This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
spk08: Good morning and welcome to the SecureWorks third quarter fiscal 2021 financial results conference call. Following prepared remarks, we will conduct a question and answer session. If you have a question, simply press star then one on your telephone keypad at any time during the presentation. At this time, all participants are in a listen-only mode. We are webcasting this call live on the SecureWorks Investor Relations website after the Completion of the call, a recording of this call will be made available on the same site. Now, I'll turn the call over to Paul Parrish, Chief Financial Officer. You may begin.
spk07: Thanks, everyone, for joining us. With me today is Mike Cody, our CEO, and Wendy Thomas, President of Customer Success, will join us for questions at the end of our prepared remarks. During this call, we'll reference non-GAAP financial measures, including non-GAAP revenue, gross margin, operating expenses, operating income, net income, EPS, EBITDA, adjusted EBITDA, and cash flow from operations. A reconciliation of these measures to their most directly comparable gap measures can be found in our web deck and press release. Please also note that all growth percentages refer to year-over-year change unless otherwise specified. Finally, I'd like to remind you that all statements made during this call that relate to future results and events are forward-looking statements based on current expectations. Actual results and events could differ materially from those projected due to a number of risks and uncertainties, which are discussed in this morning's press release and our SEC reports. Now, I'll turn it over to Mike.
spk02: Thanks, Paul. The events of 2020 have underscored how transformative technology can be to help adapt, innovate, and increase productivity. Cybercrime continues to accelerate as the explosion of data and devices have expanded the attack surface. And the shift to work from home has required additional cybersecurity controls and operational changes. These same events have created an opportunity for cybercriminals to exploit and capitalize on the expanding number of vulnerabilities. Our recently published incident response report highlighted increased risk areas in direct response to the pandemic. These included an increased risk with more people accessing SAS applications, delays in vulnerability patching, circumvention of VPN connections, and increased phishing attacks. This is the first time we've seen cybercriminals globally focus on one issue, with threat actors using COVID-19 themed tactics to exploit vulnerabilities. Against this backdrop, I continue to be incredibly proud of the resiliency, determination, and adaptability of my teammates in serving our customers and partners every day. For many years, the security industry has been overrun with thousands of point products that do not enable organizations to mount a holistic defense against adversaries whose unrelated attacks only have to succeed once. Through a variety of means, the adversary has consistently been able to navigate between security controls, going undetected and undeterred in organizations that lack integrated detection and response capabilities across their environments. We believe that the ability to outpace the adversary at scale requires an integrated security platform that closes the gaps between point products, puts security detections in context of risk to an organization, and automates the remediation process with agility. Our superior threat detection and remediation capabilities are accelerated with deep learning, machine learning, and workflow automation to detect security risks to an organization quickly, with high fidelity, and to reduce both adversarial dwell time and mean time to remediate. Our cloud-native platform takes a different approach, building on our expertise as a global leader in managed security over the last 20 years, because we fundamentally believe that the only way to win this fight is through the combined power of the community working together. Why? because the adversaries work together, albeit in a mercenary way, increasingly leveraging the same data science and technology capabilities that the security industry does. Our integrated, inclusive, holistic approach continues to gain momentum by allowing customers to, one, detect and respond to threats across the complete environment, including endpoints, network, business systems, and cloud infrastructures, regardless of the underlying point product technologies. Two, provide accurate and prioritized insights through automated asset discovery and classification, vulnerability assessment, and risk prioritization. Three, leverage our deep security operations expertise to automate and simplify investigations, orchestrate and automate responses and workflows, and enable collaboration across security and IT functions in a single platform that sits at the heart of their security operations. Our holistic approach means customers benefit from the capabilities of our platform without having to rip and replace existing point products, nor shift to a single vendor ecosystem. We also see a near-term future where what are now individual security product markets, such as SOAR, SIM, vulnerability management, and more, increasingly become integrated features or capabilities of a holistic security analytics platform. We have built to this vision. And as this trend continues, I believe we are well positioned to be successful in the emerging XDR market that anticipates convergence across historically standalone technology segments. In Q3, we continued to focus on our software products and our transformations. Gross