Good day, and thank you for standing by. Welcome to the Qualys Fourth Quarter and Full year 2022 Earnings Call. At this time, all participants are in a listen-only mode. After the speakers' presentation, there will be a question-and-answer session. [Operator Instructions] Please be advised that today's conference is being recorded. I would now like to hand the conference over to your speakers today, Mr. Blair King. Please go ahead.

Good afternoon, and welcome to Qualys' fourth quarter 2022 earnings call. Joining me today to discuss our results are Sumedh Thakar, our President and CEO; and Joo Mi Kim, our CFO. Before we get started, I would like to remind you that our remarks today will include forward-looking statements that generally relate to future events or our future financial or operating performance. Actual results may differ materially from these statements. Factors that could cause results to differ materially are set forth in today's press release and our filings with the SEC, including our latest Form 10-Q and 10-K. Any forward-looking statements that we make on this call are based on assumptions as of today, and we undertake no obligation to update these statements as a result of new information or future events. During this call, we will present both GAAP and non-GAAP financial measures. A reconciliation of GAAP to non-GAAP measures is included in today's earnings press release. And as a reminder, the press release, prepared remarks and investor presentation are all available on the Investor Relations section of our website. So with that, I'd like to now turn the call over to Sumedh.

Thanks, Blair, and welcome, everyone, to our fourth quarter earnings call. We delivered another quarter of strong financial performance; reflecting a year of accelerated revenue growth and industry-leading profitability. In terms of innovation, 2022 was a strong year for Qualys as we expanded our platform and our market opportunity. We introduced Context XDR to enable high-fidelity detection and response capabilities for our customers. We released VMDR 2.0 with TruRisk to enable comprehensive risk scoring and ITSM integrations. We brought External Attack Surface Management into our CyberSecurity Asset Management application. We unified multiple context vectors around asset criticality, vulnerabilities and system misconfigurations with asset telemetry in a single agent and brought a unique EDR application to market. Further flexing the power of our platform, we introduced our cloud-native TotalCloud with FlexScan, which pairs agent and agentless zero-touch assessment options with comprehensive cloud posture management and container security. These innovations allow our customers to reduce complexity as they standardize on a trusted platform that delivers an immediate ROI and lower total cost of ownership relative to siloed and traditional detection only technologies. With CISOs increasingly focused on comprehensive risk management, we have upgraded our TruRisk platform capability to ingest third-party scans into the Qualys Cloud Platform, which we call Enterprise TruRisk Management and is now in preview with customers. Regardless of which vendor scans an organization’s environment, with this enhancement to our TruRisk application, Qualys is now providing enterprise customers with a holistic, enterprise-wide risk score based on asset criticality and our Cloud Threat database, which is a unified threat intelligence platform of over 25 threat feeds. What makes this capability so special is our ability to then reduce an organization’s enterprise risk score by leveraging Qualys' remediation applications with automated workflows through a unified dashboard. Additionally, TotalCloud, which is our cloud-native…

Thanks, Sumedh, and good afternoon. Before I start, I’d like to note that, except for revenue, all financial figures are non-GAAP and growth rates are based on comparisons to the prior year period, unless stated otherwise. 2022 was another notable year of product innovation for Qualys as we continued our product leadership while growing revenues by 19%, maintaining our gross margin at 81% despite inflationary pressures, and generating EBITDA margin of 45%. While our profit margin was well-above our industry peers, 2022 was a year of investment for Qualys with both R&D and sales and marketing growing faster than revenues. In R&D, we invested in our security research and product management teams to further strengthen the value proposition of our products and assist in executing our go-to-market strategy. In sales and marketing, it was a mix of investments in headcount as well as trade shows and marketing campaigns. Having executed against our 2022 investment plan with over a 20% increase in sales and marketing headcount, we look forward to optimizing our investments in 2023 as we remain committed to driving long-term profitable growth. Now, let’s turn to fourth quarter results. Revenues in the fourth quarter grew 19% to $130.8 million, up from 16% in the year ago period. This includes a de minimis add from the Blue Hexagon acquisition, which contributed a few hundred thousand dollars to Q4 revenues. Revenues from channel partners grew 22%, outpacing direct, which grew 17%. Our revenue contribution mix has shifted slightly over the last year with direct making up 58% of total revenues versus 59% a year ago. We expect a similar trend to continue in 2023. By geo, growth in the US of 19% was in-line with our international business, which grew 20%. Looking ahead to 2023, we expect our US and international…

[Operator Instructions] Our first question will come from the line of Dan Bergstrom from RBC Capital Markets. Your line is open.

