Tenable Holdings Inc

NASDAQ:TENB

Greetings. Welcome to the Q1 2022 Earnings Conference Call. [Operator Instructions] Please note, this conference is being recorded.

I will now turn the conference over to your host, Erin Karney, Senior Director and Investor Relations. You may begin.

Thank you, operator, and thank you all for joining us on today's conference call to discuss Tenable's first quarter 2022 financial results. With me on the call today are Amit Yoran, our Chief Executive Officer; and Steve Vintz, our Chief Financial Officer. Prior to this call, we issued a press release announcing our financial results for the quarter. You can find the press release on the IR website at tenable.com.

Before we begin, let me remind you that we will make forward-looking statements during the course of this call, including statements relating to our guidance and expectations for the second quarter and full year 2022, growth and drivers in our business, changes in the threat landscape in the security industry and our competitive position in the market, growth in our customer demand for and adoption of our solutions; the potential benefits and financial impact of our acquisitions, including our recent acquisition of Cymptom and the expected acquisition of Bit Discovery; planned innovation and new products and services; our expectations regarding long-term profitability and our ability to attract and retain employees and its impact on our business.

These forward-looking statements involve risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. You should not rely upon forward-looking statements as a prediction of future events. Forward-looking statements represent our management's beliefs and assumptions only as of today and should not be considered representative of our views as of any subsequent date. We disclaim any obligation to update any forward-looking statements or outlook.

For a further discussion of the material risks and other important factors that could affect our actual results, please refer to those contained in our most recent annual report on Form 10-K and subsequent reports that we file with the SEC, which are available on the SEC website at sec.gov.

In addition, during today's call, we will discuss non-GAAP financial measures. These non-GAAP financial measures are in addition to and not a substitute for or superior to measures of financial performance prepared in accordance with GAAP. There are a number of limitations related to the use of these non-GAAP financial measures versus their closest GAAP equivalent. Our earnings release that we issued today includes GAAP to non-GAAP reconciliations for these measures and is also available on the Investor Relations section of our website.

I will now turn the call over to Amit.

Thank you, Erin.

Today, I'll discuss our outstanding financial performance in Q1, our accelerating momentum, exciting product enhancements, including our agreement to acquire Bit Discovery and the continued progress of our Cyber Exposure management platform.

With that, let me first touch on our Q1 results. We saw tremendous strength in the first quarter, driven by contributions from all products and theaters. Our CCB growth for the quarter was 31%, which we believe positions us well for strong 2022. Additionally, the health of our market and the durability of our business provides us with the confidence to continue to invest in our products and our people.

Momentum across cybersecurity is accelerating, as increased threats are driving a healthy spending environment. The need for customers to understand their true exposure and risk is at an all-time high. We're seeing that momentum translate across our entire portfolio, core VM and exposure solutions, particularly in our identity and cloud security offerings. We're leveraging this momentum and have plans to add significant new capabilities to our cloud offerings as well as create unique differentiation for our VM customers.

These enhancements include expanding our exposure platform, Tenable.ep to include Tenable.ad and Tenable.cs. EP customers can deploy these new capabilities immediately and take advantage of our single unified licensing model to secure their cloud environments and active directory. Launching our cloud-native application security platform, Tenable.cs, to address cyber risks from build through runtime. We delivered seamlessly integrated cloud-native web application and container exposure data into Tenable.io.

This allows organizations to analyze cloud and web approximately exposures alongside other assets and take advantage of the rich platform's capabilities such as advanced search, streamlined reporting, comprehensive role-based access controls and a single sign-off for easy access, unified APIs and other capabilities. We also delivered important updates to Tenable.ad and Tenable.ot to detect new indicators of attack used to escalate privileges in ransomware and nation-state exploits and attempts to exploit OT devices.

Our investments in product development over the last few years highlight our commitment to best-in-class security assessment across a customer's attack surface. We think our timing couldn't be better with increased threats, larger consequences for business and helping spending environment for cyber, we believe we're moving into the golden age of VM. More than ever, customers must understand every aspect of their digital footprint so they can reduce their cyber exposure, and this is reflected in a larger TAM that we discussed on our Investor Day.

In conjunction with earnings, we announced that we've reached an agreement to acquire Bit Discovery, an external attack surface management leader with a differentiated Internet-facing asset discovery, attribution and monitoring capability. The problem for many organizations is that they're largely blind to full and ever-changing scope of their Internet-facing assets and services. These systems service high-priority exposure points for attackers and important starting points for attack paths into critical systems.

