Qualys, Inc. Q2 FY2024 Earnings Call

Good day and thank you for standing by. Welcome to the 2024 Second Quarter Qualys Investor Call. At this time, all participants are in a listen-only mode. After the speakers' presentation, there will be a question-and-answer session. Please be advised that today's conference is being recorded. I would now like to hand the conference over to your first speaker today, Blair King, Investor Relations. Please go ahead.

Thank you, Marvin, and good afternoon and welcome to Qualys' second quarter 2024 earnings call. Joining me today to discuss our results are Sumedh Thakar, our president and CEO, and Joo Mi Kim, our CFO. Before we get started, I would like to remind you that our remarks today will include forward-looking statements that generally relate to future events or our future financial or operating performance. Actual results may differ materially from these statements. Factors that could cause results to differ materially are set forth in today's press release and our filings with the SEC, including our latest Form 10-Q and 10-K. Any forward-looking statements that we make on this call are based on assumptions as of today, and we undertake no obligation to update these statements as a result of new information or future events. During this call, we will present both GAAP and non-GAAP financial measures. A reconciliation of GAAP to non-GAAP measures is included in today's earnings press release. And as a reminder, the press release, prepared remarks, and investor presentation are available on the Investor Relations website. With that, I’d like to turn it over to Sumedh.

