Cyberark Software Ltd

NASDAQ:CYBR

Good morning. My name is Aaron, and I will be your conference operator for today. At this time, I would like to welcome everyone to the Q4 and Full Year 2024 CyberArk Earnings Conference Call. [Operator Instructions]

And with that, I'd like to turn the call over to Sri Anantha, Vice President, Investor Relations. Sri, you may begin.

Thank you. Thank you, operator. Good morning. Thank you for joining us today to review CyberArk's strong fourth quarter and full year 2024 financial results. With me on the call today are Matt Cohen, our Chief Executive Officer; and Erica Smith, our Chief Financial Officer. After prepared remarks, we will open up the call to a question-and-answer session.

Before we begin, let me remind you that certain statements made on the call today may be considered forward-looking statements which reflect management's best judgment based on currently available information. I refer specifically to the discussion of our expectations and beliefs regarding our projected results of operations for the first quarter of full year 2025 and beyond. I also refer to our expectations and beliefs regarding the integration of Venafi and Zilla security into our operations.

Our actual results might differ materially from these projected in these forward-looking statements. I direct your attention to the risk factors contained in the company's annual report on Form 20-F filed with the U.S. Securities and Exchange Commission and those referenced in today's press release that are posted to CyberArk's website. CyberArk expressly disclaims any application or undertaking to release publicly any updates or revisions to any forward-looking statements made herein. Additionally, non-GAAP financial measures will be discussed on this conference call. Reconciliations to the most directly comparable GAAP financial measures are also available in today's press release as well as an updated investor presentation that outlines the financial discussion in today's call. A webcast of today's call is also available on our website in the IR section.

With that, I would like to turn the call over to our CEO, Matt Cohen.

Thanks, Sri, and thanks, everyone, for joining the call today. We are incredibly excited about the strong results we delivered in the quarter and for the full year 2024. Before I dive into specifics, I'd like to reflect on 2024 as a whole. This has been a truly momentous year of continued transformation and growth for CyberArk. By all metrics, it was an exceptional year, filled with major milestones to celebrate.

In 2024, we blew passed the $1 billion ARR mark, a milestone we are very proud of. And as you will see in a moment, we hit that milestone even without the successful contribution from Venafi. We also exceeded the benchmark of $1 billion in revenue for the first time. In 2024, we also demonstrated the inherent leverage in our business model, increasing our operating margin to 15% and we fired up the cash flow engine with $221 million in free cash flow in 2024. Putting these numbers together, we returned to being a Rule of 40 company, a place we know well, a year ahead of the playbook and the long-term targets we outlined at our 2023 Investor Day. The numbers as proud of them as I am, just begin to tell the story of 2024. This was also the year where our industry-leading platform and differentiated persona-based solutions began to truly drive the conversation among security teams and in the C-suite. We are speaking their language in solving their biggest problems.

Our solutions approach facilitate deeper relationships, bigger wallet share and the ability to design more strategic Identity Security road maps. In a world of escalating fear, brought on by increasingly sophisticated and relentless attacks, we are trusted because we, along with our partners, are always in it together with our customers, providing proven solutions and delivering demonstrable customer outcomes that they can trust to make them more secure.

As I reflect on the year, my excitement about the milestones we are celebrating is exceeded by my excitement for what I see ahead and the sheer potential in the market. What is clear is that Identity Security has reached a defining moment and CyberArk has established its right to win. Bad actors are placing identity at the center of their attacks and identity programs in the past are falling short of answering the call. The new Identity Security imperative is being driven by 4 security realities. We will discuss these 4 areas at our Investor Day in a little over a week, but I did want to preview them here as they help frame the opportunity ahead for CyberArk.

First, privileged access is now everywhere. The entire spectrum of identities can become privileged depending on task, target and even situation. This changes the game of how Identity Security solutions must respond. Second, the number of machine identities and the associated risks are exploding. Cloud computing increased regulations and changing standards and the very roll machines play in our rapidly evolving world means machine identities of all types need to be discovered, secured and automatically managed throughout their life cycle to avoid leaving organizations completely exposed.

Third, CISOs are overwhelmed by the sheer number of security tools and the integral nature of problems across access, PAM and IGA. As a result, they're looking to consolidate in order to decrease complexity to lower spend and, most importantly, to strategically scale and grow with a vendor they can trust. And fourth, securing against AI and the securing of AI are soon to be among the biggest challenges we will all face. AI makes attackers more efficient, more pervasive and ultimately more successful their targets, the identities we secure require more protection than ever. At the same time, AI is introducing brand-new identities in the form of the [ agenic ] workforce, that will quickly outnumber humans and just like every other identity will need CyberArk to be secure. When you think about these 4 market realities combined with CyberArk's leadership position, our trusted security first reputation and our strong ability to execute, which continues to make me so proud. As much as I enjoy 2024, you can understand why we are so eager to get started on the year ahead.

