This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
Operator
Good day and thank you for standing by. Welcome to the QALYS first quarter 2024 investor call. At this time, all participants are in a listen-only mode. After the speaker's presentation, there will be a question and answer session. To ask a question during a session, you will need to press star 1-1 on your telephone. You will then hear an automated message advising your hand is raised. To withdraw your question, please press star 1-1 again. Please be advised that today's conference is being recorded. I would like to hand the conference over to your speaker today, Blair King. Please go ahead.
Blair King
Good afternoon and welcome to Qualys' first quarter 2024 earnings call. Joining me today to discuss our results are Sumit Thakkar, our president and CEO, and Jumi Kim, our CFO. Before we get started, I would like to remind you that our remarks today will include forward-looking statements that generally relate to future events or our future financial or operating performance. Actual results may differ materially from these statements. The factors that could cause results to differ materially are set forth in today's press release and our filings with the SEC, including our latest form 10Q and 10K. Any forward-looking statements that we make on this call are based on assumptions as of today, and we undertake no obligation to update these statements as a result of new information or future events. During this call, we will present both GAAP and non-GAAP financial measures. reconciliation of gap and on-gap measures is included in today's earnings press release. And as a reminder, the press release prepared remarks and investor presentation are all available on the investor relations section of our website. So with that, I'll turn the call over to you, Sumit.
Sumit Thakkar
Thank you, Blair, and welcome to our first quarter earnings call. Call has delivered another quarter of healthy revenue growth, strong profitability, and cash flow generation, reflecting our ongoing commitment to rapid innovation and customer success. Given the accelerated growth in scope and complexity of cyber threats alongside an intensifying regulatory environment, boards and C-level executives are increasingly focused on the business outcome of cybersecurity. This requirement makes seamlessly integrated security solutions a necessity for customers to effectively measure, communicate, and fortify the security posture. We believe the Qualys Enterprise TrueRisk platform designed to reduce friction, risk, and cost provides organizations with a foundational risk management platform for the future, and serves as a structural competitive advantage for both our customers and for Qualys. As a result, our VMDR solution with TrueRisk is not only fueling new logo lines, but also increases platform adoption, especially in the areas of cybersecurity asset management with external attack surface management, patch management, and cloud security. In Q1, healthcare, technology, retail, and financial services verticals all demonstrated strong VMDR demand with large deal sizes. Further underscoring the power of our platform, I will take a moment to share a couple of examples of how our customers and partners continue to expand their use of Qualysys capabilities to consolidate their security stacks. On the customer front, a marquee high six-figure bookings enterprise customer win in Q1 was with a leading business services company in the Forbes 1000. The customer expanded its VMDR with Truisk and batch management deployments while adopting cybersecurity asset management with EASM as part of an initiative to detect end-of-life and end-of-service software, monitor subdomains of its infrastructure, and transform its IT security architecture while replacing point solutions from pre-vendors to the single platform. The ability for this customer to significantly enhance its security program with comprehensive internal and external asset criticality, holistic risk scoring, ticketing, and automated patching across its on-prem cloud and container environments through a natively integrated platform and unified dashboard were all key differentiators compared to alternative next-gen and legacy technologies. The next event demonstrates how Qualys helps helped an existing Forbes 100 manufacturing company standardize on Qualys Enterprise Tourist Platform and consolidate risk factors from different Qualys modules into a single risk score with business context. This existing VMDR and token cloud customer was struggling with connecting disparate asset management tools and business processes across several subsidiaries and environments and needed to gain better visibility into its attack surface to uniformly contextualize, communicate, and manage risk. Recognizing the increased value they would gain by further consolidating on Qualys, this customer replaced its existing asset management tool and adopted our cybersecurity asset management with EASM solution in a six-figure bookings upsell. This customer is now leveraging multiple aspects of Qualys Enterprise Tourist Platform, spanning on-prem cloud and multi-cloud assets to quantify and prioritize risk reduction initiatives, increase organizational resilience, and give its CISO peace of mind. Investing in our partner program continues to be a key pillar of our go-to-market agenda as it bolsters our capacity, harnesses transformative solution sales, and brings new business to QALYS. Through these investments, we continue to advance our evolving partner ecosystem with two leading managed service providers in America. One recently expanded is offering Beyond VMDR to include our patch management capability. and the other standardized on Qualys as its preferred partner for VMDR cybersecurity asset management with EASM and patch management spanning both its federal and commercial verticals. The latter of these two wins is a testament to the investment we are making to expand our federal business and we're looking forward to hosting our first public sector cyber risk conference later this month. And with nearly 50 partners already on our recently announced new MSSP partner portal, to simplify their operations, launch and manage quality capability and significantly reduce remediation times for their customers. We are increasingly well positioned to expand our reach to customers of all sizes. Additionally, we strengthen our alliance with a leading system integrator, which is now actively bringing our total cloud CNAP solution to its customers. We believe the broad expansion of our partner program over the past several quarters continues to reflect our strengthening brand awareness strategic position and value position in the market. With tightly integrated solutions delivered through a natively integrated platform to solve modern security challenges, more and more quality customers are beginning to understand how cybersecurity transformation drives better security outcomes, saves times and costs less. As a result, customer spending $500,000 or more with us in Q1 grew 19% from a year ago to 192. Since our inception, driving innovation is at the core of Qualys' mission. We are excited with our upcoming Enterprise True Risk Management application, which marks the next stage of expansion of our platform, building on top of the success we have seen with VMDR with True Risk. The ETM capability will enable VMDR customers to upgrade to a more holistic cyber risk management platform that goes beyond vulnerability management. The Enterprise True Risk management solution holistically aggregates and normalizes trillions of first and third party data signals, correlates risk factors with assets, threats, and business context, detects, visualizes, quantifies, and prioritizes risk, and makes remediation frictionless and immediate with simple click of a button. With these newest capabilities, all natively integrated on a single unified dashboard, Qualys is once again well-armed with powerful new platform capabilities that broadly measure, communicate, and remediate risk across the entire attack surface, including IT, OT, applications, cloud, and multi-cloud assets. Moreover, our comprehensive AI-powered insights are now converting detected risk into optimized remediation actions across our platform solutions with our out-of-the-box, instant, and actionable insights mapped to an organization's own data to preemptively reduce risk in their environment. The feedback