Sign in

You're signed outSign in or to get full access.

Varonis Systems - Earnings Call - Q2 2025

July 29, 2025

Executive Summary

  • Q2 2025 delivered double‑digit topline growth and clear SaaS transition momentum: revenue rose 17% year over year to $152.2m, SaaS revenue more than doubled, and ARR grew 19% to $693.2m.
  • The quarter was a clean beat vs guidance and Street: revenue beat guidance ($145–$150m) and consensus ($147.8m*), and non‑GAAP diluted EPS came in at $0.03 vs guidance $0.00–$0.01 and consensus $0.008*; we highlight the beat despite conversion headwinds.
  • Full‑year guidance was raised for ARR ($748–$754m) and revenue ($616–$628m), EPS raised to $0.16–$0.18, while non‑GAAP operating income range was tightened lower ($0–$6m); SaaS mix expectation increased to 82% from 80%.
  • Strategic catalysts: achieved FedRAMP authorization, launched Next‑Gen DAM, announced deeper Microsoft integration to secure Copilot and extended protection to ChatGPT Enterprise—supporting accelerating cloud/SaaS data security demand.
  • Near‑term stock reaction catalysts likely center on sustained ARR growth, raised ARR/revenue/EPS guidance, and higher SaaS mix; medium‑term thesis hinges on conversion completion and upsell motion driving NRR back above prior levels.

What Went Well and What Went Wrong

  • What Went Well

    • SaaS mix and ARR momentum: SaaS ARR hit ~69% of total, ARR rose 19% to $693.2m; management raised FY25 ARR guidance and SaaS mix target to 82%.
    • Guidance raised across key metrics: FY25 revenue, ARR, and EPS all increased; Q3 revenue/EPS outlook also healthy at $163–$168m and $0.07–$0.08.
    • Strategic breadth: Microsoft partnership (Copilot security), FedRAMP authorization, and ChatGPT Enterprise protection broaden platform reach; “attackers do not break in, they log in” underscores Varonis’ data‑first advantage.

  • What Went Wrong

    • Profitability: non‑GAAP operating loss of ($1.9)m vs prior year non‑GAAP operating income; FY25 non‑GAAP operating income guidance tightened lower to $0–$6m reflecting conversion and investment headwinds.
    • Gross margin compression: non‑GAAP GM 80.6% vs 84.1% a year ago; operating margin negative amid ratable SaaS recognition and conversion mix.
    • Conversion friction/effort: management reiterated conversions are resource‑intensive, diluting sales efficiency and delaying upsell, with macro deal scrutiny unchanged vs Q1.
View the full earnings report

Transcript

Operator (participant)

Greetings and welcome to the Varonis Systems second quarter 2025 earnings conference call. At this time, all participants are in a listen-only mode. If anyone should require operating assistance, please press Star zero on your telephone keypad. A question and answer session will follow the formal presentation. As a reminder, this conference is being recorded. It is now my pleasure to introduce Tim Perz, Investor Relations. Please go ahead.

Tim Perz (VP of Investor Relations)

Thank you, Operator. Good afternoon. Thank you for joining us today to review Varonis Systems Second Quarter Financial. With me on the call today are Yaki Faitelson, Chief Executive Officer, and Guy Melamed, Chief Financial Officer and Chief Operating Officer of Varonis. After preliminary remarks, we will open the call to a question and answer session. During this call, we may make statements related to our business that would be considered forward-looking statements under U.S. federal securities laws, including projections of future operating results for our third quarter and full year ending December 31, 2025. Due to a number of factors, actual results may differ materially from those set forth in such statements.

These factors are set forth in the earnings press release that we issued today under the section captioned Forward-Looking Statements, and these and other important risk factors are described more fully in our reports filed with the Securities and Exchange Commission. We encourage all investors to read our SEC filings. These statements reflect our views only as of today and should not be relied upon as representing our views as of any subsequent date. Varonis expressly disclaims any obligation or undertaking to release publicly any updates or revisions to any forward-looking statements made herein. Additionally, non-GAAP financial measures will be discussed on this conference call. A reconciliation for the most directly comparable GAAP financial measures is also available in our second quarter 2025 earnings press release and our investor presentation, which can be found at varonis.com in the Investor Relations section.

Lastly, please note that a webcast of today's call is available on our website in the Investor Relations section. With that, I'd like to turn the call over to our Chief Executive Officer, Yaki Faitelson.

Yaki Faitelson (CEO)

Jaqui, thanks Tim, and good afternoon everyone. We appreciate you joining us to review our second quarter results and the progress of our SaaS transition. Our Q2 performance reflects our continued strong ARR growth and cash flow generation as we accelerate towards the completion of our SaaS transition and make investments to capture our growing market opportunity. Today I want to remind you of what sets Varonis Systems apart as the leader in data security. In today's ever-changing environment, one thing remains constant. Data will continue to be created and shared, and usage of AI has only accelerated this trend. At the same time, attackers do not break in, they log in, and they need to secure data in. The challenges involved are greater than ever.

