to read our SEC filings. These statements reflect our views only as of today and should not be relied upon as representing our views as of any subsequent date. Varonis expressly disclaims any application or undertaking to release publicly any updates or revisions to any forward-looking statements made herein. Additionally, non-GAAP financial measures will be discussed on this conference call. A reconciliation for the most directly comparable GAAP financial measures is also available on our first quarter 2024 earnings press release and investor presentation which can be found at www.varonis.com in the Investor Relations section. Lastly, please note that a webcast of today's call is available on our website in the Investor Relations section. With that, I'd like to turn the call over to our Chief Executive Officer, Yaki Faitelson. Yaki?

Thanks, Tim, and good afternoon, everyone. Thank you for joining us to discuss our first quarter results which represented a strong start to the year. In addition to discussing the results, I would like to review our SaaS transition progress and the key drivers of our business for this year. But first, let me remind you why Varonis exists and the problems we solved. Data is valuable, which is why bad actors want to steal it. Companies invest in security to protect the data, but securing it is very difficult. Varonis solves the problem by helping companies locate their sensitive data, visualize who has access to it, locks down and detect and respond to threats on it. And because of the sophisticated automation that we have built into our Varonis SaaS platform, customers spend very little time and effort to protect their data, and now with MDDR, will reduce this even more. This allows companies to collaborate safely and get the most value from their data while managing risk. Our first quarter results reflect the sustained momentum of our SaaS transition and the positive reception of our managed data detection and response service or what we refer to as MDDR. ARR grew 17% to $560.3 million, and we generated $56.4 million free cash flow this quarter versus $35.7 million last year. SaaS ARR now represents approximately 30% of total ARR. Guy will review our Q1 results and our updated guidance in more detail. I want to express how proud I am of the Varonis team. While the selling environment has stabilized, it remains challenging, and the Varonis team executed well during the first quarter, and I believe that we are only scratching the surface of what lies ahead for us. The transition to a SaaS delivery model continues to show momentum because of the many benefits that our customers realize, and I will quickly remind you of a few. Customers can achieve automated outcomes, which means they can ensure the data is protected with very little effort. SaaS is quicker to deploy and operationalize because of significantly lower infrastructure and personnel investments. SaaS is easier to maintain and upgrade. Additionally, there are 3 key benefits that we realize. They are shorter sales cycle, larger initial [indiscernible] and margin benefits over time. In addition to our SaaS transition, I would like to discuss the 3 additional drivers of the business that I've mentioned last quarter, which are our MDDR service, the adoption of enterprise-generated AI and increasing compliance requirements. Today, I would like to focus on MDDR and Gen AI. Last quarter, we introduced our MDDR service, which is the first managed service for monitoring and protecting critical data. It is a paid service that builds upon our proactive incident response offering by providing a service level agreement and around-the-clock coverage. It is important to note that this service is only possible for our SaaS customers because of the visibility and automation built into our SaaS platform. We just began selling this offering in the first quarter, and we have already started to see great momentum with it. So let me explain why this is already happening and why we view this as a game changer for our company. MDDR is a natural evolution of our platform and still a significant unmet need in the market. One of the challenges people face is that they don't have the people to monitor and investigate alerts fast enough. Now with MDDR, we take this burden from customers and put it on us. If we see a threat anywhere within our MDDR customer base, we can stop it and simply notify the customer after the problem has been solved. We can do this because we pioneered the use of machine learning for data security and user behavior analysis, giving us years of experience building highly accurate threat models. Our team leverages a significant automation plus our unique metadata telemetry, such as data sensitivity, access events and permissions that allow us to detect if data is under attack and to catch threats missed by others. I've also been asked to clarify the value our MDDR service provides to customers that already have an endpoint detection and response service or managed detection and response service. The answer is actually very simple. On the perimeter phase, we believe that we are best positioned to save companies because we have been monitoring the data inside that perimeter ever since we started. Companies sometimes pay in millions for other threat detection and response services, but when an incident happens with services that don't focus on data can