Cyberark Software Ltd (CYBR) 2017 Q1 法說會逐字稿

Good day, ladies and gentlemen, and welcome to the CyberArk First Quarter 2017 Earnings Conference Call.

(Operator Instructions) As a reminder, this conference call is being recorded.

I would now like to turn the conference over to Erica Smith, Vice President, Investor Relations.

Ma'am, you may begin.

Thank you.

Good afternoon.

Thank you for joining us today to review CyberArk's First Quarter 2017 Financial Results.

With me on the call today are Udi Mokady, Chairman and Chief Executive Officer; and Josh Siegel, Chief Financial Officer.

After preliminary remarks, we will open the call up to a question-and-answer session.

Before we begin, let me remind you that certain statements made on the call today may be considered forward-looking statements, which reflect management's best judgment based on currently available information, specifically, our expectations and beliefs regarding our projected results of operations for the second quarter and the full year 2017.

Our actual results might differ materially from those projected in these forward-looking statements.

Please see the risk factors contained in the company's Annual Report on 20-F filed with the U.S. Securities and Exchange Commission, and those referenced in today's press release.

CyberArk disclaims any application or undertaking to release publicly any updates or revisions to any forward-looking statements made today.

Additionally, non-GAAP financial information will be discussed on the conference call.

A reconciliation to the most directly comparable GAAP financial measures is also available in our earnings press release, which can be found on www.cyberark.com in the Investor Relations section.

Also, please note that a webcast of today's call will be available on our website.

With that, I'd like to turn the call over to Udi.

Thanks, Erica, and good afternoon, everyone.

Thank you for joining the call today.

We were pleased to, again, exceed our guidance for the first quarter.

Revenue increased by 26% to $59 million.

We generated non-GAAP operating income of $12.7 million and operating margin of 22% and earnings per share of $0.28.

We continue to execute on our strategy to extend our position as the leader in Privileged Account Security while we deliver both growth and profitability.

Market awareness continues to build and Privileged Account Security is often among the top priorities in enterprise security.

Organizations increasingly recognize that the attack surface across on-premise, cloud and hybrid environments as well as in DevOps processes is only expanding.

Securing privileged accounts is essential to protecting the enterprise.

The biggest contributor to our license growth, again, in this first quarter was add-on business.

Our investments in sales, marketing, customer success and partner programs are driving the momentum within our existing customers as they roll out multiphased CyberArk programs.

All of our customers have room to grow to protect more of their infrastructure or roll out additional products.

In fact, to date, only about 1/4 of the entire installed base of more than 3,000 customers has purchased more than 2 products out of the growing portfolio of products.

A few highlights from customer expansions this quarter include: a Fortune 100 manufacturer signed another 7-figure deal, the first engagement included 5 of our products and focused on Windows systems.

This year, the company is implementing the second phase of its CyberArk program, which includes deeper protection of Unix with On-Demand Privileges Manager and SSH Key Manager.

The strength of our Endpoint Privilege Manager was highlighted with an existing health care customer.

After a merger of equals, the organization was using both CyberArk and the competitive product.

The combined organization is standardizing on CyberArk's Endpoint Privilege Manager because they believe we have the superior technology for privilege management and hardening at the endpoint.

Customers recognize that one of the benefits of Endpoint Privilege Manager is the unique combination of privilege management, application control and credential theft blocking, which is strong protection against the potential crippling damage from ransomware attacks.

And a large insurance company began using CyberArk in 2012 and expanded its relationship with additional licenses in '13, '15 and 2016.

In the first quarter, this Fortune 100 company made a 7-figure purchase to protect all critical servers with Privileged Session Manager.

After using our software, the customer recognized the unique value our isolation layer provides in protecting the network from damaging malware attacks.

The company also made an initial purchase of Application Identity Manager, opening the door for future expansion with this product.

While existing customers are rolling out CyberArk programs, new customers continue to take a more strategic approach to Privileged Account Security.

We ended the first quarter with more than 3,200 customers and nearly 30% of new business deals included 3 or more products.

One new win, a consumer manufacturing company, is integrating 3 of CyberArk's products into what the customer identifies as an Internet of Things project.

Engineers and software developers are accessing product-related passwords, recording sessions and rotating application credentials in AWS for their proprietary technology that will be integrated into an Internet-enabled product.

As the threat landscape evolves, we believe the Internet of Things represents a clear future opportunity for CyberArk.

A pillar of our strategy is diversification, and we were pleased with the breadth of our business in Q1.

All companies, regardless of size or vertical, struggle with common challenges like third-party remote access.

Research demonstrates that more than 60% of data breaches are caused by vulnerabilities created by external vendors.

Every quarter, large enterprises choose our Privileged Session Manager to protect third-party access, which can number hundreds of vendors and thousands of users.

But small- and mid-sized organizations also want a partner to help them navigate this challenge.

