Qualys Inc

NASDAQ:QLYS

Ladies and gentlemen thank you for standing by and welcome to the Qualys’ First Quarter 2022 Investor Call. [Operator Instructions]

I would now like to hand the conference over to your speaker for today, Blair King, Investor Relations. You may begin.

Thank you, Tamada. And good afternoon and welcome to Qualys’ first quarter 2022 earnings call.

Joining me today to discuss our results are Sumedh Thakar, our President and CEO; and Joo Mi Kim, our CFO.

Before we get started, I would like to remind you that our remarks today will include forward-looking statements that generally relate to future events or our future financial or operating performance. Actual results may differ materially from these statements. Factors that could cause results to differ materially are set forth in today's press release and our filings with the SEC, including our latest Form 10-Q and 10-K. Any forward-looking statements that we make on this call are based on assumptions as of today, and we undertake no obligation to update these statements as a result of new information or future events.

During this call, we will present both GAAP and non-GAAP financial measures. A reconciliation of GAAP to non-GAAP measures is included in today's earnings press release. And finally, as a reminder, the press release, prepared remarks and investor presentation are available on the Investor Relations section of our website.

So with that, I'd like to turn the call over to Sumedh.

Thank you, Blair. And welcome, everyone, to our first quarter earnings call.

Building on our momentum, we are very pleased to report a good start to the year reflecting another quarter of continued revenue growth acceleration and strong cash flow generation.

Beyond these headlines are several encouraging market trends and notable business highlights. Strong market dynamics and continued competitive differentiation are fueling our growth. We believe the continued increase in the attack surface coupled with the growing concerns over cyberattacks like ransomware and cyberwarfare is pushing organizations around the world to shed outdated, siloed, security and compliance systems and move to integrated security platforms to reduce their risk and response time as they future proof of their security architecture.

Qualys researchers recently conducted a study on the widespread Log4shell vulnerability, which included analyzing millions of assets and trillions of datapoints indexed on our platform highlighting the complexity of the current threat-landscape. Not only did organizations have to immediately assess their asset inventory and get a real-time view of their own and third-party vulnerable software but also had to move at lightning speed to patch and mitigate the issue in matter of hours.

Our study showed that organizations took an average of 17 days to remediate this vulnerability leaving them vulnerable to attacks during that period. At the same time, they also had to monitor their assets for compromising attempts and respond without delay. Qualys Cloud Platform’s unified approach of bringing asset inventory, vulnerability detection, patch management and EDR together into a single agent was greatly appreciated by our old customers in helping to reduce their exposure significantly compared to a siloed toolset approach with multiple point solutions.

Additionally, as shown in the study encompassing more than 150 million scans globally, over 50% of vulnerable Log4shell software was also end-of-life, again highlighting the strategic visibility provided by Qualys’ integrated Cybersecurity Asset Management capability that allowed our customers to understand their technology depth and its impact to their security for proactive risk reduction.

We believe we are uniquely positioned in this market with our ability to provide innovative, comprehensive and integrated products using a single agent approach for speedy detection and response. Given the opportunities ahead, we continue to prioritize investing in our business, especially building our go-to-market team, where we expect to see double-digit growth this year despite the challenging hiring environment given the tight labor market.

In Q1, Cloud Agent subscriptions grew 26% year-over-year to 77 million purchased over the last 12 months. There was a steady adoption of our Vulnerability Management, Detection and Response, or VMDR, solution, which is now deployed by 40% of customers worldwide. These results continue to validate our security consolidation approach and the power of a single agent as customer's transition to VMDR.

Our growth this quarter speaks to the commitment customers are making to the Qualys Cloud Platform. The customer stories I will share with you today underscore our success with customers of all sizes in their respective journey to uniquely unite asset inventory, threat detection and prevention onto a natively integrated cloud-based platform to remediate vulnerabilities much faster than alternative solutions.

I’ll start with an existing U.S. based Fortune 200 customer, who entered into a new agreement with us to expand their VMDR and Patch Management deployment while adding Cybersecurity Asset Management capabilities spanning on-prem, cloud and container environments. Their ability to significantly enhance their security program with high quality asset context, CMDB integration, alerting and accurate response capabilities on a single integrated platform stood out among several competing solutions in the market today.

The next example is of a new customer that started with Cybersecurity Asset Management, VMDR, Patch Management and Multi-Vector EDR, as part of a strategic initiative to transform its IT security architecture. This customer chose Qualys because we offer the only security and compliance stack available in the market today that utilizes a single agent to enable full asset visibility and context aware mapping to prioritize vulnerabilities, proactively reduce technical debt, automate patching and continuously monitor endpoints to defend against future Malware and Ransomware events across multiple environments.