margin grew 150 basis points over Q3 fiscal year 20 to 61%. Paul will share more details on our financial progress in a moment, but I'd first like to update you on the progress we've made across three transformational pillars, expanding our go-to-market, ensuring customer success, and accelerating our software roadmap. In Q3, we continue to make great progress in expanding our go-to-market efforts, focusing on customer success, and attracting new logos to our cloud-native platform. I'm pleased to report that we reached nearly 300 customers on our new security analytics platform. New customers on the platform grew 36% sequentially in the third quarter and represented 45% of our new subscription customers during the quarter. One such new customer example, a global European chemicals company with operations in more than 100 countries, was seeking a security partner to focus on threat detection and response. They were concerned about ransomware attacks. They purchased our TDR software to give them a unified approach to managing their security program with holistic detection and automated investigation capabilities across endpoints, networks, and cloud activity in a single dashboard. Another new customer is a privately held video streaming company in North America that focuses on live, customizable e-commerce applications. The company desired a security solution to help minimize risk and establish confidence and trust. They chose our new VDP product because of the simplicity to get up and running quickly and automation of the vulnerability management and prioritization processes which provides substantial time and resource savings. Last quarter, I updated you on our progress in launching and building our channel efforts with our global partner program. We're investing in training and enablement, marketing, and demand generation to ensure our growing partner community is equipped to sell, market, and support our software solutions. Our new software portfolio represents a fantastic opportunity for the channel to take our superior detection and response capabilities and surround it with their own service and value added offerings. In addition, as a historical leader in the MSSP market, we believe there is new and compelling opportunity for us to scale our cloud native software platform that enables a broader community of managed security service providers. Allowing the growing community access to our software analytics and expertise accelerating the adoption of our cloud-native platform, and, as a community, to combat the adversary at scale. Last month, we hosted our Industry Analyst Summit with Tier 1 analysts from around the world to continue to tell our software transformation story. And on December the 8th, we'll be hosting an Investor Day conference as we continue that discussion with each of you. Core to all we do is customer success. I talked a moment ago about the progress we are making in attracting new customers to our platform. We are also deeply focused on ensuring that existing customers see the value of our latest capabilities and leverage more of our portfolio. For example, in North America, a $2 billion manufacturing company was looking for a security partner that could provide visibility and controls to reduce their cybersecurity risk. They chose TDR to find unknown and advanced threats and to make informed decisions. They also used our built-in real-time chat to collaborate with our threat experts during live investigations. A second existing customer example, a $50 million North American company that works with state and local government agencies to provide document management, payment processing, customer services, financial systems, and case management was looking for a cloud-native turnkey software solution to provide full visibility on endpoint, cloud, and network systems. They appreciated how TDR provides their leadership with the latest threat intelligence insights and research from our counter-threat unit to meet the dynamic changes in cybersecurity and inform their overall security strategies. In each of these examples, customers benefited from having full visibility of their security environment with technology solutions that work together to protect their business. We've made great progress in extending our portfolio, adding another application and more capabilities to increase differentiated value for our customers. We recently announced significant feature enhancements to TDR with the addition of log management, and search reporting capabilities for users to have an integrated contemporary alternative to traditional SIMs. We also extended our platform with the addition of a vulnerability detection and prioritization application as a result of our acquisition of DELV. Our VDP product provides contextual awareness to vulnerabilities with an ML-driven prioritization engine to focus on the highest risks to an organization and VDP automates most of the historically manual vulnerability management processes to free up security resources and reduce human error. You'll have the opportunity to hear more about these capabilities at our upcoming Investor Day. We are transforming our business to strengthen the security community and beat the adversary at scale. We have taken over 20 years of security operations experience threat intelligence, and technological advancements to reimagine how security should be done. This is a multi-year journey, and we will continue to focus our transformation on expanding our go-to-market, advancing the delivery of our cloud-native platform, and ensuring the success of our community, customers, and partners to be a force for good. Thank you. I will now turn it back to Paul.