In the first quarter, we won deals with airports, law firms and service providers who will leverage CyberArk to manage, control and monitor external network access.

Our business was also well diversified across verticals, with 10 of our largest software deals representing 7 distinct verticals.

The manufacturing vertical experienced growth well over 50% year-over-year while 4 other verticals: insurance, telecommunications and hosting, transportation and travel and global government more than doubled.

Not only did government grow by more than 100%, it represented about 15% of our total business in Q1.

Our government deals span U.S. federal, the U.K., France, Singapore and New Zealand among other countries.

Our successful track record is helping us win deals with state and local agencies as well as government suppliers who need to conform to heightened security standards.

Two 6-figure government wins during the quarter include: a government agency in the U.K. purchased 6 of our products with the initial phase including only about 10% of its privileged users, providing us with meaningful expansion opportunity over the coming quarters and years.

We also displaced a large legacy vendor in a U.S. civilian agency.

The vast majority of our new business deals are still greenfield, but it's rewarding when prospects determine that our solution is a better strategic fit to secure their infrastructure.

While we had success across multiple verticals in the first quarter, we also demonstrated the power of our diversification strategy across geographies.

We showed strong growth in the Americas as well as dramatic momentum in APJ.

I'm just back from our customer event in APJ and based on my discussion with customers and partners, I am confident there is significant untapped opportunity across the region.

In EMEA, while we generated 11% revenue growth, we saw weakness in certain territories.

Pipelines and awareness in EMEA are steadily increasing, and we believe that the overall demand environment is healthy.

To help ensure we capitalize on these opportunities, the EMEA management has made adjustments in its channel leadership, and it's focused on delivery more consistent performance.

One of our key initiatives this year to help support the global sales effort is enhancing our marketing engine.

Marianne Budnik, who recently joined as Chief Marketing Officer, has extensive experience implementing global marketing strategies.

She was most recently at SimpliVity and previously held executive roles at Acme Packet, CA and EMC.

Marianne has a proven track record executing cohesive campaigns, channel marketing programs and increased market awareness that contribute directly to pipeline and helped drive growth across geographies.

She's a great addition to the CyberArk executive team.

In the first quarter, we also completed our most successful RSA Conference ever.

Our interactions with existing customers and prospects increased dramatically again this year.

We conducted deep dive sessions with C-level executives to identify ways we could help them better secure their infrastructure.

At RSA, we also announced enhancements to our platform with a new data feed integrating Privileged Session Manager and Privileged Threat Analytics.

Customers now have enhanced control, visibility and response capabilities in their privileged sessions.

They receive customizable prioritized information on high-risk activity and can take action, ending potentially malicious sessions.

Innovation is critical to extending our leadership position.

Last week, we announced integrated cloud automation tools and preconfigured Amazon Machine Images, or AMIs, that simplify and accelerate the deployment of CyberArk in AWS within 15 minutes.

The cloud is accelerating business and as migration strategies take shape, cloud security is top of mind for all organizations.

Super users have privileged access that if compromised can devastate an organization, and the complexity of protecting assets and applications in an elastic environment is daunting.

Today, we are not only helping customers protect assets in the cloud, but organizations are also increasingly running our software in public cloud environments.

A cloud service provider who works with government agencies chose CyberArk because we have the broadest cloud support for privileged accounts.

This customer plans to run Enterprise Password Vault and Privileged Session Manager in AWS while a large insurance company is rolling out our software in Azure.

We are committed to delivering innovation that helps customers protect the heart of the enterprise.

We are very excited about the acquisition of Conjur.

Conjur has developed and successfully deployed a revolutionary solution to secure DevOps, which is only in its early innings of disrupting application development and enterprise IT.

While empowering organizations with more efficiency and speed, the DevOps process is also dramatically expanding the attack surface.

With the acquisition of Conjur, we have significantly expanded our offering with advanced security and management capabilities, allowing us to reach an even broader market base and solve these new security challenges.

CIOs and Chief Information Security Officers and developers are only in the early stages of evaluating solutions that offer the right combination of control and security without impeding the agility and speed of the DevOps delivery.

We acquired Conjur because they have pioneered a new approach for securing DevOps processes by leveraging machine identity concepts.

As demonstrated earlier this week, Conjur was recognized by Gartner as a Cool Vendor in DevOps because of its leading edge technology.

This acquisition now extends CyberArk's market opportunity with revolutionary technology that takes us deeper into the DevOps life cycle.

We are now the only vendor that provides enterprise class protection for secrets and privileged accounts across on-premise, cloud and the new attack vectors created by the DevOps pipeline.

We are thrilled to have the talented Conjur team including the founders, Elizabeth and Kevin, join CyberArk.

Moving on to our partner ecosystem.

Our C3 Alliance also extends our solution and is a key differentiator for us with prospects and customers who are looking for more cooperation among vendors.