Varonis Systems takes a data-first approach and helps companies to locate their sensitive data, visualize who has access to it, automatically lock it down, and then automatically detect and respond to threats on it. Performing only one or two of these tasks is insufficient to protect data, and what sets Varonis Systems apart is our ability to successfully do all three of these tasks on data everywhere. In the second quarter, this approach contributed to an ARR growth of 19% to $693.2 million as we advance toward completing our SaaS transition. With SaaS ARR now representing about 69% of total ARR year to date, we generated $82.7 million of free cash flow, up from $67.3 million at the same point last year. DAI will review our results and our updated guidance in more detail shortly.

We continue to experience strong demand for our SaaS platform from both new and existing customers, primarily due to the superior experience that Varonis Systems SaaS and Managed Data Detection and Response offers by enabling automatic data security with minimal effort. Additionally, I'm also proud to announce that we achieved the FedRAMP authorization, enabling us to offer our entire SaaS platform to the federal sector. Demand from both new and existing customers looking to protect cloud environments with Varonis Systems continues to positively inflect and is becoming a material contributor to our business. This is driven by the investments we have made in our platform to expand our use cases, going wider and deeper and entering new markets including DSPM. Our ability to protect cloud data represents a significant untapped growth opportunity for us, and transitioning our customers to our SaaS delivery model is helping us unlock this market's potential.

Data security market is rapidly expanding because of many factors including AI usage, the proliferation of data and evolving compliance needs. As a result, data security markets like DSPM are receiving new investments and focus, which is creating more budgeted line items and increasing our opportunity. Looking at the DSPM market, others we see usually focus on discovery and classification in cloud databases because it has the lowest barrier to entry and they don't address more challenging problems like securing the data by automatically fixing risks and detecting threats or scaling to analyze large unstructured data sets. With that as a backdrop, it is important to note that seeing a problem does not solve a problem. Discovering classification may find sensitive data, but they do not secure it. This generates potential exposure without providing a solution.

Varonis has made significant investments to expand our coverage wider to both find and secure the data everywhere it lives while providing more complete and up to date visibility than typical DSPM technologies. As a result, customers are consolidating their data security budgets with Varonis. I would like to dive deeper into why we win in competitive deals within the DSPM space. Our edge lies in the breadth and depth of our platform following three step approach called Find, Fix, Alert. All three critical components are needed to secure data while DSPM point tools focus on discovering sensitive data. Varonis is the only data security vendor that does more, not just finding sensitive data but also finding where it is unprotected, fixing the risks by locking down sensitive data automatically and continuously monitoring and alerting on unusual data activity. I will talk about the first step. Find.

Varonis not only discovers and classifies all of our customers' data but also maps all the controls that you lock it down, analyzing permissions, identities, entitlements, masking and labeling, which creates a complete current inventory of trace. We know exactly where sensitive data lives, how it is exposed, who has access and how that access was granted. We also watch data usage, tracking every time a user accesses, modifies or deletes data. To use a simple example, Varonis watches the bank vault, compiling an inventory of everything inside, every person that can access the vault, including everything they touch and can access inside, while logging all activity in and around the vault, and all this happens without impacting the customer experience. Now I will talk about step two six.

The holy grail of security is ensuring identities have access to the right data, and this is very hard to do because you need all the right ingredients, which we provide. Varonis understands how data is being used and where it is unnecessarily exposed. Because we watch all data activity and connect identities to data, our policies, developed through extensive experience with thousands of large customers, are designed to intelligently and automatically mitigate risks such as access to data that identities should not have or no longer need to. Continuing our example, because Varonis knows who can access the vault, what the role is, and what they do regularly, we can remove unneeded access, like stale access from a former intern that works at the competitor or a bank employee that has moved to another branch but still has the keys to the vault.

Finally, let's talk about step three, which is alert. Since Varonis sees every touch of data, we can baseline user behavior and detect threats or abnormal behavior in real time. Because we watch data directly, we generate alerts with very little noise. This enables our Managed Data Detection and Response (MDDR) team, which is powered by AI, to efficiently watch customer data and investigate, validate, and prevent breaches, with a 30 minute SLA on ransomware and without customer effort. To wrap up our example, Varonis watches the vault and can sound an alarm when a receptionist tries to access it after hours or when a bank manager starts going in and out of the vault more often than normal and with more cash. I would like to contrast our approach to what we see from DSPM providers, starting with step one.

The first key difference is that most DSPM providers schedule scans and use sampling as opposed to viewing all the data to discover and classify sensitive data. Because they cannot do it any other way, they do not track data activity, so they don't know when data is added or changed, so their information is immediately stale and they lack the scalability to view everything. Sampling allows them to scan quickly, but this also means that a significant amount of potential exposed data is never found, and they cannot deliver a full picture of risk or compliance. Because scans are scheduled, their picture is always out of date. As a result of these shortcomings, they try to avoid risk assessment.

Would you be willing to store your money at a bank that does not have a security camera and try to protect it using a list that only includes 10% of its inventory and is only received on Fridays at 5:00 P.M.? Moving to step two, because DSPM providers don't map or track access to sensitive data, there is no viable safe way to fix risks that they find. As a result, these providers just generate service tickets, leaving overall security teams to manually address them. We hear from prospects that this approach leads to time-consuming, busy work and is oftentimes followed by a data breach. Finishing with step three, DSP endpoint tools cannot detect threats to perform any meaningful forensics in an event of a suspect or actual breach because they don't track data usage. There is no activity monitoring and no User Behavior Analytics.

