Qualys - Earnings Call - Q2 2025
August 5, 2025
Executive Summary
- Q2 2025 delivered solid top-line and profitability: revenue $164.1M (+10% YoY), GAAP diluted EPS $1.29, and non-GAAP diluted EPS $1.68; Adjusted EBITDA was $73.4M (45% margin). Operating cash flow declined to $33.8M (21% margin) due to working capital timing.
- Results beat Wall Street consensus: revenue beat by ~$2.8M (~1.7%) and EPS by ~$0.20 (~13%); 21 revenue and 21 EPS estimates. Company raised FY 2025 guidance for revenue ($656–$662M) and EPS (GAAP: $4.47–$4.77; non-GAAP: $6.20–$6.50). Consensus figures marked with an asterisk are from S&P Global*.
- Channel-driven growth and international strength continued: channel now 49% of revenue (up from 46% YoY), with international growth of 15% vs. 7% in the U.S.; net dollar expansion rate improved to 104% from 103% in Q1.
- Strategic catalysts: FedRAMP High Authorization for Qualys’ Government Platform (DEA sponsor), enhancing federal and regulated vertical opportunity; launch of agentic AI-powered Risk Operations Center (ROC) and flexible platform pricing (QLUs) to accelerate adoption and upsell.
What Went Well and What Went Wrong
What Went Well
- Qualys raised FY 2025 revenue and EPS guidance, citing solid execution and improving upsell/retention metrics (DBNER up to 104%). Channel contribution rose to 49% and international growth outpaced U.S..
- Product innovation momentum: agentic AI marketplace and autonomous remediation capabilities announced at Black Hat; continued expansion of TotalAI and ETM (Enterprise TruRisk Management) as ROC foundation.
- Federal catalyst: achieved FedRAMP High Authorization, positioning Qualys among an elite group able to support sensitive federal workloads across VM, patch, EDR, CSPM, and broader risk management in a unified platform.
- CEO: “With trusted innovation and early ROC adoption, we’re strengthening our position as the partner of choice... to drive durable long-term growth”.
What Went Wrong
- Operating cash flow fell to $33.8M (21% margin) from $49.8M (34%) YoY and far below Q1’s $109.6M (69%), reflecting working capital dynamics and seasonality; free cash flow margin was 20% per CFO.
- Margin compression: Adjusted EBITDA margin declined to 45% from 47% YoY as OpEx grew with investments in sales/marketing and R&D; GAAP operating margin slipped to 31% from 32% YoY.
- New business environment remains challenging; management maintained conservative assumptions given budget scrutiny, despite improved upsell/retention.
Transcript
Speaker 3
Ladies and gentlemen, thank you for standing by. Welcome to Qualys's second quarter 2025 investors call. At this time, all participants are in a listen-only mode. After the speaker's presentation, there will be a question and answer session. To ask a question during the session, you will need to press star 11 on your telephone. You would then hear an automated message advising your hand is raised. To withdraw your question, please press star 11 again. Please be advised that today's conference is being recorded. I would now like to turn the conference over to Blair King, Head of Investor Relations. Please go ahead, sir.
Speaker 2
Thank you, Michelle. Good afternoon and welcome to Qualys's second quarter 2025 earnings call. Joining me today to discuss our results are Sumedh Thakar, President and CEO, and Joo Mi Kim, our CFO. Before we get started, I would like to remind you that our remarks today will include forward-looking statements that generally relate to future events or our future financial or operating performance. Actual results may differ from these statements. The factors that could cause results to differ materially are set forth in today's press release and our filings with the SEC, including our latest Form 10-Q and 10-K. Any forward-looking statements that we make on this call are based on assumptions as of today, and we undertake no obligation to update these statements as a result of new information or future events. During this call, we will present both GAAP and non-GAAP financial measures.
A reconciliation of GAAP and non-GAAP measures is included in today's earnings press release. The press release, prepared remarks, and investor presentation are all available on the investor relations section of our website. I would now like to turn the call over to Sumedh.
Speaker 0
Thank you, Blair, and welcome to our second quarter earnings call. In Q2, we continued to execute well, resulting in another quarter of solid revenue growth and profitability. In this new era of cybersecurity driven by advanced data analytics, automation, and AI, Qualys is pioneering a new risk operations center category in cybersecurity and redefining how organizations manage cyber risk. While traditional security operations centers focus on detecting breaches after they happen, the ROC is built for prevention. Qualys's cloud-native Enterprise TruRisk Management solution powers this transformation. With over 18 trillion data points processed in real time, we have unleashed the power of our platform to integrate and normalize signals from both Qualys and non-Qualys tools, including CrowdStrike, SecurityScorecard, Tenable, and Wiz.
Unlike other continuous threat exposure management solutions that simply highlight exposure and lack effective remediation or business context, Qualys's Enterprise TruRisk Management solution is a powerful orchestration layer, aggregating both Qualys and non-Qualys security findings, applying threat intelligence, and delivering a unified business contextual view of risk with holistic prioritization and automated remediation. This business-aligned approach to pre-breach cyber risk management continues to resonate strongly with customers and boards and positions Qualys at the forefront of a paradigm shift in cybersecurity, one defined not just by the detection of vulnerabilities, but by measurable, proactive, automated risk reduction at scale. With active POCs already converting after announcing GA just a short while ago, we continue to see many parallels between this new market opportunity and the early days of our VMDR launch, including a significant greenfield opportunity and growing demand.
With our latest announcement yesterday, we are very excited to introduce Qualys's latest game-changing vision for the future of cyber risk management with the launch of a fully reimagined agentic AI platform built on a unified fiber to seamlessly manage cyber risk across a multi-vendor environment. At its core, every cyber risk AI agent represents a specialized autonomous AI fabric equipped to automate complex business processes and autonomously adapt to customers' environments by accessing diverse internal and external data sources, applications, and machines. These agents achieve complete end-to-end outcomes for cybersecurity teams. Available in a first-of-a-kind agentic AI marketplace for risk management, CISOs can now quickly augment their team with highly specialized autonomous experts that can bring down the time to remediation, increase accuracy, and reduce costs.
