Greetings and welcome to the Tenable's Fourth Quarter 2020 Earnings Conference Call. At this time, all participants are in a listen-only mode. A question-and-answer session will follow the formal presentation. [Operator Instructions] As a reminder, this conference is being recorded.
I would now like to turn the conference over to your host, Andrea DiMarco..
Thank you, operator, and thank you all for joining us on today's conference call to discuss Tenable's fourth quarter and full-year 2020 financial result. With me on the call today are Amit Yoran, Tenable's Chief Executive Officer and Steve Vintz, Chief Financial Officer.
Prior to this call, we issued a press release announcing our financial results for the quarter and full-year. You can find the press release on the IR website at tenable.com.
Before we begin, let me remind you that we will make forward-looking statements during the course of this call, including statements relating to Tenable's guidance and expectations for the first quarter and full-year 2021, growth and drivers in Tenable's business, changes in the threat landscape in security industry and our competitive position in the market, growth in our customer demand and adoption for our solutions, Tenable's expectations regarding long-term profitability, the impact of COVID-19 on our business and on the global economy, and planned innovation and new products and services.
These forward-looking statements involve risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. You should not rely upon forward-looking statements as a prediction of future events.
Forward-looking statements represent our management's belief and assumptions only as of today and should not be considered representative of our views as of any subsequent date. We disclaim any obligation to update any forward-looking statements or outlook.
For a further discussion of the material risks and other important factors that could affect our actual results, please refer to those contained in our most recent quarterly report on Form 10-Q and subsequent reports that we filed with the SEC, which are available on the SEC website at sec.gov.
In addition, during today's call, we will discuss non-GAAP financial measures. These non-GAAP financial measures are in addition to and not a substitute for or superior to measures of financial performance prepared in accordance with GAAP.
There's a number of limitations related to the use of these non-GAAP financial measures versus their closest GAAP equivalent. Our earnings release that we issued today includes GAAP to non-GAAP reconciliations for these measures and is also available on the Investor Relations section of our website. I'll now turn the call over to Amit..
Thank you, Andrea, and thank you all for joining us today. I'd like to start off by saying, I'm incredibly proud of how our employees continue to respond as we navigate today's dynamic environment. Today, I'll highlight our strong Q4 results, our cloud security advancements, and some exciting channel expansions.
But before I get into Q4, I'd like to comment on the current vulnerability management market and cyber security environment we find ourselves in. Through our dialog with customers and partners, we see the strategic importance of vulnerability management rising rapidly.
Enterprises continue to prioritize VM as the critical building block to understanding their cyber security risk. This is underpinning the strong adoption in demand we saw from our customers throughout the year.
We added one of our highest number of new platform customers over this quarter, 460, and one of our highest number of new six figure additions at 66. We also continue to see a healthy number of competitive displacements and continued optimism about the large greenfield opportunity in VM.
About a third of our larger new platform adds came to us from greenfield accounts where they had no in-house organic VM capability. The SolarWinds breach further highlights the importance of VM and visibility across the entire environment.
For many of our customers, Tenable's VM solution for the critical role in helping them to discover, understand and respond to emerging threats identified in the SolarWinds breach. Very quickly, they were able to identify exactly where they were running SolarWinds Orion Platform.
Within hours, our customers and our entire Tenable community could also identify where specific versions of SolarWinds were installed. In short, our customers could rapidly shift from the fear and doubt of high-profile headlines to clarity and confidence. Knowing the security of your systems and the stage of user account base are foundational.
At Tenable, we believe that a continuous and complete understanding of assets, exposures, and risk are critical to good decision making. Being prepared with accurate data and insights to help manage risk, helps our customers confidently respond in the time of crisis.
Our spaced approach prioritizes vulnerabilities so customers know where to focus first. While we play a critical role in reducing risk for a vast majority of breaches caused by known vulnerabilities, we also provide critical agility for new and emerging threats, including new Zero-days.
In both situations, our commitment to Best of Breed VM enables us to deliver value as a key differentiator and a key response mechanism for organizations.
Being able to answer the fundamental questions such as, how secure am I, how exposed am I, and what can I do to most efficiently reduce risk, has never been more critical to the executive leadership.
The right vulnerability management solution, strategically implemented, provides continuous understanding for enterprises to effectively measure and manage cyber risk and respond with confidence during times of crisis. In times of uncertainty, enterprises know that you rely on Tenable's focus and Best of Breed capabilities.
Now with all that said, we're very pleased with our results for the fourth quarter. Our revenue grew 22% year-over-year. In addition to strong topline growth, our profitability continues to expand as we saw improvements in the operating margin and generated attractive levels of free cash flow.
These results reflect favorable demand dynamics, the strength of our product portfolio and the compelling nature of our business model. With our enhanced product portfolio, we believe we're just getting started on the value that we can deliver to customers.
A great example of this is the new six figure cross sell win in OT with a global manufacturing company. Now this is an existing Tenable IO and web application security customer that was looking for a converged IT/OT system to reduce cost, improve visibility, and improve security.
