CyberArk Software - Earnings Call - Q4 2024

Transcript

Operator (participant)

Good morning. My name is Aaron, and I will be your conference operator for today. At this time, I would like to welcome everyone to the Q4 and full-year 2024 CyberArk Earnings Conference call. All lines have been placed on mute to prevent any background noise. After the speaker's remarks, there will be a question-and-answer session, and if you would like to ask a question during this time, you can simply press star followed by the number one on your telephone keypad. If you would like to withdraw your question, simply press star followed by the number one again. We do ask that you limit yourself to a single question per time when you are given the opportunity to speak. Thank you. And with that, I'd like to turn the call over to Sri Anantha, Vice President, Investor Relations. Sri, you may begin.

Sri Anantha (VP of Investor Relations)

Thank you. Thank you, Operator. Good morning. Thank you for joining us today to review CyberArk's strong fourth quarter and full-year 2024 financial results. With me on the call today are Matt Cohen, our Chief Executive Officer, and Erica Smith, our Chief Financial Officer. After prepared remarks, we will open up the call to a question-and-answer session. Before we begin, let me remind you that certain statements made on the call today may be considered forward-looking statements, which reflect management's best judgment based on currently available information. I refer specifically to the discussion of our expectations and beliefs regarding our projected results of operations for the first quarter and full-year 2025 and beyond. I also refer to our expectations and beliefs regarding the integration of Venafi and Zilla Security into our operations. Our actual results might differ materially from those projected in these forward-looking statements.

I direct your attention to the risk factors contained in the company's annual report on Form 20-F filed with the U.S. Securities and Exchange Commission and those referenced in today's press release that are posted to CyberArk's website. CyberArk expressly disclaims any obligation or undertaking to release publicly any updates or revisions to any forward-looking statements made here. Additionally, non-GAAP financial measures will be discussed on this conference call. Reconciliations to the most directly comparable GAAP financial measures are also available in today's press release, as well as in an updated investor presentation that outlines the financial discussion in today's call. A webcast of today's call is also available on our website in the IR section. With that, I would like to turn the call over to our CEO, Matt Cohen.

Matt Cohen (CEO)

Thanks, Sri, and thanks everyone for joining the call today. We are incredibly excited about the strong results we delivered in the quarter and for the full year 2024. Before I dive into specifics, I'd like to reflect on 2024 as a whole. This has been a truly momentous year of continued transformation and growth for CyberArk. By all metrics, it was an exceptional year filled with major milestones to celebrate. In 2024, we blew past the $1 billion ARR mark, a milestone we are very proud of. And as you will see in a moment, we hit that milestone even without the successful contribution from Venafi. We also exceeded the benchmark of $1 billion in revenue for the first time.

In 2024, we also demonstrated the inherent leverage in our business model, increasing our operating margin to 15%, and we fired up the cash flow engine with $221 million in free cash flow in 2024. Putting these numbers together, we returned to being a Rule of 40 company, a place we know well, a year ahead of the playbook and the long-term targets we outlined at our 2023 Investor Day. The numbers, as proud of them as I am, just begin to tell the story of 2024. This was also the year where our industry-leading platform and differentiated persona-based solutions began to truly drive the conversation among security teams and in the C-suite. We are speaking their language and solving their biggest problems. Our solutions approach facilitates deeper relationships, bigger wallet share, and the ability to design more strategic identity security roadmaps.

In a world of escalating fear brought on by increasingly sophisticated and relentless attacks, we are trusted because we, along with our partners, are always in it together with our customers, providing proven solutions and delivering demonstrable customer outcomes that they can trust to make them more secure. As I reflect on the year, my excitement about the milestones we are celebrating is exceeded by my excitement for what I see ahead and the sheer potential in the market. What is clear is that identity security has reached a defining moment, and CyberArk has established its right to win. Bad actors are placing identity at the center of their attacks, and identity programs of the past are falling short of answering the call. The new identity security imperative is being driven by four security realities.

We will discuss these four areas at our Investor Day in a little over a week, but I did want to preview them here as they help frame the opportunity ahead for CyberArk. First, privilege access is now everywhere. The entire spectrum of identities can become privileged depending on task, target, and even situation. This changes the game of how identity security solutions must respond. Second, the number of machine identities and the associated risks are exploding. Cloud computing, increased regulations, and changing standards, and the very role machines play in our rapidly evolving world means machine identities of all types need to be discovered, secured, and automatically managed throughout their lifecycle to avoid leaving organizations completely exposed. Third, CISOs are overwhelmed by the sheer number of security tools and the integral nature of problems across access, PAM, and IGA.

As a result, they're looking to consolidate in order to decrease complexity, to lower spend, and most importantly, to strategically scale and grow with a vendor they can trust. And fourth, securing against AI and the securing of AI are soon to be among the biggest challenges we will all face. AI makes attackers more efficient, more pervasive, and ultimately more successful. Their targets, the identities we secure, require more protection than ever. At the same time, AI is introducing brand new identities in the form of the agentic workforce that will quickly outnumber humans, and just like every other identity, will need CyberArk to be secure. When you think about these four market realities combined with CyberArk's leadership position, our trusted security-first reputation, and our strong ability to execute, which continues to make me so proud.