Yes. Thanks for taking our question. So, could you talk a little bit more about the buildup to guidance for calendar year 2023? What are you assuming from a macro perspective relative to what you saw in the fourth quarter? You said similar, but maybe more on -- is it the same getting worse, close rates? Just trying to better understand the level of conservatism in everyone's numbers here.

Yes. I think, we really think that we saw the macro and -- from our perspective deteriorate in Q4 and that thing -- that was reflected in our softer than expected bookings, both on new and upsell. And, I think, we see opportunity for us to continue to work with our sales team, improve their execution. And I think those are some of the things that -- changes that we have put in place, that we are looking forward to. As we get into Q1 and for FY 2023, we've sort of not assumed any change in that macro or productivity or anything like that when we looked at the guidance.

Great. Thanks. And then, looking through the PowerPoint, it looks like the penetration of Fortune 50 G2K customers increase versus previously and you called out an example in the prepared remarks there. Just curious about what's securing that business, what products did they adopt? And then, just to verify, is this the first real change in penetration there in some time?

I think, the larger customers, what's really interesting is that, they have complex security problems that they need to solve and the combination of Cybersecurity Asset Management capability the vulnerability management and detection response and patch management, together are really helping them solve that. And what is happening is that, everybody is talking about security budgets and the layers being added and the scrutiny, but really it's a question of the spend that you're putting in security is that giving you meaningful outcomes from a risk reduction perspective and that's really the question that's being asked. If we're going to spend this money, are we getting a risk reduction. And that's where the TruRisk that we introduced last year and the enhancement that we have done now, it has resonated well with the CISOs, because now we're able to give them risk score and they're able to actually tie the spend that they're doing to bring that risk score down and really able to quantify how that investment is making sense. And I think that conversation has been quite exciting and that is where we see larger enterprises, like I gave that example of this company, that essentially bought just over $800,000 worth of just asset inventory product to add on to the VMDR in Q4 -- Q3, Q4 so that they could actually enhance their security program and get that outcome and reduce the speed at which they're able to address this threat. So it's not just the projects in security you're executing, but what is the outcome that you are bringing. And I think that's kind of what's resonating with our customers.

Great. Thank you.

One moment for our next question. And our next question comes from the line of Joshua Tilton from Wolfe Research. Your line is open.

Hey, guys. Thanks for taking my question. Just one for me. The growth outlook range for next year is kind of ahead of the growth that you guys did in your current billings in the back half of 2022. So can you just help us understand that ramp or maybe that acceleration in new billings that you guys need in order to I wouldn't say meet, but maybe come in slightly ahead of the guidance that you laid out for 2023? Thanks.

Yeah. If you take a look at the current billings growth for 2022 the 15%, I think that what we would need to beat our revenue guidance is probably do something around that range. And if you take a look at the guidance that we gave for 2023, the assumptions that we made are -- we thought that it would be prudent to take into consideration the current macroeconomic conditions as well as the trend that we're seeing right now. Q4 was a tough quarter for us. As Sumedh mentioned, it was lower-than-expected bookings performance. And what we've assumed in the 2023 guidance is that that condition continues. We will be actively looking to improve our sales execution as well as look at different opportunities both large and small across all our customer base in order to drive bookings growth. But with that said, we feel that the guidance is probably derisked at this point.

Thank you very much.

Thank you. One moment for our next question. Our next question is come from the line of Joel Fishbein from Truist. Your line is open.

Hi. Good afternoon. This is [indiscernible] for Joel Fishbein. I just had a question. I think you had mentioned -- I saw that your gross margin ticked down around 60 basis points quarter-over-quarter. And I think you might have mentioned some inflationary pressures. Could you talk about discounting? And did you see any pricing pressure additionally in Q4, especially as some of your existing customers were renewing your contracts?

Yeah. I think as we went into Q4, we certainly saw more discounting pressure coming in from competition. And we review with case-by-case basis, but we have a lot of different capabilities that we can offer to bring more value to the customer for the same dollar they spend with us. And so yes, we do see the discounting pressure and we're essentially going back to them with the metal value prop with additional capabilities. And you see some of that in the packages that we have built for 2023, where we are adding patch management and EDR et cetera together in simple packages, which offer them a little discount, but actually make it much easy to reduce the friction of the buying process.

Great. Thank you.

One moment for our next question. Our next question will come from the line of Rob Owens from Piper Sandler. Your line is open.

Great. Thanks for taking my question. As you guys look at your sales and marketing investment from a direct and channel standpoint. Are you leaning either direction as we look at that metric moving forward, might it skew one way or the other given it's been relatively static over the last couple of years? Thanks.