from many of the CISOs I met at our recent QSC MEI event in London has been very positive with respect to the deployment agenda's excitement about the rapid pace of new capabilities that we are delivering and their ability to monitor and measure risk reduction ROI for the cybersecurity spend. Further advancing our true risk capabilities, I'm pleased to announce we recently brought MITRE ATT&CK matrix prioritization into the Qualys Enterprise True Risk platform. By combining over 25 sources of threat intelligence with the MITRE ATT&CK framework, we are now further enabling organizations with a holistic attacker-centric view to predict and identify critical risks to their business based on the ATT&CK tactics and techniques. With this advancement, we believe Qualys stands out as the only enterprise-scale solution to combine contextualized risk quantification and the MITRE ATT&CK framework to help organizations proactively prioritize, manage, and reduce cyber risk with enhanced detection, integrated risk quantification, and automated response for a threat-informed defense in a single platform. Continuing the pace of disruptive innovation, we are now organically unifying cloud Entitled Management, CIEM, into our total cloud CNAP solution. With this new capability, customers can manage cloud entities entitlements and enforce the principle of least privilege access to cloud infrastructure and resources. Combined with additionally newly introduced capabilities such as container runtime security and Kubernetes posture management, we have created what we believe is one of the most comprehensive cloud native security solutions in the market with a unified actionable dashboard for immediate threat prioritization and remediation for build through runtime with built-in trip detection capabilities. Finally, as we continue to extend our technology leadership across the entire platform, I'm pleased to announce our cybersecurity risk management 3.0 solution with highly differentiated new capabilities in external attack surface management and third-party integration for comprehensive asset inventory. With these innovations, security teams can now leverage our patent funding technology to reduce accuracy and detection gaps with immediate lightweight vulnerability scanning, seamlessly attribute previously unmanaged external assets to the organization with confidence, and evaluate asset-based business risk per subsidiary or acquired entity. Combining this unique approach to EASM with integrated tourist scoring capabilities and actionable dashboards to proactively manage tech debt further strengthens our position in the market while enabling customers to de-risk the entire attack surface. In summary, a company's uniformly recognized security transformation is fundamental in combating today's heightened threat and regulatory environment. As a result, customers are increasingly looking to reduce the risk exposure through the adoption of natively integrated risk management platform instead of deploying a collection of disparate point solutions stitched together through the invoice. We believe that with our organically integrated cloud-native platform built to holistically measure, communicate, and ultimately eliminate cyber risk, Wallace is laying a foundation for future growth and is well-positioned to drive long-term shareholder value with a balanced approach to growth and profitability. With that, I will turn the call over to Jumi to further discuss our first quarter results and outlook for the second quarter and full year 2024.
Jumi
Thanks, Matt, and good afternoon. Before I start, I'd like to note that except for revenue, all financial figures are non-GAAP, and growth rates are based on comparison to the prior year period unless stated otherwise. Turning to first quarter results, revenues grew 12% to $145.8 million, with channel continuing to increase its contribution, making up 45% of total revenues compared to 43% a year ago. As a result of our continued commitment to leverage our partner ecosystem to drive growth, we were able to grow revenues from channel partners by 18%, outpacing Direct, which grew 7%. By GEO, 13% growth outside the U.S. was ahead of our domestic business, which grew 11%. Looking ahead, we expect our U.S. and international revenue mix to remain roughly at 60% and 40% respectively. Turning to land and expand results, we continue to witness deal scrutiny persisting for many organizations with the upsell environment remaining challenging, resulting in 104% net dollar expansion rate, down from 105% last quarter. Offsetting this was a positive growth trend in new business, achieving double-digit growth rate for the third consecutive quarter. As we continue to prioritize increasing market share in 2024, we plan to launch new customer acquisition campaigns and incentives in addition to streamlining sales cycle and operations with better use of technology and systems. In terms of product contribution to bookings, patch management and cybersecurity asset management combined made up 13% of LTM bookings and 23% of LTM new bookings in Q1. With the rapid pace of innovation associated with our total cloud CNAB offering, our cloud security solutions made up 4% of LTM bookings. we attribute this success to an increasingly complex threat and regulatory environment that underscores the relevance of our enterprise true risk platform to holistically assess, manage, and remediate risk. Turning to profitability, adjusted EBITDA for the first quarter of 2024 was 69 million, representing a 47% margin compared to a 45% margin a year ago. Operating expenses in Q1, increased by 5% to 56.8 million, primarily driven by an 11% increase in sales and marketing investment. As we continue to increase our investment intensity and focus on sales and marketing enablement, customer success, and productivity, we believe we will be able to drive wallet share and long-term returns while balancing growth and profitability. APS for the first quarter of 2024 was 1.45, and our free cash flow was 83.5 million, representing a 57% margin compared to 48% in the prior year. In Q1, we continued to invest the cash we generated from operations back into QALYS, including 2.1 million in capital expenditures and 18 million to repurchase 105,000 of our outstanding shares. As of the end of the quarter, we had 265.7 million remaining in our share repurchase program. With that, let us turn to guidance, starting with revenue. For the full year 2024, we are now expecting our revenue to be in the range of 601.5 million to 608.5 million, which represents a growth rate of 8 to 10%. This compares to revenue guidance of 600 million to 610 million last quarter. For the second quarter of 2024, we expect revenues to be in the range of 147.5 million to $149.5 million, representing a growth rate of 8% to 9%. This guidance assumes continued deal scrutiny, resulting in a tougher upsell environment, partially offset by investments in the business to drive new customer growth. Shifting to profitability guidance, for the full year 2024, we continue to expect EBITDA margin to be in the low 40s and free cash flow margin in the mid 30s. We expect full year EPS to be in the range of 5.06 to 5.30, up from the prior range of 4.95 to 5.27. For the second quarter of 2024, we expect EPS to be in the range of 1.27 to 1.35. Our planned capital expenditures in 2024 are expected to be in the range of 13 to 18 million, and for the second quarter of 2024, in the range of 4 to 6 million. Consistent with prior guidance for the remainder of 2024, we intend to align our product and marketing investments to focus on specific initiatives aimed at driving more pipeline, enhancing our partner program, expanding our federal vertical, and supporting sales while maintaining a disciplined approach to unit economics. As a percentage of revenues, we expect to prioritize an increase in investment in sales and marketing, as well as the related support functions systems and people with more modest increases in engineering and GNA. In conclusion, in Q1, we delivered healthy top line growth and industry leading profitability while making progress and executing our long term strategic agenda. With our comprehensive risk management platform delivering immediate time to value for our customers, we're confident in our ability to deliver on our growth opportunity long term and remain committed to maximizing shareholder value. With that, Sumedh and I would be happy to answer any of your questions.
