Varonis Systems, Inc. (VRNS) Earnings Call Transcript & Summary

Good morning, everyone. Welcome to Day one of the Barclays TMT Conference. My name is Saket Kalia, I cover software here at Barclays. I'm honored to have the team with us here from Varonis. We've got Guy Melamed, CFO and COO; I also have Brian Vecci, Field CTO at Varonis. We've got about 30 minutes today. There's going to be a lot to talk about. I promise it's going to be a fun session. Let's take 20 to 25 minutes to kind of run through some fireside chat with the team. And then would love to make this interactive. So if you've got a question, just pop up your hand and we'll make sure we get it asked for the benefit of the webcast. So with that, Guy, Brian, thanks so much for being with us here today.

Thanks for having us and thanks for putting us in front of Jerome Powell's deeds and announcements and there's a lot of competition going on.

I would rather be here.

Same with us.

Well, I want to jump right into last quarter, right, because there's so much to talk about there. Guy, you said something interesting in the last call, which was Varonis is really becoming two separate businesses right now. There is the SaaS business. And then the on-prem business. Talk to us a little bit about why those two businesses feel so separate right now in terms of their performance.

So it's true, and we talked a lot about the fact that we started talking about it throughout the transition. But obviously, after the Q3 results, it's very clear that there is the Varonis SaaS business that is performing well, doing good on the new business, doing well on the upsell. And there's the on-prem subscription business, which, obviously, in Q3, the renewal rate of the on-prem subscription business were below our expectations. And I think that obviously overshadows and puts a bit of a cloud on the overall performance. But it is important to remember that the core business and where we're headed, the forward-looking business is the SaaS business and the rearview mirror business is the on-prem subscription. I think the reason it's so distinct right now, you can see it on the renewal rate, but the value proposition is significantly different between the on-prem and the SaaS. And I think that is an important emphasis that investors need to understand because we got a lot of questions of end of life when we announced the end of life of on-prem. Why did you do it so quickly and why wouldn't you drag it on for a longer period of time, we said all along that we don't want to be monitoring and maintaining two types of code. We wanted to make sure that we are 100% SaaS, and we said that all along. This was actually the first quarter that we got the 76% SaaS of ARR, which is how we define completing the transition. We talked about it during the Investor Day in Q1 of 2023, and we talked about completing the transition anywhere between 70% to 90%. And the expectation and the intention was to announce the end of life during our sales kickoff in January of 2026. So just coming up and announcing it to be at the end of next year, but with -- obviously, with the Q3 results, we kind of pushed it up a quarter. That's the only thing we did, pushed it up by one quarter. And the reason we pushed it up a quarter is because Obviously, investors want to know how much of the non-SaaS business is going to be converted. And our intention, and we can talk more about that later, but our intention is to kind of break the business into two, the SaaS business and the non-SaaS business and they would want to see what is the expectation on the conversion? What is that going to be for 2026? If we announce the end of life next quarter, every investor would rightly so ask us, how did we quantify the end of life into that expectation if we're just announcing it now. And that's part of the reason we wanted to announce it a quarter early. We have about roughly $175 million today non-SaaS ARR, 1/3 of it, approximately $60 million are up for renewal in Q4. So with the announcement of end of life and with everything that's going on, we would have a much better data point that we can extrapolate and give color for 2026 with all the information out there, and that was the logic behind it.

Got it. Very helpful data point. I mean I want to follow on that a little bit. It felt like the higher-than-expected churn. It was clearly a surprise for all of us. And it felt like it was a little bit of a surprise for the team as well particularly given what I think were healthy renewal rates in the on-prem business in the first half of the year. And it sounds like there wasn't really one common theme around why some of those customers didn't renew. But as we get further and further from the sun, right, like what have you kind of seen as you've gone back and looked at those customers that have churned and whether there was anything common or what drove it or was it a fluke? I mean, who knows, right? So what's your kind of postmortem on that?

