Greetings, and welcome to Tenable Q1 2024 Earnings Conference Call. [Operator Instructions] As a reminder, this conference is being recorded..
It is now my pleasure to introduce your host, Ms. Erin Karney, Vice President, Investor Relations..
Thank you, Ms. Karney. You may begin. .
Thank you, operator, and thank you all for joining us on today's conference call to discuss Tenable's first quarter 2024 financial results..
With me on the call today are Amit Yoran, our Chief Executive Officer; Steve Vintz, our Chief Financial Officer; and Jason Merrick, Senior Vice President, Products..
Prior to this call, we issued a press release announcing our financial results for the quarter. You can find the press release on our IR website at tenable.com..
We will make forward-looking statements during the course of this call, including statements relating to our guidance and expectations for the second quarter and full year 2024, growth and drivers in our business, changes in the threat landscape and the security industry and our competitive position in the market; growth in our customer demand for and adoption of our solutions; including Tenable One, planned innovation and new products and services, the potential benefits and financial impact of our recent acquisition of Ermetic, our expectations regarding the cost savings associated with optimizing our go-to-market efforts and our expectations regarding long-term profitability and free cash flow.
These forward-looking statements involve risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. You should not rely on forward-looking statements as a prediction of future events.
Forward-looking statements represent our beliefs and assumptions only as of today, and should not be considered representative of our views as of any subsequent date, and we disclaim any obligation to update any forward-looking statements or outlook.
For a further discussion of the material risks and other important factors that could affect our actual results, please refer to those contained in our most recent annual report on Form 10-K and subsequent reports that we file with the SEC.
In addition, all of the financial results we will discuss today are non-GAAP financial measures with the exception of revenue. These non-GAAP financial measures are in addition to and not a substitute for or superior to measures of financial performance prepared in accordance with GAAP.
There are a number of limitations related to the use of these non-GAAP financial measures versus their closest GAAP equivalent. Our press release includes GAAP to non-GAAP reconciliations for these measures..
I will now turn the call over to Amit. .
Thank you, Erin. We're very pleased with our results in the quarter. CCB, revenue, operating income and cash flow, all came in better than expected. Our leadership and exposure management resulted in strong momentum in Tenable One. In short, we're off to a good start for the year. There are 2 clear takeaways this quarter.
First, exposure management, the category we pioneered over 5 years ago, is increasingly recognized as a crucial practice for security teams. Tenable is uniquely positioned to identify and mitigate risks across the attack surface, including cloud, identities, operational technology, applications and IT assets.
And second, that the convergence of these categories onto a single platform is the most efficient way to truly understand and reduce risk, and we believe we are the only security vendor in the market providing these capabilities with Tenable One..
Let me go deeper on the first point. Exposure management is gaining widespread attention and validation from security practitioners, industry analysts and vendors. In fact, Gartner predicts that by 2026, organizations prioritizing their security investments based on an exposure management program will suffer 2/3 fewer breaches.
We believe there is no company better positioned than Tenable to seize this opportunity, thanks to our early focus and ongoing commitment to delivering innovative exposure management solutions. And our focus is paying off with these solutions now representing approximately half of our total new sales in the quarter, inclusive of Tenable One.
This momentum is a result of customers realizing that managing risks and solid programs is failing them. Security products for identifying and closing exposures of different types are still very disjointed, forcing security teams to work in isolation just like their tools.
This approach to security makes it extremely difficult to defend against advanced threats or more sophisticated campaigns to leverage multiple attack methods and complex tool sets.
For example, an attacker may gain access from an end point vulnerability, move laterally to an over-provision identity for privileged access and from there exploit misconfigured service running in the cloud. Point solutions simply are not able to identify and remediate these risks across domains.
A unified approach that consolidates visibility from assets, identities and risk configurations, spanning across domains, from on-prem to the cloud to critical infrastructure creates leverage and insights previously [indiscernible]. This is exactly what Tenable One is designed to deliver.
A great example of Tenable One's impact involves a multibillion-dollar automotive parts company that selected Tenable One in Q1. They're looking to gain a unified understanding of risk across their attack surface.
Recognizing the limitations of separate solutions, they replaced a key incumbent in vulnerability management with Tenable, while also adopting Tenable OT and cloud security to extend their visibility and remediation capabilities.
Notably, the customer opted for our cloud security solution because it outperformed several well-known pure-play CNAPP competitors and uncovering exposures in the cloud and the fact that it integrates with the rest of their stack using Tenable One..
We repeatedly encounter scenarios that underscore this new way of thinking. Conversations with customers and prospects often lead them to realize the dangerous limitations of using separate products to manage risk, like using a specific control system security product that has no connection to the rest of their environment.
Customers are coming to grips with the fundamental truth. You cannot fully understand the risk of an interconnected environment when your risk management practice is compartmentalized. These scenarios are the reasons why solutions like our OT and our CNAPP capabilities are gaining traction with our customers.
