This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
CyberArk Software Ltd.
5/2/2024
during this time, simply press star followed by the number one on your telephone keypad. If you would like to withdraw your question, press star one again. Thank you. I would now like to turn the call over to Erica Smith, Senior Vice President of Finance and Investor Relations. Please go ahead.
Thank you, Kat. Good morning. Thank you for joining us today to review CyberArk's strong first quarter 2024 financial results. With me on the call today are Matt Cohen, our Chief Executive Officer, and Josh Siegel, our Chief Financial Officer. After prepared remarks, we will open up the call to a question and answer session. Before we begin, let me remind you that certain statements made on the call today may be considered forward-looking statements, which reflect management's best judgment based on currently available information. I refer specifically to the discussion of our expectations and beliefs regarding our projected results of operations for the second quarter, full year 2024, and beyond. Our actual results might differ materially from those projected in these forward-looking statements. I direct your attention to the risk factors contained in the company's annual report on Form 20F filed with the U.S. Securities and Exchange Commission and those referenced in today's press release that are posted to CyberArk's website. We expressly disclaim any application or undertaking to release publicly any statements or revisions to any forward-looking statements made today. Additionally, non-GAAP financial measures will be discussed on today's call. Reconciliations to the most directly comparable GAAP financial measures are also available in today's press release, as well as in an updated investor presentation that outlines the financial discussion in today's call. A webcast of today's call is also available on our website in the investor relations section. With that, I'd like to turn the call over to our CEO, Matt Cohen. Matt?
Thanks, Erica. And thanks, everyone, for joining the call today. I want to start by acknowledging CyberArk's 25th anniversary, which we celebrated just a few weeks ago. Udi Makati, CyberArk's founder and executive chair, is a visionary who, along with the founding team, identified a market need and set out to secure the most valuable information within the world's most complex global organizations. Along the way, CyberArk pioneered the privilege access management market, a segment of identity that has become a critical security layer and consistently moved up the CISO's priority list. Since its founding, SideWork has grown and evolved in many ways. Our success was driven by an unwavering commitment to our mission of securing the world against cyber threats, so together we can move fearlessly forward. To execute our mission, we consistently delivered a cutting-edge innovation and transformative value to all our customers. Perhaps most importantly, in a world of constantly escalating threats, we have been relentlessly focused on a security-first mindset in every decision we make since day one of our founding. As a result of our strong execution and the trust that our security-first mindset has created with customers and partners, 25 years later, we are broadly recognized as the leader in identity security. Today, our unique value proposition to secure all identities with the right level of privilege controls on our identity security platform is resonating with customers. I am confident that we are only scratching the surface of this large and rapidly growing market opportunity. Our strong first quarter results demonstrate that we built on the momentum we experienced throughout 2023. The durability of demand for our solutions and our execution is highlighted by Subscription ARR of $621 million, growing 54% year-over-year. Total ARR of $811 million, growing 34% year-over-year. And Q1 results significantly exceeded guidance across revenue, operating income, and EPS. Total revenue growth accelerated to 37%, reaching approximately $222 million. Non-GAAP operating income came in at $33 million, a big improvement from a loss of $12.6 million in the first quarter of 2023, highlighting the operating leverage in our business model. Non-GAAP earnings per share was $0.75, up significantly from a loss of $0.17 in the year-ago period. We are thrilled to report $67 million in free cash flow for the quarter, significantly up from $4 million in Q1 of last year and a proof point of our commitment to profitable growth. The strength of our results and business momentum gives us the confidence to raise our guidance for the full year 2024 on all metrics, which Josh will talk about later. Our ongoing success is fueled by a number of secular tailwinds, including the pace of attacker innovation, digital transformation, ongoing migration to the cloud, and exponential increases in human and machine identities. Identity is the common denominator in every major cybersecurity breach. Our research has shown that over 90% of organizations have suffered from an identity-related cyber attack, a significant increase from about 60% in the prior year. Last quarter we discussed the extensive security challenges faced by CIOs and CISOs in safeguarding the entire spectrum of identities across IT, developers, workforce, and machines. In today's severe threat landscape, customers recognize that merely managing identities without privileged security controls is a risk they cannot afford. The security risks are further exasperated by the rise of AI, proliferation of machine identities, and increased elevation of access for human identities. As a result, organizations need to undergo a paradigm shift in identity security. They can no longer rely on yesterday's solutions and approaches to address today's problems. We at CyberArk are helping customers secure all identities, human and machine, as they access all environments, including hybrid and multi-cloud environments. Our differentiation comes from our deep domain expertise in privilege access, and we tailor privilege controls for each identity group to mitigate risk effectively. We discover, secure, and manage across the entire lifecycle of each identity group. We are the vendor best positioned to apply comprehensive, intelligent privilege controls across standing access, just-in-time access, and a zero standing privilege approach, all from a unified identity security platform. Our land and expand motion and the subscription flywheel continues to gain momentum. It all begins with new logos, and we signed nearly 200 customers in the first quarter. While the majority of customers land with PAM, approximately half of these new logos bought two or more solutions, with many choosing to secure multiple identity groups from day one. This speaks volumes about the power of our platform and the importance of identity security. A few exciting new logo examples from the quarter included a deal that perfectly showcases our platform selling motion and new routes to market, which was a financial services company that landed with PAM, EPM for workstations and servers, Conjure Cloud, and Identity Flows in a large seven-figure ACP deal that closed to the Azure marketplace. The PAM market has evolved well beyond securing only high-risk IT personnel. Today, modern PAM programs protect a much broader group of privileged users, including developers, shadow IT, and database and cloud administrators. As an example, we have great customers in the government and healthcare verticals. And this quarter, we are excited about our new relationship with NHS Resolution, a body of the UK Department of Health and Social