CyberArk Software Q1 2024 Earnings Call Transcript

There are 16 speakers on the call.

Operator

Thank you

Speaker 1

for standing by. My name is Kath, and I will be your conference operator today. At this time, I would like to welcome everyone to the Q1 2024 CyberArk Software Earnings Conference Call. All lines have been placed on mute to prevent any background noise. After the speakers' remarks, there will be a question and answer session.

Speaker 1

Thank you. I would now like to turn the call over to Erica Smith, Senior Vice President of Finance and Investor Relations. Please go ahead.

Speaker 2

Thank you, Kat. Good morning. Thank you for joining us today to review CyberArk's strong Q1 2024 financial results. With me on the call today are Matt Cohen, our Chief Executive Officer and Josh Siegel, our Chief Financial Officer. After prepared remarks, we will open up the call to a question and answer session.

Speaker 2

Before we begin, let me remind you that certain statements made on the call today may be considered forward looking statements, which reflect management's best judgment based on currently available information. I refer specifically to the discussion of our expectations and beliefs regarding our projected results of operations for the Q2, full year 2024 and beyond. Our actual results might differ materially from those projected in these forward looking statements. I direct your attention to the risk factors contained in the company's annual report on Form 20F filed with the U. S.

Speaker 2

Securities and Exchange Commission and those referenced in today's press release that are posted to CyberArk's website. We expressly disclaim any application or undertaking to release publicly any statements or revisions to any forward looking statements made today. Additionally, non GAAP financial measures will be discussed on today's call. Reconciliations to the most directly comparable GAAP financial measures are also available in today's press release as well as in an updated investor presentation that outlines the financial discussion in today's call. A webcast of today's call is also available on our website in the Investor Relations section.

Speaker 2

With that, I'd like to turn the call over to our CEO, Matt Cohen. Matt?

Speaker 3

Thanks, Erica, and thanks, everyone, for joining the call today. I want to start by acknowledging CyberArk's 25th anniversary, which we celebrated just a few weeks ago. Udi Makati, CyberArk's Founder and Executive Chair, is a visionary who, along with the founding team, identified a market need and set out to secure the most valuable information within the world's most complex global organizations. Along the way, CyberArk pioneered the privileged access management market, a segment of identity that has become a critical security layer and consistently moved up the CISO's priority list. Since its founding, CyberArk has grown and evolved in many ways.

Speaker 3

Our success was driven by an unwavering commitment to our mission of securing the world against cyber threats. So together, we can move fearlessly forward. To execute our mission, we consistently delivered a cutting edge innovation and transformative value to all our customers. Perhaps most importantly, in a world of constantly escalating threats, we have been relentlessly focused on the security first mindset in every decision we make since day 1 of our founding. As a result of our strong execution and the trust that our security first mindset has created with customers and partners, 25 years later, we are broadly recognized as the leader in identity security.

Speaker 3

Today, our unique value proposition to secure all identities with the right level of privilege controls on our identity security platform is resonating with customers. I am confident that we are only scratching the surface of this large and rapidly growing market opportunity. Our strong Q1 results demonstrate that we built on the momentum we experienced throughout 2023. The durability of demand for our solutions and our execution is highlighted by subscription ARR of 621,000,000 dollars growing 54% year over year. Total ARR of $811,000,000 growing 34% year over year.

Speaker 3

And Q1 results significantly exceeded guidance across revenue, operating income and EPS. Total revenue growth accelerated to 37 percent reaching approximately $222,000,000 Non GAAP operating income came in at $33,000,000 a big improvement from a loss of $12,600,000 in the Q1 of 2023, highlighting the operating leverage in our business model. Non GAAP earnings per share was $0.75 up significantly from a loss of $0.17 in the year ago period. We are thrilled to report $67,000,000 in free cash flow for the quarter, significantly up from 4,000,000 dollars in Q1 of last year and a proof point of our commitment to profitable growth. The strength of our results and business momentum gives us the confidence to raise our guidance for the full year 2024 on all metrics, which Josh will talk about later.

Speaker 3

Our ongoing success is fueled by a number of secular tailwinds, including the pace of attacker innovation, digital transformation, ongoing migration to the cloud and exponential increases in human and machine identities. Identity is the common denominator in every major cybersecurity breach. Our research has shown that over 90% of organizations have suffered from an identity related cyber attack, a significant increase from about 60% in the prior year. Last quarter, we discussed the extensive security challenges faced by CIOs and CSOs in safeguarding the entire spectrum of identities across IT, developers, workforce and machines. In today's severe threat landscape, customers recognize that merely managing identities without privileged security controls is a risk they cannot afford.

Speaker 3

The security risks are further exasperated by the rise of AI, proliferation of machine identities and increased elevation of access for human identities. As a result, organizations need to undergo a paradigm shift in identity security. They can no longer rely on yesterday's solutions and approaches to address today's problems. We at CyberArk are helping customers secure all identities, human and machine, as they access all environments, including hybrid and multi cloud environments. Our differentiation comes from our deep domain expertise in privileged access and we tailor privileged controls for each identity group to mitigate risk effectively.

Speaker 3

We discover, secure and manage across the entire lifecycle of each identity group. We are the vendor best positioned to apply comprehensive intelligent privilege controls across standing access, just in time access and a zero standing privilege approach, all from a unified Identity security platform. Our land and expand Our land and expand motion and the subscription flywheel continues to gain momentum. It all begins with new logos and we signed nearly 200 customers in the Q1. While the majority of customers land with PAM, approximately half of these new logos bought 2 or more solutions with many choosing to secure multiple identity groups from day 1.