Sumedh
Thank you.
Operator
And as a reminder, to ask a question, you need to press star 1-1 on your telephone and wait for your name to be announced. To withdraw your question, please press star 1-1 again. Please stand by while we compile the Q&A roster. One moment for our first question.
Sumedh
Our first question will come from Mike Walkley from Canaccord Genuity.
Operator
Your line is open.
Qualys
Hey, guys. Good afternoon. It's Daniel on for Mike. Thanks for taking the question. So it seems like that dollar retention came down a little bit to 104%. I think you guys called out the tough upsell environment despite the new or I guess improvements and new additions. Can you just provide maybe some color for us on what's impacting your upsell business and some of the changes you're making to make some improvements here?
Sumit Thakkar
That's a great question. So with existing customers who have invested with Qualys and other security platforms, they are continuing to work with us to, in many cases, sort of optimize the spend that they have done with Qualys, continuing to get additional value. We talked a little bit about this last time. In some cases, they might be looking at adjusting some of the VMDR licenses, but bringing in patch management and cybersecurity asset management as part of that, which is where you see the percentage of bookings that are going up. So which overall in the longer term is good because it gives us an opportunity to introduce additional products in smaller quantities right now that will help us get the upsells to be better and increasing in the future. But currently it is, you know, the review times are long as they have been and customers just continue to take longer to make decisions on larger projects where they're looking to bring on like a whole new product from Qualys. And that's where we are working with them to, first of all, make sure that we are putting some of our marketing engine behind, generating additional opportunities. We are doing a lot of CISO education right now. The CISO Connect programs we recently launched have been quite helpful as we talk the language of risk management, which is really where our ETM platform is quite interesting for the CISOs. which is all of our CISO events recently have been completely overbooked because they really want to come in and talk more about how policies are going to help them with cyber risk quantification and being able to look at cyber risk holistically and then eliminate that. So there's a few things that we're doing on that side. But right now, while new business, we're seeing good execution, we do definitely see opportunity for us to execute better in the tougher climate that we're seeing for ourselves with existing customers.
Qualys
Great. And just as a quick follow-up, maybe, Juby, for you, could you maybe walk us through some of the assumptions within your decision to narrow the full-year revenue guidance band?
Jumi
Yeah. The primary reason why we decided to narrow it was just because Q1 became more or less in line with what we had anticipated at the midpoint of the revenue guidance. And the way we see it right now is Now, of course, we had hoped to do a little bit better with the net dollar expansion rate having ticked down by a percentage. And the underlying assumption for the full-year revenue guidance is that we don't anticipate any material improvement in the net dollar expansion rate today, especially because we do see continued challenges kind of at least continuing into Q2. So because of that, we're assuming that net dollar expansion rate stays as is or maybe ticked down a percentage. On the new business, though, we are seeing some trends, and we're pleased to see the traction in the business today. But law of smaller numbers, it is a smaller portion of our business. So even if it continues at the current growth rate that we see today, it won't have a material impact in terms of the uplift to revenue.
Sumedh
Right. Thank you very much. One moment for our next question. And our next question will come from the line of Shanique Kothari from Baird.
Operator
Your line is open.
Qualys
Hey, thanks for taking my question. So for Sumit, you mentioned that you're looking to expand the federal business and expand the public sector presence and kind of hosting your first public sector conference. Just curious, can you elaborate on the traction of the GovCloud platform so far, what trends are you seeing there, and how has it performed relative to expectations, and can you discuss the opportunity that you see in terms of expanding it within the public sector?
Sumit Thakkar
Yeah, great question. Look, the opportunity in the federal is definitely large, and we are really working towards investing in the right way so that we can take advantage of that opportunity, and so from that perspective, we have recently hired a leader for federal that we're happy about. We have expanded our federal team. We have hired somebody to focus on federal marketing. As you can see, we're really putting in place our first conference for federal, which already we have over 200 people who signed up, you know, kind of more than what we were anticipating from a capacity perspective. So those are really positive signs in the last, you know, few quarters. We've talked about certain wins that we have had with the government, federal government agencies. So the way we look at that is it's an extremely small percentage of our overall bookings, and we have a good opportunity to grow in that direction, and so we're making the right investments. But of course, as it is with the federal market, it is something that takes time, and we are building the relationships with partners. As you can see, we signed up a federal partner that's taking policy and our patch management along with BMDR. Two agencies, we invested in the FedRAMP program. So we have already FedRAMP moderate, which we have a large number of ATOs from many government agencies that are providing us ATO. And then we are on track now working with the PMO's office to get our FedRAMP high final certification. We already FedRAMP high ready right now. And so once you get our FedRAMP high certification by which we anticipate towards the end of the year, That is something that will give us even additional opportunity to take our GovCloud platform deeper into more agencies that are looking to go and modernize their infrastructure and go into a federal sort of a SaaS platform and move out of current, you know, very heavily on-prem solutions. And so with the FedRAMP High, that will enable us to be the only FedRAMP High provider vulnerability and patch management combined solution together that will be available for these customers. And as we saw with some of our federal links as well, the reason for them to change out the current provider is because the current providers are only doing scanning and they have to have separate patch management tools. In the federal government, some of the recent wins that we have seen have enabled us to feel confident in our direction so that we can continue to take the Qualys combined platform with batch management, et cetera. And this is something that federal agencies are also looking for to reduce their tool sprawl as well as expand into the cloud environment as well. So it's an area that we are continuing to invest. We're just at the very early stages of that investment, and we are pleased with the traction that we are seeing in this early stage.
Qualys
Got it. Helpful. Thanks for the detailed color, Sumedh. And quick follow-up for Jumi. So you mentioned that you guys, of course, plan to launch new customer acquisition campaigns. Can you elaborate who are you targeting and where is the increase in investment intensity in S&M going in? Is it going to be more focused on sales incentives geared towards new logos, much more headcount growth, partnership investments, of course, public sector. So just curious, like, how are you increasing the investment intensity there?