spk07: Thanks, Mike. We are pleased with our Q3 financial results. Some highlights include record gross margin, our 10th consecutive quarter of positive adjusted EBITDA, and $22 million of positive cash flow from operations, resulting in cash balance of $188 million. Maneuvering within a dynamic global environment, we maintained our strong financial position. We continued the significant growth and investment in our new SaaS solutions. We exited the quarter with annual reoccurring revenue of $443 million and And we made progress with our channel program, as you just heard from Mike. In the third quarter of FY21, revenue of $141.6 million exceeded the top end of our guidance range and represents a 2.3% sequential increase over Q2. Gross margin totaled $85.9 million in the third quarter of FY21, or 60.7% of revenue, both records. Our margin composition continues to reflect our shift to more software-driven threat detection and response services that provide differentiated value. Our gross margin progression over the past several quarters reflects our focus on expanding gross margins through scale, continuing automation of delivery capabilities for MDR, and purposeful reductions in non-strategic low margin business. Of note, our cloud-based SaaS security analytics platform now represents approximately 8% of customers, approximately 10% of ARR, approximately 40% of ending Q3 pipeline, and although it's still early, we're encouraged by initial customer reception and feedback, particularly regarding differentiated value. Third quarter operating expenses totaled $77.6 million compared with $81.6 million last year, largely driven by reduced travel. Research and development expenses increased as a percent of revenue, totaling 18.9% of revenue in the quarter compared to 16.3% in Q3 FY20 as we accelerate our cloud-native platform development. Sales and marketing expenses were 23.8% of revenue in the third quarter compared to 28.3% for prior year Q3, decreased primarily due to lower travel and a reduction of safeguard marketing spend with Dell Technologies. General administrative expenses total 12% of revenue in the third quarter compared with 13.1% for the same quarter last year. Adjusted EBITDA in Q3 was $11.3 million compared with $5.8 million last year. This improved performance is driven by a combination of gross margin gains as well as from reduced OpEx as we navigate the current environment and the business continues to find creative, efficient ways to engage our customers. We will continue to invest for strategic growth, balancing the R&D investment in the new software platform and expansion of our new partner program while expanding profitability. I mentioned earlier cash flow by operating activities was $22.4 million in the third quarter, just slightly down from prior year's Q3 performance of $22.6 million. DSOs improved to 69 days from 71 days in Q2. We finished the quarter with cash of $188 million after the purchase of Delve Laboratories, an increase from $181.5 million in Q2 and from $138.8 million at the end of the third fiscal quarter last year. CapEx was $500,000 in the third quarter, and our $30 million credit facility remains untapped. Now for Guidance. In the fourth quarter of FY21, we expect both GAAP and non-GAAP revenue to be in the range of $138 million to $139 million. And we expect non-GAAP net income per share performance to be between break-even and two cents. For FY21, we expect the following. GAAP and non-GAAP revenue to be in the range of $559 to $560 million. Adjusted EBITDA to be positive for the full year in the range of $32 to $34 million. Non-GAAP net income per share to be 22 to 24 cents per share. GAAP net loss per share to be in the range of 26 to 28 cents. For modeling purposes, we estimate that the tax benefit rate will be approximately 28 percent for the remainder of the year. Cash provided by operations for full year to be between 55 and 60 million, and capex for the full year to be in the range of 3 to 4 million. Before we move to Q&A, Just a reminder that our virtual investor and analyst conference is next week, Tuesday, December 8th, and we look forward to your participation in that event, which features discussion and Q&A with our broader SecureWorks leadership team. Finally, I want to reiterate Mike's thanks to our SecureWorks teammates for their dedication to our customers, and on behalf of the entire SecureWorks team, we appreciate your continued interest and support. Wendy Thomas will join Mike and I during the Q&A session. Operator, please open the lines for questions.
spk08: I will now open the call for questions. If you have a question, press star then one on your telephone keypad. As a courtesy to others, please ask no more than two questions. Our first question comes from Sakit Kalia with Barclays. Your line is open.
spk03: Okay, great. Hey, guys, good morning, and thanks for taking my questions here. How are you?
