Good day, everyone, and welcome to Qualys Fourth Quarter 2018 Earnings Conference Call. This call is being recorded. At this time, all participants are in a listen-only mode. Later, we will conduct a question-and-answer session and instructions for asking a question will be given at that time.
I would now like to turn the call over to Natasha Asar, Investor Relations. Please go ahead, ma'am..
Good afternoon and welcome to Qualys’ fourth quarter and full year 2018 earnings call. Joining me today to discuss our results are Philippe Courtot, our chairman and CEO, and Melissa Fisher, our CFO.
Before we get started, I would like to remind you that our remarks today will include forward-looking statements that generally relate to future events or our future financial or operating performance. Actual results may differ materially from these statements.
Factors that could cause results to differ materially are set forth in today's press release and in our filings with the SEC, including our latest Form 10-Q and 10-K.
Any forward-looking statements that we make on this call are based on assumptions as of today, and we undertake no obligation to update these statements as a result of new information or future events. During this call, we will present both GAAP and non-GAAP financial measures.
A reconciliation of GAAP to non-GAAP measures is included in today's earnings press release. As a reminder, the press release, prepared remarks, and an accompanying investor presentation with supplemental information are available on our website. With that, I’d like to turn the call over to Philippe..
Thanks Natasha and welcome everyone to our Q4 earnings call. Melissa and I are pleased to report another strong quarter and year in terms of revenue growth and profitability.
These results underscore our position as the leading cloud-based security and compliance platform that unifies IT, security and compliance in a single-pane-of-glass view with two-second visibility across on-premises assets and clouds and soon mobile OT and IoT devices.
With 19 cloud apps native in our platform, we believe we are well positioned to expand our wallet share within our growing user base as well as gain new customers. At our User Conference in November, we observed that our customers increasingly view Qualys as a trusted strategic partner.
As we all know, the digital transformation of businesses, fuelled by an explosion of new technologies, is leaving gaping security holes in its wake. Organizations who are continuing to layer on point solutions that do not communicate with each other are seeing diminishing returns.
Qualys delivers a true platform, offering greater visibility, accuracy, and scalability across hybrid and cloud environments while ultimately allowing customers to reduce their overall spend.
To achieve security and compliance in this new hyper-connected environment and respond to an ever-increasing set of regulations, we believe that organization, in addition to deploying traditional firewalls and intrusion detection, must know in real-time what devices and applications are connected on the network, always know the security and compliance posture for every device both known and unknown, and take immediate remediation action whenever necessary.
This is precisely where traditional enterprise solutions are falling short as they were not designed to operate at such a scale and in reality, only solutions that adopt a cloud-based architecture can provide the necessary scale, visibility, correlation and immediacy.
We demonstrated to our customers at our User Conference the significant extensions we have made to our cloud-based platform and cloud apps.
In 2018, specifically we launched several new solutions into general availability or beta, including Container Security, Cloud Inventory, Cloud Security Assessment, Certificate Inventory, Certificate Assessment as well as our new groundbreaking app for global IT Asset Inventory which we call (AI) and CMDB Synchronization.
Our AI cloud app, formally launched yesterday, enable us to offer our customers a single 'source of truth' for all IT assets within hybrid environments, covering on-premises assets, endpoints, clouds, and soon, mobile, OT and IoT environments.
We also demonstrated our Passive Network Analysis solution (now in beta) that natively integrates network analysis functions (deep packet inspection, device fingerprinting and data correlation) into the Qualys Cloud Platform, delivering customers complete IT visibility at scale.
This new capability will enhance our global IT Asset Management offering by adding the visibility of unknown assets to the existing capabilities.
We acquired 1Mobility, completed in Q2, which will enable us to provide enterprises discovery, inventory, security, compliance and response on both enterprise-owned as well as employee-owned mobile devices, further expanding our footprint within our customer base; and we also completed the acquisition of Layered Insight, a pioneer and global leader in runtime container security, which will provide insight into container images, adaptive analysis of running containers, and automated enforcement of policy.
We are currently integrating Layered Insight’s technology into the Qualys Container Security App, which will allow us to uniquely bring transparent orchestration to container security. We expect to complete this integration in the second half of this year.
In the fourth quarter, we continued to expand our partnerships integrating with the AWS Security Hub, introducing Qualys vulnerability and policy compliance findings within AWS Security Hub.
We launched a Qualys Container Security solution on the new AWS Marketplace for containers; and we announced today an expanded relationship with IBM X-Force Red who will deploy Qualys Patch Management (PM) and Web Application Scanning (WAS) into global client environments along with its existing Vulnerability Management (VM) deployment.
This expansion enables X-Force Red Vulnerability Management Services (VMS) to automate vulnerability prioritization and patching, enabling clients to simplify vulnerability remediation and fix their most critical vulnerabilities using less resources and time.
Earlier in 2018, we have been expanding our capabilities in the Federal market with a deeper partnership with Carahsoft to market, sell and distribute the FedRAMP-authorized Qualys Gov Platform, and are now working on attaining FedRamp certification.
We are broadening our relationships with key partners, including Microsoft and IBM by adding an integration into Microsoft’s hybrid cloud, Azure Stack, releasing monitoring and assessment for the CIS (Center for Internet Security) Microsoft Azure Foundations Benchmark within our Cloud Security Assessment (CSA) Cloud App, adding an integration with X-Force Red, which will deploy the Qualys Cloud Agent and Qualys Cloud Apps into client environments across the globe, and adding an integration with IBM’s first open cloud platform (IBM Security Connect).
