Qualys, Inc. (QLYS) Q1 2020 Earnings Report, Transcript and Summary

Good day, everyone, and welcome to Qualys First Quarter 2020 Earnings Conference Call. This call is being recorded. [Operator Instructions] I would now like to turn the call over to Vin Rao, VP, Corporate Development and Investor Relations. Please go ahead.

Good afternoon, and welcome to Qualys first quarter 2020 earnings call. Joining me today to discuss the results are Philippe Courtot, our Chairman and CEO; and Melissa Fisher, our CFO. Before we get started, I would like to remind you that our remarks today will include forward-looking statements that generally relate to future events or our future financial or operating performance. Actual results may differ materially from these statements. Factors that could cause results to differ materially are set forth in today's press release and in our filings with the SEC, including our latest Form 10-Q and 10-K. Any forward-looking statements that we make on this call are based on assumptions as of today, and we undertake no obligation to update these statements as a result of new information or future events. During this call, we will present both GAAP and non-GAAP financial measures. A reconciliation of GAAP to non-GAAP measures is included in today's earnings press release. As a reminder, the press release, prepared remarks, investor presentation and supplemental historical financial spreadsheet are available on our website. With that, I'd like to turn the call over to Philippe.

Thank you, Vin, and welcome, everyone, to our Q1 earnings call. We hope that you and your families are healthy and safe, and that soon, America and the world will be open for business, again. It is now clear that after COVID-19, organizations and government agencies of all size are going to have to rethink the security and business continuity plans to include remote connectivity, accelerate their migration plans to the cloud and streamline and secure, if not reinvent, their supply and delivery chains. This will have a profound impact on our industry, as it has also become clear that most of the current security solutions were not designed for remote and highly interconnected working new work. In fact, we experienced these ourselves. Unlike most other companies, we suddenly have most of our workforce, working from home. Fortunately, because we had moved early with cloud-based enterprise application, and spent many years laying the architectural foundational work for a robust, scalable cloud platform, we were able to not only secure our remote workers, but also continuously monitor and patch validities under computers in a very short period of time. As a result, we could continue our engineering and business development initiative without much disruption. This was, in fact, the genesis for launching a cloud-based Remote Endpoint Protection free service in a matter of days. For our customers first, and now for the community at large by leveraging our powerful cloud platform and our strong base of engineering talent in Pune. As a result, today, we have close to 500 companies of which 50% – nearly 50% our new customers' prospects signed up for this free offering, which allows security teams to gain instant and continuous visibility of remote computers, easily see missing patches for clinical vulnerabilities and employ them from the cloud. This represents a deployment of approximately 2.1 million cloud agents on the endpoints, 1.4 million from existing customers and 700,000 from new prospects. The patches are delivered securely and directly from vendors' website and content delivery network, ensuring there is little to no impact on external VPN bandwidth. We are now planning to add malware detection capabilities in a couple of weeks and will extend the free service for another 60 days for those who adopt the malware detection capabilities, which, in fact, will be a prelude to bringing the power of our Cloud Platform, our Cloud Agents and passive technology to EDR, a new offering we plan to release this summer and as well to the Security and Event Management market later in the year. So what makes Qualys unique is the significant investment we have made as well as our determination over the years to build a highly scalable cloud-based platform that allows us to unify IT, security and compliance across the new hybrid environment. Early on, we recognize the importance of capturing all the necessary telemetry via our sensors, via the Internet and building the back end with the scale and computing capabilities needed to handle such a large volume of data. Today, we handle more than 9 petabytes of data, indexing now more than 6 trillion data points on our ElasticSearch clusters, moving 5 billion messages a day on our Kafka bus and pumping 1 million writes per second in our Cassandra log analysis engine. As a result, our cloud-based IT, security and compliance solution do not need to collect data from disparate sources, are easily deployable in environment with a dispersed and remote workforce, and this is what drove, in such difficult times, another good quarter in terms of revenue growth and profitability. This is underscored by the continued acceleration in our paid Cloud Agent subscriptions, with over 38 million now or 114% growth from the prior year quarter. We continue to see a good adoption of our free Global IT Asset Discovery and Inventory app with almost 9,000 new companies signed up and over 700 new companies actively using the service. We now have over 600 existing customers using the solution as well. We saw solid growth this quarter from our paid It Asset Discovery and Inventory and Cloud and Container solutions in fact, a leading financial services company added our IT Discovery and Inventory, paying modules this quarter in order to gain visibility of all the known and unknown assets, across multiple environments, identified the end-of-life of their installed software and synchronized with our ServiceNow CMDB. Also, a large existing bank, which had acquired a competitor, one of the competitor used this opportunity to not only adopt VMDR, but also to add many of our newer solutions, like FIM, Container Security, and Cloud Security Assessment, as they could consolidate many of their existing security solution in a single stack, where all the data could