Qualys, Inc.

Ladies and gentlemen, thank you for standing by and welcome to QALA's first quarter 2025 Investors Call. At this time, all participants are in the listen-only mode. After the speaker's presentation, there will be a question and answer session. And to ask a question during this session, you would need to press star 1-1 on your telephone. You will then hear an automated message advising your hand is raised. If your question has been answered, to withdraw your question, please press star 1-1 again. Please be advised that today's conference is being recorded. I would like now to turn the conference over to Blair King, Investor Relations. Please go ahead, sir.

Thank you, Michelle. Good afternoon and welcome to QALA's first quarter 2025 earnings call. Joining me today to discuss our results are Sumit Thakkar, President and CEO, and Jumi Kim, our CFO. Before we get started, I'd like to remind you that our remarks today will include forward-looking statements that generally relate to future events or future financial operating performance. Actual results may differ materially from these statements. Factors that could cause results to differ materially are set forth in today's press release and our filings with the SEC, including our latest Form 10Q and 10K. Any forward-looking statements that we make on this call are based on assumptions as of today, and we undertake no obligation to update these statements as a result of new information or future events. During this call, we will present both GAAP and non-GAAP financial measures. The reconciliation of GAAP to non-GAAP measures is included in today's earnings press release. And as a reminder, the press release prepared remarks and investor presentation are all available on the investor relations section of our website. So with that, I'll turn the call now over to Sumit.