We are releasing our Qualys Community Edition, a free version of our cloud platform to provide organizations including SMBs, consultants and managed service providers (MSPs) with a unified view of IT, security and compliance, as well as two other free services, CloudView and CertView, providing companies of all sizes instant ability to track and monitor digital certificates and cloud resources.
And we launch a new comprehensive offering, as well the Qualys Consulting Edition, for consultants, consulting organizations and MSPs, enabling them to perform multiple ongoing vulnerability assessment engagements and track these results from a single, centralized and self-updating platform.
So now building upon a very successful 2018, we will continue to increase our competitive advantage by releasing new groundbreaking security and compliance applications, leveraging both our talent base as well as acquired technologies.
Our current plans in 2019 include, the release of new solutions such as Passive Network Discovery, Secure Access Control, Certificate Management and Cloud Security Management.
The general availability of Patch Management, announced today, enabling IT and SecOps teams to quickly target critical common vulnerabilities and exposures, then deploy the patches across endpoints, on-premises or cloud assets and verify remediation all from one console. Continued acquisitions to enhance our product suite.
In January, we completed the acquisition of Adya, a small innovative Indian startup that built their solution on the AWS Lambda platform. Adya’s solution enables security and compliance audits of SaaS applications, which is becoming critical to enterprise as they increasingly rely on cloud-based software.
The Adya cloud-based solution provides companies of all sizes with the ability to consolidate administration of their Software as a Service (SaaS) applications into one console, manage license costs across SaaS applications, set and enforce security policies in one place and report and audit on all activity with a single tool.
And finally, we have invested significantly in our backend, continuing to believe what we believe to be the most robust and scalable cloud platform in our market. We now have almost two trillion security data points indexed in our elastic search clusters, providing almost instant query results and alerts.
This gives our customers 2-second visibility, and as we know, visibility, accuracy and scale are the keystone of security. To support the significant number of additional solutions, we are bringing to market, we increased our sales organization in the second half of 2018 by over 20% and we will continue to do so over the next year.
We expect to continue to outperform market growth in 2019 while producing high levels of profitability.
We are very optimistic about the opportunity to increase bookings growth in the future because our newest solutions, which solves meaningful problems for customers, and are priced similar to our premium to Vulnerability Management and Policy Compliance and for example our Cloud Agent and Threat Protection which are priced at a fraction of Vulnerability Management and Policy Compliance.
Qualys continues to clearly move well beyond the vulnerability management and increase its competitive advantage through the acceleration of multi-product adoption. This naturally increases our stickiness, which is a key element of our profitable growth, driving value for our shareholders.
With that, I’ll turn the call over to Melissa to discuss our financial results, guidance and metrics. Thank you..
Thanks, Philippe and good afternoon. Before I start, I'd like to note that, except for revenue, all financial figures are non-GAAP and growth rates are based on comparisons to the prior year period, unless stated otherwise. Our solid Q4 financial and operational results continue to reflect the healthy demand for our scalable and robust Cloud Platform.
This is evidenced in the following financial and operational highlights. Revenues for the fourth quarter of 2018 grew 18% to $74.2 million.
Platform adoption continued to increase as the percentage of enterprise customers with three or more Qualys solutions rose to 41% from 32% and the percentage of enterprise customers with four or more Qualys solutions increased to 21% from 15%.
New products released since 2015 contributed approximately 26% of total bookings in the quarter, up from 15%; and similar to Q3, we saw higher growth in the total number of orders from our SME and PCI customers.
This positive result pulled our historical year-over-year average deal size increase down to 5%; however, the average deal size for our enterprise customers grew 11% year-over-year. Our scalable platform model continues to drive superior margins and generate significant cash flow.
Adjusted EBITDA for the fourth quarter of 2018 was $29.1 million, representing a 39% margin versus 38%. For comparability purposes, Q4 Adjusted EBITDA margin would have been 37%, normalized for the impact of 606 and software capitalization.
Q4 EPS grew 62% including the benefit of a tax true-up; normalized for this, Q4 EPS would have grown a healthy 44%. And we generated strong operating cash flow for the fourth quarter of 2018 of $29 million, an increase of 12%.
In Q4, we continued to invest the cash we generated from operations back into Qualys including $6 million on capital expenditures, including principal payments under capital lease obligations; $10.3 million on the acquisition of Layered Insight; and $38.5 million to repurchase 521,257 of our shares.
Looking back on the year, we had a successful 2018 at Qualys as we released several new products, features and enhancements, completed two acquisitions and made our first minority investment.
Saw an acceleration in the number of customers spending $500,000 or more; enjoyed continued Cloud Agent adoption with 16.2 million Cloud Agents purchased over the last twelve months, up from 6.0 million, over 150% growth.
Benefited from strong performance from new products released since 2015 which, at 20% of 2018 bookings almost double the prior year contributed to growth of our subscription revenues by 20%, when you normalized for the positive impact of FX.
And we achieved record EBITDA margins of 39% and grew operating cash flow 21%, normalized for the 606 benefit, software capitalization and our investment in 42Crunch. All this despite our continued investment in the business, including 37% year-over-year growth in headcount in 2018.
Looking to 2019, we expect full year revenue in the range of $320 million to $323 million, which represents a growth rate of 15% to 16% and Q1 revenue in the range of $74.5 million to $75.2 million, which represents a growth rate of 15% to 16%. We are excited about the opportunities to accelerate revenue growth with our new solutions.
Many of our newest solutions, for example, FIM, IoC and AI, are priced similar to or at a premium to Vulnerability Management and Policy Compliance as Phillipe mentioned.
