Ladies and gentlemen, thank you for standing by, and welcome to the Qualys 4th Quarter 2020 Investor Conference Call. At this time, all participants are in listen only mode. After the speakers' presentation, there will be a question and answer session. As a reminder, today's conference call is being recorded. I would now turn the conference over to Mr.
Vin Rao, Vice President of Corporate Development and Investment Relations. Sir, you may begin.
Good afternoon, and welcome to Cordless 4th quarter 2020 earnings call. Joining me today to discuss results are Sumit Thakkar, our Interim CEO and Joo Mi Kim, our CFO. Before we get started, I would like to remind you that our remarks today will include forward looking statements that generally relate to future events or our future financial or operating performance. Actual results may differ materially from these statements. Factors that could cause results to differ materially are set forth in today's press release and in our filings with the SEC, including our latest Form 10 Q and 10 ks.
Any forward looking statements that we make on this call are based on assumptions as of today, And we undertake no obligation to update these statements as a result of new information or future events. During this call, we will present both GAAP and non GAAP financial measures. A reconciliation of GAAP The non GAAP measures is included in today's earnings press release. As a reminder, the press release, prepared remarks An investor presentation are available on the Investor Relations section of our website. With that, I'd like to turn the call over to Sumit.
Thank you, Will. Thank you, and welcome, everyone, to our Q4 earnings call. Before we discuss our financial results, I wanted to say a few words about the separate announcement we issued this afternoon. As you have likely seen by now, We disclose that Philippe Porto is taking a leave of absence due to health issues unrelated to COVID-nineteen. Please join me in wishing Philippe a speedy recovery.
In connection to this development, our Board of Directors has appointed me as the Interim Chief Executive Officer. As those of you who have been following Qualys know, I have been with Qualys for nearly 20 years. I was appointed Chief Product Officer in June 2014 to lead the transformation of our platform and appointed President in October 2019. I have been working closely with Philippe for many years and we share the same vision of transforming the way Our customers secure and protect their organization's IT infrastructure and applications with best in class cloud based IT security and compliance solutions. I have deep appreciation for the tremendous platform we have built and I'm honored to serve as Qualys' Interim CEO, I look forward to working closely with the Board and the rest of the Qualys team to continue building on our strong business momentum and driving the company forward while Philippe is out.
Now for my first task in this role, I will walk you through our earnings results for the Q4 and full year 2020. We are pleased to report another quarter of solid revenue growth And profitability. We also saw strong growth of our paid cloud agent subscription, which grew more than 80% over year $256,000,000 Very uniquely, our multifunction agent, lightweight cloud agent provides visibility Across the entire hybrid environment and is the underlying technology for a number of our IT, security and compliance solutions that are natively integrated on our platform. As a result, Qualys customers can deploy vMDR vulnerability management detection and response, multi vector EDR, Endpoint detection and response, policy compliance, file integrity monitoring, patch management, global ITSS inventory and our upcoming XDR offering through a single agent, which differentiates us in our industry. In addition, we continue to expand our platform's capabilities to take response actions, enabling our customers to respond quickly The security issues and their environment.
While the importance of vulnerability management for our customers remains high for them to be able to mitigate the risk, They also are looking for ways to quickly respond to these risks and threats. As these organizations continue to increase their focus on discovering all their Hi, great IT assets, mitigating the risk and detecting and responding to ongoing attacks. Qualys platform, through single pane of glass, Uniquely provides our customers ability to do a complete asset inventory and CMDB synchronization, mitigate their risk of breaches with capabilities like VMDR And Patch Management as well as at the same time detect and respond to attacks using our EDR and upcoming XDR solution. With the release of our container runtime protection solution and the new SaaS Doctor offering as well as our upcoming cloud response solution, We are now expanding similar capabilities in other infrastructure environments as well, giving customers additional opportunities to consolidate their security tools onto the Qualys cloud platform. In terms of our newer paid solutions, We continue to see strong growth for our Patch Management solution.
In Q4, a leading pharmaceutical firm Selected our Patch Management application over several competing solutions given its ability to easily and effectively patch remote endpoints Without using the limited bandwidth available on their VPN gateways, they chose Qualys because of our ability to discover Asset inventory, vulnerability management and Patch Management through a single agent. This quarter, we also saw strong traction For our paid global IT asset discovery and inventory application, with a large media conglomerate adopting the application to gain visibility Of all their known and unknown assets across multiple environments, identify the end of life of their installed software and synchronize with their ServiceNow CMDB. Finally, we again saw robust growth for our container security application With adoption from a large global IT services company that has already deployed our vulnerability management, Hatch management, global asset inventory, file integrating monitoring and EDR solutions further consolidating the security stack with Qualys. In terms of product innovation, we have continued to make strong progress on our product roadmap. Some key recent accomplishments include delivering a free 60 day integrated vulnerability management detection and response service to our customers And use the patch management capability to immediately fix their exposure with a single click using the same agent.
