Qualys, Inc. Q1 FY2025 Earnings Call

Ladies and gentlemen, thank you for standing by, and welcome to Qualys First Quarter 2025 Investors Call. Please be advised that today's conference is being recorded. I would like now to turn the conference over to Blair King, Investor Relations. Please go ahead, sir.

Thank you, Michelle. Good afternoon, and welcome to Qualys' first quarter 2025 earnings call. Joining me today to discuss our results are Sumedh Thakar, our President and CEO; and Joo Mi Kim, our CFO. Before we get started, I'd like to remind you that our remarks today will include forward-looking statements, that generally relate to future events or future financial operating performance. Actual results may differ materially from these statements. Factors that could cause results to differ materially are set forth in today's press release and our filings with the SEC, including our latest Form 10-Q and 10-K. Any forward-looking statements that we make on this call are based on assumptions as of today, and we undertake no obligation to update these statements as a result of new information or future events. During this call, we will present both GAAP and non-GAAP financial measures. A reconciliation of GAAP to non-GAAP measures is included in today's earnings press release. And as a reminder, the press release, prepared remarks and investor presentation are all available on the Investor Relations section of our website. So with that, I'll turn the call now over to Sumedh.

Thanks, Blair, and welcome all to our first quarter earnings call. We are entering a new era for cybersecurity risk management powered by real-time data, automation, and AI. Against this backdrop, we executed well in this quarter, resulting in better-than-expected revenue growth, strong profitability, and solid cash flow generation. Fueled by customer insights, Qualys' mission is to bring innovative new security solutions to the market. With over 25 years of evolving our platform to meet the next generation of modern security challenges, we have established a strong track record of converting operational challenges into secular competitive advantages while maximizing lifetime value, ensuring frictionless outcomes at scale, and driving immediate ROI on security spend. In doing so, we believe we have built a new security industry paradigm, which today leverages our powerful real-time data processing capabilities across more than 18 trillion data points on a natively integrated platform to help organizations streamline their cybersecurity risk management program with the Risk Operations Center, ROC. While a security operation center (SOC) is used for detection of threat actors after a breach, the ROC is needed by organizations for proactive risk management to reduce the chance of breaches by deploying the cyber budgets where the highest risk of loss is. Unlike other CTEM solutions that only reveal exposures without providing effective remediation, Qualys' cloud-native Enterprise TruRisk Management, ETM solution is purpose built to deliver a single comprehensive AI-powered orchestration layer unifying security findings from multiple Qualys and non-Qualys sources to implement an effective ROC. By unleashing the scale of the Qualys platform, we inject data from multiple sources, including Tenable, CrowdStrike, and Wiz normalize risk signals enriched with threat intelligence, analyze adversary behavior, and provide organizations with actionable enterprise-wide insights to prioritize and remediate cyber risk through a common language of business context and financial impact. This holistic approach uniquely ensures organizations not only understand their cyber risk in quantifiable terms but can take immediate action to reduce the risk that matters the most. With prospects of POCs more than doubling from last quarter and over 25 active POCs already underway since launching GA a short while ago, we continue to see many parallels between this new market opportunity and the early days of the VMDR launch, including significant greenfield opportunity and a growing demand. Embracing this momentum in the market, we further evolved our ETM solution through an expanding ecosystem of remediation solutions. In doing so, we have advanced our TruRisk Eliminate agenda by enabling organizations to amplify third-party remediation tools with security insights from Qualys to prioritize patching or activate other compensating controls available through the Qualys platform. With this latest innovation, organizations can soon leverage a unified Qualys workflow with end-to-end automation, CMDB, and ITSM integration to prioritize rapid remediation across all environments from their patching vendors of choice. This is a strong competitive differentiator for Qualys, further neutralizes IT and SecOp procurement friction, and significantly expands our market opportunity by going well beyond patch management. Continuing this rapid pace of innovation, we're expanding our Qualys TotalAI and TruRisk capabilities to help organizations address the evolving threats associated with LLMs. With this latest release, TotalAI brings full visibility across ML supply chains, data, applications, and pipelines to detect malicious code, policy violations, and advanced multimodal exploits hidden within images, audio, or video files. By enhancing our AI Security Posture Management (AI-SPM) with native internal LLM scanning, expanded jailbreak detection, and seamless integration into MLOps pipelines, we're equipping security teams with the agility and insight needed to protect modern, AI-driven workloads from development all the way through runtime while building what we believe is the most advanced AI security solution available in the market. In addition, with the launch of Policy Audit and Audit Fix, we are also now providing organizations of all sizes with the ability to streamline audit operations by providing audit-readiness reporting and automated evidence collection across 450 plus technologies and over 1,000 out-of-the-box audit processes for frameworks like PCI, NIST, DORA, HIPAA, etc. This solution addresses a growing area of focus and cyber spend for CISOs as they are under pressure to ensure