Varonis Systems, Inc.

Greetings and welcome to the Verona Systems Inc. First Quarter 2025 Earnings Conference Call. At this time, all participants are in a listen-only mode. A brief question and answer session will follow the formal presentation. If anyone should require operator assistance during the conference, please first star and then zero on your telephone keypad. As a reminder, this conference is being recorded. It is now my pleasure to introduce your host, Tim Pears. Thank you. You may begin.

Thank you, operator.

Good afternoon. Thank you for joining us today to review Verona's first quarter financial results. With me on the call today are Yaki Fiedelson, Chief Executive Officer, and Guy Melamed, Chief Financial Officer and Chief Operating Officer of Verona's. After preliminary remarks, we will open the call to a question and answer session. During this call, we may make statements related to our business that would be considered forward-looking statements under federal securities laws. including projections of future operating results for our second quarter and full year ending December 31st, 2025. Due to a number of factors, actual results may differ materially from those set forth in such statements. These factors are set forth in the earnings press release that we issued today under the section captioned forward looking statements. And these and other important risk factors are described more fully in our reports filed with the Securities and Exchange Commission. We encourage all investors to read our SEC filings. These statements reflect our views only as of today and should not be relied upon as representing our views as of any subsequent date. Varonis expressly disclaims any application or undertaking to release publicly any updates or revisions to any forward-looking statements made herein. Additionally, non-GAAP financial measures will be discussed on this conference call. A reconciliation for the most directly comparable GAAP financial measures is also available in our first quarter 2025 earnings press release and our investor presentation, which can be found at veronis.com in the investor relations section. Lastly, please note that a webcast of today's call is available on our website in the investor relations section. With that, I'd like to turn the call over to our Chief Executive Officer, Yaki Feidelson. Yaki?