We have the leading Identity Security platform in the market, but we are not done yet, and remain focused on continuing to innovate and invest in our platform to meet the growing needs of the market. Earlier today, we announced the exciting acquisition of Zilla Security. This acquisition is a game changer for the identity governance landscape, addressing long-standing challenges that have hindered traditional IGA solutions. Legacy IGA are often slow to deploy, difficult to integrate, have limited integration with modern systems and are relying on manual processes. This leads to inefficiencies and heightened security and compliance risks in a modern world where identities are no longer static, but instead are dynamic and need access on the fly, the only way to efficiently and securely provision all these identities is with an automated life cycle management solution. In stark contrast to legacy IGA systems, Zilla's modern IGA SaaS platform was built from scratch to address today's digital environments characterized by an explosion of SaaS applications, decentralized management and identity-based security threats.

Leveraging AI-driven role management, Zilla automates the processes of identity compliance and provisioning, making governance easy, intuitive and all-inclusive for the modern enterprise. It offers the most complete set of integrations for both commonly used and custom SaaS applications. Compared to legacy IGA, Zilla can be deployed 5x faster complete access reviews with 80% less effort and enable faster provisioning with 60% fewer service tickets. For customers, this acquisition means faster time to value with a modern approach to governments that reduces operational complexity. By integrating Zilla's best-in-class modern IGA capabilities with the CyberArk Identity Security platform, we will redefine what's possible in IGA. Together, we will make the future of identity security smarter, faster and more effective than ever before. We are thrilled to welcome the talented Zilla team to CyberArk. Erica will talk about the transaction details and the financial impact later in her remarks.

As mentioned, Q4 saw the business continue to accelerate. Customers are navigating the risks of the threat landscape daily, and they understand that the traditional network perimeter has long been a thing of the past. In December, we were once again reminded of the severity of the threat landscape when a nation state attacker leveraged the critical vendor vulnerability to compromise the U.S. Department of Treasury. The attack came down to exploiting a vulnerability in software and ultimately stealing an API key, a type of machine identity to get into the support system, access applications and workstations and eventually [indiscernible] data. Not having best-in-class security controls across all identities is a risk that organizations cannot afford to take. Other vendors provide Zilla Solutions that are stitched together, which is both inefficient and ineffective. We provide a unified platform that empowers customers with complete visibility, automation and control to secure every identity human and machine.

Customers are increasingly deploying on and expanding across the entire platform, securing multiple identity groups and consolidating spend with CyberArk. All of our top deals in the fourth quarter had multiple solutions, and I want to share a specific example that illustrates how we are selling the entire platform. And our top deal from the quarter, a leading global professional services company went all in on CyberArk and decided to replace a competing legacy PAM vendor, but they did not stop there. They also secure machines with Secrets Management and the workforce across the entire solution, including endpoint, secure browser, MFA and SSO.

The real dealmaker for them was our SaaS platform scalability fast away ray of integrations, and most of all, are session management capabilities for modern PAM workflows in the cloud. This deal represents the strength of the platform on full display, and our powerful platform is the enabler that allows us to offer comprehensive persona-based solutions that align to the major Identity Group's organizations have today, the workforce, IT, developers and machines. These solutions are resulting in new customers landing with bigger deals and also accelerating our expand motion.

Let's take a very quick tour through each major identity group and how our solutions are winning us new customers and helping us expand our base. The modern workforce user requires seamless access anytime, anywhere from any device. The same user can become privileged based on their activity or system they are accessing. Core controls like MFA and SSO alone are not enough. Our protection of the workforce extends to the endpoint, the browser, passwords, secure web sessions and SaaS applications. Putting all this together, we have reimagined how to secure the workforce.

Solventum, a leading U.S. health care company had been a long-time TAM customer. Last quarter, they recognized the need for a modern workforce suite with our secure web sessions and Workforce Password Manager capabilities, setting us apart from the traditional access management competition. Seeing the outcomes that delivered, they quickly returned this quarter again to substantially expand their workforce footprint to all of their employees while also adding solutions to protect IT developers and machines.

Today, Identity Security programs for securing IT users need a modernized 0 standing privilege approach to PAM that extends beyond IT administrators and standing access. We must secure access for cloud administrators as well as shadow IT and vendors. These programs become a core part of our expand motion, a Fortune 500 pharmaceutical company who has been a long-term customer needed a scalable modern platform to secure and streamline multiple identity groups in its cloud environment. In a mid-6-figure ACV deal, they are protecting IT and cloud admins by implementing modern privileged controls. Zero standing access to modern cloud infrastructure and cloud environments is awesome mission critical to securing the most privileged human identity group in the enterprise to developers. If left unintended with always on access developer identities dramatically increased risk and expand the attack surface, our solution for securing developers offers the best of TAM without interfering with workflows and the pace of innovation. This is demonstrated another amazing deal from the quarter with builder.ai.

