All right, why don't we get started? Thank you for joining us today. My name is Andy Nowinski. I cover the software sector for Wells Fargo, and it's my pleasure to introduce you to Brian Vecci, the Field CTO of Varonis.
Thanks, Andy.
Thanks for coming again.
Of course.
So this is webcasted. If there's anyone in the audience that has a question, I'm happy to weave that into the discussion. Just raise your hand so that we can bring you a microphone, and those that are listening into the webcast can also hear the question. All right, so why don't we get started? You know, for those that are in the room today and maybe unfamiliar with Varonis, Brian, why don't you just start with a quick overview of Varonis and what problem you guys are solving?
Sure. Well, we live in a digital world, of course. And enterprises of all types, of all sizes, whether they're big, small, public, or private, in every industry struggle to protect data. They don't know what data they have and whether it's sensitive or important. And in a world where there's infrastructure as a service and software as a service and platforms as a service, and we use platforms to collaborate like Microsoft 365 that make it easy for anybody to share with anybody, they really struggle to make sure that that data is protected, that only the right people have access to what they're supposed to, and that if anything happens, that they can detect it and respond to it quickly.
Varonis created a software platform, a data security platform, designed to solve those problems automatically, to automatically provide visibility into where data is, what it is, whether it's at risk and how, who, and what is using it. And then we've built automation to ensure that data is properly protected, that customers can measure that outcome, and that if anything ever happens, and these days, attackers don't break in, they log in, when a user is behaving like a machine or a service is behaving like a human or an insider is accessing data that they're not supposed to, we detect it quickly, and we make sure that our customers can effectively and quickly respond to it. So that's a long way of saying in a world where data is everywhere, Varonis automatically protects it.
Got it. Okay. You know, one of the big, or I should say one of the new ways to leverage Varonis is with your Managed Data Detection and Response offering. So I want you to just give us an overview of that. It's definitely a different way of procuring your software. I think in the past, it's been sort of maybe more difficult to deploy the software. You had 35-plus licenses, had to buy hardware.
Mm-hmm.
Now you have an MDDR offering. Let's look.
Yeah, there's two pieces to this. One is, a few years ago, we made a very significant investment, $100 million, to rebuild our software platform as a SaaS offering, as a software as a service offering, and to your point, that makes it far easier to deploy. Our customers don't need to procure hardware or the software licenses needed to run Varonis software. So we deploy more quickly, and it is a much lower cost, both from a resource standpoint and from a money standpoint, to run Varonis. SaaS also gives us the opportunity to offer capabilities that would have been impossible in a self-hosted world, like you mentioned, our Managed Data Detection and Response.
Because in a world where Varonis is provided as a SaaS, we can see the threats and the alerts and the issues in our customer's environment, whether they are checking a dashboard or looking at their email or not. We see them, and we will call them. And so we package that into a service called MDDR, which we launched earlier this year, and it's been wildly successful. So our transition to a SaaS company is going faster than we expected. So our customers are consuming Varonis as a SaaS platform. And part of that is we've now been able to offer the MDDR service, which lets us do more of the work of protection and threat detection for our customers. And it's been wildly successful.
I guess, what do you mean by wildly successful? In terms of how would you measure that in terms of the feedback you're getting from customers that are using it and, and, and the customers that are adopting it?
So MDDR is an incremental license. It's an incremental spend on top of the software platform. So you can't have MDDR without Varonis SaaS. We built a suite of technology and automations into the MDDR service that allows us to provide that service without a large amount of headcount. But if you're a Varonis customer, especially a new customer, why wouldn't you have that? On average, it takes seven people to offer 24/7 monitoring of your data. Most customers, most enterprises do not have seven people that they can devote to it. Varonis does it for you. So when you have Varonis software deployed, our MDDR service is watching. We're watching the telemetry. We're watching the alerts. And we have an SLA behind it. So if anything happens, we will call you.
It's been wildly successful, and we measure that by attach rates, by the number of customers that are using it. For new customers, it is part of their software package when they procure Varonis. It's almost a no-brainer. Why wouldn't you want our team watching your environment and calling you if something happens? For existing SaaS customers, it's an upsell, and we're seeing very enthusiastic adoption as part of an upsell process. For customers that are converting to our SaaS offering, it also becomes a bit of a no-brainer. Why wouldn't you include the MDDR service? So to answer your question directly, we're seeing that the attach rates be very, very high.