Jumi
Yeah, so our priority has been for a while to grow our new business, and it's part of the reason why we were really pleased to see the continued traction and the momentum. And the way we see it right now, where we've been really successful is on the enterprise side because that's where our strength is. However, we're pleased to see traction on both the enterprise and SME and SMB. And the way we are planning to continue to invest to support that growth is, number one, we are planning to hire more sales reps to support that growth. And that's one of our initiatives. We are planning to increase our sales and marketing headcount by double digits this year as we had planned before. So that hasn't changed. And number two, our partner channel, it's been really successful for us. We're seeing increase in investment in several different fronts, including the MSSP portal that we just announced, as well as DealReg. It continues to be healthy and continues to increase. And our continued kind of, you know, revisiting the incentive structure, whether it's partner or direct, to make sure that it's structured in a way to incentivize both direct and indirect sales force to really drive the new local growth.
Sumedh
Got it. Thanks, Joanne. Appreciate it. One moment for our next question. Our next question will come from Patrick Colville from Scotiabank.
Operator
Your line is open.
Qualys
Hi, this is Joe Vandrick on for Patrick Colville. So it seems like cloud security is a big opportunity for Qualys, and you mentioned the CNAP solution getting some solid market traction. Are you typically selling it as a bundle, or are customers kind of deciding to buy each solution separately. And then, you know, part two of that question, are you seeing stronger demand within any one area of CNAP? For example, you know, CSPM or workload protection or maybe something else?
Sumit Thakkar
Yeah, that's a great question. Look, I think there is no organization out there that is cloud only. And so, every time they look at their infrastructure, they have to do cloud and non-cloud assets together, and that's really where we see the advantage for Qualys is when they combine the VMDR capabilities on on-prem assets and then are able to use the exact same platform and expand that licensing into the cloud as well. It just makes it a lot more seamless. They get the benefit of higher volume pricing, and it gives them the ability to combine the risk from their cloud and on-prem platforms together in one place. And that's why it's interesting for us to see that even in our new logo lands, customers are starting to buy the Total Cloud solution combined with VMDR upfront in the first purchase itself. And so while it's early days, that's quite encouraging for us. We continue to work with our existing customers who have VMDR to expand those capabilities into Cloud, in some cases, they don't have any good cloud security solution. In other cases, we are displacing some of the cloud-only solutions because they need a global visibility that is broader than that. Our pricing for the cloud solution, given that the assets are so ephemeral, agents are so ephemeral in the cloud environment, it allows them to be flexible with the way that they can consume. the cloud licenses and so that way they can use it for CSPM. They can use the same credits that they have purchased for container security. They can use the same for cloud identity. So the recent cloud identity module that we just announced is another expansion into the cloud native platform. And so it's a maturity level question for organizations. Organizations that are very early in the journey right now are focusing initially on the CSPM part of Total Cloud. Those who are more mature are also taking the workload protection part. And then those who are going beyond that are also looking at other things like our ability to detect malware in the cloud in real time, our ability to expand uniquely into SaaS environments for SSPM, which is also part of our total cloud where we can do SaaS posture assessment. And then now we are looking forward to getting these customers access to our cloud identity entitlement management as well. And so there's a lot that we are now focusing on driving both from marketing and sales enablement perspective for us to create more opportunities on the total cloud side. But we definitely are pleased with the conversations and traction that we're seeing in the early days of this push that we are making across our Salesforce.
Qualys
That's helpful. Thanks, Sumed. And maybe one for Jumi, if I could. How should we think about capital allocation priorities over the next year? Looks like you bought back about $18 million worth of shares in the quarter, which is a bit of a step down compared to last quarter and last year. So just curious what it would take to see you get more aggressive on share buybacks.
Jumi
Are sure that by that is based on the the grid that we have in place right now and then we really think of it from the perspective of. making sure that we can offset at the equity solution from the grants that we're making. And as you can see, in the last couple of years, our dilutive also has been decreasing consistently, incrementally. So the way we think about our cash and the utilization of excess cash is really looking at into 2024. We are anticipating more and more and many opportunities, especially at evaluation that we think that makes sense for us. And so we are going to be taking a look at potential acquisition target opportunistically and then taking action on leveraging our balance sheet.
spk03
Got it. Thank you.
Sumedh
Thank you. One moment for our next question.
Operator
And our next question will come from Joshua Tilton from Wolf Research.
Joshua Tilton
Hey, guys. Can you hear me? I apologize for the background noise. I'm at this small cybersecurity conference called RSA.
spk13
We can hear you.
Joshua Tilton
Two quick ones for me. The first one is just, could you maybe talk about the billings growth in the quarter, whether that was how that shook out relative to your expectations and how you see billings maybe growing for the rest of the year relative to the revenue guidance you just gave? And then... My follow-up is great traction on the new customer, the new growth customer side of the business. I think you called that three straight quarters of double-digit growth. How do we see that? Like where am I looking for that in what you guys disclosed so that I can kind of see this coming through in the numbers? And I guess is that coming from the partner side? Is that coming from the direct side?
Jumi
um just maybe a little bit more color on where that new new um customer growth is coming from how durable is it uh and how i can better see it uh in the numbers would be helpful thank you yeah in terms of current billings you know eight percent um we were hoping to do better but uh honestly i think that it's it's a fair representative of the business momentum that we see today because It does reflect the net dollar expansion rate having gone down by another percentage in Q1, offset partially by the traction, continuing traction in the new business. And so I would say that, you know, if you were to look for guidance in terms of the calculated current billing for the full year, we would say it would be roughly in line with our revenue guidance today, which is 8 to 10% for the full year. In terms of the new business, The reason why we decided to talk about new business this quarter is because we are seeing a trend, like three consecutive quarters is something that we thought was meaningful enough for us to talk about and disclose. And majority of that is driven by our channel partners. So the growth is coming from channel partners. And I think that if you were to look at the magnitude of it, you can probably tell based on the current fillings growth of 8%, net dollar expansion rate of 4%, the risk would be coming from the new business.
Sumedh
Super helpful. Thanks, guys.
Operator
Thank you. And I'm not showing no further questions in the queue. With that, this concludes today's conference. Thank you for your participation in today's conference. This does conclude the program, and you may now disconnect. Everyone, have a great day. you Thank you. you Thank you. Thank you.
spk06
Thank you. Thank you. you
Sumedh
Good day and thank you for standing by.