Given the scope of our coverage, Tenable stands out in our capacity to identify and prioritize risk. We leverage the data lake built around exposure information that encompasses hundreds of billions of aspects of threat, vulnerability, entitlement and configuration data.
This robust foundation underpins all of our products from CNAPP to vulnerability management to identity to OT. Each product is strengthened by the deep insights gleaned from our entire portfolio..
Last quarter, we continued to innovate aggressively in exposure management along many fronts, including the integration of more generative AI capabilities into Tenable One. These new advancements bring to life interactive attack path visualizations and offer an AI assistant that answers queries and delivers specific mitigation advice.
This tool is our customers' real-time access to the latest exposure data tailored to their specific environment. In addition, it provides customized guidance for fixing these issues.
In an era marked by huge cybersecurity talent shortages, our generative AI-driven enhancements help streamline workflows, enhance security insights and boost productivity, and once again, position Tenable at the forefront of exposure to management innovation.
We have demonstrated an ability to differentiate our core products as well as with our broader exposure management platform.
Whether it's in identity, OT, cloud security or our unified platform, we are delivering solutions that enable our customers to better understand and remediate risk, and we are doing it in a way that has delivered impressive margin expansion..
Finally, on a personal note, thanks to everyone for the well wishes regarding my recent diagnosis. My treatment is going well, but my voice has been temporarily impacted. As a result, I will not be able to fully participate in the Q&A session today, and I apologize in advance for subjecting you to even more time with Steve.
But I do look forward to speaking with you in the upcoming investor events in the near future..
I'll now turn the call over to Steve for further commentary on our financial results and outlook. .
Thanks, Amit. I'm glad to see that you have not lost your sense of humor..
Now on to our results for the quarter, which reflect better-than-expected top line growth and operating income. Calculated current billings defined as revenue recognized in the quarter plus change in current deferred revenue grew 12% year-over-year to $197.8 million.
CCB exceeded expectations for the quarter, and accordingly, we are increasing our annual CCB outlook today. As Amit commented earlier, Tenable One was a major highlight in the quarter and grew to 26% of total new enterprise sales, up from 22% last quarter.
Exposure solutions, which includes Tenable One and stand-alone cloud security, identity security and operational technology security represented approximately 50% of our total new enterprise sales in the quarter.
We believe this reflects the growing demand for our exposure management solutions and the actionable insights it delivers to CISOs and their security teams..
Turning to other highlights. Sales to new customers were exceptionally strong for us. During the quarter, we added 410 new enterprise platform customers, including a healthy number of 6-figure LANs. The strength in new logos resulted in nearly 30% year-over-year ACV growth from our newly acquired customers.
To put matters in perspective, this was one of our best quarters for year-over-year ACV growth to new customers since 2022. This dynamic impacted our net dollar expansion rate, which was 109% this quarter compared to 111% last quarter, which we believe is a result of the natural variance in the mix of pipeline opportunities between new and expansion.
The takeaway here is that we saw strength in new logo sales and large LANs, and we believe, it's enabling us to win share in the exposure management market. Pipeline generation was also strong for us and is very encouraging..
Our net new 6-figure customers decreased by 4% in the quarter. This is a result of a higher-than-usual number of customers who dropped below the $100,000 threshold in Q1 of 2023, which impacts this metric now because these customers dropped out of the LTM count this quarter.
This was concentrated primarily in the financial services and tech and telecom verticals that were impacted by the regional banking crisis in March of last year. This dynamic more than offset the strong number of new 6-figure logo LANs in the quarter.
I would note that we always have some number of customers who dip below the $100,000 threshold in any given quarter. Q1 of '23 was an outlier last year. And consequently, we do not expect this to be a headwind to the net new 6-figure customer calculation for the remainder of this year..
Now on to the P&L for the quarter. Revenue was $216 million, which represents 14% year-over-year growth. Revenue in the quarter exceeded the midpoint of our guided range by $3 million. Our percentage of recurring revenue remains high at 96% this quarter..
I will now turn to expenses. I'll start with gross margin, which was 81% this quarter and last quarter and higher than our expectations. Gross margin benefited this quarter from the successful integration of [indiscernible] public cloud infrastructure and the overall efficiency with which we have been able to scale our exposure management platform..
Sales and marketing expense was $84.5 million, which was down from $88.5 million last quarter. Sales and marketing expense as a percentage of revenue was 39% compared to 41% last quarter.
Sales and marketing expense was lower sequentially primarily due to reduced headcount from our cost optimization efforts, seasonally lower program spend and commission expense and was partially offset by the cost associated with our annual sales kickoff conference in February.
Overall, we are pleased with the improved efficiency in our go-to-market efforts this quarter and expect sales and marketing spend as a percentage of revenue to trend lower over the remainder of the year..
R&D expense was $32.6 million, which was up from $27.8 million last quarter. R&D expense as a percentage of revenue was 15% this quarter compared to 13% last quarter.
R&D expense increased sequentially primarily due to increased personnel costs and other costs, largely in cloud analytics and VM as well as the foreign R&D tax credits that we received last quarter..