be correlated, far more cost effectively to provide a continuous and accurate view of the security and compliance posture, across their entire environment. Finally, Patch Management continued to see strong customer adoption in the mid-market. This quarter, as we are seeing strong and we also are seeing strong interest with our large customers as well. We're also pleased to announce that Qualys Container Security application is now available and the Qualys Vulnerability Management solution within a month in Microsoft Azure Security Center to all customers that are on Azure Security Center Standard Edition. This jointly developed solution automatically analyzes virtual machines and containers images in Azure, providing customers visibility into variabilities and configuration issues, which are reported to the Microsoft Azure Security Center, as recommendation, including the ability to create playbooks for one-click remediation with no software to deploy or update. Our Security Conference during RSA in Q1, where we unveiled Vulnerability Management, Detection and Response, VMDR, which is now in GA, was a huge success. VMDR takes vulnerability management to the next level by providing the power to continuously detect vulnerabilities and misconfiguration across the entire global IT hybrid environment and respond in real-time to remediate assets that are variable or already compromised from a single platform with built-in orchestration. We held a live virtual event on April 21, demonstrating how VMDR integrates Asset Discovery and Inventory with vulnerability assessment and patch detection in a single app. More than 3,000 people have registered to our VMDR live event, and over 600 organizations signed up for a VMDR trial after this event, 75% which were new customer prospects. For example, the Head of Security Research at Orange Cyber Defense in, one of our MSSP partners concluded that VMDR is going to shake up the vulnerability management space, given its focus on inventory, risk-based priorities and workflows as well as its strong use of ElasticSearch capabilities. In fact, Armor saw the opportunity to integrate VMDR with the Armor Anywhere managed security offering and Armor Anywhere customers will now have access to the newly announced Qualys VMDR application, as part of a holistic solution to meet their Vulnerability Threat Management, VTM requirements and provide visibility across the entire hybrid environment. Qualys Cloud Agents are embedded and fully integrated with the Armor platform to deliver asset discovery and inventory, vulnerability assessment, including configuration control, threat prioritization and patch detection to Armor customers. In addition, this quarter, Qualys was recognized as a Gartner Peer Insights Customers Choice for Vulnerability Assessment. VMDR is effortless to deploy on a global scale and priced as a fully branded solution, drastically saving deployment, administration and software subscription costs with real-time, light-weight Cloud Agents and Virtual Scanners that are self-updating and easy to deploy. Our game-changing VMDR application was also highlighted during the quarter in a report by Ovum, the market-leading data research and consulting firm and you can review it at www.qualys.com/phones/whitepapers/ovum. In Q1 nearly 150 customers, existing customers, adopted VMDR, which included approximately 60 new customers and seven of our top existing customers, up for renewal in Q1, renewed into VMDR subscription. In fact, 3.9 million out of our 38 million paid Cloud Agents subscription came from VMDR, of which 3 million were new agent subscription, laying the foundation for ubiquity of our agent, which is the technology platform for seven security and compliance and IT solutions, namely Vulnerability Management, Policy Compliance, File Integrity Monitoring, Indication of Compromise, Patch Management, Asset Inventory and the upcoming Certificate Management and with more to come. In addition, earlier this month, we also announced general availability of the Qualys Cloud Agent on the Google Cloud platform, GCP. GCP Customers can now easily activate multiple Qualys applications, including our game-changing VMDR application to build a streamlined workflow within GCP. Also, at our user conference, this past quarter, we participated in a number of impromptu videos, which you can access at www.qualys.com/qsc/2020san-francisco. These videos underscore the fact that the security industry is on the verge of a major transformation as many of the current solutions offered by a plethora of vendors are becoming inadequate, as the architecture of our corporate network is drastically and rapidly changing. We saw this coming quite a while ago. And as mentioned earlier, we took the time to properly build our offering with this need in mind. These efforts being the foundation for our leadership position in our market, and we continue to innovate first, with VMDR, which went live in April and with the next-generation of SIEM and EDR, which we expect to deliver for beta at the end of the year, and EDR early this summer. In addition, we will deliver significant extension similar to our VMDR to our current offering, providing detection and response capabilities across cloud, mobile, SaaS, OT and IoT environments by adding response capabilities to our Cloud Agent and additional detection capabilities to our network analysis efforts or passive scanning efforts. Looking forward, we believe the world after COVID-19 is going to be different. Companies are going to be more focused on reducing costs, while increasing business flexibility, which is going to be a significant driver to a faster adoption of cloud-based solutions. In the current uncertain environment, we're fortunate to have a stable foundation of recurring revenues and a highly profitable model, which we believe can withstand short-term disruptions. Finally, because of the very nature of our business model, which is 100% recurring, and the fact that our solutions have become mission critical to have a greater visibility than many other security companies in our industry, even in such difficult times, not to mention our stellar profitability. With that, I will turn the call over to Melissa to discuss our financial results and guidance for the second and full-year fiscal 2020. Melissa?