As a born in the cloud AI software and application development company, they understand the power of a unified platform to scale and innovate in a cloud-first world. With a focus on developers first, they chose the CyberArk Secure Cloud Access and a new logo deal that also covered IT in their workforce. Our momentum in securing machine identities continued in the fourth quarter, and we had our best quarter ever for Secrets Management. For the full year, Secrets was our fastest-growing solution on a year-over-year basis, followed closely by workforce. In Q4, we saw not only an acceleration in sequence management growth, but also a heavy double-digit increase in average deal sizes when compared to last Q4. We believe the success in Secrets Management is also an indicator of the market readiness for Venafi. Our performance on Venafi in the quarter speaks to this massive base opportunity in the machine identity security market with new customers as well as the large opportunity we have to cross sell into our base.

We are thrilled to see strong early traction, and I want to talk about 2 deals in particular that illustrate our early success with Venafi. The first new logo is a European government agency managing more than 40,000 certificates across operations. They needed a modern, scalable, automated machine identity solution and Venafi's largest ever deal in EMEA.

Next, I want to talk about a large European bank, who has been a long time CyberArk customers. This quarter, they enhance the protection of IT users with our enterprise solution and also added Conjur Cloud and Secret Hub, but they also added Venafi in a 6-figure ACV deal. As you can see, we also had great customer response in regions where there was previously little or no Venafi go-to-market presence, resulting in a record quarter for Venafi in EMEA. This early traction gives us confidence we can tap into the regional expansion opportunity as 1 driver the revenue synergies we expect to realize with a combined machine in entity go-to-market motion.

Our innovation in the machine identity market will not stop there. As I mentioned earlier, another topic customers are asking us about as it relates to machine identities is AI, and in particular, agentic AI and how this impacts their security posture. Historically, functionality like RPA, for example, required humans to write code for automation that mimic human behavior. When artificial intelligence evolves from generative AI and copilots to agents, with the autonomy to complete tasks on a user's behalf, they can create their own automation entirely. In other words, they receive and grant privilege, and in turn, the attack surface expands. Like humans, AI agents will need the right level of privileged controls. And just like any other identity group, they will need CyberArk.

We look forward to talking more about the agentic AI opportunity and the detailed plans we have in this area at the upcoming Investor Day. To sum up, I want to leave you with these 3 key takeaways today. First, the escalating threat environment and changing attack landscape places identity security at the top of the CECL priority list with a growing focus on securing all identities, and there is strong environment in what CyberArk offers to what the market needs. Second, our unified identity security platform is uniquely differentiated. Our solutions are designed to drive meaningful security outcomes. And with the addition of Venafi and now Zilla, we are expanding our leadership position in Identity Security.

And third, to go after this opportunity and win we have put all the right pieces in place to continue to outperform with best-in-class execution. We are solving real urgent problems for our nearly 10,000 customers globally. And as their trusted partner, as you continue to get more strategic with CyberArk. We are proud to reach the milestone of $1 billion in ARR and return to the Rule of 40 with our expanded profitability and cash flow. The best part we're just getting started. We look forward to seeing you at our 2025 Investor Day on February 24, and encourage you to also tune into the live stream as we share more about our amazing position to deliver another standout year in 2025 and beyond.

With that, I'll turn it over to Erica.

Thanks, Matt. Q4 was another strong quarter, capping off a great year. We exceeded our guidance and delivered against our strategic and financial targets. ARR reached over $1 billion, both with and without Venafi, we expanded our operating margin significantly, and we delivered record free cash flow. As Matt mentioned, we are again a Rule of 40 company, a full year ahead of our long-term framework.

As I walk through our results for the quarter, keep in mind that Venafi closed on October 1, and its contribution is included in our fourth quarter results for 2024, but is not in the comparable period in 2023. Annual recurring revenue exceeded our guidance, reaching $1.169 billion, including about $166 million in ARR from Venafi. Subscription ARR grew to $977 million, including approximately $161 million from Venafi and now represents 84% of total ARR. Our maintenance ARR was $192 million, including about $6 million from Venafi, which is from their base of recurring services.

Like-for-like, conversion activity remains a single-digit percent of our year-over-year ARR growth. Organically, total ARR reached $1.3 billion, representing net new ARR of $76 million. Organic subscription ARR reached $816 million, representing record net new subscription ARR of $81 million and maintenance ARR was $186 million. I wanted to point out that late in the fourth quarter, there were meaningful fluctuations in the euro and the pound, which created a $2 million headwind to total and subscription ARR. Total revenues significantly beat our guidance, reaching $314.4 million in Q4. That includes a contribution of approximately $47 million from Venafi, which also exceeded our guidance.

Moving on to the revenue lines. For the fourth quarter, recurring revenue reached $292.2 million, including approximately $43 million of recurring revenue from Venafi. Our subscription revenue reached $243 million and now represents 77% of total revenue. Venafi accounted for about $41 million of subscription revenue in the fourth quarter. Maintenance and professional services revenue was $66.4 million, of which about $6 million was from Venafi, and that was primarily professional services. I also wanted to summarize our organic performance for the fourth quarter.

