This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
Operator
Good day, and thank you for standing by. Welcome to the 2024 Second Quarter Qualys Investor Call. At this time, all participants are in listen-only mode. After the speaker's presentation, there will be a question and answer session. To ask the question during the session, you'll need to press star 1-1 on your telephone. You'll then hear an automated message advising your hand is raised. To withdraw your question, please press star 1-1 again. Please be advised that today's conference has been recorded. I'd now like to hand the conference over to your first speaker today, Blair King, Investor Relations. Please go ahead.
Blair King
Thank you, Marvin. Good afternoon and welcome to Qualys' second quarter 2024 earnings call. Joining me today to discuss our results are Sumedh Dakar, our President, CEO, and Jumi Kim, our CFO. Before we get started, I'd like to remind you that our remarks today will include forward-looking statements that generally relate to future events or future financial or operating performance. Actual results may differ materially from these statements. Factors that could cause results to differ materially are set forth in today's press release and our filings with the SEC, including our latest Form 10-Q and 10-K. Any forward-looking statements that we make on this call are based on assumptions as of today, undertake no obligation to update these statements as a result of new information or future events. During this call, we will present both GAAP and non-GAAP financial measures. Reconciliation of GAAP to non-GAAP measures is included in today's earnings press release. And as a reminder, the press release prepared remarks and investor presentation are all available on the investor relations website. With that, I'd like to turn it over to Sumit.
Sumedh Dakar
Thank you, Blair, and welcome to our second quarter earnings call. In Q2, we witness organizations increasingly optimize spend within an already tight IT spending environment. Given this dynamic, organizations are standardizing on trusted platforms to consolidate security stacks, leverage automation, and achieve expedient remediation of risk. Qualys has a unique, organically-built platform to address this need. Nevertheless, crisp execution is required to fully capitalize on this opportunity. While we have made meaningful progress on several fronts, including growing our sales and marketing team, building momentum with partners, and growing our new business, we have work to do in addressing our upsell execution in the current environment, which resulted in lower than expected bookings growth this quarter. With the upcoming departure of our chief product officer later this month, I plan to directly oversee the product and marketing teams to position us for forward success. I am confident in our ability to re-accelerate growth in the long term, which sharpen execution of product-led growth and improve alignment between our product messaging and marketing activities to drive operational efficiencies in our go-to-market motion. At this time, I'd like to thank Pankaj Shah, our Chief Product Officer, for his contribution during his tenure at Qualys. Although Q2 was a challenging upsell quarter for us, with continued increase in deal scrutiny, we are fortunate that many of our customers have already begun a long-term transformation journey with us Through the conversations I've had with many CISOs over the past several quarters, their message is clear. They are looking to pivot to a natively integrated risk management solution. In the face of sluggish macro, escalating threat environment, and cybersecurity skill gap, organizations need to reduce complexity and cost while presenting measurable risk reduction initiatives to boards and C-level executives. Against this backdrop, Q2 was another quarter of rapid innovation for Qualys, reflecting on our ongoing commitment to technology leadership and customer success. Qualys' mission has been to bring innovative new security solutions to market fueled by customer insights. As a result, we have established a strong track record of converting operational challenges into structural competitive advantages while maximizing lifetime value, ensuring frictionless outcome at scale, and driving immediate ROI on security spend. For example, Qualys pioneered a patching category for security teams. Building on this success, we commenced development of our TrueRisk eliminate capability several quarters ago. I am now pleased to announce that some of these increasingly popular solutions amongst our beta customers will soon enable organizations to respond to zero-day threats and mitigate top exploitable vulnerabilities even when a patch is non-existent or cannot be deployed. This new subset of our broader TrueRisk eliminate roadmap which we call True Risk Mitigate and True Risk Isolate, and power security teams to apply fixable, automated, and intelligent risk-based response solutions to address cybersecurity risk based on an organization's own unique operational characteristics, remediation timelines, and business objectives. With these new capabilities soon going GA, strong customer support, and over 45 million patches deployed year-to-date on callless agents, we are increasingly confident that We are once again transforming our customer security operations while further magnifying our competitive differentiation in the market. Continuing our innovation to help our customers address risks coming from the use of latest technologies like AI LLM, we are pleased to announce our newest capability, which we call Qualys Total AI. As organizations rapidly deploy AI LLM technologies, the security teams are looking for help to quickly find and comprehensively assess vulnerabilities in these models. With seamless AI security posture management integration, these new adaptive capabilities discover AI LLM usage within customer's environment, scan for vulnerabilities, and prevent data leakage for comprehensive risk assessment prioritization and remediation across the entire attack surface with a single click of a button. In addition, we are pleased to announce an extension to our total cloud CNAP platform, which now discovers and assesses the risk of all known and unknown in-use Kubernetes container images. Leveraging our own AI and ML technology, we are establishing a baseline for normal behavior for each host container, serverless function, and other objects. Now, through real-time observation of file system processes and network activity, our newest runtime security tools provide organizations with a predictive and threat-based protection to actively detect anomalous activities, prevent zero-day attacks, automate response, and help ensure PCI 4.0 compliance in both containerized and legacy environments. These new container runtime insights combined with toxic risk factors within a unified actionable dashboard allow for immediate threat qualification, prioritization, and remediation from code to cluster. We believe this new capability uniquely sets us apart to enable secure and compliant cloud consumption at scale. Turning to our federal agenda, we recently reduced FedRAMP moderate certification for our TotalCloud, CNAP, and EDR solutions, marking another key milestone for the company. We continue to expect our pending FedRAMP high certification for several key applications later this year, making Qualys the only modern alternative to legacy on-prem scanners for federal, state, and local government agencies at the high impact level. Our investments to establish a public sector presence are starting to yield results, supporting our confidence to address this new vertical and drive incremental growth in the business over time. Finally, with respect to our upcoming enterprise first management solution, we remain on track for GA later this year. This extension to our platform is currently in private beta with select few design partners. The ability to bring first- and third-party data into our platform to holistically detect, quantify, prioritize, and remediate vulnerabilities with automated workflows on a unified dashboard across on-prem cloud and multi-cloud environments is evolving into the go-to risk management solution for enterprises, especially in the context of a tight spending environment. The early customer feedback we are receiving is very positive, and it's great to see CISOs from around the world actively attend and engage in the many risk quantification workshops we have been conducting over the past several months. These innovative new approaches to cybersecurity risk management, along with several others we have showcased at Black Hat this week, allow our customers to reduce complexity and cost, and of equal importance, create multi-dimensional paths for durable long-term growth in our business. Moving to our business update. We believe that with continued due scrutiny comes larger opportunity for Qualys over the long term as our natively integrated risk management platform helps customers consolidate technologies and achieve better outcomes within fewer resources and immediate ROI. With many of our customers already embracing Qualys to help re-architect and consolidate their stack, Qualys VMDR solution has translated into an enviable customer base, deep penetration, and significant industry recognition. As recently announced, Qualys' VMDR with true risk was voted the best vulnerability management solution at the 2024 SE Awards Europe for the second consecutive year. We believe Qualys' placement as the number one VM solution further validates our investments in the platform and continue to represent the gold standard for securing customer environments today and in the future. Given Qualys' blueprint for delivering greater value to our customers, our VMDR solution with true risk not only fueling new logo lands but also helping increase platform adoption especially in the areas of cyber security asset management with easm patch management and cloud security let me share a couple of recent wins with new customers which illustrates why companies turn to qualis to help consolidate their tool security tools and improve their security posture in q2 a large federal government agency became a customer of qualis this new customer was previously using multiple legacy and next-gen solutions to manage a variety of risk management use cases across their security IT and DevOps teams. In addition to the complexity of using multipoint products, this government agency was frustrated with increasing costs associated with on-prem deployments. Looking to migrate into a natively integrated cloud-based FedRAMP high-impact level-ready solution that met the CISA BOD guidelines, They replaced two of their existing vendors in a high six-figure bookings phase one deployment using multiple Qualys modules right out of the gate. These initial deployments include cybersecurity asset management with ESM, VMDR with TrueRisk, and patch management. Through this highly strategic and competitive way, this customer is now able to leverage unified dashboards that provide them with greater insights and automation than many of the competitive products they evaluated while taking full advantage of the speed and scale of an integrated platform. This win is a further testament to the investments we're making to expand our federal business, and we are also very pleased with the turnout and encouraging feedback from many large government agencies at our first public sector cybersecurity conference that we held in May. In a second new high six-figure customer win, a hyper-growth cloud-native SaaS business standardized on Qualys' enterprise-based platform. This company's security team struggled with managing multiple consoles, lack of integration, complex workflows, misdetections, and extended remediation times, which restricted their ability to protect themselves. This customer is now consolidating on the Qualys Enterprise True Risk Management platform, replacing several competing vendors through a natively integrated multi-product solution, including cybersecurity asset management with EASM, VMDR with True Risk, patch management, and our total cloud CNAP solution. Now, with a comprehensive multi-sensor solution, single user interface, and single platform, they have complete visibility and automated remediation across their endpoints and multi-cloud environments. With seamlessly integrated solutions delivered natively on our platform to solve modern security challenges, more and more Qualys customers are beginning to understand how cybersecurity transformation drives better security outcomes, saves time, and costs less. As a result, customers spending $500,000 or more with us in Q2 grew 18% from a year ago, 299. Beyond these wins, we are also increasingly gaining leverage from our partner ecosystem. Our pipeline of business opportunities with partners continues to grow, and our partner-led win rates increase again in Q2. As our market perception and brand awareness continue to strengthen, we anticipate partner integration with our platform will continue to increase, further strengthening our strategic position, expanding our ecosystem, and broadening our reach. In summary, our rapid innovation engine underscores our growing thought leadership and the value proposition we deliver to customers seeking to transform, consolidate, and fortify their security posture. Given the large market opportunity, in front of us and multiple growth drivers in our business, we anticipate that we can grow at scale long-term, generate cash, and invest in key initiatives that will further extend the gap between Qualys and the competition. With that, I'll turn the call over to Jumi to discuss in more detail our second quarter results and outlook for the third quarter and full year 2024.