As you have seen, the multi-product adoption has increased quarter-after-quarter however these newer solutions are still early in their adoption and consistent with prior years, we are not assuming a material contribution from new solutions in our guidance. Furthermore, the large deal we referenced on our Q3 earnings call has not yet concluded.
In terms of 2019 profitability, we expect to maintain our industry-leading margins while further investing to set the stage for future revenue growth. While we achieved record profitability in 2018, we invested in the business throughout the year, particularly in building our team, driving our record, 2018 headcount growth of 325 employees.
This spend was back-end loaded and combined with additional expenditures we plan to make in 2019 across our engineering, sales and marketing, operations and administrative functions, will result in our EBITDA margin in FY. 2019 in a range of 37% to 38% based on our current forecasts.
We expect capital expenditures from operations to be roughly flat with 2018, in a range of $22 million to $27 million. We are continuing to invest to support the growth of the business, but we will be benefiting from earlier investments in building our data center and U.S. office locations.
Additionally, we expect to purchase less hardware for physical scanner subscriptions as customers increasingly subscribe to virtual scanners. As we have significantly increased our employee base in Pune, we do expect to spend an additional $4 million in the second half of 2019 for the beginning of our build-up of a new Qualys facility in Pune.
For the first quarter of 2019, we expect capital expenditures to be in the range of $8.5 to $9.5 million. Even with all of these infrastructure investments, we expect our year-over-year free cash flow growth to exceed the earnings growth currently implied by our guidance.
We feel very well-positioned in our markets given the unique nature of our integrated IT, security and compliance Cloud Platform. Our customer count growth accelerated in 2018 and we added almost 1,100 active users to our free solutions.
Our new solutions provide the opportunity for us to increase average revenue per user, accelerate revenue growth and, driven by our highly scalable model, expand margins in the future. Our focus continues to be growing our foundation of recurring revenues and maintaining strong profitability.
With that, Philippe and I would be happy to answer any of your questions..
Thank you. [Operator Instructions] Your first question comes from Howard Smith with First Analysis. Your line is open..
Yes, can you hear me?.
Yes, we can..
Okay, good. Thank you.
Good afternoon, I just wanted to start in thinking about the revenue guidance for 2019 in the context of some of your longer-term guidance and one, are you still comfortable with the 2021 projection of low twenties growth rate? And if so, is the idea these products that are coming out in the investments you're making now in in 19 in the headcount and sales you'll starts to really kick in an earnest in the following years and cause that acceleration.
Maybe you can just put it in context for us?.
Yes, I'll take this Howard. Let me start with the 19 and then come back to the 2021. So, we have a very healthy business as I mentioned. Multi product adoption continues to increase and new solutions contributed to 26% of our bookings.
Having said that, consistent with prior years we said that we are not assuming a material contribution from new solutions for the purposes of guidance because it's prudent given that the pace of adoption at can be difficult to predict.
Now, the framework for the 2021 growth rate target with the fact that all the additional solutions, when you add them up in totality come to at least $10 or ten times that of a $1 spend of VM and that framework hasn’t changed. So now that, we don’t update the model on a quarterly basis.
The framework hasn't changed and so everything that we're doing now should put us in position to achieve that..
And I will add to what Melissa said is that we have a very strong pipeline. In our business, we see a lot of very good adoptions who are very eager to bring these new services to market.
But again, it takes time minister stated that weather very strong pipeline you know business received a lot of very good at options were very eager to bring these new services to market but again it takes time. So, we have been really prudent.
And as Melissa indicated in her comments earlier today, because of the cloud agent and the threat protects are only a fraction today of our vulnerability management solution and we have such a huge base of it become harder for the services to fuel accelerate growth and that’s why essentially the combination of these two factors the reason why we have taken a prudent approach to our revenues.
Again, as we all know being 100% pure subscription base company doesn’t help in the term of revenues because you need to of course take the revenue as you deliver them and so this is where we are. So, I think we are really bullish about the business.
Where we are, we made significant investment in our backhand and you are going to see even more things in 2019 which we believe are going to add if you prefer to the very disruptive nature. And again, the passive scanning is not yet there.
So of course, we are not, we are essentially competing today on the traditional market against the two companies which is Tenable and Rapid7. But of course, we have a lot of more now to grow and compete while being here of course with passive scanning will bring us in competition with ForeScout and others.
But all of that out of a single platform and that’s a really core feature of Qualys and that’s where we have put a lot of efforts scaling. To scale to the security had the scale that you need to -- is not a walk in the park..
Great. Well I think that’s a thorough response. I’ll just leave it there and I’ll get back in queue if I need to. Thank you..
Thank you..
Thank you. Your next question comes from Erik Suppiger from JMP Securities. Your line is open..
Hi. This is Michale Burge on for Erik Suppiger. Quick question on I’m going to dive down little bit deeper into the guide. Can you help us walkthrough why it’s almost 3% lower word on the street? It seems like your new products are doing good initial traction.
We had some shocks that suggested the IT asset inventory and process scanning are really well light upon beta tester.
So, can you just describe to us why the lower guide?.
Yes, so let me remind you. We purposely to our full year guidance as being the Q4. Because Q4 has a meaningful impact on the guidance for the year. So, the early expectations were not our guidance. This is our first time setting firm guidance for the year. And as I earlier mentioned, we have a very healthy business.
As you said the key metrics that we look at like multi product adoption and the contribution of new products into bookings have been doing very well actually mentioned those earlier new products like Cloud Agent and Threat Protection are only priced to the fraction of what I’ll call the older products policy compliance and Vulnerability Management.
The newer solutions that are coming out are priced at least similar to or premium to policy compliance in Vulnerability Management. That’s the opportunity to accelerate revenue growth in the future.