always show you when the attack began. We started to answer the most important question, was any data stolen? MDRs and EDRs can reveal how a bad actor gained access and what tactics they use to get in but cannot tell a customer if any data was taken. The situation is that discovering the bank was robbed but having no certainty about the most important elements whether money was stolen or if the vault remains secure. This blindness is where organizations with sophisticated security stocks can still fall victim to data breaches from insider threats or attacks that bypass the perimeter. Without Varonis, data is usually partly accessible with anyone or anything inside the perimeter and even closely monitored, this means more data is likely to be breached and companies have a harder time quantifying what was taken during the breach, making the liability much higher. Varonis customers automatically shrink their blast radius, which reduces the potential damage that an insider can do and forces bad actors to work harder to get to sensitive data, giving us more opportunities to catch them. With MDDR, we often catch that actors before they get to data. And because we watch the data, we are able to quickly quantify the damage. This means we can stop the breach and limit their exposure and their potential liability. This is why no matter what platform a customer has, they will still need MDDR. To finish our bank robbery example, Loans MDDR watches the money around the clock and can tell the bank manager that their money is safe and the vault is secure. Now I would like to touch on our generative AI opportunity. This technology presents tremendous productivity opportunities. But in order to reap the benefits of it, you need strong data security. For example, AI can reveal critical data to their own machines and people because most generative AI tools utilize existing access controls which most organizations have been locked down, leaving them overexposed. Companies also need to prevent sensitive data on being used in large language models and hackers to leverage these tools to steal important data more easily. Bottom line, generative AI is causing organizations to take a hard look at the data security strategy. This is why we continue to see generative AI coming up in so many of our customers' conversations as organizations try to understand how they can safely realize the productivity benefits. So far, companies are taking a very careful approach and are thoughtfully considering with potential risks before expanding from the pilot phase into organization-wide rollouts. As a result, we expect the near-term adoption of the wide-scale Gen AI to be measured as companies gain comfort around how they can secure their data. Overall, the feedback we are hearing from customers only serves to strengthen the conviction we have in our ability to benefit from this enormous secular tailwind. Our partnership with Microsoft is progressing well. And 1 month ago, we announced the industry-first cybersecurity solution for Microsoft 365 Copilot. This will be sold as an add-on to our existing Microsoft 365 staff package and allows organizations to monitor copilot data access in real time, detect abnormal copilot interactions and automatically remove sensitive data accessible by both humans and AI engines. In addition to the enhancement to our platform, we are seeing Gen AI act as a catalyst for conversations with prospects. And although we are seeing material ARR from Gen AI related deals, we are seeing healthy pipeline build with respect to this opportunity. With that, I would like to briefly discuss a couple of key customer wins on Q1. A large university and affiliated hospital system with 6,000 employees became in Varonis SaaS MDDR customer this quarter, a broad mandate to secure sensitive data led to a risk assessment, so we discovered 4 million sensitive records and 2 million instances of student and patient PII exposed to everyone in the organization. This university evaluated several CSPM and DSPM and legacy data security solutions, but ultimately purchased Varonis SaaS package with MDDR protection for the UNIX and hybrid Windows environment with our automation and metadata centric telemetry, Varonis MDDR to supplement their existing MDDR and MSSP vendors by providing protection that is focused on securing their most valuable asset data. We're also seeing strong engagement from existing customers. A broadband provider initially became a customer in 2014 and with the goal of identifying and remediating overexposed sensitive data and enhancing their threat detection capabilities. With our self-hosted offering, this required some customer effort and meaningful infrastructure investments. This customer converted to Varonis SaaS with MDDR protection for the hybrid Windows environment. They will benefit from our automated remediation and will realize infrastructure savings while freeing their security team since we monitor and respond to alerts. In summary, the results to a strong start driven by the automated outcomes that customers receive from our SaaS platform and our recently introduced MDDR offering, which we believe is a game changer for our company. We are excited to capitalize on the tailwind of MDDR, Gen AI and increasing data-centric compliance regulation as we capture our significant market opportunity. With that, let me turn the call over to Guy Melamed.