Thanks, Dean, and good afternoon, everyone. Thank you for joining us today to view our first quarter results, the progress of our SaaS transition, and to remind you why Voronis is best positioned to secure the world's data. In the face of uncertainty in the world today, there is one constant which pushes the business case for Voronis no matter what will happen. People will eat, sleep, and create data. The world is completely dependent on data, and because of its importance, bad actors want to steal it. At the same time, companies struggle to protect it. Most organizations deploy technologies to protect their endpoints and their perimeters. These technologies are very important, but they aren't enough to protect data. Varonis takes a data-first approach and helps companies to locate their sensitive data, visualize we have access to it, automatically lock it down, and then automatically detect and respond to threats on it. Last quarter, we announced that we will accelerating our SAS transition, and our Q1 results prove that we are well on track to complete it by the end of the year. The reason we are accelerating this transition is because the strong demand for our SaaS solution and the benefits to our customers and our company. Simply put, Veroni SaaS is a much better way to deliver our platform and to protect our customers' data more effectively and efficiently. With Veroni SaaS, customers are able to realize greater value from our platform without effort, which leads to more satisfaction and we believe will better position our company to accelerate growth. In the first quarter, ARR grew 19% to $664.3 million, and we continued to progress towards completing our SaaS transition. With SaaS, ARR now representing approximately 61% of total ARR, or $403.9 million. We generated $65.3 million of free cash flow this quarter, up from $56.4 million in the same period last year. Guy will review our results and updated guidance in more detail shortly. Our first quarter results reflect strong contribution from both new and existing customers that driving our overall business momentum. Organizations face a dangerous threat environment and their security teams are stretched thin, which means they struggle to see and respond to threats as quickly as they must with today's bad actors. The automated value proposition of Voronis SaaS platform and MDDR offering resonates with security teams. With Voronis, these organizations can secure their data with very little effort because we do the hard work for them. This is an outcome that simply cannot be achieved by using point solutions or manual work. We also continue to see very healthy customer interest in safely deploying CoPilot and other generative AI tools, which is serving as a reason for new customers to engage with Varonis and also for existing ones to convert to our SaaS platform. We see massive opportunity to increase the ARR from our existing customer base And in the first quarter, we continued to see existing customers expand their deployment and increase their spend with us. Voroni SaaS is a no-brainer for our customers because of the value that it offers. In the first quarter, we were able to convert existing customers to SaaS more effectively because of the lessons we learned last year and the additional investments that we made in our team. This is now also freeing up capacity of our sales teams. They are bringing in healthy levels of new customers while also upselling additional platforms to our broader customer base. Existing SaaS customers continue to expand their journey with Varonis. While many of our customers choose to start with their Varonis deployments by protecting data in Microsoft 365 or on-prem storage platforms, Because that was their top security concern, they realized that they had sensitive data in many places beyond the area where they originally deployed us. This is why we have significantly expanded our coverage in recent years to include leading cloud data stores, which means we cover data everywhere. Our breadth and depth of coverage has become one of our biggest competitive advantages, which means that we are able to provide customers with automated data security wherever they have sensitive data. DA Cloud is working well, and during Q1, we continue to see customers looking to Varonis to secure data across these newer cloud data stores, and we believe our ability to execute into this large and fast-growing market position us to continue to accelerate growth once we completed the SaaS transition. Another benefit of SaaS is that it gives us the ability to innovate much faster. During Q1, we did exactly that, announcing Voronis for AgentForce, which allows organizations to safely enable agentic AI rollouts in Salesforce. We view agentic AI as a massive opportunity because agents inherit the permissions of the users who run them. So if users have excessive access, agents can expose sensitive data. For example, if a bank uses Salesforce to process mortgages, guess what would happen when you upload your financial documents with your application? All that information ends up in Salesforce as records, files, and attachments. Salesforce can classify individual fields But there is no way to find, classify, or protect files and attachments natively in Salesforce. Varonis allows organizations to find sensitive data automatically, fix exposure to very complicated permission models, detect threats on the data, and safely enable the data usage of a Gentik AI. To finish our example, Veronix automatically removes access to ensure your sensitive mortgage application is not unnecessarily exposed by an agent. In March, we announced the acquisition of CIRAL, which expands our data security platform to include next-generation database activity monitoring. CIRAL's innovative approach to database activity monitoring deploys quickly and allows customers to upgrade their costly legacy solutions and unify the structured and unstructured data security monitoring, which means Varonis can serve as a single pane of glass for securing any kind of data. As a unified platform, we will now be able to address more auditing and compliance use cases. In addition to being a strong strategic fit, this market is attractive to us because it has established budgets and it's right for disruption. Due to a lack of innovation, for incumbents in recent years. This acquisition speeds our time to market and expands our total available market drastically as we enhance our ability to help customers protect their data and allow them to consolidate their data security budgets with Varonis. With that, I would like to briefly discuss a couple of key customer wins on Q1. New logos continue to be key driver of our business, and this quarter, a large healthcare system with over 100,000 employees became a Varonis customer after suffering a ransomware attack that impacted millions of patients. They evaluated Varonis in numbers of point solution in the data classification and DSPM categories to lock down their sensitive data and ultimately purchased Varonis SaaS for Windows with MDR protection and Voronis for Google Drive. Voronis was the only platform that could automatically secure the sensitive data in Google and on-prem while proactively monitoring it for threats. While new customers drove most of our momentum this quarter, We are also seeing strong demand from existing customers looking to convert to our SaaS platform and expand their protection to cover new critical cloud data stores I mentioned a few moments ago. An example from this quarter was a multinational consumer product company with approximately 6,000 employees that first became a Voronis customer years ago. They initially utilized Voronis to map permissions and classify data on-prem. This year, they determined they needed the automation of Voronis SaaS and MVDI because they were severely understaffed and faced an executive mandate to safely deploy Copilot. Over the time, they had been our customers Voronis fixed over 10 million overexposures on-prem and tens of thousands of overexposed links in Microsoft 365, which convinced them that they would be able to safely deploy co-pilot. This customer purchased Voronis SaaS for hybrid environments, as well as Voronis for AWS, Azure, Google Cloud, Snowflake, and GitHub, which will enable them to safely protect their data in the cloud and in SaaS applications. In summary, we are excited by the continued momentum we are seeing across our customer base that is driving our growth. Our solution has never been more relevant, and we look forward to completing our SaaS transition this year, which will unlock many more benefits for our customers and our company as we execute on our significant market opportunities. With that, let me turn the call over to Guy.