G&A expense was $20.6 million, which was up from $19.5 million last quarter, primarily due to higher payroll taxes, which reset at the beginning of the year. G&A expense as a percentage of revenue was 10% this quarter compared to 9% last quarter.
Income from operations was $37 million, which was significantly better than expected and exceeded the midpoint of our guided range by $9 million..
Operating margin for the quarter was 17%, which was 400 basis points better than the midpoint of our guidance. The outperformance in earnings this quarter reflects the timing of certain expenses and our ability to deliver profitable growth and drive leverage in the business while continuing to invest in our largest market opportunities.
The sizable beat in op income resulted in significant EPS upside. EPS for the quarter was $0.25, which is $0.08 better than the midpoint of our guided range..
Now let's turn to the balance sheet. We finished the quarter with $510.8 million in cash and short-term investments. Accounts receivable was $156.8 million and total deferred revenue was $722.7 million. Current deferred revenue was $562.6 million, which gives us a lot of visibility into expected revenue over the next 12 months.
We generated $54.7 million of unlevered free cash flow during the quarter, which is up from $43.3 million last quarter. With high recurring revenue, gross margins and renewal rates, we feel confident that we can continue to expand our operating and free cash flow margins over the ensuing years.
Our higher margin profile has also caught the attention of the rating agencies as Moody's recently upgraded our issuer credit rating to Ba3 as well as S&P's upgrade to BB minus in late November..
During the quarter, we repurchased 526,000 shares of our common stock for an aggregate purchase price of $25 million. That leaves $60.1 million of remaining authorization under our share repurchase program.
We continue to take a programmatic approach to partially offsetting our share creep, and we'll continue to evaluate the size of the program going forward based on evaluation of our common stock as well as other factors..
With the results of the quarter behind us, I'd like to discuss our outlook for Q2 and the remainder of the year. For the second quarter, we currently expect revenue to be in the range of $217 million to $219 million. Non-GAAP income from operations to be in the range of $34 million to $36 million.
Non-GAAP net income to be in the range of $28 million to $30 million, assuming interest expense of $8.2 million, interest income of $5.9 million and a provision for income taxes of $3.1 million. Non-GAAP diluted earnings per share to be in the range of $0.22 to $0.24, assuming 124.5 million fully diluted weighted average shares outstanding.
And for the full year, we currently expect calculated current billings to be in the range of $986 million and $994 million, revenue to be in the range of $900 million to $908 million. Non-GAAP income from operations to be in the range of $158 million to $163 million.
Non-GAAP net income to be in the range of $135 million to $140 million, assuming interest expense of $32.8 million, interest income of $24.2 million and a provision for income taxes of $12.3 million.
Non-GAAP diluted earnings per share to be in the range of $1.08 to $1.12, assuming 125 million fully diluted weighted average shares outstanding and unlevered free cash flow to be in the range of $220 million to $230 million..
I would like to provide some commentary regarding our increased outlook today. Our CCB guide represents a range of 13% to 14% growth for the full year and reflects a $2 million beat in our expectations in Q1 and a $1 million raise at the midpoint. Similarly, revenue reflects a $3 million beat and a $1 million raise at the midpoint of the range.
Consistent with the directional comments I provided on our last call, we expect CCB growth to accelerate modestly in the second half of the year as we continue to build pipeline opportunities in the first half of the year in connection with our more expansive CNAPP offering and some of the newly acquired capabilities from Ermetic..
Our guidance today also reflects a full year operating margin of 18% at the midpoint, which is a 50 basis point improvement over our prior guidance and is a terrific start to the year for us.
We continue to expect to follow the similar seasonal spending patterns as prior years with incremental investment more weighted in the first half of the year, resulting in higher operating margins in the second half. I also want to provide an update on the restructuring costs that we discussed in February.
We incurred $1.4 million of restructuring costs in Q1 associated with onetime severance benefits related to the reduction in force that took place in January, which was better than the $2 million to $3 million range that we previously provided.
Further, we are still in negotiations to sublease a portion of our real estate, which is expected to result in a noncash impairment charge of $6 million to $7 million in Q2. Please note that restructuring expenses are excluded from our non-GAAP results..
And finally, as a reminder, our next update to unlevered free cash flow will be on our Q2 call. .
Thanks, Steve. In summary, Q1 was marked by a healthy balance of growth and margin expansion. We are excited about where we are as a company and the opportunity in front of us. We hope to see you at the Morgan Stanley conference in the coming weeks..
We now like to open the call up for questions for Steve. Also Jason Merrick, our Senior Vice President, Products, is here today to participate in the Q&A session. .
[Operator Instructions] The first question comes from the line of Joel Fishbein with Truist Securities. .
And congrats on the good quarter. I'd like to ask about Ermetic. I know that Amit talked about a win there in the automotive space that included cloud security. I'd just love to understand the competitive dynamics around that space. And I just have a quick follow-up for Steve. .
