This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
Tenable Holdings, Inc.
5/1/2024
Greetings and welcome to Tenable Q1 2024 Earnings Conference Call. At this time, all participants are in a listen-only mode. A brief question and answer session will follow the formal presentation. If anyone should require operator assistance during the conference, please press star zero on your telephone keypad. As a reminder, this conference is being recorded. It is now my pleasure to introduce your host, Ms. Erin Carney, Vice President in Mr. Relations. Thank you, Ms. Carney. You may begin.
Thank you, Operator, and thank you all for joining us on today's conference call to discuss Tenable's first quarter 2024 financial results. With me on the call today are Meet Yuran, our Chief Executive Officer, Dave Vince, our Chief Financial Officer, and Jason Merrick, Senior Vice President Product. Prior to this call, we issued a press release announcing our financial results for the quarter. You can find the press release on our IR website at tenable.com. We will make forward-looking statements during the course of this call, including statements relating to our guidance and expectations for the second quarter and full year 2024, growth and drivers in our business, changes in the threat landscape in the security industry and our competitive position in the market, growth in our customer demand for and adoption of our solutions, including tenable one, planned innovation, and new products and services. The potential benefits and financial impact of our recent acquisition of Aramedic, our expectations regarding the cost savings associated with optimizing our go-to-market efforts, and our expectations regarding long-term profitability and free cash flow. These forward-looking statements involve risks and uncertainties, some of which are beyond our control. which could cause actual results to differ materially from those anticipated by these statements. You should not rely upon forward-looking statements as a prediction of future events. Forward-looking statements represent our beliefs and assumptions only as of today and should not be considered representative of our views as of any subsequent date. And we disclaim any obligation to update any forward-looking statements or outlook. For further discussion of the material risks and other important factors that could affect our actual results, please refer to those contained in our most recent annual report on Form 10-K and subsequent reports that we file with the SEC. In addition, all of the financial results we will discuss today are non-GAAP financial measures, with the exception of revenue. These non-GAAP financial measures are in addition to and not a substitute for or superior to measures of financial performance prepared in accordance with GAAP. There are a number of limitations related to the use of these non-GAAP financial measures versus their closest GAAP equivalent. Our press release includes GAAP to non-GAAP reconciliations for these measures. I will now turn the call over to Amit.
Thank you, Erin. We're very pleased with our results in the quarter. CCB, revenue, operating income, and cash flow all came in better than expected. Our leadership and exposure management resulted in strong momentum in Tenable One. In short, we're off to a good start for the year. There are two clear takeaways this quarter. First, exposure management, the category we pioneered over five years ago, is increasingly recognized as a crucial practice for security teams. Tenable is uniquely positioned to identify and mitigate risks across the attack surface, including cloud, identities, operational technology, applications, and IT assets. And second, that the convergence of these categories onto a single platform is the most efficient way to truly understand and reduce risk. And we believe we are the only security vendor in the market providing these capabilities with tenable want. Let me go deeper on the first point. Exploiter management is gaining widespread attention and validation from security practitioners, industry analysts, and vendors. In fact, Gartner predicts that by 2026, organizations prioritizing their security investments based on an exposure management program will suffer two-thirds fewer breaches. We believe there's no company better positioned than Tenable to seize this opportunity, thanks to our early focus and ongoing commitment to delivering innovative exposure management solutions. And our focus is paying off, with these solutions now representing approximately half of our total new sales in the quarter, inclusive of Tenable One. This momentum is a result of customers realizing that managing risks in siloed programs is failing them. Security products for identifying and closing exposures of different types are still very disjointed, forcing security teams to work in isolation, just like their tools. This approach to security makes it extremely difficult to defend against advanced threats or more sophisticated campaigns that leverage multiple attack methods and complex tool sets. For example, an attacker may gain access from an endpoint vulnerability, move laterally to an over-provisioned identity for privilege access, and from there, exploit a misconfigured service running in the cloud. Point solutions simply are not able to identify and remediate these risks across domains. A unified approach that consolidates visibility from assets, identities, and misconfigurations spanning across domains from on-prem to the cloud to critical infrastructure creates leverage and insights previously stovepiped. This is exactly what Tenable One is designed to deliver. A great example of Tenable One's impact involves a multi-billion dollar automotive parts company that selected Tenable One in Q1. they were looking to gain a unified understanding of risk across their tax surface. Recognizing the limitations of separate solutions, they replaced a key incumbent in vulnerability management with Tenable, while also adopting Tenable OT and cloud security to extend their visibility and remediation capabilities. Notably, the customer opted for our cloud security solution because it outperformed several well-known pure play CNAP competitors in uncovering exposures in the cloud and the fact that it integrates with the rest of their staff using Tenable One. We repeatedly encounter scenarios that underscore this new way of thinking. Conversations with customers and prospects often lead them to realize the dangerous limitations of using separate products to manage risk, like using a specific control system security product that has no connection to the rest of their environment. Customers are coming to grips with the fundamental truth. You cannot fully understand the risk of an interconnected environment when your risk management practice is compartmentalized. These scenarios are the reasons why solutions like our OT and our CNAP capabilities are gaining traction with our customers. Given the scope of our coverage, Tenable stands out in our capacity to identify and prioritize risk. We leverage the data lake built around exposure information that encompasses hundreds of billions of aspects of threat, vulnerability, entitlement, and configuration data. This robust foundation underpins all of our products, from CNOT to vulnerability management to identity to OT. Each product is strengthened by the deep insights gleaned from our entire portfolio. Last quarter, we continued to innovate aggressively in exposure management along many fronts, including the integration of more generative AI capabilities into Title I. These new advancements bring to life interactive attack path visualizations and offer an AI assistant that answers queries and delivers specific mitigation advice. This tool gives our customers real-time access to the latest exposure data tailored to their specific environment. In addition, it provides customized guidance for fixing these issues. In an era marked by huge cybersecurity talent shortages, our generative AI-driven enhancements help streamline workflows, enhance security insights, and boost productivity. And once again, position Tenable at the forefront of exposure management innovation. We have demonstrated an ability to differentiate our core products as well as with our broader exposure management platform, whether it's in identity, OT, cloud security, or our unified platform, we are delivering solutions that enable our customers to better understand and remediate risk. And we are doing it in a way that has delivered impressive margin expansion. Finally, on a personal note, thanks to everyone for the well wishes regarding my recent diagnosis. My treatment is going well, but my voice has been temporarily impacted. As a result, I will not be able to fully participate in the Q&A session today and apologize in advance for subjecting you to even more time with Steve. But I do look forward to speaking with you in the upcoming investor events in the near future. I'll now turn the call over to Steve for further commentary on our financial results and outlook.