Users can use out-of-the-box cyber risk agents available in the marketplace, interactively create their own specialist agents, or leverage third-party agents from our partners that can be added to the marketplace in the future. Further advancing our remediation focus beyond patching, we are also introducing new capabilities to our TruRisk Eliminate umbrella of remediation solutions. Now, organizations can quickly determine trending risks to their environment, the estimated impact of a breach on a particular asset, and the probability of successfully applying a patch. If applying a patch is deemed a significant operational risk to the business, security and IT teams can alternatively choose to automate an array of compensatory controls to prevent an incident from occurring. Embedding Qualys's AI assistance directly into remediation workflows is a significant adoption lever, a strong competitive differentiator, and opens new market opportunities well beyond patch management.
Continuing this rapid pace of innovation, we are further broadening our Enterprise TruRisk Management solution and bringing natively integrated identity security posture management, ISPM, to market at a time when identities have become part of the new perimeter. Compromised credentials are central to nearly every major cyber attack today, and Qualys's solution is aimed at helping organizations stay in front of adversaries by continuously analyzing identity systems for misconfigurations, excessive privileges, and toxic combinations with assets. By unifying the identity risk surface, we eliminate silos and help security teams visualize identity exposure and remediate risk before attackers escalate privileges or move laterally. Spanning devices, cloud workloads, and applications, Qualys now provides holistic protection using Qualys and non-Qualys data sources across key identity touchpoints, mapped to asset criticality, and backed by real-time remediation through a single natively integrated platform.
These innovative new approaches to cybersecurity risk management, along with several others we are showcasing at Black Hat this week, allow our customers to reduce complexity and cost, achieve better outcomes, and create a multi-dimensional path for durable long-term growth in our business. Moving on to the business update, over the last several months, I have personally met with many customers, prospects, and partners, and the message has remained resoundingly clear. Organizations are increasingly anchoring pre-bridge cyber spend to solutions that articulate and demonstrate a measurable impact on cyber risk. Rather than consolidating around a single vendor, CISOs are seeking platforms that allow flexibility across their security stack while unifying risk through a common framework. This requires a centralized risk fabric, which brings together diverse tools and enables teams to uniformly assess, prioritize, and remediate risk.
With a 25-year track record of converting operational challenges for customers into strong competitive advantages, we are well positioned to capitalize on these evolving market opportunities. In Q2, this success was demonstrated by the number of customers spending $500,000 or more, growing 7% from a year ago to 212. It was also evidenced by notable industry endorsements in the market we helped pioneer. Qualys's VMDR with TruRisk and TotalCloud were voted the best vulnerability and cloud security posture management solution, respectively, at the 2024 SC Awards in Europe. IDC named Qualys as a major player in CNAP, and KuppingerCole recognized Qualys as a leader in CNAP and a market leader in attack surface management.
Let me share a couple of recent wins, which illustrate these accolades and reflect why companies ready to centralize their response to cyber risk are turning to Qualys to help unify their security tools, quantify and remediate risk in their environments, and achieve better security outcomes. First, a global fintech company determined that managing siloed tools added complexity to their operations, lacked integration, and missed detections, which hindered their ability to assess risk and centralize remediation. This customer chose Qualys to transform siloed risk signals, spanning repositories, endpoints, identity, cloud, container, IT, and network assets into a cohesive real-time risk management solution by consolidating Qualys and non-Qualys data. This included purchasing seven Qualys modules, including ETM, to begin operationalizing their risk operations center with ingested data from CrowdStrike, BitSight, and Wiz, resulting in a seven-figure annual bookings deal.
By consolidating these data sources into the Qualys platform, we are now delivering this customer a vendor-agnostic orchestration layer with full visibility of their attack surface, centralized risk assessment, quantification, prioritization, and remediation, while unleashing the operational efficiencies of security stack consolidation aligned with acceptable risk parameters for the business. Another marquee win was a large federal government agency previously using multiple legacy and next-gen solutions to manage a variety of risk management use cases across their IT security and DevOps teams. In addition to the complexity of using multiple point products, this government agency was frustrated with increasing costs associated with outdated on-prem deployments from the last several years.
Looking to migrate to a cloud-native solution that meets the CISA binding operational directives, they are now in the process of replacing two of their existing vendors in a high six-figure annual booking deployment using 10 Qualys modules, including cybersecurity asset management, VMDR, patch management, and TotalCloud. Through this highly strategic and competitive win, the customer is now able to leverage unified dashboards across nearly a dozen separate bureaus that provide them greater insight and automation than any of the competitive products that they had evaluated while taking full advantage of the speed and scale of the integrated platform. With out-of-the-box support for CDM within the CISA framework, we are now working towards a phase two agency-wide rollout of their cybersecurity asset management solution, representing a significant upsell opportunity for us. Beyond this win, we are pleased to announce Qualys has recently received agency authorization for FedRAMP High.
With this authorization, Qualys is the only FedRAMP High platform offering inventory vulnerability management, patch management, CSPM, container security, and EDR in a single unified workflow across hybrid environments. As government agencies increasingly transition workloads from on-prem environments to the cloud, the achievement marks a significant milestone and establishes Qualys as the only modern alternative to legacy scanners for federal, state, and local agencies. Our authorization consolidated platform and continued investment in public sector expansion underscores our commitment to this market and positions Qualys well to drive long-term incremental growth. That momentum was on full display at our second annual public sector risk conference, Cyber Risk Conference in May, where we were especially encouraged by the strong turnout and positive feedback to the concept of a risk operations center to bring efficiency to government agencies instead of playing risk whack-a-mole with multiple siloed legacy solutions.
