Good day, everyone, and welcome to the QUAL's Second Quarter 2016 Investors Conference Call. This call is being recorded. At this time, all participants are in a listen only mode. Later, we will conduct a question and answer session and instructions for asking a question will be given at that time. I would now like to turn the call over to Melissa Fisher, Chief Financial Officer.
Please go ahead, ma'am.
Thank you, Catherine. I would like to welcome everyone and take the opportunity to introduce Jumi Kim, our new Vice President of FP and A and IR. Jumi was previously an investment banker and then worked at software companies in the Valley, including Anaplan. We are delighted to have her.
Thank you, Melissa. We would like to remind you that during this call, we expect to make forward looking statements within the meaning of the federal securities laws. Forward looking statements generally relate to future events or future financial or operating performance. Forward looking statements in this presentation include, but are not limited to, the following: statements related to our business and financial performance and expectations for future periods, including the rate of growth of our business our expectations regarding capital expenditures, including investments in our cloud infrastructure and the intended uses and benefits of those expenditures Trends related to the diversification of our revenue base. Our ability to sell additional solutions to our customer base and the strength of demand for those solutions our plans regarding the development of our technology and its expected timing our expectations regarding the capabilities of our platforms and solutions the anticipated needs of our customers our strategy, the scalability of our strategy, our ability to execute our strategy and our expectations regarding our market position, the expansion of our platform and our delivery of new solutions, the expansion of our partnership and the related benefits of those partnerships our ability to effectively manage our costs our expectations for currency exchange rate our plans to pursue arrangements with MSSP, which are multiyear contracts at fixed prices and finally, our expectations for the number of weighted average diluted shares outstanding and effective GAAP and non GAAP income tax rate for the Q3 and full year 20 16.
Our expectations and beliefs regarding these matters may not materialize and actual results in future periods are subject to risks and uncertainties that could cause actual results to differ materially from those projected. These risks include those set forth in the press release that we issued earlier today as well as those more fully described in our filings with the Securities and Exchange Commission, including our latest Form 10 Q and 10 ks. The forward looking statements in this presentation are based on information available to us as of today, and we disclaim any obligation to update any forward looking statements except as required by law. We also remind you that this call will include a discussion of GAAP and non GAAP financial measures. The non GAAP financial measures are not intended to be considered in isolation or as a substitute for results prepared in accordance with GAAP.
A discussion of why we discuss non GAAP financial measures and a reconciliation of the non GAAP financial measures discussed on this call to the most directly comparable GAAP measures are included in our earnings press release issued earlier today. Joining me for today's call are Philippe Courteau, our Chairman, President and CEO and Melissa Fisher, our CFO. Philippe?
Thank you, Jumi, and welcome to all of you. We are pleased to have delivered another excellent quarter. At $48,500,000 our revenues was up 21.5 percent year over year. This was above our guidance of 47 point $6,000,000 to $48,300,000 As we are expanding our footprint with current customers, as well as landing new customers, this is driving our confidence to raise our outlook for the year. Specifically, we are raising the bottom of our revenue guidance so that our new revenue range is now $197,100,000 to 198,000,000 point 6 198,000,000.
And similarly, we are moving up the bottom of our GAAP and non GAAP EPS range. Our cloud platform now consolidates 10 enterprise strength security solutions, giving customers unprecedented visibility and intelligence about all of their global IT assets, whether they reside on premise, in the cloud or at endpoints, and also drastically reducing the total cost of ownership DCO. We're seeing tremendous adoption of our disruptive cloud agents. And during the Q2, we achieved a remarkable milestone as we have now deployed over 1,000,000 agents in our customers' environment, exceeding even our own very high expectations. Our 2nd quarter results continue to show that we can in fact drive both strong revenue growth and top tier profits.
This is a function of our ability to deliver steady stream of new offerings that we can sell very efficiently into our installed base leveraging the cloud platform we have built over time. We're seeing increased uptake of our new solution both on initial contracts and in upsell scenarios. And this is underscored by the fact that the percentage of our enterprise customers
who have
3 or more of our offerings has doubled versus 3 years ago from 11% in Q2, 2013 to 21% this quarter. Not surprisingly, this drives larger contract size as up sales can be several multiples larger than the core VM engagements. The average deal size booked in the quarter increased by 18% from a year ago. We are now definitively in the right place at the right time and to capture the opportunity we have been reinforcing our sales organization. We have both grown our enterprise sales force and strengthened sales management by promoting from within and attracting great new talent as well.
