Q3 2025 Qualys Inc Earningse Call
Good day and thank you for standing by.
Welcome to the qualys, third quarter, 2025 investor call.
At this time, all participants are in a listen-only mode.
After the speaker's presentation, there will be a question answer session to ask a question during the session. You will need to press star 1, 1 on your telephone. You will then hear an automated message advising. Your hand is raised.
To withdraw your question. Please press star 1 1 again.
Please be advised that today's conference is being recorded.
I would now like to hand the conference over to your first Speaker today. Blair King, please go ahead.
thank you Brianna, good afternoon and welcome to cuales third quarter 2025 earnings call
joining me today to discuss our results are shimmed the car. Our president and CEO and Jimmy Kamar CFO.
Before we get started, I would like to remind you that our remarks today will include forward-looking statements that generally relate to future events or a future Financial or operating performance.
Actual results May differ materially from these statements in factors that could cause results in different material or are set forth in today's press release and our filings with the SEC, including our latest form, 10q and 10K.
Any forward-looking statements that we make on this. Call are based on assumptions as of today and we undertake no obligation to update. These statements as a result of new information or future events.
During this call, we will present both gaap and non-gaap financial measures.
A Reconciliation of gaap to non-gaap measures is included in today's earnings, press release. And as a reminder, the press release prepared remarks and investor presentation are all available on the investor relations section of our website. So with that, I'd like to now turn the call over to cement.
Thanks Blair and Welcome to our third quarter earnings call with third doctors, continuing to reduce time to explore at a fast pace. I believe the future of cyber security is moving from our back surface management to risk. Surface management. Using agentic AI, power proactive risk management with business modification and automated remediation.
Against this backdrop, we continue to execute well in Q3 demonstrated by another quarter of solid Revenue, growth and profitability. Over the last couple of years, I've had the privilege of meeting with hundreds of CEOs, cios and Security leaders worldwide from these conversations 1. Team has stood out the need to operationalize, cyber risk management. In business terms to align budget, spend with business risk.
CEOs are looking for a practical approach to consolidate tools where possible and Empower their teams to use. Best of breed where it makes sense. They want to see seamlessly, unify their security tool set into a centralized risk fabric that provides an alternative to single Vendor platformization by operationalizing the management of multiple risk factors to effectively measure communicate and ultimately remediate the organization's risk posture.
There is cooperation Center Rock powered by qualys, etm delivers on this app.
with the broadening of the agenda for rock on the attendance was up, 20% over last year's QSC event
While traditional Security operation centers focused on detecting breaches after they happen. Cuales is pioneering. The first agentic AI risk Operations Center Rock a new category in cyber security designed to centralize an organization's response to threats before the impact the business. Powered by our etm solution, The Rock
Process several petabytes of High Fidelity data, every day normalizes and correlates intelligence from both qualities and non-quality sources, and equips Ai and humans to collaborate in real time, detecting and responding to threats at machine speed.
This isn't about more alerts. It's about actions that close blind spots before attackers can exploit them
Unlike traditional continuous threat, exposure management Siem tools that simply highlight the exposure but lack adequate native. Remediation capabilities, our differentiated etm Solutions combines crq, cm and Native remediation operations to fix the risk that matter most quickly and at scale,
By aligning security. And it decision directly with business priorities, we are providing organizations with measurable proactive risk reduction that boards and customers value. Early adoption is already validating the model with the OC's continuing to convert the commercial. Deployments underscoring both the scale of this opportunity and its parallels to the early days of vmdr.
And we're not stopping there. Our R&D Engineers continuing to deliver Innovations, rapidly expanding our platform and positioning qualities for a larger upsell opportunity.
In doing so Wallace is now extending, several proven module, native capabilities. Into etm, empowering organizations to harness them seamlessly across the entire attack Surface by demonstrating by democratizing trillions of security, exposures from both koalas and third party tools, including vulnerabilities misconfigurations and identities aggregated by our ATM solution, we are unleashing a sophisticated predictive platform that leverages a combination of quality. Through this framework, our true lens, threat management capabilities and a mission. Ready. Agentic AI, Workforce operating, autonomously from Discovery to remediation with full itsm integration. This unique combination of capabilities, identifies Trend trending threats in real time Benchmark, service against PS. Assess this organizational impact and quantifies risk is in clear actionable terms that matter most to the business.
As a result security and it teams can continuously, prioritize ticket and remediate threats based on organizational. Risk associated with the merging exposure, targeting specific Industries, asset types, and identities.
We believe this most recent additions to our etm solution further Advance our differentiation in the market, enhance security, operations, and significantly accelerate, measurable outcomes for customers.
Next up, our ATM solution. I'm particularly excited about yet. Another pioneering capability from quality through confirm.
True confirmed, flexes the power of our platform to confirm exploitability before customers become compromised.
Using automated validation at scale. We remove the guest work for customers by running safe, exploits over the network to confirm. Whether the attackers will succeed in their breach attempts while closing the gap between theoretical and actual exposure.
this approach further allows customers to be laser focused on prioritizing only exploitable blind spots in for the next logical step which is automated remediation with true risk eliminate
Our industry-leading capabilities are increasingly being recognized by our customers partners and third-party analysts.
Specifically at blackhat cuales 12 Pony awards for our outstanding contribution, to threat research underpinned, by our strong leadership in 30 to 10 years.
Equally important Giga ohm recognized quality, as the leader in patch management, a market qualified pioneered with over 140 million patients deployed in the last year alone.
