Tenable Holdings Inc (TENB) 2020 Q4 法說會逐字稿

Greetings, and welcome to the Tenable Fourth Quarter 2020 Earnings Conference Call. (Operator Instructions) As a reminder, this conference is being recorded.

I would now like to turn the conference over to your host, Andrea DiMarco.

Thank you, operator, and thank you all for joining us on today's conference call to discuss Tenable's Fourth Quarter and Full Year 2020 Financial Results. With me on the call today are Amit Yoran, Tenable's Chief Executive Officer; and Steve Vintz, Chief Financial Officer. Prior to this call, we issued a press release announcing our financial results for the quarter and full year. You can find the press release on the IR website at tenable.com.

Before we begin, let me remind you that we will make forward-looking statements during the course of this call, including statements relating to: Tenable's guidance and expectations for the first quarter and full year 2021; growth and drivers of Tenable's business; changes in the threat landscape and security industry, and our competitive position in the market; growth in our customer demand and adoption for our solutions; Tenable's expectations regarding long-term profitability; the impact of COVID-19 on our business and on the global economy and planned innovation and new products and services.

These forward-looking statements involve risks and uncertainties. Some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. You should not rely upon forward-looking statements as a prediction of future events. Forward-looking statements represent our management's beliefs and assumptions only as of today and should not be considered representative of our views as of any subsequent date. We disclaim any obligation to update any forward-looking statements or outlook.

For a further discussion of the material risks and other important factors that could affect our actual results, please refer to those contained in our most recent quarterly report on Form 10-Q and subsequent reports that we file with the SEC, which are available on the SEC website at sec.gov.

In addition, during today's call, we will discuss non-GAAP financial measures. These non-GAAP financial measures are in addition to and not a substitute for or superior to, measures of financial performance prepared in accordance with GAAP. There's a number of limitations related to the use of these non-GAAP financial measures versus their closest GAAP equivalent. Our earnings release that we issued today includes GAAP to non-GAAP reconciliations for these measures and is also available on the Investor Relations section of our website.

I'll now turn the call over to Amit.

Thank you, Andrea, and thank you all for joining us today. I'd like to start off by saying I'm incredibly proud of how our employees continue to respond as we navigate today's dynamic environment. Today, I'll highlight our strong Q4 results, our cloud security advancements and some exciting channel expansions.

But before I get into Q4, I'd like to comment on the current vulnerability management market and cybersecurity environment we find ourselves in. Through our dialogue with customers and partners, we see the strategic importance of vulnerability management rising rapidly. Enterprises continue to prioritize VM as the critical building block to understanding their cybersecurity risk. This is underpinning the strong adoption and demand we saw from our customers throughout the year. We added one of our highest number of new platform customers over this quarter, 460, and one of our highest number of new 6-figure additions at 66. We also continue to see a healthy number of competitive displacements and continued optimism about the large greenfield opportunity in VM. About 1/3 of our larger new platform ads came to us from greenfield accounts, where they had no in-house organic VM capability.

The SolarWinds breach further highlights the importance of VM and visibility across the entire environment. For many of our customers, Tenable's VM solution played a critical role in helping them discover, understand and respond to emerging threats identified in the SolarWinds breach. Very quickly, they were able to identify exactly where they were running SolarWinds' Orion platform. Within hours, our customers and our entire Tenable community could also identify where specific versions of SolarWinds were installed. In short, our customers could rapidly shift from the fear and doubt of high-profile headlines to clarity and confidence.

Knowing the security of your systems and the state of your user account base are foundational. At Tenable, we believe that a continuous and complete understanding of assets, exposures and risks are critical to good decision making. Being prepared with accurate data and insights to help manage risk, helps our customers confidently respond in a time of crisis.

Our risk-based approach prioritizes vulnerabilities so customers know where to focus first. While we play a critical role in reducing risk for a vast majority of breaches caused by known vulnerabilities, we also provide critical agility for new and emerging threats, including new zero-days. In both situations, our commitment to best-of-breed VM enables us to deliver value as a key differentiator and a key response mechanism for organizations. Being able to answer the fundamental questions such as how secure am I, how exposed am I, and what can I do to most efficiently reduce risk, has never been more critical to the executive leadership. The right vulnerability management solution, strategically implemented, provides continuous understanding for enterprises to effectively measure and manage cyber risk and respond with confidence during times of crisis.

In times of uncertainty, enterprises know they can rely on Tenable's focus and best-of-breed capabilities.

Now with all that said, we're very pleased with our results for the fourth quarter. Our revenue grew 22% year-over-year. In addition to strong top line growth, our profitability continues to expand as we saw improvements in the operating margin and generated attractive levels of free cash flow. These results reflect favorable demand dynamics, the strength of our product portfolio and the compelling nature of our business model. With our enhanced product portfolio, we believe we're just getting started on the value that we can deliver to customers.

