Varonis Systems, Inc.

and welcome to Verona System Inc. First Quarter 2024 Earnings Conference Call. At this time, all participants are in a listen-only mode. A brief question and answer session will follow the formal presentation. If anyone should require operator assistance during the conference, please press star zero on your telephone keypad. As a reminder, this conference is being recorded. It is now my pleasure to introduce your host, Mr. Tim Purge, Investor Relations. Thank you, Mr. Peirce. You may begin.

Thank you, Operator. Good afternoon. Thank you for joining us today to review Varonis' first quarter financial results. With me on the call today are Yaki Fidelson, Chief Executive Officer, Guy Malamed, Chief Financial Officer, and Chief Operating Officer of Varonis. After preliminary remarks, we will open the call to a question and answer session. During this call, we may make statements related to our business that would be considered forward-looking statements under federal securities laws, including projections of future operating results for our second quarter and full year ending December 31st, 2024. Due to a number of factors, actual results may differ materially from those set forth in such statements. These factors are set forth in the earnings press release that we issued today under the section captioned Forward-Looking Statements, and these and other important risk factors are described more fully in our reports filed with the Securities and Exchange Commission. We encourage all investors to read our SEC filings. These statements reflect our views only as of today and should not be relied upon as representing our views as of any subsequent date. Varonis expressly disclaims any application or undertaking to release publicly any updates or revisions to any forward-looking statements made herein. Additionally, non-GAAP financial measures will be discussed on this conference call. A reconciliation for the most directly comparable GAAP financial measures It's also available on our first quarter 2020 for earnings press release and investor presentation, which can be found at www.veronis.com in the investor relations section. Lastly, please note that a webcast of today's call is available on our website in the investor relations section. With that, I'd like to turn the call over to our Chief Executive Officer, Yaki Fileson. Yaki?

