Qualys, Inc. (QLYS) Earnings Call Transcript & Summary

Ladies and gentlemen, thank you for standing by, and welcome to Qualys First Quarter 2025 Investors Call. [Operator Instructions] Please be advised that today's conference is being recorded. I would like now to turn the conference over to Blair King, Investor Relations. Please go ahead, sir.

Thank you, Michelle. Good afternoon, and welcome to Qualys' First Quarter 2025 Earnings Call. Joining me today to discuss our results are Sumedh Thakar, President and CEO; and Joo Mi Kim, our CFO. Before we get started, I'd like to remind you that our remarks today will include forward-looking statements that generally relate to future events or future financial operating performance. Actual results may differ materially from these statements. Factors that could cause results to differ materially are set forth in today's press release and our filings with the SEC, including our latest Form 10-Q and 10-K. Any forward-looking statements that we make on this call are based on assumptions as of today, and we undertake no obligation to update these statements as a result of new information or future events. During this call, we will present both GAAP and non-GAAP financial measures. A reconciliation of GAAP to non-GAAP measures is included in today's earnings press release. And as a reminder, the press release, prepared remarks and investor presentation, are all available on the Investor Relations section of our website. So with that, I'll turn the call now over to Sumedh.

Thanks, Blair, and welcome all to our first quarter earnings call. We are entering a new era for cybersecurity risk management powered by real-time data, automation and AI. Against this backdrop, we executed well in this quarter, resulting in a better-than-expected revenue growth, strong profitability and solid cash flow generation. Fueled by customer insights, Qualys' mission is to bring innovative new security solutions to the market. With over 25 years of evolving our platform to meet the next generation of modern security challenges, we have established a strong track record of converting operational challenges into secular competitive advantages while maximizing lifetime value, ensuring frictionless outcomes at scale and driving immediate ROI on security spend. In doing so, we believe we have built a new security industry paradigm, which today leverages our powerful real-time data processing capabilities across more than 18 trillion data points on a natively integrated platform to help organizations streamline their cybersecurity risk management program with the Risk Operations Center, ROC. While a security operations center, SOC, is used for detection of threat actors after a breach, the ROC is needed by organization for proactive risk management to reduce the chance of breaches by deploying the cyber budget where the highest risk of loss is. Unlike other CTEM solutions that only reveal exposures without providing effective remediation, Qualys' cloud native Enterprise TruRisk Management, ETM, solution is purpose-built to deliver a single comprehensive AI-powered orchestration layer unifying security findings from multiple Qualys and non-Qualys sources to implement an effective ROC. By unleashing the scale of the Qualys platform, we inject data from multiple sources, including Tenable, CrowdStrike, Wiz, normalize risk signals enriched with threat intelligence, analyze adversary behavior and provide organizations with actionable enterprise-wide insights to prioritize and remediate cyber risk through a common language of business context and financial impact. This holistic approach uniquely ensures organizations not only understand their cyber risk in quantifiable terms, but can take immediate action to reduce the risk that matters the most. With prospects of POCs more than doubling from last quarter and over 25 active POCs already underway since launching of GA a short while ago, we continue to see many parallels between this new market opportunity and the early days of VMDR launch, including significant greenfield opportunity and a growing demand. Embracing this momentum in the market, we further evolved our ETM solution through an expanding ecosystem of remediation solutions. In doing so, we have advanced our TruRisk Eliminate agenda by enabling organizations to amplify third-party remediation tools with security insights from Qualys to prioritize patching or activate other compensating controls available through the Qualys platform. With this latest innovation, organizations can soon leverage a unified Qualys workflow with end-to-end automation, CMDB and ITSM integration to prioritize a rapid remediation across all environments from their patching vendors of choice. This is a strong competitive differentiator for Qualys, further neutralizes IT and SecOps procurement friction and significantly expands our market opportunity by going well beyond patch management. Continuing this rapid pace of innovation, we're expanding our Qualys TotalAI and TruRisk capabilities to help organizations address the evolving threats associated with LLMs. With this latest release, TotalAI brings full visibility across ML supply chain, data applications and pipelines to detect malicious code, policy violation and advanced multimodal experts hidden within images, audio and video files. By enhancing our AI security posture, AI-SPM, with native internal LLM scaling expands [indiscernible] by detection and seamless integration into MLOps pipeline, we're equipping security teams with the agility and insight needed to protect the modern AI-driven workloads from development all the way through run time, while building what we believe is the most advanced AI security solution available in the market. In addition, with the launch of Policy Audit and Audit Fix, we are now providing organizations of all sizes with the ability to streamline audit operations by providing audit readiness reporting and automated evidence collection across 450-plus technologies, and over 1,000 out-of-the-box audit processes for frameworks like [ PCI-NF ], DORA, HIPAA, et cetera. This solution reverses a growing area of focus and cyber spend for CISO as they are under pressure to ensure their organizations don't fail