A lot of the postmortem that we have done is confirming what we talked about during the earnings call in the Q3 announcement. And I can walk you through the three components but you're right that the Q1 and Q2 renewal rates were actually improving. So when we look at the renewal rates, there was no indication we are back-end loaded like any other enterprise business and about 50% of our business closes in the last two, three weeks. And that's been historically the case. That obviously was the case in Q3 as well. So we didn't -- when we tracked all of the information throughout the quarter, there was nothing there that would signal the lower renewal rates as we saw them kind of at the end of the quarter. The three components that contributed to the underperformance on the renewal rate of the on-prem subscription where, one, many of the customers that didn't renew were single threaded, meaning they bought us for an auditing tool. They bought us for a specific use case. And then if they don't renew, they're not exposed from a cybersecurity perspective the same way they would be exposed if they didn't renew on the SaaS front. So that was one component that we saw. What is important to note is that in Q1 and Q2, those single-threaded customers did convert and did renew. So this was -- when we talk to customers in Q3 and obviously after the quarter end, and we were trying to figure out why they didn't renew. That definitely came up as like we had you for an auditing tool, and really nothing happens if -- and that's part of the reason we want to move everyone to SaaS because the value proposition is significantly better and much more meaningful than the value that we can provide. The second component had to do with the fact that our sales team didn't perform in the best possible way, taking into consideration some of those customers were single-threaded and some of the quotes that were put in front of them probably then weren't presented in the right way, and we obviously address that going forward, and we're all over the sales team in order to make sure that, that doesn't happen in the future. And the third component that we saw was the fact that the deal scrutiny kind of increased as we watched it in the last two weeks. When you combine all of those three components together, I don't think I can quantify what would the dollar amount in each and every component. But that was what was related to the nonfederal business. There was also a bit of an underperformance on the federal side that contributed to the overall performance of the business. And the federal business, if I had to break down why it underperformed there, I would say that Dodge probably didn't help. I don't think it was the main reason, but it definitely didn't help us. I think the second component had to do with the timing of the FedRAMP certification. We got the FedRAMP certification in May. And I think if it didn't help us, if anything, it hurt us because there were deals in flight as part of the desire to get them as on-prem that once you have the FedRAMP certification, you're trying to switch them to SaaS and then that generates turbulence within the conversation with customers and sales cycles within the federal business are somewhat longer. So adding that component definitely didn't help. And then the third component is the way the sales team handled that. I think that we could have done a much better job from a sales team's perspective. So those were the three components on the federal side, and we covered kind of the three components that were on the nonfederal side.

Very clear. Very helpful. Brian, maybe this question is for you because I know you spend a lot of time with customers. For the on-prem subscription customers that didn't renew, are they still interested in adopting Varonis SaaS over time? Or are they considering other vendors? I mean DSPM is a very hot space right now, right? Like is that playing into it at all?

Yes. So this goes to a lot of what Guy was just saying, there are many reasons that some of these customers did not renew. For many of them, they were not using Varonis as a security tool. And that's really important when you asked the question about the broader DSPM and broader data security space is if they were using Varonis for what we think of as single threaded or a more tactical use case, oftentimes, Varonis as a solution within the customer was owned by infrastructure or security. We didn't even know who the CISO was. They bought us to do something, they're leveraging a Varonis capability that was not part of their security portfolio. And so when we say that, if they were not renewing Varonis, it's not that they were going to another security tool. It's that maybe the data store that they were using Varonis to audit is going away or they're using a more administrative or tactical or point tool that we would think of. This speaks to one of the things that we've been saying about the SaaS conversions in general over the last few years is that for some of these kinds of customers, single threaded customer, customers that were using us for a single use case or on a single data store, converting them to SaaS is almost a completely new sales cycle. But now we have to sell Varonis as a security platform to a security team that might not even know who we are. To answer your question directly, yes, many of these customers, we are still talking to some of them have already converted to SaaS. Some of them, because the data store that run us with it's an on-premise file system that might be going away, we're going to have to reengage with them for their cloud stores but we didn't see any change in competitive win rates. That said, DSPM is a very hot space. There's a lot of investment there. One of the things we've been telling everybody, including you for the last few years, is when you ask about data security as a priority, we've been saying it's moving up the stack. Data security is becoming more and more important, especially in the generative AI world. And when that happens, of course, there's a lot of investment in the space. There's lots of new players. It's great that there are other people now doing marketing for the market that we built. So it's -- what we've seen is it's made the market bigger. There is more competitive noise. But specifically with the customers in Q3, we didn't see a change in competitive win rates for all of the reasons that Guy had laid out. It's not that these customers were not renewing Varonis and going to another competitive security product, we just didn't see that.

Got it. Understood. That's very helpful on the competitive win rates. And I do agree that this market does seem to be getting bigger. Guy, maybe the follow-up question here is, have you ever kind of talked about what percentage of the base is "single-threaded"? Like what's the risk that we kind of have as -- what percent of the base is on security, what percentage is single-threaded as we think about just what the incremental risk might be.

