This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
spk00: Good morning and welcome to the SecureWorks fourth quarter and full year fiscal 2022 financial results conference call. Following prepared remarks, we will conduct a question and answer session. If you have a question, simply press star then one on your telephone keypad at any time during the presentation. At this time, all participants are in a listen-only mode. We are webcasting this call live on the SecureWorks Investor Relations website After the completion of the call, recording of the call will be made available on the same site. I will now turn the call over to Andrew Storm, Vice President of Investor Relations. You may begin.
spk07: Thanks, everyone, for joining us. I'm Andrew Storm, VP of Investor Relations at SecureWorks, and with me are Wendy Thomas, our CEO, and Paul Parrish, our CFO. During this call, unless otherwise indicated, we will reference non-GAAP financial measures. You will find the reconciliations between these GAAP and non-GAAP measures in the press release and presentation posted on our website earlier today. Please also note that all growth percentages refer to year-over-year changes unless otherwise specified. Finally, I'd like to remind you that all statements made during this call that relate to future results and events are forward-looking statements based on current expectations. Actual results and events could differ materially from those projected due to a number of risks and uncertainties, which are discussed in our press release, web deck, and SEC filings. We assume no obligation to update our forward-looking statements. Now, I'll turn it over to Wendy.
spk08: Thank you, Andrew, and welcome, everyone. Just two and a half years since initial launch, Tejas reached 165 million in ARR, up 42 million sequentially, accelerating our business model transition. We added a record 400 customers in Q4 to finish the year with 1,200 total Tejas customers, of which over a third are now software only. Our focus remains on transforming the company to higher value security solutions and driving scale and operational efficiencies in the business. As we actively exited non-strategic, lower margin services in fiscal 22, total revenues declined by $26 million, while non-GAAP gross profits increased by half a million dollars. We invested in engineering and marketing talent, with headcount in those areas increasing in the high teens, while our shift away from non-strategic services enabled us to reduce total headcount by 13% versus year-end last year. As a result, Revenue per employee increased 10% and gross profit per employee was up nearly 15%. Our transformation will accelerate in fiscal 23 as we increase investments in TAGIS to capitalize on the market transition to XDR and manage down our non-strategic services. And the shift to XDR is happening because it has to. The existing sprawl of point solutions operating independently and noise generated through legacy SIMs It's too much for overworked security analysts to address, leaving the adversary free to weave between existing controls. And until now, no prior security solution has brought everything together properly. Without that, you end up with billions in ransomware payouts. It's been clear to us that the way to defeat the adversary is a security-first approach with a single big data platform architected for holistic prevention, detection, and response. And while others are catching on, Building a true XDR platform is not easy. We've spent over five years building this vision into Tagus. Creating effective analytics beyond a single control like the endpoint or firewall requires a data lake with substantial volume, diversity, and span of data. Our data lake ingests endpoint, network, email cloud, and other forms of telemetry from thousands of customers every single day. That's the foundation we've built on. Endpoint-only providers, however, don't have the comprehensive visibility into a customer's network, cloud, or email. Architecture is not designed to ingest and correlate all the disparate data across vendors. Without comprehensive data, the detection capabilities are incomplete or unnecessarily noisy. In short, you don't have a scalable XDR solution. Even with the data, it takes a fully operational dedicated threat intelligence team. working with data scientists to research behavioral threat patterns and develop the detection analytics and rules that make XDR so powerful. Tejas is further supplemented with the intelligence gleaned from our incident