the organizations don't fail audits while reducing their spend on audit readiness through automation not only detecting gaps but also fixing them. Moving to our business update, we've hosted several risk quantification workshops attended by many of the most forward-thinking CISOs around the world in recent quarters, and the message is clear: Organizations are increasingly anchoring pre-breach cyber spend to quantifiable risk reduction in their business, which is easily articulated to Boards and business partners. CISOs want a platform that speaks a unified language of risk, allowing their teams to choose their own tools within various components of the stack rather than trying to consolidate multiple vendors into a single platform. This requirement necessitates a centralized risk fabric that seamlessly unifies the underlying tools of choice to effectively measure, communicate, and fortify an organization's risk posture while reducing complexity, operating costs, and time to reduction – time to remediation. As a result, our technologies are not only fueling new logo lands, but also helping to increase broader platform adoption, especially in the areas of VMDR, cybersecurity, asset management, patch management, cloud security, and increasingly the ROC delivered through Qualys' ETM solution. With thousands of customers consolidating on the Qualys Enterprise TruRisk Management platform, let me share a couple of recent wins illustrating why these companies are turning to Qualys to help unify their security tools, quantify immediate cyber risk in their environments, and achieve better security outcomes. First, an existing Global 100 multi-national media company with a rapidly growing multi-cloud and container environment determined that managing siloed tools added complexity to their operations, lagged integration and misdetection while hindering their ability to assess risk and centralize remediation. This customer chose Qualys to transform siloed risk factors spanning core repositories, endpoints, identity, cloud container, IT, IoT, and network assets into a cohesive real-time risk management solution by consolidating Qualys and non-Qualys data. This included purchasing eight Qualys modules and deploying ETM to begin operationalizing their ROC and consolidating ingested data from WIS, resulting in a seven-figure annual bookings deal, including a mid six-figure TotalCloud CNAPP upsell. We are now quickly migrating numerous data sources in the Qualys platform and delivering a vendor agnostic orchestration layer with full visibility of the attack surface, centralized risk assessment, quantification, prioritization, and remediation while unleashing the operational efficiencies of security stack consolidation. Looking ahead, this customer is now in the process of planning to power its ROC with ETM across 30 separate entities worldwide. Further advancing our TotalCloud CNAPP momentum is another marquee seven-figure annual bookings win with a Global 50 financial services company. This existing customer launched an initiative to strengthen its cloud and container security solution against advanced threats, close security gaps, and remediate risk with ITSM integration through a single dashboard. It also needed to meet increasingly stringent global regulatory requirements and extended its on-prem visibility to multi-cloud and container environments. Through its evaluation, this customer chose our TotalCloud CNAPP solution and is now leveraging the Qualys Enterprise TruRisk platform for complete visibility across this entire attack surface to quantify and prioritize risk reduction initiatives, and increase operational resolution and compliance. Our growing leadership in the cloud market was further evident in the GigaOm radar report ranking Qualys as a leading outperformer in cloud workload security. With customers beginning to perceive Qualys as a leading risk management platform that consolidates and orchestrates multiple security solutions and workloads, we are growing increasingly confident in our ability to drive long-term growth and gain market share. This confidence was again bolstered in Q1 as customers spending $500,000 or more with us grew 6% from a year ago to 203. Consolidating workflows isn't just happening with customers; it's also embraced and prioritized by our partners, underscored by an increasingly strong mix of new business and significant growth. As we continue to endorse a partner-first sales motion, partner-led deal registration increased again in Q1. In addition, we have now certified six leading partners who are actively marketing the delivery of fresh new Managed Risk Corporations, mROC services, and just beginning their efforts to capitalize on a centralized and automated approach to pre-breach risk management on top of ETM. Further advancing our momentum toward a global ROC ecosystem, we look forward to certifying a few additional strategic partners in the months ahead, who have already demonstrated a firm commitment to spearheading these new initiatives with Qualys as their mROC partner of choice. And finally, as the Federal government seeks to show efficiency and replace outdated and costly on-prem deployments from years past with modern cloud-native risk management solutions, we're especially excited to host our second annual Federal conference in Washington D.C. toward the end of this month. We've recently made good progress advancing our FedRAMP High certification status, and we continue to believe we're on track to achieve the authorized milestone later this year, fueling a new leg of growth for the company. In summary, Qualys is increasingly well armed with fresh new capabilities to further strengthen our strategic position as the partner of choice for customers ready to centralize their response to cyber risk, solve modern security challenges, and reduce costs. Looking ahead, we believe we'll continue to outpace our competitors, extend our leadership in the market, and build upon an already strong foundation to drive durable long-term growth in the business. With that, I'll turn the call over to Joo Mi to further discuss our first quarter results and outlook for the second quarter and the year ahead.