Operator
Welcome to the QALYS first quarter 2024 investor call. At this time, all participants are in a listen-only mode. After the speaker's presentation, there will be a question and answer session. To ask a question during a session, you would need to press star 11 on your telephone. You'll then hear an automated message advising your hand is raised. To withdraw your question, please press star 11 again. Please be advised that today's conference is being recorded. I would now like to hand the conference over to your speaker today, Blair King. Please go ahead.
Blair King
Good afternoon and welcome to QALYS' first quarter 2024 earnings call. Joining me today to discuss our results are Sumit Thakkar, our President and CEO, and Jumi Kim, our CFO. Before we get started, I would like to remind you that our remarks today will include forward-looking statements that generally relate to future events or our future financial or operating performance. Actual results may differ materially from these statements. The factors that could cause results to differ materially are set forth in today's press release and our filings with the SEC, including our latest Form 10-Q and 10-K. Any forward-looking statements that we make on this call are based on assumptions as of today, and we undertake no obligation to update these statements as a result of new information or future events. During this call, we will present both GAAP and non-GAAP financial measures. Reconciliation of GAAP to non-GAAP measures is included in today's earnings press release. And as a reminder, the press release prepared remarks and investor presentation are all available on the investor relations section of our website. So with that, I'll turn the call over to you, Sumedh.
Sumit Thakkar
Thank you, Blair, and welcome to our first quarter earnings call. Qualys delivered another quarter of healthy revenue growth, strong profitability, and cash flow generation, reflecting our ongoing commitment to rapid innovation and customer success. Given the accelerated growth in scope and complexity of cyber threats alongside an intensifying regulatory environment, boards and C-level executives are increasingly focused on the business outcome of cybersecurity. This requirement makes seamlessly integrated security solutions a necessity for customers to effectively measure, communicate, and fortify the security posture. We believe the Qualys Enterprise TrueRisk platform, designed to reduce friction, risk, and cost, provides organizations with a foundational risk management platform for the future and serves as a structural competitive advantage for both our customers and for Qualys. As a result, our VMDR solution with TrueRisk is not only fueling new logo lines, but also increases platform adoption, especially in the areas of cybersecurity asset management with external attack surface management, patch management, and cloud security. In Q1, healthcare, technology, retail, and financial services verticals all demonstrated strong VMDR demand with large deal sizes. Further underscoring the power of our platform, I will take a moment to share a couple of examples of how our customers and partners continue to expand their use of Qualysys capabilities to consolidate their security stacks. On the customer front, a marquee high six-figure bookings enterprise customer win in Q1 was with a leading business services company in the Forbes 1000. The customer expanded its VMDR with Truisk and batch management deployments while adopting cybersecurity asset management with EASM as part of an initiative to detect end-of-life and end-of-service software, monitor subdomains of its infrastructure, and transform its IT security architecture while replacing point solutions from three vendors to the single platform. The ability for this customer to significantly enhance its security program with comprehensive internal and external asset criticality, holistic risk scoring, ticketing, and automated patching across its on-prem cloud and container environments through a natively integrated platform and unified dashboard where all key differentiators compared to alternative next-gen and legacy technologies. The next event demonstrates how Qualys helped an existing Forbes 100 manufacturing company standardize on Qualys Enterprise Stories platform and consolidate risk factors from different Qualys modules into a single risk score with business context. This existing VMDR and Total Cloud customer was struggling with connecting disparate asset management tools and business processes across several subsidiaries and environments and needed to gain better visibility into its attack surface to uniformly contextualize, communicate, and manage risk. Recognizing the increased value they would gain by further consolidating on Qualys, this customer replaced its existing asset management tool and adopted our cybersecurity asset management with EASM solution in a six-figure bookings upsell. This customer is now leveraging multiple aspects of Qualys Enterprise Tourist Platform, spanning on-prem cloud and multi-cloud assets to quantify and prioritize risk reduction initiatives, increase organizational resilience, and give its CISO peace of mind. Investing in our partner program continues to be a key pillar of our go-to-market agenda as it bolsters our capacity, harness transformative solution sales, and brings new business to Qualys. Through these investments, we continue to advance our evolving partner ecosystem with two leading managed service providers in America. One recently expanded its offering beyond VMDR to include our patch management capability, and the other standardized on Qualys as its preferred partner for VMDR cybersecurity asset management with ESM and patch management, spanning both its federal and commercial verticals. The latter of these two wins is a testament the investment we are making to expand our federal business and we're looking forward to hosting our first public sector cyber risk conference later this month and with nearly 50 partners already on our recently announced new mssp partner portal to simplify their operations launch and manage qualities capabilities and significantly reduce remediation times for their customers we are increasingly well positioned to expand our reach to customers of all sizes Additionally, we strengthened our alliance with a leading system integrator, which is now actively bringing our total cloud CNAP solution to its customers. We believe the broad expansion of our partner program over the past several quarters continues to reflect our strengthening brand awareness, strategic position, and value position in the market. With tightly integrated solutions delivered through a natively integrated platform to solve modern security challenges, more and more Qualys customers are beginning to understand how cybersecurity transformation drives better security outcomes, saves time, and costs less. As a result, customers spending $500,000 or more with us in Q1 grew 19% from a year ago to 192. Since our inception, driving innovation is at the core of Qualys' mission. We are excited with our upcoming enterprise true risk management application, which marks the next stage of expansion of our platform, building on top of the success we have seen with VMDR with TrueRisk. The ETM capability will enable VMDR customers to upgrade to a more holistic cyber risk management platform that goes beyond vulnerability management. The enterprise true risk management solution holistically aggregates and normalizes trillions of first and third party data signals correlates risk factors with assets, threats, and business context, detects, visualizes, quantifies, and prioritizes risk, and makes remediation frictionless and immediate with simple click of a button. With these newest capabilities all natively integrated on a single unified dashboard, Qualys is once again well-armed with powerful new platform capabilities that broadly measure, communicate, and remediate risk across the entire attack surface, including IT, OT, applications, cloud, and multi-cloud assets. Moreover, our comprehensive AI-powered insights are now converting detected risk into optimized remediation actions across our platform solutions with our out-of-the-box, instant, and actionable insights mapped to an organization's own data to preemptively reduce risk in their environment. The feedback from many of the CISOs I met at our recent QSC MEI event