Tenable Holdings, Inc. (TENB) Q1 2019 Earnings Report, Transcript and Summary

Greetings, and welcome to Tenable First Quarter Earnings Call. [Operator Instructions]. Please note, this conference is being recorded. I will now turn the conference over to Andrea DiMarco, Vice President Investor Relations and Strategy. Thank you. You may begin.

Thank you, operator, and thank you all for joining us on today's conference call to discuss Tenable's First Quarter Financial Results. With me on the call today are Amit Yoran, Tenable's Chief Executive Officer; and Steve Vintz, Chief Financial Officer. Prior to this call, we issued our earnings release for the first quarter and financial results. It's available on our Investor Relations section of our website. Let me remind you that we'll make forward-looking statements during the course of this call, including statements relating to Tenable's guidance and expectations for the second quarter and full year 2019, growth and drivers in Tenable's business, changes in the threat landscape in the security industry and our competitive position in the market, growth in our customer demand for, and adoption of, our solutions, and planned innovation in new products and services. These forward looking statements involve risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. You should not rely upon forward-looking statements as a prediction of future events. Forward-looking statements represent our management's belief and assumptions only as of today and should not be considered representative of our views as of any subsequent date. We disclaim any obligation to update any forward-looking statements or outlook. For further discussion of the material risks and other important factors that could affect our actual results, please refer to those contained in our most recent annual report on Form 10-K filed with the SEC and subsequent reports that we filed with the SEC, available on the SEC website, sec.gov. In addition, during today's call, we will discuss non-GAAP financial measures. Our earnings release that we issued today includes GAAP to non-GAAP reconciliations for these measures. Now let me turn the call over to Amit.