Thanks, Dean. And good afternoon, everyone. Thank you for joining us to discuss our first quarter results, which represented a strong start to the year. In addition to discussing the results, I would like to review our SaaS transition progress and the key drivers of our business for this year. But first, let me remind you why Voronis exists and the problems we solve. Data is valuable, which is why bad actors want to steal it. Companies invest in security, to protect the data, but securing it is very difficult. Voroni solves the problem by helping companies locate their sensitive data, visualize who has access to it, lock it down, and detect and respond to threats on it. And because of the sophisticated automation that we have built into our Voroni SaaS platform, customers spend very little time and effort to protect their data, and now, With MDDR, we reduce this even more. This allows companies to collaborate safely and get the most value from their data while managing risk. Our first quarter results reflect the sustained momentum of our SaaS transition and the positive reception of our managed data detection and response service, or what we refer to as MDDR. ARR grew 17%, to $560.3 million, and we generated $56.4 million free cash flow this quarter versus $35.7 million last year. SAS ARR now represents approximately 30% of total ARR. Guy will review our Q1 results and our updated guidance in more detail. I want to express how proud I am of the Voronis team While the selling environment had stabilized, it remains challenging, and the Voronis team executed well during the first quarter, and I believe that we are only scratching the surface of what lies ahead for us. The transition to a SaaS delivery model continues to show momentum because of the many benefits that our customers realize, and I will quickly remind you of a few. Customers can achieve automated outcomes, which means they can ensure The data is protected with very little effort. SAS is quicker to deploy and operationalize because of significantly lower infrastructure and personal investment. And SAS is easier to maintain and upgrade. Additionally, there are three key benefits that we realize they are shorter sales cycle, larger initial length, and margin benefit over time. In addition to our SAS transition, I would like to discuss There's three additional drivers of the business that I mentioned last quarter, which are our MVDR service, the adoption of enterprise-generated AI, and increasing compliance requirements. Today, I would like to focus on MVDR and Gen AI. Last quarter, we introduced our MVDR service, which is the first managed service for monitoring and protecting critical data. It is a paid service, that builds upon our proactive incident response offering by providing service-level agreement and around-the-clock coverage. It is important to note that this service is only possible for our SaaS customers because of the visibility and automation built into our SaaS platform. We just began selling this offering in the first quarter, and we have already started to see great momentum with it, so let me explain why this is already happening and why we view this as a game changer for our company. MTDR is a natural evolution of our platform and fills a significant unmet need in the market. One of the challenges pixels face is that they don't have the people to monitor and investigate alerts fast enough. Now with MTDR, We take this burden on customers and put it on us. If we see a threat anywhere within our MDDR customer base, we can stop it and simply notify the customer after the problem has been solved. We can do this because we pioneered the use of machine learning for data security and user behavior analysis, giving us years of experience building highly accurate threat models. Our team leverages the significant automation, plus our unique metadata telemetry, such as data sensitivity, access event, and permission that allow us to detect if data is under attack and to catch threats missed by others. I've also been asked to clarify the value our MVDR service provides to customers that already have an endpoint detection and response service or a managed detection and response service? The answer is actually very simple. When the perimeter fails, we believe that we are best positioned to save companies because we have been monitoring the data inside that perimeter ever since we started. Companies sometimes pay millions for other threat detection and response services, but when an incident happens, the services that don't focus on data can only show you when the attack began. We struggled to answer the most important question, was any data stolen? MDRs and EDRs can reveal how a bad actor gained access and what tactics they used to get in that cannot tell a customer if any data was taken. The situation is that discovering a bank was robbed but having no certainty about the most important elements, whether money was stolen or if the vault remained secure. This blindness is why organizations with sophisticated security stocks can still feel victim to data breaches from insider threats or attacks bypass the perimeter. Without Varonis, data is usually far too accessible to anyone or anything inside the perimeter and isn't closely monitored. This means more data is likely to be breached and companies have a harder time quantifying what was taken during the breach, making the liability much higher. Varonis customers automatically shrink the blast radius, which reduces the potential damage that an insider can do, and forces bad actors to work harder to get to sensitive data, giving us more opportunities to catch them. With mDDR, we often catch bad actors before they get to data. And because we watch the data, we are able to quickly quantify the damage. This means we can stop the breach and limit their exposure and their potential liability. This is why no matter what platform a customer has, they will still need MVDR. To finish our bank robbery example, Moronis MVDR watches the money around the clock and can tell the bank manager that their money is safe and the vault is secure. Now, I would like to touch on our generative AI opportunity This technology presents tremendous productivity opportunities. But in order to reap the benefits of it, you need strong data security. For example, AI can reveal critical data to the wrong machines and people because most generative AI tools utilize existing access controls, which most organizations have in lockdown, leaving them overexposed. Companies also need to prevent sensitive data from being used in large language models, and hackers will leverage these tools to steal important data more easily. Bottom line, generative AI is forcing organizations to take hard look at their data security strategy. This is why we continue to see generative AI coming up in so many of our customers' conversations as organizations try to understand how they can safely realize the productivity benefits. So far, companies are taking a very careful approach and are thoughtfully considering these potential risks before expanding from the pilot phase into organization-wide rollouts. As a result, we expect the near-term adoption of the wide-scale Gen AI to be measured as companies gain comfort around how they can secure their data. Overall, the feedback we are hearing from customers only serves to strengthen the conviction we have in our ability to benefit from this enormous secular tailwind. Our partnership with Microsoft is progressing well, and one month ago, we announced the industry-first cybersecurity solution for Microsoft 365 CoPilot. This will be sold as an add-on to our existing Microsoft 365 staff package and allows organizations to monitor co-pilot data access in real time, detect abnormal co-pilot interactions, and automatically limit sensitive data accessible by both humans and AI agents. In addition to the enhancement to our platform, we are seeing GenAI act as a catalyst for conversation with prospects, and although We aren't yet seeing material ARR from Gen-AI-related deals. We are seeing healthy pipelines built with respect to this opportunity. With that, I would like to briefly discuss a couple of key customer wins from Q1. A large university and their affiliated hospital system with 6,000 employees became a Veroni SaaS and NVDR customer this quarter. A broad mandate to secure sensitive data led to a risk assessment where we discovered 4 million sensitive records and 2 million instances of student and patient PII exposed to everyone in the organization. This university evaluated several CSPM and DSPM and legacy data security solutions, but ultimately purchased the only sub-package with MDDR protection for the Unix and hybrid Windows environment with our automation and unique data-centric telemetry, HonestMDDR will supplement the existing MDR and MSSP vendors by providing protection that is focused on securing their most valuable asset, the data. We're also seeing strong engagement from existing customers. A broadband provider initially became a customer in 2014, with the goal of identifying and remediating overexposed sensitive data and enhancing their spread detection capabilities. With our self-hosted offering, this required some customer effort and meaningful infrastructure investment. This customer converted to Veroni SaaS with NVVR protection for the hybrid Windows environment. They will benefit from our automated remediation and will realize infrastructure savings while freeing their security team since we monitor and respond to alerts. In summary, here is off to a strong start, driven by the automated outcomes that customers receive from our SaaS platform and our recently introduced MDDR offering, which we believe is a game changer for our company. We are excited to capitalize on the tailwind of NVDR, GenAI, and increasing data-centered compliance regulation as we capture our significant market opportunity. With that, let me turn the call over to Guy Gagne.