Speaker 3

This speaks volumes about the power of our platform and the importance of identity security. A few exciting new logo examples from the quarter included a deal that perfectly showcases our platform selling motion and new routes to market, which was a financial services company that landed with PAM, EPM for workstations and servers, ConjurCloud and Identity Flows and a large 7 figure ACV deal that closed to the Azure marketplace. The PAM market has evolved well beyond securing only high risk IT personnel. Today, modern PAM programs protect a much broader group of privileged users, including developers, shadow IT and database and cloud administrators. As an example, we have a great customer in the we have great customers in the government and healthcare verticals.

Speaker 3

And this quarter, we are excited about our new relationship with NHS Resolution, a body of the U. K. Department of Health and Social Care. They kicked off their relationship with CyberArk with privileged cloud and secure cloud access and are planning to grow their footprint in the future. Each workforce identity is more powerful today than ever and traditional MFA and SSO solutions are easily circumvented.

Speaker 3

We reimagined workforce identity by wrapping MFA and SSO with more controls through our secure web sessions, workforce password manager, EPM and our new secure browser. This quarter, a large logistics company picked CyberArk for PAM and Workforce Identity after a head to head competition with a leading IDaaS vendor. Our best in class security and breadth of our platform were the deciding factors in winning this amazing new logo. Our customer base is also an important growth vector for CyberArk and our platform selling motion is accelerating expansion deals. Overall, we had a strong quarter of expansion within our base across all our solutions with particular strength in our secrets management business.

Speaker 3

The world of securing machine identities is changing rapidly. Organizations are grappling with a larger variety and an ever growing number of machines from applications to bots to workloads to IoT devices. Each one of these machines needs to be secured and managed across the lifecycle of multiple identity components secrets to digital keys to certificates. The proliferation of AI is further accelerating the growth and complexity of machine identities. This is becoming a top security challenge.

Speaker 3

Traditionally, managing machines often sits outside the security team's remit of control. However, this practice exponentially increases risk and is unsustainable in today's threat landscape. Customers increasingly realize they need to scale their machine identity security programs beyond local vaults, loosely enforced policies and open source tools. They need an enterprise ready machine identity security approach that can scale and is tied into their human identity security program through a single platform. One great win that exhibited all I am describing was with a CyberArk customer who has been with us since 2018.

Speaker 3

We expanded our long standing relationship with the Department For Works and Pensions in the UK with an expanded program while kicking off a robust secrets management program. With CyberArk as a key strategic partner, they are focused on aligning their identity security roadmap for human and machine identities, supporting the UK government's focus on a stronger cybersecurity posture. We talked earlier about how we are protecting the workforce using a reimagined approach that goes beyond SSO and MFA. And for this approach, it needs to extend also to the endpoint, the most common entry point for attackers. By removing local administration rights and enforcing least privilege and detecting identity based threats targeting the worst workstations and servers, organizations can reduce the endpoint attack surface.

Speaker 3

This strategy also protects organizations from attackers who turn off EDR agents and proceed quietly without being detected, which is one of the main reasons a multinational food company in LatAm signed a high 6 figure ACV EPM deal in the Q1. This customer is looking to deploy CyberArk everywhere as part of its broader identity strategy. During the past few years, EPM experienced strong growth and recently surpassed $100,000,000 in ARR. This achievement is a testament to the solution's ability to extend Identity security and 0 trust to workstations and servers. We are excited about the potential for further growth in our EPM business, both with new and existing customers.

Speaker 3

We also talked though about the exploding population of developers and the need to start securing them as privileged identities without interfering with their speed of innovation. Our Secure Cloud Access Solution or SCA provides best in class privileged controls to hybrid and multi cloud environments. It applies the principle of least privileged access by granting just enough permissions with 0 standing privileges while still allowing developers, data scientists and cloud engineers to work natively and efficiently without having to change their preferred workflows. We are incredibly excited about this solution and in the Q1 we continue to see excellent traction with the offering. In a deal with a major retailer, the customer broadly deployed CyberArk SaaS solutions and a continued move to the cloud, but they cited Secure Cloud Access as the most important differentiator and signed a high 6 figure ACV deal that also include privileged cloud, secrets and workforce identity.

Speaker 3

Q1 was an exciting quarter for our focus on innovation and new releases. Last year, we discussed our plans to expand our routes to market and increase our market reach through MSPs. According to Gartner, 40% of security customers are expected to consume solutions through a managed service by 2026. To accelerate this channel, we recently launched the CyberArk MSP console. By providing MSPs with a single command center, this console is a key step in helping our MSP partners build managed services that secure their customers' human and non human identities.

Speaker 3

We are also very excited about the general availability of CyberArk Secure Browser, the industry's first identity centric secure browser. It is purpose built for a cloud first world and protects our customers against emerging threats, while enabling productivity and ease of use across all CyberArk solutions. Secure Browser is designed to help protect customers from fast growing attack methods like cookie harvesting and browser based attacks both at and beyond login. It is natively integrated with our workforce solutions providing a seamless unified user experience and serves also as a direct access portal to our entire platform. We believe Secure Browser will not only enhance security for our customers, but also drive adoption of our solutions.

Speaker 3

Lastly, CyberArk has recently received FedRAMP high authorization for 2 of its SaaS solutions, Endpoint Privilege Manager and Workforce Identity. Our investment in FedRAMP High highlights CyberArk's commitment to help the public sector implement strategies that adhere to 0 trust principles and move to a more secure and efficient future. As excited as I am to talk about all these great developments, I'm even more excited by what we have in store for our customers and all of you at Impact in Nashville in just a few weeks. We have a tremendous lineup of truly innovative developments to talk about. So please tune in and we look forward to seeing many of you there.

