VRNS - NASDAQ

Greetings. Welcome to Varonis Systems' Third Quarter 2025 Earnings Conference Call. [Operator Instructions] Please note, this conference is being recorded. I will now turn the conference over to Tim Perz of Investor Relations. Tim, you may proceed. Thank you.

Thank you, operator. Good afternoon. Thank you for joining us today to review Varonis' third quarter financial results. With me on the call today are Yaki Faitelson, Chief Executive Officer; and Guy Melamed, Chief Financial Officer and Chief Operating Officer of Varonis. After preliminary remarks, we will open the call to a question-and-answer session. During this call, we may make statements related to our business that will be considered forward-looking statements under federal securities laws, including projections of future operating results for our fourth quarter and full year ending December 31, 2025. Due to a number of factors, actual results may differ materially from those set forth in such statements. These factors are set forth in the earnings press release that we issued today under the section captioned, forward-looking statements, and these and other important risk factors are described more fully in our reports filed with the Securities and Exchange Commission. We encourage all investors to read our SEC filings. These statements reflect our views only as of today and should not be relied upon as representing our views as of any subsequent date. Varonis expressly disclaims any application or undertaking to release publicly any updates or revisions to any forward-looking statements made herein. Additionally, non-GAAP financial measures will be discussed on this conference call. A reconciliation for the most directly comparable GAAP financial measures is also available on our third quarter 2025 earnings press release and our investor presentation, which can be found at www.varonis.com in the Investor Relations section. Lastly, please note that a webcast of today's call is available on our website in the Investor Relations section. With that, I'd like to turn the call over to our Chief Executive Officer, Yaki Faitelson. Yaki?

