Qualys - Earnings Call - Q4 2024
February 6, 2025
Executive Summary
- Q4 revenue grew 10% year over year to $159.2M, with non-GAAP EPS of $1.60 and Adjusted EBITDA of $74.2M (47% margin), reflecting stronger-than-expected profitability and disciplined OpEx; operating cash flow rose 41% to $47.7M.
- Results exceeded the company’s prior Q4 guidance (issued Nov. 5): revenue came in above the $154.5–$157.5M range and non-GAAP EPS beat the $1.28–$1.38 range, driven by better renewal linearity and upsell strength; Wall Street consensus data via S&P Global was unavailable at the time of this analysis.
- Mix and go-to-market pivot continued: channel contributed 48% of revenue (up from 44% a year ago), international grew 15% vs 7% in the U.S., and customers spending ≥$500K rose 13% to 207. Management emphasized a partner-first strategy and ETM/mROC to drive consolidation and services attach.
- FY25 outlook guides 6–8% revenue growth ($645–$657M), low-40s EBITDA margin and low-to-mid 30s FCF margin; Q1 FY25 revenue guided to $155.5–$158.5M, with non-GAAP EPS $1.40–$1.50. Gross margin is expected to contract ~1% on data center investments.
- Capital return remained a support: Board authorized an additional $200M share repurchase, lifting total available to $343.4M—a potential stock catalyst alongside the Q4 beat vs guidance and continued high margins.
What Went Well and What Went Wrong
What Went Well
- Platform and product momentum: ETM (Enterprise TruRisk Management) GA with 50+ active POCs, TotalCloud 3.0 CNAPP launch, and TotalAppSec unveiled; CEO highlighted the pivot from vuln scanning to a full-feature risk analytics and quantification platform with embedded AI.
- Profitability resilience: Adjusted EBITDA margin improved to 47% (vs 46% a year ago and 45% in Q3), with OpEx relatively flat q/q despite a 5% q/q increase in sales and marketing; free cash flow reached $41.9M (26% margin).
- Channel and large accounts: Channel revenue mix rose to 48% (+400 bps y/y), international growth outpaced domestic (15% vs 7%), and customers spending ≥$500K grew 13% to 207, reflecting traction for partner-first and consolidation narratives.
Management quote: “We have evolved our platform… to become a full feature risk analytics and quantification platform… [providing] a single AI-driven workflow that centralizes, quantifies, articulates, prioritizes and remediates cyber risk.” — Sumedh Thakar, CEO.
What Went Wrong
- New logo bookings softness: Q4 new bookings were “a little bit light,” and management assumes no meaningful growth for new business in 2025 as the company leans into partner-led motions.
- Net retention and pipeline caution: DBNER stabilized at ~103% but remains lower than 1–2 years ago; Q4 benefited from better renewal linearity, while Q1 guidance is lighter due to fewer days and no assumed late-renewal slippage.
- Margin outlook headwind: FY25 gross margin expected to contract ~1% due to data center investments, with OpEx up 18–20%; CRO departure adds near-term execution risk (CEO to oversee sales temporarily).
Transcript
Operator (participant)
Good day, and thank you for standing by. Welcome to Qualys Fourth Quarter 2024 Investor conference call. At this time, all participants are in a listen-only mode. After the speaker's presentation, there will be a question-and-answer session. To ask a question during the session, you will need to press star one one on your telephone. You will then hear an automated message advising your hand is raised. To withdraw your question, please press star one one again. Please be advised that today's conference is being recorded. I would now like to hand the conference over to your speaker today, Blair King. Please go ahead.
Blair King (SVP of Investor Relations and Financial Planning & Analysis)
Thanks, Gigi. Good afternoon, and welcome to Qualys' fourth quarter 2024 earnings call. Joining me today to discuss our results are Sumedh Thakar, our President and CEO, and Joo Mi Kim, our CFO. Before we get started, I would like to remind you that our remarks today will include forward-looking statements that generally relate to future events or our future financial or operating performance. Actual results may differ materially from these statements. Factors that could cause results to differ materially are set forth in today's press release and our filings with the SEC, including our latest Form 10-Q and 10-K. Any forward-looking statements that we make on this call are based on assumptions as of today, and we undertake no obligation to update these statements as a result of new information or future events. During this call, we will present both GAAP and non-GAAP financial measures.
The reconciliation of GAAP to non-GAAP measures is included in today's earnings press release. And as a reminder, the press release, prepared remarks, and investor presentation are all available on the investor relations section of our website. So with that, I'd like to now turn the call over to Sumedh Thakar.
Sumedh Thakar (President and CEO)
Thank you, Blair, and welcome to our fourth quarter earnings call. Looking back to last year, I can truly say that 2024 was a year of incredible product innovation and rebranding of Qualys as we celebrate our 25th year anniversary. As one of the first SaaS security companies in the world, we have continuously strived to exceed market expectations and serve as the leader when it comes to disruptive technology and cybersecurity. Today, the message is clear. Today's CISOs want to anchor cybersecurity conversations around business risk reduction as the impact of their cybersecurity spend. The market wants a platform that enables them to speak a unified language of risk to their boards and business partners while letting their teams pick the underlying platform and best-of-breed solutions for specific areas in cybersecurity rather than an aspirational goal of consolidating 50 different cybersecurity vendors into one.
Recognizing the difficulty and complexity of implementing and utilizing multiple security solutions from numerous security vendors, we have evolved our platform, previously focused on vulnerability scanning and telemetry collection, to become a full-feature risk analytics and quantification platform, bringing data analytics and insights with embedded AI models to customers while giving them the flexibility to continue to leverage their existing security tools. The net result for customers is a vendor-neutral orchestration layer that provides full visibility and risk scoring for an organization's entire attack surface, aggregates and correlates all security findings, leveraging over 25 threat feeds, and powers a single AI-driven workflow that centralizes, quantifies, articulates, prioritizes, and remediates cyber risk while delivering the efficiencies of consolidation. The rebranding and continuous enhancement of our platform is a result of our unwavering focus on prioritizing our customers' needs and addressing their challenges with innovative new solutions.