Speaker 3

Josh will go deeper into the P and L in just a moment, but I wanted to emphasize that although most of my comments this morning focused on the potential for tremendous growth, we remain equally committed to delivering profitability and cash flow. This was evident in our Q1 results and we remain well on track to deliver on the long term targets we introduced last year. In summary, our momentum from 2023 continued in the Q1, and we kicked off the year with a strong Q1. I will leave you with 4 main takeaways. 1st, demand for our solutions remains strong and Identity Security is at the top of CECL's priority list.

Speaker 3

2nd, our unified identity security platform is meeting a clear customer requirement to apply the right level of privilege controls to every identity, human and machine. 3rd, our security first approach is a clear differentiator for CyberArk in the market, helping us win deals. And 4th, we have a long runway for growth and are making disciplined investments to capture a bigger share of the large and growing market opportunity. Josh, I'll turn the call over to you.

Speaker 4

Thanks, Matt. Q1, another strong quarter for CyberArk. We exceeded expectations across all of our guided metrics. We reported strong ARR and revenue growth drove significant operating margin expansion and generated healthy free cash flow. Our strong results highlight the durability of demand for our solutions, the ongoing adoption of our broader identity security platform and the power of our business model as we scale.

Speaker 4

Moving into the results. Total revenue growth accelerated to 37% year on year, reaching $221,600,000 and significantly exceeding the top end of our guidance. Demonstrating the continued momentum in our business, ARR reached $811,000,000 that's growing 34% year on year. We added $37,000,000 in net new ARR and that's compared to the $34,000,000 in the Q1 of last year. Subscription ARR grew 54% and reached $621,000,000 and is now 77% of total annual recurring revenue.

Speaker 4

Maintenance ARR was $190,000,000 and like for like conversion activity still represents about a single digit of our year on year growth. Our strategy of up selling and cross selling new solutions has been a significant factor in our strong growth. This is demonstrated by the fact that at the end of the first quarter, the cohort of customers with an ARR of more than $100,000 grew to over 1780 customers and for the cohort of more than $500,000 ARR, they grew to over 300 customers. Now moving into the details of the revenue lines. For the Q1, recurring revenue reached $205,800,000 growing 41% year on year and accounted for 93% of total revenue.

Speaker 4

That's compared to 90% in the Q1 last year. Subscription revenue was $156,200,000 growing 69% year on year and representing 71% of total revenue. While the primary driver of our outperformance was bookings, we did experience an increase in average contract duration on our self hosted subscription deals relative to our guidance. Maintenance and services revenue was $62,400,000 of that recurring maintenance revenue was $49,600,000 Our maintenance renewal rates remained strong and in line with historic levels. Professional services revenue was $12,800,000 From a geographic perspective, all regions showed healthy growth.

Speaker 4

Americas revenue was $124,500,000 growing 27% year on year. EMEA revenue was $74,000,000 up 59% year on year, partly benefiting from our bookings and the longer duration that I spoke about earlier. APJ revenue was $23,000,000 growing 37% year on year. Moving to the P and L, all line items will be discussed on a non GAAP basis. Please see the full GAAP to non GAAP reconciliation in the tables of our press release.

Speaker 4

1st quarter gross profit was 100 and $85,700,000 or 83.8 percent gross margin compared to 81.3% in the Q1 last year. The expansion of our gross margin primarily driven by revenue outperformance. In the Q1, our operating income was $33,000,000 The operating income outperformance was driven by 3 main factors: the revenue outperformance, the timing of certain marketing related expenses that we now expect to incur in the Q2 and 3, we did experience a slower hiring pace, particularly in R and D. Net income came in at $35,000,000 or $0.75 per diluted share, also significantly outperforming our guidance. We ended March with 3,070 employees worldwide, including approximately 1300 in sales and marketing.

Speaker 4

We continue to see healthy growth in our quota carrying sales reps, particularly our fully ramped ones. We were thrilled to deliver strong cash flow of 66 free cash flow $66,800,000 in the quarter. While we do not guide to cash flow quarterly, I would remind investors that cash flow is seasonally stronger for us in the Q1. And particularly this year, the strong cash flow is partly a function of strong bookings and renewals in the Q4 of 2023. For the remainder of the year, we expect cash flow to follow typical seasonal patterns that's lower in the second and third quarters and an uptick from the Q3 to the 4th quarter.

Speaker 4

Turning now to our guidance. For the Q2 of 2024, we expect total revenue of $215,000,000 to $221,000,000 which represents 24% year on year growth at the midpoint. We do expect SaaS to make up a bigger portion of our overall subscription mix in the Q2 impacting recognized revenue in period. We expect non GAAP operating income in the range of $12,000,000 to $17,000,000 for the Q2. As a reminder, we will hold our impact customer events in a couple of weeks and our impact world tour will also begin in June, increasing our planned marketing expenses for the quarter.

Speaker 4

We are also seeing a stronger hiring pace, which is reflected in our guidance. We expect our non GAAP EPS to be in the range of $0.34 to $0.44 per diluted share. Our guidance also assumes 48,100,000 weighted average diluted shares and about $10,200,000 in taxes. For the full year 2024, we are increasing guidance across all our metrics. We now expect total revenue in the of $928,000,000 to $938,000,000 representing 24% year on year growth at the midpoint.

