Greetings, and welcome to the Varonis First Quarter 2017 Earnings Conference Call. [Operator Instructions] As a reminder, this conference is being recorded. It is now my pleasure to introduce your host, Staci Mortenson, Investor Relations. Thank you, you may begin.

Thank you. Good afternoon. Thank you for joining us today to review Varonis' first quarter 2017 financial results. With me on the call today are Yaki Faitelson, Chief Executive Officer; and Guy Melamed, Chief Financial Officer. After preliminary remarks, we will open up the call to a question-and-answer session. During this call we may make forward -- we may make statements related to our business that would be considered forward-looking statements under federal securities laws, including projections of future operating results for our second quarter and fiscal year ending December 31, 2017. Actual results may differ materially from those set forth in such statements. Important factors such as risks associated with anticipated growth in our addressable market; competitive factors, including increased sales cycle time; changes in a competitive environment, pricing changes and increased competition; the risk that we may not be able to attract or retain employees, including sales personnel and engineers; general economic and industry conditions, including expenditure trends for data security solutions; risk associated with the closing of large transactions, including our ability to close large transactions consistently on a quarterly basis; our ability to build and expand our direct sales efforts and reseller distribution channels; new product introductions and our ability to develop and deliver innovative products; risks associated with international operations; and our ability to provide high quality services and support offerings could cause actual results to differ materially from those contained in forward-looking statements. These factors are addressed in the earnings press release that we issued today under the section captioned forward-looking statements, and these and other important risks are described more fully in our reports filed with the Securities and Exchange Commission. We encourage all investors to read our SEC filings. These statements reflect our views only as of today and should not be relied upon as representing our views as of any subsequent date. Varonis expressly disclaims any application or undertaking to release publicly any updates or revisions to any forward-looking statements made herein. Additionally, a non-GAAP financial measure will be discussed on this conference call. A reconciliation to the most directly comparable GAAP financial measures is also available in our first quarter 2017 earnings press release, which can be found at www.varonis.com in the Investor Relations section. Also, please note that a webcast of today's call will be available on our website in the Investor Relations section. With that, let me turn the call over to our Chief Executive Officer, Yaki Faitelson. Yaki?

Thanks, Staci, and good afternoon, everyone. Q1 was a strong start for the year with license revenues increasing 38% to $19.2 million and total revenues increasing 33% year over year to $40.4 million, exceeding our projection. Growth in the first quarter was balanced. We saw solid contribution from both the U.S. and Europe and strength across new and existing customers. When we entered 2017, we were focused on building on strategic objectives, including increasing awareness and adoption of our solution, more effectively targeting companies with 1,000 or more employees who could spend more with us both in initial length as well as the extended opportunity and innovating to extend the value we delivered and extend our differentiation. During the first quarter, we successfully executing on all three of these priorities. We know that for companies big and small, managing and securing data is a big problem, and one that keeps getting bigger. We recently compiled our 2015 data risk report, which is an analysis of some of the recent risk assessment conducted by Varonis. Each year, Varonis conducts well over 1,000 risk assessments for customers and potential customers. These assessments provide insight into high risk area as well as provide recommendations on access remediation to reduce the risk profile. As you might expect, files and e-mails are most at risk and often breached because they are high value assets and usually vulnerable to misuse by insiders and outsiders that breach the perimeter. While organization focus on perimeter defenses and chasing threats, the data itself is left broadly accessible and unmonitored. 236.5 million folders containing 2.8 billion files compromising [comprising] almost 3.8 terabytes of data were analyzed, and our findings were astounding. 48.1 million folders were open to global access groups or groups that had access to the entire organization. 47%…