Thanks, Amit. I'm glad to see that you have not lost your sense of humor. Now, on to our results for the quarter, which reflect better than expected top-line growth and operating income. Calculated current billings defined as revenue recognized in the quarter, plus change in current deferred revenue grew 12% year-over-year to $197.8 million. CCB exceeded expectations for the quarter, and accordingly, we are increasing our annual CCB outlook today. As Amit commented earlier, Tenable I was a major highlight in the quarter and grew to 26% of total new enterprise sales, up from 22% last quarter. Exposure Solutions, which includes Tenable One and standalone cloud security, identity security, and operational technology security, represented approximately 50% of our total new enterprise sales in the quarter. We believe this reflects the growing demand for our exposure management solutions and the actionable insights it delivers to CISOs and their security teams. Turning to other highlights, Sales to new customers were exceptionally strong for us. During the quarter, we added 410 new enterprise platform customers, including a healthy number of six-figure lands. The strength in new logos resulted in nearly 30% year-over-year ACV growth from our newly acquired customers. To put matters in perspective, this was one of our best quarters for year-over-year ACV growth to new customers since 2022. This dynamic impacted our net dollar expansion rate, which was 109% this quarter compared to 111% last quarter, which we believe is a result of the natural variance in the mix of pipeline opportunities between new and expansion. The takeaway here is that we saw strength in new logo sales and large lands, and we believe it's enabling us to win share in the exposure management market. Pipeline generation was also strong for us and is very encouraging. Our net new six-figure customers decreased by four in the quarter. This is a result of a higher than usual number of customers who dropped below the $100,000 threshold in Q1 of 2023, which impacts this metric now because these customers dropped out of the LTM count this quarter. This was concentrated primarily in the financial services and tech and telecom verticals that were impacted by the regional banking crisis in March of last year. This dynamic more than offset the strong number of new six-figure logo lands in the quarter. I would note that we always have some number of customers who dip below the $100,000 threshold in any given quarter. Q1 of 23 was an outlier last year, and consequently, we do not expect this to be a headwind to the net new six-figure customer calculation for the remainder of this year. Now, on to the P&L for the quarter. Revenue. was $216 million, which represents 14% year-over-year growth. Revenue in the quarter exceeded the midpoint of our guided range by $3 million. Our percentage of recurring revenue remains high at 96% this quarter. I'll now turn to expenses. I'll start with gross margin, which was 81% this quarter and last quarter and higher than our expectations. Gross margin benefited this quarter from the successful integration of our public cloud infrastructure and the overall efficiency with which we have been able to scale our exposure management platform. Sales and marketing expense was $84.5 million, which was down from $88.5 million last quarter. Sales and marketing expense as a percentage of revenue was 39% compared to 41% last quarter. Sales and marketing expense was lower sequentially, primarily due to reduced headcount from our cost optimization efforts, seasonally lower program spend and commission expense, and was partially offset by the cost associated with our annual sales kickoff conference in February. Overall, we are pleased with the improved efficiency in our go-to-market efforts this quarter and expect sales and marketing spend as a percentage of revenue to trend lower over the remainder of the year. R&D expense was $32.6 million, which was up from $27.8 million last quarter. R&D expense as a percentage of revenue was 15% this quarter compared to 13% last quarter. R&D expense increased sequentially, primarily due to increased personnel costs and other costs, largely in cloud, analytics, and VM, as well as the foreign R&D tax credits that we received last quarter. G&A expense was $20.6 million, which was up from $19.5 million last quarter, primarily due to higher payroll taxes, which reset the beginning of the year. G&A expense as a percentage of revenue was 10% this quarter compared to 9% last quarter. Income from operations was $37 million, which was significantly better than expected and exceeded the midpoint of our guided range by $9 million. Operating margin for the quarter was 17%, which was 400 basis points better than the midpoint of our guidance. The outperformance in earnings this quarter reflects the timing of certain expenses and our ability to deliver profitable growth and drive leverage in the business while continuing to invest in our largest market opportunities. The sizable beaten up income resulted in significant EPS upside. EPS for the quarter was 25%. which is 8 cents better than the midpoint of our guided range. Now let's turn to the balance sheet. We finished the quarter with 510.8 million in cash and short-term investments. Accounts receivable was 156.8 million and total deferred revenue was 722.7 million. Current deferred revenue was 562.6 million, which gives us a lot of visibility into