Thanks, Philippe, and good afternoon, everyone. I would like to reiterate Philippe's comments that we hope our investors and analysts and everyone on the call are all safe and healthy. Before I start, I'd like to note that except for revenue, all financial figures are non-GAAP, and growth rates are based on comparisons to the prior year period, unless stated otherwise. We're delighted with our increasing Cloud Agent subscriptions and multi-product penetration as well as the strong adoption of VMDR, which lays the foundation for future revenue growth and industry-leading profitability. Our Q1 financial and operational highlights include: revenue for the first quarter of 2020 grew 14.5% to $86.3 million. Please note our Q1 2020 calculated current billings was positively impacted by the timing and amounts of prepaid multiyear subscriptions, somewhat offset by a few large deals that were invoiced in Q4 2019, rather than at their anniversary in Q1 2020. Our average deal size increased 3%. Platform adoption continued to increase as a percentage of enterprise customers with three or more Qualys solutions rose to 50% from 42%, and the percentage of enterprise customers with four more Qualys solutions increased to 32% from 22%. Paid Cloud Agent subscriptions accelerated to 38.4 million over the last 12 months, up from 30.7 million for the 12-months ended in Q4 2019. 3 million Cloud Agents were purchased this quarter by a single customer. And new products released since 2015 contributed approximately 44% of total annual bookings in the quarter, up from 23%. Since this metric includes VMDR, we do expect it to become less relevant for investors as more VM customers renew into VMDR over the coming quarters. As a result, we do not plan on providing this metric going forward, but we plan to introduce new metrics relevant to VMDR adoption, such as the percent of customers, up for renewal in the quarter, who renewed into a VMDR subscription. In Q1, this was 4%. Because VMDR is an integration of multiple apps, VMDR adoption should increase our strong renewal rates. Our scalable platform model continues to drive superior margins and generate significant cash flow. Adjusted EBITDA for the first quarter of 2020 was $38.2 million, representing a 44% margin versus 41%. Q1 EPS grew 34%. And our free cash flow for the first quarter of 2020 was $45.1 million, up 28%. Excluding one-time CapEx related to the build-out of our Pune headquarters and M&A related payments, our free cash flow grew 36%. In Q1, we continued to invest the cash we generated from operations back into Qualys, including, $4.7 million on capital expenditures for operations, including principal payments under capital lease obligations as well as $2.6 million in capital expenditures for the build-out of our Pune headquarters and $28.9 million to repurchase 346,250 of our outstanding shares. Our Board has authorized an additional two-year $100 million open market share repurchase program, resulting in approximately $200 million in current share repurchase capacity. This gives us ample capacity to take advantage of any potential stock market dislocations. Now I want to share our thoughts on the potential impact on our business from COVID-19 this year. As Philippe mentioned, we consider ourselves fortunate relative to other companies because we have a strong, sustainable and profitable business model. The fundamentals of our company remains strong. We have a healthy balance sheet with $435 million of cash and marketable securities, as of the end of the quarter, and we have no debt. Our exposure to the retail, travel and hospitality sectors is minimal, less than 5% of our trailing 12-month annual bookings came from customers in these segments. To date, we are seeing consistent renewal rates across our business in all geographies and solid expansion with existing customers. 18% of our enterprise customers had 5 or more Qualys solutions. And as we've discussed, our five-plus enterprise customers had a gross dollar renewal rate of 99% in 2019. And we increased the number of customers with over $500,000 of revenues over the last 12 months, by approximately 30% to 96 at the end of Q1. Additionally, because our business is nearly 100% subscription, we have good visibility into our financial performance. Our updated fiscal year 2020 guidance range for revenue is $354 million to $359 million. Our updated fiscal year 2020 revenue guidance assumes that similar to other companies, our revenues may be impacted in the next few quarters by organizations that defer purchases of new solutions as they focus on business operations and small and medium-sized companies that may need to reduce spend. Our updated fiscal year 2020 guidance range for non-GAAP EPS is $2.46 to $2.51. Because of our highly profitable model, we intend to continue investing at a similar level to what we planned for at the beginning of the year, in order to maintain our strong competitive position and drive future revenue growth. We expect to maintain industry-leading margins in 2020 and continue to produce strong cash flow. Impacting our non-GAAP EPS guidance by $0.06 versus what we provided last quarter is the recent decline in interest rates, which we estimate will result in approximately $1 million lower interest income per quarter. And our Q2 guidance for revenue is $88 million to $88.6 million, and our Q2 guidance for non-GAAP EPS is $0.63 to $0.65. For the second quarter, we expect capital expenditures to be in the range of $5 million to $6 million, which includes approximately $1.5 million for the build-out of our Pune headquarters. Because India has also been operating under a shelter in place, the timing of spend on our Pune headquarters has been pushed out a few months, and we now expect that $1 million of our original planned spend will occur in the second half of the year. To follow-on Philippe's comments, we feel very well positioned during this period of uncertainty due to the value provided by our cloud platform and our 19 apps as well as our underlying highly scalable operational model. We believe we will emerge stronger from this, as our model enables us to continue, both helping our global community and investing for future revenue growth and profitability. With that, Philippe and I are happy to answer any of your questions.