By running Tenable.io along with the web app security product and now OT, this customer is able to reduce cyber risk and protect their brand with a unified understanding of risk. In the fourth quarter, we saw momentum starting to build in the platform adoption across product lines.
With increasing demand for multiple products, we're exploring other more natural cross sell motions to make it easier for our customers to benefit from the full suite of capabilities. We continue to see strong demand among hybrid and cloud first customers increasingly turning to us to help them secure their cloud environments.
An excellent example of this is another six-figure win, from a global pharmaceutical company that purchased our entire cloud-security suite, Tenable.io, web-application security, container security and Lumin. This existing Tenable.io customer completed an acquisition and needed visibility across the entire organization.
The customer was originally a competitive displacement over a year ago, and now with this new acquisition, became a competitive replacement for a second time. This is a tribute to our long-standing relationship with customers and the superior capabilities and customer experience that we can deliver.
In the end, our commitment to product innovation, focus on cloud and matured prioritization capabilities drove the wind. We also officially launched frictionless assessment globally for the Tenable.io in AWS marketplace in the fourth quarter.
Frictionless assessment continuously provides accurate visibility across all cloud-based assets via an easy to use, low risk approach that delivers quick time to value. While it's very early, we believe there is significant opportunity for the adoption of frictionless assessment.
Many of our customers want increased visibility into the state of their assets in the cloud due to the velocity of changes in these environments. We're seeing customers starting to use frictionless and already discussed an opportunities for significant growth.
These early indications are very positive and we view this as an exciting opportunity to expand asset coverage and continue to deliver more value to customers using Tenable to secure their cloud deployments.
In addition to our relentless focus on innovation and our commitment to our product portfolio, we continue to make significant investments in our go-to-market. While early in our development of the MSSP relationships, we've laid the groundwork in our MSSP program that we believe will continue to fuel growth for years to come.
We're already seeing early returns on these investments. Last year, we added over 150 new MSSP partnerships. We are MSSP partner account to over 350 globally. But more importantly, we're including many of the top global MSSPs in these numbers.
We're excited about the momentum in this particular program and the broader progress we're making with our channel partners. We believe our Best of Breed strategy in VM and strong presence and capabilities to secure cloud environments, coupled with our go-to-market investments will continue to fuel attractive growth and profitability.
Heading into 2021, we plan to continue to invest, particularly in R&D and quota bearing resources to drive innovation, increase our market leadership and position Tenable for continued growth. I'll now turn the call over to Steve..
Thanks, Amit. As Amit mentioned earlier, we are very pleased with our results for the fourth quarter, highlighted by attractive topline growth and impressive bottom line results.
I'll discuss our results for the quarter momentarily, but please note that first all financial results we will discuss today are non-GAAP financial measures with the exception of revenue. As Andrea mentioned at the start of this call, GAAP to non-GAAP reconciliations may be found in our earnings release issued earlier today and posted on our website.
Now onto our results, revenue for the quarter was $118.1 million, which represents 22% year-over-year growth. Revenue in the quarter exceeded the midpoint of our guided range by approximately $4 million. Our percentage of recurring revenue remained high at 94%, which is a result of our annual prepay subscription model.
Revenue for the full year was $440.2 million, which represents 24% growth year-over-year. Revenue in the quarter was aided by strong demand for both new and renewal business. In terms of new business, we had one of our best quarters ever, we added 460 new enterprise platform customers and 66 new -- net new six-figure customers in the quarter.
This brings the total number of customer spending in excess of $100,000 annually to $837,000. Our investments in product innovation and go-to-market reach has continuously helped us deliver a healthy number of greenfield opportunities and competitive takeaway throughout the year, despite the pandemic, and this quarter was no different.
So we are delighted with the velocity in which we are adding new customers in the quarter. We're also very pleased to see upside in our expansion business, as customers adopted new modules and expanded asset coverage at a higher rate than what we saw earlier in the year.
Of notice, cross-sell as Lumin, web application security and OT among others experienced significant growth in the quarter.
We attribute our success year to an increasingly complex threat environment that highlights the relevance of our cyber exposure offering, specifically a platform that delivers broad asset coverage, accurate results and predictive analytics to help our customers understand and address the most critical vulnerabilities within their compute environments.
This also benefited renewal business, which was strong in the quarter. This is reflected in our calculated current billings, CCB defined as the change in current deferred revenue, plus revenue recognized in the quarter grew 20% year-over-year to $150.5 million and overall, we are very pleased with our performance.
As a reminder, CCB is a close, but not perfect proxy of the underlying performance of the business and can be influenced by such factors as deal timing, early renewals and multi-year prepaid deals, which have been impacted in the current economic environment.
I'll now turn to expenses, which reflect considerable investment this year offset by operational efficiencies and to a lesser extent some pandemic related savings. I'll start with gross margin, which was 84% this quarter consistent with last quarter and up from 82% last year. Gross margin for the full year was 84%, which is consistent with 2019.
