Varonis Systems Inc (VRNS) 2016 Q1 法說會逐字稿

Good day and welcome to the Varonis Systems Incorporated First Quarter 2016 Earnings Conference Call. Today's conference is being recorded.

At this time I'd like to turn the conference over to Staci Mortenson, Investor Relations, please go ahead.

Thank you, Operator, good afternoon. Thank you for joining us today to review Varonis's first quarter 2016 financial results. With me on the call today are Yaki Faitelson, Chief Executive Officer; and Gili Iohan, Chief Financial Officer. After preliminary remarks, we will open up the call for a question-and-answer session.

During this call we may make statements related to our business that would be considered forward-looking statements under Federal Securities Laws, including projections of future operating results for our second quarter ending June 30, 2016 and fiscal year ending December 31, 2016. Actual results may differ materially from those set forth in such statements.

Important factors such as risks associated with anticipated growth in our addressable market, competitive factors, including increased sales cycle time, changes in the competitive environment, pricing changes, and increased competition, the risks that we might not be able to attract or retain employees including engineers and sales personnel, general economic and industry conditions including expenditure transfer data governance and data security software, risks associated with the closing of large transactions including our ability to close large transactions consistently on a quarterly basis, our ability to build and expand our direct sales efforts and reseller distribution channels, new product introductions and our ability to develop and deliver innovative products, risks associated with international operations, and our ability to provide high-quality services and support offerings, could cause actual results to differ materially from those contained in forward-looking statements.

These factors are addressed in the earnings press release that we issued today under the section captioned, forward-looking statements and these and other important risk factors are described more fully on our reports filed with the Securities and Exchange Commission. We encourage all investors to read our SEC filings. These statements reflect our views as only of today and should not be relied upon as representing our views as of any subsequent date. Varonis expressly disclaims any application or undertaking to release publicly any updates or revisions to any forward-looking statements made herein.

Additionally, non-GAAP financial measures will be discussed on this conference call. A reconciliation for the most directly comparable GAAP financial measures is also available in our first quarter 2016 earnings press release which can be found at www. varonis.com in the Investor Relation section. Also please note that a webcast of today's call will be available on our website in the Investor Relations section.

With that, I'd like to turn the call over to our Chief Executive Officer Yaki Faitelson. Yaki?

Thanks, Staci and good afternoon everyone.

We're very pleased with our results for the first quarter. Both license and total revenues increased more than 70% year over year and we exceeded our guidance on both the top and bottom line. We generated broad based demand across the geographies we serve from both new and existing customers.

Total revenues for the first quarter were $30.5 million, an increase of 33% year over year. We're encouraged by the momentum we see in the business, protecting against the insider threat is a priority for companies of all sizes and they recognize that user behavior analytics is the key to detecting them. They strive adoption for Varonis because we apply user behavior analytics to monitor and protect unstructured data, the largest, most valuable, and most sensitive type of data in an organization and therefore the target of most cyber-attacks.

We continue to receive more attention from decision maker higher up in the organization and our solutions are critical components of a well sorted, well-funded security spending initiatives. Budget or the amount in dollars allocated from large security buckets like threat detection, SIEM, data loss prevention, privilege access management and identity in access management. As a result our pipelines are growing, awareness for Varonis is increasing and we see less friction in the sales process because buyers are more educated. While our model remained based on high volume and lower ASPs, both new and existing customers are making increasing commitments [for].

Demand for data protection and data centric user behavior analytics is strong. In fact DatAlert is the fastest growing license in Varonis' history based on the number of customers that have purchased it from its GA to date compared to similar time periods of other software licenses. We also see healthy demand for other products as customers realize they need to protect most of all of the file systems and stores of unstructured data.

We've capitalized on this increased interest and see returns on our investments. We've made to buy the awareness and adoption. For example, ever since February, our [book stock] was the highest it has ever been. Our insider threat complaints generate awareness in web traffic and our trial and demo request nearly doubled compared to Q1 last year.