Investing in our partners' ecosystem remains a key pillar of our growth agenda. Through our strategic technical alliances program, we are driving deep technology integrations, wholesaling opportunities, and demand generation programs. We believe this expanding ecosystem bolsters our capacity, harnesses transformative solution sales, and brings new business to Qualys. Additionally, we have advanced our global ROC ecosystem by certifying three new strategic MSSP partners who wanted to partner with Qualys to bring the ROC to their customer base. With growing channel momentum and a growing pipeline of fresh new MSSP services being offered to customers, we look forward to sharing some exciting new wins in the upcoming quarters. With more and more customers and partners beginning to perceive Qualys as a leading pre-breach risk mitigation management platform that consolidates and orchestrates multiple security solutions and workflows, I am pleased to announce May Mitchell as our newly appointed CMO.
Pipeline creation, growing module adoption, winning new business, and evangelizing the AI-native ROC are key priorities. With May at the helm and her long experience in cybersecurity, we are intensifying our marketing activities and increasing focus on ramping top-of-the-funnel initiatives and enhancing brand awareness to help drive adoption of the Qualys platform to new heights. To further accelerate awareness and unleash new Qualys capabilities for customers, I'm also pleased to announce the launch of our Qualys platform pricing model, where we enable customers to purchase Qualys License Units, QLUs, providing access to the entire platform and flexibly utilizing Qualys modules of their choice over the course of their subscription term. Instead of purchasing Qualys modules individually, organizations now adopt the products they need today and in the future through a frictionless process designed to flexibly replace existing technologies and seamlessly switch between Qualys modules.
Customers are expressing strong enthusiasm for this new pricing model, and we believe it will further enhance long-term customer loyalty, drive larger lands, reduce costs, and bolster cyber resilience over time with more customers adopting more Qualys solutions faster. In summary, Qualys is well armed with fresh new capabilities, a new agency-authorized FedRAMP High solution for government-wide use, strong channel momentum, and flexible platform pricing to help customers unify pre-bridge risk management workflows, reduce cost, and address today's toughest security challenges. With trusted innovation and early ROC adoption, we're strengthening our position as the partner of choice for customers ready to centralize their response to cyber risk and believe we have points to outpace our competitors, extend our thought leadership, and build upon an already strong foundation to drive durable long-term growth in the business.
With that, I will turn the call over to Joo Mi to further discuss our second quarter results and outlook for the third quarter and full year 2025.
Speaker 1
Thanks, Sumedh, and good afternoon. Before I start, I'd like to note that except for revenue, all financial figures are non-GAAP and growth rates are based on comparison to the prior year period unless stated otherwise. Turning to second quarter results, revenues grew 10% to $164.1 million. The channel continued to increase its contribution, making up 49% of total revenues compared to 46% a year ago. Revenues from channel partners grew 17%, outpacing direct, which grew 4%. As a result of our strategic emphasis on leveraging our partner ecosystem to drive growth, we expect this trend to continue. By Q2, 15% growth outside the U.S. was ahead of our domestic business, which grew by 7%. U.S. and international revenue mix was 57% and 43%, respectively.
In Q2, despite ongoing macroeconomic uncertainty, our gross retention rate and upsell execution improved with our net dollar expansion rate at 104%, up from 103% last quarter. In terms of product contribution to bookings, patch management and cybersecurity asset management combined made up 16% of total bookings and 26% of new bookings on an LTM basis. Our cloud security solutions, TotalCloud CNAP, made up 5% of LTM bookings. Turning to profitability, adjusted EBITDA for the second quarter of 2025 was $73.4 million, representing a 45% margin compared to a 47% margin a year ago. Operating expenses in Q2 increased by 15% to $67.7 million, driven by investments in sales and marketing and R&D. Demonstrating our ability to innovate and invest in our long-term growth initiatives while remaining capital efficient, EPS for the second quarter of 2025 grew 11% to $1.68.
Our free cash flow was $32.4 million, representing a 20% margin compared to 33% in the prior year due to fluctuations in working capital. Normalizing for this, first half 2025 margin was 43% compared to 45% in the prior year. In Q2, we continue to invest the cash we generated from operations back into Qualys, including $1.3 million in capital expenditures and $49.2 million to repurchase 375,000 of our outstanding shares. Since commencing our share repurchase program in February 2018, we've repurchased 10 million shares and returned over $1.1 billion in cash to shareholders. As of the end of the quarter, we had $254.6 million remaining in our share repurchase program. With that, let us turn to guidance, starting with revenue. For the full year 2025, we expect revenues to be in the range of $656 million to $662 million, which represents a growth rate of 8% to 9%.
This compares to prior guidance of $648 million to $657 million. For the third quarter of 2025, we expect revenues to be in the range of $164.5 million to $167.5 million, representing a growth rate of 7% to 9%. While we believe our platform approach to cyber risk management provides some insulation against macro volatility, this guidance assumes continued budget scrutiny and a challenging environment for new business growth in 2025. Shifting to profitability guidance, for the full year 2025, we expect an EBITDA margin in the range of low to mid-40%, applying a 15% to 17% increase in operating expenses and a free cash flow margin in the mid-30%. We expect full year EPS to be in the range of $6.20 to $6.50, up from the prior range of $6.00 to $6.30.
For the third quarter of 2025, we expect EPS to be in the range of $1.50 to $1.60. Our planned capital expenditures in 2025 are expected to be in the range of $7 million to $9 million, and for the third quarter of 2025, in the range of $1 million to $3 million. We continue to believe organizations will increasingly adopt cloud-native full-stack security and compliance coverage to meet the demands of today's threat landscape and reduce costs. As the impact of the macroeconomy unfolds, we are closely monitoring the business environment and will continue to adjust our priorities accordingly. That said, considering the long-term growth opportunities ahead of us and our industry-leading margins implying further room for investment, we intend to continue to responsibly align our product and marketing investments to focus on high-impact initiatives aimed at driving more pipeline, accelerating our partner program, and expanding our federal vertical.