Going back to our example, using DSPM point tools is like trying to understand how a bank was robbed and what was taken, with no security cameras or footage, no record of who had access to the vault, and an outdated and incomplete record of what was in the vault. To wrap up, DSPM tools focus on discovery and classification, mostly in the cloud. They are compliance band-aids and not security solutions. Varonis Systems not only discovers and classifies data, but also intelligently and automatically locks it down everywhere and watches it for threats. Our approach results in vastly reduced risk and a much lower likelihood for a data breach as compared to alternatives. Customers understand it, and our ability to showcase these outcomes automatically at scale is why we are winning. Another key driver of our recent success has been the secular trend of AI usage.

This quarter, we extended our coverage to protect OpenAI ChatGPT's enterprise. We are also excited to announce an update to our strategic partnership with Microsoft. This update is focused on joint feature development, which builds on our existing innovations to help organizations adopt Microsoft Copilot securely while deepening our integration with them. Together, we are addressing one of the most critical challenges, which is ensuring AI tools and LLMs do not expose data. By aligning our engineering efforts, we are accelerating our ability to drive secure AI adoption. With that, I would like to briefly discuss a couple of key customer wins from Q2. The first one I would like to talk about is a large healthcare organization of over 20,000 employees that was concerned about their ability to respond to ransomware and comply with SEC disclosure requirements for their AWS environment.

They were evaluating Varonis against the DSPM point tools and it became clear that only Varonis would meet their success criteria. Our ability to cover petabyte-scale cloud environments and provide customers with the tools to avoid breaches and fines without effort were capabilities this point solution could not match. In contrast, the DSPM tool scanned a small sample of data that quickly became stale and could not provide any meaningful outcomes. As a result, this decision was an easy one to choose. Varonis. We again saw strong demand from existing customers looking to convert to our SaaS platform. One example was a defense contractor with over 25,000 employees. The new CISO who was undergoing a digital transformation project needed to modernize the data security strategy. The CISO stated the future of cybersecurity is data security and was quickly on board with Varonis SaaS understanding the need for automated protection.

This is also a key example of our Microsoft Better Together partnership since they will use Varonis to automate the Purview labeling program and automatically reduce exposed data and proactively stop threats. They purchased Varonis SaaS with Managed Data Detection and Response for hybrid environments, Copilot, and Azure. In summary, we are excited by the many tailwinds we are seeing in our business. The simplicity and automated outcomes of our SaaS platform, the adoption of AI, and growing awareness of data-centric cloud security are driving increased momentum in our business. We remain focused on executing on this tailwind as we capture our massive and growing market opportunity. With that, let me turn the call over to Guy.

Guy Melamed (CFO and COO)

Thanks, Yaki. Good afternoon, everyone. Thank you for joining us today. Our second quarter performance represents a continuation of our solid start to the year. We again saw strong ARR growth and free cash flow generation, as well as continued progress towards the completion of our SaaS transition. This performance allows us to again raise our full year ARR guidance. While we also continue to keep an eye on the uncertain macro backdrop, we remain confident in our outlook because of the underlying drivers of our business and are well positioned to execute on the growing need to secure data everywhere. We continue to see broad-based strength from new and existing customers looking for Varonis to secure their data.

The simplicity and automated outcomes of our SaaS platform and MDDR offering as well as customers looking to secure Copilot continue to be key drivers. As a result of this momentum, we ended Q2 with 69% of total company ARR coming from SaaS or approximately $475 million. This represents an 8 point increase in our SaaS mix from the 61% we reported in Q1. We continue to see SaaS NRR trend at very healthy levels, which is being driven by our customers coming back and buying protection for additional cloud platforms. Once we complete the SaaS transition, we can allocate even more focus on this upselling motion. We believe that this additional time spent on upselling existing customers combined with a healthy new customer momentum that we are continuing to see will allow us to drive towards our goal of growing ARR more than 20%.

Furthermore, we are prudently and thoughtfully increasing investments in our business because of the growing demand for our solution, and we see a clear path to drive durable growth post transition. In the second quarter, ARR was $693.2 million, increasing 19% year over year. Year to date, we generated $82.7 million of free cash flow, up from $67.3 million in the same period last year. In the second quarter, total revenues were $152.2 million, up 17% year over year during the quarter as compared to the same quarter last year. We had approximately a 7% headwind to our year over year revenue growth rate as a result of having increased SaaS sales in our booking mix, which are recognized ratably versus the upfront recognition of our on-premises subscription products.

SaaS revenues were $105.9 million, term license subscription revenues were $32.4 million, and maintenance and services revenues were $13.9 million as our renewal rates were again over 90%. As we are getting closer to the completion of our SaaS transition, we expect the positive trend of maintenance and services revenues to continue to decline. Moving down the income statement, I'll be discussing non-GAAP results going forward. Gross profit for the second quarter was $122.6 million, representing a gross margin of 80.6% compared to 84.1% in the second quarter of 2024. Our gross margin continues to track ahead of our expectations, and we feel very confident in our long term target set. At our investor day, operating expenses in the second quarter totaled $124.5 million. As a result, second quarter operating loss was negative $1.9 million or an operating margin of negative 1.2%.

