This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
spk04: Good morning. My name is Joel, and I will be your conference operator today. At this time, I would like to welcome everyone to the SecureWorks first quarter fiscal 2023 earnings conference call. All lines have been placed on mute to prevent any background noise. A supplemental slide presentation to accompany the prepared remarks can be found on the company's website. After the speaker's remarks, there will be a question and answer session. If you would like to ask a question during this time, simply press star followed by the number one on your telephone keypad. If you'd like to withdraw your question, press the pound key. Thank you. At this time, I would like to turn the call over to Paul Parrish, SecureWorks CFO. Mr. Parrish, you may begin your conference.
spk01: Thanks, everyone, for joining us. With me this morning is Wendy Thomas, our CEO. During this call, unless otherwise indicated, we will reference non-GAAP financial measures. You will find the reconciliations between these GAAP and non-GAAP measures in the press release and presentation posted on our website earlier today. Please also note that all growth percentages refer to year-over-year changes unless otherwise specified. Finally, I'd like to remind you that all statements made during this call that relate to future results and events are forward-looking statements based on current expectations. Actual results and events could differ materially from those projected due to a number of risks and uncertainties, which are discussed in our press release, web deck, and SEC filings. We assume no obligation to update our forward-looking statements. Now I'll turn it over to Wendy.
spk07: Thank you, Paul, and welcome, everyone. We executed against our first quarter plan, and the structural growth drivers of our business remain strong. The end market for XDR is growing, And our transition allows us to build a stronger recurring revenue business designed to capture growth. We continue to build deep relationships with customers and invest in the Tejas platform. And we see benefits from accelerating Tejas adoption, new use cases, and upsell opportunities. And this gives us confidence in the sustainability of future growth over the long term. Because the opportunity for Tejas, a true open XDR platform, is tremendous. Our OpenXDR approach has customers choosing Tagis as a way to future-proof their security. They tell us Tagis is their long-term cybersecurity solution because it easily evolves to secure their changing technology infrastructure, and Tagis' expanding threat detection and response capabilities enable them to stay ahead of the threat. From the onset, we developed Tagis with a unique and purpose-built architecture designed to be flexible, and enable seamless innovation, ensuring our customers achieve their best security outcomes now and in the future. And the conversations we're having today with both customers and prospects are notably different from just a year ago, as we see a growing understanding that XDR is the right answer to today's security challenges. In fact, Forrester found in a recent survey of over 400 security decision makers that XDR is their number one security priority in the next 12 months, and 60% of those had plans to invest in XDR solutions in the next 12 months. Why? What security professionals recognize is that securing endpoints or networks individually in a siloed approach does not work. Point solutions leave critical gaps in visibility, and aggregating multiple logs often fails to yield critical detections or bury security professionals in a sea of alerts. Redactors have learned to weave between point solutions, staying out of sight. XDR is the clear solution to this. But even with XDR, companies are faced with another key choice. Do they go with a proprietary or open XDR model? To our customers, the choice is clear. In their view, an XDR solution that only operates on a proprietary stack removes optionality with vendor lock-in. and introduces risk in a forced rip-and-replace approach. The head of security operations at one of our customers said it best, by leveraging SecureWorks' OpenXDR approach, we won't have to lock ourselves into vendors. In short, SecureWorks' approach to XDR future-proofs our customer security program. And that's reflected in our changes numbers, which continue to demonstrate one of the fastest customer and ARR growth rates in the market. with the addition of 900 customers since Q1 of last year, and the addition of over 100 million of CAGIS ARR. That represents nearly 150% year-over-year growth, and we ended first quarter at 180 million in CAGIS ARR. Our focus this year remains on delivering high-value security solutions to the market and making targeted investments in CAGIS to capitalize on the market transition to XDR. In terms of our strategic transformation, we remain on track as we continue to re-solution our counter threat platform customers to Tagus and manage out non-strategic services and resale revenue. In first quarter, we arrived at a key inflection point in this transformation journey. We ended the quarter with nearly 50% of total subscription ARR on Tagus, an important milestone for us. In parallel, we continue to drive gross margin expansion. Our combined CTP and TAGIS subscription gross margins were 69.9% this quarter, an increase of over 200 basis points versus first quarter last year. So why now and why SecureWorks? From our customers' perspective, TAGIS helps future-proof them in three ways. First, TAGIS was designed from the ground up with a purpose-built big data architecture that delivers a new, holistic way to see, analyze, and act upon security data. And to do so, it leverages all the