Please go ahead. Ms. Karney, can you please go ahead and speak? Your line has been unmuted. All right. Just give me a moment. Ladies and gentlemen, the speaker line has been disconnected. Please be on hold, while we quickly get them reconnected. .
Ladies and gentlemen, the speaker line has been reconnected. Please go ahead. .
Congrats on the good quarter. Jason, I had one for you and a quick follow-up for Steve. Amit mentioned on the call, the Ermetic win with the automotive company. And that's obviously great. I'm curious about the competitive dynamics around Ermetic. Obviously, the space is fairly crowded.
And what differentiates that offering that you have in the marketplace and talk about maybe the competitive dynamics of why you won, that would be helpful. .
Joel, thank you very much for the question. So we could not be more excited with the competitive capabilities across the Tenable portfolio and even more so with our cloud security solution that Ermetic brings.
With their more expansive CNAPP capabilities, it gives our customers the ability to leverage the entire platform, but we also have the flexibility for customers to choose specific components within our cloud security offering. So customers can choose infrastructure's code, CSPM, CWPP. .
But we also believe that we've got the industry-leading Cloud Infrastructure and Entitlement Management capabilities, the acronym is called CIEM. This gives organizations the ability to have visibility into the entitlements of the workloads that are working in the cloud. And this is a differentiator for us in the market.
Even customers that have made a cloud security solution today with other competitors are choosing to add our CIEM capability in. Now the other major competitive dynamic is Tenable One and being able to bring the cloud security data into Tenable One. .
The next question comes from the line of Brian Essex with JPMorgan. .
I was wondering maybe either Jason or Steve, could you talk about the spending environment in macro? I know last year, Q1 was a bit unusual.
What are you seeing so far, you're a bit early in the earnings season, so it would be great to get your insight around how you see the spending environment unfolding so far this year? Are enterprises willing to spend, maybe compare that to the environment last year? And where you're seeing any strength or weakness, whether that's selling enterprise side, recovery in the small bank credit union side after the disruption last year.
Maybe give us a sense of that and how the pipeline is looking as we head into Q2. .
Sure. This is Steve. I'll say first, I think we're executing very well, certainly, within the confines of the current market. Overall security spend remains healthy and a top priority.
And as mentioned earlier, exposure management category that we pioneered continues to gain widespread adoption and validation, not only from security practitioners but also partners and industry analysts. Gartner, as you heard earlier, is now talking about cyber exposure as a critical means to reducing breaches.
We're seeing large enterprise organizations create [indiscernible] management departments. We're seeing our partners, too, starting to go exposure management practices and exposure management engineers folks. .
Clearly, there's a lot of momentum in the space and specifically with our platform. So one of the major areas of strength for us, what with Tenable One, our unified platform and exposure management offering, it represented 26% of our total new sales this quarter, it's up from 22% last quarter.
We also saw strength in our core VM business, where we continue to enjoy high win rates. And out of the gate here, we're very pleased with the demand that we're generating, specifically cloud. Top of the funnel there remains very strong. We're seeing some terrific engagement on both the customer and the partner front.
So overall, we're seeing good spending across the board, good start to the year, and we think we're providing a good outlook as a result. .
Next question comes from the line of Saket Kalia with Barclays. .
Steve, maybe just to start with you. Just on that last point, great to see just that growing mix of Tenable One as a percentage of new sales.
Do you have any data or just even anecdotes on what exposure management modules outside of core VM customers are most gravitating towards? Because you get a nice uplift there on Tenable One versus sort of kind of buying a la carte.
What are the modules that are sort of driving that most often?.
Yes. Well, a good example of that is our largest win within the quarter, a 7-figure win with a European manufacturer. We specifically -- Tenable One, we won the cloud security mandate. So that was the tip of the spear for us.
And then along with that purchase, we displaced an incumbent VM vendor, and we also sold all OT security, which we now have more recently integrated into Tenable One.
So Tenable One is a means for customers to now understand the risk posture across the attack surface, but also is allowing us to consolidate many categories of security, not only VM, but also cloud and OT, as I just mentioned. .
Web App was also one of those modules that continues to get good traction for us. And I would say not only in terms of the breadth that we offer in Tenable One of the areas of the attack surface that we secure, but it's also the insights and the analytics.
It's connecting all of the balls and all the threats with the identities and the entitlements and those who can make lateral movement. So we could not be more pleased with the momentum we're getting in Tenable One. And again, there's just a lot of traction with exposure management, as I mentioned earlier.
And certainly, it's resonating well not only with customers but also partners. .
That's great. And maybe for my follow-up, and it's maybe something for both you and Jason, and maybe it's also related to that answer that you gave. But one thing that sort of stood out to me was just the better new logo ACV in the quarter. I think that's one that you typically called out, Steve.
Maybe some of the things that you just talked about, but what do you feel like is driving that success, particularly with new logos? And as I just think about some reasons, maybe it's a better VM market. Maybe that sort of momentum and exposure, maybe it's market share gains.
