Tenable Holdings, Inc. (TENB) Q2 2018 Earnings Report, Transcript and Summary

Greetings, and welcome to the Tenable Second Quarter 2018 Earnings Conference Call. [Operator Instructions] As a reminder, this conference is being recorded. I'd like to turn the conference over to your host, Andrea DiMarco. Thank you. You may begin.

Thank you, operator, and thank you all for joining us on today's conference call to discuss Tenable's financial results for the second quarter of 2018. With me on the call today are Amit Yoran; Tenable's Chief Executive Officer; and Steve Vintz, Chief Financial Officer. Prior to this call, we issued a press release announcing our second quarter 2018 financial results. You can find the press release on the IR website at tenable.com. Before we begin, let me remind you that we will make forward-looking statements during the course of this call, including statements relating to Tenable's guidance and expectations for the third quarter and full year 2018; growth drivers in Tenable's business; changes in the threat landscape in the security industry and our competitive position in the market; growth in our customer demand for and adoption of our solutions; our expectations regarding long-term profitability; and planned innovation and new products and services. These forward-looking statements involve risks and uncertainties. Some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. You should not rely upon forward-looking statements as a prediction of future events. Forward-looking statements represent our management's beliefs and assumptions only as of today and should not be considered representative of our views as of any subsequent date. We disclaim any obligation to update any forward-looking statements or outlook. For a further discussion of the material risks and other important factors that could affect our actual results, please refer to those contained in our IPO prospectus and our other SEC filings, which are available on the SEC website at sec.gov. In addition, during today's call, we will discuss non-GAAP financial measures. These non-GAAP financial measures are in addition to and not a substitute for or superior to measures of financial performance prepared in accordance with GAAP. There are a number of limitations related to the use of these non-GAAP financial measures versus their closest GAAP equivalent. Our press release that we issued today includes GAAP to non-GAAP reconciliation. And now let me turn the call over to Amit.