Thanks Blair, and welcome all to our first quarter earnings call. We are entering a new era for cybersecurity risk management powered by real-time data, automation, and AI. Against this backdrop, we executed well in this quarter, resulting a -than-expected revenue growth, strong profitability, and solid cash flow generation. Fueled by customer insights, Qualys' mission is to bring innovative new security solutions to the market. With over 25 years of evolving our platform to meet the next generation of modern security challenges, we have established a strong track record of converting operational challenges into secure competitive advantages while maximizing lifetime value, ensuring frictionless outcomes at scale, and driving immediate ROI on security spend. In doing so, we believe we have built a new security industry paradigm, which today leverages our powerful real-time data processing capabilities across more than 18 trillion data points on a natively integrated platform to help organizations streamline their cybersecurity risk management program with the Risk Operations Center, ROC. While a security operations center, SOC, is used for detection of threat actors after a breach, the ROC is needed by organizations for proactive risk management to reduce the chance of breaches by deploying the cyberbudgets where the highest risk of loss is. Unlike other CTEM solutions that only reveal exposures without providing effective remediation, Qualys' cloud-native enterprise risk management ETM solution is purpose-built to deliver a single comprehensive AI power orchestration layer unifying security findings from multiple Qualys and non-Qualys sources to implement an effective ROC. By unleashing the scale of the Qualys platform, we ingest data from multiple sources, including tenable crowd strike ways, normalize risk signals enriched with threat intelligence, analyze adversary behavior, and provide organizations with actionable enterprise-wide insights to prioritize and remediate cyber risk through a common language of business context and financial impact. This holistic approach uniquely ensures organizations not only understand their cyber risk in quantifiable terms but can take immediate action to reduce the risk that matters the most. With prospects of POCs more than doubling from last quarter and over 25 active POCs already underway since launching of GA a short while ago, we continue to see many parallels between this new market opportunity and the early days of VMDR launch, including significant greenfield opportunity and a growing demand. Embracing this momentum in the market, we further evolved our ETM solution through an expanding ecosystem of remediation solutions. In doing so, we have advanced our true risk eliminate agenda by enabling organizations to amplify third-party remediation tools with security insights from Qualys to prioritize patching or activate other competitive controls available through the Qualys platform. With this latest innovation, organizations can soon leverage a unified Qualys workflow with -to-end automation, CMDB, and ITSM integration to prioritize rapid remediation across all environments from their patching vendors of choice. This is a strong competitive differentiator for Qualys, further neutralizes IT and secure procurement friction and significantly expands our market opportunity by going well beyond patch management. Continuing this rapid pace of innovation, we're expanding our Qualys total AI and true risk capabilities to help organizations address the evolving threats associated with LLMs. With this latest release, total AI brings full visibility across ML supply chain data applications and pipelines to detect malicious code, policy violations, and advance multinodal exploits hidden within images, audio, and video files. By enhancing our AI security posture, AI SPM with native internal LLM scaling expands jail break detection and seamless integration into MLOps pipelines, we're equipping security teams with the agility and insight needed to protect modern AI-driven workloads from development all the way through runtime while building what we believe is the most advanced AI security solution available in the market. In addition, with the launch of policy audit and audit fix, we are now providing organizations of all sizes with the ability to streamline audit operations by providing audited reporting and automated evidence collection across 450-plus technologies and over 1,000 -the-box audit processes for frameworks like PCI-NS, DORA, HIPAA, et cetera. This solution addresses a growing area of focus and cyber span for CSO as they are under pressure to ensure their organizations don't fail audits while at the same time reducing their span in audit readiness with automation in not only detecting the gaps but automation and also fixing them. Moving to our business update, we have hosted several risk quantification workshops attended by many of the most forward-thinking CSOs around the world in recent quarters, and the message is clear. Organizations are increasingly anchoring pre-breached cyber span to quantifiable risk reduction in their business, which is easily articulated through boards and business partners. CSOs want a platform that speaks a unified language of risk while letting their teams use their own tools with various components of the stack rather than trying to consolidate multiple vendors into a single platform. This requirement necessitates a centralized risk fabric that seamlessly unifies the underlying tools of choice to effectively measure, communicate, and fortify an organization's risk posture while reducing complexity, operating costs, and time to reduction, time to remediation. As a result, our technologies are not only fueling new logo lengths but also helping to increase broader platform adoption, especially in the areas of VMDR, cyber security asset management, patch management, cloud security, and increasingly the rock delivered through Qualys' ETM solution. With thousands of customers consolidating on Qualys Enterprise Service platform, let me share a couple of recent wins which illustrate why these companies are turning to Qualys to help unify their security tools, quantify and remediate cyber risk in their environments, and achieve better security outcomes. First, an existing global hundred multinational media company with a rapidly growing multi-cloud and container environment determined that managing siloed tools added complexity to their operations lack integration and misdetection while hindering their ability to assess risk and centralized remediation. This customer chose Qualys to transform siloed risk factors spanning core repositories, endpoints, identity, cloud, container, IT, IoT, and network assets into a cohesive real-time risk management solution by consolidating Qualys and non-Qualys data. This included purchasing eight Qualys modules and deploying ETM to begin operationalizing the rock and consolidating ingested data from WIS, resulting in a seven-figure annual open steel, including a -six-figure total cloud CNAP of self. We are now quickly migrating numerous data sources in the Qualys platform and delivering a vendor agnostic orchestration layer with full visibility of the attack surface, centralized risk assessment, quantification prioritization, and remediation while unleashing the operational efficiencies of security stack consolidation. Looking ahead, this customer is now in the process of planning to power its rock with ETM across 30 separate entities worldwide. Further advancing our total cloud CNAP momentum is another marquee seven-figure annual booking swing with a global 50 financial services company. This existing customer launcher initiated the strength of its cloud and container security solution against advanced threats, closed security gaps, and remedied risk with ITSM integration to a single dashboard. It also needed to meet increasingly stringent global regulatory requirements and extended its on-prem visibility to multi-cloud and container environments. Through its evaluation, this customer shows our total cloud CNAP solution and is now leveraging the Qualys enterprise through this platform for complete visibility across its entire attack surface to quantify and prioritize risk reduction initiatives and increase operational resolution and compliance. Our growing leadership in the cloud market was further evident in Gigaon's Predator report ranking Qualys as a leading outperformer in cloud workload security. With customers beginning to perceive Qualys as a leading risk management platform that consolidates and orchestrates multiple security solutions and workflows, we are growing increasingly confident in our ability to drive long-term growth and gain market share. This confidence was again bolstered in Q1 with customers spending $500,000 or more with a 6% from a year ago to $203,000. Consolidating workflows isn't just happening with customers, it's also embraced and prioritized by our partners, underscored by an increasingly strong mix of new business and significant growth. As we continue to endorse a partner-first sales motion, partner-led deregistration increase again in Q1. In addition, we have now certified six leading partners who are actively marketing the delivery of our fresh new managed risk operations, MROC services, and just beginning their efforts to capitalize on a centralized and automated approach to pre-breach risk management on top of ETM. Further advancing our momentum towards a global ROC ecosystem, we look forward to certifying few additional strategic partners in the months ahead who have already demonstrated a firm commitment to spearheading this new initiative with Qualys as their MROC partner of choice. And finally, as the federal government seeks to show efficiency and replace outdated and costly on-prem deployments from years past with modern cloud-native risk management solutions, we are especially excited to host our second annual Federal Conference in Washington, D.C. towards the end of this month. We have recently made good progress advancing our FedRAMP high certification status, and we continue to believe we are on track to achieve authorized milestones later this year, fueling a new leg of growth for the company. In summary, Qualys is increasingly well-armed with fresh new capabilities to further strengthen our strategic position as the partner of choice for customers ready to centralize their response to cyber risk, solve modern security challenges, and reduce costs. Looking ahead, we believe we will continue to outpace our competitors, extend our leadership in the market, and build upon an already strong foundation to drive durable long-term growth in the business. With that, I will turn the call over to Junie to further discuss our first quarter results and look forward to the second quarter and the year ahead.

