Thank you for standing by, and welcome to Qualys' fourth quarter 2021 investor call.
At this time, all participants are in a listen-only mode. After the speaker presentation, there will be a question and answer session. To ask a question during the session, you will need to press star one on your telephone. Please be advised that today's conference may be recorded. Should you require any further assistance, please press star zero.
I would now like to hand the conference over to your host, Blair King, Investor Relations. Please go ahead.
Thank you, Latifa, and good afternoon and welcome to the Qualys fourth quarter 2021 earnings call.
Joining me today to discuss our results are Sumedh Thakar, our President and CEO, and Joo Mi Kim, our CFO. Before we get started, I'd like to remind you that our remarks today will include forward-looking statements that generally relate to future events or future financial or operating performance. Actual results may differ materially from these statements. Factors that could cause results to differ materially are set forth in today's press release and our filings with the SEC, including our latest form 10-Q and 10-K.
Any forward-looking statements that we make on this call are based on assumptions as of today, and we undertake no obligation to update these statements as a result of new information or future events. During this call, we'll present both GAAP and non-GAAP financial measures.
The reconciliation of GAAP to non-GAAP measures is included in today's earnings press release. As a reminder, the press release prepared remarks and investor presentation are all available on the investor relations section of our website.
With that, I'd like to turn the call now over to Sumedh.
Thank you, Blair, and welcome everyone to our fourth quarter earnings call. We are very pleased to report another quarter of strong financial performance, reflecting a year of progress in our efforts of advancing our go-to-market initiatives, significant platform innovation, and strong momentum heading into 2022. In Q4, cloud agent subscriptions grew 34% year over year to 75 million purchased over the last twelve months.
There was also a steady adoption of our Vulnerability Management Detection and Response, or VMDR solution, which is now deployed by 36% of our customers worldwide. These results continue to validate our security consolidation approach and the power of single agent as customers increasingly transition to VMDR. Our go-to-market enhancements are starting to yield results as we are executing well to seize on heightened demand trends and opportunities we see in the market.
The customer stories I will share with you today not only highlight our growing leadership among large enterprise customers, but also the growing desire among CISOs and CIOs to consolidate their security stack and leverage automation in their security and compliance operations to achieve expedient remediation of risk in their organizations. Recent high-profile ransomware attacks and critical vulnerabilities like Log4Shell and PwnKit have highlighted organizations' need for a scalable vulnerability management solution like Qualys' VMDR.
That not only accurately detects these vulnerabilities, but also helps reduce exposure time with integrated asset discovery and remediation capabilities. Within days of Apache announcing Log4Shell vulnerability, the Qualys research team, engineering team, and product teams released a free 30-day Log4Shell detection and remediation service leveraging multiple Qualys capabilities like CyberSecurity Asset Management, VMDR, Patch Management, and Web Application Scanning.
Since the Log4Shell announcement in early December of last year, the Qualys Cloud Platform has detected millions of unique Log4Shell vulnerabilities, underscoring the strategic relevance of our platform in our customer environment. Additionally, given the extensive impact of Log4Shell to global organizations, our research team released multiple open source tools to help discover and remediate this vulnerability for the global community, further demonstrating both our leadership and commitment to the industry.
A few illustrative wins in the quarter include an existing global Fortune 200 customer in the EMEA region, which standardized on Qualys' VMDR policy compliance, Patch Management, and asset inventory capabilities to cost-effectively consolidate its stack of legacy enterprise security and compliance solutions into a natively integrated platform, linking multiple data center and endpoint environments. In addition, a new Fortune 600 customer selected VMDR and CyberSecurity Asset Management over several competing solutions.
The ability to uniquely provide comprehensive asset discovery for security-centric visibility, CMDB synchronization, alerting, and accurate response capabilities once again stood out among vulnerability detection-only solutions in the market and was a key differentiator in our win.
We believe these new wins and the early success we are experiencing with our newer applications characterize that when customers are ready to re-architect and consolidate their security stack, Qualys is the best cloud-native multi-solution platform to meet their needs.
