This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
spk07: Good day, ladies and gentlemen, and thank you for standing by. Welcome to the QALYS third quarter 2022 investor conference call. At this time, all participants are in a listen-only mode. After the speaker's presentation, there will be a question and answer session. To ask a question during the session, you will need to press star 1 1 on your telephone keypad. At this time, I would like to turn the conference over to Mr. Blair King. Sir, please begin.
spk02: Thank you, Howard. Good afternoon and welcome to QALYS' third quarter 2022 earnings call. Joining me today to discuss our results are Sumit Thakkar, our President and CEO, and Jumi Kim, our CFO. Before we get started, I would like to remind you that our remarks today will include forward-looking statements that generally relate to future events or our future financial or operating performance. Actual results may differ materially from these statements. Factors that could cause results to differ materially are set forth in today's press release and our filings with the SEC, including our latest form 10Q and 10K. Any forward-looking statements that we make on this call are based on assumptions as of today, and we undertake no obligation to update these statements as a result of new information or future events. During this call, we will present both GAAP and non-GAAP financial measures. Reconciliation of gap to non-gap measures is included in today's earnings press release. And as a reminder, the press release, prepared remarks, and investor presentation are all available on the investor relations section of our website. So with that, I'd like to turn the call now over to Sumit.
spk05: Thank you, Blair, and welcome everyone to our third quarter earnings call. Qualys again delivered another quarter of strong revenue growth and cash flow generation while further executing on a focused investment strategy to deliver profitable growth. Given the accelerated growth in scope and complexity of cyber threats and an uncertain macroeconomic and geopolitical landscape, CISOs and CIOs continue to broadly prioritize natively integrated security solutions to both fortify their security posture and optimize budgets through a reduction of agents and response times to reduce risk and cut costs. As a result, Qualys experienced another quarter of steady VMDR adoption which is now deployed by 45% of our customers worldwide. Key competitive VMDR wins in the quarter include multiple customers, both down market and in the Forbes 1000. The strength of Qualys' VMDR solution has clear momentum in the market and is garnishing significant industry recognition. As recently announced, Qualys' VMDR application was voted the best vulnerability management solution at the 2022 FC Awards. This award evaluates vendors based on input from security practitioners worldwide and is held in high esteem. We believe Qualys' placement as the number one vulnerability management solution further validates our investment in the platform and represents the standard for securing customer environments today and in the future. With multiple long-term growth drivers in our business, I will take a moment to share some of the early successes we are seeing to broaden platform adoption with customers and partners. On the customer front, in a highly strategic competitive win, a large government agency entered into a seven-figure upsell agreement to expand its asset count with VMDR and patch management after selecting cybersecurity asset management policy compliance and multi-vector EDR as part of an initiative to transform its IT security architecture. This customer selected Qualys because we offer the only security and compliance stack available in the market today that utilizes a FedRAMP authorized platform and single lightweight agent to enable full asset visibility and context-aware mapping to prioritize vulnerabilities, proactively reduce technical debt, automate patching, and continuously monitor endpoints with high-fidelity telemetry to defend against future malware and ransomware events across multiple environments. In Q3, we also expanded our engagement with the Fortune 100 company in a competitive mid-six-figure upsell. The customer selected Qualys' cybersecurity asset management policy compliance and VMDR capabilities. The ability to significantly enhance its security program with comprehensive internal and external asset context, CMDB integrations, alerting prioritization, and accurate response capabilities with built-in ticketing and compliance monitoring on a single console while consulting agents were a key differentiator in this way. Beyond these wins, we continued to see new customers adopt cybersecurity asset management and patch management alongside VMDR. Instead of just being a one-dimensional tool used to detect and produce a list of vulnerabilities, these new competitive wins underpinned Wallace's ability to help customers not only detect but also prioritize risk across all assets while remediating vulnerabilities much faster than alternative siloed solutions. This is becoming an even stronger value proposition in the current microeconomic environment as customers increasingly seek multiple security offerings and capabilities out of a single Qualys platform. Investing in our partner ecosystem continues to be a key pillar in our go-to-market agenda. In the quarter, we expanded our relationships with several MSSPs and entered into a new partnership with the cyber insurance company, to enable reduced premiums for their customers using VMDR with TrueRisk. We also expanded our strategic alliance with IBM. Through this collaboration, Qualys solutions are being positioned as key platform for securing IBM's ZLinux mainframe infrastructure