Thanks, Sunayed, and good afternoon. Before I start, I'd like to note that, except for revenues, all financial figures are non-gapped, and the growth rates are based on comparisons to the prior year period, unless stated otherwise. Turning to first quarter results, revenues grew 10% to $159.9 million. The channel continued to increase its contribution, making up 49% of total revenues compared to 45% a year ago. As a result of our continued commitment to leverage our partner ecosystem to drive growth, we were able to grow revenues from channel partners by 19%, outpacing direct, which grew 2%. By GO, 16% growth outside the US was ahead of our domestic business, which grew 6%. US and international revenue mix was 57% and 43%, respectively. In Q1, we were pleased to see some improvements in our gross retention rate. However, a growing macroeconomic uncertainty toward the end of the quarter presented an increasingly challenging upsell environment, with our net dollar expansion rate at 103%, unchanged from last quarter. In terms of product contribution to booking, patch management and cybersecurity asset management combined made up 15% of total bookings and 24% of new bookings on an LTM basis. Our cloud security solutions, Total Cloud CNAP, made up 5% of LTM bookings. We credit this momentum to customer demand for a more comprehensive and contextual understanding of their expanding attack surface, supported by seamless integrated risk management and remediation workflows across all environments within a unified platform. Turning to profitability, adjusted EBITDA for the first quarter of 2025 was 74.8 million, representing a 47% margin, in line with last year. Operating expenses in Q1 increased by 10% to 62.5 million, primarily driven by investments in sales and marketing, which grew 15%. Demonstrating our ability to innovate and invest in our long-term growth initiatives while remaining capital efficient, EPS for the first quarter of 2025 was 1.67, and our free cash flow was 107.6 million, representing a 67% margin, compared to 57% in the prior year. In Q1, we continue to invest the cash we generated from operations back into QALYS, including $32 million on capital expenditures and $39.6 million to repurchase 292,000 of our outstanding shares. Since convincing our CR Repurchase Program in February 2018, we repurchased 9.6 million shares and returned nearly $1.1 billion in cash to shareholders. As of the end of the quarter, we had $303.8 million remaining in our share repurchase program. With that, let us turn to guidance, starting with revenues. For the full year 2025, we expect revenues to be in the range of $648 to $657 million, which represents a growth rate of 7 to 8%. This compares to prior guidance of $645 to $657 million. For the second quarter of 2025, we expect revenues to be in the range of $159.7 to $162.7 million, representing a growth rate of 7 to 9%. While we believe our platform approach to cyber risk management provides some insulation for ongoing macrovolatility, this guidance assumes increased business safety and a more challenging environment for new business growth in 2025. Shifting to profitability guidance, given our strong Q1 performance, for the full year 2025, we expect an EBITDA margin in the low to mid 40s, implying a 15 to 17% increase in operating expenses and a free cash flow margin in the mid 30s. We expect full year EPS to be in the range of 6 to 6.3, up from prior range of 5.5 to 5.9. For the second quarter of 2025, we expect EPS to be in the range of 1.4 to 1.5. Our planned capital expenditures in 2025 are expected to be in the range of 8 to 11 million, and for the second quarter of 2025, in the range of 1.5 to 3 million. We continue to believe organizations will increasingly adopt cloud-native, full-stack policies, and we expect a high-impact growth in the next few months. As the impact of the macroeconomy is still unfolding, we are closely monitoring the business environment and adjusting our priorities accordingly. That said, considering the long-term growth opportunities ahead of us and our industry leading margins, implying further room for investment, we intend to continue to responsibly align our product and marketing investments to focus on high-impact initiatives aimed at driving more pipeline, accelerating our partner program, and expanding our federal revenue vertical. As a percentage of revenues, we expect to prioritize increased investment in sales and marketing and engineering with a more modest increase in GNA, consistent with our commitment of balancing long-term growth and profitability. With that, Sumedha, I would be happy to answer any of your questions.

Thank you. As a reminder, to ask a question, please press star 1-1 on your telephone and wait for your line to be announced. And to withdraw your question, please press star 1-1 again. And the first question will come from Jonathan Ho with William Blair. Your line is open.

Hi. Good afternoon and congrats on the strong quarter. I just wanted to maybe understand a little bit better what your thoughts are around the macro environment, perhaps what you're seeing from customer spending so far, and maybe what other pins your confidence to tighten the guidance range a little bit higher?