Discovering and gaining insight into every part of a business's digital footprint are essential steps for any effective cybersecurity program. In concert with our attack pathway assessment technology, this new capability will allow us to tie the artificially fragmented parts of security into one view that shows how attackers from the Internet can ultimately gain access to any specific high value system regardless of where it sits. For CISOs, this analysis is a knockout punch of what is top priority.

Once integrated, the automated discovery of external attack surface will be native in the new and upgraded version of Nessus. Automated attack surface discovery will also be included in many of our enterprise products, including Tenable.se, Tenable.io, Tenable.ep and our cloud security solution. This insight will drive great value for our customers and increased adoption of our cyber exposure solutions.

Beyond this basic discovery offered to many of our existing customers, we will also have a new SKU with advanced attribution functionality that will help customers understand the broader set of context and exposure of these assets. We're incredibly excited about adding these new capabilities and Bit Discovery is a very natural and tightly aligned motion for our go-to-market team. Attack surface management data is absolutely critical exposure data. ASM has the same buyer and the same go-to-market motion as the VM buyer with a highly compatible messaging, which will provide very fast time to value for our customers.

Let me talk a little bit about Tenable.ep. During the quarter, we extended Tenable.ep beyond vulnerability management, web application security in Lumin by adding assets and security findings across identity and cloud via the inclusion of Tenable.ad and Tenable.cs. Cloud assets include systems and software vulnerabilities, a cloud security posture management across workloads, but also Kubernetes clusters and containers.

EP now offers customers a comprehensive cyber exposure management platform that assesses hybrid IT, the full life cycle of cloud and cloud-native environments, active directory and following closing of the acquisition and integration of Bit Discovery and Internet-facing assets such as web applications, cloud resources, open gateways, bringing these solutions into one unified platform enables us to identify, evaluate and prioritize risk across the entire digital footprint for our customers.

In addition, we saw continued traction in the quarter for Tenable.ep, and it's quickly becoming a rapidly growing portion of our new sales. We're leading with Tenable.ep in the commercial sector, where sales cycles are shorter, and we're seeing dramatic adoption also occurring in large enterprises as they embrace EP as well.

For years, we've been pioneering cyber exposure and the role of Tenable plays and is incredibly important in emerging discipline. When we introduced this category, it was a new concept to many investors despite its rather than native with CISOs. Since then, we've expanded exposure beyond traditional assets to include cloud assets, cloud infrastructures and cloud-native architectures into identities and operational technologies and web applications.

And more importantly, we've expanded analytic insights between these data sets in the form of attack pathways, benchmarking and other methods to prioritize risk. We believe Gartner's recent recommendation that organizations need to look beyond vulnerability patching and to manage a wider set of security exposures is spot on.

Further, we see Gartner's newly defined discipline of exposure management, which includes some mature markets like vulnerability management and emerging markets such as cloud-native security and attack surface management as very well aligned with the definition of cyber exposure and the strategy that we have been pursuing and talking about for years. We believe strongly in this opportunity and that we are an early market leader as it continues to mature and grow. We will continue to invest, including the planned acquisition of Bit Discovery, to deliver on our vision for an exposure management platform that enables our customers to better assess and manage risk.

Now before I hand the call over to Steve, I want to talk a bit about the people side of our business. As a software company, our greatest long-term asset is our people. It's an area that we spend a lot of time and effort on. Coming out of the pandemic, many investors asked about our ability to continue the hiring necessary to fuel growth. And candidly, how we'll fare in the great resignation.

We always strive to nurture a culture of innovation and transparency while building a diverse thriving workforce. Our investments in our people continue to pay off, and I'm happy to report that in Q1, we had exceptional results in our recruiting efforts, hiring and onboarding.

We're also seeing strong retention levels this year. People want to work at Tenable. New talent and lower attrition will translate directly into increased efficiency and an increased pace of innovation. Tenable has become a market recognized destination employer of choice, with a great culture and compelling products in a very exciting market.

I'll now turn the call over to Steve for further commentary on our financial results.

Thanks, Amit. As Amit mentioned earlier, we are delighted with our results for the first quarter, highlighted by 31% growth in calculated current billings, an EPS and continued investment in innovation and distribution. I will provide more commentary on each of these points momentarily. But first, please note that all financial results we discuss today are non-GAAP financial measures with the exception of revenue.

As Erin mentioned, at the start of this call, GAAP to non-GAAP reconciliations may be found in our earnings release issued earlier today, which is posted on our website. Now on to the results for the quarter. Revenue for the quarter was $159.4 million, which represents 29% year-over-year growth, which is up from 20% growth in Q1 last year and 26% growth last quarter. Revenue in the quarter exceeded the midpoint of our guided range by $6.4 million. We are delighted with the results for the quarter and the very sizable beat in revenue.

