Qualys, Inc. (QLYS) Q1 2021 Earnings Report, Transcript and Summary

Thank you for standing by, and welcome to Qualys' First Quarter 2021 Investor Call. At this time, all participants are in a listen-only mode. After the speaker's presentation, there will be a question-and-answer session. [Operator Instructions] Please be advised that today's conference maybe recorded. [Operator Instructions] I would now like to hand the call over to your host, VP of Investor Relations and Corporate Development, Blair King. You may begin.

Thank you, Latif. Good afternoon and welcome to Qualys' first quarter 2021 earnings call. Joining me today to discuss our results are Sumedh Thakar, our CEO, and Joo Mi Kim, our CFO. Before we get started, I would like to remind you that our remarks today will include forward-looking statements that generally relate to future events or our future financial or operating performance. Actual results may differ materially from these statements. Factors that could cause results to differ materially are set forth in today's press release and in our filings with the SEC, including our latest Form 10-Q and 10-K. Any forward-looking statements that we make on this call are based on assumptions as of today, and we undertake no obligation to update these statements as a result of new information or future events. During this call, we will present both GAAP and non-GAAP financial measures. A reconciliation of GAAP to non-GAAP measures is included in today's earnings press release. And as a reminder, the press release, prepared remarks and investor presentation are available on the Investor Relations section of our website. So with that, I'd like to turn the call over to Sumedh.

