Qualys, Inc. (QLYS) Q3 2014 Earnings Report, Transcript and Summary

Good day, everyone, and welcome to the Qualys Third Quarter 2014 Investor Conference Call. This call is being recorded. [Operator Instructions] I would now like to turn the call over to Don McCauley, CFO of Qualys. Please go ahead, sir.

Welcome to the Qualys Third Quarter 2014 Investor Conference Call. I'm Don McCauley, CFO; and I'm here with Philippe Courtot, our Chairman, President and CEO. Before we get started, we would like to remind you that during this call, management expects to make forward-looking statements within the meaning of the federal securities laws. Forward-looking statements generally relate to future events or our future financial or operating performance. Forward-looking statements in this presentation include, but are not limited to, the following: statements related to our business and financial performance and expectations for future periods, including the rate of growth of our business, our expectations regarding capital expenditures, including investments in our cloud infrastructure and the intended uses and benefits of such expenditures; trends related to the diversification of our revenue base; our ability to sell additional solutions to our customer base; our plans regarding the development of our technology and the expected timing thereof; our expectations regarding the capabilities of our solutions; the anticipated needs of our customers; strength of demand for our solutions; our strategy and our ability to execute such strategy; and our expectations regarding our market position; the expansion of our platform; and our delivery of new solutions. Our expectations and beliefs regarding these matters may not materialize, and actual results in future periods are subject to risks and uncertainties that could cause actual results to differ materially from those projected. These risks include those set forth in the press release that we issued earlier today as well as those more fully described in our filings with the Securities and Exchange Commission, including our quarterly report on Form 10-Q that we filed on August 7, 2014. The forward-looking statements in this presentation are based on information available to us as of today, and we disclaim any obligation to update any forward-looking statements except as required by law. We also remind you that this call will include a discussion of GAAP and non-GAAP financial measures. The non-GAAP financial measures are not intended to be considered in isolation or as a substitute for results prepared in accordance with GAAP. A discussion of why we present non-GAAP financial measures and a reconciliation of the non-GAAP financial measures discussed in this call to the most directly comparable GAAP financial measures are included in our earnings press release that is available on our website. Now to begin the discussion, Philippe will provide an overview of the company's performance for the third quarter. Then I will cover our financial results and factors that drove the quarter in more detail as well as our outlook for the fourth quarter and full year 2014. Then we will open the call up for your questions. With that, I will now turn the call over to Philippe.