In 2024, this collaboration led to significant platform enhancements that bolster our strategic relevance and further expand our market opportunity. We introduced TruRisk Eliminate to extend our remediation capabilities beyond Patch Management. We enhanced our CyberSecurity Asset Management capabilities with patent-pending technologies to turn previously unknown internal and external-facing assets into security-managed assets in real time. We brought the MITRE ATT&CK prioritization matrix into the Qualys TruRisk Platform to uniquely predict, identify, and respond to critical risk with an attacker-centric view. With TotalAI, we delivered groundbreaking new capabilities to find and secure generative AI applications and large language models. We organically unified Cloud Infrastructure Entitlement Management, CIEM, container runtime protection, Kubernetes Posture Management, SaaS Security Posture Management, and our AI-powered TruRisk Insight capabilities into our TotalCloud CNAPP platform with multi-cloud ITSM integration, strengthening our market position.
Further flexing the power of our platform, we went GA with our Enterprise TruRisk Management solution, setting a new gold standard in the industry for proactive cyber risk management and planting the flag for organizations to operationalize a modern Risk Operations Center, ROC, at scale. In less than a quarter since going GA with ETM, we have seen strong interest with currently over 50 active prospects for POC. Our ETM solution goes beyond current Continuous Threat Exposure Management (CTEM) platforms with our ability to speak business language, effect remediation actions, and partner with cyber insurance underwriter. We believe these innovations will allow our customers to standardize on a trusted platform like Qualys, layering on top of their other existing cybersecurity solutions.
With a long track record of solving the most challenging cybersecurity challenges and challenging use cases for our customers, Qualys pioneered the cybersecurity patching category, seamlessly integrating it into our platform and bridging the gap between IT and security teams. Last year, we successfully deployed over 100 million patches with Qualys agents and, in turn, eliminated over 100 million potential incidents in our customer environment. Despite this achievement, our journey has shown that patching alone is simply not enough. That is why we introduced TruRisk Eliminate, which revolutionizes patching by empowering organizations to isolate critical assets or implement compensating controls, protecting against zero-day vulnerabilities and misconfigurations when patches aren't available or feasible to deploy. This is a major competitive advantage, and our innovation doesn't stop there. We have recently introduced TruRisk Uninstall as a fourth component to our TruRisk Eliminate package.
TruRisk Uninstall allows organizations to hunt for, detect, and uninstall end-of-life software, misuse, or unused applications, and other forms of tech debt while removing one of the most highly exploited attack paths available to adversaries with a simple click of a button. In cloud, our innovation engine continues to execute at a high level. We believe we are increasingly well-positioned to expand our share of the evolving cloud market as CISOs look to evolve risk-based approaches into multi-cloud environments as well. Advancing our competitive differentiation, we have recently brought many new capabilities into our agent and agentless TotalCloud CNAPP solution, including comprehensive attack path analysis, enhanced risk quantification leveraging our TruRisk Insight capability, and automated no-code, low-code cloud workflow remediation.
This latest release, which we call TotalCloud 3.0, unleashes an organization's ability to easily visualize the entire blast radius of an asset's attack path and systematically identify, prioritize, and resolve critical threats for pre-runtime and runtime protection. As a result, TotalCloud 3.0 is streamlining operations with an unparalleled outside-in and inside-out perspective of an organization's cybersecurity posture for secure cloud consumption. In our view, TotalCloud 3.0 is one of the most comprehensive CNAPP solutions available in the market today, and its growing momentum is a strong testament to the assurance customers place in Qualys every day. Finally, with the introduction of Qualys' TotalAppSec, we are now providing customers with the ability to expand their AppSec assessments into expanding attack surface with the use of APIs for B2B and mobile apps.
Qualys' TotalAppSec includes comprehensive inventory and threat assessment of their web applications and APIs with unified malware detection and automated response. Moving on to business update, over the past several months, I personally met with many customers, prospects, and partners. These conversations all center around the same topic. Customers require a holistic view of their cyber risk when that is quantified and prioritized, articulated in terms of risk to their business, and remediated to an acceptable level in a single integrated workflow on top of their existing solutions. Given Qualys' blueprint for delivering these requirements with greater value to customers, our technologies are not only fueling new logo land but also helping to increase broader platform adoption, especially in the areas of VMDR, CyberSecurity Asset Management, Patch Management, cloud security, and now the Risk Operations Center delivered by Qualys ETM.
With thousands of customers consolidating on Qualys' Enterprise TruRisk Platform, let me again share a couple of recent wins which illustrate why these companies are turning to Qualys to help unify their security tools, quantify cyber risk in their environment, and fortify their security operations. First, an existing Global 100 multinational insurance company security team with multiple tools in their environment faces increasing personnel costs and struggles with limited visibility into their overall risk profile. Through a highly competitive RFP process, this customer chose Qualys and launched an initiative to collapse their security stack and ingest data from other cybersecurity tools into the Qualys platform, enrich asset context with business information brought by their CMDB integration, and centralize their remediation. This included their purchase of eight Qualys modules and deploying ETM to begin orchestrating their ROC, resulting in a seven-figure annual bookings deal.
We are now quickly migrating numerous data sources to the Qualys platform and delivering the outcome of consolidation and quantifiable risk and automated response aligned with business priorities. Turning to the momentum we see with TotalCloud CNAPP solution in a mid-six-figure booking upsell with a Global 50 conglomerate, this existing VMDR CyberSecurity Asset Management, Web Application Scanning, and Custom Assessment and Remediation customer launched an initiative to further unify its security stack and replace its incumbent cloud-only security vendor. Through its evaluation, this customer did find that alternative point solutions added complexity to their operations, lacked integration and risk detection, which hindered their ability to assess risk and consolidate their security tools.