to bring highly accurate vulnerability detection and compliance capabilities to several of the world's largest financial institutions while utilizing the same Qualys agent. Additionally, we continue to see an increase in new customer deal registrations by our partners. We believe the expansion of our partner program since its launch in May reflects our strengthening brand awareness and strategic position in the market. A cornerstone of our strategy is engineering innovation, and we challenge ourselves every day to lead the industry. While we have been very focused on helping customers secure their cloud and container environment for some time now, our recent launch of TotalCloud further reflects the power of our platform by enabling cloud-native VMDR with FlexScan. By pairing agent and agentless zero-touch assessment options with high-efficacy vulnerability detection and prioritization capabilities, organizations can now extend the platform to continuously view all cloud assets, visualize the entire attack surface, and reduce risk by rapidly remediating and preventing misconfigurations and vulnerabilities from build to runtime. With Qualys agents already securing over 30 million workloads in the cloud, we believe this solution provides the most holistic, flexible, and accurate approach to modern cloud and container security available in the market today. We will showcase TotalCloud with FlexCan at our upcoming Qualys Security Conference in Las Vegas from November 7th to 10th. We already have over 900 people registered to attend, and we welcome all of you to access the agenda and register at qualys.com. At this conference, our product and engineering teams will showcase the innovation of Qualys platform, and our customers will talk about their success with Qualys, including focused conversations on how they have been able to save cost in their security program by moving to a unified Qualys platform with a single agent. With vulnerabilities proliferating at an unprecedented pace in the face of growing cybersecurity skill gap, now more than ever, architectures matter. With the recently announced acquisition of BlueHexagon, Qualys can now apply cloud-scale artificial intelligence and machine learning capabilities to the cloud platform, and it's more than 13 trillion data points collected from over 100,000 network scanners and over 90 million cloud regions. which makes this combination so significant is its ability to discover and identify relationships and patterns within our highly integrated data lake to rapidly predict and detect anomalous activities in customer environment that are invisible and undetectable in traditional security solutions. Specifically, upon integration, this capability will allow Qualys customers to detect active vulnerability exploitation, identify advanced network threats, and enable adaptive risk mitigation including real-time zero-day threat detection across all assets, applications, and environments. This is a uniquely powerful new addition to the Qualys Cloud platform, and we are pleased to welcome some of the best security minds and associated innovation in AI and ML to the Qualys family. In summary, we continue to pioneer and define a security cloud category built to solve modern security challenges. And given the large market opportunity in front of us with multiple growth engines in our business, we anticipate that we can grow at scale long-term, generate cash, and continue to invest in key initiatives that will further extend the gap between callers and the competition. With that, I will turn the call over to Jimmy to discuss in more detail our third quarter results and outlook for the fourth quarter and full year 2022.
spk01: Thanks, Ned, and good afternoon. Before I start, I'd like to note that except for revenue, All financial figures are non-GAAP, and growth rates are based on comparisons to the prior year period, unless stated otherwise. We're pleased to announce another quarter of strong revenue growth and healthy cash flow generation. Revenues for the third quarter of 2022 grew 20% to $125.6 million, up from 13% growth in the year-ago period. LTM calculated current billings grew 18%. A net dollar expansion rate speaks to the power of our platform and improving land and expand sales model, driving year-over-year increases over the past several quarters. In Q3, a net dollar expansion rate on a constant currency basis was $1.11, up from $1.04 a year ago. Our LTM average deal size increased 18% as organizations continue to turn to Qualys to solve modern security challenges through cloud-native platforms that aggregate and analyze data in the cloud. operate at web scale, leverage network effects to produce superior outcomes, and are easy to deploy and simple to manage. Vulnerability management continues to be a cornerstone of customer security programs by enabling real-time visibility of their security posture. Qualys' unified platform approach differentiates itself from other vulnerability reporting-only solutions through an integrated combination of capabilities, including comprehensive asset discovery, rapid risk detection, prioritization, and remediation on a single agent. In Q3, total customer penetration for VMDR was at 45%, up from 32% a year ago. We're also pleased with the continued adoption of our newer products, like patch management and cybersecurity asset management. In Q3, on an LTM basis, the two products combined contributed to 8% of total bookings. and 15% of new bookings, with both applications growing over 50% from last year. Continued adoption of Qualys solutions increased large customer spend, with 151 customers spending $500,000 or more with us. This represents 29% growth from the year-ago period and speaks to a strategic role we are playing in