Thanks, Don, and welcome to all of you. The third quarter of 2014 was another very strong quarter for Qualys, with solid progress in all aspects of our business, as demonstrated by continued acceleration of our revenues and increased profitability, and for the second consecutive quarter, while raising our guidance for revenues and both earnings per share amounts. Don will cover the financial details of our performance for the quarter. Let me first start off with an overview of key highlights that are driving the momentum in our business. In the third quarter, we added a number of important new accounts, including Allergan, BAE Systems, Benjamin Moore, Best Buy, BP Iraq, Corning, Indiana University, Intuit, Jabil Circuit, Merck, National Australia Bank, Saudi Basic Industries and Toyota Motor Manufacturing North America. Our Vulnerability Management solution continues to grow at an accelerated rate and remains the largest component of our business. At the same time, we continue to make progress in diversifying our revenue base. We derived 81% of third quarter revenues from subscriptions to our VM, or Vulnerability Management solution, compared to 84% for the same period last year. This ongoing diversification of our revenues is principally due to the increased sales of our Web Application Scanning and Policy Compliance solutions, both of which continue to show accelerated growth. We also want to provide you with an update on our progress in selling additional solutions into our customer base beyond our industry-leading Vulnerability Management solution. As of the end of the third quarter, 50% of our customers purchase more than one solution on the Qualys platform, a strong progress that we believe underscores the power of our platform and the traction of our newer solutions. We believe this is a clear and promising trend line, as supported by the fact that the metrics stood at 20% at the end of 2012, 30% at the end of 2013 and 44% at the end of the second quarter. At our recent 12th annual user conference in Las Vegas, we unveiled our next-generation cloud security platform with new capabilities that we believe will enable us to continue to expand our offerings and introduce new ones to our customers to protect their business from cyber attacks and manage compliance more efficiently. One of these new groundbreaking capabilities is our Cloud Agent technology that delivers the ability to drop lightweight agents on IT assets for continuous assessment of its security and compliance postures and keep it up-to-date. This agent technology is designed to scale for millions of devices. Its intelligence is key to be able to secure IT assets in the enterprise, especially in mobile workforce environments, or an environment where virtualization is predominant. We believe our agent technology will allow us to expand our footprint within the enterprise into areas where our current remote scanning technology doesn't reach. We currently plan to have this technology in beta by the end of this year. Another groundbreaking capability that we showcase is our weblog management solution, which comes fully integrated with our Web Application Scanning and Web Application Firewall solutions. This new solution is designed to help customers improve weblog management and improve protection for their websites through continuous detection of threats, automated alerting and mitigation. We currently plan to have this technology in beta in the first quarter of 2015. This quarter, we also released new versions of our Web Application Scanning, Policy Compliance and Continuous Monitoring for the Perimeters solution. Each of these releases added new capabilities and workflow that are designed to better address the increasing needs of our customers. More specifically, we released advanced detection for the Bash Shellshock vulnerabilities with special reports and workflows designed to help customers detect and protect their IT environment and web applications against this critical threat, and this is on a global scale. Also this quarter, we saw strong demand for our Private Cloud Platform, which allows customers to use our full suite of security and compliance solutions, while keeping all data on premise. Demand is strong in Europe and the Middle East due to the data sovereignty requirements from our partners and customers. In fact, we are further expanding the reach of our Private Cloud Platform to make it fully disconnected from Qualys for updates and monitoring. And then -- and this will allow us to address customers with defense and other highly classified environment. On the partnership side. Tech Mahindra, a leading Indian outsourcer, selected Qualys to help them expand their global IT security portfolio and enhance their managed service offering. Outsourcing partners, such as Mahindra, are becoming a significant component of our channel strategy as we help them to build managed security services businesses. We're a natural fit for them due to our elastic cloud delivery model. Lastly, IDC recognized Qualys for the six consecutive years as the leader in device vulnerability management. And now for the review of our financial performance and our guidance, I will turn the call over to Don.

