Ladies and gentlemen, thank you for standing by and welcome to the Qualys's First Quarter 2022 Investors Conference Call. At this time, all participants are on a listen only mode. After the speaker's presentation, there will be a question and answer session. To ask the question during this session, you will need to press star then one on your telephone. If you require any further assistance, please press star then zero. I would now like to turn the conference over to your speaker for today, Blair King, Investor Relations. You may begin.
Thank you, Tawanda, and good afternoon and welcome to Qualys' First Quarter 2022 earnings call. Joining me today to discuss our results are Sumedh Thakar, our President and CEO, and Joo Mi Kim, our CFO. Before we get started, I'd like to remind you that our remarks today will include forward-looking statements that generally relate to future events or future financial and operating performance. Actual results may differ materially from these statements. Factors that could cause results to differ materially are set forth in today's press release and our filings with the SEC, including our latest Form 10-Q and 10-K. Any forward-looking statements that we make on this call are based on assumptions as of today, and we undertake no obligation to update these statements as a result of new information or future events. During this call, we will present both GAAP and non-GAAP financial measures.
A reconciliation of GAAP to non-GAAP measures is included in today's earnings press release. Finally, as a reminder, the press release prepared remarks and investor presentation are all available on the investor relations section of our website. With that, I'd like now to turn the call over to Sumedh.
Thank you, Blair, and welcome everyone to our first quarter earnings call. Building on our momentum, we are very pleased to report a good start to the year, reflecting another quarter of continued revenue growth acceleration and strong cash flow generation. Beyond these headlines are several encouraging market trends and notable business highlights. Strong market dynamics and continued competitive differentiation are fueling our growth. We believe the continued increase in the attack surface, coupled with the growing concerns over cyberattacks like ransomware and cyber warfare, is pushing organizations around the world to shed outdated siloed security and compliance systems and move to integrated security platforms to reduce their risk and response time as they future-proof their security architecture.
Qualys researchers recently conducted a study on the widespread Log4Shell vulnerability, which included analyzing billions of assets and trillions of data points indexed on our platform, highlighting the complexities of the current threat landscape. Not only did organizations have to immediately assess their asset inventory and get a real-time view of their own and third-party vulnerable software, but also have to move at lightning speed to patch and mitigate the issues in a matter of hours. Our study showed that organizations took an average of 17 days to remediate this vulnerability, leaving them vulnerable to attacks during that period. At the same time, they also had to monitor their assets for compromise attempts and respond without delay.
Qualys Cloud Platform's unified approach of bringing asset inventory, vulnerability detection, Patch Management, and EDR together in a single agent was greatly appreciated by our customers in helping to reduce their exposure significantly compared to siloed toolset approach with multiple point solutions. Additionally, as shown in the study encompassing more than 150 million scans globally, over 50% of vulnerable Log4Shell software was also end of life, again highlighting the strategic visibility provided by Qualys' integrated CyberSecurity Asset Management capability that allowed our customers to understand their technology debt and its impact to their security for proactive risk reduction. We believe we are uniquely positioned in this market with our ability to provide innovative, comprehensive, and integrated products using a single agent approach for speedy detection and response.
Given the opportunities ahead, we continue to prioritize investing in our business, especially building our go-to-market team, where we expect to see double-digit growth this year despite the challenging hiring environment given the tight labor market. In Q1, Cloud Agent subscriptions grew 26% year-over-year to $77 million purchased over the last twelve months. There was also a steady adoption of our Vulnerability Management, Detection, and Response, or VMDR solution, which is now deployed by 40% of customers worldwide. These results continue to validate our security consolidation approach and the power of a single agent as customers transition to VMDR. Our growth this quarter speaks to the commitment customers are making to the Qualys Cloud Platform.
The customer stories I will share with you today underscore our success with customers of all sizes in their respective journey to uniquely unite asset inventory, threat detection, and prevention into a natively integrated cloud-based platform that remediate vulnerabilities much faster than alternate solutions. I'll start with an existing U.S.-based Fortune 200 customer who entered into a new agreement with us to expand their VMDR and Patch Management deployment while adding CyberSecurity Asset Management capabilities spanning on-prem cloud and container environment. The ability to significantly enhance their security program with high-quality asset context, CMDB integration, alerting, and accurate response capabilities on a single integrated platform stood out among several competing solutions in the market today. The next example is of a new customer that started with CyberSecurity Asset Management, VMDR, Patch Management, and Multi-Vector EDR as part of a strategic initiative to transform its IT security architecture.