Please note that approximately $1.4 million of revenue recognized in the quarter was due to the early termination of customer contracts in Russia and Belarus as a result of sanctions and export restrictions imposed by the U.S. government. This is revenue that largely would have been recognized over the ensuing quarters this year, but had little impact on CCB this quarter as the value of these contracts were already reflected in the current portion of deferred revenue. Visibility remains high as our percentage of recurring revenue was 95%, which is primarily a result of our annual prepaid subscription model.

The outperformance in revenue is a result of continued accelerating growth in calculated current billings. CCB, defined as the change in current portion of deferred revenue plus revenue recognized in the quarter, grew 31% year-over-year to $156.5 million. This is our fourth consecutive quarter of accelerating CCB growth, which started from a base of 20% CCB growth in Q1 last year.

We attribute this inflection in growth to our market leadership in VM, expanded product portfolio and increased innovation and go-to-market activities. More specifically, the heightened threat environment has highlighted the need for our customers to continuously map and measure their cyber exposure across the attack surface.

This is evidenced by the strength in new business this quarter as new enterprise platform customers grew 39% year-over-year. In particular, demand was very strong in North America as well as internationally in both the large and mid-market.

In terms of product mix, our exposure platform, Tenable.ep, which now includes cloud and identity security, benefited from customers seeking broader awareness of risk across their attack surface. Upsell from existing customers was also substantial in the quarter, which combined with robust renewals resulted in an LTM net dollar expansion rate that was notably above our historical rates over the last two years. This was aided in part by Log4j, although to a lesser extent than what we experienced in Q4.

I'll now turn to expenses, which include incremental investments in growth and the additional operating expenses related to the Cymptom acquisition that we closed in February. I'll start with gross margin, which was 81% this quarter compared to 82% last quarter. Cost of sales increased sequentially due to higher public cloud costs associated with increased usage from our products and incremental investment in infrastructure to support new analytics for our exposure platform. As Amit mentioned earlier, we plan to launch a more expansive set of cyber exposure analytics, which we currently expect to be in the second half of the year.

This will include attack path analysis via newly acquired Cymptom, enhanced and unified analytics and improved benchmarking and contextualization of vulnerabilities, all of which will help customers better visualize and efficiently manage risk across their hybrid environments. As we've indicated in the past, we expect these investments, a portion of which are upfront costs to modestly impact gross margin short-term, but provide increased scalability to support future growth. Long term, we still expect gross margins to be in the high 70% to low 80% range. Sales and marketing expense for the quarter was $71.5 million, which was up from $69.5 million last quarter.

Sales and marketing expense includes higher wages, draws and benefits related to hiring more quota-carrying sales reps and other headcount in the quarter as well as higher commissions attributed to our strong sales performance in the quarter. Sales and marketing expense as a percent of revenue was 45% in Q1 compared to 47% last quarter.

R&D expense for the quarter was $27.8 million, which is up from $24.9 million last quarter. It should be noted that we added a team of engineers in connection with the Cymptom acquisition and made incremental investments in engineering in support of our expanding product portfolio, which was offset in part by capitalized software development costs in the quarter.

R&D expense as a percentage of revenue was 17% in Q1, which is consistent with last quarter. G&A expense was $16.6 million compared to $15.8 million last quarter. We continue to make investments in information technology and in resources, recruiting, in particular, to support the growth and scale of our business.

As a percent of revenue, G&A expense was 10% this quarter compared to 11% last quarter as well as for the full year 2021. Income from operations was $12.5 million compared to $11.9 million last quarter, which reflects the items I just highlighted. Operating margin was 8% for Q1 and last quarter. EPS in the first quarter was $0.06, which is $0.01 better than the high end of our guided range, and this is after absorbing approximately $0.01 of expense related to FX remeasurement, which is included in other expense in the income statement.

Now let's turn to the balance sheet. We finished the quarter with $526.1 million in cash and short-term investments. Accounts receivable was $96.4 million and total deferred revenue was $527.5 million, including $404.8 million of current deferred revenue, which gives us a lot of visibility headed into 2022.

Now I would like to discuss cash flow. We paid $4.1 million of cash interest on our credit facility in the first quarter. Looking ahead, we are assuming a higher interest rate environment, which will increase the interest expense on our floating rate debt facility when a reset at the end of July.

Consequently, our full year guidance reflects $15.7 million of interest expense, which is $1.7 million higher than our previously provided guidance. That said, our Term Loan B continues to provide a low cost of capital, which has allowed us to fund acquisitions without the equity dilution to our shareholders.

In Q1, we generated $32.1 million of unlevered free cash flow, with 95% recurring revenue, attractive gross margins and high renewal rates, we feel confident that we can continue to generate attractive levels of cash flow while continuing to invest in the business. Striking the right balance between growth and profitability has always been and will continue to be an area of focus for us. Last year, we became a Rule of 40 company, and we are well on our way to achieving the Rule of 50 target we outlined at our Investor Day in December.

