Varonis Systems, Inc. (VRNS) Q1 2018 Earnings Report, Transcript and Summary

Greetings and welcome to the Varonis' First Quarter 2018 Conference Call. At this time, all participants are in a listen-only mode. A question-and-answer session will follow the formal presentation. [Operator Instructions] As a reminder, this conference is being recorded. I would now like to turn the conference over to your host, Yun Kim, Investor Relations.

Thank you, operator. Good afternoon, thank you for joining us today to review Varonis' first quarter 2018 financial results. With me on the call today are Yaki Faitelson, Chief Executive Officer; and Guy Melamed, Chief Financial Officer and Chief Operating Officer. After preliminary remarks, we will open up the call to a question-and-answer session. During this call, we may make statements related to our business that would be considered forward-looking statements under Federal Securities Laws, including projections of future operating results for our second quarter and fiscal year ending December 31, 2018. Actual results may differ materially from those set forth in such statements. Important factors such as risks associated with the anticipated growth in our addressable market; competitive factors, including increased sales cycle time; changes in the competitive environment, pricing changes and increased competition; the risk that we may not be able to attract or retain employees, including sales personnel and engineers; general economic and industry conditions, including expenditure trends for data and cybersecurity solutions; risk associated with the closing of large transactions, including our ability to close large transactions consistently on a quarterly basis; our ability to build and expand our direct sales efforts and reseller distribution channels; new product introductions and our ability to develop and deliver innovative products; risks associated with international operations; and our ability to provide high quality services and support offerings could cause actual results to differ materially from those contained in forward-looking statements. These factors are addressed in the earnings press release that we issued today under the section captioned forward-looking statements, and these and other important risk factors are described more fully in our reports filed with the Securities and Exchange Commission. We encourage all investors to read our SEC filings. These statements reflect our views only as of today and should not be relied upon as representing our views as of any subsequent date. Varonis' expressly disclaims any application or undertaking to release publicly any updates or revisions to any forward-looking statements made herein. Additionally, non-GAAP financial measures will be discussed on this conference call. A reconciliation for the most directly comparable GAAP financial measures is also available in our first quarter 2018 earnings press release, which can be found at www.varonis.com in the Investor Relations section. Also, please note that a webcast of today's call will be available on our website in the Investor Relations section. With that, I'd like to turn the call over to our Chief Executive Officer, Yaki Faitelson. Yaki?