We recently added new alliance members, including Opta, Puppet and Palo Alto Networks and today, more than 45 partners are part of our program.

Our relationships with Proofpoint, Splunk, and Tenable, among others, are driving business as we work together to increase the value of existing IT investments and improve security across the enterprise.

The number of certified CyberArk engineers is also growing and already helping with implementations and ongoing service delivery.

In addition, we continue to build momentum with the influencer, system integrator and VAR communities.

More than 60% of our business during the quarter was indirect, including many of the large multiproduct deals that we signed.

Our entire team worked tirelessly in the first quarter to deliver against our model for growth with profitability, and I'm proud of what we accomplished.

Our pipeline is robust and in the first quarter, we added more qualified opportunities than ever before, demonstrating the strength of demand for our solution.

The acquisition of Conjur strengthens our technology platform in the cloud and DevOps, which is a significant opportunity for us.

We believe our operational achievements and investments in the business put us in a strong position to execute our strategy for 2017 and beyond.

With that, let me turn it over to Josh.

Josh?

Thanks, Udi.

We were pleased to exceed our outlook for the first quarter across all the guided metrics including revenue, operating income and EPS.

We grew our total revenue by 26% year-on-year to $59 million.

License revenue reached $33 million, growing 20% over the prior year period and representing 56% of total revenue.

The biggest contributor to our license revenue growth was add-on business.

Existing customers recognize the exceptional value we provide in protecting their IT infrastructure and are expanding with additional licenses and new products.

Maintenance and professional services revenue was $26 million, increasing 34% over the prior year period and representing 44% of revenue.

The Americas increased revenue 28% year-over-year to $37.5 million or 63% of total revenue, which compares to 62% of revenue in the first quarter of last year.

As Udi mentioned, EMEA revenue grew 11% to $16.9 million or 29% of total revenue, which compares to 33% of total revenue in the first quarter last year.

And APJ experienced a robust growth of 90%, with revenue reaching $4.6 million or 8% of total revenue in the first quarter of 2017 compared to 5% of total revenue in the first quarter of 2016.

As I move through the P&L, all financial results will be discussed on a non-GAAP basis.

Please see the full GAAP to non-GAAP reconciliation in the tables of our press release.

Our first quarter gross profit was $51.1 million or an 86.5% gross margin compared to 87.6% gross margin in the same period last year.

The slight decline in the gross margin is consistent with a small change in our revenue mix, coupled with investments in cloud infrastructure and professional services that we outlined during our call in February.

The majority of our investments continue to be in R&D and sales and marketing.

In the first quarter of 2017 compared to 2016, research and development expenses grew by 21% to $7.9 million as we invested in our product offering, particularly in strengthening our cloud capabilities.

Sales and marketing increased 28% to $25.8 million.

We are aggressively expanding our sales organization, both direct and indirect to capitalize on our significant market opportunity.

In addition, we had a strong presence in RSA again this year, which Udi talked about earlier.

G&A increased 26% to $4.7 million as we continued to invest in scaling the business and support the organization's growth.

In total, operating expenses for the first quarter increased 26% to $38.3 million compared with $30.4 million for the first quarter last year.

Our overall expense growth is primarily related to headcount, and we ended the first quarter with 867 employees worldwide, up from 823 at year-end and 692 at the end of the first quarter of 2016.

We are looking forward to having the approximately 20 Conjur employees, the majority of who are developers or in technical roles, join the team this week.

Again, this quarter, we demonstrated the strength of our business model with our revenue outperformance further contributing to our operating income of $12.7 million or a 22% operating margin, which was ahead of our guidance.

This compared to operating income of $10.7 million or 23% operating margin a year ago.

Net income was $10.2 million or $0.28 per diluted share for the first quarter of 2017, up from $8.3 million or $0.23 per diluted share for the first quarter of 2016.

For the quarter, our non-GAAP tax rate was approximately 23%.

Related to the GAAP taxes, in the first quarter, we adopted the new accounting standard, [ASU 609], where the excess tax benefit related to our share-based compensation is now reflected in our income tax provision.

In prior periods, those excess tax benefits were recognized in equity.

The net result on the income statement was a GAAP tax benefit of approximately $1 million.

As a result of this new standard, our GAAP tax rate may vary going forward based on fluctuations in our stock price.

We ended the quarter with $310.6 million in cash, short-term deposits and marketable securities, increasing from $295.5 million at year-end.

We were also pleased to generate $16 million in cash flow from operations or a 27% cash flow margin.

Our DSOs for the first quarter were towards the high end of our target range at 53 days, in part because of a larger percent of -- percentage of our business closing later in the quarter compared to prior periods.

Turning to our guidance.

For the second quarter 2017, we expect total revenue of $61 million to $62 million or a 22% year-on-year growth at the midpoint.