Thanks, Yaki, and good afternoon, everyone. It's a pleasure to be joining the call today as the CFO of Varonis. As many of you know, I've been with the company for almost six years, most recently as VP, Finance. I'd like to take the opportunity to thank Yaki, Gili and the Board of Directors for putting their trust in me, and I'm excited to be in my new role helping to lead Varonis to the next level. We plan to continue on our path to profitability while making the necessary investments to grow the business and leverage the model to its fullest. Moving on to the quarterly results. Total revenues for Q1 were $40.4 million, an increase of 33% year-over-year. Our results reflect demand from new and existing customers in both the U.S. as well as Europe. Those results were supported by our consistently high maintenance renewal rate, which again came in at over 90%. License revenues were $19.2 million. This represents a 38% increase from Q1 '16. Our maintenance and service revenues were $21.2 million, increasing 28% compared to Q1 '16. Looking at the business geographically, U.S. revenues increased 39% to $24.4 million or 16% of total revenue. EMEA revenues were 33% of total revenues, or $13.2 million, an increase of 26%. Rest of the world revenues increased to $2.7 million, which is 7% of our total revenue. For the first quarter, existing customer license and first year maintenance revenue contribution was 47%, up significantly from 37% in Q1 '16. We continue to focus on expanding our relationships with existing customers as well as increasing the number of new customers. During the quarter, we added 187 customers. We are pleased to see our new customers making larger initial commitments to us as we continue to focus on attracting companies…

[Operator Instructions] Our first question is coming from the line of Gur Talpaz with Stifel.

So Yaki, I wanted to ask about GDPR. You talked a lot about it on the call, but perhaps you could elaborate a bit and tell us how you're positioned here to take advantage of it. Now are you starting to see any sort of impact yet from GDPR? Or is it still a bit too early?

Gur, it's, revenue impact, it's a bit too early, but what's going on with GDPR, the way the regulation is really is structured, it's addressing data and the scope of the actual solution and the implication if you are not going to solve it. So this is not something that the organizations can negotiate. And the other thing that we see is that what it did, it brought a lot of insider threat and data-centric security discussion from the business to IT to the security people. And what we see, the way we are measuring the growth is that we just see many more C-level people talking to us, many more high-level conversations that's been initiated from a board of directors. And when they are looking at it, so much is related to the data, classifying the data, understanding who can access the data, restructuring the data, what they are doing wrong with the data and also if something is happening, very fast to know what happened. So virtually it's tailored for us. It always takes time. But what we learned is like with the overall adoption curve that we saw in North America, we just, it's hard to really understand when you'll see the breakthrough, but we just see that just the overall conversations with customer, we see who is showing up to our marketing events, we just see how seriously CISOs are taking us, how we're expanding with these organizations, how, it's never simple, but how simple in terms of -- to justify the price. And definitely, GDPR is another very strong driver.

All right, that's helpful. And then maybe Guy, one for you. If you look at the overall numbers, license growth, you have 38%. It really stood out. Is there anything specific that happened in the quarter that drove upside or just general strength that you saw across the board?

So, Gur, that we've been delivering on what we've been saying and we always believe in the business and we always say take a multi quarter view, and we believe that we can grow, and we just feel very good about the first quarter. We felt it was great momentum, and we're happy with the result.

That's great, thanks a lot and Congrats again.

Thank you. The next question is coming from the line of John DiFucci with Jefferies. Please proceed with your question.

This is Julian Serafini on for John DiFucci. So I guess one question I wanted to ask you guys is on the new customer additions, right, you talked about, I think, 187 customers being added, which is a little lower than in past quarters. Is that strictly a function of just like larger deal sizes and pursuing larger customers? I guess I'm hoping you can kind of elaborate on, I guess, maybe the sales pipeline or the deal size and kind of give some -- shed some light on that.

I think that there are really two main drivers to that. One, the company, because the market is slowly but surely coming to us, we just went up market. So most of the efforts of most of the reps is 1,000 plus. Even most of them are 2,000 plus organizations. And even our inside -- even our inside sales team that were selling to 50 users, 100 users, going up to 200 users, 300 users and 400 users, and this is one. The second thing was many customers in the last two years -- and we were selling a lot to operations before to CTOs. And now we sell much more to CISOs, to security people. So we went -- we have this tremendous asset for customer base, and we just find the CISOs, and we are selling to them. And this is how you see the expand -- how we expand within the customer base. So these are really the two drivers. And within these two -- within this situation, we believe that the 187 customers that we brought is a very good number for customers.