audits, while at the same time, reducing their spend in audit readiness with automation in not only detecting the gaps, but automation and also fixing them. Moving to our business update. We have hosted several risk quantification workshops attended by many of the most forward-thinking CISOs around the world in recent quarters, and the message is clear. Organizations are increasingly anchoring pre-breach cyber spend to quantifiable risk reduction in their business which is easily articulated to boards and business partners. CISOs own a platform that speaks the unified language of risk while letting their teams choose their own tools with various components of the stack rather than trying to consolidate multiple vendors into a single platform. This requirement necessitates a centralized risk [ fabric ] that seamlessly unifies the underlying tools of choice to effectively measure, communicate and fortify an organization's risk posture while reducing complexity, operating cost and time to reduction -- time to remediation. As a result, our technologies are not only fueling new logo lands, but also helping to increase broader platform adoption, especially in the areas of VMDR Cybersecurity Asset Management, Patch Management, Cloud Security, and increasingly that are delivered through Qualys' ETM solution. With thousands of customers consolidating on Qualys' Enterprise TruRisk Management platform, let me share a couple of recent wins, which illustrate why these companies are turning to Qualys to help unify their security tools, quantify and remediate cyber risk in their environment and achieve better security outcomes. First, an existing Global 100 multinational media company with a rapidly growing multi-cloud and container environment, determine that managing siloed tools added complexity to their operation, lack integration and misdetection while hindering their ability to assess risk and centralize remediation. This customer chose Qualys to transform siloed risk factors spanning core depositories, endpoints, identity, cloud container, IT, IoT and network assets into a cohesive real-time risk management solution by consolidating Qualys and non-Qualys data. This included purchasing eight Qualys modules and deploying ETM to bring operationalizing -- to begin operationalizing the ROC and consolidating ingested data from this, resulting in a seven-figure annual bookings deal, including a mid-six-figure TotalCloud CNAPP upsell. We are now quickly migrating numerous data sources in the Qualys platform and delivering a vendor-agnostic orchestration layer with full visibility of the attack surface, centralized risk assessment, quantification prioritization and remediation while unleashing the operational efficiencies of security stack consolidation. Looking ahead, this customer is now in the process of planning to power its ROC with ETM across 30 separate entities worldwide. Further advancing our TotalCloud CNAPP momentum is another marquee seven-figure annual booking swing with a Global 50 financial services company. This existing customer launched an initiative to strengthen its cloud and container security solution against advanced threats, close security gaps and remediate risk with ITSM integration through a single dashboard. It also needed to meet increasingly stringent global regulatory requirements and extended its on-prem visibility to multi-cloud and container environment. Through its evaluation, this customer chose our TotalCloud CNAPP solution and is now leveraging the Qualys Enterprise TruRisk platform for complete visibility across this entire attack surface to quantify and prioritize the risk reduction initiatives and increase operational resolution and compliance. Our growing leadership in the cloud market was further evidenced in GigaOm's Radar Report ranking Qualys as a leading outperformer in cloud workload security. With customers beginning to perceive Qualys as a leading risk management platform that consolidates and orchestrates multiple security solutions and workflow, we are going -- increasingly confident in our ability to drive long-term growth and gain market share. This confidence was again bolstered in Q1 with customers spending $5,000 -- $500,000 or more with -- grew 6% from a year ago to [indiscernible]. Validating workflows isn't just happening with customers, it's also embraced and prioritized by our partners, underscored by an increasingly strong mix of new business and significant growth. As we continued to endorse a partner-first sales motion, partner-led deal registration increased again in Q1. In addition, we have now certified six leading partners who are actively marketing the delivery of our fresh new Managed Risk Corporations, mROC services and just beginning their efforts to capitalize on a centralized and automated approach to pre-breach risk management on top of ETM. Further advancing our momentum towards a global ROC ecosystem, we look forward to certifying few additional strategic partners in the months ahead who have already demonstrated a firm commitment to sharing this new initiative with Qualys as their mROC partner of choice. And finally, as the federal government seeks to show efficiency and replace outdated and costly on-prem deployments from years past with modern cloud-native risk management solutions, we are especially excited to host our Second Annual Federal Conference in Washington, D.C. towards the end of this month. We have recently made good progress advancing our FedRAMP High certification status, and we continue to believe we are on track to achieve authorized milestone later this year, fueling a new leg of growth for the company. In summary, Qualys is increasingly well armed with fresh new capabilities to further strengthen our strategic position as the partner of choice for customers who are ready to centralize their response to cyber risks, solve modern security challenges and reduce costs. Looking ahead, we believe we will continue to outpace our competitors, extend our leadership in the market and build upon an already strong foundation to drive durable long-term growth in the business. With that, I will turn the call over to Joo Mi to further discuss our first quarter results and look for the second quarter and the year ahead.