A great example of this is a new 6-figure cross-sell win in OT with a global manufacturing company. Now this is an existing Tenable.io and web application security customer that was looking for a converged IT/OT system to reduce cost, improve visibility and improve security. By running Tenable.io, along with the web app security product and now OT, this customer is able to reduce cyber risk and protect their brand with a unified understanding of risk.

In the fourth quarter, we saw momentum starting to build in the platform adoption across product lines. With increasing demand for multiple products, we're exploring other, more natural cross-sell motions to make it easier for our customers to benefit from the full suite of capabilities. We continue to see strong demand among hybrid and cloud-first customers, increasingly turning to us to help them secure their cloud environments.

An excellent example of this is another 6-figure win from a global pharmaceutical company that purchased our entire cloud security suite. Tenable.io, lab application security, Container Security and Lumin. This existing Tenable.io customer completed an acquisition and needed visibility across the entire organization. The customer was originally a competitive displacement over a year ago. And now, with this new acquisition, became a competitive replacement for a second time. This is a tribute to our long-standing relationship with customers and the superior capabilities and customer experience that we can deliver.

In the end, our commitment to product innovation, focus on cloud and mature prioritization capabilities drove the win.

We also officially launched Frictionless Assessment globally for the Tenable.io in AWS Marketplace in the fourth quarter. Frictionless Assessment continuously provides accurate visibility across all cloud-based assets via an easy-to-use low-risk approach that delivers quick time to value.

While it's very early, we believe there is significant opportunity for the adoption of Frictional Assessment. Many of our customers want increased visibility into the state of their assets in the cloud due to the velocity of changes in these environments. We're seeing customers starting to use Frictionless and already discussing opportunities for significant growth. These early indications are very positive, and we view this as an exciting opportunity to expand asset coverage and continue to deliver more value to customers using Tenable to secure their cloud deployments.

In addition to our relentless focus on innovation and our commitment to our product portfolio, we'll continue to make significant investments in our go to market. While early in our development of MSSP relationships, we have laid the groundwork in our MSSP program that we believe will continue to fuel growth for years to come. We're already seeing early returns on these investments. Last year, we added over 150 new MSSP partnerships, being our MSSP partner count to over 350 globally. But more importantly, we're including many of the top global MSSPs in these numbers. We're excited about the momentum in this particular program and the broader progress we are making with our channel partners.

We believe a best-of-breed strategy in VM and strong presence and capabilities to secure cloud environments, coupled with our go-to-market investments will continue to fuel attractive growth and profitability. Heading into 2021, we plan to continue to invest, particularly in R&D and quota-bearing resources to drive innovation, increase our market leadership and position Tenable for continued growth.

I'll now turn the call over to Steve.

Thanks, Amit. As Amit mentioned earlier, we are very pleased with our results for the fourth quarter, highlighted by attractive top line growth and impressive bottom line results. I'll discuss our results for the quarter momentarily, but please note that, first, all financial results we will discuss today are non-GAAP financial measures with the exception of revenue. As Andrea mentioned at the start of this call, GAAP to non-GAAP reconciliations may be found in our earnings release issued earlier today and posted on our website. Now on to our results.

Revenue for the quarter was $118.1 million, which represents 22% year-over-year growth. Revenue in the quarter exceeded the midpoint of our guided range by approximately $4 million. Our percentage of recurring revenue remained high at 94%, which is a result of our annual prepaid subscription model. Revenue for the full year was $440.2 million, which represents 24% growth year-over-year. Revenue in the quarter located by strong demand for both new and renewal business. In terms of new business, we had one of our best quarters ever as we added 460 new enterprise platform customers and 66 new -- net new 6-figure customers in the quarter. This brings a total number of customer spending in excess of $100,000 annually to 837.

Our investments in product innovation and go-to-market reach has continuously helped us deliver a healthy number of greenfield opportunities and competitive takeaway throughout the year despite the pandemic, and this quarter was no different. So we are delighted with the velocity in which we are adding new customers in the quarter.

We're also very pleased to see upside in our expansion business as customers adopted new modules and expanded asset coverage at a higher rate than what we saw earlier in the year. Of notice, cross-sell, as Lumen, web application security and OT, among others, experienced significant growth in the quarter. We attribute our success here to an increasingly complex threat environment that highlights the relevance of our cyber exposure offering. Specifically, a platform that delivers broad asset coverage, accurate results and predictive analytics to help our customers understand and address the most critical vulnerabilities within their compute environments.

This also benefited renewal business, which was strong in the quarter. This is reflected in our calculated current billings. CCB, defined as the change in current deferred revenue plus revenue recognized in the quarter, grew 20% year-over-year to $150.5 million. And overall, we are very pleased with our performance. As a reminder, CCB is a close, but not perfect proxy of the underlying performance of the business. And can be influenced by such factors as deal timing, early renewals and multiyear prepaid deals, which have been impacted in the current economic environment.