Jumi
Thanks, Ahmed, and good afternoon. Before I start, I'd like to note that except for revenues, all financial figures are non-GAAP. and growth rates are based on comparisons to the prior year period unless they did otherwise. Turning to second quarter results, revenues grew 8% to $148.7 million, with Channel continuing to increase its contribution, making up 46% of total revenues compared to 43% a year ago. As a result of our continued commitment to leverage our partner ecosystem to drive growth, we were able to grow revenues from Channel partners by 17%, Outpacing Direct, which grew 2%. By GEO, 14% growth outside the U.S. was ahead of our domestic business, which grew 5%. U.S. and international revenue mix was 58% and 42% respectively. As for calculated current billing, we would like to note that our Q2 calculated current billing were negatively impacted by the sunset of our embedded solution for Microsoft Defender as of May 1st. Earlier this year, we announced that we will be retiring our integration on Microsoft Defender and transitioning to BYOL model. Since this went into effect in Q2, we have been fielding inbounds from former Qualys on Microsoft Defender users and working closely with them to ensure that they understand the value of our cloud security solution, Total Cloud Synapse. Normalized for this change, our calculated current billing growth would have been 1%. In Q2, with a continued challenging spend environment resulting in lower performance in upsell, our net dollar expansion rate declined to 102% from 104% last quarter. Conversely, we continue to see strong returns on our new business initiatives and achieve double-digit new bookings growth for the fourth consecutive quarter. With this momentum and new customer bookings growth, we believe we're building a stronger foundation to drive expansion and share gains over time. In terms of product contribution to booking, patch management and cybersecurity asset management combined made up 13% of LTM bookings and 22% of LTM new bookings in Q2. Cloud security solutions, total cloud, CNET made up 4% of LTM bookings. Turning to profitability, reflecting our scalable and sustainable business model, adjusted EBITDA in Q2 with 69.9 million. representing a 47% margin compared to a 48% margin a year ago. Operating expenses in Q2 increased by 10% to 59 million, primarily driven by a 22% increase in sales and marketing investments aimed at capturing the market opportunities in front of us. As we continue to increase our investment intensity and focus on sales and marketing enablement, customer success, and productivity, we believe we will be able to drive wallet share and long-term returns. EPS for the second quarter of 2024 was 1.52, and our free cash flow was $48.8 million, representing a 33% margin compared to 37% in the prior year. In Q2, we continued to invest the cash we generated from operations back into QALYS, including $1 million on capital expenditures and $35 million to repurchase 233,000 of our outstanding shares. As of the end of the quarter, we had 230.7 million remaining in our share repurchase program. With that, let us turn to guidance, starting with revenue. For the full year 2024, we are now expecting our revenues to be in the range of 597.5 to 601.5 million, which represents a growth rate of 8%. This compares to revenue guidance of 601.5 to 608.5 million last quarter. For the third quarter of 2024, we expect revenues to be in the range of 149.8 to 151.8 million, representing a growth rate of 5 to 7%. This guidance assumes continued deal scrutiny and no improvement to our net dollar expansion rate through the back half of this year. Shifting to profitability guidance, for the full year 2024, we expect EBITDA margin of 43 to 44%, and free cash flow margin in the mid to high 30s. We expect full year EPS to be in the range of 5.46 to 5.62, up from the prior range of 5.06 to 5.30. For the third quarter 2024, we expect EPS to be in the range of 1.28 to 1.36. Our planned capital expenditures in 2024 are expected to be in the range of $12 to $16 million, and for the third quarter of 2024, in the range of $4 to $7 million. Consistent with prior guidance, for the remainder of 2024, we intend to align our product and marketing investments to focus on specific initiatives in a driving more pipeline, supporting sales, including enhancing our partner programs and expanding our federal vertical. As a percentage of revenues, we expect to prioritize an increase in investments in sales and marketing, as well as related support functions, systems, and people, with more modest increases in engineering and G&A. With that, Sumedh and I would be happy to answer any other questions.
Operator
Thank you. At this time, we will conduct the question and answer session. As a reminder to ask a question, you'll need to press star 1-1 on your telephone and wait for your name to be announced. To withdraw your question, please press star 1-1 again. Please stand by while we compile the Q&A roster. Our first question comes from the line of Joanna Fleshbein of Trues. Your line is now open.
Joanna Fleshbein of Trues
Hey, thank you very much for taking the question, and congrats. Jumi, really great growth internationally, and I guess some as well. Can you talk about, you know, what drove the international growth? And then maybe, Jumi, if you could talk about more specifics about some of the investments that you're making in sales and marketing going forward, that would be very helpful. Thank you so much.
Jumi
Yeah, happy to. The international growth, we're seeing a stronger demand in that region relative to the U.S. With that said, the U.S. growth rate is impacted by the Microsoft Defender, and so that's been a headwind on the U.S. business as well as the direct business that we just share the growth rate for. In terms of the sales and marketing investments, we feel like it has been doing really well, and the higher return on ROI is from the investment that we made on the partner side. As you can tell, our initiatives when it comes to enhancing our partner relationships and really working with them to revamp how we go to market and further incentivize our partners to understand why it makes sense for them to propose and put Qualys as a vendor of choice has been resonating. And so for us, it's number one, partner, and then number two, of course, primarily our investment is related to the headcounts. So as we're targeting, continuing to grow the sales and marketing headcount by double digits in 2024, and we are on track to meet that goal, we're positive with the momentum that we're seeing in the business today.
Sumedh Dakar
Yeah, and Joel, I'll add to that is, you know, while we had a tough upsell quarter for Q2, I think our investments that we've been making in the last few quarters have really, you know, given us a lot of positive things that we're excited about, as an example, with our new business growing double digits because of the way that we're enabling our new business sales team, because of the way, as Jimmy said, we're investing with our partners, and the partners' pipeline is increasing. Their win rates with our partners are increasing as well. I'm pretty excited about our investment that we started last year in the federal space, which, again, Getting a six-figure net new business deal in the federal space for us is exciting, and it also highlights the opportunity that we have on the federal side, including within our existing customer base as well, our investments in terms of taking our learnings from what we have been able to be successful with our new business, being able to train our post-sales teams as well to be more of hunters, to enable them in a much better way et cetera, has led to customers who are spending $500,000 or more with us also growing 18% from last year in the same quarter. So those are a lot of the things that our investments are leading to positive trends. I think clearly we see an opportunity in this macro environment that we have and the scrutiny that we face from our customers with VM to really be able to get our sales team to Our product and marketing teams to align better and our sales team to execute better on the upsell opportunities that will come with the new way the customers are looking at their security spend and focusing on risk management. And really, you know, being able to spend their money from cybersecurity where the risk is. And that's the big question a lot of people are not quite able to answer is where is your risk exactly? And that's what our ATM platform is going to help. Thank you so much. Appreciate it.
Operator
Thank you. One moment for our next question. Our next question comes from the line of Srinath Kothari of Baird. Your line is now open.
Srinath Kothari
Hey, thanks for taking my question. So, Jumi, you mentioned, of course, the channel revenue now making up 46%, which is kind of really ticking up nicely. Can you just help provide some more details on on kind of overall, I would say, breakdown of the contribution for different types of partners if possible. Of course, you highlighted how you guys were trying to partner with some of the cloud providers and marketplaces like AWS, Azure, Oracle. Just curious if you can provide us some more color in terms of those drivers, and then I'll follow up.
Sumedh Dakar
Yeah, we don't break it down that way, but I can tell you that right now, you know, our channel partners are resellers, so we're definitely working very closely with us and really bringing us a lot of the opportunities because they see the comprehensive set of capabilities that we can very rapidly bring to the customers who are currently in the market, have a project, and have a budget to execute on that. So they are sort of the first folks who are working closely with us. In the last quarter, we released our MSSP portal, so we're seeing traction with service providers who are continuing to add patch management as a service because just having VM scanning as a service is not a big differentiator. And so more and more of them are leveraging Qualys for now providing patch management as a service. And now we're starting to see that same thing from partners on being able to provide services around cloud security deployments as well. And we have a really nice, strong partnership with OCI on the GTM side, but as well as working with AWS on the ADP credits with joint customers are some of the areas that we're really seeing good momentum. We don't break it down exactly like that, but that should give you a high-level sort of view of where we're seeing success with partners.
Srinath Kothari
Got it. That's very helpful, Sumit. And Jumi, a quick follow-up. Of course, Sumit, you highlighted the development of this enterprise risk platform kind of helping and how you're monetizing that offering. Just curious, given on the other side, there's aggressive overall pricing in the core VM that we are hearing from other players, kind of perhaps undercutting pricing there. Just curious, how were you able to show the upside on the gross margins as well in this kind of environment? And can you provide us some quantitative insights into that and expected impact of net dollar retention rates as well?
Jumi
Yeah, in terms of the growth margin, we were very pleased to oppose the 84% growth margin up from 82% last year and then even 83% last quarter. It's primarily due to our optimization when it comes to our data centers, in addition to the fully depreciated assets that we're seeing right now. As you know, we have both the hardware as well as on the cloud assets, and we're just leveraging and optimizing to make sure that we're getting the margins that we think make sense for our business today.