This compares to an operating income of $2.1 million or an operating margin of 1.6% in the same period last year. During the quarter as compared to the same quarter last year, we had approximately a 6% headwind to our operating margin as a result of having increased SaaS sales in our booking mix,

which are recognized fully ratable versus the upfront recognition of our on-premises subscription products. Second quarter ARR contribution margin was 16.5%, up from 14.9% last year. The significant leverage improvement reflects our ability to drive strong incremental margins while growing ARR, transitioning to SaaS, and investing in our business to capture our growing market opportunity. During the quarter, we had financial income of approximately $10 million, driven primarily by interest income on our cash deposits and investments in marketable securities. Net income for the second quarter of 2025 was $3.8 million, or net income of $0.03 per diluted share, compared to a net income of $6.8 million, or net income of $0.05 per diluted share for the second quarter of 2024. This is based on 135.2 million diluted shares outstanding and 128 million diluted shares outstanding for Q2 2025 and Q2 2024, respectively.

As of June 30, 2025, we had $1.2 billion in cash, cash equivalents, short-term deposits, and marketable securities. For the six months ended June 30, 2025, we generated $89.3 million of cash from operations compared to $68.4 million generated in the same period last year, and CapEx was $5.7 million compared to $1.1 million in the same period last year. During the second quarter, we repurchased 1 million shares at an average purchase price of $38.59 for a total of $38.7 million. Over the course of the program, we repurchased 2.5 million shares at an average purchase price of $40.32 for a total consideration of $100 million.

Turning now to our updated 2025 guidance in more detail, for the third quarter of 2025, we expect total revenues of $163 million to $168 million, representing growth of 10%-13%, non-GAAP operating income of $4 million-$7 million, and non-GAAP net income per diluted share in the range of $0.07 to $0.08. This assumes 134 million diluted shares outstanding for the full year 2025. We now expect ARR of $748 million to $754 million, representing growth of 17%, free cash flow of $120 million-$125 million, total revenues of $616 million-$628 million, representing growth of 12%-14%, non-GAAP operating income of break even to $6 million, and non-GAAP net income per diluted share in the range of $0.16-$0.18. This assumes 134.7 million diluted shares outstanding.

In summary, our second quarter performance demonstrates the growing demand for Varonis, evidenced by the strong ARR growth and cash flow generation. This demand is driven by the simplicity and automated outcomes of RHONA, SaaS, and MDDR, as well as the security challenges created by the usage of AI and the growing awareness for data security. We look forward to completing our SaaS transition, which will position us to even better execute on these tailwinds and drive additional value for our customers, company, and shareholders. With that, we would be happy to take questions. Operator.

Operator (participant)

Thank you. We'll now be conducting a question and answer session. If you would like to ask a question, please press star one on your telephone keypad. A confirmation tone will indicate your line is in the question queue. You may press star two to remove your question from the queue. For participants using speaker equipment, it may be necessary to pick up the handset before pressing the star keys. In the interest of time, we ask the participants to limit themselves to one question. One moment please, while we poll for questions. Our first question is from Saket Kalia with Barclays.

Saket Kalia (Equity Research Analyst)

Okay, great. Hey guys, thanks for taking my question here. How are you?

Guy Melamed (CFO and COO)

Good. How are you?

Saket Kalia (Equity Research Analyst)

Good. Yaki, maybe for you. The numbers here are pretty straightforward, so I'd love to ask a market question here if I could. You know, we all saw one of your privately held competitors, Sierra, raised money recently, and I was wondering, since we're all on the call, can you just talk about how you compete against them? How you win, and maybe how your move to SaaS is changing that competitive backdrop? Does that make sense?

Yaki Faitelson (CEO)

Yes, completely. Primarily, it's the same for all these DSPM vendors. What they are doing for us more than anything else is expanding our total available market and generate awareness that you need to protect data on these cloud repositories. Essentially, these are very small pieces of the Data Security Platform. They don't provide outcomes like we just explained. You need to understand that the DSPM, where they are doing data discovery and very partially, a lot of it is based on sampling, but they don't do any remediation and any threat detection. Essentially, if you have a compromise, the counter, an insider, they will even not see it. You're starting to have abnormal behavior to the data. They can't identify it, they can't remediate the excessive access control. After you notice that something happened, they can't even do forensics. Fundamentally, it's something that is completely different.

RSAS is primarily about scalability and about automated outcomes. We are doing everything for the customers. To secure data with Varonis is as easy as having a credit card from a top bank in terms of just all the automation and everything we do. The other thing, data is a massive problem at scale and there is something that is common with all these DSPM vendors. They are avoiding POCs like a plague. POCs on production data, and this is the cornerstone of our sales motion.

