Qualys Inc (QLYS) 2020 Q2 法說會逐字稿

Ladies and gentlemen, thank you for standing by, and welcome to Qualys, Inc. Second Quarter 2020 Investor Call. (Operator Instructions)

Please be advised that today's conference may be recorded. (Operator Instructions)

I will now hand the conference over to your speaker today, Vin Rao.

Good afternoon, and welcome to Qualys Second Quarter 2020 Earnings Call. Joining me today, to discuss the results are Philippe Courtot, our Chairman and CEO; and Joo Mi Kim, our CFO.

Before we get started, I would like to remind you that the remarks today will include forward-looking statements that generally relate to future events or our future financial or operating performance. Actual results may differ materially from these statements. Factors that could cause results to differ materially are set forth in today's press release and in our filings with SEC, including our latest Form 10-Q and 10-K.

Any forward-looking statements that we make on this call are based on assumptions as of today, and we undertake no obligation to update these statements as a result of new information or future events.

During this call, we will present both GAAP and non-GAAP financial measures. A reconciliation of GAAP to non-GAAP measures is included in today's earnings press release.

As a reminder, the press release, prepared remarks, investor presentation and supplemental historical financial spreadsheet are available on our website.

With that, I'd like to turn the call over to Philippe.

Thank you, Vinayak, and welcome, everyone, to our Q2 earnings call. We hope that you and your families are healthy and safe. Our priority remains the health and well-being of our employees, while continuing to address and support the changing security needs of our customers.

Since mid-March, we have seen at Qualys a seamless transition to a remote workforce environment and have continued to effectively deliver on all aspects of our business, including product development, operations and support services.

The unprecedented environment with the ongoing COVID-19 pandemic has created uncertainties for individual and organizations across the globe. As companies are experiencing a never-before-seen explosion of remote endpoints connecting to critical assets of their organization, security of these endpoints is paramount. IT team are responding to the challenge of ensuring that employees are able to work productively and securely from remote location, and it is becoming eminently clear that traditional enterprise security solutions deployed inside organizations' networks are ineffective for protecting these remote endpoints.

We believe that Qualys is one of the few companies well positioned in the security market evolution due to our priority on investing in the extensibility and capabilities of our platform and our cloud-based architecture. Upon the onset of COVID-19, we addressed the needs of our existing customers by promptly releasing a remote endpoint protection service that will help them quickly address the challenge of securing these proliferating endpoints. This service, which we are providing at no cost for 60 days, leverages the Qualys Cloud Agent and is cloud-based architecture to deliver instant and continuous visibility of remote computers as well as their installed applications, obtain a real-time view of all critical vulnerabilities and misconfiguration and remotely deploy missing patches for critical vulnerabilities.

These patches are delivered securely and directly from vendor website and content delivery network, ensuring there is little to no impact on external VPN bandwidth.

In Q2, we added malware detection capabilities to the solution, and customers that were already using the service could extend their free 60-day license for an additional 30 days. Malware detection uses file reputation and threat pacification to detect known malicious files on endpoint, servers and cloud workload.

In addition, this service is now available to U.S. federal agencies with a no-cost 60-day pilot. We currently have over 650 companies, including nearly 300 customer prospects actively using this free offering.

This Remote Endpoint Protection service is based on the multifunction Qualys Cloud Agent, which instantly provide visibility to remote endpoints, detects vulnerabilities, manages their security hygiene proactively and patches them quickly at no cost.

Our Cloud Agent is the technology platform for 7 of our security, compliance and IT solutions: Vulnerability Management, Policy Compliance, File Integrity Monitoring, Indication of Compromise, Patch Management, Asset Inventory and the upcoming Certificate Management, and with more to come.

In Q2, we continued to see strong growth in our paid Cloud Agent subscription, with almost 43 million now, representing 81% growth from the prior year quarter. We have continued to make strong progress on our goal of achieving ubiquity for our Cloud Agent. After organizations download our Cloud Agent once, it's frictionless for them to subscribe to our paid applications because no additional infrastructure is required to expand the solution with additional products.

Furthermore, this multiproduct adoption naturally increases the stickiness of our platform and helps make us impenetrable to our competitors. We do not offer the same -- our competitors, who do not offer the same breadth of solution or ease of adoption. This is demonstrated by the fact that the gross dollar retention rate of enterprise customers who have adopted 5 solutions on more stands at 99%.

Our cloud -- our Qualys Cloud Platform, combined with the capabilities of the powerful lightweight Cloud Agent, Virtual Scanners and Network Analysis, passive scanning, allowed us to create an effective and seamless management solution that incorporates the 4 key elements of discovery, assessment, prioritization and patch management into a single application called VMDR, Vulnerability Management, Detection and Response, which went into general availability in April. This solution has been a huge success with our customers and is also driving further penetration of our Cloud Agents. VMDR takes vulnerability management to the next level by providing the power to continuously detect vulnerabilities and misconfiguration across the entire global hybrid IT environment and responding in real time to remediate assets that are vulnerable or already compromised, from a single platform with building orchestration.

