Cyberark Software Ltd (CYBR) 2018 Q1 法說會逐字稿

Good day, ladies and gentlemen, and welcome to the Q1 2018 CyberArk Software Earnings Conference Call.

(Operator Instructions) As a reminder, this conference may be recorded.

I would now like to turn the conference over to our host of today's call, Ms. Erica Smith.

You may begin.

Thank you, operator.

Good afternoon.

Thank you for joining us today to review CyberArk's first quarter 2018 financial results.

With me on the call today are Udi Mokady, Chairman and Chief Executive Officer; and Josh Siegel, Chief Financial Officer.

After preliminary remarks, we will open the call up to a question and answer session.

Before we begin, let me remind you that certain statements made on the call today may be considered forward-looking statements, which reflect management's best judgment based on currently available information.

Specifically, our expectations and beliefs regarding our projected results of operations for the second quarter and the full year 2018.

Our actual results might differ materially from those projected in these forward-looking statements.

Please see the risk factors contained in the company's annual report on Form 20-F filed with the U.S. Securities and Exchange Commission and those referenced in today's press release.

CyberArk disclaims any obligation or undertaking to release publicly any updates or revisions to any forward-looking statements made today.

Additionally, non-GAAP financial measures will be discussed on this conference call.

A reconciliation to the most directly comparable GAAP financial measures is also available in our earnings press release, which can be found on www.cyberark in the Investor Relations section.

And please note, the webcast of today's call will be available on our website in the Investor Relations Section.

With that, I'd like to turn the call over to Udi Mokady.

Udi?

Thanks, Erica, and good afternoon everyone.

Thank you for joining the call today.

CyberArk kicked off 2018 with a great quarter and we are very happy with our results.

We exceeded our guidance, growing revenue by 22% to $72 million, generating $13 million in operating income representing an operating margin of 18%, and $33 million in cash flow.

We are off to a strong start, which puts us in a great position for the remainder of the year.

Before we dive into the details from the quarter, I wanted to recap discussions I had with customers and prospects at the RSA Conference a couple of weeks ago.

We are facing similar challenges.

Hackers are innovating at light speed and organizations require protection against major attack sectors, such as the exploitation of cryptocurrency, the evolution of ransomware, and the tax on critical infrastructure.

The regulatory environment is becoming more rigorous, particularly with the GDPR compliance deadline looking.

Automated processes inherent in cloud and dev ops are not only driving improved efficiency and productivity but are also creating privileged accounts and secrets faster than at any time in history.

This is exponentially expanding the attack surface.

However, our global advanced threat landscape report indicated that 50% of organizations have no privileged access security strategy for the cloud, leaving them vulnerable to attack.

Almost every discussion at RSA emphasized the need for measurable security solutions across cloud, hybrid, and on-premise.

More collaboration among vendors and empowerment.

In this new world, chief security officers are demanding that security enable business operations.

These customer trends certainly contributed to our results in the first quarter.

The dev ops revolution is in full swing and security is an enabler for digital transformation.

Organizations are leveraging faster co-development as a key competitive advantage.

They recognize securing credentials and machine identities is a critical component of the long-term success of these strategies initiatives.

During the first quarter, we were pleased to see that 8 of our top 10 deals included application identity manager or Conjur and that more than 10% of our business came from this product family.

As a reminder, application identity manager is securing production applications, primarily running on-premise, while Conjur is protecting high-velocity applications and the dev-ops pipeline.

In one of our largest new business deals during the quarter, a Global 500 transportation company chose CyberArk to secure its hybrid environment across AWS, Azure, and private cloud infrastructure, as well as its dev ops pipeline.

The customer will deploy Conjur, application identity manager, core privileged account security, and endpoint privilege manner in the cloud.

The cloud and dev ops methodology are empowering this organization to drive more productivity and agility into its business.

This global company is also an example of a Greenfield customer.

During the first quarter, we continued to see the vast majority of our engagements are Greenfield opportunities, even in large global organizations.

We were thrilled to see the government vertical gaining momentum around the globe, with major deals across geographies contributing to our success in the first quarter.

We won a state government in the Americas for core privileged account security and endpoint privilege manager.

We signed our largest ever government customer in APJ to protect both human and machine identities for a healthcare system in the region.

And we won our largest U.K. government customer who will secure privileged credentials across the entire agency.

In each of these 7-figure deals, the customer recognized that unsecure, unmanaged privilege accounts are a top security and business risk.