response and security operations teams, not just by buying intelligence from third parties. As an example, we recently filed a patent for our new hands-on keyboard detector, which uses machine learning to detect threat actors, not using malware, but local tools in malicious ways that would be too noisy for signatures to detect. We started with a single true positive incident and went back through 3.3 trillion process events in our data lake to find more examples. We built a machine learning model, trained it with this data, and developed a detector with a true positive rate of over 99%. This patent-pending approach brings unrivaled capabilities and detection in the market. And as soon as we released the detector, we found multiple intrusions where the existing security point solutions were not raising alerts. This is extended detection. The second key part of XDR is the response. A purpose-built XDR platform pulls together all relevant information and provides an embedded security orchestration layer with automated response capabilities. These capabilities were designed and contagious from day one. It's not a third-party software bolt-on or an after-the-fact acquisition. And we constantly enhance our embedded workflow and response playbooks, driving increasing levels of automation for customers with practices informed by our managed security services and incident response teams. And our customers know we are in the fight with them every day, available when needed most. With one of the top incident response practices in the world that handles over 1,400 engagements annually, our customers know they have access to the right people whenever they need it. The final component of a true XDR platform is active prevention. Vulnerability management has long been akin to exercising to prevent health problems. The solution to most vulnerabilities is patching, yet organizations still don't do it. And the reason is simple. Like exercising, patching can be time-consuming and hard. We've taken the pain away and brought a step change in automation, enabling a more hands-off approach. With comprehensive vulnerability detection and response, Cages delivers a complete security program at a lower total cost of ownership. Bringing this together, a true XDR platform provides the prevention, detection, and response that extends well beyond the endpoint. It marries big data, intelligent security analytics, live threat context, and the best of human engineering and SecOps. Without unifying prevention, detection, and response for the entire ecosystem onto a purpose-built data and automation architecture, you're not doing XDR, no matter how much the marketing says otherwise. When we began building Tejas over five years ago, the XDR market didn't exist, and until more recently, wasn't viewed by industry analysts as a category. Now we're consistently recognized for our clear leadership and the unique solutions we've built. With a leading product and a growth market, excellent NPS scores, and a roster of customers advocating on our behalf, This is our time to capitalize on the market shift to XDR. We are investing further in marketing and product in the year ahead to capture that opportunity and maintain our leadership position. It's a testament to our team and the value of Tagus that we've historically spent significantly less on sales and marketing than public peers, yet delivered one of the highest growth rates in XDR customers and ARR last year. Looking ahead, we see multiple drivers of long-term organic growth, including a continued shift toward XDR and away from standalone point product-based approaches to security, the upsell of additional solutions, increased demand from targeted marketing investments, the shift of sales talent from re-solutioning existing customers as that work winds down this year, to hunting for new logos, and accelerating sales through our partner program. We are at the tipping point year of our transition. We've been building to this moment. We began the resolutioning program just over a year ago, and we expect to exit fiscal 23 with a substantial majority of our ARR on pages. Underneath the noise of our transition, we're building a higher quality business with a strong position in one of the highest growing segments of the cybersecurity industry. And I want to thank all of our customers and partners for their support and our teammates for their hard work and commitment to get us where we are and to fuel the year ahead. With that, I'll turn the call over to Paul Parrish, our CFO.
