NABL - NYSE

Hello, and welcome to the N-able First Quarter 2023 Earnings Call. My name is Lauren, and I will be coordinating your call today. [Operator Instructions] I will now hand you over to your host, Griffin Gyr, Investor Relations lead, to begin. Please go ahead.

Thanks, operator, and welcome, everyone, to N-able’s first quarter 2023 earnings call. With me today are John Pagliuca, N-able’s President and CEO; and Tim O’Brien, EVP and CFO. Following our prepared remarks, we will open the line for a question-and-answer session. This call is being simultaneously webcast on our Investor Relations website at investors.n-able.com. There, you can also find our earnings press release, which is intended to supplement our prepared remarks during today’s call. Certain statements made during this call are forward-looking statements, including those concerning our financial outlook, our market opportunities, our continued expectations following the spin-off of our business in July 2021 and the impact of the global economic environment on our business. These statements are based on currently available information and assumptions, and we undertake no duty to update this information except as required by law. These statements are also subject to a number of risks and uncertainties, including those related to the spin-off transaction completed in July 2021. Additional information concerning these statements and the risks and uncertainties associated with them is highlighted in today’s earnings release and in our filings with the SEC. Copies are available on the SEC or on our Investor Relations website. Furthermore, we will discuss various non-GAAP financial measures on today’s call. Unless otherwise specified, when we refer to financial measures, we will be referring to the non-GAAP financial measures. A reconciliation of certain GAAP to non-GAAP financial measures discussed on today’s call is available in our earnings press release and our Investor Relations website. And now I will turn the call over to John.

Thank you, Tim. The new normal in our market is that we, along with our MSP partners, must constantly adapt to the ever-changing nature of the macro environment. And while external circumstances may change, our strategy remains on target. We believe we are well positioned as a critical infrastructure component to help our MSPs take advantage of the durable secular trends that exist regardless of the economic cycle. The healthy demand we see, which industry observers echo, give us confidence we have the right strategy, with the right business model to address the IT complexities, cyber threats and IT labor challenges that face the industry. So as Tim told you, we are executing efficiently and investing strategically as we aim to deliver both profitability and growth. And our teams are laser-focused on keeping ourselves and our partners ahead of the technology curve, able to manage everything, protect and secure their customers and grow and operate their businesses efficiently. Thank you all for your interest in N-able. And with that, operator, we are ready to take questions.

Thank you. [Operator Instructions] Our first question comes from Mike Cikos from Needham & Co. Mike, please go ahead.

Got it. And thank you pulling that out. And it makes sense, too. I mean we’ve seen it across our coverages for the company pushing some of these price increases given the inflationary environment. The second part of the question is more of a, I guess, geared towards John, but a two-parter, if you will. First, again, just on Cove, is there any way to think about the traction that you guys are seeing? Is there a particular customer or profile or do they need to have a certain maturity curve before Cove starts to really resonate? Or what is it you guys seeing on that front just given the consistent messaging and traction for that product? And then separately, but this goes back to your opening remarks, there is a lot of hype around Gen AI right now, obviously. And I know that you guys are talking about the consistent drumbeat of cybersecurity threats. I would think that the cybersecurity adversary continues to become more advanced because of what generative AI is actually unlocking. And if anything, I think it’s probably fair to assume that almost pushes SMEs and MSPs more in your direction. But wanted to see how you guys are using Gen AI on your side to ensure that you’re helping your MSPs as they navigate these cross currents? So a lot to unpack there, but if you could shed any light, it would be helpful?