With the results of the quarter behind us, I'd like to discuss our outlook in the second quarter and the full year 2022. For the second quarter, we currently expect revenue to be in the range of $162 million to $164 million. Non-GAAP income from operations to be in the range of $6 million to $7 million; non-GAAP net income to be in the range of $1 million to $2 million, assuming interest expense of $3.5 million and a provision for income taxes of $1.6 million; non-GAAP diluted earnings per share to be in the range of $0.01 to $0.02, assuming 119.5 million fully diluted weighted average shares outstanding.

And for the full year, we currently expect calculated current billings to be in the range of $764 million to $772 million, revenue to be in the range of $673 million to $679 million, non-GAAP income from operations to be in the range of $44 million to $48 million, non-GAAP net income to be in the range of $19.5 million to $23.5 million, assuming interest expense of $15.7 million and a provision for income taxes of $8 million; non-GAAP diluted earnings per share to be in the range of $0.16 to $0.20, assuming 119.5 million fully diluted weighted average shares outstanding. I'd like to discuss a few remarks regarding our guidance today.

In terms of topline growth, our guidance contemplates a more normalized spending environment, reflecting the reduced impact from tailwinds such as Log4j. As a reminder, hiring and investment for us is typically weighted towards the first half of the year, which results in lower operating margins in Q2 and higher operating margins in the second half of the year. This seasonal expense flow is something we discussed on our last call and is reflected in the outlook for the second quarter.

Also, as announced today in a separate press release, we entered into a definitive agreement to acquire Bit Discovery, an attack surface management company. The acquisition is not expected to close until later in the quarter and is therefore not expected to have a significant impact on our financial outlook for Q2.

For the second half of the year, revenue is not expected to be significant, but we expect Bit Discovery to add $2 million to $3 million of CCB, most notably in the latter part of the year, and $2 million to $3 million of non-GAAP net loss. The impact of the acquisition of Bit Discovery is not reflected in our outlook today.

In summary, we are delighted with the results for the quarter. We're off to a great start to the year, and we feel really good about the outlook we are providing today.

I'll now turn the call back to Amit for some closing comments.

Thanks, Steve. We continue to see increasing levels of differentiation in our core capabilities across our solutions. This is particularly exciting, given the strategic role that many organizations are increasingly placing on VM. We're thrilled about the momentum we have in our business, enabled by strategic investments that we've made and continue to make.

We believe that bringing our invaluable solutions and data sets into unified cyber exposure management platform with differentiated analytics such as attack path analysis and others positions us incredibly well for the long term. We delivered strong results in Q1 and are excited about the road ahead. We hope to see many of you at the JPMorgan, William Blair and RSA conferences in the coming weeks.

We now like to open the call up for questions.

[Operator Instructions] And our first question comes from the line of Hamza Fodderwala with Morgan Stanley. Please proceed with your question.

Thanks for taking my question. And Steve, it's good to know that the $2 million to $3 million from Bit Discovery is not included in your CCB guidance? I just want to clarify that.

Correct.

Great. Okay. Just making sure. So just maybe one question for me for Amit. There's been a lot of talk about securing critical infrastructure these days. I know you've been talking more about it. Can you give us an update on what you're seeing on the OT security side? Because I know in the past, that's been fairly long sales cycle product and it's been more of an evangelical sale. Are you seeing those sales cycles start to shorten? And are you really - are you starting to see it contribute to the top line at this point?

We are. We're seeing - great question. We are seeing - and over the last couple of quarters, we've seen increased adoption of the OT platform. And I think just as importantly, we're starting to see greater level of confidence in the sales team engaging with customers on OT and understanding that customers have OT requirements.

We believe very strongly in the long-term potential of this market. And as we said all along, this is just a market that moves very deliberately and does it move at the speed of cloud. So the indications are good, and certainly, the momentum has been building in recent quarters.

Our next question comes from the line of Brian Essex with Goldman Sachs. Please proceed with your question.

Thank you for taking the question. And great to see the acceleration in CCB in revenue. I will continue to trend with one question. Maybe, Steve, can you help us understand with regard to sales and marketing and R&D and what to expect for spending for the year, if we take the prior commentary that you had, I think, last quarter, expected sales and marketing to be about the same rate as a percentage of revenue and R&D expected to ramp. How should we think about where that investment is coming from? Where potential upside might be plowed back into the business? And how much of that spend is momentum driven versus other items like wage inflation, how that might impact?