We just kick off our worldwide Varonis Connect event, we expect to double the number of attendants from last year with customers particularly interested in DatAlert and now it addresses the ransomware and other insider threat. Our Q1 customer wins reinforced the value our products drive because of multiple use cases. For example, in Q1 new customer, Lexington Medical Center purchased DatAdvantage for Windows, Data Alert, and Data Classification Framework. The customer saw the value in our ability to identify sensitive data and prioritize the risk and exposure associated with it, as well as our ability to identify and evolve data owners. Given the proof of concept Varonis quickly became a top priority and we were able to help them catch and stop episode of Cryptolocker.

Additionally, we met with the CIO of Youth Sheridan Memorial Hospital, another new Q1 customer. His number one priority was to catch and shutdown ransomware. The hospital had invested a lot in security products, but he's confident that DatAdvantage for Windows, DatAdvantage for Exchange, DatAlert Suite and our Data Classification Framework will fill a huge gap in protecting unstructured data from the inside out. Not only will the hospital's data will be better secured, its IT department will benefit greatly from crisp visibility into accounts privileges, access activity and sensitive data.

In order to continue to drive and lead the market, we remain focused on innovation. We believe DatAlert's capabilities represent the most advanced analytics and predicted spread monitoring available to an organization: screen delays of data breaches, from supporting signs of consumer activity like Cryptolocker to cutting unusual activity on sensitive data. DatAlert quickly identifies insider threats that other technologies cannot detect. We continue to build on these capabilities and have just introduced new UBI Best Threat models, as well as new DatAlert user interface.

To keep customers ahead of the latest security development, our behavior research laboratory is continuously developing new threat models for DatAlert Analytics. These new threat models use sophisticated techniques to more quickly and accurately detect unusual file deletion, ransomware, abnormal lockout events and unusual access to ideal and sensitive data. We also introduced a new DatAlert user interface designed to help IT administrative and security experts more quickly recognize when their data is under attack, prioritize investigation, and take action.

This is just an example of the kind of innovation you can expect from Varonis as we further extend the functionality of the offering. It gets clearer through each quarter that Varonis plays an important role in the overall security and data analytic life cycle. And this generates interest from both technology and go-to-market partners. An important growth strategy for Varonis is to expand and strengthen our technology partner network. For example, we recently announced the relationship with LogRhythm where Varonis can automatically send alerts from Varonis DatAdvantage and DatAlert into LogRhythm's security intelligence platform.

This increased the speed and accuracy with which customers are able to identify, prioritize and investigate unusual user behavior surrounding unstructured data. We also signed an agreement with IBM where the integration of the Varonis Metadata Framework with IBM Storwize, with organization of all sizes managing [protectors] rapidly growing volume of unstructured data perform insider threat. We believe that our messaging [grades] on as well. We are taking advantage of the increased awareness around insider threat and user behavior analytics and the importance and vulnerability of unstructured data. Demand is positive and we will continue to capitalize on the Varison spend moving in our direction.

With that, I'll turn the call over to Gili.

Thank you, Yaki.

Total revenues for the first quarter were $30.5 million, an increase of 33% year over year. Growth was driven by healthy demand across the geographies we serve, strong execution on our lend and expense strategy and consistently high maintenance renewal rates at over 90%.

License revenues were $13.8 million. This represents a 36% increase from the first quarter of 2015. Our maintenance and services revenues were $16.6 million increasing 30% compared to the first quarter of 2015. Looking at the business geographically, we had strong growth in every region. US revenues increased 34% to $17.5 million or 58% of total revenues. EMEA increased 31% to $10.5 million or 34% of total revenue and rest of world increased 30% to $2.5 million or 8% of total revenues. We are executing on our two point strategy of broadening our relationship with existing customers as well as increasing new customer addition.

For the first quarter, we added 223 new customers. Existing customer's license and first year maintenance revenue contribution was 37% versus 36% in the first quarter of 2016. As of March 31, 2016, 45% of customers had purchased more than one product family, up from 42% as of March 31, 2015. This improvement reflects our focus in innovation and our customers recognizing that they need to broadly protect their unstructured data.

Before moving on to the profit and loss items, I would like to point out that I will be discussing non-GAAP results going forward unless otherwise stated, which for the first quarter of 2016 excludes the total of $2.6 million in stock-based compensation expense and $98,000 of payroll tax expenses related to stock-based compensation. Please note that the detailed GAAP to non-GAAP reconciliation can be found in the tables of our press release which is available on our website.