But for the purpose of revenue guidance, we are not assuming a material contribution from these new solutions because it’s difficult to predict what the uptake, with the patient the adoption will be..
So, if I'm hearing you correctly it sounds like accelerating revenue growth is still the plan for 20 and 21 it's just the 19 numbers, you're gauging that based on what happened in the fourth quarter is that my understanding?.
Let me clarify something. So, first of all, we've never giving guidance for 19 or 2020 before today.
So, if you look back at our both of our June presentation as well as the one we had at QSC, the long-term target that we provided was for a growth rate in 2021 and because it would have been frankly a really precise for us at that point in time to be able to give guidance for all the years up until then.
And you know as we've mentioned we always actually think it's in the most prudent way.
So, with regards to guidance for this year Q4 obviously had an impact as well as other quarters and we have this large base of customers and revenues and in order to continue the growth rate at the levels for example that we achieved in 2018, we will need additional contribution from these solutions..
Yes, and to answer your question directly here is that, yes, we do anticipate of course that these new services which carries a much bigger dollar value that the VM, which will be adopted by customers in fact will contribute to accelerate growth in the future..
Okay. That helps answer my question. Thank you..
Thank you. Your next question comes from Daniel Ives with Wedbush Securities. Your lines is open..
Yes, thank you. So, first question in regard to your large, obviously the Q3 hasn’t closed yet which talked about appreciate that.
In terms of embedded in the 2019 guidance have you factored in any of your larger deals of those sizes and specifically that Q3 deal to close in 2019?.
Thanks Dan. We don't take those type of outside opportunities into our guidance because again we believe that we should be prudent with our guidance. So, something that would, deals that are close of those sizes would be additive to what we have assumed..
Yes, that could be a bit specific about that one deal.
That one deal this is a customer, which essentially migrating a lot of his infrastructure at the time we are about to get the order into a cloud into the cloud business development and for us to essentially complete the deal, we would like to put our solution to that specific cloud that they have selected which is something in the making but of course that we don't have done yet than until that happens obviously it kind of materialize..
Okay. And in terms of leverage because obviously the margin guidance for next year real strong. In terms of the model, I know you have not given longer term guidance but is there just a lot more leverage even left in the model just as you just continue on to the strategy? Maybe you could just talk about that.
Because obviously margins strong for next year, maybe just some thoughts going ahead?.
Yes, thanks Dan. We are proud of our industry leading margins and are delighted with what we achieved in the past year. We gave in conjunction with the 2020 outlook we did provide an outlook on margins and so the margin for 2021 which we provided EBITDA, adjusted EBITDA margin range of 40% to 42%.
I think the big picture this is a very scalable model and as you saw in 2018 the more we drive the revenue growth to be higher the more we actually expand margins..
Yes, absolutely and just to add to what Melissa said effectively we have a lot of leverage in that model and we really build some highly leverage model and in fact you can see that because we did increase our salesforce significantly at the second half of last year by about 20%.
And we’ll continue expanding our salesforce because of all these new services that we have. In fact we have our market strategy I will add this as two point. One you are going to see us launching a lot of what we call mini campaigns which are campaigns whereby we invite people to try specific solution.
We have now 19 solution and more to come and then we are going to top and build a top down approach which is essentially going to the CIO etcetera to explain to them the value of the Qualys platform.
So, this is absolutely in the making and despite all of that that in fact you could see that the model still generates significant profitability and that’s the leverage inherent to the model because we adopted absolutely a cloud, really the model has a lot of components on the leverage.
Of course, are - there is a leverage as the work to do about 700 people now in Pune just visited Pune last year there is a ton of talent in operation there and that give us significant leverage plus also the relationship with also served and addition of partners, so I think we're extremely well positioned..
Thank you..
Thank you. Your next question comes from Melissa Franchi with Morgan Stanley. Your line is open..
Thank you for taking my question. So, I just want to circle back to sort of the same idea of previous questions and thinking about the acceleration or potential acceleration in the future. So, multi-product adoption continues to proceed nicely, and new products are contributing to bookings fairly well.
But billings growth did slow this quarter and so, I'm just wondering if you could maybe talk about what's happening in the core of VM business and as you're thinking about the acceleration over the next few years what you need to assume about the health and pricing dynamics of core Vulnerability Management?.
Hi Melissa, it’s Melissa. I’m going to try and take those one at a time. So, first of all let me handle your billings question.
So, as I mentioned we have a very healthy business and as we previously discussed that we often in collaboration with our customers move deals from the end of a quarter to the beginning of the following quarter to lessen the procurement pain on both ends as we did in Q4.
The impact to us if a dare to revenue and this is baked into our annual revenue guidance.
So, I think the bigger question of that you're trying to answer is well how do we think about the growth prospects? And the way I think about that based on the conversations with investors is well you would evaluate our revenue guidance which we said doesn't assume a mature contribution from the solution and then SaaS what you think the uptake of these new solutions to be as I said which are not baked into our revenue guidance.
With regards to the health of the core Vulnerability Management, so I would say a couple of things it still continues to remain healthy.
As we’ve talked about previously, we don't intent our sales force by product so we don't manage the business on a product basis ourselves versus -- on total dollars and that way they're working with the customers to provide the customers exactly what they need and they're not pushing specific products that they're not going to use to play and then turn off.
So, we do assume that Vulnerability Management remains healthy, but it's not. I would say there's a number of different scenarios on a product basis that could accomplish the long-term target in 2021..
Yes, and I will add to what Melissa said. If you look at the Vulnerability Management, our larger customers today as we mention as you look at the gross retention rate of customers which are more than for solution - 999% percent which is absolutely strong.