As much as I enjoy 2024, you can understand why we are so eager to get started on the year ahead. We have the leading identity security platform in the market, but we are not done yet and remain focused on continuing to innovate and invest in our platform to meet the growing needs of the market. Earlier today, we announced the exciting acquisition of Zilla Security. This acquisition is a game changer for the identity governance landscape, addressing long-standing challenges that have hindered traditional IGA solutions. Legacy IGA are often slow to deploy, difficult to integrate, have limited integration with modern systems, and are reliant on manual processes. This leads to inefficiencies and heightened security and compliance risks.

In a modern world where identities are no longer static, but instead are dynamic and need access on the fly, the only way to efficiently and securely provision all these identities is with an automated lifecycle management solution. In stark contrast to legacy IGA systems, Zilla's modern IGA SaaS platform was built from scratch to address today's digital environments, characterized by an explosion of SaaS applications, decentralized management, and identity-based security threats. Leveraging AI-driven role management, Zilla automates the processes of identity compliance and provisioning, making governance easy, intuitive, and all-inclusive for the modern enterprise. It offers the most complete set of integrations for both commonly used and custom SaaS applications. Compared to legacy IGA, Zilla can be deployed five times faster, complete access reviews with 80% less effort, and enable faster provisioning with 60% fewer service tickets.

For customers, this acquisition means faster time to value with a modern approach to governance that reduces operational complexity. By integrating Zilla's best-in-class modern IGA capabilities with the CyberArk Identity Security Platform, we will redefine what's possible in IGA. Together, we will make the future of identity security smarter, faster, and more effective than ever before. We are thrilled to welcome the talented Zilla team to CyberArk. Erica will talk about the transaction details and the financial impact later in her remarks. As mentioned, Q4 saw the business continue to accelerate. Customers are navigating the risks of the threat landscape daily, and they understand that the traditional network perimeter has long been a thing of the past. In December, we were once again reminded of the severity of the threat landscape when a nation-state attacker leveraged a critical vendor vulnerability to compromise the U.S. Department of the Treasury.

The attack came down to exploiting a vulnerability in software and ultimately stealing an API key, a type of machine identity, to get into the support system, access applications and workstations, and eventually exfiltrate data. Not having best-in-class security controls across all identities is a risk that organizations cannot afford to take. Other vendors provide siloed solutions that are stitched together, which is both inefficient and ineffective. We provide a unified platform that empowers customers with complete visibility, automation, and control to secure every identity, human and machine. Customers are increasingly deploying on and expanding across the entire platform, securing multiple identity groups and consolidating spend with CyberArk. All of our top deals in the fourth quarter had multiple solutions, and I want to share a specific example that illustrates how we are selling the entire platform.

In our top deal from the quarter, a leading global professional services company went all in on CyberArk and decided to replace a competing legacy PAM vendor, but they did not stop there. They'll also secure machines with secrets management and the workforce across the entire solution, including endpoint, Secure Browser, MFA, and SSO. The real decision maker for them was our SaaS platform scalability, vast array of integrations, and most of all, our session management capabilities for modern PAM workflows in the cloud. This deal represents the strength of the platform on full display, and our powerful platform is the enabler that allows us to offer comprehensive persona-based solutions that align to the major identity groups organizations have today: the workforce, IT, developers, and machines. These solutions are resulting in new customers landing with bigger deals and also accelerating our expand motion.

Let's take a very quick tour through each major identity group and how our solutions are winning us new customers and helping us expand our base. The modern workforce user requires seamless access anytime, anywhere from any device. The same user can become privileged based on their activity or system they are accessing. Core controls like MFA and SSO alone are not enough. Our protection of the workforce extends to the endpoint, the browser, passwords, Secure Web Sessions, and SaaS applications. Putting all this together, we have reimagined how to secure the workforce. Solventum, a leading U.S. healthcare company, had been a longtime PAM customer. Last quarter, they recognized the need for a modern workforce suite with our Secure Web Sessions and Workforce Password Manager capabilities, setting us apart from the traditional access management competition.

Seeing the outcomes that delivered, they quickly returned this quarter again to substantially expand their workforce footprint to all of their employees while also adding solutions to protect IT developers and machines. Today, identity security programs for securing IT users need a modernized zero standing privilege approach to PAM that extends beyond IT administrators and standing access. We must secure access for cloud administrators as well as shadow IT and vendors. These programs become a core part of our expand motion. A Fortune 500 pharmaceutical company who has been a long-term customer needed a scalable modern platform to secure and streamline multiple identity groups in its cloud environment. In a mid-six-figure ACV deal, they are protecting IT and cloud admins by implementing modern privilege controls. Zero standing access to modern cloud infrastructure and cloud environments is also mission-critical to securing the most privileged human identity group in the enterprise, the developers.

If left unattended with always-on access, developer identities dramatically increase risk and expand the attack surface. Our solution for securing developers offers the best of PAM without interfering with workflows and the pace of innovation. This is demonstrated in another amazing deal from the quarter with Builder.ai. As a born-in-the-cloud AI software and application development company, they understand the power of a unified platform to scale and innovate in a cloud-first world. With a focus on developers first, they chose the CyberArk Secure Cloud Access in a new local deal that also covered IT and their workforce. Our momentum in securing machine identities continued in the fourth quarter, and we had our best quarter ever for secrets management. For the full year, secrets was our fastest-growing solution on a year-over-year basis, followed closely by workforce.