expected revenue over the next 12 months. We generated $54.7 million of unlevered free cash flow during the quarter, which is up from $43.3 million last quarter. With high recurring revenue, gross margins, and renewal rates, we feel confident that we can continue to expand our operating and free cash flow margins over the ensuing years. Our higher margin profile has also caught the attention of the rating agencies, as Moody's recently upgraded our issuer credit rating to BA3, as well as S&P's upgrade to BB- in late November. During the quarter, we repurchased 526,000 shares of our common stock for an aggregate purchase price of $25 million. That leaves $60.1 million of remaining authorization under our share repurchase program. We continue to take a programmatic approach to partially offsetting our share creep and will continue to evaluate the size of the program going forward based on valuation of our common stock, as well as other factors. With the results of the quarter behind us, I'd like to discuss our outlook for Q2 and the remainder of the year. For the second quarter, we currently expect revenue to be in the range of $217 to $219 million. Non-GAAP income from operations to be in the range of $34 to $36 million. Non-GAAP net income to be in the range of $28 to $30 million, assuming interest expense of $8.2 million, interest income of $5.9 million, and a provision for income taxes of $3.1 million. Non-GAAP diluted earnings per share to be in the range of $22 to $0.24 million, assuming 124.5 million fully diluted weighted average shares outstanding. And for the full year, we currently expect calculated current billings to be in the range of 986 to 994 million, revenue to be in the range of 900 to 908 million, non-GAAP income from operations to be in the range of 158 to 163 million, Non-GAAP net income to be in the range of $135 to $140 million, assuming interest expense of $32.8 million, interest income of $24.2 million, and a provision for income taxes of $12.3 million. Non-GAAP diluted earnings per share to be in the range of $1.08 to $1.12, assuming $125 million fully diluted weighted average shares outstanding. and unlevered free cash flow to be in the range of 220 to 230 million. I'd like to provide some commentary regarding our increased outlook today. Our CCB guide represents a range of 13 to 14% growth for the full year and reflects a 2 million beat in our expectations in Q1 and a $1 million raise at the midpoint. Similarly, revenue reflects a $3 million beat and a $1 million raise at the midpoint of the range. Consistent with the directional comments I provided on our last call, we expect CCB growth to accelerate modestly in the second half of the year as we continue to build pipeline opportunities in the first half of the year in connection with our more expansive CNAP offering and some of the newly acquired capabilities from Hermetic. Our guidance today also reflects a full-year operating margin of 18% at the midpoint, which is a 50 basis point improvement over our prior guidance and is a terrific start to the year for us. We continue to expect to follow the similar seasonal spending patterns as prior years, with incremental investment more weighted in the first half of the year, resulting in higher operating margins in the second half. I also want to provide an update on the restructuring cost that we discussed in February. We incurred $1.4 million of restructuring cost in Q1, associated with one-time severance benefits related to the reduction in force that took place in January, which was better than the $2 to $3 million range that we previously provided. Further, we are still in negotiations to sublease a portion of our real estate, which is expected to result in a non-cash impairment charge of $6 to $7 million in Q2. Please note that restructuring expenses are excluded from our non-GAAP results. And finally, as a reminder, our next update to unlevered free cash flow will be on our Q2 call.
Thanks, Steve. In summary, Q1 was marked by a healthy balance of growth and margin expansion. We are excited about where we are as a company and the opportunity in front of us. We hope to see you at the Morgan Stanley Conference in the coming weeks. We'd now like to open the call up for questions for Steve. Also, Jason Merrick, our Senior Vice President of Products, is here today to participate in the Q&A sessions.
Thank you. We will now be conducting a question and answer session. If you would like to ask a question, please press star 1 on your telephone keypad. A confirmation tone will indicate your line is in the question queue. You may press star 2 if you would like to remove your questions from the queue. For participants using speaker equipment, it may be necessary to pick up your handset before pressing the star keys. One moment, please, while we poll for questions. The first question comes from the line of Joel Fishbein with Truist Securities. Please go ahead.
Thank you for taking my question, and congrats on the good quarter. I'd like to ask about Hermetic. I know that Amit talked about a win there in the automotive space that included cloud security. I'd just love to understand the competitive dynamics around that space, and I just have a quick follow-up for Steve.
Please go ahead. Hello? Speakers, please go ahead. Fishbein, Mr. Fishbein, just give me a moment. Mr. Aaron? Ms. Connie, can you please go ahead and speak? Your line has been unmuted. All right, just give me a moment.