Yeah, I would say that at a high level what we're seeing is similar to what we've seen the last couple of years where cybersecurity still continues to be an important aspect of risk management for the company and that is a continued focus. However, as we have seen, there is more scrutiny on the spend. I think that the ROI of the spend is important and we're seeing longer cycles because people are taking longer time to make the decision. So I think that is what we continue to see right now. Of course, given more recent changes, there is a little bit of uncertainty, I would say. And so a little bit of that is factored into how we're thinking about the rest of the year, though we haven't particularly seen anything specific yet. We're just being prudent about sort of what we see now and a little bit of expectation around people scrutinizing things a little bit more and continuing to inspect budgets but not just in cyber but overall budgets

across the board with everything. Got it. And then just in terms of your

discussion of the ROC, can you talk a little bit about how that works from a customer journey perspective, what they maybe add to their existing solutions and what that looks like from a financial perspective? Thank you.

Yeah, that's a great question. I think really where everybody is struggling right now is all their investments across multiple tools are generating tons and tons of risk signals. And we routinely see that if you take vulnerabilities as an example, less than 95% of those vulnerabilities or I would say like less than 5% of the vulnerabilities even have some form of potential immediate attack vector. And so customers as they are trying to figure out how they don't end up with 10 different consoles from 10 different solutions when they look at risk. What we're seeing is our ability to take the risk operations center idea of consolidating all assets from all tools, all findings, applying threat intelligence, providing contextual from a business perspective, adding dollar values to the business potential loss that they could have and then providing remediation plans as well as board reporting is what is sort of the journey of a risk operations center. And it starts with consolidation of assets. And for us, what we are seeing with ETM, we're able to walk into customers who today have multiple solutions and not necessarily start off with a conversation of replacing something that they have. And so I took some of the vendor names that we are currently pulling data from. And so we're able to say, look, if you have this particular VM solution, if you have this particular integration solution, if you have this particular identity solution, you can keep that. We can ingest the data from these tools and provide you a higher level visibility of what your actual risk is that is aligned with your dollar value risk from your business entities that you have and then provide you reporting that you can take to the board and also to the IT teams in terms of prioritizing what is the most important thing that they need to fix. And what we're finding is that this approach is helping them partner with the IT team to not spend time on fixing hundreds and thousands of issues that actually are not exploitable or not adaptable right now. And so this is actually creating potential cost savings for the company in terms of not wasting developer and time as well as not wasting IT teams time on fixing things that are not immediately actionable and then going back and focusing on the things that are immediately actionable. So from a customer journey perspective, they look at it as something that layers on top of what they have so they don't need to work through a replacement plan and they essentially pay an additional amount to call this for the cost saving that they end up getting in terms of consolidation and not having to waste time on fixing things that are not important. And so they are able to walk in and make a case for additional budget for a risk operation center because they see the savings that are coming out from the outcome of the risk operation

center. Got it. Thank you.

And the next question will come from Patrick Colville with Scotiabank. Your line is open.

Thank you guys for taking my question. I guess let me just ask one to Sumedha and Jumi. I mean in your prepared remarks, you know, there was a comment that macro at the end of the quarter was a challenge. Did that, I mean, were there any deals that pushed at the end of one queue into two queue or were pulled or was that comment kind of in isolation and didn't have an impact on current billings?

Yeah, there wasn't any material deals that was pushed or pulled in the current quarter. That was more the commentary around the fact that like let's say a customer that was set to renew in the quarter, we had anticipated a higher upsell rate potentially from that customer increasing their spend with us. We saw some pushbacks and so that doesn't necessarily mean that it's a push. It's going to be closing queue two. It's in the quarter impact that I was calling out.

Okay, crystal clear. And, you know, congrats on all these terrific announcements made by Corliss at RSA Conference. I want to actually touch on the announcement made by a competitor, you know, best known for endpoint security. They GA'd a product expanding into network-based VM. I mean, would you mind just commenting on like your thoughts on, I guess, you know, other cyber security players moving into network-based VM and, you know, how Corliss is defending against these guys? Thank you.

Yeah, great question. And I think we're actually pretty happy to see that competitors are acknowledging that their current solutions, which are agent-only, are not enough to give customers a full view of what their overall attack surface is from a vulnerability perspective. And so while we haven't really seen that solution with any of our current customer engagements or prospect engagements, we've heard about it. To me, I think, as I mentioned earlier, and even going back four or five years ago, Corliss really has been talking about the evolution of vulnerability management and less about finding more vulnerabilities that you're not able to fix and more about focusing on the ones that actually matter to the risk and then actually helping them remediate. So our focus really has been about how do we help them prioritize and remediate the findings, rather than just finding more findings which are not being fixed anyway. And to that extent, we are taking data of those findings from the competitor and providing customers a higher value capability around taking that information, which is just a big blob of findings that are hard to decipher and adding the right context with over 20 plus years of significant research that we have done in vulnerabilities and vulnerability exploitation and using that to provide additional value on top of that. And so I think it's really leading to the customer having the choice that they can either use Corliss or the other solution is something that satisfies their need for that particular environment. We will still be able to take that data and we've already seen consuming data from competitors. So I think when the solution comes out, we will take a look at it and see how our customers feel about that. But having said that, we're not dependent on the customer's leveraging all the scanner necessarily to find the vulnerabilities as we move forward with our focus on risk operations center and the ATM.

