This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
spk04: Good day, and thank you for standing by. Welcome to the Qualis second quarter 2022 investor call. At this time, all participants are in the listen-only mode. After the speaker's presentation, there will be a question and answer session. To ask a question during the session, you will need to press star 11 on your telephone. Please be advised that today's conference is being recorded. I would now like to hand the conference over to your speaker today, Blair King. Please go ahead.
spk05: Thank you, Crystal, and good afternoon and welcome, everyone, to Qualys' second quarter 2022 earnings call. Joining me today to discuss our results are Sumit Thakkar, the President and CEO, and Jumi Kim, our CFO. Before we get started, I would like to remind you that our remarks today will include forward-looking statements that generally relate to future events or future financial or operating performance. Actual results may differ materially from these statements. Factors that could cause results to differ materially are set forth in today's press release and our filings with the SEC, including our latest Form 10-Q and 10-K. Any forward-looking statements that we make on this call are based on assumptions as of today, and we undertake no obligation to update these statements as a result of new information or future events. During this call, we will present both GAAP and non-GAAP financial measures. The reconciliation of GAAP to non-GAAP measures is included in today's earnings press release, And as a reminder, the press release, prepared remarks, and investor presentation are all available on the investor relations section of our website. So, I'd like to now turn the call over to Smed.
spk06: Thanks, Blair, and welcome everyone to our second quarter earnings call. We're pleased to report another quarter of continued revenue growth acceleration and cash flow generation as we drive a focused investment strategy for innovation and go-to-market scales. Despite global macroeconomic challenges and geopolitical uncertainties, growing cyber threats are driving CIOs and CISOs within organizations of all sizes to modernize their security platforms to reduce agents, cyber risk response times, operational complexity, as well as costs. Our continued strong growth reflects the commitment customers are making to the Qualys Cloud Platform to help drive these objectives. In Q2, there was a steady adoption of our vulnerability management detection and response, or VMDR solution, which is now deployed by 43% of customers worldwide. Key competitive VMDR wins in the quarter include a leading multinational chain of retail convenience stores, several global financial service companies, and public sector agencies, along with multiple new and existing customers down market, as well as in the Fortune 500. Further exhibiting our broader platform approach and expanding market opportunity, I will take a moment to share some of the successes we have seen with our customers and partners. First, on the customer front, an existing Europe-based Forbes 500 customer entered into a seven-figure competitive upsell agreement with us to expand its asset count with VMDR while adding patch management across their environment. Qualys was chosen over the competition given the platform's unified interface across public, hybrid, and multicloud assets, ease of use, superior performance, speed of detection, and automated patching capabilities without the need for a VPN. Next, a leading financial institution in the Middle East selected Qualys' cybersecurity asset management, VMDR, and patch management capabilities in a mid-six-figure new customer win. The ability to significantly enhance its security program with complete asset context, CMDB integration, alerting, and accurate response capabilities on a single integrated platform while consolidating agents were all key differentiators compared to vulnerability detection-only solutions in the market. We are executing our go-to-market agenda well, which includes our evolving partner ecosystem. Since launching our new partner program in May, we've already signed up two new large regional MSS partners in Europe and North America to further expand their ability to deliver managed cybersecurity services. Additionally, we're seeing an increase in new customer deal registrations by our partners. As our market share and brand awareness continues to strengthen, we are anticipating an increase in partner integration with our platform, which will further strengthen our strategic position, expand our ecosystem, and broaden our reach. On the platform side, this year has already been a strong year of innovation at Qualys. At our QSC event in San Francisco, attended by over 700 registrants, we showcased our thought leadership through the launch of VMDR 2.0 with TrueRisk, taking our differentiation in the market to the next level. With comprehensive risk scoring and ITSM integrations, customers can now focus on quickly identifying riskiest vulnerabilities on critical assets and help remediate with speed. Vulnerability management continues to be a cornerstone of customer security