CyberArk Software Q3 2024 Earnings Call Transcript

There are 13 speakers on the call.

Operator

Thank you for standing by. My name is Jaylen, and I will be your conference operator today. At this time, I would like to welcome everyone to the Q3 2024 CyberArk Software Limited Earnings Conference Call. All lines have been placed on mute to prevent any background noise. After the speakers' remarks, there will be a question and answer session.

Operator

I would now like to turn the conference over to Sri Anantha, Vice President, Investor Relations. You may begin.

Speaker 1

Thank you, operator. Good morning. Thank you for joining us today to review CyberArk's strong Q3 2024 financial results. With me on the call today are Matt Cohen, our Chief Executive Officer Josh Siegel, our Chief Financial Officer and Erica Smith, our Deputy CFO. After prepared remarks, we will open up the call to a question and answer session.

Speaker 1

Before we begin, let me remind you that certain statements made on the call today may be considered forward looking statements, which reflect management's best judgment based on currently available information. I refer specifically to the discussion of your expectations and beliefs regarding our projected results of operations for the Q4 full year 2024 and beyond. I also refer to our expectations and beliefs regarding the integration of Venafi into our operations. Our actual results might differ materially from those projected in these forward looking statements. I direct your attention to the risk factors contained in the company's annual report on Form 20F filed with the U.

Speaker 1

S. Securities and Exchange Commission and those referenced in today's press release that are posted to CyberArk's website. CyberArk expressly disclaims any application or undertaking to release publicly any updates or revisions to any forward looking statements made herein. As a reminder, we closed the acquisition of Venafi on October 1, so the results we discuss today are CyberArk on a standalone basis. We do not have any financial contribution from Venafi in the 3rd quarter.

Speaker 1

Our guidance for the Q4 does include contributions from WannaPhi. Additionally, non GAAP financial measures will be discussed on this conference call. Reconciliations to the most directly comparable GAAP financial measures are also available in today's press release as well as in an updated investor presentation that outlines the financial discussion in today's call. A webcast of today's call is also available on our website in the IR section. With that, I would like to turn the call over to our CEO, Matt Cohen.

Speaker 2

Thanks, Shreed, and thanks, everyone, for joining the call today. We are very pleased to post strong Q3 results, outperforming our guidance across all metrics. Our results continue to demonstrate that our ability to secure every identity, human to machine, with the right level of privilege controls is resonating with customers. This is a key motivator for customers to consolidate spend across the full breadth of our identity security platform and create even more strategic relationships with CyberArk, which in turn is driving our ARR growth. A few financial highlights from the quarter.

Speaker 2

Subscription ARR was $735,000,000 growing 46% year over year. Net new subscription ARR was $59,000,000 That's a record outside of our seasonally strong 4th quarter. Total ARR was $926,000,000 growing 31% year over year. And we outperformed our guidance metrics across every variable. We delivered a record total revenue of $240,100,000 growing 26% year over year.

Speaker 2

Non GAAP operating income came in at $35,400,000 or 15% margin. That's up from a 9% margin in the year ago period, highlighting the operating leverage in our business model as we come out of the subscription transition. And we are pleased to report $51,600,000 in free cash flow or a 21% free cash flow margin for the quarter. Our results are driven by 3 main factors. First, the mission critical nature of our solutions.

Speaker 2

In a world where more than 90% of organizations are victims of an identity related cyber attack, customers recognize that merely managing identities is not enough. Identities, both human and machines, are the predominant threat vectors in today's attacks and the traditional way of securing identities in siloed, often commoditized point solutions is no longer sufficient. 2nd, the power of our platform. We offer the only integrated platform that can help enterprises discover with context, secure with intelligent privilege controls and automate the lifecycle across all identities from workforce to IT to developers and machines. We further strengthened our ability to deliver on this vision with the closing of the acquisition of Venafi on October 1.

Speaker 2

And third, the strength of our execution. To us, execution means working hand in hand with our customers to ensure their businesses can move forward and take full advantage of a digital world without fear by delivering measurable risk reduction in every program. Our relentless focus on ensuring customers realize transformative value from our solutions and platform is the foundation of our excellence in execution. We are benefiting from the market shift to consolidation of trust, as you can see in the success we are having selling our platform. In the Q3, we continue to see momentum build in full platform deals.

Speaker 2

In one example, a leading healthcare company was driven by a desire to consolidate human and machine identities with 1 vendor. They replaced a competing secrets vendor and landed with CyberArk Everywhere across 4 of our solutions. This customer will leverage CyberArk's capabilities across SSO, MFA, PAM, endpoint privilege and secrets management by protecting IT users, workforce endpoints and machine identities from the get go. Independently, this customer also closed a deal with Venafi at the end of Q3. While the Venafi team closed with them on their own, we are confident this deal is a strong indication of the top line synergies we can achieve as a combined company.

Speaker 2

As customers look to modernize their approach to securing IT, they are expanding their PAM programs with our enterprise IT solution. This solution provides a unique way to protect a broad set of users, including IT administrators, shadow IT, database and cloud administrators. While the need for traditional PAM use cases of vaulting shared accounts, password rotation and session management as foundational layers of security remains, Today's PAM programs are so much more. Enterprise are looking for a quicker adoption and faster time to value. They need secure access to modern databases, workloads and cloud services.

Speaker 2

This needs to be done with a just in time and 0 standing privilege approach without inhibiting the user's workflow, combining for a healthy marriage of security and productivity. What makes CyberArk truly powerful? We deliver all of these comprehensive capabilities from one single seat, integrated into our platform and fully enabled with built in core AI and threat detection and response. The modern PAM program powered by CyberArk delivered through our IT solution is setting the new standard in the industry. This is helping to win new logos and we added nearly 230 in the 3rd quarter.