So it's a very good question. But I do want to point out that, that single-threaded it did renew and convert in Q1 and Q2. So it's very hard to kind of -- I'll tell you, from a quantification perspective, -- we obviously looked at what that percentage is for what's left in that $175 million. It's not a small portion. It's less than a majority, but not that far from it. With that said, we want to see how Q4 behaves and then we'll have a much better denominator, and it's not just the two weeks in Q3. And then we can really identify was this like a onetime thing? Or is this something in terms of changing in trends. From a guidance perspective, in Q4, we assumed lower renewal rates on the on-prem subscription than what we saw in Q3, and we also assumed that there would be some additional churn because of the end-of-life announcement. So from a guidance perspective, we did take a very conservative approach and the way we're thinking about it for 2026 is -- was that the question?

That is -- that was -- that's why I was smiling.

That's great. So in terms of 2026, the way we're thinking about it we want to make sure that investors look at the strength of the business, and they don't have any noise that interrupts what is working and what is not. And we have this $175 million of non-SaaS ARR. As I mentioned, about 1/3 of it is roughly $60 million is up for renewal in Q4. We're talking to every single customer in order to try and figure out whether they will move to SaaS or will they not move or what's the plan to move to SaaS? We already know. Not all of them are going to move to that SaaS. That's, I think, is very clear, especially within the federal business, within the DoD, there are customers that will not move to SaaS, and that's okay. But from a guidance perspective and a focus perspective, I think the right way to look at the business going into 2026 is what is the SaaS growth rate? So if we guide on SaaS only, not including any conversions, and we give a number on the SaaS number Quarter-over-quarter, what's the expectation, what is the yearly SaaS growth rate, and we talked in the past about our belief that we can grow 20-plus percent for time. So if we give a SaaS number that doesn't include the conversions and then give the conversions on a quarterly basis, on top, I think that puts the focus on what investors really should care of, should care about. The forward-looking business, not the rare-view mirror. It gives the visibility and also give the abilities to know the investors the ability to know how much of the conversions impacted your growth rate on a quarterly basis within the last year of 2026.

Which then -- it makes a ton of sense because then presumably, that can give you a basis for modeling into '27, right? When 100% of the business will be SaaS, presumably. Very interesting. And that idea of kind of separating out the conversions, I think, would be very helpful for what it's worth. Brian, I want to move over to you for a second. I mean one of the pushbacks that I get sometimes is going back to sort of the DSPM market is, well, there's start-ups like Cyera that are doing really well, et cetera. And I mean -- and you talked about really the win rate not changing, but how much of that is a factor right now from just a competitive standpoint?

There's a lot of noise. There's a lot of discussion. We're in a lot more RFPs and we're in a lot more deals that we weren't in 5 years ago because 5 years ago, Varonis was a self-hosted security platform that supported file systems. These days, we're a cloud-first, cloud-native security platform that supports all of the hyperscalers, databases, SaaS applications, file systems. And the big separator for us versus the entire DSPM market, whether it's a public company that acquired one or a private company is we're doing so much more than just discovery, and we're doing it not just on cloud databases. We're discovering data in places. But then what matters from a security perspective, which is why we call ourselves a security platform and not just a DSPM vendor, what matters are security outcomes. We talk a lot about outcomes because no matter what you do from a discovery perspective, unless you can actually secure the data, lock it down and do it automatically because there is no CISO out there that has unlimited head count to actually go solve the problems that we find. And unless you can actually monitor data in a useful way, just think your credit card is going to text you as soon as there's any fraud, Varonis is going to call you as soon as any data gets accessed inappropriately. Those capabilities are critical from a security perspective. They're critical to deploy generative AI. So while it's great that there's a lot of noise in the space and a lot of investment. We mentioned that there's a lot of marketing, growing the market that we created. We haven't seen a change in competitive win rates because our sales execution, the way we go to market, the way we engage with the customer starts with a risk assessment. And that means we're deploying our technology at scale, on real data which nobody else can do. This is why we win. When I say the competitive win rates haven't changed, when we go in and execute our sales process properly, the win rates are very high.

I think the idea of being a security vendor versus a DSPM point solution is an interesting nuance. Guy, I want to kind of move beyond sort of last quarter's on-prem discussion and talk about that phaseout of on-prem in '26. One of the things that I think Varonis has done really well in the past not just through this transition, but prior transitions, has been sort of turning knobs a little bit, whether it's on pricing or if it's on sales force compensation to really bring about different behavior from your team as well as from customers. As you think about kind of that end of life for on-prem by the end of '26, open-ended question, are there any changes that you're making from a pricing or sales comp perspective ahead of that?