Thanks, Sumedh, and good afternoon. Before I start, I'd like to note that, except for revenues, all financial figures are non-GAAP, and growth rates are based on comparisons to the prior year period, unless stated otherwise. Turning to first quarter results, revenues grew 10% to $159.9 million. The channel continued to increase its contribution, making up 49% of total revenues compared to 45% a year ago. As a result of our continued commitment to leverage our partner ecosystem to drive growth, we were able to grow revenues from channel partners by 19%, outpacing direct, which grew 2%. By geo, 16% growth outside the U.S. was ahead of our domestic business, which grew 6%. U.S. and international revenue mix was 57% and 43%, respectively. In Q1, we were pleased to see some improvement in our gross retention rate. However, growing macroeconomic uncertainty toward the end of the quarter presented an increasingly challenging upsell environment with our net dollar expansion rate at 103%, unchanged from last quarter. In terms of product contribution to bookings, Patch Management and Cybersecurity Asset Management combined made up 15% of total bookings and 24% of new bookings on an LTM basis. Our Cloud Security solutions, TotalCloud CNAPP, made up 5% of LTM bookings. We credit this momentum to customer demand for a more comprehensive and contextual understanding of their expanding attack surface, supported by seamlessly integrated risk management and remediation workflows across all environments within a unified platform. Turning to profitability, adjusted EBITDA for the first quarter of 2025 was $74.8 million, representing a 47% margin, in line with last year. Operating expenses in Q1 increased by 10% to $62.5 million, primarily driven by investments in sales and marketing, which grew 15%. Demonstrating our ability to innovate and invest in our long-term growth initiatives while remaining capital efficient, EPS for the first quarter of 2025 was $1.67, and our free cash flow was $107.6 million, representing a 67% margin, compared to 57% in the prior year. In Q1, we continued to invest the cash we generated from operations back into Qualys, including $2 million on capital expenditures and $39.6 million to repurchase 292,000 of our outstanding shares. Since commencing our share repurchase program in February of 2018, we've repurchased 9.6 million shares and returned nearly $1.1 billion in cash to shareholders. As of the end of the quarter, we had $303.8 million remaining in our share repurchase program. With that, let us turn to guidance, starting with revenues. For the full year 2025, we expect revenues to be in the range of $648 million to $657 million, which represents a growth rate of 7% to 8%. This compares to prior guidance of $645 million to $657 million. For the second quarter of 2025, we expect revenues to be in the range of $159.7 million to $162.7 million, representing a growth rate of 7% to 9%. While we believe our platform approach to cyber risk management provides some insulation amidst ongoing macro volatility, this guidance assumes increased budget scrutiny and a more challenging environment for new business growth in 2025. Shifting to profitability guidance. Given our strong Q1 performance, for the full year 2025, we expect an EBITDA margin in the low-to-mid 40s, implying a 15% to 17% increase in operating expenses and a free cash flow margin in the mid 30s. We expect full-year EPS to be in the range of $6 to $6.3, up from a prior range of $5.5 to $5.9. For the second quarter of 2025, we expect EPS to be in the range of $1.4 to $1.5. Our planned capital expenditures in 2025 are expected to be in the range of $8 million to $11 million, and for the second quarter of 2025 in the range of $1.5 million to $3 million. We continue to believe organizations will increasingly adopt cloud-native full stack security and compliance coverage to meet the demands of today's threat landscape and reduce costs. As the impact of the macro-economy is still unfolding, we are closely monitoring the business environment and adjusting our priorities accordingly. That said, considering the long-term growth opportunities ahead of us and our industry-leading margins implying further room for investment, we intend to continue to responsibly align our product and marketing investments to focus on high impact initiatives aimed at driving more pipeline, accelerating our partner program, and expanding our federal vertical. As a percentage of revenues, we expect to prioritize increased investment in sales and marketing and engineering with a more modest increase in G&A, consistent with our commitment to balancing long-term growth and profitability. With that, Sumedh and I would be happy to answer any questions.

And the first question will come from Jonathan Ho with William Blair. Your line is open.

Hi, good afternoon and congrats on the strong quarter. I just wanted to maybe understand a little bit better what your thoughts are around the macro-environment, perhaps what you're seeing from customer spending so far and maybe what underpins your confidence to tighten the guidance range a little bit higher?