Thanks, Tim, and good afternoon, everyone. We appreciate you joining us to discuss our third quarter performance. We finished the third quarter with 76% of our total company ARR coming from SaaS which means that we have now completed the SaaS transition in less than 3 years and more than 2 years ahead of plan. In February, on our first quarter earnings call, we noted that Varonis is a story of 2 companies, and this remains true today. Our SaaS business, it drives our momentum as SaaS customers benefit from the simplicity and automated outcomes of the platform and our on-prem subscription business, the drag on total company ARR growth and masks the strength of our SaaS business. Let's start by reviewing our third quarter results. ARR increased 18% year-over-year to $718.6 million. However, in the final weeks of the quarter, we experienced weaker-than-expected renewals in our federal business in our non-federal on-prem subscription business, which resulted in Q3 coming below our expectations. As a result of continued underperformance in the federal vertical, we will be reducing the size of the team until we see improvement. Now that we have completed our SaaS transition, we are now announcing the end of life of our self-hosted solution as of December 31, 2026. We expect this to result in increased uncertainty with our remaining OPS business going forward. In each of the first 2 quarters of this year, we saw improvement in our gross renewal rate across the business, which is why the reduction in the renewal rate that happened in the final weeks of Q3 was unexpected. To account for this recent change as well as our decision to end of life our self-hosted solution, we are baking in additional conservatism to our guidance and have assumed even lower renewal rates in our OPS business for the fourth quarter. We are also taking thoughtful and prudent steps to manage expenses across the business, which includes a 5% reduction in headcount in order to reallocate our resources where we see the highest return on investment. Now I will review our results and updated guidance in more detail shortly. Despite the softness we experienced in our OPS business, we again saw strong demand for our SaaS platform during Q3. This is happening because customers are able to secure their data with significantly less effort. Within our SaaS portfolio, Varonis for cloud environments continue to show traction during Q3, which was driven by the investment we have made in our platform to expand to additional use cases and protect many more platforms. Our ability to protect cloud data represents a significant growth opportunity for us as we're just beginning to scratch the surface. Because the transition is complete, our reps can put more focus on new business and upselling existing SaaS customers as we believe this additional focus on upsell will help us unlock this market potential. Now I would like to take a step back from our near-term results and discuss the opportunities we are excited about moving forward. As I have said in prior quarters, bad actors are not breaking in, they are logging in. Once an identity is compromised, there is no perimeter and companies need a sophisticated data security platform to keep their data safe. Varonis takes a data-first approach and helps companies locate their sensitive data, visualize who has access to it, automatically lock it down and then automatically detect and respond to threats on it. Performing only 1 or 2 of these tasks is insufficient to secure data. What sets Varonis apart is our ability to successfully do all 3 of these tasks on data everywhere. Our SaaS platforms and MDDR have significantly reduced the amount of effort and resources needed to secure data. AI continues to put a huge spotlight on the need for data security and the CISOs that I speak with want to ensure 3 key things. They won't have a data breach, they won't face compliance fines and they want to secure their data to enable safe use of AI in an effortless way. Addressing this problem has always been difficult and in the age of AI, it becomes even harder to secure data without sophisticated automation. In the third quarter, we continue to see demand from companies looking to protect their data to safely realize productivity benefits of Copilot, and we believe we are still in the early stages of starting to capitalize on this tailwind. In July, we announced an update to our strategic partnership with Microsoft and are making significant investments to deepen our integration with them to better enable customers to securely adopt Copilot over time. We believe these investments will ultimately better position us to capitalize on this massive opportunity. In July, we announced the release of our Next-Gen Database Activity Monitoring or DAM, which stems from the acquisition of Cyral. Varonis Database Activity Monitoring provides a cloud-native agent-less solution that offers next-generation database security and compliance for the AI era. Unlike legacy database activity monitoring tools that are slow to deploy and offer limited compliance value, our next-gen DAM solution is part of our broader SaaS platform, which delivers rapid deployment, real-time threat detection, automated remediation and deep visibility into sensitive data access. This provides customers with automated security outcomes on any kind of data using our unified SaaS platform. Earlier this month, we introduced Varonis Interceptor, which offers customers a breakthrough AI native e-mail security solution designed to stop data breaches before they start and stand on the recent acquisition of SlashNext. The introduction of Interceptor is a natural evolution of our platform and significantly expand our total addressable market by connecting the dots between e-mail, identity and data. We believe we will dramatically increase the value for MDDR service and help customers stop threats even earlier in the attack path. With that, I would like to briefly discuss a couple of key customer wins from Q3. We continue to see strong demand for new customers and one of these was a fintech company that wanted to replace its limited DSP endpoint tools with a data security platform. The incumbent classification vendor could not scale, failed to provide forward and complete classification scale and also failed to automatically remediate risk or detect threats. Varonis was able to quickly discover overexposed PII data and credentials and plain text that were surfaced by Copilot users. Varonis also automatically remediated this exposure and provided a current and complete view of their cloud data under a single dashboard. They purchased Varonis SaaS with MDDR for hybrid environments and Copilot Azure, AWS, ServiceNow, Snowflake and databases. We also continue to see our self-hosted customers looking to convert to SaaS. This quarter, one example of this is a global financial services company that has been a Varonis customer since 2010. As a heavily regulated organization, they have historically used Varonis for compliance and auditing use case. They wanted additional visibility into their IaaS data and wanted to simplify the ongoing maintenance of its deployment under 1 unified SaaS tenant. They evaluated a number of DSPM vendors, but they did not provide the breadth of support and automated outcomes that Varonis did. This organization upgraded to Varonis SaaS for hybrid environments in Copilot, Active Directory, Exchange Online, Edge, UNIX, privacy automation and Varonis for IaaS. In summary -- although we are disappointed with the performance of our on-prem business during the final weeks of the third quarter, we continue to be encouraged by the strong demand we see for our SaaS platform, which now represents 76% of total company's ARR. This demand is driven by the automated outcomes and scale that it provides as well as customer interest in deploying AI initiatives and securing data in the cloud. With that, let me turn the call over to Guy. Guy?