Today, through a highly scalable, natively integrated CNAPP solution, this customer is leveraging the Qualys Enterprise TruRisk Platform to combine insights from build-through runtime with proactive risk management while actively detecting anomalies, preventing zero-day attacks, closing security gaps, and remediating risk with ITSM integration through a single dashboard across its on-prem, hybrid, and multi-cloud assets. These capabilities provide the visibility and automation necessary to defend against today's adversaries and represent a significant long-term opportunity for Qualys. With seamlessly integrated solutions delivered natively on our platform to solve modern security challenges, more and more Qualys customers are beginning to understand how cybersecurity transformation drives better security outcomes, saves time, and costs less. As a result, customers spending $500,000 or more with us in Q4 grew 13% from a year ago to 207. Consolidating workflows isn't just happening with customers.
It's also embraced and prioritized by our partners, underscored by an interestingly strong mix of new business and significant growth. As we continue to endorse a partner-first sales motion, partner-led deal registration, and win rates increase in Q4. In addition, with the launch of ETM, many of our managed security service providers are now deeply engaged for the first time in delivering new Managed Risk Operations, MROC services, encompassing risk quantification, security tool integration, risk monitoring, and patching. Similar to how MSSPs monetize the SOC for post-breach response, the MROC is now the new frontier for MSSPs to capitalize on the centralized and automated approach to pre-breach risk management. Partners are actively spearheading these new initiatives with Qualys as their MROC platform of choice.
Turning to our executive team update, I would like to congratulate Dino DiMarino, our Chief Revenue Officer, who has decided to accept a CEO role at another company. I wish Dino well and thank him for his contributions during his tenure at Qualys. As we continue to focus on executing our product-led growth vision and partner-first strategy, I plan to oversee the sales organization while continuing to grow and scale the sales group. We're fortunate to have a talented next-level team of regional sales leaders who are energized by our competitive position in the market and ready to drive our business forward.
With our FedRAMP High Ready platform, anticipating FedRAMP High certification in 2025, and our continued investment in federal GTM, we remain excited about the massive opportunity as the federal government looks to change the way things have been done in the past with clunky and costly on-prem solutions and move to cloud-based, modern, effective, and cost-efficient solutions for cybersecurity risk management. In summary, I couldn't be more confident in our market position and opportunities for growth over time. Our leadership as a trusted security platform is a clear reflection of Qualys' dedication to continuous innovation, delivering value to customers and transforming cybersecurity risk management. Looking ahead to 2025, we'll continue our disruptive innovation, further advance our go-to-market investments, and execute our strategic vision with a balanced approach to long-term growth and profitability.
With that, I'll turn the call over to Joo Mi to further discuss our fourth quarter results and outlook for the first quarter and full year 2025.
Joo Mi Kim (CFO)
Thanks, Sumedh. Good afternoon. Before I start, I'd like to note that except for revenues, all financial figures are non-GAAP, and growth rates are based on comparisons to the prior year period unless stated otherwise. We're pleased to report a healthy finish to the year, highlighting our continued execution, financial discipline, and scalable business model. For the full year, we grew revenues by 10% to $607.6 million and achieved adjusted EBITDA margin of 47%, even with continued 14% growth in investments in sales and marketing. Net income and EPS grew 16% to $229 million and $6.13 per diluted share, respectively. And free cash flow reached $231.8 million, or 38% of revenues, all of which exceeded our expectations for the year.
Turning to fourth quarter results, revenues grew 10% to $159.2 million. The channel continued to increase its contribution, making a 48% of total revenues compared to 44% a year ago. As a result of our continued commitment to leverage our partner ecosystem to drive growth, we were able to grow revenues from channel partners by 18%, outpacing direct, which grew 3%. By geo, 15% growth outside the U.S. was ahead of our domestic business, which grew 7%. U.S. and international revenue mix was 58% and 42%, respectively. With customers confirming their prioritization of security within IT budgets, we anticipate the selling environment in 2025 to remain stable, with ongoing budget scrutiny persisting for the foreseeable future. Reflecting the sentiment, in Q4, our gross retention rate remained approximately at 90%, and our net dollar expansion rate came in at 103%, unchanged from prior quarter.
In terms of product contribution to bookings, Patch Management and Cybersecurity Asset Management combined made up 15% of total bookings and 24% of new bookings in 2024. Our cloud security solutions, TotalCloud CNAPP, made up 4% of 2024 bookings. We attribute the success to our customers' need for broader contextualized awareness of their attack surface, with natively integrated risk management and remediation workflows across all environments on a single platform. Turning to profitability, adjusted EBITDA for the fourth quarter of 2024 was $74.2 million, representing a 47% margin, compared to a 46% margin a year ago and 45% last quarter. This stronger-than-expected performance resulted from our targeted optimization efforts, which was part of our 2025 planning process. Consequently, operating expenses in Q4 remained relatively flat to last quarter, while sales and marketing investments grew moderately by 5% from last quarter.
EPS for the fourth quarter of 2024 was $1.60, and our free cash flow was $41.9 million, representing a 26% margin, compared to 22% in the prior year. In Q4, we continued to invest the cash we generated from operations back into Qualys, including $5.8 million on capital expenditures and $42.3 million to repurchase 312,000 of our outstanding shares. As of the end of the quarter, we had $143.4 million remaining in our share repurchase program. We're pleased to announce that our board has authorized another increase of $200 million to the share repurchase program, bringing the total available amount for share repurchases to $343.4 million. With that, let us turn to guidance, starting with revenues. For the full year 2025, we expect revenues to be in the range of $645 million-$657 million, which represents a growth rate of 6%-8%.
