Qualys Inc (QLYS) 2013 Q3 法說會逐字稿

Good day, everyone, and welcome to the Qualys third-quarter 2013 investor conference call. This call is being recorded.

(Operator Instructions)

I would now like to turn the call over to Don McCauley, CFO of Qualys. Please go ahead, sir.

Thank you, and welcome to the Qualys third-quarter 2013 investor conference call. I'm Don McCauley, CFO, and I'm here with Phillippe Courtot, our Chairman and CEO.

Before we get started, we would like to remind you that during this call management expects to make forward-looking statements within the meaning of the federal securities laws. Forward-looking statements generally relate to future events or out future financial or operating performance. Forward-looking statements in this presentation include but are not limited to statements related to our business and financial performance and expectations for future periods, our expectations regarding capital expenditures including investments and our cloud infrastructure, our expectations regarding the introduction of new solutions and enhancements to existing solutions, and our expectations regarding customer adoption of these solutions. Our expectations and belief regarding these matters may not materialize, and actual results and future periods are subject to risks and uncertainties that could cause actual results to differ materially from those projected. These risks include those set forth in the press release that we issued earlier today, as well as those more fully described in our filings with the Securities and Exchange Commission including our quarterly report on Form 10-Q that we filed on August 7, 2013. The forward-looking statements in this presentation are based on information available to us as of today, and we disclaim any obligation to update any forward-looking statements except as required by law.

We also remind you that this call will include a discussion of GAAP and non-GAAP financial measures. The non-GAAP financial measures are not intended to be considered in isolation or as a substitute for results prepared in accordance with GAAP. A discussion of why we present non-GAAP financial measures and a reconciliation of the non-GAAP financial measures discussed in this call to the most correctly comparable GAAP financial measures are included in our earnings press release that is available on our website.

Now to begin the discussion, Philippe will provide an overview of the Company's performance for the third quarter of 2013. Then I will cover our financial results and factors that drove the quarter in more detail, as well as our outlook for the fourth quarter of 2013. Finally, we will open up the call for your questions. With that, I will now turn the call over to Philippe.

Thanks, Don, and welcome to all of you that are joining us today. The third quarter of 2013 was another solid quarter for Qualys, and we are pleased to discuss our results with you as we continue to make substantial progress in all aspects of our business. Don will go into the details of the quarter and let me give you the highlights.

Qualys generated revenues of $27.7 million in the third quarter 2013, which is above the top of the guidance range we provided to you last quarter and marked 19% growth over the third quarter of last year. Our GAAP and non-GAAP earnings per share were also both about the top of our guidance ranges. In the quarter, we added many new important accounts including American International Group -- AIG, Barnes & Noble, Clorox, The City of Glendale, California, Humana, McGraw-Hill, Montana State University, Suncor Energy, VMware, Volkswagen of America, University of Connecticut Health Center, and the University of Cincinnati. While our Vulnerability Management solution remains the largest component of our business, we continue to make meaningful progress in diversifying our revenue base. We derive 84% of year-to-date revenues from subscriptions to our VM solution compared to 87% for the same period last year. This continued diversification of our revenues is due to increased sales of our Web Application Scanning and Policy Compliance solutions, both of which continue to show strong growth.

As most of you already know, we broadened our reach into enterprises and government agencies with the introduction of the QualysGuard Private Cloud Platform on the VCE block, which we are successfully sold to large financial institutions, telecommunications companies, and government agencies including Infosys, Wells Fargo, and others. At our user conference in September, this last September, we hosted over 600 customers and partners in Las Vegas where we showcased major technology innovations to the QualysGuard cloud platform that are in the works and that should be released in beta over the next two quarters. First, we showcased our groundbreaking continuous monitoring solution for corporate perimeters. Existing customers can purchase these additional modules to enable the continuous monitoring of their internet facing devices and applications and to be alerted of any new rogue system, vulnerabilities, or misconfigurations that could lead to a cyber attack. We expect these modules to provide us with a significant advantage in the marketplace as we believe that this new service gives us an even more company competitive offering. Qualys is more uniquely positioned to deliver its due to our scalable cloud platform approach. We currently expect to release this new offering for beta testing later this quarter.