Ladies and gentlemen, the speaker line has been disconnected. Please be on hold while we quickly get them reconnected.
Ladies and gentlemen, the speaker line has been reconnected. Please go ahead.
Can you hear us? Mr. Fishbein? Yes, sir. I'm here.
Okay. Hi. Thanks for taking the question, and congrats on the good quarter. Jason, I had one for you and a quick follow-up for Steve. Amit mentioned on the call the Hermetic win with the automotive company, and that's obviously great. I'm curious about the competitive dynamics around Hermetic. Obviously, the space is fairly crowded, and what differentiates that offering that you have in the marketplace and talk about maybe the competitive dynamics of why you won. That would be helpful. Thank you.
Yeah, Joel, thank you very much for the question. So we could not be more excited with the competitive capabilities across the Tenable portfolio and even more so with our cloud security solution that Aeromedic brings. You know, with their more expansive CNAP capabilities, It gives our customers the ability to leverage the entire platform, but we also have the flexibility for customers to choose specific components within our cloud security offering. The customers can choose infrastructure as code, CFPM, CWPP, but we also believe that we've got the industry-leading cloud infrastructure entitlement management capability. The acronym is called KIM. This gives organizations the ability to have visibility into the entitlements of the workloads that are working in the cloud. And this is a differentiator for us in the market. Even customers that have made a cloud security solution today with other competitors are choosing to add our Kim capability in. Now, the other major competitive dynamic is Tenable One and being able to bring the cloud security data into Tenable One.
Great. Thank you so much.
Thank you. The next question comes from the line of Brian Essex with JP Morgan. Please go ahead.
Hi, good afternoon, and thank you for taking the question. I was wondering, maybe either Jason or Steve, could you talk about the spending environment in macro? I know last year Q1 was a bit unusual. What do you think so far? You're a bit early in the earnings season, so it would be great to get your insight around how you see the spending environment unfolding so far this year. Are enterprises willing to spend, maybe compare that to the environment last year, and where you're seeing any strength or weakness, whether that's on the enterprise side, recovery in the small bank, credit union side after the disruption last year. Maybe give us a sense of that and how the pipeline is looking as we head into Q2. Thank you. Sure.
This is Steve. I'll say first, I think we're executing very well, certainly within the confines of the current market. Overall security spend remains healthy and a top priority. And as we said earlier, exposure management, a category that we pioneered, continues to gain widespread adoption and validation, not only from security practitioners, but also partners and industry analysts. Gardner, as you heard earlier, is now talking about cyber exposure as a critical means to reducing breaches. We're seeing large enterprise organizations create exposure management departments. We're seeing our partners, too, starting to develop exposure management practices and hire exposure management engineers. So clearly there's a lot of momentum in the space, and specifically with our platform. So one of the major areas of trends for us was with Tenable One, our unified platform and exposure management offering. It represented 26% of our total new sales this quarter, something 22% last quarter. We also saw strength in our core VM business where we continue to enjoy high win rates. And out of the gate here, we're very pleased with the demand that we're generating specifically in cloud. Top of the funnel there remains very strong. We're seeing some terrific engagement on both the customer and the partner front. So overall, we're seeing good spending across the board, good start to the year, and we think we're providing a good outlook as a result.
Got it. Helpful. Congrats on the results, and we'll keep it to one. Thank you.
Thank you. Next question comes from the line of Saket Kalia with Barclays. Please go ahead.
Okay, great. Hey, guys. Thanks for taking my questions here, and great to hear everybody's voice. Steve, maybe just to start with you. You know, just on that last point, great to see just that growing mix of Tenable One and as a percentage of new sales. Do you have any data or just even anecdotes on what exposure management modules outside of Core VM customers are most gravitating towards? Because you get a nice uplift there on Tenable One versus sort of kind of buying a la carte. What are the modules that are sort of driving that most often?
Yes. Well, a good example of that is our largest win within the quarter. It's a seven-figure win with a European manufacturer. We specifically – it was Tenable One. We won the cloud security mandate, so that was the tip of the spear for us. And then along with that purchase, we displaced an incumbent VM vendor, and we also sold OT security, which we now have more recently integrated into Tenable One. So – Tenable One is a means for customers to not only understand the risk posture across the attack surface, but also is allowing us to consolidate many categories of security, not only VM, but also cloud and OT, as I just mentioned. Web app is also one of those modules that continues to get good traction for us. And I would say, not only in terms of the breadth that we offer in Tenable One of the areas of the attack surface that we secure, but it's also the insights and the analytics It's connecting all the vols and all the threats with the identities and the entitlements and those who can make lateral movement. So we could not be more pleased with the momentum we're getting in 10 of the 1. And again, there's just a lot of traction with exposure management, as I mentioned earlier. And certainly it's resonating well, not only with customers, but also partners.
That's great. And maybe for my follow-up, and and it's maybe something for both you and Jason, and maybe it's also related to that answer that you gave, but one thing that sort of stood out to me was just the better new logo ACV in the quarter. I think that's what you specifically called out, Steve. Maybe it's some of the things that you just talked about, but what do you feel like is driving that success, particularly with new logos? And as I just think about some reasons, maybe it's a better VM market. Maybe it's that sort of momentum and exposure. Maybe it's market share gains. Any thoughts on sort of what's driving that? It's good performance all around, but particularly with new logos. Any thoughts there would be helpful?