One of our key initiatives for 2018 is to maximize the effectiveness of our global sales and marketing engine across both new and existing customers.

We were pleased with the strong new business momentum and we ended the first quarter with more than 3,800 customers.

In the midmarket, we continue to see traction with law firms, universities, and hospitals among other organizations.

In early April, we rolled out our first multitenant offering for managed security service providers, which can be licensed based on conception pricing.

Our partners can now further extend privileged access security to organizations of all sizes, including deeper into the midmarket.

Add on business was also robust in Q1.

Existing customers continue to take a strategic approach to privileged access security, rolling out multiphase CyberArk programs.

We are on pace for a third of our customers to expand their CyberArk deployments again this year.

Examples of expanded relationships during this quarter, the first quarter, include 7-figure deals with a top 20 pharmaceutical company, a top 5 manufacturing company, and 2 of the world's top 15 banks.

As we discussed in detail in our Investor Day in March, we conducted an in-depth analysis of our customer base across parameters like geography, vertical market, and customer size.

Our analysis of customer spend indicates that we have penetrated only about 20% of our customer's potential, representing tremendous runway for growth just within our base.

Geographically, all of our regions performed well.

The Americans and APJ delivered record quarters for revenue, which we were very pleased to see in the first quarter of the year.

With the organizational changes we made in EMEA, the region grew 29% in the first quarter.

Rich Turner joined CyberArk in Q1 and he is working closely with the entire team on delivering consistent performance in 2018.

They are off to a great start.

Another important component of our go to market strategy is extending our reach through our global ecosystem of channel and technology partners.

During the quarter, our global channel business represented more than 60% of the business.

In addition, advisory firms like PwC and Deloitte continue to invest and build out their CyberArk practices as they recognize that securing privileged accounts is critical to a comprehensive security strategy.

We saw a nearly 60% increase in business influenced by the advisory firms in the first quarter of 2018 compared to last year.

Our C3 Alliance continues to be a key differentiator with prospects and customers who are looking to simplify the implementation of their best of breed security strategies.

With the C3 marketplace, we expect our partner program to continue to drive business for CyberArk, and just as importantly, improve the security fabric across our customer's environments.

The marketplace dramatically simplifies and extends the value of privileged access security to our more than 80 Alliance partners.

We are seeing strong traction from customers across identity business automation, cloud orchestration, and vulnerability management, among other segments.

During the quarter, examples of C3 integration that influenced deals include Opta, SailPoint, Ping, ServiceNow, Rapid7, Tenable, AWS, Chef, Puppet, and Ansible.

Building an enduring cybersecurity leader requires multiple dimensions, including establishing and nurturing relationships with customers and partners, as well as ongoing commitment to innovation.

The major enhancements to our solution that we delivered in the fourth quarter contributed to our strong results in Q1.

The new functionality focused on simplification, automation, and risk reduction across cloud on-premise and dev ops pipelines.

The response from our customers and prospects has been overwhelmingly positive.

In addition, because of the investments we made in cloud automation last year, an increasing number of customers are deploying CyberArk in the cloud, including key wins in the first quarter by 2 leading SaaS application vendors and a global media company.

As we look at the evolution of the threat landscape, our innovation ensures our customer's IT environments are better protected.

The rate of cryptocurrency attacks is staggering and only increasing, making protecting through graphic keys top of mind for many customers.

Today, we are not only securing their IT infrastructure, we're helping customers secure and manage the access keys themselves for cryptocurrency.

We are very excited about the acquisition of Vaultive in March.

Customers were asking for CyberArk to secure access and implement proactive security controls for administrators of SaaS applications and infrastructure as a service, as well as privileged business users, which are frequent targets for cyber-attacks.

We will leverage this technology, which can be delivered as a mobile or native experience to seamlessly extend our solution to these highly privileged users.

Vaultive's cloud native technology platform was purpose-built for mission-critical applications that require the highest of availability, performance, and control.

Early customer response to the acquisition has been extremely positive.

We are thrilled to have the team join CyberArk as their in-depth cloud experience and state of the art technology furthers our leadership in securing cloud infrastructure and applications.

It was a great quarter and we are off to a strong start for 2018.

Our results reflect the momentum in the market, our investments in innovation, and the healthy demand for privileged access security across all geographies.

Our execution in the first quarter, robust pipeline, and industry leadership positioned us well to execute our strategy for the remainder of the year.

With that, let me turn it over to Josh.

Josh?

Thanks, Udi.