Second, we showcased another groundbreaking new cloud agent technology which can be seamlessly installed on an organization's mobile assets to collect security and compliance data from these devices and consolidate these results in QualysGuard to enable remediation or further security analysis. This unique technology is expected to allow our customers, especially those with a large mobile worker community, to keep the systems protected with the latest security updates and to further expand our compliance checks footprint as many of these checks require an agent to be resident on the device. We expect the agent technology to be available for beta testing on Windows XP SP3 or later versions, and MAC OS 10.6, or later versions in the first quarter of 2014, and we are working on the Linux compatibility matrix as well. We also showcased our new advanced Malware Protection Service being bid on our cloud platform and currently under development. It is expected to provide customers with protection against malware and extracted documents from inbound network traffic. We currently expect that the new service to be released for beta testing in the second quarter of 2014.

As most of you are already aware, Qualys is also significantly expanding its capabilities in securing web applications with the Web Application Firewall service now in beta for Amazon EC2, an on-premise deployment. This will allow organizations to mitigate vulnerabilities automatically before they are remediated. We expect this product to be released for general availability in the first quarter 2014. We are also working on delivering a Cloud Web Application Log Analysis and a Remediation/Exploit console that we currently expect will be available in beta in Q1 of next year. We are releasing a new version of Qualys BrowserCheck, the popular free service that helps people keep their browsers and plug-ins up-to-date to protect against harmful online content and malicious software. The latest version now includes expanded support for Macs and enable users to automatically run daily scans that detect the status of browsers, of browser plug-ins, system settings, security software, missing patches, and applications that could expose them to cyber threats. I encourage you to check the service for yourself on your PC or Mac at Qualys.com\browsercheck.

And Qualys recently received the highest rating possible, a strong positive, for the fifth time in Gartner's MarketScope for Vulnerability Assessment. The report rates the offering of 11 vendors using the evolution criteria of market responsiveness and track record, sales execution/pricing, offering strategy, product/service, overall viability, and customer experience. We also were recognized by SearchSecurity.com readers who gave QualysGuard Web Application Scanning, or WAS, the gold award for application security. As you can see, our investment in building a security and compliance cloud platform upon which we can deliver enhancements and new solutions are paying off and will play a critical in enabling Qualys to stay ahead of our competition.

And now for a review of our third-quarter financial performances and fourth-quarter guidance, I will now turn the call over to Don.

Thanks, Philippe. Qualys continues to deliver on our key financial and operating metrics, and we are pleased with our continued momentum in the business as reflected in our third-quarter 2013 results. As Philippe mentioned, revenues grew in the third quarter to $27.7 million which represented 19% growth over the same quarter last year. Four-quarter bookings were $113.3 million at September 30, 2013, compared to $98.7 million at September 30, 2012. This increase of $14.6 million represented a year over year growth of 15%.

You may recall that during 2012, there was an increase in our current deferred revenues related to a partner's conversion of a number of legacy subscriptions from monthly to annual billing. We reported on this to you in the last two quarters as well. If we were to subtract out this increase to normalize last year's four quarter bookings metric, then four quarter bookings a year ago would've only been $97.9 million and the indicated growth rate now would be 16%. There will be a similar normalization effect for the fourth quarter of 2013 of approximately 0.4% as well. Our deferred revenue balance has also showed good growth at September 30, 2013. Current deferred revenues are 19% greater than one year ago, and total deferred revenues are 21% ahead of the comparable figure last year.