data, not just data from endpoints, not just data from networks, nor from just a single public cloud provider. Cages was designed to gather petabytes of data and apply its unique detection capabilities to find and prioritize security alerts. For example, this quarter we signed an international law firm who came to us from a competing XDR provider that was network centric. The customer initially thought to implement a SIM, but the lack of automated response capabilities, coupled with high data retention costs, enabled us to demonstrate that the SIM implementation would be too complex and costly to maintain. With TAGIS, they quickly ramped up an efficient and economical security program with round-the-clock threat tracking and protection. The company now has time to develop its internal team over time, partnering with SecureWorks to build a stronger security stance than ever before. Second, TAGIS future-proofs our customer security through broad and deep threat detection. Detection that is powered by an optimum mix of machine learning and applied security expertise. This quarter, we introduced enhancements to our detection capabilities, adding more threat context and customization options, which drives investigation efficiency and speed to response. I'd highlight particularly the expanded capabilities of our unique detection engine, which we call TacticGraphs. We codify threat actor behavior patterns into the TAGIS platform continuously. We leverage our findings from about 3,000 incident response and adversarial testing engagements each year, together with the proactive research insights of our counter-threat unit. Pages' ability to correlate observations from multiple telemetry sources and security controls at scale across petabytes of data allows TacticGraphs to detect threat actor movements with high precision. As we open up development on TacticGraphs to partners and customers, We expect the detection capabilities of the platform to only accelerate further. Third, Tagus was designed from the outset as an extensible platform for collaboration and innovation. It gives our customers direct access to our security experts so that they can actively collaborate on investigations. It's also an extensible platform. The Tagus community can share integrations, playbooks, and more. This is all backed by the security operations expertise that we bring to the table. Simply put, there are not a lot of players with a combination of XDR capability and the security services pedigree, an area where we have dominated, that SecureWorks offers. This powerful combination helps customers scale their security team with a high degree of effectiveness. One example from this quarter was a newly signed customer, a preeminent services firm in North America. They had multiple SIM and point technologies that were causing SecOps inefficiencies and security misses. This left them both exposed to threat actors and exposed to spiking cyber insurance traits and ISO audit challenges. With SecureWorks TAGES, they had, day one, full security visibility and threat detection across their entire environment. Plus they benefited from TAGES playbooks for automatic and proactive threat hunting. their team has since been collaborating with SecureWorks experts, augmenting their capabilities and restoring some balance to their overworked SecOps team. These differentiators are open, purpose-built XDR platform, designed for collaboration and automation of work for security analysts, backed by deep security expertise that we infuse into our platform and solutions. These are the things that SecureWorks customers value most. A final thought I'd like to touch on today is the opportunity that Tejas affords our customers through flexibility, particularly for customers who are looking to maximize the return on their security investments for the long run. Tejas future proofs them not just against the evolving threat landscape, but empowers them to maintain continuous security across future changes in their technology estate while optimizing their security spend. I'll share an example. We have an existing retail industry customer that re-solutioned to the Tagus platform in Q1. They had close to 50 one-off security point solutions that were overwhelming their security team with portals and complexities, forcing them into a continuous state of reaction. With SecureWorks Tagus, they were able to displace duplicative spend by leveraging existing Tagus capabilities to remove several point solutions and do so with a higher standard of security. They gained full coverage of their environment while relying on Tejas XDR to eliminate alert noise. And importantly, their total spend on security has declined, while their spending with SecureWorks has increased fourfold. This industry has seen a lot of investment in security companies and growing customer spend on security. But what we haven't seen is a reduction in damages from breaches. Tejas was built to fix this. The holistic and open nature of Tejas XDR puts us in a more strategic conversation with our customers about protecting their mission critical workloads and driving better business outcomes. We're able to take their current security investments and make much more of them. And Tejas XDR can analyze more data with better accuracy and greater speed than our competitors, ultimately providing more security and more value to our customers. Tagus XDR's unique open and purpose-built platform can help turn the tide in the battle against the adversary. I want to thank our customers and our partners for joining forces with us and thank our teammates for their hard work and commitment to realizing SecureWorks mission to secure human progress. With that, I'll turn the call over to Paul Parrish, our CFO.