Thank you, Andrea, and thank you for joining us on the call today. I'm pleased to share that Tenable delivered another strong performance for Q1. Revenue grew 36% year-over-year to $80.3 million and calculated current billings grew 25% year-over-year to $81.2 million. Our performance reflects the growing opportunity for Cyber Exposure, which we believe will become the industry standard for managing and measuring cyber risk in the digital era. Cyber Exposure provides broad visibility into exposures across all connected assets and deep analytics that translates this data into actionable intelligence. The evolution of vulnerability management and the compliance to a risk-driven, higher-value added process, includes deeper analytics that combine vulnerability data with the other indicators of risk, including threat intelligence and asset criticality. This provides a more comprehensive review of cyber risk that enables CISOs and executives to take appropriate action to reduce their risk and exposure. Responsible vulnerability management is the foundation of reducing cyber risk. According to Gartner's A Guide to Choosing a Vulnerability Assessment Solution report published in April of 2019, by 2022, organizations that use the risk-based vulnerability management method will suffer 80% fewer breaches. Over the past few years, the vulnerability management market has become a much more strategic and important focus for the enterprise due to growing recognition that many breaches can be prevented through a focus on the fundamentals of good cyber hygiene. Historically, VM was largely compliance driven. Security teams focused on a limited number of traditional assets to secure PCs, laptops and servers. And they conducted periodic scans, they were checking the box and moving on. Most enterprises assessed a small sample of their environment and conducted ad hoc scans in the spreadsheets to try to centralize and prioritize data. Today, as enterprises continue their path to digital transformation, there are new assets coming online all the time. Enterprises must first identify all assets on their networks ranging from desktop computers to connected printers and cameras to cloud deployments and operational technologies. Then they must assess every single device to identify, prioritize and result thousands of known vulnerabilities that hackers can exploit. The path of entry for hackers has multiplied, and the number of breaches - preventable breaches has increased exponentially. Because of the complexity of today's digital environment, vulnerability management has also become much more complex. It can no longer be responsibly managed in silos, on spreadsheets and with manual processes. It can no longer be a cobbled together type of approach with multiple tools or outsource of the annual audit. Enterprises today are looking for a continuous and comprehensive visibility and assessment of exposures across their entire compute environments with an enterprise-wide VM solutions, such as Tenable.sc or Tenable.io or with the combination of both. And with all the new assets coming online, the increase in exposures makes prioritization even more critical than ever. Today, our customers can automate prioritization of exposures for remediation with Predictive Prioritization. Predictive Prioritization automatically prioritizes each vulnerability based on the likelihood it will be exploited. We combine our vulnerability data with our data science algorithms that tell us about the exploitability of each vulnerability and third-party vulnerability data and threat intelligence using proprietary machine learning algorithms to help customers take action on the small percentage of vulnerability that matter most to their enterprise. But Cyber Exposure is much more than a comprehensive asset coverage and exposure prioritization. The CISOs has become a central part of articulating an organization's cyber risk and guiding strategic investment decisions at the C-suite and the Board. As a result, not only has vulnerability management become more strategic, but CISO requirements for VM solutions have changed. To answer the fundamental question facing organizations today, how secure are we? CISOs need to know where to focus investments based on business risk. They need visibility into how the effectiveness of their security investment and the cyber risk are tracking over time, and how their company compares to its peers. The need for Cyber Exposure is ubiquitous. That's why we're so excited about our Cyber Exposure platform designed to address the strategic cyber risk issues that the C-suite and Board-level executives are facing every day. Over time, the release and development of Lumin will integrate and contextualize additional data alongside vulnerability information to provide even greater intelligence. Lumin uses data science to provide the measurement of Cyber Exposure, scoring and trending over time with benchmarking. We believe the growing importance of VM and its evolution to Cyber Exposure represents a huge incremental opportunity for Tenable. When we think about our market opportunity, we look at the growth in the end markets for Cyber Exposure. We look at the shift to cloud deployment. We have solutions that connect, scan and ingest data from all the major public cloud providers. And part of our differentiation is the fact that we deploy in hybrid cloud and on-premise solutions for our customers as they try and manage their hybrid compute environment. We have almost 1,000 customers who are using both our on-prem and cloud deployment combined. The market requires this type of hybrid approach to VM. We look at the