Care. They kicked off their relationship with CyberArk with privileged cloud and secure cloud access and are planning to grow their footprint in the future. Each workforce identity is more powerful today than ever. and traditional MFA and SSO solutions are easily circumvented. We reimagined workforce identity by wrapping MFA and SSO with more controls to our secure web sessions, workforce password manager, EPM, and our new secure browser. This quarter, a large logistics company picked CyberArk for PAM and workforce identity after a head-to-head competition with a leading IDAS vendor. Our best-in-class security and breadth of our platform were the deciding factors in winning this amazing new logo. Our customer base is also an important growth factor for CyberArk, and our platform selling motion is accelerating expansion deals. Overall, we had a strong quarter of expansion within our base across all our solutions with particular strength in our secrets management business. The world of securing machine identities is changing rapidly. Organizations are grappling with a larger variety and an ever-growing number of machines, from applications to bots to workloads to IoT devices. Each one of these machines needs to be secured and managed across the lifecycle of multiple identity components, from secrets to digital keys to certificates. The proliferation of AI is further accelerating the growth and complexity of machine identities. This is becoming a top security challenge. Traditionally, managing machines often sits outside the security team's remit of control. However, this practice exponentially increases risk and is unsustainable in today's threat landscape. Customers increasingly realize they need to scale their machine identity security programs beyond local vaults, loosely enforced policies, and open source tools. They need an enterprise-ready machine identity security approach that can scale and is tied into their human identity security program through a single platform. One great win that exhibited all I am describing was with a CyberArk customer who has been with us since 2018. We expanded our long-standing relationship with the Department for Works and Pensions in the UK with an expanded program while kicking off a robust secrets management program. With CyberArk as a key strategic partner, they are focused on aligning their identity security roadmap for human and machine identities, supporting the UK government's focus on a stronger cybersecurity posture. We talked earlier about how we are protecting the workforce using a reimagined approach that goes beyond SSO and MFA, and for this approach, It needs to extend also to the endpoint, the most common entry point for attackers. By removing local administration rights and enforcing least privilege and detecting identity-based threats targeting the workstations and servers, organizations can reduce the endpoint attack surface. This strategy also protects organizations from attackers who turn off EDR agents and proceed quietly without being detected. which is one of the main reasons a multinational food company in LATAM signed a high six-figure ACV EPM deal in the first quarter. This customer is looking to deploy CyberArk everywhere as part of its broader identity strategy. During the past few years, EPM experienced strong growth and recently surpassed $100 million in ARR. This achievement is a testament to the solution's ability to extend identity security and zero trust to workstations and servers. We are excited about the potential for further growth in our EPM business, both with new and existing customers. We also talked, though, about the exploding population of developers and the need to start securing them as privileged identities without interfering with their speed of innovation. Our secure cloud access solution, or SCA, provides best-in-class privilege controls to hybrid and multi-cloud environments. It applies the principle of least privilege access by granting just enough permissions with zero standing privileges while still allowing developers, data scientists, and cloud engineers to work natively and efficiently without having to change their preferred workflows. We are incredibly excited about this solution, and in the first quarter, we continue to see excellent traction with the offering. In a deal with a major retailer, the customer broadly deployed CyberArk SaaS solutions in a continued move to the cloud, but they cited secure cloud access as the most important differentiator and signed a high six-figure ACV deal that also included privileged cloud, secrets, and workforce identity. Q1 was an exciting quarter for our focus on innovation and new releases. Last year, we discussed our plans to expand our routes to market and increase our market reach through MSPs. According to Gartner, 40% of security customers are expected to consume solutions through a managed service by 2026. To accelerate this channel, we recently launched the CyberArk MSP Console. By providing MSPs with a single command center, this console is a key step in helping our MSP partners build managed services that secure their customers' human and non-human identities. We are also very excited about the general availability of CyberArk Secure Browser, the industry's first identity-centric secure browser. It is purpose-built for a cloud-first world and protects our customers against emerging threats while enabling productivity and ease of use across all CyberArk solutions. Secure Browser is designed to help protect customers from fast-growing attack methods like cookie harvesting and browser-based attacks, both at and beyond login. It is natively integrated with our workforce solutions, providing a seamless unified user experience, and serves also as a direct access portal to our entire platform. We believe Secure Browser will not only enhance security for our customers, but also drive adoption of our solutions. Lastly, CyberArk has recently received FedRAMP high authorization for two of its SaaS solutions, Endpoint Privilege Manager and Workforce Identity. Our investment in FedRAMP High highlights CyberArk's commitment to help the public sector implement strategies that adhere to zero trust principles and move to a more secure and efficient future. As excited as I am to talk about all these great developments, I'm even more excited by what we have in store for our customers and all of you at impact in Nashville in just a few weeks. We have a tremendous lineup of truly innovative developments to talk about, so please tune in, and we look forward to seeing many of you there. Josh will go deeper into the P&L in just a moment, but I wanted to emphasize that although most of my comments this morning focused on the potential for tremendous growth, we remain equally committed to delivering profitability and cash flow. This was evident in our Q1 results, and we remain well on track to deliver on the long-term targets we introduced last year. In summary, our momentum from 2023 continued in the first quarter, and we kicked off the year with a strong first quarter. I will leave you with four main takeaways. First, demand for our solutions remains strong, and identity security is at the top of CISO's priority list. Second, our unified identity security platform is meeting a clear customer requirement to apply the right level of privilege controls to every identity, human and machine. Third, our security first approach is a clear differentiator for cyber arc in the market, helping us win deals. And fourth, we have a long runway for growth and are making disciplined investments to capture a bigger share of the large and growing market opportunity. Josh, I'll turn the call over to you.