in London has been very positive with respect to the deployment agenda, the excitement about the rapid pace of new capabilities that we are delivering, and their ability to monitor and measure risk reduction ROI for the cybersecurity spend. Further advancing our true risk capabilities, I'm pleased to announce we recently brought MITRE ATT&CK matrix prioritization into the Qualys Enterprise True Risk platform. By combining over 25 sources of threat intelligence with the MITRE ATT&CK framework, we are now further enabling organizations with a holistic attacker-centric view to predict and identify critical risks to their business based on the ATT&CK tactics and techniques. With this advancement, we believe Qualys stands out as the only enterprise-scale solution to combine contextualized risk quantification and the MITRE ATT&CK framework to help organizations proactively prioritize, manage, and reduce cyber risk with enhanced detection, integrated risk quantification, and automated response for a threat-informed defense in a single platform. Continuing the pace of disruptive innovation, we are now organically unifying cloud entitled management CIEM into our total cloud CNAP solution. With this new capability, customers can manage cloud entities entitlements and enforce the principle of least privilege access to cloud infrastructure and resources. Combined with additionally newly introduced capabilities, such as container runtime security and Kubernetes posture management, we have created what we believe is one of the most comprehensive cloud native security solutions in the market with a unified actionable dashboard for immediate threat prioritization and remediation for build through runtime with built-in trip detection capabilities. Finally, as we continue to extend our technology leadership across the entire platform, I'm pleased to announce our cybersecurity risk management 3.0 solution with highly differentiated new capabilities in external attack surface management and third-party integration for comprehensive asset inventory. With these innovations, security teams can now leverage our patent pending technology to reduce accuracy and detection gaps with immediate lightweight vulnerability scanning, seamlessly attribute previously unmanaged external assets to the organization with confidence, and evaluate asset-based business risk for subsidiary or acquired entity. Combining this unique approach to EASM with integrated to the scoring capabilities and actionable dashboards to proactively manage tech debt further strengthens our position in the market while enabling customers to de-risk the entire attack surface. In summary, a company's uniformly recognized security transformation is fundamental in combating today's heightened threat and regulatory environment. As a result, customers are increasingly looking to reduce the risk exposure through the adoption of natively integrated risk management platform instead of deploying a collection of disparate point solutions stitched together through the invoice. We believe that with our organically integrated cloud-native platform built to holistically measure, communicate, and ultimately eliminate cyber risk, Wallace is laying a foundation for future growth and is well-positioned to drive long-term shareholder value with a balanced approach to growth and profitability. With that, I will turn the call over to Jumi to further discuss our first quarter results and outlook for the second quarter and full year 2024.
Jumi
Thanks, Mahit, and good afternoon. Before I start, I'd like to note that except for revenue, all financial figures are non-GAAP, and growth rates are based on comparison to the prior year period unless stated otherwise. Turning to first quarter results, revenues grew 12% to $145.8 million, with channel continuing to increase its contribution, making up 45% of total revenues compared to 43% a year ago. As a result of our continued commitment to leverage our partner ecosystem to drive growth, we were able to grow revenues from channel partners by 18%, outpacing Direct, which grew 7%. By GEO, 13% growth outside the U.S. was ahead of our domestic business, which grew 11%. Looking ahead, we expect our U.S. and international revenue mix to remain roughly at 60% and 40% respectively. Turning to land and expand results, we continue to witness deal scrutiny persisting for many organizations with the upsell environment remaining challenging, resulting in 104% net dollar expansion rate, down from 105% last quarter. Offsetting this was a positive growth trend in new business, achieving double-digit growth rate for the third consecutive quarter. As we continue to prioritize increasing market share in 2024, we plan to launch new customer acquisition campaigns and incentives in addition to streamlining sales cycle and operations with better use of technology and systems. In terms of product contribution to bookings, patch management and cybersecurity asset management combined made up 13% of LTM bookings and 23% of LTM new bookings in Q1. With the rapid pace of innovation associated with our total cloud CNAB offering, our cloud security solutions made up 4% of LTM bookings. We attribute this success to an increasingly complex threat and regulatory environment that underscores the relevance of our enterprise true risk platform to holistically assess, manage, and remediate risk. Turning to profitability, adjusted EBITDA for the first quarter of 2024 was 69 million, representing a 47% margin compared to a 45% margin a year ago. Operating expenses in Q1. increased by 5% to 56.8 million, primarily driven by an 11% increase in sales and marketing investment. As we continue to increase our investment intensity and focus on sales and marketing enablement, customer success, and productivity, we believe we will be able to drive wallet share and long-term returns while balancing growth and profitability. APS for the first quarter of 2024 was 1.45, and our free cash flow was 83.5 million, representing a 57% margin compared to 48% in the prior year. In Q1, we continued to invest the cash we generated from operations back into QALYS, including 2.1 million in capital expenditures and 18 million to repurchase 105,000 of our outstanding shares. As of the end of the quarter, we had 265.7 million remaining in our share repurchase program. With that, let us turn to guidance, starting with revenues. For the full year 2024, we are now expecting our revenue to be in the range of $601.5 million to $608.5 million, which represents a growth rate of 8 to 10%. This compares to revenue guidance of $600 million to $610 million last quarter. For the second quarter of 2024, we expect revenues to be in the range of $147.5 million to $149.5 million, representing a growth rate of 8% to 9%. This guidance assumes continued deal scrutiny, resulting in a tougher upsell environment, partially offset by investments in the business to drive new customer growth. Shifting to profitability guidance. For the full year 2024, we continue to expect EBITDA margin to be in the low 40s and free cash flow margin in the mid 30s. We expect full year EPS to be in the range 5.06 to 5.30, up from the prior range of 4.95 to 5.27. For the second quarter of 2024, we expect EPS to be in the range of 1.27 to 1.35. Our planned capital expenditures in 2024 are expected to be in the range of 13 to 18 million, and for the second quarter of 2024, in the range of 4 to 6 million. Consistent with prior guidance for the remainder of 2024, we intend to align our product and marketing investments to focus on specific initiatives aimed at driving more pipeline, enhancing our partner program, expanding our federal vertical, and supporting sales while maintaining a disciplined approach to unit economics. As a percentage of revenues, we expect to prioritize an increase in investment in sales and marketing, as well as the related support functions systems and people with more modest increases in engineering and GNA. In conclusion, in Q1, we delivered healthy top line growth and industry leading profitability while making progress and executing our long term strategic agenda. With our comprehensive risk management platform delivering immediate time to value for our customers, we're confident in our ability to deliver on our growth opportunity long term and remain committed to maximizing shareholder value. With that, Sumedh and I would be happy to answer any of your questions.