Finally, in another new logo win, a Fortune 1000 customer selected VMDR along with Patch Management. This customer consolidated two vendors to significantly reduce complexity and legacy IT costs while uniquely leveraging automation in its security and compliance operations. The speed of vulnerability detection and remediation capabilities leveraging a single agent and unified dashboard were critical factors in its purchasing decision. This is also a good example of how we are benefiting from the investments we’re making to on-board new channel partners to win new business opportunities.

We believe these new wins and expansions illustrate that our natively integrated cloud-based platform and single agent approach is increasingly resonating with customers ready to rearchitect and consolidate their security stack. Leveraging our technical leadership, we are also better partnering with our channel as part of our go-to-market initiative. In fact, we recently launched new partner programs designed to further drive our new business and logo wins worldwide.

As I’ve said before, our goal is to remove friction for customers to make product expansion simple and hassle free. A customer who may currently use only VMDR has the ability to trial and adopt our other applications at a click of the button.

Executing well against this agenda, we recently introduced our next major upgrade to our Multi-Vector EDR solution. This natively integrated solution on the Qualys Cloud Platform further leverages our single agent approach for enhanced threat hunting and risk mitigation capabilities. Unlike traditional EDR products focused on detecting threat activity on the endpoint after the threat has already landed, Multi-Vector EDR 2.0 unifies multiple context vectors, including asset criticality, vulnerability and system misconfigurations associated with threats, as well as patching to reduce mean-time-to-respond.

We are pleased to have completed the most recent MITRE ATT&CK evaluation for the first time, shoulder-to-shoulder with existing EDR players and more specifically achieving impressive results. We believe that for existing customers already utilizing our VMDR solution, the added capabilities of Multi-Vector EDR 2.0 will uniquely reduce the volume of incidents, extend prediction and prevention capabilities and further strengthen our customer's cyber resilience. I'm also very pleased by the early adoption of this product from a handful of customers since its introduction in early April, and excited by the positive feedback we're receiving for the new update.

Looking ahead, as a leader in security and compliance solutions we continue to invest in the Qualys Cloud Platform to further differentiate our automation, detection and response capabilities. More specifically, we'll expand on our robust capabilities in cloud, container and ICS/OT environment to further strengthen our competitive differentiator as customers increasingly move applications to cloud and container environments.

In summary, we are delivering solid financial results and building strong business momentum in the market as companies uniformly recognize security transformation is fundamental in combating today's heightened threat environment. As a result, customers are increasingly looking to reduce their risk exposure through the adoption of a natively integrated security platform instead of relying on a collection of disparate point solutions. We believe that with our organically integrated cloud-native platform built to solve modern security challenges, Qualys is uniquely positioned to capitalize on this long-term, sustainable trend and drive shareholder value.

With that, I'll turn the call over to Joo Mi to further discuss our first quarter results and outlook for the second quarter and full year 2022.

Thanks Sumedh, and good afternoon.

Before I start, I'd like to note that except for revenue, all financial figures are non-GAAP and growth rates are based on comparisons to the prior year period, unless stated otherwise.

We're pleased to report continued organic revenue growth acceleration and strong profitability as reflected in the following financial and operational highlights. Revenues for the first quarter of 2022 grew 17% to $113.4 million, up from 12% growth in the year ago period. We saw continued success in our land-to-expand engine with a healthy cross and up-sell performance driving an increase in our year-over-year and sequential net dollar expansion rate, which was 110% in Q1, up from 108% last quarter and 103% a year ago. Our LTM average deal size continued to increase for both new and existing customers with total average increasing by 17% in Q1, same as LTM growth in Q4 and up from 5% LTM growth a year ago. With accelerating demand for security transformation solutions and our strengthening market position, our Q1 LTM calculated current billings grew 22%.

We believe the investments we've made in platform innovation and our single agent approach have enhanced our value proposition with customers and helped drive bookings growth over the past several quarters. This quarter was no different, and we're excited by the continued adoption of VMDR with total customer penetration now at 40%, up from 36% last quarter and 24% a year ago. And continued adoption of Qualys solutions increased large customer spend with 128 customers spending $500,000 or more with us.

This represents 17% growth from the year ago period. We attribute this success to our innovation strategy, having resulted in strong product differentiation and market position. Our investments in building a unified cloud-based platform clearly resonating with customers. CIOs and CISOs are increasingly looking to phase out legacy point solutions in favor of a consolidated security and compliance platform due to increasing cybersecurity risks. The speed at which critical vulnerabilities are weaponized and increasing importance and priority of digital transformation initiatives.