GAAP gross profit increased to $21.3 million, compared to $18.7 million for the third quarter last year. GAAP gross margin was 77% for the third quarter of 2013, compared to 80% in the same quarter last year. Non-GAAP gross profit increased to $21.4 million, compared to $18.8 million in the same quarter last year. And non-GAAP gross margin was 77% also for the third quarter of 2013, compared to 80% in the same quarter last year.

For both of the gross profit measures, the year over year growth was 14%. As we've discussed previously, the decreases in gross margin percentages this year are due to increased appreciation resulting from higher levels of capital expenditures to support the growth of our infrastructure for new solutions and functionality that we're developing as well as the expansions of our data centers in the US and Europe. Adjusted EBITDA for the third quarter increased by 23% to $5.7 million, compared to $4.6 million for the third quarter of 2012. As a percentage of revenues, adjusted EBITDA remained constant at 20% in the third quarter of 2013, compared with the same quarter last year.

Moving on to earnings per share. For the third quarter, GAAP EPS was $0.04 per diluted share versus $0.06 per diluted share in the third quarter last year. Third-quarter non-GAAP EPS was $0.08 per diluted share, compared to $0.10 per diluted share in the third quarter last year. One thing to keep in mind is that last year's third quarter was our last as a private company and so the share counts were much lower then which is why the non-GAAP earnings per share this year is lower than last year's despite higher net income. Non-GAAP net income itself, not per share, was up 9% on a year over year basis.

Turning our focus to the balance sheet, we continue to have a strong cash position with $126 million in cash and investments and only $1 million of capital lease obligations. In the third quarter, spending on capital expenditures was $2.4 million compared to $2.1 million in the third quarter of 2012. And to repeat our previously stated intention, we plan to average approximately $3 million per quarter in capital expenditure spending for the balance of this year and next year as we enhance our cloud infrastructure to support more customers and add more solutions and functionality to our platform.

Now turning to the outlook for the fourth quarter of 2013. We expect revenues to be in the range of $28.5 million to $29 million. GAAP EPS for the fourth quarter this year is expected to be in the range of zero cents to $0.02 and non-GAAP EPS is expected to be in the range of $0.03 to $0.05. These fourth-quarter EPS estimates are based on approximately $36.7 million weighted average diluted shares outstanding. And our full-year 2013 guidance remains unchanged. We continue to expect full-year revenues to be in the range of $106 million to $108 million, GAAP EPS is expected to be in the range of $0.02 to $0.06 per diluted share and non-GAAP EPS is expected to be in the range of $0.16 to $0.20 per diluted share based on approximately $35.8 million weighted average diluted shares outstanding for the full year.

With that, Philippe and I would be happy to answer any of your questions. Operator?

(Operator Instructions)

Our first question comes from the line of Phil Winslow from Credit Suisse. Your line is open and you may proceed.

Hi, guys. This is Siti Panigrahi for Phil Winslow. Just wondering in terms of geography, could you give us some color about the demand environment, particularly in Europe, what you are seeing. And also if you could touch up a little bit on the competitive landscape, what are you seeing here, IBM the world versus startup private vendors as well? Thank you.

Let me answer the geography question and then I will segway and Philippe can touch on the competitive environment. We are seeing a strong activity really across our geographies, including improved performance in Europe compared to what we saw a year ago. I would say pretty much across the board we are seeing good performance around the world.

So on the competitive landscape, if we look essentially at our three key applications today which are VM, Web Application Scanning and Policy Compliance, we see ourselves continuing gaining market shares against enterprise security software solutions which are starting to really show, in fact, aging if I may say so. So this is where we are.

As far as the bigger player like IBM and HP, so they are very focused today on much more on the same side of the house with the acquisitions that they both did, one with Q1 Radar and the other one with our site, and we are not really seeing them at all as competitor on the marketplace.

What we see also on the competitive side is that we start to have a lot of these outsourcing companies whether they are Indian outsourcers, or companies like Accenture adopting the Qualys cloud platform as they are migrating their users from an enterprise software, if you prefer, a networking environment to a cloud-oriented architecture consolidation of data center virtualizations moving application to the cloud, so Qualys is clearly a solution which has an architecture that fits that new model. So that's what we see is becoming much more clear in the marketplace now than it was a year ago.