That makes sense. And I guess one question I wanted to ask, maybe it's for Guy. So you're forecasting it to be profitable on the operating income line this year, so how do you about that longer term? Are you planning to run the business and grow that profitability? Or are you planning to maybe just reinvest in the business? Like can you kind of shed some light on that balance and how you think about that?

Of course. So first of all, we haven't changed our philosophy, and we're always very conscious on growing market share, but also bringing some of it to the bottom line. We just raised the revenue guidance for the full year, and we also raised the operating margin for the full year. So we're very happy with that. And we're really doing what we've said we would do all the time. So we're going to invest some of it back in the business, but we're very conscious on the operating margins. We've shown leverage in model and plan to continue to show leverage as we go -- as we move forward.

The next question is coming from the line of Matt Hedberg with RBC Capital Markets. Please proceed with your question.

This is actually Matt Swanson on for Matt. If I could ask one more about GDPR here. Yaki, when you're having these conversations is there anything notable as far as customers versus existing? And are there certain product sets that you feel like are really going to be the beneficiaries of this?

Thanks. Both the customer base and new prospects, it's everybody. And it's all of our product suites. It's really everything, but all the DatAdvantage, DatAlert and the DCF and the Directory Services are just -- and DataPrivilege are just answering this regulation and making customer comply with all the requirements, so it's both. It's something that is the discussion in Europe, and really every multinational, GDPR is front and center.

That's great. And then, the company has been executing so well for several quarters now. Can you talk a little bit just about the sales force coverage ratios and how you're thinking around hiring?

No, it's the same philosophy. We did everything that we said. It's a massive market. We can sell to everybody, virtually to everybody. And once you have a customer, they are buying more and more. So the key now is that the sales motion becoming more predictable. What I mean by that is it is very high percentage to land a deal if you're doing an evaluation, bringing the right stakeholders to the room, show them doing a risk assessment, doing what we call a data review, show them all the problem. It's very hard for a senior executive to leave the room and say, I'm going to ignore the problem. So we just want to make sure that we are inching forward towards profitability. This is exactly what we are doing. And we have the right management in place and then we are, in a measured way, we are increasing capacity. We see how we become 0.5 billion in sales and our strategic goal is to be a $1 billion company. We believe that many high value products can stem from our Data Security Platform, and we are always executing on our plan and executing on our vision and trying to do exactly what we said we would do.

The next question is coming from the line of Melissa Gorham with Morgan Stanley. Please proceed with your question.

This is Joshua Baer on for Melissa. Europe performed very well. So outside of GDPR, could you talk about where you are in the maturation of that market and your progress in ramping European sales capacity that helped contribute in the quarter?

Yes. In Varonis, to really understand the progress and understand the momentum, you must take a multi quarter view. You can't measure this business on a quarter-by-quarter basis. If you look throughout our history, we always executed well in the European market, and this is what we are doing. We have a great market there. We have a good team in place, and also we are well diversified within the market. GDPR is just another driver. But overall we are doing very well, and we keep expanding. So we also added a very strong leader in Germany and ramping up the team there. We have a good team in France, very good team now in the UK It's just a big market and with another very strong driver in GDPR. And the same that we are doing in all the markets, we can sell to everybody. We put the right infrastructure in place and keep expanding.

The next question is coming from the line of Greg McDowell, JMP Securities. Please proceed with your question.

Yaki, I wanted to ask about the Automation Engine product and maybe if you could just help us compare and contrast how we should think about the Automation Engine product cycle versus the DatAlert product cycle. Because I think, at the time, we didn't know DatAlert was going to become such a resounding success, and you've talked about the way it's a grown deal sizes and quote sizes and such. So I was wondering if you could just help us think through Automation Engine, how a customer would typically buy that product. Can they buy it stand-alone? Does it have to be part of DatAdvantage, maybe just a little more color would be helpful, thank you very much.