Thanks, Yaki. Good afternoon, everyone. Thank you for joining us today. We are pleased with how our team performed in the first quarter and the continued momentum of Varonis SaaS furthers our confidence in completing the transition in 2026, 1 year earlier than our initial time line. At the end of Q1, SaaS represented approximately 30% of our total company ARR, driven by strong contribution from new logos and existing customer conversions. As Yaki mentioned, the other key driver of our business this quarter was MDDR. This paid offering is an evolution of proactive incident response that comes with an SLA and assurance that Varonis will respond to ransomware attacks within 30 minutes. MDDR has been extremely well received in the first quarter, driving new business, increasing deal sizes and simplifying the conversation with customers. In addition to MDDR, nearly every customer conversation, we have touches on generative AI, which reinforces our view of this secular tailwind. We're seeing healthy leading indicators with respect to the opportunity. But as we discussed previously, we continue to expect the adoption of Gen AI will be measured. As we look ahead of the rest of this year, we're excited to begin Phase 2 in earnest in the second half of 2024, which will be focused on converting our installed base of on-prem subscription customers to our SaaS platform. As a reminder, we expect that the ramp-up of this phase will not be linear and momentum should grow in each quarter and further accelerate in 2025 and 2026. In the first quarter, ARR grew 17% year-over-year to $560.3 million, and we generated $56.4 million of free cash flow, which was up from $35.7 million over the same period last year. These metrics demonstrates our commitment to balancing top line growth with improving cash flow generation during the transition. Turning now to our first quarter results in more detail. As a reminder, the leading indicators of our transition are ARR, free cash flow and ARR contribution margin. As we have said many times, the faster we progress through the transition, the more headwinds we will experience to our traditional income statement metrics, but we view this in a positive light. In the first quarter, we continue to see stabilization of the macro environment. Heightened deal scrutiny persisted, but we are seeing positive momentum, especially with regard to the adoption of SaaS and MDDR. Q1 total revenues were $114 million, up 6% year-over-year. During the quarter, as compared to the same quarter last year, we had approximately a 9% headwind to our year-over-year revenue growth rate as a result of having increased SaaS sales in our booking mix, which are recognized ratably versus the upfront recognition of our on-prem subscription products. As we have done in the past, we are committed to being as transparent as possible throughout the transition, which includes providing you with the key metrics that track our progress during the next phase. This quarter, we're providing SaaS revenue for the first time, a metric that we will provide going forward. We will continue to provide SaaS as a percentage of total ARR each quarter until we successfully complete the transition. In the first quarter, SaaS revenues were $34 million, term license subscription revenues were $56 million, and maintenance and services revenues were $24.1 million as our renewal rates were again over 90%. Moving down the income statement, I'll be discussing non-GAAP results going forward. Gross profit for the first quarter was $95 million, representing a gross margin of 83.3% compared to 86.5% in the first quarter of 2023. Gross margin continues to track ahead of our expectations and the change is primarily due to the much higher mix of SaaS revenues versus last year, which caused a revenue headwind due to the ratable recognition of SaaS versus the upfront recognition of on-prem subscription licenses. The recognition of compute costs associated with our increased SaaS revenues and increased hiring in certain departments within COGS to service the anticipated strong ramp in MDDR drove the remainder of the change. Operating expenses in the first quarter totaled $105.6 million. As a result, first quarter operating loss was negative $10.6 million or an operating margin of negative 9.3%. This compares to an operating loss of $4.3 million or an operating margin of negative 4% in the same period last year. During the first quarter, as compared to the same quarter last year, we had approximately an 8% headwind to our operating margin as a result of having increased SaaS sales in our booking mix, which are recognized fully ratable versus the upfront recognition of our on-prem subscription products. First quarter ARR contribution margin was 13.7%, up from 5.6% last year. The significant leverage improvement even during the early stages of the transition reflect our ability to drive strong incremental margins while growing ARR and transitioning to SaaS. During the quarter, we had financial income of approximately $8.2 million, driven primarily by interest income on our cash deposits and investments in marketable securities. Net loss for the first quarter of 2024 was negative $3.7 million or negative $0.03 per basic and diluted share compared to a net loss of $0.1 million or a net loss of $0.00 per basic and diluted share for the first quarter of 2023. This is based on 110 million and 108.4 million basic and diluted shares outstanding for Q1 2024 and Q1 2023, respectively. As of March 31, 2024, we had $774.4 million in cash, cash equivalents, short-term deposits and marketable securities. For the 3 months ended March 31, 2024, we generated $56.7 million of cash from operations compared to $36.8 million generated in the same period last year and CapEx was $0.3 million compared to $1.1 million last year. Turning now to our updated 2024 guidance in more detail. For the second quarter of 2024, we expect total revenues of $123 million to $126 million, representing growth of 7% to 9%. Non-GAAP operating loss of negative $6 million to negative $5 million and non-GAAP net loss per basic and diluted share in the range of negative $0.03 to negative $0.02. This assumes 111.7 million basic and diluted shares outstanding. For the full year 2024, we now expect ARR of $622 million to $628 million, representing growth of 15% to 16%. Free cash flow of $70 million to $75 million, total revenues of $536 million to $546 million, representing growth of 7% to 9%. Non-GAAP operating income of $9 million to $14 million, non-GAAP net income per diluted share in the range of $0.13 to $0.16. This assumes 128.4 million diluted shares outstanding. In summary, we are encouraged by the continued momentum of Varonis SaaS and initial reception of MDDR. The growing demand for these offerings is strengthening our ARR performance and cash flow generation as we move through the second phase of our transition, which we believe will unlock meaningful value for both our customers and our company. With that, we would be happy to take questions. Operator?