Speaker 2

In addition, it's driving our expansion with existing customers as they protect more users across more use cases. Our innovation and leadership position was once again recognized by industry analysts in the quarter. We were pleased to be named a leader in the 2024 Gartner Magic Quadrant for Privileged Access Management, positioned as the leader for the 6th consecutive time and furthest in completeness of vision. We were also recognized as an overall leader in the 2024 Leadership Compass on Privileged Access Management by KuppingerCole, scoring highest in all three categories of product, innovation and market leadership. Modern PAM though goes beyond just securing IT users.

Speaker 2

The concept of 0 standing privilege to access modern cloud infrastructure and cloud environments is the key to securing the most privileged human identity group in the enterprise, the developer. Often left unattended with always on access, developer identities dramatically increase risk and expand the attack surface. By offering 0 standing privilege, CyberArk Secure Cloud Access is a game changer for securing this high risk population. With native workflows and access and automated life cycles and controls, our solution for securing developers offers the best of TAM without needing a behavior change. More importantly, with our solution, security is not an impediment to innovation.

Speaker 2

It is an enabler of the innovation machine within organizations. In the Q3, a leading European bank who is a long time CyberArk customer and has worked with us closely to protect privileged access for the IT and extended IT teams over many years, now decided to tackle the high risk developer population. We were excited to see the customer expand into this new identity group, buying our enterprise solution in a 7 figure ACV deal. In the untamed world of cloud security and developer access, where developers often have always on and over privileged entitlements, it is critical we approach security as a team sport. We were thrilled to announce our strategic partnership with Wiz, unifying the capabilities of our identity security platform with Wiz's cloud security platform to help enhance customers as they tackle their multi cloud security posture.

Speaker 2

Wiz's best in class visibility over risky and misconfigured cloud access and CyberArk's control over privilege with CRO standing privilege approach can measurably reduce the risk of unauthorized access, all without impacting the speed and scale of cloud development. Our customers are excited about this partnership and the immediate benefit it can have in getting control of their cloud environments and developer access points. Moving on to securing the workforce. We had another strong quarter with our workforce solutions, which crossed the threshold of $100,000,000 in AR this quarter. Workforce identity is transforming from an efficiency tool where SSO and MFA were considered enough to one where every employee needs the right level of privilege controls throughout their workday, from the moment they sit down at their endpoint.

Speaker 2

As a result, there is a substantial and growing cohort of both CIOs and CISOs that not only understand but prioritize security first across all their workforce identities. Our workforce solutions implement least privilege on managed and unmanaged devices, secure and streamline the browsing experience, substantiate more secure SSO with intelligent privilege controls and even integrate the ability to protect everyday workforce users' passwords with the security of the CyberArk Vault. Our solutions enable a passwordless workflow, seamlessly authenticating into the environment and reimagines the way enterprise secure their entire workforce. This is evidenced by a leading SaaS company who landed with a substantial 6 figure workforce deal. As the de facto protection against ransomware, our solution was the tip of the spear and a great showcase of the multiple landing spots of our platform.

Speaker 2

Before I move on to Venafi and our machine identity security vision, I wanted to just highlight another very strong quarter of growth for secrets management. We have never been in a better competitive position. The value of secrets management at enterprise scale is resonating and the combination of ConjurCloud and SecretsHub means SaaS is leading the way. I want to share a deal with a leading U. S.

Speaker 2

Energy company who recognized the value of secrets and machine identities with CyberArk. Expanding with a mid 6 figure ACV deal this quarter, they are protecting more of their IT users and tackling secrets and machines for the first time with ConjurCloud and Secrets Hub. We are thrilled to have closed the acquisition of Venafi on October 1. I want to take this opportunity to formally welcome the tremendous Venafi team to CyberArk. From the onset of our discussions with Venafi, it was clear that this acquisition was more than just a strategic fit.

Speaker 2

It was a powerful convergence of vision, technology and culture. The past months have only reinforced our belief that joining forces will reshape the landscape of machine identity security. The feedback from customers and partners further rose our confidence in the tremendous value Venafi will bring to our platform. In explaining the machine identity security landscape and the problems we have to solve as an industry, I often use the 3 Versus volume, variety and velocity. Starting with volume, the sheer number of machines, whether they are devices or workloads is exploding.

Speaker 2

We have talked about the ratio of 45 machine identities for every human identity in a constantly accelerating world that is only increasing its reliance on cloud native applications and workloads, IoT devices and AI agents, this ratio will soon be obsolete. With a rapidly growing volume, the ability to discover, secure and manage machines with an automated lifecycle is critical to keeping this new world secure. Onto variety. Variety refers to not just the various machine types I mentioned, but also the variety in the forms of identity, from certificates to secrets to keys to tokens. There's a large variety of identity types, adding a level of complexity not seen on the human side of identity.

Speaker 2

Managing this complexity requires an integrated solution. Organizations cannot get away with silo tools or manual processes anymore. Customers have a clear and urgent need to simplify, reduce complexity and bring in an enterprise grade solution to bear across the diverse landscape of machine and machine identity types. And finally, velocity. Machines themselves are no longer static devices and applications.

Speaker 2

They are constantly changing and in some cases, like with ephemeral workloads, they exist only for a brief period of time and then disappear. When you put together the pace of change of these identities and the shorter lifespan, all of a sudden the velocity of issuance and management of these identities has also exploded. The combination of CyberArk Secrets Management offerings with Venafi's machine identity management offerings will provide organizations with a centralized solution to manage and protect all machine identity types. By automating and securing these identities, we'll help prevent misuse and compromise, ultimately reducing risk and enhancing operational efficiency. With the Venafi acquisition closed, I want to highlight our top priorities over the coming months.