Thank you, Andrea, and thank you for joining us on our first earnings call. I'd like to thank our customers, employees, partners and investors for their support, which together made our recent IPO possible. This was a very important milestone for the company, and we look forward to building on our rich history in the years to come. We are pleased with our second quarter results and the start of our life as a public company. As a reminder, we provided preliminary ranges for some of our second quarter results in our IPO prospectus. I'm pleased to share that our actual results compared favorably to those preliminary ranges for revenue, calculated current billings and non-GAAP loss from operations. Our second quarter was highlighted by strong worldwide demand for our enterprise platform offerings, SecurityCenter and Tenable.io and by increasing strategic importance of Cyber Exposure. For those of you that are new to Tenable, we want to provide some background on our company and market opportunity, given that this is our first call. Our vision at Tenable is to help organizations understand and reduce their cybersecurity risk. We believe digital transformation is driving radical change. The proliferation of new types of digital technologies have resulted in a rapid expansion of the cyberattack circus. Cybersecurity risk has increased exponentially and is now a top priority in boardrooms around the globe. Improving cybersecurity and better managing risks starts by understanding the state of your security and answering key foundational questions such as where are you exposed? How should you prioritize efforts based on risk? Are you reducing exposure over time? And how do you compare to your peers? Tenable helps organizations answer these critical questions about cyber risk. We're already a recognized leader in the traditional vulnerability management market. 20 years ago, we introduced Nessus, one of the most widely deployed vulnerability management solutions in the world with approximately 2 million downloads. Now we're redefining the industry by pioneering what we believe to be a major new category, a category we call Cyber Exposure. Cyber Exposure is a new discipline for measuring and managing cybersecurity risk in the digital era. The world has changed, and we believe Tenable is in a unique position to transform the way organizations understand and reduce cybersecurity risk. Cyber Exposure builds on our roots in vulnerability management and expands our value proposition in 2 ways: the breadth of visibility across a wider set of asset types and the depth of analysis, both of which are critical to accurately assessing cyber risk. New technologies such as IoT, SaaS applications, web applications, cloud infrastructure, DevOps containers and micro services are driving digital transformation, not to mention all the activity happening in operational technologies or OT and control systems. These nontraditional IT assets are growing rapidly. And by nature, they can't be assessed with traditional methods such as active and agent-based scanning. Tenable is able to address the breadth of coverage across traditional and modern asset types. We're excited to see more and more customers share our Cyber Exposure vision. As an example, a Fortune 100 retailer has deployed Tenable across 1 million assets, spanning traditional and modern IT assets in cloud environments, in corporate facilities and in their retail stores. A Fortune 500 food and beverage retailer is using Tenable to secure over 100,000 assets, including store kiosks and connected machinery. Both of these are great examples of customers looking to mature their vulnerability management strategies in the modern age. If you take it one step further, while vulnerability management technologies traditionally produces significant amount of valuable data, they often lack the depth of prioritization and analytics needed to help executives and board make strategic decisions. Tenable's deep analytic tools translate raw technical vulnerability data into actionable business insights that can be used to prioritize remediation efforts. Customers looking to mature their VM strategy not only need to assess both traditional and modern assets but also need to be able to prioritize their resources. As an example, a large multinational insurance company selected Tenable Cyber Exposure risk indicators to compare against internal policies and external frameworks. Executives at this company use the metrics to measure exposure, identify risk trends, control weaknesses and make resource and investment decisions. And we've announced a new analytics and benchmark offering called Tenable.io, Lumin. We believe that Lumin will enhance our ability to help customers measure and benchmark their cyber exposure, both over time and against their peers. We believe Lumin will address a key need in the market as evidenced by the fact that we are oversubscribed in our closed beta. We can also integrate third-party data into our platform which, when combined with our own data set, provides even deeper insights for analysis and prioritization. ServiceNow is a great example. Tenable discovers assets and can be used to auto populate information into ServiceNow CMDB. We can also pull information into our platform for greater detail around business context and asset criticality. When combined with our vulnerability intelligence, this information helps security teams more accurately prioritize issues for remediation. We also integrate our vulnerability assessment data into ServiceNow's ticketing system to provide common understanding and closed-loop processes across security and IT teams, resulting in accelerated remediation efforts. We also have a strategic partnership with Siemens to help energy, utilities and oil and gas companies secure critical infrastructure. Our partnership enables us to deliver innovative solutions for industrial asset discovery and understanding of exposure across IT and operational technologies in converged environments. In June, we announced enhancements to Tenable.io and our industrial security solution, delivered in partnership with Siemens, including smart scanning, expanded Operational Technology asset coverage and interactive topology maps that underscore our commitment to pioneering solutions for OT and critical infrastructure. In Q2, we began to see more customers, including a multinational consumer goods company and a global energy management company using our technology for OT use cases, in production plants and power generation facilities, helping them inventory OT assets and assess vulnerabilities. If you look at the traditional vulnerability management market, third-party research firms such as IDC believe it will grow to be a $6 billion market by 2021. That's based on the historical definition of vulnerability management, which doesn't capture the full spectrum of opportunity Tenable addresses. When you layer in, the much greater size of the modern and tax service including things such as IoT, OT, containers and cloud workloads as well as new products such as Lumin, we estimate that our TAM will reach approximately $16 billion in 2019. In the early innings of executing our vision, our momentum was evident in the second quarter. Calculated current billings for the quarter grew by 39% year-over-year to $77.4 million. Revenue for the quarter grew 44% year-over-year to $63.6 million. Both metrics were driven by continued expansion within our existing install base and success in landing new enterprise platform customers. We added 282 new enterprise platform customers in the second quarter. It's interesting to note that many of our largest new customers were previously operating a very limited vulnerability management program. So in addition to significantly expanding our TAM with our Cyber Exposure vision and platforms, there is still a large opportunity associated with delivering the most basic component of traditional VM. We're seeing continued momentum across all our products, including Nessus Professional, our core scanner with over 19,000 customers, which often serves as an upsell opportunity or on-ramp to our enterprise platforms; in SecurityCenter, our enterprise platform for traditional assets; and in Tenable.io, our SaaS enterprise offering designed to cover traditional and modern IT assets in cloud environments. And many customers are using both SecurityCenter and Tenable.io. Two second quarter deals that illustrate the success of our go-to-market strategy are Centene and UVA. Centene is a leading health care enterprise and currently number 61 on the Fortune 100 list. It started as a Nessus Professional customer. In Q2, Centene upgraded to SecurityCenter and Tenable.io to cover a larger portion of their environment and have access to comprehensive reporting. Centene has since become a 6-figure customer for Tenable. The University of Virginia also started with Nessus and expanded to a 6-figure enterprise commitment in Q2. UVA was looking for a better way to analyze and act on vulnerabilities, and they needed a provider that could address modern assets and easily integrate with other systems such as ServiceNow. UVA was an upsell to Tenable.io. We also continue to see expansion across our customer base. For example, McGladrey, a leading provider of audit, tax and consulting services, is a SecurityCenter customer that expanded coverage to their deployment in Q2. Their deployment has grown over the years to include workstations and lab environments, and they also use agents. Internationally, we saw a good mix of new logos and upsells in Q2. We expanded engagements with customers such as Qatargas Company and a multinational commodity trading and mining company that added tens of thousands of systems to their SecurityCenter deployment and added new customers across EMEA, Asia and LATAM, such as Petrobras. In summary, I'm very pleased with what we've accomplished to date. Our investments in sales and marketing, product design and customer support are contributing to our record revenue scale and continued growth. We're in early stages of defining a new multibillion-dollar market opportunity, and we believe positions Tenable to be one of the key cybersecurity platforms in the future. Now let me turn the call over to Steve Vintz, our Chief Financial Officer.