growth in web applications, container usage, IoT devices coming online as we expanded opportunity for Tenable. We have solutions to address these needs. In fact, for over a decade, we've been deploying passive network monitoring capability that many of our customers use today to address their IoT requirements. Tenable is also positioned to participate in the growth of operational technologies in the security market. According to Gartner's Competitive Landscape Operational Technology Security report published in October of 2018, annual OT spent will grow at 46% CAGR through 2022. This market has been in its infancy. But according to a recent survey recommissioned with the Ponemon Institute, most organizations in the OT sector have already experienced multiple cyber-attacks, causing significant downtime and business disruptions. Consider the overall modern asset growth in the market with another quote from Gartner's Security Summit titled Fix What Matters: Provide DevOps Teams with Risk-Prioritized Vulnerability guidance presentation from 2018. "Through 2021, the single most impactful enterprise activity to improve security will be mitigating vulnerability." That's a powerful quote about the strategic importance of our industry. In our view, operating a technology infrastructure without a mature understanding and active management of cyber hygiene can be viewed as negligent. By combining forecast for connected enterprise IoT devices, cloud deployments, container instances and other new and traditional assets, we believe that our total addressable market reaches $16 billion this year. And we get very excited about the opportunity in front of us. We believe our scalable Cyber Exposure solution is differentiated by three key strengths: first, in the breadth of asset coverage. We assess vulnerabilities across the entire enterprise attack surface, including traditional and modern assets as we've been describing; second, the depth of our analytics. We combine vulnerability data with an understanding of exploitability and threat information and use our algorithm to help organizations predict, prioritize and address their highest levels of vulnerability. We have heard from a long-standing Tenable.sc customer, now using Predictive Prioritization, they have a much deeper understanding of their actual, quantifiable level of vulnerability and exposure for any given set of vulnerabilities. And this is only the first of many analytic applications we can build, which leverage vulnerability data and help organizations prioritize, measure and address their Cyber Exposure. With our soon-to-be-released Lumin product, we will include asset criticality and benchmarking as a new capability; and third, our focus on a best-of-breed singular approach to vulnerability management. We deliver breadth and depth through a singular focus on VM. Our best-of-breed approach leverages critical strategic integrations that are a key part of our strategy. We've highlighted our partnerships with ServiceNow, Splunk, AWS, Google, Siemens and numerous other companies. When I talk to customers, they want this best-in-class vulnerability management approach that's optimized to integrate and leverage the existing configuration databases, ticketing, patch management and enterprise infrastructure that they've already purchased. We provide the integrations our customers need to successfully invest and leverage best-in-class solutions. With that, I'd like to highlight just a few six figure wins from the quarter as evidence of VM's growing strategic importance and continued investment in Cyber Exposure. One of our new logo adds, a large acquisitive healthcare company, needed to create more mature, comprehensive, vulnerability management program with actionable reporting and flexibility. Their existing tool was not scalable and did not meet their needs as an organization, which was growing, and they needed to continue their digital transformation. For this, the customer required a hybrid approach, combining both Tenable.sc and Tenable.io to solve their strategic enterprise-wide VM need. Another new logo add was a global manufacturing company that was struggling with reporting and integration functionality of their existing VM solution. New asset scanning, such as IoT and web applications was also very important for this customer. Tenable.io, VM plus web app scanning solved most of their asset coverage requirements, and we're also able to bring better reporting and integration capabilities to meet their needs. In addition, the customer also told us the Tenable's brand equity helped us win this logo and the decision maker used to use Tenable.sc at a prior company. In our last example, I want to highlight one of our Nessus upsells, a large consumer packaged goods company that wanted to take their manual VM program, which was leveraged in Nessus Professional to the next level. This included a more comprehensive scanning, including the deployment of agents, external scanning, multi-cloud environment scanning, passive monitoring and integration with their ticketing systems, such as ServiceNow. And the customer told us that reporting functionality for the CIO and the Board and the robust feature set for Tenable.sc and including Predictive Prioritization was absolutely critical to our differentiation and the win. For all of these wins, we believe our continued evidence that Tenable is partnering more and more with customers interested in the best-of-breed strategic approach to understanding their cyber risk. I'd like to now turn the call over to Steve to walk through our financial results for the quarter and our outlook for the year.