At the end of Q2 2016, we had 18 regional sales leader covering more than 100 countries and the sales management team has on average 5 years of tenure with Qualys. We operate in fact in a healthy demand environment and believe that we are prime beneficiary of the trend, the undisputable trend I should add to cloud computing. We feel confident that this will help us sustain and even improve our growth rates in the coming years. There's an increasing need among customers to leverage cloud based security solution as they are now accelerating the migration of their IT infrastructure to cloud solutions. Furthermore, the reality is that in order for companies to prevent breaches rather than react after the fact, they must leverage enormous amount of data and there is simply no way to do this cost effectively with on premise enterprise software.
These views are shaped not just by the data itself, but also by the significant amount of time I personally spend with clients. And for example, I recently met with the CIO of a major European financial institution and a Qualys customer. He echoed that Verinty management is increasing in importance for his company. The regulation they must abide by required that they have visibility on all IT assets, not just the perimeter and that they'd be able to demonstrate this. On premise enterprise software solution become cost prohibitive at this scale.
In addition, this is no choice but to move to a cloud based IT model to improve the agility and reduce the cost of his IT infrastructure. In fact, he shared that his goal is to have 80% of his IT infrastructure in the cloud 3 years from now. Additionally, as all company must do more with less, they are looking to consolidate vendors and we are gratified to hear from many of our customers that they would like to do more with us. As a result, we're pleased to be chosen for an increasing number of standardization arrangements both with customers and lead partners. These validations are powerful and position us as a disruptive force in the security and compliance industry.
Being a strategic vendor to our customers is a function of the current capabilities of our solution as well as our confidence that they will continue to innovate and expand our features and functionalities. We have released several exciting innovations in the Q2, namely Qualys Threat Protect that became generally available in the quarter. As many of you already know, this helps customer prioritize vulnerabilities based on a number of key threat indicators. At the Ghana Summit, we announced a groundbreaking new form factor to extend our private cloud security compliance to medium sized companies, delivering our entire cloud platform with a 1U in a 1U format, totally remotely managed and self updating. This now allows us to address those company who need to retain data on premise or within local geographies, but do not have a big enough IT infrastructure to adopt our larger private cloud platform and we have now 30 private cloud platform deployed over the planet.
This new private cloud appliance, as we call it, support both scanners and cloud agents that include a comprehensive integrated suite of Qualys apps for automating asset discovery, security assessment and compliance management. Our Security Assessment Questionnaire 2.0 was also released in the Q2. This is a cloud based solution that orchestrates IT audits with automated validation to dramatically simplify third party and vendor risk assessment. We achieved the 1st level of FedRAMP certification in the quarter and expect to have the full FedRAMP certification this current quarter. This offers federal agencies the path to quickly adopt Qualys, our Qualys platform for continuous security and compliance to provide them with a continuous view of their security and compliance postures.
Subsequent to the end of the Q2, we announced the expansion of the cloud of the Qualys cloud based security compliance platform to support Microsoft Azure with a new Azure certified virtual scanner appliance. This enable organization to assess the security and compliance posture of their Azure environment from the Qualys console. Each of these new offering brings key solutions to market that were previously not served extensively or at all. Let me finally emphasize that we're not only taking share from our legacy competitors, but we're also entering new markets, enabling our customers to consolidate the spending with us and delivering better performance as a function of our solution being integrated and accessible to a single platform. Thank you.
Thanks, Philippe, and good afternoon. Our strong second quarter performance reflects the recognition by our customers of the operational and financial value of our cloud based security platform, which provides a holistic view of our customers' assets and their vulnerabilities. Total revenues in the 2nd quarter were $48,500,000 which represents 21.5% growth over the Q2 of 2015. As we discussed last quarter, we signed an attractive new arrangement with 1 of our MSSPs, which resulted in additional revenue being recognized in 2016 for the same customers. In the second quarter, this represented a little over $1,000,000 of revenues, slightly higher than in Q1.
In contrast, FX again muted 2nd quarter revenue. Excluding the impact of the MSSP and FX, our year over year revenue growth rate was still a robust 20.4%. The U. S. Represented 71% of Q2 revenues or the same as the year ago period.