Sumedh Dakar
And then on the VM question that you asked, look, I think we've talked about this for the last many quarters that VM is evolving and customers are really looking to focus on remediation as well. And so even when they are looking at scan-only solutions that only give them more things in CVEs to fix, When they are looking to optimize their budget for an outcome, they are looking at how to balance the scanning with batch management. And that's why our TrueRisk eliminate capability that we came out with, giving customers more solutions they can buy from us in terms of being able to mitigate the risk is the most important. Because, you know, if today's cyber budgets have been tight and the questions that cybersecurity professionals are getting asked is, well, what's the outcome? How much risk are you reducing? And if you're not able to articulate the risk, and how much risk you're actually reducing, that's really when they face challenges with, you know, should we get an increase in this budget if we're not focusing on remediation? And so just in the first half of this year, getting 45 million patches deployed by Qualys agents really highlights that VM today is about vulnerability assessment, but also combining with patch management and ability to mitigate the risk. And we see that in the numbers today. with our patch management, cybersecurity asset management, for net new bookings customers when they're coming to us and why we are seeing good success with our new businesses. We offer a unique differentiator in the market when people are looking to change their scanning solution because we're offering them patch management combined with the scanning solution. And that's really where vulnerability management has been evolving. And this is nothing new. That's why we invested a few quarters ago to really focus on the remediation aspect of vulnerability management because There is no M in the VM if you don't actually fix things.
Qualys
Got it. Super helpful. Thanks so much, Anjumi.
Qualys
Thank you. One more question.
Operator
Our next question comes from a line of Matt Hedberg of RBC. Your line is now open.
Matt Hedberg
Great. Thanks for taking my questions, guys. It sounds like NRR dipped down to 102, I think, from 104 last quarter. I'm curious, do you feel like that's starting to bottom now? Do you think perhaps in the second half, whether it's pipeline or other drivers, we could see a rebound there?
Sumedh Dakar
I think as we work with our customers, we're definitely facing a scrutiny on when they have to do additional spend with Qualys. So that's where we are working. Women are leading to a lot of great engagements, and that's where we are leading to the more conversations, how they optimize their spend, how they can balance their spend in the scanning side with the spend on the patch management and asset management side and that's where you see in some cases they optimize right now for getting some additional solutions from Qualys where they can grow in the future. I think we will have to continue to see in next quarter how these conversations that we are having this quarter translate into additional upsells for the customers because as you know in this current environment it's a little bit harder to with the scrutiny that they face to know what is the timing of when they will adopt these additional solutions, especially with cloud security, et cetera. So we're pretty excited about the opportunity that we see. I think we're going to have to watch the next couple quarters on how this rate evolves. But over the long term, definitely feel like we have all the goods that existing customers are looking to invest additionally, which is, in my mind, is patch management, cloud security, overall sort of risk management and more importantly now questions coming up about AI security. And so our new solution that we announced that we're going to get out in September, which is really helping customers identify all of their AI LLMs and looking at the risk of those are going to be very positive. Those conversations, how they lead into additional upsells and the timing of that is something that we're watching very closely.
Matt Hedberg
That's great. That's super helpful. And then In terms of the Microsoft Defender headwinds, can you remind us, again, when those will abate officially and not become a drag on billings?
Jumi
Yeah, the sunset was effective May 1st, so it hit us for the first time in Q2. So the biggest impact that we expect to see is in Q2.
Matt Hedberg
In other words, then, so what you're saying, Jimmy, is that... it's not going to be as big of a headwind in Q3 and Q4, or just maybe just think about that headwind as we've been a couple quarters.
Jumi
That's right. That's right. It's not going to be material enough for us to normalize it in Q3 and Q4. Q2 is really the biggest quarter based on the billing schedule, and that's why when you take a look at our calculated current billings, the 2% decline normalized for this, if it hadn't happened, then it would have been approximately 1%.
spk16
Got it. Super helpful. Thanks, guys.
Operator
Thank you. One moment for the next question. Our next question comes from the line of Kingsley Green of Canaccord Genuity. Your line is now open.
Kingsley Green
Hi, thank you. So you've done a remarkable job building out the platform in the past couple of years. I just want to ask broadly, how would you describe VM demand at the moment? How cyclical is this? How secular is this? And then why do you view VM foundational? And then how can you leverage that to expand spend within existing customers? Thanks.
Sumedh Dakar
Yeah, great question. See, VM continues to be very foundational for any risk management exercise that any organization has. You know, if you look at every single cybersecurity standard out there requires regular scanning and patching for VM. I think as we have talked about, and I have talked about this in a few earnings calls in the past as well, is that VM is evolving. And so while the overall focus on customers remains on VM. Within VM, it's really customers are focusing on how do we get an outcome of actually being able to reduce the risk by fixing the things that are being discovered by VM. And so what we see with our customer base is that they are, with the tight budgets that they have and the scrutiny that they're putting on the conversations, they are actually looking to balance between how much they focus on scanning and what's the point of scanning everything if they're not able to actually remediate stuff. And so how do they balance their investment in the VM sector between scanning and patch management and also asset management, as well as how do you expand the scanning into the cloud environment? And so those are the conversations that we hear a lot more. I think the VM as a key part of risk management for the organization continues to be a key priority for all the customers that we talk to. I think as they are working with tight budgets right now and looking to balance that, I think we see this as a good opportunity for us because it is giving us opportunity to get our additional products like patch management, cybersecurity asset management seeded in with these customers as they're buying smaller amounts. But in the future, this could lead them to cover more of the estate that they currently have with us with scanning.
Kingsley Green
Great. That's well said. And then one more. So I want to just talk about dynamics when selling cloud security, whether that's total cloud CNAP or something individual like CSPM. Post-crowd strike outage, vendor concentration has been widely discussed, rightly or wrongly. So big picture, how do you think the outage will play out specifically in cloud security, given how nascent the space is and how much of an opportunity you see?
Sumedh Dakar
Look, I think the questions customers are asking are obviously valid in terms of how do you balance the risk of the security solution being deployed itself versus the risk it is mitigating, right? And I think the advantage I think for Qualys is that we are not concentrated on the agent as being the foundational way to deliver security service to the customer like some of the other providers where the agent is the main and the only way that they can deliver services. We have a pretty comprehensive capability of delivering security services that match the customer's operational appetite of deploying different ways to assess risk. And so we have agent-less scanning, we have snapshot scanning, we have agent-based scanning, we have off-site scanning. So there's many different ways. And so what we see with customers, we obviously got a lot of questions asked around what are the best ways that Qualys is, of course, ensuring that we are testing, we are very confident about the way we roll out our updates for different technologies. Also, the fact that they can actually, with their licensing, balance their risk of where they want to deploy agent-less scanning versus where they want to deploy agent-based scanning. And we give those options to them, which they're pretty happy about that they don't have to really take that big risk of only having an agent and that's the only way to deliver the service. And so in cloud, I think the advantage is that you can do a good amount of assessment with CSPM just using APIs without deploying a particular service. way of scanning and so this is why about a year ago when we released our FlexScan, which is a part of our TokenCloud CNAP solution, the license actually includes the ability for the customers to do four types of different scans on the same asset and they can pick and choose. So if they want, they can do an API assessment with absolutely nothing installed. On the workload, they can use an agent to be installed automatically. They can use an automatic network scanner in that environment or they can use a snapshot scan of an image that is not actually live. So I do see that in cloud security while the questions will come up. It's not so much about, in my mind, the vendor concentration. It's really about the sensor concentration in my mind, which is, is your vendor providing you multiple different ways to assess your environment in leveraging basically the different types of risk profile that you might have on different assets.
TokenCloud CNAP
All right, I agreed with that. Thanks again and congrats. Of course.
Operator
Thank you, Wongru, for our next question. Our next question comes from the line of Young Kim of Loop Capital. Your line is now open.
Young Kim
Okay, great. Suned, on the Microsoft Defender headwind, I am assuming you planned for that. Clearly, there was some execution issue that you did not anticipate. If you can elaborate on that a bit, and then also, what are the products that were directly affected by the lower attach rate related to Microsoft Defender?
Sumedh Dakar
Microsoft was leveraging our very basic sort of scan-only legacy capability, right, which was that it was not VMDR. those customers and we did not have access to those customers to be able to work with them to upsell them to all the other things that our current customers upsell to whether it's cybersecurity asset management, whether it's patch management, whether it is cloud assessment or now with the new AI scanning that we are releasing So for us, it was customers in that environment were only using scan only solution from us. And as we all see right now, what's happening in the market is really customers are looking for more holistic, comprehensive outcome of the LVM solution, which includes actual fixing and reduction of risk and not just more scanning. And so that's really where we see the opportunity is customers don't just want more CVE reporting. They want a way to say these are the things you should fix that will reduce the risk and then a solution that can fix that. And so that's where We see the opportunity if these customers come to us, we can focus on helping them see the bigger picture of how they can reduce the risk from their vulnerabilities rather than just keep looking at them and not doing anything about them.
Young Kim
Okay, great. Thanks for that answer. Jimmy, anything that we should be aware of in regard to pricing, especially with second half renewal season coming up?
Jumi
No change from our perspective, from a competitive standpoint, and no change from our own pricing.
Young Kim
Okay, great. Thank you so much.
Qualys
Thank you, Wilma, for next question.
Operator
Our next question comes from the line of Jonathan Ho of William Blair. Your line is now open.
Jonathan Ho
Hi, good afternoon. I just wanted to maybe dig in a little bit more in terms of understanding the need to balance profitability with some of the investments that you've been making on the channel side. Can you give us a sense of have the initial investments sort of paid off the way that you've expected? I know it takes a little bit of time to translate into billings and ultimately to revenue, or has it been disappointing? Has it been sort of Yeah, just want to get a sense of how you're thinking about that.