That's very clear and keep up the good work. Thank you so much.

And the next question comes from Kingsley Crane with CannaCorp.

Hi, thanks for taking the question. I appreciated your comments on total AI. I'm curious how you would characterize the competitive market in AISPM and how do you think security budgets are going to play out with respect to that market? Do you think that they need to lag as we wait for more upstream adoption or are you already seeing some nice uptick?

Thanks. Great question. Right now everybody seems more in the exploratory phase rather than there are some very early adopters. But I think overall we feel like a lot of customers are just trying to understand the risk collectors that are coming out from potentially AI. They're looking at what are the solutions out there. So I don't think this is more of a competitive thing as much as an educational phase that customers are going through because they're looking at various AI security solutions that are out there and trying to figure out where within the AI journey is the place that have the maximum risk from a business perspective that they need to mitigate. And so we have had some great conversations around total AI. We already have a couple of customers that are engaged with POC with us on total AI in terms of being able to focus on LLMs that they're going to put out. And now with our new announcement that they will be able to run LLM scans within their dev environment means that they can actually test these LLMs in the pre-production before they go out. And the dynamic that is playing out right now is IT teams are ready to say, hey, here's a few LLMs we are ready to go to production with. They're asking the security team for a sign-off before they go and the security team doesn't necessarily have a good knowledge or idea of what they can do from the sign-off perspective. And so with the Qualistotal AI solution, it's like a point and shoot scanner. You point it at LLM, it gives you a green, yellow or a red signal to say whether this LLM is good to go or not. So that's the dynamic in terms of people who are evaluating, looking at it and trying to figure out. I think the second dynamic is given that overall security budgets are not increased significantly even with the onset of AI, people are in the mode right now of trying to figure out what the potential loss that they could have from an AI security related incident perspective and then using that this year to formulate their ask for budgets for next year. So while we will continue to see more interest and more adoption in terms of POCs this year and maybe a few customers signing up for a few more AI related scans, I think this is a journey that is going to take a couple more years where people really have to go and make the case for why they need additional budget for AI security and then the willingness of the business to give them additional versus asking them to adjust against existing budget that's been allocated to them. I think that remains to be seen.

Thanks, Ahmed. That's really helpful. And then for Jumi, a quarter ago we were looking at EPS guidance that was down year over year. Now we've meaningfully raised it this quarter. I think the midpoint is roughly flat from last year. But can you speak to what went into the change over the past quarter? I think last quarter you had called out investments in data centers and aligning some product marketing to break into federal. Just kind of curious any specific points that have changed?

Thanks. Yeah, last quarter the guidance was informed by our annual planning. And so what we like to do is we like to set aside sufficient funds to be able to execute on the priorities that we had set at the beginning of the year. And as we move through the quarter, you see that our EBITDA margin came in at 47% with our sales and marketing growing by 15%, which is a healthy growth in and of itself. But with that said, looking back at Q1 performance and the treatments and initiatives that we have set for ourselves for the rest of the year, we felt that the growth right now we're expecting on the optics is more along the lines of 15% to 17%. What we've seen a great success or traction in is in our ability to work very closely with our partners, which may not really translate to a significant increase in sales and marketing spend this year. And so that kind of speaks to why the margin contraction is not as significant as what we had anticipated at the beginning of the year.

Okay, helpful. Thank you.

And the next question comes from Rudy Kessinger with DA Davidson. Your line is open.

Hey, thanks for taking my questions. I saw the LTM 500K plus ACV customer count actually dropped by four versus Q4. One of your competitors had called out a record quarter of seven figure deals at the same time I heard you guys call out, I believe, improved gross retention. So were there any large customer losses or some downfall that pushed customers below that threshold or just any comment on

that? Nothing out of the ordinary to call out for. Our win rates have been stable and as you saw we improved our gross retention and so that metric you talk about is an ATM metric. And so we continue to see in some quarters sometimes customers might have a down sell that is an offset by a larger upsell with another customer or we might, you know, that sometimes can drop them below the 500K. But again, I think we're glad to see that there continues to be growth in that area and year over year and from our perspective we're glad to see that with our focused efforts we're seeing some good incremental improvement in our retention.

Got it. Okay, and then Jimmy, for your apologies I joined the call a bit late. I just want to understand maybe some of the increased conservatism that got the macro for the remainder of the year. I guess are you now expecting net retention rate to maybe come down a point or two versus kind of staying flat at the 103 and what are you expecting on the new book, new logo bookings standpoint for the rest of the year versus prior guidance and versus last year?