spk01: Thanks, Wendy. Tagus continues to gain traction in the market. ARR increased $108 million year-over-year to end Q1 at $180 million, a 149% growth rate over prior year Q1. We've added 900 customers since Q1 of last year, up 180% over the prior year, to end the quarter at 1,400 total Tejas customers. And Tejas subscription revenue was $37.2 million for the quarter, up 167% year-over-year. Average revenue per Tejas customer was approximately $129,000, remaining a premium to our non-Tejas customers, which averaged $88,000 per customer. As we continue to re-solution customers and grow new business on the platform, we ended the first quarter with nearly 50% of total ARR on Tejas. As Wendy mentioned, this is an important milestone for SecureWorks, as it means we've arrived at a key inflection point in our multi-year business strategy. We continue to see Tagus expanding to about three quarters of total ARR by the time we exit FY23, as we continue transitioning from non-strategic services to our Tagus-led business model. On an overall basis, Total revenue was $121 million in Q1, which was consistent with our expectations. We continue to scale our cost structure and benefit from our Tagus-led solution mix shift. Overall, Q1 gross margins expanded 120 basis points from the prior year first quarter, with subscription gross margins at 69.9% of 210 basis points year-over-year. We continue to raise our voice and profile in the market with targeted investments, resulting in sales and marketing costs increasing to 31.1% of total revenue, up from 25.6% in Q1 of FY22 and 29.9% in Q4. We are continuing to work closely with our customers to innovate and deliver new features that align with their strategic priorities and our development roadmap further differentiating TAGIS in a fast-growing market. Accordingly, R&D has increased to 25.3% of revenue, up from 19.4% of revenue in the first quarter of last year and 22.6% of revenue in Q4. G&A expenses were down slightly in dollars compared to Q1 of the prior year, on lower professional service and consulting-related cost. Adjusted EBITDA loss was $7.8 million compared to an $8.1 million gain in prior year Q1. The overall swing of $16 million was driven by a combination of reduced revenue and gross profit as we actively exited non-strategic, lower margin services and continued investments focused on our long-term growth strategy. Cash flow used by operations in 1Q fiscal FY23 was $25 million as compared to a 30 million use of cash in prior year Q1. Note that Q1 is typically impacted by our annual performance payout. While the adjusted EBITDA differential swung approximately $16 million year over year, we improved use of cash year over year on lower DSOs. CapEx was $2 million for the quarter, relatively flat with prior year. We finished the quarter with a strong balance sheet $186 million of cash, no debt, and an untapped credit facility. Turning to our guidance for FY23. We reiterate our guidance and continue to expect the following for full year fiscal 23. Tagus ARR to end FY23 over $265 million, demonstrating our confidence in in-market growth opportunities and in our ability to win deals and execute. Organic growth to contribute approximately $50 million of incremental ARR. Sales should accelerate through the year as we get the full benefit of our investments carrying through to FY24 and beyond. We're accelerating investments in brand awareness and global distribution with returns expected to be more meaningful in the back half of the year and into FY24. Other MSS ARR to end FY23 below $80 million. Of the approximately $80 million of ARR remaining at year end, we expect a significant portion to be eligible for re-solutioning with most done in FY24, enabling us to eliminate duplicative costs of the CTP platform. Total revenue to be $475 million to $490 million. Full year adjusted EBITDA to be in the negative $58 to $68 million range, which includes our investments in sales and marketing and R&D. Finally, full year EPS loss to be in the 61 to 70 cents range. Regarding Q2, we expect revenue of $115 million to $117 million with an EPS loss in the 15 to 17 cents range. FY23 continues to be an inflection point in the company's transition as we shed non-strategic services and complete the resolutioning of our base to Tejas with a significant majority of customers completing that transition by FY23 year end. The resolution of our base is positioning TAGIS for future organic growth. In summary, we're making consistent progress against our transformation with continued improvement in our business mix and growth potential. The end of our business model transition is now in sight, and we believe that it's increasingly clear we have the right product at the right time to lay the foundations for growth and profitability for the company. Wendy will now join us again as we begin Q&A. Operator, can you please introduce the first question?