Thanks, Sumedh, and good afternoon. Before I start, I'd like to note that except for revenue, all financial years are non-GAAP, and the growth rates are based on comparisons to the prior year period unless stated otherwise. Turning to first quarter results. Revenues grew 10% to $159.9 million. The channel continued to increase its contribution, making up 49% of total revenues compared to 45% a year ago. As a result of our continued commitment to leverage our partner ecosystem to drive growth, we were able to grow revenues from channel partners by 19%, outpacing direct, which grew 2%. 16% growth outside the U.S. was ahead of our domestic business, which grew 6%. U.S. and international revenue mix was 57% and 43%, respectively. In Q1, we were pleased to see some improvements in our gross retention rate. However, our growing macroeconomic uncertainty toward the end of the quarter presented an increasingly challenging upsell environment, but their net dollar expansion rate of 103% unchanged from last quarter. In terms of product contribution to bookings, Patch Management and Cybersecurity Asset Management patch combined made up 15% of total bookings and 24% of new bookings on an LTM basis. Our Cloud Security Solution, TotalCloud CNAPP, made up 5% of LTM bookings. We credit this momentum to customer demand for a more comprehensive and contextual understanding of their expanding attack surface, supported by seamless integrated risk management and remediation workflows across all environments within a unified platform. Turning to profitability. Adjusted EBITDA for the first quarter of 2025 was $74.8 million, representing a 47% margin, in line with last year. Operating expenses in Q1 increased by 10% to $62.5 million, primarily driven by investments in sales and marketing, which grew 15%. Demonstrating our ability to innovate and invest in our long-term growth initiatives while remaining capital efficient, EPS for the first quarter of 2025 was $1.67, and our free cash flow was $107.6 million, representing a 67% margin compared to 57% in the prior year. In Q1, we continued to invest the cash we generated from operations back into Qualys, including $2 million on capital expenditures and $39.6 million to repurchase 292,000 of our outstanding shares. Since commencing our share repurchase program in February 2018, we repurchased 9.6 million shares and returned nearly $1.1 billion in cash to shareholders. As of the end of the quarter, we had $303.8 million remaining in our share repurchase program. With that, let us turn to guidance, starting with revenue. For the full year 2025, we expect revenues to be in the range of $648 million to $657 million, which represents a growth rate of 7% to 8%. This compares to prior guidance of $645 million to $657 million. For the second quarter of 2025, we expect revenues to be in the range of $159.7 to $162.7 million, representing a growth rate of 7% to 9%. While we believe our platform approach to cyber risk management provides some information of this ongoing macro volatility, this guidance assumes increased [indiscernible] in a more challenging environment for new business growth in 2025. Shifting to profitability guidance. Given our strong Q1 performance, for the full year 2025, we expect an EBITDA margin in the low to mid-40s, implying a 15% to 17% increase in operating expenses, and a free cash flow margin in the mid-30s. We expect full year EPS to be in the range of $6 to $6.3, up from a prior range of $5.5 to $5.9. For the second quarter of 2025, we expect EPS to be in the range of $1.4 to $1.5. Our planned capital expenditures in 2025 are expected to be in the range of $8 million to $11 million, and for the second quarter of 2025 in the range of $1.5 million to $3 million. We continue to believe organizations will increasingly adopt cloud native, full stack security and compliance coverage to meet the demands of today's threat landscape and reduce costs. As the impact of the macro economy is still unfolding, we are closely monitoring the business environment and adjusting our priorities accordingly. That said, considering the long-term growth opportunities ahead of us and our industry-leading margins implying further room for investment, we intend to continue to responsibly align our product and marketing investments to focus on high-impact initiatives aimed at driving more pipeline, accelerating our partner program and expanding our federal vertical. As a percentage of revenue, we expect to prioritize increased investment in sales and marketing and engineering with a more modest increase in G&A, consistent with our commitment of balancing long-term growth and profitability. With that, Sumedh and I will be happy to answer any of your questions.

[Operator Instructions] And the first question will come from Jonathan Ho with William Blair.

Congrats on the strong quarter. I just wanted to maybe understand a little bit better what your thoughts are around the macro environment, perhaps what you're seeing from customers spending so far, and maybe what underpins your confidence to tighten the guidance range a little bit higher.