Gross profit for the first quarter was $27.1 million representing a gross margin of 89%, compared to an 88.1% gross margin in the first quarter of 2015. Sales and marketing expenses were $23.1 million or 76% of revenues for the first quarter of 2016, compared to $19.5 million or 85% of revenues in the first quarter of 2015. We're pleased with the leverage we were able to realize in this area during the quarter.

R&D expenses in the first quarter were $8.2 million, compared to $7.3 million over the last year. This reflects our ongoing investments in product development to expand our use cases, grow our total addressable market, enhance our competitive position and increase the value provided to our customers. G&A expenses were $3.9 million or 13% of revenues, compared with $3.4 million or 15% of revenues in the first quarter of 2015. Operating expenses totaled $35.2 million in the first quarter, compared to $30.1 million last year. As a result, our operating loss was $8.1 million for the first quarter, an improvement compared to an operating loss of $9.9 million in the same period last year.

During the quarter, we had financial income of $645,000 primarily due to foreign exchange gains, compared to financial expense of $1 million in the same period last year. As you know, foreign-exchange gains and losses can fluctuate. Our guidance does not consider any additional potential impact to financial and other increment expense associated with foreign exchange gains or losses as we do not estimate movement in foreign currency rates.

Our net loss was $7.6 million for the first quarter of 2016 or a loss of $0.29 per basic common share, compared to a net loss of $11 million or a loss of $0.44 per basic common share for the first quarter of 2015. This is based on 26.1 million and 24.7 million basic common shares outstanding for Q1 2016 and Q1 2015 respectively. We ended the quarter with 989 employees, a 15% increase from 863 at the end of the first quarter of 2015, an addition of 42 people from last quarter.

We are focused on adding people to deliver innovation and expanding self-capacity in order to drive growth while also focusing on scaling the business. If you look at the balance sheet, we ended the quarter with approximately $111.8 million in cash, cash equivalents, and short-term deposits. During the first three months of 2016, we generated $5.4 million in cash from operations.

Moving to guidance, for the second quarter of 2016, we expect total revenues of $36.2 million to $36.8 million or 24% to 26% year-over-year growth. We expect our non-GAAP operating loss to range between $4.3 million and $3.9 million and non-GAAP loss per basic common share of $0.17 to $0.16. This assumes a tax provision of $200,000 to $400,000 and 26.2 million basic common shares outstanding.

For the full-year 2016, we now expect total revenues in the range of $155.5 million to $158.5 million, representing year-over-year growth of approximately 22% to 25%. We now expect our non-GAAP operating loss to be in the range of $11 million to $9 million and non-GAAP loss per basic common share of $0.43 to $0.36. This assumes a tax provision of $800,000 to $1.1 million and 26.2 million basic common shares outstanding.

In closing Q1 was a strong start for the year, and we are pleased with the growing market awareness and adoption for our products. With that we would be happy to take questions you have. Operator?

Thank you.

(Operator Instructions)

And we'll take our first question from Matt Hedberg with RBC Capital Markets.

Hey, guys. Thanks for taking my questions and a strong start to the year. Yaki, you called out DatAlert early on in your the script, I think you said that's it's the fasting growing product in [GA] to date thus far. Can you talk about your ability to lead with that product, I mean, is that a product that will open doors for you, or is that primarily across the space (inaudible) at this point?

Hi, Matt. DatAlert it's a module, so DatAlert is working on top of DatAdvantage and it's just -- it's just tremendous opportunity for us. So what DatAlert does, it has threat models, which think about them like very, very bold signatures, and within these signatures we are doing very sophisticated machine learning to understand behavior. So we started 11 years ago, and we did a lot of machine learning to understand the correct access to data, and we [reversed] this technology to understand abnormal behavior. And in this threat environment, it's people understand that everything coming from the inside, logging employees, contractors or models that are coming in, and almost most of the time they are attacking unstructured data file system and active directory, and these are the pieces of infrastructure and information assets that we are protecting.

So we are coming in, and we call it no touch value, and without doing anything, we really detect any abnormal behavior from a brute attack, from a ransomware, to an ultra sophisticated attack from an administrator. So it just works very well, and just reduces a lot of friction in the sales forces. There is a lot of budgets allocated to it, and you're coming in, you are doing an evaluation in production data, and with not operational effort from the customer, we really detect and prevent the biggest information related security risks.

