Qualys Inc (QLYS) 2022 Q1 法說會逐字稿

Ladies and gentlemen, thank you for standing by, and welcome to the Qualys First Quarter 2022 Investors Conference Call. (Operator Instructions)

I would now like to turn the conference over to your speaker for today, Blair King, Investor Relations. You may begin.

Thank you, Towanda, and good afternoon, and welcome to Qualys' First Quarter 2022 Earnings Call. Joining me today to discuss our results are Sumedh Thakar, our President and CEO; and Joo Mi Kim, our CFO.

Before we get started, I'd like to remind you that our remarks today will include forward-looking statements that generally relate to future events or future financial and operating performance. Actual results may differ materially from these statements. Factors that could cause results to differ materially are set forth in today's press release and our filings with the SEC, including our latest Form 10-Q and 10-K. Any forward-looking statements that we make on this call are based on assumptions as of today, and we undertake no obligation to update these statements as a result of new information or future events.

During this call, we will present both GAAP and non-GAAP financial measures. A reconciliation of GAAP to non-GAAP measures is included in today's earnings press release. And finally, as a reminder, the press release, prepared remarks and investor presentation are all available on the Investor Relations section of our website.

So with that, I'd like now to turn the call over to Sumedh.

Thank you, Blair, and welcome, everyone, to our first quarter earnings call. Building on our momentum, we are very pleased to report a good start to the year, reflecting another quarter of continued revenue growth acceleration and strong cash flow generation. Beyond these headlines are several encouraging market trends and notable business highlights. Strong market dynamics and continued competitive differentiation are fueling our growth.

We believe the continued increase in the attack surface, coupled with growing concerns over cyberattacks like ransomware and cyberwarfare, just pushing organizations around the world to shed outdated, siloed security and compliance systems and move to integrated security platforms to reduce the risk and response time as they future proof their security architecture.

Qualys researchers recently conducted a study on the widespread Log4Shell vulnerability, which included analyzing millions of assets and trillions of data points indexed on our platform, highlighting the complexity of the current threat landscape. Not only did organizations have to immediately assess their asset inventory and get a real-time view of their own and third-party vulnerable software, but also have to move at lightning speed to patch and mitigate the issues in a matter of hours.

Our study showed that organizations took an average of 17 days to remediate this vulnerability leaving them vulnerable to attacks during that period. At the same time, they also had to monitor their assets for compromising attempts and respond without delay. Qualys Cloud platform's unified approach of bringing asset inventory, vulnerability detection, patch management and EDR together in a single agent was greatly appreciated by our customers in helping to reduce their exposure significantly compared to siloed toolset approach with multiple point solutions.

Additionally, as shown in the study encompassing more than 150 million scans globally, over 50% of vulnerable Log4Shell software was also end of life, again, highlighting the strategic visibility provided by Qualys' integrated cybersecurity asset management capability that allowed our customers to understand their technology that -- and its impact to their security for proactive risk reduction.

We believe we are uniquely positioned in this market with our ability to provide innovative, comprehensive and integrated products using a single-agent approach for speedier detection and response. Given the opportunities ahead, we continue to prioritize investing in our business, especially building our go-to-market team, where we expect to see double-digit growth this year despite the challenging hiring environment given the tight labor market.

In Q1, Cloud Agent subscriptions grew 26% year-over-year to $77 million purchased over the last 12 months. There was also a steady adoption of our Vulnerability Management, Detection and Response, or VMDR solution, which is now deployed about 40% of customers worldwide. These results continue to validate our security consolidation approach and the power of a single agent as customers transition to the VMDR. Our growth this quarter speaks to the commitment customers are making to the Qualys Cloud Platform.

The customer stories I will share with you today underscore our success with customers of all sizes in the respective journey to uniquely unite asset inventory for detection and prevention into a natively integrated cloud-based platforms that remediate vulnerability much faster than alternate solutions.

I'll start with an existing U.S.-based Fortune 200 customer who entered into a new agreement with us to expand their VMDR and Patch Management deployment while adding cybersecurity asset management capabilities spanning on-prem cloud and container environment. The ability to significantly enhance our security program with high-quality asset contacts, CMDB integration, alerting and accurate response capabilities on a single integrated platform stood out among several competing solutions in the market today.