Sure, Brian. Well, first and foremost, we are investing this year. And as a reminder, our hiring and investment plan for us typically is weighted towards the first half of the year. And so there's some seasonal flows to the business, which will result in more modest margins in Q2 and then higher operating margins in the second half of the year.

As Amit commented earlier on the call, we are seeing great success adding the headcount and competing in this market. So hiring certainly is ahead of our expectation and retention is trending lower. So we've added sales capacity in the first - the early part of the year. We're also adding engineers as well, and I think that's boding well for our ability to continue to add new products and continue our pace of innovation.

So going forward, I think the leverage will come from the second half of the year, the fact that we're doing the early onset of the hiring in the first half of the year, that will drive margin leverage throughout the year. And then obviously, we expect continued growth in revenue in CCB. So overall, very confident in the outlook, pleased with the print for Q1 and feel good about the investments that we're making to sustain long-term growth.

Our next question comes from the line of Rob Owens with Piper Sandler. Please proceed with your question.

Great. And sticking to the one question thing kind of like in this. Can you guys speak to the composition of the quarter overall? It seemed like there was strong velocity and low days billings outstanding. Just curious, how things played out your velocity business versus large deals because it's one of your smaller net add quarters in terms of over 100,000 ACV customers. So just the composition and what you're seeing in the pipeline?

Well, it's important to note, as you mentioned earlier, we're very pleased with the results of the quarter. This is our fourth consecutive quarter in which we accelerated CCB growth. We grew over 31%. We added over 400 new enterprise platform customers. We added, I think, 17 net new 6-figure customers.

The one comment that I will make is that we don't optimize the company for any one metric and pipeline opportunities can carry from quarter-to-quarter between large and mid-market deals in between new and upsell opportunities. So overall, we're pleased with the results for the quarter. We're adding lots of customers, and we even have over 1,000, 6- figure customers that are actively expanding their subscriptions as well.

It's safe to say though, from the metrics, Steve, it was a very linear quarter.

Yes, we got off to a really strong start to the year. But it sound like any software company for the last multiple quarters can represent over 50% of our total sales. So I would characterize it as our typical flow for the quarter.

Our next question comes from the line of Mike Cikos with Needham. Please proceed with your question.

Thanks for taking the questions here. And just coming back to a couple of comments here in the Q&A regarding this customer adds. One of the things that struck me when we were talking about the velocity just now, but these new enterprise platform customers you added historically have declined quarter-to-quarter from Q4 to Q1 by about 140 or 130 customers. So good to see that it only declined by about 100? I think that's one of the things that struck me as far as customer additions this quarter. I did, I guess, separately want to ask you guys about the macro environment that you're seeing today. There's been a lot made about Europe. I know that you guys have about 25% of your revenue base there. Just curious, what you are seeing on the front lines today? Obviously, we have the some good guidance coming from you, but just curious on your thoughts, anything incremental, especially as we're now a month into Q2?

Yes, Mike, great to hear from you. We certainly have a high degree of confidence in the quarter and continued progress. We're seeing very strong demand. We have - we're not taking any fundamentally different approach. But again, if you look at the headlines today, whether it's super high-profile breaches, whether it's a number of proposed legislative initiatives, whether it's alerts and warnings coming out of Department Homeland Security, DCHQ and other governments around the world, there's just a tremendous amount happening around cyber.

There's a heightened demand environment. And in almost every one of these news happenings, there is the inclusion of very specific information, highlighting which vulnerabilities are being exploited, what organizations need to do to protect and defend themselves. So we're super confident in the market and feel like we're very well positioned for continued growth drive forward.

Terrific. And if I could just cycle back. I know that you guys have spoken about the hiring, especially on the quota-carrying reps. Can you give us a sense at least directionally, how have hires progressed for the quota-carrying reps on a - if we're comparing Q1 of this year versus Q1 of last year, are we still accelerating that? And then the follow-up would be, I think your sales reps typically mature over a 10-month process or timeframe. But how has the maturation of those sales hires progressed? And I guess, with EP, does that in any way streamline how quickly your sales reps can mature on the platform and get out there and start producing for you?

Yes. So with regard to ramp, our expectation is that when we hire a sales rep that they would be fully ramped in month 10. So that is correct. And I think it's also fair to say the rate in which we're hiring is notably faster than the levels of hiring that we saw in the first half of last year.

And that coincides obviously with - important to note with the acceleration of growth. Last year, CCB growth was 20%. Today, we're reporting 31% CCB growth. We're seeing acceleration throughout the year. The product portfolio has expanded as well. So that gives us the confidence to invest, and it gives us the confidence to expect continuing increases in productivity as well.

Next question comes from the line of Saket Kalia with Barclays. Please proceed with your question.