That's great. Thanks, guys.

Thank you. Our next question comes from the line of Robert Breza from RBC Capital Markets. Your line is open and you may proceed.

Hi. Thanks for taking my questions. Philippe, I was wondering if you would -- you talked about a lot of new products either going into beta release here late in Q4 with the continuous monitoring of the perimeter, you talked about the anti-malware, the firewall product. I'm wondering if you could talk to us about how much you see those new products may be contributing in 2015 and then, how much does that really expand your total addressable market. Thanks.

It's a little bit premature to give some numbers, but what I can say today is that one, we are very, very happy of the progress we are making with these solutions. I think we are coming up with very strong products, very groundbreaking in many cases, so we do expect them to contribute to our revenues in 2015.

It is a little bit too early to model whether that percentage of revenues would be but definitely we are very, very happy with the progress we are making. It was a huge success at our user conference, as I mentioned earlier. Very well received by our customer base.

Okay, and then maybe as a follow-up, Don, I would assume as you think about your 2014 numbers, you are probably not going to be building in a whole lot from these products. It is probably too early. Is that fair to say?

Our experience, Rob, is that it always takes a while. First of all, security tends to be a relatively longer sales cycle business, and it always takes awhile, but on the other hand the need in the marketplace is certainly out there. It remains to be seen.

For example, we are seeing a quicker uptake in Web Application Scanning than we saw for Policy Compliance, maybe partially due to the nature of what it is and the problem it solves versus the competitive offerings out there. It remains to be seen on a product-by-product basis.

Maybe just as a competitive product, how would you compare and think about the advanced malware products focused on internet terrific, comparing that and contrasting that to an on-premise offering like a FireEye.

So you know what, we have again, this is a question of architecture at the end of day, so while building a similar solution than FireEye has, except that FireEye is currently today an enterprise architecture, meaning that you've got to essentially install, manage, update that software.

The Qualys model we've being capable very uniquely to deliver, in fact, if you prefer, a cloud version that could be installed on premise because we essentially remotely manage and update all of that, the infrastructure that we need to put inside of the organization, therefore maintaining the big advantage that a cloud architecture offers you. And that's what we need to do with our Private Cloud Platform whereby we have totally individualized our entire data center that we have now pre-certified on the VCE block and that can ship with the VCE block.

It be installed in the company. In fact, we have three going on this quarter. And then, of course, totally remotely managed by Qualys in a very similar way that we manage all the other centers. So that's what’s very unique about Qualys. We’re not an enterprise software solution, we don't have an enterprise architecture, and therefore we've been able to deliver enterprise software capabilities while maintaining our pure cloud advantage.

Thank you.

Thank you. And our next question comes from the line of that Ben McFadden from Pacific Crest Securities. Your line is open and you may proceed.

Hey, guys. Thanks for taking my call. I'm calling in for Rob Owens. Just, I was wondering if you can give us an update of how your sales head count additions went during the quarter, and then also how you are thinking about that for Q4?

Yes, so sales headcount remained net constant in the quarter and we're -- which is around 112 or 115 and we are looking probably to add maybe another 15 by the end of year. We have a lot of fourth-quarter hiring activity going on. So we remain on the same annual plan, probably triangulating to get to 125, or maybe even a little beyond that by the end of the year.

Then also, I know that the federal government hasn't really been a large portion of your business, so I was just wondering if you could give us an update on how that business has been tracking, and whether it seems to be improving with the Private Cloud Platform?

So this is again so we have already quite a few very prestigious customers and very committed customers with the SEC, with the IRS, with the Office of the Controller of the Currency. They were early adopters of our model and we see significant interest now from government agencies as we very well know the climate conditions today with the government is not very favorable to a lot of expenses. But I think we are very well positioned, so we see fundamentally growth in that sector in next year.