Thank you and good afternoon, everyone. Q1 was a very strong start to 2017 with license revenues increasing 39% year-over-year. Total revenues for the first quarter were $53.5 million, an increase of 35% year-over-year, strong across both North America and Europe. We continue to add meaningful number of new customers and sell more existing ones. We provided solution for company-wide problem for delegating board level attention reducing risk, prevented compliance. Our results for the quarter reinforce that the steps we are taking to build a durable company with growth and scale are working. Now for a decade ago, Varonis' recognized that enterprise capacity to create and share data far exceeded it's capacity to protect it. We believe those advanced movement of information from analog to digital mediums combined with increasing information dependence, we changed both, the global economy and the risk profile of corporations and government. Since then, our focus has been on using innovation to address the cyber implications of this movement taking software to track and protect data wherever it is stored. We offer our customers an industry-leading platform that is built to protect the world's most valuable and most vulnerable data from both, internal and external threat. Our platforms eliminate repetitive manual clean-up projects and automates manual protection of teams; so it brings security and cost savings together providing under-staff security in IT departments with the solution they need. As data continue to grow on premises and in the cloud, the complexity of data protection increases combined with new relationship, the C-suite and Board of Directors realize that they must implement the strategy to manage and protect their data and are looking for partners that can solve evolving needs with our focus on innovation including our enhancements to data alone and our data security platform and more recent addition such as GDPR partner, automation engine in Varonis' stage, we are more and more becoming a partner of choice. Our operational journey detector event [ph] sustain is really a journey of value for our customers. By deploying and using our products, they unleashed the potential to be more secure, more efficient and more productive. When we are talking risk reduction preventing breaches or compliance user relation of GDPR, our operational journey provide context, the health of customers think about our business and our data protection efforts more realistically and guide our expense strategy. We rated 183 new customers in Q1 and 49% of our license in first year maintenance came from existing customers, up from 46% in the year ago period. 70% of our customers now have two or more product families compared with 66% in the year ago period and 37% of customers now have three or more product families, up from 31% a year ago. Once our customers started their journey and begin using our products, they usually realize that they need to use them more. We are training our sales team to use operational journey to better identify new opportunities and increase product usage; find and strength ties with new stakeholders and build stronger relationship with customers. We believe that operational journey give us an advantage as data protection and compliance projects like GPR come together and is leading to both border initial deployments and extension of existing deployment. For example; during Q1, a new customer and global retailer knew he needed to protect five system to prepare for GDPR. Varonis did a risk assessment on their U.S. and EU data stores was an eye-opening, and covering new citizen data in payment covering formation in folders [ph] operating to everyone in the organization. After reviewing the risk report, the customers IT security, legal and auditing teams were convinced they needed Varonis. They purchased DatAdvantage for Windows, DatAlert, DatJustification Engine for Windows and SharePoint and GDPR Patterns to find GDPR and other sensitive data. Somebody talked to omission [ph] in a layout to suspicious user activity. With are consultants in other companies could have best provide one-time studied snapshot of the file share [ph], Varonis make it possible for companies to take continuous action. As we have said consistently, while GDPR helps with awareness and present opportunity that we believe we are well positioned to capture, we don't lean on compliance alone and we focus on both, value that comes with adapting our comprehensive data security platform through these risk and breaches and all simplified compliance. In Q1, we continue to see more senior level executives realize they have to take ownership and control of their data. Too many organizations have over-exposed in unprotected files and emails on corporate networks worldwide; this is something security and IT have known for a long time and now we see the tight journey; more executives are now paying attention when they see how exposed they are through the Varonis risk assessment. In our recent publish Varonis data security report, we have build that on average 21% of an organization folder were accessible every employee and 41% of companies had at least 1,000 sensitive files open to all employees in the organization; those included unmanaged stale [ph] and sensitive data regulated by SOCS, HEPA, PCI [ph], GDPR and other standards and users responsible that never expire. The Varonis data risk report puts font [ph] in center while companies are being breached. With data related regulation now being enacted while both need to be very concerned and why we believe our solutions are so critical to solving these problems. To give you an idea, the magnitude of the problem, our risk report reveal that 58% of companies have over 100,000 folders open to every employee in the organization when they should have barely handful; almost all of them need to be fixed. Think about what it means from a risk perspective, and now think about what it means that fixing a single folder without breaking everything can take 6 to 8 hours if you try to fix it without Varonis. Please expect why demand is so strong to -- for our automation engine. The automating engine was built to fix these folders automatically, projects that would have taken months and quarters are now being completed in days or weeks. Executives are now beginning to understand that our solution has significantly decreased the likelihood of the breach and dramatically reduced the scope of potential damage. The automation engine induction was very strong again this quarter and is key differentiator for us. As an example, how compliance and risk reduction come together a global corporate law firm understood the impact of GDPR deadline could have on their organization. In Q1, they contacted Varonis for a data risk assessment to get an insight into sensitive data on their file servers and prepare for GDPR. During the data review we walked them through our potential journey explaining how it will help to reduce risk and simplify compliance at the same time. Varonis identify GDPR data residing under network and folders open to every employee. The firm estimated that it would take 200 days to fix these folders manually, the automation engine fixed them in five days. In addition, to purchasing the automation engine, the firm now went on file activity and user behavior with data advantage and gaining visibility into those sensitive files with data classification engine and GDPR pattern. In addition to compliance, data breach is a risk reduction; we have also been talking about the cloud and now we believe that we are especially well positioned to address challenges in high growth environments. Here is an example; in Q1 an employee in a large U.S. energy firm fell for efficient attack compromising dozens of Office 365 accounts. A target was then configured accounts sold, so user email would forward to an unknown outside others after struggling to understand the scope and impact of this attack with native auditing tools in Office 365 and customers [indiscernible], the company called Varonis. Varonis installed an advantage for share point in one drive and successfully removed this threat within two hours. They were already using DatAdvantage, DatAlert, Data Classification Engine and DataPrivilege for their on premise data stores and have now added support for the Office 365 environment. They are now equipped to track future incident and keep their data safer, both on premise and in the cloud. This quarter, we again saw accelerated adoption of our Office 365 solution preventing data breaches in cloud and on-premises data stores continue to be a major, major concern. And we see no slowdown in damaging high profile cyber-attacks; these attacks continue to enforce awareness and continue to make DatAlert very important part of our portfolio. Recently, a customer analyzed a brute force attack when DatAlert detected hundreds of accounts being locked out. During investigation we were able to familiarize them with some of our sophisticated features like how they could analyze past events with our behavior based threat model and this led an upsell opportunity. When customers operationalize DatAlert, we see how quickly it strengthens our relationship and improve our ability to sell additional products like Varonis Edge. Varonis Edge is our newest addition which enables enterprises to collate events and alerts from DatAlert to talk potential data leak and spot vulnerabilities at the point of entry. We are excited about our recent data security platform upgrades and features. Our result this quarter reinforced our belief and our strategy is working with. Our technology provides the platform to help prevent data breaches, reduce risk and achieve compliance; and our operational journey show our customer how to use our technology to it's fullest extent, help to focus on innovation, enable us to solve more of our customer data security needs and strengthen our relationship with them. This has driven our line and expense strategy and provides us a pass for a doable scalable goals over the long-term. I remain confident we have the strategy and team to build a $1 billion revenue business. With that, I will turn the call over to Guy. Guy?