Thanks, Amit. Let me now dive deeper into Tenable's second quarter 2018 financial results and our business outlook. I'll begin by mentioning that except for revenue results, which are GAAP, all financial results we will discuss today are non-GAAP, unless otherwise stated. As Andrea mentioned at the start of the call, GAAP to non-GAAP reconciliations of these financial measures can be found in our earnings press release issued earlier today. I would also like to remind you that we included ranges for preliminary results for Q2 revenue, calculated current billings and non-GAAP loss from operations in our IPO prospectus in July, just prior to our roadshow. That said, I'll start my review of the quarter with the income statement. Revenue for the quarter was $63.6 million, representing a 44% increase over the same quarter last year, which is a testament to the growing strategic importance of VM and the broader Cyber Exposure mandate. It's also worth noting, our growth and scale are driven by our recurring revenue, which we expect will continue to track in the 85% to 90% range going forward. Please note that when we refer to recurring revenue, we include revenue from subscription and maintenance contracts and exclude revenue related to professional services and perpetual licenses as such amounts are not available for renewal. Before we move off revenue, let me cover the highlights of our adoption of ASC 606 in 2017. First, the revenue presented herein reflects the adoption of 606 on January 1, 2017, on a modified retrospective basis. So the year-over-year comparisons are on the same basis. Second, under 606, revenue from perpetual licenses is recognized over 5 years. And finally, sales commission expense is deferred over periods ranging from 3 to 5 years based on product. Commissions are amortized over 5 years for perpetual licenses, 4 years for enterprise subscription sales and 3 years for Nessus sales. With regard to sales, we sell our software primarily on an annual subscription basis, with a term that is generally 1 year in length, although some customers prefer multiyear contracts. Substantially, all of our contracts are paid upfront. The value of a contract can vary based on the number of IPs or assets purchased. Now with that as a backdrop, I want to walk you through our calculated current billings. Since swings in the percentage of billings from multiyear prepaid contracts can meaningfully skew growth in total billings higher or lower in a given period, we believe calculated current billings is a better proxy of the underlying momentum of the business and the closest corollary to annual contract value, which is how we manage the business. Calculated current billings, defined as the change in current deferred revenue plus revenue recognized in a period, grew 39% on a year-over-year basis to $77.4 million in the second quarter of 2018. This is above the estimated range of $76 million to $77 million included in the IPO prospectus. If you're attempting to calculate current billings in 2017, you should note it was impacted by the adoption of 606. As a result, you need to add $19 million to the current deferred revenue to the balance at December 31, 2016. For more information on how we calculate this metric, please see our IPO prospectus and our press release. Let's move forward and discuss what is driving the growth in billings for Tenable. First is new customers. As Amit said earlier, we added 282 new enterprise customers in the second quarter, which is up from 30% from 217 in the same period last year. The number of new enterprise logos is a clear indication of the lofty of new business and the untapped demand we are seeing worldwide for our software solutions. Now let's talk about expansion from existing customers. While we're adding new enterprise customers at a fast pace, equally important is the fact that we are growing the value of those relationships. At the end of the quarter, we had 340 customers spending in excess of $100,000 in annual recurring revenue on an LTM basis, which represents an 88% increase over the same period last year. Our momentum in customer acquisition and expansion is a testament to our go-to-market approach, which provides multiple ways to land and expand. Many of our enterprise customers initially become aware of Tenable through Nessus, which is one of the most iconic and beloved brands in security. We have approximately 2 million downloads of our free version of Nessus and approximately 19,000 customers on our paid version of Nessus. The paying Nessus customers directly contribute less than 25% of our total billings. But even more important is the fact that they service and on-ramp through a larger enterprise platform sale, which is the majority of our business. 1/3 of all of our enterprise platform sales have historically come from Nessus upsells. We believe this is a major competitive advantage that no one will be able to replicate, given the rich history and ubiquitous nature of Nessus. Now that you understand our go-to-market strategy a little better and how we land new deals from either a low, no or high touch sales motion, let's dive deeper into customer expansion. We have a customer success organization that leads the charge of renewals and aids in upsells, which has culminated in dollar-based net expansion rates to have historically been in the 120% or better range. We utilize the dollar base net expansion rate to measure the long-term value of our customer relationships because it is driven by our ability to retain and expand the revenue generated from our existing customers. As a public company, we plan to share when our dollar base net expansion