This customer chose Qualys because we offer the only security and compliance stack available in the market today that utilizes a single agent to enable full asset visibility and context-aware mapping to prioritize vulnerabilities, proactively reduce technical debt, automate patching, and continuously monitor endpoints to defend against future malware and ransomware events across multiple environments. Finally, in another new logo win, a Fortune 1000 customer selected VMDR along with Patch Management. This customer consolidated two vendors to significantly reduce complexity and legacy IT costs while uniquely leveraging automation in its security and compliance operations. The speed of vulnerability detection and remediation capabilities leveraging a single agent and a unified dashboard were critical factors in its purchasing decision. This is also a good example of how we are benefiting from the investments we are making to onboard new channel partners to win new business opportunities.
We believe these new wins and expansions illustrate that our natively integrated cloud-based platform and single agent approach is increasingly resonating with customers ready to re-architect and consolidate their security stack. Leveraging our technical leadership, we are also better partnering with our channel as part of our go-to-market initiative. In fact, we recently launched new partner programs designed to further drive our new business logo wins worldwide. As I've said before, our goal is to remove friction for customers to make product expansion simple and hassle-free. A customer who may currently use only VMDR has the ability to trial and adopt our other applications at a click of a button. Executing well against this agenda, we recently introduced our next major upgrade to our Multi-Vector EDR solution. This natively integrated solution in the Qualys Cloud Platform further leverages our single agent approach for enhanced threat hunting and risk mitigation capabilities.
Unlike traditional EDR products focused on detecting threat activity on the endpoint after the threat has already landed, Multi-Vector EDR 2.0 unifies multiple context vectors, including asset criticality, vulnerability, and system misconfigurations associated with threats, as well as patching to reduce mean time to respond. We are pleased to have completed the most recent MITRE ATT&CK evaluation for the first time, shoulder to shoulder with existing EDR players, and more specifically, achieving impressive results. We believe that for existing customers already utilizing our VMDR solution, the added capabilities of Multi-Vector EDR 2.0 will uniquely reduce the volume of incidents, extend prediction and prevention capabilities, and further strengthen our customers' cyber resilience.
I'm also very pleased by the early adoption of this product from a handful of our customers since its introduction in early April and excited by the positive feedback we are receiving for this new upgrade. Looking ahead, as a leader in security and compliance solutions, we continue to invest in Qualys Cloud Platform to further differentiate our automation detection and response capabilities. More specifically, we'll expand on our robust capabilities in cloud, container, and ICS/OT environments to further strengthen our competitive differentiator as customers increasingly move applications to cloud and containerized environments. In summary, we are delivering solid financial results and building strong business momentum in the market as companies uniformly recognize security transformation is fundamental to combating today's heightened threat environment.
As a result, customers are increasingly looking to reduce their risk exposure through the adoption of a natively integrated security platform instead of relying on a collection of disparate point solutions. We believe that with our organically integrated cloud-native platform built to solve modern security challenges, Qualys is uniquely positioned to capitalize on this long-term sustainable trend and drive shareholder value. With that, I'll turn the call over to Joo Mi to further discuss our first quarter outlook, results and outlook for the second quarter and full year 2022.
Thanks, Sumedh, and good afternoon. Before I start, I'd like to note that except for revenue, all financial figures are non-GAAP and growth rates are based on comparisons to the prior year period unless stated otherwise. We're pleased to report continued organic revenue growth acceleration and strong profitability, as reflected in the following financial and operational highlights. Revenue for the first quarter of 2022 grew 17% to $113.4 million, up from 12% growth in the year-ago period. We saw continued success in our land to expand engine with a healthy cross and upsell performance, driving an increase in our year-over-year and sequential net dollar expansion rate, which was 110% in Q1, up from 108% last quarter and 103% a year ago.
Our LTM average deal size continued to increase for both new and existing customers, with total average increasing by 17% in Q1, same as LTM growth in Q4 and up from 5% LTM growth a year ago. With accelerating demand for security transformation solutions and our strengthening market position, our Q1 LTM calculated current billings grew 22%. We believe the investments we've made in platform innovation and our single agent approach have enhanced our value proposition with customers and helped drive bookings growth over the past several quarters. This quarter was no different, and we're excited by the continued adoption of VMDR, with total customer penetration now at 40%, up from 36% last quarter and 24% a year ago. Continued adoption of Qualys solutions increased large customer spend, with 128 customers spending $500,000 or more with us.