spk02: Morning, Simon.
spk03: Hey, morning. Mike, maybe first for you, can you just talk a little bit about the competitive dynamics with TDR specifically? I guess the question is, are you finding yourselves more and more in competitive bake-offs for SIEM? And if so, who do you find you're ripping and replacing with some consistency?
spk02: Sokka, thanks for the question this morning. I'm going to tee this up and let Wendy go into a little more detail. I think that The first thing I'd sort of say or the thing I'd say to sort of tee it up for Wendy is we've got a much bigger vision, as you sort of heard in my prepared remarks, than just the SIEM aspect of things. It's really working with the other products that exist in the marketplace and taking where the industry is going from an XDR, if you will, perspective. But I'll let Wendy drill into a little more of the details on kind of how it fit or maybe some of the customer examples that I talked about.
spk00: Sure. So we take it from really the customer use case perspective, which is that they need a holistic approach to managing their security program. And so the approach we've taken with our platform and SaaS applications are really, you know, they're designed to address that holistic need. And in terms of traditional SIMs, they've been, you know, disappointing in terms of the difficulty and cost of ingesting and normalizing security-relevant data. TDR does that for you and, frankly, uses our knowledge of the telemetry coming from those products to really make sure that what we're looking at is what matters from a security perspective. But once you have all that data, clearly you have to know how to detect and hunt for advanced threats, and that's honestly the second place where customers have been disappointed with those legacy SIMs because TDR completes the swing on that, right? It's delivering the high-fidelity prioritized detections but then adds on with automated investigation and remediation capabilities. So what we've led with is solving the customer need for true security management. What we announced earlier this week was the addition of basically features on TDR that cover what I'll call basic SIM use cases from log retention, both the type, amount, and length of retention of that data, as well as some additional search and reporting capabilities. And from a customer perspective, that's what they've been telling us would kind of let them be able to have a holistic security outcome and, frankly, with a better ROI with a standalone TDR option.
spk03: Got it. That's very helpful. Hey, Paul, maybe for my follow-up for you, just maybe on the MDR part of the business, I guess the question is how does MDR sort of compare to the traditional MSS in sizing, and can you talk about even qualitatively sort of the relative gross margins as that shift from MSS to MDR sort of continues? Does that make sense?
spk07: It does, and I'll reference our average revenue per customer as You'll see in our queue it's $113,000 per customer. And we're seeing that the average revenue per customer who selects and goes into our new system is about 25% higher. So from a revenue sizing, we see this as a favorable sizing, increased revenue to us. And then the gross margins are improved in the new platform. And as you'll hear in the analyst day, we talk about long-term, our gross margins approaching something along 73% to 77% range over time. And so think in terms of MDR tracking along that.
spk03: Very helpful. Thanks, guys. Thanks, Taka.
spk08: Thank you. Our next question comes from Sterling Audie with J.P. Morgan. Your line is open.
spk04: Hey, guys. Thanks. I apologize. I'm on the road, if you can believe that. So I don't have my model in front. But I'm just curious, what would be the main drivers that could cause revenue to be down sequentially in this next fiscal quarter?
spk07: Yeah, it's us focusing on the type of customers we're serving. As I mentioned in my comments there, focusing on we're looking at customers who see the value of our product and will reward us, and we help them in what they need to do in their business. And so we're going through our customer base and looking at where those lower margin type customers are and working with them on different alternatives.
spk02: It sort of ties, Sterling, into the question Sokka asked when he talked about the MSS versus MDR market, whereas some of the services from an MSS, traditional MSS perspective that are lower margin, less value add, are things that we will not look to expand. And if the margin is unprofitable for us, we're not going to look to continue to do.
spk04: And then my follow-up question kind of ties nicely into that. So, When you talk about going out and partnering with MSS, I would think traditionally they would look at you as a core competitor. Why would they want to do that? Is it because you're exiting some of that lower margin business and perhaps creating opportunities for them, and they see you less as a competitor, more willing to look at you on the product side? Yes.