Yeah, that's a great question. And I think the market is starting to dictate this. I can tell you that at Tenable, we're having more conversations with CISOs that are looking for more than a single solution vendor. And with Tenable, we have the portfolio of products to help an organization be able to deal with the ever-growing attack surface. And maybe this is an area that I can explain a little bit more about Tenable One and what it does for our customers. It starts with we build an inventory for a customer. We bring in assets from the cloud, from OT. We bring in identities, human and non-human. We can even bring in third-party data assets. So being able to bring in all of this information so an organization has the ability to understand what assets they're responsible for. The second piece is we then analyze that inventory. We look for findings. We look for risk. We look for toxic combinations. And we contextualize and normalize this information. And then the third step is we help with prioritization. We give business context from a business organization what the associated risk is and why it's important. But just as importantly, we also give the technical prioritization details, what assets need to be remediated. This helps with compliance. This helps with regulation. and drives remediation. And then lastly, and really truly the power of Tenable One as we bring all these things together is the analytics, the ability to optimize, the ability to share this information with executive management, with boards, and with peer groups to be able to drive actionability. And if you think about it, it's circular. So that continually, the inventory constantly changes. And the power of Tenable One is we build that inventory. We analyze the inventory for risk and toxic combinations. we help with the prioritization, and we help with the optimization.
Super helpful. Thanks, guys.
Thank you. Next question comes from the line of Hamza Fordewallo with Morgan Stanley. Please go ahead.
Great. Good afternoon. Thank you for taking my question. Steve, a lot of macro uncertainty out there. I'm wondering, just on the spending environment again, How would you characterize the environment relative to when you last gave guidance 90 days ago? And could you give any commentary on early pipeline trends for Q2 as it relates to your guidance for Q2 and for the full year? Thank you.
Well, specifically with regard to Q2, pipeline remains healthy. And this is the first time we're setting expectations for the quarter and providing an outlook. And the outlook we're providing we think is strong, not only for Q2 but also for the year. And as a reminder, in Q1, we beat CCB. We beat revenue. We're flowing through the beat for both CCB and revenue. We're also raising in both of those areas. So the outlook for Q2 we believe is absolutely strong. The outlook for the year is more improved than 90 days ago. And, you know, I would say certainly some areas of strength, as we talked about earlier with regard to Cannibal One and even in our core VM business. where there's lots of opportunity for us, and we continue to remain strong there. Some of the areas that have been more fluid for us over the past year were strong for us, specifically mid-market. We're off to a good start. Spending environment was, again, healthy this quarter. The steel sizes continue to be favorable. We're making a lot of progress with cloud there, transacting large six-figure deals. OT continues to resonate not only in the enterprise market, but also in the mid-market, so certainly Mid-market was another area of strength. And I would also say, you know, the Fed in Q1, defense and critical infrastructure was an area of strength for us in the public sector. We also saw good traction with state and local and higher ed. Pipeline in Fed remains exceptionally strong. And we did have the opportunity to see A little bit of upside in the quarter from U.S. Federal, but CR continuing resolution influenced and capped some of the upside for us in the quarter. That said, the selling environment, I would say, is stronger now than last year. And we had a great year last year in Fed. And we expect to have another strong year this year. Funds are starting to open and flow down to different agencies. Activity around customers is as strong as we've ever seen. So we're certainly excited. We think we're providing a bullish outlook on the year and certainly a good start to it with regard to our results for the quarter.
Okay, very clear. Thank you, Steve. Thank you.
Next question comes from the line of Andrew Nowinski with Wells Fargo. Please go ahead.
Great. Thank you for taking the questions, and it's great to hear that Amit's recovering is going well. I wanted to ask, Steve, maybe just a follow-up on the Fed side. As it relates to the Ivanti vulnerability that seems pretty widespread in the industry, I guess, was that one of the drivers of Fed demand, and how much of an impact did it have on the quarter or your pipeline going forward?
You know, things like that that, you know, that kind of bubble up pretty fast don't have a big impact in the current quarter. We can see some upside there. But as I commented earlier, what drove the results in Fed and Q1 was defense and critical infrastructure. You know, and I would say, you know, 10 of 1 is certainly an area that continues to resonate well, certainly within at the federal level. But we're also seeing a ton of strength at state and local and higher ed where OT also remains a tailwind for us. So overall spending environment is very strong for Fed. I'm super excited about not only Q2, what's ahead for us there, but also headed into the strong Fed year end in September quarter.
Okay, and then it looks like the net retention rate dipped down to about 109% this quarter. I guess, when do you think that will bottom out, and how are you thinking about it going forward? Sure.