We also enhanced Qualys' container security response solution with the addition of deep visibility, runtime defense capabilities and automated enforcement with delivery of Qualyser and TAM Security. We recently introduced a brand new extension to our platform called SaaS Detection and Response, SaaS Doctor, which provides a single console for IT and security teams to gain Continuous visibility, security and compliance of critical SaaS applications like O365, G Suite, Salesforce as well as Zoom, the solution enables our customers to monitor the posture of They are users and applications that have access to critical data in their SaaS environment, helping bridge the gap between on prem as well as SaaS assets again through a single platform. We're also excited that we are expanding Qualys VMDR vulnerability management detection and response to enterprise mobile devices with the addition of cloud agent support for Android and iOS devices. As part of their digital transformation, organizations continue to leverage more and more handheld mobile devices And take appropriate response actions. This builds on top of our product accomplishments from earlier of 2020.
Key amongst them are shipping of Qualys Multi Vector EDR, which leverages the Qualys Cloud Platform and Qualys Cloud Agent To detect ongoing threats on endpoints, conduct threat hunting and take appropriate response actions, it further correlates Threats with vulnerabilities providing unique capabilities for proactive mitigation from additional breaches. We also released a comprehensive Inventory synced with ServiceNow, Service Graph and Configuration Management Database, CMDB, as part of the new Service Graph Connector program, new designation within their technology partner program. We launched with the strategic launch of VMDR early last year, which is a unique all in one cloud based application that automates the entire vulnerability management lifecycle across on premise Endpoints and cloud environment, bringing vulnerability management, threat prioritization and patching into a single end to end workflow with single agent. Looking ahead, we are enthused with the additional solutions that we plan to introduce in 2021. The XDR platform expansion, which seamlessly integrates and correlates data natively collected from all Qualys sensors with additional context from other third party data sources.
This powerful capability will let customers detect threats beyond endpoints. Qualys XDR will also orchestrate the various response actions and help our customers reduce cost and complexity of deploying and managing SIEM and SOAR solutions. This capability is currently in private beta with select design partner customers who have been working with us. We also plan to expand support for Patch Management for Linux environments, so customers with cloud agents on these environments can also add Qualys Patch Management To these additional devices, we will continue adding additional capabilities to our multi vector EDR such as endpoint protection capability, At EPB, as well as expanding EDR support into Linux environments, We are working on a major update to our passive scanning technology that will significantly expand our coverage of industrial control systems, operational technology environments as well as detection of IoT devices. We showcase these solutions at our very well attended QSC user conference, which was a 12 day virtual event held in November 2020.
Over 5,000 people across our customer base, partners, prospects, analysts and investors and the media attended the event and we received very positive feedback. The development of these native solutions at such a rapid pace is possible because of the massive investment We've made in our cloud platform and our strong engineering talent base with over 900 employees now in Pune, India. These new initiatives open significant incremental market opportunity for us. They also allow our customers To easily and cost effectively consolidate their stack of traditional enterprise security and compliance solutions, while providing them with a single pane of glass view of all assets across on prem, endpoint, cloud, SaaS and mobile environment. In terms of go to market, We are expanding our relationships with existing partners.
Our comprehensive platform with detection and response is becoming Increasingly strategic for MSSP Partners as they can now provide multiple services and easy of sales to their customers Instead of focusing large amount of resources on building such a scalable platform themselves, having to integrate multiple other point solutions. Given the increased breadth of our product suite and the launch of the MDR and multi vector EDR, we have now embarked on a few additional go to market initiatives that leveraged the efficiency and effectiveness of our cloud platform. This is a key element of our profitable growth Driving value for our customers and shareholders. Our go to market activities in 2020 included leveraging our cloud platform For lead generation with free services. As an example, we launched our free remote endpoint protection solution to help enterprises secure remote workforces By providing instant security assessment visibility and remote matching when it was difficult for them to do this using enterprise solutions over VPN.
We expanded our reach into China by establishing a private cloud platform with partnership with Digital China, the largest value added provider of integrated IT products, solutions and support for enterprises in China. We launched the Qualys UAE cloud platform in Dubai, which further expands Qualys' operations across these continents in that region. We extended our partnerships with Deloitte Advisory, where Deloitte Advisory partnered with Qualys To integrate VMDR and our multi vector EDR offering into Deloitte Hong Kong's cyber managed vulnerability services, ARMOUR, a global MSSP embedded Qualys VMDR into ARMOUR Anywhere, an industry leading cloud and security platform. Our partnership with ARMOUR also includes Qualys CloudView solution for compliance and security posture management of public cloud environments. We released cloud we announced Cloud Agent's general availability on Google Cloud, providing customers with a one click workload We have secured visibility directly in Google Cloud.