So, today if you look at the VM specifically while much more continuing competing at the mid-market rather than at the large enterprise and to continue expanding significantly. So, for us we believe that today we have two competitors in the marketplace one is Tenable and the other one is Rapid 7.
So, what we see specifically Rapid 7 is actually more providing with the inside, they are more attacking the marketplace of the low end on the plank and that's where they find their growth and they have done a pretty good job at packaging their solution along the -- but still they don’t scale.
That we see that every time they try to capture one of all off customers which we can if I look to the larger, the enterprise customers that we could do we that we lose you can count them in one hand and typically all of those company would not deploy more than more than two solutions.
As far Tenable is concerned, Tenable is extremely aggressive in price today, so they try to steal the business, the - they are still much more into the mid-market where we compete.
So, what we believe in term of -- so we don't compete really on price because scalability wins at the end of a day and we lose on price, we typically recover these customers one or two years later.
So, what we believe is as we deliver more and more solution of course we are gunning for the competition and it's going to become harder and harder and harder to compete with Qualys as we deliver all business services. So once the asset inventory that you can do, the patch management that you can do.
The passive scanning also, all of that integrated into a single platform. We really believe there is going to be a harder in order to compete with Qualys and that’s what makes us very confident. In addition to it, we have a very significant pipeline that we have today that were build.
Again, all of that needs to be translated into revenues which again, this is where we have a little bit of a disadvantage because we have zero dollar of perpetual license..
Got it. That's helpful. Talking about the sales force and you've made some acceleration in hiring for the sales force for the second half of the year, how do you feel about the capabilities of those individuals in terms of selling the broader suite.
I know a number of products are not yet on the market, but are they fully ramped in selling the broader portfolio or is there still work to do in terms of selling the suite?.
So, I would answer that, they are fully ramped to sell the new service -- all the new services, first of all, and the reason I would substantiate why? If you recall, we have in fact, structural sales force between the hunters and the farmers.
The hunters they own they are old technical and we hire them from our customers that they already have the understanding of what it takes to deploy enterprise solution et cetera, of course, they can pick up pretty quickly new solutions of course where we train them, et cetera, but also backed by SMEs subject matter experts and we have done one change today with our post-sales if you prefer, our farmers which reflects by the way, the fact that Qualys is becoming extremely strategic for lot of companies.
We have now divided them into what we call the [indiscernible] which is the major account solution architects and of course the regular technical account managers. We did that, so we could have now the best of our times have now been promoted to essentially handle less number of account, but much bigger one.
So, they have about typically about 10 accounts that has been already implemented, which of course allows us to grow with some banks, which we can see, we could triple, quadruple the revenues that we do and so -- as an example, so that's what we have done for the post-sales.
And that is pretty much done, essentially, globally in countries where we have enough of these very large customers, which is not of course every country but essentially Europe and the U.S. and not yet in Asia, but that will come. Now on the new business side, we are expanding, in fact now more, that's where we make the investment.
Our new business salesforce which now we're hiring typically from consulting organization again technical people then, which have now know-how to sell to the C-suite, which is obviously what is going to be the new if you prefer impetus [ph] of Qualys since now we have only solutions together build into one single solution.
So that's essentially what’s we're done in the go-to market and again all that if you prefer supported by what I mentioned earlier, which is that flurry as you all going to see these many campaigns going after. Okay. Try out file Integrity Monitoring solution, et cetera well about 20 of those new campaigns.
On the other way, which are going to essentially allow us to go to the bottom and then we are now preparing a big campaign starting at RSA with setting top down and that's essentially what we have organized and all the investment has already been made, essentially..
Very helpful. Thank you very much..
Thank you. Your next question comes Alex Henderson with Needham. Your line is open..
Hi, I just wanted to hit a couple of quick ones. First off, could you give a geo split in a sense of what the growth rates are in geo's, I don't think that was offered up? And then second along the same lines, the acquisition, any sense of the size of that in terms of either revenues cost that we need to build into the model would be helpful.
And I've got a follow-up..
What was it -- I'm not sure that I understood the second question?.
The size of Adya?.
The size of Adya, of Adya. This is a small company what is interesting it is a fascinating company by the way, it's a very small company..
No, we are not looking for a description of the company. I'm just needing the revenue and costs associated with it..
It's not material. It’s really like a acquire-hire, Alex..
Yes, correct. Correct..
Perfect..
What is interesting with them is that they have done everything based on the AWS Lambda which is service less architectures. So, you realize it’s surely cost effective for them to deploy -- to develop that application because they only have to upload their code into the AWS platform. So, to answer your previous question.
Today If you look at the dynamic. As you know, U.S. has always been the bigger market and then followed by Europe and then by Asia. We are starting to see India by the way as a very significant market for us as we're picking up a lot of steam there.
But globally speaking, we see today that growth rate in Europe being now to be little bit higher than in the U.S. and the reason is because of course, the U.S. has already deployed all these that move much more than Europe, the threat protect and all of these -- and all of these services which are only carrying a fraction of the cost.
However, as we develop these new services, we believe is going to revert back. The U.S. being growing much faster than Europe because again, so much that we can sell to our existing huge large base of -- large companies and therefore while this is that change. So that's the dynamic that we have.
Does that -- is that clear?.
Yes.
But I'm really wasn't, wanted that -- I'm just looking for this, the mechanical splits?.
What do you mean by that?.
As far as, I mean do you have the, what's the -- what portion was in U.S., what portion was in Europe?.
It's about typically 70% in the U.S., 25% in Europe and 5% in the Asia-Pac..
All right.