As a percentage of revenues, we expect to prioritize increased investments in sales and marketing and engineering, with a more modest increase in G&A, consistent with our commitment to balance long-term growth and profitability. With that, Sumedh and I would be happy to answer any of your questions.
Speaker 3
Thank you. As a reminder, to ask a question, please press star 11 on your telephone and wait for your name to be announced. To withdraw your question, please press star 11 again. The first question comes from Jonathan Frank Ho with William Blair. Sir, your line is open.
Speaker 2
Hi. Good afternoon and congratulations on the strong results. I wanted to maybe start out with the macro environment and get a sense from you of what some of the puts and takes are out there, especially relative to your ability to raise guidance, how we should think about sort of the conservatism that's baked in.
Speaker 0
I think at a high level, as Joo Mi mentioned, the environment is kind of stable right now, but it continues to be challenging. Deal scrutiny is there. I think customers are overall just a little bit more wait and watch to see how the impact of some of the current conditions is going to be on their spend through the rest of the year. We're just factoring that in right now in the way that we are thinking. We're not assuming anything getting better from an environment perspective. It's more assuming that it's going to continue kind of as is.
Speaker 1
From our perspective in Q2, we did see slight improvement in the net dollar expansion rate, moving up to 104%. We've been at 103% for several quarters in a row, and our low was at 102% a year ago. We are optimistic that we were able to make an improvement from both the growth retention as well as upsell perspective this quarter, which kind of indicates that the market and the selling environment is actually not worsening. We see an opportunity to sell more of our newer products, have more conversations with our customers. Although the new business continues to be challenging, and we expect that to continue throughout 2025, we do see some upside when it comes to expand with our existing customers.
Speaker 2
Excellent. In terms of a follow-up, can you help us understand how maybe the MROP messaging has been performing? Just given the challenges of selling sort of new platforms in the environment, what's maybe resonating the most with customers and causing them to choose to go in the MROP direction? Thank you.
Speaker 0
That's a great question. I think a lot of partners are providing sort of SOC/MDR services. It's a bit of a saturated market. For them, this threat detection after a breach has happened is what they're focused on. What partners are excited about is being able to go back to those partners who have a SOC, to those customers who have a SOC, and being able to position a new solution and new services, which is proactively managing your risk and helping prevent. A lot of them sort of provide some managed vulnerability service here or there, but there is no, and then there is cloud, and then there is identity. When you look at risk management, there is sort of no easy holistic service that a lot of them are offering. What MROP does is part of the managed risk operations center concept.
They can go to the customers that have SOC and say, "Hey, we now have a new capability that you can upsell to, which allows you to implement a similarly operationalized risk operations center environment built on the Qualys platform." It does not require them to switch out solutions that they are potentially using for cloud security or for identity, that this is something that can be built on top of that. They're excited about that because this allows them to create services, and services revenue is very interesting for them rather than just a few points here or there on the price of the individual SKU. In some cases, you can potentially add $5 of service to $1 of ETM that they could sell as a representative example, right? That is where we are seeing these partners are excited.
Of course, they have to build out new services, and they have to build out new practices to be able to do that. The excitement of being one of the few MROP partners that actually is able to offer this service is very interesting for them because that differentiates them from the other 200 players that are only offering MDR.
Speaker 2
Thank you.
Speaker 3
Our next question will come from Roger Foley Boyd with UBS Investment Bank. Your line is open.
Great. Thanks for taking the questions. Joo Mi, I was wondering if you could just help us kind of bridge the gap between revenue and billings growth. I know that's not a metric you guide to, but you've previously given some directional color about the growth of those two numbers being in the same ballpark. Just trying to get a sense of the difference there, what you're seeing from a billings front, anything to be mindful of around deal timing, given RPO bookings look, I think, pretty strong this quarter. Anything else to be mindful there, if FX or anything else would be great. Thanks.
Speaker 1
Yes. Revenue is lagging. I would say that current billings on an LTM basis could be indicative of the bookings performance, which is more of a leading indicator. I understand the focus on the current billings. At the beginning of the year, what I had kind of given an indication for for current billings at around 6% to 8% in line with the revenue growth guidance, 6% to 8% at the beginning of the year. For current billings, I would say that still remains true. Probably the best indicator or guidance I can give at this time. Now, on the revenue side, you could see that we've outperformed booking 10% growth rate for Q1 and Q2, guiding to 7% to 9% for Q3. What that implies is, you know, current billings going up from 7% to 8%. 7% in Q1. Q2 looks like we close it at 8%.
In the second half, because of the tougher comparison relative to the second half of last year, we are anticipating it to kind of come down to land around 6% to 8% for the full year for current billing.
Got it. That's helpful. Just as a follow-up, Sumedh, nice to see FedRAMP High. Just any insight into kind of your expectations for the federal vertical in 3Q? My gut assumption is that it's probably difficult to think that can be super impactful in the next quarter, but would love to get kind of your view on the opportunity there. Thanks.
Speaker 0
Yeah, for sure, right? I think expecting any federal movement happening within a few weeks of us getting the FedRAMP High would be a little bit too much expectation. I see for us, this has been a long-term focus and investment that we have been making. As anybody who goes for FedRAMP and FedRAMP High will tell you, this is a significant investment to really get there. We're super excited to now have that FedRAMP High platform that does vulnerability management, patch management, and cloud security. That really is going to open us up opportunities. Obviously, right now, we kind of have a mixed bag with some folks kind of waiting to see how things progress with the cost reduction. Others are seeing this as an opportunity to change out their incumbent vendors to new solutions.