Currently, 600 customers have adopted VMDR, which includes approximately 200 new customers. In fact, 8 out of our roughly 43 million paid Cloud Agent subscriptions have come from VMDR, of which 5.8 million were new agent subscription. VMDR has not only helped proliferate Cloud Agent, but also sets the foundation for further upsell of our paid -- of our other paid applications.

We continue to see good adoption of our free Global Asset -- IT Asset Inventory, with almost 14,000 companies signed up and over 1,350 companies actively using the service.

In terms of our other new solutions, we have continued to see strong customer adoption of our Patch Management solution, both in the mid-market segment as well as with large customers. In Q2, a large IT service firm selected our Patch Management application over several competitive solution, given its ability to easily and effectively patch remote endpoints without using limited bandwidth available on VPN gateways.

This quarter, we also saw a robust growth, again, for our Container Security application, with a major enterprise video communication provider that has already deployed VMDR across its infrastructure, adopting the solutions. In addition, our File Integrity Monitoring, FIM, application continues to see solid momentum with a large Asian airline, having selected our FIM solution over a competing point solution in order to effortlessly leverage the Qualys Cloud Agents they had already deployed for Vulnerability Management.

Now diving deeper, we are also early to recognize -- we were also early to recognize the importance of capturing all of the necessary telemetry via our sensors and the Internet, while building the back-end with scale and computing capabilities needed to handle such a large volume of data. Today, we handle more than 9 petabytes of data, indexing more than 7 trillion data points on our ElasticSearch clusters, moving 14 billion messages a day on our Kafka bus, storing 400 million object in our Ceph clusters and pumping 1 million writes per second in our Cassandra log analysis engine.

As a result, our highly scalable cloud-based platform enables us to address all 4 new market segments, Large Enterprise, Cloud Providers, Next generation of Managed Security Service Providers and OT and IoT environment, providing a single-pane-of-glass view across on-premise assets, endpoints, cloud and mobile environment.

Last month, we introduced our Multi-Vector EDR solution that goes well beyond the endpoint and not only allows for the reduction of false positives, but also makes it easier to automate the response and greatly reduce the response times and costs. As an app built natively on the Qualys Cloud Platform, our Multi-Vector EDR, leverages power, scale and accuracy to provide unprecedented visibility and telemetry by collecting security data from endpoints, adding context and correlating billions of global events with threat intelligence, analytics and machine learning.

To strengthen our entrance into the EDR market, we acquired the software asset of Spell Security, a very innovative security startup in India, and all Security employees have joined now Qualys in Pune. The team has unique expertise in threat hunting and malware research as well as deep understanding of the multi-vector attacks. They also have threat hunting products that will be fully integrated into the Qualys platform.

Traditional EDR solutions singularly focus on hunting and investigating endpoints' malicious activities and cyberattacks. Qualys' multi-vector approach provides critical context and full visibility into the entire attack chain by providing a faster, more automated and comprehensive response to protect against those attacks.

We are delighted with the strong adoption of VMDR by both our customers and managed security service providers, and now by the interest in multi-vector -- by the interest, multi-vector EDR is generating with them.

Moving from VMDR to multi-vector EDR is almost instantaneous as it only requires an update of our cloud agent, which is automatically done by our platform once the application is enabled.

We're also pleased to announce that Infosys Managed Security Services has now adopted both VMDR and Multi-Vector EDR, and here's a quote from Vishal Salvi, CISO and Head of Infosys Cyber Practice: "We are pleased to partner with Qualys to deliver VMDR and Multi-Vector EDR solutions via our globally distributed network of Infosys Cyber Defense Center. The highly scalable Qualys Cloud Platform with its lightweight agent and centers and its forthcoming incidence response capabilities provides us with the intelligent analytics we need to effectively protect our clients and allows us to consolidate our security stack."

At Black Hat, we also discussed our upcoming Data Lake/SIEM solution that we expect to have in early beta at the end of 2020. This is an important new milestone and new opportunity for our company as current incidence response solutions have become quite complex and costly, requiring organization to use multiple vendors to collect the data needed and bring it into their SIEM with fully contextual information. Qualys' unique advantage is that we can leverage our robust scalable backend and its array of sensors, which collect enrich, normalize and correlate trillions of data points across on-premise, endpoint, cloud, mobile and soon OT and IoT environment.

On the hiring front, we are pleased to welcome back Joo Mi Kim as Chief Financial Officer of Qualys. Her extensive finance, strategic planning and investor expertise will be instrumental as we continue to expand the Qualys Cloud Platform and grow the company. We're also delighted that Ben Carr has joined Qualys as Chief Information Security Officer. Ben is a proven information and risk executive and thought leader with more than 25 years of experience in executing long-term security strategy. At Qualys, he is responsible for providing cybersecurity guidance and security strategies to Qualys customers, leading the CIO/CISO Interchange and securing our IT infrastructure. Finally, we are also honored to welcome Johnson Zangardi to our Board of Directors. John has extensive experience in digital transformation and has successfully transformed the infrastructure of both the DHS and the DOD as well as modernized the cybersecurity operation. We are grateful to gain his valuable insight and guidance as we continue to expand our Cloud Platform to deliver innovative security and compliance offering.