Thank you, Blair, and welcome to our second quarter earnings call. In Q2, we witnessed organizations increasingly optimize spending within an already tight IT spending environment. Given this dynamic, organizations are standardizing on trusted platforms to consolidate security stacks, leverage automation, and achieve expedient remediation of risk. Qualys has a unique, organically built platform to address this need. Nevertheless, crisp execution is required to fully capitalize on this opportunity. While we have made meaningful progress on several fronts, including growing our Sales and Marketing team, building momentum with partners, and growing new business, we have work to do in addressing our upsell execution in the current environment, which resulted in lower-than-expected bookings growth this quarter. With the upcoming departure of our Chief Product Officer later this month, I plan to directly oversee the product and marketing teams to position us for forward success. I am confident in our ability to reaccelerate growth in the long term with sharpened execution on product-led growth and improved alignment between our product messaging and marketing activities to drive operational efficiencies in our go-to-market motion. At this time, I would like to thank Pinkesh Shah, our Chief Product Officer, for his contributions during his tenure at Qualys. Although Q2 was a challenging upsell quarter for us with continued increase in deal scrutiny, we're fortunate that many of our customers have already begun a long-term transformation journey with us. Through the conversations I have had with many CISOs over the past several quarters, their message is clear: they are looking to pivot to a natively integrated risk management solution. In the face of a sluggish macro and escalating threat environment, organizations need to reduce complexity and costs while presenting measurable risk reduction initiatives to Boards and C-level executives. Against this backdrop, Q2 was another quarter of rapid innovation for Qualys, reflecting our ongoing commitment to technology leadership and customer success. Qualys' mission has been to bring innovative new security solutions to market fueled by customer insights. As a result, we have established a strong track record of converting operational challenges into structural competitive advantages while maximizing lifetime value, ensuring frictionless outcomes at scale, and driving immediate ROI on security spend. For example, Qualys pioneered a patching category for security teams. Building on this success, we commenced development of our TruRisk Eliminate capabilities several quarters ago. I am now pleased to announce that some of these increasingly popular solutions amongst our beta customers will soon enable organizations to respond to zero-day threats and mitigate top exploitable vulnerabilities even when a patch is nonexistent or cannot be deployed. This new subset of our broader TruRisk Eliminate roadmap, which we call TruRisk Mitigate and TruRisk Isolate, empowers security teams to apply flexible, automated, and intelligent risk-based response solutions to address cyber risk based on an organization's own unique operational characteristics, remediation timelines, and business objectives. With these new capabilities soon going GA, strong customer support, and over 45 million patches deployed year-to-date on Qualys agents, we're increasingly confident that we're once again transforming our customer's security operations while further magnifying our competitive differentiation in the market. Continuing our innovation to help our customers address risks coming from the use of latest technologies like AI/LLM, we are pleased to announce our newest capability, which we call Qualys TotalAI. As organizations rapidly deploy AI/LLM technologies, the security teams are looking for help to quickly find and comprehensively assess vulnerabilities in these models. With seamless AI Security Posture Management integration, these new adaptive capabilities discover AI/LLM usage within customer environments, scan for vulnerabilities, and prevent data leakage for comprehensive risk assessment, prioritization, and remediation across the entire attack surface with a single click of a button. In addition, we are pleased to announce an extension to our TotalCloud CNAP Platform, which now discovers and assesses the risk of all known and unknown in-use Kubernetes container images. Leveraging our own AI and ML technologies, we are establishing a baseline of normal behavior for each host, container, serverless function, and other objects. Now, through real-time observation of file systems, processes, and network activity, our newest runtime security tools provide organizations with predictive and threat-based protection to actively detect anomalous activities, prevent zero-day attacks, automate response, and help ensure PCI 4.0 compliance in both containerized and legacy environments. These new container runtime insights, combined with toxic risk factors within a unified, actionable dashboard, allow for immediate threat quantification, prioritization, and remediation from code to cluster. We believe this new capability uniquely sets us apart to enable secure and compliant cloud consumption at scale. Turning to our federal agenda, we recently received FedRamp Moderate Certification for our TotalCloud CNAPP and Endpoint Detection and Response EDR solutions, marking another key milestone for the company. We continue to expect our pending FedRamp High certification for several key applications later this year, making Qualys the only modern alternative to legacy on-prem scanners for federal, state, and local government agencies at the High Impact level. Our investments to establish a public sector presence are starting to yield results, supporting our confidence to address this new vertical and drive incremental growth in the business over time. Finally, with respect to our upcoming Enterprise TruRisk Management solution, we remain on track for GA later this year. This extension to our platform is currently in private beta with select design partners. The ability to bring first and third-party data into our platform to holistically detect, quantify, prioritize, and remediate vulnerabilities with automated workflows on a unified dashboard across on-prem, cloud, and multi-cloud environments is evolving into the go-to risk management solution for enterprises, especially within the context of a tight spending environment. The early customer feedback we're receiving is very positive, and it's great to see CISOs from around the world actively attend and engage in the many risk quantification workshops we've been conducting over the past several months. These innovative new approaches to cybersecurity risk management, along with several others we're showcasing at Black Hat this week, allow our customers to reduce complexity and cost and, of equal importance, create multidimensional paths for durable long-term growth in our business. Moving to our business update, we believe that with continued deal scrutiny comes greater opportunity for Qualys over the long term as our natively integrated risk management platform helps customers consolidate technologies and achieve better outcomes with less time, fewer resources, and immediate ROI. With many of our customers already embracing Qualys to help rearchitect and consolidate their stack, Qualys' VMDR solution has translated into an enviable customer base, deep penetration, and significant industry recognition. As recently announced, Qualys' VMDR with TruRisk was voted the best vulnerability management solution at the 2024 SC Awards Europe for the second consecutive year. We believe Qualys' placement as the number one VM solution further validates our investments in the platform and continues to represent the gold standard for securing customer environments today and in the future. Given Qualys' blueprint for delivering greater value to customers, our VMDR solution with TruRisk is not only fueling new logo landings but also helping to increase platform adoption, especially in the areas of Cybersecurity Asset Management with EASM, Patch Management, and Cloud Security. Let me share a couple of recent wins with new customers, which illustrate why companies turn to Qualys to help consolidate their security tools and improve their security posture. In Q2, a large federal government agency became a customer of Qualys. This new customer was previously using multiple legacy and next-gen solutions to manage a variety of risk management use cases across their security, IT, and DevOps teams. In addition to the complexity of using multi-point products, this government agency was frustrated with increasing costs associated with on-prem deployments. Looking to migrate to a natively integrated, cloud-based, FedRamp High Impact Ready solution that met the Cybersecurity and the CISA BOD guidelines, they replaced two of their existing vendors in a high six-figure bookings Phase One deployment using multiple Qualys modules right out of the gate. These initial deployments included Cybersecurity Asset Management with EASM, VMDR with TruRisk, and Patch Management. Through this highly strategic and competitive win, this customer is now able to leverage unified dashboards that provide them with greater insights and automation than any of the competitive products they evaluated, while taking full advantage of the speed and scale of an integrated platform. This win is a further testament to the investments we're making to expand our federal business, and we were also pleased with the turnout and encouraging feedback from many large government agencies at our first public sector cyber risk conference in May. In a second new high six-figure customer win, a hyper-growth Cloud Native SaaS business standardized on the Qualys Enterprise TruRisk Platform. This company's security team struggled with managing multiple consoles, lack of integration, complex workflows, missed detections, and extended remediation times, which restricted their ability to protect themselves. This customer is now consolidating on the Qualys Enterprise TruRisk Management Platform, replacing several competing vendors through a natively integrated multi-product solution including Cybersecurity Asset Management with EASM, VMDR with TruRisk, Patch Management, and our TotalCloud CNAPP applications. Now, with a comprehensive multi-sensor solution, single user interface, and single platform, they have complete visibility and automated remediation across their endpoints and multi-cloud environments. With seamlessly integrated solutions delivered natively on our platform to solve modern security challenges, more and more Qualys customers are beginning to understand how cybersecurity transformation drives better security outcomes, saves time, and costs less. As a result, customers spending $500,000 or more with us in Q2 grew 18% from a year ago to 199. Beyond these wins, we're also increasingly gaining leverage from our partner ecosystem. Our pipeline of business opportunities with partners continues to grow, and our partner-led win rates increased again in Q2. As our market perception and brand awareness continue to strengthen, we anticipate partner integration with our platform will continue to increase, further strengthening our strategic position, expanding our ecosystem, and broadening our reach. In summary, our rapid innovation engine underscores our growing thought leadership and the value proposition we deliver to customers seeking to transform, consolidate, and fortify their security posture. Given the large market opportunity in front of us and multiple growth drivers in our business, we anticipate that we can grow at scale long-term, generate cash, and invest in key initiatives that will further extend the gap between Qualys and the competition. With that, I'll turn the call over to Joo Mi to discuss in more detail our second quarter results and outlook for the third quarter and full year 2024.