Thank you, Amit. As mentioned earlier, we are very pleased with the results for the quarter and excited about our outlook ahead. In particular, the investments we've made over the last several quarters in product and distribution are taking hold, and are reflected in the more optimistic outlook we are providing for the remainder of the year. I will discuss our Q2 and full year guidance momentarily, but will start with a review of our Q1 results. I'll begin by reminding you, except for revenue, all financial results we will discuss today are non-GAAP financial measures unless otherwise stated. As Andrea mentioned at the start of this call, GAAP to non-GAAP reconciliations may be found in our earnings release issued earlier today and on our website. Now onto the results for the quarter. Revenue for the quarter was $80.3 million, representing 36% growth over the same quarter last year. It's worth noting that approximately 90% of our revenue recognized in the quarter was recurring, which is a benefit of our subscription model. Calculated current billings, defined as the change in current deferred revenue plus total revenue recognized in the period, grew 25% year-over-year to $81.2 million in the first quarter of 2019. Let's discuss customer momentum, which we believe is an indication of the sizable opportunity ahead of us and our ability to win share, particularly in the enterprise market, where we are experiencing larger land and expand deals. First, we continue to see a robust greenfield opportunity from customers without formal enterprise-wide VM programs. In the first quarter, we added 311 new enterprise platform customers. As much as 40% of our new logo adds in the quarter can come from this greenfield opportunity as vulnerability management and Cyber Exposure more broadly become increasingly strategic spending priorities; second, in terms of increasing the enterprise penetration, we added 41 net new 6-figure customers in the quarter. These are customers who spend in excess of $100,000 annually on a last 12-months basis. This brings the total number of customer spending in excess of 6 figures to 494. These results are reflective both of our investments in dedicated enterprise sales resources, including named account sales reps, as well as our ability to assess an increasingly broad range of assets, including web applications, containers and Operational Technology. In summary, we're pleased with our top line results for the quarter, especially given the context we highlighted on our last call. First, as it relates to our Federal business, we did overcome much of the impact from the 35-day federal government shutdown. However, the closing for certain new Fed deals and renewals is expected to happen later in the year. This is expected to just be timing and does not impact our outlook for the full year; second, it's also worth noting that growth in calculated current billings in Q1 was impacted by a strong quarterly compare, with over 45% reported growth last year. That said, we're pleased with the continued momentum in our business, which is reflected in the updated guidance for 2019 that I will review shortly. Now I'll turn to expense and profitability. Gross margin was 85% in Q1 compared to 86% in Q1 last year. Although gross margin was essentially flat compared to Q4, it is better than expected as the investments we are making in public cloud infrastructure, with the delivery of our Tenable.io platform, are scaling better overall. Tenable continues to enjoy attractive gross margins on increasing demand and adoption for Tenable.io globally all while providing a product platform that offers hybrid deployment options based on our customers' requirements. However, we continue to add new functionality and additional points of presence globally. And long term, expect gross margins to settle in low 80% to high 70% range over time. But as we look out the rest of the year, we expect gross margins to moderate to the high end of this range. Now turning to operating expenses. We are focused on improving operating leverage in our business over the long term. But in the near term, we are investing for growth. Sales and marketing expense in Q1 was $49.3 million compared to $39 million in the first quarter last year. This represents 61% of revenue for the quarter, down from 66% in Q1 2018, but up sequentially from 59% in Q4. As a reminder, sales and marketing expense as a percent of revenue is typically higher in the first half of the year for us due to a large number of industry and other events as well as incremental investment in sales capacity in the first half of the year, which is expected to produce leverage over time. R&D expense in Q1 was $19.9 million compared to $16.7 million in Q1 last year. As a percent of revenue, R&D was 25% versus 28% in Q1 of last year and essentially flat to last quarter. Innovation remains a top priority for us across all of our products but especially around data science, analytics and coverage of new paradigm assets, including OT, IoT, cloud and containers. G&A expense was $11.9 million for the quarter compared to $7.9 million in Q1 last year. As a percent of revenue, G&A was 15% versus 13% in Q1 2018 and essentially flat to last quarter. The increase largely reflects new costs associated with being a public company. Our non-GAAP loss from operations in the quarter was $13.2 million. This result reflects $1.4 million of employee-related payroll taxes associated with option exercises, specifically Medicare and other forms of payroll taxes. Option exercises may vary quarter-to-quarter, so to the extent that employer-related taxes are significant in future periods, we will let you know. Now the $13.2 million operating loss compares to a loss of $12.9 million in the first quarter last year. Non-GAAP operating margin was negative 16% compared to negative 22% from the first quarter last year, a negative 14% in Q4. Pro forma non-GAAP net loss per share was $0.13, which was $0.05 above our guided range of a loss of $0.19 to $0.18 per share. $0.02 is going to be - it's attributed to better than expected revenue with the remainder due to better overall gross margins and operational efficiency. Focusing on the balance sheet. We finished the quarter with $299 million in cash and cash equivalents and short-term investments. In terms of cash flows, free cash flow burn was $3.2 million for the quarter compared to a burn of $1.1 million for the first quarter of 2018. However, included in the cash outlay this quarter is employee stock purchase plan activity. As a reminder, we started our ESPP program in August of 2018 and the first purchase date was on March 1 of 2019. Overall, the ESPP negatively impacted Q1 free cash flow by $4.9 million primarily from the contributions previously received as they were reclassed to a financing activity at the purchase date. On an annual basis, however, the ESPP is not expected to have a significant impact of free cash flow due to the timing of future contributions and purchase periods. Since we are on the topic of cash flow, as a reminder, later this year, we expect to incur approximately $10 million of nonrecurring CapEx related to the buildout of our new headquarters, which will primarily impact free cash flow for the second half of the year. Although, we still expect to become free cash flow positive as we exit 2020. In summary, our Q1 results provided a solid foundation for a successful 2019. We performed well on the top line and demonstrated significant margin leverage. Now let's turn to guidance. In the second quarter of 2019, we currently expect revenue to be in the range of $82 million to $83 million, non-GAAP loss from operations to be in the range of $15 million to $14 million; non-GAAP net loss in the range of $14.5 million to $13.5 million and pro forma non-GAAP net loss per share in the range of $0.15 to $0.14, assuming a weighted average common shares outstanding of 95.7 million. For the full year 2019, we currently expect revenue of $343 million to $347 million, calculated current billings of $413 million to $417 million; non-GAAP net loss from operations in the range of $57 million to $53 million; non-GAAP net loss in the range of $54 million to $50 million; and pro forma non-GAAP net loss per share in the range of $0.56 to $0.52, assuming a weighted average common shares outstanding of 96 million. Included in the full-year guidance is an expected annual non-GAAP provision for income taxes of $4.4 million to $4.6 million, which excludes the impact of stock-based compensation. Please keep in mind that the Q1 non-GAAP provision for income taxes was $750,000. And now I'll turn the call back to Amit for some closing comments