spk04: At this time, I would like to remind everyone in order to ask a question, you can press star 1 on your telephone keypad. We'll pause for just a moment to compile the Q&A roster.
spk00: The first question is from the line of Saket Kalia with Barclays.
spk04: You may ask your question.
spk06: Okay, great. Hey, good morning, folks, and thanks for taking my questions here.
spk07: Good morning.
spk06: Good morning. Wendy, maybe just to start with you, a lot of great customer examples in your prepared remarks. I was wondering if you could just double-click a little bit on the idea of SIM replacement. And more specifically, to what extent do you find Pages is replacing SIM installations at your customers versus coexisting? with SIM at your customers. Does that make sense?
spk07: It does, and I'm going to talk about that in probably two different ways in terms of SIMs and then what I would call more IT observability platforms. So when we think about traditional SIMs, even next-gen SIMs, there's not a coexistence model. It doesn't make sense, right? Cages can do all that they do and more. So it's got the detections that you don't have to maintain, reporting, that's either standardized or customizable. So you can have that angle. You have the log retention included. We include 12 months as standard with options to extend. And what we have that they don't, obviously, is the automated response capabilities and much lower cost to maintain. It's cloud native. And we're doing the heavy lifting on maintaining and building out the detections and response automations. So from that perspective, it economically and from a security efficacy standpoint doesn't make sense to coexist. Where we do see some coexistence again is where the core system, if you will, is really around IT observability or IT use cases. And in those cases, XDR fulfills the security aspect of that. And from our seat that in many cases that can be a pretty powerful partnership opportunity to work with those platforms who, you know, potentially ingest a good bit of data in order to fulfill their use cases. And we can leverage that data mutually to add a much more effective security program on top of that. Does that answer your question?
spk06: Yeah, that does. That's super helpful. Paul, maybe for my follow-up for you, you know, you touched on this a little bit in your prepared remarks, but can you just dig into the conversion opportunity a little bit, or re-solution opportunity, maybe I should call it, for counter-threat customers over to Tejas, and sort of how you're thinking about the timing of that conversion and what you're doing to encourage that conversion, if you will.
spk01: So as Wendy mentioned in her open comments, You know, we see the XDR market is hot. It's growing. And so that is encouraging our customers to take a look at our solutions as we talk to them about the resolution. So as we set our guidance this year, we have a perspective on how we will exit this year with the balance on a remaining counter threat platform, which we gave guidance of 80 million or less. And so we still see all this syncing together, how we set guidance. So we're still feeling very good. We believe our customers are looking at our product favorably. And matter of fact, when they do resolution, we're still seeing that positive uplift when they exchange out of the older product to the new product and still hovering somewhere around that 20% uplift as they exchange that product. So we still feel very good about that progress.
spk00: Got it. Very helpful. Thanks, guys. Thank you. The next question is from the line of Mike Sikos with Needham.
spk04: You may proceed.
spk03: Hi, team. Thanks for getting me on the call this morning, and good morning. I wanted to ask you guys about the AOR spend behavior that you're seeing with existing TAGE's customers. It's probably still a little too early to start calling trends just based on the that may concede the product or maybe the cohort of customers that we had a year ago. But I'm curious, can you provide any detail or color how customers' TAGIS spend has changed over the course of the year if they're coming up on 12 months? What's the behavior like within that cohort?
spk07: Sure. So let me sort of level set on the average revenue per customer on TAGIS. relative to CTP and talk about new and resolution first, and then we can talk about sort of expansion of those customers with multiple modules. So the average revenue per customer on TAGUS this quarter was $130,000, pretty close to what it was in fourth quarter. And we see that average is pretty consistent now across both newly signed customers and resolution customers. We did have a tick down in average revenue per customer in 4Q with just the resolution customers as we moved deeper into the base of smaller customers historically. What we see, though, is that our target remains, especially as we continue to move up into the enterprise space, a 200,000 average revenue per customer model based on our current target market. And part of the way that we get there is the opportunity to upsell our customers on additional modules. So you already see us with a higher average revenue per customer than many of our competitors in the space, which is both a function of the market that we play in as well as what's included versus additional modules. We include much more in the core XDR products than competitors who try to monetize those separately. And for us, we are now seeing a substantive number of customers have at least one additional module from TAGIS, which is helping us to continue to expand our spend. And frankly, we think that will help with renewal rates as well as they become stickier customers.