For the first quarter of 2025, we expect revenues to be in the range of $155.5 million-$158.5 million, representing a growth rate of 7%-9%. This guidance assumes no material change in our net dollar expansion rate, with moderate growth contribution for new business in 2025. We also realize that there may be some near-term adjustments to the plan, given the upcoming CRO departure, and we'll be sharing updates as we make progress throughout the year. Shifting to profitability guidance, for the full year 2025, we expect EBITDA margin to be in the low 40s, implying an 18%-20% increase in operating expenses, and free cash flow margin in the low to mid-30s. We expect full year EPS to be in the range of $5.50-$5.90. For the first quarter of 2025, we expect EPS to be in the range of $1.40-$1.50.
Our planned capital expenditures in 2025 are expected to be in the range of $8-13 million, and for the first quarter of 2025, in the range of $2 million-$4 million. In 2025, we anticipate gross margin to contract by approximately 1%, given certain investments we are currently making in some of our data centers to achieve greater operational efficiencies and reduce medium to long-term marginal costs. With respect to operating expenses, we plan to align our product and marketing investments to focus on specific initiatives aimed at driving more pipelines, accelerating our partner program, and expanding our federal vertical. As a percentage of revenues, we expect to prioritize an increase in investments in sales and marketing and engineering, with a more modest increase in G&A. With that, Sumedh and I would be happy to answer any of your questions.
Operator (participant)
Thank you. As a reminder to ask a question, please press star one one on your telephone and wait for your name to be announced. To withdraw your question, please press star one one again. Please stand by while we compile the Q&A roster. Our first question comes from the line of Kingsley Crane from Canaccord Genuity.
Kingsley Crane (Managing Director of Equity Research)
Hi, thanks for taking the questions, and congrats on your great quarter. So again, you have so many great products in the portfolio. We've seen some others in the space opt for more of a consolidated consumption plan that simplifies pricing and can get more products in the hands of customers. So any thoughts on creative packaging opportunities over this next year?
Sumedh Thakar (President and CEO)
Yeah, that's a great question. I think for us, as I mentioned in my script, really customers are looking at ways that they can anchor how they're looking at their cybersecurity spend by looking at the business risk and how they are able to articulate that spend by reducing business risk. And that is a combination of bringing Qualys modules wherever available, bringing data from third-party solutions wherever available. And so as we are early in the journey right now with ETM and the amazing feedback that we are getting right now from the early adopter customers for ETM and the POCs that we're going, I think as an evolution of that, we continue to look through the year at getting feedback from these early customers on how we can help them adopt the broader platform, both in terms of the integration, but also pricing.
And it is something that we will be continuing to review throughout the year to see where we have opportunities for packaging that sort of a model anchored around the adoption of ETM rather than individual modules.
Kingsley Crane (Managing Director of Equity Research)
That's great to hear. And Sumedh, with Dino's departure, it sounds like you're going to oversee sales efforts a bit more hands-on. You recently had taken on a bit more with product and marketing as well. So just wondering, any updated plans or thoughts on your bandwidth and if you're looking to hire any key leaders across the business and just how you plan to balance your time the upcoming year?
Sumedh Thakar (President and CEO)
Thanks. Yeah, thank you. I've done this a couple of times in the past, and I'm happy to jump in periodically to help as needed.
Again, we thank Dino for being part of the team, but we have been working on this for a while with the broader team, not just the CRO. And our 2025 planning is in a good place. So now it is really about focusing on execution. And as you see, key part of our execution is celebrating the success that we're seeing with our engagement with the partners and how can we pivot more towards a partner-oriented GTM strategy, which means that the focus is a little bit less on direct and growing direct and more on how do we partner with our partners, both from lead gen, pipeline gen, as well as execution on closing deals, etc. So I think we continue to focus on executing that, working closer with partners and aligning our sales leadership with that.
The good news is that our sales leadership below Dino is very strong. Many of them have been here even before Dino joined us, and they are very connected, dedicated to the mission, and so I look forward to continuing to do that. I think on the product side, we have great leaders with our CTO, Dilip Bachwani, as well as our SVP of Product Management. Both have been here for over 10 years and really driving, working with me, the execution that is needed on the product side, again, aligning to our vision of delivering capabilities like MROC, which will encourage our partners to do more with us, not just from the GTM side as well, but also from the product side.
So again, for us now, it is really more about finding the right leader who understands our partner focus and will be leaders who will be working with us on making sure that we are not necessarily focusing on the direct side of growing the business, but more around focusing on how do we pivot our partner focus and make sure that all the different aspects of the business are going in that direction.
Kingsley Crane (Managing Director of Equity Research)
Makes sense. You definitely have a deep bench. Thanks for the time.
Sumedh Thakar (President and CEO)
Thank you.
Operator (participant)
Thank you. One moment for our next question. Our next question comes from the line of Matthew Hedberg from RBC Capital Markets.
Michael Richards (Equity Research Senior Associate)
Hey, guys. This is Michael Richards on for Matt. Thanks for taking the question here.
Maybe I want to go back to Dino's departure and appreciating that you probably already had your sales kickoff here and you had a plan for the year. But what are some of the changes that maybe we could expect or that I think could really improve the sales motion this year, given his exit and you taking the reins here?
Sumedh Thakar (President and CEO)
Yeah, we really finished our planning for 2025 towards the end of last year, and now it is about executing on the sales goals with our sales head, who I think that's helping essentially manage a sales team globally, SVP of product, SVP of partnerships, and then our VP of sales ops and enablement.