Some of our international clients pay us in U. S. Dollars, so our revenue exposure to foreign currencies was only around Q2 revenues. Our revenue plus the change in our current deferred revenue balance grew 29 percent year over year. I highlight this because I recognize it's a metric investors track as a proxy for current bookings.
However, I would like to point out that this calculation will not always mirror our current bookings due to the timing of the actual invoicing as well as impacts of items like FX. This quarter, it does reflect our strong performance. However, please note that it was positively impacted by the large slipped renewals from Q1 that we mentioned in our last call as well as being negatively impacted by the MSSP contract and FX. Said another way, when I compare our historical quarterly bookings growth rate to the historical year over year growth of revenue plus the change in current deferred revenue, they are not always in line. Our current deferred revenue balance was $104,000,000 as of June 30, 2016, 19% greater than our balance at June 30, 2015.
As we have discussed, the change in the MSSP contract reduces our current deferred revenue balance account because it's billed on a quarterly basis. Excluding the impact from the MSSP contract as well as FX, our current deferred revenue balance would have grown 21% year over year. Last quarter, we discussed that our existing disclosure metrics may not be the best reflection of the positive trends in our business. We have evolved from a single product company to a multiproduct platform business with 10 solutions that have varying pricing, growth rates and release dates. We are adding new capabilities, extending the breadth of our solutions, and we have enhanced our core VM offerings through new solutions as well.
Through the end of 2016, we will maintain the current disclosures. We expect to roll out new metrics at our upcoming Analyst Day on November 17 that more properly reflects how our business is trending. On the existing basis, our vulnerability management solutions remain strong, thus continuing to represent 79% of 2nd quarter revenues, in line with results in the Q2 of 2015. Our last 12 month bookings growth rate for Policy Compliance and Welled Application Scanning was 26% year over year. Note that this figure does not include newer solutions like our cloud agent use for vulnerability management, our PCP and Threat Protect.
As an initial step toward our new metrics, Philippe shared with you the percentage of our enterprise customers who have purchased 3 or more Qualys products. While we sell our platform cost effectively to both small customers of 50 employees as well as to large enterprises, we expect to see additional solution uptake more pronounced in our enterprise customer base. Our prior disclosure was the percentage total customers with 2 or more products, including PCI, and this figure was 63% in Q2, up from 60 percent a year ago. Incidentally, we are adding an updated investor deck to our Investor Relations website today to increase the clarity of our message. Before moving to profit and loss items, I would like to point out that unless otherwise specified, all of the expense and profitability metrics I will be discussing on this call are non GAAP results.
Our non GAAP metrics exclude stock based compensation and non recurring items. A full reconciliation of all GAAP to non GAAP measures is provided in the financial tables of the press release issued earlier today and is available on the Investors section of our website. Gross profit increased 21% year over year to $38,800,000 in the Q2 of 20 Gross margin was 80% equal with Q2 last year. Our strong margins are a testament to the scalable operational model of Qualys and are higher than other comparable security and SaaS companies. Our platform enables us to easily launch new mission critical capabilities that will plug and play with other Qualys offerings and are therefore highly cost effective to sell.
In fact, our 2015 revenue per sales and marketing head is over $1,000,000 as compared to a median of approximately $540,000 for comparable security and SaaS companies. One driver is that our cloud based platform enables a try and buy at generating sales at a lower cost than on premise software companies. Furthermore, we're continuing to leverage low cost geos with the percentage of our customer support, operations and R and D headcount in India having increased to 36% in 2015 from 15% in 2013. And by having a strong operation there, we can innovate 20 fourseven, which accelerates our ability to develop solutions for our customers. We are taking advantage of our highly profitable model to invest for growth as we see multiple levers to drive additional revenues.
Operating expenses increased by 21% year over year to $27,000,000 in line with our stated goal to increase our investments in terms of headcount, systems and other services to scale the business. In fact, we added 92 people in the first half of twenty sixteen compared to 53 people in the first half of twenty fifteen. Research and development expense increased to $7,700,000 or 26 percent year over year, primarily due to higher headcount. While we are adding personnel there, it is important to note that we a highly efficient R and D organization with an average annualized personnel expense per employee of approximately $110,000 as of Q2. And our R and D organization has delivered many new products over the last 12 months, including the Cloud Agent platform, Threat Protect, the Security Assessment Questionnaire 2.0 and the 1U PCP appliance as well as new feature functionality such as Elasticsearch and App View integration with ServiceNow.