[Operator Instructions] The first question comes from the line of Saket Kalia with Barclays.

A nice start to the year here on ARR. I'd love to start with MDDR. And maybe the question is, what's been the initial -- you touched on this a little bit, but what's been the initial feedback that you're getting from customers on the offering? It seems like it's off to a good start. And Guy, just related to that, can you just talk about to what extent is MDDR makes you pulling through more interest in SaaS since it's only available to SaaS customers? Does that make sense?

So in terms of MDDR, the customer feedback and the fact that behind it, are basically exceeding our expectations. And effectively, attacks can come from anywhere on any device, but only going in one direction, which is the data. So perimeter security is great, and there are many amazing companies. But if you think in probability, there is a high probability that your perimeter will fail. And once you have an identity, there is no perimeter anymore, you're getting into the data. And we just dramatically understand how people need to use data and can stop these attacks and make sure that you will not have a data breach. In our opinion, it's the best way to avoid a data breach and you are doing it completely automatically. So it just works extremely well as you have more platforms and a lot of our -- the way that we bundle it, Edge and the other products, Active Directory and [indiscernible] it works extremely well. So customers love it. And we are just on a daily basis, saving them and stopping them from breaches. And we really believe that the data security platform is an MDDR, it's the first thing that the organization needs to do. And the last thing that will save you when everything else didn't.

And Saket, you're right that it's only offered with the SaaS offering. It was definitely a key driver for our business this quarter. When you think about the MDDR it's been an evolution of the proactive incident response. And it comes with an SLA and kind of assurance that Varonis will respond to ransomware attacks within 30 minutes. So it's very compelling. And when you look at kind of how it was received this quarter? It's been extremely well received, both from driving new business, increasing deal sizes and simplifying the conversations for our customers.

But as just to add a bit about what Guy said, when we build our SaaS solution, it was critical for us. This is a software solution to build a lot of automation to make sure that we have tremendous force multiplier to our analysts. So we did a lot of robots and using a lot of AI to make sure that our people are extremely productive. This is almost completely a service offering -- software offerings.

Next question comes from the line of Hamza Fodderwala with Morgan Stanley.

This is [ John ] on for Hamza. For Yaki, just a question for you. How often is Microsoft Copilot coming up in your customer conversations versus 3 months ago? And is the expanded partnership with Microsoft Copilot driving more pipeline?