Our gross margin continues to be very healthy and reflects increased investment in our public cloud infrastructure, we continue to realize economies of scale, related to the growing demand for our cloud-based Tenable.io platform.
In short, investments in our public cloud platform have resulted in an increased spend on an absolute dollar basis, but with notably lower unit cost. Given the uptake for Lumin and other cloud-based offerings, we plan to make incremental investments that are expected to lower gross margins in 2021 by approximately 5,200 basis points.
Let's turn to operating expenses. Sales and marketing was $50.8 million compared to $57.7 million in the fourth quarter last year and $48.2 million last quarter. Sales and marketing expense as a percent of revenue was 43%, which was consistent with last quarter, and significantly improved from the 59% last year.
As we've discussed on prior calls, we're very pleased with the leverage we've demonstrated to date in sales and marketing, which we attribute to a maturing sales force, higher mix of channel and business from our two-tier distribution model and better overall efficiency related to sales overhead markets where we have critical mass.
Sales and marketing expense increased sequentially due to higher commission expense, when seasonally higher sales as well as incremental investment and expanding our go-to-market efforts such as areas including the channel, most notably ramping our MSSP business, which represents a compelling long-term opportunity for us.
Looking ahead in 2021, we're going to make continued investments to expand both the sales organization and our channel efforts, which we believe will position us well for continued growth and success. R&D for the quarter was $20.4 million, consistent with the same period last year and down slightly compared to $21.2 million last quarter.
As a percent of revenue, R&D expense was 17% compared to 21% in Q4 2019 and 19% last quarter. As a Best of Breed vendor, innovation remains a top priority for us, so additional investment to secure an increasingly complex attack surface via our cloud-based predictive analytics approach is anticipated in 2021 to extend our market leadership.
G&A expense was $12.5 million compared to $12.6 million in the fourth quarter last year, it was also consistent with last quarter.
As a percent of revenue, G&A expense was 11% this quarter flat with last quarter and down from 13% in Q4 of last year, which reflects our ability to more fully absorb public company costs and achieve greater efficiency and automation in many of our back-office functions.
Income from operations was $15.4 million in Q4 compared to a loss of $11.1 million in Q4 last year and an income of $12.4 million last quarter. For the full year non-GAAP income from operations was $25.8 million compared to a loss of $42.8 million in 2019, which was a $69 million improvement.
Operating margin was positive 13% for Q4 and there is a negative 11% for the fourth quarter last year and positive 11% last quarter. Operating margin was positive 6% for the full year, compared to negative 12% for the full year 2019.
All of this translated to significant EPS upside for the fourth quarter as our earnings per share was $0.13, which was $0.07 to $0.08 better than expected. Approximately half of the beat was due to better than expected topline results and half was attributed to better cost management.
For the full year, we generated $0.19 of earnings per share versus a loss of $0.42 last year. Now, let's turn to the balance sheet. We finished the year with $291.8 million in cash, cash equivalents, and short-term investments, an increase of approximately $80 million compared to December 31, 2019.
Total deferred revenue at December 31, 2020, was $434.5 million, an increase of $71 million from last year, giving us a lot of visibility into revenue headed into 2020. Turning to cash flow, we achieved $16.7 million of positive free cash flow in the quarter. This compares favorably to a free cash flow burn of $13.5 million in Q4 last year.
For the full year, we generated $44 million of free cash flow versus a burn of $31 million last year, which was a very notable $75 million improvement. With high recurring revenue, high gross margins and high renewal rates, we are confident in our ability to generate attractive long-term margins.
And despite the investment in the business and an anticipated return to a more normal travel-and-spend environment, we expect continued expansion in the free cash flow margin in 2021. With the results of the quarter behind us, I'd like to discuss our outlook for the first quarter and the full year 2021.
Our assumption is, the healthcare crisis will continue to create uncertainty and macro headwinds as many geographies are experiencing further restrictions and lockdowns.
Although, we have a very balanced and diversified customer base, approximately 10% of our business comes from industries that have been highly impacted by the pandemic, such as transportation, hospitality, and retail.
As a result, our guidance assumes the crisis will continue to abate over the summer with modestly improving demand in the second half of the year.
With this uncertainty in mind, we believe our business will remain resilient, giving us the confidence to provide an initial full-year outlook for calculated current billings today, which is something we have not provided since our call in February of last year.
Recent security events including SolarWinds breach have the potential to create a more favorable spending environment for us this year, but the overall impact, if any, and timing are uncertain.
With that as a backdrop for the first quarter 2021, we currently expect, revenue to be in the range of $118 million to $120 million, non-GAAP operating income to be in the range of $7 million to $9 million, non-GAAP net income to be in the range of $5 million to $7 million, assuming a provision for income taxes of $1.5 million, and non-GAAP diluted earnings per share to be in the range of $0.04 to $0.06 per share, assuming 115 million fully diluted weighted average shares outstanding.