Guy. Thanks, Yaki. Good afternoon, everyone. Thank you for joining us today. Our first quarter performance represents a solid start to the year, highlighted by an acceleration in ARR growth, sustained improvement in free cash flow, and continued progress towards the completion of our SAF transition. This performance allows us to raise our full year ARR guidance as we focus on executing on factors within our control, while closely monitoring the uncertain macroeconomic backdrop. We remain confident in our outlook because of the underlying drivers of our business and are well positioned to capitalize on our growing customer demand. Our Q1 results demonstrate sustained new customer momentum and that the investments we made in our team and lessons we learned regarding existing customer conversions is working. As a result of this momentum, we ended Q1 with 61% of total company ARR coming from SAS, an eight-point increase in the SAS mix from the 53% we reported in Q4. When we look at the SAS NRR, we continue to see very similar trends to last year, which was significantly above our total company NRR reported in 2024. This shows us that SAS customers are coming back and buying more, which combined with a healthy new customer momentum that we are seeing, gives us confidence that we can return to more than 20% ARR growth. In the first quarter, ARR was $664.3 million, increasing 19% year over year. In this quarter, we generated $65.3 million of free cash flow, up from $56.4 million in the same period last year. In the first quarter, total revenues were $136.4 million, up 20% year-over-year. During the quarter, as compared to the same quarter last year, we had approximately a 1% headwind to our year-over-year revenue growth rate as a result of having increased SaaS sales in our booking mix, which are recognized ratably, versus the upfront recognition of our on-prem subscription products. SaaS revenues were $88.6 million. Term license subscription revenues were $31.5 million, and maintenance and services revenues were $16.4 million, as our renewal rates were again over 90%. Maintenance and services revenues declined by 32% year-over-year, with a vast majority of the decline driven by perpetual maintenance customers converting to our SaaS platforms. Moving down to the income statement, I'll be discussing non-GAAP results going forward. Gross profit for the first quarter was $109.4 million, representing a gross margin of 80.2% compared to 83.3% in the first quarter of 2024. Operating expenses in the first quarter totaled $115.9 million. As a result, first quarter operating loss was $6.5 million, or an operating margin of negative 4.7%. This compares to the operating loss of $10.6 million, or an operating margin of negative 9.3% in the same period last year. During the quarter, as compared to the same quarter last year, we had approximately a 1% headwind to our operating margin as a result of having increased staff sales in our booking mix, which are recognized fully ratable versus the upfront recognition of our on-prem subscription product. First quarter ARR contribution margin was 16.7%, up from 13.7% last year. The significant leverage improvement reflects our ability to drive strong incremental margins while growing ARR and transitioning to SaaS. During the quarter, we had financial income of approximately $10.7 million, driven primarily by interest income on our cash, deposits, and investments in marketable securities. Net income for the first quarter of 2025 was $0.7 million, or 0 cents per diluted share, compared to a net loss of $3.7 million, or net loss of 3 cents per basic and diluted share for the first quarter of 2024. This is based on 136.7 million diluted shares outstanding and 110 million basic and diluted shares outstanding for Q1 2025 and Q1 2024, respectively. As of March 31st, 2025, we had $1.2 billion in cash, cash equivalents, short-term deposits, and marketable securities. For the three months ended March 31, 2025, we generated $68 million of cash from operations compared to $56.7 million generated in the same period last year, and CapEx was $2.3 million compared to $0.3 million in the same period last year. During the first quarter, we repurchased 1,476,456 shares at an average purchase price of $41.49 for a total of $61.3 million. Turning now to our updated 2025 guidance in more detail. Our acquisition of CSIRO is not expected to have any impact on ARR or revenue this year, and is expected to add approximately $4 million of operating expenses in 2025. For the second quarter of 2025, we expect total revenues of $145 million to $150 million, representing growth of 11% to 15%, non-GAAP operating loss of negative $5 million to negative $2 million, and non-GAAP net income per diluted share in the range of zero cents to one cent. This assumes 135.2 million diluted shares outstanding. For the full year 2025, we now expect ARR of $742 million to $750 million, representing growth of 16 to 17%. Free cash flow of $120 million to $125 million, Total revenues of $610 million to $625 million, representing growth of 11% to 13%. Non-GAAP operating income of $0.5 million to $10.5 million. Non-GAAP net income per diluted share in the range of 14 cents to 17 cents. This assumes 135.8 million diluted shares outstanding. In summary, We are encouraged by our first quarter results, which were highlighted by broad-based strengths and is leading to healthy ARR growth, operating leverage, and cash flow generation. This performance gives us confidence to raise our full year ARR guidance as we progress towards the completion of our SAS transition later this year. With that, we would be happy to take questions.

Operator?

Thank you. We will now be conducting a question and answer session. If you would like to ask a question, please press star and then 1 on your telephone keypad. A confirmation tone will indicate your line is in the question queue. You may press star and then 2 if you would like to remove your question from the queue. For participants using speaker equipment, it may be necessary to pick up your handset before pressing the star keys. It is requested that everyone please skip to one question at a time. One moment please while we call for questions.

