Good day, ladies and gentlemen, and thank you for standing by. Welcome to the Qualys Third Quarter 2022 Investor Conference Call. At this time, all participants are in a listen-only mode. After the speakers' presentation, there will be a question-and-answer session. [Operator Instructions] At this time, I would like to turn the conference over to Mr. Blair King. Sir, please begin.

Thank you, Howard. Good afternoon, and welcome to Qualys' third quarter 2022 earnings call. Joining me today to discuss our results are Sumedh Thakar, our President and CEO; and Joo Mi Kim, our CFO. Before we get started, I would like to remind you that our remarks today will include forward-looking statements that generally relate to future events or our future financial or operating performance. Actual results may differ materially from these statements. Factors that could cause results to differ materially are set forth in today's press release and our filings with the SEC, including our latest Form 10-Q and 10-K. Any forward-looking statements that we make on this call are based on assumptions as of today, and we undertake no obligation to update these statements as a result of new information or future events. During this call, we will present both GAAP and non-GAAP financial measures. A reconciliation of GAAP to non-GAAP measures is included in today's earnings press release. And as a reminder, the press release, prepared remarks and investor presentation are all available on the Investor Relations section of our website. So with that, I'd like to now turn the call over to Sumedh.

Thank you, Blair, and welcome everyone to our third quarter earnings call. Qualys again delivered another quarter of strong revenue growth and cash flow generation while further executing on a focused investment strategy to deliver profitable growth. Given the accelerated growth in scope and complexity of cyber threats and an uncertain macroeconomic and geopolitical landscape, CISOs and CIOs continue to broadly prioritize natively integrated security solutions to both fortify their security posture and optimize budgets through a reduction of agents and response times to reduce risk and cut costs. As a result, Qualys experienced another quarter of steady VMDR adoption, which is now deployed by 45% of our customers worldwide. Key competitive VMDR wins in the quarter included multiple customers, both down market and in the Forbes 1000. The strength of Qualys' VMDR solution has clear momentum in the market and is garnishing significant industry recognition. As recently announced, Qualys' VMDR application was voted the best vulnerability management solution at the 2022 SC Awards. This award evaluates vendors based on input from security practitioners worldwide and is held in high esteem. We believe Qualys placement as the number one vulnerability management solution further validates our investments in the platform and represents the standard for securing customer environments today and in the future. With multiple long term growth drivers in our business, I will take a moment to share some of the early successes we are seeing to broaden platform adoption with customers and partners. On the customer front, in a highly strategic and competitive win a large government agency entered -- a large government agency entered into a seven figure upsell agreement to expand its asset count with VMDR and Patch Management after selecting Cybersecurity Asset Management, Policy Compliance and Multi-Vector EDR, as part of an initiative to transform its…

Thanks, Sumedh, and good afternoon. Before I start, I'd like to note that except for revenue, all financial figures are non-GAAP and growth rates are based on comparisons to the prior year period, unless stated otherwise. We're pleased to announce another quarter of strong revenue growth and healthy cash flow generation. Revenues for the third quarter of 2022 grew 20% to $125.6 million, up from 13% growth in the year ago period. LTM calculated current billings grew 18%. And net dollar expansion rate speaks to the power of our platform and improving land and expand sales model driving year-over-year increases over the past several quarters. In Q3, a net dollar expansion rate on a constant currency basis was $111, up from $104 a year ago. Our LTM average deal size increased 18% as organizations continued to turn to Qualys to solve modern security challenges through cloud native platforms that aggregate and analyze data in the cloud, operate at web scale, leverage network effects to produce superior outcomes, and are easy to deploy and simple to manage. Vulnerability management continues to be a cornerstone of customer security programs by enabling real time visibility of their security posture. Qualys’ unified platform approach differentiates itself from other vulnerability reporting only solutions through an integrated combination of capabilities, including comprehensive asset discovery, rapid risk detection, prioritization and remediation on a single agent. In Q3, total customer penetration for VMDR was at 45%, up from 32% a year ago. We're also pleased with the continued adoption of our newer products like Patch Management and Cyber Security Asset Management. In Q3, on an LTM basis, the two products combined contributed to 8% of total bookings and 15% of new bookings with both applications growing over 50% from last year. Continued adoption of Qualys solutions, increased large…

[Operator Instructions] Our first question or comment comes from the line of Joshua Tilton from Wolfe Research. Your line is open.

Hey, guys. Thanks for taking my question. Is there any chance you can just start off with maybe commenting on the calculated billings growth in the quarter and maybe what caused the [indiscernible] from the quarter before?

Yes. So this quarter and Q3, current billings grew by 13%. For us, for our business, most of the time current billings could be indicative of bookings, but there are multiple different reasons why it may differ. So for example, this quarter specifically, I think current billings was impacted by multi-year prepaid deals that ran off as well as there was some FX impact that is not translating that full impact to revenue.

So I guess maybe just as a follow-up to that. Are you guys or are you guys not seeing any macro impact yet? I'm just trying to understand seemed pretty positive on the prepared remarks, but you also have kind of this slowing billings growth. So just help us understand what you guys are seeing from the macro and maybe where those impacts are or not showing up?