And for the full year 2021, we currently expect calculated current billings to be in the range of $565 million to $575 million, revenue to be in the range of $510 million to $515 million, non-GAAP operating income to be in the range of $40 million to $45 million, bon-GAAP net income to be in the range of $30 million to $35 million, assuming a provision for income taxes of $6 million.
Non-GAAP diluted earnings per share to be in the range of $0.26 to $0.30 a share, assuming a 116 million fully diluted weighted average shares outstanding.
In summary, we're very pleased with the results of the quarter, which gives us increasing confidence that we remain well-positioned to deliver compelling growth and profitability over the long-term. And now, I'll turn the call back to Amit, for some closing comments..
Thanks, Steve. As I stated earlier in the call, recent security events have raised the profile of vulnerability management. SolarWinds shows that we can't rely on strong perimeter defenses and has highlighted the need for assessing devices across the entire enterprise. Our message has been very consistent.
For Tenable, our core strength in VM has driven our success and aided in our natural expansion across the attack surface into improving the security posture of cloud and OT deployments. Our strengthening platform of capabilities positions us for long-term success as our customers shift to hybrid and cloud environments.
We hope to see many of you virtually at the Goldman Sachs, Morgan Stanley and Truist tech conferences in the coming weeks. We'd now like to open the call up for questions..
[Operator Instructions] And our first question comes from Brian Essex with Goldman Sachs. Brian, please state your question..
Great, thank you. Good afternoon, and thank you for taking the question. Guys, nice set of results. Amit, nice progress in the service provider market, and appreciate the color there.
Maybe could you provide a little bit of incremental color in terms of the types of customers that you're attracting in that market? The dynamics of those deals and how meaningful you expect that segment of business to be from a mix perspective?.
Yes, I'll provide maybe some color context. I think the service provider market is incredibly strategic. We see that market really going after a diverse set of customers.
So the natural one which comes to mind is certainly the mid-market where lot of organizations that don't have the in-house expertise, gravitate toward -- gravitate toward managed security providers.
And then, we've also seen a noteworthy number of large enterprise customers, which choose to use managed service providers, managed security providers as part of their ongoing security operations.
So, we really see it is a pretty important pre-strategic route to market for us along both tracks and we're early in those relationships but seeing some early results and really excited about the opportunity that both of them represent for us..
Got it, that's helpful. And maybe to follow-up, can you maybe talk about the OT market, the nice six-figure OT win.
Given the I guess growing concern of state-sponsored tax and how deep those might go from an operational perspective -- I mean, how are you gaining -- I guess how does traction in that market look and how meaningful do you think that might be over the next year or so?.
I think -- that is a market that we believe has very strong potential. There is no doubt that some of the most critical business operations occur in and on and rely on OT environments and then OT is an increasingly critical part of business efficiency and fueling economic growth.
So the awareness for OT security has grown rapidly in the last two to three years, and we've seen IT security programs and IT security leadership play an increasingly critical role in product selection and solution selection and providing security into corporate OT environments, which historically have been managed by different teams.
So we feel like we have a real position of strength in understanding risk across IT and OT and the convergence of security regimes across both of those platforms. In terms of the potential for that market, I think Steve can do some analysis on asset numbers and industries and the breadth of industries that rely on OT.
But I think -- it's -- there's a pretty substantial opportunity that we're going after there..
Got it, very helpful. Thank you very much..
And our next question comes from Joshua Tilton with Berenberg Capital..
Hey, guys. Thanks for taking my questions.
Can you hear me?.
We can..
Hi, Josh..
Yes..
Hey, guys. How are you? Just two quick ones from me. First, I believe last quarter you guys mentioned that the renewal rate was 110%. I was just curious if you guys could comment on what it was in this quarter? I think the commentary in your prepared remarks kind of suggested it was positive.
And then also, what is -- what numbers baked into the guidance that you gave for 2021?.
Hi Josh, this is Steve. Well, first, we did comment in the quarter that upsell was notably strong this quarter, really on the backs of higher asset coverage as well as higher cross-sells, one of the best quarters ever for us in terms of cross-sell.
So we're very pleased with the level of upsell this quarter, this is a positive development after several quarters of moderation earlier in the year.
We don't manage the business to a single metric, we know that in terms of opportunities, pipeline can vary between opportunities from new customers as well as upsell opportunities from existing customers. And the number that we disclose in the filing is on an LTM basis.
So the good news is, we saw notable uptick and upsell this year, well in the backs of high renewal rates, strong cross-sell and we think that bodes well heading into 2021. I think in terms of 2021, more broadly, we're assuming that the demand environment is largely the same and with no notable change is from what we saw this year.
The one thing that I will say is -- the takeaway here is -- look, we're very pleased with our results in the fourth quarter. We saw our performance in both the top line and the bottom line. CCB growth was 20%, revenue growth was 22%, better than expected both the top line and the bottom line.
Customer demand underpinning all this was strong as Amit mentioned earlier and to my comments earlier, we added 460 new enterprise platform customers and it's one of our best quarters ever. And in fact, it was our best quarter ever for landing new large deals.