And so as I talked a little bit about this, and you saw the release of MROC, which is our partner-focused managed services platform, as well as really focusing on working with our partners on how do we increase the deal registration, how do we leverage essentially our margin to make sure that we are able to balance bringing customers to these partners, but also how these partners can actually create revenue for themselves with services that they can anchor around the Qualys platform with consolidation of multiple different capabilities with risk quantification, remediation, etc. And so for us, really focusing on the pillars of how are we going to make sure that we last year, as we said, our focus was partner-led for new business.
We started end of last year, and this is our key execution this year, is how do we also work on our existing business, which has direct customers, to leverage that relationship with our partners to potentially bring them some of our direct customers while working with them on a partnership where they bring us new logos so that we can execute towards creating more opportunities for ourselves. So there are multiple different things that we're focusing on that, as well as focus on our federal business, which is something that we are excited about, the potential opportunity. So we'll continue to execute on that aspect as well because our current contribution to the business from federal is extremely small, and so there continues to be a much larger opportunity there.
So it's really about how do we pivot our execution, which has been a mix of direct and indirect, reduce the friction that is there, and then build the confidence with our partners by not only giving them that confidence of the business we can bring them that is direct with us, but also giving them a potentially significant revenue stream by adding services around the managed ROC capability, which we are seeing a lot of global enterprises gravitate towards, given that it adds a layer on top of their existing tools as well.
Michael Richards (Equity Research Senior Associate)
Great. And then I just want to ask on TotalAI. I mean, it seems like there's such a big opportunity there. So maybe stepping back, has there been any early customer feedback on TotalAI?
How are you thinking about it in terms of a growth driver for next year or maybe just picking up steam? And then I know it's all greenfield, but who else are you seeing when you're going in and talking about TotalAI? Is there anyone else kind of doing what you're doing here or anything else on just competitive dynamics there?
Sumedh Thakar (President and CEO)
Great question. I think if you look at the journey of AI itself over the last couple of years, I think 2023, a lot of people started looking at that. In 2024, lots of POCs took place in many companies around leveraging LLMs. And then as we get into 2025, we are going to start to see deployment of more and more AI LLMs into actual production environments. We saw a little bit of that starting to happen at the end of Q4.
And so the questions from customers really are about what are the things that they can do to secure their AI workloads. And the first question we ask is, well, how many do you have? And they cannot even answer that. And so in that sense, the TotalAI capability, and you probably saw our recent blog, we pointed our Qualys TotalAI to DeepSeek and found a whole bunch of issues. And it's really about helping customers get that level of comfort that whatever they are putting out in the production environment is not something that could be jailbroken and is not something that is leaking information that it should not. It is following compliance guidelines as well as detecting vulnerabilities in this.
In that sense, the way we see it is TotalAI is fairly unique because we are actually able to leverage our existing footprint in the customer environment to first help discover their AI workload so they don't have to deploy another solution to discover AI in the first place. Then once we discover those AI workloads, we're actually able to scan them using the scanner, the agent that they already have from Qualys, and then provide them that visibility. Early feedback has been very good. In fact, in our strategic advisory board, when we ask our strategic advisory board CSOs to pick the area that is top of mind for them for 2025, AI security came up the most. We look forward to those engagements turning into paid opportunities.
However, CISOs are also going through this right now, trying to figure out how are they going to pay for this? Where does that come from? Do they get additional budget? Are they going to get additional budget for security? Are they going to move some of the money around from their existing budget, given that overall increase in cyber spend is not that significant? We don't anticipate it to be that significant. So I think right now it's a little bit early for us to know what kind of impact it is going to have. But the opportunities that we are starting to see build up are definitely encouraging and positive. And in that sense that the way we are scanning AI, we feel that it's pretty unique.
That's the feedback that we're getting from customers is this is a great way because they look at it as like the e-gates at immigration, right? Like the security will scan that LLM before it goes into production and then give a thumbs up or a thumbs down so that they can go back and see it. Again, if you want to see the kind of things that our scanner is able to detect, you can read our blog around when we pointed it to DeepSeek, what are the things that we found around that. We're excited about that. We just don't know right now and monitor really how that opportunity is going to evolve.
And yes, it is greenfield, but also depends on how much additional budget CSOs will be able to get from their CFOs this year versus next year in terms of investing more in AI security. And we expect that to start this year and have a gradual ramp into the next couple of years.
Michael Richards (Equity Research Senior Associate)
Great. Thanks again. Congrats.
Sumedh Thakar (President and CEO)
Thank you.
Operator (participant)
Thank you. One moment for our next question. Our next question comes from the line of Rudy Kessinger from D.A. Davidson.
Rudy Kessinger (Managing Director of Senior Research Analyst)
Hey, thanks for taking my questions. The last two quarters now, you guys have had pretty good outperformance on both revenue and current calculated billings. I guess just particularly in Q4, just relative to your guidance and expectations, what came in specifically better than expected?
I know you said you had a weaker Q4 pipeline going into the quarter, but again, pretty strong revenue, current calculated billings in the quarter, and then just as I look at the guidance for Q1 and next year, it doesn't seem like you're really expecting that to continue, particularly in Q1 with the revenue decline expected, so I don't know, was there anything maybe one-time in Q4 that drove the upside? Or I'm just trying to put together the strength in Q4 and Q3, but not really seeing that continue in the guidance that you're providing.
Joo Mi Kim (CFO)
Yeah, the second half of 2024, current billings, if you're taking a look at that, it was higher than the bookings performance, partly due to the invoicing cycle.
But if you take a look at the revenue in Q4 in particular, we did have better linearity, a little bit better on the renewal in terms of how the deals closed in the quarter that did have an impact on the revenue that we booked in Q4. Looking into Q1, one of the reasons why Q1 looked a little bit light is because, I mean, we're not taking into any consideration from the late renewal slippage into Q1. And then plus the fact that the number of days in Q1 is lower by two relative to Q4. And then looking at the full year, one of the assumptions that we've kind of made was if you take a look at our net dollar expansion rate, currently at 103%, which is great from the perspective of it's stabilized.