Yes, I would say that at a high level, what we're seeing is similar to what we've seen in the last couple of years where cybersecurity still continues to be an important aspect of risk management for the company, and there is continued focus. However, as we have seen, there is more scrutiny on the spend, ROI of the spend is important, and we're seeing longer cycles because people are taking longer to make decisions. So I think that is what we continue to see right now, of course, given more recent changes, there is a little bit of uncertainty, I would say. And so a little bit of that is factored into how we're thinking about the rest of the year, though we haven't particularly seen anything specific yet. We're just being prudent about sort of what we see now and a little bit of expectation around people scrutinizing things a little bit more and continuing to inspect budget spend, not just in cyber, but overall budget spend across the board with everything.

Got it. And then just in terms of your discussion of the ROC, can you talk a little bit about how that works from a customer journey perspective, what they maybe add to their existing solutions and what that looks like from a financial perspective? Thank you.

Yes, that's a great question. I think really where everybody is struggling right now is all their investments across multiple tools are generating tons and tons of risk signals, and we routinely see that if you take vulnerabilities as an example, less than 95% of those vulnerabilities are – or I would say like less than 5% of the vulnerabilities have some form of potential immediate attack vector. And so customers, as they are trying to figure out how they don't end up with 10 different consoles from 10 different solutions when they look at risk, what we're seeing is our ability to take the risk operation center idea of consolidating all assets from all tools, all findings, applying threat intelligence, providing contextual business perspective, adding dollar values to the potential loss that they could have, and then providing remediation plans as well as board reporting is what is sort of the journey of a risk operation center, and it starts with consolidation of assets. And for us, what we are seeing with ETM, we're able to walk into customers who today have multiple solutions and not necessarily start off with a conversation of replacing something that they have. And so I took some of the vendor names that we are currently pulling data from. And so we're able to say, look, if you have this particular VM solution, if you have this particular integration solution, if you have this particular identity solution, you can keep that. We can ingest the data from these tools and provide you a higher-level visibility of what your actual risk is that aligns with your dollar value risk from your business entities that you have, and then provide you reporting that you can take to the board and also to IT teams in terms of prioritizing what is the most important thing that they need to fix. And what we're finding is that this approach is helping them partner with the IT team to not spend time on fixing hundreds and thousands of issues that actually are not exploitable or not attackable right now. And so this is actually creating potential cost savings for the company in terms of not wasting developer and IT team time on fixing things that are not immediately actionable and then going back and focusing on the things that are immediately actionable. So from a customer journey perspective, they look at it as something that layers on top of what they have, so they don't need to work through a replacement plan, and they essentially pay an additional amount to Qualys for the cost-saving that they end up getting in terms of consolidation and not having to waste time on fixing things that are not important. And so they are able to walk in and make a case for additional budget for the Risk Operations Center because they see the savings that are coming out from the outcomes of the Risk Operations Center.

Got it. Thank you.

And the next question will come from Patrick Colville with Scotiabank. Your line is open.

Thank you guys for taking my question. I guess let me just ask one to Sumedh and Joo Mi. In your prepared remarks, there was a comment that macro at the end of the quarter was a challenge. Did that – I mean, were there any deals that pushed at the end of 1Q into 2Q or pulled? Or was that comment kind of in isolation and didn't have an impact on current billings?

Yes, there weren't any material deals that were pushed or pulled in the current quarter. That was more of the commentary around the fact that like, let's say, a customer that was set to renew in the quarter, we had anticipated a higher upsell rate potentially from that customer increasing their spend with us. We saw some pushback. And so that doesn't necessarily mean that it's a push. It's going to be closed in Q2. It's in the quarter impact I was calling out.

Okay. Crystal clear. And congrats on all these terrific announcements made by Qualys at the RSA conference. I want to actually touch on the announcement made by a competitor, best known for endpoint security. They GA'd the product expanding into network-based VM. I mean, would you mind just commenting on, I guess, are the cybersecurity players moving into network-based VM and how Qualys is defending against these guys? Thank you.

Yes, great question. And I think we're actually pretty happy to see that competitors are acknowledging that their current solutions, which are agent-only, are not enough to give customers a full view of what their overall attack surface from a vulnerability perspective is. And so while we haven't really seen that solution with any of our current customer engagements or prospect engagements, we've heard about it. To me, I think as I had mentioned earlier, and even going back four or five years ago, Qualys really has been talking about the evolution of vulnerability management and less about finding more vulnerabilities that you're not able to fix and more about focusing on the ones that actually matter to the risk and then actually helping them remediate. So our focus really has been about how do we help them prioritize and remediate the findings rather than just finding more findings which are not being fixed anyway. And to that extent we are taking data of those findings from the competitor and providing customers a higher-value capability around taking that information, which is just a big blob of findings that are hard to decipher, and adding the right context. With over 20 plus years of significant research that we have done in vulnerabilities and vulnerability exploitation, we are using that to provide additional value on top of that. And so I think it's really leading to the customer having the choice that they can either use Qualys or if the other solution is something that satisfies their need for that particular environment, we will still be able to take that data. We're already consuming data from competitors. So I think when the solution comes out, we will take a look at it and see how our customers feel about that. But having said that, we're not dependent on the customers leveraging Qualys scanner necessarily to find the vulnerabilities as we move forward with our focus on risk operations center and ETM.