rate significantly differs from 120%. For more information on how we calculate this metric, again, please see our IPO prospectus. Let's talk about our pricing model so you understand how we can upsell an existing enterprise customer. It happens one of 2 ways. First, we have an asset-based pricing model. So in a market where there is a growing number of network-connected devices each year, we naturally grow with our customers as they look to secure more assets. Second, an increasingly complex IT environment has resulted in new attack vectors, causing customers to secure new types of assets, which we think will drive adoption of new modules for Tenable. We believe we could build a very large business by simply continuing to expand with existing customers. Now I'll turn to expenses and profitability. Non-GAAP gross margin for the quarter was 85%. We expect gross margins will trend down to the low 80s, high 70% range over time as a result of our investments in building out Tenable.io on a global basis. Now turning to operating expenses. We are focused on improving leverage in our business over the long term, but in the near term, we are investing in growth. To provide some historical context, the company did not raise any primary institutional capital prior to the IPO, which speaks to the capital efficiency of our business model. We have seen the positive results of increased investments in our business over the last few years as growth has accelerated from 2015 to 2018. It was a conscious decision to trade points of margin for points of growth. We believe we can execute on this plan while driving the business to cash flow breakeven by the end of 2020. Sales and marketing expense for Q2 were $41.2 million compared to $27.4 million in the second quarter last year. This represents 65% of total revenue versus 62% of total revenue in Q2 last year. The high percentage reflects increased investments in building our global sales organization. There is obviously an upfront cost while the payback occurs over time. Our compelling market opportunity and our dollar renewal rates give us confidence to continue to invest here. R&D expense in Q2 was $17.2 million compared to $13.3 million in Q2 last year. As a percent of total revenue, R&D was 27% in Q2 versus 30% in Q2 last year. Innovation remains a top priority for us, especially around the new paradigm in data analytics and benchmarking, we will continue to invest in, in R&D for the foreseeable future. G&A expense was $8.9 million for the quarter compared to $5.6 million last year. As a percent of total revenue, G&A was 14% in Q2 versus 13% in Q2 of 2017. The increase reflects our investments associated with preparing for our move to the public markets. Our non-GAAP loss from operations in the quarter was $13.3 million, better than our preliminary estimated range of $15.2 million to $14.2 million included in the IPO prospectus and compared to a loss of $7.2 million in the second quarter of last year. Non-GAAP operating margin was negative 21% compared to negative 16% in the second quarter last year. Pro forma non-GAAP loss per share was $0.18 compared to a loss of $0.09 in the same period last year. The pro forma weighted average shares assume the preferred shares were converted into common for all prior periods. As a reminder, we are using pro forma shares for the forecast and historical periods solely for comparability purposes. All of our preferred shares converted into common shares at the IPO in July. We finished the second quarter with $23.7 million in cash. However, this does not include the $265 million in net proceeds raised from our IPO in July. Our free cash flow burn was relatively modest at $1.1 million for the quarter, which is generally consistent with the second quarter of 2017. Going forward, we expect our free cash flow burn to modestly increase in the near term as we continue to invest in the business and absorb increased costs associated with becoming a public company. Again, we have a highly efficient business model, and we believe we will return to profitability over time. That said, with the returns we are generating on our investments and the opportunity to win a major security market, we believe that the right strategic decision is to maintain a higher level of investment in the near term. Now turning to guidance. For Q3 2018, we currently expect revenue to be in the range of $66.0 million to $66.5 million. We expect non-GAAP loss from operations to be in the range of $17.5 million to $16.5 million, non-GAAP net loss in the range of $17.1 million to $16.1 million and pro forma non-GAAP net loss per share in the range of $0.19 to $0.18 a share, assuming a weighted average shares outstanding of 88.7 million. For the full year 2018, we currently expect revenue of $260 million to $261 million. We are also providing annual guidance on calculated current billings, and we'll update this, when appropriate, at the end of each quarter. For the full year of 2018, we expect calculated current billings of $314 million to $316 million, which compares to $235.6 million for the full year 2017, non-GAAP loss from operations in the range of $60.7 million to $58.7 million. We also expect non-GAAP net loss in the range of $61.2 million to $59.2 million and pro forma non-GAAP net loss per share in the range of $0.72 to $0.70 a share, assuming weighted average shares outstanding of 84.8 million. In closing, our confidence in driving our Cyber Exposure vision is bolstered by an attractive market opportunity in front of us. We look forward to continuing the dialogue with all of you. And now let me turn the call back to Amit for some closing comments.