spk03: Thanks, Wendy. 4Q Tejas ARR increased $42 million sequentially, our largest quarter ever, and 34% sequential growth rate. This resulted in ARR of $165 million, $10 million higher than guidance, a 200% growth from last year. And we had a record 400 Tejas customer ads in Q4. to end our year at 1,200 total Tagus customers. Following our end of sales announcement, customer resolution accelerated. As a result, Tagus ARR ended the year around the 60-40 mix of resolution versus organic. Tagus subscription revenue was $85.6 million for the year, up 165% year-over-year, reflecting continued strong growth, but was below our expectations for two reasons. First, the majority of re-solutioning deals closed toward the end of the quarter, pushing revenue out slightly. Second, we continue to see a timing impact from customer delays in turning down their CTP security services. As noted last quarter, we recognize revenue proportionally as customers migrate, but we will continue to allocate a portion of other revenue to other MSS subscription revenues as long as customers have CTP services in place. Average revenue per Tagus customer was approximately $135,000, continuing to be at a premium to our non-Tagus customers, which averaged $93,000. Increased resolutioning of some smaller customers led to a modest decline in average revenue per Tagus customer as we ended the year. As we shed non-strategic businesses, full-year total revenue declined $26 million, yet gross profits were higher by half a million dollars. We continue to manage our cost structure and solution mix, leading to improving gross margins of 62.6%, up 300 basis points from FY21. Sales and marketing costs were flat compared to FY21 on an absolute dollar basis, although we shifted the mix of investment toward the channel. We continue investing to drive innovation on Tagus and maintain our lead in threat intelligence and research, reflected in a 15% increase in R&D last year. G&A expenses were down modestly from last year. Adjusted EBITDA was $19 million, down from $33 million last year, reflecting better gross margins offset by investments in R&D. Cash flow provided operations in FY22 was $17 million, with capex of $8 million. We finished the year with a record $221 million of cash, no debt, and an untapped credit facility. Turning to our guidance for FY23. First, keep in mind we have a 53-week year in FY23 compared to 52 weeks in FY22. We expect Tejas ARR to end FY23 over $265 million compared to $165 million this year. We expect organic growth to contribute approximately $50 million of the incremental ARR and sales should accelerate through the year as we get the full benefit of our investments carrying through to FY24. For Tagus and FY23, we're accelerating investments in brand awareness and global distribution with returns expected to be more meaningful in the back half of the year and into FY24. We expect other MSS ARR to end FY23 below $80 million compared to $224 million this year. Per our end-of-sale announcement, we have stopped selling these services with a few exceptions. As a result, we expect $90 to $100 million of ARR in FY23 to be either transitioned to partners, move in-house with customers, or churn. For the $80 million of ARR remaining at year end, we expect a significant portion to be eligible for re-solutioning with most done in FY24, enabling us to aggressively manage out the excess cost. We expect full year total revenue to be $475 million to $490 million, with first quarter revenue of $120 million to $122 million. For modeling, you can assume approximately $9 million of revenue for the 53rd week, Full-year adjusted EBITDA is expected to be between negative $58 to $68 million as we invest for growth. This guidance reflects the following expectations. Increase investments in sales and marketing by approximately $30 million. Our investment in R&D is expected to increase approximately $20 million this year to maintain our market lead. G&A is expected to grow slightly to $2 million. We estimate there is approximately $30 million of duplicate, fixed, and transition-related costs that we are incurring, with $15 million of cost of revenues and $15 million in OPEX. As we turn down our other MSS services, we will manage the related costs out, positively impacting FY24 and FY25. Contagious description gross margins are expected to increase in FY23 and beyond, though total margins will be impacted by the duplicative fixed and transition cost, resulting in overall FY23 gross margins being approximately flat. Operating expenses in FY24 should increase on an absolute basis, but we'll expect them to grow a lower rate than FY23, delivering operating leverage that brings us toward our long-term model. Finally, EPS loss is expected to be in the 61 to 70 cents range. In summary, we're making consistent progress against our transformation with continued improvement in our business mix and growth potential. The end of our business model transition is now in sight, and we believe that it's increasingly clear we have the right product at the right time to lay the foundations for growth and profitability for the company. Wendy will now join us again as we begin our Q&A. Operator, can you please introduce the first question?
spk00: I will now open the call for questions. If you have a question, press star, then 1 on your telephone keypad. As a courtesy to others, please ask no more than two questions. We'll take our first question from Mike Sikos with Needham & Company. Your line is open.
spk01: Hey, guys. Thanks for taking the question here. I wanted to circle up. I think in the prepared comments you had mentioned that the TAGIS revenue may have been slightly below 1%, what you guys were anticipating, and the two reasons being the resolution deals, maybe closing more of those at the end of the quarter, as well as the timing impact from customers turning down their CTP services. Can you delve further into both those dynamics? Just wanted to unpack that a bit.
spk03: Yeah, yeah. So as we built our expectations, we – forecasted some improvement in the speed at which those customers would come off their old services. And so that additional improvement didn't occur, as well as we had a larger amount occur later in the quarter, which is impacting the timing of the revenue. We're recognized as Tejas. We still have the revenue in our business.