It's front and center in every conversation. Microsoft is still not pushing its full force to the customer base. You see that a lot of customers experimenting with it. I think I broke my record of seeing customers in Q1, and there is a very consistent theme. They're starting the Copilot evaluation and stopping it because it's exposing a lot of critical data. So just protecting these Copilot and they are connecting to many sources is coming with each and every conversation. And I think that it's just exposing the problems and organizations understand that they need to take data security very seriously in order to benefit from the automation of this Copilot that are based on LLM. It's starting to build a good pipeline in the places that we engage with Microsoft. It's also starting to go in the right direction. But remember, Microsoft are still not pushing it full force. I believe that once they have a quarter and they push it full force, it can have a big impact on the business. But if the world wants to benefit from Copilot and all these LLM robots if you will to get the productivity gains, they will need to take care of the data security problem.

John, just to reemphasize what Yaki was saying. In terms of the reported numbers for Q1, we didn't see Copilot as part of the reported numbers in Q1. But definitely, when we look at all the leading indicators, they appear there, and we're seeing pipeline increase for them.

There is still not a revenue impact, but we're starting to see pipeline impact and a lot of conversions and people are in the initial stages to figure out how to do it in the right...

Next question comes from the line of Matt Hedberg with RBC.

Yes. This is actually Matt Swanson for Matt. I mean, it's great to hear some stabilization in the macro. It feels like it's been a long time coming for all of us. But you've done a really successful SaaS transition during a really uneven macro. And Yaki, you mentioned some of the advantages of staff, the lower infrastructure personnel costs, easier to maintain. Can you just kind of talk specifically for the SaaS transition kind of headwinds and tailwinds of the challenging macro? Are there any parts that actually helped the transition when things are a little tougher?

The thing that what happens is this is what helps first is the reality is that breach is almost always, not always, but almost always data breaches. And the security industry, be it upside down in that we spend a fortune on perimeter security and it just failed, small failures and then you have this massive blast radius and you are completely exposed. Think about it. It's like to have to do business with a bank that doesn't have a ledger can tell you what happens with the account and I just can tell you that you have a strong password and well logged in. It doesn't make any sense. And the other thing that happened in SaaS, it's primarily that it provides automated outcomes and clearly scales extremely well. We took everything we learned on the on-prem, and we build just a lot of automation and a lot of coverage. And customers with 5%, 10% of the effort can get 10x more value. So this is also the -- it's also the way it works. And I also think that solely, but surely, this everyday organization just realized this is something that we need to do sooner rather than later. And obviously, with AI and all the attacks that always going toward the data, organizations understand that this is the way to go. It's a gradual process, but we definitely feel that the technology is just speaking the reality. If you want to make sure that you don't have a data breach, you need a bigger security platform with automated outcomes.

Next question comes from the line of Fatima Boolani with Citi.

Guy, I had a question for you about the ARR look, I just wanted to dissect that a little bit. So a double start of the year considering we're not totally out of the woods in the macro. But I wanted to better understand why some of this momentum, you're not expecting to improve through the year given this was a seasonally for quarter and you have so much more demand and growth driver optionality as we look into the back half. So I would just love some of the puts and takes that you embedded into the outlook in terms of not sort of rolling forward the upside in this quarter?

I think that's a great question. And I want to be very clear. We're kind of -- we're raising our full year ARR guidance because we feel really good about the rest of the year. When you look at kind of -- we raised ARR, it's purely a mathematical kind of framework. If anything, I would say, we feel more confident about Q1 than what we did 90 days ago. So if I walk you through the math of kind of the guidance itself, as you know, we only guide for annual ARR and our 2024 net new ARR guidance was similar to previous year's numbers. So when you look at the net new ARR in Q1 2024, it was approximately $4 million higher than last year, which is exactly what we're rolling over for the full year midpoint of ARR guidance. When you look at kind of -- and I've talked a lot about this in previous quarter, when you look at all the things that are working in our favor, we have a lot of things, whether it's the environment, MDDR Copilot. But you have to remember, Q1 is still the smallest quarter of the year. And our philosophy has always been not to bake in positivity before we actually see it translate into the numbers. So we want to see how things progress. We want to see how things move forward for the rest of the year. With Copilot and the SEC regulation, we have yet to see that positive impact to our reported numbers. With MDDR we have started to see good momentum, but it's still only 1 quarter in, which is why we're taking a responsible approach. And as we have done in the past and as we see the data that supports it, we will be happy to update our guidance.