Thank you, Yaki. Before I begin, I would like to remind you that our Q1 results are in accordance with the new 606 accounting standard which we adopted according to the full retrospective method. Total revenues for the first quarter were $53.5 million, an increase of 35% year-over-year and 32% on a constant currency basis, and above our guidance. License revenues were $25.1 million, this represents a 39% increase from the first quarter of 2017 and 32% on a constant currency basis. Our maintenance and services revenues were $28.5 million, increasing 32% on both a reported and constant currency basis compared to the first quarter of 2017. These results reflect our consistently high maintenance renewal rates that were once again above 90%. Looking at the business geographically, we continue to see strong growth. North America revenues increased 24% to $31.6 million or 59% of total revenues. EMEA revenues came in at 38% of total revenues or $20.3 million, an increase of 60%. Rest of the world revenues represent 3% of total revenues or $1.6 million. For the first quarter, existing customer license and first year maintenance revenue contribution was 49%, up from 46% in the first quarter of 2017. During the quarter, we added 183 new customers. While similar in number to Q1 '17 new customer addition, these new customers made larger initial commitments and with our focus on the customer journey, we believe those are meaningful opportunity for them to extend with us overtime. This is in line with our strategy to target companies with 1,000 or more employees while at the same time increasing revenues from our existing customer base. We ended the first quarter with approximately 6,000 customers which excludes roughly 400 DatAnywhere-only customers. To remind you, as of February 2018 in order to focus our resources on our data security portfolio, we no longer sell DatAnywhere to new customers and we do not expect renewals or sales of the product to our existing customers. I would also like to note that DatAnywhere revenue contribution was minimal in previous year's results. In addition, as discussed in our last earnings call, beginning in 2018 DatAlert and Varonis Edge became a new product family. The attached rates and customer accounts as of March 31, 2018 and 2017 reflect these changes. As of March 31, 2018, 70% of our customers had purchased two or more product families, up from 66% as of March 31, 2017. 37% of our customers had purchased three or more product families compared with 31% in Q1 of 2017. These trends validate Yaki's description of our customer's behavior. Once they start their journey with Varonis and begin using our products, they typically realize how valuable our products are to them which drives our land and expense strategy. This also supports our R&D investment strategy as we extend our capabilities to help our customers reduce risk, prevent breaches and comply with regulation. Before moving on to the profit and loss items, I would like to point out that I'll be discussing non-GAAP results going forward unless otherwise stated which for the first quarter of 2018 excludes a total of $6.9 million in stock based compensation expense and $1.9 million of payroll tax expense related to stock based compensation. We report non-GAAP results in addition to and now as a substitute for financial measures calculated in accordance with GAAP. Please note, that a detailed GAAP to non-GAAP reconciliation can be found in the tables of our press release which is available on our website. Gross profit for the first quarter was $47.7 million, representing a gross margin of 89%, in line with our gross margin in first quarter of 2017. Turning to operating expenses; in line with our strategy, we increased our investments in our go-to-market initiative to drive our global growth and support our customer's journey of value. We also increased investments in R&D to continually improve our products, enabling our customers to be more secure, more efficient and more productive. Operating expenses totaled $54.4 million in the first quarter compared to $42.3 million in the first quarter of 2017. As a result, our operating loss was $6.7 million or an operating margin of negative 12.5% for the first quarter, an improvement compared to our operating loss of $7.1 million or an operating margin or negative 18% in the same period last year. During the quarter, we had financial income of $978,000 compared to $469,000 in the first quarter of 2017, primarily due to foreign exchange gains in each of the period. As you know, foreign exchange gains and losses can fluctuate; our guidance does not consider any additional potential impact to financial and other income and expense associated with foreign exchange gains or losses as we do not estimate movement in foreign currency rates. Our net loss was $6.3 million for the first quarter of 2018 or a loss of $0.22 per basic and diluted share, an improvement compared to our net loss of $6.9 million or a loss of $0.25 per basic and diluted share for the first quarter of 2017. This is based on 28.4 million and 27 million basic and diluted shares outstanding for Q1 '18 and Q1 '17 respectively. If we look at the balance sheet, we ended the quarter with approximately $153.7 million in cash, cash equivalents and short-term investments. During the quarter, we generated positive operating cash flow of $17.4 million compared with $8.3 million in Q1 '17. This year-over-year improvement is keeping with our strategy to scale our business, delivering increasing levels of cash flow from operation. We ended the quarter with 1,318 employees, a 15% increase from 1,148 at the end of the first quarter of 2017. From the previous quarter this is an addition of 67 people. We continue to increase our headcount to grow the business and realize productivity improvements as we scale. Moving to guidance; for the second quarter of 2018 we expect total revenues of $61.5 million to $62.5 million representing year-over-year growth of approximately 24% to 26%. We expect our non-GAAP operating loss to range between $1.5 million and $0.5 million and non-GAAP loss per basic and diluted share of $0.07 to $0.04. This assumes the tax provision of $500,000 to $700,000 and 28.8 million basic and diluted shares outstanding. For the full year 2018, we are raising both our revenue and profit guidance. We now expect total revenues in the range of $264 million to $268.5 million representing year-over-year growth of approximately 23% to 25%. We now expect our non-GAAP operating income to be in the range of $2 million to $4.5 million and non-GAAP income per diluted share to range between $0.01 and $0.07. This assumes a tax provision of $2.7 million to $3.2 million and 32.3 diluted shares outstanding. In closing, this was a strong quarter for growth [ph]. We are executing well on our growth strategy, making progress towards our 2018 goal of delivering solid profits and improving cash flow from operations. Our investments in innovation is proving itself as we further extend our competitive differentiation and increase the attached rate across our customer base. We are well positioned to deliver a solid 2018. With that, we would be happy to take questions you have. Operator?