spk08: Yes, I just add a little color to that.
spk03: The contracts are there.
spk08: The customers are committed to Tejas. It's just a matter of the revenue being recognized by the company and other MSS versus Tejas. So if you think about this, this is more of a transition challenge, not a value creation one.
spk01: Right, right. So I guess the question on the other service is turning down, right? So can you remind us again, like, what would cause a customer to hold on to those other services longer than expected? And I guess a follow-up would be when you've provided us guidance, and as we look to think about fiscal 23, Is there some element of assumption as far as customers maybe turning those off slower than expected?
spk08: Sure. So, I can speak to some of the examples of the customers. So, in most cases, these are some of the larger customers who are transitioning. And so, the pace at which they are essentially turning off their counter threat platform monitoring was slower than expected. There's a couple of things behind that. One, they're often just sort of checking twice to make sure there's absolutely no gaps in transition on their end. The second piece that we've seen is really some of them struggling with staffing, particularly IT staffing, which is often required in supporting the security team in making this type of transition, particularly for larger customers. And so that's definitely been something that we saw in fourth quarter with overall sort of staffing challenges in the economy. And then for some, in a few cases, as you know, we've been working with them to transition certain services to partners or in-house. And so there's been some examples where that transition, again, just dotting the I's and crossing the T's, that transition has just taken a little bit longer.
spk01: Got it. Got it. And one more, if I could. I know that you guys did provide a good amount of color when we're thinking about OpEx in the upcoming year. The investments that you guys are calling out, whether it's accelerating those investments in brand awareness, I think the other comment might have been around sales and marketing initiatives or partners. Can you get more granular on either one of those items? Just want to see how those dollars are expected to be deployed and is it Is the thought that it'll be relatively evenly spread through the year, or should we expect it to be more heavily front-year focused, back-end focused? Anything there, again, would be incremental. Thank you.
spk08: Well, I'll speak to the business side, and then I'll have Paul speak to the spread piece. So for us, this is really about doing the right thing at the right time. So we are in an ideal position to start to categorize on Finally, the market recognition of the sort of secular shift to XDR beginning. And with us having clear product market fit, customer advocates, the third-party recognition of both the XDR space and our leadership in it, now is really the time to lean in. And what we've seen is as we get into conversations and do a proof of value, we win the clear majority of those deals. And so, frankly, given our lower sales and marketing investments to date, This is a proof point of the value of the product when it's in the customer's hands or the prospect's hands. And so this marketing spend is about investing to get ourselves into every single deal conversation that we possibly can because when that door is open, we're going to win. So for us, this is also hand-in-hand with doing this with our partners, right, the XDR market education, supporting them in their go-to-market. And so as you think about the spend pieces, this is primarily around demand generation and what I'll call brand response, as opposed to sort of broad brand awareness. And the partner support pieces of that are absolutely integrated into that. And then to a lesser extent, what I would call that continued XDR education of why is the right security solution, and to some extent, some of the third-party recognition and customer advocacy support work. So really very targeted, the majority of the spend very targeted to customers the areas where we've seen increasing win rather than what I would call sort of broad generic brand awareness. And then I'll turn it to you, Paul.
spk03: And we step into the spend in Q1. And so we believe in this and we believe it's the right thing to do at this time. So we step into that and there's a slight increase in Q2, but consider it equally split during the rest of the quarters beyond that.
spk01: Thank you. I'll see the progress. Thank you very much.
spk00: Thank you. Our next question comes from Sterling Audie with JP Morgan. Your line is open.
spk06: Yeah, thanks. Hey, guys. So I'm wondering, the 60-40 split that you talked about now, what should we think about that split being as you exit this new fiscal year?