Yeah. I think that we are seeing the impact of the macro, we are seeing the uncertainty. In terms of the current billing though I think that most of the -- majority of the impact is FX (ph) adjusted, it's not materially different from last quarter. So the impact from the FX headwind is greater this quarter than last quarter and even excluding that because FX does have an impact on both bookings and current billings. We did have a negative headwind or impact from the multiyear prepays as well. So you can think of it as couple of hundred basis points negative head to current balance this quarter.

Thank you very much.

Thank you. Our next question or comment comes from the line of Matt Hedberg from RBC Capital Markets. Mr. Hedberg, your line is open.

Hi. This is Anusha for Matt Hedberg. Thanks for taking my question. Maybe just on the hiring, if you could just update us on the hiring front. You talked about double-digit growth in sales headcount in 2022. How is that progressing? And then looking out at 2023, have you set your priorities and budgets, how are you thinking about hiring? Yeah.

Yeah. We're very happy with the progress that we've been making. This year was an investment year for us. And I think that -- so far, we're on track. I think that the double-digit growth in sales and marketing headcount that we had shared at the earlier this year. We've already achieve that mark. And so right now, we're kind of turning to look to see where we can optimize and focus on that return. So next year, although, we will continue to invest in sales and marketing as well as other functions, the focus will be more on the optimization.

Got it. And then maybe kind of a follow-up on that. When we think about 2023, how should we think about the mix of investment around headcount, channel and digital marketing? It seems like you're leaning more into the channel. Maybe if you could just elaborate on that.

Yes. The channel investment started this year. It's new for us still early in the phase. And I think we're satisfied with the progress we've been making so far, but it's a little too early, so we'll be able to share more thoughts around that at our Q4 earnings.

Got it. Thank you.

Thank you. Our next question or comment comes from the line of Trevor Walsh from JMP Securities. Just to say Mr. Walsh, your line is – I'm sorry. Our next question or comment comes from Mr. Matt Saltzman from Morgan Stanley. Mr. Saltzman, your line is open.

Hey, team. Thanks for taking the question. So just first question, trying to understand how much of VMDR growth is coming from the existing base versus new customers? And then second part of that question is, as penetration into the existing base continues to increase and you need more net new business for further growth, how are the channel incentives going to impact the margin structure going forward? Thanks.

Yeah. I think that historically our growth has been primarily coming from the existing customer base as demonstrated by our -- a strong net dollar expansion rate. I think that we've been very successful in selling into our existing customers. The retention still remains to be very strong. On the new business front, I think there's work to be done. We could have executed better this quarter on the new business side and in terms of the unit economics, how we're thinking about pricing and incentives, especially with respect to channel partners. So little too early, we are working through that right now to think about how we're going to think through the profit sharing as well as the pricing overall because we are seeing increase in pricing competition.

Got it. Thanks so much.

Thank you. Our next question or comment comes from the line of Trevor Walsh from JMP Securities. Mr. Walsh, your line is open.

Hey, can you guys hear me?

Yeah.

Okay, great. Thanks for taking my question. Sumedh, maybe for you, I was curious if you could walk us through the thought process around the Blue Hexagon acquisition. My understanding that's more of a network detection response type offering for the most part. So as far as building or buying or partnering, actually probably more importantly given you've got some integrations with other network centric players. Can you just help us understand kind of what was special about them and the logic behind that? And then kind of relatedly maybe kind of what you're seeing in the broader XDR picture and how that might help to kind of flesh out your offering there? Thanks.

Yeah. Great question. So in Blue Hexagon, they really brought to us a very strong team and a platform that understands machine learning and AI more specifically in the security space. And so when you have that kind of a platform with Qualys having the large amount of data, the 13 trillion data points. So we talked about that. We index and the telemetry that we get. There's many different applications that we can see that are very relevant to security that can be sort of created from that combining platform that they have from a machine learning perspective with the data that we have. And the ability to sort of detect macro-based intrusions from our malware in the environment that you mentioned about is sort of one application of that and that's sort of the first more matured application that we will be looking to integrate into our total cloud that we announced where leveraging the network data that we see in the cloud environment, we will be able to provide detection around zero to exploits, et cetera. But we see a broader application over the next few quarters over the next year or so that we will integrate different aspects of our data into the machine learning platform and we'll be able to help different applications including more targeted patching for vulnerabilities that using ML model actually bubble up to be the ones that are going to be the most exploitable, et cetera. And then just providing more insight to our customers on what to prioritize on remediation as well as help with our EDR and our XDR capabilities to bring additional machine learning capabilities into those modules as well for analyzing the data. And so, as we continue to build a more holistic platform as we really think about it is customers need to know their devices, they need to be able to mitigate risk and then they need to be able to monitor the threats and that's where the combination of asset inventory, VMDR plus branch management and then EDR plus XDR from Qualys is going to benefit from the integration of Blue Hexagon into our stack.

Great. Thank you.

Thank you. I'm showing no additional questions in the queue at this time. I would like to thank everyone for participating in today's call. This concludes the program. You may now disconnect. Everyone have a wonderful day.

Goodbye.