In summary because of the very nature of our business model, which is nearly 100% recurring and the fact that our solutions have become mission critical, we have a greater visibility than many other security companies in our industry, even in such difficult time, not to mention our highly profitable and cash-generating business model. Our product and platform achievements lay the foundation for our continued progress to enable customers to consolidate their security, IT and compliance stack, while drastically reducing their spend. And importantly, it is core to the highly profitable recurring and growing revenue model we have built.

With that, I'll turn the call over to Joo Mi to discuss our financial results and guidance for the third quarter and full fiscal year 2020. Thank you.

Thanks, Philippe, and good afternoon. Before I start, I'd like to note that except for revenue, all financial figures are non-GAAP and growth rates are based on comparisons to the prior year period unless stated otherwise. We're delighted with our increasing Cloud Agent subscriptions and multiproduct penetration as well as the strong adoption of VMDR, which lays the foundation for future revenue growth and industry-leading profitability. Our Q2 financial and operational highlights include:

Revenues for the second quarter of 2020 grew 13% to $88.8 million. Please note our Q2 2020 calculated current billings was negatively impacted by the timing and amount of prepaid multiyear subscriptions as well as requests for shorter-duration invoicing, which we expect to continue to next quarter given the current market conditions.

Our average deal size increased 7%.

And platform adoption continued to increase as a percentage of enterprise customers with 3 or more Qualys solutions rose to 54% from 44%. And the percentage of enterprise customers with 4 or more Qualys solutions increased to 38% from 24%.

Paid Cloud Agent subscriptions increased to 43 million over the last 12 months, up from 38 million for the 12 months ended in Q1 2020.

And 19% of VM customers, up for renewal in the quarter, renewed into a VMDR subscription, up from 4% in Q1.

Our scalable platform model continues to drive superior margins and generate significant cash flow. Adjusted EBITDA for the second quarter of 2020 was $42.8 million, representing a 48% margin versus 42%. Q2 EPS grew 34%, and our free cash flow for the second quarter of 2020 was $24.9 million, representing a 28% margin and down 20%, primarily due to recent changes in billing and payment terms for selected customers, given the current macroeconomic environment. Year-to-date, our free cash flow margin is 40% and is up 6%.

In Q2, we continue to invest the cash we generated from operations back into Qualys, including $4.3 million on capital expenditures for operations, including principal payments under capital lease obligations and $25.3 million to repurchase 242,500 of our outstanding shares.

We remain confident in our business model, driven by our foundation of nearly 100% recurring revenues and expanding suite of applications. We are delighted to be raising our full year 2020 guidance for both revenues and earnings. We are raising the bottom and top end of our revenue guidance for the full year, to now to be in the range of $359 million to $360.5 million from the prior range of $354 million to $359 million.

We are raising our full year non-GAAP EPS guidance to now be in the range of $2.60 to $2.65 from the prior range of $2.46 to $2.51. We expect to maintain industry-leading margins in 2020 and continue to produce strong cash flow. And our Q3 guidance for revenue is $91.6 million to $92.2 million. And for non-GAAP EPS is $0.65 to $0.67.

For the third quarter, we expect capital expenditures to be in the range of $8 million to $9 million, which includes approximately $2 million for the build-out of our Pune headquarter. Because of COVID-19-related delays, the timing of spend on our Pune headquarter has been pushed out a few months, and we now expect that $2 million of our original planned spend will occur in the second half of the year.

As Philippe mentioned, we are very excited by the robust early adoption of VMDR and the launch of our Multi-Vector EDR application. We feel very well positioned during this period of uncertainty, due to the value provided by our Cloud Platform and our 20 apps as well as our underlying highly scalable and profitable operational model.

With that, Philippe and I are happy to answer any other questions.

(Operator Instructions) And our first question is from Erik Suppiger with JMP Securities.

Can you talk a little bit about linearity? How did the pandemic play out through the quarter?

Yes. I'll take that question. So linearity, we didn't see any material highlights to note under linearity. It was similar to last quarter.

Okay. And then on the VMDR, can you talk a little bit about how much adoption you've seen with -- of using the Patch Management component of that?

Yes. So we have a big demand…

I think -- Go ahead Philippe.

Yes. No, we have a big demand for Patch Management. So there's no question that this is an application that is really coming up, and VMDR makes it much easier because, obviously, the last mile is you patch and it's at your fingertips. So yes, it's very significant. And we see about what is interesting is both on the big market but as well as with large enterprise. In fact, I mentioned on the -- on the call that we had a large enterprise which really adopted not only VMDR, but they also adopted a big deployment of Patch Management.