While some competitors are only beginning to validate the strategy quality of advanced well beyond patching tourist, eliminate closest, the unpatchable Gap, enabling it and security teams to automate an array of compensating controls when patches are deemed too risky to deploy or simply not available.
And with adversaries, increasingly exploiting vulnerabilities at AI speed, our umbrella of AI based automated. Remediation Solutions has evolved into a significant adoption layer. A distinctive competitive advantage and opens New Market opportunities for quality.
Is to help unify their security tools, quantify and remediate risk in their environments and fortify their security operations.
In Q3 1 of my favorite ones was with a global 700 customer that was previously only using callers for PCI scanning.
This customer like many organizations were buried under fragmented, Telemetry manual, spreadsheets and disconnected tools with little automation, that teams were spending more time, documenting than reducing risk and consequently were burdened by an onslaught of compliance audits this customer shows, callers to transform, Silo risk, signals, spanning code repositories, endpoints identity, Cloud, container and network assets into a cohesive real-time.
Manage risk management Solution by consolidating Wallace and non-quality data.
This included replacing their existing vulnerability management, vendor and purchasing 3 additional Wallace modules, including etm to begin operationalizing, the risk Operation Center with ingested third-party data, resulting in a mid 6, Figure annual booking subset
By consolidating, these data sources into callus platform, we are delivering this customer a vendor agnostic, orchestration, layer with full visibility of their attack and risk surface. Centralized risk management. Quantification prioritization and Remediation. While unleashing the operational efficiencies of security stack, consolidation aligned with acceptable within acceptable risk parameters for the business.
With our innovative technology, unmatched platform effect, and focus on reducing risk and friction, this will underscore scholars' ability to eclipse legacy, siloed solutions and advance our leadership in the industry. It's also an outstanding example of how we are working with our managed risk operation, emero partners of choice to activate the rock with new, win business.
For the next phase. This customers evaluating our total cloud cloud native cynap solution, and through risk eliminate Solutions. While also bringing additional third-party tools. Into callus platform. Representing a significant upset, upsell opportunity,
Further leveraging our Mrock partner ecosystem to drive new logos was a new six-figure customer win with a major airline in the Middle East. This customer shows qualities because of our unified detection and remediation capabilities with true risk elimination.
Nearly 9 months after announcing GA with our etm solution and over 28, POC is converting to Commercial Success. Already. We have gained valuable insights into etm, pricing and packaging.
As a point of reference, we expect that for every $1 of vmd or etm can drive an uplift of up to 100%. Now that etm will include cyber security Asset Management as well as other etm, feature enhancements, such as those mentioned earlier and third party data injection.
Starting with our Q1 2026 earnings call, we will shift from reporting cybersecurity Asset Management LTM bookings to ETM customer penetration, as we believe ETM will be evolving into a key pillar of growth for Qualys over the next several years.
Turning to our federal business, we achieved a high 6 Figure upsell with an existing large government agency.
This customer has had previously used multiple Legacy and external tools to manage a variety of risk management use cases across their security. It and devops team. In addition to the complexity of using multiple Point products, this government agency has become increasingly frustrated with increasing costs associated with Legacy on-prem, deployments the efficiencies of operating siloed systems and elongated remediation efforts,
With a distinct need to shift, several monolithic workloads to micro application across this hybrid environment on a Freedom High solution. This customer accelerated, the consolidation of its security stack over 17 quarters modules, including the MDR. Cyber security Asset Management total app, sectoral Cloud tourist eliminate and total AI.
Today this customer is leveraging a unified dashboard. That provides them with a greater insight and automation than any other competitive products. They evaluated while taking full advantage of the speed and scale of cloud. Native platform. This allows for a significant 7 figure State win or a testament to the strength. We see in our federal state and local enrollment business and the long-term growth potential of the market.
Beyond these winds. We are also increasingly gaining leverage from our partner ecosystem. In Q3 partnered, LED registration, increased demonstrating the success of our partner for sales Motion. In addition, we have now certified nearly a dozen Partners who are actively launching embro services, leveraging, etm to deliver centralized automated pre breach risk management momentum is building towards a global Rock Alliance and we expect to certify additional strategic Partners in the coming months ahead who are committed to positioning Wallace as the mro partner of choice.
Flexible platform. Pricing model which we are calling Q Flex.
The beta tester Qlex in Q3 chose to help customers accelerate and maximize the adoption of the quality Enterprise Tourist platform.
In less than a quarter. After introducing this model, we're seeing notable customer interest and tremendous success. To give you an example, an existing Global 10 customer made a multi-year commitment under our Keys program, increasing their annual bookings by over 50%, while adding new modules to the subscription count with quality.
This will reflect our growing capabilities in this management and we expect the contribution from Q Flex to continue to grow in summary, our continuous innovation, early Rock deployment, strategic wins with Federal customer and state agencies. Momentum in partners are initiative. And the initial adoption of qflix, collectively, underscore all the systems. We will Define this management workflows reducing operational complexity for customers. And addressing, today's topic security challenges. We believe these Achievements not only validate our ongoing Investments but also position qualities as a trusted leader in preach risk, cyber risk management setting the stage for durable growth and long-term success.
With that, I will turn the call over to Jimmy to further discuss our third quarter results and I'll look for the fourth quarter and full year 2025.
Thanks man and good afternoon.
Before I start I'd like to note that except for revenues all Financial figures are non gas and growth rates are based on comparison to the prior year period unless you did otherwise.
Turn to third quarter results. Revenue grew 10% to $169.9 million.