Before we begin reviewing the quarter, I wanted to remind everyone that our first quarter results are in line with the new accounting standard 606 and we'll be using what is referred to as the modified retrospective approach to disclosure.

So we're pleased to exceed our outlook across all the guided metrics, in including revenue, operating income, and EPS.

Total revenue increased by 22% year-on-year to $71.8 million.

License revenue reached $38.5 million, increasing 17% over the first quarter last year and representing 54% of total revenue.

Our growth was driven by both add-on business as well as new customers who recognize the importance of privileged access security, with new customers representing more than 40% of licensed revenue in the first quarter.

Maintenance and professional services revenue was $33.3 million, increasing 28% over the prior year period and representing 46% of revenue.

Geographically, the Americas delivered another quarter of consistent results, increasing revenue by 18% year-on-year and reaching a record $44.1 million or 62% of total revenue.

EMEA had a strong quarter, increasing revenue 28% to $21.8 million or 30% of total revenue and APJ revenue grew 28% and also a record of $5.9 million for the region or 8% of total revenue.

The business was also well diversified across vertical.

Energy, pharmaceuticals, global government, retail, and transportation, and travel all grew faster than 50% during the quarter.

In fact, global government represented more than 15% of our overall business and that was driven by demand from national agencies in Europe and APJ, as well as state and local governments in the Americas.

As I move through the P&L, all financial results will be discussed on a non-GAAP basis.

Please see the full GAAP to non-GAAP reconciliation in the tables of our press release.

Our first quarter gross profit was $62.4 million or an 86.9% gross margin compared to 86.5% gross margin in the same period last year.

We continue to invest in the business to capitalize on our significant market opportunity and scale our operations.

R&D expense grew 45% year-on-year to $11.5 million as a result of a number of factors, including R&D headcount increasing by 27%, the weakening dollar, as the vast majority of our R&D employees are based in Israel, and the acquisition of Conjur, in May last year, and of Vaultive, in March of this year, both not in the Q1 comparables of last year.

Sales and marketing increased 24% to $32 million as expanded our sales organization across all geographies to support direct and indirect sales.

G&A increased 34% year-on-year to $6.3 million as we scaled the business to support our growth.

In total, operating expenses for the quarter increased 30% to $49.8 million compared with $38.3 million for the first quarter last year.

Operating income was ahead of our guidance at #12.6 million or an 18% operating margin.

This compared to operating income of $12.7 million or 22% operating margin in the year-ago period.

Our overall expense growth is primarily related to headcount.

We ended the first quarter with 1,053 employees around the world, up from 1,015 at year-end and compared with 867 at the end of the first quarter of 2017.

To scale the business, we moved into new global headquarters in Israel during the third quarter last year, as well as new offices in London and Singapore earlier this year in the first quarter.

These increased expenses are also not in the comparable period last year.

Net income was $11.8 million or $0.32 per diluted share for the first quarter of 2018 compared to $10.2 million or $0.28 per diluted share for the first quarter of 2017.

In the first quarter, we were pleased to generate $33.1 million in cash from operations or a 46% cash flow margin.

The strong cash flow is driven by our strong results in the fourth quarter as well as collections from our high maintenance renewal activity.

We ended the quarter with $344.2 million in cash and investments, and this is after the cash consideration paid for the acquisition of Vaultive during the first quarter.

This compares to $330.3 million at year-end.

Turning to our guidance, for the second quarter of 2018, we expect total revenue of $72 million to $73.5 million or 27% growth year-on-year at the midpoint.

We expect non-GAAP operating income to range between $10.2 million to $11.4 million and non-GAAP net income per diluted share of $0.23 to $0.25.

This assumes 36.9 million weighted average diluted shares at a tax rate of 21% for the second quarter.

Our second quarter guidance reflects the full run rate of the people we hired in the first quarter, increased expenses related to the acquisition of Vaultive, as well as the RSA Conference, which occurred in the second quarter of 2018 compared to the first quarter of 2017.

For the full year 2018, we are increasing our guidance for total revenue to be in the range of $315 million to $319 million or a growth of approximately 21% to the midpoint.

We are also increasing our guidance for non-GAAP operating income to be in the range of $57.5 million to $60.5 million and non-GAAP net income per diluted share of $1.31 to $1.37.

This assumes 36.8 million weighted average diluted shares.

Our guidance for the full year assumes an effective tax rate of approximately 21% for 2018 and that takes into account the lower tax rate in Israel as well as in the U.S. For the full year, our guidance assumes approximately $2.5 million in operating expenses related to the acquisition of Vaultive.