Thanks for taking my questions here. Amit, maybe for you, I'd love to talk about Tenable.ep just a little bit more deeply. Can you just talk about how EP is being received by customers? And what additional products - obviously, customers have a lot of products to choose from within EP within that sort of easier licensing model, what are you sort of finding are the most commonly attached or additional products that customers are using beyond VM?

Yes. We - well, Saket, great to hear from you. We are extremely excited about the momentum that we're seeing with EP. And EP is a platform offering that only came out, I think, April of last year. And we noted right out of the gate that was - both the sales force as well as our customer base, we're very rapidly gravitating toward EP as the preferred path for procuring product gives people lot more flexibility. It gives people really buy into the vision and the broader capability that we're bringing to the table.

So in its earlier iterations, EP included core Tenable.io capability, the vulnerability management capability as well as web application scanning and container security capability and Lumin from an analytics perspective. And we saw a pretty broad uptake across those product lines, probably most notably between VM and Lumin, but overall adoption was strong. In February, we added or announced that we've added the Active Directory capability to Lumin, the full cloud security offering capability to Lumin. And we announced the acquisition of Cymptom, and APA attack path analysis would be added to Tenable.ep.

So I'd say, right now, the sales team is even more enthusiastic. We're seeing continued traction and certainly in the midmarket, but are seeing notable wins for Tenable.ep in the enterprise, how the usage will break down with the newer platforms being or the newer exposure solutions being added to EP, we'll keep a close eye on that over the next couple of quarters.

Got it. That's very helpful. Steve, maybe for my follow-up for you. Staying on the topic of EP. again, to Amit's point, it's still early days. But can you just talk about - you just broad brush, I guess, how much of the new business is coming from EP? And more importantly, what sort of run rate increases are you seeing from EP customers? And what they spend versus non-EP customers, if that makes sense?

Yes, absolutely, Saket. We launched EP in Q1 of last year. That's important to note. And today, just 12 months later, it represents a double-digit percentage of our total new enterprise sales. So it's exceeded our expectations here out of the gate. And our expectation is that percentage will continue to grow over time. EP, as Amit mentioned earlier, is a unified risk platform and that includes coverage of multiple asset types.

So customers are able to assess more areas of their attack surface. As a result, we're also seeing notably higher selling prices for EP versus our standalone VM offering, actually 60% higher selling prices to be specific. And that could go higher and our expectations that will go higher as we continue to include more capabilities, more offerings in EP.

And our next question comes from the line of Brad Reback with Stifel. Please proceed with your question.

Thanks a lot. I'm not sure here the question is for. But Steve, you had mentioned in the prepared remarks again about the analytics investment that you guys are making this year. As we look forward, should we expect the - is there an opportunity there to directly monetize that? Or is it just going to be bundled with the platform and should help retention rates going forward?

Yes, it's Amit. I'll jump in there. And the answer is both. We certainly are including a lot of analytic capability in the platform itself. We think this is a key differentiator. So having core Lumin functionality being part of EP, we think, is a strategic differentiated unified reporting, dashboarding, role-based access control functionality, all of those types of things. We are also adding new capability to a platform, which may be sold separately or may be sold as an add-on analytic form and charge for separately, specifically the much more in-depth attack path analytic is something that we anticipate charging separately for.

And then as we look at how we monetize and bring the attack surface management capabilities to market, we think that there is room for both. Discovery, of externally facing assets, probably enable that to be embedded into our enterprise platforms on a sort of quarterly basis. And then to do it on a more real-time basis and to have much more context and much richer context around every asset that is externally facing. We think that, that is something that we'll be charging for separately.

Our next question comes from the line of Andrew Nowinski with Wells Fargo. Please proceed with your question.

Congrats on a good quarter. This looks like one of the largest EP bet relative to the high end of your guidance in the last 2-plus years, that you said that Log4j aided less than it did in Q4, which I'd say is pretty consistent with the feedback we received from our reseller community. And now you have spring for shell, which seems pretty similar to the Log4j vulnerability. I'm just wondering if these vulnerabilities are not necessarily contributing to the inflection you're seeing in your growth, do you think your competitive advantages over the competition may have widened given that you have a much broader portfolio than all the other competitors that are out there?

I think that's fair. We certainly think that each one of these higher profile vulnerabilities does incrementally add to raise awareness around the requirement for professional VM capability, but that we're pursuing a much broader opportunity.

And so we see our continued investment in R&D, our continued ability to differentiate our product capabilities, both in core VM as well as a broader understanding of what's happening with the customer's attack surface, specifically helping them around cloud-native assets and workloads, the protection of identities and active directory infrastructures and helping them assess and understand risk more holistically. So as understanding cyber exposure and risk becomes a more urgent practice for enterprises, we feel like we're going to be able to continue to differentiate ourselves and distance ourselves.