I'll now turn to expenses, which reflect considerable investment this year, offset by operational efficiencies and to a lesser extent, some pandemic related savings. I'll start with gross margin, which was 84% this quarter, consistent with last quarter and up from 82% last year. Gross margin for the full year was 84%, which is consistent with 2019. Our gross margin continues to be very healthy and reflects increased investment in our public cloud infrastructure, and we continue to realize economies of scale related to the growing demand for our cloud-based Tenable.io platform. In short, investments in our public cloud platform have resulted in an increased spend on an absolute dollar basis, but with notably lower unit costs.

Given the uptake for Lumin and other cloud-based offerings, we plan incremental investments that are expected to lower gross margins in 2021 by approximately 50 to 100 basis points.

Let's turn to operating expenses. Sales and marketing was $50.8 million compared to $57.7 million in the fourth quarter last year and $48.2 million last quarter. Sales and marketing expense as a percent of revenue was 43%, which was consistent with last quarter and significantly improved from the 59% last year. As we've discussed on prior calls, we're very pleased with the leverage we've demonstrated to date in sales and marketing, which we attribute to a maturing sales force, higher mix of channel in business, from our 2-tier distribution model, and better overall efficiency related to sales overhead in markets where we have critical mass.

Tenable's marketing expense increased sequentially due to higher commission expense on seasonally higher sales as well as incremental investment and expanding our go-to-market efforts such as -- areas including the channel, most notably ramping our MSSP business, which represents a compelling long-term opportunity for us.

Looking ahead in 2021, we're going to make continued investments to expand both the sales organization and our channel efforts, which we believe will position us well for continued growth and success. R&D for the quarter was $20.4 million, consistent with the same period last year and down slightly compared to $21.2 million last quarter. As a percent of revenue, R&D expense was 17% compared to 21% in Q4 2019, and 19% last quarter. As a best-of-breed vendor, innovation remains a top priority for us. So additional investment to secure the increasingly complex attack surface via our cloud-based predictive analytics approach, is anticipated in 2021 to extend our market leadership.

G&A expense was $12.5 million, compared to $12.6 million in the fourth quarter last year, was also consistent with last quarter. As a percent of revenue, G&A expense was 11% this quarter, flat with last quarter and down from 13% in Q4 last year, which reflects our ability to more fully absorb public company costs and achieve greater efficiency and automation in many of our back-office functions.

Income from operations was $15.4 million in Q4 compared to a loss of $11.1 million in Q4 last year and an income of $12.4 million last quarter. For the full year, non-GAAP income from operations was $25.8 million compared to a loss of $42.8 million in 2019, which was a $69 million improvement.

Operating margin was positive 13% for Q4, and a negative 11% for the fourth quarter last year and positive 11% last quarter. Operating margin was positive 6% for the full year compared to negative 12% for the full year 2019.

All of this translated to significant EPS upside for the fourth quarter as our earnings per share was $0.13, which was $0.07 to $0.08 better than expected. Approximately half the beat was due to better-than-expected top line results and half was attributed to better cost management.

For the full year, we generated $0.19 of earnings per share versus a loss of $0.42 last year.

Now let's turn to the balance sheet. We finished the year with $291.8 million in cash, cash equivalents and short-term investments, an increase of approximately $80 million compared to December 31, 2019. Total deferred revenue at December 31, 2020, was $434.5 million, an increase of $71 million from last year, giving us a lot of visibility into revenue headed to 2021.

Turning to cash flow. We achieved $16.7 million of positive free cash flow in the quarter. This compared favorably to a free cash flow burn of $13.5 million in Q4 last year. For the full year, we generated $44 million of free cash flow versus a burn of $31 million last year, which was a very notable $75 million improvement. With high recurring revenue, high gross margins and high renewal rates, we are confident in our ability to generate attractive long-term margins. And despite the investment in the business and an anticipated return to a more normal travel and spend environment, we expect continued expansion in the free cash flow margin in 2021.

With the results of the quarter behind us, I'd like to discuss our outlook for the first quarter and the full year 2021. Our assumption is the health care crisis will continue to create uncertainty and macro headwinds, as many geographies are experiencing further restrictions and lockdowns. Although we have a very balanced and diversified customer base, approximately 10% of our business comes from industries that have been highly impacted by the pandemic, such as transportation, hospitality and retail. As a result, our guidance assumes that crisis will continue to abate over the summer, with modestly improving demand in the second half of the year. With this uncertainty in mind, we believe our business will remain resilient, giving us the confidence to provide an initial full year outlook for calculated current billings today, which is something we have not provided since our call in February of last year.

Recent security events, including SolarWinds' breach, have the potential to create a more favorable spending environment for us this year, but the overall impact, if any, and timing are uncertain.