As you think about the remainder of 2018, we wanted to point out that we expect to have a seasonal step up in expenses related to marketing events and other programs from the second quarter to the third quarter, which will be similar to what we experienced last year in 2017.

We were pleased with our results in the first quarter.

Privileged access security remains a top priority for organizations and we are continuing to see strong demand for our solution.

We believe we are well positioned to capitalize on the tremendous opportunity in front of us and I will now turn the call over to the operator for Q&A.

(Operator Instructions) And our first question comes from Saket Kalia of Barclays.

Josh, could you talk a little bit about some of the new pricing schemes and how you change them for the core privileged account security kind of portfolio?

And maybe what impact that might have had on deal sizes in the quarter?

Sure.

So just to quickly review, as you know, we've already had a big increase of customers buying EPV and PSM together for new business deals as they take more and more a risk-based approach to privileged account security.

And so to simplify the pricing and strengthen our customer security posture, we've decided to [entire] a new pricing technique model, which has EPV, PSM, and PTM, and PTA for the new business deals.

And based on pricing per user.

And we call this now the core privileged account security product.

And that's being priced per user and our AM Conjur and our EPM continues to be priced on a per target system.

So when we kind of look at the first quarter, actually, much of the business in the first quarter was still really off of quotes and deal cycles that were coming from last year.

So there was still most of it coming off of the old price model with only a small sample with the new pricing model.

So it's still I think a bit early to tell the impact on deal sizes.

But what we are seeing is definitely a very positive reception by our customers for the simplicity that we've offered in the pricing model.

And some of the few deals that we did do in the first quarter, we're on the high end of our new customer range compared to what we've seen in the past.

That's really helpful.

Maybe for my follow-up for perhaps both you, Josh, and Udi.

Udi, I think you mentioned a large customer that deployed, frankly, it sounded like the whole portfolio including core PAS in the cloud.

I guess I just wanted to make sure we understood how that worked.

Are they purchasing a cloud subscription for core PAS?

And maybe Josh, the related question for is how is that perhaps being reflected in the financials if differently at all?

No, actually it's very much based on our standard pricing and as a perpetual licensed model, we're just -- our customers able to deploy in cloud and for cloud.

And that's how they've decided to deploy it.

So it's very exciting customer really because it really shows the extent of how dev ops is important and how it's seen as part of really a deep privileged access security strategy.

So continuing to be mostly a perpetual license pricing, it hasn't really changed the -- hasn't changed in terms of our P&L model.

Our next question comes from Sterling Auty of JPMorgan.

This is actually Ugam Kamat on for Sterling.

I just wanted to expand more on Saket's first question.

Udi, you mentioned that you rolled out the multitenant for managed servicing for midmarket.

So how is this different from the pricing scheme that you just laid out to Saket?

And how does the economics change in terms of consider a midmarket customer who was using the traditional pricing now shifts to this consumption pricing model?

How does that affect, say, your revenue or billings number?

So I'll start.

So the MSSP, we just introduced that and we're working now on actually the first partnerships with the providers.

The pricing that we'll be offering is based on term-based license pricing for those MSSPs in year contracts.

Or they can also do as a pay as you go pricing in terms of per their consumption.

And so obviously, on the term based license, we'll be reflecting that in revenue in accordance with new 606, under 606 for our term-based licenses where the majority of it will be recognized up front with a contract.

And the same on the pay as you go as we see what the usage is.

But for that midmarket customer that works with MSSP partners, it really gives them the flexibility as they engage with the partner to pay as they go as well and have a subscription-based model.

Okay.

And as a follow-up, Josh, for you, seeing the movement in the Israeli shekel both the first quarter, how much of FX tailwinds are baked into your guidance for 2018 in terms of the EPS upside.

What is your expectations that you had when you had given the guidance back in February?

The guidance that we gave back in February and also the guidance that we're giving is pretty much reflecting the same exchange rate because we already have set our exchange rate for this year in a hedging program.

But that exchange rate is causing more R&D expenses this year compared to last year.

Because this year, it's - the shekel has been between the 3.40 and the 3.60 range, where last year it was quite a bit higher.

So the reflection in the guidance that I gave in February and now, the guidance that I'm giving now for the full year is reflecting pretty much the same exchange rate on the shekel.

Our next question comes from Melissa Franchi of Morgan Stanley.