Sales and marketing expense increased to $13,100,000 11% year over year, primarily due to higher sales headcount as well as costs related to our salesforce.com implementation, offset by somewhat lower expense in marketing. As Philippe mentioned, we've been growing our enterprise sales force and are proud of our high productivity. G and A increased to $6,300,000 41 percent year over year largely due to higher headcount and legal accounting and consulting fees related to our increased scale worldwide. Due to our strong revenue growth, adjusted EBITDA for the Q2 of 2016 increased by 20% to $15,700,000 compared to $13,100,000 in the Q2 of 2015. Again, the MSSP contract change had a positive effect since revenues were higher, but excluding this impact, adjusted EBITDA would still have increased over the Q2 of 2015.
Adjusted EBITDA margin in the Q2 of 2016 was 32% as compared to 33% in the Q2 of 2015. Moving on now to earnings per share. For the Q2 of 2016, GAAP EPS was 0 point Non GAAP EPS was $0.20 per diluted share in the Q2 of 2016, up from 0 point 15. Our Q2 non GAAP expenses, net income and EPS excluding onetime tax related expense. I'd note that nonrecurring items included in non GAAP expenses, net income and EPS over the last couple of years have been immaterial.
Net cash from operations in the Q2 of 2016 increased by 12% to $17,300,000 dollars compared to $15,500,000 in the same period in 2015. Free cash flow generated in the Q2 of 2016 was $12,700,000 compared to $11,300,000 in the comparable period of 2015. In the Q2 of 2016, capital expenditures were $4,800,000 compared to $4,300,000 in the Q2 of 2015. In addition to this, we front loaded approximately $7,000,000 of CapEx that is scheduled to be paid later in the year. Of the $7,000,000 $5,000,000 was related to the early renewal of a license arrangement as we were able to lock in an attractive rate on database software for the next several years.
This was CapEx that otherwise would have been spent in 2017 and does not represent a change in our business model. In the Q3 of 2016, we expect capital expenditures to be in the range of 5,500,000 dollars excluding the previously mentioned $7,000,000 incurred in Q2. We expect to spend only $3,500,000 to $4,500,000 in capital expenditures for Q4, offsetting the increased Q2 and Q3 spend. So excluding the early license renewal, we are projecting capital expenditures of $20,000,000 to $22,000,000 in total for 2016. Now turning to our guidance.
Starting with revenues for the Q3 of 2016, we expect revenues to be in the range of $50,300,000 to $51,000,000 For the full year 2016, we are raising the bottom end of our guidance for revenues, bringing our current guidance to a range of 197,100,000 dollars to $198,600,000 As to earnings per share guidance, we expect GAAP EPS for the Q3 of 20 16 to be in the range of 0 point $0.17 to $0.19 per diluted share. For the full year of 2016, we are raising the bottom end of our guidance for both GAAP and non GAAP EPS. Our current guidance for GAAP EPS is now $0.37 to $0.41 and for non GAAP EPS, $0.75 to $0.79 We expect our operating expenses to sequentially increase in Q3 and Q4. We are continuing to invest in our business as we scale for the rollout of additional solutions to our platform because we have a highly profitable operational model. Our 3rd quarter EPS estimates are based on approximately 38,800,000 weighted average diluted shares outstanding.
And our full year 2016 EPS estimates are based on approximately 38,900,000 shares outstanding. For the Q3 and full year 2016, we have used an expected effective GAAP tax rate of 38% and an expected effective non GAAP tax rate of 36%. I'm thrilled to be at Qualys. I'm now almost 100 days into my tenure here and I've gained significant visibility into the growth opportunities for our business and a scalable operational model. With that, Philippe and I would be happy to answer any of your questions.
Thank Thank you. And our first question comes from Siti Panagrah with Credit Suisse. Your line is open.
Hi, thanks for taking my question. I just wanted to focus on the VM market. You talked about 10% growth last quarter. I'm just wondering what sort of growth rate you saw this quarter and what sort of competitive landscape are you seeing any kind of legacy displacement in the market that's driving growth at this point?
No. So we didn't speak of 10% growth. I mean, we're seeing that our our VM marketplace that we're growing at around 20%, 21% growth. So this is what we said. And as far as the competitive landscape, so we have essentially in our space that has what I call the 2 last month standing, essentially Tenable and which is a private company and Rapid7 was a public company.