Additionally, we natively integrated our container security solution with Google Cloud Artifacts Registry. We expanded vulnerability management integration with Microsoft to also include Microsoft Azure Arc to allow customers to perform vulnerability scanning on servers outside of Azure platform. We partner with Infosys, a global leader In Next Generation Digital Services and Consulting to integrate Qualys VMDR and Multivector EDR into its CyberNEXT platform, a managed security service offering. While looking forward to 2021, we plan to meaningfully expand our sales and marketing efforts Given our increased number of solutions, including our game changing VMDR and multiretter EDR as well as upcoming XDR offerings. Similar to our efforts on the cloud platform, we are building a marketing platform.
We have recently hired a CMO and are expanding our marketing awareness initiatives On the sales front, we are expanding our quota carrying sales headcount, our technical account managers as we call them and have recruited And EVP of Field Operations for Americas, a VP of New Business for the U. S, VP of Strategic Alliances for System Integrators And VP and GM for our SME SME business. In addition, we are also planning to hire a CRO, Chief Revenue Officer this year. We will also continue to invest in R and D and operations as well as other support functions as we continue to We believe these investments will set us up well for long term and profitable growth. We believe the world after COVID-nineteen is going to be different.
Companies are going to be more focused on reducing costs while increasing business flexibility, which is going to significantly accelerate the transition to cloud based solutions. Increasing adoption of our cloud agent And our tasim scanning technology combined with the breadth of our solutions that span across the entire hybrid environment enables us to offer Customers' greater visibility, accuracy and scalability. This positions Qualys well to enable customers while also drastically reducing their overall spend. In conclusion, Qualys continues to clearly move well beyond vulnerability management and We are optimistic that the adoption of our newer solutions, including Patch Management on multi vector EDR, Container security and upcoming XDR, which solve meaningful problems for our customers, will provide us the opportunity to increase bookings growth over the long term. In summary, we believe that we are now well positioned to expand our revenues with existing customers as well as continuing to expand our customer base for the years to come.
With that, I will turn the call over to Jumi to discuss our Q4 financial results and the full year fiscal 2021 guidance.
Thanks, Sumed, and good afternoon. Before I start, I'd like to note that except for revenue, all financial figures are non GAAP And growth rates are based on comparisons to the prior year period unless stated otherwise. We're delighted with our increasing cloud agent subscription, which lays the foundation for future revenue growth and industry leading profitability. Our Q4 financial and operational highlights include: Revenues for the Q4 of 2020 grew 12% to $94,800,000 Looking forward, we expect Q1 2021 calculated current billings growth to be negatively impacted By the timing and amount of prepaid multiyear subscription as well as shorter duration invoicing, our average deal size decreased 3%. Excluding strategic alliance deals, which normalizes for the impact of channel customers coming off of an OEM relationship, Deal size increased 6%.
Paid cloud agent subscriptions increased to 56,000,000 Over the last 12 months, up from $15,000,000 for the 12 months ended in Q3 2020 And 29% of BM customers' mission. Excluding Strategic Alliance Steel, BMDR's adoption was 35% Good morning to Q3. Our scalable platform model continues to drive superior margins and generate significant cash flow. Adjusted EBITDA for the Q4 of 2020 was $43,400,000 representing a 46% margin versus 44%. Q4 EPS grew 13% and our free cash flow for the Q4 of 2020 Increased 27 percent to $31,900,000 representing a 34% margin.
In Q4, we continue to invest the cash we generated from operations back into Qualys including $6,900,000 on capital expenditures for operations, including principal payments under capital lease obligations And $34,800,000 to repurchase 352,000 of our outstanding shares. Looking back on the year, we are proud to have continued our product leadership, while meaningfully growing earnings and cash flow for our shareholders. In 2020, we released several new products, features and enhancements. Cloud Agent adoption grew over 80% From 31,000,000 Cloud Agent subscriptions to 56,000,000 we grew EBITDA by 23% and achieved record EBITDA margin of 47%. We utilized $126,700,000 of our cash to repurchase Approximately 1,300,000 of outstanding shares.
And finally, we grew EPS by 25%. We remain confident in our business model, driven by our foundation of nearly 100% recurring revenue and an expanding suite of applications. Looking to 2021, we are excited about the revenue growth opportunity from our newer solutions, including Vmdr, Patch Management and MultiVector EDR. We expect full year revenue in 2021 to be in the range of $399,000,000 to $42,000,000 which represents a growth rate of 10% to 11%. In terms of 2021 profitability, we expect to maintain industry leading margins, leveraging our highly profitable operational model, While preserving the ability to further invest to drive future revenue growth, we expect full year non GAAP EPS in 2021 to be in the range of 2.60 to 2.65.