Total revenue reached $267 million, growing 20% year-over-year. Recurring revenue reached $250 million, growing 24% year-over-year. Subscription revenue reached $202 million, growing 34% year-over-year. Maintenance revenue was $48 million and professional services was about $13 million. We also had a higher SaaS bookings mix. If we were to normalize for mix headwind, our total revenue growth would have been about 2 percentage points higher. The business remains geographically diverse, and we saw growth across all regions. Including Venafi, America's revenue reached $189.5 million. EMEA revenue was about $94.5 million and APJ revenue was $30.4 million. Organically, the Americas grew 17% year-over-year. EMEA grew 26% year-over-year and APJ grew about 19% year-over-year. We were thrilled to see the early momentum from Venafi across all regions and we are seeing strong pipeline growth in the Americas, EMEA and in APJ.

As Matt discussed, our persona-based solution selling continues to power our land and expand motion as customers move to secure more users and more personas. In the fourth quarter, we signed 346 new logos, bringing us to a 1,013 new logos for the full year. We also experienced a meaningful increase in the average deal sizes from new customers. In fact, our 3 largest deals in the quarter were 7-figure new logo wins. All P&L lines will be discussed on a non-GAAP basis. Please see the full GAAP to non-GAAP reconciliation in the tables of our press release.

Fourth quarter gross profit was $267.1 million or an 85% gross margin. Our organic gross margin is also about 85%. Our operating income was $58.7 million or a 19% operating margin, well ahead of our fourth quarter guidance. Our organic margin was about 16%, consistent with the fourth quarter of last year. It is important to note that our organic operating expenses in the fourth quarter do include some integration costs associated with Venafi as well as increased R&D investments in our machine identity solutions, which we believe will position CyberArk to capitalize on the combination of Venafi and Secrets Management. As you can see from our results, Venafi was accretive to our P&L in the fourth quarter right out of the gate. Net income came in at $40.4 million or $0.80 per diluted share, also ahead of our guidance.

For the year, I'm going to start by outlining our results, including Venafi's contribution for the fourth quarter. Revenue reached $1 billion, growing 33% year-over-year. We delivered an operating margin of 15%. For the full year 2024, we organically generated $954 million in revenue, growing 27% year-over-year. And our subscription revenue reached $692 million, growing 47% year-over-year and representing 73% of total revenue. We also posted an operating margin of 14% organically for the full year 2024, up about 10 percentage points compared to 2023. We ended December with approximately 3,800 employees worldwide, including approximately 400 employees from Venafi. We also had approximately 1,570 employees in sales and marketing at year-end.

Despite making meaningful investments in the business, as promised, at the beginning of 2024, we delivered leverage against each of our operating expense lines. Profitable growth remains a core tenet of how CyberArk operates its business. We generated record free cash flow of $221 million or a margin of about 22%. That includes the $15 million contribution from Venafi. Organically, we generated $206 million in free cash flow for the year, also a 22% free cash flow margin, a significant expansion compared to our 7% free cash flow margin in the full year of 2023. We ended the year with approximately $841 million in cash and marketable securities. That reflects the $1 billion cash portion of the consideration paid for the Venafi acquisition on October 1. It also includes cash proceeds of approximately $260 million that we received from the cap call associated with the convertible notes that matured on November 15.

As you can see, we continue to have a very strong balance sheet. I want to share some further details on the Zilla acquisition. CyberArk acquired Zilla Security for about $165 million in cash and $10 million in an earnout related to key milestones. As of December 2024, Zilla's ARR was about $5 million. They had over 125 customers, most of which are in the United States, and about 40 full-time employees. As Matt mentioned, Zilla brings unique modern IGA solutions to CyberArk, and we are thrilled to have them join our team.

Before I provide guidance for 2025, I want to remind investors that while we give qualitative commentary on Venafi's performance in progress, given our selling motion of machine identities we will not be able to break out the specific contribution from Venafi in our guidance or our results as we move through 2025.

Now turning to our guidance. I want to remind investors that Venafi only contributed to our fourth quarter and were not included in the comparable first, second or third quarters of 2024. For the first quarter of 2025, we expect total revenue to be between $301 million to $307 million, which represents 37% year-over-year growth at the midpoint. We expect non-GAAP operating income in the range of $42.5 million to $47.5 million in the first quarter. We expect our non-GAAP EPS to be in the range of $0.74 to $0.81 per diluted share. Our guidance assumes 51.3 million weighted average diluted shares. It also assumes about $7 million in financial income and a tax rate of about 23% in the first quarter.