Great. Thanks for taking my questions.

Thank you. Our next question comes from the line of Sterling Auty from JPMorgan. Your line is open and you may proceed.

A couple questions. Can you give us a sense -- so you give us the four quarter bookings metric, the 113 is up about 15%. It is a bit backwards looking, so it is showing some of the deceleration still. Can you characterize, at least qualitatively in the quarter, was bookings growth an acceleration off of what we saw in June equal to what we saw in June, or a bit behind what we saw in June?

Yes, I would say it was in the same general range, Sterling. One of the reasons I highlighted, which may be actually a better indicator is just looking at the current deferred revenue balance itself, which is not backwards looking. Because you are right, the four quarter bookings looks back four quarters, and then to get a comparative, you actually have to go back to quarters five through eight back, so it gets a little complex.

I mentioned with the current and total deferred revenue balances were sitting at, which I think was 19% and 21%, and revenue growth for the quarter was 19%. So those may be more generally indicative without all the complications of four quarter bookings.

Got you. And looking at the guidance for the next quarter, was there any timing as it comes to expenses? Obviously, the margins were better than expected this quarter, but it is your point looking to add 10 or 15 heads, was there just maybe a difference in headcount and timing on hiring, and that's why you had the big EPS this quarter, but next quarter, at least relative to what we are expecting, it's a little light?

Yes, we had a relatively slow net hiring quarter in Q3, and we have a very busy one in Q4, and not only sales, but in engineering, as well. So we have a lot of new folks coming aboard this quarter, and we've taken that into account in our guidance. But we also, by the way, have expended our Qualys user conferences now where we had one in Q3 in Las Vegas that Philippe mentioned. We have several of them in Europe this quarter, as well. So we continue to expand some of the marketing programs, as well. And, the fourth quarter and now has a lot of that activity, too.

Okay, and last question, there is in the press release and some of the prepared remarks the talk of the new products that are going into beta here the end of year, first part of next year. How should we think about the investment in R&D, not looking for a guidance for 2014, but just in terms of the trajectory of the spend in R&D to support the new product initiatives?

R&D, we've actually been seeing some leverage on that line the last couple of years. It peaked at 25% in 2011, and it went down to 22% at the end of 2012. And R&D on a year-to-date basis is sitting at 19.9%. One reason for that is, a year ago we began opening a center in India, which we had not previously done. So a lot of the increased headcount in R&D in last couple of quarters has actually been in India, as well.

Most companies would have done that a long time ago but we are only enjoying that operating advantage now. So the trend 25%, 22%, sitting at 20% year to date. So like most metrics, I would look for something around where we are and maybe a slight deceleration based on the trend now.

Okay. Thank you, guys.

Our next question comes from the line of Steve Ashley from Robert W Baird. Your line is open and you may proceed.

Great. Maybe I can start with a housekeeping question. Don you've historically actually given us the percentage of revenue that you have gotten from the Americas and international. Can you provide that for the third quarter, please?

We're sitting at -- it’s actually -- it goes in the 10-Q, which we're still putting the final ink on. I'm saying it’s sitting at 71% US.

Great. And then Philippe, I had a question about the new products you are offering. We've seen with Web Application Scanning that it actually is addressing a new market, and that there's, with respect to being able to scan web apps versus client/server apps, as we look at the new products that are queued up and coming out and being betaed here in the coming year, which of those are addressing similar new market opportunities?

In fact, in a way, the way to look at that is a very interesting question. So we look at the market base today web -- you have the web application securities. So our strategy has been here to try to essentially come, bring all the pieces you need to ensure the security of your web application. So we can catalogue them now, we can scan them for vulnerabilities, we can identify if they have malware on them with our Web Application Firewall, all that goes hand in hand.