Yeah, well, the net dollar expansion rate in the quarter, as I mentioned earlier in the call, was really a consequence of the mix of business, more skewed towards new versus expansion. By the way, that is a very good thing for us. And The one thing I will say is that we provide a lot of color on our business with regard to the metrics that we provide. We disclose the number of new customers. We disclose the number of large deals and the rate of expansion with customers in the current quarter. It's important to note that we do not optimize our business around a single metric, and these metrics can fluctuate naturally from quarter to quarter. And I'll say that all of our KPIs are meant to be evaluated in aggregate so you have a better appreciation of the factors that influence our results for the quarter. And with respect to the expansion rate, it is possible that we could see fluctuations going forward. That said, we feel good about our outlook for the year, which reflects modestly higher growth in the second half of the year, consistent with our talk track last quarter. And that would indeed be driven by an improvement in one or more of those metrics.
Got it. Thanks, guys.
Thank you. Next question comes from the line of Brad Reback with Stifel. Please go ahead.
Great. Thanks very much. Steve, I know during the prepared remarks you talked about an acceleration in CCP growth in the back half of the year consistent with last quarter. What are things that need to get better for that to happen? Thanks.
Sure, I would say a couple of things. First, again, this is very consistent with the talk track that we offered up in our last call. As a reminder, we acquired Aromatic in October of last year, and our mandates were very clear. Number one, integrate the current capabilities of technical with the Aromatic platform, which we have done and will certainly need to do. Number two, work to build pipeline opportunities. So the guide that we gave, last quarter, which was 12% to 14% growth, we said directionally expect slightly lower growth the first half of the year, in particular Q1. We're delighted to deliver outperformance relative to those expectations that we set in the first quarter today. And then we also said honestly higher growth with regard to cloud security in the second half of the year as we complete the product integration, as we build pipeline opportunities and we start to work towards closing those opportunities over the course of the ensuing month. The other thing I'll say is certainly Fed. That's going to be a catalyst of growth. Could not be more bullish about Fed, the pipeline that we have, the mandates that we're getting, and certainly the engagement with our customers. So nothing's really changed in our outlook for the year this quarter relative to last.
Great. Thank you very much.
Thank you. Next question comes from the line of Jonathan Hall, a brilliant player. Please go ahead.
Hi, good afternoon, and just wanted to also echo my thoughts and prayers with Amit as he continues to improve as well. Just wanted to get a sense from you in terms of the OT markets. You've mentioned this a number of times in the discussions, but what's maybe changed there, and where are we in terms of the adoption curve around these OT solutions? Thank you.
Yeah, absolutely. Great question. So what you're seeing in the industry is quite interesting. With the roles of the CISO, more CISOs are having to accept the risk to be able to take over the OT security requirements. So not only are we seeing this in manufacturing and industrial controls, but we're also seeing this in building management systems, that CISOs are now having to take on responsibility of this. Just recently, I was with a CISO in the financial services sector who has just gotten a mandate from his board that he is now responsible for the building management system. And we're seeing this trend across the board where CISOs are now having to take on more and more responsibility. So by being able to give the visibility, not only from VM, not only from cloud, but being able to bring an identity in OT and bring that data together, we really do find that we have a unique opportunity, and we are seeing a significant number of opportunities in the OT space.
Great. Thank you.
Thank you. Next question comes from the line of Mike Sikos with Needham & Co. Please go ahead.
Great. Thanks for taking the questions here, guys. I think the first one for Steve, and I just want to make sure I better understand the guidance that we have here today. So I know 2Q coming in slightly below on the top line versus where consensus was, but you guys are taking up full year above and beyond just this one QB, right? And I just wanted to get a better understanding that second half acceleration that we're looking for. Is that really a function? of what you're seeing in pipe related to Fed. Is it part of the outperformance for 1Q here? Any change in assumptions around mid-market? Can you better flesh that out for us? Sure.
First, in terms of Q2, as I mentioned, this is the first time we're providing any commentary around the quarter. So the guide we think we're giving in Q2 is strong. It's reflective of the execution and the outperformance in Q1, as well as our revised outlook for the year um and i would say uh you know there's in terms of the spending environment i think there's a confluence of factors that are impacting that number one we're continuing to see strength in the mid market number two we talked about public sector that will be a source of tailwinds for us during the course of the year specifically as we head into the fed's fiscal year end in september um and certainly uh cloud security where we're building pipeline opportunities so Overall, if you look at the guide that we're giving, 217 to 219 for revenue, the high end is in line with the consensus. We think we're set up well for success, not only in the current quarter, but also for the rest of the year.
Got it. Thank you for that, Steve. And if I could just shift over to Jason for a second, really on the product here. We saw that Tenable had released AI-assisted and attack path analysis And I know that that is a part of your higher tier SKU, if you will. It's Tenable One Enterprise, right? So should we think about Tenable's strategy with the Gen AI capabilities as really helping drive an up-tiering, if you will, towards those higher SKU packages?