spk08: As we exit fiscal 23? So definitely safe to use that 60-40 split for the organic growth in fiscal 22. So still a pretty healthy balance between the two. But as we accelerated the transformation with the end of life and, frankly, just the ability to have had more customer conversations, that's how we ended the year. In Paul's remarks, in terms of FY23, We've guided that organic growth piece should continue to expand. That 50 million or more organic guide implies basically a 30% growth rate on the current total base for organic, and we're confident in that guidance. And all of that is still buoyed by tailwinds from partner program traction, obviously the marketing things we just spoke about, and this continuing shift of the the puck moving to XDR in the broader market.
spk06: And then the one follow-up would be, all right, with that under $80 million of MSS ARR that's left exiting fiscal 23, what's going to be the thought process in terms of what type of carrots versus what kind of sticks that you can use to kind of motivate that tail to finally convert over?
spk08: So for a piece of that, it's based in Asia where we are deploying some market-specific platform capabilities. So a big chunk of that is really our timing choice not to engage a section of customers, if you will. But for the remainder, we're having all of those conversations now. It's really about planning with them in terms of their – overall business priorities to make that transition as opposed to needing to provide particular carrots. Where we are now in the conversations, it's more about timing of transition than whether to transition or that need for a special incentive.
spk06: Understood. Thank you.
spk00: Thank you. Our next question comes from Hamzah Faderwaller with Morgan Stanley. Your line is open.
spk04: Hey, guys. Good morning. Thank you for taking my question. Wendy, I have a question for you on the XDR strategy. One of the things you mentioned was the data ingestion and the data lake component. It seems to me With XDR, one of the issues is not only how do you ingest the data from multiple vectors within your organization from a network, endpoint, cloud, et cetera, but also how do you standardize that so that you can analyze it properly and action upon it from a security standpoint. So I'm just curious how you're going about doing that because it seems like in security we're just really far away from having open telemetry models. When you think about the analysis portion, is that where your threat analysts and your threat intel experts come in and provide that human-level assistance, or is there some other secret sauce that you guys have that we're not aware of?
spk08: It's a great question, and thanks for it, because you're right. Part of the importance here is, one, having that broad data set in the data lake. For us, that means cutting across the entire ecosystem. I mean, if you look at our telemetry that we're processing, you know, the market really talks a lot about endpoint, but that's probably only about 40% of the event that we're processing day-to-day because there is a way that the adversary weaves through the environment that is important to have a holistic perspective. So it is absolutely the case that we leverage our experience, our team's incident response, adversarial testing, our security operations teams to basically understand penetration techniques and then how to reverse engineer them for defense and basically make those learnings machine readable, if you will, across this big data platform. But the foundational piece, as you mentioned at the start, is it's not just ingesting that data and then generating a bunch of alerts. It is very easy to detect anomalies, but it is hard to not bury those anomalies in a massive haystack of noise. And the way that we do that, because of our experience working across every point product in the industry as a service provider, historically, our understanding of that telemetry and normalization of that telemetry to then apply these techniques to the detection across that telemetry is the secret sauce that lets us have not just detections, but high fidelity detections that have high probabilities of potential damage that lets us really get to remediation quickly leveraging the automation on top of that, of course, to speed time to remediation, that is the answer that a true XDR platform should be providing using relevant big data that is leveraged in a way with detection understanding that is based on a knowledge of the threat actor's techniques.
spk04: I'll keep it at one. Thank you.
spk00: Sure. Thank you. Our next question comes from Sakit Kalia with Barclays. Your line is open. Okay, great.
spk05: Hey, guys. Hey, good morning, Wendy. Thanks for taking my questions here. Maybe just to start with you, Wendy, and apologies if this was asked. I joined a little late, but, you know, with all the focus on XDR, can you just talk a little bit about how much you are displacing traditional SIM instances, right, or installations, let's say, versus perhaps coexisting with a traditional SIM, you know, inside your customer base?