We are coming to you and we starting to deploy very fast, taking all the data, find it automatically, classifying, labeling it, reducing excessive access control, making sure that your Copilot and AI can see only what it needs to see. Looking at Active Directory in with the MDDR, we save dozens of just customers on a week to week basis. Primarily, what it does is just creating awareness for data security with a very small part of data security from a Data Security Platform. By and large, this is something that is doing very well for us and for the awareness of the market.

Operator (participant)

Our next question is from Matt Hedberg with RBC Capital Markets.

Matt Hedberg (Software Analyst)

Great, thanks for taking my question, guys. Congratulations on the results. Yaki, you know it's great to hear about the updates to your expanded Microsoft partnership. I'm wondering, is there a way that you can help us size the opportunity in terms of revenue contribution today, and additionally, how should we think about go-to-market initiatives to drive even more success? Sounds like you talked about a lot of integration, but curious about some of the go-to-market initiatives as well.

Yaki Faitelson (CEO)

Thanks for the question, Matt. You know, at the end of the day, AI security problem is a data security problem. We have a lot of synergies with Microsoft, but then just understood that one of the biggest gating factors for the deployment of Copilot, which is fundamental now for their strategy and success, is security. You know what happened when we start the POC, it's the Copilot, which is a tremendous productivity tool. It's like a Pacman from hell. It just goes and inhales all the permissions that they have, and then people stop it and say, okay, how are we going to deploy it. Varonis does very well for it. The other thing, we have a lot of synergy with a lot of their security stuff from, you know, Defender to MCAS to sending alerts to Sentinel, and we saw with just our customers that, you know, using Purview for labeling, that there is just a lot of synergies.

We find a lot of low hanging fruit by doing the overall technical integration. We came together and decided that we need to take the partnership to the next level. It's still the early innings, but for them Copilot is a lot of what they want to do in terms of productivity in the workforce, and we are securing it and it just works very well together. They are compensating the regular sellers. We are starting to have a pipeline development effort with them that so far is working very well, and we are very excited about the partnership and I believe that they are also excited.

Operator (participant)

Our next question is from Joseph Gallo with Jefferies.

Joseph Gallo (SVP and Software Research Analyst)

Hey guys, thanks for the question. Are there any metrics or data you can share that just instills the confidence in over 20% ARR growth? I imagine that means SaaS ARR without conversion tailwinds is growing healthily above that currently. Anything on new logos or NRR that kind of helps us see that is what you guys see and are so positive on. Thank you.

Guy Melamed (CFO and COO)

When you look at the Q2 results, they were driven by strong new customers again. We talked a lot about how SaaS opens up the opportunity to sell to additional customers. We saw that continue in Q2. We also saw the conversions and existing customers contributing nicely. What's actually more interesting is that the NRR for SaaS is higher than the reported NRR that we gave at the end of Q4. When you look at our ARR number being 19%, if we can continue to sell to new customers the way we have done so far and actually move away from the conversions and just focus on the upsell within the SaaS customers, the difference between 19% ARR and 20% is not that large.

There are a lot of moving parts that are working in our favor, and we feel very good about the opportunity of going back to that 20%+.

Yaki Faitelson (CEO)

In addition, we feel very good about our investments in R&D. We see very strong adoption of everything that related to the other cloud platforms, and we believe that we have good visibility in the way that our investments in R&D and the new product will work. We're just very excited about the opportunity. If you want to be serious about security, you need to protect the data, and your best bet to protect the data you want.

Operator (participant)

Our next question is from Joshua Tilton with Wolfe Research.

Joshua Tilton (SVP and Security Software Analyst)

Hey guys, thanks for sneaking me in here. I have a two-parter. The first part is just in the prepared remarks. I think you mentioned that the macro environment's still kind of challenging. I don't think that's a surprise to anyone. Could you just compare how the macro this quarter compared to last quarter? What direction is that macro trending? Maybe on the conversion piece specifically, you said it contributed nicely to the quarter. Could you give us an update on how the accelerated conversion is going relative to your plan? Are you tracking in line, ahead, or maybe behind? An update on both would be very helpful, thanks.

Guy Melamed (CFO and COO)

I'll start with the second part. When we look at the conversions, the fact that we're increasing our SaaS mix from 80% to 82% and actually started the year with full year guidance of 78% is an indication of things going very well. We knew that we could improve the conversion component in 2025 and there were a lot of lessons learned that we took from 2024 and implemented as part of our strategy for 2025. I can say that we're very happy. I wouldn't say that we're shocked by how good it's going. We're very happy and we knew that we could do better than 2024. When you look at the macro, I can say that Q2 was very much similar to what we saw in Q1. There's not much of a difference. There's more deal scrutiny and we talked about the deal scrutiny for quite some time now.

At the same time, we can say that when you look at data security and when you look at the fact that Copilot is generating a lot of awareness to a problem that existed for a long time, it's putting that spotlight on it and we're there to try and capitalize on it.

Joshua Tilton (SVP and Security Software Analyst)

Super helpful, thank you guys.

Operator (participant)

Our next question is from Jason Ader with William Blair.