That said, looking ahead in 2021, there's still a lot of uncertainty out there with the macro. As we head into the year many geos and countries are imposing further lockdowns and restrictions.
Our guidance assumes just more broadly, notwithstanding the rental rates and expansion rates that the crisis will continue but abate over time, sometime in the summer with modestly improving demand in the second half of the year. And overall, we're pleased with the results of the quarter and it gives us confidence as we head into 2021..
Yes, that was very helpful. And then I guess, kind of just to confirm a little bit on what you said for 2021, you're baking in no change to the demand environment. But you also mentioned that the recent attack kind of brings the importance of VM into light.
So should we view the billings guidance as conservative, so is not baking in any incremental demand from the recent attack, or is it just too early to see any meaningful change if any?.
It's more of the latter. Specifically, in relation to CCB, it's important to note that first, we haven't provided a full-year guide to CCB, in over a year since February of our last call. We feel like today's guidance is appropriate.
It certainly reflects the uncertainty of the macro, but the fact that we're providing this guide now is certainly a clear indication of our increasing confidence in the business.
Again, we're not -- we are factoring some of the uncertainty related to the macro, but we're also not considering any tailwinds from the recent SolarWinds breach, which are difficult to predict. We think it has the potential to lead to better spending environments in 2021, but we view the guidance today for CCB, really it's a good starting point.
The fundamentals of our business are very strong, and we look forward to updating you throughout the year..
All right. Thank you very much. Really appreciate the color..
And our next question is from Hamza Fodderwala with Morgan Stanley..
Hey, guys. Thank you for taking my question. Just a couple from me. The first is on the solar SolarWinds impact. You mentioning sort of the rising priority of VM.
Can you maybe talk a little bit about for -- to -- for a meet, to what degree -- is it may be starting to influence pipeline or perhaps getting brought up in customer conversations? And then I have a follow-up..
Yes. It's definitely become an important part of our customer conversations and I think we saw that almost immediately as the news began breaking where even going back with the FireEye breach and even before the SolarWinds.
As each data point comes out, I'm wondering with high profile breaches, first question corporate leadership are asking is, am I exposed, are we at risk, are we secure, what are we doing about it.
And so being able to -- for the IT security team to be able to -- in near real-time say with all of the attack tools which were part of the red team kit that was stolen from FireEye, we already checked for those, and here's where we stand from the exposures perspective.
Or when the SolarWinds twisted breach came up, being able to say here's exactly where we're running SolarWinds Orion and within that, here's the version of SolarWinds Orion, and be able to have that very immediate certainty to understand the level of exposure and/or where the exit response teams can start -- it can start swinging into action.
So it's an important part of risk management and being proactive -- and proactively improving your security. But in time of crisis having a mature VM program just provides the agility for incident responders to move with much greater certainty and much more rapidly. So it became an immediate part of the conversation right away.
And I think as Steve said, we're just early in this -- in the process into the cycles to be able to quantify and say, here's how we believe it will impact pipeline development and our expectations for '21. But customer engagement around it has been high..
Got it, got it. And then just a follow-up for Steve. So, you managed the business pretty well during the worst of the pandemic, right? Current billings has been accelerating 20% plus over the past couple of quarters. You mentioned, so a record number of net new enterprise customer ads, accelerated pace for share gains.
I'm wondering how you kind of -- how that kind of jives with the deceleration implied in the 2021 outlook? I respect that there's still some conservatism around the pandemic, but obviously that those headwinds have been around and if anything should keep -- based on your commentary be improving in the back half of this year.
So, maybe, is there anything else that you're kind of being a little more conservative on, whether it'd be sales productivity or anything else? That's it for me..
Yes. Thanks for your question. So by every measure possible, we had a strong print in the fourth quarter, we're delighted with our results as we talked about. But that said, we're not going to trek with the results for one quarter, for entire year for this year.
Keep in mind, we are a global business, we transact sales in over 160 countries, we have feet on the street in 30 countries. We try not to look at our business monolithically. And instead, different segments of countries in different sectors of the economy are different phases really of the pandemic.
Some countries are imposing further lockdown and restrictions. While it does create a little more uncertainty in some of those shields and while others are more steady state. And so for us, I think we take all that into consideration when we provide a guide.
The good news is we have a business model that's high recurring revenue, high gross margins, high renewal rates.
So it gives us a lot of visibility going into the year, but it is early in the year and there still is a lot of uncertainty and we're not factoring any V-shaped recovery or any changes here in broader market dynamics that would change the business short term.
And Amit talked about follow winds and its potential impact on the company, obviously, has the potential to create some tailwinds for us. But with regard to the fourth quarter, particular is something that played out, late in the quarter, lot of the opportunities in the pipeline were dialed in, deals were slated to close.
So we're actually having conversations with our customers and our partners to determine what the opportunity is, if any, and what the potential impact is here in terms of timing. So overall, all this is really factored into our calculus when we give the guidance, again reinstating CCB guidance, something that we haven't done in over a year.