Are you seeing customers offset some of the cost of deploying that MDDR by maybe reducing the headcount they use to manage the seven people going down to one or something?
Most customers don't have those seven people, and they couldn't hire them if they wanted to. So it's less about headcount reduction and more about we are able to offer a capability, a function, 24 by 7 monitoring that they wouldn't be able to deploy themselves. They don't have the people to do this. We become a force multiplier for their security teams. Every single organization, of course, is trying to detect and respond to threats quickly. Everybody struggles with it. We make it much, much easier.
Got it. All right. You kind of touched on this early on, but the SaaS conversion, that's been a big piece of your story over the last, call it, 18 months. Why don't we just talk about what it's at a high level? What does, what does that mean for a customer when they go from on-prem to, to a SaaS offering?
It means they don't need to run the hardware and the other software licenses to run Varonis. They don't need to pay people to make sure that the Varonis infrastructure needed to make sure that Varonis works properly is working properly and is deployed. We've seen a 90% reduction in support tickets from customers that have moved to our SaaS offering. It's because fewer things go wrong, and most of the things that would prevent Varonis from working properly, we can identify and fix on the cloud side because we see it before they do. They don't need to dedicate any headcount to running Varonis, to making sure that it's working properly. They don't need to pay for the hardware to make sure that the Varonis infrastructure is deployed properly. They don't need to make sure that the hardware is sized appropriately.
The number one reason that a self-hosted Varonis customer wouldn't get the full value out of the platform is usually environmental issues. Some server isn't running properly or doesn't have enough memory or storage. All of that goes away with SaaS. We've also been able to innovate much more quickly. We can offer capabilities through SaaS like MDDR, but also more automation in more places, things like AI classification, the ability to provide visibility in places that we couldn't before, streamlined user interfaces. It is a better product that is easier to deploy and maintain, and there's more automation, which means our customers get more value more quickly. You put all that together, and why wouldn't you choose SaaS?
That makes sense. I think, you know, historically, you guys have talked about how, you know, on-prem customers may have only deployed one of your 35 licenses and didn't really get an understanding of what Varonis could truly offer by.
Mm-hmm.
By only deploying kind of the bare minimum. And with SaaS, if I understand it correctly, there's a lot more capabilities built into it. I don't know if it's seven-plus licenses as a starting offer, but you definitely get a lot more capabilities that you wouldn't have if you started with just one license. Is that?
That's correct. But also, when we transitioned to SaaS, we simplified the packaging. So instead of, for instance, Varonis for Microsoft 365 in the self-hosted world would be seven, eight, or ten different licenses. And to your point, if a customer only took on two or three of those or one of them, they wouldn't be able to re-realize the full value. With SaaS, they don't have the choice anymore because we realized it didn't make sense to break things up like that. So Varonis SaaS for 365 includes all of the capabilities of seven to ten licenses, depending on specifically what you're talking about.
And it means that every Varonis SaaS customer gets the full value of our platform without having to worry about, "Oh, they don't have this capability or this capability." Plus, it's because there's so much more automation built in, we can show much more value more quickly without worrying about they're not licensed for a piece of it.
Got it. And this, this SaaS transition has been, I guess, going on for, you know, well over a year now.
Yes.
If you look at your, you know, mix of ARR, I think it's probably closer to 40, maybe almost 50% of ARR.
Yes.
Well, but what inning do you think you are in terms of when you look at your installed base of on-prem customers that are still out there running the on-prem, how much left of the conversion do you think you have?
We believe that the SaaS conversion will be complete when we get to 70%-90% of our ARR coming from SaaS. We're more than half the way there.
That's the total install base converted, or that's just the new customers you add in a given quarter to 70%-90%?
There are no new customers that are taking on self-hosted at this point.
Okay. At this point.
The only customers that would choose self-hosted are really specifically Fed customers that need FedRAMP, and we are FedRAMP in process. We believe that in the first half of next year, we'll be FedRAMP certified. All new customers, for the most part, are SaaS. What we're really talking about is the existing customer base converting to SaaS, and we're more than half the way there.
And from a sales perspective, like a sale, if you're a sales rep and you're selling the full portfolio, like how are they?
Yes.