The channel continued to increase its contribution, making our 50% of total revenues compared to 47% a year ago.
Revenues from Channel Partners, grew 17% outpacing direct, which grew 5%.
As a result of our strategic emphasis on leveraging our partner ecosystem to drive growth, we expect this trend to continue.
By go 15% growth outside. The US was ahead of our domestic business, which grew 7%.
The US and International Revenue. Mix was 56% and 44% respectively.
Thank you, 3, grocery attention. Continue to improve, however, upsell remain challenging with our net dollar expansion rate at 104% and change from last quarter.
In terms of product contribution to booking hatch management and cyber security Asset Management combined made up 17% of total, bookings, and 28% of new bookings on the LPN basis.
Our Cloud Security Solutions total cost c. Not made up 5% of LTM bookings.
Reflecting our scalable and sustainable business model, adjusted ebitda. For the third quarter of 2025 with 82.6 million representing a 49% margin compared to a 45% margin a year ago,
operating expenses in Q3 increased by 5% to 64.9 million driven by investments in sales and marketing, which grew 9%
As you remain focused on driving growth, you're mindful of where to further increase Investments. While optimizing returns in others, which result in an Eva margin exceeding, our expectations in Q3
This demonstrates, our ability to maintain High operating leverage remain Capital efficient while continuing to innovate and invest to support our long-term growth initiatives.
With this strong performance is EPS for the third quarter of 2025 for 19% to 1.86.
A quarterly free cash flow was $89.5 million, representing a 53% margin compared to 37% in the prior year.
Here today, free cash flow margin was 46% compared to 42% in the prior year.
in Q3, we continue to invest the cash regenerated from operations, back into Pace, including
901,000 on Capital expenditures and 49.4 million to repurchase 366,000 of our outstanding shares.
Please commencing our share with purchase program in February of 2018. We've reached 10.4 million shares a return. 1.2 billion in cash to shareholders.
As of the end of the quarter, we have 205 million remaining in our share of purchase programs.
With that, let us turn to guidance, starting with revenues.
For the full year 2025, we expect revenues to be in the range of 665.8 to 6667.8 million which represents a growth rate of 10%.
For the fourth quarter of 2025, we've set revenues to be in the range of 172 to 174 million representing. Our growth rate of 8 to 9%,
Long, we believe our platform approach to cyber risk management provides some insulation in this Mecca. Volatility this. Guidance assumes continued budgets scrutiny and a challenging environment for new business growth in 24.
Shifting deposit ability guidance, we successfully year 2025 margin in the mid to high 40s. Now, we cash on margin and the low 40.
We saw your EPS to be in the range of 6.93 to 7 Up from piling up 6.2 to 6.5.
For the fourth quarter of 2025, we expect ETFs to be in the range of 1.73 to 1.8.
Our plan Capital expenditures in 2025, are expected to be in the range of 5.5 to 7 million. And for the fourth quarter of 2025 and the range of 1.2 to 2.7 million
With us tonight and I would be happy to answer any of your questions.
Thank you. At this time. We will conduct the question and answer session, please. Stand by while we compile the Q&A roster.
Our first question comes from Roger Boyd of UBS, your line is now open.
Awesome. Thanks for taking the questions and, uh, congrats on a nice quarter sumod. Can you, uh, just double click on on some of the pricing. You mentioned around etm earlier, I just wanted to be clear on on that 100% upsell metric is is that inclusive of what you have with cyber security asset management and patch and just now with with the kind of packaging and sort of figured out on that product, just your confidence in in kind of the ability to start driving better. Better upsell move forward, thanks,
Yeah, that's a great question. So, from the way the pricing, we're looking at it is like DM pricing is going to include Cyber Security Asset Management. Because, as we talked to our customers, you know, for building any of this cooperation center, the foundation is asset inventory and with all that you can also succeed. And so that was a big feedback that came about. So that's included. What we have added also are the agentic AI capabilities for them to be able to, um, augment their security team with AI agents so that they can really manage outcomes for cyber security within their spend. And, you know, optimize because, you know, everybody's being asked about how they are optimizing their spend even in cyber, uh, and the ability to have, um, very, uh, focused threat intel that will allow them to validate, um, exploits. So that's included. The upsell that we, uh, look forward to is then once they have used ETM to, um, be able to.
Get the inventory to be able to confirm that the exploit can work in their environment, then they purchase, uh, tourist eliminate, which includes match as an example and mitigation, um, so that they can get that particular thing actually remediated because at the end of the day, we can create all kinds of visibility but given that attackers are exploiting vulnerabilities. If you saw the recent mandate report in, uh, you know, minus 1 Day on an average, which is even before patches are coming out. The key is going to be about being able to, uh, remediate things and mitigate things, even if you don't have a patch available. So, um, the pricing to answer, your question is 100% up to 100% is what we see with the addition of vmdr ability to, uh, to, uh,
Bring in cesam. Um, identity AI, uh, as well as ability to confirm exploitation. And then from there, the upsell will be. They will we can observe you eliminate so that they, you know, it allows them to do more uh, in terms of actually getting an outcome.
Really helpful, thanks for the caller.
Thank you.
Our next question is from Patrick caval of Scotia Bank. Your line is now open.