Speaker 2

First, we will unleash our go to market organization around the world to tap into the more than 8,500 CyberArk customers who are not Venafi customers yet. 2nd, we will rapidly integrate our secrets management capabilities and Venafi's capabilities into a streamlined machine identity solution. And third, we will work with our partner ecosystem to get them both certified on Venafi and ready to hit the ground running as they go after the 10,000,000,000 addressable market. In summary, I want to leave you with the following takeaways. Identity security is a clear and present need for CISOs and our solution selling has further aligned how we sell to how the customer wants to buy and this is resonating with customers.

Speaker 2

Our vision is to deliver the right level of privileged controls to every identity, human and machine, is expanding our competitive moat and leadership position in identity security. With Venafi, we're setting a new standard for end to end machine identity security. And finally, our strong execution and unique platform, we are well positioned to deliver a stellar next phase of durable, profitable growth and take CyberArk to the next level. Before I turn the call over to Josh, I'm sure you've seen the CFO transition we announced this morning. Josh will see us through the year end and will be stepping down from his CFO role in January as part of a planned succession.

Speaker 2

We are grateful he has agreed to stay on in an advisory role through 2025 to ensure a smooth transition. I want to take a moment to acknowledge Josh's countless contributions to CyberArk for more than 13 years. Josh is an amazing leader. In his time at CyberArk, he guided the finance organization from less than $40,000,000 in revenue in 2011 when he joined through our IPO, the transition from a perpetual to subscription model and turned finance into a force multiplier, enabling the scale and results you've seen us deliver. We have scaled the company and stayed true to our values of delivering strong growth and profitability.

Speaker 2

He has been my trusted partner since I joined the company and his contributions are immeasurable. I'm also though delighted to announce that Erica Smith will be our new CFO effective January 1, 2025. Erica has been a core member of our finance leadership team and has worked closely with me on the subscription transition and our long term strategy. She is a trusted partner to the Board and our executive leadership team, and I couldn't think of anyone better suited to be our next CFO. So Erica, congratulations on your new role.

Speaker 2

With that, I want to hand it over to Josh.

Speaker 3

Thank you, Matt, for those kind words. I'm indeed proud to have been part of this amazing CyberArk journey, and I'm grateful to you, our executive team and the Board of Directors for many years of partnership. I'm extremely pleased that Erica will assume the role of CFO starting January 1. I've worked closely with Erica for more than 9 years. She has been a core member of our finance leadership team holding broad responsibilities in the finance organization and include Investor Relations, FP and A, Treasury, ESG and now the Venafi Finance team.

Speaker 3

It is critical for all of us to have a smooth transition, continuity of leadership and someone who knows how and will execute, so we continue to march forward and scale. Erica is a strong leader and has a deep understanding of our business. She is a great addition to the executive team and given her performance and focus on scale, I am extremely confident that as CFO, she will help ensure CyberArk is positioned to execute on its long term strategy. With that, I'm going to hand it over to Erica for just a few words from her and then I'll return to speak about the quarter. Erica?

Speaker 4

Thanks, Josh. It is an honor to be named the next CFO of CyberArk. I am grateful for the trust you, Matt and the leadership team as well as the Board is placing in me. As Matt said, Josh has played a critical role in setting the company's culture of operational excellence that has supported our strong growth and focus on profitability. He has been my mentor and I am grateful for all of his guidance and support over the years.

Speaker 4

I am also looking forward to working closely with him as we move into 2025. Thank you, Josh, for staying on as an advisor to support the transition. I am also excited to work closely with such a talented and dedicated group of finance professionals in our corporate headquarters in Israel as well as our offices in Asia, Europe and the U. S. Continuity of our operating rhythm and execution will be a key focus as I move into my new role.

Speaker 4

I'm committed to building on our strong foundation as CyberArk looks to scale well beyond $1,000,000,000 in ARR. With that, I'll hand it back to Josh to discuss our results in more detail. Josh?

Speaker 3

Thanks, Erica. And now on to the quarter results. The Q3 was another strong quarter, beating guidance across all metrics. We reported solid net new ARR, strong top line growth and substantial improvement in operating and free cash flow margins. Our execution is a testament to our platform differentiation, the growing criticality of identity security and our ability to capitalize on these secular trends.

Speaker 3

Before I provide more details on the quarter, I want to remind everyone that while we are very excited to have closed the acquisition of Venafi on the 1st October, it did not contribute to our Q3 results. All numbers I'm about to discuss other than the guidance are on a stand alone basis. Moving into the results. Total revenue grew 26% year on year, reaching $240,100,000 and exceeding the top end of our guidance range. Annual recurring revenue reached $926,000,000 that's growing 31% year on year.

Speaker 3

We added $58,000,000 in total net new ARR from $52,000,000 in the Q3 last year. As expected, the SaaS share of our bookings increased compared to the Q3 in the year ago period and made up more than 2 thirds of subscription bookings. Subscription ARR grew 46% year on year to $735,000,000 and is now 79% of our total ARR. We also added $59,000,000 in a net new subscription ARR, an 11% increase from the $53,000,000 in the Q3 last year and that sets a new record for any non Q4 quarter. Our maintenance annual recurring revenue was $191,000,000 a decrease year on year consistent with our move away from perpetual licenses and like for like conversion activity still remains a single digit percent of our year on year ARR growth.

Speaker 3

Our platform selling motion continues to drive land and expand as customers move to secure more users and more personas with CyberArk. In the Q3, we signed nearly 230 new logos and with our expansion engine, we also had a healthy mix of upsell and cross sell into new solutions. In the Q3, the cohort of customers was more than $100,000 and ARR grew to over 2,000 customers. The cohort with ARR of more than $500,000 is now over 375 customers and that's growing nearly 40% year on year. Now moving to the revenue lines.