For the full year of 2025, we expect total revenue in the range of $1.308 billion to $1.318 billion, representing 31% year-over-year growth at the midpoint of the range. We expect our full year operating income to be between $215 million to $225 million. We expect our non-GAAP EPS to be between $3.55 and $3.70 per diluted share for the full year. We expect about 51.5 million weighted average diluted shares. The guidance also assumes about $26 million in financial income and a tax rate of about 24% for the full year 2025. We expect our annual recurring revenue to be in the range of $1.410 billion and $1.420 billion at December 31, 2025, representing about 21% year-over-year growth at the midpoint. And our 2025 ARR guidance does assume about a $6 million of an FX headwind that we are also absorbing. While we do not guide to the pieces of the ARR separately, we expect maintenance ARR to continue to decrease as we move through 2025, with the largest sequential decrease in the fourth quarter.

Now moving on to cash flow. We expect adjusted free cash flow for the full year 2025 to be in the range of to $300 million to $310 million, representing 23% adjusted free cash flow margin at the midpoint. As we mentioned in the press release, this adjusted free cash flow guidance normalizes for an estimated $70 million onetime tax payment on the capital gain from the migration of Venafi SaaS IP to CyberArk's [indiscernible] entity, we expect to pay the tax obligation in the second quarter of 2025. We expect our capital expenditures to be between 1% and 1.5% of revenue in 2025.

To sum up, 2024 was a milestone year. We grew ARR 30% and revenue 27%, both organically. We also expanded our profitability from 4% operating margin and 7% free cash flow margin in 2023 to 14% operating margin and 22% free cash flow margin in 2024, that is the organic expansion. You can see from the fourth quarter performance, the acquisition of Venafi is not only strategic from a growth perspective, but it is also already accretive to our operating and cash flow margins. Our core business continues to post strong growth. And with the acquisitions of Venafi and Zilla, we have significantly expanded our total addressable market and our competitive moat. Our strong business and financial model is enabling us to deliver more than 20% growth and strong profitability and cash flow, which puts us among an elite group of not only cybersecurity companies but also the broader software market.

Before I turn the call over to the operator for Q&A, I do want to express my gratitude to Josh Siegel. He has played an instrumental role in CyberArk's growth and the company's execution, and he continues to be a mentor and friend to me. And with that, I'm going to turn the call over to the operator. Operator?

[Operator Instructions] Our first question is from the line of Saket Kalia with Barclays.

My question here, and congrats on crossing the $1 billion ARR Mark. I'll keep it to one, Matt, and maybe make it for you. Investors often think about identity as a series of different swim lanes where buyers seem to have sort of preferred vendors in each lane. CyberArk now is kind of competing in several of those swim lanes to really offer a pretty broad identity platform. Maybe the question is, where do you think customers are in their journey of thinking of identity as a platform versus a series of swim lanes?

Yes, it's a great question, Saket. I think we have to kind of look at it from 2 different angles. The first one is across all of these so-called swim lanes, the most important thing is having an integrated security posture that actually works. And customers are more and more looking for a partner, a vendor that can provide the trusted platform that actually allows them to secure their organization. And so that becomes part of the conversation with CISOs in the C-suite regardless of any swim lanes is how much can they cover with somebody that they trust.

I think there's a second element here, though, specific to the more modern environment. In the original world of identity from a decade ago, environments were very static. The on-prem environment, the kind of large heterogeneous data center, it was easier to be able to stand up stand-alone tools because they were going to persist with managing and securing kind of standing access and standing controls. The reality is in the modern environments of SaaS applications, cloud consoles, even hybrid IT environments, these spaces are incredibly dynamic, and customers need to be able to find the identities, understand the risk of those identities. They then need to be able to secure access to those indemnities and they need to be able to grant and remove the right level of entitlements from those identities.

And so when you're actually managing security around the SaaS stack or the cloud stack, there are no swim lanes. They're all integrated into 1 story of managing the full life cycle of those identities themselves. We see that with our customers. Our customers have been asking us to get deeper into the ability to be able to offer modern IGA, and we found this great, great opportunity with Zilla to bring them into our platform and build out our leading stack.

Your next question is from the line of Hamza Fodderwala with Morgan Stanley.

All right. Matt, another 1 for you. 2025 seems to be the year of AI agents. And agents, I think, in some ways, they are like machines, maybe some ways like humans because they can behave in somewhat nondeterministic ways. I'm curious why you think CyberArk with the roots in PAM and the machine identity platform that you're developing is in the pole position when it comes to securing AI agents?

Yes. It's a great question. I'm going to give you a brief answer now, and then I'm going to invite everybody to kind of come to the Investor Day in a week where we're going to be talking about this in much more depth. So since there's such a queue of people wanting to ask questions, I won't use too much of our time today. But the reality is this, you're exactly right. They're both machines, but they act like humans. And ultimately, they're accessing data information and infrastructure within organizations, and they're deterministic in nature, meaning they can be reinventing themselves and actually elevating privilege as they go. That is the very fundamental problem that CyberArk has been solving for decades. It's the core of our identity security platform.