programs as they focus on improving their risk posture. Wallace's unified platform approach differentiates itself from other vulnerability reporting-only solutions by rapidly reducing risk for the most exploitable vulnerabilities with integrated patch management with the same agent. Our recent research shows that customers who scan and patch with Qualys as opposed to patching with alternate solutions can experience as much as 60% reduction in the meantime to remediate for the most exploitable vulnerabilities identified by CISA. Qualys' agents have deployed over 130 million patches for our customers validating our customers' desire to leverage vulnerability management platforms that help remediate vulnerabilities instead of just reporting on them. At Black Hat this week, we are featuring an organic extension to our cybersecurity asset management 2.0 application to include our recently announced external attack surface management capability. This new capability provides security and IT operational teams with unprecedented insights into blind spots and risk posture with a complete 360-degree view of all their known and unknown internet-exposed assets. Natively integrated with VMDR, this capability adds the external asset visibility to the already comprehensive internal asset visibility we provide on the platform instead of just adding another point solution for this feature. While many security software providers claim to offer a platform because they assemble an assortment of point products through acquisitions that are difficult to integrate, we don't see anyone coming close to offering the tightly integrated capabilities of our cloud-based platform. Especially in the current macroeconomic environment, we believe our organically developed and natively integrated platform that is also remediating and reducing risk can bring value to our customers as they get more security out of the single-callers platform. In summary, given our market opportunity, extendable platform for cyber risk detection, remediation and prevention, and speed of innovation, we believe we can continue to grow at scale, generate cash, and invest in key initiatives that will further extend the gap between Qualys and the competition. With that, I will turn the call over to Juning to discuss in more detail our second quarter results and outlook for the third quarter and full year 2022.
spk03: Good afternoon. Before I start, I'd like to note that except for revenue, all financial figures are non-GAAP and growth rates are based on comparison to the prior year period unless stated otherwise. We're pleased to announce our continued consistent and strong financial performance with double digit growth in both revenue and earnings per share. Revenues for the second quarter of 2022 grew 20% to $119.9 million. up from 12% growth in the year-ago period. Similarly, LTN calculated current billings grew 20%. In Q2, our patch management solution contributed to over 5% of bookings for the first time, with over 50% growth from last year. In addition to strong adoption by existing Qualys customers, patch management contributed to 9% of bookings from new customers, demonstrating our ability to drive growth through distinct product differentiation. Our LTN average deal size continued to increase for both new and existing customers as organizations turned to Qualys to secure a wider range of network-connected devices and associated applications spanning on-prem, cloud, container, and mobile environments. LTN average deal size increased by 17% from 7% a year ago. Through the seamless integration of workflows onto a single agent, Qualys is helping organizations efficiently respond to threats by enabling real-time visibility of their security posture. As such, customers are increasingly looking to Qualys to help solve their most pressing security needs as legacy point solutions are fragile, difficult to operationalize, and significantly extend remediation time, struggle to deliver value to the customer. This quarter was no different, and we're excited by the continued adoption of VMDR, with total customer penetration now at 43%, up from 28% a year ago. And continued adoption of Qualys solutions increased large customer spend, with 139 customers spending $500,000 or more with us. This represents a 23% growth from a year-ago period. Our platform and single-agent approach is resonating with customers while strengthening our market position. With CIOs and CISOs looking to cloud platforms that are agile, easy to deploy, and easy to manage, organizations are increasingly phasing out legacy point solutions and adopting cloud-native, full-stack security and compliance coverage to meet the demands of today's threat landscape and reduce costs. We remain focused on leveraging our scalable platform model to continue to drive superior margins and significant cash flow. Adjusted EBITDA for the second quarter of 2022 was 54.4 million, representing a 45% margin. EPS for the second quarter of 2022 was 89 cents. And our free cash flow for the second quarter of 2022 was 30.3 million, representing a 25% margin. Year-to-date margin was 44%. In Q2, we continued to invest the cash we generated from