Was it the same as normal or was there any changes?.
Yes, that significantly change..
Okay. And then looking at the guide for the 2019 period.
Can you give us some sense of what you're thinking in terms of impact from FX, economic activity any of the sort of exogenous variables are you taking into account a slower condition as a result of recent geo slowdowns or any change in conditions that you're seeing as a result of those broader environmental issues?.
Yes, so we believe today that the impact from FX was immaterial, but we know that things could change. So, it obviously depends on how rates move. We do believe that the market for our products is still very healthy..
Yes, absolutely. And on the geo side, I don't -- we don't see much change today, the dynamics for example, Europe. Thanks to our global IT asset inventory have been very strategic for large European companies, especially because of GDPR. One of the things they've got to do is their global IT asset inventory.
So that's a product that we see could take -- is going to take traction because it gained the platform aspect that we have, we help them to save money. So, we don't see any geopolitical impact. With the exception I think India, we're extremely well positioned to see of course to really becoming an interesting market for us.
But again, it's just the beginning here..
One last question, before I leave the floor.
What rate of hiring and sales do you expect in 2019 and built into your model? Thanks, and then I'll leave the floor?.
So, we have increased that by 20% last year, our sales force of course, we don't need to increase as much and the reason is because I don't have the exact number, but it's certainly not meant to be 20%, I can tell you. The reason is because on our farmers, it's totally predictable.
This is absolutely of course and we -- the best part of the model is that if I double the revenues on an existing customers. I don't need to double the size of our technical account managers, it's more on the new business side. So, I would say today that it's less -- it's quite less than 20%.
We make the effort that the second half and I think we're going to continue expanding more on the new business side and on the farmers it depends on the growth of the new business essentially..
Yes, and I would just add to that as we've had mentioned that a lot of the sales -- a lot of these ad will come in the second half. So, we're going to see from an expense perspective, obviously hit the full year in 2019.
So, from a modelling perspective you're going to see that, there is highest investment for us in the year-over-year basis via R&D, and sales and market..
Thank you. Your next question comes from Sterling Auty with JP Morgan. Your line is open..
Yes, hi guys.
So I'm bouncing between calls, so I'm still little confused about the guidance for 2019 revenue and the slowdown, I caught the -- not including the new products given, want to make sure you get confidence and I think I caught the one or two days maybe difference in terms of revenue recognition, but what else explains the, it's a pretty material slowdown from the rate that you have been seeing is it competitive, is it something that you're seeing in the customers.
I'm still not clear?.
No, it's essentially the fact that we're prudent because today you have to realize that what was fuelling our growth is essentially the cloud agent, which is doing very well. And the threat protects business services and they are a fraction of the cost of for $1 of VM -- we got $0.20 of those products.
So, because we have such a huge base today, growing that base of course will require if you prefer bigger guns and this is exactly where these new services that we have now today, which carry far more than for a $1 VM. We have -- we have these new services are multiple of $1 VM. So, they will grind.
We see today for example, one of the services, which was like the themes specifically it now starting to grind because we have the full product, the APIs and so for this just at the beginning. So, we're being prudent, and we don't want to have extend our thoughts. And that's the fundamental reason here.
So, we hope that we are going to do significantly better. Quite frankly, but we didn't want to and yet, what is remarkable I will add is that we can maintain our profitability and avoid continuing investing. That's not the case of many.
So, we try to balance that I think we’ve been doing that and that today we say I wish we could continue populating the world with agents and with threat protect et cetera.
But of course, we have such a large user base, specifically in the U.S., which have adopted that pretty well, which by the way again remember these Agent generated additional services and all of that, this more [indiscernible] will be greater, but it takes some well prudent..
So, basically, you're saying the core VM growth has been constant or steady over the last couple of years, you had a surge, but you had an uplift from adoption of cloud agent.
But now that you've gotten to a certain level of penetration that growth will now kind of more normalized and now it's just the timing as you wait for the new products to kick in to recur again?.
Yes, that's exactly. That's exactly it. Now, we could be surprised, pleasantly because these new products are very good by the way, we know that. So, I'm not questioning at all the adoption of this new product is more question of timing here..
Yes, I guess Sterling, I may help you, to give you a breakdown from a revenue perspective, our VM grew 20% the past year and the so called non-VM categories grew 23%, so VM is fairly good..
Yes. Because of course, fuelled by the component of the cloud agent and Threat protect that's exactly the point..
Thank you. Your next question comes from Rob Owens with KeyBanc Capital Markets. Your line is open..
Yes.
So, if you look at the slowing follow-on, I guess, is it the VM that slows relative to '19 and with the 20% hiring throughout the year or/in the back half, how do you think about sales force productivity and what point of do those get fully ramped?.
So, what we have today. Again, we need to distinguish between the farmers and the hunters. The farmers are extremely good productivity. Of course, we make an investment. But all that as we said new services though -- I would say that we certainly will maintain if not increase the productivity on our farmers, it's on the new business side that today.
Of course, it takes a bit longer. And also, we have tendency naturally to instead of pushing these to make them bigger and bigger and bigger.
We try to -- we prefer to land the customer young if you prefer and then grow that customer that has been our model since the very beginning, because of course it’s significantly more profitable than trying to go give big discounts at the end of the quarter and all these things that enterprise software is pretty good.
And like our competitors I'll name a few of them but to absolutely down their price. So that's never been Qualys. So, we try to do, Okay, let's start smaller and then let’s grow over the customer. That has been our philosophy, as a result of that the ramping of that sales force -- of the new business salesforce is much slower..
Okay, great. Thank you..