With that as a backdrop, for the first quarter of 2021, we currently expect revenue to be in the range of $118 million to $120 million; non-GAAP operating income to be in the range of $7 million to $9 million; non-GAAP net income to be in the range of $5 million to $7 million, assuming a provision for income taxes of $1.5 million; and non-GAAP diluted earnings per share to be in the range of $0.04 to $0.06 per share, assuming 115 million fully diluted weighted average shares outstanding.

And for the full year 2021, we currently expect: Calculated current billings to be in the range of $565 million to $575 million; revenue to be in the range of $510 million to $515 million; non-GAAP operating income to be in the range of $40 million to $45 million; non-GAAP net income to be in the range of $30 million to $35 million, assuming a provision for income taxes of $6 million; non-GAAP diluted earnings per share to be in the range of $0.26 to $0.30 a share, assuming 116 million fully diluted weighted average shares outstanding.

In summary, we're very pleased with the results of the quarter, which gives us increasing confidence that we remain well positioned to deliver compelling growth and profitability over the long term.

And now I'll turn the call back to Amit for some closing comments.

Thanks, Steve. As I stated earlier in the call, recent security events have raised the profile of vulnerability management. SolarWinds shows that we can't rely on strong perimeter defenses and has highlighted the need for assessing devices across the entire enterprise. Our message has been very consistent. For Tenable, our core strength in VM has driven our success and aided in our natural expansion across the attack surface into improving the security posture of cloud and OT deployments. Our strengthening platform of capabilities positions us for long-term success as our customers shift to hybrid and cloud environments.

We hope to see many of you virtually at the Goldman Sachs, Morgan Stanley and Truist tech conferences in the coming weeks. We'd now like to open the call up for questions.

(Operator Instructions) And our first question comes from Brian Essex with Goldman Sachs.

It was a nice set of results. Amit, nice progress in the service provider market and appreciate the color there. Maybe could you provide a little bit of incremental color in terms of the types of customers that you're attracting in that market, the dynamics of those deals and how meaningful you expect that segment of the business to be from a mix perspective?

Yes. I'll provide maybe some color context. I think the service provider market is incredibly strategic. We see that market really going after a diverse set of customers. So the natural one which comes to mind, and certainly the mid-market where a lot of organizations that don't have the in-house expertise, gravitate toward managed security providers. And then, we've also seen a noteworthy number of large enterprise customers, which choose to use managed service providers, managed security providers as part of their ongoing security operations. So we really see it as a pretty important, pretty strategic route to market for us along both tracks. And we're early in those relationships, but seeing some early results and really excited about the opportunity that both of them represent for us.

Got it. That's helpful. And maybe to follow-up. Can you maybe talk about the OT market? You noted a nice 6-figure OT win. And given the, I guess, growing concern of state-sponsored tax and how deep those might go from an operational perspective. I mean, how are you gaining -- I guess how does traction in that market look? And how meaningful do you think that might be over the next year or so?

I think, listen, that is the market that we believe has very strong, has very strong potential. There's no doubt that some of the most critical business operations occur in and on and rely on OT environments. And that OT is an increasingly critical part of business efficiency and fueling economic growth. So the awareness for OT security has grown rapidly in the last 2 to 3 years. And we've seen IT security programs and IT security leadership play an increasingly critical role in product selection and solution selection and providing security into corporate OT environments, which, historically, have been managed by different teams.

So we feel like we have a real position of strength in understanding risk across IT and OT and the convergence of security regimes across both of those platforms. In terms of the potential for that market, I think Steve can do some analysis on asset numbers and industries and the breadth of industries that rely on OT. But I think it's -- there's a pretty substantial opportunity that we're going after there.

And our next question comes from Joshua Tilton with Berenberg Capital.

Just 2 quick ones for me. First, I believe last quarter, you guys mentioned that the renewal rate was 110%. I was just curious if you guys could comment on what it was in this quarter? I think the commentary in your prepared remarks kind of suggest that it was positive. And then also, what number is baked into the guidance that you gave for 2021?

Josh, this is Steve. Well, first, we did comment in the quarter that upsell was notably strong this quarter, really on the backs of higher asset coverage as well as higher cross-sell is one of the best quarters ever for us in terms of cross-sell. So we're very pleased with the level of upsell this quarter. This is a positive development after several quarters of moderation earlier in the year.

We don't manage the business to a single metric. We know that in terms of opportunities, pipeline can vary between opportunities from new customers as well as upsell opportunities from existing customers. And the number that we disclosed in the filing is on an LTM basis. So the good news is we saw a notable uptick in upsell this year, low in the backs of high rental rates, strong cross-sell and we think that bodes well headed into 2021. I think in terms of 2021, more broadly, we're assuming that the demand environment is largely the same and with no notable changes from what we saw this year.