We remain focused on building a long-term business with durable growth and industry-leading margin. As a result, our scalable platform model continues to drive superior margins and significant cash flow. Adjusted EBITDA for the first quarter of 2022 was $54.3 million, representing a 48% margin; EPS for the first quarter of 2022 was $0.89; and our free cash flow for the first quarter of 2022 was $71.4 million, representing a 63% margin. We believe we can continue to generate attractive levels of free cash flow, while continuing to invest in the business.

In Q1, we continued to invest the cash we generated from operations back into Qualys including $7.6 million on capital expenditures and $46.6 million to repurchase 368,000 of our outstanding shares. We're pleased to announce that our Board has authorized an additional $200 million increase to our share repurchase program. The resilience of our sustainable and scalable business model has been proven over time as currently demonstrated by our continued strong earnings and cash flow generation at this time of uncertainty and volatility.

Leveraging our excess cash to continue to return capital to shareholders will allow us to mitigate our share dilution and drive shareholder value. Including $225 million remaining as of Q1, this provides approximately $425 million in share repurchase capacity. The weighted average diluted shares outstanding in Q1 was 40 million, down from 40.4 million last year.

Shifting now to guidance for the second quarter and the rest of the year, our strong start to the year continues to bolster our confidence in both our strategic agenda and business environment. And with current opportunities ahead, we continue to believe this remains the right time for us increase our spend with an emphasis on Sales and Marketing to support long-term growth in the business. As I've said before, this investment strategy is not about just adding headcount. We're equally focused on enhancing our channel, accelerating digital marketing initiatives, expanding product management capabilities and other sales support functions to further enhance both our value proposition with customers and mid-to-long term sales productivity.

Building off our strong start to the year, we are raising the bottom and top end of our revenue guidance for the full year to now be in the range of $484 million to $486.5 million, representing 18% growth. This compares to prior full year revenue guidance of $482 million to $485 million.

In terms of profitability, balancing a tight labor market with our anticipated investment for the year, we are raising our full year EPS guidance to now be in the range of $3.13 to $3.17 from the prior range of $2.87 to $2.92. This revised guidance implies EBITDA margin in the low-40s with the timing of our investments to be more back-half weighted. For the second quarter, we expect revenues to be in the range of $117 million to $117.8 million, which represents a range of 17% to 18% growth. We expect EPS to be in the range of $0.78 to $0.80. Our planned capital expenditures in Q2 is approximately $5.5 million to $6.5 million and for the full year 2022, we continue to expect investment in the range of $25 million to $30 million.

In conclusion, as we look to the balance of this year, we remain excited about our opportunity to drive durable top-line growth on the back of a large and growing market opportunity while leveraging our highly scalable model to maintain industry-leading profitability.

With that, Sumedh and I are happy to answer any of your questions.

Thank you. [Operator Instructions] Our first question comes from the line of [indiscernible] with Wolfe Research. Your line is open.

Yes. Hi guys. Thanks for taking my questions. I just wanted to kind of start off on the hiring trends. Are you guys – are you guys still on track to meet the targets that were baked into the guidance you get at the end of Q4? And I guess I'm asking because you mentioned investments will be back half weighted this year. Is that by design or is it just because you guys are kind of maybe behind schedule on some of those investments?

I think we're seeing the same market challenges that everybody else is seeing from hiring perspective in the current environ meant. But we've been really focused on building out our leadership team, which now has really given us the ability to attract the right people in our sales and marketing – I think our sales and marketing we'll talk more about that. We have made progress. I think what we are looking forward to doing is really continuing that focus on hiring so that we can continue to build out the preliminary I look forward to having back in the second half of the year.

Yes. To follow-up we remain very confident in our ability to execute and drive growth. In terms of the investment it is by design and we knew from get-go that the investments will be more back half weighted. On the hiring spot we are still targeting growing the sales and marketing head count and double-digit as we communicated last quarter.

Very helpful. And then just a quick follow up, obviously awesome outperformance and free cash flow in the quarter. Can you maybe just give us some additional guardrails? It's just how we should think about margins and how they should trends for the rest of the year?

Yes. In terms of our margins what Q2 in price is EBITDA margin in the low-40s based on the non-GAAP EPS guidance, and so the first half it'll be in the – in the low-40s versus the second half, it will probably a bit below the 40%. So ending the year in the low-40s is what we're projecting.