Thank you. Your next question comes from Matt Hedberg with RBC Capital Markets. Your line is open..
Yes, thanks guys. I guess, following up on Sterling and Rob's question, the VM market seems to -- seems to remain healthy. I mean, I think 20% growth is pretty good relative to historical trends. I know it’s hard to generalize fleet.
But I guess excluding Cloud Agent, do you have a sense for how penetrated your customer base is in terms of being scanned.
In other words, like how much dark space is there in networks within your customer base?.
I would say today there is not that much, if you look at the large companies, in fact, that's the reason why Qualys is so strong in that marketplace and the large enterprise that what's in our case -- our competition despite their pricing tactic and everything they can say, they really don't take that market away from us is because of scale and I will say that today there is still some more growth, but for us it's more at the endpoint.
On the service side, I think the large companies are pretty now looking continuously, and on the endpoint of course, we have now more opportunities because of the asset inventories going to put our agent from the endpoint and of course now suddenly you do more VM and on and on. So, for us the green space or the --.
Dark space..
Dark space is on the endpoint, which is quite significant. So, that's where we see the future growth. And of course, IoC all these new solutions that all recalls an agent, the Patch Management is going to really propel and once now you suddenly do Patch Management on the endpoint.
What about doing Vulnerability Management? What about doing compliance? Well, in the past, people were saying, okay, okay, I'm not going to do it, or I've got another agent, I've got so many agents. Now today, they've got a compelling reason to go. So that's what we see on the high-end of their marketplace.
The mid-market, what mid-market or small more market. The new space is the cloud, which we're extremely well positioned. More and more the SME & SMB are moving to the cloud.
And therefore, it's now a kind of a different market and that's where we compete really essentially with Tenable and Rapid7 is in the mid-market which is also moving into the cloud, and there we believe we have a unique advantage because of our agent can natively be as they are today integrated with Azure where they are about to fully be integrated the same way with AWS, as well as with Google and soon with IBM as well.
And, at some point in time also Alibaba. So, I think we're native in the cloud, and that will give us an advantage. Currently today that's where we fight if you prefer..
Great. Thanks a lot..
Thank you. Your next question comes from Gur Talpaz with Stifel. Your line is open..
Hi, this is actually Chris Speros on for Gur. Thanks for squeezing us in here [indiscernible].
But can you speak to the demand that you saw in Q4 for the recently launched Container Security and asset inventory products as well as the feedback you've received from customers in the passive scanning data?.
Absolutely, so the Container Security, this is definitively will be the new game in town. It’s still early in the market, customers are adapting Container Security. So how we -- by the way? We have containerized now almost everything that Qualys does. This is really the future.
It totally changed a lot of the IT dynamics and of course, so, but it's still early. So today everybody life's, our vulnerability assessment solution that we have for containers, it's very straightforward. We have quite a very good use cases from customers.
Now, we're integrating with that acquisition with they are inside, which will happen most likely because quite of complexity, more in the Q2 end of Q2 time frame, second half maybe Q3, which then will have the full solution for Container Security because not only you can do the assessment, but also you do the run time and then you can of course control and push your policies, but that's the new big game.
No question, I think we're extremely well positioned, but in term of revenues, this is still little bit early. As far as the passive scanning is concerned, I am very impatient to get that being delivered. It's today, it's we have a fantastic solution.
We are better as you know, I would expect because there's a lot of complexity with technically that you need to absolutely to make it easily deployable et cetera. I think we will be in Q2 GA, and that component has a lot of -- this is the ForeScout competitor except that is going to be totally integrated with the Qualys platform.
So, you have -- at the same time agent, agentless all that into a single platform, the full view of your global IT assets inventory. Now you can do network traffic. It's also well embarking into another major developments which are -- we are going to speak a little bit later in the year.
It's also gives so much information and now what is fascinating is when you combine agentless, which is the scanning, agent plus the passive scanning you are dealing now with the volume of data that there is not a single company today who can do that.
And that's essentially what we're now working on our back-end is to bring all that data into a single place where you can analyze, correlate et cetera, et cetera. So that's the new game. So passive scanning is very strategic for us.
And I think we are doing a good -- we are taking our time because you need to build that at scale, and that's why the big challenges are worth mentioning already have index 2 trillion data points on our Elasticsearch Clusters, believe it or not Elasticsearch is becoming too slow. So that's the new frontiers.
So, we're really moving into that new frontier as well. So, and later this year we will talk about that..
Awesome. Thanks guys..
Thank you. Your next question comes from Josh Tilton with Berenberg. Your line is open..
Hi, thanks for taking my question. Just one more on the guidance. If the new products being released grow at a similar rate of the older non-VM product. Should we expect upside to the guidance as to the price to higher.
And then maybe just what level of contribution the revenues you are hoping from these new products that have yet to be released?.
Yes. So, as I mentioned, since the guidance doesn't -- assuming a material contribution from these new solutions should that happen, yes, that would be an additional contribution to our revenue guidance. I'm not sure, I understood the second part of your question..
Do you guys have any anticipated contribution to total revenues from the new products that are yet to be released?.
We really don't manage our business on a product basis.
We really, as Philippe mentioned we have hunter and farmer sales force and so our sales force is focused on -- what we call farmers are focused on renewals and upsells and those are all done on a dollar basis and that's because we don't want our sales force pushing product and customer that they're not going to use and that they're going to just turn off.
So, we've always kept our sales force, as I mentioned with dollar-base, as we don't manage the business on a product basis..
Yes, but I think the question was, unless I misunderstood on these new services like the Patch Management and all that and we said that we have not really consider that as a meaningful revenue to 2019 because it's hard to predict the ramp of, the adoption ramp.