[Operator Instructions] Our first question comes from John [ph], Jefferies. Please proceed with your question.

I have two questions. The first one, it sounds like -- listen, you've hesitated to say GDPR was going -- I mean, it's going to be a benefit but not the only driver here and we understand that but the strength in Europe looks really strong here. The question I have though isn't about that, it's more about U.S. government. It seems like that could also be just a significant customer, especially for what you're providing here. Can you talk a little bit about that? Have you focused on U.S. federal government at all as a potential customer? And are there any certifications you need to become a trusted government vendor?

Yes, we're definitely investing in the federal market, we have a strong leadership and very strong team and we feel that this business can perform very well for us and just also get to a significant scale with time. But in general, I think the same is really what is happening in the world. In an economy and a society that is completely digital and what it means that you have a data breach that you can't protect the data, and I think what GDPR lead primarily, it just provided a very comprehensive framework how to think about governance and how to think about cybersecurity and how to think about dealing with personal and critical information. And everybody understand in order to benefit from the tremendous productivity gains and the progress that these technologies are bringing, we need to get control over the data, if not, the downside will be huge. And I -- and we all strongly believe that Varonis is going to be a critical component to make sure you can realize all the benefits with very little risk. So it's just becoming much more relevant to the discussion and when you look at overall, you're looking at your assets and where damage can happen, we are protecting the most critical information with the largest volumes that is the most vulnerable.