Looking back at 2021, I believe the Qualys team has responded incredibly well to unexpected challenges and opportunities, demonstrating the transformative value of our newer solutions, the depth of our customer relationships, and the extraordinary abilities of our global and diverse team. We continue to broaden our platform and grow our business, building a strong team with additions of new executives, including a new CRO, CMO, CPO, and CIO.
More recently, Bill Berry joined Qualys board in December. Bill has extensive go-to-market experience in enterprise software sales and marketing, and we believe he will be a great asset to the team as we build out our go-to-market motion in 2022. With this foundation in place, over the next several quarters, we plan to increase our sales and marketing investment with a focus on digital marketing programs to drive pipeline and customer reach, grow our sales team to further leverage our opportunity in the market and expand our channel by recruiting and enabling partners.
With respect to platform innovation, our goal is to remove friction for customers by making product expansion simple and hassle-free. A customer who may currently only use VMDR should be able to adopt all of our other applications with the click of a button.
In 2021, we executed well against this objective while changing the game in security as we brought together asset inventory, risk mitigation, and threat detection and response into a natively integrated cloud-based platform. We believe these platform innovations have helped customers remediate vulnerabilities much faster than alternative siloed detection-only solutions. Further advancing our platform innovation agenda, I am pleased to announce that our Context XDR solution is now GA. As many of you know, this is a natural extension to the Qualys Cloud Platform and our next-generation security analytics and incident response application.
Our Context XDR application natively integrates and correlates asset and risk-based vulnerability context, patching EDR, File Integrity Monitoring, and security telemetry with additional third-party data integration to provide high-fidelity detection and response. Customers are telling us they want a simplified solution for security analytics and response.
We believe this solution satisfies that demand as it leverages our scalable backend and its array of sensors, which already collect, enrich, normalize, and correlate trillions of data points across all environments on a single cloud agent for Qualys customers. While the overall market for this solution is still in the early innings, we are excited about this product and its potential, especially in light of the positive feedback we have received from customers who have been early adopters of our XDR capabilities.
Looking ahead to 2022, we plan to maintain a dual innovation strategy. Primarily, we will continue to invest in internal R&D and scale our organization to further differentiate our automated detection and response capabilities. We will further expand our product portfolio into EDR cloud container security and industrial control system security.
Secondarily, making highly targeted and opportunistic acquisitions to enhance our platform and accelerate our time to market. As a reminder, in 2021, we completed the acquisition of TotalCloud to bring visual cloud remediation workflow technology to the Qualys Cloud Platform. To further support our growth agenda, we plan to invest more broadly in the business to expand our cloud platform presence and to enhance our business processes, tools, and systems to help drive better operational efficiency and business outcomes.
In summary, we believe the Qualys Cloud Platform is the go-to solution for agent consolidation, cost-saving, increased user productivity, and better cyber protection. We believe we are well-positioned to continue our market momentum and expand our leadership as we build out our success, enhance our platform capabilities, and further extend our reach into new and adjacent markets.
With that, I'll turn the call over to Joo Mi Kim to further discuss our Q4 results and outlook for the Q1 and full year 2022.
Thanks, Sumedh, and good afternoon. Before I start, I'd like to note that except for revenue, all financial figures are non-GAAP and growth rates are based on comparisons to the prior year period, unless stated otherwise.
We're pleased to report continued growth acceleration and strong profitability as reflected in the following financial and operational highlights. Revenues for the fourth quarter of 2021 grew 16% to $109.8 million, up from 13% growth in Q3. While the majority of the beat was due to outperformance in renewal and upsell, with our net dollar expansion rate increasing to 108%, up from 103% last year. A higher-than-expected growth in new business also contributed to the revenue acceleration.
With our Q4 LTM calculated current billings growth at 18.5%, up from 16% in Q3 and 13% in Q2, we are entering the year with strong momentum and increased confidence in our ability to drive shareholder value.
We believe the investments we've made in platform innovation and our single-agent approach have enhanced our value proposition with customers and helped win new business opportunities throughout the year.