Thank you, Blair, and welcome, everyone to our Q1 earnings call. We are pleased to report another quarter of healthy revenue growth and profitability reflecting good progress on both our strategic and financial agendas. Since taking on the role of interim CEO in February, I have been working closely with the Qualys team, our customers, as well as our Board to ensure continued success of the Company. As the newly appointed CEO, I am very excited to have the opportunity to lead Qualys on the next phase of its journey. I would like to thank Philippe for his leadership and for making Qualys a significant force in the cybersecurity space and I'm confident we will take the Company to the next level of growth. I am now squarely focused on platform innovation and enhancing our go-to-market motion. We experienced another quarter of strong growth in our paid Cloud Agent subscriptions, which grew 58% year-over-year to 61 million, as well as continued VMDR with 34% of customers eligible for renewal in Q1 purchasing VMDR. Our multifunction, lightweight cloud agent is the core engine that helps customers consolidate multiple agents with a single Qualys solution. One of my key priorities is to ensure we are providing innovative, comprehensive and integrated products to transform the way new and existing customers secure and protect their organizations' IT infrastructure and applications with cloud-based IT, security and compliance solutions. We believe Qualys' VMDR which is Vulnerability Management, Detection and Response is setting the gold standard for vulnerability management with our single agent approach to speedy detection and response. Attackers' rapid exploitation of vulnerabilities for malware and ransomware attacks continues to grow as witnessed with the recent high-profile ProxyLogon vulnerabilities impacting Microsoft Exchange Servers. Threat actors raced to exploit a large number of unpatched servers in a matter of a few days and installed the China Chopper Webshell for further entry into the organization's environment. The DearCry ransomware hit soon after leveraging these vulnerabilities. Qualys quickly released a free 60-day VMDR service to help organizations to not only quickly detect vulnerabilities, but also patch them with a single click and further detect ransomware with Multi-Vector EDR and take response action, all using our single Qualys Cloud Agent. This showcases the power of VMDR to not only report on vulnerabilities like other siloed point solutions, but also mitigate the risk immediately and was very well received by our customers who were able to patch high-profile vulnerabilities in a matter of hours with our tightly integrated Patch Management solution in a single app workflow and stay ahead of threat actors. While still a small portion of overall bookings, we continued to see strong customer interest in our Patch Management solution both in the mid-market as well as with large new and existing customers. In fact, in Q1, a leading large multinational firm selected our Patch Management application over several competing solutions given its ability to easily and effectively patch remote endpoints without using the limited bandwidth available on VPN gateways. With our recent announcement of extension of Patch Management for Linux systems, where very few enterprise patching solutions are available, we are looking forward to expanding the opportunity of upsell to customers who already have Cloud Agents on these systems. Further pressing our advantage with agent consolidation, we continue to see customer interest in adding our multi-vector EDR to their VMDR and Patch Management deployment to reduce agent sprawl on their endpoints with a single solution for risk mitigation and threat response. Our recent announcement of adding real-time anti-malware protection capability to our Multi-Vector EDR solution further solidifies our commitment to continuing to expand our addressable market opportunity. As an example, in Q1 a Fortune 500 company purchased our paid Asset Inventory Module, VMDR, Patch Management and EDR together to standardize their endpoint security on a single agent solution over multiple best of breed point solution agents. In terms of our other newer paid solutions, we saw solid growth in the quarter with our Container Security solution led by Microsoft Azure for scanning container registries. In addition, we continue to see strong growth from our Global IT Asset Discovery and Inventory solution. In the quarter, two leading financial institutions selected our Asset Inventory paid module in order to gain visibility of all their known and unknown assets spanning multiple environments to identify the end-of-life of their installed software and synchronize with their ServiceNow CMDB. Looking into the remainder of 2021, we have a strong roadmap to expand our Asset Inventory, EDR, ICS/OT, Cloud and Container Security solutions. We plan to introduce our Extended Detection and Response platform XDR. XDR is a next generation Security Analytics and Incident Response solution, which natively integrates and correlates security telemetry across the security stack for an end-to-end platform. This solution is currently in private beta with a few select design partner customers. With these continued innovations and others on our platform we'll expand our addressable market, while opening exciting new growth opportunities for the business. In addition, we continue to build strong strategic partnerships towards enhancing our go-to-market with building in Qualys security solutions with cloud providers like Microsoft Azure and GCP as well as displacing competing solutions with MSSP partners like HCL where Qualys VMDR is now their default Vulnerability Management offering. Another key area of my focus is our go-to-market strategy and sales execution. Pairing industry leading innovation with an amplified investment in our go-to-market initiatives underpin our confidence in driving profitable growth and long-term value creation for our customers and shareholders. Armed with industry leading technology and substantive new platforms following the successful launch of VMDR and Multi-Vector EDR last year, as well as the upcoming release of our XDR solution, we're planning to make appropriate go-to-market investments in our business. We believe that we're well-positioned to maximize the return on incremental investments, so I've been spending the majority of my time with the sales and marketing team as well as product management to execute on this plan. To that effect one of my top priorities as previously mentioned, was to look for the candidate as Chief Revenue Officer to drive growth of our business. Today, I'm pleased to announce that Allan Peters will be joining us as our new CRO starting next week. He will be responsible for all aspects of revenue performance with a focus on delivering sustainable customer value and business outcomes, the leadership of the worldwide sales and partner organization, and continuing Qualys' growth momentum. Allan has more than 20 years of executive sales experience building and scaling global teams in cybersecurity and SaaS companies, including previously serving as the CRO of Trustwave. We also recently appointed Klaus Moser to assume the role of Executive Vice President, Field Operations for the Americas and General Manager of our SME and SMB businesses. At the same time, we're also enhancing Sales Operations, Digital Marketing and other sales enablement functions in the Company with a balanced approach to sustained future growth and profitability. In conclusion, as I stated on our prior call, Qualys continues to move well beyond vulnerability management and increase its competitive advantage with the addition of our newer solutions, including our soon to be released XDR solution. Our strategic direction remains focused on leading with powerfully disruptive technologies. Paired with strong sales leadership and a focused and growing global go-to-market initiative, we believe we're well positioned to drive long-term value for both our customers and shareholders. With that, I'll turn the call over to Joo Mi to further discuss our first quarter financial results and guidance for the second quarter and full year fiscal 2021.