This represents 17% growth from the year-over-year period. We attribute this success to our innovation strategy having resulted in strong product differentiation and market position. Our investments in building a unified cloud-based platform clearly resonating with customers. CIOs and CISOs are increasingly looking to phase out legacy point solutions in favor of a consolidated security and compliance platform due to increasing cybersecurity risks, the speed at which critical vulnerabilities are exploited, and increasing importance and priority of digital transformation initiatives. We remain focused on building a long-term business with durable growth and industry-leading margins. As a result, our scalable platform model continues to drive superior margins and significant cash flow. Adjusted EBITDA for the first quarter of 2022 was $54.3 million, representing a 48% margin. EPS for the first quarter of 2022 was $0.89.
Our free cash flow for the first quarter of 2022 was $71.4 million, representing a 63% margin. We believe we can continue to generate attractive levels of free cash flow while continuing to invest in the business. In Q1, we continued to invest the cash we generated from operations back into Qualys, including $7.6 million on capital expenditures and $46.6 million to repurchase 368,000 of our outstanding shares. We're pleased to announce that our board has authorized an additional $200 million increase to our share repurchase program. The resilience of our sustainable and scalable business model has been proven over time, as currently demonstrated by our continued strong earnings and cash flow generation at this time of uncertainty and volatility.
Leveraging our excess cash to continue to return capital to shareholders will allow us to mitigate our share dilution and drive shareholder value. Including $225 million remaining as of Q1, this provides approximately $425 million in share repurchase capacity. The weighted average diluted shares outstanding in Q1 was 40 million, down from 40.4 million last year. Shifting now to guidance for the second quarter and the rest of the year. Our strong start to the year continues to bolster our confidence in both our strategic agenda and business environment. With current opportunities ahead, we continue to believe that this remains the right time for us to increase our spend with an emphasis on sales and marketing to support long-term growth in the business. As I said before, this investment strategy is not about just adding headcount.
We're equally focused on enhancing our channel, accelerating digital marketing initiatives, expanding product management capability, and other sales support functions to further enhance both our value proposition with customers and mid to long-term sales productivity. Building off our strong start to the year, we are raising the bottom and top end of our revenue guidance for the full year to now be in the range of $484 million-$486.5 million, representing 18% growth. This compares to the prior full year revenue guidance of $482 million-$485 million. In terms of profitability, balancing a tight labor market with our anticipated investments of the year, we are raising our full year EPS guidance to now be in the range of $3.13-$3.17 from the prior range of $2.87-$2.92.
This revised guidance implies EBITDA margin in the low 40s% for the timing of our investments to be more back-half weighted. For the second quarter, we expect revenue to be in the range of $117 million-$117.8 million, which represents a range of 17%-18% growth. We expect EPS to be in the range of $0.78-$0.80. Our planned capital expenditures in Q2 is approximately $5.5 million-$6.5 million. For the full year 2022, we continue to expect investments in the range of $25 million-$30 million.
In conclusion, as we look to the balance of this year, we remain excited about our opportunity to drive durable top-line growth on the back of a large and growing market opportunity while leveraging our highly scalable model to maintain industry-leading profitability. With that, Sumedh and I are happy to answer any of your questions.
Thank you. Ladies and gentlemen, as a reminder to ask the question, you will need to press star then one on your telephone. To withdraw your question, press the pound key. Again, that's star one to ask the question. Please stand by while we compile the Q&A roster. Our first question comes from the line of Joshua Tilton with Wolfe Research. Your line is open.
Yeah. Hi, guys. Thanks for taking my questions. I just wanted to kind of start off on the hiring trends. Are you guys still on track to meet the targets that were baked into the guidance you gave at the end of Q4? And I guess I'm asking 'cause you mentioned investments will be back-half weighted this year. Is that by design or is it just 'cause you guys are kind of maybe behind schedule on some of those investments?
Yeah, I think, you know, we're seeing the same market challenges that everybody else is seeing from a hiring perspective in the current environment. You know, as we've been really focused on building out our leadership team, which now has really given us the ability to attract the right people in our sales and marketing. I think our sales and marketing engineer will talk more about that. We have made progress. I think, what we are looking forward to doing is really continuing that focus on hiring, so that we can continue to build out the team and look forward to having impact in the second half of the year.
Yeah. To follow up, we remain very confident in our ability to execute and drive growth. In terms of investment, it is by design. We knew that from the get-go that the investments will be more back-half weighted. On the hiring front, we are still targeting growing the sales and marketing headcount in double digits as we communicated last quarter.
Very helpful. Just a quick follow-up. Obviously, awesome outperformance and free cash flow in the quarter. Can you maybe just give us some additional guardrails into just how we should think about margins and how they should trend for the rest of the year?
Yeah. In terms of the margins, what Q2 implies is EBITDA margin in the low 40s% based on the non-GAAP EPS guidance. The first half, it'll be in the low 40s% versus the second half, it will probably dip below the 40%. Ending the year in the low 40s% is what we're projecting.