In summary, we continue to be excited about the opportunity in vulnerability management and pioneering cyber exposure. We believe that the combination of our differentiated technology, even stronger now with Predictive Prioritization, our data integration capabilities and our strategic approach to VM, position Tenable to successfully aid our customers in their journey to secure their digital transformation. We'd now like to open the call up for any questions.

[Operator Instructions]. Our first question is from Melissa Franchi with Morgan Stanley.

Congrats on the quarter. Amit, maybe we can just start with a very high-level question on the health of the vulnerability management market. Based on what you saw in Q1 and then just looking forward into the pipeline for 2019, how would you characterize the level of customer activity around VM relative to what you saw last year?

Yes. All indications and engagement with our customers and prospects indicates that the market continues to heat up. There is continued recognition that VM is an absolutely foundational part of a security program. And as you see Boards, audit risk committees and corporate directors, CEOs get more engaged in cyber issues, the foundational questions that they're asking are about what the state of their security program looks like. How exposed are they? How at risk are they? And those are foundationally questions that are answered from VM program. So we continue to see adoption and growth in account penetration in our existing accounts and we continue to see a pretty aggressive pace of new customer acquisition as well.

Okay. That's helpful. And then a follow up for Steve. Just digging into the guidance for billings for - or current billings for FY '19, you posted 25% growth in Q1, and I think the midpoint is implying 27% growth for the full year, so a modest acceleration. Can you just walk us through what gives you confidence in that acceleration? And maybe discuss that in light of what you're assuming for the [indiscernible] kind of deals coming back into the pipe in the second half?

Sure. Well, we do see increasing momentum as we look out in the year, specifically the second half of the year, as our guidance will contemplate. Our investments continue to take hold both in terms of the product and sales. And product, we continue to see improved competitive positioning and differentiation both in terms of broad asset coverage as well as our analytic capabilities, such as predictive prioritization. And in terms of sales, we continue to have sales capacity and a large number of new logos and six figure customers and we're expanding into new geos and major economies throughout the world. So what all this means is that we're off to a good start for the year, and we're well positioned for a successful 2019 and what we believe is a very large and growing market.

Our next question is from Sterling Auty with JPMorgan.

This is Ned [ph] on for Sterling tonight. I have two questions. So I know you guys touched on little bit on the federal space, but I wanted to get a sense how was the men with Federal space given the shutdown and what that could mean for Q2? And in addition, if you guys could describe a bit the competitive landscape in the quarter and there are any changes to win rates?

In terms of Fed, we did comment earlier but there were some modest impacts from Fed in Q1. But Fed came in better than expected in the quarter but more notably, the better than expected results was due to overall better performance across the board globally as well as across product portfolios. So Fed really has no impact on our outlook for the year. What we're really talking about is just timings in terms of quarterly flow. So the basis for the revised guidance is strictly on the basis of improved overall performance for the company.

Yes. I think maybe I'll just touch on the - competitive win rates remained very strong. We win far more frequently than we lose whenever we get into a competitive situation and feel like our product sets deliver superior functionality and capability. So frequently, when we're in competitive engagements, if the customers are doing diligence, if they're hands on testing the products with an exceptionally high win rate from a technical standpoint. So we feel very good about our win rates and have not seen any significant change or any deterioration of that during the course of the quarter.

Our next question is from Jonathan Ho with William Blair.

Congrats on the strong quarter. I just wanted to start out with maybe some updated thinking around the Lumin timing. And maybe can you give us an updated thought on - in terms of how that will factor into 2019?