We feel this is a good early guide for us and a good starting point and we'll -- and it certainly gives us -- the strength of the Q4 results gives us momentum on that headed into the year..
Thank you very much..
And our next question comes from Sterling Auty with J.P. Morgan..
Yes, thanks. Hi, guys. So coming into 2020 and the beginning of 2020, it was pretty clear that at least the commentary and the results, your margin performance was really good and you said you'd focus on that and we've seen really good margin results throughout 2020. But the growth rate has decelerated through the year.
And now -- am I reading it correct? It sounds like with the commentary around investment for both R&D, quota carrying, and sales and marketing, that perhaps now with the growth rate decelerating, that the focus is shifting back to invest to hopefully stabilize or maybe reaccelerate growth, but it's going to take a couple of quarters to -- for those investments to pay off? Is that the right read or am I missing here?.
Hi Sterling, this is Steve. Look I think that is a fair characterization and inference in our guide. We have a lot of confidence in the market. I think we have more conviction now than we did certainly a couple of quarters ago. We weren't sure what to expect headed into the pandemic.
I think CCB growth was -- like was by 20% plus in Q1 and then in Q2, I think it was like 13%. We talked about some timing differences of deals and how that played out and that it was over 20% in Q3, and then we're delighted to report 20% in the fourth quarter.
So we feel really good about the fundamentals of our business, we're adding customers at a very high rate, transacting larger deals. I think we'd be remiss if we didn't highlight the investment opportunities, and the opportunities for us really to generate long-term attractive top line growth.
So the investments in go-to-market, investments and product are all paramount, we certainly want to run for growth, we want to have the opportunity for growth despite the uncertainty with the macro, and we think the investments that we've talked about today and outlined today, give us the best chance for that.
At the same time, we have -- our guidance certainly implies expanding operating margins, we did -- had a lot of leverage in the business this year. If there's a market that has to spend as a percent of revenue came down from I think close to 60% from the full-year 2019 to something in the low 40% range in the fourth quarter of 2020.
And so there's a lot of leverage in the business. We talked about the improvement in free cash flow, we even talked on the call that despite these investments, we expect the free cash flow margins to improve this year. So we're trying to strike the right balance. We were certainly a big believer in the market.
We think these investments, give us the opportunity to lean in on growth, but at the same time be efficient and continue to drive leverage on the bottom line..
Okay. And then one follow-up. Amit, there's been news reports that maybe a couple of the cyber security vendors may have had either some sort of breach or exposure with all the happenings over the last month or so.
Is that actually opening up opportunity to gain market share or an increased opportunity for you guys or is that not part of the conversation you're seeing?.
I do know that customers and prospects as you say, in the market more broadly places greater emphasis on security and the vendor and supply chain versus management. Greater emphasis in value on that than they have in previous periods. I think, highlighted by SolarWinds and some of the high-profile security company breaches.
I don't know that I would translate it directly into saying there's an opportunity -- it represents a great opportunity for displacement for us, but certainly our stance in terms of Best of Breed provider and quality provider places a tailwind and obviously no security program is perfect, but we do invest in our security and have continued to do so..
Understood. Thank you..
And our next question comes from Andrew Nowinski with D.A. Davidson..
Great, thank you for taking the questions, and congrats on a nice quarter. I just want to go back to one of your comments about the greenfield opportunity. I'm trying to better understand really how nascent your market opportunity is.
And I know you said about third of those 460 new adds, or greenfield this quarter, which I think is similar to what you said last quarter.
But do you think that's reflective of the broader market opportunity, meaning one-third of the companies out there have nothing for VM and how do you think that will change at the end of calendar '21? Because I think many people believe that after the Equifax breach, most enterprises deployed some sort of VM solution, therefore the bear thesis suggest that most of your growth would have to come from vendor displacements.
Just wondering, how you're thinking about -- or how we should think about that nascent opportunity..
Yes. I guess I’d be careful making assumptions about rational behavior in the security community.
One would assume -- and coming into Tenable about four years ago, when I first started getting exposed to the data was shocked, when the team would come back and say, hey this quarter about a third, sometimes as high as 40% sometimes as low as 25%, but pretty consistently about a third of our new large enterprise transactions are coming to us from greenfield, meaning they're not using Tenable, they're not using any of our primary competitors, they're not even using Nessus, they have no organic VM program capability.
They're literally relying on an annual audit or assessments from a PW -- from Big4 or some other security consultancy as their enterprise understanding of cyber risk, which is -- which I thought was complete lunacy back then.
And as the market has continued to mature, that continues to be the case where we're seeing a lot of new adoption, about a third of the larger enterprise transactions coming to us from organizations that still entering 2021 or in the fourth quarter of 2020 have had no organic VM capability.
So that greenfield -- we do talk about competitive displacements and growth through increased asset coverage in our existing customer base, new asset types and the like, but there is a very healthy amount of greenfield that remains in this market and we tried to highlight that through calling out the amount of greenfield that we're landing, through calling out the number of new enterprise -- new customers landing onto our enterprise platforms every quarter, and try and be fairly transparent about it.