For Q1, we expect revenue to be in the range of $94,800,000 to $95,400,000 which represents a growth rate of 10% to 11%. We expect non GAAP EPS in Q1 to be in the range of $0.58 to 0 point 7 0 dollars We expect Q1 of 2021 capital expenditures from operations to be in the range of $6,000,000 to 7,000,000 and full year 2021 to be in the range of $30,000,000 to $35,000,000 As Sumed mentioned, We are very excited by the robust adoption of BMDR to the launch of our multi vector EDR solution and remain optimistic about the company's future. We feel very confident during this period of uncertainty due to the value provided by our cloud platform as well as our underlying highly scalable a profitable operational model. With that, Smed and I are happy to answer any of your questions. Thank you.
Our first question comes from Daniel Ives with Wedbush. Your line is open.
I am just back to the business. Can you just talk about in terms of this environment that we're seeing across the board in terms of increased cybersecurity spend, Larger deals, both enterprise and federal. Just talk about where you guys are positioned there. I mean, is that something that you're seeing In terms of giving you increased confidence for the year? Thanks.
Yes. I think what we're seeing right now is that a lot of our customers, If you see some of the recent attacks, they are really looking at solutions that are going to help them Detect the issues quicker, faster and take response actions so that they can mitigate this because otherwise with the plethora of point solutions that are out there, it Takes a long time for them to be able to find the breaches that are going on or the misconfigurations that Security, which is the risk mitigation as well as the threat detection and response capabilities. We feel like our platform is well positioned for that In our conversations with our customers and when as I mentioned a couple of examples where customers are adding Capabilities of Patch Management to those agents that already have the MDR as an example or looking to add EDRs So that they can consolidate that agent and get to the point of getting the information across these different solutions quickly, They see the value in what we are doing and obviously as they look to ingest the Qualys And integrate that into their current environment, this is something that we work with them.
Some of it is part of the free services that we offer, so they can The value of the platform and what it brings to them. So we feel that The customers will be looking at a solution like Qualys essentially to consolidate their solutions, not just from a Perspective of spend, but also just being able to get to the issues for security quicker and faster rather than spending large amount of dollars on putting together these point solutions through SIEM, etcetera, and then having a lot of analysts having to Read through those to find the issues that they have.
Great. Thank you.
Thank you. Our next question comes from Eun Kim of Loop Capital Markets. Your line is open.
Thank you. Again, sorry to hear about Philip and before a quick recovery. Julie, quick question on the guide. It looks like based on your Q1 guidance and Guidance for the year, you are expecting a somewhat consistent year over year growth throughout the year of 10% to 11%. But shouldn't we expect to see VMDR adoption sort of being a tailwind to revenue growth at least starting the second half of the year?
Just trying to better understand if there are other dynamics to revenue growth that we're not thinking about?
Yes. So It's true that with the newer solutions, we're very optimistic about the EMDR patch management, even multi vector EDR, which is newer. So as far as the adoption of newer products and when it's going to translate into revenue is a bit uncertain. And historically, what we've guided With setting the annual revenue guidance, really we look at our current bookings and pipeline to inform our guidance. And because of that, this is The visibility that we have right now, in Q1, the guidance that we have is basically what we expect to achieve Based on the opportunity that we see ahead and then for the latter half of the second half of the year, it's a little bit too early to tell, but we thought that it was prudent To guide to the 10% to 11% growth for the full year.
And if I can add to that, Vmdr is definitely something that we See customers really asking for it, and we see that it takes them sometimes based on their environment to deploy a VMDR. But once they have that And which drives the adoption of the agent, we are seeing, as I give that example and also earlier in the year, we saw Some customers are able to move very quickly to add additional services within a couple of weeks. In other cases, customers do take time To integrate that into their security portfolio before they can then move on to additional capabilities so that VMDR forms the base for.
Okay, great. And Sumit, first, congrats on the CEO appointment. Clearly, the VNDR adoption is going well. You have the big SDR launch coming up. At least from the product perspective, you guys have definitely become a full platform provider now.
So the next step is your go to market and obviously the sales force ramp. In your prepared remarks, there's a lot of hiring planned, But can you give us some insight into how aggressive you are planning to add the sales capacity this year? And also, any update in regards to your
go to
market Plans in the hyperscale economy environment such as the Zio and TCP. And is that are those channels the hyperscale economy environment, that channel
Yes. So I think, first, to address on the sales motion, I think, As you saw, we've already started on the hiring. As I mentioned, we hired a EVP for Field operations in the U. S. And VP for new business in the U.
S, VP and GM for SME, SMB Business. And then as I mentioned, we'll also be hiring Chief Revenue Officer this year. And there's many other things that we're doing, so it's not just hiring as the sales People, of course, we plan to increase the count of our quota carrying sales folks. But in addition, we've also really Bolstered our marketing platform, hiring a CMO. We also hired a few heads of product VP of Product for Cloud and VMDR and a few of these other areas really to help Package better the platform, work with our sales team for better sales enablement.