And ultimately, when you take both the tools we offer around dynamic secure access on the human side, and the machine identity offerings in our solution set, you combine them together, we can actually take a agentic AI, take those agents themselves and make sure that they're secured as their privilege changes in a dynamic environment. Again, we'll talk a lot more about this next week. But as you can tell, I think it's an area that CyberArk really can capture.

Our next question is from the line of Rob Owens with Piper Sandler.

I was going to ask Erica to repeat all those numbers in hazier a little bit given this is our first quarter, but I think I'll given time, I'll ask Matt 1 here. Matt, if you look at the 3 largest deals that you talked about being new logo wins and the consolidation of identity that you're speaking to, can you just talk about how broad you're landing with these customers across products as you're seeing success with new logos?

Yes. Thanks. This was an exceptional quarter for our ability to be able to land broad with the full platform story. As Erica mentioned, our top 3 deals in the quarter and into Q4, right? So there are bigger deals were all new logos, and they really were full-scope deals, meaning we weren't just securing privileged access for IT. We were securing the workforce. We were securing machines, in a couple of cases, developers as well. there was an exponential increase in the size of those deals. And the reason was that Identity Security was so critical to where they needed to place their bets in the coming year that they didn't want to start with just 1 solution here or there. They actually wanted to partake of the full platform.

And we're seeing that more and more, not only in the big deals that I'm talking about, but throughout the whole stack is customers are saying, "I can't just do a human. I need to do machine as well" or "I can't just do IT. I need to figure out a way to really secure my workforce when they're accessing SaaS applications." And so these drivers, if you will, are increasing the deal size across the board. But in the new logo part of the business, particularly, it was really an exceptional quarter.

Our next question is from the line of Jonathan Ho with William Blair.

Let me echo my congratulations as well. I just wanted to dig a little bit into oil and the differentiation that you sort of talked about as well. Can you also help us understand how the solution aligns with your broader platform strategy?

Yes. Sure, Jonathan. And I think it's important to try to understand kind of legacy or traditional IGA versus modern IGA. And these big IGA projects that have been out there in the market, generally, they're about taking the kind of static IT population and making sure that we control their access basically as they granting access when people join, change roles or leave and managing their overall entitlements to the traditional heavy stack that sat in IT.

What happened over the last couple of years is the massive acceleration in the sheer number of SaaS applications and cloud consoles that organizations are giving access to. And you have to figure out in that new modern stack who is the owner of the application and what level of privileges and entitlement each user should have. So if I take an example for a second, think about Salesforce or Workday or ServiceNow. You have these users spread out throughout the organization. They're constantly joining their being granted access. They're changing roles. They need new access profiles and then eventually maybe they're leaving the organization, and that dynamic access needs to be at the entitlement layer that actually ensure security.

Too many organizations actually don't even know who the owner of the application is. And oftentimes, in addition to not knowing the owner, when they're granting access, they just say, what's the most likely equivalent role. So if it's Erica, for example, hiring a new employee, they'll assign the same level of entitlements or privileges to someone she's hiring because they happen to work in the CFO organization. That's a tremendous risk for an organization, and it's an unsolved risk in so many organizations in the modern stack and the modern area. So yes, there are strong traditional legacy providers we can sit right next to them and solve the modern problem, but solve it much faster, quicker with an AI-generated approach. And then in addition, there's a whole market, down market where people have not had to implement traditional IGA tools, and now they can actually approach it with a modern stack.

To your final point, Jonathan, it then gets integrated directly into our platform. So we're not just managing entitlements, provisioning and compliance. We're also able from the same tool to grant access and provide controls. And that integrated nature then creates a much more secure footprint across these modern environments.

Our next question is from the line of Shaul Eyal with TD Cowen.

Congrats on all fronts, Matt, Erica and the entire team. Matt, a number of U.S. cyber-related companies brought up some growing uncertainty as it relates to federal government spending given the incoming administration's views. It would appear this topic burns little impact when listening to the commentary and looking at results and guidance. Can you share with us what your customers are relaying to you in that respect?

Yes, sure. Thanks, Shaul. So listen, I think when we think about the federal space, obviously, there's some level of uncertainty as everyone tried to understand all the changes that are happening. But we're in a kind of enviable position in a couple of ways.

First of all, while global government represents about 10% of our overall ARR, but only half of that is in the federal government. Within that, we are spread out wide within the federal base, meaning we don't have any oversized agency or organization within the overall government. It really is a broad base of support that we have within the agencies and the civilian and on the defense side. That's helpful as well. And maybe most importantly, when you look at what we're able to offer, especially with our FedRAMP investment and our FedRAMP emphasis, is the ability actually to help the government save money by bringing in an ability to be able to have modern stack, modern software that actually requires less support, less individuals to be able to run.

The core, what we offer is not a nice to have. It's a must-have. But when we can do it more efficiently, more effectively on a lower cost, which is what we've been doing for years, it also creates less scrutiny in this environment. So we feel pretty good about the position we're in with respect to our federal business. We'll watch closely, and we'll let you know if anything changes. But as you said, it didn't have a meaningful play in how we looked at guidance for the year.