This quarter was no different, and we're excited by the continued adoption of VMDR, with total customer penetration now at 36%, up from 32% in Q3 and 19% a year ago. Continued adoption of Qualys solutions increased large customer spend, with now over 125 customers spending $500,000 or more with us. This represents a 17% growth from 2020.
We attribute this success to our position as a leading security and compliance cloud-based platform that is centrally managed and self-upgrading, allowing our customers to consolidate their stack while helping to build security and compliance into their digital transformation initiatives.
Our scalable platform model continues to drive superior margins and significant cash flow. Adjusted EBITDA for the fourth quarter of 2021 was $49.6 million, representing a 45% margin. EPS for the fourth quarter of 2021 was $0.84, and our free cash flow for the fourth quarter of 2021 was $35.5 million, representing a 32% margin.
In Q4, we continued to invest the cash we generated from operations back into Qualys, including $4.3 million on capital expenditures and $35.1 million to repurchase 273,000 of our outstanding shares. Looking back on the year, we are proud to have continued our product leadership while growing revenue, earnings, and cash flow for shareholders. In 2021, with focused execution, we finally crossed the growth inflection point and started on our journey of revenue acceleration.
We operated effectively through the pandemic and management changes in the company to reverse course in delivering better than expected results on both new and existing customer expands. Cloud Agent adoption grew over 34% from 56 million Cloud Agent subscriptions a year ago, and VMDR now accounts for 46% of total bookings.
This is a testament to our success in continuing to build relationships with customers and the opportunities ahead to seamlessly cross-sell other Qualys solutions such as Patch Management, CyberSecurity Asset Management, multi-vector EDR, and recently launched XDR. Notably, this was achieved even before a meaningful increase in investment, with EBITDA margin of 46%.
The leverage we generate demonstrates the efficiency of our model and gives us confidence in stepping up ongoing investments in the business. With the new executive team, we plan to significantly increase investments across business functions to maximize return and also to enable us to remain highly competitive in the talent market. Last year, we grew EPS by 12% and generated strong free cash flow, ending the year with a 43% margin and over $500 million of cash equivalents, and marketable securities on our balance sheet.
This is after returning $130 million of cash to shareholders by repurchasing approximately 1.1 million of shares. Given our highly scalable business model, even with incremental additional investments in 2022, we believe that we will continue to deliver industry-leading margins relative to peers. Shifting now to guidance for 2022.
Our success validates our thesis that organizations of all sizes are increasingly looking to consolidate their security stack into a single agent with their solution. With an executive leadership team in place armed with powerful new cloud platform capabilities, we believe the time is right for us to flex the power of the platform in the market and invest more in the business.
Given this, we anticipate operating expenses to increase as we expand our sales organization and our channel efforts, as well as focus on digital marketing and demand generation initiatives. Additionally, as a leading vendor of security and compliance solutions, innovation remains a top priority. Incremental investment in our platform is anticipated to enhance automation and cloud security capabilities for our customers.
To support our growth expectations, we expect to make investments in our infrastructure and our people throughout the year. We believe these planned investments will position us to further accelerate our growth and maximize shareholder value. With that framework in mind, for 2022, we expect full-year revenues to be in the range of $482 million-$485 million, which represents a range of 17%-18% growth.
In terms of profitability, we expect full-year EPS to be in the range of $2.87-$2.92. This implies EBITDA margin in the high 30s%, with higher incremental increase in expense in the second half of the year. For the first quarter, we expect revenues to be in the range of $112.5 million-$113.1 million, which represents a range of 16%-17% growth. We expect EPS to be in the range of $0.80-$0.82. Our planned capital expenditures in Q1 is approximately $6 million-$7 million. For the full year 2022, we expect to invest in the range of $25 million-$30 million.
In conclusion, as we enter 2022, we remain excited about our opportunity to drive durable top-line growth while leveraging our highly scalable model to maintain industry-leading profitability and margin expansion in the long term. With that, Sumedh and I are happy to answer any of your questions.
