Okay, thank you everyone for joining us today. My name is Andy Nowinski, a software analyst at Wells Fargo, and for those that are on the webcast, this morning, we have Amit Yoran, CEO of Tenable, and Erin Karney, Head of Investor Relations, for Tenable. So thank you both for joining us.
Thanks.
We appreciate it. You know, why don't we start off just at a high level. You know, last quarter, I think it was a really solid quarter. Q3 was great. I think you saw some strength in, certainly in the federal sector and the public sector. Maybe that was a positive and a negative in that it did cause your billings to come in maybe a little bit lighter because they, they... I guess they're more on-premise or perpetual type licenses. But, how has the demand in that fed sector just remained strong? I mean, is that a big area for you this quarter and next?
Yeah, we've always been a very strong performer in the federal space. Historically, about 15% of our business comes from the public sector markets, and just about every federal department and agency, as well as a lot of states now and other governments, are Tenable customers. In the third quarter, we did see, you know, some very strong growth in our public sector business. Federal government, on occasion, does have a stronger procurement bias toward perpetual licenses. And so the nice thing is we saw strength in the market. There were strength in perpetual licenses, which Tenable recognizes over a five-year term instead of up front, so that caused a little bit of lightness in the calculated current billings.
We also saw a strong services component in our federal business, and part of that is driven by new product sales and new types of products. So in specific, we saw strength in the identity product in federal. We saw strength in the operational technologies products in federal. And so along with that, you know, which we believe to be precursors to much larger procurement, so a lot of architecture and services to help them determine how to operationalize this first phase of deployment as they contemplate a much larger product purchase in the upcoming periods.
Well, I definitely want to talk about identity and OT further in this discussion, but maybe if we talk about, you know, outside the Fed as the enterprise space, how has demand in the enterprise space been holding up or changing?
Yeah, we saw good demand in the enterprise space, in particular with large enterprises. And so the number of $500,000 deals at an all-time high, the number of $1 million plus deals at an all-time high. So a lot of strength in that very large enterprise, sophisticated customers, people with, you know, a strong understanding of the security market, thorough understanding of the competitive environment, and making very deliberate product selections around that. So felt really good about the enterprise. We did see some softness in the mid-market. And again, you know, our view is the mid-market is a little bit more susceptible to some of the macro trends that we're seeing, with budgets a little bit more malleable.
Yeah. So the sophisticated buyers in the large enterprise, and arguably the Fed as well, are still buying strong and still focused on vulnerability and reducing their exposure to risk, but mid-market, a little bit softer. Why? Is that just a lagging factor? Do you think the mid-market will catch up once maybe the macro improves, or maybe they get a new budget next year, that's when the mid-market picks up?
I do think that this is something that, you know, was not only observed by Tenable, but certainly observed by other software companies where, you know, they did see a slowdown in purchases in mid-market, you know, globally. In Tenable's case, you know, I think it's true certainly in the security space, where, you know, their budgets, they're under increased pressure, given the macro environments, and they're just much more sensitive to net new incremental spend. Again, our renewal rates remain exceptionally high. Feel really good about the business, the health of the business. Those net new customers and the expansion from existing customers in the mid-market was an area of softness for us.
Yeah, that's great. So maybe we shift away from the macro. You know, this morning on the, on the keynote, the speaker was talking a lot about... a little bit about the threat landscape and some of the, the changes in the threat landscape. He's saying, like, what, what do you... It seems like we're seeing a lot more ransomware attacks over the course of the last three months and maybe last six months, but it's really ramped up. How has that? Have you seen that having any sort of impact on, on buying patterns from your customers? Are they, are they more focused on, more cognizant of how AI can actually increase the sophistication of these attacks and the frequency of these attacks?
Yeah, well, I think. So AI is definitely a double-edged sword in the security space. So on the one hand, it increases the pace, the sophistication, and the innovation of the threat environment. And so the threat environment was, I would say, bad enough. It was pretty bad, even rewinding the clock a year or two. Now, as the attackers embrace more AI, they're able to do much more sophisticated attacks, to develop software, new exploits to vulnerabilities that would have taken them a lot longer to develop. They're able to use AI to do targeted spear phishing types of attack in much faster time sequence and much larger scale. Spear phishing has historically been relegated to really looking at key executives, key individuals with a high degree of access and permissions.