Next question comes from the line of Brian Essex with JPMorgan.

Yaki, I was wondering if you could give us a little bit of an update. I think you talked a little about this last quarter, but you've got a lot of irons in the fire or incremental opportunities with -- as we kind of approach the back end of the year. How do you think about incentivizing the sales force with regard to: number one, new logo growth; number two, more proactive conversion of your installed base as you kick off Phase 2; and then number three, expansion into new adjacent markets with MDDR and Copilot? So how do you -- maybe if you can categorize the magnitude of each of those levers and how do you expect that to play out through the rest of the year?

MDDR and the Copilot are relevant to every existing customer and prospects and really help us to gain market share as they expand the platform -- expand the platform in the base. So this is something that is working very well for us. But we also have just so many ways to add value to customers with everything that we are doing with cloud, on the SaaS side, on the IR side, we really see our customers getting extremely fast to the automated outcome.

And I'll give the color from a commission perspective. What we have seen from a conversion perspective is that it's happening in a natural way. When you look at the uplift, obviously, it's beneficial for the customers because they're getting a much better product, but it's also beneficial for our sales force because anything on top of that renewal goes towards their quota. So at the beginning of this year, we didn't change the incentive for the conversion because it is happening kind of in that natural element, which is great for us and is working great for our customers. What we did do because new logos is such an important component on fueling our growth for the years ahead is we actually doubled down on the commission plan from a sense of ensuring that reps are focused on acquiring new customers -- and in order for them to make real significant money, they will have to focus on new customers. They'll be able to make money without it, but in order to make real big money, they have to focus on new customers as well. And when you look at the offering itself, the SaaS offering has actually eliminated 2 of the biggest objections that we've used to see, and that's that customers don't have the people to support the platform or companies don't necessarily want to buy the hardware. So in a way, that change of comp plan actually works really well with the offering that we have. And when you think about that combination, it's something that we've seen work very well for us in Q1.

Next question comes from the line of Roger Boyd with UBS.

Great. A lot of talk around the momentum that's in the pipeline around Microsoft 365 Copilot. But Yaki, I'm wondering if you're starting to see interest from the installed base around securing other copilots and other G&A applications like those in Salesforce or GitHub. It's come up with a few customers. Just wondering if that's showing up in the pipeline or customer conversations with any sort of momentum.

So without a doubt and even much more because people understand that they want this copilot for almost every platform that they have. So we see it on the SaaS, like Salesforce, GitHub, Jira and others. And obviously, they will have connectors for things like Box and Google, [indiscernible]. So you see all these copilots. And even sometimes, people have their own private instance to open AI and just putting to this data on Sharepoint or an S3 bucket on Azure Blob, creating a lot of value. And the other thing that we are doing in Copilot, we extend it to look at the queries themselves, risky users and all the other logs. So it's really working from every angle. And the other thing that was also a surprise for us is once you are using these technologies, the speed that you are exposing critical data. It just -- it's unbelievable, not exposing and creating critical data. So it's definitely very interesting for us and just immediately exposing the problem and also enhancing it.

Next question comes from the line of Shaul Eyal with TD Cowen.

Congrats on the ongoing SaaS transition and the overall results. Guy or Yaki, I wanted to ask about the mix between existing customers and new logos this quarter. Can you double click on this item? And maybe, Yaki, specifically for you, you're often being asked about the competitive arena. Typically, the case of Varonis' limited scope of competition. But with many security companies in many categories buying small DSPM assets, what's -- what are you seeing out there from the over -- aside from the overall market validation?