Sumedh Dakar
Great question, Jonathan. Look, when we embarked on this journey a couple years ago, really, we've been focusing on a few different things, and some of them sometimes work, some of them don't. But overall, like I said, we are pleased with the investment really bringing us that improvement in four straight quarters of double-digit growth for new business, which we have not had. as much in the past, and then just looking at opportunities coming from partners, looking at partner opportunities, having better close rates, looking at continuing our $500,000 plus customers actually increase in this tough environment by 18%. So I do think that different things that we have done in terms of training our new business sales reps in terms of investment channel, brought us those sort of opportunities. And now in the further quarters, we need to focus on working through those opportunities, closing through those opportunities, continuing to invest additionally with our channel partners. But like we said, we are in a fairly unique position this year to continue to actually invest in our sales and marketing in GTM because we see the opportunity when most of the companies are really cutting down on their sales marketing investment. And I think that's really what we look for in the further quarters is improvements in our upsell rates, similar to what we're seeing with our new business, and really continuing our investment on the federal side, like I said, just getting a good six-figure deal in the federal net new business on the federal side is also very promising for us because of the investments we're making with the team that we have built, the marketing investment we made this year to actually host a conference just specifically for federal, which is our first one, and also the investment we have made in being FedRAMP moderate, but more importantly, we're just really, really anticipating and waiting for the FedRAMP high certification, which we are looking forward to getting end of this year. And I think that investment over the next couple of years should give us really significant advantage because there's no other FedRAMP high platform that has so many different capabilities and modules that go in together with that. I think there are certain, you know, these are some of the things that have worked and continue to work. And we're looking now to take the learnings from the new business improvements and apply those to our existing business so that our, you know, post-sales farmers learn how to do a little bit of hunting and be able to find some of these deals in a tough macro environment. environment and be able to bring additional opportunities while working closely with the partner side on the upsell, just as the way we are working on the partner with the partners on the new business as well.
Jonathan Ho
Excellent. Just a quick follow-up. So as you take on additional chief product officer responsibilities, Can you help us understand where you see the biggest opportunities? Is this narrowing of the product focus? Is this approaching new areas? I'm just trying to understand how you think about sort of taking on these additional responsibilities and what you see as that opportunity. Thank you.
Sumedh Dakar
Yeah, look, you guys, you know my history. It's a little bit hard to get the chief product officer out of me. It's always there somewhere, but For us, we have always been innovation driven, really listening closely to our customers and bringing solutions to market. Like we do, patch management was all about operational efficiency, which is what the security teams are looking at. And so as I look forward to the next couple of years, if you look at the current environment, the challenges cybersecurity professionals are facing, when you look at the almost flat budget increase in cyber overall, is because of not being able to articulate the question, well, how much risk is cyber bringing to our business? And so, because without that, you cannot really, if you don't know how much risk you have, you cannot articulate that risk in dollar value. You cannot decide on exactly how much should you spend, which is appropriate amount to take down that risk. And that's really what I'm excited about with our ATM platform that we're coming out with and some of our beta partners that are there. It's not, there are multiple different security controls you can implement to reduce risk, But let's first focus on being able to identify, being able to articulate the risk in dollar terms to the business. And from there, you can decide which are the most effective security controls that you can put in place to bring down that risk. And it may not be the exact same control in every environment. In some cases, maybe a zero trust is a better security investment given how much risk you have versus in other cases, maybe a better patch management solution is enough to reduce the risk. And so as I look at from a product perspective, First, I'm glad that Deno has built a good team and they're taking more and more focus on the GTM side, so it gives me additional opportunity to focus and work with the product and marketing teams to not only look at the future products that we are coming up with, especially on risk management, risk articulation, but also in the short term, the opportunity given what we are seeing with our total cloud solution, the conversation that we are having with customers, being able to align my product management and product marketing teams together so we can execute better on marketing our total cloud solutions and being able to create additional opportunities. So some of those things are really what I'm looking forward to as I, you know, look into this chief product officer role.
Qualys
Great. Thank you. Thank you.
Operator
One moment for our next question. Our next question comes from the line of Rudy Kissinger of DA Davidson. Your line is now open.
Matt Hedberg
Hey, guys. Thanks for taking my question. I guess just on this tough upsell environment, you know, your net expansion rate is down to 102%, but it's almost down to basically no upsell. I guess, are you seeing contractions with... you know, any sizable portion of your customer base? Not customers who churn, but customers who are staying with you. Are they reducing their footprint? Or I guess just where could that bottom? Obviously, we would think it would bottom at 100%, but it could potentially even go lower than that.
Sumedh Dakar
Good question, Rudy. So as we mentioned, overall, our gross retention has stayed the same, around 90%. And so I think for us, it's really about Customers, as I mentioned earlier, are looking to balance the set of solutions that they have from Qualys, looking at how can they have a better impact by adopting additional solutions from Qualys like patch management, cybersecurity, asset management, and sometimes based on they may decide that this particular environment, I would rather take those licenses and focus more on patch management in my server environment because currently the budgets are tight. So what we are seeing is right now, you know, overall growth retention continues to be about the same. It's more about customers looking at optimizing and balancing their spend between the different capabilities and as part of that, adopting additional capabilities, which may not in the immediate term mean an immediate upsell from a total amount perspective in that particular opportunity but it also creates us for opportunity in the future that we can increase the accounts there and so again I think this is sort of the we have a tough quarter on this overall industry you know expansion rates are coming down but we're gonna take the conversations that we are having because of this right now and see how they're gonna those conversations are leading to opportunities to close in the next a couple of quarters. So again, of course, we look forward to improving our net expansion rate over the next few quarters when the timing of that exactly is something we are also keeping a close eye on.
Operator
Thank you. One moment for our next question. Our next question comes from a line of Rob Owens of Piper Sandler. Your line is now open.
Rob Owens
Hi, this is Aiden on for Rob Owens. Thank you for taking my question. Can you provide more color on the economic backdrop in the quarter related to deal scrutiny? And also, what did you see related to demand from enterprise and SMB customers in 2Q? Thank you.
Sumedh Dakar
I think the micro generally continued to be the same as we have expected. We are, you know, it's the budgets are generally flat. We are seeing, you know, customers trying to think about, in some cases, cybersecurity versus AI, which is why we're excited about the AI security product. Overall, I think the macro has stayed the same. We faced additional scrutiny, I would say, this quarter from customers just looking to say, should we continue to adopt different solutions while keeping the overall spend the same, or should we just keep as is and not expand too much? So I would say that for us, it's really about And I don't think we saw any major difference between the enterprise versus the SMB segment from what we've been seeing in the last few quarters. And so I think the environment continues to be tough, and we continue to face, or at least this quarter, we faced additional scrutiny on the budgets.
Qualys
Thank you, Wongle, for our next question.
Operator
Our next question comes from the line, Joshua Tilton of Wolf Research. Your line is now open.
Matt Hedberg
Hey, this is Patrick on for Josh. Thanks for taking my question. Wanted to dive a little deeper on the customers impacted by the sunsetting of the Microsoft partnership. You mentioned that you were having conversations with those customers throughout the quarter. So can you just talk about your updated expectations? for those customers moving over to Qualys to use your solutions directly? And then also, what does the size of that opportunity look like?
Sumedh Dakar
I think, as Julie said, the sunset actually happened just recently in May when the actual sunset happened. I think for us, we did not have access to those customers, so we couldn't quite reach out to them, as we had mentioned earlier. I think it is about as customers are sort of transitioning to a different solution or have the option they're looking at and sometimes they come and talk to us. So we've had a few customers come and talk to us. We may not always know that they are coming from that Microsoft thing because a lot of times they might have additional footprint already with Qualys and they may just expand and buy additional licenses for their Azure environment instead of what they were doing with Qualys with the Azure integration. I don't think at this point we're thinking of that opportunity as anything from what we see as a material thing in Q3, Q4. I think we'll continue to see how the conversations evolve and see how many of those actually continue to come to us, but we're not assuming any additional benefit in the guidance that we've given coming from that opportunity.
Matt Hedberg
Okay, thanks. And then just a quick follow-up. Is there any color you can give us on how you expect billings growth to trend for maybe 3Q or the full year? Thanks.
Jumi
Yeah, we don't guide to current billings, but we did indicate that the annual current billings growth will be trend more or less along the lines of the same as revenue growth rate. So I would assume the same. For the second half, the revenue growth guidance will be more or less in line with the current billings.
spk00
Helpful. I appreciate it.
Operator
Thank you, Wong, for our next question. Our next question comes from a line of Brian Essex of JPMorgan. Your line is now open.
Matt Hedberg
Great. Thank you for taking the question. I was wondering if you could maybe dig in a little bit on, you know, customers spending more than $500 and overall customer count in aggregate. How should we think about that faster-growing large customer cohort versus the smaller customers and puts and takes there that maybe give us an indication of where you're focusing your efforts from a sales and marketing perspective.
Jumi
For the sales and marketing perspective, we are focused more on the enterprise just because that's where we've seen more success. And as you can tell by our larger customers who continue to increase their spend with us, and we've seen success there, we are continuing to see some headwinds on the smaller end, the smaller customers or the SME and SMB space.
Matt Hedberg
And those 500-plus customers, is that revenue from those customers that are growing 18% or is that the customer count that's growing 18%?
Jumi
The customer count and the dollar amount are up. growing both at 18% actually. So the 18% that we reference is the customer count, but the dollar amount is about the same.
spk04
Got it. That's helpful. Thank you.
Operator
Thank you. We'll move it for our next question. Our next question comes from the line of Hamza Farawala of Morgan Stanley. Your line is now open.
spk13
Hi. Thank you for fitting me in back here. I'm sorry, I'm having a hard time hearing you. Hi, can you hear me better?
Sumedh Dakar
Breaking up your audio.
spk13
Let's try again. Just a question on the current billings for Jumi. So it's down 2% this quarter. I believe you mentioned the Microsoft headwind. Without that, it would have been up 1%. Anything else that I'm missing? If you could get the Microsoft customer relationship, Microsoft was a partner as well as a customer. Any changes in conversation?
Sumedh Dakar
We couldn't quite hear the last part. Can you repeat the last part about the customer relationship?
spk13
If Microsoft remains a customer... Any changes in conversation there?
spk12
No, no change.
Jumi
So it's as expected with respect to the impact on our top line from both Microsoft Azure and Microsoft Customer for this year.
spk11
Okay, thank you.