Thanks, Yaki. Good afternoon, everyone. Thank you for joining us today. We are pleased with how our team performed in the first quarter, and the continued momentum of Verona SaaS furthers our confidence in completing the transition in 2026. one year earlier than our initial timeline. At the end of Q1, SAS represented approximately 30% of our total company ARR, driven by strong contribution from new logos and existing customer conversions. As Yaki mentioned, the other key driver of our business this quarter was MDDR. This paid offering is an evolution of proactive incident response that comes with an SLA and assurance that Vronis will respond to ransomware attacks within 30 minutes. MDDR has been extremely well received in the first quarter, driving new business, increasing deal sizes, and simplifying the conversation with customers. In addition to MDDR, nearly every customer conversation, we have touches on generative AI. which reinforces our view of this secular tailwind. We're seeing healthy leading indicators with respect to the opportunity, but as we discussed previously, we continue to expect the adoption of Gen AI will be measured. As we look ahead of the rest of this year, we're excited to begin phase two in earnest in the second half of 2024, which will be focused on converting our installed base of on-prem subscription customers to our SaaS platforms. As a reminder, we expect that the ramp up of this phase will not be linear and momentum should grow in each quarter and further accelerate in 2025 and 2026. In the first quarter, ARR grew 17% year over year to $560.3 million and we generated $56.4 million of free cash flow, which was up from $35.7 million over the same period last year. These metrics demonstrate our commitment to balancing top line growth with improving cash flow generation during the transition. Turning now to our first quarter results in more detail. As a reminder, the leading indicators of our transition are ARR, free cash flow, and ARR contribution margin. As we have said many times, The faster we progress through the transition, the more headwinds we will experience to our traditional income statement metrics. We view this in a positive light. In the first quarter, we continued to see stabilization of the macro environment. Heightened deal scrutiny persisted, but we are seeing positive momentum, especially with regard to the adoption of SAS and MDDR. Q1 total revenues were $114 million, up 6% year-over-year. During the quarter, as compared to the same quarter last year, we had approximately a 9% headwind to our year-over-year revenue growth rate as a result of having increased SaaS sales in our booking mix, which are recognized ratably versus the upfront recognition of our on-prem subscription product. As we have done in the past, we are committed to being as transparent as possible throughout the transition, which includes providing you with the key metrics that track our progress during the next phase. This quarter, we're providing SAS revenue for the first time, a metric that we will provide going forward. We will continue to provide SAS as a percentage of total ARR each quarter until we successfully complete the transition. In the first quarter, SAS revenues were $34 million. Term license subscription revenues were $56 million, And maintenance and services revenues were $24.1 million, as our renewal rates were again over 90%. Moving down the income statement, I'll be discussing non-GAAP results going forward. Gross profit for the first quarter was $95 million, representing a gross margin of 83.3% compared to 86.5% in the first quarter of 2023. Gross margin continues to track ahead of our expectations, and the change is primarily due to the much higher mix of SaaS revenues versus last year, which caused a revenue headwind due to the radical recognition of SaaS versus the upfront recognition of on-prem subscription licenses. The recognition of compute costs associated with our increased SaaS revenues and increased hiring in certain departments within COGS to service the anticipated strong ramp in MDDR drove the remainder of the change. Operating expenses in the first quarter totaled $105.6 million. As a result, first quarter operating loss was negative $10.6 million, or an operating margin of negative 9.3%. This compares to an operating loss of $4.3 million or an operating margin of negative 4% in the same period last year. During the first quarter, as compared to the same quarter last year, we had approximately an 8% headwind to our operating margin as a result of having increased staff sales in our booking mix, which are recognized fully ratable versus the upfront recognition of our on-prem subscription products. First quarter ARR contribution margin was 13.7%, up from 5.6% last year. The significant leverage improvement, even during the early stages of the transition, reflect our ability to drive strong incremental margins while growing ARR and transitioning to SAS. During the quarter, we had financial income of approximately $8.2 million, driven primarily by interest income on our cash, deposits, and investments in marketable securities. Net loss for the first quarter of 2024 was negative $3.7 million or negative 3 cents per basic and diluted share compared to net loss of $0.1 million or net loss of 0 cents per basic and diluted share for the first quarter of 2023. This is based on 110 million and 108.4 million basic and diluted shares outstanding for Q1 2024 and Q1 2023, respectively. As of March 31st, 2024, we had $774.4 million in cash, cash equivalent, short-term deposits, and marketable securities. As the three months ended, March 31st, 2024, we generated $56.7 million of cash from operations, compared to $36.8 million generated in the same period last year, and CapEx, was $0.3 million compared to $1.1 million last year. Turning now to our updated 2024 guidance in more detail. For the second quarter of 2024, we expect total revenues of $123 million to $126 million, representing growth of 7% to 9%. non-GAAP operating loss of negative $6 million to negative $5 million, and non-GAAP net loss per basic and diluted share in the range of negative 3 cents to negative 2 cents. This assumes 111.7 million basic and diluted shares outstanding. For the full year 2024, we now expect ARR of $622 million to $628 million, representing growth of 15% to 16%. Free cash flow of $70 million to $75 million. Total revenues of $536 million to $546 million, representing growth of 7% to 9%. Non-GAAP operating income of $9 million to $14 million. non-GAAP net income per diluted share in the range of 13 cents to 16 cents. This assumes 128.4 million diluted shares outstanding. In summary, we are encouraged by the continued momentum of Varonis SaaS and initial reception of MDDR. The growing demand for these offerings is strengthening our ARR performance and cash flow generation as we move through the second phase of our transition, which we believe will unlock meaningful value for both our customers and our company.