Thank you very much. Appreciate it.

Thank you. Next question comes from the line of Trevor Walsh with JMP Securities. Your line is open.

Great. Thanks for taking my call. A quick question around the new partner program that you rolled out. Can you give us maybe a little bit more context to the impetus for that was it feedback from the partner community? Was it maybe a hedge around kind of if some of the hiring on of direct sales maybe doesn't come through that? You kind of have that as a back-up. Can you just give us some more context, there would be great?

Yes, yes. Sure. We really got a lot of feedback from the partner community as in we've hired an SVP focused on partnerships. Really who's been working with our partners and understanding from them how we can actually take the platform that we really believe is superior and the ability for us to take that and figure out with our partners what would in a relationship that's beneficial to them and beneficial to us.

And so with a lot of feedback, we've done a sort of a new partner program with working with different types of partners and then review – done an early review with them. And we've gotten a lot of positive feedback, but we do feel that we can leverage the relationships that the partners have with some of these organizations. And then of course with the capabilities of the platform that is something that we feel that we can focus and leverage our partners to really focusing on the business global growth, right. So being able to leverage their relationships and then figuring out the right go-to-market with them is really the direction that we're taking now.

Great. Awesome. And then maybe one more if I can, on – for the new Context XDR role out, I maybe have missed it, but in just – in some of the messaging that I'm seeing for the network layer telemetry, are there any – are you looking to maybe partner with different providers or other vendors to get that that piece of the puzzle? Or maybe doing that more organically with your own tool? Where do you see that kind of coming through like that that piece of Intel as far as again, that that network layer piece?

Yes, that's a great question. And Context XDR really is about two-main things. One is the organic sensors that call platform already are building the combination of active scanners, API connectors in the cloud, our agents and we also have passive network sensors that are part of our platform that are providing that network telemetry back to our platform. However, one of the things with Context XDR that we have done is in addition to bringing all the Context that our platform is already collecting across the Board from an inventory involved given risk perspective. We also expanded the ability for us to collect network telemetry and other types of log data from multiple different partners as well, so that we can provide a more comprehensive visibility in helping customers sort of reduce the number of things that they have to put together to get the context, when they're looking at incidences are happening in their environment. And so this sort of gives that ability for them to leverage the Qualys sensors for collecting network telemetry where it makes sense. And in other cases if they already have deployed some other network vendors, we can also take the data from them and then provide the analysis on our platform.

Great. Thanks a lot. Appreciate the questions.

Thank you. Next question comes from the line of Joe Fisher with Truist. Your line is open.

Thank you. I just had a quick follow up to that. Now that Context XDR is in GA. Can you give us a little bit of color around how it's been tracking and how that space is actually developing for you guys?

Yes, I think we feel good about the direction that Context XDR is taking as we have with any other new product launches. We are working closely with a few early adopters and getting additional feedback from them and we're going to continue to enhance those capabilities. Similar to what we've done with EDR as well, and we look forward towards – through this year to continue to increase that adoption of that and getting feedback from the customer and this sort of a unique approach to bringing that Context with base XTR.

Great. Thank you.

Thank you. Our next question comes from the line of Hamza Fodderwala with Morgan Stanley.

Excellent. This is actually Keith Weiss sitting in for Hamza. In your prepared remark you talked about the heightened threat environment and in particular the conflict in Europe driving sort of better demand signals. I wanted to just sort of clarify is that something you guys are seeing in your business today that you think that's actually sort of drive sales or is this just something a broader kind of the environment remains very good, kind of for the overall spending in security, but it's not as direct of an impact? So that's kind of the number one question.

And then on the broad – the broader platform, really nice kind of penetration trends in VMDR. It looks like its driving really nice growth for you on that consolidation play. Can you remind us like how high you guys think that penetration should get? Is there a theoretical kind of maximum of where VMDR customer penetration would go?

Yes, I’ll take the first question. I think great question. My comments around that are really about the environment and not necessarily about the direct demand as we we've talked about this in the past as well. Our customers tend to look at these events when they happen more holistically in terms of being a step back to see what kind of security program do we need to be able to do to avoid those potential expense like this. And so it's really what we are seeing is conversations happening with our customers as I highlighted in some of the data points in the study that we did that even with everybody all hands on deck for something like [indiscernible] it is taking an organization a long time to mitigate and patch severe, critical vulnerabilities that are being actively exploited.

And the conversations with customers are more broadly about what kind of security stack consolidation potentially needs to happen so that they can reduce that time, reduce that exposure window, leverage more automation. And having siloed solutions, or having vendors who provide five, ten different platforms as part of their overall offering, is not really helping them reduce that time to remediate.