This is Anjelo Austria in for Melissa.

I just wanted to ask on cash flow, do you mind elaborating on your comments.

You mentioned high maintenance (inaudible) activity.

Is this something we could expect going forward and what exactly would happen there?

Our cash flow is seasonal because -- and also as our maintenance renewals are seasonal.

It's tied into when we do more licenses is when the increased number of contracts starts.

So we obviously -- Q4 is one of our biggest quarter -- is our biggest quarter for licenses.

So, therefore, we started a lot of new contracts in Q4 last year, in the November/December time frame.

And so that's why Q1, certainly this Q1 had a seasonally nice uptick.

And it's not necessarily that our renewal rate is higher than it's been in the past.

We've experienced over a 90% renewal rate now for many years so it just continues to be very high.

I think going forward, again, it will track with our contracts.

The reason why we don't give quarterly on this is because it's actually -- we're not always certain when they renew in the quarter whether it will be for which length contract it will if it will be for one-year or for longer.

So we kind of stick to looking at our cash flow on an annual basis.

And so far, we're very much on track to be probably in the upper half of our range that we've guided to.

Our next comes from Rob Owens of KeyBanc Capital.

This is Mike Casado on for Rob Owens.

Udi, a month ago, AWS released a solution called Secrets Manager that I believe addresses embedded credentials in applications and services.

And I know it would seem the solution is more addressable to the lower end of the market, but I wanted to get your take on any implications, both competitively and on the broader industry demand trends.

Sure, absolutely.

AWS is a partner of ours and we've been investing a lot in integrations there, and we were also aware of this ahead of time.

We actually see it as validation that managing secrets is a critical risk and we've seen disparate secret stores across a variety of solutions.

But privileged account security is broader than that.

It shows up in these secrets and it can potentially show up in multi-cloud environments, hybrid environments, private cloud, of course, on-premise containers, orchestration tools.

So, therefore, there are these islands of secrets and credentials.

And as a security player, our role is to be the holistic solution for enterprises.

And so again, we don't see it as competitive today and we see this as an opportunity to be the player that provides the holistic solution.

The example I gave earlier of the global 500 transportation company is exactly that where they have enterprise type environments and expect a security solution.

Last quarter, you discussed GDPR shaping up as a tailwind.

How much would you attribute GDPR derived demand to the results in EMEA now that we're just 3 weeks away?

We're seeing or beginning to see a sense of urgency with capital being deployed on solutions and we did see activity specifically referencing GDPR during the first quarter.

But I wouldn't attribute the great success EMEA has had the last 3 quarters of strong performance.

I see it as an additional tailwind but the opportunity was there and we're seeing a better execution.

What we expect is that GDPR will continue into 2018 and beyond this coming May deadline, and that will have a tail that extends beyond 2018 and into 2019, especially with the mandatory breach disclosures.

Because when you start disclosing breaches, you discover that the infection may have happened in a very mundane way but the progression of the attack is privileged credentials and that you can't really secure an advertisement without privileged access security.

So we see ourselves as a pillar of any enterprise that wants to be secure and therefore compliant, but I would still label it as a tailwind.

Our next comes from Shaul Eyal of Oppenheimer.

Udi, I want to start with a high-end question.

I believe everyone participating at RSA this year left the conference with a feeling that identity and access management is really seeing its glory days, as we speak, and yet it has been around for the past 15 years, even more than that, maybe in different forms of shape.

What is it that has changed over the course of the past few quarters, maybe even year or 18 months that is pushing identity and access management into the limelight?

Thanks for the warm words on the quarter.

I think what we're seeing is it's become very clear for organizations that the layers designed to keep just the bad guys out and just creating and investing in perimeter security for so many years or just trying to curtail the next malware are important.

But the attacker makes it into the environment, a significant, determined attacker.

And it used to be perceived as, oh, this was a retailer that didn't have strong -- that didn't have good security but you've seen financial services in the past and you've seen governments.

So a focused attacker makes it in and therefore, chief security officers are taking a view with the working assumption that the sophisticated attacker will come in or will start from within, as in the cases of insider threat.

And when you look there, you look at, okay, once in, how do you progress an attack and what do you try to do?

You're trying to behave like an employee.

You're trying to behave like an insider.

And in our world, obviously, you're not going to get very far as a regular employee.

You want to be the strongest, and to have the strongest access that you have.

And that really popped privileged account security into priority and also our partners in the identity governments and in access.