spk03: Thanks for that. I appreciate the color there. Just one follow-up and really on that last comment there. It was that you're seeing a substantive number of customers have at least one additional module, right? Maybe to square that away for a more apples to apples comparison, but if I think about it even quarter to quarter or year to year, is that one additional module, how does that compare to where we were even a year ago? Are we seeing higher attach rates or more cross-sell in the current environment? given the maturing platform that you guys have out there now?
spk07: Yeah, it's a good question. So it's definitely a material lift in that. So nearly 70% of our customers now have at least one additional module, and that could be an additional product or a services module like elite threat hunting. I would have to get the exact number from a year ago, but it definitely has expanded quite a bit in the last year, both as we've expanded the base and just over time cross-sold back into the original customers and had additional modules to offer.
spk03: Very helpful. Thank you very much, guys. I'll turn it over to my other colleagues.
spk04: Thank you. The next question is from the line of Hamza Fadarwala with Morgan Stanley. You may ask your question.
spk02: Hey, good morning, everyone. Thanks for taking my questions. Wendy, maybe first question for you. If you could just talk a little bit about what you're seeing in the security spending environment. Obviously, it sounds like it's been pretty strong year to date, but I'm wondering if you're seeing any changes at all in a less certain macro environment. And then just to follow up to that is when you constructed your guidance, Could you factor in any changes around sales cycles or pipeline conversion at all?
spk07: Sure. And I can just talk about what we're seeing in sales cycles and then let Paul speak a little bit to the guidance. So in terms of the economy, you know, I was here at SecureWorks back in the 2008 timeframe when there was a bit of a blip in the market. We were obviously a lot smaller and watching our cash. And what we saw then is, you know, and your guess is as good as mine around the economy, is probably what we're seeing right now, which is that the, you know, security spend is pretty mission critical. It's really one of the stickiest areas of spend in enterprise budgets. They may look to have some trimming, but not necessarily full-type cutbacks. What we saw before and potentially could see now is a sales cycle lengthening as opposed to a precipitous drop in spend. That would be my best guess on that front. However, we haven't seen that yet. We've had a sales cycle of about a quarter for Tagus that is longer on the legacy platform for quite some time. So far, no big change there, but If I had to make a guess, that would be the area I would look to.
spk01: And then as we set guidance, we looked at our trends, and so we took that consideration as we set guidance, as well as the continued growth and pace at the growth with our product in relation to the market growing. So all that was considered as we put our guidance up.
spk02: Just specifically, Paul, if I could follow up, you know, when you – Did you assume perhaps a bit lower pipeline conversion or longer sales cycles in your guidance explicitly?
spk01: We looked at what was occurring as we exited Q4, and to the extent there was a range that we could put our parameter around, we included that in our guidance, so definitely we captured a portion. Is it what could occur during Q2, Q3, so forth, that's yet to be determined, but we have an element there in our guidance setting. Got it. Makes sense.
spk02: Um, just one, one last question on, um, uh, untated, I'm just curious how you get around, um, avoiding some of the data in just cause, um, that we've seen some traditional, um, some vendors have that make them obviously, um, sometimes cost prohibitive, um, from a customer standpoint, how do you get around that with pages so that you can not only deliver effective security, but also deliver it at a, at a, at a more efficient price point?
spk07: Sure. And I'll talk about that from two angles. The most important angle is from the customer seat. And we very consciously made the decision to price TAGIS based on endpoint count. And that way for customers, it is very predictable. There are no additional data charges unless they decide to purchase longer storage than 12 months. But there is no variable data charges that catch customers by surprise. and their ability to outlook their endpoints is their ability to outlook their spend with us. So that's a real differentiator, not just against SIMS, but against some other XDR providers who do create that exposure for customers to charges. And frankly, from my seat, create a disincentive to do the very thing that makes them more secure, which is to have all the data to be able to run highly correlated detections find that needle in the haystack. So we do not want to disincent the security value of that data either. So, of course, the flip side of that question is, well, how do you manage that in terms of your cost structure? And as you can see, even with the MDR services included in our subscription margins, we are just at 70% gross margins this quarter because we have a purpose-architected XDR platform that is very conscious about the types of data that we need quickly, right, real time search capabilities for security advocacy and those that we can have lower cost storage structures for things that you just want to search over time. And the combination of that architecture with our kind of constant management of instances and such with AWS is how we're able to grow our margins at scale while still having a pricing model that is predictable for customers.