The one thing that I will say is -- the takeaway here is, look, we're very pleased with our results in the fourth quarter. We sell-out performance in both the top line and the bottom line. CCB growth was 20%. Revenue growth was 22%. Better than expected, both the top line and the bottom line. Customer demand underpinning all this was strong, as Amit mentioned earlier. And to my comments earlier, we added 460 new enterprise platform customers. It's one of our best quarters ever. And in fact, it was our best quarter ever for landing new large deals. That said, looking ahead in 2021, there's still a lot of uncertainty out there, with the macro. As we head into the year, many geos and countries are imposing further lockdowns and restrictions.

Our guidance assumes just more broadly, notwithstanding the renewal rates and expansion rates, that the crisis will continue, but abate over time, some time in the summer, with modestly improving demand in the second half of the year. And overall, we're pleased with the results of the quarter, and it gives us confidence as we head into 2021.

yes, that was very helpful. And then I guess kind of just to confirm a little bit on what you said. For 2021, you're baking in no change to the demand environment. But you also mentioned that the recent attack kind of brings the importance of VM into light. So should we view the billings guidance as conservative since it's not taking in any incremental demand from the recent attack? Or is it just too early to see any meaningful change, if any?

It's more of the latter. Specifically in relation to CCB, it's important to note that, first, we haven't provided a full year guide to CCB in over a year since February of our last call. We feel like today's guidance is appropriate. It certainly reflects the uncertainty of the macro. But the fact that we're providing this guide now is certainly a clear indication of our increasing confidence in the business. Again, we're not -- we are factoring some of the uncertainty related to the macro. But we're also not considering any tailwinds from the recent SolarWinds breach, which are difficult to predict. We think it has the potential to lead to better spending environments in 2021, but we view the guidance today for CCB. Really, it's a good starting point. The fundamentals of our business are very strong, and we look forward to updating you throughout the year.

And our next question is from Hamza Fodderwala with Morgan Stanley.

Just a couple from me. The first is on the SolarWinds impact, you've been mentioning sort of the rising priority of VM. Can you maybe talk a little bit about for a meet, to what degree is it maybe starting to influence pipeline or perhaps getting brought up in customer conversations? And then I have a follow-up.

It's -- yes, it's definitely become an important part of our customer conversations. And I think we saw that almost immediately as the news began breaking where, even going back with the FireEye breach and even before the SolarWinds, as each data point comes out on one of these high-profile breaches, first question corporate leadership are asking is, am I exposed? Are we at risk? Are we secure? What are we doing about it? And so being able to -- for the IT security team, to be able to, in near real time, say, look, all of the attack tools, which were part of the Red Team kit is it, was stolen from FireEye. Well, we already checked for those. And here's where we stand from the exposures perspective. Or when the SolarWinds twisted up reach came up, being able to say, here's exactly where we're running SolarWinds Orion. And within that, here's the version of SolarWinds Orion. And be able to have that very immediate certainty to understand the level of exposure and/or where the incident response teams can start swinging into action.

So it's an important part of risk management and being and proactively improving your security. But in time of crisis, having a mature VM program just provides the agility for incident responders to move with much better certainty and much more rapidly.

So it became an immediate part of the conversation right away. And I think as Steve said, we're just early in the process and in the cycles to be able to quantify and say, here's how we believe it will impact pipeline development and our expectations for '21. But customer engagement around it has been high.

Got it. And then just a follow-up for Steve. So you managed the business pretty well during the worst of the pandemic, right? Current billings has been accelerating 20%-plus over the past couple of quarters. You mentioned sort of record number of net new enterprise customer adds, accelerated pace of share gains. I'm wondering how you kind of -- how that kind of jives with the deceleration implied in the 2021 outlook. I respect that there's still some conservatism around the pandemic. But obviously, those headwinds have been around. And if anything, should be, based on your commentary, be improving in the back half of this year. So maybe is there anything else that you're kind of being a little more conservative on, whether it be sales productivity or anything else? That's it for me.

Yes. So by every measure possible, we had a strong print in the fourth quarter. We're delighted with our results, as we talked about. But that said, we're not going to track with the results for 1 quarter for an entire year for this year. Keep in mind, we are a global business, we transact sales in over 160 countries. We have feet on the Street in 30 countries. We try not to look at our business monolithically. And instead, different segments of countries and different sectors of the economy are different faces really, of the pandemic. Some countries are imposing further lockdowns and restrictions, which does create a little more uncertainty in some of those yields. And while others are more steady state.

And so for us, I think we take all that into consideration when we provide a guide. The good news is we have a business model that's high recurring revenue, high gross margins, high renewal rates. So it gives us a lot of visibility going into the year. But it is really in the air, and there still is a lot of uncertainty, and we're not factoring any V-shape recovery or any changes here in broader market dynamics that would change the business short term.

And Amit talked about follow in to this potential impact on the company. Obviously, it has the potential to create some tailwinds for us. But with regard to the fourth quarter, in particular, was something that played out late in the quarter. And a lot of the opportunities in the pipeline were dialed in, deals were slated to close. So we're actively having conversations with our customers and our partners to determine what the opportunity is, if any, and what the potential impact is here in terms of timing.