Thanks, Sumedh, and good afternoon. Before I start, I'd like to note that, except for revenue, all financial figures are non-GAAP and growth rates are based on comparisons to the prior year period, unless stated otherwise. We're pleased to report another strong quarter reflected in the following financial and operational highlights. Revenues for the first quarter of 2021 grew 12% to $96.8 million. Please note our Q1 2021 calculated current billings was negatively impacted by a large late renewal that closed after the end of the quarter as well as the timing and amount of prepaid multiyear subscriptions and shorter duration invoicing. In Q2, we expect this to reverse to have a positive impact on calculated current billings by a few percentage points. Our average deal size increased 9% and paid cloud agent subscriptions increased to 61 million over the last twelve months, up from 56 million for the 12 months ended in Q4 2020, and 34% of non-strategic alliance customers with our vulnerability management solution up for renewal in the quarter purchased VMDR, similar to 35% in Q4. VMDR contributed approximately 34% of total bookings over the last twelve months. Our scalable platform model continues to drive superior margins and generate significant cash flow. Adjusted EBITDA for the first quarter of 2021 was $44.6 million, representing a 46% margin versus 44%. Non-GAAP EPS for the first quarter of 2021 was $0.74, up from $0.65 last year, and our free cash flow for the first quarter of 2021 increased 14% to $51.6 million, representing a 53% margin. In Q1, we continued to invest the cash we generated from operations back into Qualys including, $6.3 million on capital expenditures for operations; and $31.0 million to repurchase 269,000 of our outstanding shares. We remain confident in our business model, driven by our foundation of nearly 100% recurring revenues and an expanding suite of applications. We are delighted to be raising our full year 2021 guidance for both revenues and non-GAAP EPS. We are raising the bottom and top end of our revenue guidance for the full year to now be in the range of $402.5 to $404.5 million from the prior range of $399 to $402 million. We are raising our full year non-GAAP EPS guidance to now be in the range of $2.67 to $2.72 from the prior range of $2.60 to $2.65. And for the second quarter, we expect revenue to be in the range of $98.6 million to $99.2 million, which represents a growth rate of 11% to 12%. We expect non-GAAP EPS to be in the range of $0.67 to $0.69. Q2 capital expenditures are expected to be in the range of $6 million to $7 million. We remain confident in our financial model due to our strong competitive position and leading cloud platform. With that, Sumedh and I are happy to answer any of your questions.

[Operator Instructions] Our first question comes from the line of Matt Hedberg of RBC Capital Markets. Your line is open.

It's Dan Bergstrom for Matt Hedberg. Is there any additional color into that late renewal you could provide? You said it'd be a few percentage point benefit in the second quarter here. Is that just the late renewal? Or does that take into account some of the prepaid timing and duration as well?

It's in combination. So when we have a large late renewal in the quarter, we usually call it out, and it was meaningful enough to have a negative impact by a couple of percentage points as a whole. We expect that to reverse, and this is consistent with how are current billings have been in the past. Now if you take a look at our current billings, because we don't manage to quarterly billings, you'll see some fluctuation. So what we anticipate is the Q1 negative impact to more or less reverse in Q2, so we'll see a higher current billings in Q2 relative to bookings.

Great. That's helpful. And then maybe could you just talk to India? It's been in the headlines with COVID here. I know you've got over 900 employees there. I think everyone's been working remotely already. I guess, is that the case? Or is there any incremental action that's needed to happen here recently?

Yes. I think that's a very important aspect to address it. We do have a large presence in India, and we have been doing quite well working remotely for all of our employees over the last year plus. So our employees have been already used to that working remote environment and stay safe in their homes. And obviously, we at Qualys are monitoring the situation, working with our employees, providing assistance where that is needed. But at this point, we don't see any meaningful impact to what we are seeing in terms of output from our operation. But our hearts go out to those who are impacted very severely.

Our next question comes from Yun Kim of Loop Capital Markets. Your line is open.

Sumedh and Joo Mi, congrats on a solid start to the year. Just want to be very specific on one question here. First, to start off, VMDR upgrade rate or the renewal rate since - upon renewal, that is, seems to be stabilizing at 34% to 35% rate. Is that consistent with what you are expecting? And perhaps can this number start to downtick starting this quarter and in the second half of the year as we anniversarize the renewal cycle and start targeting customers who didn't renew last time? And just overall, how should we think about the VMDR adoption rate in regard to your Cloud Agent adoption and the overall platform strategy?

Yes. I can take that one. VMDR, we released that last year, I think, around Q2 really was when the initial push started. And I think the way we see VMDR, obviously, is that it's a combination of many different capabilities that the customers need to adopt, and they need to make them operational within that environment. And so we are not being pushy with our customers. We're working with them to ensure that they are able to consume VMDR to really benefit them in terms of reduction in the amount of time it's taking them to respond to the attacks or to the vulnerabilities that are coming up. And I don't expect that to go down because the way we're tracking this is that the numbers are - the number of customers that were converted to VMDR that were eligible for renewal in that quarter. So as you will see, coming up in Q2, we will see additional incremental - through the rest of the year, we'll see additional incremental conversions of customers as they get ready, maybe they have budget allocation, their resources available to continue VMDR. So we'll see - our hope is to see that number keep going up.