Now they're able to do it in large scale, leveraging AI, which, you know, as we see, the attackers and the aggressors, not having to worry about compliance and PII, are able to embrace AI in a much faster time sequence.
... it seems like with the threat environment getting so much worse, as you described it, and attackers becoming much more, not just sophisticated, but more, more effective and more powerful, like how could there be any softness, even these mid-market companies, why aren't they, why aren't they cognizant of the, the fact that the, the landscape is so much worse, and it could impact them, too?
You know, I think there is a recognition that the threat landscape is bad. I think for many mid-market companies which don't have the sophistication around cybersecurity, it's difficult for them to draw a direct correlation between, "I spend a dollar here, I see my risk go down. I feel that I'm better protected against this ransomware and that ransomware." And that's where the larger enterprises that are more sophisticated in their understanding, not just of, of threat, but security architecture, security designs, and how their security programs should work over a multi-year period, are just able to apply a much more disciplined approach, both to budgeting as well as their, their security programs, and it makes a difference.
I do think there's also a notable change, which we're just at the forefront of now, in what's driving or what we believe will be driving security procurements going forward, even beyond the threat landscape, and that's what's happening from a regulatory-
Mm
... compliance and accountability standpoint. And I believe we've entered a new era over the last six to nine months.
Yeah, that's a good, that's a good segue. I do, I do wanna touch on that. And actually, maybe before we get to that, if there is any questions in the audience, just feel free to raise your hand. You can ask a question. I'll have- I'll save some room at the end, and we'll- I'll repeat the question for those on the webcast. But as it relates to the, the... You touched on this regulation. So SEC obviously has some new regulation going into effect on January first, making, I believe requiring it, requiring organizations to disclose a material breach within four days, once they deem it to be material. And then second, we've seen in the news, you know, certainly I believe it's the SolarWinds CISO being held liable for breaches. So you've kinda got two different factors.
You've got this regulation they have to be compliant with, and then you have a CISO being prosecuted for a breach. Like, it seems to me like that would be a position I wouldn't wanna have. Like, it makes it... They don't have a lot of control over spending, yet they're being held liable for, you know, when their defense fails.
Yeah. There's, I think there, there's a lot to unpack there. I think from a regulatory perspective, the SEC language is very specific. There's this, this, you have to report material breaches within four days, so kind of aligning... It's, it's less about the four days, I think that's just aligning with 8-K filings. Otherwise, the security market was very much up in arms. You know, how, you know, how, how could we report within four days? At least within four days of determining that it's a material breach. So they're trying to align it with the rest of the SEC reporting processes that companies have to comply with. That is a part of, what the SEC, rulings were. The other two components were that you have to disclose what your, threat and risk management practices are.
So not down to the individual vulnerabilities that you may or may not have, but you have to provide some visibility to investors, both into the threat landscape you're dealing with and how you're dealing with it, what type of exposures you have. We believe, I believe, that insight must come from an exposure management program, vulnerability management being a key component of that. And a lot of the analytics that we drive outside of vulnerability management into cloud security and identities, and access permissions, and entitlements are a material part of what is required to comply with these new SEC rulings. And the other piece, of course, was you have to disclose what cybersecurity expertise exists within the management team of a company.
We think over time, that will hopefully raise the security capabilities, insights, and preparedness of that mid-market. I think the large enterprises, the highly regulated markets, the banks, the financial institutions, you know, I think they get it already, but there's this long tail of companies which are now on this forced road march to transparency. The second piece of your question, I think is really an interesting one, and that is that there's now a series of, you know, what I like to say, almost connect-the-dots of what's happening in enforcement when it comes to cybersecurity. This started almost a year ago with the Joe Sullivan prosecution by DOJ. And Joe Sullivan was the CISO of Uber, where he was under FTC investigation.
In the middle of the FTC investigation, there was another breach, and he did not disclose that to the investigators, and so he ended up being convicted of the actual conviction was interfering or with an investigation or not being, you know, providing all the details that were required. And so he was successfully convicted. And now on the heels of that, you're seeing two other actions from the SEC. One is the Wells notices, which occurred not only to the CISO, it was to the CFO and other executives at SolarWinds, and now this follow-on action specifically against the CISO for having known about specific vulnerabilities and risks to the business, and then talking about them in generic and theoretical terms in with investors and in public filings.