No material change as indicated by their annual revenue guidance. Right now what we're seeing in the bookings today is at the end of the, close to the end of the quarter we did see some pushback and some impact from the macro. And what that resulted in is even with the lower than what we would have liked the upsell rate to be, it was more offset by the fact that our retention rate was a little bit better. And so all in all we did end the quarter at 103%. We're assuming 103% will pull throughout the rest of the year. We do expect to continue to see some headwinds and then new bookings and its ability to contribute to revenue growth. And hence we're guiding to a revenue growth rate of 7 to 8% of the full year.

And the

next question comes from Trevor Walsh with Citizens. Your line is open.

Great. Hi, team. Thanks for taking the questions. Sven, maybe for you, could you just walk us through how you're thinking about the MROC kind of roll out with partners and how you're getting mind share with them when they've got a lot of different managed services that they are probably trying to bring to market? And then kind of with that, why not? Why just kind of the six to start? There's probably a lot of other players you go after out there to partner with. So is there kind of more to follow or how you're thinking about just onboarding of those? Thanks.

That's a really good question. And we're pretty excited about this because as you know, the last three years or so we have really been focused on a partner strategy and a partner first strategy. And you can see that in the numbers and the way the business is moving towards partners. And so part of that, we really felt like we wanted to do something that was meaningful to our partners and wasn't just about a few points here or there in terms of resell. And when we talk to some of the partners, as you said, they are have managed services today, but a lot of their managed services are around MDR, which is becoming more and more commoditized or price sensitive because everybody's offering some sort of an MDR service. However, MDR services are post breach detection, right? Is there somebody in my environment that I can detect and be able to alert and take action by looking at data from all of their different tools? And that's a different architecture. When we talk to our partners, they felt like they did not have really great services from a managed service perspective, other than sort of point solution type services for scanning service as a managed service or patching as a managed service. And so when we introduced the concept of a risk operation center, it was also pretty clear that the implementing the risk operation center, we have a great platform that we have an ETM that consolidates all these findings. However, the customer does need help with this quantification, putting dollar value terms in terms of how their business is evolving with the risk card. Then you somehow put connectors, then you help with actively monitoring risk because today the issue is they have millions and millions of findings, which out of those once Qualys has prioritized truly actually impact their environment by looking at their environment. So sort of a risk monitoring service and then ultimately a risk remediation service. So these are fairly new services that most MSSPs don't have when we talk to them. And so they were excited about the ability to launch new or different services in the market rather than just launching another MDR, which is pretty saturated. So, but from that perspective, we wanted to work closely and prioritize with the partners that truly understand the vision and are investing together with us in terms of resources, hiring the right people on their side for quantification type services and working with us to provide a tightly bundled service. And so today we focused on those first things. There's a launch partners that are a few others we're talking to as well. And the ability, the excitement for them is, you know, can they make a few more dollars of services on a dollar of Qualys ETM that they sell is the exciting part for them. So we are going to continue to work with selected strategic partners that are really working closely investing rather than just sort of making it available on the shelf and they're reselling. So that's really the focus. And our thought there is that MROC partners will be more excited to bring more customers to Qualys because that will allow them to create more dollars of services versus maybe a competitor who is competing with them on services or offering professional services and does not provide a lot of capability to add additional services on top of just reselling. So it's a very strategic move for us and we're excited to see globally multiple partners actually signing up and excited about this.

Awesome. That's great. Appreciate all the color there. Jimmy, maybe just one quick follow up for you kind of along the same lines. I think last quarter you had mentioned some gross margin pressure as these partner programs are rolled out, but it looks like at least from just the results in this quarter that you were a little bit ahead of kind of where expectations were around gross margins. So is that just a function of maybe these partner programs still kind of basically still launching until you're not seeing the kind of added gross margin requirements there or do you have kind of a new perspective on kind of where gross margins should track kind of heading into the rest of the year?

Yeah, we had talked about the gross margin contraction primarily due to the data center operations investment that we plan to continue to make throughout the year. So that really hasn't changed from the pressure on the partner side. I think that we've ever actually seen it. We don't expect it to be material. If you take a look at our revenue, it continued to tick out with 49% of our revenue coming from the channel side. And so from that perspective, unless there is any meaningful change to the pricing or incentive program, which we don't foresee for this year, we kind of see no impact on gross margin due to our partnering initiatives.

Awesome. Thanks both. Appreciate the time.

The next question comes from Joshua Tilton with Wolf Research. Your line is open.

Hey guys, thanks for taking my questions. I have two and I will also apologize if they've been addressed just jumping around on a few calls tonight. My first question is on billings. I think it's kind of been asked a few times, but I'm just going to be a little bit more direct. Was the billings growth that you saw in the quarter in line below or above your expectations for the quarter and then going forward, how should we think about billings growth relative to revenue growth and specifically to Q, given the interest in comp from last year?