Thank you, Philippe. As Philippe said, Q3 was another strong quarter across our business. In fact, Qualys delivered its strongest revenue growth on a year-over-year percentage basis since our IPO in 2012. This will be evident as we review the results and metrics. Revenues grew in the third quarter to $34.3 million, which represented a 24% growth over the same quarter last year. For the third quarter, U.S. represented 70% of revenues, which is the same percentage as a year ago. Our current deferred revenue balance at September 30 was 21% greater than 1 year ago. A note on the current deferred revenue balance being up only 21%. In each quarter, we have a certain amount of bookings with subscription start dates after quarter end, which are not included in deferred revenues, as is our practice to not invoice our customers until the subscription start date. In Q3, we had approximately $2 million more than we usually see, which is why deferred revenues at September 30 are only up 21% year-over-year. These bookings were invoiced in October. But had they been billed in September, the growth rate -- the growth in current deferred revenues would have come in at 24% year-over-year growth. GAAP gross profit increased to $26.9 million in the third quarter of 2014 compared to $21.3 million for the third quarter last year. GAAP gross margin was 78% for the third quarter of 2014 compared to 77% in the same quarter last year. Non-GAAP gross margin was 79% for the third quarter of 2014 compared to 77% in the prior year. Adjusted EBITDA for the third quarter of 2014 increased by 59% to $9.0 million compared to $5.7 million in the third quarter of 2013. As a percentage of revenue, adjusted EBITDA increased to 26% in the third quarter of 2014 compared with 20% in the same quarter last year, demonstrating continued solid progress in our business. Moving on to earnings per share. For the third quarter of 2014, GAAP EPS was $0.09 per diluted share versus GAAP EPS of $0.04 per diluted share in the third quarter last year. Non-GAAP EPS was $0.15 per diluted share in the third quarter of 2014 compared to $0.08 per diluted share in the third quarter last year. Turning to the balance sheet. At September 30, we continue to have a strong cash position with $150 million to -- $151 million in cash and no debt. In the third quarter of 2014, capital expenditures were $3.8 million compared to $4.1 million in the third quarter of 2013. In the fourth quarter, we expect capital expenditures to be in the range of $4 million to $5 million, as we have a significant inbound software license to negotiate. After that, we currently plan to continue to spend approximately $4 million per quarter for capital expenditures to expand our cloud platform to support more customers and to add more solutions and functionality to our platform. Now turning to our guidance for the fourth quarter and full year 2014. You'll note that we are again increasing full year guidance for revenues, GAAP EPS and non-GAAP EPS. Starting with revenues. For the fourth quarter, we expect revenues to be in the range of $35.5 million to $36.0 million. At the midpoint, this represents 23% growth over fourth quarter 2013 revenues. For the full year 2014, we now expect revenues to be in the range of $132.5 million to $133.0 million, an increase from the previous revenue guidance range, which was $131 million to $132 million. At the midpoint, this represents an increase from the 22% midpoint of the previous guidance to a growth rate of 23% for 2014 over 2013. For earnings per share, we expect GAAP EPS for the fourth quarter of 2014 to be in the range of $0.01 to $0.03 and non-GAAP EPS is expected to be in the range of $0.08 to $0.10. Our fourth quarter EPS estimates are based on approximately 37.4 million weighted average diluted shares outstanding. For the full year 2014, we now expect GAAP EPS to be in the range of $0.13 to $0.15, an increase from the previous GAAP guidance range of $0.04 to $0.08. Non-GAAP EPS is now expected to be in the range of $0.39 to $0.41, an increase from the previous non-GAAP EPS range of $0.30 to $0.34. Our full year EPS estimates are based on approximately 37.4 million weighted average diluted shares outstanding. What you're seeing in these expectations is a continuation of the strong sales execution that we've been experiencing across our products and geographies this year. Our outlook also reflects the power of the platform that we've built, with customers increasingly purchasing multiple products from us. In short, the land-and-expand strategy that we have discussed with you over time is continuing to bear fruit. We recently held our first Investor Day meeting on October 15 in Las Vegas, and we appreciate all of you that were able to attend or listen in on the webcast. As a reminder, an archived webcast is available on our Investor Relations website if you were unable to tune in. On November 12, we will hold a similar event in London for our European investors on the afternoon prior to our U.K. Qualys Security Conference. With that, Philippe and I would be happy to answer any of your questions. Operator?

[Operator Instructions] And our first question comes from Ken Talanian from JPMorgan. Kenneth R. Talanian - JP Morgan Chase & Co, Research Division: This is Ken in for Sterling Auty. Looks like you've got a bit of leverage on your sales and marketing line. I was wondering if most of that is coming from the direct sales force or from the channel.

Well, our channel business continues to be about 40% of our business, consistent with recent prior periods. So I -- no real differentiation of the pattern we had seen in prior quarters as between the 2. Kenneth R. Talanian - JP Morgan Chase & Co, Research Division: Okay. And I guess separately, I know -- I think it's a small part of your business, but I was wondering if you've seen any additional traction on the federal space.

Not really. As you know, it takes time to get federal contract. But what we have seen is our pipeline is improving significantly as well. So I think we're -- I anticipate a traction from the federal space at some point in time next year.

Our next question comes from Philip Winslow of Crédit Suisse. Philip Winslow - Crédit Suisse AG, Research Division: Obviously, you guys are seeing accelerating success with the cross-sell of the new products. And as we start thinking about your portfolio, continuing to expand as you just highlighted on the call, how should we think about just sort of the time to ramp as you guys introduce new products? Sort of what did you learn with Web Application Scanning and Policy Compliance versus, let's say, Web Application Firewall and some of the new products you're taking out? Would you expect potentially a faster ramp as new products come, just given the fact that maybe the channel and your salespeople have been trained on it? Or maybe just walk us through kind of how you think about the sort of the go-to-market cadence.