Speaker 3

For the Q3, recurring revenue reached $224,200,000 growing 29% year on year and accounting for 93% of total revenue. Subscription revenue was $175,600,000 growing 43% year on year and representing 73% of total revenue. Maintenance and services revenue was $61,600,000 and of that recurring maintenance revenue was $48,600,000 compared to $51,500,000 in the year ago period, and that's reflecting the year on year decreases in our maintenance ARR balance. From a geographic perspective, all regions continued to show healthy growth. Americas grew by 26% to $141,800,000 EMEA revenue was $73,100,000 that's up 22% year on year and APJ revenue was $25,100,000 growing 34% year on year.

Speaker 3

All P and L line items will now be discussed on a non GAAP basis. Please see the full GAAP to non GAAP reconciliation in the tables of our press release. 3rd quarter gross our press release. 3rd quarter gross profit was $200,300,000 or

Speaker 5

83.4 percent gross margin

Speaker 3

compared to 82.7% in the Q3 last year. In the Q3, our operating income was $35,400,000 or 14.7 percent operating margin. That's well ahead of our guidance and a significant increase from an operating income of $16,900,000 or the 8.8% operating margin in the Q3 last year. The outperformance was driven in part by the revenue upside as well as certain program expenses moving into the Q4. Net income, it came in at $45,100,000 or $0.94 per diluted share, also significantly outperforming our guidance and more than doubling from the EPS of $0.42 in the year ago period.

Speaker 3

We ended September with 3,300 employees worldwide, including 1400 in sales and marketing. We are pleased to deliver another strong quarter of free cash flow with $51,600,000 in the 3rd quarter or a margin of 21%, and that's compared to $13,600,000 the Q3 of last year or a margin of 7%. We ended the 3rd quarter with approximately $1,500,000,000 in cash and marketable securities. As a reminder, our cash balance at the end of the 3rd quarter does not reflect the $1,000,000,000 cash portion of the consideration paid for the Venafi acquisition on October 1. I want to touch on the upcoming settlement of our convertible senior notes maturing on November 15.

Speaker 3

We plan to settle these convertible notes with shares as we outlined in our 6 ks filing with the SEC back in March. The approximately 3,700,000 shares associated with the convert have been included in our fully diluted share count as applicable already since the Q4 of 2022. Further, we expect the cap call associated with the convertible notes to result in cash proceeds of approximately $260,000,000 We will receive those proceeds at the maturity of the convertible notes. As you can see, we continue to have a strong balance sheet that supports our growth strategy. So now turning to our guidance.

Speaker 3

For the Q4 of 2024, we expect total revenue of $297,000,000 to $303,000,000 which represents 34% year on year growth at the midpoint and that includes approximately $41,000,000 from Venafi. We expect non GAAP operating income in the range of $43,500,000 to $48,500,000 for the Q4 and that includes a contribution of approximately $11,000,000 from Venafi. We expect our non GAAP EPS to be in the range of $0.65 to $0.75 per diluted share, and our guidance assumes 51,200,000 weighted average diluted shares. Our guidance also assumes about $16,700,000 in taxes. Looking at the full year 2024, we expect total revenue in the range of $983,000,000 to $989,000,000 representing 31% year on year at the midpoint.

Speaker 3

We expect our full year operating income to be in the range of $135,000,000 to $140,000,000 And as a reminder, our full year guidance also includes $41,000,000 contribution to revenue and $11,000,000 to non GAAP operating income from Venafi's 4th quarter that I just said earlier. We expect our non GAAP EPS to be between $2.85 $2.96 per diluted share. We expect about 49,000,000 weighted average diluted shares and about $52,200,000 in taxes for the full year 2024. We expect our annual recurring revenue to be in the range of $1,153,000,000 $1,163,000,000 at December 31, 2024. That includes an expected contribution of approximately $164,000,000 from Venafi at the year end.

Speaker 3

For the combined company, our guidance represents about a 50% year on year growth at the midpoint. I would remind investors that as a result of the largest cohort of customers coming up for renewal in the Q4, we do typically see the largest sequential decrease to our maintenance ARR also in the Q4. We are significantly increasing our cash flow guidance, our free cash flow guidance for the full year 2024 to a range of $203,000,000 to $213,000,000 and that represents 21% free cash flow margin at the midpoint. That includes $8,000,000 contribution from Venafi. To sum up, we are pleased to report another strong quarter and are thrilled to welcome the Venafi team to CyberArk.

Speaker 3

While the guidance I just provided includes the contribution from Venafi, it is important to note that even on a standalone basis, we are increasing our guidance for the year across all metrics. We are well ahead of the playbook we outlined at our Investor Day in 2023, which speaks to how we have expanded our leadership position and delivered consistently strong execution. With 31% ARR growth, 26% revenue growth, 15% non GAAP operating margin and 21% free cash flow margin in the 3rd quarter, we're in an elite group of enterprise software companies that are operating above the Rule of 40 benchmark. Before I hand it over for the QA portion of the call, want to take this opportunity to express my gratitude to all those at CyberArk and also a special note of gratitude to our Founder and Executive Chair, Houdini Mochadi, whose friendship and mentorship I treasure greatly. I also want to thank our investors and the broader investor community for their support and I'm very excited about the future of CyberArk and believe we are in a position of strength to continue to deliver strong results going forward.

Speaker 3

With that, I'm now going to turn the call over to the operator for Q and A. Operator?

Operator

Thank you. The floor is now open for questions. Your first question comes from the line of Saket Kalia of Barclays. Your line is open.

Speaker 6

Okay, great. Hey, guys. Good morning and thanks for taking my questions here. Josh, let me just start by saying, I tip my cap to you, man, on just a heck of a run. And Erica, congrats as well.

Speaker 6

It's just great to see the continuity and what seems like a very smooth transition.

Speaker 3

Thank you, Saket.