Thanks, Sumedh, and good afternoon. Before I start, I'd like to note that, except for revenues, all financial figures are non-GAAP, and growth rates are based on comparisons to the prior year period unless stated otherwise. Turning to second quarter results, revenues grew 8% to $148.7 million with channels continuing to increase their contribution, making up 46% of total revenues compared to 43% a year ago. As a result of our continued commitment to leverage our partner ecosystem to drive growth, we were able to grow revenues from channel partners by 17%, outpacing direct, which grew 2%. By geo, 14% growth outside the U.S. was ahead of our domestic business, which grew 5%. U.S. and international revenue mix was 58% and 42%, respectively. As for calculated current billings, we would like to note that our Q2 calculated current billings were negatively impacted by the sunset of our embedded solution for Microsoft Defender as of May 1. Earlier this year, we announced that we would be retiring our integration on Microsoft Defender and transitioning to a BYOL model. Since this went into effect in Q2, we have been fielding inbounds from former Qualys on Microsoft Defender users and working closely with them to ensure that they understand the value of our Cloud Security solution, TotalCloud CNAPP. Normalized for this change, our calculated current billings growth would have been 1%. In Q2, with a continued challenging spend environment resulting in lower performance in upsell, our net dollar expansion rate declined to 102% from 104% last quarter. Conversely, we continue to see strong returns on our new business initiatives and achieved double-digit new bookings growth for the fourth consecutive quarter. With this momentum in new customer bookings growth, we believe we're building a stronger foundation to drive expansion and share gains over time. In terms of product contribution to bookings, Patch Management and Cybersecurity Asset Management combined made up 13% of LTM bookings and 22% of LTM new bookings in Q2. Cloud Security solution, TotalCloud CNAPP, made up 4% of LTM bookings. Turning to profitability, reflecting our scalable and sustainable business model, adjusted EBITDA in Q2 was $69.9 million, representing a 47% margin compared to a 48% margin a year ago. Operating expenses in Q2 increased by 10% to $59.0 million, primarily driven by a 22% increase in Sales and Marketing investments aimed at capturing the market opportunities in front of us. As we continue to increase our investment intensity and focus on Sales and Marketing enablement, customer success, and productivity, we believe we will be able to drive wallet share and long-term returns. EPS for the second quarter of 2024 was $1.52, and our free cash flow was $48.8 million, representing a 33% margin compared to 37% in the prior year. In Q2, we continued to invest the cash we generated from operations back into Qualys, including $1.0 million on capital expenditures and $35 million to repurchase 233,000 of our outstanding shares. As of the end of the quarter, we had $230.7 million remaining in our share repurchase program. With that, let us turn to guidance, starting with revenues: For the full year 2024, we are now expecting our revenues to be in the range of $597.5 million to $601.5 million, which represents a growth rate of 8%. This compares to revenue guidance of $601.5 million to $608.5 million last quarter. For the third quarter of 2024, we expect revenues to be in the range of $149.8 million to $151.8 million, representing a growth rate of 5% to 7%. This guidance assumes continued deal scrutiny and no improvement to our net dollar expansion rate through the back half of this year. Shifting to profitability guidance, for the full year 2024, we expect EBITDA margin of 43% to 44%, and free cash flow margin in the mid-to-high 30s. We expect full year EPS to be in the range of $5.46 to $5.62, up from the prior range of $5.06 to $5.30. For the third quarter of 2024, we expect EPS to be in the range of $1.28 to $1.36. Our planned capital expenditures in 2024 are expected to be in the range of $12 million to $16 million; and for the third quarter of 2024, in the range of $4 million to $7 million. Consistent with prior guidance, for the remainder of 2024, we intend to align our product and marketing investments to focus on specific initiatives aimed at driving more pipeline, supporting sales, including enhancing our partner program, and expanding our federal vertical. As a percentage of revenues, we expect to prioritize an increase in investments in Sales and Marketing as well as related support functions, systems, and people with more modest increases in engineering and G&A. With that, Sumedh and I would be happy to answer any of your questions.