With that, we would be happy to take questions. Operator?

Thank you. We will now be conducting a question and answer session. If you would like to ask a question, please press star 1 on your telephone keypad. A confirmation tone will indicate your line is in the question queue. You may press star 2. if you would like to remove your questions from the queue. For participants using speaker equipment, it may be necessary to pick up your handset before pressing the start keys. As a reminder, please restrict yourself to one question and no follow-up. One moment, please, while we poll for questions. The first question comes from the line of Saket Kalia with Barclays. Please go ahead.

OK, great. Hey, guys. Thanks for taking my questions here. Nice start to the year here on ARR.

Thank you.

Yaki, I'd love to just start with MDDR. And maybe the question is, what's been the initial – you touched on this a little bit, but what's been the initial feedback that you're getting from customers on the offering? It seems like it's off to a good start. And the guy just related to that, can you just talk about to what extent is MDDR – may be pulling through more interest in SaaS since it's only available to SaaS customers. Does that make sense?

Definitely. So in terms of MDDR, the customer feedback and the facts that are really behind it are drastically exceeding our expectations. And effectively, attacks can come from anywhere and any device, but only going in one direction, which is the data. So perimeter security is great and there are many amazing companies, but if you think in probabilities, there is high probability that your perimeter will fail. And once you have an identity, there is no perimeter anymore. You're getting into the data. And we just automatically, understand how people need to use data and can stop these attacks and make sure that you will not have a data breach. You know, in our opinion, it's the best way to avoid a data breach and you're doing it completely automatically. So it just works extremely well if you have more platforms and a lot of the way that we bundle it, Edge and the other products, Active Directory and Entry ID, it works extremely well. So customers love it. and we are just on a daily basis saving them and stopping them from breaches. And we really believe that the data security platform is an MDDR. It's the first thing that an organization needs to do and the last thing that will save you when everything is failed.

And, Saket, you're right that it's only offered with a SaaS offering. It was definitely a key driver for our business this quarter. When you think about the MDDR, it's been an evolution of the proactive incident response, and it comes with an SLA system and kind of assurance that Ronis will respond to ransomware attacks within 30 minutes. So it's very compelling. And when you look at kind of how it was received this quarter, it's been extremely well received, both from driving new business, increasing deal sizes, and simplifying the conversations for our customers.

But also to add a bit about what Guy said, when we build our SaaS solution, it was critical for us, you know, this is a software solution to build a lot of automation to make sure that we have tremendous force multiplier to our analysts. So we build a lot of robots and using a lot of AI to make sure that our people are extremely productive. This is almost completely a service offering, a software offering.

Thank you.