We expect non-GAAP operating income to range between $10.9 million to $11.7 million and non-GAAP net income per diluted share of $0.23 to $0.25.

This assumes 36.3 million weighted average diluted shares.

Our second quarter non-GAAP operating income guidance reflects the full run rate of the headcount increases we've made in the first quarter and approximately $1 million in increased operating expenses related to the acquisition of Conjur.

We expect revenue for the full year 2017 to be in the range of $268.5 million to $271.5 million or a growth of approximately 25% at the midpoint.

Non-GAAP operating income to be in the range of $55 million to $57 million and our non-GAAP net income per diluted share of $1.18 to $1.22 per share.

This assumes 36.4 million weighted average diluted shares and a tax rate of 22%.

Our full year guidance also assumes approximately $3 million to $4 million in additional operating expenses related to the acquisition of Conjur.

While guidance does not assume any incremental revenue from the acquisition for the second quarter or full year 2017, Conjur is consistent with our strategy to invest in growth engines that will help drive our results over the long term.

Conjur strengthens our leadership position by extending our enterprise class solution deeper into the rapidly growing market for security solutions that protect the cloud and DevOps.

We are excited about the opportunities this acquisition creates for CyberArk.

We were pleased to exceed our guidance again in the first quarter.

We have consistently outperformed expectations and delivered a balance of growth and profitability that is among the strongest of publicly traded security software companies.

We plan to continue to make investments in innovation and to gain market share that we believe will deliver long-term value to our shareholders.

I will now turn the call over to the operator for a Q&A.

Operator?

(Operator Instructions) Our first question comes from Saket Kalia with Barclays.

Actually maybe just for you, Josh, to start.

Can you just talk about the 2017, the moving parts in the 2017 EPS guidance a little bit?

You beat this quarter nicely, but the full year is going down, I think, a couple cents at the midpoint.

So could you just maybe quantify how dilutive Conjur is?

And maybe looking at it another way, what the full year EPS guidance would be if -- excluding the impact of the deal?

Yes, and thanks for that question.

So as I said in the prepared remarks, basically, we see Conjur adding about $3 million to $4 million, $3.5 million at the midpoint.

And we did not add material incremental revenue to the guidance, although we did pass through the guidance of our beat for the first quarter to the end.

So if we had -- without the additional expense of Conjur, we would have been at approximately $1.28 per share.

Got it.

That's very helpful.

And then maybe for my follow up for you, Udi, just a little bit higher level.

How do you think about DevOps security just in the context of privileged accounts?

I know that RSA DevOps security was very odd.

We saw CA bought Veracode, obviously, a very hot space.

But could you just tie how you see DevOps security kind of fitting into the historical focus on privileged accounts a little bit?

Sure.

I think like other major IT revolutions, the business functions run faster than security is.

And right now, organizations are running fast to adopt DevOps.

But when security steps in, today, it means stopping and holding back on adopting the agility that DevOps methodologies introduce.

All of these communications between applications are based on secrets.

And this is our world.

Our world has always been securing the keys to the IT kingdom.

This is expanding us to securing the keys to this new kingdom of DevOps, where applications are increasing the attack surface with the use of containers, with the use of all the new DevOps tools, continuous integration and continuous development.

So for us, it's a natural expansion, but a very exciting one to ride another disruptive piece that's going through IT.

Our next question comes from Gabriela Borges with Goldman Sachs.

Maybe for Udi, you mentioned something interesting in the prepared remarks, which was more qualified opportunities than ever before.

Maybe you can just expand on that a little and how that would translate to potentially license revenue growth over the next 12 months.

So we, of course, look at various -- hi, Gabriela, first of all -- we first look at various metrics on the health of the business.

And on top of looking at just pipeline expansion, we really look at the new entry of pipeline and the pace of entry of pipeline, and we can say it's the healthiest we've ever seen in terms of quantity.

So that means that the greenfield opportunity that we talk about is there.

Of course, we have sales cycles to go through and to mature that pipeline.

But the translation to us means that more and more organizations are jumping into the fray and understanding the strategic importance of Privileged Account Security.

Yes, that makes a lot of sense.

And as a follow-up to the early question on DevOps security, maybe you could help us understand, with the Conjur acquisition, how do you think about monetizing this technology?

Is it something that's going to be integrated into some of your existing products?

Can you monetize it separately?

Maybe just how you think about the size of what that opportunity could ultimately pan out to be?

Sure.

I think the beauty of this acquisition is that it extends our play in the space.

Our Application Identity Management solutions were built to secure applications in the classic enterprise.

And with Conjur, we're enabling our customers to adopt the faster and more modern DevOps methodologies without compromising on security.

The -- Conjur is optimized for the lighter technology stack of containers and elasticity and scale that is required for modern DevOps.

So for us, it's another opportunity to really grow that product line into -- as more and more organizations expand and using DevOps into the cloud will -- the licensing model that Conjur currently has is subscription based, and we will look to integrate it into our product.