Thank you. At this time, we will conduct the question-and-answer session. Our first question comes from a line of Joel Fishbein of Truist. Your line is now open.

Congrats. Joo Mi, really great growth internationally, and I guess Sumedh as well. Can you talk about what drove the international growth? And then maybe, Joo Mi, if you can talk about more specifics about some of the investments that you're making in sales and marketing going forward, that would be very helpful. Thank you so much.

Yes, happy to. The international growth, we're seeing stronger demand in that region relative to the U.S. With that said, the U.S. growth rate is impacted by Microsoft Defender, and so that's been a headwind on the U.S. business as well as the direct business that we just shared the growth rate for. In terms of the sales and marketing investments that we feel have been doing really well and are at higher return on ROI, it's from the investment that we made on the partner side. Our initiatives, when it comes to enhancing our partner relationships and really working with them to revamp how we go to market and further incentivize our partners to understand why it makes sense for them to propose and put Qualys as a vendor of choice, has been resonating. And so for us, it's number one, partner, and then number two, of course, primarily our investment is related to the headcount. We are targeting to continue to grow the sales and marketing headcount by double digits in 2024, and we are on track to meet that goal. We're positive with the momentum that we're seeing in the business today.

Yes. And Joel, I'll add to that is, while we had a tough quarter for Q2, I think our investments that we've been making in the last few quarters have really given us a lot of positive things that we're excited about. Our new business growing double digits because of the way that we're enabling our new business sales team, and also as Joo Mi said, we're investing with our partners and the pipeline is increasing, along with the win rates with our partners. I'm pretty excited about our investment that we started last year in the federal space, which again is highlighted by getting a six-figure new net new business deal in the federal space for us. It also highlights the opportunity that we have on the federal side, and including within our existing customer base, our investments in terms of taking our learnings from what we have been able to be successful with our new business, being able to train our post-sales teams as well to be more hunters, enabling them in a much better way, etc., has led to customers spending $500,000 or more with us also growing 18% from last year in the same quarter. So those are a lot of the things that our investments are leading to positive trends. I think clearly we see an opportunity in this macro environment that we have and the scrutiny that we face from our customers with VM to really be able to get our sales team to, our product and marketing teams to align better and execute better on the upsell opportunities that will come with the new ways customers are looking at their security spend and focusing on risk management.

Our next question comes from a line of Shrenik Kothari of Baird. Your line is now open.