Mr. Kalia, please rejoin the queue for more questions. Next question comes from the line of Hamza Fodewala, with Morgan Stanley, please go ahead.

Hey guys, this is John on for Hamza.

For Yaki, just a question for you. How often is Microsoft Co-Pilot coming up in your customer conversations versus three months ago? And is the expanded partnership with Microsoft Co-Pilot driving more pipeline?

It's front and center in every conversation. Microsoft is still not pushing its full force to the customer base. You see that a lot of customers experimenting with it. I think I broke my record of seeing customers in Q1, and there is a very consistent thing. They're starting the co-pilot evaluation and stopping it because it's exposing a lot of critical data. So just protecting these co-pilots and they are connecting to many sources is coming with each and every conversation, and I think that it's just exposing the problem and organizations understand that they need to take data security very seriously in order to benefit from the automation of these co-pilots that are based on LLMs. It's starting to build a good pipeline in the places that we engage with Microsoft it's also starting to go in the right direction. But remember, Microsoft are still not pushing it full force. I believe that once they will have a quarter and push it full force, it can have a big impact on the business. But if the world wants to benefit from co-pilots and all these LLM robots, if you will, to get the productivity gains, they will need to take care of the data security problems.

John, just to reemphasize what Yaki was saying, in terms of the reported numbers for Q1, we didn't see Copilot as part of the reported numbers in Q1, but definitely when we look at all the leading indicators, they appear there, and we're seeing pipeline increase for them.

There is still not a revenue impact, but we're starting to see a pipeline impact and a lot of conversation. People are in the initial stages to figure out how to do it in the right way.

Great. Thank you. Thank you. Next question comes from the line of Matt Hedberg with RBC.

Please go ahead.

Yeah, thank you. This is actually Matt Swanson on for Matt. I mean, it's great to hear some stabilization in the macro. It feels like it's been a long time coming for all of us. But you've done a really successful SaaS transition during a really uneven macro. And Yaki, you mentioned some of the advantages of SaaS, the lower infrastructure, personnel costs, easier to maintain. Can you just kind of talk specifically for the SaaS transition, kind of the headwinds and tailwinds of a challenging macro? Are there any parts of it that actually help the transition when things are a little tougher?

I think that what happens is what helps first is the reality, is that breaches almost always, not always, but almost always are data breaches. And the security industry is a bit upside down in the sense that you spend a fortune on perimeter security and you just fail, you know, small failures and then you have this massive blast radius and you are completely exposed. Think about it. It's like to have a, to do business with a bank that doesn't have a ledger, can't tell you what happened with the account and just can tell you that you have a strong password and from where you logged in. It doesn't make any sense. And the other thing that happened with SAS, it's primarily that it provides automated outcomes and really scales extremely well. We took everything we learned from the on-prem and we built just a lot of automation and a lot of coverage. And the customer with 5, 10% of the effort can get 10 times more value. So this is also the way it works. And I also think that Slowly but surely, this everyday organization just realized that this is something that they need to do sooner rather than later. And obviously with AI and all the attacks that always going towards the data, organizations understand that this is the way to go. It's a gradual process, but we definitely feel that the technology is just fitting the reality if you want to make sure that you don't have a data breach you need a data security platform with automated outcomes thank you next question comes from the line of fatima bulani with city please go ahead good afternoon thank you for taking my question um guy the question

I just wanted to dissect that a little bit. So we'll start at the year considering we're not totally out of the woods in the macro, but I wanted to better understand why some of this momentum you're not expecting to improve through the year, given this was a seasonally slow quarter and you have so much more demand and growth driver optionality as we look into the back half. So we just love some of the puts and takes that you embedded into into the outlook in terms of not rolling forward the upside in this quarter. Thank you.

I think that's a great question and I want to be very clear. We're kind of, we're raising our full year ARR guidance because we feel really good about the rest of the year. When you look at kind of the way we raised ARR, it's purely a mathematical kind of framework. If anything, I would say we feel more confident about Q1 than what we did 90 days ago. So if I walk you through the math of kind of the guidance itself, as you know, we only guide for annual ARR, and our 2024 net new ARR guidance was similar to previous year's numbers. So when you look at the net new ARR in Q1 2024, it was approximately $4 million higher than last year, which is exactly what we're rolling over. for the full year midpoint of ARR guidance. When you look at kind of, and I've talked a lot about this in previous quarter, when you look at all the things that are working in our favor, we have a lot of things, whether it's the environment, MDDR co-pilot, but you have to remember Q1 is still the smallest quarter of the year, and our philosophy has always been not to bake in positivity before we actually see it translate into the numbers. So we want to see how things progress. We want to see how things move forward for the rest of the year. With co-pilot and the SEC regulation, we have yet to see that positive impact to our reported numbers. With MDDR, we have started to see good momentum, but it's still only one quarter in, which is why we're taking a responsible approach. And as we have done in the past, and as we see the data that supports it, we will be happy to update our guidance.