Speaker 4

Thanks Saket. Appreciate it.

Speaker 6

Absolutely. Matt, maybe on to the business and what was a very strong quarter, maybe for you. You called out the power of the platform in your prepared remarks, then you mentioned some examples of customers that consolidated their identity solutions to CyberArk. Can you just maybe talk about that trend as we look forward? And is there anything that you're doing at CyberArk to drive that motion within the sales team of a more consolidated type of sale, if that makes sense?

Speaker 2

It does, Saket. Thanks for the question. I think what we see out there at the highest level is that customers are having, for lack of a better phrase, an identity crisis, right, as they try to figure out what are they going to do with the threat landscape that they face. And they're trying to figure out who they can trust in that threat landscape to actually provide security across all the types of identities that they need to secure. And increasingly the conversations with us in the CSOs and the C suite, CIOs kind of across the board is the conversation is not specific to platform to begin with.

Speaker 2

It's specific to the idea of you have the spectrum of identities, you need security across all of them, only CyberArk can do that for you, do that across human and machine, do it across the workforce and IT and developers. And so we get engaged in that type of conversation and then we use our solution selling approach to make sure that we can provide a quick on ramp and a quick time to value against whatever identity groups are top of mind or top priority. Then we bring in the platform selling approach to future proof them, to tell them, listen, you can get started with 1 identity group, you can get started with multiple, we will be there for you on an extensible platform that can bring you to value when you're ready. So we're not pushing it from that perspective. What's happening in the market is that customers more and more are recognizing they want to go faster, they want to go deeper.

Speaker 2

And so if they're security minded and you heard me call that out, the security minded buyer, they're sitting there and saying, why not go faster with CyberArk since they have the platform, since we need to tackle this identity security problem, since my board, my rest of the executive team are asking me about this. And so it becomes a very organic sales process of conversation and as I like to point out, trust in the CyberArk relationship. Makes

Speaker 6

a ton of sense. Josh and Erica, maybe for my follow-up for you folks, really appreciate the detail on Venafi. Understanding it's early, how do you sort of think about the growth profile for Venafi relative to CyberArk's organic growth in terms of ARR? And as part of that, do you expect any changes in the makeup of Venafi's ARR as

Speaker 7

you go into next year?

Speaker 3

Yes. Thanks, Saket. We absolutely see Venafi's portion really contributing well and at CyberArk's a higher growth rate on ARR. We're confident about that. And one of the things that we'll also see is really a lot of movement towards their bookings going towards SaaS.

Speaker 3

And we can easily see next year where the majority of the SaaS where the majority of the bookings will be in SaaS. And that's a change compared to their history where they've been traditionally more on prem until this last year where they've started to ratchet that up.

Operator

Yes. So I

Speaker 2

think I'll just jump in. I think when we think about Venafi, it's a growth play for us. We just see this broad landscape of kind of unprotected machine identities. And I think as Josh said, we believe in our hands, we've said it since day 1 and we've become even more confident in that, that Venafi will grow at or above the CyberArk growth rates once we are fully able to roll it out across the sales team.

Speaker 8

Very helpful. Thanks guys.

Operator

Thank you. Your next question comes from the line of Hamzah Fodderwala of Morgan Stanley. Your line is open.

Speaker 5

Great. Thank you for taking my question. First off, congrats, Erica, and congrats to Josh on a great run, not only for your contributions to CyberArk, but also to the broader cyber and Israeli startup community? I know you've been a mentor to many CFOs and including a few CEOs. So thank you for all your contribution.

Speaker 3

Thank you, Hamzah, for those words. It really means a lot. Thank you. Yes.

Speaker 4

And thank you for the well wishes, Hamzah. I appreciate it.

Speaker 5

I wanted to ask that question for Matt. So a lot of CISOs we talk to are talking more and more about machine identity. I wanted to just maybe drill into a little bit what that looks like. So you talked about a deal, I think, where you were able to cross sell your machine identity capability with Venafi. What does that look like?

Speaker 5

I mean, are you your core product is obviously priced on a fee basis. Was this the upsell based on the number of certificates? Was it other type of machines? And what could the deal multiplier be if Venafi is included with CyberArk?

Speaker 2

Yes, sure. So I think the foundational answer is the human side of the identity business is based upon humans. So the number of seats on the machine side, it's generally based upon what you're securing. So for our secrets business, especially our SaaS based ConjurCloud and Secret Hub, we're generally basing it upon applications because you're building in the credential management for applications as part of the secret security process. So on the machine side, on the secrets, it's going to be applications.

Speaker 2

On the machine side of Venafi or certificate lifecycle management, it's going to be based upon certificates. We call those instances. The reason we call it instances is actually each certificate can actually be stored in or be leveraged across multiple machines. And we actually charge for each instance of that certificate. So you're going to see those differences across the board when we kind of bundle it together.

Speaker 2

We're looking at ways to make it easy for the customer to buy, especially between the secrets obviously and the certificate side. I think when you think about what potential there are here, you've heard us talk for a while that the secrets business alone can be a multiple of, for example, the PAM business that you've heard us talk about. We've talked about it actually being a fully deployed secrets deployment is 1.5 times the deployed PAM deployment. I think on the certificate side, we see even bigger multiple opportunity where it could be 2x. It's a little bit bigger than even the secret side.

Speaker 2

So when you start to look at the deal size and really once deployed footprint that can happen on the machine identity side, when you combine Secrets with certificates, those are bigger deals and ultimately can be a nice high growth business for us.

Speaker 7

Thank you.

Operator

Your next question comes from the line of Matt Hedberg of RBC Capital Markets. Your line is open.

Speaker 8

Great. Thanks for taking my questions guys and all for my congrats as well

Speaker 7

to both Josh and Erica.