Your execution seems to be improving, and certainly over the last year. Could you talk about sales productivity, has that improved? You put a finer point on the [productivity] the consistency which has been quite refreshing recently?

Yes, it's -- we have more attentive sales people, which works well for us, and we really started to ramp up the sales force more aggressively after the IPOs, and just the overall productivity curve, we have more tenured people, this is one, and the other thing is just market condition. People understand what we do, we see more CIOs, and more CFOs, we see more and more audit committees that are mandating the IT organization to protect unstructured data. And so it's both. And more people that know how to sell Varonis, that we have a very specific play book, how we are doing it with the evaluation, and the market that is an order of magnitude, more attentive and more budgets allocated to insider threat and unstructured data protection.

Great, thanks a lot Yaki.

Thank you.

Next we'll hear from Raimo Lenschow with Barclays.

Hey, guys this is [Andrew Kisch] on for Raimo. Wondering, if you could talk a little bit -- it's clear that your products are helping customers deal with threats, but are you guys seeing any traction with breach response partners, who come in after threats have been found, and when people are thinking about how they can further secure themselves, and it becomes a high priority, are you getting traction in that area?

We are really getting traction from everything that is happening in the market. If somebody has a breach, and you want to understand what happens to files and emails, they are coming to us, because they want to have the audit trail. And after the breach you want to make sure that, you will - eliminating risks, so that people can access only the data that they need to access, and they also coming to us. But other thing that happens, and we are benefiting a lot is just, we start off with lot of emergency spending around security, but organizations and executives and still they can spend a lot of money and go nowhere.

So they are really looking at it and they're mapping their assets and they understand, what we need to do in order to really be protected. And what are the processes that the organization can digest, what is the analysis that we can do that make sense, if we have a breach, what is the fast way to solve it, we are really benefiting from it. We're benefiting from a very thoughtful awareness, and this works just very well for us, and we see a very good market pol from all of these things, from breaches, from a very thoughtful approach about data, and from just mitigating risk.

Great. And then, on the exchange product could you remind us, are you at a competitive disadvantage if people move that to be a SaaS or instead of on-prem, and if so are you seeing any disruption there?

No, it's the same, when they exchange with Microsoft will release all the systems causing the APIs, it's eventually will be exactly the same, and we are benefiting tremendously from the cloud. The cloud is huge for us, in the cloud you don't have any perimeter security. Anything that is protecting you is access control, auditing an abnormal behavior, when you put your data in 365 or in AWS everybody in the world know where the data centers are, and there you're much more exposed. So the cloud and the old cloud notion, when people think about the cloud, they think about security in a different way, and think about much more about information security, less about infrastructure security, and a bit less about network security. And this is something that the actual data in the cloud, and the actual thought process of putting data in the cloud is something that Varonis is benefiting from in a big way.

Great, thanks guys.

We'll move on to Srini Nandury with Summit Research.

All right, thank you for taking my call. Congrats on a good quarter. Yaki, can you talk about your C3 alliance, and now you're partner, along with CyberArk and whole bunch of a lot of companies. What data do you share, and how does this alliance work, I mean do you share the [tech and details] with each other and can you give us any color on that? I have a follow up please.

Yes, so it depends on the technology, but we're really exposing just a lot of API to make sure that we can integrate with the other security technologies, and to give a lot value to the customer. So if it's a SIEM solution, we send out events into the SIEM, and if you have a security operation, where they can see it in one dashboard, and if you see that there is any problem with data, immediately you can really understand from where in the network they accessed the data, and what are the devices so on and so forth. It's identity and access management, we can expose our APIs to be part of any access request. So it really depends on the technology, but the way we build our platform, that in a very easy plug and play way we can really integrate with almost any security product item.

Okay. Gili, you mentioned that you added 223 customers during the quarter. Can you give us some color on the distribution on the various geos please?

The geographies, it mentions the geography location of revenue. It's really the same, where our [high volume low is spaced], so we're not depended on region, or on any large deals, and the distribution is very similar to the revenue distribution.

Sounds, good. Okay, thank you.

Melissa Gorham with Morgan Stanley has our next question.