Thanks for taking my question guys. Um, I guess I want to ask uh, 2 parts of 1 is on the FED. I know the FED is
Like a more Nation notion for cuales, but what are you guys seeing in this bed? Um, especially kind of in the first couple of weeks of
Uh, 4q, given that the shutdown and then and then the other question I'd like to ask is about the competitive environment. And, and the reason I asked this 1 is it it's the 1 we get most from investors and it's like is the competitive environment changing for kis, given noise from vendors, like crowd, strike and others who are, you know, um, claiming to be entering the space and, and, and, and winning shares. So are you coming up again? Different companies Now versus a year ago and, you know, results speak for themselves, when rates seem high. But, you know, if you talk to that as well, thank you.
For both of them. So, first 1 is on the federal side. You know, as you said as, as you already know, we're at our very, very early Innings, and we made the investment and the commitment to get fed ramp High, which has really created. Very, very powerful conversations. I mean, I had the pleasure of actually being out in DC and having some very good critical meetings there to start to have the conversation around risk Operation Center, how it can help the government and essentially bring efficiency. And so, you kind of have the, the Doge which is, uh, of course, that is driving people to think more of efficiency, um, in terms of, uh, how they can consolidate different things. And that's where there is cooperation Center, as a way to, uh, to eliminate fixing things that don't really matter to the risk has really resonated. Well, with our federal customers is today. It's not just the spend of the tool. It is the amount of spend you put in remediating things that the tool is telling you, which is a waste of time and money if those things are not even exploitable. So for us, what we are seeing is uh, it's a very exciting.
Early conversations. We see lots of opportunities over the next few years, um, of course in when you have the current, um, scrutiny that is going on. Um, sometimes people are taking a bit of a wait and watch opportunity in other cases, who are actually seeing as, uh, opportunities coming to us because of the focus on, um, on being able to be um, uh, you know, efficient in terms of the risk Operation Center. So so it's a mixed bag. But overall from what we see right now is you don't have as much exposure for the revenue to that, but we do see
That this is an area that we are have committed to invest over the next few years and federal ramp was our first step. And now with, uh, our focus on the conference, we did in DC and we are continuing to going to continue to invest in the federal space moving forward, um, on the vulnerability management and competition side, I think, uh, if you I was really excited to see the callers, got the leader position in Giga ohms, uh, patch management above many of the other vendors that have been out there because really with uh, what we have been seeing and what I saw a few years ago and why we have been talking about how vulnerability management is evolving, uh, less about detecting more and more CVS. Most people are barely fixing, um, 5% of the CVS that are being discovered, because it's creating so much noise. So,
While there are other players that talk about discovering more CVS, the focus for quality and what we are doing with this Corporation Center is has been about how we are um, helping customers really narrow down. And, you know, we we did this at at our conference, uh, Rockwell conference where we showed a um, a nice little representation of how 62 million findings, after applying the right, uh, agent in threat, intelligence went down to 2 million findings that really mattered in terms of any risk. And then further after applying business context, went down to only 300,000 and so our focus is on shifting towards. How do we help the customer? Actually pinpoint. Exactly what matters from uh, 13 to perspective. But then also, how can we help them immediately fix?
Said because if attackers are attacking things in 4 hours, you don't have time to go and create zero tickets and service now tickets and wait for other teams to use, different patching Solutions, and different mitigation solutions, to do that. And so, what we're doing, now, what we're seeing is really an evolution of that is the customers really like our, um, capabilities accuracy of detection Etc. Uh, but we have also opened up the platform. Now, with rock, to be able to ingest data from uh other uh areas like OT or other EDR tools that might be collecting cve, so that we can help customers actually narrow down that, uh, focus of what really matters and the, the key. Uh, uh, exciting thing is for them to be able to get things fixed with qualities, uh, which is something that, and, you know, validating the exploit and then, getting it fixed or call is, uh, is what is, what is focused for most of our customers right now. So, primarily we see daybell rapid, 7 years, occasionally. We see some of the other tools that are talking about, uh, giving more cve. But
customers are focusing more on how do we get the the key things that are mediated quicker rather than discovering more, which they are not fixing anyway,
Thank you so much. That's super helpful.
Thank you.
Our next question is from Mike Sikos of Needham. Your line is now open.
Great. Thanks for taking the questions, guys. I just want to double check on and congrats on the quarter here.
Was there any 1 thyme benefits to revenue or CCB? That we need to take into account on our side and then, secondly, as a follow-up, uh, Jimmy great to see the results. Uh, net dollar retention obviously, remains here at 104. What needs to happen for that net dollar retention? I actually start uh, picking up from where we are today. Thank you.
Order. Um, as usual, you do get some benefits or negative impact from either side, go renewals, but nothing material that we think is specific to this quarter. So it was really a solid growth quarter from an execution standpoint. The net dollar expansion rate would love to get that up from 104 to an upward, and this is part of the reason why Cmat had commented on the fact that we've been really focused on making sure that we're delivering the message in terms of how ETM could be beneficial to our existing customers as well as new prospects. And so as we look to the cohort of customers that are up for renewal in each respective quarter, we're making sure that they understand the value that they could potentially see from, um, you know, whether they're looking to upsell from CESAN to ETM or cross-sell with adding ATM to their existing DMV or solution. And we think that that could be a meaningful impact to our net dollar expansion rate.
Thank you so much.
Thank you.