Yes, I would say that at a high level, what we're seeing is similar to what we have seen in the last couple of years where cybersecurity still continues to be an important aspect of risk management for the company, and there is a continued focus. However, as we have seen, there is more scrutiny on the spend, ROI of the spend is important, and we're seeing longer cycles because people are taking longer time to make the decision. So I think that is what we continue to see right now. Of course, given more recent changes, there is a little bit of uncertainty, I would say. And so a little bit of that is factored into how we're thinking about the rest of the year. Though we haven't particularly seen anything specifically yet, we're just being prudent about sort of what we see now and a little bit of expectation around people scrutinizing things a little bit more and continuing to inspect budget spend not just in cyber, but overall budget spend across the board with everything.

Got it. And then just in terms of your discussion of the ROC. Can you talk a little bit about how that works from a customer journey perspective? What they may be add to their existing solutions? And what that looks like from a financial perspective?

Yes, that's a great question. I think really where everybody is struggling right now is all their investments across multiple tools are generating tons and tons of risk signals. And we routinely see that -- if you take vulnerabilities as an example, less than 95% of those vulnerabilities are -- or I would say, like less than 5% of the vulnerabilities are even have some form of a potential immediate attack vector. And so customers as they are trying to figure out how they don't end up with 10 different consoles from 10 different solutions when they look at risk, what we're seeing is our ability to take the Risk Operations Center idea of consolidating all assets from all tools, all findings, applying threat intelligence, providing contextual from a business perspective, adding dollar values to the business potential loss that they could have, and then providing remediation plans as well as board reporting is what is sort of the journey of a Risk Operations Center, and it starts with consolidation of assets. And for us, what we are seeing with ETM, we're able to walk into customers who today have multiple solutions and not necessarily start off with the conversation of replacing something that they have. And so I took some of the vendor names that we are currently pulling data from. And so we're able to say, look, if you have this particular VM solution, if you have this particular integration solution, if you have this particular identity solution, you can keep that. We can ingest the data from these tools and provide you a higher level visibility of what your actual risk is that is aligned with your dollar value risk from your business entities that you have and then provide your reporting that you can take to the Board and also to the IT teams in terms of prioritizing what is the most important thing that they need to fix. And what we're finding is that this approach is helping them partner with the IT team to not spend time on fixing hundreds and thousands of issues that actually are not exploitable or not attackable right now. And so this is actually creating potential cost savings for the company in terms of not wasting developer and -- time as well as not wasting IT team's time on fixing things that are not immediately actionable, and then going back and focusing on the things that are immediately actionable. So from a customer journey perspective, they look at it as something that layers on top of what they have, so they don't need to work through a replacement plan. And they essentially pay an additional amount to Qualys for the cost savings that they end up getting in terms of consolidation and not having to waste time on fixing things that are not important. And so they are able to walk in and make a case for additional budget for Risk Operations Center because they see the savings that are coming out from the outcome of the Risk Operations Center.

And the next question will come from Patrick Colville with Scotiabank.

I guess, let me just ask one to Sumedh and Joo Mi. I mean in your prepared remarks, there was a comment that macro at the end of the quarter was a challenge. Did that -- I mean, were there any deals that pushed at the end of 1Q into 2Q or pulled? Or was that comment kind of in isolation and didn't have an impact on current billings?

Yes, there wasn't any material deal that was pushed or pulled in the current quarter. That was more of the commentary around the fact that like, let's say, a customer that was set to renew in the quarter, we had anticipated a higher upsell rate potentially from that customer increasing their spend with us. We saw some pushback. And so that doesn't necessarily mean that it's a push -- it's going to be closed in Q2. It's in the quarter impact that I was calling out.

And congrats on all these terrific announcements made by Qualys at RSA Conference. I want to actually touch on the announcement made by a competitor, best known for endpoint security. They GA-ed a product expanding into network-based VM. I mean, would you mind just commenting on your thoughts on, I guess, other cybersecurity players moving into network-based VM? And how Qualys is defending against these guys?

Yes. Great question. And I think we're actually pretty happy to see that competitors are acknowledging that their current solutions, which are agent-only, are not enough to give customers a full view of what their overall attack surfaces from a vulnerability perspective. And so while we haven't really seen that solution with any of our current customer engagements or prospect engagements, we've heard about it. To me, I think, as I mentioned earlier, and even going back 4, 5 years ago, Qualys really has been talking about the evolution of vulnerability management and less about finding more vulnerabilities that you are not able to fix and more about focusing on the ones that actually matter to the risk and then actually helping them remediate. And so our focus really has been about how do we help them prioritize and remediate the findings rather than just finding more findings which are not being fixed anyway. And to that extent, we are taking data of those findings from the competitor and providing customers a higher value capability around taking that information which is just a big bob of findings that are hard to decipher, and adding the right context with over 20-plus years of significant research that we have done in vulnerabilities and vulnerability exploitation, and using that to provide additional value on top of that. And so I think it's really leading to the customer having the choice that they can either use Qualys or the other solution is something that satisfies their need for that particular environment. We will still be able to take that data and we're already seeing consuming data from competitors. So I think when the solution comes out, we will take a look at it and see how our customers feel about that. But having said that, we're not dependent on the customers' leveraging Qualys scanner necessarily to find the vulnerabilities as we move forward with our focus on Risk Operations Center and the ETM.