Yes. So let's take them, Philip, separately. If I look, for example, our Continuous Monitoring, we start to see -- we are starting to see really strong interest and pent-up demand with the Continuous Monitoring, and that's what that application is about, as we discussed in previous earnings calls. It doesn't really generate much direct revenue because it's an addition to our perimeter scanning, but what it does is that it differentiates us significantly and it allows us to essentially accelerate our penetration, in fact, of our web application -- of our vulnerability management application, which albeit is still the big part of the business is growing extremely well. So that's what the Continuous Monitoring does. Now if we look at the Web Application Firewall, what we believe is that the combination of the Web Application combined with the Web Application Log that we're introducing and as well as we're also coming up with what we call a web console for web exploit and remediation console. This is going to also significantly help us to further accelerate the penetration of our Web Application Scanning, which is doing very well, by the way, still growing well above the 50% range. So that will accelerate and, of course, generate their own revenues. All of these additional services are paying services. So we're very optimistic with the strategy. All of that is out of the same platform. Also, we are going to have, at some point in time, probably early Q1, our customizable questionnaire on the Policy Compliance side. So all that feeds on itself and essentially allows us to do bigger deals from the get-go and also accelerate the penetration and differentiators against the traditional competitors, which are not only our enterprise software, which already it's a -- our cloud offering differentiates significantly, but also combining all of these differences of this solution to one single platform, centrally managed, single console. It's very powerful.

Our next question comes from Matt Hedberg of RBC Capital Markets.

You guys continue to do a great job cross-selling into your base. And I'm curious could you talk a little bit more about steps you need to accelerate international growth further. I mean, it would seem to me that as these trends in the U.S. replicate over there, that could be another leg of further growth here.

Yes. So what we see in Europe, we're doing very well as well in Europe, in fact, and in Asia as well. The only difference today is that the size of the deals that we do in Europe, and that's the reason why the Europe as a percent -- as revenues are still a big part of our business is because we are starting to do very, very big deal in the U.S. I anticipate that, in fact, that we have in the pipeline already some much larger deals in Europe. So what we saw in the U.S., about starting about a year ago, the ability for us to do bigger deals from the get-go and as well as from customers growing their business much more rapidly, we see that happening in Europe as well. So there's a lag in Europe and rest of the world as well.

Got it. That's helpful. And then at the recent Analyst Day, one of the things that occurred to us is it seemed like the acquisitions could be more likely now than ever, with your cash balance here. I'm wondering if you could sort of outline the -- how you look at that potential opportunity now, obviously, given your success cross-selling into your base. It would seem that if the right asset came up, it could make a lot of sense here.

Yes. So that's -- yes, absolutely. So in fact, we have been so far -- we're very shy of doing acquisitions because we're focusing on expanding, strengthening the platform, which in itself is a huge technical undertaking. But now that we've got that behind us, we are now significantly more serious at looking at acquisitions. So we are looking typically at acquisitions today, which will essentially allow us to either improve the current technology that we have or enter adjacent, if you prefer, market much more quickly than if we had to do like we had done everything in the past, homegrown. So that's one direction. Of course, we need, a, a very good technology and, second, that technology cannot be really architected as an enterprise software solution because then it will be easier for us to rewrite. In fact, we'll have to rewrite, anyway. So we need to find the technologies that can fit into our platform. We're also looking -- today, there is a scarcity of good technical people as we're entering in the malware detection. We're also looking at research malware engineers as strengthening our capabilities there. And anything which is compatible, a company which has the single model that we do that we could essentially integrate very well is what we are looking for. So we are becoming very active. And to that effect, in fact, we've now nominated -- Amer Deeba is our VP of Corporate Development. So we're starting to really move into that direction, but carefully and that should make sense.

That's great. And maybe if I could squeeze in one last one for Don. Obviously, great, great progress on the margin this quarter. Could you give us an update of where you stand in terms of the reps maybe for the quarter and then sort of your expectations for the year?