And have you seen actually, or do you have examples of improvements in your win rates versus the competition relative to maybe where they were last year?

This is Steve. The short answer is yes. And when we know when we're first in on an opportunity, our close rates and our win rates go dramatically higher. So some of the investments that you're seeing today, and go-to-market includes not only added quota capacity but increase marketing efforts to continue to generate higher levels of demand and create new opportunities for us. So overall, we're very pleased. I think this is playing out in the story over the past couple of quarters, and it's also playing a role in our growth and our revised outlook for the year.

Our next question comes from the line of Gray Powell with BTIG. Please proceed with your question.

Congratulations on the quarter. Just a couple on my side. So one of the trends that we've been hearing about is just developer security or shift left or whatever you want to call it. It just seems like a bigger theme this year than last. Now that you have Infrastructure as Code and CSPM within CS, how should we think about demand there? And are you seeing an inflection in that product set?

Well, I guess, first of all, we're early in that market and early in bringing our product to market. We do the Accurics acquisition in Q4, we launched the product integrated to Tenable as Tenable Cloud Security in Q1.

So caveat everything by saying early in the product's life cycle. That's how we continue to see great momentum with it in terms of pipeline growth, in terms of customer engagement, in terms of growth and usage of Terrascan, which is the open-source piece of software that Accurics operates and brings to the table. So all indicators are that the product line is on the right track. And that as that market matures, we have high expectations.

All right. Makes sense. And then just the other question would be what are your expectations for the U.S. Fed over the next six months? And just how do you feel about the opportunity today versus this time last year?

I think we feel really good about our public sector opportunity. As you know, we're the market leader and approximately 15% of our revenue comes from public sector, which is predominantly U.S. Federal. Spending environment is very healthy, and we're making a lot of investments this year to sustain and even increase our footprint there.

And then we also have some newly authorized products that we can sell back into the Fed IL specifically and the OT is also on the list of that we can sell. This quarter, we didn't benefit this quarter from closing like a really large, sizable deal. Sometimes the business and public sector can be very chunky. This quarter, we didn't see that, but there's a lot of opportunities in the pipeline, and we'll be working hard to close those over the ensuing quarter.

Our next question comes from the line of Jonathan Ho with William Blair. Please proceed with your question.

I just wanted to understand a little bit more about how you're thinking about the ASM area. I mean, clearly, this is a hot space with a number of private companies that are doing quite well and a few acquisitions as well. Can you talk a little bit about maybe what this could mean from a differentiation standpoint, as well as how you intend to differentiate from the rest of the competitive group?

Yes. Great question, Jonathan, and great to hear from you. We believe that the tech service management market is very tightly intertwined with VM and cyber exposure management as a discipline. And so we think the types of folks that use VM and the types of folks that are interested in attack surface management are very closely intertwined. We see a tremendous alignment of messaging, positioning, go-to-market resources as well as technology leverage.

If you're looking at high priority vulnerability and exposure, whether or not a particular asset is exposed to the Internet, is obviously one critical factor. We also believe that it fits very well and very tightly with our attack path analysis capability that we announced last quarter. So not only looking at high-value assets, but then looking at what are the possible entry way exposure points which could lead you to that high-value asset.

So we think it's tightly aligned. We're particularly excited about Bit Discovery for a number of reasons, including the accuracy of their attribution capability. So looking at all Internet assets and being able to accurately ascribe particular assets to particular organizations, as you might imagine, is quite a complex task.

We really believe strongly in what Bit Discovery team have done and their ability to achieve scale as we bring this type of capability of 40,000 customers and still have the ability to upsell a much deeper context around those assets beyond just their discovery. So - but we think this is the right asset. We think it's the right asset for us. We think we're extremely well positioned to radically disrupt the dynamic that exists today in the ASM space.

Got it. And just as a follow-up, just given the new capabilities that you are adding to the EP portfolio, do you see this as a potential to add maybe some new tips of the spear to help you break into maybe some incumbent accounts or to maybe go at it from a different direction as you start to leverage these new capabilities that maybe your competitors don't have?

We definitely think about it that way, and we definitely see early indicators lighthouse accounts, if you will, which have come to us from some of our newer exposure solution areas, specifically OT and AD have been able - an active director have been able to achieve this in recent periods. And we believe that over time, we'll be able to lead with cloud or lead with ASM or other functionality and generate pull-through for other product lines or for our VM capability.

That said, the broadest swath of our customers and the fastest time for monetization would be to bring some of these newer capabilities to the existing 40,000-plus customers. And so we're looking at as the primary track for the near future, but certainly believe that these other product lines can be tips of the spear for us.