Thank you. Next question comes from the line of Brian Essex with JP Morgan.

Please go ahead.

Good afternoon, and thank you for taking the question. Yaki, I was wondering if you could give us a little bit of an update. I think you talked a little about this last quarter, but you've got a lot of irons in the fire or incremental opportunities as we kind of approach the back end of the year. How do you think about incentivizing the sales force with regard to, number one, new low-low growth, number two, more proactive conversion of your installed bases, you kick off phase two? And then number three, expansion into new adjacent markets with MDDR and co-pilot. So how do you, you know, maybe if you can categorize the magnitude of each of those levers and how you expect that to play out through the rest of the year.

You know, MDDR and co-pilot are relevant to every Voronis existing customer and prospect and really help us to Again, market share, expand the platform in the base. So this is something that is working very well for us. But we also have just so many ways to add value to customers with everything that we are doing with DA Cloud on the SaaS side and on the IaaS side. We really see our customers getting extremely fast to these automated outcomes.

And I'll give the color from a commission perspective. What we have seen from a conversion perspective is that it's happening in a natural way. When you look at the uplift, obviously it's beneficial for the customers because they're getting a much better product. But it's also beneficial for our sales force because anything on top of that renewal goes towards their quota. So at the beginning of this year, we didn't change the incentive for the conversion because it is happening kind of in that natural way. element, which is great for us and is working great for our customers. What we did do, because new logos is such an important component on fueling our growth for the years ahead, is we actually doubled down on the commission plan from a sense of ensuring that reps are focused on acquiring new customers. And in order for them to make real significant money they will have to focus on new customers. They'll be able to make money without it, but in order to make real big money, they have to focus on new customers as well. And when you look at the offering itself, the SaaS offering has actually eliminated two of the biggest objections that we've used to see, and that's that customers don't have the people to support the platform or companies don't necessarily want to buy the hardware. So in a way, that change of comp plan actually works really well with the offering that we have. And when you think about that combination, it's something that we've seen work very well for us in Q1.

Thank you. Next question comes from the line of Roger Boyd with UBS. Please go ahead.

Great. Thanks for taking my questions. A lot of talk around the momentum that's in the pipeline around Microsoft 365 Copilot. But Yaki, I'm wondering, If you're starting to see interest from the install base around securing other co-pilots and other Gen A applications like those in Salesforce or GitHub, it's come up with a few customers. Just wondering if that's showing up in the pipeline or customer conversations with any sort of momentum. Thanks.

Yeah, without a doubt. And even much more because people understand that they want this co-pilot for almost every platform that they have. So we see it on the SaaS. Stuff like Salesforce, GitHub, Jira, and others. And obviously they will have connectors for things like Vox and Google has Gemini. So you see all these co-pilots. And even sometimes people have their own private instance of OpenAI and just putting the data on SharePoint or in every bucket on Azure Blob. We're adding a lot of value. And the other thing that we are doing in Copilot, we extended it to look at the queries themselves, risky users, and all the other logs. So it's really working from every angle. And the other thing that was also a surprise for us is once you are using these technologies, the speed. that you are exposing critical data. It's unbelievable. Not exposing and creating critical data. So it's definitely very interesting for us and just immediately exposing the problem and also enhancing it.

Thank you.

Next question comes from the line of Shol Ayo with TD Code. Please go ahead.

Thank you. Good afternoon, guys. Congrats on the ongoing SaaS transition and the overall results. Guy or Iaki, I wanted to ask you about the mix between existing customers and new logos this quarter. Can you double-click on this item? And maybe, Iaki, specifically for you, I know you're often being asked about a competitive arena. Typically, the case for Varonis is limited scope of competition, but With many security companies in many categories buying small DSPM assets, what are you seeing out there aside from the overall market validation? Thank you.