spk02: Yeah, and the other key aspect to that, Sterling is really getting the scale. Right, it's being able to take what we have done as the leader in the MSS space and bring that capability to the market and allow others to do it, you know, as well as we do. We did and we do, and have us really focus on the expertise and the analytics where we can add real value at a much greater scale.
spk04: Got it. Thank you so much.
spk08: Thank you. Our next question comes from Walter Pritchard with Citi. Your line is open.
spk05: Hi, thanks. I'm wondering just as you've rolled out a lot this year and you look into next year, how are you thinking about the budget categories you've been able to access this year and have some of these new products sort of fit into traditional RFPs and so forth that customers have had, and how are you thinking about that as you look towards fiscal 22?
spk00: Hi, Walter. It's Wendy. I'll take that one. Just to make sure I'm clear on your question, are you talking about sort of what product categories customers... Yeah, for example, you have a vulnerability capability now.
spk05: You have a greater analytics capability. And so, you know, there's traditional line items there that customers put out RFPs around. And I'm just curious if you've been able to get into that mix or if it's been... a little bit more missionary selling as these products have ramped and you're looking more to budget RFP kind of selling as you look into next year?
spk00: Yeah, I don't have the RFP stats in front of me. Clearly, we participate in those when they make sense for us. I definitely think that the shift towards the new platform and those capabilities has tended to address customer use cases more in a more focused way. And so sometimes those kind of bespoke outsourcing of labor type RFPs aren't necessarily where we want to go. But what we do is we're able to position that the outcomes we can drive at a higher ROI to customers are really the best alternative there. I think our sales team has been successful positioning that with customers and, frankly, trying to get in front of some of those RFIs or RFPs.
spk05: And then for Paul, just generally on the profitability front, I mean, obviously you're investing here a bit. Can you help us understand sort of duration of investment, sort of what your goals are, what you're looking for there in terms of kind of the return on what you're doing right now and sort of how long it lasts?
spk07: Yeah, we see great potential in what we're doing. That's why we're investing in that. We see the rate that we're spending on R&D, which is an elevated rate, will continue out into the near term. Long-term-wise, that should return back down to something, and long-term is beyond the next 12 months, but long-term return back down to somewhere in that 14% to 16% level. But we see continuing this type of spend right now to reach the market and the gain in the market that we see we can get. Great. Thank you.
spk08: Thank you. Our next question comes from Brian Essex. With Goldman Sachs, your line is open.
spk06: Hey, Grace, thank you for taking the question. I was wondering maybe if you could dig in a little bit to some of the put and takes around sales and marketing spend, particularly as you pursue these kind of new go-to-market initiatives and try to penetrate the channel, but you're also seeing a mixed shift in terms of revenue. You're down a little bit sequentially, so maybe you just want to understand some of the puts and takes there for sales and marketing and how to think about that going forward into next year.
spk07: Yeah. So we've been primarily focused as a direct selling company, using our sales people to work with our customers. That's a higher-cost sales mix. But as we move to the channel, there are some startup costs, higher costs initially as we move over to get that kick-started and running. And so we see some type of elevated spend for a period of time as we get channel going. But ultimately... as channel grows and becomes a larger part of our business, then the efficiencies that we get off of that wider network will reduce those sales and marketing costs.
spk02: This is Mike. I'd add with the new sales model that has kind of evolved as a result of the pandemic, we're also putting more focus in the marketing area and electronic demand gen and kind of moving the sales process where what we think people really want it now where much more of it is digitized and the actual sellers are getting engaged later in the, in the sales cycle. Got it. That's helpful.
spk06: And maybe just how to, how to think about ARR, you know, kind of flat year over year, but you're getting progress with, with PDR and MDR. You know, is it that shift towards more profitable customers that's, that's affecting that, that, that kind of rate, or is there something else there we should kind of keep an eye on?
spk07: Yeah, over time, it's clearly the mix of that business over time will see that benefit. What we see right now near term what's happened is we've been more efficient at managing the business and focusing on what do we do to effectively and efficiently serve our customers. But you're clearly on track with where we see the business going. As that continues to grow in our new business, we'll get that mix and the benefit of that mix in our gross margin.