FedRAMP High coming at this time bodes well in my mind for opportunities that will get created over the next few quarters because now we can go and we can basically showcase that we are the modern solution that is FedRAMP High. As they are looking for efficiency in moving out of legacy on-prem solutions, their options are a non-FedRAMP High solution in the cloud or a FedRAMP High solution with Qualys. I think that is an advantage, in my opinion, for us. We look forward to leveraging that. I'm also looking forward to a lot of other commercial companies that actually are FedRAMP High or looking to get FedRAMP High and need a FedRAMP High solution. You have a lot of big companies who are looking for that.
That puts us in an interesting opportunity, again, where it's not just the government agencies themselves, but we can also see potential pipeline build-up from commercial entities that are currently in the process of trying to go FedRAMP High or FedRAMP High and want to switch to a solution that is also FedRAMP High because there currently is no other solution that can do FedRAMP High patch management as an example, right? I don't really expect anything immediately in this quarter, but I think with the momentum that we're seeing, our investment in the federal side, the conference that we did, and now getting FedRAMP High, I think this is a key for us, as I have mentioned the last few quarters as well, that federal over the next couple of years can be an important area of growth for us.
Speaker 2
Very good. Thank you both.
Speaker 3
Our next question will come from William Kingsley Crane with Canaccord Genuity. Your line is open.
Hey, thank you. Echo, congrats on a really strong quarter. Nice to hear about Qualys flex pricing. I think this has been something you've been considering for a while. I want to hear more about what kinds of impacts we could expect as a result, like perhaps larger commitments. I just want to clarify if any of the large deals in the quarter were flex pricing. Thanks.
Speaker 0
Look, it's early days right now. The feedback that we have gotten has been very positive, right? We want to get this out and we want to get some of these deals closed. Overall, today if a customer buys VMDR, then they are interested in trying patch management. That's a whole process that they have to go through to buy that additional SKU. As we move into this QLU pricing, if they buy any number of QLUs, it gives them access to all Qualys modules, right? They have access to it. Of course, if they want to use it, they have to buy additional units to be able to leverage those. For somebody who's maybe focusing on vulnerability management, they want to try patch management, they can just do that now with the flex pricing without really having to go and get a whole new SKU purchased, etc.
That is where it's exciting for them, that they can look at the utilization, they can try new capabilities, and then as they like those capabilities, they can actually buy more units to be able to use those capabilities at scale. That's really where we see the opportunity. We are looking forward to seeing the kind of uplift that we can get because that can get a customer interested in buying fewer additional units so that they can leverage broader platform capabilities as they do the purchase. That's the hypothesis and the way we are seeing the early conversations with customers. We still need to get a few of those deals closed, and then we'll give updates as we see the progress happening.
It is definitely something that we see as a key aspect over the next year or two for us to push forward so that we can create upsells. Also, for net new customers, as we're seeing net new customers also coming in, buying multiple modules upfront, as you can see, cybersecurity asset management, patch management, already 26% of bookings for net new customers. That will give them opportunity to leverage newer capabilities and more capabilities, which then allows them to potentially buy more units as they roll that out.
Great. Yeah. I mean, the model is great for customers and good for you. For Joo Mi, you just brought on May Mitchell, and we're talking about, you know, investing in more key marketing initiatives. Of course, we've had some pretty significant earnings upticks over the past two quarters on the guide. I mean, should we expect that some of these are really going to be more of a focus in fiscal 2026?
Speaker 1
I would say that we're ready to get started because we've kind of built the momentum. If you take a look at our sales and marketing for the first half of this year, it's grown by 15% year over year nicely. Even on the R&D front, we grew it by 8% in Q1. We ramped that up to 15% because R&D also included product management. Our entire GTM team has been working very closely together to make sure that we work on the value proposition, how we're positioning our product to not just our sales reps, but more importantly, a partner-first approach. We are really working with the entire team, including the engineers, to make sure that are we working on the right product enhancements? Are we messaging it correctly? We really focus on partner marketing front.
We do anticipate that increase in sales and marketing investments up from the 15% level that we saw in Q2. Same thing on the R&D side.
It's really helpful. Thank you.
Speaker 3
The next question will come from Rudy Grayson Kessinger with D.A. Davidson & Co. Your line's open.
Speaker 2
Great. Thanks for taking my questions. Joo Mi, the revenue outperformance historically has been pretty minimal in your quarters. The last four quarters now, you've beaten on revenue by about 2%. Is there any more color you can add to that? Just what's been driving that relative to your guidance? Have you guys just adopted a more conservative guidance framework in general? Is it because of the macro conservatism or any professional services revenue potentially driving that upside?
Speaker 1
Yeah, it's not professional services, but it definitely has to do with the fact that when we first guided to revenue at the beginning of the year, there was a good amount of uncertainty in the business with respect to macro, as well as if you're taking a look at our current billings, kind of the trajectory, historical performance, and with our revenue coming down, we wanted to make sure that, look, if I'm looking at a potential range of outcomes for the business, given that we are pivoting significantly into ETM, a new platform play, introducing new products, and the difficulty that we've had with expanding the spend with our existing customers, we were looking at a more conservative scenario. It could have gone that way. Thankfully, as you see by our performance, we've done really well in the first half.
I think the team has worked really hard to make sure that we're making up for all the underperformance that we saw at the end of last year with our CMO in place. We're continuing to look for our new CRO. We are hoping that we will continue to make good progress on this going forward to the end of 2025, and hopefully, we'll be able to make some meaningful improvements in 2026.
Speaker 2
Okay. That's helpful. On current calculated billings, TTM current calculated billings, it sounds like you guys are still expecting 6% to 8% this year. What would be the drivers of upside to that figure? Irrespective of where it lands, should we still look at TTM billings as the go-forward indicator of next 12 months' revenue growth as we exit this year and go into 2026?
Speaker 1
Yes. I think that would be the best proxy at this point if you're thinking about 2026 revenue. On current billings, I would say that a higher probability of us outperforming with our existing customers given our newer products, like for example, our net dollar expansion rate did increase to 104% up from 103%. If you were to call out two areas where the additional growth could come from new land versus existing customers, I would say the latter.