The next example is of a new customer that's target its Cybersecurity Asset Management, VMDR, Patch Management and Multi-Vector EDR as part of a strategic initiative to transform its IT security architecture. This customer chose Qualys because we offer the only security and compliance type available in the market today. It utilizes a single agent to enable full asset visibility and context our mapping to prioritize vulnerability, proactively reduce technical that automate patching and continuously monitor endpoints to defend against future malware and ransomware events across multiple environments.

Finally, in another new logo win, a Fortune 1000 customer selected VMDR along with Patch Management. This customer consolidated 2 vendors to significantly reduce complexity and legacy IT costs while uniquely leveraging automation in its security and compliance operations. The speed of vulnerable detection and remediation capabilities leveraging a single agent and a unified dashboard were critical factors in its purchasing decision. This is also a good example of how we are benefiting from the investments we are making to onboard new channel partners to win new business opportunities.

We believe, these new wins and expansions illustrate that our native integrated cloud based platform and single-agent approach is increasingly resonating with customers, where do the appetite and consolidate their security stack, leveraging our technical leadership, we are also better partnering with our channel as part of our go-to-market initiative.

In fact, we recently launched new partner programs designed to further drive our new business lower wins worldwide.

As I've said before, our goal is to remove friction for customers to make product expansion simple and hassle-free. Our customer who may currently use only VMDR has the ability to try and adopt our other applications at click of a button. Executing well against this agenda, we recently introduced our next major upgrade to our Multi-Vector EDR solution. This natively integrated solution on the Qualys Cloud Platform further leverages our single-agent approach for enhanced threat hunting and risk mitigation capabilities. Unlike traditional EDR products focused on detecting productivity on the endpoint after the threat has already landed, Multi-Vector EDR 2.0 unifies multiple contact erectors, including asset criticality, vulnerability and system less considerations associated with threats as well as patching to reduce mean time to respond.

We are pleased to have completed the most recent MITRE ATT&CK evaluation for the first time shoulder to shoulder with existing media players and more specifically achieving impressive results. We believe that for existing customers already utilizing our VMDR solution, the other capabilities of Multi-Vector EDR 2.0 immediately reduce the volume of incidents extend prediction and prevention capabilities and further strengthen our customers' cyber resilience.

I'm also very pleased by the early adoption of this product from a handful of our customers since its introduction in early April and excited by the positive feedback we are receiving for this new update. Looking ahead, as a leader in security and compliance solutions, we continue to invest in Qualys Cloud Platform to further differentiate our automation detection and response capabilities.

More specifically, we will expand on our robust capabilities in cloud, container and ICS, IT environment to further strengthen our competitive differentiator as customers increasingly move applications to cloud and containerized environments.

In summary, we are delivering solid financial results and building strong business momentum in the market as company uniformly recognized security transformation is fundamental to combat in today's heightened threat environment. As a result, customers are increasingly looking to reduce service exposure through the adoption of native integrated security platform instead of relying on a collection of the third point solutions. We believe that with our organically integrated cloud-native platform built to solve model to the challenges, Qualys is uniquely positioned to capitalize on this long-term, sustainable trend and drive shareholder value.

With that, I'll turn the call over to Joo Mi to further discuss our first quarter outlook -- results in outlook for the second quarter and full year 2022.

Thanks, Sumedh, and good afternoon. Before I start, I'd like to note that except for revenue, all financial figures are non-GAAP, and growth rates are based on comparisons to the prior year period unless stated otherwise. We're pleased to report continued organic revenue growth acceleration and strong profitability as reflected in the following financial and operational highlights.

Revenues for the first quarter of 2022 grew 17% to $113.4 million, up from 12% growth in the year ago period. We saw continued success in our land-to-expand engine with a healthy cross and upsell performance, driving an increase in our year-over-year and sequential net dollar expansion rate, which was 110% in Q1, up from 108% last quarter and 103% a year ago.

Our LTM average deal size continues to increase for both new and existing customers, with total average increasing by 17% in Q1, CMS LTM growth in Q4, up from 5% LTM growth a year ago. With accelerating demand for security transformation solutions and our strengthening market position, our Q1 LTM calculated current billings grew 22%. We believe the investments we've made in platform innovation in our single-agent approach have enhanced our value proposition with customers to help drive bookings growth over the past several quarters.