Speaker 4

And as we look at our pipeline for the remainder of the year, SaaS continues to lead the way. Reflecting our continued commitment to driving operating leverage, we are increasing our full year operating income to a range of $90,500,000 to $99,500,000 We expect our non GAAP EPS to be in the between $1.88 to $2.07 per diluted share. We expect about 48,100,000 weighted average diluted shares and about $51,000,000 in taxes for the full year of 2024. We are also raising our annual recurring revenue now to be in the range of $975,000,000 $990,000,000 at December 31 or about 27% year on year growth at the midpoint. We are significantly also increasing our free cash flow guidance for the full year 2024 to now being in the range of $115,000,000 to $125,000,000 To sum up, we are thrilled to kick off 2024 with another strong quarter of results.

Speaker 4

Demand for our solution is robust. Our platform delivers tremendous value and identity security remains a business imperative. We believe we are well positioned to execute on our targets. I will now turn the call over to the operator for Q and A. Operator?

Speaker 1

Thank you. We will now begin the question and answer session. And your first question comes from the line of Saket Kalia with Barclays. Your line is open.

Operator

Okay, great. Hey, good morning, guys. Thanks for taking my questions here and congrats on 25 years.

Speaker 3

Thanks Saket. Really appreciate it.

Operator

Sure. Matt, maybe just to start with you. Particularly in the wake of some M and A out there, right, particularly IBM and Hashi,

Speaker 5

I was wondering if you could just talk a little

Operator

bit about the backdrop here competitively. And since there were so many multiproduct kind of examples on the call, maybe you could touch on that in terms of PAM and also broader identity. I know you spend a lot of time with customers, so just kind of curious what you're seeing competitively? Yes. It's a great question, Saket.

Operator

And I think what we see is just the continued

Speaker 3

evolution in the competitive environment where our platform begins to puts us leap kind of heads and shoulders above everybody else that's out there. We are consistently able to tell the story of the spectrum of identity groups and our ability to bring more than one identity, more than just IT onto our platform. That begins to differentiate us from the traditional PAM competitors that are out there that aren't really able to deliver on that message. So that starts to differentiate us in the PAM space and allows us to be able to continue to take share. Then when you start to look at our broader identity story, it brings us into spaces like we talk about access.

Speaker 3

And you hear me emphasize that a lot, which is in the world of commoditized MFA SSO, there isn't that much difference between vendors that are out there. But the ability to be able to wrap privilege controls on top of an MFA SSO solution, ours or somebody else's, allows us to be able to start talking about how do we bring workforce identities back into our overall Identity Security platform. And we see that strongly in some of the examples that I shared. The final piece, which you kind of hit on, we were putting together our talk track for this earnings on our secret story well before the Hashi acquisition by the IBM acquisition of Hashi, we had a really strong Secret's quarter. And we've been talking about the momentum building, not only in the products that we've had out for a while, but especially in our ConjurCloud and SecretsHub and SaaS First Solutions.

Speaker 3

And it really is this pivot where security is getting involved and wants to have an enterprise scalable approach to how you secure machine identities. And what we've seen in the prior quarters and especially in this quarter is that those deals are starting to pick up and actually also increase in size as customers want to put in place the enterprise backbone. So back to the point at hand, we've been feeling good about our competitive posture against Hashi as it's become more of an enterprise scale sale and a security sale. The disruption of IBM buying them, how IBM is viewed in the market, I think it will just lean in to our ability to be able to capture that market around secrets and machine identity security.

Operator

Got it. Got it. That makes a ton of sense. Josh, if I can ask one follow-up for you. I think the part of I mean, great to see all the guidance metrics go up, but the one that really stood out to me was the increase in the free cash flow guide.

Operator

As I think back historically, I think we've talked about sort of a bigger subscription renewal pipeline that maybe would renew it at higher incremental margins. Is that sort of the biggest driver for raising at this point of the year or is it something else? And maybe on that point, where are sort of we in that renewal flywheel for subscription? Sorry, a lot there, but does that make sense?

Speaker 4

Yes, Saket, and thanks for asking. I mean, first of all, obviously, we had a great Q1 on cash flow. It was based off of coming off of a really strong year and particularly Q4 and a strong Q4, not just in new business, but as you started to point out, it also included a really nice renewal base from Q4, which is kind of what you're sort of alluding to, which is kind of the beginning of the first glimpse of the power of this model after the transition and now really starting to see kind of the last piece of the the last part of the flywheel come into effect, which is around cash flow. And of course, we were able to boost from the Q1 by having excellent collections as well and early Q1 bookings, which also supports the cash and still continuing to control our expenses, which we like to do. So overall, it reports a stellar cash flow execution for the Q1.

Speaker 4

And that really gives us the confidence as one kind of the first part that I mentioned that actually the renewal and the recurring revenue does create that flywheel for billings and collections, assuming that we continue to collect at the well executed rate that we are that we expect to do. And then, of course, our overall bullishness in the business for the rest of the year as we also raise all of our metrics, not just the cash flow. And so I think it's a complete story around cash flow.

Speaker 1

Your next question comes from the line of Greg Moskowitz with Mizuho.

Speaker 6

Okay. Thank you very much for taking the questions and nice job on the Q1. Matt, I'd like to ask about EPM because it's an important solution and yet penetration rates remain very low across the industry and quite honestly even within your own installed base. And I think much of this might be due to a lack of awareness of EPM in some cases. In other cases, just a belief that having an ADR solution might be enough.

Speaker 6

But is there anything that CyberArk can do that you think can perhaps further accelerate the adoption curve going forward?