Yeah. I would say at a high level that we've started the program for partners in May of last year. So I think we are excited to see some of the early traction that we are seeing in terms of the registration and the engagement that we are seeing with a number of partners, but I think we're -- it's so early days. And so as we progress through this year or so, we'll get a better idea of how the demand is coming from partners versus direct. And I think as that evolves we will have a better picture and some are not necessarily driving towards one way or the other.

Thank you. One moment for next question. Our next question will come from the line of Brian Essex from JPMorgan. Your line is open.

Hi. Good afternoon. Thanks for taking my question. I guess maybe for Sumedh. I think, Joo Mi mentioned that there was no real material contribution in the guidance from Contact XDR and total cloud, but maybe some early indications of what you're seeing there and maybe outside of those products other emerging products that might be showing signs for early contribution? And how might that drive levers for upside in 2023?

Great question. So if you look at where in Q4, if you look at cybersecurity management, patch management, I think those continue to have good uptake. And if you see the contribution to the bookings, I think it's like 15% for the combination of those two. And so I think we are seeing more and more interest in those. I think total cloud is something that we're driving a lot of innovation in and the Blue Hexagon coming in. So as customers are looking for flexibility moving workloads from on-prem into cloud multi-cloud and back I think a combination of Qualys VMDR with total cloud licenses is something where we see initially they will look at being flexible with the licenses that they have and then adopt additional licenses as they grow into the cloud in the future. The feedback has been very positive because of the comprehensiveness of the scanning capability that we bring and sort of just focusing on a snap chart only scan or agent-only scan we're giving them the most flexible options. And so our large enterprises are excited about it instead of looking at cloud-only security solutions that only gives them a visibility near the cloud. Most companies applications have or hybrid some of it is in cloud some of it is in on-prem and they want to see the risk overall risk of a combination of everything. And so that feedback has been quite valuable and we have customers who are looking forward to starting to do evaluations of Coco Cloud. Now that it's gone and give us feedback and see how that they can adopt that in addition to the VMDR that they're using on their own brain systems. And then context SDR is still early days. We have a few customers that have started using it are giving us feedback. But the overall theme is the same that today instead of having multiple tools collecting parts of the data and then them having to build something to bring context. So while there are many tools that are just collecting logs and providing detections from those locks the context of the asset, whether it's running a database, or whether it has vulnerabilities all of those things are missing. And so on the Qualys platform, because we have so much real-time context of the asset when they're able to bring those logs in Qualys that's where they're seeing interesting use cases that they can satisfy. I think that's kind of how really customers are looking at it that the Qualys platform solves multiple use cases more than the individual product. It's the use case that they have how that is getting solved. So it's early days for these, but I think we are pretty excited about the more immediate term uptake that we're seeing in Cyber Security Asset Management and Patch Management and then we look forward to Context XDR and Total Cloud more in the future quarters.

Got it. That's helpful. Maybe just a quick follow-up. Just on managed services penetration, I think you've talked about it in the past. But in the spirit of expanding outside of large enterprise and outside of the traction that you're seeing with partners. And any incremental traction there to note?

No, I think we continue to bring MSSPs on board, as you work with them, but I think nothing to call out that is dramatically different. I think, as it was interesting to see as the macro also evolves from the partner perspective how they see the value of managing their bottom line to provide service to their customers by not having to go to 20 different tools to provide the service versus standardizing on a Qualys platform that is bringing everything from providing vulnerability management patching to EDR. And those are the congresses that we are having as partners are also looking into 2023, how they want to optimize what they provide, but like I said nothing material or very different to share right now.

Got it. That's helpful. Thank you so much.

One moment for our next question. Our next question will come from the line of Rudy Kessinger from D.A. Davidson. Your line is open.

Hey, guys. Thanks for taking my question. I guess I'm curious on the guidance it sounds like what you're saying is what's baked into the guide for 2023 and is an assumption that the conditions in Q4 continue but not necessarily get worse. I guess, I'm just curious why not go in that next step. I think most of your competitors and others in the broader cybersecurity space have gone that extra step to make an assumption that things deteriorate further and bake that into the 2023 guide. So, just curious what drove that decision there.

Yeah. I think in terms of – look I think we are taking into account that what we saw in Q4 which for us was fairly different than what we have seen earlier and it was not in terms of productivity et cetera, was lower than what we had expected. So we're assuming that that's going to continue. And again we are continuing to invest in the sales and marketing side of the house to get more quota carriers and to be able to improve with the packages that we have, et cetera, to improve how we are looking at execution. So that's why we are just assuming the continuation of the Q4 macro that we are seeing. But again, it's – there is lumpiness that we understand, but that's kind of how we are looking at it.