In Q4, we saw not only an acceleration in secrets management growth, but also a heavy double-digit increase in average deal sizes when compared to last Q4. We believe the success in secrets management is also an indicator of the market readiness for Venafi. Our performance on Venafi in the quarter speaks to this massive white space opportunity in the machine identity security market with new customers, as well as the large opportunity we have to cross-sell into our base. We are thrilled to see strong early traction, and I want to talk about two deals in particular that illustrate our early success with Venafi. The first new logo is a European government agency managing more than 40,000 certificates across operations. They needed a modern, scalable, automated machine identity solution, in Venafi's largest ever deal in EMEA.

Next, I want to talk about a large European bank who has been a longtime CyberArk customer. This quarter, they enhanced their protection of IT users with our enterprise solution and also added Conjur Cloud and Secrets Hub. But they also added Venafi in a six-figure ACV deal. As you can see, we also had great customer response in regions where there was previously little or no Venafi go-to-market presence, resulting in a record quarter for Venafi in EMEA. This early traction gives us confidence we can tap into the regional expansion opportunity as one driver for the revenue synergies we expect to realize with our combined machine identity go-to-market motion. Our innovation in the machine identity market will not stop there.

As I mentioned earlier, another topic customers are asking us about as it relates to machine identities is AI, and in particular, agentic AI, and how this impacts their security posture. Historically, functionality like RPA, for example, required humans to write code for automations that mimic human behavior. When artificial intelligence evolves from generative AI and copilots to agents with the autonomy to complete tasks on a user's behalf, they can create their own automations entirely. In other words, they receive and grant privilege, and in turn, the attack surface expands. Like humans, AI agents will need the right level of privilege controls, and just like any other identity group, they will need CyberArk. We look forward to talking more about the agentic AI opportunity and the detailed plans we have in this area at the upcoming Investor Day.

To sum up, I want to leave you with these three key takeaways today. First, the escalating threat environment and changing attack landscape places identity security at the top of the CISO priority list, with a growing focus on securing all identities, and there is strong alignment in what CyberArk offers to what the market needs. Second, our unified identity security platform is uniquely differentiated. Our solutions are designed to drive meaningful security outcomes, and with the addition of Venafi and now Zilla, we are expanding our leadership position in identity security. And third, to go after this opportunity and win, we have put all the right pieces in place to continue to outperform with best-in-class execution. We are solving real urgent problems for nearly 10,000 customers globally, and as their trusted partner, they continue to get more strategic with CyberArk.

We are proud to reach the milestone of $1 billion in ARR and return to the Rule of 40 with our expanded profitability and cash flow. The best part? We're just getting started. We look forward to seeing you at our 2025 Investor Day on February 24th and encourage you to also tune into the livestream as we share more about our amazing position to deliver another standout year in 2025 and beyond. With that, I'll turn it over to Erica.

Erica Smith (CFO)

Thanks, Matt. Q4 was another strong quarter, capping off a great year. We exceeded our guidance and delivered against our strategic and financial targets. ARR reached over $1 billion both with and without Venafi. We expanded our operating margins significantly, and we delivered record free cash flow. As Matt mentioned, we are again a Rule of 40 company, a full year ahead of our long-term framework.

As I walk through our results for the quarter, keep in mind that Venafi closed on October 1st, and its contribution is included in our fourth quarter results for 2024, but is not in the comparable period in 2023. Annual recurring revenue exceeded our guidance, reaching $1,169 million, including about $166 million in ARR from Venafi. Subscription ARR grew to $977 million, including approximately $161 million from Venafi, and now represents 84% of total ARR. Our maintenance ARR was $192 million, including about $6 million from Venafi, which is from their base of recurring services. Like-for-like conversion activity remains a single-digit % of our year-over-year ARR growth. Organically, total ARR reached $1 billion and $3 million, representing net new ARR of $76 million. Organic subscription ARR reached $816 million, representing record net new subscription ARR of $81 million, and maintenance ARR was $186 million.

I wanted to point out that late in the fourth quarter, there were meaningful fluctuations in the euro and the pound, which created a $2 million headwind to total and subscription ARR. Total revenue significantly beat our guidance, reaching $314.4 million in Q4. That includes a contribution of approximately $47 million from Venafi, which also exceeded our guidance. Moving on to the revenue lines. For the fourth quarter, recurring revenue reached $292.2 million, including approximately $43 million of recurring revenue from Venafi. Our subscription revenue reached $243 million and now represents 77% of total revenue. Venafi accounted for about $41 million of subscription revenue in the fourth quarter. Maintenance and professional services revenue was $66.4 million, of which about $6 million was from Venafi, and that was primarily professional services. I also wanted to summarize our organic performance for the fourth quarter. Total revenue reached $267 million, growing 20% year-over-year.

Recurring revenue reached $250 million, growing 24% year-over-year. Subscription revenue reached $202 million, growing 34% year-over-year. Maintenance revenue was $48 million, and professional services was about $13 million. We also had a higher SaaS bookings mix. If we were to normalize for mix headwind, our total revenue growth would have been about two percentage points higher. The business remains geographically diverse, and we saw growth across all regions, including Venafi. Americas revenue reached $189.5 million. EMEA revenue was about $94.5 million, and APJ revenue was $30.4 million. Organically, the Americas grew 17% year-over-year. EMEA grew 26% year-over-year, and APJ grew about 19% year-over-year. We were thrilled to see the early momentum from Venafi across all regions, and we are seeing strong pipeline growth in the Americas, EMEA, and in APJ.