Thanks, Yaki. Good afternoon, everyone. Thank you for joining us today. As Yaki mentioned, we see Varonis as 2 companies: our healthy SaaS business which now represents 76% of our total ARR or approximately $545 million, and our on-prem business, whose weaker performance is masking the underlying growth of SaaS in total company results. I will expand on this shortly, but let me first recap our Q3 results and update guidance. In the third quarter, ARR increased 18% year-over-year to $718.6 million. Our quarterly results did not meet our expectations due to weaker-than-expected renewals in our federal and nonfederal on-prem subscription business in the final weeks of the quarter. In each of the first 2 quarters of this year, we saw an improvement in our gross renewal rates across the business, which is why the reduction in the renewal rate in the final weeks of Q3 was unexpected. Since it is unclear if this reduction is specific to the customers that were up for renewal in Q3 or will be applicable to the population of remaining on-prem subscription customers, we have assumed a lower renewal rate in the fourth quarter and expect continued variability in our on-prem renewal rate going forward. As it relates to our guidance, we are now baking in additional conservatism for the fourth quarter to account for our weaker Q3 results and the decision to end of life our self-hosted solution. At the same time, our SaaS business remains very healthy, even when excluding the impact of conversion, and we continue to see the SaaS NRR trend at very healthy levels. We expect that this demand will continue to be the growth driver of our business going forward. This is driven by 3 factors: one, continuation of the healthy new customer demand that we've seen since the introduction of our SaaS platform; two, an increased focus on the SaaS upsell motion starting next year due to the completion of the SaaS transition; and three, the investments that we've made in the Microsoft partnership and the acquisition of Cyral and SlashNext that we expect will start to generate returns. In the third quarter, ARR was $718.6 million, increasing 18% year-over-year. And year-to-date, we generated $111.6 million of free cash flow, up from $88.6 million in the same period last year. In the third quarter, total revenues were $161.6 million, up 9% year-over-year. SaaS revenues were $125.8 million. Term license subscription revenues were $24.8 million, and maintenance and services revenues were $10.9 million as our renewal rates remained over 90%. Moving down to the income statement. I'll be discussing non-GAAP results going forward. Gross profit for the third quarter was [ $128.3 ] million, representing a gross margin of 79.4% compared to 85% in the third quarter of 2024. Our gross margin continues to track ahead of our expectations, and we feel very confident in our long-term target set at our Investor Day. Operating expenses in the third quarter totaled [ $128.1 ] million. As a result, third quarter operating income was $0.2 million or an operating margin of 0.1%. This compares to an operating income of $9.1 million or an operating margin of 6.1% in the same period last year. Third quarter ARR contribution margin was 16.3%, up from 15% last year. During the quarter, we had financial income of approximately $10.1 million, driven primarily by interest income on our cash, deposits and investments in marketable securities. Net income for the third quarter of 2025 was $8.4 million or net income of $0.06 per diluted share compared to a total of net income of $13.8 million or net income of $0.10 per diluted share for the third quarter of 2024. This is based on 134.1 million diluted shares outstanding and 134.7 million diluted shares outstanding for Q3 2025 and Q3 2024, respectively. As of September 30, 2025, we had $1.1 billion in cash, cash equivalents, short-term deposits and marketable securities. For the 9 months ended September 30, 2025, we generated $122.7 million of cash from operations compared to $90.9 million generated in the same period last year, and CapEx was $8.7 million compared to $2.3 million in the same period last year. Turning now to our updated 2025 guidance in more detail. For the fourth quarter of 2025, we expect total revenues of $165 million to $171 million, representing growth of 4% to 8%. Non-GAAP operating income of breakeven to $3 million and non-GAAP net income per diluted share in the range of $0.02 to $0.04. This assumes 133.4 million diluted shares outstanding. For the full year 2025, we now expect ARR of $730 million to $738 million, representing growth of 14% to 15%. Free cash flow of $120 million to $125 million. And total revenues of $615.2 million to $621.2 million, representing growth of 12% to 13%. Non-GAAP operating loss of negative $8.2 million to negative $5.2 million. Non-GAAP net income per diluted share in the range of $0.12 to $0.13. This assumes 134.8 million diluted shares outstanding. Lastly, as we announced today, our Board has authorized $150 million share repurchase program. We're able to make this announcement due to our strong balance sheet with over $1 billion in liquidity and our healthy free cash flow generation. In summary, while we are disappointed with the performance of our on-prem business during the third quarter, we remain confident in the performance of our SaaS business. We will continue to thoughtfully manage our business, which we believe will ultimately benefit our customers, company and shareholders in the long term. With that, we would be happy to take questions. Operator?

[Operator Instructions] Our first question comes from Meta Marshall from Morgan Stanley.

Maybe a question for me is just in terms of kind of you guys had just received FedRAMP high authorization for the SaaS platform. And so I guess just what went into kind of some of the decision to kind of terminate some of the people on the federal team. And just how do you kind of pursue that opportunity going forward?