Jason Ader (Equity Research Analyst)

Hey guys, sorry, I have a two-parter as well. First, on the comment that you guys have made historically that you only see competition in 1 out of 20 deals, I was hoping you can update us on that. The second part is kind of related, but we've seen some of the backup vendors move into the DSPM market through acquisition, like Rubrik with Laminar, then Commvault most recently with Satori. Maybe you can comment on convergence between traditional backup and, you know, data security, data governance. Do you feel like that's a long-term trend? Just any interpretation of what's happening there with the backup vendors.

Yaki Faitelson (CEO)

The infrastructure and backup vendors we rarely see them in any of the PoCs. Completely different sales motion. In general, we can tell you that all the DSPM companies that got acquired by large companies, we don't see them a lot. It just data security can be a side gig. What we see is that the companies that we see, the DSPM companies that got funding, you know, here and there, it's take the competition level on everything that is 365 and on-prem stays the same. We see around 10% in the cloud infrastructure. You need to understand one thing. Cornerstone for everything that we do is PoC. We come to you and we deploy the problem at scale.

There is much more data and critical data in the cloud and in on-prem and, you know, talking about these blobs and databases that we are in and Snowflake and Databricks, and what we see with our competitors is that they don't want to do PoC. They are trying not to do a PoC. Sometimes the initial conversation we hear about them, but usually, you know, when the rubber meets the road, they don't like to do these PoCs. When customers are doing just a diligent process and in data security the way that you sell is a PoC they don't like. They just usually they don't do it, and if they try to do it, they try to do it in a lab and small set of data. Some of them have real scalability challenges.

Operator (participant)

As a reminder, we ask the participants to limit themselves to one question. Our next question is from Roger Boyd with UBS.

Roger Boyd (Executive Director)

Awesome, thanks for taking the questions. Can you expand on the trend of customers consolidating their data security budgets to Varonis? When you look at the trends around consolidating around data stores like database, around functional areas like DSPM and DLP, are there particular trends within those that are looking stronger than others? Is this something that you're seeing today, the general brownfield consolidation opportunity, or is this more of a pipeline opportunity as you think out over the next year? Thanks.

Yaki Faitelson (CEO)

I think it's both. The way that budget works, you have budget for security compliance, insider threat, everything that related to labeling, the ability to understand abnormal behavior. Part of it is DLP and all the prerequisites, all the work that you need and we are doing all of it. These customers understand that they need to do it in terms of security. You need to understand that bad actors are not breaking in, they are logging in. If I'm not mistaken, Sam Wittman did a testimony to Congress and he talks about all the phishing that we can have with AI and this is something that we are starting to see. I can take your voice and I can be you and then if I have your information many times I can get your credentials.

What we see is that just the way that everything works is that once I get your credentials, we are what we call the only game in town. A lot of these security that related to insider threats, everything that related to user behavior analytics is really consolidating around us. These bad actors, what they are doing in order to elevate credentials these days, most of the time they are not reading from memory and doing all this jazz. The way that they are doing it is going from one data repository to the other. You want to cover everything in order to be secure. This is also something that works very well for us. We start with something and then people just naturally expand. This is because of our SaaS platform that is scaling so easy and provide this automated outcome.

You just need to buy and we will provide security.

Operator (participant)

Our next question is from Brian Essex with Goldman Sachs.

Brian Essex (Executive Director)

Hey guys, it's Brian from JPMorgan. Operator trying to demote me, but thank you for taking the question. Yaki, maybe a question for you. Great to see the FedRAMP authorization. I would love to get your sense of how you feel positioned ahead of the stronger, you know, third quarter for Fed spending, how much visibility you might have into that Fed business, and what's your sense of the preparedness on the Fed side to adopt data security versus what you're seeing on the enterprise side. Thanks.

Guy Melamed (CFO and COO)

I'll start and then Yaki can add. Obviously we were very excited to receive the FedRAMP authorization this quarter. It really is a great milestone for us. We can now offer the SaaS platform to the federal sector, and that's really a big deal from our end. Our team put a lot of time, effort, and investment into this achievement, and we know there's a significant white space for us in the federal vertical. I do want to remind everyone the federal is still about 5% of our total company ARR. It really is still too early to say if we can have any benefits from the FedRAMP in our Q3 results this year. From a guidance perspective, we assumed a similar contribution to last year. On the longer term side, we see a huge opportunity in this vertical.

Yaki Faitelson (CEO)

You know, it's very easy. They have a lot of critical information. I'm sure there's a lot of critical information about you as well and the way that it works. You see a lot of bad actors and, you know, state active many times. This is data that they need to protect. You just saw now what happened with the SharePoint vulnerability and so forth. It's all about data. I want to say another thing.

FedRAMP it's not only important for federal customers when you are a data security company. Even though we don't take critical data to our SaaS, it was very important to demonstrate it for many customers. On the commercial side, FedRAMP is critical. It's a certificate that takes security very seriously, that you are under the right audits, that you have the right controls. It was very important for us to do this exercise. We are taking the security of our platform extremely, extremely seriously. We want to make sure that once you know, we are protecting your data. We are all the time secure and definitely on the data security these days from all this DSPM space. We are the only one who is a Varonis.

Operator (participant)

Our next question is from Shaul Eyal with TD Cowen.