The first question we have is from Matt Hedberg of RBC.

Please go ahead.

Great. Thanks for taking my question, guys. Congrats on the results. It's really great to see the SaaS transition continue to accelerate and finish by year end. One of the key questions that I get from a lot of investors is, you know, what gives you guys confidence that ARR can grow sort of north of 20, you know, guys you illustrated? You know, I think, you know, Guy, you mentioned SAS NRR is significantly above total NRR, but is there any other things that you would give us as guideposts around the confidence in that element?

Matt, thanks for the question.

When we look at our ability to grow 20 plus percent, there are a lot of tailwinds that are working in our favor. One of the things that I mentioned in the prepared remarks is our SaaS NRR. And when you look at SaaS NRR, and to remind everyone, that doesn't include any impact from conversions, it was very healthy this quarter. So we continue to see very similar trends to what we saw last year with that SaaS NRR that is significantly above our total reported company NRR. So this really shows that the SaaS customers see value and they want to protect additional platforms, so they are coming back and buying more, which combined with the healthy new customer momentum that we're seeing gives us the confidence that we can return to that ARR growth of more than 20%.

And Matt, it's Yaki here. It's also very important to understand this is the best way to avoid a data breach. Bad actors are not breaking in, they're logging in. They are trying to compromise identities. And then if you can't protect your, if you can't make sure that only the right identities can access the right data and stop any abnormal behavior, you will suffer a severe, most probably you will suffer a severe data breach. And data is going relentlessly on all platforms and it's extremely valuable. And this is the most effective way to avoid a data breach. And with our SaaS platforms, customers are benefiting from it and the information is protected in an automated way.

The next question we have is from Joel Fishbein of Truist Securities.

Please go ahead.

Thanks for taking the question and great results. Let me get some more color around MDDR adoption. and how that, you know, the competitive environment around that, and then, you know, how that could potentially be an up, you know, to get to Matt's question, potentially be, you know, an accelerant to ARR.

So in terms of the overall value, you know, I see so many breaches with customers, and usually they have one common ground. All these organizations have a model security stack. a world-class EDR, a modern firewall, a SIM that collects the logs, and a severe breach. In order to make sure that you are protecting customers from a data breach, you need to have a very data-centric approach. If you want to protect data, protect data. Make sure that you can remediate what we call the blast radius, the excessive access control, automatically understand abnormal behavior. And also, once there is a compromised identity or an insider, there is no perimeter anymore. So we are analyzing extremely well the user behavior of identities and the user to make sure we understand any abnormal behavior and solve it automatically. I really believe that if somebody wants to make sure that they don't have a data breach, they need something like Voronis. And the other thing to understand is also in terms of forensics. If something happens, you want to understand what happened to your data records. The fact that you can understand who is patient zero, you know, what happened to a patient endpoint and to reconfigure your active directory or any user repository and you don't know what happened to the data records, the liability can be endless. So even the ability to do effective forensics need to be completely data-centric. And this is what you see from the MVDR. And we are doing it automatically for our customers. And we build a lot of AI. We build a lot of security agents that are augmenting our analysts. And this is working extremely well. Every day we are saving federal enterprises for severe breaches?

From a numbers perspective, just to add to that, I think sometimes investors forget that M-DDR was only introduced five quarters ago, and it has been by far the fastest adopted platform sale we have ever had. So we're very, very happy with how customers are adopting it. It's a no-brainer, really, as Yaki mentioned, but when we look at the number and the adoption, we truly believe that at the end of this journey, Every single customer should have M-DDR to be better protected. It's obviously going to take some time, but when you look at this adoption of this platform, it's been really outstanding. We're very happy with the way it's performed so far.

The next question we have is from Sakit Kalia of Barclays.

Please go ahead.

OK, great. Hey, guys. Thanks for taking my question here. Guy, you said from the beginning that the North Stars on this transition are going to be ARR, SAS mix, and free cash flow. But I wanted to ask about the income statement just for a second. And maybe the question is, how far are we from the trough in operating margins as we think about this transition accelerating? And are there any other dynamics that you want us to think about as we kind of think about sort of the model going forward with respect to that.

