Ladies and gentlemen thank you for standing by and welcome to the Qualys’ First Quarter 2022 Investor Call. [Operator Instructions] I would now like to hand the conference over to your speaker for today, Blair King, Investor Relations. You may begin.

Thank you, Tamada. And good afternoon and welcome to Qualys’ first quarter 2022 earnings call. Joining me today to discuss our results are Sumedh Thakar, our President and CEO; and Joo Mi Kim, our CFO. Before we get started, I would like to remind you that our remarks today will include forward-looking statements that generally relate to future events or our future financial or operating performance. Actual results may differ materially from these statements. Factors that could cause results to differ materially are set forth in today's press release and our filings with the SEC, including our latest Form 10-Q and 10-K. Any forward-looking statements that we make on this call are based on assumptions as of today, and we undertake no obligation to update these statements as a result of new information or future events. During this call, we will present both GAAP and non-GAAP financial measures. A reconciliation of GAAP to non-GAAP measures is included in today's earnings press release. And finally, as a reminder, the press release, prepared remarks and investor presentation are available on the Investor Relations section of our website. So with that, I'd like to turn the call over to Sumedh.

Thank you, Blair. And welcome, everyone, to our first quarter earnings call. Building on our momentum, we are very pleased to report a good start to the year reflecting another quarter of continued revenue growth acceleration and strong cash flow generation. Beyond these headlines are several encouraging market trends and notable business highlights. Strong market dynamics and continued competitive differentiation are fueling our growth. We believe the continued increase in the attack surface coupled with the growing concerns over cyberattacks like ransomware and cyberwarfare is pushing organizations around the world to shed outdated, siloed, security and compliance systems and move to integrated security platforms to reduce their risk and response time as they future proof of their security architecture. Qualys researchers recently conducted a study on the widespread Log4shell vulnerability, which included analyzing millions of assets and trillions of datapoints indexed on our platform highlighting the complexity of the current threat-landscape. Not only did organizations have to immediately assess their asset inventory and get a real-time view of their own and third-party vulnerable software but also had to move at lightning speed to patch and mitigate the issue in matter of hours. Our study showed that organizations took an average of 17 days to remediate this vulnerability leaving them vulnerable to attacks during that period. At the same time, they also had to monitor their assets for compromising attempts and respond without delay. Qualys Cloud Platform’s unified approach of bringing asset inventory, vulnerability detection, patch management and EDR together into a single agent was greatly appreciated by our old customers in helping to reduce their exposure significantly compared to a siloed toolset approach with multiple point solutions. Additionally, as shown in the study encompassing more than 150 million scans globally, over 50% of vulnerable Log4shell software was also end-of-life, again…

Thanks Sumedh, and good afternoon. Before I start, I'd like to note that except for revenue, all financial figures are non-GAAP and growth rates are based on comparisons to the prior year period, unless stated otherwise. We're pleased to report continued organic revenue growth acceleration and strong profitability as reflected in the following financial and operational highlights. Revenues for the first quarter of 2022 grew 17% to $113.4 million, up from 12% growth in the year ago period. We saw continued success in our land-to-expand engine with a healthy cross and up-sell performance driving an increase in our year-over-year and sequential net dollar expansion rate, which was 110% in Q1, up from 108% last quarter and 103% a year ago. Our LTM average deal size continued to increase for both new and existing customers with total average increasing by 17% in Q1, same as LTM growth in Q4 and up from 5% LTM growth a year ago. With accelerating demand for security transformation solutions and our strengthening market position, our Q1 LTM calculated current billings grew 22%. We believe the investments we've made in platform innovation and our single agent approach have enhanced our value proposition with customers and helped drive bookings growth over the past several quarters. This quarter was no different, and we're excited by the continued adoption of VMDR with total customer penetration now at 40%, up from 36% last quarter and 24% a year ago. And continued adoption of Qualys solutions increased large customer spend with 128 customers spending $500,000 or more with us. This represents 17% growth from the year ago period. We attribute this success to our innovation strategy, having resulted in strong product differentiation and market position. Our investments in building a unified cloud-based platform clearly resonating with customers. CIOs and CISOs are…

Thank you. [Operator Instructions] Our first question comes from the line of [indiscernible] with Wolfe Research. Your line is open.

Yes. Hi guys. Thanks for taking my questions. I just wanted to kind of start off on the hiring trends. Are you guys – are you guys still on track to meet the targets that were baked into the guidance you get at the end of Q4? And I guess I'm asking because you mentioned investments will be back half weighted this year. Is that by design or is it just because you guys are kind of maybe behind schedule on some of those investments?

I think we're seeing the same market challenges that everybody else is seeing from hiring perspective in the current environ meant. But we've been really focused on building out our leadership team, which now has really given us the ability to attract the right people in our sales and marketing – I think our sales and marketing we'll talk more about that. We have made progress. I think what we are looking forward to doing is really continuing that focus on hiring so that we can continue to build out the preliminary I look forward to having back in the second half of the year.