Shaul Eyal (Analyst)

Thank you. Hi, good afternoon, guys. Congrats on the beat and raise. Yaki, I was listening carefully to your market and products commentary, specifically on that healthcare-related win with 25,000 seats. Can you provide us with more color about how many subscription services or modules would such a customer be utilizing through Varonis?

Yes, it was a big, you know, AWS wing with everything that was there. Databases, you know, Azure Blob and other services including 365 and on-prem, obviously Copilot. This is something, Shaul, that we see now. A lot of our deals are just mixed. People understand where I have critical data. I want to start sometimes data that people collaborating more, they want to start first and almost always protect the identity side that we are doing extremely well.

Operator (participant)

Our next question is from Mike Sikos with Needham and Company.

Mike Sikos (Analyst)

Hey, thanks for taking the question here, guys. I just wanted to cycle back to Joe's question at the top of the Q&A just because that 20%+ ARR growth that you guys are citing is probably one of the most frequent inbounds we get from clients. Could you just provide some more commentary on the new logos that you guys are addressing as far as size of those initial lands and what you're seeing? Is there actually an acceleration taking place in new logo acquisition?

Guy Melamed (CFO and COO)

We have seen the new logos actually accelerate in terms of the number and also in our ability to land at a larger number. The SaaS platform and the Managed Data Detection and Response together with Copilot is extremely appealing to many of our customers. The opportunity to sell to customers and actually go to them, and the value proposition is that we would do everything for you. All you need to do is pay us with this environment that is becoming so complex from the cybersecurity perspective and a risk perspective is extremely appealing for customers. I think that's part of the reason we're seeing our new customers adopt so well. We've seen very healthy contribution from our new customers. We feel very good with the ASPs over time that have increased significantly from the levels we saw in the past.

Even with the higher land, there is so much more meat on the bone in terms of selling additional platforms. We feel very good with the ability to show value to those customers and then go back to them and sell them additional platforms.

Yaki Faitelson (CEO)

What is very interesting is after we are converting to SaaS and customers are realizing these automated values of Find, Fix, Alert, they naturally expand to other platforms. Once we are moving there, it's just much easier to do the apps. As we said before, it's a tale of two companies and just the SaaS company is tremendous. As you can see, we're just moving very fast to the SaaS and after that, definitely reducing friction.

Guy Melamed (CFO and COO)

That's part of the reason we talked about the SaaS NRR being significantly higher than the reported NRR. There's so much additional platforms to sell once you show that value and the automation and the MDDR.

Operator (participant)

Our next question is from Andy Nowinski with Wells Fargo.

Andy Nowinski (Senior Research Analyst)

Okay, thank you for taking my question. I wanted to ask about your SaaS revenue. You've had two consecutive quarters of significantly outperforming the consensus estimate, suggesting the street seems to be mismodeling that conversion. I know you don't guide specifically to the SaaS revenue, but if we just use your SaaS ARR of $478 million that you reported this quarter, divide that by four and use that as a proxy, it certainly suggests that subscription or SaaS revenue should be about $120 million in Q3. My question is, is there anything, any reason that that proxy or that calculation would not be correct? Is there anything that would be why we wouldn't want to use something like that? Thank you.

Guy Melamed (CFO and COO)

I said really since the Investor Day in 2023 that there are three North Stars that we're focusing on during the transition. There's a lot of noise during a transition and the three north stars that we have talked about our ARR contribution margin and the free cash flow. The one thing I really want to avoid is noise on the conversion. On the revenue side, and specifically on the SaaS revenue component, the right metric to focus on to identify the strength of the business is the ARR.

When we look at revenue as a whole, we're thinking of 2025 as kind of a trough where the P&L is still kind of very noisy from a numbers perspective. 2026, as we kind of complete the transition, the actual numbers should become more straightforward. The percentages will still kind of move around because on the comparable side you'll have that noise from 2025, and then 2027 is really kind of the year where you can look at the P&L in a more straightforward way. The focus right now on the conversion year, and I can't emphasize this enough, is kind of focusing on the three north stars where the top line number that should be focused is the ARR.

Operator (participant)

Our next question is from Shrenik Kothari with Robert W. Baird.

Shrenik Kothari (Senior Research Analyst)

Yeah, thanks for taking my question and echoing congrats on the quarter. Beyond the new logos, right, you reiterated strong SaaS conversion execution, of course tracking ahead of plan. Specifically, Yaki and Guy, you just made comments. It passed these conversions and the tailwinds, the SaaS NRR, the customers realizing value faster post transition, about the expansion, upsell, cross-sell. What specific new workload, either ramping or multi-cloud expansion signals, are giving you the most confidence here? If you can just help unpack that SaaS NRR a little bit more among MDDR, Copilot, OpenAI, greenfield SaaS, unstructured data, as you mentioned Snowflake data. Just wanted to understand if we can unpack that a little bit more.

Yaki Faitelson (CEO)

Actually, all of them are performing well. You know, just data storing Azure, AWS, GCP, Snowflake, Databricks, Salesforce, GitHub, wherever you have critical data. We can say that as time goes by, more and more platforms are doing well, and you know you have a lot of this critical data in the cloud, still a lot of critical data on prem, customer realizing that they need to protect all of it and all of it is vulnerable, and thankfully just we are doing well all over.