[Operator Instructions] Your first question comes from the line of Daniel Ives [Wedbush Securities].

Yes. Thank you. So maybe you can talk, Philippe, about from a day-to-day, what you're doing in terms of customers, partners to navigate the COVID-19 backdrop. Maybe just talk about from a day-to-day, what you're doing to sort of handle customers? And could you comment on the month of April versus March?

Okay. So let me maybe – yes, I mean, this is pretty straightforward. We are very close to our customers. Today, what we see is that many of our customers are essentially asking some payment terms, which of course, for us it's relatively easy to do, assuming, of course, they got good balance sheets because we're not going to extend payment terms with companies that we believe are going to get bankrupt. As Melissa mentioned, we are not that much affected in our business by the travel industry and other industries. So fortunately, we are fortunate there. So then also what we see coming, and that also, which give us a very unique opportunity. Customers, they want to reduce the spend. Because, of course, cash is king, and you need to weather – we all need to weather that economical shutdown. So as I said, it put us in a very good opportunity because instead of discussing discount, we speak then about consolidation of the stack because customers, if they adopt multiple solutions and replace our solution, virtual access or what Docker [ph] with Siebel Systems, not only we can allow them to easily extend their scope, gain visibility, but also they can reduce significant cost because everything is centralized in Qualys, everything is self-updating, you need much less people to operate these solutions. And of course, you have the advantage of having everything done from one platform. So that's the general trend. So we have this discussion almost every day with all of our customers, and they are very positive. As far as the difference between March and April, not much. Quite frankly, we see that our business is solid. We have this kind of discussion, as we discuss. We had in the early – in the really difficult time. Q1 was slightly impacted, I would say, by, or somehow impacted by the fact that some new business were essentially pushed out, and some upsell were also pushed out. But not again – that significantly again all in all and so that's – so we feel very good.