Thanks, Matt. Q1, another strong quarter for CyberArk. We exceeded expectations across all of our guided metrics. We reported strong ARR and revenue growth, drove significant operating margin expansion, and generated healthy free cash flow. Our strong results highlight the durability of demand for our solutions, the ongoing adoption of our broader identity security platform, and the power of our business model as we scale. Moving into the results, total revenue growth accelerated to 37% year-on-year, reaching $221.6 million and significantly exceeding the top end of our guidance. Demonstrating the continued momentum in our business, ARR reached $811 million. That's growing 34% year-on-year. We added $37 million in net new ARR, and that's compared to the $34 million in the first quarter of last year. Subscription ARR grew 54% and reached $621 million and is now 77% of total annual recurring revenue. Maintenance ARR was $190 million, and like-for-like conversion activity still represents about a single digit of our year-on-year growth. Our strategy of upselling and cross-selling new solutions has been a significant factor in our strong growth. This is demonstrated by the fact that at the end of the first quarter, the cohort of customers with an ARR of more than $100,000 grew to over 1,780 customers and for the cohort of more than $500,000 ARR, they grew to over 300 customers. Now, moving into the details of the revenue lines, for the first quarter, recurring revenue reached $205.8 million, growing 41% year-on-year and accounted for 93% of total revenue. That's compared to 90% in the first quarter last year. Subscription revenue was $156.2 million, growing 69% year-on-year and representing 71% of total revenue. While the primary driver of our outperformance was bookings, we did experience an increase in average contract duration on our self-hosted subscription deals relative to our guidance. Maintenance and services revenue was $62.4 million. Of that, recurring maintenance revenue was $49.6 million. Our maintenance renewal rates remain strong and in line with historic levels. Professional services revenue was $12.8 million. From a geographic perspective, all regions showed healthy growth. America's revenue was $124.5 million, growing 27% year-on-year. EMEA revenue was $74 million, up 59% year-on-year, partly benefiting from our bookings and the longer duration that I spoke about earlier. APJ revenue was $23 million, growing 37% year-on-year. Moving to the P&L, all line items will be discussed on a non-GAAP basis. Please see the full GAAP to non-GAAP reconciliation in the tables of our press release. First quarter gross profit was $185.7 million, or 83.8% gross margin, compared to 81.3% in the first quarter last year. The expansion of our gross margin, primarily driven by revenue outperformance. In the first quarter, our operating income was $33 million. The operating income outperformance was driven by three main factors, the revenue outperformance, the timing of certain marketing-related expenses that we now expect to incur in the second quarter, and three, we did experience a slower hiring pace, particularly in R&D. Net income came in at $35 million or 75 cents per diluted share, also significantly outperforming our guidance. We end in March with 3,070 employees worldwide, including approximately 1,300 in sales and marketing. We continue to see healthy growth in our quota-carrying sales reps, particularly our fully ramped ones. We were thrilled to deliver strong cash flow of free cash flow, $66.8 million in the quarter. While we do not guide to cash flow quarterly, I would remind investors that cash flow is seasonally stronger for us in the first quarter than And particularly this year, the strong cash flow is partly a function of strong bookings and renewals in the fourth quarter of 2023. For the remainder of the year, we expect cash flow to follow typical seasonal patterns. That's lower in the second and third quarters and an uptick from the third quarter to the fourth quarter. Turning now to our guidance. For the second quarter of 2024, we expect total revenue of $215 to $221 million and which represents 24% year-on-year growth at the midpoint. We do expect SAS to make up a bigger portion of our overall subscription mix in the second quarter, impacting recognized revenue in period. We expect non-GAAP operating income in the range of $12 million to $17 million for the second quarter. As a reminder, we will hold our impact customer events in a couple of weeks, and our impact world tour will also begin in June, increasing our planned marketing expenses for the quarter. We are also seeing a stronger hiring pace, which is reflected in our guidance. We expect our non-GAAP EPS to be in the range of 34 to 44 cents per diluted share. Our guidance also assumes 48.1 million weighted average diluted shares and about $10.2 million in taxes. For the full year 2024, we are increasing guidance across all our metrics. We now expect total revenue in the range of $928 to $938 million, representing 24% year-on-year growth at the midpoint. And as we look at our pipeline for the remainder of the year, SAS continues to lead the way. Reflecting our continued commitment to driving operating leverage, we are increasing our full-year operating income to a range of $90.5 million to $99.5 million. We expect our non-GAAP EPS to be between $1.88 to $2.07 per diluted share. We expect about 48.1 million weighted average diluted shares and about $51 million in taxes for the full year of 2024. We are also raising our annual recurring revenue now to be in the range of $975 million and $990 million at December 31, or about 27% year-on-year growth at the midpoint. We are significantly also increasing our free cash flow guidance for the full year 2024 to now being in the range of $115 million to $125 million. To sum up, we are thrilled to kick off 2024 with another strong quarter of results. Demand for our solution is robust. Our platform delivers tremendous value, and identity security remains a business imperative. We believe we are well positioned to execute on our targets. I will now turn the call over to the operator for Q&A. Operator?