Operator (participant)

Our next question is from Rudy Kessinger with D.A. Davidson.

Rudy Kessinger (Managing Director and Senior Equity Research Analyst)

Hey great. Thanks guys for taking my question. Similar question actually to the last one. I am curious, you mentioned the prepared remarks. The contribution mix of protecting cloud and SaaS environments continues to increase. Any data points you can share on what percent of SaaS net new ARR from new logos and expansions. Not the conversions you're doing, but new logos and expansions is coming from protecting cloud environments and SaaS applications.

Guy Melamed (CFO and COO)

In Q2 we started to see some meaningful contribution from the additional cloud platforms. I can tell you that we were extremely happy with the performance coming from that spectrum. We don't really break it out in dollar terms. We're trying to sell more and more of the platforms and we're seeing very good adoption by our customers, and we're actually seeing the Salesforce focusing on that type of sale, understanding the benefit it can provide to our customers. I can say that it's kind of improving from quarter to quarter, and this quarter we really started to see some meaningful contribution. We expect that trend to continue.

Operator (participant)

Our next question is from Jonathan Ruykhaver with Cantor Fitzgerald.

Jonathan Ruykhaver (Senior Technology Research Analyst)

Yeah, good afternoon. Regarding the recent introduction of your next gen DAM offering, database activity monitoring, I'm curious how should we view that in terms of just an enhancement over traditional DAMs to drive a replacement cycle versus positioning around a broader data security strategy? When you look at the revenue opportunity, it would seem the replacement opportunity relative to some legacy vendors like Imperva and Guardium would be quite compelling near term. How are you positioning that in terms of the go to market?

Yaki Faitelson (CEO)

You know cloud data repository? We started to do very well with databases, primarily with admin activities and with the classification, and really so many customers came and told us please come and replace the incumbents, said what's going on? They said we needed to get into the queries, you know, whatever we need for compliance, but we also need user behavior analytics. You know the current solutions are not really security solutions, and many times these, a lot of these companies didn't innovate and haven't done it in the right way, and they want it part of one coherent data security platform. This is when we bought Siril, and we just understood that this is a market that is prime for disruption, and it's just part of our overall data security.

Because a lot of the most critical data in the world resides within databases, we are very excited about the opportunity. We build a very robust infrastructure. The way that we, this really state-of-the-art cloud architecture that we are working in, can take massive amount of loads, and we want to make sure that everything that related to data Varonis will solve for you for data security, and database is part of it. We definitely feel that we can go to new customers, but also we can benefit from big replacement cycles of the incumbent. We are very bullish about the opportunity, and we believe that we can execute very well against the potential of this opportunity.

Operator (participant)

Our next question is from Junaid Siddiqui with Truist Securities.

Junaid Siddiqui (Investment Analyst)

Great, thank you for taking my question. Just wanted to ask about your identity protection suite that you launched last month. You know we're seeing more and more convergence between data and identity security. Could you just talk a bit about, you know, some of the differentiating aspects. What does this do compared to what some of the other identity vendors are able to offer their customers?

Yaki Faitelson (CEO)

Yeah, it's not a new model. It's already built into our platform. It's very important to understand that Varonis is not managing identity access. We understand identity from a threat perspective. What are you doing? We identify, you know, who you are, what is your configuration, how you behave, and if you are doing anything that is abnormal, and enrich the identity with a lot of data streams. As we said before, attackers are not breaking in. The login and the beginning is the identity. Once the identity is compromised, there is no perimeter, and you need a sophisticated Data Security Platform like Varonis to protect your data from it.

Operator (participant)

Our next question is from Fatima Boolani with Citi.

Hey, good afternoon, guys. Thanks for taking our questions. This is Mark for Fatima. Thanks for squeezing us in. Maybe just to dig a little bit more into the comment. SaaS continues to create opportunities to sell to additional customers within this cohort, should we think about this as selling more into new industries or end markets that SaaS has allowed you to enter or your ability with SaaS to capture new budgets within IT environments? Are these greenfield opportunities or are you displacing incumbents? Thanks.

Guy Melamed (CFO and COO)

We're definitely seeing SaaS open up additional opportunities. It's in a way increasing our TAM, increasing our ability to offer protection to customers that probably wouldn't have considered us if we didn't have the SaaS offering. I can tell you that when we look at different verticals, different size of companies, we have absolutely seen our TAM increase 3x from where it was pre the additional data, the cloud protection that we have introduced recently. In analyzing our TAM and analyzing the opportunity, I can tell you that it's additional opportunity.

There are also opportunities to replace existing offerings. For the most part, it's opening up new avenues, new verticals, and new customers that wouldn't consider us otherwise.

Operator (participant)

Thank you. There are no further questions at this time. I'd like to hand the floor back over to Tim Perz.

Tim Perz (VP of Investor Relations)

Thanks for the interest in Varonis. We look forward to meeting everybody at conferences this quarter.

Goodbye.

Operator (participant)

This concludes today's conference. You may disconnect your lines at this time. Thank you for your participation.

View Q2 2025 Earnings Summary