Speaker 2
That's helpful. Congrats again on a good quarter.
Speaker 1
Thank you.
Speaker 3
The next question comes from Trevor James Walsh with Citizens JMP Securities. Your line's open.
Speaker 2
Great. Hey, team, thanks for taking my questions. Sumedh, maybe to start with you, great to see the product development that you're working on as far as AI agents in the marketplace and all the ways in which that can, I guess, boost the platform. There's been a lot of activity in that space, AI security just generally, kind of M&A-wise this week, given Black Hat and others. Just curious what your overall take is on that space, given some of those announcements. As a product person yourself, how you feel about building versus buying there, and if this is somehow different in the space, the pace at which some of these tools are moving and growing, that might get you off the fence to do something along the same lines, or if it's more thinking you can do it organically internally.
Speaker 0
Yeah, thank you for that question. I was like with four questions in and nobody's asked about AI. I'm so excited about it. It's super exciting, right? If you get a chance to really go through that, I think the way we have positioned and created this capability is really bridging that gap between, you know, like the agentic AI being some piece of code somewhere versus sort of having a marketplace where you feel like you're actually able to, you know, hire a Patch Tuesday expert who knows absolutely end-to-end how to coordinate scans, how to coordinate assessment, how to coordinate prioritization, how to coordinate reputation, and who gets all of that thing done all in one. You know, they have a name, they have a persona, you can rate them. That's been super exciting for us. We have been really able to get that.
We've been working on it for a few months. One of the things that's happening in AI in general is the advancement of technology is happening at a rapid pace, right? Not to get too much into the depth of it, but if you look at like RAG came out a year or so ago, and now what we are leveraging in big ways, MCP protocol, right? Like the model context protocol. MCP allows customers to much more rapidly take their existing solutions and use them with overall AI agents because they add a layer of context on top of their existing APIs and existing databases and existing data stores, right? That allows us to do this much, much quicker than what we have. I think AI security is following that same as AI concepts and AI protocols are evolving so fast.
People are also trying to figure out, well, what does that mean, right? If we were looking at RAG security, where you are bringing all of your data into one single vector database, maybe a few months ago, suddenly you have MCP, which is sort of bringing a new layer. Now, bringing the new layer of MCP doesn't mean that your existing data store and all of that does not have to have the traditional security. It still needs to have the security that you need to. What our team is doing is really rapidly tracking sort of these enhancements and new capabilities that are coming out in AI and responding accordingly. That's where we came up with Total AI a few months ago when people were running LLMs in their own environment.
Now we're seeing LLMs being run, at least the foundational LLMs being leveraged by from Bedrock as a service. We're pivoting quickly to provide capabilities around MCP protocol, MCP discovery, and MCP mapping, as well as MCP authentication authorization capabilities. I think there's always opportunities for us to look at players that are upcoming, but it's just so dynamic right now that we also want to wait and watch as we develop our own solutions to see which direction is going to be the stable direction for some of these AI capabilities to go.
Speaker 2
That makes total sense. Maybe a quick follow-up for you, Joo Mi, just more of a clarification. Now that you have the FedRAMP High in place, I know that some of the investments in the past around sales marketing were to build out the public sector team. Do you feel like those investments now are just kind of waiting to deliver on the ROI of those, or will there still be, as part of that increased spend you noted going forward, kind of public sector pieces or elements to that? Thanks.
Speaker 1
There are definitely pieces, just because we are making sure that, you know, all the investments that we made to achieve FedRAMP High have already been made. With that said, there's maintenance and there's also GTM efforts, right? Marketing efforts to make sure that we just opened up the DC office to make sure that our customers know that we have a presence in DC. We'll be working very closely with our marketing team to make sure that, you know, we have all the opportunities out there. I think that from a meaningful booking perspective, it won't happen until next year. We've been ready. I think it's just about execution at this point.
Speaker 2
Great. Thanks both for the questions.
Speaker 3
The next question comes from Patrick Colville with Scotiabank Global Banking and Markets. Your line is open.
Speaker 2
Hi, this is William Joseph Vandrick. I'm from William Kingsley Crane. Sumedh, that global fintech win you highlighted is a great example of consolidation on the platform. How often are your conversations turning into multi-product platform deals versus customers just buying a module to solve a specific pain point?
Speaker 0
You know, the way the space is evolving is very interesting, right? There are opportunities for consolidation in certain areas with the vendor, and you see that happening with CNAP, where in the past it used to be multiple cloud security solutions are kind of going under one umbrella. We also see that customers are not necessarily looking to have every single capability from the same vendor. There are areas and vendors that they trust for certain use cases, and they want to stick with those vendors. What we see when we are talking to customers is a combination of in areas where they are like, "Hey, look, I want to consolidate vulnerability and patching and some of those cloud things with you. You know, for identity, I still want to continue to use Okta.
For EDR, I'm still using CrowdStrike, and I want to use SecurityScorecard for third-party management." That's kind of where, and that deal that I highlighted was great because we saw a bunch of modules they took from Qualys, but then they also took the ETM module, which allowed them to bring third-party data from their existing solutions to consolidate into a single fabric to get a single view of their risk. That's what we are excited about is like, while it's early days, if the customer wants to consolidate certain capabilities, we have a bunch of those modules. In the cases where they don't necessarily want to consolidate right now, we don't have to walk away. We still have an ETM solution that they can purchase to take the data from the existing modules and actually provide a better value of their investment in some of these third parties.