Our next question comes from Sterling Auty with JPMorgan.

Bouncing between earnings, but in terms of the acquisition, I'm kind of curious in understanding within DevOps, is it storing some sort of symmetric key, and that's how it's encrypting the "secrets"?

Is it a repository of those?

How is it actually enforcing the security of those secrets?

So I think the unique change that happens with DevOps is you no longer have a static application.

So we're securing here the machine identities wherever they are, they can be in containers, they can be in virtual environments.

And yes, it's a variety of keys.

Those include administrative accounts, but they also include APIs and SSH keys that need to be centrally managed and enforced.

Our next question comes from Rob Owens with Pacific Crest Securities.

Following up on Sterling's question.

So if I look at DevOps, particularly as a self-provisioning velocity-based type of movement, talk about the selling motion a little bit in how acquisition of this technology actually occurs at this point and how you see that with CyberArk.

That's a great and exciting question because one of the beauties here is the adoption of DevOps security or the DevOps tool starts with the developers that are running really fast because they're delivering great value to their enterprise.

So from a CyberArk perspective, it means an additional audience of developers that were not able to run with the velocity that they wanted to because of security or that when security stepped in, they had to hold back.

One of the reasons for acquiring Conjur is that flexibility and agility of their solutions to support the fast pace of DevOps development, the integration with DevOps tools like Puppet and Chef to really part of the integral process of -- or the integral DevOps pipeline, securing it, but supporting its agility and speed.

And second, just shifting gears.

Can you talk a little bit about some of the challenges you've seen in EMEA and what you're doing to get that business back on pace?

Yes, obviously, we often talk about different regions perform differently.

I think in EMEA, we highlighted the fact that we've seen less productivity in some of the regions.

So it's not across all regions of EMEA.

And what we're doing is really stepping up the channel efforts across EMEA and really delivering, I would say, the risk-based approaches that have been very successful for us in the Americas, guiding customers through -- beyond compliance to really take a risk-based approach for security.

Since GDPR is not active yet, customers are not -- don't have to disclose the breaches, and so you don't have similar drivers like in the U.S. but through education and leveraging the channels, we believe we can get it back in pace.

I also mentioned the energy we're going to put behind on the marketing side.

And again, with the addition of our new Chief Marketing Officer, it's going to be top priority for us to really deliver the knowledge and awareness into the European market.

And again, leverage some of our best practices from the Americas.

Our next question comes from Shaul Eyal with Oppenheimer.

Udi, another one on Conjur, maybe from a different direction.

So clearly, this type of acquisition seems to be a great tuck-in as well as providing you guys with new growth opportunities longer-term.

I think you mentioned it's a subscription-driven business model.

But maybe in the context of your M&A strategy, what have you learned from -- an example, the Viewfinity acquisition that could be applied to Conjur as you bring these guys onboard into the CyberArk DNA and culture?

Yes, I think I've -- hi, Shaul, first of all, and thank you.

I think we said in the past that Viewfinity acquisition, really -- and with Cybertinel, we felt that we were 2 for 2 in the ability to acquire topnotch technology but also integrate it into our product suite and into our sales processes.

With Viewfinity, obviously, we've seen great success in bringing it into the field.

The difference there is, of course, is that it replaced a solution that we were already reselling.

With Conjur, I and the team were just super excited because it's an extension, you can call it, to another frontier and another wave that is happening in the industry.

We're really going long.

We're a market leader that both executes on the horizon we see now, but also invests and steeps up as it sees newer, longer-term growth opportunities.

And that's what we see in Conjur.

In all of the accounts we talk to, this is their next wave, is how do they conduct DevOps and without slowing down because of security.

And we saw an opportunity to actually allow them to do both, to run fast with DevOps, but still do it in a secure manner.

And of course, we'll take the best practices that we've learned from -- how do you retain top talent from acquisitions, and we're very excited about the team.

How do you integrate it into existing sales force and channels?

And we're going to give it a lot of energy because we're very excited about it.

Got it, understood.

And my follow up, Udi.

Can you talk to us about your relations and partnership with SailPoint, bringing together identity management and Privileged Account Security.

Is the goal of that relation aimed at bringing together physical growth environment or just going after a hybrid business models out there?

So SailPoint is a strong partner on the C3 Alliance and primarily we go together in large enterprise opportunities where -- and very often with joint -- a partner that's bringing us together.

Where we're securing the underlying infrastructure and really, the keys to the kingdom, whether it's on premise and cloud, and SailPoint is the identity management solution for managing the regular users.

And so it's very complementary, but not completely side-by-side.

Our next question comes from Melissa Gorham with Morgan Stanley.

I just wanted to shift to margins.

So it sounds like x the acquisition, the EPS guide would have moved higher.

And at the same time, it sounds like you're still talking about increased investments in distribution in '17.