Thank you. Yaki, I just wanted to delve into the guidance a little bit more. So you're coming off a really nice Q1, with accelerating license revenue growth, but if I look at the full year revenue guidance, it does assume that there is deceleration starting in Q2, but into the second half of the year. Is that just typical conservatism, just given it's so early in the year, or is there something in Q1 that may be isn't replicable for the rest of the year?

No, we feel very comfortable, very, very comfortable about the business, but sitting at the beginning of the year, you just want to guide and set expectations that we can execute against, and this is the responsible way to guide. But coming from a strong Q4 into Q1, we see very good momentum in the business, then the business is working very well. There is an exceptional reception to DatAlert and everything that we are doing with behavior and machine learning, and the way that new customers receive the product, the [drag] effect of DatAlert on a platform, the time to productivity of new web, so we feel very very comfortable with the business.

Okay, great and then just following up on that, the point on leverage in sales and marketing. I'm just wondering to what extent is the ramp in channel perhaps contributing to better sales and marketing leverage? And can you just remind us the percent of sales coming from the channel today, and what you're making in terms of distribution investments?

We're always investing a lot in the channel, and most of our business we are doing through our channel partner, so this is the gradual process. But you know Melissa, what you see is just a -- we are executing well and the marketing is evolving and we own in this market. So it's just -- data security and insider threat becoming a top priority. You're really starting -- you open every newspaper and you'll see people talking about the insider threat in a much more granular way how to think about security, and how to run security with business, and it's really resonating very well with Varonis value proposition. We are hitting scale and we're becoming significant for our partners, and we have a more tenured reps.

So we just see a gradual process of us hitting scale, and a sales force that is more mature, and is a market that is coming to us. Organizations that understand, in order to be in business, they understand the consequences of breach, and the enormous contribution of solutions like that to the top line to protect your intellectual property and your customers and employees data.

And also a tremendous ally in your overall security investment. When you look at your risks and you look to mitigate them, deploying Varonis is really one of the first building block in a very sound and more so effective security strategy. So this is really what you see, you see many small things that we are doing right, and a market is coming to us.

Okay, great. Thank you.

Next we'll hear from Gur Talpaz from Stifel.

Great, thank you. So I want to dig a little bit further into insider threat and into user behavior analytics. Do you think the security value prop you're offering with these two things is sort of better understood by customers and resellers? And then maybe going one step further, both these topics are things that are covered by a lot of competitors, perhaps you could touch about the competitive advantage your platform has versus let's say the stream of competitors out there trying to play against the UBA and the insider threat theme as well?

Yes. I think what happens, and it explains very well for us, is that when you look at all of these breaches, when you look at a Snowden, that an administrator is changing permissions and reading files, or you are looking at WikiLeaks that started with way too much access, is accessing data that no one can monitor, and taking a lot of information, or something like Sony, that you have a malware that's running across the file shares and emails, and taking data it shouldn't have taken. It's everything is inside threats, so the market understand this very well. They also understand that, you really need very sophisticated machine learning, in order to detect and prevent these kind of breaches. The other thing is there are many log aggregations, seamlessly of any nature and data links, that it's a bit hard to get value from them.

So there is just not related to us. At this point there is just a (inaudible) fixed, and UBA companies that try to take these logs and makes sense out of them, and some of them are great companies. But you know you need data scientists and there are many false positive and it is very how to decipher these logs. What we are doing very unique, we sit between the use of an access to all the unstructured data.

We see it, we have visibility to active directory and all the unstructured data elements, and what we give you is very clear events. So we see if you have a ransomware that's going and creeping all the data. But we also see the administrators that gradually, at midnight or at 6 AM in the morning changing permissions for a folder here and folder there, and reading gradually the files, so very nuanced attacks, sophisticated attacks like that, we can also identify easily.

So it's really everything, and so we don't have a real competitor in this space. So it works very well is that everybody talking about the insider threats, and they help us create the market, and they also talk about user behavior analytics, the ability to use sophisticated machine learning in order to decipher enormous amount of data. And we come and we say, you can really understand what's going on with the logs and VPN and firewalls, but the most important thing is, who is touching the data, what they're doing, and very clear events with very low false positives. And really this is the first time for us in the last six months, that other companies are helping us to build the market, and they are not competing with us. So it's a great to benefit from other companies and marketing dollars and marketing efforts.