So the automation suite is we are really running the same playbook that we did with DatAlert. And when you look at those value proposition, there are two main legs. One leg is security analytics, what we are doing with DatAlert that is based on auditing, and the other leg is the remediation. So as you recall, everybody that bought DatAdvantage really bought it primarily to do remediation of access control. So in almost every organization we installed the product, well over 70% of the data people can access is not relevant for them. So with DatAdvantage, you can remediate it. And what happened really is that you have enormous productivity gains with DatAdvantage and really in most organizations 1,000 plus, maybe it's the only way that you can do it, there is still manual effort. So in order to get the value, organizations really needed to allocate resources, sometimes a professional service center. And what we did with the Automation Engine, you're coming in without any human intervention. You can take tremendous amounts of data sets, say what is the desired configuration and remove all the global groups. And workers' access control is -- usually this is the lion's share of the problem. This is tremendous. Think about it. And with DatAlert, what happened is we have these threshold alerts and we saw the customer needs more, much more sophistication. This is the same thing that we saw with remediation. So it's -- we see that on paper, it's a fit to every customer and every prospect. Now it always take a year between we really know what is the adoption and sales force know how to sell it. But in terms of the overall story and in terms of how we believe that we designed the product, developed it and configured it, it can be a game changer to all the problem of remediating global access groups and fix broken access control in some file systems.

Great. And one quick follow-up. You announced -- or you mentioned that partnership with NetApp. And I was just wondering if you could talk through -- we all know that you have a very strong reseller channel, but we don't as often talk about the opportunity for expanding your technology partnerships. And NetApp seems like a good example of that. Could you maybe talk through the evolution of how this partnership came together and maybe what's on the table for future technology partnerships?

Yes. So throughout the years -- obviously, Rod and I came from NetApp, and we know them very well. Tom Mendoza, their Vice Chairman, is on our board. And we've always monitored a lot of data, a lot of the world's most critical and massive amount of unstructured data is on NetApp data system. And what we saw is that with ransomware and everything is this insider threat in the last year and half is becoming this top priority, and we have a lot of -- we met with a lot of the NetApp sales team and a lot of these CIOs and CISOs asking the storage vendors to provide security to the data systems. Then we start to work very closely with them and it's a spiff, so their salespeople are going to get paid on it. We are doing a lot of mutual marketing with a lot of commitment from their senior executive team, a lot of obviously commitment from our end, and we believe that they have a very compelling data fabric solution and vision, and we can be the security leg of the story and much more, really add a lot of value to the customer. So I just think that what happened is that their customers are starting to ask for this kind of solution, and we know them. And we just started to talk, it started to work, and we are building nice pipeline.

The next question is coming from the line of Srini Nandury with Summit Redstone Partners.

Yaki, again, on the question of GDPR, if I may. The GDPR is still 1 year away, and how do you see the business evolve over next few quarters going into 2018? And more importantly, are you planning to add resources in the geo to take advantage of this regulation? I have a follow-up, please.

It's not going to affect anything else regarding the business. What we are doing is within our just classification product and other products, we really want to make sure that we are hitting the nail on the head just with the product to things that are specific to GDPR. But the overall thing is really insider threat and data protection and malware detection and all of these things. GDPR is just another leg. But what GDPR is doing, it's just bringing the business, more awareness to the business people and more understanding of the consequences. You see what happens with, not with GDPR. And everything today that's related to cybersecurity. If you look at a massive data breach, usually there are very bad implications. And organizations are, they are all over the world are trying to [a body]. GDPR is another driver. Think about it, it's, for Varonis, it's like the ultimate marketing campaign.

But is a GDPR only for the Continental Europe? Or is it also for U.K.? Because now with the Brexit, is there any implication to U.K. itself because U.K. is your, one of your largest territories there?

This is David Gibson. That's a great question. One of the things about GDPR is it's got an extraterritoriality principle. Any organization that does business in Europe and pulls EU consumer data is subject to GDPR. So we are seeing people ask about it worldwide. I think it's really top of mind. People are starting, people ask, where do we start? How do we make sense? It's a big regulation, 99 articles, I think. And like Yaki said, it's really tailor-made for us, and they start asking the right questions.

[Operator Instructions] Our next question is coming from the line of Michael Kim with Imperial Capital.

Just going back to new customer additions, you've talked quite a bit about targeting customers with more than 1,000 employees. Could you expand on the ramp of POC activity and typically how long these POCs run, considering your time to value? And then, if your, if the conversion to POs are in line with expectations or better than your expectations.