So the supplies across anywhere, doesn't matter; the government, Europe, U.S., anywhere. I just have a quick question for Guy; and Guy, I think you said that you're not going to take any renewals of DatAnywhere and I know you said something right after that, that -- I'm not sure of your exact words but it wasn't material. But can you give us any more detail on that just because it would be kind of like a little bit of a headwind or was it less than $5 million in revenue that you're not going to take renewals on or approximately how much was it or less than $3 million, less than $10 million, something like that?

Yes. So as part of the 10-K we actually put some color there. There was approximately 400 DN customers -- standalone DN customers that were not including. The revenue coming from DN wasn't material, much less than that and from -- when we look at the reason, it's really not strategic for a data security platform, we're not expecting any renewals, we're not expecting any upsells from DatAnywhere and that's kind of the reason we're excluding those customers.

Okay. And then you say much less than that; I'm sorry, I threw out a bunch of numbers, the lowest number I threw out was $3 million, it's much less than that?

It's less than $1 million, the expectation for 2018 is less than $1 million.

Our next question comes from Matt Hedberg, RBC Capital Markets. Please proceed with your question. Our next question comes from Rakesh Kabir, Barclays. Please proceed with your question.

Maybe first for you Guy; can you just talk a little bit about the seasonality of deferred revenue a little bit? I think we've all sort of seen it down usually from the fourth quarter to the first quarter but it was down just a little bit more than what we've seen, so can you just talk about some of the moving parts in that line on the FX and maybe DatAnywhere could have played a role but can you just kind of walk us through maybe how that line have been flown this quarter and what's in the moving parts there?

Absolutely. So as you know, Q4 is usually the largest dollar value selling quarter for the year which -- and Q1 is usually the quarter with the most collection which is part of the reason we have such great cash flow from operations in Q1. The deferred revenue wasn't impacted by DatAnywhere but it's been pretty consistent and fluctuates from quarter-to-quarter but there wasn't anything material there and we're happy with the numbers.

And then maybe for you Yaki, a little bit higher level; can you just talk a little bit about automation engine versus some of the other products that Varonis has kind of introduced in terms of ramp? You've talked about it as being a differentiator, of course, it's still relatively early but perhaps qualitatively, how do you think about the success of automation engine versus your other new products at sort of this stage of their lifecycle if that makes sense?

So far the signs are very positive from just every KPI, the volume, the overall revenues but primarily from the value that customers get. So today if you think about excessive access control on file system, this was -- this is the problem, this is the main problem for a lot of the malware and insider [ph] file. The first thing that people are doing, they are going to file shares and try take data that is not there. The easiest way for a malware is to go network share and try to steal data. We are going to organizations show them that at many times thousands and thousands of critical files are open to everybody in the organization, you need to remember that access control is a business process, people need to access the data. And if you're going to break it in a way that it's not sensible you will break business processes and you will have productivity. So it's just to come in to show you all the exposure and then in a fraction of the time it took free data advantage and I'm not talking without it it's virtually impossible you reduce the risk without any additional spend. So this is really the ultimate example of risk reduction and savings and it works just extremely well for us. So access control -- excessive access control remediation is in the call for security program and the ability to find clerical data and excessive access just make sure that only the right people can access it without breaking any processes is just a tremendous value proposition. So from every angle in terms of the overall value, the way that is talking on data advantage and the net impact on the revenues it's working very well.

Our next question comes from Matt Hedberg, RBC Capital Markets. Please proceed with your question.

Yaki, you guys are having success with larger customers, higher seed count Guy mentioned in his prepared remarks. I'm curious, can you talk about what's driving some of them on my term and when you get into some of these larger customers, do any of them ask for ELA type contracts?