So can you help reconcile those 2 different data points and where you're seeing leverage relative to maybe a quarter ago when you gave the initial guide?

Yes, hi, Melissa.

This is Josh.

Thanks for the question.

If we had new -- before considering Conjur, we would have probably shared a $59.5 million operating income line, showing a 22% operating margin.

And basically, what we've done here is just add the $3.5 million of expenses that's going to be mostly on the OpEx side in sales and marketing and R&D, and there'll be some minority portion as well in G&A and cost of goods.

So really, we actually have -- besides Conjur, we actually have found leverage in the model.

We did nicely in the first quarter with our operating margin.

And it would have come through during the year as well compared to the guidance that we gave last February.

And then basically, we took it down to account for the acquisition, the additional expenses from the acquisition.

In terms of additional investment, we're still planning -- the acquisition of Conjur is an incremental to the additional investments that we're planning to make in our original operating plan for CyberArk, which is increasing account executives across the globe, channel development, increasing R&D across our flagship products and also cloud readiness organically as well in our development teams.

So this is not -- this will be -- this is incremental to our investment strategy that we set out for you in February.

Right, okay.

And then just one follow up on EMEA.

So Udi, you talked about changes that you're making in terms of channel push, marketing, et cetera.

I'm just wondering if you can provide a little bit of guidance on what you think in terms of timing of when those changes will start to drive improvements.

And then in GDPR, what is your current thinking in terms of timing of when that starts to drive additional purchases?

So I think some of the changes we put in play were already in the -- during the quarter itself especially on the channel management and taking a risk-based approach to security.

So I think it's already in play.

And I want to set expectations that we're not getting the top productivity, but it's also a seasonality issue in Europe.

Europe is usually more back-ended towards the second half of the year.

So we're not talking about the need to go and make major corrections, but actually continuously bring best practices from the earlier adopting markets of America and of course, with the strong play that channels have here, put more energy behind it.

Our next question comes from Gur Talpaz with Stifel.

So Udi, can you talk about what Conjur means with regard to your existing public could efforts?

So the public cloud is often seen as DevOps territory.

Do you think this gives you potential leg-up here in garnering awareness in the public cloud?

And how should we think about the time line to integration for the 2 solutions?

Great, great.

So first of all, it's a super leg-up because with this acquisition, we're going to be the only solution out there that has the solution for the hybrid enterprise and in an enterprise class solution.

There are some open source solution that tried to deal on the DevOps side.

We're bringing on an enterprise-grade solution for Privileged Account Security, both the on-premise, the cloud infrastructure and the DevOps.

So it's really giving us a massive opportunity.

I also want to emphasize that we've been continuously investing in -- with our other products, Enterprise Password Vault and Privileged Session Manager and SSH Key Manager with how do we secure the cloud infrastructure.

And we're doing that all the time and like I said, we're continuously releasing ways to discover our cloud assets and then secure them.

So this allows us to secure the infrastructure itself, the servers, the administrative consoles for cloud infrastructure, but then expand into -- continuously expand faster on the application side of the cloud adoption and DevOps.

And with Conjur, a lot of this -- it comes with just native integration because it was built for container technology and for the elasticity and scale of cloud.

That's great.

Maybe just a quick follow-up in terms of how we should think about the time line for integration?

So they -- Conjur has customers and happy customers, and we're bringing onboard, we're bringing it fast to something that's -- the Conjur solution is now going to be available immediately for our customers.

And on top of that, we will be rolling additional integration so that they can benefit from the entire platform.

And you can expect that -- the integrations themselves during H2.

Our next question comes from Fatima Boolani with UBS.

Just a technical one for Udi.

Udi, can you step through how Conjur is actually deployed today?

And I'd imagine it has to be in the most unobtrusive way possible, knowing what we know about DevOps.

And then also just to kind of piggyback on that, maybe the reasoning behind the acquisition of Conjur versus maybe repurposing some of the core SSH key management technology you already have in your portfolio.

And a quick follow-up for Josh, if I may.

So hi, Fatima, first of all.

Absolutely, one of the exciting things is the delivery, and that it was built for DevOps in mind.

So it's delivered as a -- it could be considered as a container or [a VM] and it's embedded in orchestration tools.

So it's a very light architecture that's designed for scale.

This is one of our exciting elements.

And to your question, obviously, and every time you look at a market opportunity, you can look at a build and at a buy option.

And in various segments in the past, because we have such a talented R&D, we went ahead and developed.

In this one, we felt that time-to-market is key.

The DevOps revolution is happening now and that we really found the right partner, and the team and the quality of the team.

And so the stars were aligned there.

And I'm always proud of our team that they're open-minded and they -- and our own R&D said this would be great, this would be augmenting, and we can also paint a mutual road map for integrating it into our solutions.

So hence, the decision to do that, to really hit the ground running on this market opportunity.

Makes sense.