Okay. Great. Well, thanks again and good job.

Thank you.

Your next question comes from the line of Sterling Auty [JP Morgan].

Hi, guys, this is Matt on for Sterling. Thanks for taking the question. In terms of hiring, how has the current situation impacted your hiring plans, if at all?

Well, I'm really glad that you have that question because we are in a very unique position. People are flocking to Qualys. So we are in fact, one of the few companies today, which is continuously hiring. We always have been very deliberate with our hiring’s. We go for quality. We don't go for quantity. But now we have a unique opportunity because a lot of people are worried in their companies. And they see Qualys, as the shining star. So we have been interviewing a lot, in fact, via video conference, of course, and we're continuing hiring. So there's no hiring freeze, but we are again very deliberate.

Got you. And then just one quick follow-up. Which products would you say are – you feel are going to be more positively impacted by the current situation? Have you seen a shift in customer preference in terms of which applications they're using Qualys for? Thanks.

Yes, that's another – that's a great question as well. So the – obviously, everything which is remote is hot. That's why we launched in a record time that free Endpoint Protection Service, with the ability for us to patch across the Internet, which is very unique, very few companies can do that. That has been absolutely a fantastic response, as I've mentioned during the earnings call. And now we're going to add the, very soon, in a couple of weeks, three weeks at the most, the ability to detect malware. And that set us up for our next big application to come, which is the next-generation EDR, which we're planning to essentially announce and deliver in the summer. And that's obviously a very hot market because you need to be not only – you need to really know what you have out there. So the beauty of our agents is that today, we have agents, obviously for all the Windows and MAC version, et cetera in Linux, but we also now have a agent for the Android and iOS and then there's also a new world of the Cloud and Container Security and so forth. So we're extremely well positioned. So we are, in fact, very, very bullish because of we put these many, many years of architecting, and as mentioned, some of the performance of our platform, it's incredible. But it didn't happen in one day. And for any company today, to really build at the scale at which Qualys has built and bringing all that information into one single platform. So you could eliminate, for example, the problem of EDR solutions today, as they exist, they have many false positive. And so how do you manage, false positive remotely? Very difficult. So you better have a minimum false positive. And then you need to be able to everything remotely. So we are introducing very soon, in our agent, the capabilities to do the response side, which is killing processes and all these other things. So we're very well – extremely well positioned.

Yes. Just to add on to Philippe's comment, we also view and we talked about this in our prepared remarks, that VMDR is very well positioned in this environment because it's a very attractive value proposition, integrating multiple applications into one. And so we do expect to see continued strong adoption. And the benefit for us is, as we've talked about, customers with multiple solutions have increased stickiness, and it drives proliferation of our Cloud Agents, which then have laid – which lay the foundation for further upsells of additional paid solutions.

Yes. And I will add also to what Melissa, yes, absolutely forgot to mention that, Melissa. Thank you. The key is that a lot – see, some of our competitors want to, of course, they are very scared of VMDR because it's really, really – it's a true game changer. And so when they try to paint VMDR, oh, it's just a bundle of solutions. No, it's not a bundle of solution. This is where we have all the record data to one place. And then as a result of that, we can provide all the workflows and everything into a single app. So this is the ability to essentially detect any devices that connect to your network, instantly, figure out what the device is, decide whether you want to manage that device, create your global IT assets inventory, then create the assets group. So you could now go and look at your vulnerabilities, of course, on premise, endpoint, cloud, containers, web applications, et cetera. And then prioritize, we have a totally new prioritization engine, which is far ahead of everything that the competition has and then, finish the remediation by patching, and now we are soon are going to have the ability to also quarantine. So you have in the one single app from the beginning the detection to up to the remediation or to the response. And that's why we call it Vulnerability Management, Detection and Response. And you will see the same thing happening, with a new offering, that we're going to do for identifying all your SaaS applications, identifying all your cloud application and again, EDR, all endpoints and having that capabilities of response and of course, and as well as your mobile environment and then very soon, the OT and IoT environment. All of that because of the power of the platform that we have built and the ability to collect all the telemetry and bring that telemetry into one place. Nobody, but nobody has built that. It took us time, but we've done it now.