Speaker 8

I wanted to ask a little bit about your workforce business. It's impressive to see it past the $100,000,000 ARR mark this quarter. I'm wondering if you could provide a little bit more context about how quickly that's actually growing in the basin and maybe what percentage of the base is actually leveraging workforce?

Speaker 2

Sure, Matt, and welcome to the call. When we look at workforce, let's just start again with the kind of the strategic ability to be able to go win. Where we're winning is with CSOs, CIOs that have a security minded way of buying. Some people still buy workforce SSO MFA as an efficiency tool. And in that case, Microsoft or other providers out there are a perfectly good solution to provide kind of what we consider commoditized SSO MFA.

Speaker 2

Our solution is based upon the idea that actually that's not enough. It's not enough in this threat environment, in this threat landscape. And we need to use MFA SSO as kind of base level controls where we wrap around it intelligent privilege controls, vaulting of personal passwords, a more secure browsing and actually a really tight tie in to least privilege at the endpoint in our EPM product. And so that becomes the foundation of how we compete, how we differentiate out there. As you mentioned, we're pretty proud to see that business kind of cross the $100,000,000 ARR threshold, kind of in line with where we actually expected it to be when we actually acquired Adaptive several years ago.

Speaker 2

And what we see there is that it's a business that's growing really strongly faster than our core for sure, and increasingly becoming a part of more and more deals. Now you asked the question around our penetration rate. I would tell you the penetration rate is still pretty low. We've got over 9,000 customers now and I think we're talking about a little around 1,000 or so that are using our workforce solutions. And I think that's the opportunity we still have here is to sell into that base, really bring them onto the platform as you heard me talk about on Saket's question a little bit earlier and expand the number of identities that our platform is securing as a whole.

Speaker 2

It's an exciting opportunity for us and I do want to just call out the tie in between the workforce business, the traditional SSO MFA and our kind of advanced controls and the EPM business, which is securing the endpoint of that workforce user. Because when you combine those two businesses together, you start to see a really meaningful portion of our ARR coming from securing the workforce population as a whole.

Speaker 8

Thanks, Matt. Great comprehensive answer. And then maybe just a quick housekeeping one for Josh or Erica. It looks like Venafi is contributing about $160,000,000 of ARR to the full year. I'm curious, how quickly was Venafi ARR growing, exiting kind of the Q3 quarter?

Speaker 8

And do you have a rough estimate of

Speaker 9

what that SaaS mix was in Q3?

Speaker 4

So yes, they were growing at about the 10% mark, if you think about it in the double digits. And then the SaaS mix was actually roughly 10% of their overall base. A little it's ratcheted up in the last few quarters, to closer to 12% right now, but it's right in that range.

Speaker 2

And it's something we see, which is really interesting. We've talked about even in our core business, which is just dramatic shift to SaaS as the leading motion our sales team is most comfortable with. So while they sat at 10% of ARR and a small percentage of their overall new bookings earlier in the year, Even when we look into the pipeline for Q4, we see as Josh said, it's starting to become more of the majority of the pipeline is SaaS led for them. And as you've seen with us, it just continues to grow each quarter, the amount of our pipe on our execution that's tied to our SaaS portfolio.

Speaker 6

Thanks guys. Best of luck.

Operator

Your next question comes from the line of Brian Essex of JPMorgan. Your line is open.

Speaker 10

Good morning and thank you for taking the question. First of all, Josh, congratulations to you. What a great track record you've built. And Erica, congratulations to you as well. It's great to see.

Speaker 3

Thanks, Brian.

Speaker 9

Maybe this of

Speaker 10

course, maybe for Matt, I know you talked about in your prepared remarks, the ability to unleash your go to market motion on over 8,500 non Venafi customers now within your installed base. Can you just talk a little bit about what needs to be done within your direct sales force? And then what you're doing within the channel? And perhaps how long that will take to have an effect on the trajectory of Venafi's growth rate?

Speaker 2

Sure. Yes, great question. We started training our sales team the minute we could. And in fact, we've gone out and really gotten them ready to have the conversation post close date. And so we are already seeing pipeline being built here in Q4 for next year that our sales team is able to contribute hand in hand with the Venafi team.

Speaker 2

So we feel ready to go. I think at some level we were itching to go and we wanted to get through obviously the regulatory approval so that we could get started. And we really can't wait, to start to, as I said and then you repeated, unleash that sales team to be able to go push this product. It is a really easy conversation. And what I mean by that is, it's the CSO who's sponsoring the conversation.

Speaker 2

It's the same buyer. We know the parties involved. And ultimately, it becomes part of our talk track pretty easily, pretty quickly. And we haven't seen a need to kind of bring in specialists in every conversation. I think the partner one side of the fence is probably what surprised us the most to the upside.

Speaker 2

I think when we first announced it, we said we were, I think, down at the event and we had our partners in the other room and we said they were so excited. And sometimes that can fade. What we found is the exact opposite. We actually were at standing room only in classes and certifications that we were doing for partners around the world throughout the last quarter. We've had to actually add in more and more training classes for our partners.

Speaker 2

We're kind of racing to kind of have first mover advantage to be able to bring Venafi into the market. So I think we've seen even more of an uptake in the partner community than I would have expected to be honest. And I think it speaks to the need to solve the problems of the machine identity security story. Now I will say that it's a similar sales cycle to the CyberArk sales cycle. So we've always talked about a 3, 4 quarter sales cycle and sometimes we do better and it's 2 quarters or so.

Speaker 2

So I think we will see the impact of all this enablement and certification happen as we get into next year and into the back half of the year especially. But it's why we're so confident in our ability to say we're going to grow this at or better than the CyberArk overall growth rate is because we see these conversations really taking off.