So we started thinking about comp plan about 9 months before the actual the time we start implementing it. So we spend a lot of time every single year. And you're right, in every year, we have some tweaks. In 2025, this was actually the first year that we decided to compensate on the conversions. We didn't do that in 2023. We didn't do that in 2024 in the same way we did it in '25. And the reason we did it in '25 is because we just wanted to be done with the transition. We didn't want to drag the transition. By the way, that's part of the reason we were surprised with the Q3 because it's counterintuitive to what you were thinking and especially when the reps can get paid on it. In 2026, it is clear, and we're obviously in the final stages of finalizing the program that we will not be compensating on conversions the way we have done in 2025 because we -- the one thing that is important to emphasize, and I've talked a lot about this. So if I sound like a broken record, I apologize. But the cannibalization of time for the reps on focusing on the conversion is actually a headwind for that.

There's an opportunity cost to that time, right?

Yes. There's an opportunity cost, and it's not a technological challenge. It's a documentational challenge. It's a conversational challenge on making sure that you go through all the security check place moving from on-prem to SaaS. All of that takes time and focus from the reps. We want in 2026 to go back to basics where the reps can actually make money by selling to new customers and selling to the base. That will be the main focus. That's what we've been working on over the last, I'd say, 6 months in terms of thinking about the comp plan. I think Q3 actually emphasized our focus on going back to basics. And I think that with their ability to go back to basics and sell to new customers and actually have the opportunity to do an upsell now for a SaaS customer that when you think about the denominator, you have a wide range of SaaS customers that you can go back and sell additional licenses and Brian can talk about some of the platforms that we're seeing in terms of conversation, and it goes back to some of the acquisitions that we have done that generate a ton of opportunity from selling to the base, additional platforms. The focus of the comp plan will be on those. Obviously, we still will have about 17%. We guided to 83% SaaS of total ARR. So we'll have roughly 17% of non-SaaS that we still want to get over, but the focus will be on the bread and butter, new and existing.

And that is the gift that keeps on giving, right, in terms of SaaS and lifetime value? That makes a ton of sense. We've focused so much on the different parts of -- the moving parts of that the ARR line, Brian, you brought up a couple of times just on one of the secular themes in data security, and that is how to secure data in an AI or a copilot driven world. So maybe for you, again, knowing how much time you spend with customers. How much is Varonis coming up in copilot discussions? And one of the questions I get sometimes is, Well, hey is Microsoft purview like a competitor or are they a friend here? Maybe address that as part of the answer.

I mean, Microsoft put out a press release earlier this summer that copilot security is powered by Varonis. We consider the set of capabilities that Microsoft offers through purview to be critical for infrastructure security, but you can't really secure your data without us. We integrate deeply with Purview, and part of that announcement was continued enhancements and more research and development together with Microsoft to make that integration deeper. We've moved beyond just the public APIs as an ISV vendor, there's going to be a lot more capabilities within the Purview stack that are powered by Varonis. So Microsoft and Varonis customers can move more quickly to the security outcomes that we're talking about, which allows them to deploy CoPilot more quickly. To make that as simple as possible, the enterprises that are deploying copilot for 365 widely and quickly with a minimum of friction and a minimum of risk are using Varonis to do it in an integration along with the capabilities that Microsoft provides. We don't compete with Microsoft. We just make everything that they do a lot easier, and you can realize the value of both platforms much more quickly.

Got it. Maybe just to stay with you, Brian. I mean, I think there are some other -- and Guy brought up some acquisitions earlier, right? I think one of the areas that we've kind of entered is database activity monitoring, which I think came through the Cyral -- is that right? The Cyral acquisition, as well as Varonis Interceptor, which I think came through the SlashNext acquisition. Maybe for -- because we -- I would say that certainly, I can tell maybe the question is who are you displacing in those instances for...