So overall, all this is really factored into our calculus when we give the guidance. Again, reinstating CCB guidance, something that we haven't done over a year. We feel this is a good early guide for us and a good starting point. And we'll -- and it certainly gives us -- the strength of the Q4 results gives us momentum on that headed into the year.

And our next question comes from Sterling Auty with JPMorgan.

So coming into 2020 and the beginning of 2020, it was pretty clear that, at least the commentary and the results, your margin performance was really good, and you said you'd focus on that, and we've seen really good margin results throughout 2020. But the growth rate has decelerated through the year. And now, am I reading it correct, it sounds like with the commentary around investment for both R&D, quota-carrying and sales and marketing, that perhaps now, with the growth rate decelerating, that the focus is shifting back to invest to hopefully stabilize or maybe reaccelerate growth, but it's going to take a couple of quarters for those investments to pay off? Is that the right read? Or am I missing it?

Sterling, this is Steve. Look, I think that is a fair characterization and inference in our guide. We have a lot of confidence in the market. I think we have more conviction now than we did certainly, a couple of quarters ago. We weren't sure what to expect headed into the pandemic. I think CCB growth was like, was like 20%-plus in Q1. And then in Q2, I think it was like 13%. We talked about some timing differences of deals and how that played out. And then it was over 20% in Q3. And then we're delighted to report 20% in the fourth quarter. So we feel really good about the fundamentals of our business. We're adding customers at a very high rate, transacting larger deals. I think we'd be remiss if we didn't highlight the investment opportunities and the opportunities for us really to generate long-term attractive top line growth. So the investments in go-to-market investments and product are all paramount.

We certainly want to run for growth and want to have the opportunity for growth, despite the uncertainty with the macro. And we think the investments that we've talked about today and outline today give us the best chance for that. At the same time, we have -- our guidance certainly implies expanding operating margins. We had a lot of leverage in the business this year. We spent some -- marketing spend as a percent of revenue came down from, I think, close to 60% for the full year 2019 to something in the low 40% range in the fourth quarter of 2020. And so there's a lot of leverage in the business.

We talked about the improvement on free cash flow. We even talked about on the call that despite these investments, we expect the free cash flow margins to improve this year.

So we're trying to strike the right balance. We're certainly a big believer in the market. We think these investments give us the opportunity to lean in on growth, but at the same time, be efficient and continue to drive leverage on the bottom line.

Okay. And then 1 follow-up. Amit, there's been news reports that maybe a couple of the cybersecurity vendors may have had either some sort of breach or exposure with all the happenings over the last month or so. Is that actually opening up opportunity to gain market share or an increased opportunity for you guys? Or is that not part of the conversation you're seeing?

I do know that customers and prospects, let's say the market more broadly places greater emphasis on security and the vendor and supply chain risk management, a greater emphasis and value on that than they have in previous periods, I think, highlighted by SolarWinds and some of the high-profile security company breaches. I don't know that I would translate it directly into saying there's an opportunity -- it represents a great opportunity for displacement for us. But certainly, our stance in terms of best-of-breed provider and quality provider plays as a tailwind. And obviously, no security program is perfect, but we do invest in our security and have continued to do so.

And our next question comes from Andrew Nowinski with D.A. Davidson.

Congrats on a nice quarter. I just want to go back to one of your comments about the greenfield opportunity. I'm trying to better understand really how nascent your market opportunity is. And I know you said about 1/3 of those 460 new adds were greenfield this quarter, which I think is similar to what you said last quarter. But do you think that's reflective of the broader market opportunity, meaning 1/3 of the companies out there have nothing for VM? And how do you think that will change at the end of calendar '21?

Because I think many people believe that after the Equifax breach, most enterprises deployed some sort of VM solution. Therefore, the bare thesis suggests that most of your growth would have to come from vendor displacements. Just wondering how you're thinking about -- or how we should think about that needs and opportunity.

Yes. I guess I'll be careful making assumptions about rational behavior in the security community. One would assume, and coming into Tenable about 4 years ago, when I first started getting exposed to the data, was shocked when the team would come back and say, hey, this quarter, about 1/3, sometimes as high as 40%, sometimes as low as 25%, but pretty consistently, about 1/3 of our new large enterprise transactions are coming to us from greenfield, meaning they're not using Tenable, they're not using any of our primary competitors. They're not even using Nessus. They have no organic VM program capability. They're literally relying on an annual audit or assessment from a PW -- from big 4 or some other security consultancy as their enterprise understanding of cyber risk, which is -- which I thought was complete lunacy back then.

And as the market has continued to mature, that continues to be the case, where we're seeing a lot of new adoption, about 1/3 of the larger enterprise transactions coming to us from organizations that still, entering 2021 or fourth quarter of 2020, have had no organic VM capability.