Speaker 10

Got it. That's super helpful. Maybe one quick housekeeping question if I could for Josh or Erica. Is there any deferred revenue write down that we have to consider as we tune our models and we add identify into the equation?

Speaker 3

No, there's none that nothing material on that stuff.

Speaker 10

Fantastic. Thank you so much.

Speaker 5

Great.

Operator

Your next question comes from the line of Jonathan Ho of William Blair. Your line is open.

Speaker 11

Hi, good morning. And let me echo my congratulations to Josh and Erica as well. It has been fantastic to work with you, Josh. Just in terms of Venafi, can you talk a little bit about the opportunity to expand the awareness of the machine identity problem? And across your base as you engage with customers, can you give us a sense of where they are in terms of understanding the challenges as well?

Speaker 2

Sure, Jonathan. And I think it's I'll use a couple of examples maybe to help here just in terms of the ability for us to scale, right. We've talked before about more than 10x sales reps and our ability to be able to bring it into the base and educate through a sales driven process. But we've also been able to really attack it already from a marketing event based process from a partner landscape as I was talking about. They did an event prior to close here in Boston called the Machine Identity Security Summit.

Speaker 2

And there were a couple of 100 people there. I think it was about 200 people and it was a great message. We then took the content, combined it in with our impact on the road world tour, did an event out in San Jose. We had well over 300 people there at the event. We had well over 1,000 people register for the event online and you start to see the scale take off in just amplifying the message out into the base.

Speaker 2

We've obviously gone out and pushed our partners around in this enablement and in this training also can they turn on their marketing engine around this problem of machine identity. And they've been rallying around our secret story over the last couple of quarters. And I think this just becomes a nice extension of what they've already been doing. So I think you're going to see that the education process, the awareness process has really started to kick into full gear. Our marketing team has a great plan of attack for how they're going to continue pushing it going forward.

Speaker 2

And I think when you talk with the customer base and I've done 40 or so calls in the very near recent couple of weeks, they all understand that they've got to get their arms around this machine identity problem or they're going to get themselves in a lot of trouble. This Google mandate, for example, that brought down certificate lifespans from 100 of days to a mandate of 90 days. Apple came out with a mandate of 45 days. Those things are driving actually a good degree of uncertainty down into the enterprise on what are they going to do if they're managing certificates, keys in a manual process. And so I really feel strongly that we are at a cusp of where the customer understands it, our marketing engine is going to kick in and ultimately, this is an area where the customers are going to start pulling as much as we're pushing.

Speaker 11

Excellent. And just in terms of a quick follow-up, can you give us a sense of what drove the strong margin outperformance this quarter? It's just exceptional in terms of the profitability. Thank you.

Speaker 3

Yes. In part, it's the revenue beat. As you saw, we ended up beating revenue above the top line. And then there are and I called this out, there are some expenses that we'll be doing in Q4 that were planned for Q3. And then just overall good strong efficiency as we operate the company.

Operator

Your next question comes from the line of Roger Boyd of UBS Securities. Your line is open.

Speaker 12

Great. Thanks for taking the questions and I'll add my respective congrats to both Josh and Eric. Happy for you both. Matt, high level question around Post Quantum. It seems like awareness is raising there.

Speaker 12

I'm wondering based off your conversations with customers, do you think that we're getting into adoption curve where customers are looking to pick up post quantum security tools, some of the stuff you're talking about with, being able to gauge exposure and get to a place of certificate agility? And now with is there any sense of how material you think this could be as a driver in the next year? And then I have a quick follow-up.

Speaker 2

Sure. Yes. No, I think you hit a nail on the head there around the idea that the willingness and want to talk about kind of post quantum plans is a part of every conversation we're having on the Venafi side. Now I still think it's obviously several years out until the actual quantum impact is felt and thankfully for that. But what we're able to do now is really talk with the customers about their programs and plans.

Speaker 2

We have an ability to come in and do workshops around how the Venafi solution and our overall machine identity security solution can help prepare them for a post quantum world. And it speaks not only to the need for obviously innovating around the algorithm and making sure that you're able to prepare. It also speaks to this idea of life cycle management because in a post quantum world where an algorithm might be able to be breached or hacked into, we need to be aware of all of the assets, all the identities that are out there and we need to be able to reissue maybe with a new algorithm on demand based upon what's happening in the kind of threat landscape or threat environment. So I do think it's a piece of the strategy. I think you're right that customers are starting to talk about it still many years out till they have to actually implement.

Speaker 2

But I think it's a part of what's driving the awareness of what we're doing on the machine identity side.

Speaker 12

Got it. Super helpful. And then just for Josh or Erika, just around 4Q, I know you've talked about moving to shorter contract durations on the maintenance side. Any color you can provide on what you're seeing around renewal rates there? And anything to be mindful of relative to your 4Q assumptions for maintenance given the renewal base and seasonally larger quarter?

Speaker 12

Thanks.

Speaker 4

Yes, Roger, it's a great question. I think we've seen continued strong renewal rates as it relates to that maintenance space. But as you know that Q4 is one of the biggest quarters. So baked into kind of our forward looking or 4th quarter guidance is about an $8,000,000 to $10,000,000 decline in that overall maintenance ARR sequentially. So just kind of keep that in mind when you're thinking about the ARR build into the Q4 and the exit rate there.

Operator

Great. Thanks again. Your next question comes from the line of Adam Borik of Stifel. Your line is open.

Speaker 9

Awesome. Thanks for taking the question. And of course, Josh and Erika, many congrats for you both. Maybe a bigger picture question for you, Matt. You talked about the platform selling approach has been in great traction, especially with some of the wins you talked about.

Speaker 9

Now, I'm just curious maybe from a technology perspective under the hood, especially as you now fold in Medify, how do we think about how integrated the call it the human side of the portfolio is today? You talked about efforts to integrate secrets and Invenify and how should I think about almost a converged humannonhuman identity portfolio on the back end in coming years? Thanks so much.