And this quarter 460 is I think one of our best quarters ever..
Okay, that's great, thank you so much for that. Just a quick clarification as well. Your sales and marketing expenses modestly increased quarter-over-quarter and year-over-year in Q4 here, and you demonstrated very good leverage -- operating leverage in calendar ' 20.
I'm just wondering how much the SolarWinds attack factored into your decision to increase investments for the coming year or if that's something you had you had planned regardless of the breach?.
I think that's just one of many factors that goes into us running the company. We look at broader market, competitive dynamics, and we also look at some of the secular trends in the market.
So I think our results, more broadly in the fourth quarter gave us confidence to invest in the regular trading new customers, certainly underscores that our ability to transact larger deals, so in the progress on competitive takeaways, our Best of Breed focus.
We have a lot of confidence in this market, gives us the confidence to invest more so certainly in 2021 than what we did in 2020. And we believe there's a compelling long-term opportunity here.
So, yes, I think it's a combination of a lot of things, not just any one thing specifically, but just really reflects the broader enthusiasm and confidence we have now in our ability to execute, but also in the backdrop of the broader market opportunity..
That's great. Keep up with the good work, guys. Thanks..
Thank you..
And our next question comes from Jonathan Ho with William Blair..
Hi, good afternoon. Just wanted to just start out -- I think you had some commentary around multi-product cross sell motions and maybe reducing some of the friction there.
Can you talk about maybe what you're doing with some of your programs and whether there's any significant opportunities that you see around further driving that cross-sell motion?.
Yes, Jonathan. Great, great question, an observation about some of the talk track earlier. We believe that there are tremendous opportunities for the creation -- for value creation for our customers in some of the products.
Specifically, as you look at container security, as you look at frictionless assessment, as you look at IO and some of the things that we're doing around cloud security, coming up with packaging that makes more sense or lowers the web application security, all aspects of cloud security making it easier for customers to embrace cloud security capabilities or the things that we would have traditionally looked at.
So, hey, we have to do a cross-sell here between this product and that product.
And now say, you know what, can we create a value for customers in how these products work together, we identify something can it automatically trigger a different method of assessment that makes more sense, can give more detailed answers for customers as well as the packaging that would go along with that, and ease the amount of work if you will, that's required to move customers between and across product lines.
So we're working on some of that with some of our early access customers and excited about the opportunity to do so..
Got it, got it. And just as a quick follow-up. Just given the change in administration and some early readings towards potentially interesting cyber security spend on the government side.
Can you talk about what you're seeing there in terms of government spending? And do you expect that to be, I guess an above-average growth vertical this year or given 2020 was the year of the vulnerability for U.S. Fed was it -- was some of that brought forward? I'm just trying to get a sense of what you're thinking..
Yes. Well, I think every year is the year of increased vulnerability, increased risk, increased exposure, and certainly it was true in the federal market in 2020.
There was a lot of confusion, if you will, in the final days of the last administration, you saw a lot of change over a lot of trashing of senior leadership positions, especially, not limited to, but especially, from our perspective in the cyber domain and the cyber ranks.
And so, there is the opportunity I think for the incoming administration to place the priority on cyber, bring in strong leadership and implement increased or enhancements to program and potentially even launch new programs and new initiatives to reduce federal cyber security risk.
And there certainly is the awareness in the administration and we know that there's already been a sort of $10 billion plus proposal put out there as well as cyber being an important part of the early administration dialog.
So, we're -- it's as we said, we're in the early periods here and we'll wait to see how this plays out but there certainly is the potential for good growth in the federal market as a result of that and we had an exceptionally strong position in the federal cyber security market. And 2020 would continue to be a strong year for us in that market..
Great, thank you..
And our next question comes from Rob Owens with Piper Sandler..
Yes, good afternoon, guys. Just one relatively quick one from me, I guess. Amit, could you talk a little bit about where customer conversations are around containers and container security and we've got the CSPM market, the cloud workload protection markets.
Are they looking for these technologies from a single vendor and with all the noise out there and obviously, it's a big land grab at this point, where are points of leverage in your mind in terms of who might win in these markets? Thanks..
Yes. And I don't think unless I'm mistaken, I would be shocked if there were any one particular winner in these markets.
It depends on who the buyer is, what the use case, what they're trying to achieve, and in many cases, enterprises are using cloud in very different ways, not only SaaS and cloud-based infrastructure, DevOps environments, web applications -- there is just a whole lot of -- there is no one cloud, there's a lot of different uses a lot of different ways customers engaging in their adoption of cloud.
From our perspective, we are not trying to go out and say, we're going to be a soup-to-nuts cloud security vendor provider, we're going to do every aspect of cloud security for you.
We're thinking there's going to be a very rich ecosystem of solutions out there, some coming from attack detection response company, some coming from infrastructure protection company, some coming from the cloud infrastructure vendors themselves, embedding capability into the cloud.