Sumedh
Thank you.
Operator
And as a reminder, to ask a question, you will need to press star 11 on your telephone and wait for your name to be announced. To withdraw your question, please press star 11 again. Please stand by while we compile the Q&A roster. One moment for our first question. Our first question will come from Mike Walkley from Canaccord Genuity. Your line is open.
Qualys
Hey, guys. Good afternoon. It's Daniel on for Mike. Thanks for taking the question. So it seems like that dollar retention came down a little bit to 104%. I think you guys called out the tough upsell environment despite the new or I guess improvements and new additions. Can you just provide maybe some color for us on what's impacting your upsell business and some of the changes you're making to make some improvements here?
Sumit Thakkar
That's a great question. So with existing customers who have invested with Qualys and other security platforms, they are continuing to work with us to, in many cases, optimize the spend that they have done with Qualys, continuing to get additional value. We talked a little bit about this last time. In some cases, they might be looking at adjusting some of the VMDR licenses, but bringing in patch management and cybersecurity asset management as part of that, which is where you see the percentage of bookings that are going up. So which overall in the longer term is good because it gives us an opportunity to introduce additional products in smaller quantities right now that will help us get the upsells to be better and increasing in the future. But currently it is, you know, the review times are long as they have been and customers just continue to take longer to make decisions on larger projects where they're looking to bring on like a whole new product from Qualys. And that's where we are working with them to, first of all, make sure that we are putting some of our marketing engine behind, generating additional opportunities. We are doing a lot of CISO education right now. The CISO Connect programs we have recently launched have been quite helpful as we talk the language of risk management, which is really where our ETM platform is quite interesting for the CISOs. which is all our CISO events recently have been completely overbooked because they really want to come in and talk more about how policies are going to help them with cyber risk quantification and be able to look at cyber risk holistically and then eliminate that. So there's a few things that we're doing on that side. But right now, while new business, we're seeing good execution, we do definitely see opportunity for us to execute better in the tougher climate that we're seeing for ourselves with existing customers.
Qualys
Great. And just as a quick follow-up, maybe, Juby, for you, could you maybe walk us through some of the assumptions within your decision to narrow the full-year revenue guidance band?
Jumi
Yeah. The primary reason why we decided to narrow it was just because Q1 became more or less in line with what we had anticipated at the midpoint of the revenue guidance. And the way we see it right now is Now, of course, we had hoped to do a little bit better with the net dollar expansion rate having ticked down by a percentage. And the underlying assumption for the full-year revenue guidance is that we don't anticipate any material improvement in the net dollar expansion rate today, especially because we do see continued challenges kind of at least continuing into Q2. So because of that, we're assuming that net dollar expansion rate stays as is or maybe ticked down a percentage. On the new business, though, we are seeing some trends, and we're pleased to see the traction in the business today. But law of smaller numbers, it is a smaller portion of our business. So even if it continues at the current growth rate that we see today, it won't have a material impact in terms of the uplift to revenue.
Sumedh
Right. Thank you very much. One moment for our next question. And our next question will come from the line of Shanique Kothari from Baird.
Operator
Your line is open.
Qualys
Hey, thanks for taking my question. So for Sumedh, you mentioned that you're looking to expand the federal business and expand the public sector presence and kind of hosting your first public sector conference. Just curious, can you elaborate on the traction of the GovCloud platform so far, what trends are you seeing there and how has it performed relative to expectations? And can you discuss like the opportunity that you see in terms of expanding it within the public sector?
Sumit Thakkar
Yeah, great question. Look, the opportunity in the federal is definitely large and we are really working towards investing in the right way so that we can take advantage of that opportunity. And so from that perspective, we have recently hired a leader for federal that we're happy about. We have expanded our federal team. We have hired somebody to focus on federal marketing. As you can see, we're really putting in place our first conference for federal, which already we have over 200 people who signed up, you know, kind of more than what we were anticipating from a capacity perspective. So those are really positive signs. In the last, you know, few quarters, we've talked about certain wins that we have had with government federal government agencies so the way we look at that is it's an extremely small percentage of our overall bookings and we have a good opportunity to grow in that direction and so we're making the right investments but of course as it is with the federal market it is something that takes time and we are building the relationships with partners as you can see we signed up a federal partner that's taking policy and our patch management along with VMDR two agencies we invested in the FedRAMP program. So we have already FedRAMP moderate, which we have a large number of ATOs from many government agencies that are providing us ATO. And then we are on track now working with the PMO's office to get our FedRAMP high final certification. We already FedRAMP high ready right now. And so once you get our FedRAMP high certification, certification by which we anticipate towards the end of the year, that is something that will give us even additional opportunity to take our GovCloud platform deeper into more agencies that are looking to go and modernize their infrastructure and go into a federal sort of a fast platform and move out of current, you know, very heavily on-prem solutions and so with the FedRAMP high that will enable us to be the only FedRAMP high vulnerability and patch management combined solution together that will be available for these customers and as we saw with some of our federal links as well the reason for them to explore to change out the current provider is because the current providers are only doing scanning and they have to have a separate patch management tool so even In the federal government, some of the recent wins that we have seen have enabled us to feel confident in our direction so that we can continue to take the Qualys combined platform with batch management, et cetera. And this is something that federal agencies are also looking for to reduce their tool sprawl as well as expand into the cloud environment as well. So it's an area that we are continuing to invest. We're just at the very early stages of that investment, and we are pleased with the traction that we are seeing in this early stage.
Qualys
Got it. Helpful. Thanks for the detailed color, Sumedh. And quick follow-up for Jumi. So you mentioned that you guys, of course, plan to launch new customer acquisition campaigns. Can you elaborate who are you targeting and where is the increase in investment intensity in S&M going in? Is it going to be more focused on sales incentives geared towards new logos, much more headcount growth, partnership investments, of course, public sector. So just curious, like, how are you increasing the investment intensity there?