spk00: Thank you.
spk04: Thank you. The next question is from the line of Brian Essex with Goldman Sachs. You may proceed.
spk05: Hi, good morning, and thank you for taking the question. Maybe, Wendy, I'd love to get a sense for what you're seeing so far with kind of adoption of the Tagus platform. And I guess the question is more along the lines of where you see yourself fitting in relative to some of the other business models that are out there in terms of you know we we have um you know some managed service providers you know going through kind of an incident response related channel and kind of leaving their XDR technology behind we have ecd vendors that are extending into XDR um you know how do you see yourself and obviously and totally get the you know, the ability to have an agnostic platform that's kind of open in nature. But I want to see, you know, right now you've got a nice tailwind from the re-solutioning, but where do you think this environment kind of ultimately ends up in terms of competitive dynamics versus the way that other vendors are kind of trying to penetrate the space?
spk07: Sure. Good question. You know, the simplest way I think about it is really the X, the D, and the R, and XDR, what makes us different from different approaches to the market, and you really called out several of them. And the X truly is the extended piece, which is right, that it's not just endpoint only, and then it's not just a proprietary stack where you have to use their endpoint, their firewalls, et cetera. So I think that's one of the fundamental differences. On the other end of the spectrum is the R, and so there are a lot of XDR players out there who do not have what I call the big R. They may promise that, come in with a low price point, and then what customers find out is that they are truly on their own. So when we think about being able to compete with a very well-regarded incident response program underneath that 40 hours a quarter included in our program, MDR program, which is a real differentiator from competitors that's a truly big R. And in the middle there, it's really around the detection, and that's where we win against all players who come from all angles because of the way that we don't just ingest data, which many XDR providers say, well, we ingest everything. It's really about the normalization of that data and the powerful detections across that data.
spk05: that that we compete against those players in those three areas and no one has that combination of truly the x the d and the r got it that's super helpful and i guess you know maybe relative to some vendors that may come at this from an epp angle and you know the catalyst of displacing a legacy endpoint vendor would be kind of you know their their tip of the sphere so to speak to go to market um how do you envision the way that you might penetrate the market is primarily direct sales or, you know, are you getting traction with some of the solution providers that may be, I guess, architecting a more holistic solution around an EPP conversion? Like, how do we think about, you know, your ability to get in front of customers to actually, you know, illustrate the benefit of your platform?
spk07: Sure, I'll take that in two pieces. One is kind of the EPP play generally, and then two is the partner play, which really goes beyond just that particular displacement strategy. And the reason that we added, we have our own proprietary agent, we have next gen AV capabilities to make it frictionless for customers to choose if they want a more economical approach to XDR, including EPP, we absolutely have that for partners to be able to offer to customers to run that play. And that was a conscious decision on our part. Do we require it? No. They have a leading endpoint product. We work with those products in order to prevent risk to customers of force, rip, and replace. But we get in. We become the interface to the customer and show them economic models over time that they can shift into. The second piece is really around partners, and as we've stated before, it is a key part of our strategy to expand both with partners who resell SecureWorks products as well as provide ancillary services on top of that. We've very much been working to enable those partners with speed to market by sharing our bridge support around developing service models and security operations centers to do that. So we do see a continued increase in the percent of partner sales as a percent of our revenue. I would like to see that go faster. I anticipate that's going to start to go faster as we've been building these relationships and getting partners ramped. But pleased on both fronts and we want to give them more than just the EPP play, the SIM play and others for them to go in and seek opportunities to increase revenue with their base.
spk05: Got it.
spk00: Got a very helpful caller. Thank you. Thank you.
spk04: There are no further questions at this time. Mr. Parrish, I will turn the call back over to you.
spk01: Okay, that wraps up the Q&A in today's call. A replay of this webcast will be available on our investor relations page at secureworks.com along with our Q1 web deck with additional financial tables. Thanks again for joining us today. Have a good day.
spk07: Thank you.
spk00: This concludes today's conference call. You may now disconnect.
Disclaimer