As Matt discussed, our persona-based solution selling continues to power our land and expand motion as customers move to secure more users and more personas. In the fourth quarter, we signed 346 new logos, bringing us to 1,013 new logos for the full year. We also experienced a meaningful increase in the average deal sizes from new customers. In fact, our three largest deals in the quarter were seven-figure new logo wins. All P&L lines will be discussed on a non-GAAP basis. Please see the full GAAP to non-GAAP reconciliation in the tables of our press release. Fourth quarter gross profit was $267.1 million, or an 85% gross margin. Our organic gross margin is also about 85%. Our operating income was $58.7 million, or a 19% operating margin, well ahead of our fourth quarter guidance. Our organic margin was about 16%, consistent with the fourth quarter of last year.

It is important to note that our organic operating expenses in the fourth quarter do include some integration costs associated with Venafi, as well as increased R&D investments in our machine identity solutions, which we believe will position CyberArk to capitalize on the combination of Venafi and secrets management. As you can see from our results, Venafi was accretive to our P&L in the fourth quarter right out of the gate. Net income came in at $40.4 million, or $0.80 per diluted share, also ahead of our guidance. For the year, I'm going to start by outlining our results, including Venafi's contribution for the fourth quarter. Revenue reached $1 billion, growing 33% year-over-year. We delivered an operating margin of 15%. For the full year 2024, we organically generated $954 million in revenue, growing 27% year-over-year.

Our subscription revenue reached $692 million, growing 47% year-over-year and representing 73% of total revenue. We also posted an operating margin of 14% organically for the full year 2024, up about 10 percentage points compared to 2023. We ended December with approximately 3,800 employees worldwide, including approximately 400 employees from Venafi. We also had approximately 1,570 employees in sales and marketing at year-end. Despite making meaningful investments in the business, as promised, at the beginning of 2024, we delivered leverage against each of our operating expense lines. Profitable growth remains a core tenet of how CyberArk operates its business. We generated record free cash flow of $221 million, or a margin of about 22%. That includes the $15 million contribution from Venafi.

Organically, we generated $206 million in free cash flow for the year, also a 22% free cash flow margin, a significant expansion compared to our 7% free cash flow margin in the full year of 2023. We ended the year with approximately $841 million in cash and marketable securities. That reflects the $1 billion cash portion of the consideration paid for the Venafi acquisition on October 1. It also includes cash proceeds of approximately $260 million that we received from the capped call associated with the convertible notes that matured on November 15th. As you can see, we continue to have a very strong balance sheet. I want to share some further details on the Zilla acquisition. CyberArk acquired Zilla Security for about $165 million in cash and $10 million in an earnout related to key milestones. As of December 2024, Zilla's ARR was about $5 million.

They had over 125 customers, most of which were in the United States, and about 40 full-time employees. As Matt mentioned, Zilla brings unique modern IGA solutions to CyberArk, and we are thrilled to have them join our team. Before I provide guidance for the full year for 2025, I want to remind investors that while we give qualitative commentary on Venafi's performance and progress, given our selling motion of machine identities, we will not be able to break out the specific contribution from Venafi in our guidance or our results as we move through 2025. Now, turning to our guidance, I want to remind investors that Venafi only contributed to our fourth quarter, and we're not included in the comparable first, second, or third quarters of 2024.

For the first quarter of 2025, we expect total revenue to be between $301-$307 million, which represents 37% year-over-year growth at the midpoint. We expect non-GAAP operating income in the range of $42.5-$47.5 million in the first quarter. We expect our non-GAAP EPS to be in the range of $0.74-$0.81 per diluted share. Our guidance assumes 51.3 million weighted average diluted shares. It also assumes about $7 million in financial income and a tax rate of about 23% in the first quarter. For the full year of 2025, we expect total revenue in the range of $1,308-$1,318 million, representing 31% year-over-year growth at the midpoint of the range. We expect our full year operating income to be between $215-$225 million. We expect our non-GAAP EPS to be between $3.55 and $3.70 per diluted share for the full year.

We expect about $51.5 million weighted average diluted shares. The guidance also assumes about $26 million in financial income and a tax rate of about 24% for the full year of 2025. We expect our annual recurring revenue to be in the range of $1,410 million and $1,420 million at December 31, 2025, representing about 21% year-over-year growth at the midpoint. And our 2025 ARR guidance does assume about a $6 million of an FX headwind that we are also absorbing. While we do not guide the pieces of the ARR separately, we expect maintenance ARR to continue to decrease as we move through 2025, with the largest sequential decrease in the fourth quarter.

Now, moving on to cash flow, we expect adjusted free cash flow for the full year 2025 to be in the range of $300-$310 million, representing 23% adjusted free cash flow margin at the midpoint. As we mentioned in the press release, this adjusted free cash flow guidance normalizes for an estimated $70 million one-time tax payment on the capital gain from the migration of Venafi's SaaS IP to CyberArk's Israeli entity. We expect to pay the tax obligation in the second quarter of 2025. We expect our capital expenditures to be between 1%-1.5% of revenue in 2025. To sum up, 2024 was a milestone year. We grew ARR 30% and revenue 27%, both organically. We also expanded our profitability from 4% operating margin and 7% free cash flow margin in 2023 to 14% operating margin and 22% free cash flow margin in 2024.