And the next question comes from Kingsley Crane with Canaccord.

I appreciated your comments on TotalAI. Curious how you would characterize the competitive market in AI-SPM. And then how do you think security budgets are going to play out with respect to that market? Do you think that they need to lag as we wait for more upstream adoption? Or are you already seeing some nice uptick?

Great question. Right now, everybody seems more in the exploratory phase rather than -- obviously there are some very, very early adopters. But I think overall, we feel like a lot of customers are just trying to understand the risk vectors that are coming out from potentially AI. They are looking at what are the solutions out there. So I don't think this is more of a competitor thing as much as an educational phase that customers are going through as they're looking at various AI security solutions that are out there, and trying to figure out where within the AI journey is the place that have the maximum risk from a business perspective that they need to mitigate. And so we have had some great conversations around TotalAI. We already have a couple customers that are engaged with POC with us on TotalAI, in terms of being able to focus in on LLMs that they're going to put out. And now with our new announcement that we will -- they will be able to run LLM scans within their dev environment. Means that they can actually test these LLMs in the preproduction before they go out. And the dynamic that is playing out right now is the IT teams are ready to say, hey, here's a few LLMs, we are ready to go to production with. They're asking the security team for a sign off before they go, and the security team doesn't necessarily have a good knowledge or idea of what they can do from the sign-off perspective. And so with the Qualys' TotalAI solution, it's like a point and shoot scanner. You pointed to the LLM, it gives you a green, yellow or a red signal to say whether this LLM is good to go or not. So that's the dynamic in terms of people who are evaluating, looking at it and trying to figure out. I think the second dynamic is, given that overall security budgets have not increased significantly even with the onset of AI, people are in the mode right now of trying to figure out what the potential loss that they could have from an AI security-related incident perspective. And then using that this year to formulate their ask for budgets for next year. So while we will continue to see more interest and more adoption in terms of POCs this year and maybe a few customers signing up for a few more AI-related scans, I think this is a journey that is going to take a couple more years where people really have to go and make the case for why they need additional budget for AI security and then the willingness of the business to give them additional versus asking them to adjust against existing budget that's been allocated to them. I think that remains to be seen.

Sumedh, that's really helpful. And then for Joo Mi, a quarter ago, we were looking at EPS guidance that was down year-over-year. Now we've meaningfully raised it this quarter. I think the midpoint is roughly flat from last year, but can you speak to what went into the change over the past quarter? I think last quarter, you had called out investments in data centers and aligning some product marketing to break into federal. Just kind of curious any specific points that have changed.

Yes. Last quarter, the guidance was informed by our annual planning. And so what we like to do is we like to set aside the sufficient funds to be able to execute on the priorities that we had set at the beginning of the year. And as we move through the quarter, you see that our EBITDA margin came in at 47% with our sales and marketing growing by 15%, which is a healthy growth in and of itself. But with that said, looking back at Q1 performance and the treatments and the initiatives that we have set for ourselves for the rest of the year, we felt that the growth right now we're expecting on the OpEx, it's more along the lines of 15% to 17%. What we've seen a great success or a traction is in our ability to work very closely with our partners, which may not really translate to a significant increase in sales and marketing spend this year. And so that kind of speaks to why the margin contraction is not as significant as what we had anticipated at the beginning of the year.

And the next question comes from Rudy Kessinger with D.A. Davidson.

I saw the LTM 500,000-plus ACV customer count actually dropped by [ 4 ] versus Q4. One of your competitors had called out a record quarter of seven-figure deals. At the same time, I heard you guys call out, I believe, improved gross retention. So were there any large customer losses or some downsell that push customers below that threshold? Or just any comment on that?

Rudy, nothing out of the ordinary to call out for. Our win rates have been stable, and as you saw, we improved our gross retention. And so that metric you talk about is an LTM metric. And so we continue to see in some quarters, sometimes customers might have a downsell with, that has been offset by a larger upsell with another customer or we might -- that sometimes can drop them below the 500,000. But again, I think we're glad to see that there continues to be growth in that area and year-over-year. And from our perspective, we're glad to see that with our focused efforts, we're seeing some incremental improvement in our retention.

Got it. Okay. And then, Joo Mi, for you -- apologies, I joined the call a bit late. I just want to understand maybe some of the increased conservatism in the guide to the macro for the remainder of the year. I guess, are you now expecting net retention rate to maybe come down a point or 2 versus kind of staying flat at the 103%? And what are you expecting on the new book -- new logo bookings standpoint for the rest of the year, I guess, versus prior guidance and versus last year?