We can now mitigate those vulnerabilities and we’re coming up with a web application log analysis, which will allow us to do essentially forensic to try to find out if this application has been already compromised by looking at the logs and correlating that with the vulnerabilities that we see.

And finally, we're coming up with a web remediation/exploit console for the remediation. So by mid-next year, or let's say we'll have all these applications totally integrated working together and we'll have completed our effort to bring, if you prefer security to web applications in a very cost effective way and at very high quality.

Then we look at these other part of the market where we can really extend our self very well. So when I look at our agent, this is a very powerful and totally groundbreaking extension of agent technologies that will increase our policy compliance applications is a kind of an end protection -- endpoint protection solutions are also expanding to the mobile. So that's a very natural, again, extension.

And finally with the other solution we're looking now at malware, which is, again, leveraging then our platform to add company cope with all these advanced malwares and APTs and all these targeted attack, which is the marketplace where FireEye has pioneered in many ways. So here we’re coming, but with that advantage of our cloud architecture again.

Great. That was really helpful. And then just lastly, Don, I don't know if you can comment, I know with your VCE Vblock you have three deployments, so it is not huge. But I'm just wondering how those deal sizes compare to what was the core historical SaaS medium deal sizes? Thanks.

Yes, remember that what this is, is an additional subscription for us providing the infrastructure on-site. And typically, it is a forerunner of really large accounts. We have about a dozen of these around the world, and they typically are in some of the larger accounts. It doesn't that mean they start at the largest accounts on the day we ship that thing, but over a period of two or three years, most of those will become our largest accounts.

The item itself is comparable. It's an annual subscription itself, and then on top of that customers buy subscriptions for vulnerability management policy compliance, et cetera, based on their size.

Great. Thank you.

Thank you. Our next question comes from the line of Eric Suppiger from JMP Securities. Your line is open and you may proceed.

Yes, good afternoon. On the Web App Scanning and the policy compliance, are they still sustaining growth rates north of 50%?

Yes. We've made -- that's pretty consistent for quite a while now. Yes.

Okay. I think you gave us the contribution from new versus vulnerability management products for the year to date. Can you tell us what it was for the quarter?

I don't have that in front of me. It has been moving three-quarters of a basis point per quarter over the last couple of years. So depending on rounding, this quarter it didn't move because of rounding. So -- but it is got to be within 1% of that, one way or the other.

Okay. If we look at the other emerging products after those two, what should we think of as the next new service, or what can we think of in terms of the biggest opportunity after that?

Again, as I mentioned earlier, this is a little bit hard to predict because of course, security as one component is that you need to have very high quality to really start to see growth picking up. The enemies of security are the false positives and the false negatives and Qualys is very good in fact at doing that. That's what's behind the success of our Vulnerability Management Application as well as the Web Application Scanning.

We scale and work very, very few false positives and false negatives. So we need to bring that quality to all of these applications. Now some applications we can bring that more quicker than others, and so that will also -- it's a factor in their adoption.

So it is a little bit hard but they are all big opportunities. The three of them I believe -- web applications securities very -- is growing. It represents today the growth of security consulting companies. This is where they get a lot of revenues is trying to cope with the problem of web application security, so that's a very big market. The malware is, obviously, another very big market, and I think our agent is absolutely groundbreaking. I think it's hard to predict the revenues, but these could be very big.

Okay. And then on the channel, one is the split still 40/60 and did you see any developments with any of your existing or new channel partners this quarter?

First of all, of the math is still about the same, still about 40% coming through channel and maybe Philippe can give color on what we are doing with --

Yes, what did we see today that I mentioned in fact earlier the comment that I made with we see today is now the outsourcers, we have now today essentially all the Indian outsourcers are not only Qualys customers, but they are now partners. What we see is that we fit very well with these outsourcing vendors which are helping migrate their existing customers to this cloud architecture, and Qualys is a very natural fit.