And we essentially have an extremely strong position on the with a large enterprise Rapid7, we see them gaining more and more in the mid market. And Tenable is strong in government and with consultants essentially. They're all trying of course to go and attack our large customer base. But I think we remain today the company which has really truly a cloud platform, which is a huge advantage. We also deliver new services fully consolidated with our platform, so that increase the barrier to entry significantly against Qualys.
And to speak about the VM marketplace, as I mentioned during the call, is that we see Verity Management becoming as a significant core security application that company must absolutely adopt and this is relatively new and this is because you cannot secure what you don't know. Everything is interconnected with everything. So you need to have a global view of all of your IT assets. And then you need to ensure that they are not vulnerable to attacks. And then you need to prioritize the remediation, remediate as fast as you can today.
It's a question of time and prioritize the remediation and improve your remediation capabilities.
And as a follow-up, you talked about cloud agent deployment around $1,000,000 already. And also you released Threat Protect. I'm wondering what sort of feedback early feedback you have got on Threat Protect and what sort of adoption you're expecting?
Yes. So we're expecting a very strong adoption of Spread Protect. We have essentially that solution 1 gs about a month ago. We already have quite a few orders, a big demand for that. It's a very natural extension of our platform.
We've replaced here either a standalone solution that we're taking the data out of Qualys and then correlating that data with threat information and or company taking that the Qualys data, putting that into Splunk and then taking putting threat information to Splunk and doing that application in Splunk. So obviously having that native on Qualys is significantly easier and better for our customers. So we see all our customers which have already used this kind of solution that I mentioned are looking at migrating to Qualys. And of course, it becomes also a very big differentiator when we compete for new business.
Thank you. And our next question comes from Gur Talpaz with Stifel. Your line is open.
Great. Thanks for taking my question. So I wanted to talk about cloud agent adoption, Philippe. You noted over 1,000,000 endpoints and that's a pretty big metric given how relatively new the product is. Maybe you could talk about what's driving that adoption, what's driving that strength and maybe walk us through what a typical cloud agent deal looks like in terms of penetration of a customer?
Yes. So this is in fact, this doesn't really surprise us, where a lot of people are saying, oh, it's so difficult to put agent, etcetera. And the argument I was making then was that what our cloud agent does first is to essentially make the Verity Management application significantly easier to deploy and manage because you don't need now credentials, you don't need scanning windows and you have real time. So this is quite significant. And now so we see customers, existing customers adding the cloud agent to some of the IPs that they were scanning, so adding on the device of course.
And also interesting enough, it allows us now to move into endpoints. So we see also customers adopting the agent for their endpoints. And furthermore, unlike anybody, our agent also they go into the cloud. So our agent has that unique ability to go to our on premise, on servers, etcetera, on endpoints as well on cloud environment. We've just announced by the way recently that we have worked with Microsoft and now we are in the process of finishing the total integration of our agent with the Microsoft Azure platform.
So customers could directly from the Microsoft Security Center immediately have the agent available at the click of a button. So it's a significant integration and we're working as well with all these other cloud vendors to do exactly that same thing. So this is significant adoption. So of course, it does now start to do the same thing for the policy compliance. And let me remind that we see the agent is really a new platform or an extension of our cloud platform.
And this is going to allows us to deliver in a relatively short period of time additional functionalities that all of our customers are asking, which are the file integrity monitoring capabilities, the detection of IOCs, the patch management capabilities and also we're working on the digital certificate as well. So this is absolutely a no brainer for our customers essentially.
That's great color, Philippe. One last question. In your script, you noted achieving FedRAMP compliance. In the past you talked about the federal opportunity. Can you talk about the pipeline there now that you've achieved a level of compliance in that arena?
Do you see it building up? Is it a real opportunity sort of beginning to play out?
This definitively, I think we're at the right time at the right place now with federal. As you know, everything in federal takes time. So we're not expecting to see any kind of significant revenue this year. But I think we're very well positioned for next year, because again there's as you see the federal is absolutely crippled with the data breaches. And the reason is because they are using all these enterprise security solutions.
They don't integrate. They have massive networks. Enterprise security software just doesn't cut it. And so you need to have that scalability that our cloud platform provides, so you can identify again all of your global IT assets, their vulnerabilities, their security posture. And in the past, the federal didn't want us because we're eliminating a lot of because of the complexity of the procurement cycles, etcetera.