Thank you. We will now begin the question and answer session. If you have dialed in and would like to ask a question, please press star 1 on your telephone keypad to raise your hand and join the queue. If you would like to withdraw your question, simply press star 1 again. If you are called upon to ask a question and are listening via loudspeaker on your device, please pick up your handset and ensure that your phone is not in mute when asking your question. Again, press star one to join the queue. And your first question comes from the line of Saket Kalia with Barclays. Your line is open.
OK, great. Hey, good morning, guys. Thanks for taking my questions here, and congrats on 25 years.
Thanks, Saket. Really appreciate it.
Sure. Matt, maybe just to start with you. particularly in the wake of some M&A out there, right, particularly IBM and Hashi. I was wondering if you could just talk a little bit about the backdrop here competitively. And since there were so many multi-product kind of examples on the call, maybe you could touch on that in terms of PAM and also broader identity. I know you spend a lot of time with customers, so just kind of curious what you're seeing competitively.
Yeah, it's a great question, Saket. And I think what we see is this continued evolution in the competitive environment where our platform begins to put us, you know, kind of heads and shoulders above everybody else that's out there. We are consistently able to tell the story of the spectrum of identity groups and our ability to bring more than one identity, more than just IT, onto our platform. That begins to differentiate us from the traditional PAM competitors that are out there that aren't really able to deliver on that message. So that starts to differentiate us in the PAM space and allows us to be able to continue to take share. Then when you start to look at our broader identity story, it brings us into spaces like we talk about access. And you hear me emphasize that a lot, which is in the world of commoditized MFA SSO, there isn't that much difference between vendors that are out there. But the ability to be able to wrap privilege controls on top of an MFA SSO solution, ours or somebody else's, allows us to be able to start talking about how do we bring workforce identities back into our overall identity security platform. And we see that strongly in some of the examples that I shared. The final piece, which you kind of hit on, we were putting together our talk track for this earnings on our secret story well before the Hashi acquisition by the IBM acquisition of Hashi. We had a really strong secrets quarter and we've been talking about the momentum building, not only in the products that we've had out for a while, but especially in our Conjure Cloud and Secrets Hub and SaaS first solutions. And it really is this pivot where security is getting involved and wants to have an enterprise scalable approach to how you secure machine identities. And what we've seen in the prior quarters and especially in this quarter is that those deals are starting to pick up and actually also increase in size as customers want to put in place the enterprise backbone. So back to the point of hand, we've been feeling good about our competitive posture against Hashi as it's become more of an enterprise scale sale and a security sale. The disruption of IBM buying them, you know, how IBM is viewed in the market, I think it will just lean in to our ability to be able to capture that market around secrets and machine identity security.
Got it. That makes a ton of sense. Josh, if I can ask one follow-up for you. You know, I think the part of, I mean, great to see all the guidance metrics go up, but the one that really stood out to me was the increase in the free cash flow guide. you know, as I think back historically, I think we've talked about sort of a bigger subscription renewal pipeline that maybe would renew it at higher incremental margins. Is that sort of the biggest driver for raising at this point of the year, or is it something else? And maybe on that point, where are sort of we in that renewal flywheel for subscription? Sorry, a lot there, but does that make sense?
Yes, Zach, and thanks for asking. I mean, you know, first of all, you know, obviously we we had a great first quarter on cash flow. It was based off of coming off of a really strong year, and particularly Q4, and a strong Q4, not just in new business, but as you started to point out, it also included a really nice renewal base from Q4, which is kind of what you started alluding to, which is kind of the beginning of the first glimpse of the power of this model after the transition, and now really starting to see kind of the last piece of the flywheel come into effect, which is around cash flow. And, of course, we're able to boost from the first quarter by having excellent collections as well, and early Q1 bookings, which also supports the cash, and still continuing to control our expenses, which you know we like to do. So, overall, it reports a stellar growth cash flow execution for the first quarter. And that really gives us the confidence as one, kind of the first part that I mentioned, that actually the renewal and the recurring revenue does create that flywheel for billings and collections, assuming that we continue to collect at the well-executed rate that we are, that we expect to do. And then, of course, our overall bullishness in the business for the rest of the year as we also raise all of our metrics, not just the cash flow. And so I think it's a complete story around cash flow.
Your next question comes from the line of Greg Muscovitz with Mizuho.
Okay, thank you very much for taking the questions and a nice job on the Q1. Matt, I'd like to ask about EPM because it's an important solution and yet penetration rates remain, you know, very low across the industry and quite honestly, even within your own install base. And I think much of this might be due to a lack of awareness of EPM in some cases. In other cases, just a belief that, you know, having an EDR solution might be enough. But is there anything that Fibra can do that you think can perhaps, you know, further accelerate the adoption curve going forward?