Of course, we lag behind, so before pulling security into the migration, you need to do the migration first so ideally we would like to have them doing that all at the same time. But the reality is that you start to do the migration of the data centers, et cetera, and then you bring security. That’s the way it goes. So we expect a huge demand, a pent up demand for that coming from all of these partners that we’re now as customers, as well as partners.

Okay, very good. Thank you very much.

Thank you. Our next question comes from the line of Craig Nankervis from First Analysis. Your line is open and you may proceed.

Thank you. I also have new product questions. I was wondering, Philippe, as you look to 2014, would your go-to-market strategy, or your execution, or your approach with the new products be any different than when you're introduced earlier generations of new products like Policy Compliance and Web Application Scanning? Have you learned anything about introducing new products? Or would you be doing anything different that might be worth noting?

That's a very, very good question. In fact, the answer to that is yes and as we speak, we are just looking at that go-to-market strategy. I will give you a flavor for that, for example. We believe our Continuous Monitoring of the Perimeter, which has essentially totally changed the vulnerability management metaphor.

With the traditional vulnerability management, what you do is that you identify all the vulnerabilities on your network and on your devices and on your web application and then you create reports. Then security looks at these reports and gives them to operation and said your operation, here we go now and you need to fix all that and you try to prioritize of course.

With our continuous monitoring application, we totally changed the metaphor. Now you will have security and operations sitting down together and deciding what they want to see and not to see on the network. So for example, no HTP server on my network allowed, these are the ports that should be opened and only these ports. And then Qualys, instead of giving you a report, would give you essentially an alert, and that alert you receive that on your phone, but you also integrate that with your SIM.

As you can see here, we have a double strategy of one, bringing more of that to our existing customers, which is a very natural upsell, but also we are going to embark into a major campaign to advertise to the world that now there's a much better way of doing vulnerability management of your perimeter, especially because of our cloud infrastructure, the customers have absolutely nothing to install and can just try. And so you are going to see a major try and buy campaign as we bring that application to production.

Okay. That's very interesting. Curious on the mobile solution that you referred to. Do you have any beta customers at this point for the mobile solution, and if you do is there any color you might share about them?

So we don't have beta customers. What we do have today, we have design partners, as everything we do we start with -- on the perimeter we started with Goldman Sachs and Visa, and so we always have design partners.

We today, where we are with the agent is that the agent is complete, the code, so we have all that architecture done. We are also at the backend. What we are now working on is getting the UI, the application, if you prefer, around that, and our goal today is to essentially be in beta, that UI will be completed, et cetera, and be in beta in the early part of next year.

Thanks for the help. I appreciate it.

Thank you. Our next question comes from the line of Michael Kim from Imperial Capital. Your line is open and you may proceed.

Good afternoon, guys. First on the vulnerability management side, are you seeing a shift towards continuous monitoring on the part of some of your existing customers and any metrics you can provide on scanning activity and pricing? Thanks.

So on the continuous monitoring, there's a lot of talk about that. The issue of continuous monitoring, I think on the perimeter we have absolutely a wonderful solution. On the enterprise and we're working, of course, of bringing that notion into the enterprise. It is a much more complex because you have the complexity of inside of the enterprise.

The first order of priority which Qualys is working out is the continuous monitoring of your assets because if you don't know your assets, what's the purpose of monitoring? So you have to identify and the assets in an enterprise are related and lack on the perimeter where they don’t change that much. In the enterprise, you have a lot of, lot of changes, so that's what we're working on. So that's to answer the technology part.

In terms of pricing and the -- there's nobody really who has a continuous monitoring solution for the perimeter. You have some principle, some talk about it, but this again, to do that inside of the enterprise is a huge undertaking and we don't see much pressure from customers yet, because they have to solve the problem of addressing the identifying all of your assets in your enterprise and then, of course, you need to categorize them, which is something that Qualys does today very well with our asset management.