However, if you take a look at a year before or even two years ago, it's down. So taking that into consideration, looking at the trajectory of the business, we are assuming no improvement in net dollar expansion rate going into 2025. And then also the fact that we are taking that partner-first approach, right? So which means that with the partner business currently making up 48% of revenue in Q4 relative to 44% a year ago, we are expecting that trend to continue into 2025, which could have a shorter-term negative impact on the growth.
Rudy Kessinger (Managing Director of Senior Research Analyst)
Okay. And on the new logo front, I know for the first several quarters in 2024, you've called out, I think, double-digit year-over-year growth in new logo bookings. I know Q4 was a tougher comp. But where did that land in Q4? And I know you're keeping that expectation on DBN and to remain steady, 103. What is your expectation then on new logo bookings growth in 2025? It would seem to be it's expected to be weaker growth than 2024.
Joo Mi Kim (CFO)
Yeah. That is the assumption that we're making right now because in Q4, last quarter earnings, we had called out the fact that Q4 looked to be a little bit light from the new bookings perspective. And it actually did turn out to be that. We were a little bit disappointed with the new bookings performance and then the amount that it added to the revenue growth rate. So we're kind of assuming that it will continue on that path into 2025, where we're not expecting meaningful growth in the new business, especially particularly just because we are more focused on landing new logos through our partners.
So we'll be working with them very closely to see what kind of incentives that we can offer them so that they can really go out into the market and help us to get new customers in.
Rudy Kessinger (Managing Director of Senior Research Analyst)
Okay. That's all very helpful. Thank you.
Operator (participant)
Thank you. One moment for our next question. Our next question comes from the line of Shrenik Kothari from Baird. Shrenik, your line is now open. Please check your mute button. Again, Shrenik, your line is open. Please go ahead. One moment for our next question. Our next question comes from the line of Josh Tilton from Wolfe Research.
How are you? This is Mark taking over for Josh Tilton. Just one quick question. We've heard several vendors talk about conservatism related to the federal vertical and the administration change. We just wanted to ask, how are you thinking about that for the coming year in terms of potential opportunity and how it's factored into the guidance? Thanks.
Sumedh Thakar (President and CEO)
Yeah, we're super excited about the opportunity, right? And I think what exactly the administration will do on a day-to-day basis, I think your guess is as good as mine right now with all the things that are changing. However, I think the narrative from the new administration has definitely been about not doing things the old way and really bringing more efficiency in everything that the federal government is doing. And so that we look at that as opportunities for us because many federal agencies for many years have been using on-prem vulnerability assessment capabilities that are arcane, that are costly to maintain, need a lot of hardware, need a lot of people.
And so as we await our FedRAMP High certification, which will then make our platform as one of the only FedRAMP High platforms that does vulnerability management, Patch Management, EDR, risk management, all in a single platform, we are excited about the potential properties that it can bring. We continue to invest in our federal team. That is one of the things we're focusing on this year, focusing GTM, growing the team as well on the federal side. And with that, and just a little bit hard right now to know when we will get that FedRAMP High certification this year with the administration changes, but we are hopeful for that. And once we get that, that can open up quite a bit of opportunities for us. But hard to tell right now what impact it will have on 2025.
So we're not factoring that anything majorly in it right now. But overall, given the narrative of being able to bring efficiencies and being able to modernize infrastructure and moving in a more positive direction, we think we're well suited to capitalize on that versus older on-prem solutions that have been incumbent there for a while.
Awesome. Thank you so much. Congrats.
Operator (participant)
Thank you. One moment for our next question. Our next question comes from the line of Yun Kim from Loop Capital Markets.
Yun Kim (Managing Director)
Okay, great. Thank you. Quick question on the Enterprise TruRisk Management or ETM. It seems like that's a clear differentiator for you guys out there, and it's definitely something that at least I'm keeping an eye on. If you can just talk about the overall go-to-market motion around ETM, the competitive landscape, and obviously, you're heavily leveraging the channel this year.
Is this a product that could be leveraging to the channel, not just direct? Thanks.
Sumedh Thakar (President and CEO)
Yeah, that's a really good question, especially if you look at right now. We believe we don't see any other solution in that space that is as comprehensive as ours because you have some aggregation solutions that are very focused on vulnerability aggregation, but they don't do risk quantification. There are some that do some risk quantification, but they don't do the aggregation part as well. And definitely, we don't see anybody who's kind of doing that, also doing a good job at remediation.
And so if you look at the Qualys ETM platform and the concept of the Risk Operations Center, which a lot of our CSOs are super excited about because they don't want to go to the board for next year's strategy and say that they just want to implement another solution for multi-factor authentication as their strategy. They want to be able to say, "We're building out a Risk Operations Center just like 10 years ago we built our security operations center for threat detection. We want to do proactive risk management." And the ETM platform enables bringing out a Risk Operations Center. And that's why, because it provides the risk quantification, it provides the ability for a CSO to be able to have a conversation. Today, they say, "We fixed so many things and we had so many issues," but that doesn't mean anything to the business.
ETM allows them to go out and be able to say, "Look, our $500 million business has a potential loss of $10 million a day." And currently, based on risk signals from multiple different products, the possibility of that happening is high. And if we invest $500,000, we can bring that risk down to an acceptable level. And so now it is a much better conversation that the CSOs can have with the CFOs to say, "Look, we can invest $500,000 in this particular area of cybersecurity, and it will bring down the potential of losing $10 million a day by 80%." That's a much better conversation, is how they look at it, and that's the feedback that we have gotten. And we don't see other platforms out there right now that are really enabling that.