operations back into QALYS, including 3.5 million on capital expenditure, and 71.2 million to repurchase 561,000 of our outstanding shares. The resilience of our sustainable and scalable business model has been proven over time, as currently demonstrated by our strong profitable growth during the time of uncertainty and volatility. With over 500 million invested to repurchase shares over the last four years, and 354 million remaining authorized for future share repurchases, we plan to continue to leverage our excess cash to return capital to shareholders. Sifting now to guidance for the third quarter and the rest of the year, our strong year-to-date performance continues to bolster our confidence in both our strategic agenda and business environment. We are raising the bottom and top end of our revenue guidance for the full year to now be in the range of $488 million to $489.5 million, representing a 19% growth. This compares to prior full-year revenue guidance of $484 to $486.5 million. In terms of profitability, we are raising our full-year EPS guidance to now be in the range of 3.50 to 3.55 from the prior range of 3.13 to 3.17. This implies an EBITDA margin in the mid-40s. This revised guidance reflects the planned increase in investments in the second half of this year. Partners remain strategic to our growth strategy, so our current focus is on further investing in our partner programs and enhancing our relationships to leverage their large distribution network to drive profitable growth in the business. Alongside this, we will continue to increase our investments in digital marketing initiatives and expand product management capability, as well as sales capacity and support functions. For the third quarter, we expect revenues to be in the range of $124.5 million to 125.1 million, which represents a 19% growth. We expect EPS to be in the range of 85 to 87 cents. Our planned capital expenditures in Q3 is approximately 2.5 million to 3.5 million, and for the full year 2022, we expect investments in the range of 16 to 18 million. In conclusion, we are pleased with our Q2 results and believe we are well positioned to drive durable top line growth on the back of a large and growing market opportunity, while leveraging our highly scalable model to maintain strong cash flow and industry-leading profitability over the long term. We remain cautious in macroeconomic and geopolitical situations, particularly in Europe, but believe that offsetting this is the upside from our product differentiation, and with customers becoming more cost-conscious with their security budgets, we will continue to see higher levels of customer interest associated with a value proposition of consolidating vendors, and a single agent and see that dynamic playing well for Qualys. With that, Sumedh and I are happy to answer any of your questions.
spk04: Thank you. And as a reminder, to ask a question, please press star 1-1. One moment while we compile the Q&A roster. And our first question will come from Dan Bergstrom from RBC Capital Markets. Your line is open.
spk10: Hey, it's Dan Bergstrom from Matt Hedberg. Thanks for taking our questions. Say on platform adoption driving higher customer spend, I think that's a real impressive part of the presentation, that $500,000 customer spend. Could you drill down into the trends you're seeing around those larger customers and maybe the partnership that you have with them?
spk06: Yeah, that's a great question. I think right now we're seeing that as these customers, they get deployed with VMDR, which is sort of what we focused on the last few years. and I gave that example of one of those customers in Europe, they are expanding additional licenses with Qualys for VMDR. They are additionally also adding patch management, looking at cybersecurity asset management. I think overall that is helping them get additional value out of Qualys and also able to, for us, be able to position sort of differentiators in the VM space where they are actually able to now deploy additional capabilities that we right now don't see being offered in the market by the other VM players, right? So I think those customers, as they continue to expand from an upsell of the existing VMDR license, but also add additional products from Qualys, we're pretty excited about what that can mean in terms of these deal sizes. And, you know, overall, that also essentially makes us strategic partners with these large customers because at this point, they're really well integrated into their cybersecurity stack and very strategic to the success of their programs. And so as we gain more visibility, that creates more opportunity for us to have conversations with the customers on what value we can bring to these large customers.
spk10: That's great. And then maybe for Jumi, you touched on this a little bit in your prepared remarks, but you know, investment over the second half here into 23. Can you talk about how you're weighing kind of the mix of, you know, investment and headcount, channel and digital marketing? There's a lot of talk about the channel on the call here in the prepared remarks. Are you leaning more into that perhaps than previously?