So being FedRAMP is really the key for us. So I think we're expecting we're very confident that next year we'll start to see really business coming from the federal government.
Thank you. And our next question comes from Craig Nachowicz with First Analysis. Your line is open.
Thanks. Good afternoon. Nice quarter folks. Philippe, you mentioned that scenario about the over in Europe someplace about the regulations or visibility into all IT assets. Are you pursuing a special any special initiative to really capitalize that over there in any part of the market?
It seems like it would be really something that could add to your growth.
In fact, yes, because now that's a very good point, Craig, because in Europe, our deal size has been historically much lower than in the U. S. And the reason because of the European companies were much lower at adopting that cloud based relative management solution that we have for the internal network. So the bank that I've mentioned to you before was in fact the customers in 2002 very happy with Qualys, but it's only now that they are looking at essentially deploying us on the inside. And so the regulation is really a very big driver of that because this the regulation in Europe is really becoming there.
Essentially, you could see a change from the regulator to try to reverse the burden of proof. So you have to prove now that almost that you have taken everything you have done everything you should you could have done to secure your network. So that's really tough. And again, so the fact that today we have a very strong partnership with companies like Orange Business System, Airbus Cyber Defense, Siemens, we have a lot of very big partners. We can deliver also private clouds locally.
So all these issues about where does my data reside and certainly not in the U. S. They don't want that anymore. We have solved all of these problems. So I think Europe is right for us to see bigger deals from our existing customers and we have a large customer base in Europe.
And as well as our competition there is not very strong, So really being capable of becoming a major player in Europe as well.
Are you adding more sales heads there by chance to
We've already made a good in fact what is interesting is that we don't have a very good productivity in Europe as compared to the U. S. Because again what I told you about the deal size is much lower, but we are very well staffed in Europe. So already as I mentioned, we have 5 regional VPs in the U. S.
And we have now today 14 outside of the U. S. So it's we have a significant already presence established with long term customers. And so we're very strong in Europe. It's just a question about the deal size, which is now starting to move into our favor.
Can you also just review what where your data center locations are over there now with does Brexit have any impact on the services you Yes.
Absolutely, very good question again. So we historically we had a data center in Geneva and now we're adding another data center in Amsterdam. And the reason is because today with this new regulation, Switzerland is not part of the EU. So that the Switzerland, which was the place of peace, not anymore the place of peace, if I may say so. So you've got to have your data outside of the you have to have your data in the EU community, which is what we're doing now.
And in addition to that, we have company like Deutsche Telekom or T Mobile, which they have their own private cloud. We have Orange Business System which is also a private cloud. Airbus Cyber Defense a private cloud. Siemens a private cloud. So we're also that ability of really delivering private cloud very easily.
And so all of these regulation works in our favor because we keep the power of our cloud model, but now we can really deliver it on premise or in within a local geography like we do telecom into Paris, Saudi Telecom in the Kingdom and others.
Thank you. Our next question comes from Matt Hedberg with RBC Capital Markets. Your line is open.
Yes, thanks for taking my questions. Philippe, in your prepared remarks, you talked about your expectations for improving growth rates longer term. Now I know you guys have 10 products, but I'm curious outside of sort of your core VM, WAF, PCI and Policy Compliance, If you could only pick 1, which of these additional products do you think has the highest potential to become really a major contributor future growth?
The major contributor to future growth with no question asked is the Cloud Agent platform for the reasons that I mentioned earlier, all these additional revenue streams that we're going to generate and relatively early in the year for next year with file integrity monitoring, detection of the data show for compromises, the Patch Management, the digital certificates. And then so this is something we see coming very, very strongly. And then we have interesting additional products, which like Threat Protect, which are really we charge 30% of the VM subscription to our customers to have the benefits of Threat Protect. So that's a nice little bump on a huge VM customer base. We have also our security assessment questionnaires that we see also adding to the policy compliance application.
These are things that currently today are in production and doing very well. So that's what we see.
Great. And then maybe one for Melissa. I mean, you guys had a nice earnings beat this quarter and I know you did raise the low under your full year guidance slightly. But I'm curious, why didn't it go even higher? Is this a reflection of additional hiring or conservatism?
Just want to make sure I understand sort of the thought process around the full year earnings guide.