We have the FedRAMP moderate, but we just don't have just the empirical evidence that in terms of when we're looking at all of the investment, this is the place that we need to invest in. We said all along that it doesn't behave like the enterprise business. And we haven't figured out why the federal continued to underperform. It's just the result, we are reducing the footprint of our federal team and just grouping and reevaluating the strategy there. The data there is important, but we see when we just move these customers to SaaS, it's just a tremendous value proposition with all the automation, and we believe that the database activity monitoring and the e-mail is very strong and just want to mainly invest in the place that we can move these customers to SaaS as fast as possible.

Our next question is from Matt Hedberg from RBC Capital Markets.

Yaki, was there anything you heard that was consistent for why the on-prem deals didn't renew? I mean, I guess, was there anything competitively? And then, Guy, you noted SaaS NRR trends remain at healthy levels. I wonder if you could put a finer point on what level that might imply.

Matt, so the win rates stayed the same. We have more than 75% of our ARR coming from the SaaS and the SaaS platform is performing very well. We identified that some of our [ apps ] were very focused on the SaaS customers. And unfortunately, they didn't have the account management trigger for the last leg of the OPS customers, primarily when they are single threaded and not using the full Varonis platform on-prem. You know our methodology of find, fix, alerts. Find the critical data, do the remediation and do the threat detection. And we're just going back to the basics and make sure we are getting back of taking care of these customers in the right way and that they are going to them in a very systematic way, demonstrating the value of SaaS almost treating them as a new sales campaign and just not assuming that the fact that there are good signs and positive conversations, they will just move on. When we look at it, there is just not one common thread. There is not one common theme why this OPS customer didn't renew. And this is why we are just very careful. But I think that what we have seen more than anything else that this is crystal clear tale of 2 companies, this automated platform with just all the coverage that is very easy to take all the rest of the integration. Many customers want DA Cloud and when we are competing with this, what we call, the DSPM ankle biters, we have very, very high win rates there to these OPS customers. So this is really what we are doing now is to make sure we are very focused on the last leg and to move these customers to SaaS.

And Matt, in relation to your NRR question, as Yaki mentioned, this is definitely -- there's 2 companies right now in Varonis. We talked about that in the Q4 earnings call about the fact that the SaaS business is strong. And when we look at the results in Q3, I think the overall on-prem subscription business is somewhat dragging and masking the healthy business that we have in SaaS. When you look at NRR, and I'm looking at NRR on the SaaS side because that's really what matters. We're definitely seeing that NRR continuing to be in very healthy levels and well ahead of the total company NRR. We do disclose the NRR number on an annual basis, and we will provide the SaaS NRR at the end of Q4. But just to remind you, the conversion uplift is not included in that calculation. So it's really a reflection of kind of the ability to go back to our SaaS customers and continue to sell them additional licenses. And we definitely have plenty to sell to those customers with the amount of platforms that we have. So we're extremely encouraged by the numbers that we see there, and we feel very good about the SaaS business.

Our next question is from Fatima Boolani from Citigroup.

Guy and Yaki, you've sort of identified that this nonrenewal or rather churn on an enterprise customer presumably was maybe more of an isolated event, but you are being prudent and you are frankly, taking a hatchet to your ARR guidance for the year. So I'm wondering, in the 24% of the ARR base that is not SaaS. What are some of the granular assumptions or thought processes you're reflecting to give us a better sense that, hey, we've kind of hit the floor on something like this happening again and frankly, for most of next year, ahead of which maybe customers are going to have an air pocket in terms of their decision-making. So can you help us through some of that in terms of how you're putting parameters on the risk to the 24% of ARR that is not SaaS?