The database activity monitoring market is interesting because databases are obviously a big and important data store. Every enterprise has databases. We've been doing database security in cloud stores through AWS, the relational database system as well as Snowflake and Databricks. However, a lot of big companies have a lot of on-premises databases and the legacy tools like Imperva and IBM Guardium that they're using for database activity monitoring, this goes back to the single-threaded use case for Varonis. Those products are being used very tactically to check a box that yes, I'm monitoring some of these databases. What we have learned as we've entered this market is a lot of companies are very eager to displace those products with a more modern solution. The Cyral acquisition and the integration of Cyral database activity monitoring into the Varonis platform is now allowing us to disrupt that space. So whether you've got a database on-premises or a database in the cloud, whether it's in a managed or an unmanaged database, basically, if you've got data, we can secure it and the monitoring is a key part of that because once Varonis is monitoring a data store, we can detect a threat, just like you get a bank statement with a credit card, we can detect threats there. We can also build really useful and safe and surgical automation in ways that other products couldn't because now it's part of a broader platform. Really similar. You mentioned SlashNext and Varonis Interceptor. That's really exciting for us because our managed data detection and response, MDDR, is a key part of the value proposition of Varonis. Almost all new SaaS customers are taking MDDR because why wouldn't you? I've got a technology platform, a security platform that's classifying data and monitoring it and locking it down and alerting them if something goes wrong, but now you have a global team of Varonis experts that are going to call you if we see anything that you might have missed. It's all in service of minimizing the time to detection and time to response for a threat. However, when we're in these investigations, often, in fact, the majority of the time when we're trying to come to a conclusion about what happened, guess what, data breaches often start with an e-mail, a business e-mail compromise. Somebody gets phished or spearphished, and our investigation we get to a point where, "Okay, here's where the fishing happened and now we'd have to go look at another tool", a secure e-mail gateway or ecosystem tools built into whatever e-mail provider they might be using with Microsoft Exchange. We're not displacing necessarily those products. However, Varonis interceptor is a next-generation AI-based phishing detection, impersonation detection, business e-mail compromise detection. So when you think about Varonis as a security platform, specifically when it comes to threat detection, what we want to do is move left. What that means is if you think about the steps that a threat actor takes to get access to and steal data, very often one of the very first steps is e-mail phishing. We're now there with that technology. And the huge advantage that Varonis has and Varonis Interceptor provides our customers is not just that we have a best-in-breed next-generation e-mail security tool, but it is part of our broader platform. So now you're -- you've got Varonis monitoring and detecting fishing on your e-mail stores while we are classifying it while we are connecting that telemetry in that automation to everything else and all the other data that we're monitoring. We want -- if you want to protect data, Varonis does it, whether you're talking about e-mails or databases or files or SaaS applications, whether it's on-premises or in the cloud, we want to be everywhere.

Well, as I put myself into Guy's seat, I mean, that only helps support that net revenue retention on the SaaS side, right? And I talked about back to basics on that part of the business, so that certainly helps. Guy, maybe just to wrap up your last couple of questions. We talked so much about the ARR base and growth. I definitely want to hit on profitability as well because I think that's been great to see as part of the transition. And listen, we're seeing a little bit of compression in the ARR contribution margin this year for various reasons. But maybe you can talk about some of the puts and takes that are driving that? And how to think about that balance between growth and profitability from here, particularly in the context of some of your long-term targets?

I think it's a great question. And I think when you look at our focus on the cost structure and the generation of cash, we have done a job I'm really proud of when you think about where we are today in comparison to where we were a couple of years ago especially if you go back to the -- I'm going back again to that Investor Day, we talked about our desire to get to 18% to 22%, roughly in that 20% range at the end of 2027 and if you look at where we've progressed, we're literally like there. Obviously, when you look at some of the on-prem subscription renewal rate that is not going to come, I think that will have an impact on the 2026. But the benefit is that it quickly comes back at 2027 when you don't have to maintain two types of code and you don't have to have the same level of investment in supporting tickets that the on-prem subscription has because the ticketing -- the support tickets on the on-prem subscription side is significantly larger than what we see on the SaaS side. So there are a lot of benefits within the model that are beneficial for investors and us as well in getting away from the on-prem subscription. So in 2026, we're going to keep -- obviously, we're not going to go crazy from an expense perspective. But if you're getting some renewals that are not coming, it will impact your ARR contribution margin, but you'll see it come back very quickly with vengeance in 2027. That's the plan.

I go back to where we started, right, with two companies, two companies right now inside of Varonis, but really by the end of '26, that too goes down to one, right?

By the end of -- on December 31, 2026, we are 100% SaaS. There is nothing left that is non-SaaS ARR. That's the plan. That's why we call the end of life, and that's the right thing for us. Obviously, for the customers and also for the investors.

I couldn't think of a better way to end than that. So Guy, Brian, thanks so much for the time.

Thanks very much.