No material change as indicated by the annual revenue guidance, Rudy. Right now, what we're seeing in the business today is, at the end of the -- close to the end of the quarter, we did see some push downs and some impact from the macro. And what that resulted in is -- even with lower than what we would have liked the upsell rate to be, it was more than offset by the fact that our retention rate was a little bit better. And so all in all, we did end the quarter at 103%. As we're assuming 103% will pull throughout the rest of the year, we do expect to continue to see some headwinds in the new bookings and its ability to contribute to revenue growth. And hence, we're guiding to a revenue growth rate of 7% to 8% for the full year.

And the next question comes from Trevor Walsh with Citizens.

Great. Sumedh, maybe for you, could you just walk us through how you're thinking about the mROC kind of roll out with partners and how you're gaining mind share with them when they've got a lot of different managed services that they are probably trying to bring to market? And then kind of with that, why not -- why just kind of the six to start? There's probably a lot of other players you go after out there to partner with. So is there kind of more to follow? Or how you're thinking about just onboarding of those?

That's a really good question. And we're pretty excited about this because as you know, the last 3 years or so, we have really been focused on a partner strategy and a partner-first strategy, and you can see that in the numbers in the way the business is moving more towards partners. And so part of that, we really felt like we wanted to do something that was meaningful to our partners and wasn't just about a few points here or there in terms of resell. And when we talk to some of the partners, as you said, they have managed services today, but a lot of their managed services are around MDR, which is becoming more and more commoditized or price-sensitive because everybody is offering some sort of an MDR service. However, MDR services are post breach detection, right? Is there somebody in my environment that I can detect and be able to alert and take action by looking at data from all of the different tools, and that's a different architecture. What we talk -- when we talk to our partners, they felt like they did not have really great services from a managed service perspective, other than sort of point solution type services for scanning service as a managed service or patching as a managed service. And so when we introduced the concept of a Risk Operations Center, it was also pretty clear that implementing the Risk Operations Center, we have a great platform that we have with ETM that consolidates all these findings. However, the customer does need help with risk quantification, putting dollar value terms in terms of how their business is evolving, what the risk are. They need some help with connectors, they need help with actively monitoring risk because today, the issues they have millions and millions of findings, which out of those once Qualys has prioritized truly actually impact their environment by looking at their environment. So sort of a risk monitoring service and then ultimately, a risk remediation service. And so these are fairly new services that most MSSPs don't have when we talk to them. And so they were excited about the ability to launch new or different services in the market rather than just launching another MDR, which is pretty saturated. But from that perspective, we wanted to work closely and prioritize with the partners that truly understand the vision and are investing together with us in terms of their resources hiring the right people on their side for quantification type services, and working with us to provide a tightly bundled service. And so today, we focused on those first six, these are the launch partners. There are a few others we're talking to as well. And the ability -- the excitement for them is, can they make a few more dollars of services on a dollar of Qualys ETM that they sell is the exciting part for them. So we are going to continue to work with selected strategic partners that are really working closely investing rather than the sort of making it available on the shelf and they're reselling. So that's really the focus. And our thought there is that mROC partners will be more excited to bring more customers to Qualys because that will allow them to create more dollars of services versus maybe a competitor who's competing with them on services or offering professional services and does not provide a lot of capability to add additional services on top of just reselling. So it's a very strategic move for us, and we're excited to see globally, multiple partners actually signing up and excited about this.

I appreciate all the color there. Joo Mi, maybe just one quick follow-up for you kind of along the same lines. I think last quarter, you had mentioned some gross margin pressure as these partner programs are rolled out. But it looks like, at least from just the results in this quarter that you were a little bit ahead of kind of where expectations generally were around gross margin. So is that just a function of maybe these partner programs still kind of -- basically still launching and so you're not seeing the kind of added gross margin requirements there? Or do you have kind of a new perspective on kind of where gross margin should track kind of heading into the rest of the year?

Yes. We had talked about the gross margin contraction, primarily due to the data center operations investments that we plan to continue to make throughout the year. So that really hasn't changed. From the pressure on the partner side, I think that we've actually seen it. We don't expect it to be material. If you take a look at our revenue, it continued to tick up with 49% of our revenue coming from the channel side. And so from that perspective, unless there is any meaningful change to the pricing or incentive program, which we don't foresee for this year, we kind of see no impact on gross margins due to our partnering initiatives.

The next question comes from Joshua Tilton with Wolfe Research.