Makes sense, and you have also done a lot to simplify the messaging around your products. Have you seen that have any sort of positive impact in shortening the sales cycles, and if you couple that with sort of sales force maturity. Have you seen yourself sort of cross the chasm if you will, in terms of solution acceptance with potential customers?

Yes, I think Gur, what happened is just a lot related to market conditions. Early on, we're selling a lot of just things that's related to global events, and coming in and saying how many [SIEs], and in the last six months, I don't remember the time that we did an ROI, people understand the insider threat, and they are coming in, and you show them the risk and you don't need to talk about the lot of operational benefits.

They understand that in order to maintain edge, and be in business they need to be protected, and they need to protect the information assets. Perimeter security is critical, but very limited, and you need to -- really to protect the data from - to execute it from the inside out. This is how you need to protect the data.

So what happened to us, thankfully because of market conditions is that the market understands the need for user behavior analytics regarding the data, sophisticated machine learning, the ability to control all the file system unstructured data, active directory on-premise and in the cloud, so we can have a -- the sales motion becoming much simpler and more strategic. Enter by sales cycle always takes time, even the budget, you earmark, you define the budget, you're contacting, you need to build a consensus, but the sales force has become significantly more predictable, and so we have less friction in the sales forces. So what you see is a much more predictable sales forces, and the by-product of that is we can really sell in a much more targeted approach.

Great thanks, Yaki. Congrats on the quarter.

Thank you.

Next we will hear from Scott Zeller with Needham & Company.

Hi, thanks, good afternoon. The comments earlier Yaki, about cloud and you mentioned it few times, could you just frame out for us, how common it is for you to have deployments for cloud monitoring and cloud security projects versus on-prem?

So the lion share of unstructured data is still on-prem. The cloud is very small, and the cloud with unstructured data primarily 365, with Sharepoint Exchange and OneDrive, and also there are installations in Azure and AWS that are completely transparent to us. They just install the servers and they install Varonis too. So obviously the vast majority of the installations are on-prem, but we are also starting to monitor instances in systems in 365, and we have many customers that install our solution in Azure and AWS.

Yes, okay, and also could you tell us about the relationship with EMC, and if you've seen any change in their efficiency as a partner in the field, given the changes in the company?

At this point, we didn't see a change, they are a great partner, but another partner in ecosystem, and at this point we haven't seen any change.

Thank you.

Next we will hear from Yun Kim with Brean Capital.

Thank you, again congrats on another solid quarter. So obviously, Yaki, you're benefiting from the insider threat prevention market becoming a top priority in the security market. Can you at least qualitatively tell us, how much of your mix of business is coming from this type of a market or demand, or versus, are the more traditional markets driven by compliance projects and storage optimization projects and such?

It's both, but definitely this threat is in every campaign. So even if you are talking about, even its PCI compliance or server consolidation, everybody is starting to be very much worried about the insider threat, and I think that it is a gradual process. It will not -- be top priority for everybody over night, but I can tell you that we can really measure the net worth of the market and unsteadiness of the market and C-level attention on the progress on a quarter by quarter basis. So I will tell you that the overall threat environment and threat mitigation is just part of every sales campaign today.

Okay, for those deals that are driven by insider threat prevention, is the ASP on those deals similar to your overall average ASP or is that a little bit higher or lower?

I think the ASPs stay the same. I think what is very interesting with our business is the overall customer life time value, because they want the product on more platform. When you sell it for more governance and compliance at times, you can go silo platform with platform, but when you really think about detection and insider threat, relatively faster you want to spread to all the systems. So I think it's going to have a very good impact on overall customer life time value, and we bring new customers every quarter, and new good logos and in the right size, and I think it is showing our future.

Okay, great. Gili, maintenance and services revenue show a strong sequential growth which is consistent with your prior year trend. But can you explain or remind us the dynamics behind the sequential growth from Q4 to Q1, and are you seeing any uptick in professional services business especially as it relates to the insider threat prevention deployment? Thanks.

So professional and services continues to be a single-digit percentage of our revenue. We don't see any significant change in the volumes of our professional services. And maintenance continues to be a very strong business for us, mainly because of renewals and also because we have a good volume of new deals with license, but the renewals are very strong over 90%, and it's a very good business for us.