And who are you displacing? Or who do you see on that patching front? Is that BigFix?

It's interesting is that it's not so much of the displacement is the fact it become -- it starts more like adding, for example, it's much easier, of course, to -- with our solution to patch the endpoint. So we -- in fact, we believe, in some cases, they could continue using, for example, a CTM for other solutions. But on the endpoint, it's much easier to do it with Qualys. So -- and other patch management solution, but essentially it's adding to what they're doing, and we see more and more appetite to essentially move to a solution like Qualys, which integrates the entire -- from discovering your assets to identifying the vulnerabilities on those assets, to prioritize the remediation and then remediate.

And also, by the way, the integration with some customers, they don't take the full Patch Management solution, but they take all the information that we provide them with the superceding patches and so forth, so they can continue pushing that into their own Patch Management solution.

Our next question comes from Shebly Seyrafi with FBN Securities.

I want to drill down on the current billings. It looks like it grew by 13% year-to-year, down from 15% the prior 2 quarters. And I saw what you said in the script. So what would current billings growth have been versus 13% reported had duration not changed or declined?

Yes. So we have a healthy business. It's a little difficult to perfectly normalize growth rates to account for the multiple different impacts because, for example, one of the reasons why quarterly billings may be impacted is because the renewals are not done at the anniversary of the initial deal. There could also be changes in billing terms that we've highlighted in terms of the shorter-duration billing as well as the amount of prepaid subscriptions that have a negative impact basically in the first year upon renewal, you see that fluctuation. What we like to point to is year-to-date calculated current billings is up 10% from last year. And in terms of -- this actually supports why the trajectory of our annual revenue guidance is the best proxy for business momentum with our current bookings [confirming] our guidance. And if you take a look at our annual revenue guidance, we did raise it basically -- from the prior high end is our current low end, and our bookings actually came in better than expected this quarter, especially from new.

Yes. I want to correct myself. Current billings was up 7%, like you said, 10% for the first half. But I'm trying to see -- because you expect these moving parts to linger, looks like, for the next few quarters. And I just want to know when you think things may normalize such that your current billings growth can go back to the historical, something like 15% or so? Do you think it's 2 quarters long or 4 quarters long?

I think it's a little too early for us to tell given the uncertainty of the environment. Basically, we're -- at this time, we're leveraging our strong financial position to accommodate customers when they're asking for shorter-duration invoices as well as delayed billing, which is another factor that we should take into account in addition to the renewals not being done at the time of, like, renewal.

Okay. Last one from me is Spell Security, do you have estimated incremental revenue and expenses for that company?

Yes. So for Spell Security, it's a small tuck-in acquisition, similar to what we've done before. We don't see a material impact to our top line or expenses from that acquisition.

Our next question comes from Alex Henderson with Needham.

I was looking at the revenue associated with the customers that have bought the highest number of units, and it actually shows the revenue declining from $270 million to $257 million, even as you're adding more revenue per customer. And I was wondering if you were including in those statistics, any of the free solutions that you're offering. How -- why is it -- why is the average revenue declining on your top customers?

Yes. Average revenue on the top customers, it could fluctuate depending on the category that as customers move into different categories. And another factor that we should consider is we're relooking all their metrics to make sure that they're all still relevant to customers. Think that one of the metrics that we've highlighted before is a multi-product adoption. With the launch of VMDR, VMDR is really counting, as we're counting it as 4 products. And so what we said before is, generally, we expect it to be revenue-neutral impact because, for example, for VM-only customers, we do expect them to see some uplift as they renew into VMDR, while some other customers who used to subscribe to like several of our Qualys' products, they may be spending a little bit less.

So are you including in that any of the free solutions? Or is that not included in the number of solutions?

No. It only includes only paid solutions, and it's incremental solution that starts (inaudible).

Great. So the second question would be you've, obviously, got a lot of free stuff out in the market today. You've talked about Patch Management, the free Asset Inventory, a number of programs. If you were to tally all of those free customer subscriptions up, what type of nut are we talking about? How big a chunk of business would that be? And to what extent -- I'm assuming that, that predominantly starts to roll off the free into some of the paid -- a paid version of it, what type of conversion rate do you expect? And I think that's mostly in the fourth quarter, is it not since most of that runs through September?

Right. So one thing that I'd like to highlight is because we're -- as a subscription business, our model is to really allow customers to buy at their own pace. Customers do trials and then often expand at the time of renewal for existing. And then for new, we do realize that with our -- several of the products that we've launched, it's great that we're seeing adoption and some traction in terms of the active usage, both with respect to the endpoint remote protection as well as the asset discovery and inventory. And we are tracking it, but at the same time, we don't -- it's not that we expect everyone to convert to paid. We wouldn't be surprised if some people continue to use their free service, which is fine because we don't offer a free service as a half-baked offering. And we really don't push products to customers. We kind of see, like, based on the customers' need, we do expect some to convert. I do think that's a little bit early given that a lot of the products are fairly new.