Yes. To follow-up we remain very confident in our ability to execute and drive growth. In terms of the investment it is by design and we knew from get-go that the investments will be more back half weighted. On the hiring spot we are still targeting growing the sales and marketing head count and double-digit as we communicated last quarter.

Very helpful. And then just a quick follow up, obviously awesome outperformance and free cash flow in the quarter. Can you maybe just give us some additional guardrails? It's just how we should think about margins and how they should trends for the rest of the year?

Yes. In terms of our margins what Q2 in price is EBITDA margin in the low-40s based on the non-GAAP EPS guidance, and so the first half it'll be in the – in the low-40s versus the second half, it will probably a bit below the 40%. So ending the year in the low-40s is what we're projecting.

Thank you very much. Appreciate it.

Thank you. Next question comes from the line of Trevor Walsh with JMP Securities. Your line is open.

Great. Thanks for taking my call. A quick question around the new partner program that you rolled out. Can you give us maybe a little bit more context to the impetus for that was it feedback from the partner community? Was it maybe a hedge around kind of if some of the hiring on of direct sales maybe doesn't come through that? You kind of have that as a back-up. Can you just give us some more context, there would be great?

Yes, yes. Sure. We really got a lot of feedback from the partner community as in we've hired an SVP focused on partnerships. Really who's been working with our partners and understanding from them how we can actually take the platform that we really believe is superior and the ability for us to take that and figure out with our partners what would in a relationship that's beneficial to them and beneficial to us. And so with a lot of feedback, we've done a sort of a new partner program with working with different types of partners and then review – done an early review with them. And we've gotten a lot of positive feedback, but we do feel that we can leverage the relationships that the partners have with some of these organizations. And then of course with the capabilities of the platform that is something that we feel that we can focus and leverage our partners to really focusing on the business global growth, right. So being able to leverage their relationships and then figuring out the right go-to-market with them is really the direction that we're taking now.

Great. Awesome. And then maybe one more if I can, on – for the new Context XDR role out, I maybe have missed it, but in just – in some of the messaging that I'm seeing for the network layer telemetry, are there any – are you looking to maybe partner with different providers or other vendors to get that that piece of the puzzle? Or maybe doing that more organically with your own tool? Where do you see that kind of coming through like that that piece of Intel as far as again, that that network layer piece?

Yes, that's a great question. And Context XDR really is about two-main things. One is the organic sensors that call platform already are building the combination of active scanners, API connectors in the cloud, our agents and we also have passive network sensors that are part of our platform that are providing that network telemetry back to our platform. However, one of the things with Context XDR that we have done is in addition to bringing all the Context that our platform is already collecting across the Board from an inventory involved given risk perspective. We also expanded the ability for us to collect network telemetry and other types of log data from multiple different partners as well, so that we can provide a more comprehensive visibility in helping customers sort of reduce the number of things that they have to put together to get the context, when they're looking at incidences are happening in their environment. And so this sort of gives that ability for them to leverage the Qualys sensors for collecting network telemetry where it makes sense. And in other cases if they already have deployed some other network vendors, we can also take the data from them and then provide the analysis on our platform.

Great. Thanks a lot. Appreciate the questions.

Thank you. Next question comes from the line of Joe Fisher with Truist. Your line is open.

Thank you. I just had a quick follow up to that. Now that Context XDR is in GA. Can you give us a little bit of color around how it's been tracking and how that space is actually developing for you guys?

Yes, I think we feel good about the direction that Context XDR is taking as we have with any other new product launches. We are working closely with a few early adopters and getting additional feedback from them and we're going to continue to enhance those capabilities. Similar to what we've done with EDR as well, and we look forward towards – through this year to continue to increase that adoption of that and getting feedback from the customer and this sort of a unique approach to bringing that Context with base XTR.

Great. Thank you.

Thank you. Our next question comes from the line of Hamza Fodderwala with Morgan Stanley.

Excellent. This is actually Keith Weiss sitting in for Hamza. In your prepared remark you talked about the heightened threat environment and in particular the conflict in Europe driving sort of better demand signals. I wanted to just sort of clarify is that something you guys are seeing in your business today that you think that's actually sort of drive sales or is this just something a broader kind of the environment remains very good, kind of for the overall spending in security, but it's not as direct of an impact? So that's kind of the number one question. And then on the broad – the broader platform, really nice kind of penetration trends in VMDR. It looks like its driving really nice growth for you on that consolidation play. Can you remind us like how high you guys think that penetration should get? Is there a theoretical kind of maximum of where VMDR customer penetration would go?