So Shaul, I'll start with the first question. When you look at the results in Q1, the majority of our new ACV in Q1 was driven by new logos. And as I said before, SaaS is really opening up new markets for us because it's eliminating the 2 biggest pushbacks we used to get. One being companies don't have the people to support the risk; and number two, they don't want to buy the hardware. So the changes we made to the comp plan, which I discussed in one of the previous questions, together with the simplicity of the story and the benefits of the products are really working. And the new logo activity was really healthy.

On our end, so in the traditional areas, we're really completely dominating, which is all the NAS devices, Active Directory, [indiscernible], 365, Salesforce.com, Google, Box -- all of this, nothing changed. But one thing that changed for us, the companies that you mentioned primarily, they are focusing on the IS side, which is AWS and when we build a product that we believe that is the best in the market in this area. And we are there in the places that we are installing. We see that we have very good results. And we anticipate that in these places, we see competition that will create budget, but in terms of scale and automated outcomes, I believe that we are well positioned to take this market and win. So overall, at this point, what's going on in this market, we see that creating a lot of the wellness in creating more and more budgets. And so far, this is very good for us in terms of overall awareness and sales motion.

Next question comes from the line of Joseph Gallo with Jefferies.

This is Annick Baumann on for Joe Gallo. You guys launched many new products last quarter, including Snowflake and Salesforce protection and things like that. Can you just talk quantitatively -- sorry, qualitatively about the traction you're seeing there?

Yes. I think that in terms of everything we're doing, in IS, we will very fast see a lot of traction. The other thing that is very interesting, like Snowflake and other data repositories, they are massive. So everything we -- the core technology that we have to analyze metadata to do it, its scale is working extremely well. And all the connectivity to the MDDR is a very exciting prospect. So really, at this point, we see good prospect to everything we have done on the engineering side, and we're also very proud of the team in the rapid release cycle of features and products.

Next question comes from the line of Jason Ader with William Blair.

I just wanted to ask about MDDR again. More specifically, I mean, just -- I know you've recently announced that it clearly has exceeded your expectations. You're thrilled about the early demand. Can you just talk about the pricing model that you use, the type of uplift it could create on your SaaS business? And then maybe any early metrics on attach rate?

Yes, I think that's a great question, and we talked a little bit about it last quarter when we introduced MDDR. When you think about our goal at the end of the day, it's to protect our customers. And when you look at the MDDR offering, it's really resonating within our customers and the value there is very clear. So at the end of the day, with that value that we provide customers, we're trying to extract dollars from them and increase customer lifetime value. And there are 2 ways to do it. Either you allow customers to buy additional licenses and then your MDDR pricing is somewhat reduced as long as they buy and increase the ASP or if they only want the MDDR, then that pricing of MDDR as a stand-alone is significantly higher. What we're seeing is that customer -- customers are embracing the package itself and they're buying it as part of additional licenses that could give them additional benefit, and that allows us to increase the ASP. It's still very early, so I don't want to give out numbers and kind of go through the exercise of kind of the uplift that we're getting there. But we're seeing our ASPs increase in a very healthy way and the value that we can provide with that platform is significant.

The MDDR essentially is our ability to make sure that to fulfill our promise to the world, if you have us most probably, we are not going to data breach. And the key with the MDDR with customers, we have as much as coverage as possible. And with that, we will be able to protect them automatically.

So you think ultimately like most of your customers will take this?

We believe that every customer needs to get it, and I think it's going to be a gradual process, but I can say that initially, the way it started was extremely encouraging from our perspective and the conversations that we're having for the rest of the year on MDDR are also extremely positive.

Next question comes from the line of Shrenik Kothari with Baird.

Yaki, you touched upon Gen AI, just wanted to double click, you said healthy leading indicators with respect to Gen AI, but adoption expected to be measured as their companies are considering potential risk? And it looks like, of course, it's data security the center of it and mostly copilot adoptions kind of getting started due to security concerns. So it almost seems -- it should even further drive demand for you guys in the current stage of kind of pre-Gen AI adoption from a data prep and governance standpoint to help them arrive at a point where they can adopt copilot? So just curious why the pipeline would not start kind of flowing through to deals already? If you are offering what they need right now at this point of time? If you can please help us understand.