Yeah, Greg, so you know how we feel about EPM, and I think you've heard us talk about the idea that it is the core security control that really can protect the endpoint against breach. And our feeling is even stronger in this threat landscape, in this threat environment, that you need an EPM agent installed at the endpoint. You need it on your servers. You need it to protect your EDR investment. And ultimately you need it to secure the endpoint. Now, I think what we have really come to the conclusion on is you're right. It's a little bit of education still required in the market. to explain that EPM isn't just about removing local admin rights. It's about implementing a least privilege workflow. It's about application control. And it's really about protecting ransomware. And so I think what we're trying to understand and do as a company is start to embed the EPM value prop into each one of those human identity groups that I've been describing. Build it deeper and tighter into the workflow of, SSO and MFA. Again, ours or anybody else's. Make sure that developers' workstations start with an EPM control installed. And then obviously in our bread and butter within securing IT, make sure that everyone understands that EDR is really not enough. Where you saw initial real success in EPM was in highly attacked and highly regulated industries. And those big enterprises have been buying EPM for years And I think we need to take it beyond those industries and make sure that everybody can understand the value prop that I just described. So final point here is we're continuing to invest not only in the integration and the solutions, but frankly also in the go-to-market talent to be able to complement our sellers out there to tell the story a little bit richer and deeper as I started to describe on the call.
Your next question comes from the line of Brian Essex with JP Morgan.
Yeah, thank you. Good morning. Thank you for taking the question. I want to follow up on a question from Greg on EPM. I think, obviously, 100 million ARR is a great milestone, and it's a substantial adjacent pan for you guys. But I guess any plans to... maybe evaluate, go to market, and do you see any impact on customer adoption for next-gen EDR or to customers? And this is layer on top of, you know, legacy or best-of-breed EDR solutions. And, you know, we'd love to understand maybe the profile as you see customers adopt EPM. What does the profile of the customer tend to look like? Maybe the size of the customer, geo – you know, sophistication, are they more identity focused, or do you see that endpoint demand also driving demand for EPM?
Thanks, Brian. So I think first and foremost, as I was hitting on with Greg, I think we believe that it's a necessary component to actually double down in our marketing organization and in our go-to-market organizations. to increase our ability to be able to tell the story in the market, especially outside of the larger enterprises, which is an answer to one of your questions, which adopted the fastest. You know, I think people with organizations with a security-first mindset that understood the threat landscape, they got started on EPM a little bit earlier. And they understood from day one that an EDR tool doesn't do the same thing. And in fact, they're very complementary. I think as we've started to expand further and penetrate as we built that $100 million business, we started to see industries like healthcare and manufacturing start to take off because those, again, are areas that are constantly under attack. You can almost map to the threat environment and the ransomware threat particularly, and those industries and those verticals are really the ones that have really started to accelerate and help us with building the momentum around the product. I think when we talk about the opportunity ahead, it's really about one, making it more seamlessly integrated into our overall portfolio, and then enabling and investing in the overlay and marketing capacity to make the story clearer. And then finally, it is about this idea of How do we make sure that we take the lessons learned from the big industries and bring it down market to other customers to help them understand why this is the – which, B, I'm not using A, the security control that they should get started with. You know it's an interesting thing in some of them less mature markets let's let's flip over to places like the state and local governments, we see PM as being the landing spot it's actually areas where they get started. Because they understand they can put in place a core security control very fast it's a SAS based product easy to adopt and they can lock down a privilege pathway at the endpoint so I think again we're. We're learning the approach. We're driving significant upside in the business through EPM, and I expect that business to continue to build and grow for us in the quarters ahead.
Your next question comes from the line of Rob Owens with Piper Sadler. Your line is open.
Great. Thank you guys for taking my question. I want to ask on... net new subscription ARR, which was flat from a year-over-year perspective. And I wanted to ask a question, I guess, from the perspective of just security spending and environment overall. And within that, if you could parse maybe what you're seeing geographically or enterprise versus SMP, that'd be helpful. Thanks, guys.
Thanks, Rob. So overall, we had a strong quarter, our ability to be able to continue to drive momentum in the market. You know, you've heard me talk for quarters about the difference in conversation with the CISO, with the CIO, with the C-suite, and elevating the conversation up to this identity security story and really talking about how do we help them with their overall security posture and help enable them as they talk to their boards, to their auditors, And at the top of the list is identity security. So we continue to see that building. We continue to see that strong. And Q1 was just a continuation of what we've been able to see over the last couple quarters. As it relates to the Q1 performance itself, we were very happy with where we ended up and the overall performance. There was one element that actually occurred in the quarter where we had about 2 million or so of renewals that basically wasn't able to come in due to the holidays and other stuff and has closed since. And that would have made the net new AR look a little bit better. It then has demonstrated in our ability to be able to raise full year at a high level. So overall, I would tell you that Q1 was a strong quarter for us, and there's been no change in the environment that we've seen out there.
Great. Thank you.
Your next question comes from the line of Fatima Boulani with CD Group.
Good morning. Thank you for taking my questions. Matt, in your prepared remarks, you shared a lot of anecdotes about customers who are increasingly landing with a higher incidence of products across the portfolio. So when I internalize this as manifesting in maybe increased wallet share, Can you talk to us a little bit about the expansion rates and the dollar-based retention rates that you're realizing in the portfolio? And, you know, specifically in contrast to maybe some of the newer logo activity that relative to more recent quarters was a little bit slower. So just that compare and contrast between the momentum and the size and scope of the momentum within the install base versus the new logo activity in the quarter. Thank you.