And we're looking now at integrating that solution that we have with CMDBs and trouble ticketing system, and once we have that done and complete, then of course we will be capable of addressing that notion of continuously monitoring the assets, which is the cornerstone of any continuous security that you want to have.

Okay. Great. And then switching gears to the FNB Channel. Can you provide an update on QualysGuard Express Lite? How is that progressing and is that something that's primarily aimed at displacing some incumbent competitors like a Rapid7 and some of the channels?

So, it's going very well. In fact, we are absolutely delighted by the packaging that we did. So what it did essentially that we’re selling of the our current, what we call the express package, to the lower end of the market place. But of course that was too big of an application in many ways. So our Express Lite, which is very successful, as in fact now as we renew or replacing that these existing customers which are essentially companies which have less than 250 employees, buy Express Lite.

And we're also getting in new customers and the go-to-market strategy here is a little bit different with our Express product line, which address much more of the mid-market, when essentially the Express Lite addressed the much lower end. And it's in much more velocity, so here was planning to really put pressure on the Rapid7, the GA5,and all of these companies which were addressing that low end of the market place, and gaining a lot of deals, in fact against them.

Okay. Great. Thank you very much.

(Operator Instructions)

Our next question comes from the line of Sanjit Singh from Wedbush Securities. Your line is open and you may proceed.

A quick question on Verizon and Accenture, can you give us an update there in terms of the partnerships, and whether you are seeing any momentum with any of those two strategic partners?

You said on Verizon and on Accenture, correct?

Exactly. Thanks, Philippe.

These partnerships are doing very well. We are continuously expanding our relationship. There's quite a lot of deals in the making with them so we are very happy with that relationship. Accenture is also now a Qualys customer. They have deployed Qualys in their infrastructure, as well and to which went very well. So very solid partnerships, and we are expecting more from them.

Great. And regarding maybe on the timeline of beta using Web Applications Scanning as a guinea pig. I know that beta period for the allocation scanning was pretty extensive. Is there any type of lessons learned or scalability that could perhaps shorten the length of betas as we launch these new products in 2014?

In fact, what we learned is the opposite, is that in fact our Web Application Scanning, we brought it to market a bit too early. So, when the application was not mature yet enough, was missing a few technologies, et cetera. So we've learned our lesson, so we are more prudent in the sense of bringing a security application to market.

Conversely, once we know the application has reached the maturity, the lesson we have learned here is that then we could really leave the market and lesson behind and to face market to really advertise them and make the world aware. Because now we can leverage the huge advantage that we have is that everything that Qualys does is essentially try and buy.

It is pretty easy to try and therefore if you are happy you buy. So you realize with a model like that the lesson we learned, don't bring something too early because the try experience is not as good as it should be. So that's why we are prudent. We take a little bit more time, but on the other hand, we believe that the adoption will be faster.

Great. The final question is regarding Q4 budget flush dynamics. Have you historically experienced those type of year-end enterprise spending in your business or is that something that doesn't necessarily apply, and how that might relate to how you looked at coming with Q4 guidance? Yes, it didn't affect our Q4 guidance.

It is a bit of a hit and miss proposition. A couple of years ago, we had some noticeable stuff that felt like budget flush. Last year I didn't think there was any that came to my attention. So we just sit back and keep the doors open and the order book open and we will see what happens. But no, we did not take that into account in our guidance.

Thanks, Don.

At this time I am not showing any further questions. I would now like to turn the call back over to Philippe Courtot for any closing remarks.

Thank you all for joining us today. We are quite pleased with our strong performance and continued momentum in the marketplace. We believe that we are well-positioned to deliver best-of-class security and compliance solutions to our customers and partners as we continue to expand our cloud platform and solutions with additional innovative product, as I discussed earlier on.

Should you have any follow-up questions, Don and I are always available, and we look forward to speaking with you next quarter. Thank you very much.

Ladies and gentlemen, thank you for participating in today's conference. This does conclude the program and you may all disconnect. Everyone, have a great day.