Yes I'll talk maybe a little bit about the Lumin update. As you know, over the last couple of months, about two months ago, we released Predictive Prioritization into our Tenable.sc product. And over the last week or two, we released Predictive Prioritization into the Tenable.io platform. The market reception for that capability has been very strong and as customers get into the deployment cycle, they're - we're already getting feedback from the field that it's radically changing how customers are thinking about their own vulnerability management programs and their enterprise risks. So we feel like we've got a great stepping stone for Lumin in getting customers conditioned to thinking about us, not only to gain insight into their vulnerabilities but also in how they analyze and think about those vulnerabilities and translate those vulnerabilities into enterprise risk. We continue to move forward with Lumin. Lumin will build on Predictive Prioritization by adding in an understanding of asset criticality and also performing key benchmarking capabilities and functions. We said previously that we anticipate a 2019 GA release for Lumin and that remains our commitment.

Got it. Got it. And then can you talk a little bit like - I think you give an example of a customer that was buying both sc and io. Can you talk about maybe the - what the use case is for buying both of those products? And potentially what types of pain points you can solve by having both sc and io?

Yes. At this point, we have about 1,000 customers that are now using both Tenable.sc and Tenable.io where they have a majority of their VM capabilities in-house, on-premise they prefer to integrate with their on-premise platforms and leverage Tenable.sc. They also have some specific requirements if they want to leverage a cloud-based platform and infrastructure for us. So one common use case is mobile workforces, mobile agent technologies, where they want those systems to report back to their cloud infrastructures instead of having to punch holes through the firewall and tunnel those external data sets into an on-premise product or application. Other great examples include assessing cloud-based infrastructures through native connectors to the three major cloud providers, and the elasticity required in a lot of DevOps and container-based environments. So those are probably the three use cases that are most frequently driving a hybrid-type approach to the enterprise market.

Our next question is from Gur Talpaz with Stifel.

Congrats on the quarter. Amit, first question for you. I wanted to talk about new asset coverage, specifically in both ICS, OT and then containers. And the question there is twofold: one, given sort of the fundraising that's happened in the space over the past quarter, have you seen a shift in awareness around this? And then two, from a customer standpoint, are you seeing greater interest in consolidating and managing all these disparate pieces of infrastructure in a centralized solution? I know it's early but just kind of curious to see what you're getting out there these days.

Yes. We're definitely seeing growing interest, and I part of it is - and I don't know if's is the cart of the horse and which one comes first in this case, but there's certainly more funding going into the market but there's also, I think, much more customer demand, greater awareness from the OT, from the operational side of the house in leveraging expertise, cyber security expertise that exist on the IT side of the house. And what we've seen over the last 18 months or so is that a lot of CISOs are now being given responsibility or at least invited over the fence and into the OT environments to help determine what the exposures and risks look like. From our perspective, we certainly focus or try and drive the point home that we can provide them a sort of unified view of their OT infrastructure along with their IT infrastructure. But it's not so much a unified view as much as it is nearly impossible today to assess an OT environment without also understanding the IT components that are part of that operational architecture. So you've got in these OT environments, a lot of common compute platforms and operating systems, and if you're only looking at the OT components, you're not really understanding the risk of the broader control system and the broader environment. So - and we think having that hybrid approach is critical, and we're seeing it in when we have competitive wins against pure-play OT vendors. And I think you're seeing some other IT vendors also provide this sort of converged approach to OT/IT.

That's helpful. And maybe just another product-centric question around Predictive Privatization. It's something you chose to include in both sc and now io. Are you starting to see that create a differentiation and space between you and the competitive subset out there? And how has customer response been towards the inclusion of that into the products suite?

Yes. I'd say the market and the customer response has been extremely positive. When we tell them the story, they get really excited about the new capabilities, the fact that we've done a lot of sophisticated work around determining which vulnerabilities are exploitable, which ones have exploit code available on the wild, which ones are being leveraged by threat actors. And so the combination of these different perspectives helping them prioritize which vulnerabilities to go after. So we've heard a lot of positive feedback. And just - these are fairly recent releases and they're early in the adoption cycle. I literally was in Denver yesterday talking to an enterprise customer. And he opened up the meeting by saying, "thank you for Predictive Prioritization, it's literally changed how our security team thinks about vulnerability management." So the feedback is early but it's positive, and we remain very optimistic about it being a key differentiator for us.

Our next question is from Gray Powell with Deutsche Bank.