Yes. Sure, Mike. How are you? This is John. Yes, a lot to unpack. Let’s do it step by step. So on Cove, Cove is disruptive, both for the MSP and for us. It’s disruptive because of the architecture. It’s cloud-first, which means, number one, on the security front, there is not an appliance or a vector to attack for the bad guys. Number two, because of our approach with true Delta technology, in other words, you’re only looking at the change and not necessarily having to back-up the restore, the amount of storage that we require is much less than our competitors. Therefore, the process time, the backup time is much less. Overall, Mike, it’s just a better TCO for the MSP. So the MSPs are spending less hour – less time, spending less on software and it’s a better solution. The solution appeals to all levels of maturity of the MSP. Okay. Now what did we announce today? Today, we announced advancement in our disaster recovery as a service. And as I mentioned in my prepared remarks, I’m in Prague with about 400 other folks in the MSP ecosystem. And so my answers will be somewhat biased to the conversations I’ve been having in the last couple of days. Earlier today, I had a conversation with an MSP from Scotland. They have about 1,200 servers and virtual machines, 300 of which are on Cove. So they are using Cove for about quarter of their installed base. And when I asked why is it that they are not using Cove completely, he said they were dependent on us building out more of our standby image and disaster recovery offering. And now that we’re continuing on that journey and developing more of a disaster recovery, a continuity plan for these MSPs, I expect that we will get better standardization among our MSPs. So for us, the growth algorithm is twofold with Cove. One, we want to continue to plant the Cove flag in a bunch of MSPs across the globe. And those can be MSPs that have our RMM or those MSPs that do not have our RMM. Last year, we began leading with Cove because it’s such a disruptive technology. And then number two, is through standardization and disaster recovery is a big component of that, giving our MSPs now the comfort and confidence that they now can have everything that they are covered with Cove. That can be Office 365, and you can see by the traction in our prepared remarks, that’s been a success. And now with the disaster recovery, I’m expecting to get better standardization across the footprint. So that’s on Cove. Look, on security, that’s another big hot topic here in Prague, right? MSPs, the story has changed, and I talked about this a little bit in my prepared remarks. What’s happening more and more is that MSPs and their customers and their customers’ customers are now because of compliance or regulatory reasons, needing to make sure that they have a layered security bit. And the prescription, so to speak, about good cyber hygiene is being dictated to these small, medium enterprises in all these different verticals. What that means for the MSP, is they are no longer needing to sell the security. They now just may need to help their MSPs – excuse me, their customers, their SME be compliant. And that is – that continues to be a big tailwind. We’re seeing the need for SMEs to retain their logs, maintain better files, making sure that they have a cloud-based backup. Things like EDR are now part of that compliance checklist that MSPs need, things like MFA. So the hygiene has gotten much higher, it’s creating a bigger tailwind. As it relates to AI and how we use it, look, the name of our game is all about automation and efficiency. And what we try to do is help MSPs. We’ve been in the automation game and in the scripting game really from the very beginning. We help MSPs. We provide them our own scripting and our own automation, and we also provide them a scripting with PowerShell and our automation managers so they can go and build their own automation, excuse me. So we continue to push on that front. We look at RPA and machine learning. We use data science in ML, in machine learning some of our products today, in particular in some of our mail and other security offerings. So it’s a part of our DNA. We’ll continue to invest and lean in there, and we’ll continue to leverage the technology to better serve our MSPs.

That’s great. Thanks for the color John. And just one correction on my side. Tim O’Brien, sorry, I haven’t had enough coffee today, and I guess I’m just crossing wires, but I think I called you Brien earlier. So apologies for that. We’ll turn it over to my colleagues...

Thank you. Our next question comes from Jason Ader from William Blair. Jason, please go ahead.

Yes. Thank you. Good morning, guys. Just wanted to get first a sense of how macro is manifesting in the business right now. Is it affecting expansion, new customer adds? Is there anything kind of geographically going on? Just any kind of broader commentary on the macro impact on the business.

Hey, Jason, thank you for the question. Look, and again I’ll use a little bit of my recency bias, but it’s a great heat map of what’s going on. Here at Prague, we have MSPs from 18 different countries, including North America, obviously, the U.S. and Canada, and as far away as New

Okay. I guess what I was getting at just in terms of the macros, there is been obviously credit tightening. And I was wondering if that’s impacted, I don’t know, new MSP starts or expansions or M&A, I don’t know. Just it seems like credit tightening should be having an impact on the SMB market and just I mean, it doesn’t sound like it’s material for you, but that’s what I was getting at.