We are very confident that our customers will adapt it, but it takes some time because they need to find the budget, they do the proof of concept, et cetera. Some time, it's a displacement much more than, so you got all that takes time, but we are absolutely confident of the adoption of these new services..
Yes, that's a flattered color -- I was portraying to write the framework of how we manage our business, which is based on contribution from new customers and then growth of existing..
And are you guys expecting similar uptake by customers relative for the older products that have been released in 2015?.
We said the actual curve is going to depend on what the pace of adoption is and without any data points, it's hard to impart what the curves is going to be some maybe faster, some maybe slower..
Right. However, if you look at the key metrics that we disclosed that the number of customers, which have adapted two or more solution, which now is I think 70%. And then those growth rate, which I think today it's 40%..
41%..
41%. Those who have adapted four and more, which is --.
21%..
21% and now we show the 10%, which is about 10%, correct?.
5. 5% to 10%..
That was 5% to 10%. We can absolutely say that today, we believe that of course these new products they all continue feeling that, so at the end of the day, we believe that 70% of our customer base are going to adopt all our four solutions.
Why is because while you would never want to do that when they are all in one single platform, a single administration, self-updating all of these benefits and it start to reduce significantly your cost, as you're instead of relying on all these different solutions that you got to integrate to manage different teams all of that will lead to a lot of cost.
So, we're very confident that overall whether we cannot really predict is essentially the ramp in the early days. So today, as we start to see having data points, so today we can see the trajectory by the way of the three plus which today at 40% you could almost predict tomorrow they are going to be at 70%.
But those, which are the more you go into, of course, the newer ones they harder to predict because we have less data point.
Does that make sense?.
Yes. Thank you very much..
Thank you. Your next question comes from Patrick Colville with Arete Research. Your line is open..
Thank you for taking my question. Can I ask about the Patch Management tool, because I know in my work speaking to CISOs that is going to be a product that's going to be really in demand? And so, I'd like to better understand it in terms of what is the tool, I guess, can offer and when it's like to be released. Yes, that'd be great. Thank you..
So, we just announced today that the Patch Management is really going to launch in a few weeks. So, it's ready to go. Now would that Patch Management solution is really unique because it cuts across all the different environment. The Patch Management tools today that you have are very specific to Windows, to Unix, to this to that.
So, it's a nightmare for companies when they're for example to put an urgent patch, which cuts across like one acquired. So, there is not the multiple environment.
Today with Qualys you are now able to essentially first of all, Qualys will tell you exactly where all your vulnerabilities are? Where did you need to patch? And then you just push button and it will be all patched.
Now, you could of course not do that 100% of that [indiscernible], you may want to have some kind of steps in-between but that's become an operational issue for the companies. So, that multi-patching capabilities is very unique of Qualys. So that's one big differentiator. And then after that, the question becomes also a question of automation.
The problem today is that this, you had never tied very well vulnerability with Patch Management with the superseding patches and that's how we resolved all of this part. So, look at us, operationalizing it. So, for example, we have solution on Patch Management like some of the macro file solution excels [ph] are totally free.
But the problem is that you just do patching without the visibility. So, Qualys will relatively very attractive price everything automated give you this capability. So, we cannot tell you again the rate of adoption. It's too soon.
However, I can tell you that we're solving a real problem here because immediacy of patching has become today very important because the more time it takes -- you take to eliminate your vulnerabilities, the more time you give for the bad guys to essentially damage you and as you know today, zero days used to be few months before the exploit could -- was in a while though it published now today, it's almost minutes.
It's absolutely pretty fast. So, you better be at the top of your vulnerabilities. But then you need to patch. Without the remediation, identifying your vulnerabilities, whether it admits. Okay, so the only -- so you could shut down your network, close down your network, then you don't do any business. So that image [ph] is becoming very important.
So, we anticipate a very good success as well as of the Patch Management solution..
And guys, a follow up on that. I mean it seems like a very, like obvious place for you to go into.
And so, I guess why now, given that, this would be product that's --?.
Very good question. If you look today -- very good question. If you look today, at the story of Patch Management, just BigFix. BigFix was the first solution that really was providing a natural price wide Patch Management solution multi-platform issue wafer. And then, IBM both times, the problem with BigFix is that its center enterprise software.
So, it's pretty heavy, it costs a lot. So, we took a cloud approach to Patch Management. Again, everything centrally managed, self-updating. It took us, we have been working at that now for about essentially four years. And so, it doesn't happen in one day. And we took a lot of the technology and partnership with (inaudible).
So, taking some of the -- because there's a lot of complexity and to deliver that as a cloud solution like doing Vulnerability Management solution, which is very unique to what Qualys did from the cloud, very few companies have done that.
In fact, we're the only one who really does that well and at scale, because we needed to have our scanners, then you put your scanners inside, you need to remotely manage. It's a lot of complexity to make it that easy and that's the same thing with Patch Management. It took us about four years to get that product out..
Great. Thank you so much..
Thank you. And I am showing no further questions at this time. I'd like to turn the call back over to Natasha Asar for closing remarks..
Thanks, Heather. And thank you all for attending our fourth quarter and full year 2018 earnings call. We are holding an event for analysts and investors during the RSA Conference. On Wednesday, March 6th from 11:00 AM to 1:00 PM. And registration will be on our site soon.
We also look forward to seeing many of you later this month at the JMP Securities Technology Conference and the Morgan Stanley TMT Conference in San Francisco. Thank you..
Ladies and gentlemen, thank you for participating in today's conference. This does conclude the program and you all may disconnect. Everyone have a wonderful day..