our customers' digital transformation initiatives. We remain focused on leveraging our scalable platform model to continue to drive superior margins and significant cash flow. Adjusted EBITDA for the third quarter of 2022 was 54.9 million, representing a 44% margin. BPS for the third quarter of 2022 was 94 cents. And our free cash flow for the third quarter of 2022 was 40.9 million, representing a 33% margin. Year-to-date margin was 40%. In Q3, we continue to invest the cash we generated from operations back into QALYS, including $1.2 million in capital expenditures and $95 million to repurchase 684,000 of our outstanding shares. With a long history of demonstrated strong profitable growth through times of uncertainty and volatility, we plan to continue to return excess cash to shareholders. As of the end of the quarter, we had $259 million remaining in our share repurchase program. Shifting now to guidance for the fourth quarter and full year, we are raising the bottom and top ends of our full year 2022 revenue in EPS guidance. While cybersecurity budgets remain largely unchanged, this guidance continues to reflect our pragmatic outlook regarding the uncertain global macroeconomic backdrop. Our guidance also reflects the planned increase in investment this year, while not losing sight of the importance of optimization as we remain committed to driving long-term profitable growth. Specifically, these investments continue to include expansion of our partner programs and enhancing our relationships to leverage that large distribution network. Alongside this, we will continue to invest in digital marketing initiatives and expand product management capabilities, as well as sales capacity and support functions. Additionally, as Suma touched on earlier, shortly after quarter end, we announced the acquisition of BlueHexagon. This is expected to have a diminished impact on full year results. With that, full year revenue is expected to now be in the range of $488.6 million to $489.6 million, representing a 19% growth. This compares to prior full year revenue guidance of $488 million to $489.5 million. In terms of profitability, we are raising our full-year EPS guidance to now be in the range of 3.60 to 3.62, from the prior range of 3.50 to 3.55. This implies an EBITDA margin in the mid-40s. For the fourth quarter, we expect revenues to be in the range of $129.7 million to $130.7 million, which represents 18% to 19% growth. we expect EPS to be in the range of 89 to 91 cents. Our planned capital expenditures in Q4 is approximately 2.5 to 3.5 million. And for the full year 2022, we expect investments in the range of 15 to 17 million. In conclusion, we believe our product differentiation will enable us to improve our competitive edge and drive durable top line growth while leveraging our highly scalable model to maintain strong cash flow and industry leading profitability. We believe that with customers becoming more cost conscious, with heightened scrutiny of their security spend, we'll continue to see higher levels of customer interest associated with the value proposition of consolidating vendors on a single agent and see that dynamic playing well for Qualys long term. With that, Sumedh and I are happy to answer any of your questions.
spk07: Ladies and gentlemen, if you have a question or comment at this time, please press star 1 1 on your telephone keypad. Again, if you have a question or comment at this time, please press star 1 1 on your telephone keypad. Please stand by while we compile the Q&A roster. Our first question or comment comes from the line of Joshua Tilton from Wolf Research. Your line is open.
spk06: Hey, guys. Thanks for taking my question. Is there any chance you can just Start off with maybe commenting on the calculated billings growth in the quarter and maybe what caused the decel from the quarter before.
spk01: Yes, so this quarter in Q3, current billings grew by 13%. For us, for our business, most of the time current billings continue to give us bookings, but there are multiple different reasons why it made difference. So, for example, this quarter specifically, I think current billings was impacted by a multi-year prepaid deal that ran off, as well as there was some FX impact that is not translated in the full impact to revenue.
spk06: So I guess maybe just as a follow-up to that, are you guys or are you not seeing any macro impact yet? I'm just trying to understand. It seems pretty positive on the prepared remarks, but you also have kind of this slowing billings growth. So just help us understand what you guys are seeing from the macro and maybe where those impacts are or not showing up?
spk01: Yeah, I think that we are seeing the impact of the macro. We are seeing the uncertainty. In terms of the current billing, though, I think the majority of the impact is SX adjusted. It's not materially different from last quarter. So the impact from the SX headwind is greater this quarter than last quarter. And even excluding that, because SX does have an impact on both bookings and current billings, we did have a negative headwind or impact from the multi-year prepays as well. So you can think of it as a couple hundred basis points negative head to current billings this quarter.
spk06: Thank you very much.
spk07: Thank you. Our next question or comment comes from the line of Matt Hedberg from RBC Capital Markets. Mr. Hedberg, your line is open.
spk00: Hi, this is Anusha for Matt Hedberg. Thanks for taking my question. Maybe just, you know, on the hiring, if you could just update us on the hiring front. You talked about double-digit growth in sales headcount in 2022. How is that progressing? And then looking out at 2023, as you set your priorities and budgets, how are you thinking about hiring? Yeah.