spk03: We are. We did announce a new partnership program and an initiative that we were thinking through earlier this year. And we are seeing early indicators that's working well for us. And in terms of our partners, we are seeing growth that we can definitely leverage and accelerate in the shorter term in balancing out with our investments in the direct business. And so for us, we are investing in all areas. As we said before, if you take a look at our guidance for the EBITDA margin, that does indicate a healthy growth, and that happens to be increasing investment in partnerships, increasing the headcount, as well as the digital marketing and product marketing as well.
spk08: Thank you.
spk04: Thank you. And we'll take our next question from Joel Fishbein from Truro Securities. Your line is open.
spk11: Hi, Julie. I have a quick follow-up question to that. You had also initiated to accelerate some hiring and sales. Can you give us an update on where you are with that, not just the investment in channel? And also, love to just get your confidence in the visibility for the guidance for the back half of the year.
spk03: Yeah, happy to address that. I think that at the beginning of the year, we had as far to increase spend a factor and more this year. I think that we're a little bit behind on the hiring. With that said, we've made some progress, definitely better than what we see last year. And I think that's demonstrated by our increase in spend. So for example, just as a non-GAAP sales and marketing, if you take a look at that Q2 year-over-year spend, that 28% growth is the highest we've seen in recent years. Even taking a look at year-to-date growth, that's 20% growth versus 7% in the same period last year. And I think the two years prior to that, we've been decreasing. So last year, I know that the sales and marketing headcount only up by net 10. We're up by more than that in the first half of this year. So we're optimistic in our ability to continue to increase in spend and hire more people going forward.
spk11: Thank you. That was great. And then just your visibility into the guidance.
spk03: Yeah, I think that our visibility into the guidance right now is similar to how we look at the business. The trajectory of our business momentum is informed by our current feelings, current deals in play, in our discussion with our customers. We recognize the uncertainty that a lot of our peers have and other companies. With that said, I think that the momentum is there. We are optimistic in our ability to continue to accelerate. If you take a look at our revenue guidance, what that implies is 19% growth in the second half after achieving healthy acceleration in revenue in the last year, we feel confident in our ability to deliver that. And then in terms of the investment, as you can tell by the increase in non-GAAP VPS, this is really informed by our taking a look at the initiatives that we had at the beginning of the year and finding that right balance and thinking through in the next six months what we think that we'll be able to really realize in terms of investment, and that's informed our guidance.
spk11: Great. Thank you so much.
spk04: Thank you. And our next question will come from Nahal Chokshi from Northland Capital Markets. Your line is open.
spk08: Yes. Can you hear me?
spk09: Yes. Great. Congrats on a strong quarter. Short-term billings, that was up 18% year-over-year. Is that correct?
spk03: That's right.
spk09: Okay, and that represents a slight deceleration. What's the narrative behind that slight deceleration in short-term billings?
spk03: Quarterly billings tend to fluctuate from quarter to quarter, and that happens to do with the renewal time, timing of the deals, and the duration of the billing. But with that said, even on the LTM basis, you'll see that slight tickdown. Part of the reason is because we do have some headwinds that all the other companies are seeing right now in the certainty in the business. That said, what that means for us is I think in the near term, especially in this volatile market, I would point to our revenue that's more normalized just because we do hedge on the top side, on the revenue, and that's not reflected in our current billing.
spk09: Okay. Okay. And then, Jimmy, you also mentioned that you remain cautious on macroeconomic concerns out there, especially in the media, but are you actually seeing that play through in terms of your bookings or billings?
spk03: We do see, in our discussions, we're a little bit cautious, rightfully so. I think that all companies are, but, you know, Based on our discussions with our customers, we don't think that it's going to be a significant impact on our business. We still see a high demand. I think that the security budget as a whole is not decreasing, although the companies are looking at their spend and scrutinizing their spend to make sure that they have the right vendor and prioritizing their spend and investment accordingly. And that's reflected in our guidance.
spk09: Okay, great. Thank you.