So when you look at the fourth quarter, and I'll talk about the fourth quarter first, and then I'll give you some color on kind of how we're thinking about 2026. But the fourth quarter is really the largest quarter of the year. And we want to wait and see how the business performs before providing really a formal look into 2026. I will tell you, and I want to talk about Q4 for a second, that if we had the same renewal rate that we saw for the on-prem subscription business in H1 2025 and the same renewal rate that we saw for the full year 2024 for the on-prem subscription business, we would have raised our full year guidance. So this reduction of guidance is isolated to the on-prem subscription and the fact that it behaved, I would say, unpredictably, especially in the 2 weeks -- in the last 2 weeks of the quarter. When we were going throughout the quarter, we didn't see any change, and we really saw this happen in the last 2 weeks of the quarter. And that's why we want to evaluate when we see in Q4 and kind of take into consideration whether this was a onetime on the on-prem subscription or if this is a much more of a trend. I will tell you that from a guidance perspective, we baked in additional conservatism because we want to make sure that we account for this behavior and also for the fact that we announced end of life on the on-prem subscription. So we are baking both of those things into our guidance. And based on what we see in Q4, we will take that into consideration when we look at 2026.

Our next question is from Joshua Tilton from Wolfe Research.

Can you guys hear me okay?

We can, yes.

Awesome. Maybe just one for me. And the answer might be you guys are still kind of trying to figure it out. But, I guess, I'm listening to everything that's going on the call, and I'm just -- I understand what happened in the quarter, but I'm still a little confused on the why. Like do we -- like from your perspective and like what happened, what was the reason as to why you saw some of these lower-than-expected renewals in the on-prem business, both for Fed and non-Fed? And my follow-up to that, maybe just a little more directly is on the Fed side, was it related to the shutdown? And on the non-Fed side, were these customers aware that the end of life was going to happen? Or is this announcement of end of life kind of post quarter, if that makes sense?

So I kind of -- we kind of heard you scrambled at the end, but I think I got the gist of the question. And I want to give some color as to kind of the what has -- within the Q3. So really, as it relates to this quarter, we really saw multiple factors that came up, but we didn't identify any big theme that relates to our customers that did not renew on the on-prem subscription renewals. I think we identified sales process issues on the convergence that weren't related to the contracts and the documentations that we've talked a lot about in the past, and we are going back to basics to address these issues. We also identified and we are seeing some additional budgetary scrutiny from customers this quarter. But it's really hard to say for certain if that was a factor because it happened so late in the quarter. And obviously, as you mentioned, we had the federal underperformance. I can tell you that one thing that was clear to us is that we didn't see a change in the competitive win rates, and we're still in discussions with some of these customers that did not renew.

And with some of them, it was clear that they were what we call single threaded that did some classification and audit and didn't do all the find, fix, alert methodology. And in some cases, the teams just -- the heart of the sales process is a POC and then QBR that showed the value and an EBC that showed everything that we have in terms of road map and so forth and some teams didn't really follow this methodology. And also, it's a tale of 2 companies, but the vast majority is now in SaaS. And for some of the teams, it's easier to pay attention to the SaaS customers, and we want to make sure that we are managing their attention and making sure that we are taking care of this last leg of the transition in the right way.

Our next question comes from Joseph Gallo from Jefferies.

Should we expect you to ease on that 25% to 30% ASP uplift for conversions? Or is there anything you can do to further incentivize the on-premise customers remaining to move to SaaS? And then just in your conversations with customers, is there any sense of the number or percentage of business that maybe would never be willing to or can't move to SaaS?

We are just uncovering every stone here. And as we said, there is not one thing. This is something that till now just worked extremely well. It was a surprise in the last 2 weeks of the quarter. So we just need to see how it will play out.

And I want to add, when we look at the Q1 and Q2 renewal rate in 2025, we saw that renewal rate increase. So I think when we're looking at the Q3 renewal rate on the on-prem subscription coming down, we're truly trying to understand if this was a one-off or if this is something that we need to pay more attention to going forward. And that's why we reduced the guidance to bake in additional conservatism. And I think when we look at the Q4 results, we can identify for 2026, what is kind of the right rate that we should assume going into the year. But when we look at kind of the actions that we have taken, including the reduction of 5% of our headcount and adjusting some of the costs to better adjust to the top line and taking into consideration that conservatism on the guidance, we're trying to do everything right and be active in addressing that and making sure that we uncover every stone to identify how to address this going forward. And that was the thought process following the Q3 OPS renewal rate.