So as you mentioned, the North Stars are the ARR free cash flow and the ARR contribution margins. And when you look at those kind of numbers, all of them have been performed extremely well throughout the transition. And if you look at the results in Q1, they're all pointing in one direction, is that we're moving nicely, quickly, and keeping kind of the cost structure consistent in a very prudent way. So I do want to emphasize that before I talk about the P&L. But from a P&L perspective, there's a lot of things that are going into the mix during a transition. It's the conversions and the revenues recognized differently. So it becomes extremely messy. But I do think that the trough will happen this year. And then obviously next year, you still have some bumpiness because on the comparable side, You'll get some volatility, but less. But I definitely believe that as we progress to complete the transition this year, the income statement starts to look more, quote-unquote, normalized. But again, keep everyone's focus on during the transition to look at the three North Stars. They are the leading indicators, ARR, pre-cash flow, and ARR contribution margins.

The next question we have is from Joshua Tilton of Wolf Research. Please go ahead. Hey, guys. Can you hear me? We can.

Awesome. Congrats on a great start to the year. I just wanted to double down, Guy, on one thing you said. I know you mentioned that you're monitoring the macro pretty closely. Could you maybe just double-click on what, if at all, impacts in the quarter you saw because of the current macro? how you're thinking about or how you incorporate macro expectations into the guide for this year? Thank you.

I think that's a great question. When we look at the macro, obviously, there's a lot of macro uncertainty, but we had a really good quarter, and kind of the drivers that we talked about last quarter are really all in place, whether it's the SAS transition, MDDR, or GenAI. When you think about kind of the guidance and how we think about it, our philosophy hasn't changed. We treat the numbers we give Wall Street very seriously, and we feel very good about the pipeline in front of us. So when you think about that macro uncertainty, and despite it, really, we have never been so confident about the long-term opportunity as we see it today. So we try to remain focused on factors within our control, and we're confident in our ability to capitalize on a growing customer demand. So another thing that makes us feel really good is that in the first quarter, we saw strong demand from both new and existing customers, which led to that ARR acceleration we talked about, that continued leverage in our model, and the strong cash flow generation. So when you combine all of these and these results and kind of the underlying drivers in our business, is what gives us the confidence to raise our ARR guidance by that $5 million and increase our SAF mix to 80% for the full year, kind of despite that uncertainty that we see in the macro environment.

The next question we have is from Roger Boyd of UBS.

Please go ahead.

Great. Thanks for taking the questions and I'll echo comments on congrats on a strong quarter. Guy, you mentioned good traction with new logos in the quarter. I wonder if you could talk about one, are we getting to the point where we can kind of quantify how often new, new logos are landing with some of the newer offerings for us for some of the SaaS applications, cloud storages and databases, and then similarly on, on the strength and use cases around securing copilot and other AI tools. Are we getting to a point there where we can kind of quantify how big that traction is? Thanks a lot.

Hi, Chiaki. I think that just to quantify it, you know, just mathematically, it's still hard. But I will tell you, in every data repository, people have critical data. They have critical data in SaaS applications like Salesforce and ServiceNow, in cloud repository like databases. in Snowflake and in Databricks, and they need to protect all of it. They still have a lot of data on-prem and in 365. And what happens with all the AI tools is that they put a spotlight on the data security problems. So, you know, these agents, these co-pilots, what they do essentially, they're just using all the potential access and give you a lot of information and create a lot of information at a staggering rate. So if there is excessive access control, immediately employees will get the information that they shouldn't get. You can poison these AI model and you can also hack them. So as you will see more adoption of AI tools, you will understand that in order to enable them, you need data security and automated data security in order to make sure you can manage the tension between productivity and security, and this is something that we are doing very well. We believe that with us, people will just eventually protect every data repository that they have, and this is why we see a lot of success with DA Cloud, and it's just working very well for us. We are very happy with All the investments we have done in the last few years in data repository, user repository, protecting with AI tools, automated classification, they all come to fruition.

The next question we have is from Keith Weiss of Morgan Stanley. Please go ahead.

Excellent. Thank you guys for taking the question, and congratulations on a solid quarter. I want to ask a little bit about the recent acquisition that you made in the database activity monitoring space. It seems like a pretty logical extension, even a broader purview of the data within an enterprise as a state. Can you talk to us about sort of where that fits in, how you plan to kind of add it to portfolio? And then a follow-on question to that, I think probably everyone on the line just came back from RSA last week, a lot of talk about data and data security processes. it feels like the environment's getting, perhaps, more competitive. Can you talk to us about how you're seeing the competitive environment evolving as this issue really comes to the forefront of the minds of CSOs?