Okay. Great. And then second question from me is, can you just give us any qualitative sense on how much of your business is driven by - secured by deployments on hyperscale environments or securing deployments on hyperscaler environments like AWS and Azure? And is that business primarily driven by your existing customers? Or are you seeing a higher mix of new customers coming from those environments versus your traditional sales channels?

Yes. I think it's a combination, right? A lot of our large customers today - we don't necessarily break it down that way. But a lot of our large customers today, they do have a hybrid infrastructure. So while they may have certain business units or certain environment that they're running in the hyperscale environment with multi-cloud deployment where we are very strong, we also - they also have other devices within their environment that could be remote endpoints, which we're seeing in large numbers as well. Or other types of devices that are also part of their overall license. So we're not necessarily really tracking it that way. But then when you look at customers who are migrating to the cloud environment, they clearly want to ensure that, from their auditor's perspective, that they are getting the same kind of high-quality reports, metrics, ability to fix these vulnerabilities in the cloud environment, just as they were getting from Qualys in their on-prem environment. So we work with them to help them kind of have Qualys to be part of that migration. And our architecture being a cloud-based architecture really lends itself to have that very easy integration, and we already have a lot of built-in capabilities in multiple of these environments. And so we have Qualys integrated well with Azure as well as GCP and in those environments through this sort of embedded capability that we have. Customers who are directly bringing workloads to Azure may also be leveraging the Azure scanning that is provided by Azure. And that is, in the back end, supplied by Qualys. So there's also that additional way that we are embedded into native cloud environments as well as native cloud security solutions. In these cases, we are leveraging Qualys in the back end to provide the capabilities around scanning configuration assessment, et cetera.

Our next question comes from Sterling Auty of JPMorgan. Your line is open.

This is Maya on for Sterling. I was hoping that you could just give a bit more color on what you are considering in the full year guidance. It just seems like it's implying a bit of a slowdown in the second half of the year, especially on the back of some new product development. So just hoping for what you're considering in that outlook.

Yes. So when we take a look at revenue trajectory, what we look at is the near-term bookings as well as some of the potential increase in return from the additional investments that we plan to make in different year. So if you take a look at our annual revenue guidance, last quarter we had guided $399 million to $402 million, and we are raising it at the midpoint by $3 million because of the - primarily because of the business momentum that we see right now. In Q1, we did outperform relative to the guidance. And taking a look at to the full year, hiring the CRO, additional initiatives that we have in place, it's kind of what we see that will land at around 11% year-over-year growth. With that said, what it doesn't include is a potential increase or meaningful uptick from the adoption of newer products such as, for example, EDR is still relatively new. And we didn't take into consideration of potential significant upsells on the VMDR that we don't currently see now. So there is definitely upside that we haven't included in the guidance.

Our next question comes from Joel Fishbein of Truist. Your line is open.

Sumedh, can you just give us a little bit more detail on some of the specifics around the go-to-market changes that you plan to be focused on over the next couple of months to reinvigorate growth?

Yes. I think one aspect of the focus really is about ensuring that we are creating all of these additional capabilities on the platform to expand our - the TAM - so with VMDR, EDR. So we are ensuring that from that perspective, we're getting ready to have multiple capabilities that we can upsell to these customers that are coming on board, and we're already seeing that, that some of the examples that I gave were customers really see the value in saying, "Well, why do I need to get four different agents, one for EDR, another for patching, another for vulnerability management, another for asset inventory? I can leverage Qualys as the one agent that is providing all of these capabilities in a single solution." And what we're now focusing on, we're obviously bringing Alan on board here too. We've had a model at - where technical salespeople work closely with our customer, given that's a SaaS service, to ensure success of the customers in the products that they purchase initially, and then work with them through the rest of year to ensure that we find opportunities there to upsell so that they can consolidate other existing solutions that they have in their environment. And sometimes, those solutions could be paid for a couple of years. So maybe it takes time for that opportunity to come up. But with bringing on Alan, where we can focus really on having one additional business, we're going to focus on sales enablement. We're going to focus on digital marketing. So there's a few different areas that we're going to focus on. So taking really our model that we have, which our customers appreciate for the way we work with them and then helping ensure that our sellers are getting additional help in terms of being able to - be enabled for selling these additional solutions that we are bringing out to the market. That's really the focus that I have been working closely with our product team as well as the sales team. And in addition to sales and marketing directly, we've also been enhancing our product management organization to ensure that we can have product line owners that can really be closely associated with the specific business, whether it's application security business or whether it's detection business or whether it's our vulnerability detection business, so that they can drive the sales aspect much more closely and marketing aspect much more closely with the sales team.