Yes, that's very clear. And keep up the good work. Thank you so much.

And the next question comes from Kingsley Crane with Canaccord. Your line is open.

Hi, thanks for taking the question. I appreciated your comments on TotalAI. Curious how you would characterize the competitive market in AI/SBM? And then how do you think security budgets are going to play out with respect to that market? Do you think that they need to lag as we wait for more upstream adoption or are you already seeing some nice uptick? Thanks.

Great question. Right now, everybody seems more in the exploratory phase rather than obviously there are some very, very early adopters. But I think overall, we feel like a lot of customers are just trying to understand the risk vectors that are coming out from potentially AI. They are looking at what are the solutions out there. So I don't think this is more of a competitor thing as much as an educational phase that customers are going through as they're looking at various AI security solutions that are out there and trying to figure out where within the AI joining is the place that has the maximum risk from a business perspective that they need to mitigate. And so we have had some great conversations around TotalAI. We already have a couple of customers that are engaged with POC with us on TotalAI in terms of being able to focus on LLMs that they're going to put out. And now with our new announcement that they will – they will be able to run LLM scans within their development environment means that they can actually test these LLMs in pre-production before they go out. And the dynamic that is playing out right now is IT teams are ready to say, hey, here's a few LLMs we are ready to go to production with. They're asking the security team for a sign-off before they go, and the security team doesn't necessarily have a good knowledge or idea of what they can do from a sign-off perspective. And so with the Qualys TotalAI solution, it's like a point and shoot scanner, you point it at the LLM, it gives you a green, yellow, or red signal to say whether this LLM is good to go or not. So that's the dynamic in terms of people who are evaluating, looking at it and trying to figure out. I think the second dynamic is given that overall security budgets are not increased significantly even with the onset of AI, people are in the mode right now of trying to figure out what the potential loss that they could have from an AI security-related incident perspective and then using that this year to formulate their ask for budgets for next year. So while we will continue to see more interest and more adoption in terms of POCs this year and maybe a few customers signing out for a few more AI-related scans, I think this is a journey that is going to take a couple more years, where people really have to go and make the case for why they need additional budget for AI security and then the willingness of the business to give them additional versus asking them to adjust against existing budget that's been allocated to them. I think that remains to be seen.

Thanks, Sumedh. That's really helpful. And then for Joo Mi, a quarter ago, we were looking at EPS guidance that was down year-over-year, and now we've meaningfully raised it this quarter. I think the midpoint is roughly flat from last year. But can you speak to what went into the change over the past quarter? I think last quarter you had called out investments in data centers and aligning some product marketing to break into federal. Just kind of curious about any specific points that have changed? Thanks.

Yes. Last quarter, the guidance was informed by our annual planning. And so what we like to do is we'd like to set aside sufficient funds to be able to execute on the priorities that we had set at the beginning of the year. And as we move through the quarter, you see that our EBITDA margin came in at 47%, with our sales and marketing growing by 15%, which is a healthy growth in and of itself. But with that said, looking back at Q1 performance and achievements, and the initiatives that we have set for ourselves for the rest of the year, we felt that the growth right now we're expecting on the OpEx is more along the lines of 15% to 17%. What we've seen great success or traction in is in our ability to work very closely with our partners, which may not really translate to a significant increase in sales and marketing spend this year. And so that kind of speaks to why the margin contraction is not as significant as what we had anticipated at the beginning of the year.

And the next question comes from Rudy Kessinger with D.A. Davidson. Your line is open.

Hi, thanks for taking my questions. I saw the LTM 500K plus ACV customer count actually dropped by four versus Q4. One of your competitors had called out a record quarter of seven-figure deals. At the same time, I heard you guys call out, I believe, improved gross retention. So were there any large customer losses or any downfall that pushed customers below that threshold, or just any comment on that?

Hi, Rudy. There’s nothing unusual to mention. Our win rates have remained steady, and we’ve improved our gross retention. The metric you’re referring to is based on the last twelve months. Occasionally, in some quarters, we may see a slight decrease in some customers that is balanced by larger upsells to other customers, which might bring some of them below the 500K threshold. However, we’re pleased to see ongoing growth in this area year-over-year, and from our view, our focused efforts are yielding positive incremental improvements in our retention.