Any thoughts on sort of what's driving that -- it's good performance all around, but particularly with new logos. Any thoughts there would be helpful. .
Yes, that's a great question. And I think it's -- the market is starting to dictate this. I can tell you that at Tenable, we're having more conversations with CISOs that are looking for more than a single solution vendor. And with Tenable, we have the portfolio of products to help an organization be able to deal with the ever-growing attack surface.
And maybe this is an area that I can explain a little bit more about Tenable One, and what it does for our customers. It starts with we build an inventory for a customer. We bring in assets from the cloud, from OT. We bring in identities, human and nonhuman. We can even bring in third-party data assets.
So being able to bring in all of this information, so an organization has the ability to understand what assets they're responsible for. The second piece is we then analyze that inventory. We look for findings. We look for risk. We look for toxic combinations, and we contextualize and normalize this information.
And then the third step is we help with prioritization. .
We give business contacts from a business organization what the associated risk is, and why it's important. But just as importantly, we also give the technical prioritization details, what assets need to be remediated. This helps with clients. This helps with regulation and drives remediation.
And then lastly, and really truly the power of Tenable One is we bring all these things together is the analytics, the ability to optimize, the ability to share this information with executive management, with boards and with peer groups to be able to drive actionability. And if you think about it, it's circular.
So that continually the inventory constantly changes, and the power of Tenable One is we build that inventory. We analyze the inventory for risk and toxic combinations. We help with the prioritization, and we help with the optimization. .
Next question comes from the line of Hamza Fodderwala with Morgan Stanley. .
Steve, a lot of macro uncertainty out there.
I'm wondering, just on the spending environment again, how would you characterize the environment relative to when you last gave guidance 90 days ago? And could you give any commentary on early pipeline trends for Q2 as it relates to your guidance for Q2 and for the full year?.
Well, specifically with regard to Q2, pipeline remains healthy, and this is the first time we're setting expectations for the quarter and providing an outlook and the outlook we're providing, we think, is strong, not only for Q2, but also for the year. And as a reminder, in Q1, we beat CCB, we beat revenue.
We're flowing through the beat for both CCP and revenue. We're also raising in both of those areas. So the outlook for Q2, we believe, is absolutely strong. The outlook for the year is more improved than 90 days ago. .
And I would say certainly some areas of strength, as we talked about earlier with regard to Tenable One and even in our core VM business where there's lots of opportunity for us, and we are continuing to remain strong there. Some of the areas that have been more fluid for us over the past year were strong for us, specifically mid-market.
We're off to a good start. Pending environment was again healthy this quarter. The deal sizes continue to be favorable. We're making a lot of progress with cloud there, transacting large 6-figure deals. OT continues to resonate only in the enterprise market, but also in the mid-market. So certainly, mid-market was another area of strength.
And I would also say the Fed in Q1, defense and critical infrastructure was an interest run for us in the public sector. .
We also saw good traction in state and local and higher end. Pipeline and Fed remains exceptionally strong. And we did have the opportunity to see a little bit of upside in the quarter from U.S. Federal, but CR continuing resolution influencing cap some of the upside for us in the quarter.
That said, the selling environment, I would say, is stronger now than last year, and we had a great year last year's Fed. And we expect to have another strong year this year. Funds are starting to open and slow down the different agencies, activity around customers is as strong as we've ever seen in federal.
So we're certainly excited, and we think we're providing a bullish outlook on the year and certainly a good start to it with regard to our results for the quarter. .
Next question comes from the line of Andrew Nowinski with Wells Fargo. .
Great to hear that Amit's recovery is going well. I wanted to ask, Steve, maybe just a follow-up on the Fed side, as it relates to the Ivanti vulnerability that seems pretty widespread in the industry.
I guess was that one of the drivers of Fed demand? And how much of an impact did it have on the quarter or your pipeline going forward?.
Things like that, they kind of bubble up pretty fast, don't have a big impact in the current quarter. We can see some upside there. But as I commented earlier, what drove the results in Fed in Q1 was defense and critical infrastructure.
And I would say, Tenable One is certainly an area that continues to resonate well, certainly within at the federal level. But we're also seeing a ton of strength at state and local and higher [indiscernible] where OT also remains a tailwind for us. So overall spending environment is very strong for Fed.
I'm super excited about not only Q2, what's ahead for us there, but also headed into the strong Fed year-end in September quarter. .
Okay. And then it looks like the net retention rate dipped down to about 109% this quarter.
I guess when do you think that will bottom out? And how are you thinking about it going forward?.
Sure. Yes. Well, the net retention rates in the quarter, as I mentioned earlier in the call, was really a consequence of the mix of business, more skewed towards new versus expansion. By the way, that is a very good thing for us. And the one thing I will say is that, we provide a lot of color on our business with regards to the metrics that we provide.
We disclosed a number of new customers. We disclosed the number of large deals. And the rate of expansion with customers in the current quarter. It's important to note that we do not optimize our business around a single metric, and these metrics can fluctuate naturally from quarter-to-quarter. .