Our next question is from Kingsley. Crane of canaccord genuity. Your line is now open
Hi. Thanks for taking the question and congrats on a really great quarter. Um, if we think about agentic, AI within the risk Operation Center. Totally, I was in VM and in the cnap suite that all requires significant development resources. So how are you prioritizing R&D? Spend across those initiatives and just you know what metrics do you use to evaluate resource allocation
Thanks. Yeah, that's a great question. And I think it's really the focus for us on investment in uh, R&D and and sales and marketing, right? And so at the beginning of the year, we started with the plan to hire a cro from a sales perspective and and put focus on hiring more Engineers, Etc, to be able to deliver on all the capabilities that we're talking about. And I think as, as we have, uh, I'm pretty happy with our focused execution, uh, with the level of Investments that we have made and the way, um, Sean, uh, who's our VP of global sales has executed with the team, um, to give us a solid quarter. And so, the focus for us now is to really from a sales marketing perspective to focus on working with Sean and team. So that we can, um, uh, get efficiencies from what we are seeing cross functional between our sales team or product management team Etc. And then uh uh and then on the R&D side, you know, we have had really good success with leveraging AI in internally within our um own development.
Efforts. And, uh, you know, as an example, we have pretty much stopped hiring anybody in QA anymore. Uh, we are seeing, uh, 20 to 25% efficiency gains with our best engineers. And ironically, it's actually the best Engineers who are getting the most benefit out of using AI. Uh, and so, in a way, with all the things that we are doing with, uh, adding AI, uh, into the risk Operation Center, AI is benefiting Us in adding those without the significant increase in our R&D, um, expense. And so I think at
This point the way we are looking at it is we're going to continue to leverage AI. Uh, you know, of course we're going to invest back in our business but um, no need really at this point for us to look at having cro as the team is executing well focused, uh, in with what were our goals are. And then on the R&D side, uh, again we of course are if you see the innovations that are coming out as a pretty rapid space, um, we will, of course continue to invest in R&D but it's all going to be um, looked at from the lens of what kind of investment we will make in terms of people versus AI tools and how those tools are going to give us the required efficiency or, you know, I would say unexpected efficiency in some cases. Uh, and so, we're excited about what we're going to be able to do from both adding. Um,
The, the risk operations center, uh, agent AI capabilities while internally also using agentki across the board. Uh not just in uh R&D but also in sales and uh other areas as well. All right? And just to add to that, we are we are a community focused on making sure that we have the right team structured and the focused areas. And from a product development standpoint, we have different teams working on whether it be a total AI or etn. And because of that we are continuing to increase the hiring. Um, the R&D the engineers, um the it's just that the geographic mix of incremental, higher shipping more to be in India which has helped from an R&D expense standpoint. But um, we are making sure that we're working across the different orgs or a different functional areas within the engine.
Engineering team to make sure that we're prioritizing in the right manner.
Really helpful. Thank you.
Thank you.
Our next question is from shrenik kothari of beard. Your line is now, open.
Definitely sounds like a a step function moving from, as you said, the risk scoring to automated, uh, exploit validation and at scale just curious like, uh, do you do you envision this, uh, also becoming sort of a pillar like, etm, as, as in monetizing it Standalone or you think of it as becoming an on-ramp to to move customers into into broader etm. And then just with the with the poc's converting and all the large Enterprise consolidations, you talked about, like, how should we think about the etm trajectory ahead. Uh, and and have a quick follow for G.
That's a great question. And you look, I mean, I think I'll say that at the end of the day for risk management, you only manage your risk. If you have eliminated the right risk, right? You you know just building dashboards and as I said, dashboard tourism is not helping with just visibility. And so at the end of the day for that to happen, you need to have 3 things. You need to be able to collect data from multiple sources. So you can get a broader picture of the view and um, your uh, your applying 13 delusions, and you are seeing some of the traditional, you know, C10, which has been around for many years. Some of the Siem Solutions are just giving you or we Consolidated the data and here it is. And so they are giving you a theoretical view of what might be exploitable in the environment. But we true confirm included. As part of etm, we are going a step further relative to these CM visibility only platforms to giving them the ability to actually confirm and that's what includes
Included as part of etm is not an additional upsell, but that helps us differentiate from the CM. Only solutions, gives them the ability to confirm in their environment that an exploit actually works. And then the upsell from there is really, and that's kind of how we look at the feature for converting, our customers from vmdr to, um, to etm is that that conversion then will allow us to upsell them to the actual eliminate capability. Because, again, like I said, if attackers are looking, uh, starting to exploit vulnerabilities. Uh, you know, even before patches are uh, being made available. Uh, it it is really about speed and so you need to be able to quickly detect the vulnerability. You need to be able to then confirm that it is exploitable in your environment rapidly. And then the next logical step has to be a automated AI driven fix, so that we can get it fixed before the attackers get there. And if we, and that's really where there is cooperation, Center is not just a Siem solution. It really is more than a Siem solution, which is just giving you dashboards.
Got it, super helpful and Jimmy very quickly. Uh, if if some manager of the AI driver for automated remediation and or orchestration, scale into the model, uh, amrock partner delivery. Again, also reducing the heavy lifting internally. So just curious as, as partners increasingly monetize these Services, how should we think about incremental leverage, uh, and how we're thinking about that things?
Yeah, I think that Emerald will really help us to grow the Top Line because how we see the new new product and value proposition in terms of the customers, being able to really see how ATM could help them from a risk management standpoint. They will need assistance from the partner to really make sure that they're implementing the tool. They're utilizing in the appropriate way and they're maximizing the ROI from their respective like customization. That's required from the organizational standpoint. So, with working hand, in hand, with the partners, to help us to accelerate the Topline growth for us. We think that we will get some leverage from a margin perspective but really the unit economics. We don't really see a material shift there. I think we're already seeing some, some kind of benefit as we continue to shift more of our business to the the partner side and then layering on top that mro's Professional Services or additional implementation held that the customers might see, um, will help to accelerate that Revenue growth and the ATM penetration.