Are they compensated differently for SaaS? I mean, there's clearly more benefit to the customer, but how do they is their go-to-market motion change at all?
Their go-to-market motion doesn't change. It's an easier sell for them, which is why this transition is going faster than we even anticipated. We don't need to retrain our sales force. They're, you know, one way to think about Varonis is that we are selling outcomes, the outcomes of visibility and automated data protection and automated threat detection. Whether we deploy it as a self-hosted solution or a SaaS solution, those outcomes are the same. So our sales force is selling the same outcomes. It's just so much easier because of all the benefits that we've talked about with SaaS.
In terms of, like, when, like, a sales rep maybe balances their, in a given quarter, they're trying to hit their quota and they're looking at converting existing customers and landing new logos. Obviously, the new ones, you said.
Mm-hmm.
All land on SaaS, but how do you think they balance their time in terms of focusing on getting your conversion up to that 70%-90% target versus landing new logos?
We're very encouraged by new logo growth this year. I think it speaks to the way our reps are compensated. They will certainly make money on SaaS conversions, but in order to make real money.
Mm-hmm.
They need to sell to new customers. And we're very encouraged so far this year by our new logo growth, as well as, of course, SaaS conversions. All of our sales teams spend time with all of their existing customers as a matter of how we make sure that our customers are getting value and that they're delighted by Varonis. Every one of those touch points is an opportunity to sell the conversion. So we haven't seen much friction. It's been really easy for our sales force to sell the conversions, but in order for them to make real money, they need to bring in new logos. And so far this year, we've seen that working.
All right. Why don't we shift gears into GenAI? It's always been the topic today from a lot of different firesides that I've done so far in data protection.
Of course.
How, why don't you guys talk about, I, you know, I think, Varonis and your ability to protect Microsoft 365 Copilot.
Mm-hmm.
Is one of the bigger drivers of the adoption of your SaaS platform. But why don't you explain how did that, how does that work? How is it different from what you were previously doing in terms of protecting data?
That's a really interesting way to phrase that question because the answer is it isn't. But what is preventing people from leveraging or using or widely deploying Microsoft 365 Copilot are the privacy and security issues. So I'll tell you a story that I think will illustrate this. One of the big banks did a Microsoft Copilot pilot. And what they discovered was when they gave it to users on their trading floor, those users started asking questions like, "What stocks do our employees invest in?" Because that Copilot is potentially, I think it is the greatest information retrieval tool ever. And you figure this bank has done all kinds of research and written reports and done analysis. And if Copilot can summarize that, it'll make their people, including their traders, far more productive.
When they asked, "What stocks do our employees invest in?" what they were expecting was a summary of a research report that somebody had done. Instead, what they got were tables of employee 401(k) data, names and Social Security numbers and positions and accounts. They immediately had to turn it off because these traders weren't suddenly insider threats, but Copilot was showing them data that they had access to that they had no idea existed. In order to safely use Copilot for 365, you need to make sure that your data is properly secured, that users only have access to what they're supposed to have access to. One way to think about it is need to know or least privilege. I shouldn't have access to employee reviews and 401(k) information. I have no need to know that.
But if I do, because 365 makes it so easy for anything to be shared with anybody, Copilot's going to show that to me. So what our customers are doing is using Varonis to safely lock down that data, and now they can safely use Microsoft Copilot. To your question, how is that different than what Varonis has been doing before? It isn't. We're solving the same problem. What has changed is that organizations need to solve it much more quickly. They have an impetus. Copilot is giving them a reason to deploy Varonis right now. And we're seeing organization after organization be successful with using us to secure their data so they can use Copilot. And what we're finding is organizations that haven't done that, their Copilot pilot is stuck in pilot. They can't give it to anybody because they don't know what's going to happen when they do.
The rest of the GenAI conversation is similar. There are AI productivity tools, not just in 365, but Salesforce has Agentforce, and Google has Gemini, and Amazon has Q. There are all these tools that leverage the data that people have access to. But in order for them to, for organizations to use them safely, they need Varonis. They need these outcomes. They need to make sure that data is properly protected. In addition to that, many companies are training their own models, are building big training sets. And where are they putting that data? They're putting it in Amazon, and they're putting it in Databricks, and they're putting it in Snowflake. And they need to make sure they know what data is in there. They don't want their customer chatbot to suddenly spit out employee reviews, for instance.