Got it. Okay. And then Joo Mi, for you, apologies, I joined the call a bit late. I just want to understand maybe some of the increased conservatism in the guide for the macro for the remainder of the year. I guess, are you now expecting the net retention rate to maybe come down a point or two versus kind of staying flat at the 103%? And what are you expecting on the new logo bookings standpoint for the rest of the year, I guess, versus prior guidance and versus last year?

There has been no significant change to our annual revenue guidance, Rudy. Currently, as we approach the end of the quarter, we've encountered some downward pressure and macroeconomic impacts. Despite the upsell rate being lower than our preference, this was more than compensated by an improved retention rate. Overall, we closed the quarter at 103%, and we anticipate maintaining this level throughout the year. We do foresee ongoing challenges in new bookings and their contribution to revenue growth, which leads us to project a revenue growth rate of 7% to 8% for the full year.

And the next question comes from Trevor Walsh with Citizens. Your line is open.

Great. Hi, team. Thanks for taking the questions. Sumedh, maybe for you, could you just walk us through how you're thinking about the MROC kind of rollout with partners and how you're gaining mind share with them when they've got a lot of different managed services that they are probably trying to bring to market? And then kind of with that, why just kind of the six to start? There's probably a lot of other players you go after out there to partner with. So is there kind of more to follow or how you're thinking about just onboarding of those? Thanks.

That's a great question. We're really excited about our partner-first strategy, which has been our focus for the last three years. You can see it reflected in our numbers and how the business is increasingly centering around partnerships. We wanted to create something truly valuable for our partners, rather than just making small adjustments for reselling purposes. Many of our partners currently provide managed services, primarily around Managed Detection and Response (MDR), but these services are becoming more standardized and price-sensitive as many companies are offering similar MDR solutions. MDR is generally focused on post-breach detection—it's about identifying threats in the environment and taking action based on data from various tools, which requires a different approach. When we engage with our partners, we find that they often lack robust managed services beyond simple point solutions, like scanning and patching services. This is why we introduced the concept of a Risk Operation Center; implementing this center utilizes our great platform, ETM, to consolidate findings. Customers also need assistance with risk quantification to understand the financial implications of their evolving risks. They require help with connectivity and active risk monitoring since they deal with millions of findings, and it’s essential to discern which of these actually affect their environments after Qualys prioritizes them. Thus, a risk monitoring service and a risk remediation service are essential. These are relatively new offerings that most Managed Security Service Providers (MSSPs) don't have. Our partners were eager to explore the launch of new services in the market rather than just adding another MDR, which is already overcrowded. Our approach is to collaborate closely with partners who are genuinely aligned with our vision and are willing to invest their resources into developing quantification services and providing a comprehensive service bundle. Currently, we are focusing on our initial six launch partners, with a few more discussions in progress. Their enthusiasm stems from the potential to enhance their service offerings and earn more revenue from Qualys ETM sales. We plan to continue working with selected strategic partners who are invested in this initiative, rather than just reselling our products off the shelf. This is a critical strategic move for us, and we are seeing positive interest from multiple partners around the world.

Awesome. That's great. I appreciate all the color there. Joo Mi, maybe just one quick follow-up for you, kind of along the same lines. I think last quarter you had mentioned some gross margin pressure as these partner programs are rolled out, but it looks like at least from just the results in this quarter that you were a little bit ahead of kind of where expectations generally were around gross margin. So was that just a function of maybe these partner programs still kind of basically still launching and so you're not seeing the kind of added gross margin requirements there? Or do you have kind of a new perspective on kind of where gross margin should track kind of heading into the rest of the year?

Yes, we had talked about the gross margin contraction, primarily due to the data center operations investments that we plan to continue to make throughout the year. So that really hasn't changed from the pressure on the partner side; I think that we've ever actually seen it. We don't expect it to be material. If you take a look at our revenue, it continued to tick up with 49% of our revenue coming from the channel side. And so from that perspective, unless there is any meaningful change to the pricing or incentive program, which we don't foresee for this year, we kind of see no impact on gross margin due to our partner initiatives.

The next question comes from Joshua Tilton with Wolfe Research. Your line is open.

Hi guys, thanks for taking my questions. I have two, and I also apologize if they've been addressed just jumping around on a few calls tonight. My first question is on billings. I think it's kind of been asked a few times, but I'm just going to be a little bit more direct. Was the billings growth that you saw in the quarter like in-line below or above your expectations for the quarter? And then going forward, how should we think about billings growth relative to revenue growth and specifically 2Q given the interest income from last year?