I think that everything is according to expectations. What is really happening with the way that the market is coming to us is the probability to close a deal. And there is always pain involved in any closing deal in the enterprise space, but the products really brings a lot of value and the customer realize that they bring a lot of value, and there is a lot of values there. If you're positioning it right and you explain, it's really hitting on a lot of strategic initiatives for both, for security things, for operations things. And this is exactly what we are doing. We are doing these POCs, and we have good chances to convert a lot of them. And once we are in, as you see, we can then expand customers, are budgeting for it. And it just works very well. We are doing what we are with it. We are just doing it in a more favorable environment.

And are these typically multi product or single product POCs?

POCs usually are a multi product. Sometimes they're buying 1 product and they are budgeting for additional product for the next year. But a lot of our -- also for initial deals are multi product deals. Thankfully, we have many licenses to sell.

And just to add on that, the number of customers that have two or more product families went up from 45% last year to 49% this year. So the trend is positive.

And just on ASP, I'm not sure if you mentioned earlier, but how did that track in the quarter? And any color around ASPs?

So we provide ASP information on an annual basis. But what we're focused more is the customer lifetime value. And what we see that the targeting the larger customers is actually helping us get more dollars from those customers. We just do it in a measured way. It's part of our model, and it's working very well for us.

Our next question is coming from the line of Yun Kim with Benchmark. Please proceed with your question.

Yaki, we saw a solid execution out of Europe in the quarter. Can you just talk about how much of your business in Europe today is driven by insider threat prevention led deals or DatAlert type of deals versus the U.S.? And I am assuming that mix towards that DatAlert type of deals will increase in the second half of the year, as the implementation deadline for GDPR gets closer. Is that what you're expecting? And also, in terms of the typical deal size for GDPR driven deals, are they meaningfully higher, given that you have to address multiple platforms and require multiple product implementation?

Well, thanks for the question. Internal GDPR, as I said, it's still early to say how it's directly driving revenues. But it just drives a lot of awareness. It's always insider threat. And insider threat and a lot of malware detection. What we're starting to see in Europe is what we saw 1.5 years ago in the U.S., that it's a top priority. People really understand that the data needs to be protected and they assess what we should do in order to be protected. You could spend so much money on security and get nothing back. And the thing Varonis is -- Varonis is benefiting a lot from a very thoughtful purchasing process. If you look at many products and you decide what you need to do and where you need to place your guard and how to look at your information in order to be effective. So I can't tell you that it will be the same adoption curve and market trend as in the U.S. But we definitely see the same signs and the same trends we saw in North America 1.5 years ago.

Okay, great. And then, DatAlert obviously has been a tremendous success for you guys. You recently introduced Data Security Platform. Can we expect new product releases that leverage your recent success in the insider threat prevention and DatAlert, and also leverage your newly introduced Data Security Platform? I know you just introduced the Automation Engine. Is that part of that line and thinking? And then also, are you targeting that new product release Automation Engine specifically to existing customers? Or do you expect that product to drive new customers like DatAlert is doing right now?

We believe that a lot of high-value products can stem from our Data Security Platform. We see that data, on-prem and in the cloud and all over, it's a huge opportunity for us. And we are innovators. Look what we are doing, how we build this and what we are doing, so our plan is really to capitalize on the opportunity, and real innovation to add a lot of value to our customers and potential customers.

Okay. And finally, Guy, just a real quick housecleaning question. What should we expect in terms of CapEx spending for the year? Do you expect the CapEx spending to be up just a little bit? Or is there any big event that you're expecting this year?

So in terms of CapEx, we expect it to be several million dollars over our spend in 2016. We have some leasehold improvements in some of the offices, but not significantly.

We have reached the end of our question-and-answer session. I would now like to pass the floor back to Mr. Faitelson for any additional or concluding comments.

Before we end the call, I would like to thank all our employees for their contribution to our success this past year and all of our customers and partners for their continued support. Thank you for joining us today, and look forward to speaking with you again soon.

Ladies and gentlemen, this does conclude today's teleconference. Again we thank you for your participation, and you may disconnect your lines at this time.