Yeah. And as I mentioned in Q4 what we saw was bookings came in lower than what we had anticipated, and so we felt that that macro impact in Q4 already. And so for us the way we look at it is because of the macro impact it had a it had a trickle down impact on the sales rep productivity and in the process and we're really looking into our sales execution and the momentum. And so with that said, we do see signs where like as an example we just launched a new product. There are some initiatives that are going on right now that, we feel like it's headed in the right direction. But the guidance actually is taking into consideration all these different elements including the personnel changes. So we feel that it is a cautious guidance from our perspective.

Okay. And then secondly on the sales execution, you've mentioned that a couple of times I guess, where do you really need improvement? Is it more so your tenured reps are not selling really the whole package as affected is that your newer reps are taking longer to ramp and obviously, the macro could be impacting that. But any more tangible items you could call out on sales execution that you're looking to improve?

Yes. I think we are overall. I think the investments we made in 2022. A lot of them have done well. I think we increased sales headcount as well. I think it's a little bit different in each segment like you saw the larger customers are doing well in terms of getting additional capabilities from Qualys, et cetera. And then of course there are some deals on the larger enterprises where because of the macro there are additional signature, additional layers of convincing the value and I think there is room for us to do better in those. We didn't quite in some of these deals actually stay ahead of ensuring that we were in front of the right people and showing the value. So I think that's a training that we are giving even our tenured reps to make sure that as we get into 2023, we're doing a better job of staying ahead of that. I think on the lower end of the customers, that's more about how do we reduce the friction in the buying process by not having to have them upsell individual modules and provide better packages and then just a matter of messaging for the SMB segment around value proposition as we call it MDR True Risk and then fix it that this is going to fix your things and this is going to protect you. So I think it's – on those two different segments I think it's right. And then overall of course we have a sales force we have been hiring last year and there is a room for us to provide better sales enablement for them. And that's why with Pinkesh now coming on board and aligning product marketing, product management, product market being and driving more product-led growth, we believe we can use our platform itself as a way to create more opportunities for our sellers to show the value prop much more quickly. And so it's a combination of those things that we are looking at.

And just to add a little bit more color to it. The way we're looking at it is we've always been a product leader. We believe that we have a very differentiated cloud platform that works very well and serves our enterprise customers that are looking to solve very complex and difficult problems. And so that's why we've been successful in the last year in terms of our ability to grow both account and the dollar amount from larger organizations. With that said, where we've seen the lack of growth and the inefficiency if you will is on the SME and SMB space, where if you take a look at as an example, customers who spent less than $20,000 with us, the count really didn't grow that much and that's been a drag on our business. That's where we're really focused on right now with the new product and packaging, we knew that there was friction. And this is where we're very happy with the new product launch. And with that I am happy to accelerate and gain the momentum in that segment where we've seen more of the macro head, we believe that that will have an incremental revenue if you will that we'll be able to deliver probably in the second half of 2023.

Thank you. One moment for our next question. Our next question will come from the line of Hamza Fodderwala from Morgan Stanley. Your line is open.

Hi, good evening. Thank you for taking my question. Joo Mi, you talked a little bit about the personnel changes and how you're thinking about that. Just curious, how are you reflecting sort of the risk of additional sales disruption on the back of the CRO departure? Is that something that you really contemplated in your 2023 outlook?

Yes. And this is why we believe our outlook is appropriately derisked from that perspective, because if you take the assumption that we made in addition to the -- assuming that the current macro continues is, no material improve or gain from the newer product. I mean we do see a huge upside to our guidance if our newer product happened to take off in the second half of this year. However, because of the personnel changes, we believe that the sales and productivity, even though it was lower in Q4, we're assuming that it continues as it is in 2023.

Got it. And just so I guess, maybe our models are level set, because it is an important metric. I'm curious how you're thinking about growth for CCB throughout the year. I think in times where -- years where things have been slowing we've seen CCB kind of south of revenue growth by a few points. Should we expect CCB to grow like maybe close to 10% this year?

Not necessarily, because if you think about revenue, it's a lag from the CCB, right? And so when I say the upside, the CCB could grow higher than the revenue and that's the uncertainty. In terms of our guidance for the revenue, however, it's more informed by what we were able to achieve in 2022. We believe we'll be achieving in the first half 2023. That will have a greater weight on the revenue for 2023.

Okay. Thank you.

Thank you. I'm not showing any further questions in the queue. With that, this concludes today's conference call. Thank you for participating. You may now disconnect. Everyone have a great day.