Maybe on Vaultive, so you acquired it just a few weeks before completing the quarter.

Strategically speaking, if -- and I'm using an analogy here -- If by acquiring Conjur, you're addressing the dev op arena, what arena are you covering with Vaultive specifically as it relates to your cloud activities?

Seems to be another small tuck-in acquisition as you guys have done in the past in a very, very sound way.

Yes, it's a great question and I think you can feel my excitement about this acquisition because it really, just as you said, just like Conjur helps us really extend our application side of our business to the cloud and to modern infrastructure, Vaultive really comes into help securing the SaaS, Software as a Service, and infrastructure as a service side of our customers.

They're all feeling that a lot of the -- back to identity -- a lot of the most important things and workloads that are being managed by humans are done by SaaS administrators, by infrastructure as a service, the cloud console administrators, and privileged business users that are doing administrative tasks.

And so they look to us to give them a wider protection and extend our offering there.

The beauty here is that it's also important to make it very easy for the user and transparent and native.

To provide the security, but with the native cloud tools and Vaultive brings that to the table.

And we actually had [working demos] as a partner even before the acquisition and are now really working quickly to integrate them into our offer.

Our next question comes from Jonathan Ho of William Blair.

I wanted to start out with your commentary around the midmarket.

It sounds like you're making some inroads there.

I just wanted to get a sense of maybe how much this is contributing to the overall growth and has there been much of an impact from Version 10 in terms of targeting that market?

I think we continue to talk about the midmarket because it is part of the opportunity but the high end of the market is really where we see growth in the enterprise.

But with so much cross vertical.

So vertically diverse enterprises and governments is where we're seeing the growth.

And the midmarket is something we see more of the long-term opportunity and that's why we're -- we view to address that more and more with our channel partners and through the managed service providers.

Just going back to maybe the dev-ops question, how large of an opportunity do you see this and are you just seeing sort of broad interest across your customer base?

How should we think about the potential for dev-ops maybe relative to some of the other product suites that you're selling today?

I would put it this way, every single customer meeting, every prospect or existing customer is seeing this evolution happen because there's a very clear explanation.

Adopting dev ops helps their business promote their top line because the faster you can release applications, you're going to grow faster than your competitors.

So it's actually across every vertical we're finding that they're dipping their toes or there's an effort within the organization going into this.

And then security has 2 options.

They can kind of see this train go by where there are going to be de facto vulnerabilities built into their modern cloud infrastructure or they can actually provide the Sec into the dev ops and create secure dev ops.

And chief security officers are smart, and they're getting it, and we're seeing them wanting to touch both sides, provide a solution that keeps the company secure but do it in a way that doesn't disrupt the fast pace of development.

So I really believe it's across the board and on the enterprise side.

Our next question comes from Gur Talpaz with Stifel.

I wanted to ask about Vaultive and Conjur, but I wanted to ask about it from a different angle.

Udi, I want to understand, are you starting to see your efforts here in the cloud and in dev ops serving as a point of differentiation versus competition in bake-off?

Even for companies that may have not made the migration to the cloud yet or haven't really gone in that direction, but are looking to do so in the future?

Absolutely, yes.

I think the level we engage with our customers, and we put a lot of emphasis in that, and our customer is really, think partnership and think securing for the long-term.

And as we discussed a privileged access security program, even if they're not already in dev ops, they can see it coming.

And so even if they have to do, and many of them still do what we call the core privileged access security of securing credentials in their server environment, domain controls, and really all the important things to block an attacker have not yet jumped on the dev-ops bandwagon.

They want to know that the solution will take them there and can take them on the journey.

And the same thing goes for securing the SaaS and IS side of administration.

So absolutely, we're seeing it as helping cyber further breakaway.

We've always been the innovator in the space and further break away with our competitive differentiation.

And in this case, it's really an enabler of digital transformation.

So there's all the justification to the business to go there.

Then maybe a quick follow-up.

You talked about the push to multi-tenancy and consumption-based pricing for MSP.

How important do you think that architectural change is and that pricing change is as far as driving or reducing some of the friction points as far as go to market with the MSPs and SMBs?

The reason we invested in that is exactly.

Some of them are existing CyberArk partners that were either reselling or taking on one-off hosting engagements for their customers.

A lot of customers, especially as you go down market, want to offload the effort to the experts that can take it.

And in order for them to operate this with ease, they want a multitenant environment that they can operate in an efficient way.

And so there's a clear alignment there and we're helping the partner reduce their total cost of ownership of the solution.