So don't -- is there a cliff on any of those products that would then force them to take a decision?

Yes. So let me add. On the endpoint protection, 60-day free trial we do have a cliff and in fact, we estimate we can see that there is a very, very happy customers. In fact, some have even deployed very largely. So we expect to see some of these customers convert to the paid subscription when the program will end up, as you mentioned, that would be at the end of September, essentially. Then we have other services, which have been very successful like the Global Asset Inventory, which is the free Global Asset Inventory that we are using more for lead generation and that are now today fully integrated with VMDR.

So of course, the Global Asset Inventory comes with VMDR. So that's for that. So as you can see, we skin that cat in different way. One way of looking at these services and the other is looking at them as lead generation, creating -- of course, exposing the power of our platform to customers. And then, of course, we have a team to essentially add them, to onboard them, and then, of course, to try to upsell them as well. So yes, so this is part of our marketing strategy. It's a very cost-effective marketing strategy because, of course, for us, the different -- we can deliver software at the 4 corners of the universe, I would say, thanks to our cloud-based platform, very cost effectively.

Our next question comes from Yun Kim with Rosenblatt Securities.

Actually congrats on a pretty solid quarter, and welcome Joo Mi. Philippe, one metric that really stands out in the quarter is the acceleration in the adoption of the multiple products, growth in the percentage of the customers with 2-plus, 3-plus, 4-plus, 5-plus, all accelerated from prior trends, not just 4-plus products.

Can you specifically point out anything particular that drove that acceleration in the quarter? And what are you expecting in terms of the -- that trend going forward?

So the trend will continue. What you will see with some of this -- it's a combination of few things. With some of these products is the maturity that we are reaching with these products. We see that very clearly with File Integrity Monitoring. We are also seeing, of course, Patch Management, has been also a very good take. We are waiting to get the UNIX and the iOS patch capabilities, which are coming in a couple of months, if I recall correctly, but it's imminently that will boost further the adoption. And so -- and of course, now what we see more and more is the interest in the platform itself, where you got all the solution fully integrated. So VMDR has been a huge -- is a really huge success, and it helps us not only is naturally -- have our customers have no reason to look for other solutions today, but it also help us in penetrating and displacing current competitors.

So VMDR was a big success, and we anticipate with Multi-Vector EDR, which is, of course, brand new will go GA at the end of the month, early September at the latest that we have already significant interest with Multi-Vector EDR.

And by the way, remember one thing is that for all of our customers, which have the agent already installed, moving to EDR or multi-vector EDR is a no-brainer. They can immediately try and try and buy essentially. So that gives us a huge advantage with all these agents that we have now deployed.

Okay. Great. And obviously, now with the initial success with VMDR and obviously, a lot of high-profile product launches ahead, I think your -- it's pretty clear that you have a platform strategy that is beyond your core VM footprint. Can you update us on any major go-to-market initiatives you may have planned to support all the product launches? And where you are in terms of product positioning today? And then in that regard, any plans to increase sales and marketing to support these? Perhaps any new sales and marketing initiative to perhaps accelerate adoption in the marketplace and really more focus on maybe the initial land deals and whatnot?

Yes. No, this is a very good question. So in fact, our strategy since day one was to really build that multi-platform. It has been a huge, huge undertaking and which we have been able to do because of the significant engineering team that we've now in Pune, India, we're close to 900 people. That was not a walk in the park, very -- it was very complex. We had to inject a lot of the newer technologies like ElasticSearch, et cetera. So that's where our focus has been. At the same time, not only beefing up the computing power of the platform was to also acquire telemetry. The problem today that you see with security is that in order for you to have context, you need to bring data for multiple different applications and you have not very much idea of how good that data is. And that's a problem that the SIEM today have. So not only its costly, it's complex, but then to correlate, to analyze, to enrich that data is not also that easy. So that has been our overall strategy.

So today, finally, our platform and clearly, VMDR showed that we could now solely integrate all the solution, multi-vector EDR is as well our ability now to go well beyond what the current EDR solution offer because we have significantly more telemetry. And now, of course, our next big thing is essentially to -- essentially move into the SIEM space, which, as I mentioned earlier, are planning to go better in -- at the end of the year. One of the linchpin of all of that is unique, and I said and I repeat that unique ability that Qualys has to automatically create the Global Asset Inventory across on-premise and on cloud containers, et cetera, automatically. That nobody -- you cannot secure what you don't know. End of the story. And I think that ability allows us to essentially really provide, if you prefer that context. And of course, how do we get that is because the combination of our agent, which brings information and our passive scanning on the network analysis, bringing all that data into one single platform.