Speaker 3

Yes, Greg. So you know how we feel about EPM and I think you've heard us talk about the idea that it is the core security control that really can protect the endpoint against breach. And our feeling is even stronger in this threat landscape, in this threat environment that you need an EPM agent installed at the endpoint, you need it on your servers, you need it to protect your EDR investment, and ultimately you need to secure the endpoint. Now I think what we have really come to the conclusion on is you're right, it's a little bit of education still required in the market to explain that EPM isn't just about removing local admin rights. It's about implementing a least privileged workflow.

Speaker 3

It's about application control and it's really about protecting ransomware. And so I think what we're trying to understand and do as a company is start to embed the EPM value prop into each one of those human identity groups that I've been describing, build it deeper and tighter into the workflow of SSO and MFA. Again, ours or anybody else's, make sure that developers' workstations start with an EPM control installed. And then obviously, in our bread and butter within securing IT, make sure that everyone understands that EDR is really not enough. Where you saw initial real success in EPM was in highly attacked and highly regulated industries.

Speaker 3

And those big enterprises have been buying EPM for years. And I think we need to take it beyond those industries and make sure that everybody can understand the value prop that I just described. So final point here is we're continuing to invest not only in the integration and the solutions, but frankly also in the go to market talent to be able to complement our sellers out there to tell the story a little bit richer and deeper as I started to describe on the call.

Speaker 1

Your next question comes from the line of Brian Essex with JPMorgan.

Speaker 7

Yes, thank you. Good morning. Thank you for taking the question. I just I want to follow-up on a question from Greg on EPM. I think obviously $100,000,000 ARR is a great milestone and it's a substantial adjacent TAM for you guys.

Speaker 7

But I guess any plans to maybe evaluate go to market? And do you see any impact on customer adoption for next gen EDR or the customers? This is layer on top of legacy or best of breed EDR solutions. And would love to understand maybe the profile as you see customers adopt EPM, what does the profile of customers tend to look like? Maybe the size of the customer, sophistication, are they more identity focused?

Speaker 7

Or do you see that endpoint demand also driving the demand for EPM?

Speaker 3

Thanks, Brian. So I think 1st and foremost, as I was hitting on with Greg, I think we believe that it's a necessary component to actually double down in our marketing organization and in our go to market organizations to increase our ability to be able to tell the story in the market, especially outside of the larger enterprises, which is an answer to one of your questions, which adopted the fastest. I think people with organizations with a security first mindset that understood the threat landscape, they got started on EPM a little bit earlier. And they understood from day 1 that an EDR tool doesn't do the same thing. And in fact, they're very complementary.

Speaker 3

I think as we've started to expand further and penetrate as we built that $100,000,000 business, we started to see industries like healthcare and manufacturing start to take off because those again are areas that are constantly under attack. You can almost map to the threat environment and the ransomware threat particularly. And those industries and those verticals are really the ones that have really started to accelerate and help us with building the momentum around the product. I think when we talk about the opportunity ahead, it's really about, 1, making it more seamlessly integrated into our overall portfolio and then enabling and investing in the overlay and marketing capacity to make the story clearer. And then finally, it is about this idea of how do we make sure that we take the lessons learned from the big industries and bring it down market to other customers to help them understand why this is the which B, I'm not using A, the security control that they should get started with.

Speaker 3

It's an interesting thing. In some of them less mature markets, let's flip over to places like the state and local governments, We see EPM as being the landing spot. It's actually areas where they get started because they understand they can put in place a core security control very fast. It's a SaaS based product, easy to adopt, and they can lock down a privileged pathway at the endpoint. So I think, again, we're learning the approach.

Speaker 3

We're driving significant upside in the business through EPM. And I expect that business to continue to build and grow for us in the quarters ahead.

Speaker 1

Your next question comes from the line of Rob Owens with Piper Sandler. Your line is open.

Speaker 8

Great. Thank you guys for taking my question. I wanted to ask on net new subscription ARR, which was flat from a year over year perspective. And I wanted to ask a question, I guess, from the perspective of just security spending and environment overall. And within that, if you could parse maybe what you're seeing geographically or enterprise versus SMP, that'd be helpful.

Speaker 8

Thanks, guys.

Speaker 3

Yes. Thanks, Rob. So overall, we had a strong quarter. Our ability to be able to continue to drive momentum in the market, you've heard me talk for quarters about the difference in conversation with the CSO, with the CIO, with the C suite and elevating the conversation up to this Identity security story and really talking about how do we help them with their overall security posture and help enable them as they talk to their boards, to their auditors. And at the top of the list is Identity Security.

Speaker 3

So we continue to see that building. We continue to see that strong. And Q1 was just a continuation of what we've been able to see over the last couple of quarters. As it relates to the Q1 performance itself, we were very happy with where we ended up and the overall performance. There was one element that actually occurred in the quarter where we had about $2,000,000 or so of renewals that basically wasn't able to come in due to the holidays and other stuff and has closed since.

Speaker 3

And that would have made the net new ARR look a little bit better. It then is demonstrated in our ability to be able to raise full year at a high level. So overall, I would tell you that Q1 was a strong quarter for us and there's been no change in the environment that we've seen out there.

Speaker 9

Great. Thank you.

Speaker 1

Your next question comes from the line of Fatima Boolani with Citigroup.

Speaker 10

Good morning. Thank you for taking my questions. Matt, in your prepared remarks, you shared a lot of anecdotes about customers who are increasingly lending with a higher incidence of products across the portfolio. So when I internalize this as manifesting and maybe increased wallet share, can you talk to us a little bit about the expansion rates the dollar based retention rates that you're realizing in the portfolio? And specifically in contrast to maybe some of the newer logo activity that relative to more recent quarters was a little bit slower.

Speaker 10

So just that compare contrast between the momentum and the size and scope of the momentum within the installed base versus the new logo activity in the quarter? Thank you.