spk02: And I think the key, this is Mike just adding, I think part of the key preview we gave was the stats that Paul talked about. 8% of customers now are on the new platform, about 10% of ARR. We had, I think it was 35%, 36% growth in customers, new logo customers added in the quarter on the new platform. And I think we'll begin to flush that out more over time for you.
spk06: Got it. That's helpful and from Apple Color. I appreciate it.
spk08: Thank you. Again, if you would like to ask a question, please press the star, then the one key on your touchtone telephone. Our next question comes from Alex Henderson with Needham. Your line is open.
spk01: Thanks. I wanted to ask a question relative to the logging functionality that you talked about. Clearly logs are very expensive and Splunk is known as one of the highest priced people out on the planet. So how much are you saving the customer in terms of that logging expense on the one hand? And on the other hand, Logs are used in a lot of things other than security. For instance, they're used in network management. They're used in network troubleshooting. Can you talk a little bit about how you tie into that aspect of what companies need the logs for in the case that they choose to stop using Splunk and start to use you for logging functions?
spk00: Sure, I'll step back to the first question around cost. And we do think that this is an advantage that we have, as much around predictability of cost as it is around the lower cost itself. Everything that we do in terms of the way that we price both the TDR application and then the extension of various log retention and collection options is still correlated back to endpoints because customers are able to predict how many users they're going to have on the platform. And then we have tiers of data amounts. And so they can opt in to sort of large tiers around that with 30 days of notice if they've been tripping that next tier. And it's much more flexible and simple than Splunk's offerings because for us, the point of view we have around the logs we're seeing from a security efficacy perspective is obviously a different point of view than one that just holds logs for, as you were mentioning, kind of IT or even broad compliance perspective. So we can give customers options there depending on, so that they don't store data that they don't need for security purposes. On the IT side, we certainly have capabilities around ensuring that both IT and other practitioners can keep a pulse on the health of those data sources. I will not say right now that we've extended into trying to enable some of the network management side, if you will, but certainly something we'll always listen to our customers about. But right now, we really stay focused on the security side first and hopefully address most of the use cases for customers who don't have an extreme extreme end use case.
spk01: I see. Could I shift gears a little bit and over to the OPEX side of things? Five-point improvement or five points of OPEX it sounds like are related to a combination of things, but a big chunk of that sounds like it's related to lack of travel and T&E. And I get the idea that this is a much more frictionless model, more direct digital. You know, how sustainable is that five points, or is that going to come back in over the course of CY21 as increased costs in your view?
spk07: Yeah, and every company is looking at this, and we're pretty excited about the things that we've learned through this process. It's incredible you had to go through something like the COVID crisis. pandemic to figure out how you do things more efficiently. And we have found we're very effective, very efficient working remotely. And we'll continue to explore how that continues out in the future. Now, of course, as things loosen up and the vaccines out there in the world, of course, you'll see some costs come back in. But we've learned a lot through this process. And so we're excited about continuing these savings out in the future.
spk01: Okay, thanks.
spk08: Thank you. Our final question comes from Saqib Khalia with Barclays. Your line is open.
spk03: Hey, folks. Sorry to get back in queue here, but just had one quick housekeeping question that I think could benefit the group as well. Paul, maybe just for all of our models, can you remind us what was the split of – of SRC versus, I don't want to just call it managed services. I guess I'll call it subscription. What was that split between those two revenue lines?
spk07: 76% was the MSS and SRC was 24%.
spk03: Got it. Very helpful. Thanks. Thanks, Socket.
spk08: Thank you. And there are no other questions in the queue. I'd like to turn the call back to management for any closing remarks.
spk07: All right. Thank you, Operator. That wraps up today's call. A replay of this webcast will be available on our investor relations page at secureworks.com, along with our Q3 FY21 web deck with additional financial titles. Thanks again for joining us today. Have a good day. Thank you.
spk08: Ladies and gentlemen, this concludes today's call. You may all disconnect. Everyone have a great day.
Disclaimer