Yeah, absolutely. So first and foremost, I mean, we have a great set of customers. You know, we have more than 8,000, 8,800 worldwide. These customers trust us from a security perspective. And so our ability to go back into that base to upsell them more PAM seats and then expand them into EPM, into workforce, into secrets, into our secure cloud access, it's an incredibly strong position that we find ourselves in. And our sales team does an excellent job of really monetizing that base and expanding our footprint. And so I think you heard that in our talk track as we talk about that healthy expansion ability that we have. And I think it comes back to an earlier question, which is, our clear differentiation is this spectrum of identities and customers are buying into the idea that it's not enough to just secure the most privileged IT users with PAM. They need to apply privilege controls across the entire spectrum of identities. So I think on the existing business and our ability to upsell and expand, it just continues to be strong. It's been strong, and we're excited to see where we take that for quarters to come. From a new business perspective, we look at it and kind of say, anytime we can get 200 new logos in the door in a non-Q4 quarter, we're pretty happy with that. That allows us to be able to start the process of turning them into these longer-term customers to expand across the multiple identity groups. And so we look at Q1, and we've always said that in this macro and this environment, new logo deals take a little bit longer. They take a little bit more work. We've gotten better and better at doing that. And we're really happy with our ability to be able to land those logos. And frankly, we're really happy about the pipeline on those new logos, the ones we just landed, and when they are anticipated to come back for an expansion deal, because then the flywheel is really kicking in, and it brings us back to the beginning of my answer.
Your next question comes from the line of Joseph Gallo with Jefferies. Your line is open. Mr. Joseph Gallo, your line is open.
Can you hear me? I'm sorry. Somehow my headset was not working. We can hear you now. Awesome. Sorry about that. Thanks for the question. Awesome to see the cash flow machine turn on. It was impressive operating margin performance this quarter and the guidance, although the full year raise was modestly less than the beat. Can you just walk us through the dynamics for this year? Is that primarily rev mix shifts? I think you mentioned headcount growth, but moderating. So just any other investments we should think through, given, you know, the 34% ARR growth is highly indicative of a large opportunity. Thanks.
Yeah, I'll start here. I mean, basically, you know, we're excited that we'll be able to, that we're raising the metrics across all boards from cash flow through the operating, through the revenue, through the operating. You know, in terms of, you know, color on that, We do expect SAS to be a bigger player on the revenue side as we go into Q2 and into the second half. With regard to the investments, you know, we're catching up on some hiring, on the slower hiring from Q1, and we anticipate to continue hiring into the second half as well, and You know, so that's where we'll see some of the investment side in R&D and also, of course, in the go-to-market engine, as we always like to pre-hire when we look at multiple years of growth. You know, I think, you know, from another perspective, in terms of the mix, you know, we see the mix continuing on other than the fact that, you know, we see it kind of inching up towards some more SaaS business.
maybe just one ad for me is you know when we look back on on q1 and we talked uh as josh just said about a little bit of a slower hiring profile we've seen that kind of kick in solidly here in april and so that actually brings up the anticipation of expense and that's built into our guidance going forward one of the nice things for me despite the the lower hiring in in q1 is when i actually look at the quota carriers which is what we really are investing in to make sure that we capture the opportunity We had a nice quarter around ramping up quota carriers, especially fully ramped quota carriers, and that sets us up to be able to go capture the opportunity here throughout the year. As the year goes on, we'll look for more opportunity to be able to capture on this exciting growth opportunity ahead of us.
Your next question comes from the line of Hamza Fadarwala with Morgan Stanley.
Great. Thanks for taking my question. Josh, actually a question for you on the guidance. I actually thought the guidance raised was better than expected in light of what we're seeing, I think, in software. More broadly, I'm curious, you know, it's Q1. It tends to be the seasonally slowest quarter of the year, and it's early in the year. So, you know, what's giving you confidence to raise that ARR guide? by the magnitude that you did, given what's still somewhat uncertain macro environment. Thank you.
Yeah, thanks, Sam. I think it really starts with the demand environment that Matt talked a lot about already in the earlier questions and in his prepared remarks. And that's kind of generating the pipeline coverage and the demand generation that we're seeing for the course of the rest of the year. I think the other point is we're well positioned from a go-to-market team and engine. Matt just alluded to the fact about where we are on quota reps and quota carriers. And just pretty much everything that we see coming out of Q1, first of all coming out of Q4, and then what we saw in Q1, And what we're seeing in the pipeline going forward and the overall demand environment that we're getting from the customer base, we're confident on being able to raise the guidance across those metrics.
Thank you.
Your next question comes from the line of Adam Borge with Stifel.
Awesome. Thanks so much for taking the question. Maybe just on the cloud, it's great to see the continued traction with secure cloud access. And as we think about kind of the cloud opportunity more broadly, you know, we often hear about either Kim or ITDR. I was hoping you could talk more about how you think about these adjacent cloud identity security markets as opportunities for CyberArk over time. Thanks so much.