That is the organic expansion. You can see from the fourth quarter performance, the acquisition of Venafi is not only strategic from a growth perspective, but it is also already accretive to our operating and cash flow margins. Our core business continues to post strong growth. And with the acquisitions of Venafi and Zilla, we have significantly expanded our total addressable market and our competitive moat. Our strong business and financial model is enabling us to deliver more than 20% growth and strong profitability in cash flow, which puts us among an elite group of not only cybersecurity companies, but also the broader software market. Before I turn the call over to the operator for Q&A, I do want to express my gratitude to Josh Siegel. He has played an instrumental role in CyberArk's growth and the company's execution, and he continues to be a mentor and friend to me.

And with that, I'm going to turn the call over to the operator. Operator.

Operator (participant)

Thank you, Erica. Ladies and gentlemen, once again, if you would like to ask a question for today, remember it's star, then followed by the number one on your telephone keypad. We do have a lot of questions in the queue already, so once again, we will ask you to please limit yourself to a single question when we give you the opportunity to speak. Our first question is from the line of Saket Kalia with Barclays. Your line is live.

Saket Kalia (Managing Director)

Okay, great. Hey, guys, thanks for taking my question here and congrats on crossing the billion-dollar ARR mark. Thanks, I'll keep it to one, Matt, and maybe make it for you.

You know, investors often think about identity as a series of different swim lanes, where buyers seem to have sort of preferred vendors in each lane. CyberArk now is kind of competing in several of those swim lanes to really offer a pretty broad identity platform. Maybe the question is, where do you think customers are in their journey of thinking of identity as a platform versus a series of swim lanes?

Matt Cohen (CEO)

Yeah, it's a great question, Saket. I think we have to kind of look at it from two different angles. The first one is, across all of these so-called swim lanes, the most important thing is having an integrated security posture that actually works, and customers are more and more looking for a partner, a vendor that can provide the trusted platform that actually allows them to secure their organization.

And so that becomes part of the conversation with CISOs in the C-suite, regardless of any swim lanes, is how much can they cover with somebody that they trust. I think there's a second element here, though, specific to the more modern environments. In the original world of identity from a decade ago, environments were very static. The on-prem environment, the kind of large heterogeneous data center, it was easier to be able to stand up standalone tools because they were going to persist with managing and securing kind of standing access and standing controls. The reality is, in the modern environments of SaaS applications, cloud consoles, even hybrid IT environments, these spaces are incredibly dynamic. And customers need to be able to find the identities, understand the risk of those identities.

They then need to be able to secure access to those identities, and they need to be able to grant and remove the right level of entitlements from those identities. And so when you're actually managing security around the SaaS stack or the cloud stack, there are no swim lanes. They're all integrated into one story of managing the full lifecycle of those identities themselves. We see that with our customers. Our customers have been asking us to get deeper into the ability to be able to offer modern IGA. And we found this great, great opportunity with Zilla to bring them into our platform and build out our leading stack.

Saket Kalia (Managing Director)

Very helpful. Thanks, guys.

Operator (participant)

Thank you for your question. Our next question is from Hamza Fodderwala with Morgan Stanley. Your line is live.

Hamza Fodderwala (Executive Director)

All right, good morning. Thank you for taking my question.

Matt, another one for you. 2025 seems to be the year of AI agents. And agents, I think, in some ways are like machines, maybe some ways like humans because they can behave in somewhat non-deterministic ways. I'm curious why you think CyberArk, with its roots in PAM and the machine identity platform that you're developing, is in the pole position when it comes to securing AI agents. Thank you.

Matt Cohen (CEO)

Yeah, it's a great question. I'm going to give you a brief answer now, and then I'm going to invite everybody to kind of come to the Investor Day in a week where we're going to be talking about this in much more depth. So since there's such a queue of people wanting to ask questions, I won't use too much of our time today. But the reality is this. You're exactly right.

They're both machines, but they act like humans. And ultimately, they're accessing data, information, and infrastructure within organizations. And they're deterministic in nature, meaning they can be reinventing themselves and actually elevating privilege as they go. That is the very fundamental problem that CyberArk has been solving for decades. It's the core of our identity security platform. And ultimately, when you take both the tools we offer around dynamic secure access on the human side and the machine identity offerings in our solution set, you combine them together, we can actually take agentic AI, take those agents themselves, and make sure that they're secured as their privilege changes in a dynamic environment. Again, we'll talk a lot more about this next week, but as you can tell, I think it's an area that CyberArk really can capture.

Hamza Fodderwala (Executive Director)

Looking forward to it.

Operator (participant)

Thanks for your question.

Our next question is from the line of Rob Owens with Piper Sandler. Your line is live.

Rob Owens (Managing Director)

Great.

Thanks for taking my question. I was going to ask Erica to repeat all those numbers and haze her a little bit, given this is her first quarter, but I think given time, I'll ask Matt one here. Matt, if you look at the three largest deals that you talked about being new logo wins and the consolidation of identity that you're speaking to, can you just talk about how broad you're landing with these customers across products as you're seeing success with new logos? Thanks.

Matt Cohen (CEO)

Yeah, thanks. This was an exceptional quarter for our ability to be able to land broad with the full platform story. As Erica mentioned, our top three deals in the quarter, and it's a Q4, right? So they're bigger deals, were all new logos.