Great. I appreciate all the color there guys. Thanks.

Your next question comes from the line of Yun Kim [Rosenblatt Securities].

Thank you. Hi, Phillipe and Melissa, hope you guys are doing well and safe. In regards to the overall Cloud Agent adoption, I think, this was probably the strongest, sequentially growth quarter by a mile. Even if you exclude that one customer purchasing 3 million agents, which I am assuming was a VMDR driven. But can you just talk about the strength in your cloud adoption, in regards to where you are seeing the adoption of your Cloud Agents? Is it more end-point driven? Or is it – are you – is it more broad based? Are you seeing strength also in the cloud environments as well?

Yes. Now this is another very good question as well. So the reality is that, it's everywhere. You have to realize that to handle 38 million agents, and in fact, we today could handle hundreds of millions of the agents, if not billions of agents. You have to have the right architecture. So it took us, obviously, some time. You need to deploy them, you need to update them, you need this. So there's a lot of engineering work, behind the scenes. So we started early on, with a slower progression, replacing our traditional scanning, which, of course, we're very good, but doesn't give you the real-time. So that's where we initially started. Now today, of course, we are now branching out. And so we're branching out to the endpoints, as I mentioned earlier, you see that free service, that we delivered 500 companies, generating now 2.1 million agents. That, of course, are now installed, or in the process of being installed and therefore, all the upgrade capabilities. And then, of course the cloud is another greenfield, where of course, you need to have agent to really know what you have into your cloud. There's no other real architecture. So you need to have connectors to pump up the data from these platforms. And then you need to have agents to have a more internal and more granular view inside as well. So again, it's all about the architecture, and that's where it's a lot of work. We needed to be able to deploy at that scale. We are doing it now. Then you need to collect the data. It's not by accident, that today, we have nine petabytes because these agents continuously bring the changes back into the platform, so you need to have the computing power and the analytics, and we're, of course, adding more and more machine learning and analytics into the back end. So we can really treat that data in real-time. We have a response time today on ElasticSearch cluster about 100 milliseconds, so which is again very, very, very real-time if you prefer. So no, this is already changed. It's that simple.

Yes. Just to add on Yun, as you pointed out, yes, we saw significant acceleration of Cloud Agent adoption, which we're very excited about. And VMDR did play a big role in it. So that one large customer that is up to 3 million. That's actually separate from VMDR. So VMware did play a big role in driving Cloud Agent adoption, and this is why we had talked about before it was formally unveiled, how excited we were about it because it gives us the potential to drive proliferation of Cloud Agents, both internally and at the endpoint. And also, and as Philippe pointed out, we've seen very good adoption with the free remote Endpoint Protection Service, but that's not included in the paid subscription, so that's also additional upside in the future for us.

Okay, great. I just have a question around just the core VM market, the overall dynamics there and pricing environment in the core VM market. Just saw the ASP was up 3% in your press release. That's probably at the lower end of your range, typically. Can you just talk about the market dynamics in your core VM market?

No, the dynamics are very clear because, I think VMDR was – our customers love it. This is the adoption of VMDR is going to be very fast, we believe. And you're going to see even before the solution was even available in the ship, we have already adoption, and it's accelerating. Every customers, we discussed with, is VMDR. It allows us to find out some of the, I would say, questionable tactics of some of our competitors, which dropped their plans because they absolutely need to bring top-line revenues because, of course, they are not profitable. And now today with VMDR, what's the purpose of trying to – they don't have what we have. So they are so far below. So what's the purpose of, yes, maybe on the – just the traditional scanning, you could drop the price, but what about all these other things? Do you have a global IT assets inventory capabilities? No, you don't. Do you have very good prioritization? No, you don't. Do you have real agents that can deploy that quality? No, you don't. So it puts us in a very, very strong position to fend off this kind of pricing tactic. And so we feel very good about the VMDR market. I think we are now in a position to really go and gain market share.