Yes. Another great question, Matt. It's a couple of factors. As we've mentioned, we have been increasing hiring. To the extent we do that within a quarter, that is one factor that contributes to the sequential increase in expenses as well as there is additional investment in these areas like headcount that we're continuing to make.
And our next question comes from Michael Kim with Imperial Capital. Your line is open.
Hi, good afternoon guys. Can you talk a little about pricing trends and specifically on continuous Monitoring and Threat Protect? I think you did mention just possibly 30% lift to the current VM subscription and I think last quarter for Centimeters, maybe something like a 20% lift. Are you still doing some price discovery? And how are those how is that holding?
No, the price is holding fine. I think we're just absolutely in fact we received praise from our customers and now we've got enough of them. So it's just not 1 or 2. They said they were very happy that we were they were very happy with our pricing. They thought it was a fair price.
No question asked. And we had in fact everything we do, we always try to engage customers before, so we don't come and suddenly surprise our customers. We work with them on the new product, on the new pricing. We try to really understand what they are expecting. So that was really we're very, very confident with the pricing.
And then with the upsells getting larger, are you seeing any change in average contract length and how might that adjust the pricing?
We
haven't seen any change in average contract length per se. What we've talked about in the past is that when we do have larger deals, larger deals take longer to close because it's a more involved procurement process and more approvals required. We haven't seen much movement today now.
Yes. On the contract line specifically, we see more and more of our large customers. They want multiyear contract. So we are doing more 3 year contracts at the request of our customers. And so that has been a trend.
So we're doing
hasn't been enough to move the needle to date.
It doesn't change the revenues. It doesn't change at all our booking either because we unrealized everything. So we have some prepaid deal which sometimes could of course impact the current deferred. But these ones are relatively rare as big prepaid, but we have a few of those.
Thank you. And our next question comes from Jack Andrews with D. A. Davidson. Your line is open.
Good afternoon. Thanks for taking my question. Philippe, you introduced a slew of new products earlier in the year. And as we're sitting here slightly past, I guess, the halfway point of 2016, can you update us just in general on your thought process for additional products? Are there any particular market adjacencies perhaps that look attractive to you?
So first of all, they were not early in the year that much with the exception of the Cloud Agent. Threat Protect was very recent. Our security assessment questionnaires was very recent in fact. But so this being said, we so we are expecting today essentially with the new services that we're planning to deliver, we're looking at having them as a showcase with our at our user conference in October. We probably will showcase them on our Analyst Day as well in November.
So we see them as generating revenues early next year, starting early in the year. And then in terms of market adjacency, we're just continuing to essentially expand really naturally. So you look at Threat Protect, this is interesting market that we believe we can really make a very big difference. There are in fact 2 markets. 1 is the asset discovery.
We believe that today we have absolutely the best technology today to do asset discovery and inventory and then synchronize like we're doing today now with ServiceNow. So that's almost like more of an IT, if you prefer, market. So our view here is that we can bring security and compliance and IT security and compliance into one single solution. We're starting to really compete very effectively against Tanium, which you could consider as an additional market. And then there is while looking at the digital certificates, we think really we can really we have a very good solution.
We're already at the half of the solution for digital certificates in the sense that we can discover all of your digital certificates and then we can analyze where they're coming from, when they're going to expire. The only thing which we are missing today to really provide the full solution, which we're working on as we speak, which is to the ability to update or manage these digital certificates. So we're not far from having also that solution and that's the kind of really adjacent market as well.
Thanks. I appreciate that. And then just as a quick follow-up, could you give us an update in terms of just your senior management team? Are there any meaningful roles that you're still looking to fill at this point?
Yes. I mean, we're always expanding our management team. Today, I'm a little bit we're certainly looking very seriously at doing some acquisitions, albeit very carefully, which is a way to increase the management. So currently, I'm looking at adding a Chief Security Officer, so we're currently actively looking. And we had our VP of Worldwide Sales, which went back with this previous company.
And so that give me the opportunity to really look for somebody as well. So these are essentially the 2 key positions on the management level that we're looking at adding.
Thank you. And our next question comes Srini Nanduri with Summit. Your line is open.
All right. Thank you for taking my call. This question is for Philippe. Philippe, I know your cloud agent was initially for Windows. And last quarter, you released the products for Linux and macOS.
Can you talk about whether these products are being deployed in the field? And can you talk about how the pricing for this new services are? And then I have a follow-up, please.