Operator
Thank you. I'm sure no further questions at this time. Thank you for your participation in today's conference. This does conclude the program. You may now disconnect. Goodbye. Yeah. Thank you. Thank you. Thank you. Bye. you Good day, and thank you for standing by. Welcome to the 2024 second quarter Qualys Investor Call. At this time, all participants are in listen-only mode. After the speaker's presentation, there will be a question and answer session. To ask the question during the session, you'll need to press star 11 on your telephone. You'll then hear an automated message advising your hand is raised. To withdraw your question, please press star 1-1 again. Please be advised that today's conference has been recorded. I'd now like to hand the conference over to your first speaker today, Blair King, Investor Relations. Please go ahead.
Blair King
Thank you, Marvin. Good afternoon, and welcome to Qualys' second quarter 2024 earnings call. Joining me today to discuss our results are Sumedh Dakar, our president, CEO, and Jumi Kim, our CFO. Before we get started, I'd like to remind you that our remarks today will include forward-looking statements that generally relate to future events or future financial or operating performance. Actual results may differ materially from these statements. Factors that could cause results to differ materially are set forth in today's press release and our filings with the SEC, including our latest Form 10-Q and 10-K. Any forward-looking statements that we make on this call are based on assumptions as of today, and we understand undertake no obligation to update these statements as a result of new information or future events. During this call, we will present both GAAP and non-GAAP financial measures. Reconciliation of GAAP to non-GAAP measures is included in today's earnings press release. And as a reminder, the press release prepared remarks and investor presentation are all available on the investor relations website. With that, I'd like to turn it over to Sumit.
Sumedh Dakar
Thank you, Blair, and welcome to our second quarter earnings call. In Q2, we witness organizations increasingly optimize spend within an already tight IT spending environment. Given this dynamic, organizations are standardizing on trusted platforms to consolidate security stacks, leverage automation, and achieve expedient remediation of risk. Qualys has a unique organically-built platform to address this need. Nevertheless, crisp execution is required to fully capitalize on this opportunity. While we have made meaningful progress on several fronts, including growing our sales and marketing team, building momentum with partners, and growing our new business, we have work to do in addressing our upsell execution in the current environment, which resulted in lower-than-expected bookings growth this quarter. With the upcoming departure of our Chief Product Officer later this month, I plan to directly oversee the product and marketing teams to position us for forward success. I am confident in our ability to re-accelerate growth in the long term, which sharpen execution and product-led growth and improve alignment between our product messaging and marketing activities to drive operational efficiencies in our go-to-market motion. At this time, I'd like to thank Pankaj Shah, our Chief Product Officer, for his contribution during his tenure at Qualys. Although Q2 was a challenging upsell quarter for us, with continued increase in deal scrutiny, we are fortunate that many of our customers have already begun a long-term transformation journey with us Through the conversations I've had with many CISOs over the past several quarters, their message is clear. They are looking to pivot to a natively integrated risk management solution. In the face of sluggish macro, escalating threat environment, and cybersecurity skill gap, organizations need to reduce complexity and cost while presenting measurable risk reduction initiatives to boards and C-level executives. Against this backdrop, Q2 was another quarter of rapid innovation for Qualys, reflecting on our ongoing commitment to technology leadership and customer success. Qualys' mission has been to bring innovative new security solutions to market fueled by customer insights. As a result, we have established a strong track record of converting operational challenges into structural competitive advantages while maximizing lifetime value, ensuring frictionless outcome at scale, and driving immediate ROI on security spend. For example, Qualys pioneered a patching category for security teams. Building on this success, we commenced development of our TrueRisk eliminate capability several quarters ago. I am now pleased to announce that some of these increasingly popular solutions amongst our beta customers will soon enable organizations to respond to zero-day threats and mitigate top exploitable vulnerabilities even when a patch is non-existent or cannot be deployed. This new subset of our broader TrueRisk eliminate roadmap which we call True Risk Mitigate and True Risk Isolate, and power security teams to apply fixable, automated, and intelligent risk-based response solutions to address cybersecurity risk based on an organization's own unique operational characteristics, remediation timelines, and business objectives. With these new capabilities soon going GA, strong customer support, and over 45 million patches deployed year-to-date on callless agents, we are increasingly confident that We are once again transforming our customer security operations while further magnifying our competitive differentiation in the market. Continuing our innovation to help our customers address risks coming from the use of latest technologies like AI LLM, we are pleased to announce our newest capability, which we call Qualys Total AI. As organizations rapidly deploy AI LLM technologies, the security teams are looking for help to quickly find and comprehensively assess vulnerabilities in these models. With seamless AI security posture management integration, these new adaptive capabilities discover AI LLM usage within customer's environment, scan for vulnerabilities, and prevent data leakage for comprehensive risk assessment prioritization and remediation across the entire attack surface with a single click of a button. In addition, we are pleased to announce an extension to our Total Cloud CNAP platform, which now discovers and assesses the risk of all known and unknown in-use Kubernetes container images. Leveraging our own AI and ML technology, we are establishing a baseline for normal behavior for each host container, serverless function, and other objects. Now, through real-time observation of file system processes and network activity, our newest runtime security tools provide organizations with a predictive and threat-based protection to actively detect anomalous activities, prevent zero-day attacks, automate response, and help ensure PCI 4.0 compliance in both containerized and legacy environments. These new container runtime insights combined with toxic risk factors within a unified actionable dashboard allow for immediate threat qualification, prioritization, and remediation from code to cluster. We believe this new capability uniquely sets us apart to enable secure and compliant cloud consumption at scale. Turning to our federal agenda, we recently reduced FedRAMP moderate certification for our TotalCloud, CNAP, and EDR solutions, marking another key milestone for the company. We continue to expect our pending FedRAMP high certification for several key applications later this year, making Qualys the only modern alternative to legacy on-prem scanners for federal, state, and local government agencies at the high impact level. Our investments to establish a public sector presence are starting to yield results, supporting our confidence to address this new vertical and drive incremental growth in the business over time. Finally, with respect to our upcoming enterprise first management solution, we remain on track for GA later this year. This extension to our platform is currently in private beta with select few design partners. The ability to bring first- and third-party data into our platform to holistically detect, quantify, prioritize, and remediate vulnerabilities with automated workflows on a unified dashboard across on-prem cloud and multi-cloud environments is evolving into the go-to risk management solution for enterprises, especially in the context of a tight spending environment. The early customer feedback we are receiving is very positive, and it's great to see CISOs from around the world actively attend and engage in the many risk quantification workshops we have been conducting over the past several months. These innovative new approaches to cybersecurity risk management, along with several others we have showcased at Black Hat this week, allow our customers to reduce complexity and cost, and of equal importance, create multi-dimensional paths for durable long-term growth in our business. Moving to our business update. We believe that with continued deal scrutiny comes larger opportunity for Qualys over the long term as our natively integrated risk management platform helps customers consolidate technologies and achieve better outcomes within fewer resources and immediate ROI. With many of our customers already embracing Qualys to help re-architect and consolidate their stack, Qualys' VMDR solution has translated into an enviable customer base, deep penetration, and significant industry recognition. As recently announced, Qualys' VMDR with true risk was voted the best vulnerability management solution at the 2024 SE Awards Europe for the second consecutive year. We believe Qualys' placement as the number one VM solution further validates our investments in the platform and continue to represent the gold standard for securing customer environments today and in the future. Given Qualys' blueprint for delivering greater value to our customers, our VMDR solution with true risk is not only fueling new logo lands, but also helping increase platform adoption, especially in the areas of cybersecurity asset management with EASM, patch management, and cloud security. Let me share a couple of recent wins with new customers, which illustrates why companies turned to Qualys to help consolidate their security tools and improve their security posture. In Q2, a large federal government agency became a customer of Qualys. This new customer was previously using multiple legacy and next-gen solutions to manage a variety of risk management use cases across their security IT and DevOps teams. In addition to the complexity of using multipoint products, this government agency was frustrated with increasing costs associated with on-prem deployments. Looking to migrate into a natively integrated cloud-based FedRAMP high-impact level-ready solution that met the CISA BOD guidelines, They replaced two of their existing vendors in a high six-figure bookings phase one deployment using multiple Qualys modules right out of the gate. These initial deployments include cybersecurity asset management with EAS and VMDR with TrueRisk and patch management. Through this highly strategic and competitive way, this customer is now able to leverage unified dashboards that provide them with greater insights and automation than many of the competitive products they evaluated while taking full advantage of the speed and scale of an integrated platform. This win is a further testament to the investments we're making to expand our federal business, and we are also very pleased with the turnout and encouraging feedback from many large government agencies at our first public sector cybersecurity data conference that we held in May. In a second new high six-figure customer win, a hyper-growth cloud-native SaaS business standardized on Qualys' enterprise storage platform. This company's security team struggled with managing multiple consoles, lack of integration, complex workflows, misdetections, and extended remediation times, which restricted their ability to protect themselves. This customer is now consolidating on the Qualys Enterprise True Risk Management platform, replacing several competing vendors through a natively integrated multi-product solution, including Cybersecurity Asset Management with ESM, VMDR with True Risk, Patch Management, and our total cloud CNAP solution. Now, with a comprehensive multi-sensor solution, single user interface, and single platform, they have complete visibility and automated remediation across their endpoints and multi-cloud environments. With seamlessly integrated solutions delivered natively on our platform to solve modern security challenges, more and more Qualys customers are beginning to understand how cybersecurity transformation drives better security outcomes, saves time, and costs less. As a result, customers spending $500,000 or more with us in Q2 grew 18% from a year ago to 199. Beyond these wins, we are also increasingly gaining leverage from our partner ecosystem. Our pipeline of business opportunities with partners continues to grow, and our partner-led win rates increase again in Q2. As our market perception and brand awareness continue to strengthen, we anticipate partner integration with our platform will continue to increase, further strengthening our strategic position, expanding our ecosystem, and broadening our reach. In summary, our rapid innovation engine underscores our growing thought leadership and the value proposition we deliver to customers seeking to transform, consolidate, and fortify their security posture. Given the large market opportunity, in front of us and multiple growth drivers in our business, we anticipate that we can grow at scale long-term, generate cash, and invest in key initiatives that will further extend the gap between Qualys and the competition. With that, I'll turn the call over to Jumi to discuss in more detail our second quarter results and outlook for the third quarter and full year 2024.