And I'll say that all of our KPIs are meant to be evaluated in aggregate. So you have to have a better appreciation of the factors that influence our results for the quarter. And with respect to the expansion rate, it is possible that we could see fluctuations going forward.
That said, we feel good about our outlook for the year, which reflects modestly higher growth in the second half of the year, consistent with our top track last quarter, and that would indeed be driven by an improvement in one or more of those metrics. .
Next question comes from the line of Brad Reback with Stifel. .
Steve, I know during the prepared remarks, you talked about an acceleration in CCP growth in the back half of the year, consistent with last quarter.
What are things that need to get better for that to happen?.
Sure. I would say a couple of things. First, again, this is very consistent with the top track that we offered up on our last call. [Indiscernible] we acquired Ermetic in October of last year. And our mandates were very clear.
Number one, integrate the current capabilities of [Indiscernible] with the Ermetic platform, which we have done and we'll certainly do. Number two, work to build pipeline opportunities.
So the guide that we gave last quarter, which was 12% to 14% growth, we said directionally expect slightly lower growth in the first half of the year, in particular to Q1. We're delighted to deliver outperformance relative to those expectations that we set in the first quarter today.
And then we also said honestly higher growth with regard to cloud security in the second half of the year, as we complete the product integration as we build pipeline opportunities, and we start to have -- work towards closing those opportunities over the course of the ensuing months. .
The other thing I'll tell you is certainly fact that's going to be a catalyst to growth. We could not be more bullish about Fed, the pipeline that we have, the mandates that we're getting and certainly the engagement with our customers. So nothing's really changed in our outlook for the year this quarter relative to last. .
Next question comes from the line of Jonathan Ho with William Blair. .
Just wanted to also echo my thoughts and prayers with Amit as he continues to improve as well.
Just wanted to get a sense from you in terms of the OT markets, you've mentioned this a number of times in the discussions, but what's maybe changed there? And what's -- where are we in terms of the adoption curve around these OT solutions?.
Yes, absolutely. Great question. So what you're seeing in the industry is quite interesting. With the role of the CISO, more CISOs are having to accept the risk to be able to take over the OT security requirements. So not only are we seeing this in manufacturing and industrial controls, but we're also setting them in building management systems.
The CISOs are now having to take on responsibility of this. .
Just recently, I was with a CISO in the financial services sector, who has just gotten a mandate from his board that he is now responsible for the building management system. So -- and we're seeing this trend across the board, where CISOs are now having to take on more and more responsibility.
So by being able to give the visibility not only from cloud, but being able to bring an identity and OT and bring that data together, we really do find that we have a unique opportunity, and we are seeing a significant number of opportunities in the OT space. .
Next question comes from the line of Mike Cikos with Needham & Company. .
I think the first one for Steve, I just want to make sure I better understand the guidance that we have here today.
So I know 2Q coming in slightly below on the top line versus where consensus was, but you guys are taking up full year above and beyond just this 1Q be, right? And I just wanted to get a better understanding that second half acceleration that we're looking for.
Is that really a function of what you're seeing in pipe related to Fed? Is it part of the outperformance for 1Q here? Any change in assumptions around mid-market? Can you better [indiscernible]?.
Sure. First, in terms of Q2, as I mentioned, this is the first time we're providing any commentary around the quarter. So the guide we think we're giving in Q2 is strong. It's reflective of the execution and the outperformance in Q1 as well as our revised outlook for the year.
And I would say there's -- in terms of the spending environment, I think there's a confluence of factors that are impacting that, number one, we're continuing to see strength in the mid-market.
Number two, we talked about public sector that will be a source of tailwind for us during the course of the year, specifically as we head into the Fed's fiscal year end in September. And certainly, cloud security, where we're building pipeline opportunities. .
So overall, if you look at the guide that we're giving 217 to 219 for revenue, the high end, it's in line with the consensus. We think we're set up well for success, not only in the current quarter, but also for the rest of the year. .
Got it. And if I could just shift over to Jason for a second, really on the product here.
We saw that Tenable One had released AI assisted and attack path analysis, and I know that, that is a part of your higher-tier SKU, if you will, it's Tenable One enterprise, right? So should we think about Tenable's strategy with the GenAI capabilities is really helping drive an up-tiering, if you will, towards those higher SKU packages?.
That was a great question. So I think, first, fundamentally, we have to -- as a Tenable, what we are doing within AI, it's important to understand that to be competitive in AI, organizations have to have proprietary information, information that they in the industry have that differentiates across the competitive landscape.
At Tenable, we're the market leader in vulnerability management. We've been doing this for over 20 years. So we have a ton of rich information, knowing more about threat [indiscernible] data and cyber than any other organization.
The second piece is we have the ability to leverage insights from our 40,000-plus customers and bringing that in as part of our model train and giving us the ability to then put this throughout the product. So the first place that we put it into was attack path analytics and providing the AI function there. .