Our next question is from Brian Essex from Goldman Sachs (sic) [ JPMorgan ]

It's Brian from JPMorgan. I guess maybe, Yaki, for you or maybe, Guy, if you want to pick this one up. On the SaaS business, it sounds like that business is still very healthy and kind of as expected. Can you give us a sense of where you think ARR could shake out for the end of the year? I think if we use like your previous 82% guide, that puts us in the neighborhood of, I don't know, $615 million at the midpoint, somewhere in that neighborhood. But just a sense of the -- what to expect on the SaaS side? And then as a follow-up, contribution from SlashNext Cyral what you expect that could contribute for the rest of the year?

So I think when we talked about growing 20-plus percent, we feel very confident with our ability to grow 20-plus percent on the SaaS business. Obviously, kind of the behavior of the on-prem subscription renewals was a surprise to us, and we're trying to address that. But when I look at the SaaS business, it's acting very strong, very healthy, both in the value that we provide to our customers, then in our ability to go back to those customers and sell them additional licenses and additional platforms. So obviously, there is that headwind from the on-prem subscription business. But I would say that -- when we look at our -- we plan to end the year with 83% of our total ARR coming from SaaS. And the fact that, that business is performing really well gives us the confidence that we can continue to grow 20-plus percent on that business. That's part of the reason that we announced the end of life being at the end of next year. We want to have this on-prem subscription business in a confined time frame to be able to -- to be 100% SaaS and show all the benefits that the platform has to our customers and all the leverage and financial benefits that it can generate for the company.

Regarding SlashNext, we believe that it's a very good acquisition for us and a natural extension for our customers. So today, most of -- a lot of these attacks, the way that they are happening is the sophisticated social engineering from a trusted source, this supply chain attacks. And they have -- SlashNext is an unbelievable detection engine for that. And it has a very, very strong multiplier with our MDDR service. And we just started to introduce it and the reaction is very good. And regarding the database activity monitoring, there are these 2 incumbents that we can replace. People want to consolidate around one data security platform for security, compliance and AI usage and [ sterile ] proxy works extremely well and everything that we are building around it. So we just feel that these are 2 very strong additions for our platform and work very well and organically within our sales motion.

Our next question comes from Rudy Kessinger from D.A. Davidson.

It's kind of been asked. But I'm just curious, the end of life for self-hosted by the end of next year, and you just had lower renewal rates than you were expecting in Q3. I mean, do you feel at all that this push to migrate to SaaS is in any way alienating a certain portion of your customers who are just never going to move to SaaS? And if so, I guess, why do that? I imagine some of those customers might be very large strategic customers who could have very high lifetime values. Why not let them have a longer time frame to migrate to SaaS or remain on term license if they want to?

So we wanted to move everybody to SaaS and we said -- and get rid of the OPS. We always say that it's 10% of the effort and order of magnitude, 10x more value. Just as a business to operate it, everything that we are doing with engineering and the value that customers are getting, the integration of all our products, the way that we provide support. You need the right platform, then you need the right business model and the right operating model. And all along, the whole thought process was to move to 100% SaaS business. And we just want to also make sure that we are accelerating it because we also believe that in terms of the attention because this is one of the most important ingredient of our salespeople. We want that their attention will be on getting value to customers, selling more DA Cloud that is doing very, very well this year, selling the SlashNext product, the database activity monitoring, and we are doing so many more. And we just want this low-touch support model and MDDR and provide all the automations and the whole operating and business model of the company and also the value proposition is geared towards us.

Add to that, just when you go back to our Investor Day that we held in Q1 of 2023, we defined a transition to be complete when we get anywhere between 70% to 90% of our ARR coming from SaaS. This is actually the first quarter that we are above that 70% threshold, finishing at 76%. And if you go back to conversations that we've had, we always said that we don't want to maintain 2 types of code, that there are a ton of financial benefits for the organization to be only under SaaS. And as Yaki mentioned, there's obviously a tremendous difference in value provided to customers that are SaaS versus customers that are on the on-prem subscription. So if you look at the benefits for the customers and if you look at the financial benefits for the organization, we don't want to be stuck between the on-prem subscription business and the SaaS business, SaaS business performing really well. And obviously, the on-prem subscription renewals acting the way they did in Q3. So that's -- we would have announced the end of life. That was our plan all along. But obviously, with what we see in Q3, we kind of expedited that announcement, but really talking about December -- end of December of next year. And we will work with our customers to make sure that they can move to SaaS and benefit from it. But as we mentioned all along, we didn't want to maintain 2 types of code, and there are significant financial benefits for the organization, not maintaining those 2 types of on-prem and SaaS and being just on SaaS.