spk04: Thank you. And our next question will come from Rudy Kessinger from DA Davidson. Your line is open.
spk12: Great guys. Thanks for taking my questions. Um, you know, on the revenue in terms of the beat versus your guide, one of the largest beats I think you've put up in the last several years, if you could just maybe bucket out, you know, where you saw the upside in the quarter, um, more specifically, was it more so from new customers, existing customers, uh, expansion into patch management, some of the other products, as opposed to maybe BMDR. Just what really drove the solid upside in the quarter despite the macro?
spk03: Yeah, I think that right now we're seeing the early indicators assigned. I think this is the first time that we've provided some color into our newer products like patch management. We've always known that there's an upside to our newer products. We're seeing that kind of adoption happening as we speak right now. So this was the first quarter where we saw patch management being material to the business, and by that I mean more than 5% of our bookings. And even more encouraging for us is the fact that 9% of our new bookings came from patch management as well. So that's contributed to our net dollar expansion rate, which remained at 110%. We are seeing strong retention in the business and the existing customers, as well as upside and cross-sell opportunities. With that said, that 5% of cash management, it's still very small. And so that's why we think that there's a huge upside. It's just starting now. And given the current situation, I do think that customers are more focusing and starting to view us as a cloud security provider. And it does increase our opportunity to consolidate other security vendors out there with more customers looking to call us for multiple solutions.
spk12: Got it. And then just circling back to the sales hiring, I know you had said, Previously, you wanted to hit double-digit growth in SMM headcount this year. It certainly sounds like from the commentary you're leaning a bit more towards channel versus direct, but do you still think you'll hit that double-digit growth in SMM headcount this year or no?
spk03: Yes, yes. We are still on target for that. We are targeting still growing the sales and marketing headcount by double digits, but we are looking into other avenues as well to make sure that we have the balanced approach to investments.
spk12: Okay, got it. Thanks for taking my questions.
spk04: Thank you. And our next question will come from Hamza Fadarwala from Morgan Stanley. Your line is open.
spk01: Hey, guys. Thanks for taking my question, and good evening. Lisa, I have a question for you. Qualys has broadened out its portfolio across IT security and compliance over the last few years. Are there any areas within that portfolio where you're seeing more of a prioritization than others? I'm thinking of like maybe asset discovery, seeing more demand versus vulnerability management or vice versa. Any color you can give there would be really helpful.
spk06: Yeah, that's a great question. I think if you look at today, we continue to have healthy growth in VMDR, but I think, you know, as we have provided the color with patch management, not just from what we see on the business from bookings, but also the fact that Qualys agents have deployed 130 million patches for our customers. And it really is a testament to the fact that we are becoming very critical for these customers to help reduce the vulnerability, right, and not just report on them. So while vulnerability management traditionally is just focused on if you tell me the asset, I'll tell you what issues are on the asset, then you have to go figure it out. the broadening of the platform across multiple different aspects has really helped customers bring the asset management, vulnerability management, and batch management together. And those really go hand in hand. And so they actually do help each other in terms of customers who are looking to get VMDR are more likely, in our opinion, to go with Qualys when they see that they can also leverage patch management, when they see that external attack surface is built into that solution or cybersecurity asset management is bringing them a lot of visibility into the asset inventory. So as vulnerability management continues to be critical, the surrounding functions, as I would call them, to first find all your assets and then fix all your vulnerabilities start to become more and more important, and especially conversations with our customers in the current macroeconomic environment that we see they are looking for how they can get additional value, how they can get more out of the solutions that they already have. And so that's why we are quite excited. And we kind of do see that cybersecurity asset management and patch management are starting to be the area of focus for customers if they're looking to really reduce the amount of time it takes for them to find an asset to actually fix it, which today with multiple tools, and multiple teams, it takes quite a bit of time. And that was demonstrated in some of the research that we put out where we were able to take customers who were using Qualys to scan and some other tool to patch versus those who were using Qualys to scan and Qualys to patch. There was a marked difference in the top 10 most exploitable vulnerabilities that CISA put out. we are helping them really reduce the amount of time it takes when they're doing a broader platform adoption. So I think those are the areas within the platform that we see. So, of course, we have other things that customers buy, like file integrating monitoring and a few other things, but cybersecurity asset management and match management tend to really kind of go with that VMDR purchase and which is also being reflected in our new business where we are seeing the deal sizes and, you know, take into account the first purchase directly of VMDR hatch management and cybersecurity asset management instead of just coming and getting only VMDR. So hopefully that answers the question.