They really were full-scope deals, meaning we weren't just securing privileged access for IT. We were securing the workforce. We were securing machines. In a couple of cases, developers as well. There was an exponential increase in the size of those deals. The reason was that identity security was so critical to where they needed to place their bet in the coming year that they didn't want to start with just one solution here or there. They actually wanted to partake of the full platform. We're seeing that more and more, not only in the big deals that I'm talking about, but throughout the whole stack, as customers are saying, "I can't just do human. I need to do machine as well." Or, "I can't just do IT.

I need to figure out a way to really secure my workforce when they're accessing SaaS applications." And so these drivers, if you will, are increasing the deal size across the board, but in the new logo part of the business particularly, it was really an exceptional quarter.

Operator (participant)

Thank you for your question. Our next question is from the line of Jonathan Ho with William Blair. Your line is live.

Jonathan Ho (Research Analyst)

Good morning. Let me echo my congratulations as well. I just wanted to dig a little bit into Zilla and the differentiation that you sort of talked about as well. Can you also help us understand how the solution aligns with your broader platform strategy? Thank you.

Matt Cohen (CEO)

Yeah, sure, Jonathan. And I think it's important to try to understand kind of legacy or traditional IGA versus modern IGA.

These big IGA projects that have been out there in the market, generally, they're about taking the kind of static IT population and making sure that we control their access, basically as they grant access when people join, change roles, or leave, and managing their overall entitlements to the traditional heavy stack that sat in IT. What happened over the last couple of years is the massive acceleration in the sheer number of SaaS applications and cloud consoles that organizations are giving access to. You have to figure out in that new modern stack who is the owner of the application and what level of privileges and entitlements each user should have. If I take an example for a second, think about Salesforce or Workday or ServiceNow. You have these users spread out throughout the organization. They're constantly joining. They're being granted access. They're changing roles.

They need new access profiles, and then eventually, maybe they're leaving the organization, and that dynamic access needs to be at the entitlement layer that actually ensures security. Too many organizations actually don't even know who the owner of the application is, and oftentimes, in addition to not knowing the owner, when they're granting access, they just say, "What's the most likely equivalent role?" So if it's Erica, for example, hiring a new employee, they'll assign the same level of entitlements or privileges to someone she's hiring because they happen to work in the CFO organization. That's a tremendous risk for an organization, and it's an unsolved risk in so many organizations in the modern stack and the modern era, so yes, there are strong traditional legacy providers. We can sit right next to them and solve the modern problem, but solve it much faster, quicker with an AI-generated approach.

And then in addition, there's a whole market, down market, where people have not had to implement traditional IGA tools. And now they can actually approach it with a modern stack. To your final point, Jonathan, it then gets integrated directly into our platform. So we're not just managing entitlements, provisioning, and compliance. We're also able, from the same tool, to grant access and provide controls. And that integrated nature then creates a much more secure footprint across these modern environments.

Operator (participant)

Thank you for your question. Our next question is from the line of Shaul Eyal with TD Cowen. Your line is live.

Shaul Eyal (Managing Director)

Thank you. Hi, good afternoon. Congrats on all fronts, Matt, Erica, and the entire team. Matt, a number of U.S. Cyber-Related companies brought up some growing uncertainty as it relates to federal government spending given the incoming administration's views.

It would appear this topic bears little impact when listening to the commentary and looking at results and guidance. Can you share with us what your customers are relaying to you in that respect? Thank you.

Matt Cohen (CEO)

Yeah, sure. Thanks, Shaul. So listen, I think when we think about the federal space, obviously, there's some level of uncertainty as everyone tries to understand all the changes that are happening. But we're in a kind of enviable position in a couple of ways. First of all, while global government represents about 10% of our overall AR, about only half of that is in the federal government. Within that, we are spread out wide within the federal base, meaning we don't have any oversized agency or organization within the overall government. It really is a broad base of support that we have within the agencies on the civilian and on the defense side.

That's helpful as well, and maybe most importantly, when you look at what we're able to offer, especially with our FedRAMP investment and our FedRAMP emphasis, is the ability actually to help the government save money by bringing in an ability to be able to have modern stack, modern software that actually requires less support, less individuals to be able to run. At the core, what we offer is not a nice-to-have. It's a must-have, but when we can do it more efficiently, more effectively on a lower cost, which is what we've been doing for years, it also creates less scrutiny in this environment, so we feel pretty good about the position we're in with respect to our federal business. We'll watch closely, and we'll let you know if anything changes.

But as you said, it didn't have a meaningful play in how we looked at guidance for the year.

Shaul Eyal (Managing Director)

Thank you so much. Good luck.

Operator (participant)

Thank you for your question. Our next question is from the line of Andrew Nowinski with Wells Fargo. Your line is live.

Andrew Nowinski (Managing Director)

Okay, thank you. First off, congratulations, Erica, on your new role as the CFO. You're off to a great start. And maybe just a question for either you or Matt. I think you previously talked about Venafi ARR being able to grow in that 25% plus range, I think exiting 2026. But of course, we understand it'll take some time to get that growth rate up to that level as you train your channel on it.

But when you think about the mix of Venafi and your core business in terms of ARR in 2025, if we assume about $190 million from Venafi, I think that implies your core business growing around 22%. I mean, is that the right way to think about the split for this year as you scale the Venafi business?