Okay. And one follow-up, if I may. You called out on the call a large deal with a customer, I think, and I believe they - if I heard you right, took EDR, XDR and a lot of other products. Can you give us any color around that? The competitive dynamics around that and the pricing around that deal?

Yes. The customer had a couple of other solutions, individuals that they were leveraging, and they were in the market to look for a vulnerability management solution as they started looking at different capabilities of VMDR. The ability to mitigate the risk that the vulnerability management product was bringing, I think, was paramount to them. Because as I gave that example today, the time between the vulnerability coming out and the speed at which those vulnerabilities are being weaponized is extremely short. And so other point solutions that they are looking at, as we see rest of the vulnerability solutions, are only giving you report, and that's what they wanted to get a look at to say, "Can I get something that also is able to provide response capability?" And so once we work with them on the POC - and our model always used to give the broad POC, have them leverage that 60-day free service, so that they can see the value of the overall platform. They were quite intrigued with our ability to also give them other additional things with the same agent, like end-of-life, and then helping them essentially not have to install under the separate EDR agent, because that same agent that was doing their patching to mitigate the risk was also monitoring the system for threats and responding to that. And so obviously, the pricing that we put in place was a combination of the latest modules that they would have otherwise purchased from Qualys, which is individual modules for paid asset inventory, vulnerability management, patch management and EDR. And we have - obviously, we do volume-based pricing. And based on that, we gave them a pricing that, effectively, it felt like from - not just from a license perspective. So that one price on Qualys with a single agent relative to four different software licensing from four different agents, plus the cost of deploying those agents and their platforms and then integrating all of them to give that single view, I think the customer felt that this was a lot more cost-effective and something that was much quicker to operationalize than having to do multiple point solutions.

Our next question comes from Hamza Fodderwala of Morgan Stanley. Your line is open.

Sumedh, congratulations on your formal appointment as CEO.

Thank you.

So I had a question sort of following up on the last one around sort of the multi-vector EDR and sort of the XCR solution that you're rolling out. Can you maybe comment on your ability to be able to garner telemetry from a variety of different attack surfaces relative to some of your other competitors who are also coming at this market with next year approach? And then also what sort of technologies would you say your displacement, right, because you talked a lot about consolidating different parts of the security solutions. So I'm just curious, who do you often play when you do go into these deals from a technology standpoint?