Jumi
Yeah, so our priority has been for a while to grow our new business, and it's part of the reason why we were really pleased to see the continued traction and the momentum. And the way we see it right now, where we've been really successful is on the enterprise side because that's where our strength is. However, we're pleased to see traction on both the enterprise and SME and SME. And the way we are planning to continue to invest to support that growth is, number one, we are planning to hire more sales reps to support that growth. And that's one of our initiatives. We are planning to increase our sales and marketing headcount by double digits this year as we had planned before. So that hasn't changed. And number two, our partner channel, it's been really successful for us. We're seeing increase in investment in several different fronts, including the MSSP portal that we just announced, as well as DealReg. It continues to be healthy and continues to increase. And our continued kind of, you know, revisiting the incentive structure, whether it's partner or direct, to make sure that it's structured in a way to incentivize both direct and indirect sales force to really drive the new local growth.
Sumedh
Got it. Thanks, Joanne. Appreciate it. One moment for our next question. Our next question will come from Patrick Colville from Scotiabank.
Operator
Your line is open.
Qualys
Hi, this is Joe Vandrick on for Patrick Colville. So it seems like cloud security is a big opportunity for Qualys. And you've mentioned the CNAP solution getting some solid market traction. Are you typically selling it as a bundle or are customers kind of deciding to buy each solution separately. And then, you know, part two of that question, are you seeing stronger demand within any one area of CNAP? For example, you know, CSPM or workload protection or maybe something else?
Sumit Thakkar
Yeah, that's a great question. Look, I think there is no organization out there that is cloud only. And so, every time they look at their infrastructure, they have to do cloud and non-cloud assets together. And that's really where we see the advantage for Qualys is when they combine the VMDR capabilities on on-prem assets and then are able to use the exact same platform and expand that licensing into the cloud as well. It just makes it a lot more seamless. They get the benefit of higher volume pricing. And it gives them the ability to combine the risk from their cloud and on-prem platforms together in one place. And that's why it's interesting for us to see that Even in our new logo lands, customers are starting to buy the total cloud solution combined with VMDR upfront in the first purchase itself. And so while it's early days, that's quite encouraging for us. We continue to work with our existing customers who have VMDR to expand those capabilities into cloud. In some cases, they don't have any good cloud security solution. In other cases, we are displacing some of the cloud-only solutions because they need a global visibility that is broader than that. Our pricing for the cloud solution, given that the assets are so ephemeral, agents are so ephemeral in the cloud environment, it allows them to be flexible with the way that they can consume the cloud licenses. And so that way they can use it for CSPM. They can use the same credits that they have purchased for container security. They can use the same for cloud identity. So the recent cloud identity module that we just announced is another expansion into the cloud native platform. It's a maturity level question for organizations. Organizations that are very early in the journey right now are focusing initially on the CSPM part of Total Cloud. Those who are more mature are also taking the workload protection part. And then those who are going beyond that are also looking at other things like our ability to detect malware in the cloud in real time, our ability to expand uniquely into into SaaS environments for SSPM, which is also part of our total cloud where we can do SaaS posture assessment. And then now we are looking forward to getting these customers access to our cloud identity entitlement management as well. And so there's a lot that we are now focusing on driving both from marketing and sales enablement perspective for us to create more opportunities on the total cloud side. But we definitely are pleased with the conversations and traction that we're seeing in the early days of this push that we are making across our Salesforce.
Qualys
That's helpful. Thanks, Sumedh. And maybe one for Jumi, if I could. How should we think about capital allocation priorities over the next year? Looks like you bought back about $18 million worth of shares in the quarter, which is a bit of a step down compared to last quarter and last year. So just curious what it would take to see you get more aggressive on share buybacks.
Jumi
Our share buyback is based on the grid that we have in place right now, and we really think of it from the perspective of making sure that we can offset at the equity solution from the grants that we're making. And as you can see in the last couple of years, our dilutive also has been decreasing consistently, incrementally. So the way we think about our cash and the utilization of SF cash is really looking at into 2024, we are anticipating more and more and many opportunities, especially at evaluation that we think that makes sense for us. And so we are going to be taking a look at potential acquisition targets opportunistically and then taking action on leveraging our balance sheet.
spk03
Got it. Thank you.
Sumedh
Thank you. One moment for our next question.
Operator
And our next question will come from Joshua Tilton from Wolf Research.
Joshua Tilton
Hey, guys. Can you hear me? I apologize for the background noise. I'm at this small cybersecurity conference called RSA.
spk13
We can hear you.
Joshua Tilton
Two quick ones for me. The first one is just, could you maybe talk about the billings growth in the quarter, whether that was how that shook out relative to your expectations and how you see billings maybe growing for the rest of the year relative to the revenue guidance you just gave? And then My follow-up is great traction on the new customer, the new growth customer side of the business. I think you called out three straight quarters of double-digit growth. How do we see that? Like where am I looking for that in what you guys disclosed so that I can kind of see this coming through in the numbers? And I guess is that coming from the partner side? Is that coming from the direct side? Just maybe a little bit more color on where that new customer growth is coming from, how durable is it, and how I can better see it in the numbers would be helpful. Thank you.
Jumi
Yeah, in terms of current billings, 8%, we were hoping to do better, but honestly, I think that it's a fair representative of the business momentum that we see today because It does reflect the net dollar expansion rate having gone down by another percentage in Q1, offset partially by the traction, continuing traction in the new business. And so I would say that, you know, if you were to look for guidance in terms of the calculated current billing for the full year, we would say it would be roughly in line with our revenue guidance today, which is 8 to 10% for the full year. In terms of the new business, The reason why we decided to talk about new business this quarter is because we are seeing a trend, like three consecutive quarters is something that we thought was meaningful enough for us to talk about and disclose. And majority of that is driven by our channel partners. So the growth is coming from channel partners. And I think that if you were to look at the magnitude of it, you can probably tell based on the current billings growth of 8%, net dollar expansion rate of 4%, the rest would be coming from the new business.
Sumedh
Super helpful. Thanks, guys.
Operator
Thank you. And I'm not showing no further questions in the queue. With that, this concludes today's conference. Thank you for your participation in today's conference. This does conclude the program, and you may now disconnect. Everyone, have a great day.
Disclaimer