Okay, great. Thank you so much.

(Operator Instructions)

We will hear from Michael Kim with Imperial Capital.

Hi, good afternoon guys. Just wanted to expand on the new customer acquisitions, and some of your new technology integrations. Are you starting to see increased leverage in to some joint customers, and was a portion of 223 new customers, through or in partnership with vendors like Logarithm?

What we see, is that we can add more value to our customers, and the way it really works to understanding the context of the sales motion, if you have a SIEM and you don't have our events, I think that they rate somewhere where SIEMs are a -- you find less than 1% of breaches with the SIEM. If you sit on the data, you can find close to 100% of the breaches, so that's related to this the data set you're monitoring.

So really the way to work, if you already have a SIEM, we will integrate and without changing any processes, you can capitalize in a huge way on the investments that you've already done. So just for us, it's just to make sure that we can add more value to our customers, and really integrate flawlessly any technology, that hitting a critical mass in the marketplace. But this is not for going to market, together with them is for us and our partners to add more value to our joint customers.

And can you remind us if you've integrated most of the larger SIEM platforms, whether they're Splunk or HP or IBM?

Yes, in most of them.

And then lastly, with the escalation in ransomware attacks, are you starting to see a lot more inbound inquiry from customers who are increasing concerned about attacks, or have already been attacked? And is it primarily in the healthcare vertical, or are seeing in additional areas as well?

It's across the board, we see definitely, we see a good traction with web leads, the reason is -- we're looking to find something to be protected against ransomware, but it's across all verticals. I know that the -- in the news we saw many hospitals had got hit with it, but it's everybody, ransomware, now it's a plague.

Great, thank you very much.

Next, we'll hear from Greg McDowell with JMP Securities.

Hi, thank you very much. Hi, Staci. Hi, Yaki. I have a quick question about the net new customer adds. Yaki, you've talked about Eric Mann and when he joined as COO, bringing much more enterprise focus to Varonis and selling to much, much bigger companies. So I was just wondering if you're starting to see a mix shift in the net new customer add number, and if it's sort of in line with where it's been historically, or if you're just seeing a lot more enterprises joining the Varonis family, if you could just comment on that? Thanks.

Our main focus is customers between 1,000 to 10,000 users, because we just see that they're very attentive. Obviously, we want us to sell to very, very big enterprises, but it's just -- they're more complex enterprise, and sometimes it can be a zero sum game. So we have tremendous market, everybody that files and emails are important to me as a potential Varonis customer, and we gradually shift our focus to customers that are a bit bigger -- that have a with more governance, and a lot of data is still with third party.

But it's just a natural evolution of just a market that is shaping up, but it's very important for us to benefit from the units of economics. You see how many customers we win. We have 4,550 customers, if we come and just [go in a big] markets, and many of our new customers come from references from a growing base, and we're selling to the base. So we're always looking for the largest deal that is most predictable, and a very good customer life time value, and to benefit very well between quality and targeted approach and volume.

Thanks, and one quick follow-up for Gili. Gili, you mentioned that the leverage on the sales and marketing line. And as we sort of fine tune our models for the rest of the year, I was just wondering maybe other points of leverage by line item, and just maybe how we should be thinking about the leverage in the model for the rest of this year, and where it's going to come from? Thanks.

We delivered leverage in the quarter, and we expect to continue to do so. And we're flowing through there a healthy portion, most of the [rate] Q1 be to the full year, but we're also giving us some flexibility to invest. It's a huge market opportunity, and we're going to change the way we think about hiring and in investment, we continue to invest both in our sales force for future growth, and also R&D for product development. And as always, we are balancing between investing in the business to capitalize on the business momentum that we see, and we're also taking steps toward profitability. We know how to run a profitable business. We did it in the past and we have a very -- a lot of earning power in the model. So as you saw before, we'll keep balancing between these two areas of investing, and also getting profitable over time.

Thank you.

That will conclude the question and answer session. I'll turn the conference over to Mr. Faitelson for any additional closing comments.

Before we end the call, I would like to thank our employees for their contribution to our success this quarter, and all of our customers and partners for their continued support. Thank you all for joining us today, and we are looking forward to speaking to you again soon.

This concludes today's call. Thank you for your participation. You may now disconnect.