Thanks, Steve. In summary, we're excited to begin our journey as a public company and are off to a good start. We're pioneering a new category as we transform the VM market with our broader and higher value add Cyber Exposure strategy. We believe the combination of our differentiated technology and approach, combined with the growing strategic priority of understanding Cyber Exposure risk position Tenable to build a very large business over time as we become a system of record for cybersecurity and risk. We now like to open the call for any questions.

[Operator Instructions] Our first question is from Melissa Franchi from Morgan Stanley.

I guess, to start just at a high level, Amit, for you, a 39% current billings growth, that's definitely well ahead of overall vulnerability management. Wondering if you could just maybe parse through where this strength is coming from across share gains in traditional VM with SecurityCenter wins or the extent to which you are seeing momentum in selling into what you define as like modern IT assets through Tenable.io?

Sure. I think, in short, we're seeing strength and opportunity across all of those segments. In the traditional VM market segment, we have great focus and have chosen not to diversify into other market segments as competitors or other participants in this space have. So that allows us to have a deeper level of investment in -- prove our capabilities and continue to refine our capabilities. We actually just put out a piece of research over the past couple of weeks showing that organizations -- about half of the organizations are still operating with fairly immature vulnerability management practices. So we see continued growth and tremendous opportunity as the VM market continues to expand and more importantly, even organizations that have some VM program in place mature those programs and practices and expand the coverage of their VM programs within their enterprises. We're also seeing early momentum and tremendous interest in understanding Cyber Exposure more broadly than in the traditional IT asset space. So organizations coming and looking and doing evals and pilots and some early adoption of vulnerability and exposure insight into what's happening in the world of DevOps with their containers and micro services, what's happening in their cloud environments and also looking at both IoT and increasingly, some early adoption now in looking at exposure around OT environment. So -- and we're confident in the growth opportunity in the core VM market but also quite excited about the opportunity for growth in these new areas of technology that are core to enterprise risk.