I think the GTM definitely evolves for us this year as ETM comes out because now it's less about a replacement conversation about your existing vulnerability management solutions. So our new business sellers can really go out there and say, "That's okay. You can keep the current solutions that you have if you have this cloud provider and that vulnerability provider and that identity provider. We are not here to have an immediate replacement conversation. We can easily take the data from all of them, and we can show you a consolidated view of the risk coming from all these existing solutions," which makes it a little bit easier for the CISO not to have to go for a fight with their internal teams to replace a tool that is already working well for them just because they're getting some additional potential discount.
So it essentially means our new business sellers, any customer that has any cybersecurity toolset becomes a potential customer for us for acquiring new logos and doesn't have to take that long as it would if you're replacing another solution. Our post-sales team, they get an opportunity for existing customers that might have some other solutions for cloud security, for EDR, to then go and layer that on top. And we already had one customer that has a well-known cloud security provider just for their cloud estate, but then they are purchasing the ETM capability, paying us additional revenue on top of what they're paying that cloud provider to consolidate those findings into one, right? So it gives us the opportunity to make revenue on top of any investment that the customer might have made in another tool as well.
But also from a partner perspective, I mean, as we work with partners, of course, the partners have been selling our competitor solutions for a certain margin, and you can give them a little bit more margin here or there, but that doesn't move the needle as much. However, many of the providers who are resellers, etc., are moving to figuring out how they can increase revenue significantly with managed services because services is where they can make a lot of business. And so today, with the deployment of ETM, where really largest customers are actually the ones who are looking at deployment, they need services around that and services for risk quantification, service for aggregation, service for risk monitoring, service for risk elimination. And these are brand new services.
So these partners today are in the MDR market, which is a cutthroat market, and the MDR service is provided by many people. But the reason why partners are excited and can potentially bring even more business to Qualys is because every business of purchasing Qualys products that they bring can add additional services for them on top of Qualys that they can generate revenue on. And so that is where a key part of what we are doing, and you saw the release that we did with MROC, is really about enabling ETM to be delivered through our partners for the most part so that partners are excited about larger deals bringing those to us. And also, they don't have to constantly get in the conversations of replacing tools to make additional revenue.
So a little bit of a longer answer, but it's something that is definitely an interesting way for us to tweak our GTM and have less replacement conversations and more about consolidation and letting them use the existing toolset that they have. Because honestly, when we talk to CISOs, very few of them, if at all, are actually thinking that they're going to replace all of their tools with a single vendor.
Yun Kim (Managing Director)
Wow. I can tell that you're very excited about the opportunity around ETM. So just another question around the investments that you're making around the indirect channels. You already talked about the opportunity around MSSPs, but what about the hyperscalers and CSPs? Is this something that could be also deployed on the cloud environment as well, meaning the CSP environment?
Sumedh Thakar (President and CEO)
Yeah, for sure, right? I think today, if you look at it, you can have this cloud security solution that is either provided by the CSP or is provided by one of these cloud-only solutions. But when I ask CSOs, I say, "Okay, that's great. So now you know you have 75 buckets that are open, but how does that impact your business? Do you know how much you'll stand to lose because of these buckets open?" Then they cannot answer that question because a lot of times the risk may not be in the cloud directly, but the risk might be coming from a malware that is on the laptop of the admin who is looking to access that particular cloud account. And a cloud-only provider cannot pick that up, but then an EDR provider will pick up the risk. How do you tie these two things together?
And that's where something like ETM can be useful. And as our larger customers, they are working with different cloud providers, and they have EDP credits with different cloud providers, and they can leverage those. We continue to work with them to find ways that we can essentially map customers that have other tools but can actually use their credits to purchase things like ETM as well or working with partners who can then transact through some of these cloud providers for their credits. So I think those are also opportunities that we are continuing to explore. We recently had a conversation with a cloud provider exactly around that. And so that's an area that we continue to push forward this year as well.
Yun Kim (Managing Director)
Okay, great. Thanks. And good luck with the ETM this year. Wish you the best around that. Yep.
Sumedh Thakar (President and CEO)
Thank you very much.
Operator (participant)
Thank you. One moment for our next question. Our next question comes from the line of Jonathan Ho from William Blair.
Jonathan Ho (Research Analyst)
Hi, good afternoon, and congrats on the strong result. I just wanted to understand sort of relative to your guidance, how we should be thinking about the level of investments that you're making this year and maybe where you see the most opportunity to leverage that, either relative to your go-to-market comments or on the product side. Thank you.
Sumedh Thakar (President and CEO)
I think for us, we continue to evolve the product, and so there are opportunities for us to work with our partners on things like MROC, but I think our focus continues to be on GTM investments. That's where we see, again, tracking returns, seeing the success we're seeing with partners.
And so it's really going to be about how do we continue to find ways with our partners to invest in GTM, but pivot more towards working with partners to bring them business so that they can bring us business, doing co-marketing, joint marketing, etc., investing in roadshows around MROC, etc., and then investments in the federal business, which is something that we want to continue to do. So those are essentially the areas that we are looking to do. I think the product development area is something that we do well, and we do very efficiently as well. And of course, there will be certain investments in solution architects and the functions to surround the sales team with success for being able to go out and do POCs around ETM, etc.
But that's really how I see where we're going to be continuing our investment and not necessarily so much on engineering and product increases. Got it. Got it. And just as a quick follow-up, I mean, I think we've seen a lot of emphasis around TruRisk and TotalCloud in our conversations. How do you think about this approach of selling on the bundling side and potentially what that uplift looks like from a revenue standpoint, maybe not immediately, but over time? And how do we think of that, especially along the axis of adding additional product versus adding additional assets? Thank you. Yeah, we are actually excited about the opportunity. We see that as ETM, which is ETM becomes a layer on top of the different cybersecurity capabilities that the company has, and ETM becomes the layer through which the CISOs really interact with the platform.