As a reminder, to ask a question, you will need to press star one on your telephone. To withdraw your question, press the pound key. Again, that's star one on your touch-tone telephone to ask a question. Please stand by while we compile the Q&A roster. Our first question comes from the line of Erik Suppiger of JMP. Your line is open.
Yeah. Thanks for taking the question, and good quarter. Talk a little bit about the competitive dynamics that you think you'll see as you start to expand into some of these markets. What kind of advantage do you think you'll have as you get into the EDR market? What features or functions do you think you'll have to compete against the likes of CrowdStrike and SentinelOne and some of those players?
Erik, thank you. Yeah, great question. I think when we look at the work that we have done with our customers over a period of time, I think today a lot of organizations are dealing with siloed solutions, including a lot of the platforms that are out there are either only focused on threat detection, some are focused only on inventory, others may be on risk mitigation.
I think where we see really the core advantage that we have, and as you saw in the release that we did with Context XDR, is that we believe that we have a platform that is obviously highly scalable with being a cloud-native platform. But it also brings a lot of the additional context that typically detection-only solutions don't offer, where they're only mainly focused on correlating log data.
A lot of times, analysts really need to find out the context of the asset, the business context, the criticality, what is the vulnerability posture of those assets, is it running end-of-life software, et cetera. That context is missing from many of these XDR solutions out there. That's why as we work with our customers and we saw the challenges that they are facing, we focused on creating a solution on top of our platform that not only does the log aggregation. Obviously, we did this very natively on our platform, and not really trying to put different technologies together through acquisition.
It's something that we felt like natively developing on the platform would give us that native correlation that comes with having a very strong inventory capability, a very strong risk assessment capability, ability to patch. Ultimately what it does is that it brings the various elements of security that CISOs are looking for, which is, first, know what you have.
Second, find and remediate your risk. And then third is the threat detection and response all together in a single platform. That ability for us to not only detect the threat actor and take response, but the same agent, same platform also helping catch things proactively so you're not getting compromised.
We see those are some of the key advantages relative to other solutions or platforms that have sort of put together their solutions by taking different technologies.
Okay. In the past, I think you've given a customer count at the end of the year. Do you have a customer count for 2021?
Yes. Before, when we had disclosed over 19,000, it actually included free customers. If you take a look at just our paid customers, it's over 10,000. The growth in the customer base has been in single digits. In 2022, our focus and priority is to increase market share, increase the new customer wins, and we're planning to do that by increasing our quota-carrying sales rep, in addition to working on some of the other metrics, performance metrics, including the win rates as well as attainment per rep.
Did you say that historically it's been growing in the 10% range, or what was the growth that you had said?
It's in the single digits. It's less than 0.5%.
Single digits. Okay.
for this year.
Okay. All right. Last question. Any updates on your web app security or your cloud container security business? Some of the smaller companies have been showing some good growth in that space. Any updates in terms of your progress on that front?
Yeah. I think we continue to see the early conversations, early adoption of some of these solutions by our existing customers. I think it really comes down to the same conversation that we have, is that a lot of the smaller players, they end up focusing only on the cloud aspect of it, when almost all organization have to deal with a hybrid environment that includes on-prem assets, that includes assets that are remote with workers who are still working from home, as well as cloud and multi-cloud and container environments all together. When they're looking for risk, as an example, with Log4Shell, they don't want to go to four different solutions, one for cloud to find your exposure, one for on-prem, one for endpoint.
We do see that continuing with that consolidation and providing these capabilities on the same platform and enhancing those capabilities, which we plan to do in 2022 with additional updates to those products. I see that the customers will be looking forward to getting a more consolidated visibility rather than sort of having siloed cloud-only solutions and endpoint-only solutions.
Very good. Thank you.
Thank you. Our next question comes from Matt Hedberg of RBC Capital Markets. Your question, please.