Yes. Matt, the summer months is relatively quiet in terms of headcount. For example, our total headcount in the company is 1 less than it was at the end of Q2, and sales headcount is 1 more. So we have -- went up to 123 in our sales headcount at the end of Q3. And we continue to have quite a few open reps [ph]. We've already done some hires in October. And given the rhythm over the last few quarters, I don't think I'm going to actually put a number out there that's our goal. We're looking at -- we are constantly looking for many good -- especially consultative sales folks. As Philippe said, talent is a little scarce in the security business. And -- but I'd say it's really hard to put a number on it because we don't control the labor market. But nonetheless, we hope to add quite a few, but sometimes it's slow going.

Yes. Well, the bottom line here is that we are aggressively looking but we're also very careful at acquiring the right talents for the company, as we have been doing since day 1. I think the strength of the company is the quality of the team that we have and as demonstrated by all these good products that we've put to market and then the huge penetration we have -- we establish with our web -- with our vulnerability management.

Our next question comes from Steve Ashley of Robert W. Baird. Steven M. Ashley - Robert W. Baird & Co. Incorporated, Research Division: If I could just follow on Mark's (sic) [Matt's] line of questioning there in terms of hiring and headcount and your commentary. So EBIT margin's jumping up here to 17.5%, with you actually having one less employee. So if we just -- from the high-level concept of balancing investment spending for future growth, are EBIT margins maybe getting a little bit ahead of themselves here in the short term just due to the challenges in hiring?

Steve, I think a little bit of that. That's fair. If we had our druthers, we would have added more sales folks this quarter, if we could find the right ones, as Philippe mentioned. So I think to some degree, there's a little bit of that. Steven M. Ashley - Robert W. Baird & Co. Incorporated, Research Division: Yes. And then my other question. In terms of the timing of the products, I know that there's a Web Application Firewall Scanner. I know that there's -- in terms of Web Application Firewall 2.0, when are some of those products either going to beta or going to be available?

So I mean, today we have our Web Application Firewall, which has already, essentially, shipped. We are waiting to really push that product as we mentioned. In fact, last time, we're waiting to get the full integration with our Web Application Scanning so we could do virtual patching in the very same automated way. So this is going very well, and I think we are anticipating to have that essentially available very early next year. And then we really will push the product and that would also coincide with our Web Application Log and with our Web Application -- with web application, which we call our web exploit and remediation concept. So all that will happen in the early Q1.

Our next question comes from Erik Suppiger from JMP Securities.

First off, did you say how many new customers you brought on? Was it 600?

Yes. We didn't say. We update that number annually, Erik. We've been averaging about 600 new customers a year over the last few years.

Would -- can you comment whether you had nice new customer growth? Or was mostly upside driven with your installed base?

We had a good quarter on both fronts. New customer acquisition continues to go real well. And as was mentioned by several other people, up-sells and cross-sells into the customer base has continued very strong.

Okay. And then on the deferred revenue, it was up 21%. You had noted there was some orders that didn't get recognized until October. Explain again why we should be looking at it -- or how do you look at it in terms of bookings for the quarter? Should we be thinking of adding the $2 million? Or how should we think about that?

Yes. Good question, Erik. That's why I mentioned it in the script. Normally, we have a certain amount of orders every quarter that we have the order all booked in the quarter, but the start date isn't until after the end of the quarter. And those are never in deferred revenue on an ongoing basis. We had happened to have a lot more in dollars of those this quarter. And the reason I pointed it out is because all of our metrics are pretty smooth between growing 24% revenues, guiding 23%. So everything's between 23% and 24% when you look at revenues, et cetera. And we felt that, that metric, which we've pointed out to you is one you should look at to see the growth of the business and what's coming, was understated. And we -- so we examined that. And we wouldn't -- no, we wouldn't point it out, except that we think in this particular case, it actually does understate because these are all orders. They were all billed right in the beginning of October. They represent a new subscription there that starts kicking off revenue right away in early October, and it was all taken into consideration in our guidance. So we thought the metric just didn't line up and there was a logical reason for it, so we wanted to mention it to you.