Yes, hi, Keith. Thanks for the question. So, first, in terms of databases, it's just a natural extension for us, and we started to see a lot of success with DA Cloud, classifying these database repositories, understanding configuration and admin usage. And just customers came and told us they're just not happy with the incumbents. And if you look at if they have compliance requirements, we can answer everything. And if, God forbid, they have an attack, it's always going from one data repository to the other. And they said, if you can go deep into the queries, it will be great. And logically, they want to replace the current solution that they're using and using one scalable data security platforms that give them all these automated outcomes of predetection and classification and remediation. In terms of the competitive environment, at this point, it's just doing very good for us. Nothing changed for us in the competitive environment in terms of stuff like Office 365 and all the Microsoft collaboration tools on the on-prem storages and file systems on SIPs, NFS, or any file system or NAS device. And all the DSPM space, primarily these are not data security tools. It's primarily data discovery tools. that many times still having hard time to scale and don't give you automation. They don't have remediation. They don't have any layer of threat detection. They are not integrated with the identity layer. And what it does for us, it's actually at this point increasing our overall total available market and everything that we are doing in IaaS and other platforms cloud data repository generate more awareness. And when customers are testing them, they understand that these are not security tools. You can do forensics with them. You can do remediation with them. You don't understand if you had an attack. And I think that the fact that this is becoming, there is more RFPs, more RFIs, it's really contributing for the success of VA Cloud.

The next question we have is from Joseph Gallo of Jefferies.

Please go ahead.

Hey, guys. Thanks for the question and nice quarter. Last quarter, you mentioned elongation of conversion cycle times. Has that length of cycle time for conversions changed in any way? And then how has the gross retention rates and ASP upside recognized been for those customers? Thanks.

I think there were a lot of lessons that we have learned from the conversion process last year, and we have tried to implement them Starting this year, I think we've done a very good job. And when you look at kind of the conversions that we had in Q1, they were really strong. And I think all of the investments and the lessons learned were implemented in a way that we're happy kind of to start the year with. When you look at the gross retention rate, when you look at the renewal rate, they're all very strong. We definitely feel good about where we are and we're seeing improvements. We talked a lot about the fact that SaaS is purely a better product, and therefore we're seeing our existing customers try it and then want to buy more and be better protected. But really, it's important to note that the conversions weren't the only strong element this quarter, and we're definitely seeing strong new customer adoption. Again, it kind of relates to that SaaS platform that is being – the offering is so much better. When you look at kind of the growth rate and our ability to get to that acceleration, it's coming from our existing customers buying more and our new customers that were really strong this quarter.

The next question we have is from Brian Essex of JP Morgan. Please go ahead.

Great. Thank you. Good afternoon. Thank you for taking the question. Jackie, I got a question for you. Great to see the innovation outside of, you know, Microsoft copilot into other genetic applications like CRM. Could you maybe provide a little bit of color in terms of your expectations for any different go-to-market motion? You know, I think one of the concerns that investors may have had is that in the Office 365 environment, you're competing against Purview. Are you seeing a pull-in from Salesforce and other companies ISVs you might be working with and do you anticipate maybe less friction with that go-to-market motion?

I just think that as you will see more agentic AI and overall AI, what it does is just put the data security problem in your face, if you will. You're using these agents and immediately you get information that you shouldn't get. It's very problematic. It will be very helpful for organizations to function like that. So if you want to enable your organization to safely use AI, you need something like Voronis. You need to understand the activity. You need to right-size the permissions. You need to do everything automatically. You need to look at the prompts and make sure that people are asking legitimate questions because if not, it's an accident waiting to happen.

The next question we have is from Rob Owens of Piper Sandler.

Please go ahead.

Great. Thanks for taking my question. This is Ethan on for Rob this afternoon. As you guys think about consolidating more of the data security budget, what are some other natural adjacencies in the space that you think the platform would be well-suited to address going forward?

Thanks.

I think that obviously database activity monitoring is a big one. A lot of stuff that related to understanding identity behaviors, things that are relevant to the MDR environment. There is just a lot and we also are building a lot of additional capabilities that can take additional budgets, but definitely Another source of budget is the AI budget. As organizations are trying to adapt AI and want to do it in a secure way, we're starting to have these allocated budgets for AI security and enabling the organization to use AI, and we are benefiting from it.