From Matt Hedberg. Thanks for taking our questions. It's nice to see the revenue acceleration for 2022 here and momentum to start the year. Joo Mi, you pointed out in your prepared remarks some of the acceleration or inflection maybe somewhat preceded incremental sales and marketing spend. Just curious if that evolved or maybe redirected any areas you had planned for investment previously, or was, you know, were the targeted areas more decided with budgeting based on what you saw at the time? Maybe, you know, what was your view around determining the right magnitude of investment?
Yes, great question. With the new executive team in place, we've had some in-depth discussions with the CRO, CMO, as well as CPO and other executives to determine where are the right priorities that we should focus on, and how do we maximize our ROI. What we decided on for 2022, there are multiple different levers that we're working on right now. One of the key priorities is in attracting and retaining great talent. I think part of that has to do with our quota-carrying sales reps. If you take a look at our sales and marketing headcount, in 2021, we ended the year slightly over 300, which is single digits growth over the four prior years.
We think that there's definitely room there where if we're able to increase our sales force, that should help to increase our bookings growth since 60% of our revenue actually comes from direct sales force versus 40% from channel. That hasn't changed. In terms of the magnitude, we're planning to increase investment to the extent possible, where we've actually increased our recruiting team to make sure that we're taking advantage of the opportunity out there.
I think that given the inflationary pressures, and a lot of the companies are facing some challenging times. Fortunately for us, given our highly profitable business model, we do have the flexibility to increase spend at this time to not only gain market share, but to scale the team and the business so that we can target a higher longer-term margin where, you know, as we said before, we think that given our business model, the fundamentals remain strong. We think that there's definitely a possibility for us to get our margins back up to that 40%+ in the longer term. For us to do that, we need to be able to accelerate the growth momentum, and we're planning to execute against that this year.
Okay, great. You know, certainly an elevated threat environment. You mentioned the free 30-day Web Application Scanning trial around Log4Shell in December in the prepared remarks. Just curious around the reception of that free service, you know, that drive new customers. Maybe more generally, you know, was Log4Shell, was that something that benefited the Q4? Maybe, you know, does that persist through 2022?
Yeah, I can take that. I think, you know, as you've seen with some of the services we have released throughout the year with the ransomware or even SolarWinds earlier, our focus generally, and as you heard in the prepared remarks as well, our focus generally is first to create a solution that will help the customer base, existing customer base, other non-customers, their ability to really protect themselves. That's why we also released open source tools this time that were not targeted specifically at our existing customers.
Our goal definitely is to show the capability of the platform and how quickly we can spin up a new service and how quickly the customers, in the case of Log4Shell as an example, can sign up and start getting value out of a cloud-based solution where they can sign up and start using the web application scanning to detect this in a matter of minutes or hours. The way we look at that is that that generates engagement with the various customers and prospects. It gives them the opportunity to experience the capabilities of Qualys. That doesn't necessarily mean that they are at the point immediately within that time frame for changing their existing solution or acquiring a new solution.
It does help us create that engagement, which since it's a displacement focus for them that they are ready to have experienced the Qualys capabilities when their existing products may come up for renewal, et cetera. I think we look at that as more of a engagement strategy that allows us to have multiple points of engagement and be able to quickly show the capabilities of the platform, not just on the endpoint, but also on the web applications, as an example. Definitely Log4Shell really highlighted how critical it is to have a really professional vulnerability management solution. More importantly, it also highlighted that customers, it's not just a vulnerability management solution.
They needed the ability to have a solid asset inventory to track, as an example, the list of software that contained Log4Shell that was released by CISA, that people should focus on. That ability on the platform can not only detect a vulnerable instance, but also provide asset inventory and patch management as a way to get remediation done in a broader scope, and then using EDR on the same platform to track if some of those exploits were actually being executed. I think that's the engagement and the power of showing the multiple capabilities was important. I think in Q4, I would say that a lot of we were very focused on helping our customers who were really at that point scrambling to respond to that.