spk01: Yeah, that was super helpful. Maybe just for Jimmy on FX, just wanted to understand the, the negatives and potential positive impacts there, because I understand 24% of the revenue, I believe, is priced in local currency, but that exposure is hedged. And then on the OpEx side, you've got about 29% of your OpEx, which is local currency. Was there any headwind on the revenue side that we should be aware of for the billing side? And then on the OpEx side, how should we think about maybe the stronger dollar benefiting you on the margin front over the next 12 months? Thank you.
spk03: Yeah, because of our hedging program, we have four contracts in place, just like you said, on both the revenue and expense side. And so what we're seeing right now is we don't, the part that we hedge, we're seeing some benefits and costs that gain their losses that are offsetting. Year to date, it's really not material for us on the revenue. It could become greater in the second half of this year, but it With that said, I still don't see it on an annual basis. It'll be significant because of our hedging program and how it's working right now. On the expense side, same thing. We hedge the INR, which is about like 15% of our expenses. We see the benefits and losses offset each other more or less. And so that's why on a margin, it hasn't been material for us in the last couple of years. Don't see it being material for us in the next 12 months either.
spk01: Thank you.
spk04: Thank you. And our next question will come from Yoon Kim from Loop Capital. Your line is open.
spk00: Thank you. Congrats on another solid quarter, Sumedh and Jumi. Obviously, your VMDR strategy continues to play out very nicely, especially with existing customers. Sumedh, you kind of mentioned some data points regarding new customer acquisition front, but can you give us – update on how your VMDR strategy and your overall extended product portfolio is, you know, helping you in terms of a new customer acquisition. What has been the trend around new customer acquisition, especially among the large global 2,000? Thanks.
spk06: Yeah, I think just to add color at a high level, we are very pleased with what we are seeing with the new business right now. As you know, we've been making changes and investments in that area the last few quarters. And so, you know, With new business right now, we're seeing that our bookings in this quarter were among the highest that we have seen, along with increasing the average deal size, which is quite interesting and exciting for us because what that tells us is that when we are in a competitive situation and we are talking to these customers, we're actually able to bring them, show them the value of the combined solution set that they can purchase multiple things together and which ends up becoming a lot more cost effective for them in terms of deploying and operationalizing these programs. And so it's not where it's they only buy the MDR initially and then, you know, say, okay, we'll take a look at some of these things later. Right off the bat, they're able to see the value coming out of that. And that's reflecting in the average deal size going up. That's reflecting in patch management being 9% of our, you know, of our new business as well for this quarter. And then I think the other side of that is just the reduction of coin solutions is very helpful for these customers in being able to really be able to not have to take on the cost of deploying these things. So overall, I think, you know, early days, but quite pleased with the momentum that we are seeing on the new business side.
spk00: Okay, great. And then just try to understand whether or not the BMBR penetration is could potentially peak at certain point or slow down. Obviously, the penetration rate has increased 3% to 4% sequentially fairly consistently every quarter for the past couple of years. Now that you're kind of entering the third year anniversary of that VMDR release, is there any expectation that VMDR adoption rate maybe perhaps slow up a bit as you hit up the customers for VMDR second or third time around this time? And then also if you can just give us some sense on how much of your mix of your renewals are slated for second half versus first half. Thanks.