No. Okay, sure. So on the debt side, it’s not that material. What we’re hearing a little bit is the number of M&A deals beginning to slow slightly as far as the MSPs and from some of the conversations we’re listening, but the quality of the deal remains – they are seeing valuations maintained. So it’s not really having that much of an impact. And Jason, remember, like the service that these MSPs provide are mission-critical. So these are not shops that get over-levered, right? These are not small, medium enterprises. And MSPs in general, they are not using debt, maybe as much as some of the hyper businesses or hypergrowth type of businesses. So they are not, I’d say, seeing that. I’m sure they are feeling that if they have any type of – variable type of debt. But by and large, we’re not seeing any impact in our demand or on their demand.

Okay. Great. And then the second question just is on competitive landscape. And I’m sure there is some kind of cross currents there. If you could just try to talk us through, especially on whether you think you’re gaining share relative to both some of the incumbents, the bigger players than you and then some of the newer entrants where we’ve heard some momentum from some of these up-and-coming players. And so maybe just paint the picture for us.

Sure. With our rebrand of Cove that we did about a year ago, we’re getting much – we’re definitely improving our share of voice in the market, and we’re seeing that whether it be in a Reddit forum or a different type of marketplace. And we’re seeing it in our numbers. So our Cove customer acquisition is definitely on the rise. We’re definitely taking market share from some of the bigger players, both traditional MSP vendors, Jason, but also backup and disaster recovery vendors that are not focused on the MSP. So we’re winning on both fronts in the MSP-focused guys and on the generalists. And that’s for backup. Our endpoint detection in our EDR continues to roar. On RMM, there is two halves of the market. There is the low end and to your point on some of the new players. We – a little bit over – I think we mentioned this to you guys before, but maybe about 1.5 years ago, we’re seeing a slowdown in our new customer acquisition at the low end. And we repackaged with N-sight. So we – and we did a bunch of improvements on our workflows and brought in three solutions into one. And so with the repackaging and the repricing and the work that we’ve done, we actually saw a pretty immediate reversal and we’re now winning market share in the low end. And on the high end, we continue to do well there. Our N-central platform services the large MSPs quite well. We win because of our breadth and depth of our offering. We win because of our automation. And we win because of our layered security integrated approach. So we continue to see strong market share results there. I’d say no new news on the high end of RMM. We continue to make the progress that we want to make and continue to gain market share.

Okay. Great. Thank you.

Thank you. Our next question comes from Matt Hedberg from RBC Capital Markets. Matt, please go ahead.

Got it. Thanks, guys.

Thank you. Our next question comes from Brian Essex from JPMorgan. Brian, please go ahead.

Hi, good morning and thank you for taking the question and nice results for the quarter. I was wondering maybe if we could start with Managed EDR and maybe adjacently kind of what you are seeing from the kind of host of new products that you have rolled out over the past quarter or so. But specifically, I guess for Managed EDR, I am interested to see or interested to learn what percentage of incremental new revenue might be attributed to Managed EDR? And do you have a sense of – obviously, it’s still early stages, but any expectations for what that might represent in terms of revenue mix over the next several years?

Thanks Brian. This is John. Yes, it’s definitely too early to start talking about Managed EDR as a separate line item. And historically, we really don’t break out our products by revenue line. It’s early days, right. I think we launched it last quarter, and we have been getting good traction. We gave that anecdote in the prepared remarks where we up-sold that one customer, and half of that was MDR. And so why do we believe and have such good traction, there is actually a couple of different angles. Number one, for MSPs that feel that EDR might be a little bit too complicated for their technicians or might be too time-consuming, adding this managed layer, where they are able to leverage an expert to provide some of the human in the loop, so to speak, is a great value prop for them, right. For a couple of more bucks per device per month, they can now go add the service and relieve their team of that burden, and it helps their overall EBITDA, and their overall efficiency and profitability. So, for those folks, it’s helpful. And then for the folks that are using EDR today, again, it’s an efficiency play. They can go, they can scale and now grow their business in a couple of different ways. So, we think it will help the low end of the market that might be a little bit apprehensive to help manage endpoint detection and response. And then for those that are a little bit more sophisticated, they know that they can leverage this outsourced expert and gain some time efficiencies. And so we expect that this will be a strong adoption. As far as offerings, we continue to work with SentinelOne on a couple of different things. We are looking at additional SKUs. And just to compare 2023 with 2022, we didn’t bring many new products to market in 2022. And in 2023, with vigilance and – excuse me, we got the Managed EDR offering and with disaster recovery with Cove and a couple of these other offerings, we believe that will help our MSPs add a layered security and help them drive more efficiency and it will obviously help our growth algorithm, right. The more offerings we can bring to market, the faster we can help our MSPs expand, the better that net retention number is, the better that overall growth story is.