And also the ability of our sales force to do effective account management to take care of our customers in the right way. The whole company now, the lion's share is a SaaS business and gear...

Our next question is from Roger Boyd with UBS.

Just to go back to Josh's question for a minute to just be clear, was there any change to how you're approaching renewals on maintenance and term license in the quarter relative to the second quarter or last year and whether that maybe led to some of this unpredictability. I guess, the context is we had heard some anecdotes that you were maybe more heavily encouraging on-prem customers to move to SaaS or in some cases, living in the ability for customers to renew on maintenance. And just wondering if that at all was informed by this planned end-of-life on-prem business.

So again, going back to kind of the reasons for the lower renewal rate of the on-prem subscription, we just saw multiple factors. I don't think there was any one big theme that we can pinpoint to the reason of the on-prem subscription renewals behaving the way they were, especially when you look at the Q1 and Q2 renewal rates where the -- when you look at the renewal rate of the company going up in Q1 and Q2, we definitely didn't expect that the Q3 renewals of the on-prem subscription would behave that way. I think that when you go back -- if you go back historically, our sales force has been trying to convert customers in discussions with our customers for -- since we announced the transition. We were able to move as quickly as we have because our reps were discussing this with customers. We obviously believe that the benefit of having SaaS and MDDR has much greater value for our customers than being on the on-prem subscription and then having those customers manage the platform themselves. So obviously, I don't know what you heard, but our sales team has been working with customers, and we'll continue to work with our customers to make sure that they get the best platform that we have to offer, which is the SaaS plus the MDDR and all the functionalities that we have under SaaS that we don't have with the on-prem subscription. I think that as we look at the results in Q3, we see a very healthy business under the SaaS platform. And obviously, the on-prem subscription acted in a way that surprised us, which is part of the reason that we want to be 100% SaaS by the end of next year. So this -- I don't see this as something that is different in Q3 compared to Q2. I think there were multiple factors that contributed to kind of the lower renewal rate of the on-prem subscription. We talked about the sales process issues. We talked about additional budgetary scrutiny. Obviously, we talked about the federal underperformance. But as I said before, there was one thing that was clear to us, and that was that we didn't see a change in the competitive win rates, and we're still in discussions with some of those customers that didn't renew. So we think we might be able to get some of them back. We're in discussions with them. But obviously, we -- from a guidance perspective, we're assuming a more conservative guidance for Q4 because of the rates that we saw in Q3.

Our next question comes from Jason Ader with William Blair.

So if customers are not renewing their on-prem subscriptions with Varonis and not going to your SaaS, then what are they doing? Because obviously, you wouldn't think they'd want to be exposed if they've had Varonis data protection and all of a sudden, they don't have access to the technology anymore. So maybe just talk us through that, like what are they doing? And then separately, is term -- is there an element of compression in term contract duration at all because we saw that with another software company this morning where they saw some compression in term duration.

So let me address the first question and then I'll tackle the second one. When we look at those on-prem subscription renewals, most of them didn't go anywhere. And as I said before, we're in discussions with some of them. For many of these customers, they were single threaded, meaning they were only protecting on-prem data with a single use case, and they weren't using the full platform that we have with our SaaS offering. Historically, we converted these customers without many challenges. But in Q3, we encountered some of these issues and really can't really tell if it was a one-off or a new trend. And that's part of the reason that we want to see how Q4 behaves in order to get more color on kind of the rest of the non-SaaS business. In terms of the duration, that wasn't an impact here. We looked at that and analyzed that, and it didn't have an impact.

Our next question is from Mike Cikos from Needham & Co.

Mike Cikos here. I'm trying to get a sense if there was anything unusual about this OPS renewal cohort in the final weeks of the third quarter. And really, what I'm trying to get at is I'm wondering if the renewal rates was really tied to a smaller subset of customers, i.e., the breadth of customers really skewed to the renewal rates that we're talking to. And does that in any way help explain why the team is uncertain on the impact of these renewal rates, maybe just because we don't have enough observed data points. And then, I guess, secondly, have the OPS renewal rates that we saw on those final weeks of Q3? Have they persisted in the 4Q now that we have October, essentially behind us? I'm just trying to get a sense of what's transpired in the following 4 weeks.