Speaker 2

Sure, Adam. So I think as you highlighted, our first priority is let's get Venafi and Seacris integrated into what we're calling this machine identity security solution. And let's hit the ground running as fast as possible with that, so we can take advantage of the increased awareness and the need to really lock down those machine identities themselves. I think what we look for is 2 things. 1 is the shared experience across human and machine.

Speaker 2

So that organizations and customers can partake of shared dashboard, shared discovery. And I think those types of things start to come online more towards the end of the year into 2026. And then we're always looking to look, how can we leverage the shared services of our platform, for example, things like unified audit and unified identity management. And that's an area where we can be building up over time also as part of a shared platform approach. So I think 2025 is really about integrating the machine at any solution itself.

Speaker 2

2026, you start to see the technologies come together and we have a roadmap and an idea of what that would look like. Independent of the technology, there's a conversation with customers that we're having all the time, which is machines and humans need to be integrated and managed under one platform, one ability to understand what is going on. We need to make sure that we can provide a future proof for the years to come across human machines because that's needed for a comprehensive view of what Identity Security is. And so I think that starts from day 1. And frankly, I've received multiple comments from customers, customers I trust implicitly actually that help advise that say this is like one of the things that they would have hoped happened in the industry is bringing human and machine more together for where they need to go for the future.

Speaker 9

Awesome. Thanks so much.

Operator

Your next question comes from the line of Don DiFucci of Guggenheim Securities. Your line is open.

Speaker 7

Thanks for taking my question. I have been called Don before. But anyway, Mike, I don't mean to beat a dead horse on this. But really, I think I'm curious like why Venafi represents an incremental growth plan for you? Matt, you talked about the go to market push and that makes some sense.

Speaker 7

And you talked about a bunch of things here, but we've heard about this for a while and Benefi has been around for a while and it was a good company, a decent company, but it never seemed to fulfill its promise, right? Machine identities always made sense, but they never fulfilled it. It. And I just wonder if we're getting a little bit too far ahead of ourselves here. And you guys have executed really well.

Speaker 7

And that's part of it too, right? That's positive. But I don't know if you could speak a little bit to that. I'm sure there's a question in there somewhere.

Speaker 2

There is. And I think it's a good one, which is why now. And I think I've hit on, as you mentioned, all right, did Benefi ever invest in the go to market scale and breadth to be able to truly go out there and penetrate the market. They were mainly focused in the U. S.

Speaker 2

They didn't have much presence in EMEA and APJ. They had a relatively limited spending on marketing and on sales. They had a very, very, very small channel program. So they were not able to actually bring in the SIs and the bigger channel partners that we bring to the table. So for sure, one part of it is what CyberArk brings to the story.

Speaker 2

But I think there is a second part, which is an inflection in the market of, as I said, volume, variety and velocity. And that's a change. Like if we go back 5, 6 years ago, the volume was not where it was. And the variety actually was not as complex. And ultimately, the very nature of these modern workflow and identities were much different in terms of the velocity of change that was happening.

Speaker 2

When you go out and look at the market factors around the Google mandate, the actually regulations that are coming in that actually speak to the machine identity landscape, there wasn't the pressure to get your arms around what was a very basic problem to begin with of certificate lifecycle management. What's happening now and by the way, that's what drove them up into only the upper echelon of big banks, big financial institutions, where the problem was really tough and they weren't actually penetrating down into the mainstream enterprise because it wasn't really part of a big problem statement. Given the volume, given the variety, given the velocity, what we find now is actually manual processes, spreadsheets, kind of point solutions can't manage the problem. And that's what our enterprise customers were telling us before we acquired Venafi and that's what they're telling us even more now post acquiring Venafi. So I think when you combine those factors together, that's what gives us the excitement and the confidence in what we're out there describing.

Speaker 2

And ultimately, you'll see that materialize as we move throughout 2025.

Speaker 10

Okay. Okay.

Speaker 7

And I just want to make sure that Josh wasn't putting a high bar for Erika, just leaving that for her because I know well, she's been by his side for a long time. But okay, and I guess

Speaker 2

I don't know that Josh has ever found a high bar. I think he always is putting the right bar out there prudently. That's why I love Josh.

Speaker 7

That all makes sense. And you guys, like I said, have executed well. But I guess ARR was strong this quarter, my follow-up here. And it was in the range of what we thought you could do, like and that's great. But just curious if you saw any influence on this last quarter due to the U.

Speaker 7

S. Election? And if you did, how do you see this influencing business going forward, if at all?

Speaker 2

Yes. So we definitely didn't see anything materially different than what we've seen in other quarters. I think we continue to see, like we say, a tough macro out there, one in which though we continue to perform well, security being at the top of the list, our security, identity security being at the top of that list. You've heard me say that before. I don't think we saw anything measurable or change there.

Speaker 2

I think as we look towards Q4, we're not anticipating some large budget flush out there as people kind of figure out maybe what the implications of the macros and the environment is. So our guide doesn't assume that. But no, I don't think we're seeing anything different in the environment as a whole and we're kind of in a wait and see approach as it relates to the election itself. Great. Thank you and congrats.

Speaker 2

Thank you. And we are excited to deliver another strong quarter that showcases our leadership in identity security and that our vision of delivering the right level of privileged controls for every identity is working. We're thrilled to welcome the exceptional Venafi team to CyberArk. I want to congratulate Erica on joining the leadership team and I want to say my heartfelt thanks to Josh for being such a strong partner to me as I came into the CEO role and for helping to guide CyberArk for all these years to our success. Thank you, everybody.

Operator

This concludes today's conference call. You may now disconnect.

Earnings Conference Call
CyberArk Software Q3 2024
00:00 / 00:00