spk08: So it's a good question, and it is an evolving answer to that over time, right, as both the understanding of XDR grows and, frankly, customers come up for uh you know renewal or replacement of that sim based on their contract links with that knowledge of of xdr now getting more clear so there was in the beginning much more sort of a coexistence let's see how this goes let's use the data from where we are but very much now the the understanding that you can essentially address all of the use cases of sim plus do it better at a at a at a more reasonable cost of ownership with an XDR platform like Pages, we increasingly see that as an opportunity to shift share of wallet while giving customers better ROI and frankly, better security outcomes from it. Because if you think about what you're looking at here, it's about the ability to ingest relevant data, but again, to make it information, not just data, to enrich that with user and asset context. And for our customers, The fact that we are really helping to build and maintain those detectors or work with them to build those makes that XDR platform much more relevant on an ongoing real-time basis than a SIEM that could be very difficult to maintain and, frankly, could be expensive from a data perspective.
spk05: Got it. Got it. Paul, maybe for my follow-up for you, and again, apologies if this was mentioned earlier, but either quantitatively or qualitatively. As you look at sort of your, maybe looking backwards, as you look at your traditional MSS space, what percentage of them chose to re-solution with Tejas versus maybe explore other options? And I think, you know, I heard you talk about sort of average revenue per customer earlier. I wasn't sure if that was on a total basis, but the second part of that question is when an MSS customer does choose to re-solution, what's the typical uplift you see, you know, after that event takes place?
spk03: Yeah, so I think all of our customers are excited about the Tejas products. So when you ask about that, all of them are listening, all interested, all trying to determine for their, where they are in their walk, is this the right time for them? And so we see interest across the board. So if you're asking the interest level, very high across all customers. The actual plays into effect when the customer either resolutions or not, where are they in their walk on their technology? On your average revenue per customer, we're seeing roughly that a re-solutioning customer is coming in at roughly where we're selling new logos at. And we're very happy with the average revenue per customer.
spk08: Yeah, and for comparison, the 135,000 on Tagus compares to low 90s. So I think it's 93,000 on the CTP platform. So we continue to see higher average spend. With, again, the same situation, they're upshifting their entire posture for full coverage of their estate and are able, in some cases, to displace other standalone spend, which is now a feature of the platform. So that trend continues.
spk06: Got it. Very helpful. Thank you.
spk00: Thank you. Thank you. We'll now take our final question from Brian Essek with Goldman Sachs. Your line is open.
spk02: Hi, this is Charlotte on for Brian. Quick question. It's nice to see the record number of Tagus customers in 4Q400. Can you talk about how many of these logos were net new logos versus conversion of your existing base? Thank you.
spk08: Yeah, we talked about on the call that in terms of our growth for the year, the base of Tagus ARR is about a 60-40% We haven't seen a material shift in the average revenue per customer, and so those have generally been following the same mixed shift. Gotcha.
spk02: And another question on pages. Now that you have – with your endpoint partnership that you announced last year, have you seen a shift in the competitive landscape, or have you seen any changes?
spk08: In terms of the – I'm not sure exactly which – oh, in terms of the endpoint, NextGen AV is what you're referring to? Yes, exactly. We have quite a few endpoint partnerships. Yes, absolutely. We've seen nice traction from that. Again, the whole strategy behind that is giving customers the option for one-stop shop. We do find that customers in the lower end of the mid-market tend to want and capabilities where customers on the larger end of the market sometimes want to select individual security controls and then bring them together with Tejas XDR. So for us, that, again, is just about capturing share of wallet, making things simple and easy for customers to partner with us, and just makes a ton of sense for the capabilities of a holistic XDR platform.
spk02: Great. Thank you for the insights. Thank you.
spk00: There are no other questions in the queue. I'd like to turn the call back to Andrew for closing remarks.
spk07: Great. Well, that wraps up the Q&A and today's call. A replay of this webcast will be available on our investor relations page at secureworks.com, along with our Q4 web deck and additional financial tables. Thank you again for joining us today.
spk00: Thank you. Ladies and gentlemen this concludes today's call. You may now disconnect at this time.
Disclaimer