So, Joo Mi, you mentioned, of course, the channel revenue now making up 46%, which is kind of really ticking up nicely. Can you just help provide some more details on kind of overall, I would say, breakdown of the contribution for different types of partners if possible? Of course, you highlighted how you guys were trying to partner with some of the cloud providers and marketplaces like AWS, Azure, or Oracle. Just curious if you can provide us some more color in terms of those drivers, and then I'll follow up.

Yes. Shrenik, we don't break it down that way, but I can tell you that our channel partners or resellers are definitely working very closely with us and really bringing us a lot of the opportunities because they see the comprehensive set of capabilities that we can very rapidly bring to the customers who are currently in the market, have a project, and have a budget to execute on that. So, they are sort of the first folks who are working closely with us. In the last quarter, we released our MSSP portal, so we're seeing traction with service providers who are continuing to add patch management as a service because just having VM scanning as a service is not a big differentiator. More and more of them are leveraging Qualys for now providing patch management as a service. We're also starting to see that same thing from partners on being able to provide services around cloud security deployments as well. We have a really nice, strong partnership with OCI on the GTM side, but as well as working with AWS on the EDP credits with joint customers are some of the areas that we're releasing good momentum.

Got it. That's very helpful, Sumedh. And Joo Mi, one quick follow-up. Of course, Sumedh, you highlighted the development of the enterprise risk platform, kind of helping and how you're monetizing that offering. Just curious, like given on the other side there is aggressive overall pricing in the core VM that we are hearing from other players, perhaps undercutting pricing there. Just curious, like how were you able to show the upside on the gross margins as well in this kind of environment, and can you provide us some quantitative insights into that and expected impact of net dollar retention rates as well?

Yes. In terms of the gross margin, we were very pleased to post the 84% gross margin up from 82% last year and then even 83% last quarter. It's primarily due to our optimization when it comes to our data centers, in addition to the fully depreciated assets that we're seeing right now. As you know, we have both the hardware as well as on the cloud assets, and we're just leveraging and optimizing to make sure that we're getting the margins that we think make sense for our business today.

And then on the VM question that you asked, look, I think we've talked about this for the last many quarters that VM is evolving, and customers are really looking to focus on remediation as well. Even when they are looking at scan-only solutions that only give them more things and CVEs to fix, when they are optimizing their budget for an outcome, they are looking at how to balance the scanning with patch management. That's why our TruRisk Eliminate capability that we came out with, giving customers more solutions they can buy from us in terms of being able to mitigate the risk is the most important. Because if today's cyber budgets have been tight and the questions that cybersecurity professionals are being asked is, well, what's the outcome? How much risk are you reducing? If you're not able to articulate the risk and how much you're actually reducing, that's when they face challenges with, should we get an increase in this budget if we're not focusing on remediation? Just in the first half of this year, getting 45 million patches deployed by Qualys agents really highlights that VM today is about vulnerability assessment but also combining with patch management and the ability to mitigate the risk. We see that in the numbers today with our patch management, cybersecurity asset management, or net new bookings customers when they're coming to us. Why we are seeing good success with that new business is, we offer a unique differentiator in the market when people are looking to change their scanning solution because we're offering them patch management combined with the scanning solution. That's where vulnerability management has been evolving. That's why we invested a few quarters ago to focus on the remediation aspect of vulnerability management because there's no M in the VM if you don't fix things.

Our next question comes from the line of Matt Hedberg of RBC. Your line is now open.

It sounds like NRR dipped down to 102, I think from 104 last quarter. I'm curious, do you feel like that's starting to bottom now? Do you think perhaps in the second half, whether it's pipeline or other drivers, we could see a rebound there?

I think while we work with our customers, we're definitely facing scrutiny on when they have to do additional spend with Qualys. This is leading to many great engagements, and that’s where we are having more conversations about how they optimize their spending, balancing their spending between the scanning side and the patch management and asset management side. We will have to continue to see in the next quarter how these conversations translate into additional upsells for the customers, because in this current environment, it's a little harder with the scrutiny that they face to know the timing of when they will adopt additional solutions, especially with cloud security, etc. So we're pretty excited about the opportunities we see, but we're going to have to watch the next couple of quarters on how this rate evolves. Over the long-term, we definitely feel like we have all the goods that existing customers are looking to invest additional in, which include patch management, cloud security, overall sort of risk management, and questions arising about AI security.