And so a combination of all of those things is what we are optimistic about, We'll drive the expansion in the revenue. And I think that's really the strategy there In terms of just how we are going to proceed in the future. As far as the GCP and the Azure environment goes, I think that's A lot of it is about built in capability, and this is where our platform really quickly allows These customers who are moving into the cloud environment to be able to leverage not just vulnerability management, but Patching, in some cases, the cloud environments, hosting critical data like FedRAMP, they need the file integrated monitoring, they need ADR. So we are well positioned to provide those once they get the agent. So what we have focused with Google and Azure and everyone is the Back end integration of getting our agent integrated and you saw a couple of those announcements that happened in 2020, it is to get that back end integrated into their platform.
So then the customers who could be in and we see a mix sometimes it's net new customers who are looking to Quickly build a solution, they leverage the built in capability. In other cases, existing customers Do take a hybrid approach where they leverage Qualys platform for certain capabilities. They have the built in integration in Azure so that they And provide their end users quick visibility into what they need to fix, whereas the security team is then able to look The visibility of the overall security portfolio within the Qualys console. So we feel that as more organizations are Moving into more real cloud native rearchitecture of their solution, I think we provide a pretty robust Integration and also the opportunity to add more capabilities quickly because then that agent is seamlessly dropped So, onto those virtual devices running in those environments.
Great. Thank you so much for that detailed answer and congrats on the appointment again, Sunez.
Thank you.
Thank you. Our next question comes from Matt Hedberg of RBC Capital Markets. Your line is open.
And our thoughts go out to Philippe as well. You guys when Sunburst and SilverWinds hit, You guys had a lot of really helpful press releases out, sort of talking about the benefits of the Qualys platform. Obviously, it didn't impact Your Q4 revenue, but I'm curious if you could talk about has it aided pipeline generation? And I'd assume you're probably not including it in your guidance, but Just talk about if that's helping kind of the go to market pipeline initiative?
Well, it's a Sort of a 2 pronged approach, right? One is, obviously, we put out these services just like we did with the free endpoint security solution. We put these services out 1st and foremost to help our Existing customers get a handle of their environment, maybe able to use Modules that they don't have from Qualys right now haven't purchased, but then we were to use that to mitigate the risk. So when we did that 60 day free service around Solargate, We what was really unique is that not just where we providing the detection of these vulnerabilities that were part of the FireEye stolen tools, So, which we as we published was like in 1,000,000 that are out there. We also provided the ability for these Customers to leverage the Qualys Patch Management capability for free to immediately patch those vulnerabilities, right?
So that's the big difference that it's not just where you're saying, hey, you're on a scan and you see the findings. Where we focus on is, if you already have Qualys agent and you're not using Management here, we turn it on and within a few hours you're able to patch these hosts for these vulnerabilities and you can see the ease of use of that platform. And while obviously that generates additional lead and things like that, The goal there really for us is to establish that, let's call it, like a proof of concept or a credibility With our customers, help them see the ease at which that they can leverage the additional capabilities from Qualys once they already have a VMDR or if they can quickly move to VMDR and they And once that is established, that at the end of the day, that doesn't necessarily mean that the customer is immediately going to purchase that Solution, but what it does is that it creates the foundation for them to understand that they have a solution already in place that they can move Quickly, whenever there may be existing solution is coming up for renewal or replacement.
And so we look at it more as just creating that opportunity to Showcase to them the capabilities of the platform and as you know, we don't really push our customers to being the subscription service to buy, buy, buy Immediately, we really work with them on their schedule and their comfort. But the key there for the free services, which is a key part of our go to market, is just being able to Have that ability to showcase to them, hey, if you already have an agent within a couple of hours, you can see the ADR events for that on these critical systems.
That's helpful. And then I just wanted to ask or kind of dig into kind of core VM growth. Obviously, you're seeing a lot of growth. You talked about Cloud Agent subscription growth of 80%, and there's a lot of new products that are launching. But I guess my question is, with a 10% to 12% or a 10% to 11% guide this year, I mean, I kind of think of that as kind of like the VM growth rate.
Is there something that's suppressing VM a bit? I mean, is it a COVID headwind? Just trying to get a better understanding of how you're thinking about sort of the core growth. Obviously, you've got growth outside of that But just kind of core VM would be helpful.
Well, I mean core VM, really, we changed the game for VM last year, right, with VMDR. And so Where VM was really in the past just about can you throw me a list of CVEs has really been transformed by Qualys VMDR into A single capability which includes the prioritization and the ability to fix those issues as well. And so our and that's why you see the excitement in our customers Move to a vulnerability management solution that does all of those together in a single agent as an example, right? And But obviously, when they look at that and they want to move to that, it does they may have an existing A Patch management solution, a Patch management team that is different from the security team. So there is a process that they go through to work through with these customers And sorry, with their teams internally to figure out the right way where maybe they may in some cases they may start smaller for batch management in Certain areas in cases we see batch management is driving the VMDR sale as well.