Yes. Current billings, because we don't manage to it, we don't really have the necessary expectations for the current quarter. But what we did comment on is, last quarter, we did expect current billings to be more or less in-line with the annual revenue growth rate guidance of 6% to 8%. So 7% current billings for the quarter wasn't a surprise to us. And I would say that even though we don't actively manage to it, if you were to look for a color for the annual current billings growth, it will be more or less the same as our prior guidance of 6% to 8%.

Super helpful. And maybe just one follow-up here. I think in response to a question about the bottom line beat, you talked about how your plans for the year talked about some potential investments that you guys are going to make to the year setting yourself cushioned for in case you can execute. I guess from your perspective, like what would it take to ignite growth on the direct side of the business to kind of trend towards or be more in-line with what you're seeing on the partner side?

I think for the direct side of the business, we are not expecting an acceleration on that side just because we are taking the partner-first approach for this year, whether it's from a new business perspective as well as an existing customer perspective. So what this year we're really focused on is making sure that we're building the channel partner team in-house as well as working closely with our top partners to come out with different programs and initiatives so that they can help us with lead generation as well as us discussing with them for our existing Qualys customers who are currently direct with us where it makes sense for them to go indirect, where the partners could add more value. And so for us, it's about the partner kind of driving growth versus trying to moderate the deceleration on the direct side.

And the next question comes from Shrenik Kothari with Baird. Your line is open.

Hi, congrats team. Thanks for squeezing me in. Again, I was running a bit late, so apologies. Sumedh, you disclosed the TotalCloud CNAPP kind of now 5% of bookings and a mid six-figure CNAPP deal in that seven-figure analyzed deal. So can you help break down the elements of that win? How are you differentiating, and what is arguably audit space with? And did the – I believe you said the audit readiness message, integrated risk, all that is serving as a key wedge? So just curious how this translating to wins, how fast overall the CNAPP is growing, and is it mostly greenfield? And then I had a quick follow-up.

Yes, we are still early days with the cloud solution. I think we're happy with having increased that 5% LTM as a percentage of our bookings; again, showing that our solution is at the level our investment in getting our sales force trained and our partners working with us is working even though it's early days. As you said, the market is crowded. I think customers have different requirements. It's not that every customer has the exact same requirements for cloud. And what we see is that there are times when customers prefer to take the program that they have built with Qualys in all these years. And also from the auditor perspective, just expand that into the cloud. In some cases, they might want to go with some other provider for some part of the cloud and still continue with Qualys on the workload side. So today, our approach really is we have a pretty mature solution now that is offering all kinds of different capabilities, including CSPM, including identity, cloud identity management. We have attack path in our toxic combination. So we're seeing those wins when we're going head-to-head depending on what that particular customer wants. In some cases, we see the customers adopting Qualys for one part of the environment and maybe somebody else for CSPM. I think the exciting thing for us is that with the ETM risk operation center solution, we have customers where they might be using a different cloud provider for part of their cloud estate, and we're actually now able to bring the data from that cloud provider in Qualys to give the customer a unified view of all of their different capabilities, whether it's on laptops, whether it's on their on-prem environments, whether it's on their cloud. They are able to see a unified view of the risk. And so for us, whenever it makes sense for the customer to leverage our cloud-native solution, we're working with them. In some cases, it's a partnership with other providers, and in some cases, they are using other providers. We're still able to look at production revenue from them because we're pulling the findings and data, adding meaningful context to the vulnerability and misconfiguration side of it. And to your point on the audit readiness, this is what we see as a big area of focus and spend for CISOs where part of it is on risk management, and the other part of the spend for budget for them is around audit readiness, ensuring that they don't fail audits, because that's fully within your control as an organization to make sure that you don't fail your audit by putting the right controls in place. So the audits are costly and whether it's cloud or whether it's on-prem and the amount of work that goes into manually collecting evidence and once the auditor is on board, then they go and ask you to find some data. So we're seeing the combination of Qualys not just about finding vulnerabilities, but also helping them put the findings in the bigger context of risk, but also in the context of audit readiness so that they can be completely prepared for audits is helping drive that focus on saying, well, maybe we should just leverage the Qualys plug-in for cloud security. But if it's not and they have something else, we're more than happy to take the data which we're already seeing in the current POC where we are taking data from other cloud providers already and giving the customer a single view.

Got it. Thanks a lot, Sumedh. Very helpful. And Joo Mi, just a quick follow-up to some of the previous line of questioning, and you have definitely add on to the longstanding margin discipline targeting, of course, low 40s EBITDA margins. Just as you're shifting your bookings overall towards high-value kind of modules CNAPP patch management, just curious like how are you deciding and also Sumedh, feel free to chime in as kind of how to deploy the incremental OpEx along the lines of kind of new sales leadership, kind of investments in TotalCloud which is, I think to accelerate that, just broader S&M and product. Just curious about how you're thinking about it?