Yes. I think if you look at the way Qualys architecture is, that's I think the biggest advantage we have is that we have sensors that are embedded across the entire infrastructure no matter what type of infrastructure it is. So we don't have an approach which is very agent-led only or agent-based only. Today, Qualys natively collects data from agents. We have non-agent assets in the environment that are able to do very deep scans. We have passive sensors that are able to look at network telemetry information passively to collect additional information on the connections that were being made in that environment, cloud connectors that we have. We have continuous sensors that are collecting information and then also there are seven scanners that are providing information about the applications as well. And all of that data comes into the centralized platform that we have. And that's really where we are collating this information. And with the back end, as we have talked about previously, we have really gone through an entire architecture of the platform. We're making it highly scalable today with 8 trillion data points being indexed in ElasticSearch. So as that data comes in from Qualys' own sensors, we already have a lot of visibility into what is happening on that asset, whether it's related to collecting network connections or processes or whether it's related to registry or files or file integrity monitoring alerts. So that's already being done. Obviously - and that kind of is covered by VMDR, EDR and those capabilities with the same agent. On the XDR side, what we are focusing on is in addition to all the data that Qualys is collecting. Like, for example, Qualys can collect data about a printer in your environment that can be compromised, which a typical EDR cannot do, because they need an agent on actual device. And you cannot put a - we cannot put an agent on a printer. But in addition to that, there are firewall logs, proxy logs and a few other log sources that add context to the potential time that may be going on. And what our XDR solution now does is that it actually opens up our platform to take this additional telemetry data from multiple different vendors that are providing this capability, so that this data can be adjusted into the Qualys back end, correlated with the large amount of data we already collected with multiple sensors that we have, and then provide a much more simplified visibility into that environment. Because otherwise, the customer has to buy a SIM, and the SIM does not come with any data collector, so they have to buy 10 different solutions and deploy those, integrate those and then start to see the value. And one of the things that you've seen last - over the last year and this year is that we are also focusing a lot on providing response capabilities directly into the platform. So what that means is that the SOR aspect that once we collect the data, we analyze that and reach it with information from third-party sources, our platform, our agent, our scanner, our clients can start to take response action immediately so that customer doesn't have to go and deploy another set of solutions to now take response actions. So in this process, we typically end up displacing your standard vulnerability management solutions that only do reporting, but they don't do patching. They may have a separate patching solution that we end up displacing on the EDR side. Customers are looking to get out of their standard endpoint protection capabilities that they have had for a while with antivirus type solutions. And then increasingly, as our solution is becoming mature, we start to see that we will be competing more and more with the other EDR players in the market that already have established solutions. And the goal there for us is to provide the customer the broader visibility and not just EDR, right? The idea is that we actually will give you not just the threat part, because EDR only gives you the threat. We also give you the risk mitigation all through the same solution. And that's sort of where we are looking to compete in that market and sort of just the feature, the feature comparison on a specific EDR agent.

Got it. And maybe just a quick follow-up for that. From a go-to-market perspective, what are you doing to really gain traction within the MSSP ecosystem? That seems to be a very important channel in order to drive more adoption, some of the things you're talking about with XDR and sort of incident response capabilities. So can you talk a little bit about sort of your go-to-market efforts there?

Sure. I mean, we've always been very well-partnered with the MSSP partners. And if you saw some of the recent - I mean if you look at the trend that is happening with the MSSP, they are looking to move towards more of a platform offers themselves so they can put more resources on helping the customer with their security issues rather than trying to deploy these solutions. So traditionally, we have - MSSPs have used QRadar or SIEM, and then they have to deploy multiple solutions. What Qualys brings to them, and this is what we are working with a few of them, is that a good chunk of what they need from a security perspective to provide customers the service is already on the Qualys platform. So whether it's file integrity monitoring, whether it's container security, cloud security, a lot of those capabilities are already part of the Qualys platform. And now with XDR, the ability to bring in the data that Qualys does not collect natively is really going to be something that is very meaningful to them. So we have already conversations with MSSP partners to start to leverage Qualys at even more strategic level. But if you look at some of the recent partnerships that we have done, whether it's with Infosys or Armor or some of them who are already looking at their platform, looking at ways that they can create more of an integrated solution that they can leverage and then focus on providing the service to their customers. So I think that's where we are working with those MSSP partners or sort of the new-age MSSP partners who are looking to integrate our platform as the core of what they're doing and then provide the service on top of that.

Our next question comes from Alex Henderson of Needham. Please go ahead.

I was hoping you could explain the mechanics that occurred in the quarter that caused the VMDR to go from 35% to 34% in 1Q. We certainly wouldn't have expected a decline in that number. I'm assuming that it has something to do with the seasonality. But if you could clarify the mechanics that caused that to happen, it would be very helpful.

Yes, Alex, it's - just to clarify, it's not a decline. So what we take a look at is we look at a group of core customers that are up for renewal in the respective quarter. So for example, Q4 last quarter, those customers who are up for renewal, it was the first time where they had a chance to really upgrade the VMDR from VM. So out of that board of customers, 35% ended up renewing into VMDR. In Q1, what happened was last year, we launched VMDR in Q1. So it's our first-year anniversary. And so last year, 6 percentage of them actually had already converted into VMDR. And out of the remaining customer base, obviously, now that VMDR has been up for a while, we've been in discussions with them. And taking a look at the entire customers who renewed in Q1, those who have purchased vulnerability management solutions, 34% adopted VMDR. So if you think about it from that perspective, it really is customer specific in terms of what they need. And this is why because it's the first-year anniversary, we did share percentage contribution to total booking, taking a look at the LTM bookings. The 34% contribution is pretty significant if you take a look at it, because that includes total bookings, including other solutions that we have out there. So we are very pleased with the adoption. We do anticipate that percentage contribution to bookings to continue to increase, and we will continue to share that metric going forward.