Our next question comes from Howard Smith of First Analysis.

I wanted to dig into your work with your partners, specifically some of your integration partners and your training that they have.

Where are we in terms of them really being able to shoulder the bulk of the load without you in terms of implementation?

And then I have a follow-up.

Thanks, Howard.

I think we're making great progress.

This time, we didn't announce the -- we didn't put up the number of how many certified CyberArk engineers there are out there.

But of course, with every month that passes, there are more of them out there.

I think the greatest progress has been with the advisory firms really getting a lot of their staff trained and having the ability to take on a large part of the work.

But we also partner with smaller VARs and national VARs.

And the approach we take is if they don't have the full certified staff, we at least augment them with CyberArk consultants to lead the way.

So there's a partnering.

The most important side here is the customer and that's the most important thing from our perspective.

So we go with the partner and make sure that either they have the staff trained and ready, or we will augment them and put our experts in the field with the partner to ensure customer success.

Okay, I assume the more that people are trained and the more visibility you have with successful implementations with those partners, the easier it is for them to recommend you, et cetera.

But I'm curious if you're seeing either in regards to success from that or otherwise changes in the competitive set and the competitors as you approach particularly the greenfield opportunities.

And I would add also to the first comment that with Version 10, so not only do we have the more and more staff out there that can deploy CyberArk, we really simplified it and added a lot of automation into not just the user experience that's managing CyberArk on a day-to-day basis but also the installation implementation and the onboarding of privileged accounts after deployment.

So that combination is really helping us go after the greenfield and we absolutely have a lot of reference that come in from happy customers.

And as we mentioned that big increase in the influence from the advisory firms recommending cyber.

Our next question comes from Daniel Bartus of Bank of America.

I had 2 follow-ups related to the potential of Conjur mainly.

So first was wondering when you look at the deals you've done lately where customers go all in, in those cases, how big a piece of the revenue does Conjur represent?

How high can that get?

And then when you look at Conjur name, it was about 10% of revenue last year.

I was just wondering what's your view for it maybe 2018, 2019, just ballpark, how do you see that evolving as a piece?

I would say it is still a very strategic but still an early CyberArk offering.

So we have few customers that are in an all-in mode.

So the opportunity is there, but it's definitely a 7-figure type opportunity within an enterprise.

Just like we've talked about 7-figure and high 7-figure opportunity with our application identity management for more legacy type applications that are strategic for our customers.

The same thing applies to when they take their applications into cloud and dev ops.

But the enterprises really see the combination.

They want our application identity manager with Conjur.

They want the same solution for -- or a holistic solution for their legacy applications and Conjur.

So we're not going to separate that when we talk about that, but we're seeing that be of significant contribution to our revenue.

Our next question comes from Ken Talanian of Evercore.

I was wondering if you could give us a sense for where your EMEA pipeline stands today relative to last quarter.

Basically, we're seeing growth in the EMEA pipeline each quarter and it's bigger than it was last quarter, and certainly significantly bigger than it was a year ago Q1.

And here, maybe I'll emphasize that we were very pleased with the EMEA performance over the last 3 quarters.

And in the first quarter, I can really emphasize is the U.K. and Germany, which are really strategic markets for us, performed particularly well.

And of course, we're seeing that translate to pipeline also.

As a follow-up, thinking more broadly, could you give us a sense for the portion of quota bearing sales reps that are new to the firm versus last quarter?

I wouldn't be able to give that information right off the bat, but I will tell you that we did finish sales and marketing organization at just over 500 people out of the 1,053 March 31.

Our next question comes from Zack Turcotte of Dougherty.

Zack Turcotte on for Catharine Trebnick.

First, a clarification.

You mentioned some 7-figure deals, top pharmaceutical manufacturing company, as well as 2 of the top 15 banks.

These were all add-on deals?

Those were examples of add-on deals, yes.

And then the other one, just going back to the geographic split again, I see a really strong quarter for EMEA.

I know you mentioned some organizational changes impacting that.

I was wondering what impact your channel partners are having both in EMEA as well as your international expansion in general, and if there's anything, in particular, you would attribute the record quarter in APJ to.

As a trend, we're really seeing that we're trending in the right direction of more and more impact of the channels, both basically across all regions, and we track that closely.

And again, it was 60% of a bigger pie in the quarter.

So we're very pleased with that.

So it applies really across the board.

There's obviously more work and we're continuously investing in enabling the channel and all the product certification really helps.