Okay, got it. And one follow-up, if I may. As a new customer -- or the new enterprise customer adds continued to be pretty strong, to what extent is that coming from upselling the Nessus base versus gaining share from some of your competitors? And then can you just remind us what the catalyst would be for a Nessus customer to move into SecurityCenter or Tenable.io?

Yes. We're seeing a pretty consistent behavior in the adoption of new enterprise logos where about 1/3 of those sales are coming from the pay for Nessus Professional customer base. So we've got about 2 million downloads and users in the freeware community, we've got about 19,000 customers paying for the Nessus Professional edition. And then, in any given period, we'll see about 1/3 of our new enterprise sales or enterprise platform sales coming to us from that Nessus Pro customer base. Those -- that adoption from Nessus Professional to the enterprise platform is primarily driven by a more robust set of APIs and a feature and functionality in the enterprise platforms that make them more attractive than the Nessus Professional Scanner, which is ultimately optimized for audit types of use cases. So in addition to the APIs, more mature dashboarding, reporting, feature and functionality, better integration into other enterprise infrastructure, products, also a diverse set of -- much more diverse set of data acquisitions. So it's not just the active scanner, you get the Nessus network monitor, the passive asset discovery and vulnerability profiling technology, the container inspection for DevOps environments, the continuous monitoring and continuous view types of capabilities that come with the enterprise platform. That has enabled us, and we believe will continue to enable us, to compete effectively with our primary competitors. And I think the complement to that is that we also have seen numerous examples that would have us believe that it's not necessarily a switching market. We see customers of Qualys and other providers in the space making acquisition of our technology as well and leveraging both platforms and still, they are blended and overall spend in overall vulnerability management remains some of the most cost-effective security dollars spent. So we believe that, that trend will continue.

Our next question is from Sterling Auty from JPMorgan.

One question, one follow-up. I know a lot has not changed since the IPO. But I noticed recently some advertisement on YouTube, and it brings to mind the question, where are you seeing the biggest drivers in terms of top-of-funnel lead generation at this point? And where are you investing it moving forward?

For Tenable, I think it's been pretty consistent that the top-of-the-funnel lead generation activities have really stemmed from Nessus and the Nessus freeware community, and that remains a very active and very healthy community. Certainly, in the -- in this -- in the security -- in the technical security community, it remains one of the most broadly used and deployed pieces of software out there. And so we think that will continue. And from our perspective, that's a primary source for lead generation and for, I think just as importantly, brand awareness, trust and credibility in the community. Recent survey showed that about 2x as many security professionals were using Nessus as any other vulnerability management product out there. So again, the mind share, the brand, the trust that comes associated with that.

Great. And then can you clarify or help us understand? In terms of Lumin, what should be our expectations around the rollout of the product and how that should ramp as a product in terms of generating revenue?

So we haven't -- we're obviously progressing with our beta program. We had an oversubscribed beta program. We expanded it to letting the second wave of beta customers, and we're getting tremendous feedback from that. The interest and enthusiasm for Lumin has been very strong, and the feedback has been both positive and insightful for us as we continue to evolve and lead the market, the capabilities in that end of the market. In terms of expectations for release, I think we've got an incredibly strong brand and position of trust with Nessus and Tenable. We want to make sure that when we put that product out to market, that it provides the type of experience and capability that users have come to expect of Tenable. So we haven't -- we're leaving it much more as a functionality, capability and quality criteria than a timing criteria. And we don't view -- while we're extremely confident in Lumin, we don't view Lumin as a significant contributor to revenue over the next few periods.

Our next question is from Gray Powell from Deutsche Bank.