The next question we have is from Shoal Eyal of TD Cohen. Please go ahead.

Thank you. Good afternoon and congrats on a solid set of results and guidance. Yaki, I wanted to ask two little quick questions. One, what's the headcount that you're adding with this stock in acquisition? And on macro, Guy or Yaki, at Doge specifically, I'm not talking about tariffs, etc., but Doge specifically, have you seen anything emerging this quarter?

Thank you.

I'll start with a second question, and thanks for them, Cheryl. When we look at federal, and I want to remind everyone the federal business for us is still relatively small, about 5% of total company ARR. And when we look at kind of the, when we look at the contribution in Q1, Q1 is not considered a large quarter for them. Their largest quarter is Q3. So when you think about kind of how we look at federal, we didn't see anything kind of evolve from Dodge. And the way we think about it from a guidance perspective is that we didn't assume any significant contribution in comparison to last year. So we are very happy with kind of the progress of the FedRAMP certification. It really is progressing as planned, and we hope to get it in the next few months. So, we definitely believe in that long term opportunity and in that vertical. So that kind of relates to the federal question in terms of cyril. We didn't add it. They don't have a significant number of headcount. So it's a. It's a small number that doesn't impact us much. But when we think about that expense addition throughout the year, it's approximately $4 million of additional expense throughout the year. If you look at kind of the guidance, you can see that it hasn't changed much. So we're able to absorb it from a guidance perspective. And we're not expecting any ARR or revenue contribution from the CSIRO acquisition this year.

Next question we have is from Fatima Dulani of Citi.

Please go ahead.

Hey, good afternoon, guys. This is Mark on for Fatima. Thanks for taking our question. Maybe just wanted to dig a little bit more into the new logo momentum you're seeing. It really comes to light, you know, adjusting the sales org's focus this year on really renewal conversions. So can you maybe give a sense of the drivers there? How much did this outperform expectations? And maybe can you speak to, you know, any discernible changes in new customer adoption behavior, aside from maybe, you know, the AI-driven purchases, and any guardrails on how we should think about the contributions between new versus conversions to ARR Guide this year?

Thanks.

We talked a lot about the fact that with the MDDR offering and kind of the fact that we have our co-pilot addressing really any generative AI, it really is a no-brainer for new customers to adopt the platform. And we've absolutely seen a change in the way we can address those customers. We truly believe that our time has increased with the new offering, the simplicity of the offering, the fact that there's so much automation in the MDDR has really allowed us, together really with the co-pilot being such an issue for customers that want to adopt it, really helped us address the simplicity of going to new customers that we weren't able to sell to before and make that value proposition to be very much adopted in a healthy way. So we started seeing that last year. We saw this continue this year. You heard us talk in the last earning call about the fact that we want to move as quickly as we can throughout the transition and complete it in 2025. I think the results in Q1 are a very good start. and showing that we're moving in that direction. So we try to balance and make sure that we're not only completing the transition, but the eye on the ball is still on getting new customers. Our sales force has done a really good job of balancing those two, and I think that's kind of the reason we were able to show that acceleration, that beat on the raise on the ARR guidance, and the leverage in the model and the ARR contribution margin. So I think those two elements of addressing new customers and being able to convert our customers in a more efficient way is what's helping us move forward the way we have so far.

The next question we have is from Jason Adder of William Blair. Please go ahead.

Thank you. Good afternoon, guys. I wanted to ask on the gross margin outlook. I know that the SAS transition is impacting that. Can you just talk about what you expect for the remainder of 2025 and then the kind of more medium-term outlook? And then just sort of related to that, why is the non-GAAP operating income range so wide? Can you just speak to that?

We're going back to revenue.

Listen, revenue, the P&L in general throughout 2025 is going to get messy. You have to keep in mind that the way revenue is recognized through SaaS and on-prem subscription is so significantly different that it's generating a lot of volatility. And it's a lagging indicator and doesn't indicate the health of the business at all. So you get the conversions and that generates a lot of messiness. Gross margin, really, when you think about 2025, is not going to be reflective of anything. When we did our investor day in 2023, we gave out a five-year model and we put in our gross margin expectation, which was at the end of 2027 to be in that range of the 80%. I can tell you that overall is a concept, and I'm not talking about 2025, and we gave guidance from a revenue perspective. But when we look at the performance of our cost on SAS, it's exceeding our expectations significantly. So as a general concept, and just to keep in mind, we are doing better than what we thought when we initiated the transition. But you're going to see that volatility until we complete the transition. And the reason that the range is so wide is because there's so many factors that are embedded in this transition. Listen, it's not an easy task to take a ship and completely transition it from on-prem subscription to SaaS.