And and, you know, just to kind of add to what you said. We I call that out as an example, in our earnings, uh, call there and mro partner, brought this new uh, logo opportunity to qualify in the Middle, East 1 of the largest Airlines because they were excited about. Not not because of just the, you know, margin here or there. They were excited about the ability to provide a high value Risk Management Services to their customer if they brought that customer to call us versus just selling them some other
You know VM scanner that would just give them more findings and uh they would have to do a lot of work to provide value on top of that. So that strategy around mrock partners are bringing not just etm but they're also bringing us uh, other customers. Other deals with the understanding that these, uh, engagements with koalas will lead to Services revenue for these companies.
Great. Uh, thanks a lot, so much for me. Appreciate it.
Thank you.
Great. Uh, thank you for taking my question. You know, as you pivot more, uh, you know, into a platform play, are you seeing any changes, uh, in sales cycles from customers?
I mean, I think nothing nothing notable to call out for. I think then on the the there's good and bad right at times for us to be able to show the value of the platform by ingesting data from tools that they already have, uh, can be a win. Instead of saying, you need to do a deployment of uh, of our agents and scanners everywhere to see the value that quality Springs. And then uh, the pricing can allows them to think about maybe eliminating their existing solution over a period of time. And so I think today, uh, I think so far, we are in the early days but we're seeing, especially with the, The Rock on conference that we had and the partner advisory. I mean, the sorry, the the product Advisory Board where we had, uh, a lot of the top Banks out there. I I think the feedback is a lot of excitement, uh, around the the result of operation Center, uh, as a focus area rather than just, you know, kind of trying to do like to like scanner the scanner, uh, replacement and the time and effort it takes this is something that they feel like, you know, is something that they can justify, uh,
In terms of moving quickly. Now, of course, it is something that is new, everybody's looking at it this year. So, uh, it is allowing them to figure out how they are going to budget. Uh, some people have the budget. Now, some people are looking at it to budget for next year's purchases and so, um, but overall, the, the conversation has been, uh, pretty positive and, and I think, uh, the, the goal for us is to not only existing customers, not only bring the quality, uh, findings into ATM, but that value, they get out of that is going to encourage them to bring a lot of other, um, findings and other assets that are not currently in qualys. And, and so, we are seeing that with some of the early adopter customers. They started with bringing quality, uh, vmdr findings into ATM. But then, quick quickly pivoted after seeing the value to bringing, you know, sometimes twice as many assets, uh, into callers as they had before from other tools, uh, increasing the license count for etm. So that's kind of how we're looking at it. As we progress is that um it's going to help us be much quicker and PC's and
We don't have to walk away for customer already has a competing VM scanner. We can actually just injure the data, show them the value, show them the business value and then grow from there, uh, rather than doing, you know, prolonged poc's that in involve deployment of, uh, agents and scanners. Uh, which ultimately, they see the value in that. But it is sometimes just take a longer cycle. So I think net net, I think will its early days. We'll see how it develops. But so far in the initial, um, engagements we have had, it's been pretty exciting and
fairly quick, moving
All right. Thank you.
Thank you.
Our next question is from Joshua. Tilton of wolf research. Your line is now open,
Hey, hey guys, thanks for sneaking me in and congrats uh on a great quarter. Um, I've been bouncing around a few calls tonight so I'm actually going to ask a pretty uh a high level question. Uh and my question is we we have the privilege of covering uh 3 public traded vulnerability management, uh vendors. And you guys are all kind of growing at different rates and I guess my question to you is are the Deltas in your growth rates, a function of things changing within the VM market and therefore some of you are growing faster. Taking share growing slower within VM, or the Delta and the growth rates because some of you have taken these broader platform plays and you have these nonviolent better separating the growth between these 3 players. And if it's the latter, I guess, can you just help us understand which of the product the non VM products for you. We're really driving the separation and growth that we're seeing equals versus some of the other players, thanks.
I I would just say that some of us have just have an awesome organic platform. That's why we are going at a different pace. But having said that, I think the, uh, look, I think, uh, we've talked about this for a few years VM has been changing, and people are less focused on just scanning, uh, and more focused on prioritization remediation. And that's why we pivoted to
Management has been uh, growing as a percentage of our ldm uh bookings. And then we also talked about now that our focus on etm and how starting at the earnings call for q1, we're going to focus more on, um, the, the penetration for etm within our customer base, which is elevating from vmdr to uh, um, to ability to give them a broader risk Operation Center and then the upsell from that is going to be the eliminate capabilities to get things fixed. And so, um, you know, I I, with the engagement that we have with our customers. There is a big Focus from customers on a business alignment of cyber security. Spend the ability to look at risk from a business perspective. Uh and and what we are doing now and the organic is develop platform that we have that integrates so many different things together. Uh, I think is helping customers get a very quick uh and simplified view of their actual risk and the ability to actually remediate before attackers get there versus, um, you know, competitors have multiple acquisition.
Options with multiple separate tools, that don't really work with each other and uh, they're not able to get that kind of uh um in my belief, they're not able to get the kind of a response that we are able to give very quickly. Uh, Whenever there is something going on and that's the feedback that we have been getting from customers.
Smith, you had me at organic platforms. Uh, but maybe just a follow-up for G. Um, if I missed it, I apologize. But anyway, can you help me think about how we should expect billings growth to finish, or current billings growth to finish, this year?