Our next question is from the line of Andy Nowinski with Wells Fargo.

Okay. First off, congratulations, Erica, on your new role as CFO, you're off to a great start. And maybe just a question for either you or Matt. I think you previously talked about Venafi ARR being able to grow in that 25% plus range, I think exiting 2026. But -- of course, we understand it will take some time to get that growth rate up to that level as you train your channel on it. But when you think about the mix of identifying your core business in terms of ARR in 2025, if we assume about or 190 from Venafi, I think that implies your core business growing around 22%. I mean, is that the right way to think about the split for this year as you scale the Venafi business?

Yes. I think, Andy, I'll jump in here. I think when you think about that split, it's a good way of thinking about it. But as we talked about in the prepared remarks, it's even hard today from a business perspective as we're looking through our planning to disentangle some of the Venafi contribution from the Secrets Management contribution because we're going to market with that as a full solution. And so it's a great framework for you to kind of think about the starting point for the year and for the business. But I think it -- as you think about that as the exit rate for the year, there will be some in mesh between Secrets and Venafi but certainly a good framing of that 20-plus percent growth on the core business for sure.

Our next question is from the line of Roger Boyd with UBS.

Great. Again, congrats on everything. I wanted to touch on maintenance there, which was, I think, [ Q-for-Q. ] And I know Venafi added some to that number, but even on an organic basis, it seems like the pace of conversions may be leveling off a little bit heading into 2025. So, would love any thoughts there? And I know you gave some color on expectations there, but any higher-level thoughts on how much conversion opportunity you really see left?

Yes. Thanks, Roger. We saw some conversion activity in the fourth quarter. I think those conversion deals oftentimes take some time to materialize. We do think that there's significant conversion opportunity in that base of $186 million of maintenance ARR. But I don't think you're going to see it kind of inflect, I think you'll see a healthy pace of that conversion activity and likely to pick up as we move through this year. But we certainly see lots of opportunity there.

Our next question is from the line of John DiFucci with Guggenheim.

Matt and team, this is another exciting acquisition here. it seems like now you have just about everything, identity of PAM, you have traditional workforce. You have machine and now IGA. But my understanding of machine identity, and I know it's sort of a newer area for a lot of us. Is that it's not as simple as 1 category, similar to human identity management and there's sort of a higher-level machine identity management which is what Venafi has always done. And then there's sort of a governance and administration layer that's really still evolving. It's sort of newly thought of. I guess first, is this accurate? And second, if so, would the acquisition of Zilla better position you to develop that governance layer for machine identities?

Yes. John, great question. And I think you're right, first of all, in thinking about it, the machine world is more complex than just machines. We talk a lot just in terms of machine types that we talk about workloads. We talk about devices, IoT OT, now we're going to be talking about agents. So you have multiple types of machines themselves. As we talked about, there's multiple types of identities, it could be certificates, it can be keys. It actually can go on and on and on there.

But as you said, then there's the layers, right? And I think if you have a machine identity solution in a whole, you need to be able to, what we call, observe, you have to find all these machine identities that are exploding. And you have to put them in context of the risk of those machine identities. You need to be able to secure access. That's a little bit of what Secrets does and certificate Lifecycle Management does as well. And across all of that, you need to automate the life cycle of it because constantly they're coming on just like humans, onboarding and leaving and you need to keep track of them as they go through.

So you are thinking about it completely right. We have a much broader portfolio across all of that than probably maybe some people understand between what we've developed organically with the Venafi acquisition and what they were already working on with the Secrets Management solution. And as you just pointed out, absolutely, Zilla capabilities can be applied over here as well as we build out the future of that complete machine identity security solution. But we feel really confident in our ability to be able to be an end-to-end just platform or solution on the machine side that covers all those areas you just described because they are important to making sure that we take control of the machine identity landscape.

Our next question is from the line of Adam Borg with Stifel.

Maybe just for Matt on the channel. Talk a little bit about the strategy and the plans for this year, not just overall, but also on the MSP opportunity, that would be great.

Yes. Thanks, Adam. I mean we see the channel as a special differentiator for CyberArk. You've heard us mention it even in the context of Venafi, where we say, hey, they didn't have much of a channel. We're going to turn our channel loose from that perspective. So we're continually enthused by the force multiplying effect of our channel itself. As you mentioned, MSPs are a big growth area for us. We saw that throughout the course of FY '24. We saw it in the Q4 results as well, where continually the MSPs are adopting more and more of our solution set and actually helping really us bring new logos into the portfolio, and it's one of the drivers of our strong new logo performance in Q4 and throughout the year.

So we do see MSPs as part of our differentiator moving forward. Our relationships with the SIs are deep and broad, and we continue to see them driving deals our way. And then as you see kind of the traditional resellers themselves are reinventing themselves into MSP providers and value-added providers in the market and our relationships continue to carry the day there. We were really, really enthused by the performance of our channel partners in generating pipe and ultimately in delivering results for us throughout 2024, but particularly in Q4.