Yes, I’ll take the first question. I think great question. My comments around that are really about the environment and not necessarily about the direct demand as we we've talked about this in the past as well. Our customers tend to look at these events when they happen more holistically in terms of being a step back to see what kind of security program do we need to be able to do to avoid those potential expense like this. And so it's really what we are seeing is conversations happening with our customers as I highlighted in some of the data points in the study that we did that even with everybody all hands on deck for something like [indiscernible] it is taking an organization a long time to mitigate and patch severe, critical vulnerabilities that are being actively exploited. And the conversations with customers are more broadly about what kind of security stack consolidation potentially needs to happen so that they can reduce that time, reduce that exposure window, leverage more automation. And having siloed solutions, or having vendors who provide five, ten different platforms as part of their overall offering, is not really helping them reduce that time to remediate. And so, what is encouraging really is that conversation that we see, which is understanding the customers are having and pushing forward to looking at platforms like Qualys that are consolidating multiple capabilities. Obviously, we see the new business examples that we gave this quarter, last couple of quarters we are seeing when we're getting customers come in, they are looking at more of an architecture, overall architecture, rather than looking at how can I get another tool that is just giving a big list of CVDs [ph] that I have to go figure out what to do when trying.

Right.

How do we make sure that they are actually able to remediate those fairly quickly and release their exposure? And that's the conversations that we are having because in that environment, you see the risk there is it's a different award because the organization has to protect themselves from [indiscernible], nation, state, and cyberattacks at their own expense. So when they are looking to do that, they are looking to say, how do I create a good stack that is modern and then actually can help you provide much more real time visibility and remediation capabilities.

Got it. That's super helpful.

And to your second question on a VMDR penetration, it's been trending nicely up to 40% right now. I think that there is definitely more room for us to increase that penetration. But historically our customer base has been such that anywhere, between 55% to 70% have had VM solutions. And so I think that definitely we can see VMDR penetration going up to 70% and even beyond that, but that was customers who don't currently have a VM solution with us we're seeing some adoption there as well.

Got it. That's super helpful. Thank you guys.

Thank you. Our next question comes from the line of Curtis Bollinger with Summit Capital. Your line is open.

Hi, thanks for taking that question. You got some strong revenue growth this quarter with revenue from core markets up 25% year-over-year. I was wondering if you could provide some color on the key trends you're seeing internationally and how you expect these trends play out for the rest of year. Thanks.

We don't have a forecast that's separated out. I mean we're seeing a good momentum overall. If you take a look at what are you're looking at revenue or LTM current billing trajectory, we're seeing a lot of opportunities, both in the U.S. and in international. Obviously on the international front there is more opportunity just because we're less penetrated in those markets. And so we're happy with the growth that we're seeing in both regions.

That's great. Thanks.

Thank you. Our next question comes from the line of Yun Kim with Loop Capital. Your line is open.

Thank you. Sumedh, can you just give us update on how much of your business or your customers’ usage is on hyperscaler environments like AWS, and Azure and GCP? And for some of your early adopters of your Context XDR, are they using it to analyze deployment on those hyperscaler environments?

Yes, we don't necessarily break out the usage from a cloud, versus on-prem, versus a remote endpoint perspective. We have healthy adoption across the different aspects of IT environment. And I think that's really the value that, I think, that the Qualys platform brings so that we can actually bring your cloud visibility, your remote employee visibility, as well as your on-prem server environment into one. And so today what we do see is as customers are looking to migrate potential workloads from on-prem systems into the cloud, they feel Qualys has the right capabilities as a trusted partner to help them make the move rather than, so we have capabilities in the cloud environment, so we have bunch of customers who are running stuff our agents in AWS, in Azure, we have the partnership with Azure, where there is an embedded Qualys capability in Azure environment if you take your workflow. So, we're looking at cloud from multiple different aspects, working with existing customers to help them and be their partner as they are moving into the cloud and finding new security paradigm, as well as providing them more embedded capabilities directly through the cloud provider as well, in some cases. And so we're quite happy to see that the customers that see values in Qualys are usually unlike most customers, they don't have cloud, they have a large number of employees who are remote, who have cloud as well as who have on-prem. With the early XDR customers it's again the same thing is that when they are looking at threats and they are looking at exposure that is not only in one particular environment with the Qualys platform and our context so that we are able to bring the visibility of not only maybe the cloud account that maybe seen some activity, but also that remote employee laptop, admin laptop, which may be accessing that cloud account. That's the posture of that particular asset. How do we see those together in a single platform? That's really the value that I see the context XDR brings and differentiates us from what is out there, which may be very focused on certain environments.

Okay, great. Thanks for that context. And Joo Mi I have a quick question around contract length and billing frequency. Obviously you continue to see VMDR platform adoption, the deal size around those, I'm assuming is getting larger. Just any trends that you are seeing around contract length and billings? And any potential deviation between the current and total calculated billings?

I think to call out this quarter Yun it's been – we did have a contract length, that's been slightly over one year, and does remain the same.

Okay, great. That's it. Thank you so much.

Thank you.

Thank you. I'm showing no further questions in the queue. Ladies and gentlemen, this concludes today's conference. Thank you for your participation. You may now disconnect. Everyone have a wonderful day.