In one of the conferences in D.C., I showcased this sort of a funnel view where we took 65 million findings across Wiz, CrowdStrike, Qualys, SecurityScorecard. After we applied the risk operations center paradigms, threat detection, and business context, it went from 65 million overall findings to 2 million that actually mattered. After we applied the business context, this went down to 300,000 that actually were adding business risks to the customer. That kind of an outcome from a risk operations center really was exciting for them so they could get the value without having to do a vendor replacement and going through that process. They could combine Qualys modules with third-party data and get real meaningful outcome and value for their board.
Speaker 2
Thanks. That's helpful. Maybe one for Joo Mi. I know you guys mentioned an improvement in gross retention and net retention. I'm wondering if you attribute that mostly to the macro environment, or is that driven by improved execution, or maybe a little bit of both?
Speaker 1
I would say it's hard to parse it, but it's probably a little bit of both because if you're talking about our net dollar expansion increasing this quarter relative to last quarter, it's a quarter of customers that were up for renewal in this quarter. From the discussions that we were having, it's not just that we start today. We typically start discussions throughout the entire year, definitely at least a quarter before the intended renewal date. What we've seen is I think that there's less of a macro headwind today than we saw definitely at the beginning of the year. With our continued execution, continuing to have multiple discussions of our new products and the value prop and how we're evolving as a company and how our product suits that, it makes sense for them, especially with what's upcoming with the new pricing model.
It's really resonating with our existing customers.
Speaker 2
Got it. Thanks so much.
Speaker 3
Our next question will come from Joshua Alexander Tilton with Wolfe Research. Your line is open.
Hey guys, thanks for taking my questions. Two for me. The first one is, Sumedh, unless I misheard you, I think you spoke to some channel initiatives that you expect to drive some large deals in the second half. Is there anything you can elaborate on those large deals? Is it new customers? Is it existing customers expanding? More importantly, are these deals baked into your revenue outlook and your 6% to 8% billings growth expectation for the full year? I have a follow-up.
Speaker 0
Yeah, no specific deals. What I talked about strategically is the risk operations center concept is resonating well with the CISOs of the partners' customers. They are working with us to get the MROP certifications and then MROP services deployed in our catalog for them to be able to sell those. What we are seeing is the conversations are driving their customers to look at consolidation of certain areas as well as purchasing Qualys licenses on top of their existing solutions as well. We are looking forward to working with them for new business deals and taking some of our existing direct customers as we work with them to see if they have the right contacts that we can upsell to additional capabilities. Nothing specific at this point that we are talking about or baking in anything additional as part of that.
This is more of a long-term initiative, and we are looking forward for our partners to start to help us build that pipeline, which obviously is going to take some time, and closing that pipeline will take some more time.
Super helpful. Maybe my second one is just more of a clarification, just to follow up to King's question. New CMO, lots of exciting product announcements. It sounds like you guys are going to invest behind this to drive some additional growth. Are the investments that you plan to execute, are they fully baked into the second half, or should we start to see these investments ramping next year?
Speaker 1
Right now, we are starting the 2026 budget and planning cycle, but what we're planning to execute to is what we had planned at the beginning of this year. It is fully baked into the guidance. The way we're seeing kind of the traction and the increase in investment quarter over quarter is we saw some nice improvement with respect to investment in product management as well as the sales and marketing. We do see more room for us to take advantage of the current opportunities ahead with the newer employees in seat. We plan to continue to invest, and hence we were guiding to the 15% to 17% increase in office growth.
Okay. Super helpful. Thanks for clarifying. Appreciate it, guys.
Thank you.
Speaker 3
The next question comes from Shrenik Kothari with Robert W. Baird & Co. Your line is open.
Hey, yeah, thanks for taking my question and congrats on the great results. Sumedh, you mentioned, of course, identity becomes the leading vector and the new periphery, and now with the formal introduction of ISPM, which, of course, potentially seems like it can be an anchor for broader Zero Trust, Sideroq, MROP. I'm just curious, what advantages do you think Qualys brings to identity risk that allows you to compete here natively against other players? What monetization potential do you see in identity risk management controls? I had a quick follow-up.
Speaker 0
A lot of value that we add is our deep understanding in how attacks work and how vulnerabilities and escalation of privileges are tied to identities. For a while, we focused on hosts and assets and servers and containers. The second part of that is the posture view of the identity and how that creates a combination that can add additional risks, right? A particular asset with a particular vulnerability, if it also has an identity that has certain issues, now the risk is compounded as an example, right?
The main differentiator that we bring is not necessarily that we are going to be an identity service provider or anything like that, but pulling in the identity posture view into the risk operations center, tying that identity view with the risk that we see coming from the infrastructure, the risk that we see coming from third-party integrations, and the risk that we see coming from any of the other sources like misconfigurations, cloud, etc. How do we bring a more holistic view of that identity as it ties to the assets themselves and as it ties to the customers' vendors and how does that create a compound risk is really our main focus. It is not necessarily that we are going to looking to replace some of the providers that they might have for identity.
It is more how do we integrate with the providers that they have for identities and then provide them a better view of the risk, which is not siloed only for identity, but it's actually a combined view of the identity and the asset together with the context of the threat actors who are utilizing that. That's really the focus.
Super helpful. Thanks for that color, Sumedh. Quick follow-up for Joo Mi. Net dollar retention ticked up. Just looking out and looking forward, I know Joo Mi had talked about potential sort of floor around 103%. How much headroom do you see just looking at, I know it's backward looking, but at the pipeline transconvergence for the NDR and from the ROC adoption, from the pricing model shift, just deeper sort of multi-module attaches with the platform model here. Just curious how you're thinking about going forward.
Speaker 1
I do see an upside there because if you take a look at our low, it was at 102% a year ago, and when we were hoping that would be the trough. Since then, we've been kind of holding steady at 103%. We did increase to 104%. If you were looking at our historical net dollar expansion rate in the most recent year, the highest we've seen was at 111% a few years back. Given the ROC, given the flex pricing, given our newer products that we've just launched, I do anticipate that to continue to tick up. Not consistently, though. I'm not calling that. I think that for this year, I'm just assuming that, you know, no new meaningful improvements in net dollar expansion rate in the current guide. With that said, that is something that we will be taking a look at very closely for next year's guidance.