So now that we are starting to have, if you prefer, solutions that carry significantly more dollars or when you look at the EDR marketplace, for example, EDR marketplace, is not so much the cost per endpoint, but it's the fact that you have many of them. And then when you look at the SIEM, it's a significantly bigger standpoint. So yes, to answer your question, we are going as we deliver additional services, obviously, expand our marketing and sales capabilities to bring these solutions to market. And we have already a large customer base, which is a huge advantage, of course, because we can bring very cost effectively those solutions to our customers. And the third element of our go-to-market is we believe that now today, we have platform that essentially becomes very attractive for the Managed Security Service providers because today, they don't have the means anymore to take this -- to build this kind of platform, which is what they've been doing in the past. They absolutely need to move beyond the monitoring to do the response, which is now what Qualys provides. And so I think we have already a large -- the large number of Managed Security Service providers, which are using Qualys. They are all moving into VMDR, and you saw the announcement that I made about Infosys, which is now also adopting as well the EDR solution.

So we see that as another channel, if you prefer to bring these solutions to market as well as them being able to consume our Incident Response System because, obviously, this is the core of Managed Security Service providers. You need to monitor and then you need to respond. So I think we're extremely well positioned from an architecture standpoint, well ahead of anything which is out there. And of course, now, of course, we need to bring all that to market.

Great. But one question I do have on that is, do you plan to maybe accelerate the sales headcount addition for your (inaudible)?

The big advantage we have is that it's in proportion because now we're going to be able to do bigger deals. Of course, you get more -- you can spend more as a result. It's not going to change really our profitability. We're not going to throw a lot of salespeople. Again, our model is try and buy, very effective. Again, I mentioned our managed security channels, we see that as a very big channel. So to bring all these new solutions to market. And so that doesn't mean we certainly need to put a lot of salespeople in the field. But yes, we are building -- expanding our sales force everywhere.

Our next question comes from Hamza Fodderwala with Morgan Stanley.

Philippe, I'm wondering if you could comment a little bit more on the competitive landscape and vulnerability management and the sales cycles for Q2. Because clearly, I think as far as your solutions are concerned, as far as providing more visibility and efficiency in a more distributor work environment, the prioritization of that is clearly increasing, but we're not fully seeing that reflected in results quite yet. So I'm wondering if you could comment a little bit about those 2 aspects, sort of the sales cycles as well as the competitive environment.

So the sales cycle has not changed essentially. If you look on the enterprise market is much more a displacement market, while on the mid-market and the small enterprise, it's a much more rapid market. But the sales cycle has not fundamentally changed. What has changed today is with the entrance of VMDR, we have totally differentiated our solutions vis-à-vis our competitors. And today, with the forthcoming entrants, if we look today, our 2 main competitors now are left, I should say, are Tenable and Rapid7. So Tenable, as essentially they are VM property, they don't have the platform that Qualys. Rapid7 acquired a company, as I'm sure you know, which essentially gave them a kind of a SIEM platform.

And of course, today, Qualys were entering that SIEM market. And we don't see them very much in the Vulnerability Management. We don't compete that much more on the VM side. They are more essentially moving, and their growth is coming from that low-end SIEM market that they have authorized. So working up with, of course, what we call the next-generation of SIEM, which goes well beyond the mid-market, well goes really after the very large installations as well. So our SIEM scale will scale significantly more. So we see ourselves extremely well differentiated against these traditional competitors now. And of course, the question becomes who can build out there the platform that Qualys has built? And how long are they there? And how long it will take them?

And if we look around, we are really well ahead of anybody because we have been working on that for a very long time. This didn't happen overnight. And we really focused on that. And today, we are very happy, again, with the VMDR introduction, which demonstrated the power of what we've done. Now with multi-vector EDR and very soon is going to be with our Incidence response solution, which is entering alpha now. And that we plan to go beta -- early beta at the end of the year.

Got it. That's helpful. And then just one quick follow-up for Joo Mi. Any way you could quantify perhaps the impact of shift towards lower duration than some of the renewal timing that impacted current billings?

Yes. We're tracking that internally. I mean, in terms of the shorter duration and voice life cycle, we've experienced a couple million impact to it. With that said, one of the reasons of why we're not actively managed in the quarterly billing is because, as you know, we have the industry-leading margins, with our operating cash flow margin at 33%. And so that's why we wanted to make sure that we take this opportunity to leverage that to help out our customers where it makes sense. We do expect to get paid at the end of the day, and this is part of the reasons why we've highlighted that. We've actually had a great quarter with the bookings came in higher than what we expected. And so billings is just not tracking or is not indicative of the billings -- bookings performance this quarter. And then going forward, we expect it to be similar because we don't really see a reason for us to not accommodate when we feel that the customers actually need it.

Our next question comes from Brian Essex with Goldman Sachs.

Philippe, I was just wondering if you could maybe give us a sense of conversations that you're having with customers. Particularly after what we've seen high demand for endpoint, identity, firewall spend. Are you seeing any derivative spend now that these more disparate networks may need to focus on security posture, now that they've addressed those kind of initial concerns in a more distributed environment?

I'm not so sure. Could you repeat the question? I'm not so sure I understand the question.

Just trying to get a sense of the conversations that you're having with customers from a budgeting and spending perspective, particularly after we've seen high demand for the obvious kind of work-from-home solutions, like endpoint identity firewall. Are you getting a derivative of that spend now that those issues may have been addressed?