And Josh, a quick one for you.

In your prepared remarks, you were pretty explicit about the more back-end loaded nature of the quarter and I think it's something that's starting to become a little bit more of a pattern.

I'm wondering if you could put a finer point on it.

Is it something intrinsic that you can fix or is it sort of exogenous or sales cycle-related?

That would be really helpful.

Yes.

Thanks, Fatima.

Yes, we -- well, in the first quarter, we saw more season -- more back-end into March.

We saw it at a bigger extent in EMEA compared to the rest of the world, although we did have some of it in each of the regions.

We think that in EMEA, there is some lengthening of the sales cycle as much -- most of the business is going through channels.

And I think over the last couple of years, we've actually seen more seasonality in EMEA going towards the back of the quarter and actually going towards the back half of the year as well in EMEA, we've seen that increase.

I don't think in Americas I would say -- which is, obviously, our largest market and the largest share.

I think it was Q1 software seasonality.

We had a great Q4, and I think that there's nothing there that I would say is more than just what happened this quarter.

Our next question comes from Gregg Moskowitz with Cowen and Company.

Udi, how are sales of Application Identity Manager this quarter?

And going forward, does the presence of AIM help you ramp the Conjur business within the DevOps world?

Yes.

So I think our job is to really kind of see across the horizon.

So the AIM -- the current AIM business is healthy because most enterprises are -- still have so many on-premise applications, so we had deals this quarter, we have deals in the pipe that have to do with helping enterprises secure their on-premise applications.

And of course, with some of them, we have been expanding to their cloud application.

What we're doing here is we're looking -- we're seeing around the corner.

And we're seeing it began where there are grassroots adoption of DevOps tools that are likely because that's how they have to run fast and that's how these developers want to work.

And we want to step into the fray and really give that combination: answer the security concern of the enterprise, but give the developers the tools they need to run fast.

So that's how we see it.

You can really see the classic CyberArk AIM product line as having a robust pipeline.

We're in the back of a strong year with AIM, but we're augmenting that with the ability to catch the next wave.

Okay, great.

And then for Josh or perhaps for Udi.

You mentioned that the manufacturing vertical grew over 50% year-over-year and that insurance, telco, transportation and government each grew over 100%, so all representing extremely impressive growth.

But if we triangulate that with the overall growth rate that you reported in the quarter, does that imply that financial services growth was perhaps a little less than you expected?

Can you comment on what you saw in the financial this quarter?

Yes.

I would say that financial services wasn't as strong in previous quarters where we talked about financial services outgrowing the pace of the CyberArk growth.

But we don't see any major changes there.

We had a very robust Q4 on the financial services, and we have a very robust pipeline.

And so I think the standout here is to see more and more verticals jump in into the fray and transportation totally, totally new area for us.

Manufacturing though is always a slower adapter while financial services was our forte and will continue to be a strong vertical.

Our next question comes from Jonathan Ho with William Blair.

I just wanted to understand just given the increased investments that you're making, can you talk a little bit about the pipeline of opportunity?

And maybe some additional color relative to how that's shaping up in comparison to prior periods and the market opportunity?

Yes, hi, Jonathan.

This is Josh.

We're actually, I think even Udi mentioned it in the prepared remarks, we've opened up more opportunities in the first quarter than we have ever.

And we're seeing a robust pipeline that keeps growing, and so the demand environment is very healthy across all 3 regions.

Got it.

And then can you talk a little bit about the Privileged Threat Analytics integration with PSM and maybe how impacted cross-sell in the quarter?

Yes, absolutely, and I'm excited that you and some of the others had a chance to see it at the RSA show.

Basically, a lot of organizations are recording sessions where privileged users have access to sensitive data in a privileged session.

But we're not able to go back, investigate when they had concern over insider threat or when they had compliance drivers to check it out.

With Privilege Threat Analytics, we're really tying the two together.

We're analyzing suspicious behavior and tying that to their ability to go back and see what was actually done, very often giving them the ability to remediate and respond.

So tying that together is making PTA a more classic introduction, not just for the risk-aware organizations for which it was originally launched, but also for the also compliant-driven organizations, or organizations that are primarily concerned about insider threat.

And so that definitely is a strong driver for PTA.

And speaking of Europe, we're seeing that really make a strong foray of PTA pipeline in Europe and other compliant-driven markets.

Got it.

And I know a lot of questions have been asked on Conjur, but I just wanted to get a sense of how big you think this opportunity could be?

Could this be as large as some of the core products that are there?

And maybe a time frame for how you see this evolving.

I know it's not near term, but maybe just the bigger picture longer term.

Absolutely.

We're making this move and we're investing.

And to a previous question, we're also investing in the integration and bringing this go-to-market with full force because we think it's a major opportunity.

So yes, this is going to be a strong growth engine for CyberArk, as strong as some of the previous ones.