spk06: Yeah, great question. I think VMDR, in our opinion, continues to be a significant differentiator in the market. And we really have been innovating quite significantly. And exactly for that purpose, we want to continue to stay ahead of where everybody else is in terms of the capabilities we bring with VMDR to the VM market, which is why within two years of launch of VMDR, we launched VMDR 2.0 recently, which was really well received by our customers, bringing additional capabilities on risk rating, risk ranking, and really focusing on remediation along with ability to leverage ITSM tools to really significantly reduce the time for remediation. So I think it's VMDR and then the rest of the capabilities that they can purchase on together with that really kind of make up that cohort of capabilities that our customers look at, not just VMDR. So VMDR adoption strategy has been to get VMDR, get them to see the value of the adjacent capabilities, get more agents, which make it easier for them to adopt some of these additional capabilities and then continue to innovate with, as we did with VMDR 2.0. to add these additional capabilities. And we're excited to see how our customers can benefit from external attack surface management also, which we're launching, which we just launched this week, so that they can bring additional assets into their VMDR purview. So I think we see that there is customers who have adopted VMDR, early adopters, we're seeing... So I think we see that there is... customers who have adopted VMDR, early adopters. We're seeing some customers who are on the sidelines are adopting that. We are working towards more innovation to get the rest of them on board. And then there's obviously a cohort of customers that today may not be all this for VM and maybe leveraging for web application scanning. So that remains an upside opportunity for us to look forward, but we continue to look at it from multiple different angles.
spk08: Okay, great. Thank you so much.
spk04: Thank you. And we'll take our next question from Brian Essex from Goldman Sachs. Your line is open.
spk02: Hi, this is Charlotte on for Brian. A quick question. So I know you mentioned that essentially FX wasn't a huge impact on the top line, but can you talk about the impact of FX on And pricing outside of the U.S., like, deals, for instance, are getting more expensive just because the strength of the dollar. Like, how has that impacted, like, your sales and marketing as a whole? Like, is there more discounts associated? Any color would be great. Thank you.
spk06: Yeah, you know, I think we obviously are aware of the macroeconomic conditions, and we continue to be cautious about where things are heading. But we are having positive conversations with our customers, especially around the ability to add value because of the different capabilities that are integrated into the platform rather than being more of a pure place. So in terms of competitive conversations or when customers are being told to make sure that they get the maximum value out of the budget that they have been given, those positive conversations have been recently happening for us in Europe and we continue to stay excited about the opportunity that it can really help us show the customer's additional value instead of getting into discounting conversations, right? So that way, we can now provide the customer, in addition to VMDR, cybersecurity asset management, patch management, these are going to help them reduce their overall cost rather than, you know, point solutions that only do one thing where they have to focus more on discounting. So again, We continue to monitor and see how the environment evolves, but we feel well positioned with the overall stack that we have, that we have multiple things at our disposal to work through with these customers to show additional value rather than focusing on just discounting.
spk02: Gotcha. Thank you for the color. And I guess another question, if you could expand cash from operations declined decently over Q or Q, is that just the seasonality thing, just any color regarding that would be great. Thank you.
spk03: Yeah, our cash flow tends to fluctuate, and so that's why we look at whether they also provide the color on the year-to-date. And similar happened two years ago where, you know, our cash flow in one quarter might be 60% and down 30%, but year-to-date it does normalize, mainly due to the fluctuation, whether it be from prepaid or the operating cash flow from AR or different balance.
spk02: Understood. Cool. Thank you so much.
spk04: Thank you. And we'll take our last question from Alex Henderson from Needham & Company. Your line is open.
spk07: Great, thanks. I actually have two different questions, and they're kind of related. One is, can you talk a little bit about the degree to which your new product portfolio has allowed you to overcome pretty tough economic environment. And in the context of how much of a delta, I know this is almost an impossible question to ask, but how harsh has the environment gotten and how might it have looked had you not seen that benefit of having this much better product portfolio? And conversely, can you talk a little bit about when you were getting these additional wins Who are you displacing in that environment, and how are they reacting relative to their pricing against that macro environment that was expressed in the last question, i.e., pricing down significantly in Europe in order to bring it into a palatable range for foreign companies that are struggling under a 20% currency translation?