Speaker 3

Yes, absolutely. So 1st and foremost, I mean, we have a great set of customers. We have more than 8,008,008 100 worldwide. These customers trust us from a security perspective. And so our ability to go back into that base just to upsell them more PAM seats and then expand them into EPM, into workforce, into secrets, into our secure cloud access.

Speaker 3

It's an incredibly strong position that we find ourselves in. And our sales team does an excellent job of really monetizing that base and expanding our footprint. And so I think you heard that in our talk track as we talk about that healthy expansion ability that we have. And I think it comes back to an earlier question, which is our clear differentiation is this spectrum of identities and customers are buying into the idea that it's not enough to just secure the most privileged IT users with PAM. They need to apply controls across the entire spectrum of identities.

Speaker 3

So I think on the existing business and our ability to upsell and expand, it just continues to be strong. It's been strong, and we're excited to see where we take that for quarters to come. From a new business perspective, we look at it and kind of say anytime we can get 200 new logos in the door in a non Q4 quarter, we're pretty happy with that. That allows us to be able to start the process of turning them into these longer term customers to expand across the multiple identity groups. And so we look at Q1 and we've always said that in this macro and this environment, new logo deals are take a little bit longer, they take a little bit more work.

Speaker 3

We've gotten better and better at doing that. And we're really happy with our ability to be able to land those logos. And frankly, we're really happy about the pipeline on those new logos, the ones we just landed and when they are anticipated to come back for an expansion deal because then the flywheel is really kicking in and it brings us back to the beginning of my answer.

Speaker 1

Your next question comes from the line of Joseph Gallo with Jefferies. Your line is open. Mr. Joseph Gallo, your line is open.

Speaker 11

Can you hear me? I'm sorry, somehow my headset was not working.

Speaker 3

We can hear you now.

Speaker 11

Awesome. Sorry about that. Thanks for the question. Awesome to see the cash flow machine turn on. It was impressive operating margin performance this quarter and the guidance, although the full year raise was modestly less than the beat.

Speaker 11

Can you just walk us through the dynamics for this year? Is that primarily rev mix shift? I think you mentioned headcount growth, but moderating. So just any other investments we should think through given the 34% ARR growth is highly indicative of a large opportunity? Thanks.

Speaker 4

Yes. I'll start here. I mean, basically, we're excited that we'll be able to that we're raising the metrics across all boards from cash flow through the operating through the revenue, through the operating. In terms of color on that, we do expect SaaS to be a bigger player on the revenue side as we go into Q2 and into the second half. With regard to the investments, we're catching up on some hiring, on the slower hiring from Q1, and we anticipate to continue hiring into the second half as well.

Speaker 4

And so that's where we'll see some of the investment side in R and D and also, of course, in the go to market engine as we always like to pre hire when we look at multiple years of growth. I think from I don't from another perspective, in terms of the mix, we see the mix continuing on other than fact that we see it kind of

Speaker 3

inching up towards some more SaaS business. And maybe just one add for me is when we look back on Q1 and we talked, as Josh just said about a little bit of a slower hiring profile, we've seen that kind of kick in solidly here in April. And so that actually brings up the anticipation of expense and that's built into our guidance going forward. One of the nice things for me despite the lower hiring in Q1 is when I actually look at the quota carriers, which is what we really are investing in to make sure that we capture the opportunity. We had a nice quarter around ramping up quota carriers, especially fully ramped quota carriers and that sets us up to be able to go capture the opportunity here throughout the year.

Speaker 3

As the year goes on, we'll look for more opportunity to be able to capture on this exciting growth opportunity Fodderwala with Morgan Stanley.

Speaker 1

Your next question comes from the line of Hamzah Fodderwala with Morgan Stanley.

Speaker 9

Great. Thanks for taking my question. Josh, actually a question for you on the guidance. I actually thought the guidance raise was better than expected in light of what we're seeing, I think in software more broadly. I'm curious, it's Q1, it tends to be the seasonally slowest quarter of the year and it's early in the year.

Speaker 9

So what's giving you confidence to raise that ARR guide by the magnitude that you did given what's still somewhat uncertain macro environment? Thank you.

Speaker 4

Yes. Thanks, Tom. So I think it really starts with the demand environment that Matt talked a lot about already in the earlier questions and in his prepared remarks. And that's kind of generating the pipeline coverage and the demand generation that we're seeing for the course of the rest of the year. And I think the other point is we're well positioned from a go to market team and engine.

Speaker 4

Matt just alluded to the fact that we're about where we are on quota reps and quota carriers. And just pretty much everything that we see coming out of Q1 coming first of all, coming out of Q4 and then what we saw in Q1 and what we're seeing in the pipeline going forward and the overall demand environment that we're getting from the customer base, we're confident on being able to raise the guidance across those metrics.

Speaker 12

Thank you.

Speaker 1

Your next question comes from the line of Adam Borge with Stifel.

Speaker 5

Awesome. Thanks so much for taking the question. Maybe just on the cloud, it's great to see the continued traction with Secure Cloud Access. And as we think about kind of the cloud opportunity more broadly, we often hear about either KIM or ITDR. I was hoping you could talk more about how you think about these adjacent cloud identity security markets as opportunities for CyberArk over time?

Speaker 5

Thanks so much.

Speaker 3

Yes. Thanks, Adam. So we are and you've all heard me talk about this opportunity of how we secure access to the cloud. And just to start with, that goes across 2 of the identity groups that I was describing. The traditional IT users are increasingly having to access not only on prem targets, but also cloud assets and cloud environments.