It's very important with the company, because of the stock that are sales motion becoming more strategic and simpler and more and more budget we can have more targeted approach and we are really focusing on 1,000 plus employees. But one of the things that happen in terms of customer lifetime value and many times initial sell, we're selling in thousand plus to the same customer we installed it before but we sell them more and all the time they have much better in more predictable customer lifetime value, we still haven't done any ELAs, customers are talking to us about it but there is a lot of value and more and more customers need a lot of the product that we have in terms of content, I mean product content that is so much that we can offer. So with time we'll find it can consume overtime more value in a predictable way but just again, we are focusing on thousand plus and selling initial deals and overall, customer lifetime value just bigger because we have more products and we have products that deliver immediate time to value and customers really understanding very well the journey of value. They want to make sure that they have all the pillars are the building blocks and we have this multi-year relationship with our customer and we make sure that they can protect their data and consequently improve the overall security posture.

And then quick one for Guy, it sounds like you guys are now breaking out data alert and Varonis Edge is a separate product. I'm wondering if you could give us the attach rate of DatAlert in your base?

Absolutely, the attach rate for DatAlert in Q1 '18 was 48.1% and that's versus 42.4% in Q1 '17.

I assume Varonis Edge is a lot less than that; it was just launched though?

We provided as a product family, obviously the Edge is very initial, so this is -- as a DL product family is mostly DL currently.

Our next question comes from Gur Talpaz, Stifel Nicolaus. Please proceed with your question.

I'm going to ask about EMEA, I mean growth here was stellar at 60% and Yaki, I know you want us to look at things on a multi-quarter basis but still the number itself is impressive. In the past, you've talked about using GDPR as a way in the door inside of customers, inside EMEA; is that still the case today? And can you talk about the selling motion into European customers? Thank you.

The selling motion into European customers and customers that you think the U.S. are the same, people are just -- people understand the implications of not protecting data. Without a doubt what happened with GDPR, you know, you can think about it like the ultimate marketing problem for Varonis on steroids; it provided a framework for board and management to think about data security, compliance and cybersecurity and to sit and really say what are the assets, what are the problems and the other thing that is happening in security which is phenomenal for us and it was -- we tried to illustrate it in the customer examples is that we are in a place that we need to prove quality; you can have a list, you need to derive the list, you need to catch bad things when they happen; you need to remove excessive access control without breaking business process, you need to classify data without false positives; and everything works very well for us. So we clearly elevated, also GDPR elevated in many multi-national in North America the overall discussion but what you see and also what you see what's happened with Facebook, these things are happening and everybody are looking at each and saying we need to act, we need to understand what is going on. And when you have a software process about where are your assets, how to protect them and where you need to allocate your capital and what processes the organization can digest in order to be protected on premise in the cloud, these overall discussion benefit Varonis tremendously and this is what you see.

And then, in the prepared remarks you talked a bit more about the cloud and deploying Office 365 and OneDrive in cloud environments, more or so the night than you talked about in prior quarters. Can you talk about what you're seeing now as far as your deployments in cloud based environments and hybrid cloud environments? And there is something you know fundamentally shifted quarter-on-quarter, that's pushing you into more of these deployments now?

The customers are pushing us. So what we see it's very interesting is that we see more data in the cloud, interestingly enough we don't see file servers, full file servers going to the cloud; we see the SharePoint online and definitely a lot of exchange and on the act with -- in one drive there are many, many incidents. We see sometimes more incidents than on prime, it's another big platform, you have a lot of data, customers understand they need a single pane of glass and they need to be protected. And our support for Office 365 and as you know, we're just getting tremendous momentum; we're very happy but it's primarily for market conditions, this is becoming another platform with critical mass of data, very how to manage permissions, you need very effective alerting, the data is all over the place, this whole situation is extremely beneficial for Varonis.

Our next question comes from Alex Henderson, Needham & Company. Please proceed with your question.

So you guys were pretty busy on the new product development front, not just started RSA but prior to that with the extensions to DatAdvantage, the GL allocations, GDPR stuff and the automation engine enhancements. Can you talk about how your -- what response you had to those and how you're pricing those? I know that you've historically been sort of underpriced to the value of your product and have had a bias to upward trajectory in pricing an ASP as you've added additional feature functionality; is that the case here?

Last year we were very busy and automation engine is doing very well, all the enhancements with 365 -- everything that we did with GDPR end classification and the new features going very well, Edge is still early stages and from the data we have very good momentum. We feel that we price it in the right way and it's just adding a lot of value and with all the products that we have; customers -- something that customers can consume effectively and it's priced correctly. If we see that it's not priced correctly, we can always increase prices and it's something that we have done in the past but we believe that we executed very well and our systems is security analytics remediation and management and classification; and we were able to increase materially the value we bring to our customers in each area for innovation.