And so I think there's a real drive now from the SEC to transparency around cyber risk, and also on accountability. And so these are two egregious cases which DOJ and SEC have chosen to begin their enforcement actions around. But I think if you're connecting the dots, it's very clear that this is, you know, these are the first of what I believe over time, will be an increasing tidal wave of enforcement actions in cyber, and I believe will ultimately lead to a tailwind for our business, but more importantly, more responsible behavior on the part of corporations around cybersecurity.
Yeah, I certainly understand the accountability side. You know, you have the information, you're not disclosing it. But just getting the information in the first place and being transparent about it, I suppose you would need some sort of tools to do that, like a vulnerability platform that actually provides that visibility.
Yeah, as it turns out, you know, if you're relying on technology to run your business, you know, that cyber risk is a critical component of technology risk. And the conclusion is that not understanding your cyber risk associated with leveraging that technology is not okay, and I think that's the conclusion. So, you know, like you, I believe that could be very important both for the VM business as well as our broader cyber exposure and risk management business. So not just in vulnerability management, but what are you doing from a cloud security perspective? What are you doing from an identity and access controls and entitlements and permission standpoint to make sure that the data and the systems that you rely on to run your business and that your customer information is protected?
Just to close this out, are you aware of like... I read through a lot of the filings that they've disclosed in terms of, you know, what goes into effect January first. But is there a penalty? Like, what penalties if a company is not compliant with this regulation, what will they face? Or what are the repercussions of not being compliant?
Yeah, this is still, you know, where they're, you know, we shall see. But I think the early indications in the SEC enforcement and in the DOJ prosecution is that they're not taking this lightly. So I think as with potentially other filings which are incomplete or inaccurate or misleading, I think the penalties could be pretty severe and, and, and it will get the attention, and it is getting the attention of CISOs, of CEOs. In addition to Tenable, I sit on one outside public board, and I have many friends that serve on public boards, and this topic has pretty consistently, I should say, universally, among the people I talk to, have resulted in general counsel or outside counsel briefings to not just the Audit Risk Committee, but to the entire board.
This is something that boards are definitely paying attention to right now.
Seems similar to, like, GDPR when that went in place. It kind of took maybe one or two companies to get fined before people really started focusing spending on it. Maybe, maybe we'll see a, a company out of compliance fairly early next year. Do you think that would be a catalyst, I guess, just to get people more aware of why they need vulnerability management?
I do think, you know, the awareness is. You know, that war drum is starting to beat pretty consistently and pretty loudly, and certainly if there are more penalties, more fines, more enforcements, that will certainly increase.
Okay, so another. I want to shift topics. I know we when I was, you know, down at, or meeting with you earlier in the year, Tenable One was a big focus, you know, for your sales force, and, rightfully so. I mean, it's the complete platform. I think it was another bright spot in Q3. It was up about 100% year-over-year, so really strong growth in the adoption of the Tenable One platform and 20% of your new business, I think. So, I guess, how is. How would you... Obviously, great growth numbers, but has that kept up with your internal expectations from earlier in the year when you launched, the platform?
Yeah, we're extremely pleased with the progress we've made on Tenable One. You know, at Tenable, we have a sort of balanced approach. We obviously invest a lot in our organic R&D capabilities, building platforms like Tenable One, as well as doing, you know, having done a number of acquisitions over the last few years, including our Ermetic cloud security, full CNAPP capabilities. Tenable One is the data platform that unifies the data across Tenable's products and soon-to-be third-party products. So looking at not just your vulnerability information, your Active Directory and your identity information, the entitlements and permissions that those identities have, looking at your cloud-based environments and what the security posture of those cloud environments look like, and bringing that data together.
You know, we believe very strongly that security and understanding risk as it's been done historically, is ineffective. So it's kind of like you're looking at the security of your cloud environment almost through a soda straw and saying, "Okay, well, my cloud is secure or not secure, but because my S3 buckets are open or not open," and that's somewhat nonsensical. Yes, you need to close those excessive permissions, but your cloud environment is impacted by the systems and the permissions that the people connecting to that environment have. So if you have a DevOps person connecting to the cloud environment and they have excessive permissions, and they're coming in from systems that have lots of known vulnerabilities, security misconfigurations, other sorts of problems, your cloud security product may say you're secure, but in fact, that cloud environment is exposed to significant risk.