Jumi
Thanks, Ahmed, and good afternoon. Before I start, I'd like to note that except for revenues, all financial figures are non-GAAP. and growth rates are based on comparisons to the prior year period unless stated otherwise. Turning to second quarter results, revenues grew 8% to $148.7 million, with Channel continuing to increase its contribution, making up 46% of total revenues compared to 43% a year ago. As a result of our continued commitment to leverage our partner ecosystem to drive growth, we were able to grow revenues from Channel partners by 17%, Outpacing Direct, which grew 2%. By GEO, 14% growth outside the U.S. was ahead of our domestic business, which grew 5%. U.S. and international revenue mix was 58% and 42% respectively. As for calculated current billing, we would like to note that our Q2 calculated current billings were negatively impacted by the sunset of our embedded solution for Microsoft Defender as of May 1st. Earlier this year, we announced that we will be retiring our integration on Microsoft Defender and transitioning to BYOL model. Since this went into effect in Q2, we have been fielding inbounds from former Qualys on Microsoft Defender users and working closely with them to ensure that they understand the value of our cloud security solution, Total Cloud Synapse. Normalized for this change, our calculated current billing growth would have been 1%. In Q2, with a continued challenging spend environment resulting in lower performance in upsell, our net dollar expansion rate declined to 102% from 104% last quarter. Conversely, we continue to see strong returns on our new business initiatives and achieve double-digit new bookings growth for the fourth consecutive quarter. With this momentum and new customer bookings growth, we believe we're building a stronger foundation to drive expansion and share gains over time. In terms of product contribution to booking, patch management and cybersecurity asset management combined made up 13% of LTM bookings and 22% of LTM new bookings in Q2. Cloud security solutions, total cloud CNAP made up 4% of LTM bookings. Turning to profitability, reflecting our scalable and sustainable business model, adjusted EBITDA in Q2 with 69.9 million. representing a 47% margin compared to a 48% margin a year ago. Operating expenses in Q2 increased by 10% to $59 million, primarily driven by a 22% increase in sales and marketing investments aimed at capturing the market opportunities in front of us. As we continue to increase our investment intensity and focus on sales and marketing enablement, customer success, and productivity, we believe we will be able to drive wallet share and long-term returns. EPS for the second quarter of 2024 was 1.52, and our free cash flow was $48.8 million, representing a 33% margin compared to 37% in the prior year. In Q2, we continued to invest the cash we generated from operations back into QALYS, including $1 million on capital expenditures and $35 million to repurchase 233,000 of our outstanding shares. As of the end of the quarter, we had 230.7 million remaining in our share repurchase program. With that, let us turn to guidance, starting with revenue. For the full year 2024, we are now expecting our revenues to be in the range of 597.5 to 601.5 million, which represents a growth rate of 8%. This compares to revenue guidance of 601.5 to 608.5 million last quarter. For the third quarter of 2024, we expect revenues to be in the range of 149.8 to 151.8 million, representing a growth rate of 5 to 7%. This guidance assumes continued deal scrutiny and no improvement to our net dollar expansion rate through the back half of this year. Shifting to profitability guidance, for the full year 2024, we expect EBITDA margin of 43 to 44%, and free cash flow margin in the mid to high 30s. We expect full year EPS to be in the range of 5.46 to 5.62, up from the prior range of 5.06 to 5.30. For the third quarter 2024, we expect EPS to be in the range of 1.28 to 1.36. Our planned capital expenditures in 2024 are expected to be in the range of $12 to $16 million, and for the third quarter of 2024, in the range of $4 to $7 million. Consistent with prior guidance, for the remainder of 2024, we intend to align our product and marketing investments to focus on specific initiatives in a driving more pipeline, supporting sales, including enhancing our partner programs and expanding our federal vertical. As a percentage of revenues, we expect to prioritize an increase in investments in sales and marketing, as well as related support functions, systems, and people, with more modest increases in engineering and G&A. With that, Sumedh and I would be happy to answer any of your questions.
Operator
Thank you. At this time, we will conduct the question and answer session. As a reminder to ask a question, you'll need to press star 1-1 on your telephone and wait for your name to be announced. To withdraw your question, please press star 1-1 again. Please stand by while we compile the Q&A roster. Our first question comes from the line of Joanna Fleshbein of Trues. Your line is now open.
Joanna Fleshbein of Trues
Hey, thank you very much for taking the question, and congrats. Jumi, really great growth internationally, and I guess Ahmed as well. Can you talk about what drove the international growth? And then maybe, Jumi, if you could talk about more specifics about some of the investments that you're making in sales and marketing going forward, that would be very helpful. Thank you so much.
Jumi
Yeah, happy to. The international growth, we're seeing a stronger demand in that region relative to the U.S. With that said, the U.S. growth rate is impacted by the Microsoft Defender, and so that's been a headwind on the U.S. business as well as the direct business that we just share the growth rate for. In terms of the sales and marketing investment, we feel like it has been doing really well, and the higher return on ROI is from the investment that we made on the partner side. As you can tell, our initiatives when it comes to enhancing our partner relationships and really working with them to revamp how we go to market and further incentivize our partners to understand why it makes sense for them to propose and put Qualys as a vendor of choice has been resonating. And so for us, it's number one, partner, and then number two, of course, primarily our investment is related to the headcount. So as we're targeting, continuing to grow the sales and marketing headcount by double digits in 2024, and we are on track to meet that goal, we're positive with the momentum that we're seeing in the business today.
Sumedh Dakar
Yeah, and Joel, I'll add to that is, you know, while we had a tough quarter for Q2, I think our investments that we've been making in the last few quarters have really, you know, given us a lot of positive things that we are excited about, as an example, with our new business growing double digits because of the way that we're enabling our new business sales team because of the way, as Junie said, we're investing with our partners and the partners' pipeline is increasing. Their win rates with our partners are increasing as well. I'm pretty excited about our investment that we started last year in the federal space, which, again, Getting a six-figure net new business deal in the federal space for us is exciting, and it also highlights the opportunity that we have on the federal side, including within our existing customer base as well, our investments in terms of taking our learnings from what we have been able to be successful with our new business, being able to train our post-sales teams as well to be more of hunters, to enable them in a much better way, et cetera, has led to customers who are spending $500,000 or more with us also growing 18% from last year in the same quarter. So those are a lot of the things that our investments are leading to positive trends. I think clearly we see an opportunity in this macro environment that we have and the scrutiny that we face from our customers with VM to really be able to get our sales team to Our product and marketing teams to align better and our sales team to execute better on the upsell opportunities that will come with the new way the customers are looking at their security spend and focusing on risk management. And really, you know, being able to spend their money from cybersecurity where the risk is. And that's the big question a lot of people are not quite able to answer is where is your risk exactly? And that's what our ATM platform is going to help. Thank you so much. Appreciate it.
Operator
Thank you. One moment for our next question. Our next question comes from the line of Srinath Katari of Baird. Your line is now open.
Srinath Kothari
Hey, yeah, thanks for taking my question. So, Jumi, you mentioned, of course, the channel revenue now making up 46%, which is kind of really ticking up nicely. Can you just help provide some more details on on kind of overall, I would say, breakdown of the contribution for different types of partners if possible. Of course, you highlighted how you guys were trying to partner with some of the cloud providers and marketplaces like AWS, Azure, Oracle. Just curious if you can provide us some more color in terms of those drivers, and then I'll follow up.
Sumedh Dakar
Yeah, we don't break it down that way, but I can tell you that right now, you know, our channel partners are resellers, so we're definitely working very closely with us and really bringing us a lot of the opportunities because they see the comprehensive set of capabilities that we can very rapidly bring to the customers who are currently in the market, have a project, and have a budget to execute on that. So they are sort of the first folks who are working closely with us. In the last quarter, we released our MSSP portal, so we're seeing traction with service providers who are continuing to add patch management as a service because just having VM scanning as a service is not a big differentiator and so more and more of them are leveraging Qualys for now providing patch management as a service and now we're starting to see that same thing from partners on being able to provide services around cloud security deployments as well and we have a really nice strong partnership with OCI on the GTM side but as well as working with AWS on the ADP credits with joint customers are some of the areas that we're really seeing good momentum. We don't break it down exactly like that, but that should give you a high-level sort of view of where we're seeing success with partners.
Srinath Kothari
Got it. That's very helpful, Sumit. And Jumi, a quick follow-up. Of course, Sumit, you highlighted the development of the enterprise risk platform kind of helping and how you're monetizing that offering. Just curious, given on the other side, there's aggressive overall pricing in the core VM that we are hearing from other players, kind of perhaps undercutting pricing there. Just curious, how were you able to show the upside on the gross margins as well in this kind of environment? And can you provide us some quantitative insights into that and expected impact of net dollar retention rates as well? Appreciate it.
Jumi
Yeah, in terms of the growth margin, we were very pleased to post that 84% growth margin up from 82% last year and then even 83% last quarter. It's primarily due to our optimization when it comes to our data centers in addition to the fully depreciated assets that we're seeing right now. As you know, we have both the hardware as well as on the cloud assets, and we're just leveraging and optimizing to make sure that we're getting the margins that we think make sense for our business today.