Speaker 3

And we need a what would be considered a traditional PAM tool that's able to actually manage those hybrid environments effectively or secure those hybrid environments effectively. And so our ability to be able to take SCA and blend it in within our identity security platform is a key component part of actually how we're staying ahead in securing IT users. Then there is this new population of developers out there and these developers are hired at an exponential rate. And generally speaking, they're hired to go innovate. And once they start innovating, they're scaling up cloud environments.

Speaker 3

They have unfettered entitlements and access. And that is just not sustainable. And organizations are understanding that they need to put in place controls in the cloud. So our SCA solution, which allows for 0 standing privilege, which is a unique approach, no privileges are assigned until the point of access, allows us to be able to go in and talk to customers about securing that developer population, allowing them to use native tools and applying security controls at the point of access. So that's a way of building up then to your question, which is, all right, what is the differentiation here and how do these other markets play in?

Speaker 3

When you start to think about CIM, when you start to think even about ITDR, it's about really understanding or discovering what's going on. It's even in some cases about mapping entitlements versus targets. And we have a place to play in those areas, but the major place we play at CyberArk is in enforcement and in controls. And ultimately, once you discover, once you understand, you have to control. And our SCA solution is a light touch, easy to deploy, security first tool we can apply for controlling privileged access and privileged access specifically as people try to access the cloud.

Speaker 3

So that's just a little bit more background on it. I think it's an opportunity for us to be able to differentiate this cloud access market from some of the other areas that you were describing. And of course, our ability to be able to bring that into the overall platform is what sets us apart.

Speaker 1

Your next question comes from the line of Roger Boyd with UBS Securities.

Speaker 13

Great. Good morning and thanks for taking the question. I do want to go back to Joe's question just on the guide. But regarding the duration tailwind that you've seen term license over the past two quarters, any color on what's driving that higher? And Josh, can you just clarify what you're expecting from a duration perspective throughout the rest of the year?

Speaker 13

And how that might be impacting the different updates to the revenue and ARR guides? Thanks.

Speaker 4

Yes. I don't think that there was any one there wasn't a trend of it driving higher. I think we saw though in the Q1 it go up by a few months and it contributed about just about $3,500,000 in tailwind on the revenue side for the quarter. And I think when we look at it kind of over time and kind of as we look into the pipeline, we kind of see it dropping down again by a couple of months, but it's going to move around between the 20 and the 23 month range.

Speaker 3

I think the bigger point on the look forward really is this idea that Josh hit on earlier around what do we see in the mix when we look into Q2, Q3 and Q4. And when I analyze the pipeline, which unfortunately I still do, Gerard and I have great sessions around that. We try to understand what is it shaping up. And with all of our new products coming into play, which are SaaS only, and then where the market is moving, we see the mix of SaaS really stepping up in the quarters and in the out quarters for the year. Now we've taken that into account in our guide.

Speaker 3

And even with that, we've been able to raise our revenue outlook for the year. But it is a pretty substantial shift in our pipe towards SaaS.

Speaker 1

Your next question comes from the line of Andrew Nowinski with Wells Fargo.

Operator

Great. Thank you for

Speaker 14

the question. I wanted to talk about the U. S. Federal market. You mentioned you have FedRAMP high status for EPM and PAM now.

Speaker 14

I guess first, how is demand in the quarter? And then second, has that FedRAMP high status opened up a larger pipeline with new agencies that you can now sell to? And are they also purchasing SaaS or more on prem? Thanks.

Speaker 3

Yes. Thanks. So I think when we think about our FedRAMP, let me first clarify. What we announced was FedRAMP high for EPM and for our identity products. And why did we start there by the way versus starting with PAM?

Speaker 3

It was because we only have SaaS versions of those products. So in order to even be able to sell into the federal government with identity and with EPM, we needed to be FedRAMPed. We believed in the market opportunity. That's why we went and did the heavy lift process, not just to get through FedRAMP, but to get to FedRAMP high. That opens up not just the civilian side of the federal market, but also the DoD side.

Speaker 3

And frankly, also helps us at the state level with the state side of the government organizations. We are very bullish and optimistic of our ability to bring EPM and Identity into those markets. Now we have an existing book of business with PAM on prem that we've had for many years. We have invested in the on prem certifications. We now are investing as well in PAM FedRAMP certification and we'll get to that in the time ahead.

Speaker 3

But in the meantime, we believe that one of the biggest industries or verticals that are being attacked is the government. It's being attacked at the federal level. It's being attacked at the state level. And our ability to be able to institute core security controls like I'm describing, lock down the endpoints, have a bigger version of or bigger story of Identity beyond MFA SSO, allows us to be able to capture a bigger piece of the market in the federal space, which we've done well successfully, so far in our history, but we think it's an opportunity for investment and growth in the quarters and years ahead.

Speaker 1

Your next question comes from the line of Ittai Kidron with Oppenheimer.

Speaker 15

Thanks. I have two questions, maybe I'll show them all at once. First for you, Josh, on the bookings upside, you just give us a little bit more color there on how much of that is duration, new customers, expansion activity stronger than you expected, the mix of products there? Any color would be great. And Matt, on going back to the point you mentioned to the question of complement EPM being complementary to EDR, it is complementary today, but clearly more and more of your portfolio right now is at the edge.

Speaker 15

I would think the browser, I would think about that as an edge product as well. And so as you're moving closer and closer to the edge, can your EPM product evolve into an EDR like product and be competitive with an EDR solution?

Speaker 3

Sure. And I may take both just in nature of the time to move us along, but the questions. So on the first front, when we look at the bookings performance in the quarter, remember bookings has nothing to do with duration. So the duration, we just wanted to be transparent, was a bump up in the quarter. It's about $3,500,000 of contribution around revenue.