You talked little bit about larger deal sizes, didn't really quantify but indicating that you're seeing solidly larger deal sizes; usually when that happens that also results in some extension of the time to close transactions, can you talk a little bit about that trade-off; are you seeing any extension of the time it takes to close deals or is the deal time staying the same as the deal sizes are going up?

So far, so -- primarily we're talking about customers, I understand value, we are not talking about ASPs. What is happening is that we're selling to customers with the same price, if you look at our business that is thousand plus which is focusing on it, the sales cycles are the same because in terms of the complexity of getting deals and consensus and getting to the champions it stayed the same, it's still -- it's always involved some challenges and pains because this is how enterprise software works but it's just -- it stay the same and also with time we see more and more budgets that are earmarked towards the problem that we solve like inside of freight [ph] and compliance and all of these stuffs, malware protection and it's still not earmarked towards just the bucket like a firewall or a storage element or something of this nature but definitely there are budgets. So I think in this condition, even they buy more upfront it's -- the market conditions help us to justify relatively in the same sales cycle that we experienced before.

One last technical question; the share count -- if you had been profitable in the quarter, what would then the fully diluted share account number as opposed to the basic and fully diluted be in the same as a result of the fact you had a loss?

So the share count, we provided actually for the guidance for the full year because we are expecting to be operating margin for the year. But that would be -- the share count is about $32.3 million on a fully diluted basis for the full year.

[Operator Instructions] Our next question comes from Melissa Franchi, Morgan Stanley. Please proceed with your question.

Yaki, I'm wondering if you can maybe just comment on how you're feeling about sales capacity right now, particularly in EMEA and do you feel like you need to make significantly more incremental investments in that region to fully take advantage of GDPR? If you can just give us a sense of growth in the number of sales head, either quantitatively or qualitatively that would be helpful.

We are operating in a -- just a massive market, we virtually can sell to everyone so obviously to fulfill out potential when it sells capacity, we're constantly adding seller and sales engineers and customer success people; we're just doing it in the right way. We want to make sure that there is management in place and we can enable them and they get the right support and we slice and dice territories in the right way; so we're just balancing it. After our IPO we go aggressively and we said, we needed to get to a certain capacity and after that we can do it in a more measured way and this is what we are doing now. So we make sure that people that we are bringing onboard, they will have all the chances and all the support to be very successful, and big part of this strategy is to add self-capacity, we're just going to -- we're just doing it in a measured responsible way.

And just one follow-up for Guy; just looking at the operating income guidance for the full year, Q1 you saw a big deal [ph] in operating income but the full year guidance is about as much as the Q1 need, so I'm just wondering if you could maybe talk about where you're hoping to kind of put that reinvestment into the business for the rest of the year?

Sure. So this is very consistent with what we discussed last quarter. And as you remember, we discussed on our R&D investments; so part of beats in Q1, we -- when we look at the guidance for the year, we're planning to put some of it back in the business because we see the great opportunity that we have ahead of us. But when you look at on a non-GAAP basis and if you exclude the FX headwind that we discussed last quarter, we still plan to show leverage on the operating margin compared to 2017; so we're continuing with the same philosophy.

Our next question comes from Shaul Eyal, Oppenheimer. Please proceed with your question.

Guy, I want to start actually with you; so I think drives fully no better than I do, in a recent ruling bodies really authorities have an implications in regards to the deductibility of stock based compensation; I think it implies for foreign companies where there is really R&D that figure. So how are you thinking about it? Are you anticipating any one-time future charges down the road and all [indiscernible], that happens Thursday? What's the view here?

So we've reviewed and studied the court ruling and we believe we have sufficient provision to address the court ruling.

And my second question; Yaki, existing customers as well as new customers seem to be pushing you towards the positive directions. Are you seeing in that context any of your resellers, distributors, do you have no access to historically revisiting their Varonis relations and your opportunities to expand in the various regions you operate with new distribution channel?