Yeah, current billings, because we don't manage to it, we don't really have the necessary expectations for the current quarter. But what we did comment on is last quarter, we did expect current billings to be more or less in line with the annual revenue growth rate guidance of 6 to 8%. So 7% current billings for the quarter wasn't a surprise to us. And I would say that even though we don't actively manage to it, if you were to look for a color for the annual current billings growth, it will be more or less the same as our prior guidance of 6 to 8%.

Super helpful. And maybe just one follow up here. I think in response to a question about the bottom line beat, you talked about how your plans for the year, talked about some potential investments that you guys go into the year, setting yourself cushion for in case you can execute. I guess from your perspective, what would it take to ignite growth on the direct side of the business, kind of trend towards or be more in line with what you're seeing on the partner side?

I think for the direct side of the business, we are not expecting an acceleration on that side just because we are taking the partner first approach for this year, whether it's from a new business perspective, as well as existing customer perspective. So what this year we're really focused on is making sure that we're building the channel partner team and house as well as working closely with our top partners to come up with different programs and initiatives so that they can help us with the lead generation as well as us kind of discussing with them for our listing, while as customers are currently direct with us where it makes sense for them to go in direct where the partners could add more value. And so for us, it's about the partner kind of driving growth versus trying to moderate the deceleration on the direct side.

Makes sense. Thank you guys. Appreciate it.

And the next question comes from Sherinick Kotari with Bayard. Your line is open.

Hey, congrats, team. Thanks for squeezing me in. Again, I was running a bit late. So apologies. So you disclosed the total cloud CNAP, kind of now 5% of bookings and mid six figure CNAP deal in that seven figure analyzed you. So can you can you help break down the elements of that when like how are you differentiating and what is arguably covered space right with the weights and did the ability to set the audit readiness message integrated risk all of that is serving as a key wedge. Just curious how is translating to wins and how fast overall the CNAP is growing and is it mostly green field and then had a quick follow up.

Yeah, it's the with the early days with the cloud solution. I think we're we're happy with having these that 5% LTM percentage of our bookings again shows that our solution is at the level our investment in getting our sales force trained and our partners working with us is working even though it's early days. As you said, the market is crowded. I think customers have different requirements. It's not that every customer is exactly requirements for cloud and what we see is that there are times when customers prefer to take the program that they have built with qualis all these years. And also from the auditory perspective, just expand that into the cloud. In some cases, they might want to go with some other provider for some part of the cloud and to continue with quality. On the workload side, so today our approach really is, you know, we have a pretty mature solution now that is offering all kinds of different capabilities, including CSPM, including identity, cloud identity management. You have a nice path and our toxic combination. So we're seeing those wins when we're going head to head, depending on what that particular customer wants. In some cases, we see the customer adopting qualis for one part of the environment and maybe somebody else for CSPM. I think the exciting thing for us is that with the CTM risk operation center solution, we have customers where they might be using a different cloud provider for part of the cloud. And we're actually now able to bring the data from that cloud provider in qualis to give the customer a unified view of all of their different capabilities, whether it's on laptops, whether it's on their on-prem environments, whether it's on their cloud. And they are able to see a unified view of the risk. And so for us, wherever it makes sense for the customer to leverage our cloud native solution, we're working with them. In some cases, it's a partnership with other providers and in some cases, they are using other providers. We're still able to, you know, look at potential revenue from them because we're pulling the findings and data, adding meaningful context to the vulnerability and this configuration side of it. And to your point on the audit readiness, this is what we see as a big area of focus and spend for CSOs. We are part of it is on risk management. The other part of the strength for budget for them is around audit readiness, ensuring that they don't fail audits because that's fully within your control as an organization to make sure that you don't fail your audit by putting the right controls in place. And so the audits are costly and they, whether it's cloud in the cloud or whether it's on-prem and the amount of work that goes into manually collecting evidence. And once the auditor is on board, then they go and ask you to find some data. So we're seeing the combination of qualis not just about finding buckets, but also helping them put the findings in the bigger context of risk, but also in the context of audit readiness so that they can be completely prepared for audits is helping them to be able to do that. And so we drive that focus on saying, well, maybe we should just leverage the qualis plug-in for cloud security. But if it's not and they have something else, we're more than happy to take the data, which we're already seeing in the current POC where we are taking data from other cloud providers already and giving the customer single view.

Thanks a lot, Sumit. Very helpful. And, Jimmy, just a quick follow up to the previous line of questioning. You have definitely kept on to the long-standing margin discipline targeting, of course, low 40s, a bit of margins. Just as you're shifting your bookings overall towards high value, modules, CNAP, Patchman, just curious how are you deciding and, also, Sumit, feel free to chime in as how to deploy the incremental OPEX along the lines of new sales leadership, investments in total cloud, which is to accelerate that, just broader S&M and product. Just curious how you're thinking about it.