Our next question is from the line of Ittai Kidron with Oppenheimer.

I appreciate it. Congrats on great numbers. And Erica, congrats on your first quarter, well done. I guess my question is going back to the guidance for the year, Erica. If you could give us -- you certainly have a few more moving pieces with Venafi and the acquisition you just closed of Zilla. So I'm trying to get my head around the potential for upside for you in the year. Last year, you ultimately delivered $25 million above the midpoint of our ARR. How do I think about your guidance build process this time around versus last? In what way is it different? And where are you giving itself a little bit more of a buffer room given the moving pieces? I appreciate it.

Yes, Ittai, thank you for the question. So as you think about our guidance philosophy that we have going into 2025, it's very similar from a guidance philosophy that we had going into 2024. We're not assuming any major changes in the macro environment from what we saw last year, and we're kind of guiding roughly to a net new ARR on an organic basis that looks similar to what we did in the prior year.

So I think from a business perspective, the guidance is a very similar philosophy from what we've had previously. I think certainly, when we think about the opportunity that we have with Zilla as well as the opportunity that we have with the Venafi acquisition, I think we've got to work hard to continue to get the execution machine and the integrations with Venafi are going incredibly well. We think that there's a lot of opportunity there. So guidance philosophy though hasn't changed at all.

Our next question is from the line of Matt Hedberg with RBC Capital Markets.

Congrats from me as well on all the milestones. From a go-to-market perspective, with Venafi for the whole year, could you give us a little update on how you're thinking about the go-to-market in terms of sales incentives kind of integrating the sales forces or having it be more of sort of like independent for a bit. But just a little more color on that would be helpful.

Yes, sure, Matt. So listen, I think we see just really strong momentum on the integration effort and the kind of sales alignment around Venafi. We saw it in Q4, it drove some outperformance. We see it in the early days here in Q1 in terms of the pipe build and the conversations we're having. The strategy is pretty simple. First and foremost, we've got 8,000 customers that we can go sell Venafi to, and we're going to go sell it right away. And so we want the traditional CyberArk AE to take the lead, open the door and have the conversation, and we've put the Venafi team into an overlay role where they can help support those conversations, come in and really make sure that we can deliver on the message of the importance of not only Venafi, by the way, but the complete machine identity solutions suite and some of the new packages that we come out with.

So it's actually really thrilled with how fast it's going. The channel partners continue to ramp on the back end. That takes a little bit longer, but we're starting to see some momentum there as well. And I think you're going to see that as we build pipe throughout the year. And then as we talked about, as the results start to kick in, in the back half of the year, but we've found that our traditional seller can go in position and sell incredibly effectively, the Venafi story. And as I've talked to you all before, the CISO conversation around Venafi is a meaningful conversation more so than I even thought when we made the acquisition. And it's going to drive, I think, the upside in the business as we look out past the building pipe phase and into the closing phase.

Our next question is from the line of Gregg Moskowitz with Mizuho.

I'll add my congratulations as well. I also had a follow-up on the channel because, Matt, we've been just hearing a lot of early enthusiasm from the channel around Venafi. With that said, how quickly, broadly speaking, do you think that your traditional CyberArk partners can really start to, first of all, put resources behind Venafi and then drive good cross-sell in addition to hopefully more new local activity as well.

Yes, sure, sure. Listen, I think just 1 comment again over on the opportunity here. The notion we talked about around volume, variety and velocity being driving factors that are making the machine identity market, really pivot upward, is what's out there right now. I mean, the machine identity landscape is just exploding. We got in deeper at the exact right time, and that ultimately leads to a level of conversation with the market that resonates. It resonates in the same way with our partners, as you mentioned.

Now it takes generally about 1 to 2 quarters to change your channel, it's then going to take somewhere around 6 to 9 months sales cycles because that's what we see on the Venafi side. I think they will start to have some real channel impact as we get towards the back half of the year, like we said before, and it will really accelerate into 2026 and beyond. I think we've already seen partners jump in and help us close some of those -- some of that business in Q4. So I think it's the flywheel is starting to kick in, but it does take a couple of quarters to actually get through your whole channel. And of course, again, a little bit longer sales cycles here of about 6 to 9 months, not longer same as CyberArk, but 6 to 9-month sales cycles before you actually close that business. But as you said, the reception is tremendous.

Thank you for your question. And ladies and gentlemen, that is all the time we have for questions for today. And to close that, I'd like to turn the call over back to Matt.

I want to finish here by thanking our employees all around the world for their hard work and dedication. I think this is a milestone moment for all of us here at CyberArk. As we passed the $1 billion mark in ARR, we deliver a rule of 40 year, 1 year earlier than we thought. And ultimately, we set the stage for the great, great year ahead. We welcome all of you in a week's time to our Investor Day, either in person or remotely, and thanks for joining the call today.