spk06: Great question or questions, but I'll answer the possible ones first. So I think that going in the trend of what we talked about in terms of the new product portfolio, especially focused on cybersecurity asset management and patch management as sort of additions to VMDR, I think For us, that has been really positive, and our vision from a couple years ago that the market was going to go in this direction, and even a couple years ago when we introduced patch management, where players were not looking at patch management as something that should be part of vulnerability management. I think 130 million patches later, we're very proud of what we have been able to achieve in providing value to our customers, and we look at our innovation on the platform, very similar to the way we run our company in terms of, you know, being very focused on bringing value. And so when we talk to our customers and we are able to get in the conversations to showcase them, how they are able to reduce risk, right, at the end of the day, while the number of products and the cost of the products is one aspect of it, when we are able to showcase that when they are leveraging the combined solution with VMDR and the new capabilities together with asset management and match management, the time to remediate for the most critical vulnerabilities is reducing by half in many cases, right? And for a security practitioner and a CISO, being able to do that, reducing the amount of exposure that they have with the number of days by that kind of quantity, I think is really helping us with these conversations to showcase that, yes, we displace point solutions, we displace you know, sort of platforms that are loosely pulled together with acquisitions. But the combined integrated platform capability really helps them reduce the risk. And that's really at the end of the day, a focus for all security teams, right? That is, of course, a financial benefit as well. And I'll give an example of where one of our customers for cybersecurity, for external attack surface management, are looking at a pure play external attack management company, their product, it's low six figure that they have to pay for that. Qualys, when you have the conversation with them, when the external attack surface is now part of our cybersecurity asset management, for about the same amount of money, we can give them significantly more value because we are not just giving them the external visibility or we're giving them cybersecurity asset management capabilities that include things like internal visibility, end-of-life software, et cetera, right? So that innovation in terms of making sure that we are staying ahead and then providing this as a bundle with VMDR is now helping customers to see the value to say, do I go with this pure play vendor that's only giving me the list of what is discovered but is not integrating into what I need to scan, et cetera, or you know, I gave that example for the same amount of money, they could actually then leverage cybersecurity asset management from Qualys and then competitively, you know, competition, even if they try to look at the price drop, it's not, they don't have batch management, they don't have cybersecurity asset management to sort of offset that, right? So that's some examples. Of course, we continue to see some things here and there, but I think that's the conversations that we have and why we are seeing the increase in the deal size, the net retention, as well as, match management becoming strategic to us.
spk07: Where do you see your incremental growth coming from in terms of competitive displacement? Who are you displacing?
spk06: It's a different combination. Many times it's internal security teams, homegrown products. Sometimes it's other pure play products that are just giving you a list of vulnerabilities. In some cases, patch management standalone products that don't have the context of what needs to be patched. So it's just different in different customers. Sometimes we see that they buy us as a supplemental patching solution to their existing patch management because Patch management is an IT capability meant for upgrading software. So if you need new features in Java, you're going to do that patching once every two months after a lot of testing. Security teams need the ability to patch for security issues much faster than that. And that's where the friction comes, right? So for us to be able to go and say your security team, while IT team can continue to use their patching tool for their more sort of, you know, add new feature type of capability, the ability for Qualist with the existing solution that they already have to go in and say, in the case of a cyber-related issue, we can actually very quickly go and do a targeted focus patch of this. In those cases, it helps them also buy that capability in addition to maybe SCCM or something like that that they may already have.
spk08: Great. Thank you so much for the detail. Sure.
spk04: Thank you. And this does conclude today's question and answer session and conference conference call. Thank you for your patience. You may now disconnect. Everyone, have a wonderful day.
spk08: Goodbye. The conference will begin shortly. To raise your hand during Q&A, you can dial star 1-1.
Disclaimer