Yeah, I think that Q4 because it, it was a very strong quarter, a tough compared for, for next last year. Um, we do expect current billing to be a few percentage points below the revenue growth rate, um, ending the year. So maybe they think about it from the like like 2025 full year. Current billing growth at around 8%.
Super helpful. Thank you.
Thank you.
Our next question is from Jonathan. Ho of William Blair. Your line is now open.
Hi. This is Garrett. Brookman for Jonathan, thanks for taking my question. Um, I was just wondering if you could walk us through how you're thinking about um contribution from like your new and continued product Innovations, um, like including Ai and new modules around vmdr and mro versus, um, you know, just continuing to upsell and cross sell your existing install base. Um, and then
Also, can you just talk about how customer conversations are going with your mrock solution at this point? Um, just.
What? What traction you're getting there. Thanks.
Sorry, I didn't get the first part of the question again. So you're you're asking for uh, contribution from
Yeah, like new modules, um, and new customers versus upselling. Um your existing base in in your existing modules
Yeah. Look. I think every customers are different part of the journey so we don't really Break It Out by individual modules. I think we have been giving color on the contribution of uh, total Cloud. Uh, which is our Cloud native cynap solution. We're happy. Um, to see the the progress it is making its early days but it was 5%, uh, of the bookings for the quarter. And then you also have uh, we called out uh, batch management and cyber security Asset Management, uh, which has been the focus for us the last couple of years. And we're happy with the penetration there. But we're also, uh, now pivoting more towards the risk cooperation Center, etm solution that we talked about and our goal is going to be just like we did from VM to vmdr a few years ago. Really up level our customers from the mdr2, uh, etm Solutions. So, you know, which we have a very nice uh, existing install base of vulnerability management uh customers that we can uh, work on upselling. Them and cross-selling them to etm, which by the way, will include cyber security Asset Management already. And then next step,
Around the business and, uh, you know, for that that particular industry. What is the risk of a ransomware? How much money could they lose? And why should they fix this particular vulnerability versus not fix another vulnerability. So,
It's been very positive feedback and we're excited about that. And so I think as we get into the next year, um, we are really putting a focus on etm and as part of that. Um, you know, we have made some internal promotions to align well with our go to market strategy there with product management and um, and uh, Jonathan and I see so, so really working on, you know, helping us as a GM for our risk of patient solutions to, uh, really bring all of our teams to executing more towards etm, and getting the benefit out of upselling, our customers to, uh, etm and and that's what if you see in the q1, or this call will be starting to focus on the opportunity ahead of us. Uh, in addition, of course, uh, you know, 1 of the reasons is like there's a lot of synapse Solutions out there. We see the resonation, what is resonating with customers with our senior solution? Is not so much individual features, but it is again the ability to bring the cloud risk as part of the holistic business risk. And so, yes, other scene app Solutions. Can tell you how many open buckets that you have up to the public.
But if you ask them, what does that mean? How in dollar value loss to your company? If 1 of them is compromised, they don't have answers to that. And so, uh, our Cloud security solution is actually integrated from a risk perspective, uh, to give that business quantification and that's what the feedback that we're getting from customers. And so, as I look into next year, our focus is going to be on etm as the big Focus to uh, cross sell our customers. It's going to be continued investment for long term in the federal Market, focus on uh uh, on the continued Innovation that we have with the eliminate, um, capabilities. And then, all of that is going to be underpinned by our work that we are doing with emro Partners. Uh, which I think you're going to, uh, contribute, uh, even more, uh, to scale our business in 2026.
Thank you.
Our next question is from Joseph Gallo of Jeffrey's. Your line is now open.
Hi guys, this is anic Bowman on for Joe Gallo really strong quarter. Can you just share some color on where exposure management is in terms of budget prioritization in 2026 and can we expect Billings to track in line with your noted 8% for 2025?
I think I'll answer the the first part is uh, you know, we're seeing. Definitely customers are uh, looking to invest in uh, proactive Risk Management Solutions. And uh, as I said that there is cooperation Center where exposure management is part of that and business modification uh, with the feedback and response that we're getting from customers. This is definitely uh, an area that they are focusing on in all the conversations that we had with this year. I I think a lot of customers, see the risk Operation Center and the, the security Operations Center, Rock and sock kind of working closely with each other because there is a lot of fatigue, currently, on the sock side because of too many alerts. And the feeling is that as if they can focus on better, uh, prevention. Uh, in the first place that can reduce the number of alerts and reduce the fatigue that they see in the sock and people are looking to balance, uh, in in the early conversations. While I don't have a exact percentage right now, we will see how it evolves in next year. Uh, people do talk about
Balancing, um, their, their cyber security budgets between proactive risk management. Uh, versus uh, just reactive after the fact and somebody is in your network. And there's been a lot of that has happened in the past. And you know, it's ultimately you cannot do away with uh, 1 or the other. You need both so that you can proactively reduce risk while having the monitoring needed. If there is a compromise to block that, but there is definitely a focus on customers to uh, prioritize the the
The split between those, because again, if they don't prioritize what they are fixing accurately, then they are asking and wasting their IT teams' resources on fixing things that don't actually matter, while at the end getting more alerts in their SOCs. So, from that perspective, we are seeing conversations around the Risk Operation Center, you know, and where exposure management is one part of that, are definitely trending, where customers are liking this ability to think about how much they spend on interactive risk management in terms of business risk and how much risk they will have, which is what I talk about in my keynote. As well as the move from attack surface management to risk surface management. You can spend a lot in covering your attack surface, but if the risk of loss was only, you know, $50,000, and you spend $500,000 a year on attack surface, that's not a great business equation. So, um, that's what we are hearing and seeing from our customers in terms of billings, you know,
8% that we we believe that we'll be able to achieve in 2025 for the full year is is on track.