I have two, and I also apologize if they've been addressed, just jumping around on a few calls tonight. My first question is on billings. I think it's kind of been asked a few times, but I'm just going a little bit more direct. Was the billings growth that you saw in the quarter like in line, below or above your expectations for the quarter? And then going forward, how should we think about billings growth relative to revenue growth and specifically 2Q given the interesting comp from last year?

Yes. Current billings, because we don't manage to it, we don't really have the necessary expectations for the current quarter. But what we did comment on is last quarter, we did expect current billings to be more or less in line with the annual revenue growth rate guidance of 6% to 8%. So 7% current billings for the quarter wasn't a surprise to us. And I would say that even though we don't actively manage to it, if you were to look for a color for the annual current billings growth, it will be more or less the same as our prior guidance of 6% to 8%.

Super helpful. And maybe just one follow-up here. I think in response to a question about the bottom line beat, you talked about how your plans for the year, you talked about some potential investments that you guys go into the year, setting yourself cushion for in case you can execute. I guess from your perspective, what would it take to ignite growth on the direct side of the business to kind of trend towards or be more in line with what you're seeing on the partner side?

I think for the direct side of the business, we are not expecting an acceleration on that side just because we are taking the partner-first approach for this year, whether it's from a new business perspective as well as existing customer perspective. So what this year, we're really focused on is making sure that we're building the channel partner team and how as well as working closely with our top partners to come up with different programs and initiatives so that they can help us with lead generation as well as us kind of discussing with them for our existing Qualys customers who are currently direct with us where it makes sense for them to go and derive where the partners could add more value. And so for us, it's about the partner kind of driving growth versus trying to moderate the deceleration on the direct side.

And the next question comes from Shrenik Kothari with Baird.

Congrats team. Again, I was running a bit late, so apologies. Sumedh, you disclosed the TotalCloud CNAPP kind of now 5% of bookings and mid-six-figure CNAPP deal in that seven-figure annualized deal. So can you help kind of break down the elements of that win? Like how are you differentiating? And what is arguably [indiscernible] rates? And did the -- I believe you said the audit readiness message, integrated risk, all of that is serving as a key wedge. So just curious how it is translating to wins? And how fast overall the CNAPP is growing? And is it mostly greenfield? And then I had a quick follow-up.

Yes. We're still early days with the cloud solution. I think we're happy with having reached that 5% LTM as a percentage of our bookings. Again, it shows that our solution is at the level, our investment in getting our sales force trained and our partners working with us is working, even though it's early days. As you said, the market is crowded. I think customers have different requirements. It's not that every customer has the exact same requirements for cloud, and what we see is that there are times when customers prefer to take the program that they have built with Qualys all these years. And also from the auditor perspective, just expand that into the cloud. In some case, they might want to go with some other provider for some part of the cloud and still continue with Qualys on the workload side. So today, our approach really is we have a pretty mature solution now that is offering all kinds of different capabilities, including CSPM, including identity, cloud identity management. We have attack path and [ autopsy ] combination. So we're seeing those wins when we're going head-to-head depending on what that particular customer wants. In some case, we see the customers are adopting Qualys for one part of the environment and maybe somebody else for CSPM. I think the exciting thing for us is that with the ETM, Risk Operations Center solution, we have customers where they might be using a different cloud provider for a part of their cloud, and we're actually now able to bring the data from that cloud provider in Qualys to give the customer a unified view of all of their different capabilities. Whether it's on laptops, whether it's on their on-prem environment, whether it's on their cloud, they are able to see a unified view of the risk. And so for us, wherever it sense for the customer to leverage our cloud-native solution, we're working with them. In some cases, it's a partnership with other providers. And in some cases, they are using other providers who are still able to look at potential revenue from them because we're pulling the findings and data, adding meaningful context to the vulnerability and misconfiguration side of it. And to your point on the audit readiness, this is what we see as a big area of focus and spend for CISOs where part of it is on risk management. The other part of the spend for budget for them is around audit readiness ensuring that they don't fail audits because that's fully within your control as an organization to make sure that you don't fail your audit by putting the right controls in place. And so the audits are costly and they -- whether it's cloud -- in the cloud or whether it's on-prem. And the amount of work that goes into manually collecting evidence, and once the auditor is on board then they go and ask you to find some data. So we're seeing the combination of Qualys, not just about finding buckets, but also helping them with findings in the bigger context of risk, but also in the context of audit readiness so that they can be completely prepared for audits is helping drive that focus on saying, well, maybe we should just leverage the Qualys plug-in for cloud security. But if it's not, and they have something else, we're more than happy to take the data, which we're already seeing in the current POC, where we are taking data from other cloud providers already and giving the customer a single view.