That's great. That's super helpful. And then in terms of the Microsoft Defender headwinds, can you remind us again when those will abate officially and not become a drag on billings?

Yes. The sunset was effective May 1, so it hit us for the first time in Q2. The biggest impact that we expect to see is in Q2.

In other words, Joo Mi, so what you're saying is that it's not going to be as big of a headwind in Q3 and Q4, or maybe just think about that headwind as well in the next couple quarters?

That's right. It's not going to be material enough for us to normalize it in Q3 and Q4. Q2 is really the biggest quarter based on the billing schedule, and that's why when you look at our calculated current billings, the 2% decline normalized for this, if it hadn't happened, then it would have been approximately 1%.

Our next question comes from the line of Kingsley Crane of Canaccord Genuity. Your line is now open.

So you've done a remarkable job building out the platform in the past couple of years. I just want to ask broadly, how would you describe VM demand at the moment? How cyclical is this? How secular is this? And then why do you view VM as foundational? And how can you leverage that to expand spending with the existing customers? Thanks.

Yes, great question. See, VM continues to be very foundational for any risk management exercise that any organization has. If you look at every cybersecurity standard out there, they require regular scanning and patching for VM. As we have talked about, VM is evolving. While the overall focus for customers remains on VM, within VM, customers are focusing on how do we get an outcome to actually reduce the risk by fixing the things that are discovered by VM. Our customers are currently in tight budgets and they're putting on the conversations. They are looking to balance between how much they focus on scanning and what's the point of scanning everything if they're not able to remediate anything. How do they balance their investment in the VM sector between scanning, patch management, and asset management, as well as how do you expand the scanning into the cloud environment? These are the conversations that we hear a lot more. The VM as a key part of risk management for the organization continues to be a key priority for all the customers that we talk to. As they are working with tight budgets right now and looking to balance that, we see this as a good opportunity for us because it is giving us the chance to get our additional products like patch management, cybersecurity asset management seeded with these customers as they buy smaller amounts. In the future, this could lead them to cover more of the estate that they currently have with us with scanning.

Great. That's well said. And then one more. I want to just talk about dynamics when selling cloud security, whether that's total cloud CNAPP or something individual like CSPM. Post-CrowdStrike outage, vendor concentration has been widely discussed, rightly or wrongly. So big picture, how do you think the outage will play out specifically in cloud security given how nascent the space is and how much of an opportunity do you see?

Look, I think the questions customers are asking are obviously valid in terms of how you balance the risk of the security solution being deployed itself versus the risk it is mitigating. I think the advantage for Qualys is that we are not concentrated on the agent as being the foundational way to deliver security service to the customer like some of the other providers where the agent is the main and the only way that they can deliver services. We have a comprehensive capability of delivering security services that match the customer's operational appetite of deploying different ways to assess risk. What we see with customers is obviously we got a lot of questions about how we are ensuring we're testing, and we're confident about the way we roll out our updates for different technologies. The fact that they can balance their risk of where they want to deploy agent-led scanning versus where they want to deploy agent-based scanning gives them options. This flexibility makes them happy; they don't have to take that big risk of only having an agent, which is the only way to deliver the service.

Our next question comes from the line of an indiscernible caller. Your line is now open.

Sumedh, on the Microsoft Defender headwind, I am assuming you planned for that. Clearly, there was some execution issue that you did not anticipate. If you can elaborate on that a bit and then also what are the products that were directly affected by the lower attach rate related to Microsoft Defender?

Microsoft was leveraging our very basic sort of scan-only legacy capability, which was not VMDR. So those customers, and we did not have access to them to work with them and upsell them to all the other things that our current customers upsell to, whether it's cybersecurity asset management, patch management, cloud assessment, or now with the new AI scanning that we are releasing. For us, it was customers in that environment only using scan-only solutions. As we all see right now, what's happening in the market is that customers are looking for a more holistic, comprehensive outcome of their VM solution. Customers don't just want more CVE reporting. They want a way to say these are the things you should fix to reduce the risk, and then a solution that can fix that. That's where we see the opportunity. If these customers come to us, we can focus on helping them see the bigger picture of how they can reduce the risk from vulnerabilities rather than just keep looking at them and not doing anything about them.