Yeah, thanks, Adam. So we are, and you've all heard me talk about this opportunity of how we secure access to the cloud. And just to start with, that goes across two of the identity groups that I was describing. The traditional IT users are increasingly having to access not only on-prem targets, but also cloud assets and cloud environments. And we need what would be considered a traditional PAM tool that's able to actually manage those hybrid environments effectively or secure those hybrid environments effectively. And so our ability to be able to take SEA and blend it in within our identity security platform is a key component part of actually how we're staying ahead in securing IT users. Then there is this new population of developers out there. And these developers are hired at an exponential rate. And generally speaking, they're hired to go innovate. And once they start innovating, they're scaling up cloud environments. They have unfettered entitlements and access. And that is just not sustainable. And organizations are understanding that they need to put in place controls in the cloud. So our SCA solution, which allows for zero standing privilege, which is a unique approach, no privileges are assigned until the point of access. allows us to be able to go in and talk to customers about securing that developer population, allowing them to use native tools, and applying security controls at the point of access. So that's a way of building up then to your question, which is, all right, well, what is the differentiation here and how do these other markets play in? When you start to think about CIM, when you start to think even about ITDR, it's about really understanding or discovering what's going on. It's even in some cases about mapping entitlements versus targets. And we have a place to play in those areas, but the major place we play at CyberArk is in enforcement and in controls. And ultimately, once you discover, once you understand, you have to control. And our SCA solution is a light touch, easy to deploy, security first tool we can apply for controlling privilege access and privilege access specifically as people try to access the cloud. So that's just a little bit more background on it. I think it's an opportunity for us to be able to differentiate this cloud access market from some of the other areas that you were describing. And of course, our ability to be able to bring that into the overall platform is what sets us apart.
Your next question comes from the line of Roger Boyd with UBS Securities.
Great. Good morning and thanks for taking the question. I want to go back to Joe's question just on the guide, but regarding the duration tailwind that you've seen term license over the past two quarters, any color on what's driving that higher? And Josh, can you just clarify what you're expecting from a duration perspective throughout the rest of the year and how that might be impacting the different updates to the revenue and ARR guides? Thanks.
Yeah, you know, I don't think that there was any one, you know, there wasn't a trend of it driving higher. I think we saw, though, in the first quarter, it go up by a few months, and it contributed about just about $3.5 million in tailwind on the revenue side. for the quarter. And I think, you know, when we look at it kind of over time and kind of as we look into the pipeline, we kind of see it, you know, dropping down again by a couple of months, but it's going to move around between the 20 and the 23-month range.
I think the bigger point on the look forward really is this idea that Josh hit on earlier around what do we see in the mix when we look into Q2, Q3, and Q4. And when I analyze the pipeline, which unfortunately I still do, Eduard and I have great sessions around that, we try to understand what is it shaping up. And with all of our new products coming into play, which are SaaS only, and then where the market is moving, we see the mix of SaaS really stepping up in the quarters and in the out-quarters for the year. Now, we've taken that into account in our guide, and even with that, we've been able to raise our revenue outlook for the year. But it is a pretty substantial shift in our pipe towards SaaS.
Your next question comes from the line of Andrew Nowinski with Wells Fargo.
Great. Thank you for the question. I want to talk about the U.S. federal market. You mentioned you have FedRAMP high status for EPM and PAM now. I guess first, how is demand in the quarter? And then second, has that FedRAMP high status opened up a larger pipeline with new agencies that you can now sell to? And are they also purchasing SaaS or more on-prem? Thanks.
Yeah, thanks. So I think when we think about our FedRAMP, let me first clarify, what we announced was FedRAMP high for EPM and for our identity products. And why did we start there, by the way, versus starting with PAM? It was because we only have SAS versions of those products. So in order to even be able to sell into the federal government with identity and with EPM, we needed to be FedRAMPed. We believed in the market opportunity. That's why we went and did the heavy lift process, not just to get through FedRAMP, but to get to FedRAMP High. That opens up not just the civilian side of the federal market, but also the DOD side, and frankly also helps us at the state level with the state side of the government organizations. We are very bullish and optimistic of our ability to bring EPM and identity into those markets. Now we have an existing book of business with PAM on-prem that we've had for many years. We have invested in the on-prem certifications. We now are investing as well in PAM FedRAMP certification, and we'll get to that in the time ahead. But in the meantime, we believe that one of the biggest industries or verticals that are being attacked is the government. It's being attacked at the federal level. It's being attacked at the state level. And our ability to be able to institute core security controls like I'm describing, lock down the endpoints, have a bigger version of or bigger story of identity beyond MFA SSO, allows us to be able to capture a bigger piece of the market in the federal space, which we've done well successfully so far in our history, but we think it's an opportunity for investment and growth in the quarters and years ahead.
Your next question comes from the line of Itayi Kidron with Oppenheimer.
Thanks. I have two questions. Maybe I'll show them all at once. First for you, Josh, on the bookings upside, Can you give us a little bit more color there on how much of that is duration, new customers, expansion activities stronger than you expected, the mix of products there, any color would be great. And Matt, going back to the point you mentioned to the question of EPM being complementary to EDR, it is complementary today, but clearly more and more of your portfolio right now is at the edge. I would think the browser, I would think about that as an edge product as well. And so as you're moving closer and closer to the edge, can your EPM product evolve into an EDR-like product and be competitive with an EDR solution?