Sumedh Dakar
And then on the VM question that you asked, look, I think we've talked about this for the last many quarters that VM is evolving and customers are really looking to focus on remediation as well. And so even when they are looking at scan-only solutions that only give them more things in CVEs to fix, when they are looking to optimize their budget for an outcome, they are looking at how to balance the scanning with batch management. And that's why our TrueRisk eliminate capability that we came out with, giving customers more solutions they can buy from us in terms of being able to mitigate the risk is the most important. Because, you know, today cyber budgets have been tied, and the questions that cybersecurity professionals are getting asked is, well, what's the outcome? How much risk are you reducing? And if you're not able to articulate the risk, and how much risk you're actually reducing, that's really when they face challenges with, you know, should we get an increase in this budget if we're not focusing on remediation? And so just in the first half of this year, getting 45 million patches deployed by Qualys agents really highlights that VM today is about vulnerability assessment, but also combining with patch management and ability to mitigate the risk. And we see that in the numbers today. with our patch management, cybersecurity asset management, for net new bookings customers when they're coming to us, and why we are seeing good success with our new businesses. We offer a unique differentiator in the market when people are looking to change their scanning solution because we're offering them patch management combined with the scanning solution, and that's really where vulnerability management has been evolving, and this is nothing new. That's why we invested a few quarters ago to really focus on the remediation aspect of vulnerability management because There is no M in the VM if you don't actually fix things.
Qualys
Got it. Super helpful. Thanks so much, Anjumi.
Qualys
Thank you. One more question.
Operator
Our next question comes from a line of Matt Hedberg of RBC. Your line is now open.
Matt Hedberg
Great. Thanks for taking my questions, guys. It sounds like NRR dipped down to 102, I think, from 104 last quarter. I'm curious, do you feel like that's starting at the bottom now? Do you think perhaps in the second half, whether it's Pipeline or other drivers, we could see a rebound there?
Sumedh Dakar
I think as we work with our customers, we're definitely facing a scrutiny on when they have to do additional spend with Qualys. So that's where we are leading to a lot of great engagements, and that's where we are leading to the more conversations, how they optimize their spend, how they can balance their spend in the scanning side with the spend on the patch management and asset management side. And that's where you see in some cases they optimize right now for getting some additional solutions from Qualys. where they can grow in the future uh i think we will have to uh continue to see in next quarter how these conversations that we are having this quarter translate into additional uh upsells for the customers because as you know in this current environment it's a little bit harder to with the scrutiny that they face to know what is the timing of when they will adopt these additional solutions, especially with cloud security, et cetera. So we're pretty excited about the opportunity that we see. I think we're going to have to watch the next couple of quarters on how this rate evolves. But over long term, definitely feel like we have all the goods that existing customers are looking to invest additionally, which is, in my mind, is patch management, cloud security, overall sort of risk management and more importantly now questions coming up about AI security. And so our new solution that we announced that we're going to get out in September, which is really helping customers identify all of their AI LLMs and looking at the risk of those are going to be very positive. Those conversations, how they lead into additional upsells and the timing of that is something that we're watching very closely.
Matt Hedberg
That's great. That's super helpful. And then In terms of the Microsoft Defender headwinds, can you remind us, again, when those will abate officially and not become a drag on billings?
Jumi
Yeah, the sunset was effective May 1st, so it hit us for the first time in Q2. So the biggest impact that we expect to see is in Q2.
Matt Hedberg
In other words, then, so what you're saying, Jimmy, is that... it's not going to be as big of a headwind in Q3 and Q4, or maybe just think about that headwind in the next couple quarters.
Jumi
That's right. That's right. It's not going to be material enough for us to normalize it in Q3 and Q4. Q2 is really the biggest quarter based on the billing schedule, and that's why when you take a look at our calculated current billings, the 2% decline normalized for this, if it hadn't happened, then it would have been approximately 1%.
spk16
Got it. Super helpful. Thanks, guys.
Operator
Thank you. One moment for our next question. Our next question comes from the line of Kingsley Green of Canaccord Genuity. Your line is now open.
Kingsley Green
Hi, thank you. So you've done a remarkable job building out the platform in the past couple of years. I just want to ask broadly, how would you describe VM demand at the moment? How cyclical is this? How secular is this? And then why do you view VM foundational? And then how can you leverage that to expand spend within existing customers? Thanks.
Sumedh Dakar
Yeah, great question. See, VM continues to be very foundational for any risk management exercise that any organization has. You know, if you look at every single cybersecurity standard out there requires regular scanning and patching for VM. I think as we have talked about, and I have talked about this in a few earnings calls in the past as well, is that VM is evolving. And so while the overall focus on customers remains on VM. Within VM, it's really customers are focusing on how do we get an outcome of actually being able to reduce the risk by fixing the things that are being discovered by VM. And so what we see with our customer base is that they are, with the tight budgets that they have and the scrutiny that they're putting on the conversations, they are actually looking to balance between how much they focus on scanning and what's the point of scanning everything if they're not able to actually remediate stuff and so how do they balance the investment in the VM sector between scanning and patch management and also asset management as well as how do you expand the scanning into the cloud environment and so those are the conversations that we hear a lot more I think the VM as a key part of risk management for the organization continues to be a key priority for all the customers that we talk to so I think as they are working with tight budgets right now and looking to balance that, I think we see this as a good opportunity for us because it is giving us opportunity to get our additional products like patch management, cybersecurity asset management seeded in with these customers as they're buying smaller amounts. But in the future, this could lead them to cover more of the estate that they currently have with us with scanning.
Kingsley Green
Great. That's well said. And then one more. So I want to just talk about dynamics when selling cloud security, whether that's total cloud CNAP or something individual like CSPM. Post CrowdStrike outage, vendor concentration has been widely discussed, rightly or wrongly. So big picture, how do you think the outage will play out specifically in cloud security, given how nascent the space is and how much of an opportunity you see?
Sumedh Dakar
Look, I think the questions customers are asking are obviously valid in terms of how do you balance the risk of the security solution being deployed itself versus the risk of mitigating, right? And I think the advantage, I think, for Qualys is that we are not concentrated on the agent as being the foundational way to deliver security service to the customer like some of the other providers where the agent is the main and the only way that they can deliver services. We have a pretty comprehensive capability of delivering security services that match the customer's operational appetite of deploying different ways to assess risk. And so we have agent-less scanning, we have snapshot scanning, we have agent-based scanning, we have off-site scanning. So there's many different ways. And so what we see with customers, we obviously got a lot of questions asked around what are the best ways that Qualys is, of course, ensuring that we are testing, we are very confident about the way we roll out our updates for different technologies. Also, the fact that they can actually, with their licensing, balance their risk of where they want to deploy agent-less scanning versus where they want to deploy agent-based scanning. And we give those options to them, which they're pretty happy about that they don't have to really take that big risk of only having an agent and that's the only way to deliver the service. And so in cloud, I think the advantage is that you can do a good amount of assessment with CSPM just using APIs without deploying a particular service. way of scanning, and so this is why about a year ago when we released our FlexScan, which is a part of our TokenCloud CNAP solution, the license actually includes the ability for the customers to do four types of different scans on the same asset, and they can pick and choose. So if they want, they can do an API assessment with absolutely nothing installed. On the workload, they can use an agent to be installed automatically. They can use an automatic network scanner in that environment or they can use a snapshot scan of an image that is not actually live. So I do see that in cloud security while the questions will come up. It's not so much about, in my mind, the vendor concentration. It's really about the sensor concentration in my mind, which is, is your vendor providing you multiple different ways to assess your environment in leveraging basically the different types of risk profile that you might have on different assets.
TokenCloud CNAP
All right, I agreed with that. Thanks again and congrats. Of course.
Operator
Thank you, Won-Woon, for our next question. Our next question comes from the line of Young Kim of Luke Capital. Your line is now open.
Young Kim
Okay, great. Suned, on the Microsoft Defender headwind, I am assuming you planned for that. Clearly, there was some execution issue that you did not anticipate. If you can elaborate on that a bit and then also what are the products that were directly affected by the lower attach rate related to Microsoft Defender?
Sumedh Dakar
Microsoft was leveraging our very basic sort of scan-only legacy capability, right, which was that it was not VMDR, so those customers, and we did not have access to those customers to be able to work with them to upsell them to all the other things that our current customers upsell to, whether it's cybersecurity asset management, whether it's patch management, whether it is... cloud assessment or now with the new AI scanning that we are releasing. So for us, it was customers in that environment were only using scan only solution from us. And as we all see right now, what's happening in the market is really customers are looking for more holistic, comprehensive outcome of their VM solution, which includes actual fixing and reduction of risk and not just more scanning. that's really where we see the opportunity is customers don't just want more CVE reporting. They want a way to say these are the things you should fix that will reduce the risk and then a solution that can fix that. And so that's where we see the opportunity. If these customers come to us, we can focus on helping them see the bigger picture of how they can reduce the risk from their vulnerabilities rather than just keep looking at them and not doing anything about them.
Young Kim
Okay, great. Thanks for that answer. Jimmy, anything that we should be aware of in regard to pricing, especially with second half renewal season coming up?
Jumi
No change from our perspective, from a competitive standpoint, and no change from our own pricing.
Young Kim
Okay, great. Thank you so much. Thank you.
Qualys
Thank you.
Operator
We'll move on to our next question. Our next question comes from the line of Jonathan Ho of William Blair. Your line is now open.
Jonathan Ho
Hi, good afternoon. I just wanted to maybe dig in a little bit more in terms of understanding the need to balance profitability with some of the investments that you've been making on the channel side. Can you give us a sense of have the initial investments sort of paid off the way that you've expected? I know it takes a little bit of time to translate into billings and ultimately to revenue, or has it been disappointing? Has it been sort of, yeah, just want to get a sense of how you're thinking about that?