The same is true in operational technologies. If you rewind the clock and you look at the Colonial Pipeline breach, if you look at the JBS meatpacking factory, if you look at, you know, just about every breach of operational technology systems out there, power outages which have been caused, these things are not direct attacks against, and focused attacks only against control systems. In the case of Colonial Pipeline, it was ransomware, as you pointed out earlier. It was attacking an Active Directory environment and had fully compromised that, and then the decision was made to shut down the pipeline before, you know, some stronger, more catastrophic event could have occurred.
And so all of these technologies are interconnected, and we believe having visibility and unified reporting, unified analytics that we can deliver on cross-platform security risk management, we think is very compelling. It also allows us to drive to some of the economic requirements today, where we can deliver vendor consolidation through the Tenable One licensing and so on and so forth. So we think this is a strategic move for us as a company. We're seeing both our sales team and our customers really gravitate to it. In just, you know, one year's time, it's become our single largest-selling SKU, certainly in Q3, and accounted for about 20% of our net new sales, and now, you know, an increasing percentage of our install base.
Yeah, that was one of the takeaways this morning at the keynote. The speaker talked about how he's seeing more organizations, even small ones, consolidating and focusing on consolidating vendors. And it sounds like Tenable One is your play there to not just consolidate vendors, but also provide visibility across multiple environments and unifying and not necessarily consolidating, but unifying visibility across all these disparate environments?
Yeah, and it, it allows you to do better analytics. It allows you to have unified reporting. Your integration, with, with your ServiceNow, with your Splunk, with whatever SCCM or whatever enterprise platforms you use, you only have to do once across all the products. Your, security operation centers, your incident managers, all of your risk management talent, they don't have to learn nine different interfaces and nine different workflows. It allows you to get maximum leverage with your human capital. It's just a great operational impact as well in, in cost savings on multiple levels for customers.
So you mentioned Tenable One was 20% of your new business. What was the 80, the other 80% of the new business? What are those customers buying?
Yeah. You know, we have historically been very focused in the vulnerability management space, and if you rewind the clock six, seven years, I think you would have heard most analysts rightfully saying, "You know, all three market-leading vulnerability management vendors are substantially similar." We've continued to invest in vulnerability management. We believe it's a foundational requirement in cybersecurity, and we believe if we deliver excellence to, and differentiated experience to our VM customers, it opens up new opportunities for our business. So we've continued to invest in that, and as a result, our... You know, we've now taken over as, you know, the sort of pole position, if you will, as the largest VM vendor, largest customer base, largest revenue base, and continue to have very attractive win rates against our competitors.
One of the things that we talked about in Q3 was that in the third quarter, 44% of our sales were coming from products other than VM. So Tenable One, which we were talking about earlier, accounted for about 20% of net new sales. We had very strong performance in our cloud security business. We've seen strong demand in cloud security over the course of the last, you know, two years, and that's given us a lot of confidence to go out and make a sizable acquisition with Ermetic, double down on the demand that we're seeing.
We also saw strength in both the OT business and our identity, and we think there's a huge opportunity in identity in cybersecurity, where as the world goes, you know, borderless from a technology perspective, one of those fewer anchor points for security is identity. We believe we have a very strong play there between the Active Directory security product and the market-leading cloud infrastructure entitlement management technology, which we picked up with the Ermetic acquisition.
Well, let's talk about that. So, identity, OT, and cloud security are all three areas I think that are pretty interesting. And why don't we start with identity? A lot of, I think, the big breaches you've seen in the news between Caesars and MGM started with credential theft, low-level credentials that were... Then they escalated the privileges to do more damage once they got inside. How does Tenable play in the identity security space, and are you like, would you be competing against the likes of a CyberArk or an Okta on that end, or complementary to those tools, or?
Yeah, really complementary to those tools. So from Tenable's perspective, there's three fundamental requirements or capabilities that we bring to market from a, from an identity security perspective. The first is assessing the integrity of your identity store. So 90%+ of all enterprises rely on Active Directory, Microsoft technology, for the single source of truth for their identities. If you've ever been around technology or ever been around an enterprise, you know, IT environment, Active Directory is an absolute horrific mess. It is just a catastrophe from a security perspective, and this isn't just Amit's opinion... you know, every security professional will tell you this: It's difficult to secure, it's difficult to get your arms around it. So many pieces of software will add accounts, will hide accounts, will create relationships between things, will increase permissions.