This quarter was little different, and we're excited by the continued adoption of VMDR, with total customer penetration now at 40%, up from 36% last quarter and 24% a year ago. And continued adoption of Qualys solutions increased large customer spend with 128 customers spending $500,000 or more with us. This represents 17% growth from the year-ago period. We attribute the success to our innovation strategy having resulted in strong product differentiation and market position. Our investments in building a unified cloud-based platform clearly resonating with customers, CIOs and CISOs are increasingly looking to phase out legacy point solutions in favor of a consolidated security and compliance platform due to increasing cybersecurity risks, the speed at which critical vulnerability (inaudible) and increasing importance and priority of digital transformation initiatives. We remain focused on building a long-term business with durable growth and industry-leading margins.

As a result, our scalable platform model continues to drive superior margins and significant cash flow. Adjusted EBITDA for the first quarter of 2022 was $54.3 million, representing a 48% margin. EPS for the first quarter of 2022 was $0.89, and our free cash flow for the first quarter of 2022 was $71.4 million, representing a 63% margin. We believe we can continue to generate attractive levels of free cash flow while continuing to invest in the business.

In Q1, we continued to invest the cash we generated from operations back into Qualys, including $7.6 million on capital expenditures and $46.6 million to repurchase 368,000 of our outstanding shares. We're pleased to announce that our Board has authorized an additional $200 million increase to our share repurchase program. The resilience of our sustainable and scalable business model has been proven over time as currently demonstrated by our continued strong earnings and cash flow generation at this time of uncertainty and volatility.

Leveraging our excess cash to continue to return capital to shareholders will allow us to mitigate our share dilution and drive shareholder value. Including $225 million remaining as of Q1, this provides approximately $425 million in share repurchase capacity. The weighted average diluted shares outstanding in Q1 was 40 million, down from 40.4 million last year.

Shifting now to guidance for the second quarter and the rest of the year. Our strong start to the year continued to bolster our confidence in both our strategic agenda and business environment. And with current opportunities ahead, we continue to believe that this remains the right time for us to increase our spend with an emphasis on sales and marketing to support long-term growth in the business.

As I said before, this investment strategy is not about just having headcount. We're equally focused on investing our channel, accelerating digital marketing initiatives, expanding product management capability and other sales support functions to further enhance both our value proposition with customers and mid-to long-term sales productivity.

Building off our strong start to the year, we are raising the bottom and top end of our revenue guidance for the full year to now be in the range of $484 million to $486.5 million, representing an 18% growth. This compares to the prior full year revenue guidance of $482 million to $485 million.

In terms of profitability, balancing the tight labor market with our anticipated investments for the year, we are raising our full year EPS guidance to now be in the range of $3.13 to $3.17 from the prior range of $2.87 to $2.92. This revised guidance implies EBITDA margin in the low 40s with the timing of our investments to be more back half weighted.

For the second quarter, we expect revenue to be in the range of $117 million to $117.8 million, which represents a range of 17% to 18% growth. We expect EPS to be in the range of $0.78 to $0.80.

Our planned capital expenditures in Q2 is approximately $5.5 million to $6.5 million. And for the full year 2022, we continue to expect investments in the range of $25 million to $30 million.

In conclusion, as we look to the balance of this year, we remain excited about our opportunity to drive durable top line growth on the back of a large and growing market opportunity while leveraging our highly scalable model to maintain industry-leading profitability.

With that, Sumedh and I are happy to answer any of your questions.

(Operator Instructions) Our first question comes from the line of Joshua Tilton with Wolfe Research.

I just wanted to kind of start off on the hiring trends. Are you guys still on track to meet the targets that were baked into the guidance you gave at the end of Q4? And I guess I'm asking because you mentioned investments will be back half weighted this year. Is that by design? Or is it just because you guys are kind of maybe behind schedule on some of those investments?

Yes. I think we're seeing the same market challenges everybody else is seeing from a hiring perspective in the current environment. But we've been really focused on building out our leadership team, which now is really given its ability to attract the right people in our sales and marketing. I think our sales and marketing, Joo will talk more about that. We have made progress. I think what we are looking forward to doing is really continuing that focus on hiring so that we can continue to build out the team and look forward to having impact in the second half of the year.

Yes. And to follow up, we remain very confident in our ability to execute and drive growth. In terms of the investment, it is by design. You guys from the (inaudible) that investments will be more back half weighted. On the hiring trial, we are still targeting growing the sales and marketing headcount in double digits as we communicated last quarter.

Very helpful. And then just a quick follow-up. Obviously, awesome outperformance in free cash flow in the quarter. Can you maybe just give us some additional guardrails to just how we should think about margins and how they should trend for the rest of the year?