The way we're thinking about it is at the beginning of the year, we do go through the number of initiatives, whether it's from a product development standpoint, the engineering effort, the investments that we have to make on the R&D side, as well as operations and data centers in addition to the sales and marketing, the go-to-market. It's basically based on what we think that we'll be able to achieve in the current year, what the goals we've set-up for ourselves, and then the risk-weighted adjusted targets, does that make sense? And then because of that, we have set us aside significant flexibility for us to execute on a number of initiatives we have the bandwidth to do it. Aside from that, we did take into consideration that if we were to onboard a new CRO, there will be some kind of reevaluation of some of the initiatives we want to make sure that we have enough funds available for us to make some of that that are appropriate for our business today.

And the next question comes from Yun Kim with Loop. Your line is now open.

Thank you. Hi, Sumedh. On your channel strategy around MSP partners, how long does it take for these MSP partners to ramp? And then also, are these MSP partners that you're initially focused on, are they targeting certain customer segments like primarily targeting SMB or mid-markets?

Yes, look, these are new services, right? This is not like MDR, but it's a well-known service. So as they are ramping up, they are also figuring out on operationally on their side, what are the investments that they need, and they are making those investments to make sure that they're able to work with the customers that need this kind of a view. So there is excitement around that. I think the time it takes, we're already engaged with a couple of partners who are part of these POCs who brought up these POCs. So we're seeing the excitement and we're seeing that engagement already. And I think the – what was the last part of the question? I forgot, sorry.

Just are these partners kind of focused on certain customer segments like are they primarily targeting SMB or mid-market?

Yes. I think the overall, I feel like the risk operation center solution would pretty much work for anybody who has more than three security solutions, which is pretty much everybody at this point. However, I think the number of findings and the amount of triage that they have to go through to figure out those findings, I think that is a lot more of high priority for the larger customers right now. So most of the POCs that we see engagement are of large enterprises that have multiple tools, multiple solutions and are really struggling to convince their IT teams to focus on fixing things, as well as they are struggling with showing ROI of large spend to their CFO and to their Board. And so that's kind of where we are seeing commercial target focus for these customers through their MSSP is the large customers that have a bunch of these large tools and a large number of assets.

Okay, great. Thanks for that. Hi, Joo Mi, if you can remind us how renewals are lined up for the rest of the year, do you expect the typical seasonal pattern like we saw over the last couple of years or do you see certain renewals kind of shifting between the first half and second half?

Yes, I would say assume the same seasonality as the prior year.

The next question comes from Rob Owens with Piper Sandler. Your line is open.

Yes, good afternoon. Thanks for taking my question. Just a quick one on geographic mix. And I guess more so from the standpoint, if I look over the last year, North America has been very soft for you guys, growing low-to-mid single digits, while internationally, you've actually put up some pretty reasonable results. Can you just parse your success internationally and why domestically it's been so difficult for you guys? Thanks.

As I said at the high level, international tends to be more partner-oriented business. As we are focusing more on working with our partners and channel partners and moving business with them, we're naturally seeing a bit more success where already it's a much more partner-oriented thing. I think we do see opportunities for continuing to improve our execution in North America with our partners. And so that's where part of the mROC services and aligning up with creating abilities for them to be able to provide more services around Qualys can be that sort of a catalyst that we are working with them to see if as we bring them – we bring our existing direct accounts in North America to them, how do we do a gift to get where they're able to bring us additional new business that we don't have today, in return for moving some of these customers to them. So those are the motions that we're going through right now, and we're looking-forward to executing on some of these and improving how we can get this business in North America as well.

And our next question comes from Oscar Saavedra with Morgan Stanley. Your line is open.

Hi, thank you for taking my question and congrats on a great quarter. Joo Mi, regarding partners, can you give us an update on performance in terms of the lead generation and pipeline generation, how has that been tracking against your internal expectations? And when we think about the guidance, to what extent is it assuming that that continues to improve or is it assuming still similar to what you're seeing in the current quarter? Thank you.

Yes, we've been satisfied with the progress that we've been making on the partner side. Relative to the direct business, we've seen like pipeline increase success in increasing the deal reg. In our guidance, what we're kind of assuming is not a meaningful improvement from what we see today. It's kind of stayed the course, given that we are expecting an increase in budget scrutiny given the macro. So we've adjusted, we've taken that into consideration when setting guidance. But with that said, we are very happy with the progress that we're making with partners. We kind of are hoping that once the macro improves, we will see meaningful improvements there.

There are no further questions at this time. This does conclude the Q&A session and today's conference call. Thank you for participating, and you may now disconnect.

Goodbye.