In some cases, the customer takes time to Integrate VMDR into their solution and in last year we also saw in some cases we had a customer that was able to move to Qualys patching Because they already had the MDR for 250,000 assets within 2 weeks. So it's just different for different customers based on where they are Their journey, their environment. So in some cases, as we saw that with COVID, the remote endpoint need for patching drove Quicker adoption of Patch Management. In other cases, teams are taking longer to go through their process of implementing these solutions.
Thank you very much.
Thank you. Our next question comes from Talby Syafi of SE and Citi. Your line is open.
Yes. So thank you very much. Can you talk about the potential for the company to reaccelerate growth To the mid teens, I know you're waiting for the new products to ramp, but when they are ramping, Whether it's maybe later this year or early next year, do you think the potential is there to grow in the mid teens?
You'll see, look, we've really been focusing on, as you saw on the platform, right, not just the core VM and MDR, but also you saw some of the new services that we announced like SaaS and getting into additional environments. So what our focus has been is to Get that platform to the level where as customers are looking to consolidate maybe in a few months later this year, Early next year, whenever that is, that we have all of the capabilities lined up for them to be able to move into the Qualys platform. And so we are hopeful With all of these changes and that additional global market initiative that we have put in place, We are hopeful for an acceleration of growth in the next few years.
Okay. And also your percentage of VM customers up for renewal who renewed with Vmdr, I think it didn't really grow that much. It was like 35% adjusted, the same as last quarter. Why do you think it didn't grow? And where do you see that percentage going to by, say, the end of the year?
So I think we think that 35% is a good percentage of an adoption For our customers, especially when you have customers that are larger, so it really depends in that particular quarter what is the mix of customers that is up for renewal. So if those customers who have for whatever reason are going to take time to because as you see with VMDR, it's not just the vulnerability management It comes with additional capabilities like asset inventory and patch detection and a prioritization. So the customers need to also be able to ingest And that capability into their current security program and so that may need some resource on their side to line up maybe developers API calls, etcetera. So it just depends in that quarter what mix of customers comes up and what they are Ready to do, as you know, we don't really push, push, push on them to do it because it's a subscription based business. What we do expect obviously is that we've already had these people converted.
So as the next quarters come around, The conversions will build on top of the existing conversions that we've already done, right? So obviously, we see that through the next few quarters, We will see more and more of our customer base getting converted to the MDR.
Thank you.
Thank you. Our next question comes from Eric Topeka of JMP Securities. Your line is open.
Question and again, I send our best wishes for a speedy recovery for Philippe. The hiring, it sounds like you're going to step up hiring in sales, but my impression was that you've been hiring as quickly as you could in sales in the past. What are you going to do to accelerate your hiring efforts there?
Yes. So I think we've as you saw already in the last couple of quarters with the list of the key hires that we have done, We have already started on that journey to accelerate the hiring and the sales and marketing, right. So we have some Keep folks hired not just on the sales side, but also as I mentioned on the VP of product side who are going to help the sales enablement as well as bringing in the CMO and bringing in additional headcount on The quota carrying salespeople, but part of that, as I mentioned, right, we are also going to be hiring a Chief Revenue Officer who will Come in and have a focused approach towards accelerating our revenue and what are the various things that we can do in addition to these hires that we have done To do a better approach to our customers positioning our platform, positioning our portfolio And having them look at Qualys as an option to their existing security solutions. So that's really the direction that we are going And we've already started on that journey today.
And then how are you looking at Operating margin, if you in terms of longer term targets, are you going to be right now, you're in the upper 30s. Where do you think that your longer term target will fall if you're going to be stepping up some of your investments?
Yes. So I mean this year we set a record EBITDA margin of 47%. The way we think about it is, We really have the industry leading margins and where we're focused right now is better balancing growth with profitability. We don't see a scenario where we wouldn't Have the industry leading margins regardless. So what we've said before was, even with an increase in investment that Sumit just talked about in sales and marketing, R and D As well as customer support and operations and G and A, we think that our EBITDA margin at the end of the day will be above 40% range And that with an acceleration of revenue, which will come in turn following the investment, I think that we will still be have a really great profile and I'm very optimistic because especially with the traction that we've been able to make with hiring the sales leadership as well as marketing leadership, we Do you think that the acceleration will be happening on the hiring front as well as we have the leaders in place?
Okay. And you said it will be around 40 Percent or above 40% did you say?
Yes, it will be above 40%.
Okay, very good. Thank you.
Thank you. Our next question comes from Sterling Auty of JPMorgan. Your line is open.
This is Matt on for Sterling. Thanks for taking the question. You mentioned a few metrics, excluding a channel partner that churned off Your OEM solution. Just wondering if you could elaborate a bit more on that and if there was any impact to the quarter in terms of revenue and how is that affecting Your guidance for the next week? Thanks.