Speaker 3

But it's not a contributing factor to the strength of our overall business. The strength of our overall business is based upon continued growth across the entire portfolio. We continue to see ARR just grow really strongly for each piece of the platform. Now I highlighted in the call kind of particular strength in the secrets management business and I'm very excited by that because that again is showing our ability to compete effectively as a security sale in the machine identity space. So I would highlight that.

Speaker 3

I would also highlight, as we talked about earlier, our ability to be able to go back into the base and expand customers beyond PAM or securing IT into new areas like securing developers or our ability to be able to go compete effectively in the quarter around workforce and our differentiated workforce solution. So across the board, I can point to the entire portfolio, talk about strong bookings, and that kind of comes from that overall approach. Remind me again of the second question?

Speaker 15

EPM into EDR.

Speaker 3

Thank you. So on the EPM side, I think we are very comfortable with our definition of identity security. Our definition for these 4 different identity groups, our ability to be able to be the control point and our ability to be able to apply privilege controls across those. And just like I think that EPM is a complement to EDR, I'm very respectful of the EDR businesses that are out there. I go to customers and I tell them all the time.

Speaker 3

Yes, they ask me, should I spend money on next gen EDR? And I say, yes, it's a good security control to have in place. And a lot of them have the right security first mindset and how they approach it. But I think there's plenty of space for us to carve out with the least privilege and privilege control side of the endpoint. And by the way, when you talk about our browser, you're talking about the same thing, the idea of an identity centric security control focused browser that can integrate into our identity security platform.

Speaker 3

And I think there's plenty of growth ahead of us without having to go into the larger EDR market.

Speaker 15

I appreciate it. Thank you.

Speaker 1

Your next question comes from the line of Srirani Kautari with Baird. Your line is open.

Speaker 12

Hey, thanks for taking my question. Matt, the follow-up on the Secure Browser GA, it looks very timely, as you said, addresses the growing demand for Android and designed to go beyond just log in, harvesting and browser Bit. X. One interesting comment you made was you believe the browser will not only enhance security, but also drive adoption of all the other solutions. I know it's still early days, but the market seems to be moving quite fast.

Speaker 12

So just curious, are you already kind of seeing signs where the browser is seeing differentiated becoming a landing point and all of driving demand for other solutions? And then just a quick follow-up on Azure.

Speaker 3

Sure. So I think just to ground everybody in the release. So when you go into the CyberArk secure browser, you are able to obviously from a security control perspective browse freely with a cookie less browsing, with password replacement, with other privileged users to be able to get to other targets within the enterprise much, much more securely. And it kind of locks down and stops one of the most important or most difficult attacks to be able to protect against, which is post session authentication hijacking. So we look at it and we pitch it from that perspective and it is a really nice security story.

Speaker 3

But underneath that, it is really a gateway and an easy navigation into our Identity Security platform. When you go into the browser, you're presented with a copilot that allows you to be able to access your single sign on tiles. It allows you to be able to access your infrastructure targets, traditional targets for PAM users. You can go and right from the browser, right from the main screen, you can get into your cloud service providers portals into the back end microservices. And you can actually do things right in the browser that you would normally have to go into the back end

Operator

platform to go do. So that creates

Speaker 3

a much easier path for So when we look and we talk with customers and all the customers that have been using the platform effectively. So when we look and we talk with customers and all the customers that have been using the product when it was in limited release, they start to see this improved pathway of usage removing the friction of user access in the PAM space and allowing for total integration into our workforce tools.

Speaker 12

Got it. Super helpful, Matt. And just quickly on the Azure Marketplace, you mentioned about a 7 figure deal that you guys kind of won, align it with PAM, EPM and kind of flow through this new route to market. Can you talk a bit about go to market motion and kind of any sense about the relative size or mix or incremental trends around this marketplace motion?

Speaker 3

Sure. And I think you've heard us talk in the prior quarters about the idea of we believe that one of the upside opportunities for us is to continue to exploit new routes to market. You've heard us talk about that in the context of the MSP program, the launch of our MSP console, our ability to be able to actually leverage new channel partners, go down market with distributors, continue to push on our SI partnership and our SI relationship. So you see overall, we're investing and enabling and building stronger partnerships. 1 of those new routes to market is our marketplace.

Speaker 3

And you've heard us talk about the AWS relationship that we've built and continue to drive on to allow for frictionless buying to leverage their the AWS sales force, and then to be able to be part of the dollars that sit out there for marketplace purchases. And it's been a great lubrication in the sales cycle. In this quarter, we

Operator

highlighted the deal that you mentioned, which went through the

Speaker 3

Azure marketplace. We're earlier days from that perspective for sure, but it speaks to vehicle and as a co sell motion that can help drive our business forward.

Speaker 1

That concludes our Q and A session. I will now turn the conference back over to Matt Cohen for closing remarks.

Speaker 3

Thank you. And I want to go back as we celebrate our 25th anniversary to think about the fact that CyberArk is laser focused on driving innovation and delivering value to our customers, an achievement we owe to the hard work and dedication of over 3,000 cyber workers today as well as our partners around the world. We are in an amazing position as the leading identity security company that is built to last and thrive for at least another 25 years. We look forward to welcoming many of you at our impact customer event in just over 2 weeks. Thanks for joining the call today.

Speaker 1

Ladies and gentlemen, that concludes today's call. Thank you all for joining. You may now disconnect.

Earnings Conference Call
CyberArk Software Q1 2024
00:00 / 00:00