Sumedh Dakar
Great question, Jonathan. Look, when we embarked on this journey a couple years ago, really, we've been focusing on a few different things, and some of them sometimes work, some of them don't. But overall, like I said, we are pleased with the investment really bringing us that improvement in our four straight quarters of double-digit growth for new business, which we have not had as much in the past. And then just looking at opportunities coming from partners, looking at partner opportunities, having better close rates, looking at continuing our $500,000-plus customers actually increase in this tough environment by 18%. So I do think that different things that we have done in terms of training our new business sales reps in terms of investment channel have brought us those sort of opportunities. And now in the further quarters, we need to focus on working through those opportunities, closing through those opportunities, continuing to invest additionally with our channel partners. But like we said, we are in a fairly unique position this year to continue to actually invest in our sales and marketing in GTM because we see the opportunity when most of the companies are really cutting down on their sales marketing investment. And I think that's really what we look for in the further quarters is improvements in our upsell rates, similar to what we're seeing with our new business, and really continuing our investment on the federal side, like I said, just getting a good six-figure deal in the federal net new business deal on the federal side is also very promising for us because of the investments we're making with the team that we have built, the marketing investment we made this year to actually host a conference just specifically for federal, which is our first one, and also the investment we have made in being FedRAMP moderate, but more importantly, we're just really, really anticipating and waiting for the FedRAMP high certification, which we are looking forward to getting end of this year. And I think that investment over the next couple of years should give us really significant advantage because there's no other FedRAMP high platform that has so many different capabilities and modules that go in together with that. I think there are certain, you know, these are some of the things that have worked and continue to work. And we're looking now to take the learnings from the new business improvements and apply those to our existing business so that our, you know, post-sales farmers learn how to do a little bit of hunting and be able to find some of these deals in a tough macro environment. environment and be able to bring additional opportunities by working closely with the partner side on the upsell, just as the way we are working on the partner with the partners on the new business as well.
Jonathan Ho
Excellent. Just a quick follow-up. So as you take on additional chief product officer responsibilities, Can you help us understand where you see the biggest opportunities? Is this narrowing of the product focus? Is this approaching new areas? I'm just trying to understand how you think about sort of taking on these additional responsibilities and what you see as that opportunity. Thank you.
Sumedh Dakar
Yeah, look, you guys, you know my history. It's a little bit hard to get the chief product officer out of me. It's always there somewhere, but For us, we have always been innovation driven, really listening closely to our customers and bringing solutions to market like we do with patch management. Those are all about operational efficiency, which is what the security teams are looking at. And so as I look forward to the next couple of years, if you look at the current environment, the challenges cybersecurity professionals are facing, when you look at the almost flat budget increase in cyber overall, is because of not being able to articulate the question, well, how much risk is cyber bringing to our business? And so, because without that, you cannot really, if you don't know how much risk you have, you cannot articulate that risk in dollar value. You cannot decide on exactly how much should you spend, which is appropriate amount to take down that risk. And that's really what I'm excited about with our ATM platform that we're coming out with and some of our beta partners that are there. It's not, there are multiple different security controls you can implement to reduce risk, But let's first focus on being able to identify, being able to articulate the risk in dollar terms to the business. And from there, you can decide which are the most effective security controls that you can put in place to bring down that risk. And it may not be the exact same control in every environment. In some cases, maybe a zero trust is a better security investment given how much risk you have versus in other cases, maybe a better patch management solution is enough to reduce the risk. And so as I look at from a product perspective, First, I'm glad that Deno has built a good team and they're taking more and more focus on the GTM side, so it gives me additional opportunity to focus and work with the product and marketing teams to not only look at the future products that we are coming up with, especially on risk management, risk articulation, but also in the short term, the opportunity given what we are seeing with our total cloud solution, the conversation that we are having with customers, being able to align my product management and product marketing teams together so we can execute better on marketing our total cloud solutions and being able to create additional opportunities. So some of those things are really what I'm looking forward to as I look into this GPROG officer role.
Qualys
Great. Thank you. Thank you.
Operator
One moment for our next question. Our next question comes from a line of Rudy Kessinger of DA Davidson. Your line is now open.
Matt Hedberg
Hey, guys. Thanks for taking my question. I guess just on this tough upsell environment, you know, your net expansion rate is down to 102%, but it's almost down to basically no upsell. I guess, are you seeing contractions with... you know, any sizable portion of your customer base? Not customers who churn, but customers who are staying with you. Are they reducing their footprint? Or I guess just where could that bottom? Obviously, we would think it would bottom at 100%, but it could potentially even go lower than that.
Sumedh Dakar
Great question, Rudy. So as we mentioned, overall, our gross retention is the same, around 90%. And so I think for us, it's really about Customers, as I mentioned earlier, are looking to balance the set of solutions that they have from Qualys, looking at how can they have a better impact by adopting additional solutions from Qualys like patch management, cybersecurity, asset management, and sometimes based on, you know, they may decide that this particular environment, I would rather take those licenses and focus more on patch management in my server environment because currently the budgets are tight. So what we are seeing is right now, you know, overall growth retention continues to be about the same. It's more about customers looking at optimizing and balancing their spend between the different capabilities and as part of that, adopting additional capabilities, which may not in the immediate term mean an immediate upsell from a total amount perspective in that particular opportunity but it also creates us for fortunate in the future that we can increase the accounts there and so again I think this is sort of we have a tough quarter on this overall industry you know expansion rates are coming down but we're gonna take the conversations that we are having because of this right now and see how they're gonna those conversations are leading to opportunities to close in the next a couple of quarters. So, again, of course, we look forward to improving our net expansion rate over the next few quarters when the timing of that exactly is something we are also keeping a close eye on.
Qualys
Thank you. One moment for our next question.
Operator
Our next question comes from the line of Rob Owens of Piper Sandler. Your line is now open.
Rob Owens
Hi, this is Aiden on for Rob Owens. Thank you for taking my question. Can you provide more color on the economic backdrop in the quarter related to deal scrutiny? And also, what did you see related to demand from enterprise and SMB customers in 2Q? Thank you.
Sumedh Dakar
I think the macro generally continued to be the same as we have expected. We are, you know, it's the budgets are generally flat. We are seeing, you know, customers trying to think about, in some cases, cybersecurity versus AI, which is why we're excited about the AI security product. Overall, I think the macro has stayed the same. We faced additional scrutiny, I would say, this quarter from customers just looking to say, should we continue to adopt different solutions while keeping the overall spend the same, or should we just keep as is and not expand too much? So I would say that for us, it's really about And I don't think we saw any major difference between the enterprise versus the SMB segment from what we've been seeing in the last few quarters. And so I think the environment continues to be tough, and we continue to face, or at least this quarter, we faced additional scrutiny on the budgets.
Qualys
Thank you, Wongmei, for our next question.
Operator
Our next question comes from the line of Joshua Tilton of Wolf Research. Your line is now open.
Matt Hedberg
Hey, this is Patrick. I'm for Josh. Thanks for taking my question. Wanted to dive a little deeper on the customers impacted by the sunsetting of the Microsoft partnership. You mentioned that you were having conversations with those customers throughout the quarter. So can you just talk about your updated expectations? for those customers moving over to Qualys to use your solutions directly? And then also, what does the size of that opportunity look like?
Sumedh Dakar
I think, as Julie said, the sunset actually happened just recently in May when the actual sunset happened. I think for us, we did not have access to those customers, so we couldn't quite reach out to them, as we had mentioned earlier. I think it is about as customers are sort of transitioning to a different solution or have the option they're looking at and sometimes they come and talk to us. So we've had a few customers come and talk to us. We may not always know that they are coming from that Microsoft thing because a lot of times they might have additional footprint already with Qualys and they may just expand and buy additional licenses for their Azure environment instead of what they were doing with Qualys with the Azure integration. I don't think at this point we're thinking of that opportunity as anything from what we see as a material thing in Q3, Q4. I think we'll continue to see how the conversations evolve and see how many of those actually continue to come to us, but we're not assuming any additional benefit in the guidance that we've given coming from that opportunity.
Matt Hedberg
Okay, thanks. And then just a quick follow-up. Is there any color you can give us on how you expect billings growth to trend for maybe 3Q or the full year? Thanks.
Jumi
Yeah, we don't guide to current billings, but we did indicate that the annual current billings growth will be trend more or less along the lines of the same as revenue growth rate. So I would assume the same. For the second half, the revenue growth guidance will be more or less in line with the current billings.
spk00
Helpful. I appreciate it.
Operator
Thank you, Wong, for our next question. Our next question comes from a line of Brian Essex of JPMorgan. Your line is now open.
Matt Hedberg
Great. Thank you for taking the question. I was wondering if you could maybe dig in a little bit on, you know, customers spending more than $500 and overall customer count in aggregate. How should we think about that faster-growing large customer cohort versus the smaller customers and puts and takes there that maybe give us an indication of where you're focusing your efforts from a sales and marketing perspective.
Jumi
For the sales and marketing perspective, we are focused more on the enterprise just because that's where we've seen more success. And as you can tell by our larger customers who continue to increase their spend with us, and we've seen success there, we are continuing to see some headwinds on the smaller end, the smaller customers or the SME and SMB space.
Matt Hedberg
And those 500-plus customers, is that revenue from those customers that are growing 18% or is that the customer count that's growing 18%?
Jumi
The customer count and the dollar amount are... growing both at 18% actually. So the 18% that we reference is a customer count, but the dollar amount is about the same.
spk04
Got it. That's helpful. Thank you.
Operator
Thank you. We'll move it for our next question. Our next question comes from the line of Hamza Fadawalla of Morgan Stanley. Your line is now open.
spk13
Hi. Thank you for fitting me in back here. I'm sorry, I'm going to be having a hard time hearing you. Hi, can you hear me better?
Sumedh Dakar
Breaking up your audio.
spk13
Let's try again. Just a question on the current billings for Jumi. So down 2% this quarter. I believe you mentioned the Microsoft headwind. Without that, it would have been up 1%. Anything else that you could get on the Microsoft customer relationship? Microsoft was a partner as well as a customer. Any changes in conversation?
Sumedh Dakar
We couldn't quite hear the last part. Can you repeat the last part about the customer relationship?
spk13
If Microsoft remains a customer... Any changes in conversation there?
spk12
No, no change. No change.
Jumi
So it's as expected with respect to the impact on our top line from both Microsoft Azure and Microsoft Customer for this year.
spk11
Okay. Thank you.
Operator
Thank you. I'm sure no further questions at this time. Thank you for your participation in today's conference. This does conclude the program. You may now disconnect.
Disclaimer