You know, we were able to detect millions of these vulnerabilities on customer environment and help them with seeing where they are. I would say it helped a little bit, nothing material, I would say. It helped with just some customers who wanted to maybe acquire some of these licenses that they were looking for quickly. I do think that in 2022, it's not just specifically to Log4Shell, but I think just the elevated conversation around Log4Shell and ransomware and PwnKit has created conversations that we think are favorable in terms of customers looking at a vulnerability management remediation, and a threat detection platform going into 2022.
That's great. Thank you.
Thank you. Our next question comes from Yun Kim of Loop Capital Markets. Your question, please.
Thank you. Sumedh, Joo Mi, congrats on a solid quarter and a positive guidance. Good to see that business momentum is building here. Sumedh, obviously, you're benefiting from the VMDR upgrade cycle within your installed base, that's driving that additional attach and whatnot. It looks like that's tracking very well. Can you talk about at least qualitatively the velocity and perhaps the timing of the expansion once the customers upgrade to VMDR and whether it is more driven by usage or additional attach of additional products? Should we continue to expect the expansion rate improving as more of your customers are on VMDR? Thanks.
I think it's a mix of different things. Some customers, as they see the value of VMDR, will, you know, increase the licenses for VMDR. The others, as they have deployed the agent, see the value in the remediation. Some of them, when they look for Patch Management, others, they have compliance requirements, and they look at File Integrity Monitoring. I think the advantage that I see is because we have so many different capabilities on the platform, we're able to meet the customer where they have the need in that particular quarter, from their business needs perspective, what is driving maybe in that quarter, they're being driven more for Patch Management. In another quarter, they may be driven or some other customer at the same quarter may be driven by compliance needs, et cetera.
I think we look at it more holistically, in terms of that, our fundamental belief that, VMDR is a very powerful capability, and the single agent will have customers looking to see opportunities to consolidate their existing tool set. And so we're encouraged with some of the initial momentum that we're seeing, and we're gonna continue to track through that and make these capabilities available for customer to meet them where their needs are rather than, you know, sort of only focusing on one thing or the other.
Okay, great. I mean, has the timing, you know, between the initial upgrade to VMDR and then the additional purchase once they're on the platform, has that timing between the two events, you know, shrank a little bit over the almost two years now, or has that not necessarily changed? You know, if you look at the cohorts of the first wave of customers who upgraded to VMDR, what is their expansion rate in the second year or second year? Yeah.
Yeah, like I said, I think we focus on it holistically. I don't think there's anything material there to talk about right now. But I think, you know, we continue to see the conversations of the platform consolidation driving, you know, even the initial desire to move to vulnerability management is the future ability to expand into these additional capabilities with this platform is one of the drivers there. We continue to see that more.
Yeah.
Okay, great.
Just to add a little bit of color, Yun. You could see that the magnitude and the speed of adoption is much faster than what we had anticipated, with 36% of our customers now having VMDR, and it hasn't been that long since we launched VMDR. The VMDR contribution of total bookings is now nearing 50%. Given that, what we're looking at is on a holistic basis, I think you could tell by the net dollar expansion rate that we shared. It's 108% up from 103%, and I think that, you know, that's partly definitely driven by our strategic move in launching VMDR and the attributes and the value proposition that our customers understand and recognize.
Okay, great. That makes sense. Julie, just kind of going back to your answer to Eric's question earlier on, is there a way to kind of look at how the mix between new and existing customers have trended, especially since the introduction of the VMDR?
We're seeing that, you know, in 2021, I think that the acceleration and the momentum in the bookings growth, and that had translated into revenue growth, was primarily driven by existing customers. However, with that said, new bookings did better than what we had anticipated as well. So all in all, we're seeing multiple different levers and signs that the business itself is turning around. If you're taking a look at whether it's from an average deal size increase for both new customers as well as existing customers. Upsell as well as the retention is higher for existing customers. Looking ahead in 2022, we think that the material impact to our bookings and our revenue could be driven by new customer land.
We're really focused on gaining market share at this point, and added investment in sales and marketing will help with that.
Okay, great. Then in terms of your revenue guidance for fiscal year 2022, should we expect fairly linear growth throughout the year? Or, you know, how should we think about what we just saw in Q4, or this past quarter, in terms of a strong sequential ramp in Q4?