The way we're thinking about it is at the beginning of the year, we do go through the number of initiatives, whether it's from a product development standpoint, the engineering efforts, investments that we have to make on the R&D side, as well as operations and data centers. In addition to the sales and marketing, the golden market, it's basically based on what we think that we'll be able to achieve in the current year, what the goals we've set up for ourselves, and then the risk weighted, adjusted targets, if that makes sense. And then because of that, we have set aside significant flexibility for us to execute on a number of initiatives if we have the bandwidth to do it. Aside from that, we did take into consideration that if we were to onboard a new CRO, there will be some kind of re-evaluating some of the initiatives. We want to make sure that we have enough funds available for us to make some of that that are appropriate for our visions today.

Got it. Appreciate it. Thanks a lot.

The next question comes from Yoon Kim with Loop. Your line is now open.

Thank you. Hey, Smet. On your channel strategy around MSP partners, how long does it take for these MSP partners to ramp? And then also, are these MSP partners that you're initially focused on, are they targeting certain customer segments, like primarily targeting SMB or mid-markets?

Yeah, these are new services, right? This is not like MDR, it's a well-known service. So as they are ramping up, they are also figuring out operationally on their side, what are the investments that they need, and they're making those investments to make sure that they're able to work with the customers that need this kind of a view. So there is excitement around that. I think the time it takes, we're already engaged with a couple of partners who are part of these POCs, who brought us these POCs, so we're seeing the excitement and we're seeing that engagement already. And I think the...what was the last part of the question?

Just, are these partners kind of focused on certain customer segments, like are they primarily targeting SMB or mid-market?

I think the...overall, I feel like the risk operations center solution would pretty much work for anybody who has more than three security solutions, which is pretty much everybody at this point. However, I think the number of findings and the amount of triage that they have to go through to figure out those findings, I think that is a lot more of high priority for the larger customers right now. And also most of the POCs that we see engagement are large enterprises that have multiple tools, multiple solutions, and are really struggling to convince their IT teams to focus on fixing things, as well as they are struggling with showing ROI of large spend to their CFO and to their board. And so that's kind of where we are seeing the target focus for these customers to the MSSP is the large customers that have a bunch of these large tools and a large number of assets.

Okay, great. Thanks for that. Hey, Jumi, if you can remind us how renewals are lined up for the rest of the year, do you expect the typical seasonal pattern like we saw over the last couple of years, or do you see certain renewals kind of shifting between first half and second half? Yeah,

I would say I assume the same seasonality as the prior year.

Okay, great. Thank you so much.

The next question comes from Rob Owens with Piper Sandler. Your line is open.

Yeah, good afternoon. Thanks for taking my question. Just a quick one on geographic mix and I guess more so from the standpoint, if I look over the last year, North America has been very soft for you guys growing, you know, low to mid single digits while internationally you've actually put up some pretty reasonable results. Can you just parse your success internationally and why domestically it's been so difficult for you guys? Thanks.

So I said the high level international tends to be more partner oriented business and as we are focusing more on working with our partners and channel partners and business with them, we're naturally seeing a bit more success where already it's a much more partner oriented things. I think we do see opportunity for continuing to improve our execution in

North America with our partners and so

that's where part of the MROC services and lining up with creating abilities for them to be able to provide more services around quality can be that that sort of catalyst that we are working with them to see if as we bring them, we bring our existing direct accounts in North America to them. How do we do a gift to get where they're able to bring us additional new business that we don't have today in return for moving some of these customers to them? So those are the motions that we're going through right now and we're looking forward to executing on some of these and improving how we can get this business in North America as well.

Thank you.

And our next question comes from Oscar Salvidra with Morgan Stanley. Your line is open.

Hi, thank you for taking my question and congrats on a great quarter. Juni, regarding partners, can you give us an update on performance in terms of lead generation and pipeline generation? How has that been tracking against your internal expectations? And when we think about the guidance, to what extent is it assuming that, you know, that continues to improve or is it assuming still, you know, similar to what you're seeing in the current quarter? Thank you.

Yeah, we've been satisfied with the progress that we've been making on the partner side. Relative to the direct business, we've seen like pipeline increase, success in increasing the deal reg. In our guidance, what we're kind of assuming is not a meaningful improvement from what we see today. It's kind of stayed the course given that we are expecting increase in budget scrutiny given the macro. So we've adjusted, we've taken that into consideration when setting guidance. But with that said, we are very happy with the progress that we're making with partners. We kind of are hoping that once the macro improves, we will see meaningful improvements there.

Very clear. Thank you very much.

There are no further questions at this time. This does conclude the Q&A session and today's conference call. Thank you for participating and you may now disconnect.