Thank you.
Thank you.
Our next question is from Rudy Kessinger of D.A. Davidson. Your line is now open.
Hey, great. Thanks for squeezing me in here. Um, just a clarification on that last question. Jimmy, you said that that 8% billings for this year is quote on track.
Is that to imply that, you know, you think you can do 8% again next year, or could you clarify that, please?
Yeah. So right now I I mean billing has a tendency to be very lumpy so for this year we think that we're going to end the full year at 8% which implies a a lower current billing growth rate for Q4 given the tough compared to 1 year ago uh, in terms of next year. It's a little too early to tell in terms of 2020 things but we think that we'll be able to achieve a lot of it will depend on what would be able to close the year at when it comes to the net dollar expansion rate and we are monitoring very closely in terms of the newer product adoption to give us a better sense. And and Clarity into what we think that we should be anticipating for 2026 growth rate.
Got it. Okay. And then, um,
You know, you guys had some pretty decent results. The last few quarters Now growth has been stable at 10%, the last 4 quarters, I believe on the revenue. Um, you've got nrr stable at 104%. What I, I guess. What would you need to see to? Maybe give you guys confidence in. Maybe declaring that, you know, you can deliver stable 10% plus growth over the next couple years.
1 more, certainly working towards that and I think the key growth, uh, vectors we see right now are converting our, uh, VM customer base, to vmdr customer base. To em is an area of focus creating upsells with eliminate on that. Um, we continue to see uh, very in a lot of interest for our Cloud security solution. Um and uh, I think, uh, with long-term Federal opportunity that we are focusing on uh where really good conversation with risk Operation Center on the
Federal side as well. I think those are the areas that we continue for, you know, sort of a little short-term medium-term and long-term growth, which is Again underpinned by our focus on. Uh,
um, emro Partnerships, but we're really laser focused next, uh, next year on our vmdr, uh, conversion and the upsells with eliminate
Thank you.
Our next question is from Yoon Kim of loop capital markets. Your line is now open. All right, great. Uh, congrats on a solid quarter, uh, sumed. Um, on the Enterprise true risk management etm, um, is that primarily a big deal sales motion or is it just a, um, you know, the, a combination of a bunch of, um, products that could be purchase and deployed in multiple phases and, um, you know, collectively that could lead to 100% uplift over time. Just want to get a better understanding of that 100% plus uplift commentary.
Yeah, I think we feel and with the early response from customers, you know, we feel like we can, uh, hold up to up to, of course, you know, 100% of the the MDR because we're adding them. Uh, we are providing them, AI capabilities agent, AI capabilities Marketplace built in where they can essentially bring on a AI agent as part of their team, for 4 weeks, as they're focusing on an audit or for 3 weeks. As they are triaging the ransomware related vulnerability. Uh, and so, the seam is also included in that ability to, uh, test exploits, is ALS included in that. Um, and so we feel like that's something that is going to be helpful for customers. Uh, primarily if there's a mdrc fan, plus all the new capabilities that are highlighted, are are, what is focused on that? Now we also talked about qlex and and
And I think a lot of this is going to go hand in hand as we start, you know, seeing scale next year. A lot of these customers who are looking to buy uh um etm are also going to be interested in our eliminate platform and also be interested in cloud. And so we the um qlex is what sort of we talked about is from a, um, ability to provide them, um, a way to try and use different callus modules that makes sense to them rather instead of having to go through multiple purchase Cycles through the year. And we are going to see a combination of the qflix pricing with etm cross sales. Um, are the focus for us as you get into the next year.
Performing, um, very well, the business of really stable. Um, you got this etm kicking in starting next year. Obviously, you're very proud of, uh, um, your organically grown platform but, you know, you must, uh, see, a strategic opportunity to expand your offering, um, you know, um, to to, to, to get to that place faster than, um, organically. Um, you know, um, I, I you attempted at all, um, you know, given how Dynamic the market is evolving.
I look, I we are always open to all kinds of different opportunities to look at, uh, you know, organic small acquisition, uh, some larger acquisition potential as well. That that makes sense. We we definitely come more from, um, we want to give our customer a, um, an organic, uh, experience with the platform. Having said that we have done tuck in acquisition in the past. Where if, if there is a fit with our platform, we're not shy of looking at something larger, but currently with the way we are, executing focusing. And, you know, 1 of the things that, uh, happens with etm now is that, um, you know, we, we are able to increase the asset count that the customer uh, has with qualys by actually bringing data from other tools and may not necessarily need them to essentially buy that particular capability from quality as an example, right? Like now with, with ispm identity solution, as an example, uh, that we have as part of etm we can pull in identity from okta, and add and others, and we don't necessarily have the customer to use
Maybe acquired an ad security company. We can work with companies out there while that increases the asset count in quality. And so you, you know, these Dynamics keep changing and we see efficiencies coming out of, uh, uh, AI. We are seeing ability for us to look at, uh, various, uh, players in the market, how they are doing. And we continue to stay focused on our uh, road map from a, a organic uh, experience for our customers while. Also, keeping an eye on the industry and looking at uh whether whether whether it's going to be a smaller or larger, acquisition will definitely continue to be open to that.
Okay, great. Thank you so much.
Thank you. This now concludes the question and answer session.
Thank you for your participation. In today's conference, this does conclude the program. You may now disconnect.
Bye.