That's really how we see it.

We -- our customers are eager to receive solutions that really tie both ends, the ability to adopt DevOps, but also protect the attack surface and really stay in control.

Our next question comes from Andrew Nowinski with Piper Jaffray.

Just a question on Conjur.

So $42 million seems like a fairly steep price for a company that's not generating any revenue.

Is that just due to the subscription model?

And if so, would we expect to see a contribution from Conjur this year show up in your billings?

So I think the value here is really the value of adopting disruptive technology that can bring us faster to market.

We talked about definitely seeing contribution in 2018, and we're very confident of that and beyond.

Yes, they are a subscription model, and they have early happy customers, but this is a strategic technology acquisition.

Okay.

And then with regard to the quarter in Q1 here, you guys only exceeded the high end of your range by about 1.8%, which is the lowest amount, I think, ever that you've had in terms of upside.

And then you guided down for Q2 to like 22% year-over-year growth, which is below the full year growth rate itself.

So I'm just wondering was there any sort of disruption at some of your larger channel partners?

Or is that all attributable to the Europe issues?

No, no, I think, first of all, we were pleased to exceed guidance and everything we guided to, with 26% growth.

And we're doing all of that with strong operating margins and cash flow.

We're seeing a pipeline and fundamentals continuing, allowing us to continue to be a high grower.

And like we said on the Europe front, we do expect a back-end loaded performance.

So there's nothing at any your channel partners, no issues there?

No, no, no.

I think I mentioned to you the fact that we're really diverse in the type of channels that we work, the VARs, the SIs, the big 4 that bring us in.

We can do better and hence, the efforts we're making in really taking a more risk-based -- or educating our customers on the risk-based approaches.

But there's nothing on the front of disruption, and we see a huge opportunity.

Our next question comes from Alex Henderson with Needham & Company.

Just a quick one.

You mentioned company where you had a -- they had a merger, and you competed side-by-side and then ultimately, the competitor was removed.

Can you give us any indication of who that might have been?

And who you're seeing on the competitive front at this juncture more often?

It was -- yes, it was an EPM solution, so the Endpoint Privilege Manager, and it was -- if I recall correctly, it was BeyondTrust.

And then can you give any indications on the percentage of deals in the quarter that were noncompetitive?

What -- how many of them you saw multiple vendors at, and how many are greenfield relative to new deployments to the customer where they didn't have a system?

Sure.

Oh, yes.

So most of the new business opportunities that we've seen were greenfield.

So it's still the vast majority don't have a solution but once in a while, we definitely want to indicate when we find customers that have a competitive solution and we disrupt.

But those were in the minority of cases.

We did highlight an example earlier.

But in most cases, it's greenfield.

When it's -- there are situations where there's competitive solution brought, historically more from compliance reasons and when the customer takes a security-based approach, where we have the opportunity to win their trust and focus on their security.

One last if I could stick it in there.

On the acquisition, obviously, a lot of questions about the benefit of what you're getting from this.

But it seems like a lot of the technologies around containerization, the UEBA analytics, automation skills and potentially micro segmentation skills would be applicable back into your primary offerings and existing technology base.

Can you talk about to what extent you can bring some of those skills back and amplify capabilities in your existing product lines?

So I would say that the containerization and everything that we're seeing is really driving new needs in the market.

And you don't have static applications like we had before, so we're almost -- we're a partner to container solutions.

We're a partner to DevOps tools, but there are new vulnerabilities that are now created in this expanded application space.

And so for us, it's an expanded opportunity in that sense.

And you can -- you mentioned some others, it's primarily synergetic to the other DevOps security vendors that focus on container security.

Our next question comes from Catharine Trebnick with Dougherty & Company.

With the competitive landscape, Udi, are you seeing any price erosion or whatsoever on the products?

Yes, hi, Catharine.

We look at it very, very carefully.

And I would say that sporadically, we can find situations where some of the privates are aggressive on pricing, but we continue to have very high win rates and have not seen price erosion.

All right.

One last question.

Any difference in the average deal size?

Seems like it might be up, but that's just a perception way out here in Minnesota.

I'm wondering if you could put more context around that.

I would say the absolute ASP is probably the same on a trajectory of growth because more customers are taking more solutions.

When we take into account the fact that the EPM, Endpoint Privilege Management, can also be sold stand-alone in some situations, sometimes it can look like it's taking the average down.

But for us, it's a plus.

It means we have a new product that is seeding and expanding our footprint.

This concludes the question-and-answer session today.

I would like to turn the conference back over to Udi Mokady for closing remarks.

Great.

I want to thank our customers, employees and partners who are the cornerstone of our success.

We appreciate everyone dialing in this afternoon and look forward to talking to you during the quarter.

Thank you.

Ladies and gentlemen, thank you for your participation in today's conference.

This does conclude the program, and you may now disconnect.

Everyone, have a great day.