Okay, great. Thanks for that answer. Joo Mi, anything that we should be aware of in regard to pricing, especially with second half renewal season coming up?

No change from our perspective, from a competitive standpoint, and no change from our own pricing.

Our next question comes from the line of Jonathan Ho of William Blair. Your line is now open.

I just wanted to maybe dig in a little bit more in terms of understanding the need to balance profitability with some of the investments that you've been making on the channel side. Can you give us a sense of, have the initial investments sort of paid off the way that you've expected? I know it takes a little bit of time to translate into billings and ultimately to revenue, or has it been disappointing? Has it been sort of, yes, just want to get a sense of how you're thinking about that?

Great question, Jonathan. When we embarked on this journey a couple of years ago, we focused on a few different things, and some of them sometimes work, some of them don't. Overall, like I said, we are pleased with the investments bringing us improvement in four straight quarters of double-digit growth for new business, which we have not had as much in the past. Looking at opportunities coming from partners and seeing better close rates, we're also seeing our $500,000-plus customers increase in this tough environment by 18%. Different things that we have done in terms of training our new business sales reps and investment in channel have brought us those opportunities. In further quarters, we need to focus on working through those opportunities, closing them, and continuing to invest additionally with our channel partners. We are in a fairly unique position this year to continue to invest in our sales and marketing GTM, again, because we see the opportunity when most companies are cutting down their sales and marketing investment. We look for improvement in our upsell rates, similar to what we're seeing with our new business. Also looking forward to our federal side, as we’re getting good six-figure deals in federal net new business and seeing positive outcomes from our federal investments.

Excellent. Just a quick follow up. So as you take on additional Chief Product Officer responsibilities, can you help us understand where you see the biggest opportunities? Is this narrowing of the product focus? Is this approaching new areas? I'm just trying to understand how you think about taking on these additional responsibilities and what you see as that opportunity. Thank you.

Yes, look, you know my history. It's a little hard to get the Chief Product Officer out of me. I've been innovation-driven, closely listening to our customers and bringing solutions to market like we do with patch management. I’m excited about the challenges cybersecurity professionals are facing as cyber budgets remain flat, which makes it important to articulate how much risk is being brought to the business. Our ATM platform focuses on identifying and articulating risk in dollar terms to decide effective security controls to reduce that risk. I look forward to aligning product management and product marketing teams so we can execute better on marketing total cloud solutions and create additional opportunities. That is what I’m focused on as I take over the Chief Product Officer role.

Our next question comes from the line of Rudy Kessinger of DA Davidson. Your line is now open.

I guess just on the tough upsell environment, your net expansion rate is down to 102%, but it's almost down to basically no upsell. Are you seeing contractions with any sizable portion of your customer base? Not customers who churn, but customers who are staying with you. Are they reducing their footprint? Or where could that bottom? Obviously, we would think it would bottom at 100%, but it could potentially even go lower than that.

Great question, Rudy. As we mentioned, overall, our gross retention is the same at around 90%. For us, it's really about customers looking to balance the set of solutions they have from Qualys, how they can have a better impact by adopting additional solutions from Qualys, like patch management and cybersecurity management. Sometimes, they may decide that this particular environment should focus more on patch management in their server environment because budgets are tight. So what we see is right now, our gross retention continues to be the same, but it’s more about customers looking to optimize and balance their spend between the different capabilities. This would lead to additional opportunities in the future, allowing us to increase the accounts.

Our next question comes from the line of Hamza Fodderwala of Morgan Stanley. Your line is now open.

Just a question on the current billing. For Joo Mi, I think it's down 2% this quarter. I believe you mentioned the Microsoft headwind without that, it would have been up 1%. Anything else that I'm missing? If you could get on the Microsoft customer list, as a partner as well as a customer, any changes in the commerce?

We couldn't quite hear the last part. Can you repeat the last part about the customer relationship?

No, no change. It's as expected with respect to the impact on our top line from both Microsoft Azure and Microsoft Customer for this year.

Thank you. I'm showing no further questions at this time. Thank you for your participation in today's conference. This does conclude the program. You may now disconnect.