Sure. And I may take both just in the interest of time to move us along, but they're good questions. So on the first front when we when we look at the bookings performance in the quarter remember bookings has nothing to do with duration, so the duration we just wanted to be transparent was a bump up in the quarter it's about three and a half million of contribution around revenue. But it but it but it's not a contributing factor to the strength of our overall business, the strength of our overall business. is based upon continued growth across the entire portfolio. We continue to see AAR just grow really strongly for each piece of the platform. Now, I highlighted in the call kind of particular strength in the secrets management business, and I'm very excited by that because that, again, is showing our ability to compete effectively as a security sale in the machine identity space. So I would highlight that. I would also highlight, as we talked about earlier, our ability to be able to go back into the base and expand customers beyond PAM or securing IT into new areas like securing developers or our ability to be able to go compete effectively in the quarter around workforce and our differentiated workforce solution. So across the board, I can point to the entire portfolio, talk about strong bookings, and that kind of comes from that overall approach. Remind me again of the second question?
EPM into EDR.
Thank you. So on the EPM side, I think we are very comfortable with our definition of identity security. our definition for these four different identity groups, our ability to be able to be the control point, and our ability to be able to apply privilege controls across those. I think that EPM is a compliment to EDR. I'm very respectful of the EDR businesses that are out there. I go to customers and I tell them all the time, yes, they ask me, should I spend money on next gen EDR? And I say, yes, it's a good security control to have in place. And a lot of them have the right security first mindset and how they approach it. But I think there's plenty of space for us to carve out with the least privilege and privilege control side of the endpoint. And by the way, when you talk about our browser, you're talking about the same thing, the idea of an identity-centric security control-focused browser that can integrate into our identity security platform. And I think there's plenty of growth ahead of us without having to go into the larger EDR market. I appreciate it. Thank you.
Your next question comes from the line of Sharadi Kaltari with Beard. Your line is open.
Hey, thanks for taking my question. Matt, the follow-up on the secure browser GA looks very timely. As you said, addresses the growing demand for enterprise market and designed to go beyond just log in, harvesting and browser bidder access. One recent comment you made was you believe the browser will not only enhance security, but also drive adoption of all the other solutions. I know it's still early days, but the market seems to be moving quite fast. So just curious, are you already seeing signs where the browser is seen differentiated, becoming a landing point and driving demand for other solutions? And then just a quick follow-up on Azure.
Sure. So I think just to ground everybody in the release. So when you go into the CyberArk secure browser, you are able to, obviously, from a security control perspective, browse freely with a cookie-less browsing, with password replacement, with other security controls built right in. And it's designed for the privileged users to be able to get to other targets within the enterprise much, much more securely. And it kind of locks down and stops one of the most important or most difficult attacks to be able to protect against, which is post-session authentication hijacking. So we look at it and we pitch it from that perspective, and it is a really nice security story. But underneath that, it is really a gateway and an easy navigation into our identity security platform. When you go into the browser, you're presented with a copilot that allows you to be able to access your single sign-on tiles. It allows you to be able to access your infrastructure targets, traditional targets for PAM users. You can go and right from the browser, right from the main screen, you can get into your cloud service provider's portals, into the backend microservices. And you can actually do things right in the browser that you would normally have to go into the backend platform to go do. So that creates a much easier path for users and administrators to be able to leverage and use the platform effectively. So when we look and we talk with customers and all the customers that have been using the product when it was in limited release, they start to see this improved pathway of usage, removing the friction of user access in the PAM space and allowing for total integration into our workforce tools.
Got it. Super helpful, Matt. And just quickly on the Azure Marketplace platform, You mentioned about a seven-figure deal that you guys kind of won, landed with BAM EPM and kind of flowed through this new route to market. Can you talk a bit about the go-to-market motion and kind of any sense about the relative size or mix or incremental trends around this marketplace motion?
Sure. And I think you've heard us talk in the prior quarters about the idea of we believe that one of the upside opportunities for us is to continue to exploit new routes to market. You've heard us talk about that in the context of the MSP program, the launch of our MSP console, our ability to be able to actually leverage new channel partners, go down market with distributors. continue to push on our SI partnership and our SI relationship. So you see, overall, we're investing and enabling and building stronger partnerships. One of those new routes to market is our marketplace. And you've heard us talk about the AWS relationship that we've built and continue to drive on to allow for frictionless buying, to leverage the AWS Salesforce, and then to be able to be part of the dollars that sit out there for marketplace purchases. And it's been a great lubrication in the sales cycle. In this quarter, we highlighted the deal that you mentioned, which went through the Azure marketplace. We're earlier days from that perspective for sure, but it speaks to the overall marketplace opportunity as a buying vehicle and as a co-sell motion that can help drive our business forward.
That concludes our Q&A session. I will now turn the conference back over to Matt Cohen for closing remarks.
Thank you. And I want to go back as we celebrate our 25th anniversary to think about the fact that CyberArk is laser-focused on driving innovation and delivering value to our customers, an achievement we owe to the hard work and dedication of over 3,000 CyberArkers today, as well as our partners around the world. We are in an amazing position as the leading identity security company that is built to last and thrive for at least another 25 years. We look forward to welcoming many of you at our Impact Customer Event in just over two weeks. Thanks for joining the call today.
Ladies and gentlemen, that concludes today's call. Thank you all for joining. You may now disconnect.