Thank you very much. Appreciate it.
Thank you. Next question comes from the line of Trevor Walsh with JMP Securities. Your line is open.
Great. Thanks for taking my call. A quick question around the new partner program that you rolled out. Can you give us maybe a little bit more context as to the impetus for that? Was it feedback from the partner community? Was it maybe a hedge around kind of, you know, if some of the hiring on the direct sales maybe doesn't come through that you kinda have that as a backup? Or can you just give us some more context, that would be great.
Yeah. Yeah, sure. We really got a lot of feedback from the partner community. I think, you know, we've hired an SVP focused on partnerships, really who's been working with our partners and understanding from them how we can actually take the platform that we really believe is superior and the ability for us to take that and figure out with our partners what would be a relationship that's beneficial to them and beneficial to us. With a lot of feedback, we've done a sort of a partner program, working with different types of partners, and then done an early preview with them, and we've gotten a lot of positive feedback. We do feel like we can leverage the relationships that the partners have with some of these organizations.
Of course, with the capability for the platform wins, that is something that we feel that we can focus and leverage our partners to really focusing on new business logo growth, right? Being able to leverage their relationships and then figuring out the right go to market with them is really the direction that we're taking now.
Great. Awesome. Maybe one more, if I can. For the new Context XDR rollout, I maybe have missed it, but in just some of the messaging that I'm seeing, for the network layer telemetry, are there any, are you looking to maybe partner with different providers or other vendors to get that piece of the puzzle or maybe doing that more organically with your own tool? Where do you see that kinda coming through, like, that piece of intel as far as, again, that network layer piece?
Yeah, that's a great question. You know, Context XDR really is about two main things. One is the organic sensors that Qualys platform already has built in with a combination of active scanners, API connectors in the cloud, our agents, and we also have passive network sensors that are part of our platform that are providing that network telemetry back to our platform.
However, one of the things with Context XDR that we have done is in addition to bringing all the context that our platform is already collecting across the board from an inventory and vulnerability and risk perspective, we're also expanding the ability for us to collect network telemetry and other types of log data from multiple different partners as well, so that we can provide a more comprehensive visibility in helping customers sort of reduce the number of things that they have to put together to get the context when they're looking at incidents that are happening in their environment. This sort of gives the ability for them to leverage the Qualys sensors for collecting network telemetry where it makes sense.
In other cases, if they already have deployed some other network vendors, we can also take the data from them and then provide the analysis on our platform.
Great. Thanks a lot. Appreciate the good questions.
Thank you. Next question comes from the line of Joel Fishbein with Truist. Your line is open.
Thank you. I just had a quick follow-up to that. Now that Context XDR is in GA, can you give us a little bit of color around how it's been tracking and how that space is actually developing for you guys?
Yeah. I think we feel good about the direction that Context XDR is taking as we have with any other new product launches. We're working closely with a few early adopters and getting additional feedback from them. We're gonna continue to enhance those capabilities, you know, similar to what we've done with EDR as well. We'll look forward towards through this year to continue to increase the adoption of that and getting feedback from the customer and this sort of a unique approach to bringing that Context XDR.
Great. Thank you.
Thank you. Our next question comes from the line of Hamza Fodderwala with Morgan Stanley.
Excellent. This is actually Keith Weiss sitting in for Hamza. In your prepared remarks, you talked about the heightened threat environment, and in particular, the conflict in Europe, driving sort of better demand signals. I wanted to just sort of clarify, is that something you guys are seeing in your business today that you think that's actually sort of driving sales, or is this just something a broader kind of the environment remains very good kind of for overall spending and security, but it's not as direct of an impact? That's kind of the number one question. Then on the broader platform, really nice kind of penetration trends in VMDR, looks like it's driving really nice growth for you on that consolidation play.
Can you remind us like how high, you guys think that penetration should get? Is there a theoretical kind of maximum of where VMDR customer penetration would go?
I'll take the first question. I think, great question. My comments around that are really about the environment and not necessarily about direct demand, as we've talked about this in the past as well. Our customers tend to look at these events when they happen more holistically in terms of taking a step back to see what kind of security program do they need to be able to avoid the potential incidents like this.
It's really what we're seeing is conversations happening with our customers when they're, you know, as I highlighted in some of the data points in the study that we did, that even with everybody all hands on deck for something like Log4Shell, it is taking an organization a long time to mitigate and patch severe critical vulnerabilities that are being actively exploited. The conversations with customers are more broadly about what kind of security stack consolidation potentially needs to happen so that they can reduce that time, reduce that exposure window, leverage more automation. You know, having siloed solutions or having vendors who provide five, 10 different platforms as part of their overall offering is not really helping them reduce that time to remediate.