So just mechanically, does the 34% - is that additive with the 6% from the prior year to get a net contribution from customers that have the opportunity?

No. No. That's the total, total in the quarter.

Okay. The second question I wanted to ask is, you haven't really talked about your data lake at all in this call or actually on some of the recent calls. I was wondering if you could give us an update on where you are in building out the data lake, where you are in terms of satisfying yourself that the content that you're pulling up is the right content and delivers the proper degree of efficacy? And to what extent the timeline is stable, improved or eroded relative to getting it to full maturity?

Yes. I think when we initially started talking about it as a data lake as you've seen that with feedback from our customers, we've essentially transformed that into our XDR solution because customers don't want just a data lake. They want that Qualys data already integrated into that data lake and bringing that additional information. So our focus really has been on our EDR solution. That today is already reported and deployed in our production environment as a private beta. So where we are today is that Qualys, internally, we are already leveraging that. We test it to make sure that it's working in the way we anticipate. As you can imagine, this is a huge undertaking from an engineering and platform perspective for us to go in this area and to build that out. And so there's a lot of learnings in there, building our cloud-based solution as the kind of EPS that we can ingest, how quickly we can ingest that, how the speed of this thing is working out. So today, we have that ultimately deployed as a private data where Qualys and a couple of other private beta customers are already engaged with us, where we are pulling the data in. We're learning through that process, fixing any bumps that we may be coming across and that as we learn to pull new sources. And as we go through that and get additional insight, we'll bring on a few more beta customers over the next couple of months, and then once we have that release that we feel it is good enough to open for more public beta and can start working on the GA time lines. I think, we are, today, I feel like we're in a good place in terms of the road map and where we have executed so far on XDR and having that system already out there. And then the plan that we have to ensure that we are working with our customers to get it to the point where we can get it out at some point through this year. We just don't have an exact timeline yet solidified for the GA.

So when you say get it out this year, you're talking about getting it out to the more public beta than what you've done so far as opposed to fully complete, done, no issues whatsoever, and it's in sustained mode at that point. Is that -

Both. Our goal is to get the beta out in the next couple of months. And then our goal is that by Q4, we also get this out as a product that customers can start purchasing.

And has the efficacy that the - of the data lake in terms of the outcomes that it's predicting been proven out as reasonably high efficacy?

Yes. I think where we sit right now and comparing with for our own internal environment, we are getting close to where we feel this is something that customers can really deploy and see the similar amount of efficacy that they're seeing with the added advantage of not having to integrate additional solutions and buy multiple solutions. So we feel we're on the right track here in terms of where we are and where we see the clarity of the road map on the various other additional functionality that we will be fixing and delivering over the next few months.

So both SentinelOne and CrowdStrike have done acquisitions to bring in an ability to upload more compressed data from their endpoints and to even do searches on those - on that data while it's still compressed, significantly lowering their costs. Have you thought through or expect - or do you expect to do something similar in terms of trying to bring your data ingestion costs down?

Yes. I mean, we always had a very bare metal strategy around leveraging elastic for the last multiple years. And if you look at, we're already indexing 8 trillion data points in ElasticSearch. We have extremely high rights for 1 million lives per second on Cassandra that we already achieved in our platform. So we feel pretty good about the scalability and the ability for the platform to ingest a large amount of data. Where we feel we differentiate ourselves is that from what we see right now, SentinelOne and CrowdStrike focus on the endpoint and collecting the data from the endpoint and maybe additional data and selling it to the platform. Our XDR solution goes well beyond endpoints. So not only our EDR solutions, we'll be collecting the same kind of data from the endpoint itself with the agent, but with the ability that we already have of collecting scan-based information on devices that cannot have an agent, like routers, switches, printers, many other devices, plus passive devices to see what network telemetry we see from outside of devices that don't have an agent collecting that and then bringing firewall log and proxy log type of data from - along the firewalls and to sway with it to enrich this information, gives a much broader visibility into the infrastructure. And then you have on top of that, we already have strong container security and cloud security solutions that the endpoint EDR solutions necessarily only focus on the threat aspect of it. So overall, bringing that and then adding the application context, right? So a lot of these solutions focused only on the infrastructure context, but then if you're running a web obligation that has a SQL injection vulnerability that could be compromised or a web shell can be put, Qualys brings that as well. So we feel that what we are doing has a much broader scope, because we're collecting a lot of data that is outside of just the endpoint that your traditional point solutions are looking at.