And so over time, for any large enterprise, the complexity of maintaining the integrity of an Active Directory environment skyrockets, and it goes up exponentially as acquisitions and more domains come online, and you build relationships between these environments. So it's notorious. It's critical, and it's notoriously difficult to secure. Tenable brings market-leading technology to help people audit the integrity of the directory service itself. The second piece is in the entitlement management, so looking at what accounts exist, the permissions that are associated with those accounts, are they over-provisioned? What permissions are those accounts using and not using, should and how can you restrict those permissions? Because the abuse of excessive permissions is very frequently a primary vector, which is leveraged by, taken advantage of by threat actors.
And then the third is ongoing monitoring in indicators of attack when attackers go after an Active Directory environment, and it's usually target number one or number two, right? If you want to break into an environment, the first thing you want to do is escalate your privilege level, and then you want to create backdoors. You want to create persistence in the environment so that you can continue to operate even if the breach is discovered. So looking at those indicators of attack, where are folks escalating privileges? Where are they creating hidden accounts? Where are they creating system accounts? Those types of... and trust relationships, those types of activities to provide ongoing monitoring.
So those are really the key areas where Tenable plays, and it's a great complement for the privileged access management, the strong authentication, the provisioning and deprovisioning things that you would see from an Okta or a CyberArk, and, and those are great partners for us.
That makes sense. That's great. OT is another area you talked about. I think that's pretty interesting, that Tenable plays in. So you saw some strong demand for your OT products last quarter, particularly in some of the larger deals. Now, a lot of the firewall vendors that are here today as well, too, they talk about OT and saying you need a network sec- OT devices need to be protected by network devices because you can't put a software agent on them. They have to connect to some sort of hardware device. How does Tenable play in the OT space, and how are you better positioned than maybe the traditional firewall infrastructure approach?
Yeah, I, I'd say we're positioned as a great complement to-
Complement
... what they're doing. So, you know, as is the case with many things in security, there is atypically one vendor which can deliver or should deliver soup to nuts capabilities of what your requirements might be, and I think the same, that's certainly true in the OT environment. There are clear protections that you'll want to apply to OT environments. What systems can communicate with what systems, along what protocols, and on what applications, and what transactions can transpire at the network layer? What we're doing is similar to Tenable's role in traditional IT or in cloud environments or with Active Directory. We're coming in, and we're providing a very thorough audit of OT environments, so we're connecting to each one of these control systems, each one of these operational technologies. We're looking at how that system is configured.
We're downloading what else it's connected to, how it's connected, what are the parameters and settings of that, and we can apply change detection logic on it to see, okay, what is new being introduced to the environment? What are new connection points? What are parameter settings that are being changed in those environments? Where are there excessive permissions? And we can really do that thorough auditing of where things are vulnerable, where things have exposure that is misconfigured from a best practices perspective, and helping people tighten those environments down so they're less susceptible to breach. And it's a great... and, and providing that ongoing monitoring, and that's a great complement to the network layer protection that you'll see from firewall vendors.
I've got one more on the cloud security side, and then we can certainly open it up to questions in the audience here. But on the cloud security side, that seems like a pretty competitive market. You hear a lot about cloud security from a lot of the different vendors in the space, whether it's on the publicly traded side, you know, Palo Alto and CrowdStrike and Wiz and Orca and others. How would Tenable be competitive against those vendors and their workload protection solutions, or maybe in a different segment of cloud security?
I hate paying Gartner compliments, but I think Gartner's done a good job of mapping out what the cloud security market looks like and how they define CNAPP, the cloud-native application protection platforms. Now, you'll hear a lot of folks go out and market CNAPP. CNAPP is a very large suite of capabilities, which we believe over time will be integrated in a best of suite capability. In large enterprise, you'll also see best-in-class capabilities within CNAPP, where enterprises, banks will want to use one component for one requirement within CNAPP and another vendor's component for another. We think that's kind of the way the market's gonna play itself out. Now, CNAPP is also continuing to expand as a category, so things you didn't see-...
You know, two years ago in CNAPP, like, the cloud infrastructure and entitlement management are now a core part of CNAPP. You're starting to see newer capabilities, like data security, capabilities as part of CNAPP, like, cloud detection and response, incident detection and response capabilities as part of CNAPP, that weren't there two and three years ago. So we think we're in, I don't want to call it the early innings, but I think we're in the early innings of cloud, and there's a lot. You know, the same way other markets, whether it was the firewall market, you look at the SIEM market, right? That market had been played out.