Yes. It's not a trend. It's actually just normalizing for channel customers who are coming direct off of an So for example, under our strategic alliance deal, we had one partner where it was OEM relationship That partner had multiple different customers at the endpoints and they decided to come direct. And so obviously that did impact The number of like renewal deals up for renewal in Q4. And so normalizing for that noise, it ended up being about 35% of VM customers who were for renewal in the quarter renewed into the MDR.
And if you take a look at on the dollar impact as well, it's Trending nicely, so it wasn't a negative impact at all.
Great. That's very helpful for clearing that up. Just a follow-up question. There's a big jump in long term deferred this quarter. We're just trying to see if could provide any additional color on that impact and should we kind of expect a higher level of long term deferred as an overall part of the mix?
Thanks.
Yes. So that's really driven by customers. So what we've seen is with the EMDR, we've seen that Average contract length has been trending up and that's actually demonstrated by the RPO disclosed in our 10 Q and then 10 ks. It's been going up and I think that's a testament to how our customers really see the value in our product. They're not afraid to sign up for more than a year.
And so that really drove the increase in long term deferred, but it's not something that we push on customers, like Smedes said. It's really up to the customer. And so if they're willing to sign up for more than a year, it's They lock it in, like lock the price in, it's better for them and that's reflected in our financials.
Great. Thanks, guys.
Thank you. Our next question comes from Yihan Paretsky of Northland Capital. Your line is open.
Yes. Thank you. So I just want to double click On the 1Q 'twenty one guidance, in the context of your short term billings growth of 12% And 10% for the full year, or maybe it was the other way around. Anyhow, it seems like Good billings on a short term billings basis. And excluding the The strategic relationship that you talked about, which is not affecting anything at all in reality, it just seems like I want to understand why are you guiding to a deceleration in revenue growth given the robust Short term billings that you saw in the most recent quarter.
Yes. So current billings tend to fluctuate. So if you take a look at Because we're a subscription based first, our revenue gets amortized over 12 months. So our current billings impact from earlier in 2020 is So, for example, our current billings grew by 7% in Q2, It's up to 8% in Q3 and then Q4 was strong in terms of 12%, but there are puts and takes, right? There are natural fluctuations.
And if you just take a look at the revenue amortization schedule, it ends up being that based on total revenue, which approximately 85% is already booked based on the prior Right. And so this is the visibility that we have right now ending the quarter or estimating the quarter will end at about 10%. And then the other factor that I want to highlight is typically Q1 is lighter just because of the number of days that gets impacted. So This quarter especially in terms of the year over year, we are losing a day and then the quarter over quarter we are losing And so that actually impacts our revenue guidance as well.
I see. That's helpful. And then Slide 15 is a Recurring slide that you guys have, but the data from there does look good. It does attest to increasing spend Due to the platform approach, is it possible that you're seeing elevated customer churn in the SME segment that that particular
Honestly, we've demonstrated we've seen very strong retention, strong growth. I think that what's really been impacted from COVID is new and Potentially upsell, but in terms of our retention rate, nothing significant has changed and we haven't seen a downward trend in both enterprise or SME and SME.
Okay. Thank you.
Thank you. Our next question comes from Hamzah Fodderla of Morgan Stanley, your line is open.
Guys, thank you for taking my question. And I'd also like to extend my best wishes to Philippe on a speedy recovery. Amit, Really trying to figure out kind of what assets are exposed. Can you talk a little bit about the prioritization Of that service specifically, I know you're not going to see anything in your pipeline right away. The attack just happened in December.
But I'm wondering in terms of your customer conversations and When you speak to customers, both SolarWinds, is that something that comes up a lot?
Absolutely. This is something that we're hearing a lot from our Because if you look at a little bit of the mechanics of the attack, I mean, there was the supply chain where the software came in, the Trojanized But then there was also lateral movement within the environment. There was lateral movement into the SaaS environment. So there was elements of 5 accounts that went back and forth between the email and the O365 environment as well as the AD That was in house. And so the first thing that everybody really stumbled on is to say, what do I have in my environment, right?
Where do I have The Stogenize Software, even before I get into knowing whether I have vulnerabilities or issues or not. And that's where that asset inventory and the For us to give them one of the most accurate views of their inventory within their entire environment that includes Assets that are managed and unmanaged, so with a combination of our agents and passive scanner, really that Conversation is coming up more and more and also leading into conversation about What am I running? Is there end of life software that I'm running? What do I need to do about that? What when where I find end of life software or trojanized Virgin, what assets is that particular asset speaking to in the environment?