That was a great question. So I think first, fundamentally, we have to, as Tenable, what we are doing within AI, it's important to understand that That to be competitive in AI, organizations have to have proprietary information, information that they and the industry have that differentiates across the competitive landscape. At Tenable, we're the market leader in vulnerability management. We've been doing this for over 20 years. So we have a ton of rich information. knowing more about threat and volume data and cyber than any other organization. The second piece is we have the ability to leverage insights from, you know, our 40,000 plus customers and bringing that in as part of our model training and giving us the ability to then put this throughout the product. So the first place that we put it into was attack path analytics and providing the AI function there. And again, that is part of our, you know, top tier, um, 10 of a one offering. So we've got organizations today, for instance, a large shipping manufacturer, the exposure management team is leveraging the attack path analytics enabled with AI to actually help drive prioritization and visualization of how the systems are actually connected. And that's just one example, but we're seeing that across the board. Our plan is also to take the AI function and capability and embed it across the entire portfolio. So it's not just the, you know, top tier tenable one analytic components. We're going to be bringing this into VM. We're going to be bringing this into our identity exposure capability. We're going to be bringing this into, you know, all of our service delivered solutions. And we're super excited about that capability because it's going to help organizations to with explainability, drive prioritization, and drive analytics.
Understood. Thank you very much for that. I appreciate the time, guys.
Thank you. Next question comes from the line of Patrick Colville with Scotiabank. Please go ahead.
Hey, thank you so much. Great to be on the call and also great to be part of the Tenable story. Steve, let me ask you a question. I want to ask about the competitive environments in core vulnerability management. I mean, you've got one competitor who over the last couple of quarters and this year is really stepping on the gas in terms of investment. You've got another peer that's going through quite a deep restructuring. I guess, what are you seeing in terms of competitive dynamics in vulnerability management and how are these impacting Tenable at all?
Well, I would say the market and competitive dynamics there are very favorable for us in VM.
VM was a source of upside for us in the quarter. Our close rates and our win rates remain very high. We believe differentiation is very apparent. You know, investing in this market is not a recent phenomenon for us. It's something that we've been doing over the course of the years. And... We have been investing. We recognize the importance of the VM market. And we believe that success there translates to opportunity elsewhere. So we are, we believe, a clear and unequivocal leader. We have the largest customer base. Now in terms of device coverage, most expansive in terms of device coverage, you can see that we're adding 400 new customers a quarter. And yes, a good number of those are coming from Tenable One. But within Tenable One, we're having success selling VM there and addressing a VM use case. But a good number of those customers are also coming from our core VM offerings, such as Security Center or IO. So for us, VM is an incredibly important market. It's one we're going to continue to invest in. We are continuing to differentiate, and we're continuing to displace customers Incumbent vendors, as we mentioned earlier, our largest opportunity, our largest deal in the quarter was a seven-figure opportunity where we displaced the current VM incumbent. And there's many stories like that all within those 410 customers that we announced this quarter. So overall, we were incredibly bullish on VM going forward.
And I also want to add that we are also investing in innovation in VM. So we're not resting on our laurels. We're going to be adding new capabilities that are really, truly focused on the VM practitioner that is going to create a lot of excitement for our customers.
Terrific. Thank you.
Thank you. Next question comes from the line of Gary Powell with PTIG. Please go ahead.
Okay, great. Thank you for taking the question. So, yeah, I was just hoping to dig in on some of the disclosures. The stats you gave on Tenable One at 26% and then broader exposure management solutions at 50% of new sales was really helpful. Is there anything you can do to give us like a sense as to what standalone cloud security contributed or was the bigger contribution of that incremental more like on the OT and like, you know, some of the other products in there?
We do not disclose bookings or CCB by product. And what I will say is, look, you know, tenable one is nearly half of the, we said 26%, so nearly half of the 50% of our new sales is coming from exposure management solutions. Exposure management solutions is either selling the platform standalone or selling individual products such as cloud security or OT individually to address a specific use case. And so... We're having success selling both. What we did say, though, with regard to cloud security is expect greater contribution the second half of the year related to the acquisition of our MEDIC as we look to begin, start building pipeline opportunities and closing deals the second half of the year regarding our more expansive CNAP offerings. So overall, I would say we're seeing good growth in cloud security specifically. Obviously, continue to see good growth with Tenable One and You know, we expect both Cloud Security and Tenable One to be talents for us during the course of the year.
All right, that's directionally helpful. Thank you.
Thank you. Next question comes from the line of Shaul Eyal with TD Coven. Please go ahead.
Thank you. Good afternoon, everybody. Congrats on results and great to hear Amit is doing much better. My question also on new logos. Leaving aside that sizable displacement that you had and you just announced and discussed, were mostly the 410 logos, were they mostly displacement or were they mostly greenfield?
That's a good question. What we said is on average or what we have said in this quarter was no different. is about a third of all of our new logos are greenfield opportunities. And these are customers, specifically I'll say within VM, customers that have had no enterprise-wide VM solution. They could be using a systems integrator. They could be using an MSSP, an outsourcing VM. So there's, for us, lots of untapped opportunity, not only within VM, but certainly elsewhere, as we look to invest in some of the biggest markets in all of cyber, such as cloud, identity, So about a third of our opportunities are greenfield, which means consequently some of these are displacements. And again, we continue to have very high win rates against incumbents. And there's no change in the competitive dynamics, certainly within VM.
Thank you. Thank you.
Next question comes from the line of Rudy Kissinger with DA Davidson. Please go ahead.
Hey, this is Andres Miranda for Rudy. First of all, congrats on the numbers. I just have a quick question for you guys. Could you quantify the hermetic contribution to revenue and CCB in Q1 or any other data points that we can use for the model?