You saw ArcSight as the early winner, and along came Splunk and totally revolutionized how people think about logging and SIEM, and now you're seeing new players completely transform what folks want from logging and SIEM. You saw that in firewall with some of the early generation products, and then next generation products coming with, you know, NetScreen and then Palo Alto, and that market continues to innovate. In cloud security, you know, we believe that we have a very competitive capability with our CNAPP platform. It is what I believe to be among the most elegantly integrated workflow capabilities for soup to nuts cloud security. And so to that end, we would compete directly and head-to-head with folks like Wiz.
You know, candidly, I think Wiz has done a fantastic job in the early innings of cloud, and they've got it right. We'll compete with Palo Alto directly. I think Palo Alto's made some acquisitions, and even when you listened to Nikesh over the last couple of quarters, he's, he's echoing what his customers are saying, which is, "You know, our products are good, but they're very dis- they're, they're expensive, and they're very disjointed." And so it was a major effort in Palo Alto to kind of unify the workflow of their cloud security products and make it a platform. We're taking the other approach.
We're we bought what we believe to be the most elegantly integrated platform, and we're leveraging what we think are some of the most market competitive capabilities in cloud identity, in the key functionality of that platform, in the infrastructure as code functionality that Tenable has been bringing to market, and some of the vulnerability capabilities that obviously Tenable is a market leader in. And there's areas where we'll continue to integrate there. So you know, we think companies like Wiz have got it right. We think that there's other companies, you know, I think CrowdStrike has a lot of momentum. You know, they're calling out momentum in their cloud business. I think they do a great job with the workload protection piece of it. That's their strength.
I think, you know, we have a lot broader capability that can be very compelling. So, you know, we look forward to allowing our customers to choose the best, best-of-breed components within cloud, but we think, you know, we're going to compete head-to-head with some of these market-leading cloud vendors and, you know, we'll see how it plays out.
Great. A few, a minute or two left here. Is there any questions in the audience that, that you have? If not, let's wrap it up with one last question. So, I'm not sure if it's a question. Steve is not here today. Obviously, he got sick, so, he can't make it, so we don't have a lot of financial questions, but I do have one. So, maybe Erin can help out with this as well, too, but-
The sun is out, people are smiling.
Yeah.
It's definitely not a place that Steve would enjoy.
No, he hates it. All right, well, the current billings you gave out preliminary outlook for next year already, which is nice. We certainly appreciate that. Mid-teens growth for, I think, fiscal 2024, fairly seems fairly modest deceleration. You've got Ermetic as well, the acquisition, I think you just talked about on the cloud security side, adding a few points of growth to that, to your billings next year. So how are you guys thinking about that preliminary outlook you gave, and do you feel like it's maybe more conservative than it was, you know, at the start of this year as we head into the next year?
Do you feel like it feels like you're much better positioned in terms of your product portfolio, and you've got this backdrop of vulnerability management becoming a much more, you know, important area, given the threat landscape and surging demand in Tenable One. So it's kind of felt like to me that the mid-teens preliminary outlook was pretty conservative. I feel like you're in a better position now than you were in December of last year. I don't want to put words in your mouth, but that's-
Yeah.
I mean, I'll take a stab, and then I'll let Erin chime in as well. You know, we feel like we're exceptionally well-positioned going into 2024. We feel like we've got stronger competitive positioning, competitive differentiation than we've had at any point prior in the company's history. We're also playing in a much more compelling way in much larger opportunities in cybersecurity. Our position of strength right now in cloud security, in particular, and with Tenable One, you know, we think... And with OT, we think gives us a lot of confidence going into 2024. That said, you know, we're operating in a difficult macro. We saw softness in the third quarter from the mid-market.
Looking out over the macro and some of the things happening around the world, you know, we just want to take a cautious approach and set a tone that hopefully sets us up for success in 2024.
The only thing I would add is Q4 is an important data point that we don't have at this point, so we wanted to give directional comments, but obviously, we'll give formal guidance in February. But we wanted to take into consideration what we were seeing and provide some comments around that.
Understood. All right. Well, thank you both very much for making the trip out here. We really appreciate it.