Okay. Great. Thank you so much.

Thank you.

Your next question comes from the line of Nick Yako [Cowen and Company].

Hey, guys. Thanks for taking my questions. The company now has a number of free offerings, that all seem to be gaining good traction in the market especially in this environment. I was just hoping you could discuss the likelihood; you can convert these users into paid customers. And then maybe when we could see it show up in the numbers?

Okay. That's a very good question, also. So what we have done with these free services is that, as I mentioned, I think, in the last quarter, we have built a team in Pune, India, which we call the technical account representative, and they are not there to sell. They are there to help customers on-boarding these free offerings and as well as trials, because at the end of the day, the buying patterns are changing. Today, it's essentially more a word, where you try and buy. Like today, more and more after COVID – more and more people now realize that it's much easier to shop online than to go to the store. And so the same thing is happening here, so all these free services are essentially a very cost-effective way to do lead generation. And then because we onboard them properly, then of course, we have now established already a good relationship with these people, and then we can discuss about potential upsell. And one of the things also we do with this free service, we do not entrap the customer. In other words, our free services do the job, entirely. It's not all, but if you want that, you need to pay more. So we have more the tendency to cross-sell. So it takes a little bit longer in a way, but it also gives the customers a very good experience and the value of Qualys. And so we see, for example, today with our global IT asset inventory, which now, by the way it’s part of VMDR, that we start to see customers adopting now, the additional paying solutions, which are complementary like the ability to detect, for example your end-of-life software, like the synchronization with your CMDB. And so I think, we're in a very good position. It costs us very little to provide this free service because, again, the platform is the delivery. We don't need channel, we don't need people to go and install anything. It's all available to try and buy. So it's a very powerful marketing machine. We've just hired, by the way, of VP of Digital Marketing in India. So we're going to do more and more of those programs and really creating a formidable machine, which I call the marketing machine. So we have a formidable machine, with the platform itself, and now we are building a formidable marketing machine as well.

And just to add on, we believe is that model is very sticky, right? Because we're letting our customers buy at their own pace as opposed to – it's a very important, it's just, in a subscription business, not to have sales force, not to have salespeople pushing products that a customer is ultimately not going to deploy because they're not going to renew at the end of the day. So this model, as Philippe pointed out, it's very cost effective because the service has – the platform is the distribution channel, but we believe it also increases the stickiness of our solution.

Okay. Great. And maybe one follow-up for you, Melissa. As it relates to the outlook for the year, in your prepared remarks you mentioned that you do expect some deals for new solutions to get deferred. I was wondering if you could just maybe talk about some of the underlying macro assumptions, embedded in your full-year guide?

Yes. Thanks Nick. Happy to go into that. So we had a good quarter, and we talked about the adoption of new solutions in VMDR. And as you pointed out, what I explained was that, the guidance was based on potential impact to new and upsell bookings. And so the range is really around the amount of that impact as well as the degree to which the business is impacted by COVID in Q4. Also, while we're not seeing this to-date, at the lower end of the range we're assuming some potential impact on retention rates to customers, especially at the lower end. Now the lower end doesn't really drive a lot of dollars for us, and we feel like VMDR actually gives us a very attractive value proposition to actually increase renewal rates, but we want it to be appropriately cautious, given the uncertainty around COVID-19.

Make sense. Thanks guys.

Thank you.

Okay. And now for closing remarks, Philippe the floor is yours.

Okay. So thank you very much for attending our earnings call and your questions. So these are obviously challenging times, but we feel fortunate to be very well positioned with our cloud platform and apps, including our game-changing VMDR application, while continuing to grow our pool of top-notch talent, as I mentioned during the call. So we emerged stronger than ever to serve our global community, employees and shareholders. I hope all of you remain safe and healthy. And that the country is back in business very soon. Thanks again.

This does conclude today's conference call. You may now disconnect.