Yes. In terms of our margins, what Q2 implies is EBITDA margin in the low 40s based on the non-GAAP EPS guidance. And so the first half will be in the low 40s versus the second half, it will probably get below the 40%. So ending the year end of low 40s is what we're projecting.

Next question comes from the line of Trevor Walsh with JMP Securities.

A quick question around the new partner program that you rolled out. Can you give us maybe a little bit more context as the impetus for that? Was it feedback from the partner community? Was it maybe a hedge around kind of if some of the hiring of direct sales maybe hasn't come through that you kind of have that as a backup? And kind of just give us some more context there would be great.

Yes, yes. Sure. We really got a lot of feedback from the partner community. I think we've hired an SVP focused on partnerships really, who's been working with our partners and understanding from them how we can actually take the platform that we believe is superior and the ability for us to take that and to figure out with our partners, what would be a relationship that's beneficial to them and beneficial to us.

And so with a lot of feedback, we've done a sort of a new partner program with -- working with different types of partners and then preview -- done an early preview with them and we've got a lot of positive feedback, but we do feel that we can leverage the relationships that the partners have with some of these organizations.

And then, of course, with the capabilities of the platform is, that is something that we feel that we can focus and leverage our partners to really focusing on new business logo growth. So being able to leverage their relationships and then figuring out the right go to market with them is really the direction that we're taking now.

Great. Awesome. And then maybe one more, if I can? For the new context XDR rollout, I maybe have missed it, but just in some of the messaging that I'm seeing, for the network layer telemetry, are there any -- are you looking to maybe partner with different providers or other vendors to get that piece of the puzzle? Or maybe doing that more organically with your own tool? Where do you see that kind of coming through like that piece of Intel as far as, again, that network layer piece.

Yes, that's a great question. And Context XDR really is about 2 main things. One is the organic sensors, the Qualys Platform already has built in a combination of active scanners, API connectors to the cloud, our agents. And we also have passive network sensors that were part of our platform that are providing that network telemetry back to our platform. However, one of the things with Context XDR that we have done is in addition to bringing all the context that our platform is already collecting across the board from an inventory and vulnerability and risk perspective.

We've also expanded the ability for us to collect macro telemetry and other types of log data from multiple different partners as well so that we can provide a more comprehensive visibility and helping customers sort of reduce the number of things that they have to put together to get the context when they're looking at incidents that are happening in that environment. And so this sort of gives the ability for them to leverage the Qualys sensors for collecting that for telemetry where it makes sense. And in other cases, if they already have deployed some other network vendors, we can also take the data from them and then provide the analysis on our platform.

Next question comes from the line of Joel Fishbein with Truist.

I just had a quick follow-up to that. Now that Context XDR is in GA, can you give us a little bit of color around how it's been tracking and how that space is actually developing for you guys? .

Yes, I think we feel good about the direction that Context XDR is taking as we have with any other product launches. We are working closely with a few early adopters and getting additional feedback from them, and we're going to continue to enhance those capabilities similar to what we've done with EDR as well. And we'll move forward towards -- through this year to continue to increase the adoption of that and getting feedback from the customer on this sort of a unique approach to bringing that context like base XDR.

Our next question comes from the line of Hamza Fodderwala with Morgan Stanley.

This is actually Keith Weiss sitting in for Hamza. In your prepared remarks, you talked about the heightened threat environment in particular, the conflict in Europe, driving sort of better demand signals. I wanted to just sort of clarify, is that something you guys are seeing in your business today that you think that's actually sort of driving sales? Or is this just something a broader kind of the environment remains very good kind of for overall spending in security, but it's not as direct of an impact. So that's kind of the number one question.

And then on the broader platform, really nice kind of penetration trends in VMDR, looks like it's driving a really nice growth for you on that consolidation play. Can you remind us like how high you guys think that penetration should get? Is there a theoretical kind of maximum of where VMDR customer penetration would go?

Yes, I'll take the first question. I think the great question. My comments around that are really about the environment and not necessarily about direct demand as we talked about this in the past as well. Our customers tend to look at these events when they happen more holistically in terms of taking a step back to see what kind of security program do they need to be able to award the potential instance like this.

And so it's really what we're seeing a conversation happening with our customers who are there, as I highlighted in some of the data points in the study that we did. But even with everybody all hands on deck for something like Log4Shell, which is taking and organization a long time to be to even patch for critical vulnerabilities that are being actively exported.