Just a couple, if I may. So can you talk about how your enterprise sales motion has evolved over the last couple of years? And then are there any insights you can give on the growth of your direct sales reps this year?

Yes. The one thing that we've made very clear is that we see a very sizable opportunity with VM and the broader mandate Cyber Exposure. As a result, given the confidence to continue to invest. So we continue to add self-capacity on a year-over-year basis, continue go into new markets, which we have planned for this year, and in particular, major - still major sectors of the economy that we're not addressing that we'll now have coverage on. But in particular, we also are adding named account reps, which we talked a little bit about last year. Those investments are taking hold. You can see the momentum that we're clearly demonstrating. In the enterprise market, we're adding a steady and healthy rate of new logos, over 300 a quarter. Increasing larger number of land and expands. And so we think - we're starting to see some early returns in the investments that we're making, not just in terms of coverage and capacity but also, in particular, the ability to transact larger deals with sales reps that are focused on the largest of accounts. So I think as we look out to the rest of the year, it's one of the reasons why we continue to have confidence, the one gives us the outlook that we're providing today.

That's helpful. Then just a quick follow up. Any update on the mix of sort of revenue from new customers versus existing or the growth?

No. Nothing notable in that regard.

Our next question is from Daniel Ives with Wedbush Securities.

Great quarter. So does it feel like conversations are becoming more strategic with customers relative to maybe where we were a year ago, even six months ago, just given what we're seeing in the field as well as your product suite?

I think that's fair to say. Over the last year or two that the VM market and understanding of what you have in your environment and where and how it's exposed has become one of the most important cybersecurity risk topics for corporate executives. So I'd say it's a fair characterization.

Okay. And then how much of your success now, even building of the pipeline, is relative to your execution in the product suite and the pipeline versus maybe even competitive peeking and sort of maybe a movement of share that's happened in the market? I mean maybe just anecdotally talk about that.

Yes. It's a great question. I think we compete effectively. I think we win more frequently than we lose. We certainly do displace competitors on occasion. There is also, I think, as you said, growing importance and understanding of the importance of VM. So there's a natural progression in growth within each account. We also look and do some fairly careful analysis of our large customer wins in any given quarter. We see consistently that about 30% of our new enterprise wins are coming to us from what we characterize as greenfield accounts. So enterprises that previously had no meaningful VM program. So they were relying on maybe an annual audit from some consultancy or a big four or something like that, and they're now realizing that they have to have this much more mature capability to an in-house vulnerability management and Cyber Exposure. So yes, I think there's a combination. I think, look, we're laser focused, we're a best-of-breed provider. I think we've increased our lead from our competitors. I think our enterprise accounts are recognizing that need more pervasive coverage in and across their environments. And also a lot of greenfield accounts waking up to the importance of VM.

Our next question is from Joshua Tilton with Berenberg Capital Markets.

Just back to competition. And speaking with competitors, they have cited good win rates when competing for Nessus customers. Also, I've seen an increase in advertisements from some of your competition outright saying they have better scanners than Nessus and Tenable. Has it become more difficult to convert Nessus customers to more expensive offerings? Just maybe talk about the competitive landscape there possibly.

No. I think we consistently see very strong conversion rates from Nessus to our enterprise platforms. And I would suggest to anybody that does any meaningful testing, there's a qualitative and a quantitative delta of significance between us and any of our competitors. So I don't know if they're looking - what specifically they're talking about, but in head-to-head technical competition, it is exceptionally rare that we'll lose on technical testing.

Okay. That's helpful. And then just a follow up really quick. Has there been any news of the Sea Turtle campaign or maybe Russian attackers using malware to specifically target operational tech? Does that drive incremental conversations around the industrial security SKU?

I think there has been a steady - yes, the short answer is yes, I think there has been a study, war drum of increased awareness in the OT world, and that's been probably driving a lot of the conversations between CISO and operational environments. And it's certainly the campaigns but it's also stories continuing to come out of - and case studies and analysis of actual losses being incurred. Some of the high-profile ones that you've seen in news, all - going back to not pitch in and before, where you're talking about hundreds of millions of dollars of tangible loss being incurred.

This concludes our conference for today. Thank you for your participation. You may disconnect your lines at this time.