Got it. And how do you think about EDR going forward from a services perspective? I mean, is there – do you get a lot of leverage out of the headcount that you have there? Do you anticipate you might see a little bit of margin pressure from that, or is this – or do you – are initial indications that this might just be kind of like a low-single digit percentage of revenue going forward, so it may not really have that much of an impact to the hiring and margin front.

So, look, I would say we look at the overall margin from the portfolio view. And we know that certain offerings have a little bit stronger gross margin than others. But really it’s about driving the LTV. And just to be clear, because we have a lot of three-letter acronyms in this business. So, EDR is the software, and then Manage EDR is the service that we attach. And we are leveraging actually SentinelOne for both, and we are leveraging their scale and their SOC and their AI to drive an efficient solution to the MSPs. And then what we do is we integrate this in a way for our MSPs in RRM. So, our MSPs now can both do endpoint monitoring and management and endpoint security in one dashboard. And that’s the value add. And that’s why MSPs love consuming the EDR offering through N-able because it’s that – because in that single pane of glass, that command they control, instill that powerful EDR technology that SentinelOne leverages. And then we layer that on top with the – basically the SentinelOne managed service to provide MSPs a little bit that extra level of control and comfort. So, that’s the mix and that’s how we go to market and it’s been a success. And as we mentioned, I think we have well over 1.4 million devices that are currently being protected with EDR today.

Got it. That’s helpful. And maybe on the OpEx side, I think an expected increase in R&D expense. How are you thinking – like how robust is the roadmap there? How might we anticipate ongoing hiring? It looks like you are getting leverage particularly out of like G&A. But with respect to R&D, just to kind of build on expectations there, as it’s kind of growing at a higher pace than revenue?

Yes, sure. So, Tim and I for years now, and I am actually coming – I just passed my 10-year anniversary in this space, for years now managed the business more from that rule of type of approach, right, that aspiring to be that rule of 50. And where we can lean in and invest to drive long-term durable growth, that’s where we are going to do it. And in our space, we have these MSPs, and what they tell us overwhelmingly, regardless of the country, regardless of the market that they are in, is they would love to consume and buy products from us. They trust our brand. They trust that if it’s built – purpose-built for them, it will help them scale, it will help them grow. And so for me, one of the best things we can do is continue whether it’s our own IP, like Cove or our mail offering or our password management offering or through integrations with enterprise-grade software, bringing more products to market. So, we will continue to lean in R&D as long as we see the opportunity. And we do see the opportunity. We have increased our R&D spending in Cove. We have increased our R&D spend in monitoring. We have increased via acquisition and through internal investment in cloud and cloud management. And we believe those will have positive returns. So, we are going to continue to lean in R&D. We believe it’s a massive opportunity for the MSPs. We believe we are still in early innings here, and we will continue to do that. And we will get scale and continue to drive our business. And as our collective revenue snowball gets bigger, we will be able to get scale in some OpEx areas. And R&D over time will get scale as we get more and more – as that top line continues to grow.

Got it. That’s helpful. Maybe last one for me on Cove. So, it sounds like great traction there, particularly with backup disaster recovery. What do you think you might have in terms of opportunity in adjacent markets like governance and data management or data migration, particularly as maybe the true endpoint, like the true end customers might be migrating from like on-prem to cloud. Some peers like Adfpoint, for example, have migrated into some of those areas, but maybe that’s because they are more enterprise-focused. But I am just wondering, what adjacencies might you have on top of what – or next to what you have already done on the Cove side?