So maybe just to start off, how are you thinking about the longer-term opportunity with Tenable.io? I think it was contributing about 25%, give or take, of new business. So how do you see that mix changing over the next couple of years?

Well, Gray, this is Steve. Tenable.io is an increasing part of our overall mix of business. Q2, as a percentage of sales, Tenable.io is up sequentially over Q1. Long term, we're excited about the platform. It's also a preposition to selling other modules for new asset types, such as container security, cloud security. And also, with regard to Lumin, which is our telemetry and benchmarking application and also addresses Cyber Exposure more broadly, Lumin is specifically built on the Tenable.io platform. So we see a natural evolution in our business, strong demand not only just for Tenable.io domestically and abroad but also for SecurityCenter as a whole, and we're pleased with the demand we're seeing at the product level.

I guess I would just add a little bit to that. In -- I think there's maybe a misconception that products are mutually exclusive. We already have thousands of customers on Tenable.io, we have hundreds of customers -- Tenable.io customers, which are also SecurityCenter customers, where they're leveraging SecurityCenter. They want to keep their core VM programs in-house both from a performance standpoint, security standpoint. But they want to leverage some of the modern asset types of Tenable.io. They want to be able to participate in the analytic products like Lumin or some of the modern asset types or other functionality that's included in Tenable.io. So they've chosen a hybrid approach, and the 2 platforms are designed to work hand in glove and really coexist very effectively.

Got it. That's very helpful. And then this one might be a little bit early. I mean, I know Lumin is still in beta. But just how should we think about the upsell opportunity with Lumin once it's officially available? And just for example, like, if a customer's spending $100,000 per year with Tenable today, either SecurityCenter or Tenable.io, what do you see is the incremental upsell opportunity with Lumin?

We're very optimistic about the incremental upsell opportunity for Lumin. If you look at some of the startups and other companies, they are trying to deliver analytic capability on top of VM data. I think over the last couple of years, there's been sort of this awareness or resurgence of understanding that there is incredible value in the VM data and so you've seen a couple of startups pop up trying to deliver analytic value, prioritization, risk metrics on top of vulnerability data. From a asset pricing model perspective, which is how they're charging, they're actually commanding a premium pricing over and on top of what the VM vendors are getting for producing the vulnerability data itself on a per asset basis. So we're confident they don't -- both the market exists and the market has been conditioned to place great value on there. So we believe we'll be successful in upselling this value proposition with those types of pricing premiums to our existing enterprise accounts. And I think also notably, Lumin is designed to, again, not be dependent upon Tenable being your sort of exclusive or core VM provider. So we'll be able to deliver Lumin capability on top of other people's VM products and platforms. And so that represents incremental revenue opportunity for customers that have chosen other VM platforms.

Our next question is from Gur Talpaz from Stifel.

So Amit, if look at the VM space, you're seeing the emergence of new players in areas like ICS and containers. As you talk to customers, are you seeing heavier interest here in consolidating these functions around a single vendor? And then I guess more broadly speaking, how do you think about the fragmentation that exists not just with security, both in VM itself as you think about the fragmentation across broader IT and OT?

Yes, I think the -- your assertion is a valid one. I think it speaks to a renewed recognition in the market on the importance of VM, how important it is to the overall security posture and the overall understanding of risk to the enterprises. So as enterprises embrace new technologies and leverage technology in their new business models, you're seeing a need and startups being created to help generate an understanding of exposure in some of these newer technology market segments. So from a -- we think that, that's a valid observation and speaks to the importance of the types of insight that we provide. And we also believe very strongly that we've got a very active and dedicated customer base across both the enterprise and the Nessus product lines that have come to trust the Tenable and Nessus brands and believe that we'll be competing from a position of strength as we have credibility and trust in the security community to sell visibility and understanding of exposure into these new technology spaces as well as the added advantage of having a holistic visibility or holistic approach to understanding your exposures and risk across both the legacy and modern asset types. So we think it speaks to the importance of the market, and we feel like we'll be competing very favorably in some of these new market areas against some of the point solution and point product vendors that have popped up recently.