So that Greenfield, we do talk about competitive displacements and growth through increased asset coverage in our existing customer base, new asset types and the like, but there is a very healthy amount of Greenfield that remains in this market. And we try to highlight that through calling out the amount of Greenfield that we're landing, through calling out the number of new customers landing out to our enterprise platforms every quarter. And trying to be fairly transparent about it. In this quarter, 460 is, I think one of our best quarters ever.

Okay. That's great. Just a quick clarification as well. Your sales and marketing expenses modestly increased quarter-over-quarter and year-over-year in Q4 here. And you demonstrated very good leverage, operating leverage in calendar '20. I'm just wondering how much the SolarWinds attack factored into your decision to increase investments for the coming year? Or if that's something you had planned regardless of the breach?

I think that's just one of many factors that goes into kind of us running the company. We look at broader market and competitive dynamics, and we also look at some of the secular trends in the market. So I think our results, more broadly, in the fourth quarter give us confidence to invest with the right in which we're adding new customers, certainly underscores that. Our ability to transact larger deals, certainly, the progress on competitive takeaways, our best-of-breed focus. We have a lot of confidence in this market, gives us the confidence to invest more so, certainly in 2021 than what we did in 2020. And we believe there's a compelling long-term opportunity here.

So yes, I think it's a combination of a lot of things. Not just any one thing specifically, but just really reflects the broader enthusiasm and confidence we have in our ability to execute, but also in the backdrop of the broader market opportunity.

And our next question comes from Jonathan Ho with William Blair.

Just wanted to start out. I think you had some commentary around multiproduct cross-sell motions. And maybe reducing some of the friction there. Can you talk about maybe what you're doing with some of your programs? And whether there's any significant opportunities that you see around further driving that cross sell motion?

Yes, Jonathan. Great question and observation about some of the talk track earlier. We believe that there are tremendous opportunities for the creation, for value creation for our customers and some of the products, specifically as you look at Container Security, as you look at Frictionless Assessment, as you look at IO and some of the things that we're doing around cloud security. Coming up with packaging that makes more sense or lowers the web application, web application security are all aspects of cloud security, making it easier for customers to embrace cloud security capabilities or the things that we would have traditionally looked at and said, hey, we have to do a cross-sell here between this product and that product. And now saying, you know what, can we create a value for customers in how these products work together. We identify something, can it automatically trigger a different method of assessment that makes more sense, can you give more detailed answers for customers, as well as the packaging that would go along with that and sort of ease the amount of work, if you will, that's required to move customers between and across product lines.

So we're working on some of that with some of our early access customers and excited about the opportunity to do so.

Got it, got it. And just as a quick follow-up. Just given the change in administration and some early leanings towards potentially increasing cybersecurity spend on the government side. Can you talk about what you're seeing there in terms of government spending? And do you expect that to be, I guess, an above-average growth vertical this year? Or given 2020 was the year of the vulnerability for U.S. Fed, will this -- with some of that brought forward? I'm just trying to get a sense of what you're thinking.

Yes. Well, I think every year is the year of increased vulnerability, increased risk and increased exposure. And certainly, it was true in the federal market in 2020. There's a lot of confusion, if you will, in the final days of the last administration. You saw a lot of change over, a lot of thrashing of senior leadership positions, especially and not limited to, but especially from our perspective, in the cyber domain and the cyber ranks. And so there's the opportunity, I think, for the incoming administration to place the priority on cyber, bring in strong leadership and implement increased or enhancements to program and potentially even launch new programs and new initiatives to reduce federal cybersecurity risk. And there certainly is the awareness in the administration. And we know that there's already been a sort of $10-plus billion proposal put out there as well as cyber being an important part of the early administration dialogue.

So we're -- it's -- as Steve said, we're in the early periods here, and we'll wait to see how this plays out, but there certainly is the potential for good growth in the federal market as a result of that, and we have an exceptionally strong position in the federal cybersecurity market. And 2020 would continue to be a strong year for us in that market.

And our next question comes from Rob Owens with Piper Sandler.

Just 1 relatively quick one for me. I guess. Amit, could you talk a little bit about where customer conversations are around containers and Container Security. And we've got the CSPN market, the cloud workload protection markets. Are they looking for these technologies from a single vendor? And with all the noise out there and obviously, it's a big land grab at this point. Where are points of leverage in your mind in terms of who might win in these markets?

Yes. And I don't think that -- unless I'm mistaken, I would be shocked if there were any 1 particular winner in these markets. It depends on who the buyer is, what the use case, what they're trying to achieve. And in many cases, enterprises are using cloud in very different ways, not only SaaS and cloud based infrastructure, DevOp environments, web application, there's just a whole lot of -- there's no 1 cloud. There's a lot of different uses. A lot of different ways customers engage in their adoption of cloud.