Erica Smith (CFO)

Yeah, I think, Andy, I'll jump in here. I think when you think about that split, it's a good way of thinking about it. But as we talked about in the prepared remarks, it's even hard today from a business perspective as we're looking through our planning to disentangle some of the Venafi contribution from the secrets management contribution because we're going to market with that as a full solution. And so it's a great framework for you to kind of think about the starting point for the year and for the business.

But I think as you think about that as the exit rate for the year, there will be some enmesh between secrets and Venafi, but certainly a good framing of that 20+% growth on the core business for sure.

Andrew Nowinski (Managing Director)

Thank you.

Operator (participant)

Thank you for your question. Our next question is from the line of Roger Boyd with UBS. Your line is live.

Roger Boyd (Executive Director)

Great. Thanks for taking the questions. And again, congrats on everything. I wanted to touch on maintenance revenue, which was, I think, flat Q over Q. And I know Venafi added some to that number, but even on an organic basis, it seems like the pace of conversions is maybe leveling off a little bit heading into 2025. So I'd love any thoughts there. And I know you gave some color on expectations there, but any higher-level thoughts on how much conversion opportunity you really see left?

Thanks.

Erica Smith (CFO)

Yeah, thanks, Roger. We saw some conversion activity in the fourth quarter. I think those conversion deals oftentimes take some time to materialize. We do think that there's significant conversion opportunity in that base of $186 million of maintenance ARR, but I don't think you're going to see it kind of inflect. I think you'll see a healthy pace of that conversion activity and likely to pick up as we move through this year, but we certainly see lots of opportunity there.

Operator (participant)

Thank you for your question. Our next question is from the line of John DiFucci with Guggenheim. Your line is live.

John DiFucci (Senior Managing Director)

Thank you. Matt and team, this is another exciting acquisition here. It seems like now you have just about everything: identity. You have PAM. You have traditional workforce. You have machine. And now IGA.

But my understanding of machine identity, and I know it's sort of a newer area for a lot of us, is that it's not as simple as one category, similar to human identity management. And there's sort of a higher-level machine identity management, which is what Venafi has always done. And then there's sort of a governance and administration layer that's really still evolving. It's sort of newly thought of. I guess first, is this accurate? And second, if so, would the acquisition of Zilla better position you to develop that governance layer for machine identities?

Matt Cohen (CEO)

Yeah, John, great question. And I think you're right. First of all, in thinking about it, the machine world is more complex than just machines. We talk a lot just in terms of machine types that we talk about workloads. We talk about devices, IoT, OT. Now we're going to be talking about agents.

So you have multiple types of machines themselves. As we talked about, there's multiple types of identities. It can be certificates. It can be keys. It actually can go on and on and on there. But as you said, then there's the layers, right? And I think to have a machine identity solution in whole, you need to be able to, what we call, observe. You have to find all these machine identities that are exploding. And you have to put them in context of the risk of those machine identities. You need to be able to secure access. That's a little bit of what secrets does and certificate lifecycle management does as well. And across all of that, you need to automate the lifecycle of it because constantly they're coming on just like humans, onboarding and leaving. And you need to keep track of them as they go through.

So you are thinking about it completely right. We have a much broader portfolio across all of that than probably maybe some people understand between what we've developed organically with the Venafi acquisition and what they were already working on with the secrets management solution. And as you just pointed out, absolutely, Zilla capabilities can be applied over here as well as we build out the future of that complete machine identity security solution. But we feel really confident in our ability to be able to be an end-to-end just platform or solution on the machine side that covers all those areas you just described because they are important to making sure that we take control of the machine identity landscape.

John DiFucci (Senior Managing Director)

Thank you. It's really exciting. Thanks, Matt.

Matt Cohen (CEO)

Thanks, John.

Operator (participant)

Thanks for your question. Our next question is from the line of Adam Borg with Stifel.

Adam Borg (Managing Director)

Awesome.

Thanks so much for taking the question. Maybe just for Matt on the channel, talk a little bit about the strategy and the plans for this year, not just overall, but also on the MSSP opportunity. That'd be great. Thanks so much.

Matt Cohen (CEO)

Yeah, thanks, Adam. I mean, we see the channel as a special differentiator for CyberArk. You've heard us mention it even in the context of Venafi, where we say, "Hey, they didn't have much of a channel. We're going to turn our channel loose from that perspective." So we're continually enthused by the force multiplying effect of our channel itself. As you mentioned, MSPs are a big growth area for us. We saw that throughout the course of FY24.

We saw it in the Q4 results as well, where continually the MSPs are adopting more and more of our solution set and actually helping really us bring new logos into the portfolio. And it's one of the drivers of our strong new logo performance in Q4 and throughout the year. So we do see MSPs as part of our differentiator moving forward. Our relationships with the SIs are deep and broad, and we continue to see them driving deals our way. And then, as you see, kind of the traditional resellers themselves are reinventing themselves into MSP providers and value-added providers in the market, and our relationships continue to carry to the day there. We were really, really enthused by the performance of our channel partners in generating pipe and ultimately in delivering results for us throughout 2024, but particularly in Q4.

Adam Borg (Managing Director)

Awesome. Thanks so much.

Operator (participant)

Thanks for your question. Our next question is from the line of Itai Kidron with Oppenheimer. Your line is live.