Yes, that's helpful. And Amit, you've been in this space for a long time. You talked a lot in the prepared remarks about Cyber Exposure. Are you seeing a shift in customer mentality towards risk management, towards just prioritization, away from kind of the historical binary approach that we've seen in security? I mean, are you seeing customers sort of start to echo some of the things you're talking about right now?

I think that's definitely the case. And there's -- while -- it's something that I've got tremendous confidence in and enthusiasm for, given my own experience in this space. I think you've got a lot of empirical data that shows us that, that's starting to happen. You're seeing that as a top concern from the survey of the National Association of Corporate Directors. You're seeing it from the SEC issuing new guidance around not only breach disclosure but disclosure of cybersecurity risks to the enterprise. And so for instance, if you look at the RSA show floor this past year, one of the core themes or trends is the introduction of a whole lot of new companies and looking to deliver better solution, better understanding of enterprise cybersecurity risk and also a lot of CISOs and enterprises looking for solutions in that space. So we think when it comes to understanding how secure you are, how exposed you are, what your level of risk looks like, how you compare to your peer group, we think that Tenable is perhaps uniquely positioned to deliver that type of insight across the customer base with both our history in the space as well as the capabilities that we're introducing with Lumin.

Our next question is from Jonathan Ho from William Blair.

Just starting out with maybe the U.S. federal government space, just given the upcoming end of fiscal year. Can you talk a little bit about maybe what you see from an opportunity standpoint and just maybe whether you're seeing any shifts there in terms of adoption of VM and other types of technologies?

In recent periods, I've learned to no longer try and predict what happens in the federal space. But we are -- in all seriousness, the Fed has been a strong vertical market for Tenable historically, and we've got confidence that it will continue to be a strong and important market for us going forward, not only as a consumer of our technologies but also as, I think, a broader definer of requirements and influencer in critical infrastructure and other segments of the market. If you listen to comments made by Secretary Nielsen in -- the Secretary of Homeland Security, others, they've recently kicked off an initiative around a national cyber risk center and are placing greater emphasis. And there's a lot more rhetoric and prioritization around cyber risk management, we think, based on our participation in the continuous diagnostics and monitoring programs, the CDM program for the federal government, in the Department of Homeland Security. We think that we can play an incredibly critical role in how government and also the private sector looks at and understands cyber risk and the importance that a mature VM and Cyber Exposure program could play in that understanding of risk. So we're well aligned with, I think, the federal government's view of the world. And I think we're well aligned with the messaging that they're creating and using both internally as well as putting out into the market and that, that really -- it kind of resonates not only with our view of the world, but I think with a lot of the key CISOs as well as corporate leadership at the CEO and Audit Risk Committee level that we speak with.

Great. And then we've seen that the SecurityCenter 5.7 was recently released. Can you maybe talk a little bit about the enhancements that come with that? And has historically new versions of the product driven any type of accelerated cycle or any sort of timing shifts relative to purchases? Just want to get a sense of how to think about that.

Yes. I think what you're seeing with SecurityCenter 5.7 and I think -- there are a series of releases here happening across the enterprise products and also into the Nessus product line, I think you're seeing continued enhancement of integration into enterprise platforms that our customers are asking for specifically in 5.7, the integration with PAM types of solutions for privileged access management. There is also the integration and improvement of integration into Mobile Agent Workforce support and I think this sort of investment coming from Tenable, certainly in Tenable.io but also in SecurityCenter. And I think you'll see it going forward in Nessus and other product lines, an evolution in helping our customers manage not only the desktop, servers and workstations that they've traditionally relied on Tenable for assessing risk around, but the modern asset base and also integration through open APIs as well as more scripted integrations into other enterprise platforms that they're leveraging. Again, as a best-of-breed focused provider, we want to work very elegantly with patch management solutions, with configuration management solutions, with SIM types of products and platforms, mobile platforms that enterprises have selected to use and deployed already.

This concludes the question-and-answer session as well as today's teleconference. You may disconnect your lines at this time. Thank you for your participation.