And so, what is encouraging really is that conversation that we see, which is understanding the customers are having and pushing forward to looking at platforms like Qualys that are consolidating multiple capabilities. Obviously, we see the new business examples that we gave this quarter, last couple of quarters we are seeing when we're getting customers come in, they are looking at more of an architecture, overall architecture, rather than looking at how can I get another tool that is just giving a big list of CVDs [ph] that I have to go figure out what to do when trying.

Right.

How do we make sure that they are actually able to remediate those fairly quickly and release their exposure? And that's the conversations that we are having because in that environment, you see the risk there is it's a different award because the organization has to protect themselves from [indiscernible], nation, state, and cyberattacks at their own expense. So when they are looking to do that, they are looking to say, how do I create a good stack that is modern and then actually can help you provide much more real time visibility and remediation capabilities.

Got it. That's super helpful.

And to your second question on a VMDR penetration, it's been trending nicely up to 40% right now. I think that there is definitely more room for us to increase that penetration. But historically our customer base has been such that anywhere, between 55% to 70% have had VM solutions. And so I think that definitely we can see VMDR penetration going up to 70% and even beyond that, but that was customers who don't currently have a VM solution with us we're seeing some adoption there as well.

Got it. That's super helpful. Thank you guys.

Thank you. Our next question comes from the line of Curtis Bollinger with Summit Capital. Your line is open.

Hi, thanks for taking that question. You got some strong revenue growth this quarter with revenue from core markets up 25% year-over-year. I was wondering if you could provide some color on the key trends you're seeing internationally and how you expect these trends play out for the rest of year. Thanks.

We don't have a forecast that's separated out. I mean we're seeing a good momentum overall. If you take a look at what are you're looking at revenue or LTM current billing trajectory, we're seeing a lot of opportunities, both in the U.S. and in international. Obviously on the international front there is more opportunity just because we're less penetrated in those markets. And so we're happy with the growth that we're seeing in both regions.

That's great. Thanks.

Thank you. Our next question comes from the line of Yun Kim with Loop Capital. Your line is open.

Thank you. Sumedh, can you just give us update on how much of your business or your customers’ usage is on hyperscaler environments like AWS, and Azure and GCP? And for some of your early adopters of your Context XDR, are they using it to analyze deployment on those hyperscaler environments?

Yes, we don't necessarily break out the usage from a cloud, versus on-prem, versus a remote endpoint perspective. We have healthy adoption across the different aspects of IT environment. And I think that's really the value that, I think, that the Qualys platform brings so that we can actually bring your cloud visibility, your remote employee visibility, as well as your on-prem server environment into one. And so today what we do see is as customers are looking to migrate potential workloads from on-prem systems into the cloud, they feel Qualys has the right capabilities as a trusted partner to help them make the move rather than, so we have capabilities in the cloud environment, so we have bunch of customers who are running stuff our agents in AWS, in Azure, we have the partnership with Azure, where there is an embedded Qualys capability in Azure environment if you take your workflow.

So, we're looking at cloud from multiple different aspects, working with existing customers to help them and be their partner as they are moving into the cloud and finding new security paradigm, as well as providing them more embedded capabilities directly through the cloud provider as well, in some cases.

And so we're quite happy to see that the customers that see values in Qualys are usually unlike most customers, they don't have cloud, they have a large number of employees who are remote, who have cloud as well as who have on-prem. With the early XDR customers it's again the same thing is that when they are looking at threats and they are looking at exposure that is not only in one particular environment with the Qualys platform and our context so that we are able to bring the visibility of not only maybe the cloud account that maybe seen some activity, but also that remote employee laptop, admin laptop, which may be accessing that cloud account. That's the posture of that particular asset. How do we see those together in a single platform? That's really the value that I see the context XDR brings and differentiates us from what is out there, which may be very focused on certain environments.

Okay, great. Thanks for that context. And Joo Mi I have a quick question around contract length and billing frequency. Obviously you continue to see VMDR platform adoption, the deal size around those, I'm assuming is getting larger. Just any trends that you are seeing around contract length and billings? And any potential deviation between the current and total calculated billings?

I think to call out this quarter Yun it's been – we did have a contract length, that's been slightly over one year, and does remain the same.

Okay, great. That's it. Thank you so much.

Thank you.

Thank you. I'm showing no further questions in the queue. Ladies and gentlemen, this concludes today's conference. Thank you for your participation. You may now disconnect. Everyone have a wonderful day.