Yes. No. Okay, makes sense. So I think today, what happens is that the -- obviously, the COVID, as highlighted for a lot of companies, the fact that their enterprise security solutions. They just -- they are not built for that world where essentially everything is connected with everything across the Internet. And so of course, enterprise security solutions were not designed for that. So as -- so that became very visible. And the first visibility is how do you patch a system, which is outside of your network, very -- with a lot of difficulties, then you have to buy more VPNs or this or that. So that has really, if you prefer, essentially given the wake-up call. That it's about time that people rethink their security infrastructure. And they're layering on all this enterprise security solution not only is very costly. So the move to the cloud is really definitively is happening in our industry. There's no question. It used to be that our industry was very resisting the cloud because for security reasons and so forth. But now today, of course, we can see that the minds are changing.

And with our customers, the discussion is stack consolidation. And so that's the #1 priority they have. They cannot continue to have that many applications that they have to manage. They don't even find the people to do that. So they're all looking for solution like Qualys, which consolidate essentially as many solutions as possible. And that's -- this was our vision. We knew we would get there that it took much longer than we thought. And to build the platform that we built it was far more complex than we thought. But I think we kept on going, if I miss it so. And I think that serves us -- serves very well. We also see that our multi -- that are agents, the fact that our agent, one single agent, it gives us our one platform, one single agent, one global view is what people are looking for. And we see today a lot of interest in our multi vector -- in the multi vector EDR. This is a marketplace, which, of course, is growing very fast today because of the needs you just described, but it's also a market that needs also some -- a lot of consolidation as well. So I think we're very well positioned here.

Got it. That's super helpful. And I just want to follow-up with maybe one for Joo Mi. I think someone touched on a question earlier about, particularly for enterprise customers with over 4 solutions that LTM revenue per customer coming down slightly. But it looks like if you look at all the categories you're coming down. So I guess I'm just wondering what are the other categories. How are those affected? And what are the drivers of that? Maybe it's a customer growth issue or a mix issue, but just wanted to get a sense of the declines in the other categories as well?

Yes. So in terms of some of the other categories, some of it's attributed to the fact that we've rolled out a lot of smaller solutions. Now with the newer solutions that are coming out that we're expecting to be pretty similar to the VM. We are expecting their ARPU to go up over time. So for example, we've talked about patch management, tenant IOC that will have a similar deal size, whereas some of the smaller solutions that we've launched like an example, like continuous monitoring is not as price is high.

Got it. But I mean, if I look at this, can I infer that -- I mean, it looks like it implies that just overall revenue per customer has gone down. Is that not the case, is it just a mix issue or...

Well, overall, the average deal size, we mentioned in the prepared remarks that it is up 7% year-over-year.

Our next question comes from Gur Talpaz with Stifel.

Philippe, you noted that you added Malware Detection this quarter alongside the launch of EDR. I want to understand more broadly what your confidence threshold here is in competing in more traditional endpoint markets. And then I think beyond that, what are you seeing in terms of customer interest thus far?

Oh, no, there is a very big interest. Now the Malware Detection that we added with our 60-day free endpoint protection is detection, not a response because we didn't have yet the capabilities of response in our agent build into our agent, and that's what is coming up with multi-vector EDR, which give you the full solutions. And the differentiation between our solutions -- our solution and other solutions is that all endpoint solution today, essentially they have only information about the endpoint. Now, of course, because we have -- all that telemetry we can look beyond the endpoint. And that is very important. So today, I think we have a solution that technically speaking, a significantly more advantages, eliminating post positive, allowing you to do threat managing much more easily because you've got access to all that information, you don't have to go fishing, as I used to call it. And so I think we have a very good solution.

Now the big advantage we have here is that we have already a large, large usage of our cloud agent. And for us to upgrade to -- for our customers to really look at the solution, it's very easy because it's instant update of the agent to give them that response capability that I just discussed about. And that's essentially all what's needed and is pretty straightforward. And now you can try our multi-vector EDR. And we call it multi-vector EDR because the attacks today are precisely multi-vector. So it's not only just the endpoint. You need to know to what that device connects to because the device could be attacked from another part of the network. And that's why you need that full view just on the view of the endpoint.

That's helpful. And Joo Mi, maybe one for you, just kind of building on the last question. How should we think about products like EDR and SIEM serving as a lift, if you want, the ASP or average deal size?

Yes. This is something that we're very optimistic about. We believe that with the launch of VMDR followed by EDR and Data Lake and SIEM coming out after when -- with our customers, having already had cloud agents and so that the endpoints. We really think that this will drive our ARPU higher, increase the dollar retention greed, and overall, drive acceleration in revenue.

Our next question is from Matt Hedberg with RBC Capital Markets.

Philippe, and maybe I missed it, but -- or could you comment on sort of some of the geographic trends is been domestically here? And then overseas in terms of when economies start to reopen?