So let me touch on the second part of the question. And I think I -- my understanding is -- are we seeing any trends in Q4 on the renewal rates. I think it's important to note, and we've disclosed this in our SEC filings, our business is back-end loaded, and we closed a significant portion of our business in the last 3 weeks of the quarter. It's very hard to see how the renewal rate will behave in Q4 when you own the data points that we have sitting here today. And if you go back to Q3, the business was tracking on plan, but really it was only in the final 2 weeks of the quarter that we experienced a decline in our renewal rate for the on-prem subscription business, which related really to both the federal and nonfederal sectors. So it's very hard for us to bake in any assumptions. And from a guidance perspective, we have never baked in positivity before we see it come to fruition. We always assume either the trend continues or gets worse, which is what we did in this case of the guidance. In our Q4 guidance, we assumed lower renewal rates that would take into consideration not just what we saw in Q3, but some of the impact of the announcement of end of life for our on-prem subscription business. So that was the thought process there when we looked at the Q4 numbers. And obviously, as we see the results at the end of the quarter, we'll give additional color from all the analysis that we'll see and kind of look at 2026 with the lens of Q3 and Q4 and not just based on Q3 as one data point.

There's no one thing. There is no one plan. But in some cases, definitely, there are account -- basic account management problems that customers use a small subset of the platform and our reps assumed like in other situation, they automatically will move into SaaS for the full hybrid complete. They had some positive discussions, but because of the limited usage and some deals [indiscernible] just all over it to make sure that we are getting control over these situations.

Our next question comes from Erik Suppiger from B. Riley Securities.

Just can you remind us what your contribution from Fed was and maybe what the contribution from the on-premise Fed business because I think all the Fed is probably on-premise. And then you've specifically identified both your Fed on-prem and the non-Fed on-prem. Was there a difference in terms of the decline in renewal rates between those 2 categories? Or were they both down similarly?

So federal business has always been around 5% of our total ARR. And when we look from a guidance perspective going into Q3, we basically assumed a flat contribution going into the quarter, but we actually had a headwind related to the federal business that was really coming from the renewals in the federal business. And we had several million dollars of a headwind coming from the federal business, which is kind of why we're making the adjustments to the team. But when you look at the renewals, there were actually -- the renewal rate decline was both on the federal side and also on the nonfederal side, which is the reason that we're reducing our Q4 numbers. If it was only the federal, I don't think we would have adjusted the full year guidance the way we did.

Our next question comes from Shrenik Kothari with Robert W. Baird.

So now that the conversion phase is largely complete, right, for your initial target for the mix and with the end of life, and in light of your kind of prior confidence in sustaining 20% top line growth, if we can really help kind of triangulate what the underlying growth cadence looks like going forward in your view now with the conversion out of the picture. Just from that $545 million SaaS ARR core, like how much of that is considered sort of early stage with significant room for upsell, cross-sell next year and after via, of course, usage and module attach and versus how much is already a little more mature with product adoption such as MDR and stuff like that. Just wanted to understand how to think about underlying growth cadence into next year and ahead.

So again, it goes back to the tale of the 2 companies. And when you look at the SaaS business, we definitely see that business acting strong. We believe in our ability to grow 20-plus percent with our SaaS business really due to the momentum we're seeing with new customers and the strong NRR we see with our existing SaaS customers. I think that -- when you look at how we plan to exit the year and we raised our expectations on the SaaS mix coming out of total ARR going from 82% to 83%, I think we are kind of -- the strength of the business is very apparent to us under the SaaS ARR. So we feel very confident in our ability to continue to grow going forward. We're addressing the issue that relates to the on-prem subscription renewals. We're taking kind of the necessary measures there. But it really is -- the on-prem subscription renewals are really masking the strength of our SaaS business.

Our next question comes from Junaid Siddiqui from Truist Securities.

As you expand your platform to cover adjacent use cases like SaaS and cloud infrastructure, just curious where is the source of that incremental budget that you are taking coming from? Are you seeing like a budget reallocation from existing security categories? Or is this tapping into net new spend from customers?

Well, we definitely see that customers have more budget to data security. It's important for them, and this is how we sell. Operator?