Organization is still in the very early innings of how to use this LLM-based tools. The reality is that in order to reap the productivity benefits of these new products, you need to make sure that you have data security intact because if not, you could have horrible consequences, but it's still doing it in a very measured way. They're still testing. And we believe that once -- it didn't reflect in Q1 revenues, but it's definitely starting to impact the pipeline, and we believe that over time, it can -- it has the potential to be a great tailwind for the business.

Next question comes from the line of Junaid Siddiqui with Truist.

Great. Just had a question regarding opportunities in the channel. Any particular areas of emphasis you're focusing on, be it MSPs or SIIs as you transition to a predominantly SaaS company?

Well, in -- we are working with everyone. It's definitely a channel-focused company. The one thing we see is a SaaS solution that is much -- we're reducing all the friction in the installation and the time to value, ongoing value. The story becoming simpler and the overall offering more strategic. So just more compelling to partner with us.

Next question comes from the line of Rudy Kessinger with D.A. Davidson.

Guy, just -- I don't know if you gave it earlier or not, I joined a little late, but can you share how much of your existing ARR converted to SaaS this quarter? Or just directionally, did you confirm more or less in Q1 than you did in Q4?

We talked a little bit about it, but I'll give you more color. When we look at the results in Q1, we were really happy with the conversions in Q1. They really helped us get the SaaS where you look at kind of SaaS coming 30% of total ARR. Over you look at the number, it's actually $165.5 million. When we look at the metric itself, we didn't talk about the actual dollar value of the conversions because the metric you should focus on is SaaS ARR. Is that really measures the progress in completing the transition, which is one of our overarching goals. But SaaS ARR was very strong in Q1 and the existing customer conversions obviously played into that.

Next question comes from the line of [ Stephen Schwartz ] with Wells Fargo.

This is [ Stephen ] on for Andy Nowinski. Wanted to ask about your focus on new logos, maybe the role that MDDR can play into that? How much education maybe do you need to do to make that a driver of new logos? And is it something that you're thinking about?

It's very clear that MDDR can help with new logos because it keeps the conversation very, very simple. When you go to a prospect and you're talking about an SLA that assures Varonis will respond to a ransomware attack within 30 minutes, you get the customers' interest. And in a way, the whole purpose of MDDR is to allow us to help the customer and protect them in a way that doesn't require the same headcount that they had to have if we were selling them the on-prem subscription solution. So MDDR definitely fits within our offering in the simplicity and kind of double down on the SaaS simplicity that we have there, and that allows us to target new customers. And I think that, that story together with the way we structured the comp plan where reps in order to make real money need to focus there. I think that's working really well.

Next question comes from the line of Joshua Tilton with Wolfe Research.

This is [ Patrick ] on for Josh. So piggybacking off of a few questions earlier around the healthy pipeline build with respect to AI and sort of asking it in a different way. Can you kind of talk about -- and I know it's early, but talk about the sales cycles you're sort of expecting to see around the Copilot offering? Do you expect them to be sort of in line with what you see with the rest of the business or potentially longer if customers are sort of pushing off of adoption of AI?

So still early, we can't say how it's going to affect the sales cycles. But I will tell you that what is happening is it take the problems that they have and just expose it immediately. It will be -- organizations will take a lot of risk to use this AI tool without proper data security in place. But we still need to see how it will play out. The reality is that we think that organizations slowly maturely understand that without a solution like ours, they can't be protected from data breaches. And it's always about the data breach. It can come from insiders and APTs, people trying to get credentials. So once you have an identity there is no perimeter anymore. And people are -- and bad actors -- we're not doing anything that is very sophisticated time starting to take the data. And we believe that we are the best solution to make sure that you will not have a data breach. And I also think that gradually, the marketplace understand it because if you look at what's going on, you see attacks that are more sophisticated. They are always about the data while organizations spending a fortune on perimeter security. This is something that is just not sustainable.

Thank you. ladies and gentlemen, we have reached the end of question-and-answer session. I would now like to turn the floor over to Tim Perz for closing comments.

Thanks for the interest in Varonis. We look forward to meeting with you all at the conferences this quarter.