So I'm not so sure that I understood the question. You're asking about the price for this cloud agent
Price as well as you launched a Linux version of your Cloud Agent and macOS earlier last quarter. So I just wanted to understand how those products have been doing in the market and what your conversations have been?
Yes. So the UNIX agent for UNIX is essentially the big market for them is of course with companies which are using UNIX servers and as well as the cloud environment. The cloud environment are essentially Unix. So we put that down And so very successful, it was in big demand. The MAC is much more for the endpoint essentially.
And so that's also strengthened our position and offering on the endpoint. And all in all, today when I look at these agents, so there's a combination of adding to the existing VM that we're doing. So we have as an average today with this cloud agent generating significant we are in above the I would say $5 per agent per year. So it's thought to be an interesting add on to our business and it's growing very well.
Yes, yes. Just extending the Cloud Agent technology, it looks like it's a natural extension for endpoints for such as Android devices and iOS. You and I talked about this a while ago. Do you expect to release the cloud agents for handheld devices as well?
Yes. No, the issue with the Android devices and iOS devices is that you cannot really put an agent or market with the MDM applications. So for us, our strategy is to a market with the MDM applications. So for us, our strategy at the moment there is to essentially take the data from this MDM vendor to enrich the information that we have and put all of that into our cloud back end rather than doing an MDM agent because it's already pretty occupied. This being said, when and if the Google and Apple open up their OS then so we could put an agent then who are ready for it.
Because the challenge is not to build the agent, The challenge is really all the analysis you have to build that to handle hundreds of millions of agents. It's not billions of agents. But currently today was a large cloud provider is now deploying 2,000,000 agents of Qualys in the process of deploying this agent. So that's a question of scale and of course that's a problem that we have solved. We're also working on providing an SDK for our agents, so people could build the agent themselves and then we can provide all the processing if you prefer back end to do all what needs to be done with the data that the agents are bringing back.
Does that make sense?
And thank you. And our next our last question comes from Steve Ashley with Robert W. Baird. Your line is open.
Thank you very much. So, Philippe, I just want to ask a high level question on the industry and you kind of have a statesman of the industry and a big picture view, but there are rumors that McAfee might be for sale, there are rumors that FireEye might be for sale, there are rumors that Imperva might be for sale. We're seeing Symantec and Blue Coat merge. So there seems to be at least the rumor of a lot of consolidation of some meaningful sized businesses. What do you see going on in the industry and what kind of why do you think this might be happening now?
Thanks.
This is a fantastic question, Steve. I really appreciate it. In fact, yes, this is exactly what is happening. And by the way, it's not surprising. This is something by the way that I predicted many years ago.
I'm a little bit late on the timing. You look at what happened with the mainframe industry going through the mini computer industry, which was more of a technological evolution that a totally new architecture came with a client server. And now we're seeing the same thing happening with the cloud computing architecture. And now today what is happening is like we saw the mainframe, meaning etcetera, is the consolidation of the old industry, which is about to die. Then the question is how long it will take.
And then the emergence of a new breed of company, which I strongly believe Qualys is one of them. And nothing new here. The only thing which is new is today, the very specific channels that security has, which is very unique and it's becoming very clear and there was a discussion with Jeff Moss, in fact this morning, we're just at Black Hat now, with Jeff Moss, the founder of DEFCON and Black Hat, this is exactly the same thing. Security today is a huge challenge because things are going so fast. So you have the complexity has increased significantly.
And now the speed at which the attacks are coming are absolutely incredibly fast. So as soon as so the bad guys now can detect vulnerabilities in your organization even before you can yourself do, they've already created an exploit and you're attacked now in no time. So how do you protect against that? So you really have to change. So this is where all these enterprise solutions are falling apart because they are too slow, they are too costly to manage, what you do with all that data, they don't integrate with themselves.
So there is absolutely a need for that new breed of solution and that's and we see that from our customers. That's what we have really, really I think the market is coming our way big time.
Great. Thank you everyone for attending our Q2 earnings call. We look forward to seeing many of you next week at the Pacific Crest Conference in Vail the Credit Suites Small and Mid Cap Conference in New York in September. We will be holding an Analyst Investors Day in New York on November 17. And if you would like to attend our annual user conference as well, which will be in Las Vegas in October, please let us know.
Thank you.
Ladies and gentlemen, thank you for participating in today's conference. This does conclude today's program. You may all disconnect and everyone have a great day.