What is encouraging is really that conversation that we see, which is the understanding that customers are having and pushing forward to looking at platforms like Qualys that are consolidating multiple capabilities. Obviously, we see the new business examples that we gave this quarter, last couple of quarters. We're seeing when we're getting new customers come in, they are looking at more of an architecture, overall architecture, rather than looking at how can I get another tool that is just giving me a big list of CVEs that I have to go figure out what to do with, right? How do we make sure that they are actually going to remediate those fairly quickly and reduce their exposure?
That's the conversations that we are having because in that environment, you see the risk there is it's a different world because every organization has to protect themselves from potential nation state and cyberattacks at their own expense. When they're looking to do that, they are looking to say, "How do I create a good stack that is modern and that actually can help me provide much more real-time visibility and remediation capabilities?
Got it. That's super helpful.
Yeah. With your second question on the VMDR penetration, it's been trending nicely up to 40% right now. I think that there is definitely more room for us to increase that penetration. Historically, our customer base has been such that, anywhere between 65%-70% have had VM solutions. I think that definitely we can see, VMDR penetration going up to 70%, and even beyond that, above that with customers who don't currently have a VM solution with us, we're seeing some adoption there as well.
Got it. That's super helpful. Thank you guys.
Thank you. Our next question comes from the line of Curtis Boulanger with Summit Capital. Your line is open.
Hi. Thanks for taking my question. You got some strong revenue growth this quarter with revenue from foreign markets up 25% year-over-year. I was wondering if you could provide some color on the key trends you're seeing internationally and how you expect these trends to play out for the rest of the year. Thanks.
We don't have a forecast that's separated out for, I mean, we're seeing a good momentum overall. If you take a look at whether you're looking at revenue or LTM current billing trajectory, we're seeing a lot of opportunities both in the U.S. and international. Obviously, on the international front, there's more opportunities just because we're less penetrated in those markets. We're happy with the growth that we're seeing in those regions.
That's great. Thanks.
Thank you. Our next question comes from the line of Yun Kim with Loop Capital. Your line is open.
Thank you. Sumedh, can you just give us update on how much of your business or your customers' usage is on hyperscaler environments like AWS and Azure and GCP? For some of your early adopters of your Context XDR, are they using it to analyze deployments on those hyperscaler environments? Yeah. We don't necessarily break out the usage from a cloud versus on-prem versus remote endpoint perspective. We have the adoption across the different aspects of IT environment. I think that's really the value that I think that the Qualys platform brings, is that we can actually bring your cloud visibility, your remote employee visibility, as well as your on-prem server environment into one.
Today, what we do see is, as customers are looking to migrate potential workloads from on-prem systems into the cloud, they feel Qualys has the right capabilities as a trusted partner to help them make the move rather than. We have capabilities in the cloud environment, so we have tons of customers who are running our agents in AWS, in Azure. We have the partnership with Azure, where there is an embedded Qualys capability in Azure environment if you take your workload. We're looking at cloud from multiple different aspects, working with existing customers to help them and be their partner as they're moving into the cloud and forming new security paradigm, as well as providing them more embedded capabilities directly through the cloud provider as well in some cases.
We're quite happy to see that the customers that see value in Qualys are usually, unlike most customers, they don't only have cloud. They have a large number of employees who are remote, who have cloud as well as who have on-prem. These, you know, with the early XDR customers, it's again the same thing is that when they're looking at threats and they're looking at exposure, that is not only in one particular environment. With the Qualys platform and our Context XDR being able to bring the visibility of not only maybe the cloud account that may be seeing some activity, but also that remote employee laptop, admin laptop, which may be accessing that cloud account. What's the posture of that particular asset? How do we see those together in a single platform?
That's really the value that I see that Context XDR brings and differentiates us from, what is out there, which may be very focused on certain environments.
Okay, great. Thanks for that context. Joo Mi, I have a quick question around contract length and billings frequency. Obviously you continue to see VMDR platform adoption. The deal size around those, I'm assuming it's getting larger. You know, just any trends that you're seeing around contract length and billings and any potential deviation between the current and total calculated billings.
Nothing to call out this quarter year. It's been, we did have a contract length that's been slightly over one year, and then that's remained the same.
Okay, great. That's it. Thank you so much.
Thank you.
Thank you. I'm showing no further questions in the queue. Ladies and gentlemen, this concludes today's conference call. Thank you for your participation. You may now disconnect. Everyone have a wonderful day.