Got it. Helpful. And Joo Mi, just a quick follow-up to some of the previous line of questioning. And you have definitely add on to the long-standing kind of margin discipline, targeting, of course, low 40s EBITDA margins. Just as you're shifting your bookings overall towards higher value kind of module CNAPP patch management. Just curious like how are you deciding, and also Sumedh feel free to chime in as kind of how to deploy the incremental OpEx along the lines of kind of new sales leadership, kind of investments in TotalCloud which is trying to acclerate that. Just broader S&M and product, just curious how you're thinking about it.

The way we're thinking about it is at the beginning of the year, we do go through the number of initiatives, whether it's from a product development standpoint, the engineering effort, the investments that we have to make on the R&D side as well as operations and data centers in addition to the sales and marketing, the go-to market. It's basically based on what we think that we'll be able to achieve in the current year with the goals we've set up for ourselves and then the risk weighted adjusted target, does that make sense. And then because of that, we have set aside significant flexibility for us to execute on a number of initiatives which we have the bandwidth to do it. Aside from that, we did take into consideration that if we were to onboard a new CRO, there will be some kind of reevaluating some of the initiatives we want to make sure that we have enough funds available for us to make some bets that are appropriate for our business today.

The next question comes from Yun Kim with Loop.

On your channel strategy around MSP partners, how long does it take for these MSP partners to ramp? And then also, are these MSP partners that you're initially focused on, are they targeting certain customer segments, like primarily targeting SMB or mid-markets?

Yes. Look, these are new services, right? This is not like MDR, it's a well-known service. So as they are ramping up, they are also figuring out on operationally on their side what are the investments that they need and they're making those investments to make sure that they are able to work with the customers that need this kind of a view. So there is excitement around that. I think the time it takes, we're already engaged with a couple of partners who are part of these POCs, who brought us these POCs. So we're seeing the excitement and we're seeing that engagement already. And I think the -- what was the last part of your question? I forgot, sorry.

Just are these partners kind of focused on certain customer segments, like are they primarily targeting SMB or mid-market?

I think the -- overall, I feel like the Risk Operations Center solution would pretty much work for anybody who has more than three security solutions, which is pretty much everybody at this point. However, I think the number of findings and the amount of triage that they have to go through to figure out those findings, I think that is a lot more of high priority for the larger customers right now. So most of the POCs that we see engagement are large enterprises that have multiple tools, multiple solutions and are really struggling to convince their IT teams to focus on fixing things as well as they are struggling with showing ROI of large spend to their CFO and to their Board. And so that's kind of where we are seeing potential target focus for these customers to the MSSP is the large customers that have a bunch of these large tools and a large number of assets.

Okay. Great. Joo Mi, if you can remind us how renewals are lined up for the rest of the year. Do you expect the typical seasonal pattern like we saw over the last couple of years? Or do you see certain renewals kind of shifting between first half and second half?

Yes. I would say I assume the same seasonality as the prior year.

The next question comes from Rob Owens with Piper Sandler.

Just a quick one on geographic mix. And I guess, more so from the standpoint, if I look over the last year, North America has been very soft for you guys growing low to mid-single digits. While internationally, you've actually put up some pretty reasonable results. Can you just parse your success internationally and why domestically, it's been so difficult for you guys?

I would say, at the high level international tends to be more partner-oriented business. And as we are focusing more on working with our partners and channel partners and moving business with them, we're naturally seeing a little bit more success where already it's much more partner oriented thing. I think we do see opportunity for continuing to improve our execution in North America with our partners. So that's where part of the mROC services and lining up with creating abilities for them to be able to provide more services around Qualys can be that sort of a catalyst that we are working with them to see if as we bring the -- we bring our existing direct accounts in North America to them, how do we do a gift to get where they're able to bring us additional new business that we don't have today in return from moving some of these customers to them. So those are the motions that we're going through right now, and we're looking forward to executing on some of these and improving how we can get this business in North America as well.

And our next question comes from Oscar Saavedra with Morgan Stanley.

Congrats on a great quarter. Joo Mi, regarding partners, can you give us an update on performance in terms of lead generation and pipeline generation? How has that been tracking against your internal expectations? And when we think about the guidance, to what extent is it assuming that, that continues to improve? Or is it assuming still similar to what you're seeing in the current quarter?

Yes. We've been satisfied with the progress that we've been making on the partner side. Relative to the direct business, we've seen like pipeline increase, success in increasing the deal range. In our guidance, what we're kind of assuming is not a meaningful improvement from what we see today. It's kind of stay the course given that we are expecting increase in budget scrutiny given the macro. So we've adjusted, we've taken that into consideration when setting guidance. But with that said, we are very happy with the progress that we're making with partners. We kind of are hoping that once the macro improves, we will see meaningful improvements there.

There are no further questions at this time. This does conclude the Q&A session and today's conference call. Thank you for participating, and you may now disconnect.

Goodbye.