From our perspective, we are not trying to go out and say, we're going to be a soup-to-nuts-cloud security vendor provider, we're going to do every aspect of cloud security for you. We're thinking there's going to be a very rich ecosystem of solutions out there. Some coming from a tech detection response company, some coming from infrastructure protection companies, some coming from the cloud infrastructure vendors themselves, embedding capability into the cloud.

And so from our perspective, we're engaging with our current users in the current use case that we help them solve and address and just expanding that into cloud. And so by that, I mean, we're helping them really with this business of assessing the security of their cloud environment. We're not protecting cloud environments. We're not doing all the attack detection, and other aspects of -- and tightening down of product configurations and other things, it's really about how do I assess the security of my cloud workload and of the assets that are in that cloud? And we have a number of ways to do that, whether it's through IO and with Frictionless Assessment, through our cloud-native connectors. Whether it's through the web application capability through the container inspection capability and a number of other techniques.

So from our perspective, it's still this question, how at risk am I, how secure am I and really expanding that visibility that they rely on us for, into these new cloud paradigms. And seem to be -- I think Q4 was a quarter where we saw increased adoption of those cloud security products. And so we tried to call some of that out earlier in the -- on the call.

And our next question is from Daniel Ives with Wedbush Securities.

So just sort of follow-up to some other questions and to summarize. So when you think about the -- what we're seeing on the federal side with the $9 billion, $10 billion incremental, SolarWinds hacked, those tailwinds. Could we say that, that additional area in terms of cybersecurity spend that you're not factoring into your guidance? Just to be clear.

Yes, I think that's a fair characterization. We certainly know that there is a compelling opportunity in Fed as Amit called out earlier. Obviously, the potential for a better spending environment, more broadly for SolarWinds. But the timing of that and the impact of that, if any, is really hard to assess at this point. So -- and so I think our guidance certainly reflects some broader uncertainty without those potential opportunities, correct.

Okay. And then just a follow-up to that. So just given this high that's now there in terms on the cyber security side, at least specifically on the federal, then (inaudible) wanted to get approved, but then also post SolarWinds, are you doing anything differently internally from a block and tackling to make sure these opportunities, especially where you guys sit within the beltway that you could capture? Or is it just the traditional sort of Tenable execution model?

We're very focused on the execution model, helping customers in time of crisis, being there for them, interacting with them, giving them the insights that we have into the challenges that we're seeing -- obviously, we help them in their environments, but what we're seeing more broadly across the community are important, giving them the accuracy and the confidence so that when they're reporting issues or that there are no issues, that they're doing so from a position of strength.

So I think first and foremost, that traditional execution aspect of our customer relationship remains the most important thing. And then we do engage with policymakers and others. Trying to educate and inform them on, hey, what are the key issues? And what are the right approaches to dealing with these issues? And so we have spoken with folks regarding the SolarWinds breach and continued ways to help the government assess the state of cybersecurity and some of the challenges in front of it. So I'd say, it's sort of a two-pronged approach, first and foremost, execution, but certainly also that more strategic dialogue with key government leaders and policymakers.

And our next question is from Gray Powell with BTIG.

Great, great. And it really helps when I turn the mute button off. I just had another question on the SolarWinds breach. I know you've answered a bunch on it already, but just 1 more follow-up, if I could. So do you see customers -- how do you see it playing out over the next 6 to 12 months? Do you see customers looking to increase asset coverage? Does it speed up the valuations of things like Lumin? Or is it more of a lever to drive new customer wins? Yes, just any thoughts on that dynamic would be really helpful.

Yes. I'd say, first of all, I'm extremely proud of how our team responded during the crisis in terms of getting information out to customers on a near real-time basis and understanding of the breach and understanding how to use the technologies to assess where they may have potential exposures and chase those to ground, which are, again, all critical when the security program is trying to respond to corporate leadership that has a visibility into a breach like this. So I think that is foundational.

And from there, the natural questions are, okay, where do we have visibility? Where do we have coverage? Where don't we have coverage? And making sure that organizations have, whether it's through increased asset coverage, coverage across the enterprise, coverage into unidentified assets as well as doing some of the prioritization activities so that high-risk vulnerabilities, risks, which are more likely to be -- vulnerabilities, which more likely to be exploited or being exploited out in the wild, that organizations can get on top of those and be a little bit more proactive with their securities.

So I think the short answer is, this could be a catalyst for increased levels of risk, cybersecurity risk management. And we think we're the primary platform to help enterprises do that. And so it could translate into increased business. But it's hard, we're still in the early period. So it's hard to look at that and then translate into -- this is what it's going to be and what the impact's going to look like as we enter the year.

And this concludes today's question-and-answer session. Ladies and gentlemen, I'd like to turn the call back over to management for their closing remarks.

Okay. I'd like to just thank everybody for joining the call and the insightful questions. We look forward to seeing you at the investor conferences that we noted earlier. And thanks for your time.

Thank you, all. This concludes today's conference. You may disconnect your lines at this time. Thank you for your participation, and have a great evening.