I think we've done a great job so far.

And we want to make sure that we complete the transition at the end of this year. So getting to 61% in Q1 was a great start. But again, there's a lot of volatility trying to bake in and consider what are the conversions and how it's going to impact. And that's why we took an extra range, which I think is prudent.

The next question we have is from Rudy Kissinger of DA Davidson. Please go ahead.

Hey, great. Thanks for taking my question. Firstly, Guy, I want to make sure I heard you right. I think in response to Josh's question earlier, you said 80% SACS mix by year-end on ARR. I think that's versus 78% expected previously. I want to make sure I got that right. And then secondly, I guess my real question, does it feel like we're getting any closer to an inflection point on the co-pilot and Gen AI stuff? What are you seeing from customer behavior? How is maybe the macro impacting the rollouts of agent force, co-pilot, et cetera? Thank you.

I think that overall organizations understand that these AI tools are a massive productivity game. Definitely, I think that they will. They still need to have their heads how they are going to use it exactly how to roll it out to all of their employees. But definitely we see it as a driver and we believe it is going to be more and more on the hands of just knowledge workers. You will see just a more need and just a. Demand for a data data security, but this is definitely something that we see across the board.

And I did want to confirm, yeah, you're right. We raised our guidance on the SAS mix from 78% to 80% at the end of the year.

The next question we have is from Sinead Kothari of Robert W. Bate. Please go ahead.

Yeah, congrats, team. Thanks for taking my question. Just on a related note from the previous question, So historically, your strength has been in unstructured environments. And of course, with the serial acquisition and increased focus on Snowflake, Databricks, BigQuery, you've been broadening into structured data. Just curious, Yaki, how are our customers responding to this kind of more unified view across structured, unstructured assets? Do you see this more of a greenfield expansion? And are there real gaps in automated remediation there. Are you seeing budgets shift from potentially legacy asset management vendors into your platform? Just curious what you're seeing. Thanks.

I think for organizations, it's natural to make sure that they are protecting all the data with us. They need all the automated outcomes that we provide. They want one unified data. classification engine, and this is exactly what they need from us, which is getting much better security. We have second-to-nine data-centric user behavior analytics. We also work a lot on the, you know, in Active Directory Entry ID, Okta, IAM, so monitoring identities and other streams like firewall and proxy. So this is just natural extension for them, and it works very well for them to make sure that they don't have data breach, to make sure that they are in compliance and they can do it in an effortless way, but also that they can go and show their board or superior that they have done a good job that in a tangible way, they classified everything, they label it, they narrow the blast radius without breaking business process, and they did everything automatically without adding any additional headcount.

The next question we have is from Jonathan Reckover of Cantor.

Please go ahead.

Yeah, hi. Can you talk about the agentic AI capabilities that you've announced within MDDR? And specifically, when you look at agentic systems, the adoption curve is still very early. So, when would you expect agentic AI to actually begin to contribute more materially to customer outcomes and revenue growth? And specifically, as it relates to MDDR, how do you plan to monetize those new features?

Thanks for the questions. What is happening, we have world-class analysts looking at customer data 24 by 7. And we also have a very unique data set that sees the behavior of user and service accounts and all identities into the data and we reach it with a lot of information. But what we did, we just learned how to build these security agents that looking at the data and can close everything, takes You know, a lot of events and many alerts and just close them automatically to make sure that the analyst can be extremely productive. So once a customer is onboarding with our MDDR, you have the best analyst in the world using a data-centric platform and just an army of robots that is helping them. in a tireless way to look 24 by 7 at the customer's environment and make sure that they don't have a data breach. And it works extremely well. We are getting to tremendous automation. And this is how we are augmenting our analysts. And once you have our MVDR, an extension of your team is the best people in the world at understanding data security that are working for you around the clock with the help of these robots.

Thank you. Ladies and gentlemen, we have reached the end of the question and answer session, and I would like to send the floor back over to Tim Peirce for any closing remarks.

Thanks again for the interest in Varonis.

We look forward to seeing you all at conferences this quarter. Goodbye. Ladies and gentlemen, that concludes today's conference. Thank you for joining us. You may now disconnect your line.