So, Shal, I'll start with the first question. When you look at the results in Q1, the majority of our new ACV in Q1 was driven by new logos. And as I said before, SaaS is really opening up new markets for us. because it's eliminating the two biggest pushbacks we used to get. One being companies don't have the people to support the risk, and number two, they don't want to buy the hardware. So the changes we made to the comp plan, which I discussed in one of the previous questions, together with the simplicity of the story and the benefits of the products are really working. And the new logo activity was really healthy.

On our end, so in the traditional areas that We're really completely dominating, which is all the NAS devices, Active Directory, Entry ID, 365, Salesforce.com, Google, Box. All of this, nothing changed. But one thing that changed for us, the companies that you mentioned primarily, they are focusing on the iOS side. which is AWS and Azure. And we build the product that we believe is the best in the market in this area. And we are there and in the places that we are installing, we see that we have very good results. And we anticipate that in these places, you know, we'll see competition that will create budget, but in terms of scaling automated outcomes, I believe that we are well positioned to take this market and win. So overall, at this point, what's going on in this market, we see that creating a lot of awareness and creating more and more budgets. And so far, this is very good for us in terms of overall awareness and sales motion.

Thank you. Next question comes from the line of Joseph Gallo with Jeffrey Spieskowet.

Hi, this is Annick Baumanon for Joe Gallo. Thank you for taking our question. You guys launched many new products last quarter, including Snowflake and Salesforce protection and things like that. Can you just talk quantitatively, sorry, qualitatively about the traction you're seeing there?

Yeah, I think that in terms of everything we're doing in IaaS, we very fast see a lot of traction. The other thing that is very interesting, lifecycle. Snowflake and other data repositories, they are massive. So everything we, the core technology that we have to analyze metadata to do it, its scale is working extremely well. And all the connectivity to the MVDR has very exciting prospects. So really at this point, We see good prospects for everything we have done on the engineering side, and we're also very proud of the team in the rapid release cycle of features and products.

Thank you.

Next question comes from the line of Jason Ader with BillionPlayer. Please go ahead.

Yeah, thank you. Good afternoon, guys. I just wanted to ask about MDDR again. More specifically, I know you've recently announced it. It clearly has exceeded your expectations. You're thrilled about the early demand. Can you just talk about the pricing model that you use, what type of uplift it could create on your SaaS business, and then maybe any early metrics on attach rate?

Yeah, I think that's a great question, and we talked a little bit about it last quarter when we introduced MDDR. When you think about our goal at the end of the day, it's to protect our customers. And when you look at the MDDR offering, it's really resonating within our customers, and the value there is very clear. So at the end of the day, with that value that we provide customers, we're trying to extract dollars from them and increase customer lifetime value. And there are two ways to do it. you allow customers to buy additional licenses, and then your MDDR pricing is somewhat reduced as long as they buy and increase the ASP, or if they only want the MDDR, then that pricing of MDDR as a standalone is significantly higher. What we're seeing is that customers are embracing the package itself, and they're buying it as part of additional licenses that could give them additional benefit, and that allows us to increase the ASP. It's still very early, so I don't want to give out numbers and kind of go through the exercise of kind of the uplifts that we're getting there, but we're seeing our ASPs increase in a very healthy way, and the value that we can provide with that platform is significant.

The MTDR essentially is our ability to make sure that to fulfill our promise to the world that if you have us, most probably you are not going to have a data breach. And the key with the MBDR, the customer will have as much coverage as possible, and with that, we will be able to protect them automatically.

So you think ultimately, like, most of your customers will take this?

We believe that every customer needs to get it, and I think it's going to be a gradual process, but I can say that initially the way it started was extremely encouraging from our perspective, and the conversations that we're having for the rest of the year on MDDR are also extremely positive.

Thank you. Next question comes from the line of Sweeney Kotari with BED.

Please go ahead.

Yeah, thanks for taking my question. So, Yaki, you touched upon Gen AI. I just wanted to double-click. You said healthy leading indicators with respect to Gen AI, but adoption expected to be measured as their companies are considering potential risk. And it looks like, of course, it's data security at the center of it and mostly co-pilot adoptions kind of getting stalled due to security concerns. So, It almost seems it should even further drive demand for you guys in the current stage of pre-GNI adoption from a data prep and governance standpoint to help them arrive at a point where they can adopt Scopella. So just curious why the pipeline would not start kind of flowing through to deals already if you are offering what they need right now at this point of time. If you can please help us understand. Thank you.