Our next question comes from the line of Joshua Tilton with Wolf Research. Please proceed with your question.

I understand that we're kind of playing for a bit of a different Tenable business here given the recent acquisitions. And you also mentioned that the Log4j vulnerability was a benefit this quarter, but that - the benefit should kind of subside throughout the rest of the year. So is there any way you can maybe just help us understand how we should think about the quarterly CCB seasonality throughout the rest of the year maybe versus a previous typical Tenable year?

Yes. So with regard to Log4j, that is correct, we did see some benefit in Q1, although to a lesser extent than what we saw in the fourth quarter. So acceleration growth, obviously, this quarter is due to the strength of our overall market. And I think our execution is giving us the confidence to raise our outlook for CCB this year as well. And our expectation is that we'll follow the normal seasonal patterns of our business, right? The fourth quarter tends to be seasonally our strongest quarter in terms of the level of business that we transact both new and renewal. And so our expectation is that it will follow a typical seasonal flow we've seen in prior years.

And so if you look at the guidance this year, on the last call, we guided to 22% to 23% CCB growth. On this call, we're guiding to 24% to 25% growth. I think it's an increase of $13 million in CCB, $10 million of that we delivered in Q1, $3 million is with regard to the raise that excludes any contributions from Bit Discovery, which we specifically called out in the press release today. So overall, we feel really good about the business. And there's nothing unusual with regard to the seasonal patterns of our business that we want to comment on the call now.

Great. And when we think about the CCB guidance for the year, I know it's still early in the exposure solutions story. But given we are almost five months into this year, are you guys thinking any differently about what those businesses will contribute to the full year CCB number relative to when you maybe first gave guidance at the end of 4Q?

Yes. I think it's - some of these things, it's important to know, if you look at in the case of like Accurics and even Cymptom, they're still in ramp mode. And in case of Accurics, we're just starting to sell the Infrastructure as Code capability. And then Cymptom, which is the attack path analysis, we haven't even launched the product that will happen in the second half of the year.

So our expectation is that some of those products will contribute to growth in the second half of the year, more towards the latter part of the year. It is factored into our guidance and our outlook this year. And then obviously, our hope is that, that will continue to grow going forward. And we feel really good about our ability to monetize some of the new tech and also bring new products to market organically and sell that as well. So I think you're seeing that in the top line today and the continued acceleration of growth.

Our next question comes from the line of Rudy Kessinger with D.A. Davidson. Please proceed with your question.

Thanks for taking my questions. I want to ask on the guide, $6.4 million ahead of revenue in the quarter. I know you had $1.4 million of pull forward from the Russian contracts. But even if you exclude that, still a $5 million revenue beat in the quarter, which is one of your largest - again, looking back over the last couple of years, you only raised the revenue outlook by $10 million for the year. You did raise CCB by $13 million a bit more. But it seems like the flow-through of the beat a bit less than in past Q1. Is there any additional color or puts and takes you can give on what went into the revenue guidance?

No. And as you did mention, we had a beaten race, and we raised our outlook for CCB by $13 million, and we raised revenue back to the tune of $10 million. So most of what we saw, we are flowing through. Keep in mind that every there is sometimes a delay in terms of deals that you close and the commencement of revenue. And so that can be a little bit of a timing difference there. But overall, we feel really good about the beat in the race. We're flowing a lot of that through on the revenue side. It's still very early in the year, and we feel good about the outlook we're giving today as well.

Got it. And just a follow-up. Is there any way you can quantify the incremental sales capacity that you added, I guess, both last year and plan to add this year?

We don't disclose the number of quota-carrying sales reps. But what we do say is we're - their hiring plans are more weighted towards the front of the year. We feel good about the investments we've made in go-to-market over the past couple of quarters. We do think it's having an impact on our growth. And obviously, it's also driving higher levels of productivity. And that happens to coincide with a much broader product portfolio and that's the success of our exposure platform. So expectations going forward is that we're going to continue to hire.

We're hiring at levels that are even exceeded our expectations. A lot of that is weighted towards the front half of the year, as I discussed, and that will moderate in the second half, and then we'll look to 2023 and make decisions about levels of hiring as we get closer towards the latter part of the year.

This concludes our call. I don't know where the operator went, but I think we're done on time. Anyway look forward to seeing folks at any of the upcoming events. I appreciate your time and look forward to continuing discussion.

Ladies and gentlemen, they are still on the call. We do apologize for the technical difficulties that just happened. Unfortunately, this does end the Q&A session and also concludes today's conference. You may disconnect your lines at this time. Thank you for your participation. And once again, we do apologize for the technical difficulties that has occurred.