I think today, we see -- yes, I think the U.S., as you know, is trying to [reopen] the core markets. We have not seen impact much difference fundamentally between all the markets, and we see very, very good adoptions in Europe and in Asia-Pac as well. So we have not seen really an economical impact. And the reason is very simple. You still -- I take the example of Qualys. We have nobody working in our offices, obviously. However, this is our network that we need to continuously maintain because that's a network that connects us together. So that network is essentially like the nervous system. So that's why the security market -- and you need to secure this network. So that's why, as a whole, we have not seen significant reduction in the demand. What we see conversely is a lot of companies essentially asking for price concession, payments, et cetera. That's what we see. We see, of course, some companies which are going to are getting bankrupt or will go bankrupt. That's, of course, the dynamic.

Now for us, instead of speaking in terms of reduction, we try to essentially now change the debate and saying, by the way, what about consolidating, you're spending so much amount of dollars maintaining these type of solutions. Why don't you take a solution like Qualys and look where everything is integrated. And of course, overall, your total cost of balance sheet is drastically reduced because you don't need that many people to do that. You don't need worry about the integration between these different solutions. It's all done for you, and you don't have to worry about the infrastructure cost. Because, of course, this is a cloud-based solution. So I think we're extremely well positioned.

Got it. And then I know you've historically taken a very active role in sales, effectively running sales for several years. But I believe you've promoted Laurie to EVP Worldwide Field Ops last year. As far as I can tell, I don't think she's with the company anymore. I'm wondering if you could comment on that and just sort of like the overall sales initiative.

Well, as you know, so we have, of course, replaced Laurie. And if I did this point, as you know, we have very, very long-term employees at Qualys, but not everybody stays forever, obviously. And so I think, now we're very well positioned here. We have, in fact, promoted somebody from within to take a role and he was doing very well. And so I think, again, as I mentioned earlier, we are looking at expanding our sales force today. So I think we're well positioned again there.

And our next question is from Sterling Auty with JPMorgan.

I think you mentioned a couple of times on the call that bookings in the quarter were stronger than expected. Early in the call, in the Q&A, you mentioned linearity was the same as it was last quarter. If that's the case, then I guess I wonder why wasn't revenue in the quarter actually stronger than the reported number.

Revenue -- when we guided to the revenue, it was $88 million to $88.6 million. And we actually reported a revenue of $88.8 million, and so it did come in higher than what we had expected. Is that what you meant, Sterling?

Yes. But I guess I would call that more in line with the top end of the range? Or maybe were the bookings may be just slightly above what you expected in the quarter?

Yes. And coupled with the fact that sometimes when we do bookings, it really depends on -- some of our bookings actually are based on a consumption model as well, as you know. Like given our established partnerships, do have consumption-based scan on behalf bookings that do come in that could be factored into it. But overall, yes, we were expecting our revenue to be somewhere in the midpoint of a revenue guidance range. And actually we ended up coming in a little bit higher at $88.8 million.

Got it. And then one follow-up on the VMDR and EDR. Can you remind us, I think you have some different pricing models, especially with VMDR, how is the uptake under that pricing model? And what should we think about the revenue contribution looking like for this year?

So the pricing model is different. As you know, we are now on an asset-based model, which makes it very simple -- much simpler for our customers to procure than going through the old system that we had, which was à la carte and then also IP-based. So I'm not so sure that I understand exactly your question in terms of the impact from what?

On revenue for the year. So given a new product, so not knowing how much contribution you expect for total revenue for this year? Is it meaningful? Is it de minimis? Is it a slow ramp or fast ramp those types of things?

No, no, VMDR is moving very well. I mean, we have a huge adoption of VMDR as we have mentioned in the numbers. And no, this is -- everybody is working to VMDR. And what we mentioned, again, in some cases, either because for those customers, which have adopted already multiple solutions, VMDR end up a little bit cheaper. And then for those who have not essentially deployed new solution. Of course, it becomes a little bit more expensive. And all in all, I mean, it's a very healthy business. And what it does -- of course, we anticipate most of our customer base migrating to VMDR relatively quickly. And we see that adoption accelerating. And what it does it populate the agent, it makes us absolutely much more sticky. Because, of course, now you have all of these solutions totally integrated. So we think this is a huge success. I mean VMDR is a huge -- absolutely a huge success.

And I'm not showing any further questions in the queue. I would like to turn the call back to Philippe Courtot for his final remarks.

Okay. So thank you. Thank you all, and again, this -- as you know, we are very excited to see our new solution. Coming to VMDR has been fantastic, as I mentioned earlier, solution. We are now bringing multi-vector EDR. As you can see, we're now moving into detection and response on behalf of VMDR, EDR, with more to come. And of course, we're looking forward to launching our new incidence response solutions. So with that, we'd like to thank you for your time. And again, thank you very much.

And with that, ladies and gentlemen, we thank you for participating in today's program. You may now disconnect. Have a wonderful day.