And again, that is part of our top-tier Tenable One offering. So we've got organizations today, for instance, a large shipping manufacturer. The exposure management team is leveraging the attack path analytics enabled with AI to actually help drive prioritization and visualization of how the systems are actually connected.
And that's just one example, but we're seeing that across the board. Our plan is also to take the AI function and capability and embed it across the entire portfolio. So it's not just the top tier Tenable One analytic components, we're going to be bringing this into -- we're going to be bringing this into our identity exposure capability.
We're going to be bringing this into all of our service-delivered solutions. And we're super excited about that capability because it's going to help organizations with explainability, drive prioritization and drive analytics. .
Next question comes from the line of Patrick Colville with Scotiabank. .
Great to be a part of Tenable story. Steve, let me ask you a question. I want to ask about the competitive environment [indiscernible] vulnerability management. I mean you've got one competitor who over the last couple of quarters and this year is really stepping on the gas in terms of investment.
You've got another payer that's going through quite a deep restructuring.
I guess what are you seeing in terms of competitive dynamics in vulnerability management and how are these impacting Tenable [indiscernible]?.
Well, I would say the market and competitive dynamics there are very favorable for us in VM. VM was a source of upside for us in the quarter. Our close rates and our win rates remain very high. We believe differentiation is very apparent. Investing in this market is not a recent phenomenon for us.
It's something we've been doing over the course of the years. And we have been investing. We recognize the importance of the VM market. And we believe that success there translates to opportunity elsewhere. So we are, we believe, a clear and unequivocal leader. We have the largest customer base.
Now in terms of device coverage, most expansive in terms of device coverage, you can see that we're adding 400 new customers a quarter. And yes, a good number of those are coming from Tenable One.
But within Tenable One or having success selling VM there and addressing the VM use case, but a good number of those customers are also coming from our core VM offerings such as security center or I/O. .
So for us, VM is an incredibly important market. It's one we're going to continue to invest in. We are continuing to differentiate, and we're continuing to displace incumbent vendors. As we mentioned earlier, our largest opportunity.
Our largest deal in the quarter was a 7-figure opportunity, where we displaced the current VM incumbent, and there's many stories like that all within those 410 customers that we announced this quarter. So overall, we are incredibly bullish on VM going forward. And I also want to add that we are also investing in innovation in VM.
So we're not resting on our laurels. We're going to be adding new capabilities that are really, truly focused on the VM practitioner that is going to create a lot of excitement for our customers. .
Next question comes from the line of Gary Powell with BTIG. .
Yes, I was just hoping to dig in on some of the disclosures. The stats you gave on Tenable One at 26% and then broader exposure management solutions, that 50% of new sales was really helpful.
Is there anything you can do to give us like a sense as to what stand-alone cloud security contributed? Or was the bigger contribution of that incremental more like on the OT and like some of the other products in there?.
We do not disclose bookings or CCB by product. And what I will say is, look, Tenable One is nearly half of the, we said 26%. So nearly half of the 50% of our new sales is coming from exposure management solutions.
Exposure management solutions is either selling the platform stand-alone or selling individual products such as cloud security or OT, individually to address a specific use case. And so we're having success on the both.
What we did say though, with regard to cloud securities, expect greater contribution in the second half of the year related to the acquisition of Ermetic as we look to begin -- start building pipeline opportunities and closing deals in the second half of the year.
regarding our more expansive CNAPP offering..
So overall, I would say we're seeing good growth in cloud security specifically. Obviously, you continue to see good growth with Tenable One, and we expect both cloud security and Tenable One to be a tailwind for us during the course of the year. .
Next question comes from the line of Shaul Eyal, TD Cowen. .
Congrats on the results. Great to hear Amit is doing much better. My question also on new logos.
Leaving aside that sizable displacement that you had and you just announced and discussed, were mostly -- or the 410 logos, were they mostly displacement or were they mostly greenfield?.
That's a good question. What we said is on average or what we have said in this quarter was no different. It's about 1/3 of all of our new logos are greenfield opportunities. And these are customers, specifically, I'll say within VM customers that have had no enterprise-wide VM solution.
They could be using a systems integrator, they could be using an MSSP, an outsourcing VM. So there's for us, lots of untapped opportunity not only within VM, but certainly elsewhere as we look to invest in some of the biggest markets in all of cyber, such as cloud, identity and OT.
So about 1/3 of our opportunities are greenfield, which means consequently, some of these are displacements. And again, we continue to have a very high win rate. against incumbents. And there's no change in the competitive dynamics, certainly within VM. .
Next question comes from the line of Rudy Kessinger with D.A. Davidson. .
This is [indiscernible] on for Rudy. First of all, congrats on the numbers. I just have a quick question for you guys.
Could you quantify the Ermetic contribution to revenue and CCB in Q1? Or any other data points that we can use for the model?.