On the APJ side, we also emphasized that some of the contributions were large government deals.

So I would say continued execution but getting that diversity that we saw in other region cross vertical also happen in APJ region.

Our next question comes from Alex Henderson of Needham and Company.

Dan Park on for Alex.

It seems like OpEx is likely to accelerate a bit as a result of the recent acquisition increased success-based investments.

At what point do you expect to sort of decelerate investments a bit and achieve some more operating leverage?

Dan, this is Josh.

I think that this year is still a year where we're investing for growth and we are, as we see the market opportunity ahead of us with the type of topline growth opportunities, we're really focused on positioning ourselves to get that growth.

So at this point, the guidance for the year, it indicates the leverage that we have.

In fact, we were able glad to be able to increase the guidance for the year and reflecting a 19% operating margin, which will already show some leverage in the model compared to the first quarter into the back half of the year.

So I think you'll see some of your answer there.

As a follow-up, what was the FX impact to your Q1 results and do you think this could even be a tailwind into the back half of the year given the recent strengthening of the Shekel related to the Dollar?

So we had an impact of about $400,000 more -- less income.

So it was a negative impact of about net income of $400,000 for the year -- I mean for the quarter.

And I think as we see the change in Shekel that will help us a little bit.

But as I said earlier in the call, we're focused on the rate that it's been over the last couple of quarters because we tried to plan this well in advance.

So the increased or the weakening of the Shekel that we've seen in the last week or so may have some small impact, but it won't be material.

Our next question comes from Gabriela Borges of Goldman Sachs.

I wanted to ask about application identity manager.

So a little bit of commentary earlier on 8 out of 10 deals, including AIM and Conjur.

So the question is how do you guys think about intersecting the cloud migration opportunity with some of the work you're doing with system integrators?

How has that progressed versus maybe a year ago in terms of CyberArk getting into the conversation around AIM?

I think especially those system integrators that have a digital transformation business initiative they're smart to do that are great partners for us with the entire offering, but definitely with AIM and Conjur, because this is the opportunity for customers to get it right before they start rolling applications in a fast-paced dev ops.

And we're seeing that.

Again, a lot of the business drivers are security but the advisory firms and system integrators have the opportunity also to make that as part of their advisory and services for cloud migration and digital transformation.

That makes sense.

The follow-up for Josh is on the incremental margin that you realized in 1Q off of the revenue upside.

So the question is if you're in a position where you're able to outperform in revenue in other quarters this year, how are you thinking about dropping that to the bottom line versus maybe reinvesting it?

I think we feel pretty good about beats on the top line with a good portion of it going to the bottom line like we saw in the first quarter.

And I think we've seen that typically in the past, in many quarters from our results.

I don't want to commit now but I would say that we would like to and we would plan for having some of the topline beat going to the operating income.

Our last question comes from Michael Kim of Imperial Capital.

Could you talk a little bit more about the add-on sales and if that's driven primarily by multiproduct adoption, what are they purchasing, or seat expansion.

Earlier in the call, you talked about roughly about 20% penetration.

So I'm curious for the more mature or older customer cohorts, where are you seeing that customer penetration reach?

The add-on business is very diverse.

The conversations we're having with customers is really to think strategically and to think programmatically.

And as we guide them, we help them just get a better security posture.

And sometimes it is more seats, as you called it, and more licenses of existing products around core privileged account security.

And many of them have come to us earlier years more compliance driven and have little pockets of CyberArk, but really didn't take a program that secures them.

And we're passionate about really helping them protect this attack vector.

And then in many, it combines with a cross into I would say the add-on EPM endpoint privileged manager to really secure privilege on the endpoint and AIM and Conjur.

Got it.

Just real quickly on EPM, are you seeing acceleration in standalone opportunities and subsequent to the standalone deals, are you seeing that circle back to the core privileged account security suites?

Yes, I think it's really a variety.

Because we discuss programs with customers, we don't necessarily accelerate the EPM as a standalone.

We have deals where it has been the case, but as part of the program, it could be an add-on business or it can be the place where the customer wants to start.

I would now like to turn the call back over to Udi Mokady for closing remarks.

Thank you.

Our success is based on our deep relationships with customers, partners, and the contribution by our great global team.

Thank you all for contributing to the very strong first quarter.

We appreciate everyone dialing in tonight and we'll speak with you during the quarter.

Thank you.

Ladies and gentlemen, this concludes today's conference.

Thank you for your participation and have a great day.