We definitely see that much more attention, we are starting to reach scale, we are very relevant to the cloud, as you know, there is a lot of pressure on infrastructure valve; so we see a lot of attention. We build very good robust distribution, a partner distribution throughout the years but we just can do much more with that, they can do professional services and they are benefiting tremendously when they are introducing us into the customers. So we definitely see that they are embracing us much more, we are most strategic for them and there is a lot of appetite to push our products and introduce them to the customer.

Our next question comes from Greg McDowell, JMP Securities. Please proceed with your question.

Guy, just one quick one for you. I think one number that really stood out to me was your operating cash flow and free cash flow performance which was more than double last year. I was hoping you could just maybe talk us through some of the puts and takes for the Q1 outperformance? And as we think about cash flow for the rest of the year, maybe how should we be thinking about it? Thanks.

So if you remember, the way our business works Q4 is the largest revenue from a dollar perspective and which kind of generates Q1 to be the largest from a collection perspective and if you look at the cash flow from operations last year, you will see very similar trends. We're very happy with the cash flow from operations and the number we generated this quarter. I think it's a great indication of how strong the business is, we feel very good with the momentum and believe that we can continue to generate a significant cash flow going forward.

Q2, typically you've burned cash in the last couple of years. So I guess predictable patterns for the next couple of quarters is what I'm trying to get at.

Since Q1 from a dollar perspective, a selling perspective is the lowest fees for the year, the cash flow generated from operations in Q2 is significantly lower than the numbers in Q1.

Our next question comes from [indiscernible]. Please proceed with your question.

Yaki, out of the 6,000 customers you have can you give us some color, qualitatively or quantitatively how many of these customers have at least 1,000 employees or more? Thank you.

We actually don't breakdown the number of customers that are over a 1,000. What I want to emphasize is that even though we're focused on customers with more than 1,000 plus and where we've seen that we're -- from a customer lifetime value we're able to generate more through those customers, we haven't neglected the customers that are below a 1,000. We have an inside sales team that focuses on them as well, now we try to sell them through WebEx and over the phone. Out of the 6,000 it's still the majority that are below a 1,000 which just emphasizes the potential that we still have in targeting the larger customers, so we're very focused on the 1,000 plus but haven't neglected the ones under that.

Our next question comes from Mark Schappel, The Benchmark Company. Please proceed with your question.

Guy, just one question. With respect to the incremental investments you plan to put back into the business from the first quarter upside, where do you plan to drag those investments?

So we really feel the opportunity and what we see in making this company become a $1 billion in sales in the future. We need to make some R&D investments but as you know, we're very focused on both, growing the business and on the bottom-line. So the philosophy hasn't changed, we're doing the exact same thing we've done in the past. Most of the investments that we plan to do and kind of what we're bringing from the beat of Q1 will be focused in R&D but we'll make investments in other places if we find them appropriate but we're very focused on the topline growth and bringing some of it to the bottom line.

Our next question comes from [indiscernible], DA Davidson. Please proceed with your question.

First, as you focused more specifically on organizations with a 1,000 plus employees; have you seen any impact on churning with maybe the smaller sized customers? I know you've talked about the 90% plus maintenance renewal rates as a whole but just curiously on the lower side of customers have you seen any impact on churn with that really focused? And then a quick follow-up.

No, we see across the board very strong renewal rates.

And just coming out of RSA [ph] a couple of weeks ago, I mean, you definitely saw a lot of companies messaging both around GDPR and as well messaging sensitive language around go-to-governance or user behavior analytics. Just -- I wanted to understand from your perspective has the competitive environment been relatively maintained or have you seen any sort of changes as some of these larger organizations at least from a marketing perspective start messaging stuff that sounds somewhat you do?

No, we -- the competitive landscape didn't change, we're coming in the same sales motion, it's a very usual sale, we show them our demo and then we are selling it via PLC. And once we are doing it, everything is clear. So we are selling on the value of the product that people are touching with their hands and not marketing some [ph]; so it just works very well for us and we don't see any changes in the competitive landscape.

Ladies and gentlemen, we have reached the end of question-and-answer session. And I would like to turn the call back to management for closing remarks.

Before we end the call, I would like to thank all of our employees for their hard work and contribution to our success this past quarter. We'd like to thank all of our customers and partners for their continued support. Thanks for joining us today and we're looking forward to talk to you again soon.