Got it. Very helpful. Thanks, Joo Mi.
Speaker 3
The next question will come from Michael Joseph Cikos with Needham & Company. Your line is open.
Hey guys, thanks for taking the question here. I just wanted to cycle back to the improved commentary we're hearing today on upsell activity. Is there a way for you guys to parse out? I know if I go back to Q1, towards the end of the quarter, we saw customers look to delay or weaker upsell activity than what was initially expected. How many of those customers came back to the table? Did all of them come back in during this June quarter? Was there a catch-up, so to speak, when we think about the results we have here today?
Speaker 1
No, it doesn't quite work like that for us. Typically, what happens is there's a cohort of customers that are up for renewal because the majority of our deals are one-year renewal. If you think about the customers that were up for renewal in Q1, what we would be talking to them about is a renewal set of products and a dollar amount, and then plus the upsell side. Like let's say you were spending $100,000 with us and you had a 10% increase in budget. How would you like to allocate that? Would you like to purchase more of existing products, let's say VMDR? Would you like to try out newer products that you hadn't had before for patch management, as an example? We would be having those discussions with those cohorts of customers up for renewal in that quarter.
Typically, we would follow up with them, but it's not a meaningful percentage of customers who come back the quarter after to say all of a sudden they have an increase in budget and they'd like to do a second upsell. What you're seeing for Q2 is really this cohort of customers that are up for renewal in Q2.
Okay. That improved 2Q upsell activity then, was that in any way a reflection of the macro, or what did you guys do from an internal process standpoint to drive that behavior, whether it was from partners or direct?
Majority of our discussions currently are focused on partners. I would say that it applies still more to new land with existing customers. It's working very closely with partners, as well as our existing GTM team to make sure that we're having the right conversations with the right set of customers. I think that it's not necessarily due to one versus another. I think the macro from our perspective definitely hasn't worsened. I think there weren't any surprises in the quarter when you're looking at external factors. We are getting better in terms of making sure that how we're communicating with our existing customers, how they should be thinking about Qualys products and adopting newer products, as well as utilizing their existing subscription. We've been getting better at it. I think all of it kind of contributed to the slight uptick in the net dollar expansion rate.
Terrific. Thank you.
Speaker 3
Okay. Our next question will come from Brian Lee Essex with JPMorgan Chase & Co. Your line is open.
Speaker 2
Hi, good afternoon. Thank you for taking the question. Two for me. I guess one, Sumedh, I think you alluded to maybe making some progress on the Chief Revenue Officer front. It's great to see the addition of May to the team. Just wondering what your timeline might be around that and how that might impact some of the go-to-market initiatives you might have.
Speaker 0
Yeah, as soon as I find the perfect one. I think my focus was the last few months to really make sure we get the marketing team in shape because I think for us, it's really the messaging around risk operations center is key for us to grow in the future. Like I said, we have a pretty good team under that from a sales perspective that's been working well, as you were saying, improving our performance. We look forward to, you know, as we continue to talk and interview people. I think I don't have a timeline right now. I'm honestly just looking to find the right fit for us as we move more of a, you know, partner-led approach. We need a CRO that's going to be focusing more on partners rather than building a direct sales force, etc.
I think from that perspective, it's not necessarily worth holding back too much on the, like, you know, we are continuing to invest in the business. Of course, whenever we have a new CRO, we will work through and figure out kind of what the strategy change, if anything is needed, where that falls. Any investment changes will follow according to that.
Speaker 2
Got it. Super helpful. Maybe a quick housekeeping question for Joo Mi. FX really moving around a lot this quarter. Just wondering what the impact was, both on the revenue side and then on the cost side of the business as you see it and what we should expect. Should we see the same, devaluation of the dollar toward the back half of the year?
Speaker 1
Yeah, for us on both fronts, whether you're looking at the top line or that expense line, it wasn't material for us just because we do hedge both. We are monitoring it. When it becomes meaningful, we will call it out.
Speaker 2
Got it. Helpful. Thank you.
Speaker 3
The next question will come from Rob Owens with Piper Sandler. Your line is open.
Speaker 2
This is Aidan on for Rob Owens. Thank you for taking my question. I think you touched on this a bit earlier, but can you speak to how channel and customer education efforts with the newer products and partners have tracked relative to expectations? What are some of the hurdles that may still exist there with newer solutions and AI advancements? Thank you.
Speaker 0
I think the response has been great. One of the key strategy changes we made from a, you know, getting this information out to customer perspectives last year, we hired Rich Seierson as the Chief Risk Technology Officer, and he's the author of the book, How to Measure Anything in Cybersecurity. That has led to a lot of CISO workshops around board risk reporting. This has really been very helpful for us for top-of-the-funnel activities. We're getting a lot of direct CISO conversations, and they are hearing about the conversation of the risk operations center. We're doing these workshops along with partners in many countries where the partner will bring their customers, and you know, Rich will go and talk. I think those are all positive indicators. Again, the concept of a ROC is new, and they may not have budgeted for it.
Typically, once they come, they like the idea. They want to talk to the board. We work with them. You know, then that goes into a demo. That goes into a POC. That helps them sort of figure out, "Okay, I hadn't budgeted for this this year. How can I work on getting a budget that then I can get done, you know, purchase the following year?" That's sort of where we're at in the journey. I'm super excited about the engagement we're seeing at the top and happy with the conversions we're seeing right now as well. We have good things in the hopper. Now it's about how do we get those close. I think getting this out to the right people is something I think we're doing well.
I think now it's about how do we scale that and how do we get more people to close those deals.
Speaker 2
Thank you.
Speaker 3
There are no further questions at this time. This will conclude today's conference call. Thank you for your participation, and you may now disconnect.