And so from our perspective, we are engaging with our current users in the current use case that we help them solve and address just expanding that into the cloud. And so that -- by that I mean, we're helping them really with this business of assessing the security of their cloud environment. We're not protecting cloud environments.
We're not doing all the attack detection and other aspects of, and tightening down of configurations and other things. It's really about how do I assess the security of my cloud workload and of the assets that are in that cloud.
And we have a number of ways to do that, whether it's through IO and with frictionless assessment through our cloud-native connectors, whether it's through the web application capability through the container inspection capability and a number of other techniques. So from our perspective, it's still this question, how at risk am I, how secure am I.
And really expanding that visibility that they rely on us for into these new cloud paradigms. And soon to be -- I think Q4 was a quarter where we saw increased adoption of those cloud security products and so we tried to call some of that out earlier in the -- on the call..
Great, thank you..
And our next question is from Daniel Ives with Wedbush Securities..
Yes, thanks. So just sort of follow-up to some other questions and to summarize.
So when you seem at the -- what we're seeing on the federal side with the $9 billion, $10 billion incremental, So where winds hack those tailwinds, could we say that that additional area in terms of cybersecurity spend, that you're not factoring in to your guidance? Just to be clear..
Yes, I think that's a fair characterization. We certainly know that there is a compelling opportunity in fed as Amit called out earlier. Obviously, the potential for a better a spending environment -- more broadly for SolarWinds. But the timing of that and the impact of that, if any, is really hard to assess at this point.
So yes, I think our guidance that -- certainly reflects some broader uncertainty and without those potential opportunities. Correct..
Okay. And then, just a follow-up to that. So just given this high, that's now there in terms on the cybersecurity side, we specifically on the federal then bell, once it gets approved, but then also post SolarWinds.
Are you doing anything differently, internally to block and tackling to make sure these opportunities, especially, where you guys sit within the bell-way that you could capture, or is it just the traditional sort of Tenable execution model? Thanks..
Well, it was -- we're very focused on the execution model, helping customers in time of crisis being there for them, interacting with them, giving them the insights that we have into the challenges that we're seeing.
Obviously, we help them in their environments, but what we're seeing more broadly across the community are important giving them the accuracy and the confidence so that when they are reporting issues or that there are no issues, that they're doing so from a position of strength.
So I think first and foremost that traditional execution aspect of our customer relationship remains the most important thing and then we do engage with policymakers and others trying to educate and inform them on, hey, what are the key issues, and what are the right approaches to dealing with these issues? And so we have spoken with folks regarding the SolarWinds breach and continued ways to help the government assess the state of cybersecurity and some of the challenges in front of it.
So, I'd say it's a sort of a two-pronged approach. First and foremost execution, but certainly also that more strategic dialog with key government leaders and policymakers..
Thanks for the insight..
And our next question is from Gray Powell with BTIG. Mr.
Powell, are you there?.
Hi, can you guys hear me okay?.
Yes..
We can now, Gray. Thanks..
Sure, can..
Okay, great. Great, it really helps when I turn the mute button off, but thanks for taking the question. I really appreciate it. Yes, I just had another question on the SolarWinds breach. I know you've answered a bunch on it already, but just one more follow-up if I could.
So do you see customers -- I guess how do you see it playing out over the next 6 to 12 months? Do you see customers looking to increase asset coverage? Does it speed up evaluations of things like Lumin? Or is it more of a lever to drive new customer wins? Yes, just any thoughts on that dynamic would be really helpful..
Yes.
I'd say first of all, I'm extremely proud of how our team responded during the question in terms of getting information out to customers on a near real-time basis and understanding of the breach and understanding how to use the technologies to assess, where they may have potential exposures and chase those to ground, which are again all critical when the security program is trying to respond to corporate leadership that has a visibility into a breach like this.
So I think that is foundational, and from there, the natural questions are, okay, where do we have visibility, where do we have coverage, where don't we have coverage.
And making sure that organizations have whether it's through increased asset coverage, coverage across the enterprise, coverage into unidentified assets as well as doing some of the prioritization activities, so that high-risk, vulnerabilities risks, which are more likely to be vulnerabilities which are more likely to be exploited or being exploited out in the wild.
Good organizations can get on top of those and be a little bit more proactive with their security. So I think the short answer is, this could be a catalyst for increased levels of risk -- sub-security risk management, and we think we're the primary platform to help enterprises do that. And so, it could translate into increased business.
But it's hard, we're still in the early period, so it's harder to look at that and then translate into, this is what it's going to be and so what it's -- what the impact is going to look like as we enter the year..
Understood. Okay, thank -- thank you very much..
And this concludes today's question-and-answer session ladies and gentlemen. I'd like to turn the call back over to management for closing remarks..
Great. I'd like to just thank everybody for joining the call and the insightful questions and look forward to seeing you at the investor conferences that we noted earlier, and thanks for your time..
Thank you all. This concludes today's conference, you may disconnect your lines at this time. Thank you for your participation, and have a great evening..