Yes. And I would add that, as you know, with our model, in terms of the impact on revenues, whether we really ship, if you prefer, that order at the last day of the quarter or the first day of the quarter doesn't change the revenues, really. And conversely, it's -- in a way, we don't like to have too many deals at the end of the quarter because then on the renewal time, you go into that mode where you accumulate everything at the end of the quarter. So it smoothes everything. So we're not in a rush, pushing these things to ship at the last day of the quarter, which also strengthened our position in terms of negotiation as well.

And can you give us a frame of reference how much you would have carried in a typical quarter in the past or last quarter?

Yes. As I said, there's nothing unusual about this except there was just more dollars this time. We probably average between $500,000 and $1 million of this stuff every quarter on an ongoing basis. Well, it was $2 million extra this quarter.

Oh, extra.

Yes, yes. And maybe it's a reflection of companies coming back at the end of the summer and getting their business done later than they normally do. It's nothing troubling at all, except that it just didn't show up in the deferred revenue balance. And the test to get into deferred revenues is actually invoicing the customer, putting in the accounts receivable. So these are $2 million worth of orders where we have the order, but we didn't bill the customer until like the following week. And only because it showed a metric that really didn't make sense. And because all our metrics really are kind of in harmony here around this 23% growth rate that we just reported that we thought we'd point it out to you.

Okay. And last question, did both Policy Compliance and Web Apps Scanning grow more than 50% again year-on-year?

Yes.

Yes, they did.

Our next question comes from Robert Breza from Sterne Agee. Robert Paul Breza - Sterne Agee & Leach Inc., Research Division: Based on some of the other prior questions, both Philippe and Don, as you think about sales capacity being somewhat constrained in terms of hiring. Do you see yourselves shifting more dollars in terms of, like, co-op marketing to a channel, striking out new business relationships? I mean, given -- I'm not sure that the hiring environment's going to change a whole lot over the next 12 months. In my opinion, probably, it's harder. So how do you think about shifting dollars to focus on adding capacity? And where do you think you can add capacity?

Yes. No, this is a very good question. And in fact, we see our channel booming from -- we have now -- as I mentioned earlier, all the top Indian outsourcers are now, in fact, Qualys users and Qualys partners, and we started the deal coming from them. That typically do, by the way, 5-year deals, which is very good. The other trend that we see is that the traditional consenting companies, which were reselling, which are the reselling enterprise software solutions, are going -- are coming to us to help them build managed security services because, obviously, everybody realized that cloud recurrence business model is really better. So we see really a huge demand from channel partners and both in Europe and in the U.S. So today, the only reason why the channel doesn't show revenue growth today is because on the direct side, we do very big deals, which we were never doing before. So today, we don't see yet that impact of the channel, but it's coming. And it's a very efficient model because we do support our channel partners with our renewal team, which, as you know, are technical people. So the channels, they really like the Qualys model because they don't have another salesperson to take care of them. They have, in fact, a technical person, and that's what they need. So it's working very well. So channel business is really becoming very strategic for us, and we really welcome that. Robert Paul Breza - Sterne Agee & Leach Inc., Research Division: And maybe as follow-up, I know, Don, you and I talk offline and are together before about kind of what you and I have coined the term Qualys in a box for you guys are able to ship these virtualize boxes to private, governments, et cetera, overseas. Can you just try to give us an update on where you guys stand and how that pipeline is looking?

Yes. In fact, I'll turn it over to Philippe on that product. There's a lot of good stuff going on.

Yes. No, that pipeline is -- that product is really -- it's really a huge appeal for the large corporations in the U.S. and as well as -- so our strategy in the U.S. is essentially to move these boxes, if you prefer, to very large companies. We have today about 14 of those deployed in the world. In the abroad, we see that much more from partners because we enable, for example, companies like Orange Business system or Oracle CDN or the KPN or du telecom in Dubai or now Saudi Telecom, to essentially provide sovereign cloud offerings to their market. So rather than us putting boxes in large enterprise, we really leverage in Europe much more the partners than we are doing in the U.S. So this is really becoming very appealing in Europe and with large corporations in the U.S., big banks, essentially. Our first big bank, private department was with Wells Fargo, and we're working with a few other ones. So very big pent-up demand. And we are packaging that more. And the other thing that I mentioned is that we signed our first contract with a big European company, and we are now working with them to provide a disconnected version of that private cloud, which we're anticipating to deliver to them, let's say, at the end of the first quarter, early second quarter. And that will allow them to address, again, sovereign requirements in Europe as well. And that, of course, will really help us significantly with the federal government in the U.S. as well.