Organization is still in the very early innings of how to use these LN-based tools. The reality is that in order to reap the productivity benefits of these new products, you need to make sure that you have data security in place, because if not, you could have horrible consequences. But it's still doing it in a very measured way. They're still testing. And we believe that once, you know, it didn't reflect in the Q1 revenues, but it's definitely starting to impact the pipeline. And we believe that over time, it has the potential to be a real tailwind for the business.

Thank you. Next question comes from the line of Junaid Siddiqui with Tourist.

Please go ahead.

Great. Thank you for taking my question. Just had a question regarding opportunities in the channel. Any particular areas of emphasis you're focusing on, be it MSPs or SIs, as you transition to a predominantly SaaS company?

Well, you know, we're working with everyone.

Definitely a channel-focused company. The one thing we see with our SaaS solution that we're reducing all the friction in the installation and the time-to-value and ongoing value, the story becoming simpler and the overall offering more strategic, so just more compelling to partner with us.

Thank you. Next question comes from the line of Rudy Kissinger with DA Davidson.

Please go ahead.

Hey, thanks for taking my questions, guys. Guy, I don't know if you gave it earlier or not. I joined a little late. But can you share how much of your existing ARR converted to SAS this quarter? Or just directionally, did you convert more or less in Q1 than you did in Q4?

We talked a little bit about it, but I'll give you more color. When we look at the results in Q1, we were really happy with the conversions in Q1. They really helped us get to SaaS, where you look at kind of SaaS coming 30% of total ARR, or where you look at the number, it's actually $165.5 million. When we look at the metric itself, we didn't talk about the actual dollar value of the conversions because the The metric you should focus on is SaaS ARR. That really measures the progress in completing the transition, which is one of our overarching goals. But SaaS ARR was very strong in Q1, and the existing customer conversions obviously played into that.

Thank you.

Next question comes from the line of Stephen Schwartz with Wells Fargo. Please go ahead.

Thanks for taking my question. I wanted to ask about your focus on new logos, maybe the role that MDDR can play into that. How much education maybe do you need to do to make that a driver of new logos and is it something that you're thinking about?

It's very clear that MDDR can help with new logos because it keeps the conversation very, very simple. When you go to a prospect and you're talking about an SLA that assures Varonis will respond to a ransomware attack within 30 minutes, you get the customer's interest. And in a way, the whole purpose of MDDR is to allow us to help the customer and protect them in a way that doesn't require the same headcount that they had to have if we were selling them the on-prem subscription solution. So MDDR definitely fits within our offering in the simplicity and complexity kind of doubles down on the SaaS simplicity that we had there, and that allows us to target new customers. And I think that that story, together with the way we structured the comp plan, where reps, in order to make real money, need to focus there, I think that's working really well.

Thank you.

Next question comes from the line of Joshua Tilton with Wolf Research. Please go ahead.

Hey, this is Patrick on for Josh. Thanks for taking my question. Sort of piggybacking off of a few questions earlier around the healthy pipeline build with respect to AI and sort of asking it a different way. Can you kind of talk about, and I know it's early, but talk about the sales cycles you're sort of expecting to see around the co-pilot offering? Do you expect them to be sort of in line with what you see with the rest of the business or potentially longer as customers are sort of pushing off adoption of AI? Thanks.

So it's still early. We can't say how it's going to affect the cell cycles. But I will tell you that what is happening is it takes the problems that they have and just exposes it immediately. Organizations will take a lot of risk to use these AI tools. without proper data security in place. But we still need to see how it will play out. The reality is that I think that organizations slowly but surely understand that without a solution like ours, they can't be protected from data breaches. And it's always about the data breach. It can come from insider and APTs, people trying to get credentials. Once you have an identity, there is no perimeter anymore. And people are not, and bad actors are not doing anything that is very sophisticated, just trying, starting to take data. And we believe that we are the best solution to make sure that you will not have a data breach. And I also think that gradually the marketplace understand it because Look at what's going on. You see attacks that are more sophisticated. They are always about the data while organizations spending a fortune on perimeter security. This is something that is just not sustainable.

Thank you.

Ladies and gentlemen, we have reached the end of question and answer session. I would now like to turn the floor over to Tim Pears for closing comments.

Thanks for the interest in Varonis. We look forward to meeting with you all at the conferences this quarter. Thank you. Goodbye. This concludes today's conference. You may disconnect your lines at this time.

Thank you for your participation.