spk01: Yeah, we're very happy with the progress that we've been making. This year was an investment year for us, and I think that, again, So far, we're on track. I think that the double-digit growth in sales and marketing headcount that we had shared at the earlier this year, we've already achieved that mark. And so right now, we're kind of turning to look to see where we can optimize and focus on that return. So next year, although we will continue to invest in sales and marketing as well as other functions, the focus will be more on the optimization.
spk00: Got it. And then maybe kind of a follow-up on that. When we think about 2023, how should we think about the mix of investment around headcount, channel, and digital marketing? It seems like you're leaning more into the channel. Maybe if you could just elaborate on that.
spk01: Yeah, the channel investment started this year. It's new for us, still early in the phase. And I think we're satisfied with the progress that we've been making so far, but it's a little too early, so we'll be able to share more thoughts around that at our Q4 earnings.
spk00: Got it. Thank you.
spk07: Thank you. Our next question or comment comes from the line of Trevor Walsh from JMP Securities. Just to say, Mr. Walsh, your line is – I'm sorry. Our next question or comment comes from Mr. Matt Saltzman from Morgan Stanley. Mr. Saltzman, your line is open.
spk03: Hey, team. Thanks for taking the question. So just first question, trying to understand how much of the MDR growth is coming from the existing base versus new customers. And then second part of that question is, as penetration into the existing base continues to increase and you need more net new business for further growth, how are the channel incentives going to impact the margin structure going forward? Thanks.
spk01: I think that historically our growth has been primarily coming from the existing customer base as demonstrated by our strong net dollar expansion rate. I think that we've been very successful in selling into our existing customers. The retention still remains to be very strong. On the new business front, I think there's work to be done. We could have executed better this quarter on the new business side. And in terms of the unit economics, how we're thinking about pricing and incentives, especially with respect to channel partners, It's a little too early. We are working through that right now to think about how we're going to, you know, think through the profit sharing as well as the pricing overall because we are seeing increase in pricing competition.
spk08: Got it. Thanks so much. Thank you. Stand by.
spk07: Our next question or comment. It comes from the line of Trevor Walsh from JMP Securities. Mr. Walsh, your line is open. Hey, can you guys hear me?
spk04: Yeah. Okay, great. Thanks for taking my question. Sumedh, maybe for you, I was curious if you could walk us through the thought process around the Blue Hexagon acquisition. My understanding is that's more of a network protection response type offering for the most part. So as far as building or buying or partnering, actually, probably more importantly, given you've got some integrations with other network centric players, can you just help us understand kind of what what was special about them and the logic behind that and then kind of relatedly, maybe kind of what you're seeing in the broader XDR picture and how that might help to kind of flesh out your offering there. Thanks.
spk05: Yeah, great question. So Blue Hexagon, you know, they really brought to us a very strong team and a platform that understands machine learning and AI more specifically in the security space. And so, you know, when you have that kind of a platform with Qualys having the large amount of data, the 13 trillion data points that we talked about that we index and the telemetry that we get, there's many different applications that we can see that are very relevant to security that can be used sort of created from that combined platform that they have from a machine learning perspective with the data that we have. And the ability to sort of detect network-based intrusions or malware in the environment that you mentioned about is sort of one application of that. And that's sort of the first more mature application that we will be looking to integrate into our total cloud that we announced where leveraging the network data that we see in the cloud environment, we will be able to provide detections around zero-day exploits, et cetera. But we see a broader application over the next few quarters, over the next year or so, that we will integrate different aspects of our data into the machine learning platform and we'll be able to help different applications including more targeted patching for vulnerabilities that using ML model actually bubble up to be the ones that are going to be the most exploitable, etc. And then just providing more insight to our customers on what to prioritize on remediation as well as help with our EDR and our XDR capabilities to bring additional machine learning capabilities into those modules as well for analyzing the data. And so as we continue to build a more holistic platform, as we really think about it is, you know, customers need to know their devices, they need to be able to mitigate risk, and then they need to be able to monitor the threats. And that's where a combination of the asset inventory, VMDR plus patch management, and then EDR plus XDR from Qualys is going to benefit from the integration of BlueHeads R1 into our stack.
spk08: Great. Thank you.
spk07: Thank you. I'm showing no additional questions in the queue at this time. I would like to thank everyone for participating in today's call, including the program. You may now disconnect. Everyone, have a wonderful day.
Disclaimer