Well, hermetic contributed minimally in Q1, and that's expected. We closed on Armatic in Q4. We're hard at work integrating the product. We're in market selling the more expansive CNAP offering, and we expect greater consequences from Armatic the second half of the year. And our outlook for Armatic specifically has not changed since our last call. We said we expect two points of incremental CCB growth because of Armatic, and that has not changed this quarter.
Great, thank you. And just a quick one. What percent of your sales came from the overlay teams in the past years? If you could maybe give us some color there. And are you seeing any sales reps selling the entire portfolio successfully since the past brief that you announced?
Yeah, well, we're seeing most, if not all, of our sales reps selling combined offerings. So we're leading with Tadpole 1. Tenable One is a use case that resonates with customers. It obviously helps customers understand their risk more broadly across the attack surface, and it leads to higher selling prices for us. And some of our highest close rates in the company are coming from Tenable One. Also, half of all of our new logo six-figure lands are Tenable One. So we're getting great traction with Tenable One, transacting larger deals, and having success selling it to our customers. In terms of the overlays, it's something that we talked about on the last call, which is, look, over the course of the years, we have broadened the product portfolio and evolved from having a singular focus on VM, which we continue to do very well and we continue to be the market leader, but also addressing adjacent markets such as web app security, cloud security, OT, identity security, ASM. So we've broadened the product portfolio. We have brought new products to market. Our reps have had success selling those. Initially, when you do that, it requires the use of some specialist reps, some overlay reps. But what we have recognized is that we have had success selling those products in our own right, and those products become more mainstream. We've become less reliant on overlay reps. Again, specialists are going to be really important here, and we continue to have those. But I think what you're seeing today in terms of the efficiency of our spend in sales and marketing really reflects the sales organization's ability to sell the broader exposure platform.
Thank you. Thank you.
Next question comes from the line of Shyam Patil with Susquehanna. Please go ahead.
Hey, this is Aaron on for Shyam. Thank you for taking our question. Jason, maybe this one's for you on the product side. You gave that helpful answer a few minutes ago on the generative AI offerings and roadmap. Just as we think about the generative AI roadmap, what do you see as kind of the low hanging fruit in terms of things you can add on in the near term versus what's more of a longer term objective and opportunity? Thank you.
Yeah, absolutely. Great question. So from a product perspective, I think there's a couple of pieces that we will go and we will leverage our AI capabilities. First and foremost is being able to pull together information and enrich it that helps a security practitioner understand the risk of an asset. So this is a term that you're going to hear us use a lot more called toxic combinations. The ability to pull together not just the asset information but combine this and enrich it with identity data is So I can now pull together that I've got an individual with elevated credentials that has access to this critical system and being able to expose that. AI gives you the ability to pull together all of this information very quickly. And so there's an explainability component within this. So instead of a practitioner going through a kind of mining for all of this information, because we collect a significant amount of data for our customers, providing that quickly is an easy, what I would call, low-lying fruit. We're also going to be enabling an AI chatbot capability. So think of it as a tenable expert at your fingertips. So the ability to do generative AI questions where you can say, hey, what are my top threats? What is my CEO vulnerable to? And being able to get context to that information. I think that even from a business standpoint, AI can help organizations find blind spots, areas that they're not scanning, areas that they need of improvement. So I think that with our AI capabilities, while they're going to help with prioritization explainability, it can also drive business outcomes. You've got a grouping of cloud services that are not being scanned, or you've got a grouping of assets that just came up in a subdomain, and our tax service management product brought that up. So being able to highlight those business cases for organizations I think are super powerful. And again, I think that we've got a phenomenal opportunity with the Tenable data that is going to make our LLM powerful and really important across the product portfolio.
Very helpful. Thank you.
Thank you. The next question comes from the line of Patrick O'Neill with Wolf Research. Please go ahead.
Hey, thanks for taking my question. This is Patrick on for Josh. Just was hoping to get a little more color on the 109% NRR. Is there anything to call out on expansion generally being worse or gross retention being worse outside of the FinServ, tech, and telecom names that you called out? Thanks.
Hi, this is Steve. No, retention was really good. This quarter, this is the moderation, the expansion rate, and it's really a function of the mix of business. And in Q1, it was skewed towards new. Specifically, we added 410 new enterprise platform customers, lots of new six-figure logo lands. And within those cohort of new customers, we grew year-over-year ACV, by 30% from newly acquired customers. So certainly a strong quarter for us for new business. That's a very good thing for us. And, you know, that had an impact on our expansion rate.
And then one quick follow-up, if you don't mind. How should we think about that number going forward and sort of what's baked into the guidance? I know you don't explicitly guide to that or measure the business to one metric, but sort of what's baked into the guidance around that full year NRR? Thanks. Sure.
So in terms of our outlook for the year, our outlook does reflect higher growth the second half of the year for reasons I just described. And that would mean that we would see improvement in at least one, if not more, of the three key KPIs that we provide. Again, we provide a number of large customers. We provide new enterprise platform customers. We also disclose the expansion rate. And we would need to see at least one specifically one should I say improvement in one of those metrics it could come from any one of us perfect appreciate it thank you this concludes today's teleconference you may disconnect your lines at this time thank you for your participation