[Operator Instructions] And our next question comes from Michael Kim of Imperial Capital.

One question for Don and one for Philippe. Don, just looking at the Q4 guide and considering the operating leverage we saw in this quarter, can you bridge the EPS guidance? And considering the headcount additions, is there primarily a marketing spend component? Or are there other year-end expenses that we should be factoring in?

Okay. So specifically, Michael, you're asking why is EPS guidance a little lower than what we just reported, for example?

Yes, it looks to be a little more seasonality than what we've seen in the past.

Yes. I just want to clarify for everyone. Yes, a number of things. Q4 is a heavy marketing spend. As Philippe mentioned, we just did our first Investor Day on the heels of our largest-ever Qualys Security Conference in Las Vegas. In the next few weeks, we have several of those going in Europe. So it's a very heavy quarter for us. It's also a quarter, just to remind everybody, that there is a pattern to the bookings at Qualys. And on average, over the last several years, we do about 30% of our bookings in the fourth quarter. And of course, we pay our salespeople in commission. So it's a heavy sales commission quarter as well. So those will be the, I think, the 2 major factors, Michael.

Okay, great. And, Philippe, with the extent of the Bash Shellshock vulnerability, and earlier we've seen issues like Heartbleed. Are you seeing a greater level of inbound inquiry? And is that maybe driving the conversation towards broadening the scope of the Vulnerability Management solution?

I'm not so sure that I understood the question. You mean broadening the -- that's what we do. In fact, Qualys is very, very strong at being capable of providing this detection very quickly and that customers now can use to identify the vulnerabilities in their entire global network. That's what we do almost instantly. So that's one of the power of Qualys. So this is -- and as we talked about typically when something like that arrives, we do -- we provide a free service, which, of course, help us generate leads and very cost effectively. And so we satisfied our customers well. I mean, we have fantastic case studies on that. And so, yes, in many ways, these vulnerabilities are very good for our business.

Yes. I guess, my question is are you seeing an acceleration in lead gen? And is that just sort of growing awareness of the vulnerabilities?

Absolutely. Because what is absolutely -- okay, now I understand the question. What is happening today, these kind of big exposures plus -- combined with the data breaches -- and I will give you one specific example, are, in fact, now not only creating awareness for solution like Qualys because of the deployability, but also make people aware that they have to fundamentally do Vulnerability Management on a global scale and on a very regular basis. So that's really served us very well. We have, for example, one of -- one retailer, which now has deployed Qualys in 3,500 of their stores. And a few months ago, they would not have thought of doing that. So today, Qualys can do that, and that was done in a few weeks. So when enterprise offers solution, obviously, it will take you months to get there if you can do it. So all of that really fuels our business, absolutely.

And if I just may, one more question. Does that imply that some of the retailers have been able to deploy Vulnerability Management on some of their payment systems in front of this holiday season?

So the payment system typically, you don't really -- you're very careful. As you know, they arrive at one point in time, when you cannot do anything on the systems. So they try to do that before the payment season arrives, because then everything is locked down. But that doesn't mean that you don't need to be careful. So the Perimeter is something we do very well because we do that like hackers, like millions of factors -- hackers would do. So we see the -- essentially, the continuous monitoring of the Perimeter becomes extremely important for this kind of companies. And so, yes, bottom line, it serves us very well.

And I see no further questions at this time. I'd like to turn it back to Philippe Courtot for closing remarks.

So thank you all for joining us today. We are pleased with our current performance and continued momentum in the marketplace, as demonstrated by another strong quarter. We believe that we are very well positioned to deliver best-of-class or best-of-breed security and compliance solutions to our customers and partners as we continue to expand our cloud platform and deliver more innovative solutions that we discussed, in fact, earlier. Should you have any follow-up questions, Don and I are available to you, and we look forward to speaking with you around next quarter earnings call. Thank you very much.