Yeah. If you take a look at our revenue growth, it's always lagging, right? If you take a look at our, I think, current billings to revenue is a good indicator. For example, last year on an LTM current billing basis, even though our current billings trended upward from 8% to 13%, 16%, ending the year strong at 18.5%, taking a look at the revenue growth, it was 12%, 12%, 13%, and 16%. Our guidance for Q1 is 16%-17%. We expect that kind of trend and momentum to continue. It won't have a material impact in terms of the revenue acceleration, the momentum, since the revenue guidance for the full year is 17%-18%.
Thank you. Our next question comes from Andrew Smith of Berenberg Capital. Your line is open.
Hi. Just with regard to the step-up in investments for fiscal year 2022 to further that growth, I've heard the comments on increasing quota-carrying reps in digital marketing to drive new sales, and I believe you also briefly mentioned investments in the channel too. Can you just break out how you're thinking about that investment? Is investment in increasing quota-carrying reps a higher priority at the moment than furthering investment into the channel? Thanks. Yeah, I think it's. I mean, again, we look at it holistically.
I think we're decided to really invest broadly across the board in our people and talent with a focus on sales and marketing and so quota-carrying sales folks, digital marketing, even investment in product management to help with sales better sales enablement so we can increase the productivity for our sales reps. Overall focus on new logo acquisition and the investment there, as well as partnerships and also investing in solution architects as customers deploy multiple different solutions, having additional technical help that can help do the proof of concepts, et cetera. I think it's a broad-based approach for us to invest across the board within the company and including acquiring and retaining the right talent.
As you see, we continue a lot of organic development on the platform as well. We're not just in essentially a maintenance mode or something. We continue to invest in R&D and product management as we bring out newer solutions like XDR just came out. CyberSecurity Asset Management came out about six months ago as a brand-new solution. You know, we have additional things that we're focusing on with cloud EDR with the rest of the year. I look at it as more as a broad-based investment that includes focus on sales and marketing.
Got it. Thank you.
Thank you. Our next question comes from Brian Essex of Goldman Sachs. Please go ahead.
Great. Good afternoon, and thank you for taking the question. Maybe Sumedh, I know last quarter you noted a partnership with Red Hat OpenShift, and I was wondering, you know, how the traction has been with that, particularly given Log4j and impact to perhaps some, you know, open source platforms.
I mean, I think if you look at Log4j and the detections that we talked about with millions of detections across the board, I think it was not specifically concentrated just on OpenShift. However, what it also highlighted is that Log4j did not impact just your traditional servers. It impacted endpoints, and it impacted cloud and container environments where we have that partnership with Red Hat. The early adopter customers who have been leveraging that, you know, I think they got a better ability to detect something like Log4Shell in a closed environment, like Red Hat OpenShift as an example.
You know, it is something that we saw broad-based across the board in many different infrastructure that we were able to discover Log4Shell, including the containerized environment as well. That's sort of where the customers see the value of a platform that's bringing all these different capabilities because those customers who are on OpenShift were also at the same time trying to figure out all their endpoints, all their cloud resources, everything that had Log4Shell. We were able to show that to them in a single pane of glass instead of just you know one aspect of the infrastructure.
Got it. Super helpful. Thank you. Maybe, Jimmy, just as we're fine-tuning our models for the guidance, you know, just kind of baking in, I guess, what the implied impact is to net income and operating margins, and I think that'll be probably offset by deferred revenue growth. How should we think about free cash flow margins in light of the investment ahead? To what extent might, you know, billings and deferred revenue offset some of the spend as you have kind of a timing difference there from a revenue recognition perspective?
Yeah. In terms of the free cash flow, we anticipate lower relative to EBITDA margin than the prior year just because we do have increase in cash taxes that we anticipate paying. I mean, with that said, we don't know what's going to happen with the tax reform, but that's one lever. The second lever is because of the new tax legislation that's going into effect in 2022 and the mandatory capitalization of R&D expenses, we do see some pressure there. As well as the increase in CapEx spend, we are guiding to $25 million-$30 million this year. Obviously, if there's additional incremental bookings acceleration, there's additional pressure on CFO. It might actually be higher too.