Well, Ermetic contributed minimally in Q1, and that's expected, right? We closed on Ermetic in Q4. We're hard at work integrating the product. We're in market selling the more expansive CNAPP offering, and we expect [indiscernible] second half of the year. And our outlook for Ermetic specifically, has not changed since our last call.
We said we expect 2 points of incremental CCB growth because of Ermetic, and that has not changed this quarter. .
Great. And -- what -- just a quick one.
What percent of your sales came from the overlay teams in the past years? If you could maybe give us some color there? And are you seeing any sales reps selling the entire portfolio successfully since the past [indiscernible] that you announced?.
Yes. Well, we're seeing most, if not all, of our sales rep selling combined offering. So we're leading with Tenable One. Number 1 is a use case that resonates with customers.
It obviously helps customers understand their risk more broadly across the attack surface and at least the higher selling prices for us and some of our highest close rates in the company are coming through Tenable One.
Also half of all of our new logo 6-figure LANs [Indiscernible], so we're getting great traction with Tenable One, transacting larger deals and having success selling into our customers.
In terms of the overlays, it's something that we talked about on the last call, which is Look, over the course of the years, we have broadened the product portfolio and evolved from having a singular focus on VM, which we continue to do very well, and we continue to be the market leader.
But also addressing adjacent markets such as Web App security, cloud security, OT, identity security, ASM, so we broadened the product portfolio, we have brought new products to market, and our reps have had success selling those.
Initially, when you do that, it requires the use of some specialist reps and overlay reps, but what we have recognized is that we have had success selling those products in our own right and those products become more mainstream as we've become less reliant on overlay reps, Again, specialists are going to be really important here, and we continue to have those.
But I think what you're seeing today in terms of the efficiency of our spend in sales and marketing really reflects the sales organization's ability to sell the broader exposure platform. .
Next question comes from the line of Shyam Patil with Susquehanna. .
This is Aaron on for Shyam. Jason, maybe this one is for you on the product side. You gave that helpful answer a few minutes ago on the generative AI offerings and road map.
Just as we think about the generative AI road map, what do you see as kind of the low-hanging fruit in terms of things you can add on in the near term versus what's more of a longer-term objective and opportunity?.
Yes, absolutely. Great question. So from a product perspective, I think there's a couple of pieces that we will go when we will leverage our AI capabilities. First and foremost is being able to pull together information and enrich it that helps a security practitioner understand the risk of an asset.
So this is a term that you're going to hear us use a lot more called toxic combination. The ability to pull together not just the asset information, but combine this and enrich it with identity data. So I can now pull together that I've got an individual with elevated credentials, that has access to this critical system and being able to expose that.
AI gives you the ability to pull together all of this information very quickly. .
And so there's an explainability component within this. So instead of a practitioner going through a kind of mining for all of this information because we collect a significant amount of data for our customers, providing that quickly is an easy, what I would call, low-hanging fruit. We're also going to be enabling an AI Chatbot capability.
So think of it as a Tenable expert at your fingertips.
So the ability to do generative AI questions where you can say, hey, what are my top threats? What is my CEO vulnerable to? And being able to get context of that information, I think that even from a business standpoint, AI can help organizations find blind spots, areas that they're not scanning, areas that they need of improvement. .
So I think that with our AI capabilities, well, while they're going to help with prioritization explainability, it can also drive business outcomes. You've got a grouping of cloud services that are not being scanned, or you've got a grouping of assets that just came up in a sub domain and our tax service management product brought that up.
So being able to highlight those business cases for organizations, I think, are super powerful. And again, I think that we've got a phenomenal opportunity with the Tenable data that is going to make our LLM powerful and really important across the product portfolio. .
The next question comes from the line of Patrick O'Neill with Wolf Research. .
This is Patrick on for Josh. Just was hoping to get a little more color on the 109% NRR.
Is there anything to call out on expansion generally being worse or gross retention being worse outside of the Finserv tech and telecom names that you called out?.
Hi, this is Steve. No, retention was really this quarter. This is the moderation, the expansion rate is really a function of the mix of business. And in Q1, it was skewed towards new. Specifically, we added 410 new Tenable enterprise platform customers, lots of new 6-figure logo LANs.
And within those cohort of new customers, we grew year-over-year ACV by 30% from newly acquired customers. So certainly a strong quarter for us for new business. That's a very good thing for us, and that had an impact on our expansion rate. .
And then one quick follow-up, if you don't mind.
How should we think about that number going forward and sort of what's baked into the guidance? I know you don't explicitly guide to that or measure the business to one metric, but sort of what's baked into the guidance around that full year NRR?.
Sure. So in terms of our outlook for the year, our outlook does reflect higher growth in the second half of the year for reasons that I just described. And that would mean that we would see improvement in at least one, if not more, of the 3 key KPIs that we provide. Again, we provide number of large customers.
We provide new enterprise platform customers. We also disclosed the expansion rate. And we would need to see at least one, specifically one, should I say, improvement in one of those metrics. It can come from any one of us. .
Thank you. This concludes today's teleconference. You may disconnect your lines at this time. Thank you for your participation..