So that's where The combination and this was the point I was trying to make earlier is that your first approach is going to be, well, I need to find and I need to Find if there is an impact, right? That's where your threat detection and response, which is your EDR, XDR solutions are going to come into play. Then I need to make sure that I'm taking all of the remediation actions to be able to make sure that I'm mitigating my risk by identifying other devices in the environment That may not be properly configured that can be leveraged for lateral movement, etcetera. And if you tie in our SaaS release that we just did, Which gives you the configuration of your O365 Zoom sales force, etcetera. So now you add this other element that also make sure that as Customers moving to hybrid environment, they're able to see a much more holistic picture.
The platform, definitely the starting point for all of that is that global asset inventory and The fact that it is bundled as part of the platform and that they don't have to go and get another solution to deploy for finding their inventory It's definitely helpful, and that's what we hear from our customers.
Got it. Thank you. And then just maybe a follow-up on go to market. You announced a number of sales leadership appointments, right? You're looking for a CRO currently.
I'm wondering, who was the de facto head of sales before? I mean, was it Felipe? And Also, do you think that this is a function of maybe of adding capacity? Or do you think that there has to be sort of more changes in the sales organization structure?
Yes, I mean, Philippe was the de facto head for sales. However, I was very involved working with Philippe On with the field as well. And I think it's a combination as we mentioned, right. So there's our model, we are very strong believers in our model of the hunters and the farmers. We're not changing that to go and push more and more where customers don't need products.
However, Bringing a CRO, bringing that leadership is going to help us find additional ways to focus on Where we can approach customers, which customers can we track for targeting for upsells, etcetera. So while there obviously there will be some changes in the way that the new CRO or the new leadership that is coming in It's looking to find, as an example, ways to have more of a connect with C level executives, right, so that we can Evangelize the power of the overall platform rather than just the vulnerability management approach that we have taken. So I think there will be obviously newer ideas We will be looking at and looking to implement. But fundamentally, what we have been working on, we do believe In that base and the power of that model.
Thank you very much.
Thank you. Our next question comes from Brian Essex of Goldman Sachs. Your line is open.
Good afternoon, and thank you for taking the question. And would like to extend my thoughts for a speedy recovery for Filip as well. Hope All is well with him. Maybe, Jimmy, I know that in the past you've talked about some hesitation about investing in sales Marketing and bringing on new reps in a period of economic volatility.
Maybe could
you talk a little bit about what you're seeing and maybe Suneet chime in
as well In terms of
what you're seeing, I guess that's different now that gives you a little bit more confidence that you can onboard reps and headcount in the sales and marketing Organization where they could ramp efficiently and they might be productive and they'll hit expectations?
I think and Jumi will obviously answer that part, but what I see right now is that A big part of this is more and more of our newer services are have matured and are Coming to fruition and our customers are adopting them and seeing that interest and the speed of adoption in the cases where they have the MDR already. So that obviously drives our thought process on we feel that if you look at file integrity monitoring, container security, patch management, Some of these things are really starting to show very good tracking With our customers and the upsell to them. And so I think that is also part of when we look at bringing additional leadership headcount Is where are we and how ready are our customers as well?
Got it. And maybe for Jumi, so helpful. Thank you for that. Jumi, if we think about the level of Margin contraction we'll see this year as you invest in sales and marketing and R and D. What is how should we think about The level of balance to growth and margin expansion going forward.
In other words, is there a framework that you're looking at In terms with respect to being able to deliver margin expansion after a year of or maybe call it recovery, and we might see better growth in 2022.
Yes. The way we think about it is, it's not something that we it's new to us, right? We've done it before because If you take a look at the company history, like for example, in our Investor Day, we show the CAGR from 2017. Back in 2017, our current billings 21%, right? And at that point in time, our EBITDA margin was 37%.
If you take a look at the EBITDA margin now, We're at 47%. And so you could argue that we could definitely do a better job in balancing growth with profitability. We should definitely invest more. And that margin expansion was really driven by the sales and marketing underspent relative to that point back in 2017. So in 2017, the sales and marketing as a percentage of revenue was 26%.
That is now down to 17%. With that said, given our scalable business model and our infrastructure and how we've grown, we don't think that we have to go up as high and that's why we think that our EBITDA margin will be above 40%, but we understand that a month or before if we invest more in sales and marketing that will return and translate
Thank you. I'm showing no further questions at this time. I'd like to turn the call back over to Suneet Takar for any closing remarks.
Well, thank you everyone for attending our earnings call and for all the questions, and we hope that you are safe. We really feel very fortunate to be Well positioned with our cloud platform in an environment where there still are a lot of point solutions that are focusing only on one aspect of Whether it's just EDR or just vulnerability management, today we really will work hard to build a platform That is providing multiple different capabilities now including SaaS Doctor and that with the VM Doctor with multi vector ADR SaaS Doctor forthcoming XDR solution, We continue to invest in expanding the capabilities of our platform and aggressively developing new solutions. Additionally, we are also focused on growing our
Thank you. Ladies and gentlemen, this does conclude today's conference. Thank you all for participating. You may all disconnect. Have a great day.