Okay. One last comment. Congratulations on bringing in your new Chief Revenue Officer. And from our perspective, there was nobody else that could possibly be the right choice for the CEO, and I'm glad the Board made the decision it did. And congratulations to on being the permanent CEO. It's certainly well-deserved. You've done most of the hard lifting and constructing these things, Sumedh. So it's -

Thank you very much, Alex. Thank you for the kind words.

Our question comes from the line of Shebly Seyrafi of FBN Securities.

Yes. So I want to be clear on the current billings growth expectation for Q2. I think you said you expect it to accelerate a couple of points from Q1. So I assume that means 8% growth in Q2. And just please confirm that. And then secondly, what do you think is a reasonable current billings growth rate in the second half and going forward? Do you think we go back to double digits over the next several years?

Yes. So Shebly, just to clarify on the current billings. So - because we don't manage to quarterly billings, we'd like to give a little bit of color when we see some meaningful fluctuations. So what we were guiding to is we don't guide to current billings growth rate per se. But in terms of Q1, we had some unexpected, like our couple of percentage point negative impact on current billings relative to bookings. So we call that out, and we expect that to reverse in Q2. So what it means is if you think about as current billings growth in Q1 is 6.5%, compared to actual bookings growth rate it was lower. We expect that to reverse in Q2. So compared to bookings, we expect billings to be higher. So that was the point that we're trying to give. And in terms of the business momentum, and this actually supports why we keep on pointing to the annual revenue guidance and the trajectory of that guidance and where it's headed as a best proxy for business momentum because our current bookings really inform our guidance. So if you keep a look at our revenue - annual revenue guidance, we had guided to $399 million to $402 million last quarter. We increased that at the midpoint by $3 million. So now the implied growth rate for the total year is 11%. So I would point to that in terms of your kind of trying to determine the current business outlook for Qualys.

Okay. And I think you made the comment earlier that the VMDR - percentage of customers renewing with VMDR is going to start increasing now even though it ticked down in Q1. Do you have an idea of what kind of target do you expect over the next several quarters? Do you think it goes - that metric goes over 50%, for example?

Yes. I mean, I think we certainly are working towards that. We don't - I think the big part of really the deployment of VMDR started in Q2 of last year, even though in Q1 we had a little bit of that. So I think as the first-year anniversary of VMDR rolls out, which is still early stages, we expect to build additional VMDR conversion on top of what were converted in Q2 of last year. And so what that percentage is going to be, I think we don't know right now, but that is something that with the right go-to-market motion and with the changes that we are making, we're hoping the next few quarters will continue that rate to start to keep ticking up and create the opportunity for us to push more agents.

Okay. And last one for me is, the XDR SIEM launch, you expect - I think you made the comment you expect customers to be able to purchase it in fiscal Q4. Does that mean it goes GA in Q4? Or is that just a public beta in Q4?

No, that's GA in Q4. Our plan for public beta is in Q3 and then GA in Q4.

Thank you. At this time, I'd like to turn the call back over to CEO, Sumedh Thakar, for closing remarks.

All right. Thank you for attending our earnings call and for all of your questions. I couldn't be more honored to be leading this great company. I'm very excited. We're very well positioned in the marketplace with disrupting new applications on our cloud platform, including VMDR, multivector EDR and the forthcoming XDR offering, as well as other solutions that will further flex our competitive position in the industry and expand our addressable market. At the same time, we're ramping up our sales efforts and marketing activities to capitalize on these developments while maintaining industry-leading profitability and driving long-term value creation for our shareholders. Lastly, this pace of bringing new solutions to market would not be possible without innovation and tireless efforts of our talented engineering team, who continues to work hard despite the difficult situation faced by many, especially in our India operations given the current pandemic impact over there. I hope all of you and your family remain safe and healthy. Thank you very much.

This concludes today's conference call. Thank you for participating. You may now disconnect.