And the conversations with customers are more broadly about what kind of security stack consolidation potential needs to happen so that they can reduce that time, reduce that exposure window, leverage more automation and having siloed solutions or having vendors who provide sites different platforms as part of their overall offering is not really helping them reduce that time to remediate. And so what is encouraging is that conversation that we see with understanding the customers are having and pushing forward to looking at platforms like Qualys that are consolidating multiple (inaudible) obviously. But we see the new business examples that we gave this quarter the last couple of quarters. We're seeing when we're getting new customers come in, they are looking at more of an architecture -- overall architecture rather than looking at how can I get another tool that is just giving a big list of CVs that I have to go figure out what to do how do with, how do we make sure that they are actually able to remediate those fairly quickly and release their exposure.

And that's the conversation that we are -- happening because in that environment, you see the risk there is a different world because every organization has to protect themselves from potential nation state and cyberattacks at their own expense. So when we're looking to do that, they are looking to say, how do I create a good stack that is modern and that actually can help you provide much more real-time visibility and remediation capabilities.

And with regards to your second question on the VMDR penetration, it's been trending nicely up to 40% right now. I think that there is definitely more room for us to increase the penetration. But historically, our customer base has been such that anywhere between 65% to 70% have had VM solutions.

And so I think that definitely we can see VMDR penetration going up 70%. And even beyond that, about that with customers who don't currently have a VM solution with us, we're seeing some adoption there as well.

Our next question comes from the line of Curtis Boulanger with Summit Capital.

You have had some strong revenue growth this quarter, with revenue from 4 markets up 25% year-over-year. I was wondering if you could provide some color on the key trends you're seeing internationally? And how you expect these trends play out for the rest of the year?

We don't have forecast a separated out for -- I mean we're seeing a good momentum overall. If you take a look at whether you're looking at revenue or LTM current selling trajectory, we're seeing a lot of opportunities both in the U.S. and international. Obviously, on the international front, there's more opportunity just because there are less penetration penetrated in those markets. And so we're happy with the growth that we're seeing in both regions.

Our next question comes from the line of Yun Kim with Loop Capital.

Sumedh, can you just give us an update on how much of your business or your customers' usage is on hyperscaler environments, like AWS and Azure and GCP? And for some of your early adopters of your Context XDR, are they using it to analyze deployments on those hyperscaler environments?

Yes. We don't necessarily break out the usage from a cloud versus on-prem versus remote endpoint perspective. We have healthy adoption across the different aspects of IT environment and I think that's really the value that I think that the Qualys platform brings so that we can actually bring your cloud visibility or remote employee visibility as well as your on-prem server environment into one.

And so today, what we do see is as customers are looking to migrate potential work loads on on-prem systems into the cloud base, feel always has the right capabilities with a trusted partner to help them make the move rather than so we have capabilities in the cloud environment. So we have come to customers who are running stuff -- our agents in AWS and Azure. We have the partnership with Azure, where there is an embedded Qualys capability in Azure environment if you take your workload.

So we're looking at cloud from multiple different aspects, working with existing customers to help them and be their partners as they're moving into the cloud and funding new security paradigm as well as providing them more embedded capacities directly through the cloud provider as well in some cases. And so we're quite happy to see that the customers that see value in Qualys are usually and like most customers, they don't -- they have cloud, they have a large number of employees who are remote, who have cloud as well as who have on-prem. And with the early XDR customers, it's again the same thing that when they're looking at threats and they are looking at exposure, it is not only in 1 particular environment in the Qualys Platform and our Context XDR be able to bring the visibility of not only maybe the cloud account that may be seeing some activity but also that remote employee laptop, admin laptop, which may be accessing like cloud account, that's the posture of that particular asset. How do you see those together in a single platform? That's really the value that I see the Context XDR brings and differentiates us from what is out there, which you may be very focused on certain environments.

Okay. Great. And Joo Mi, I have a quick question around contract length and billing frequency. Obviously, you continue to see VMDR platform adoption the deal sizes around those, I'm assuming it's getting larger. Just any trends that you're seeing around contract length and billings and any potential deviation between the current and total calculated billings.

I think to call out this quarter on, it's been that we are -- we did average contract length has been slightly over 1 year, and then that's remained the same.

I'm showing no further questions in the queue. Ladies and gentlemen, this concludes today's conference. Thank you for your participation. You may now disconnect. Everyone, have a wonderful day.