The way we see that is that those who want to adopt ETM, the platform play becomes actually quite interesting because now for ETM, they can actually adopt inventory. They can adopt vulnerability management, cloud security, some of these modules from Qualys as they need, and then also bring data from other third parties as well. As we get feedback from our customers, we do see that ETM can allow us more conversations around, "Well, here's a platform that is going to essentially pull in the basic things that you need for your initial risk management," and then you can layer on by using additional spend for third-party data coming in.
As we learn through these conversations with our initial customers, I think that is going to inform later this year on how we come up with the packaging and bundling around ETM that includes multiple Qualys modules. Today, we are already seeing conversations with our existing customers where they are actually looking to buy additional Qualys modules just because they integrate into a singular score, right? That's the idea is that instead of getting all these big lists, and when I talk to CISOs and ask them what is their risk posture view today, they show me 10 different dashboards from 10 different tools, but that doesn't say anything about how much risk a particular entity in their environment has because every single tool is reporting a different set of findings.
So, TruRisk anchors to say, "Well, why should I buy AppSec from Qualys versus somebody else?" Because the Qualys AppSec is already built into the platform, and there is no additional cost right now to use that within ETM. So it's like you can bring AppSec data from a third party if you would like. So we're open to that, but then they pay for the data ingestion. Or if they use the Qualys module, which we already have, then they don't have to pay for the ETM ingestion license as an example, and that is an incentive potentially for them.
So as we roll this out, we will get feedback from customers and see how that increases our attach rate for additional products, and then how do we come up with the pricing that allows them to adopt more capabilities as part of ETM without having to create purchase orders every time they want to try something new. So in a way, how do we find a way to give them access to bundle or at least to have access to multiple capabilities from Qualys with the spend that they have with us? So these are things that we are working through right now and that we are excited about getting feedback from our customers, and that should inform how we roll out bundling and pricing at some point later this year.
Jonathan Ho (Research Analyst)
Excellent. Thank you.
Operator (participant)
Thank you. One moment for our next question. Our next question comes from the line of Brian Essex from JPM.
Hello, Team. For Brian Essex. Quick question. I guess you've now provided your revenue guidance for the year. How should we think about billings, especially with the strong billings that you had the last two quarters? Should it follow a similar trajectory to what you provided for revenue guidance? And overall, how should we think of it going throughout the year? Thanks.
Joo Mi Kim (CFO)
Yeah. For current billings, we ended the year at 9% and total revenue growth rate of 10% for 2024. I would just assume for now, since we don't provide current billing guidance, you can assume the same current billing growth rate in 2025 as a revenue guidance, which is 6%-8%.
Got it. Thanks. And I guess a quick follow-up.
Can you help me understand what do you think still needs to happen in the channel to see investments translate to top-line growth? I know overall, investments in the channel can be a lagging effect versus just investing indirect. At what point do you think you've invested what you need to do? Is it just that you need to continue with product knowledge? Overall, what still needs to happen? Thanks.
Sumedh Thakar (President and CEO)
Yeah. I know this is a multi-year program that we launched a couple of years ago and initially was just repairing our relationship with partners and building confidence and getting initial deal registers. We evolved that strategy into going fully new business partner first, which was sort of the next step.
This year, we are focusing on working to see how we can take some of our direct customers to the partners and have them bring us additional net new logos for having this partnership. The next evolution of that is the margins and the percentages are fine, but how can we help them make $10 of services revenue on top of $1 of product revenue potentially, right? That's where the evolution of mROC is. And so I think we internally, of course, we continue to track our deal registers. We continue to track our win rates with partners. It is pretty clear that we're having good success with our strategy so far. And so now it is about pivoting towards that. And I think we have done a pretty good job of going from a 60/40 down to a 52/48 split while reasonably maintaining our margin.
And so I think that's a testament to the way that we are thoughtfully tracking our investments and working with our partners. So we continue to work with our partners and continue to improve our deal registers and improve our win rates with partners. And part of that is we're doing a lot of investment, spending time with the SKOs, providing them opportunities for upsells with collateral and material, and then also a lot of training that we are doing with these partners so they become aware of the Qualys capabilities and how to pitch some of the Qualys capabilities. So those are all areas that we have been investing in, and we continue to invest there.
Thanks. Thanks for taking the question.
Operator (participant)
Thank you. One moment for our next question. Our next question comes from the line of Hamza Fodderwala from Morgan Stanley.
Oscar Saavedra (Equity Research Associate)
Hi, this is Oscar Saavedra from Hamza. Thank you for taking my question and congrats on solid results in the quarter. Going back to guidance, last quarter, you noted expectations for ongoing budget scrutiny to proceed going forward. Today, you're expecting NRR to sustain at around 103%. And if I heard correctly earlier, you noted expectations for near-term potential adjustments to guide to incorporate the CRO transition. So can you help us bring all that together, and how should we think about the level of conservatism to guide? Thank you.
Joo Mi Kim (CFO)
Yeah. I think our guidance for this year takes into consideration all the points that you just laid out. I think that the biggest growth drivers in our business are still our existing customers.
If you take a look at our net dollar expansion rate, having ticked down consistently for the last couple of years, because of where we ended in 2024 at 103%, we're assuming no improvement to that 103% entering 2025. Given the light new bookings performance in Q4, and we're assuming that will kind of continue into 2025, that's informed our guidance of 6%-8%. This is what we see today, and we thought it was prudent for us to guide based on what we see today versus, like, Sumedh talked about. There's a lot of opportunities in the business and upside within your products like ETM, working very closely with partners to drive new logo lands as well as expand. But again, the timing of realizing that and recognizing into revenue is a little bit uncertain.
Oscar Saavedra (Equity Research Associate)
Got it. Very helpful. Thank you very much.
Sumedh Thakar (President and CEO)
That's it for me. Thank you. At this time, this concludes today's conference call. Thank you for participating. You may now disconnect.