Ittai Kidron (Managing Director)

Thanks. I appreciate it. Congrats on great numbers. And Erica, congrats on your first quarter. Well done. I guess my question is going back to the guidance for the year, Erica. If you could give us, you certainly have a few more moving pieces with Venafi and the acquisition you just closed of Zilla. So I'm trying to get my head around the potential for upside for you in the year. Last year, you ultimately delivered $25 million above the midpoint of your ARR. How do I think about your guidance build process this time around versus last? In what way is it different? And where are you giving yourself a little bit more of a buffer room given the moving pieces? I appreciate it.

Erica Smith (CFO)

Yeah, Itai, thank you.

Thank you for the question. So as you think about our guidance philosophy that we have going into 2025, it's very similar from a guidance philosophy that we had going into 2024. We're not assuming any major changes in the macro environment from what we saw last year. And we're kind of guiding roughly to a net new ARR on an organic basis that looks similar to what we did in the prior year. So I think from a business perspective, the guidance is a very similar philosophy from what we've had previously. I think certainly when we think about the opportunity that we have with Zilla, as well as the opportunity that we have with the Venafi acquisition, I think we've got to work hard to continue to get the execution machine. And the integrations with Venafi are going incredibly well.

Matt Cohen (CEO)

We think that there's a lot of opportunity there. So guidance philosophy, though, hasn't changed at all.

Ittai Kidron (Managing Director)

Appreciate it. Thanks.

Operator (participant)

Thank you for your question. Our next question is from the line of Matt Hedberg with RBC Capital Markets. Your line is live.

Matt Hedberg (Managing Director and Software Analyst)

Great. Thanks for taking my question, guys. Congrats for me as well on all the milestones. From a go-to-market perspective with Venafi for the whole year, could you give us a little update on how you're thinking about the go-to-market in terms of sales incentives, kind of integrating the sales forces or having it be more of sort of independent for a bit? But just a little more color on that would be helpful. Thanks, Matt.

Matt Cohen (CEO)

Yeah, sure, Matt. So listen, I think we see just really strong momentum on the integration effort and the kind of sales alignment around Venafi. We saw it in Q4.

It drove some outperformance. We see it in the early days here in Q1 in terms of the pipe build and the conversations we're having. The strategy is pretty simple. First and foremost, we've got 8,000 customers that we can go sell Venafi to, and we're going to go sell it right away. And so we want the traditional CyberArk AE to take the lead, open the door, and have the conversation. And we've put the Venafi team into an overlay role where they can help support those conversations, come in, and really make sure that we can deliver on the message of the importance of not only Venafi, by the way, but the complete machine identity solution suite and some of the new packages that we've come out with. So I'm actually really thrilled with how fast it's going. The channel partners continue to ramp on the back end.

That takes a little bit longer, but we're starting to see some momentum there as well. And I think you're going to see that as we build pipe throughout the year and then as we talked about as the results start to kick in in the back half of the year. But we've found that our traditional seller can go in, position, and sell incredibly effectively, the Venafi story. And as I've talked to you all before, the CISO conversation around Venafi is a meaningful conversation, more so than I even thought when we made the acquisition. And it's going to drive, I think, the upside in the business as we look out past the building pipe phase and into the closing phase. Thanks. Looking forward to seeing you in a couple of weeks.

Matt Hedberg (Managing Director and Software Analyst)

Yeah, me too.

Operator (participant)

Thanks for your question.

Our next question is from the line of Gregg Moskowitz with Mizuho. Your line is live.

Gregg Moskowitz (Managing Director)

Thank you very much, and I'll add my congratulations as well. I also had a follow-up on the channel because, Matt, we've been just hearing a lot of early enthusiasm from the channel around Venafi. With that said, how quickly, broadly speaking, do you think that your traditional CyberArk partners can really start to, first of all, put resources behind Venafi and then drive good cross-sell in addition to hopefully more new logo activity as well? Thanks.

Matt Cohen (CEO)

Yeah, sure. Sure. Listen, I think just one comment again over on the opportunity here. The notion we talked about around volume, variety, and velocity being driving factors that are making the machine identity market really pivot upward is what's out there right now. I mean, the machine identity landscape is just exploding.

We got in deeper at the exact right time. And that ultimately leads to a level of conversation with the market that resonates. It resonates in the same way with our partners, as you mentioned. Now, it takes generally about one to two quarters to train your channel. It's then going to take somewhere around six to nine months sales cycles because that's what we see on the Venafi side. I think they will start to have some real channel impact as we get towards the back half of the year, like we said before. And it will really accelerate into 2026 and beyond. I think we've already seen partners jump in and help us close some of that business in Q4. So I think the flywheel is starting to kick in, but it does take a couple of quarters to actually get through your whole channel.

And of course, again, a little bit longer sales cycles here of about six to nine months, not longer, same as CyberArk, but six to nine months sales cycles before you actually close that business. But as you said, the reception is tremendous.

Gregg Moskowitz (Managing Director)

Terrific. Thank you.

Operator (participant)

Thank you for your question. And ladies and gentlemen, that is all the time we have for questions for today. And to close that, I'd like to turn the call over back to Matt.

Matt Cohen (CEO)

I want to finish here by thanking our employees all around the world for their hard work and dedication. I think this is a milestone moment for all of us here at CyberArk. As we pass the one billion mark in ARR, we deliver a Rule of 40 year, one year earlier than we thought. And ultimately, we set the stage for the great, great year ahead.

We will welcome all of you in a week's time to our investor day, either in person or remotely, and thanks for joining the call today.