Sure. It’s a good question. When we think adjacencies as it relates to Cove, really what pops up is selling in direct to some of the mid-market and small, medium enterprises directly. We have a – we don’t talk about this much, but we have a good part of our customer base come to us direct saying that they are looking for a data protection offering or a unified endpoint management offering direct because they are not using an MSP, or they want a co-manage option which is also helpful for MSP. So, one of the big areas that we are looking at for Cove in particular is around directly into those big markets. On – a couple of quarters ago, we talked about winning large internal IT departments, and a lot of times that’s led by Cove. And the Cove solution fits very elegantly in that medium and midsized enterprise. And so that’s an area that we are looking at from a go-to-market and channel point of view to potentially lean in a little bit there and accelerate our Cove story there as well.

Got it. Very helpful. Thank you.

Thank you. Our final question comes from Keith Bachman from BMO. Keith, please go ahead.

Hi. Thank you very much. I wanted to ask about the growth algorithm that you are thinking about. And the first part of it is, as you think about over the next 2 years organic or driving that R&D line versus acquisition versus partners, so to speak with SentinelOne or others, how do you think about the key drivers to expanding your portfolio? And the other side of that question, you mentioned your debt is at 2x. What’s your comfort level in kind of going – or what’s your strategy kind of going up or down on that as where interest rates are a little bit higher. But I just wanted to get your feedback on how should we be thinking about the portfolio expansion over the next, call it, 2 years and the three levers of organic partner in M&A and then the corollary gain on debt. How do you see or what’s your comfort on either expanding or contracting the debt level? Thanks.

Sure. Great question. And look, just to bring it up a level, right. The three verticals, if you will, that we continue to play in, the service that we provide to our MSPs are monitoring and management, data protection and security. And I would say we continue to look to expand on all three of those different verticals. And how we choose to and what the mix is really depends on where the offering is in its, what I will call, in its hype cycle. What is that best profile, and most importantly, what’s the best way to service our MSPs. When we looked at endpoint management – excuse me, endpoint security, this is now 5 years or 6 years ago, we looked at – back then we called it next-generation AV. Today, it’s more commonly known as EDR. And we looked – when we looked at that, and where that was in its hype cycle, we knew it was early days, we knew that there were companies across the globe, investing millions of dollars into research and development and we knew we wouldn’t be able to compete with that level of research investment and we wanted to make sure that we are providing an elegant solution to our customers and we decided to partner with SentinelOne. And so when we look at that, we are constantly looking at whether or not we can provide the best solution for our customers. If we think it’s right in our warehouse and our core competency, and that’s obviously IP that we want to acquire or build our self. If it’s something that may be better served, where our North Star is to help make this more efficient for MSPs and integrating and working with an enterprise-grade software company is the best thing for our customers. So, a lot of times, it’s really what’s out in the market, what’s the best way that we can service our customers over the long-term. And Keith, just as an example, we acquired Spinpanel because they are in the monitoring and management of cloud assets. So, that monitoring and management is core to what we do, and we believe we can build that better than everyone. So, we wanted to – we acquired that asset to get a little bit of a head start, great team, great IP. And now we are going to continue to invest. And as we look at different security offerings, we may choose to acquire if that fits our R&D kind of profile or investment thesis. But if not, this enterprise partnership is a tremendous success. I call it a quad win. It’s a win for the MSP, it’s a win for the small, medium enterprise. They have an enterprise-grade software. It’s a win for our partner, in this case, as an example, SentinelOne because we have just opened up access to their TAM. They were not going after the small and medium enterprise and we gave them access via our 25,000 MSPs. And it’s obviously a win for N-able, we get a richer LTV, a better relationship with our customers, we help them be secure. So, if we can find a quad win like that, that fits our profile, we are going to do that. As far as the leverage, I think Tim and I are comfortable with where we are at. And if we would – if we find a better use for our capital, i.e., via an acquisition that fits our thesis of servicing these MSPs and helping them whether it would be monitoring and management, security or data protection that we believe it will have a long-term durable benefit for our customers, we are willing to make that acquisition. And if that means increasing either using our balance sheet and the cash position we have or some debt, we have a revolver, we are willing to do that as well.

Okay. Well, consistent is good in this backdrop. So, I appreciate the questions. Thanks very much.

Thanks Keith.

Thank you. That is now the end of the Q&A session. I will now hand you back over to John Pagliuca for closing remarks.

Listen, thank you all for joining us on this quarterly earnings, and we appreciate your ongoing interest in N-able. And we will be signing off from Prague, so take care.