With that said, all in all, there's no change in terms of our overall billing and deferred, like that deferred revenue that we anticipate this year. There might be a little bit of pressure, but not significant.
Okay. That's very helpful. Thank you.
Thank you. Our next question comes from Hamza Fodderwala of Morgan Stanley. Please go ahead.
Hey, guys. Thanks for taking my question. Before I begin, I just, Sumedh, I just wanted to congratulate you over the last year, taking on CEO and the accelerating momentum that Qualys has had.
Thank you.
Jimmy, maybe a question for you. Do you think this is sort of the final reset, if you will, for Qualys in terms of the investment year? Because clearly, you know, you've got line of sight now into 20% revenue growth. Seems like you have the sales leadership. You've got the strategy here. Do you think this will be the year where margins finally bottom? And if so, where do you see them bottoming? I remember last year you mentioned 40% EBITDA margin was sort of the floor that you were looking at. It seems like this year is gonna be lower. Where do you see that bottom?
Great question. I am hesitant to say the bottom and the timing of it in light of the current report that just came out. I think that last year when I had talked about I don't see a reason why we couldn't maintain EBITDA margin above 40%, I don't think any one of us expected the inflationary pressures that we're seeing right now with the latest CPI report coming out at 7.5%. One of the things that we are keeping in mind is we feel that we're very fortunate and that we have a very strong, highly profitable and sustainable model. What we have baked into the guidance is a wage adjustment in light and given that it's increasingly important for us to attract and retain top talent.
Just to give you a little bit of color on this is without this change in the macroeconomic trends, I think that our guidance would have been 40%+ on the EBITDA margin. With that said, we are planning to invest outside of that in sales and marketing, R&D, as well as customer support and operations. You know, if we see the ROI where that actually gives us a return that we think makes sense to further accelerate momentum in 2023 and 2024 onward, we could have margin kind of continuing on in the high thirties or even potentially lower, but it would have to make sense and it would have to be justified from a growth perspective as well.
I hope that gives a little bit of color, but I think for right now, this is what we have planned that we think that makes sense to maximize shareholder value.
Got it. Maybe as a follow-up, Joo Mi, on your earlier comment about VMDR. It's almost 50% of your bookings now, and you talked about the higher net retention. Are you in this phase where the customers who may have bought VMDR at a heavily discounted rate or perhaps, you know, even bought it for almost free, you're now going back to that renewal base and saying, "Hey, you know, you found value from the solution. We're now going to true up that price to what the actual value that's being delivered?
That's not how we're approaching it, and that's not the discussion that we're having with customers. We really think of it as a relationship and a partnership. How we're approaching it is when they recognize the value, they're actually increasing the Cloud Agent deployment and more prone to purchasing additional solutions as well as increasing their spend in VMDR itself. If you take a look at our bookings trajectory and our revenue guidance, that does take into account what we're seeing right now, based on that. I think that because of that, we're really optimistic about the potential re-acceleration and the momentum that we're seeing.
Okay. Thank you.
Thank you. At this time, I'd like to turn the call back over to Sumedh Thakar for closing remarks. Sir?
Thank you very much. In conclusion, as we enter 2022, we remain excited about our opportunity to drive durable top-line growth while leveraging our highly scalable model to maintain industry-leading profitability and margin expansion in the future.
This concludes today's conference-
Thank you. Sorry, I just wanted to finish the rest of it. I had to change, turn over my page. Thank you all for joining today. I wanted to briefly reiterate that we believe the future of Qualys of cybersecurity depends on a single unified platform driven by solutions designed to solve key IT and security and compliance challenges. We're entering 2022 with strong momentum to accelerate growth along with a balanced approach to profitability. We look forward to sharing continued progress in coming quarters. Thank you.
This concludes today's conference call. Thank you for participating. You may now disconnect.
Goodbye.