They use Varonis to monitor that data, to classify it, to secure it, and then to make sure that it is never accessed inappropriately. Any conversation about GenAI is going to include a conversation about security for GenAI. Any conversation that is about GenAI security is really a conversation about data and data security. Varonis protects data. If you want to use AI safely, you need Varonis to make sure your data's protected.
And that's the same sort of value proposition that, that you've had all along, just a different use case. But I, if I understand it correctly, Copilot for 365 or Microsoft 365 Copilot isn't like a, isn't embedded in that current capability. Like, you have to pay extra for, for this ability to specifically safeguard Copilot. So it, it does seem like an incremental growth driver, even for an existing customer that's been running Varonis for years, using it and classifying their data. If they want to roll out Copilot, they're still going to have to spend more on Varonis.
A little bit. So what we've done is, in order for Copilot for 365 to get all of the capabilities that we offer, you need Varonis for Microsoft 365. But then we've added additional capabilities that are very specific to Copilot. We have a Copilot dashboard and some Copilot-specific automations and some Copilot-specific visibility and threat models. So if you've got Varonis for Copilot, you see the prompts and the responses, and you have specific automations for Copilot. So that's. There is an incremental spend specifically for Copilot for 365. And what we've been saying over the last year is we're tempering people's expectations about our revenue related to that license or to AI in general. But we're very encouraged by what we're seeing, and we've started to see deals specifically include those capabilities. So we're seeing revenue specifically related to Copilot now.
In terms of like tempering expectations from investors on this use case, is that because customers are still in the pilot phase of training these Copilots at this point, or is there other reasons for that?
I think it's that customers are still in the early innings of determining how valuable is this, which capabilities need it. You know, I think if Microsoft had, they could wave a magic wand, everybody would give Copilot to everybody, and they'd get $30 a person per month forever. Companies are being very, our customers are being very careful about where and how they deploy this for the privacy and security reasons, but also for the ROI of Copilot itself. So to your point, that's a very long way of saying yes. It's the early innings. I think if you went forward in time five years from now, everybody is going to be using these kinds of Copilots, because it's going to make people more productive. Five weeks from now, that's not the case.
So we're just being responsible about how we predict that, you know, that change, but it is happening. It's happening slowly, but it is happening.
From what you're seeing from your conversations with customers, I mean, are they training these Copilots and getting them ready to roll out to a broader customer, or employee installed base, and then saying, "All right, now we need to get data security applied to it if they're not already a Varonis customer"? Or is it the inverse where let's get, let's get data security classified, classify this data first, and then we'll, you know, start going down the pilot phase of using a Copilot?
That's a really good question, and I've seen both of those kinds of conversations. Many organizations that are taking a proactive and thoughtful approach to security are coming to us first before they start rolling out these Copilots. We have also seen situations where they have rolled them out, like the 401(k), the traders, where it's, "Oh, no, we need to take a step back," and now we're bringing Varonis in. It's, it's not one or the other. Both of those are happening.
Got it. Okay. What is Microsoft doing? I mean, you guys have been partnered with Microsoft for a while. How are they promoting? You know, I'm sure, as you mentioned, they'd love to get $30 from every employee out there and roll Copilots out to everyone. But, they're relying on partners like Varonis to help accelerate that adoption of it.
They are. And one of the things that benefits us is they don't really have any other partners like Varonis. There's nobody else that solves these problems at scale automatically in the way that we do. Microsoft has incredible security capabilities under the umbrella of Microsoft Purview. But, first of all, Purview doesn't solve the same problems that we do. And second of all, for some organizations, it can take a lot of work in order to get all of the value out of Purview and the security capabilities and functions that Microsoft offers, which is why we partner so closely with them. Varonis is available on the Azure Marketplace, and Microsoft customers can use their Microsoft Azure commit as part of, as a way to procure Varonis. Microsoft reps can even retire quota on Varonis deals. So we have been and continue to be a very close Microsoft partner.
We work very closely with them, not just on the integration in 365 to provide all of the capabilities that we do, but to make sure that Microsoft and Varonis customers are confident that their data is secure so that they can use Copilot. To your point, Microsoft wants everybody to use Copilot. Varonis is kind of the magic wand to make that happen.
You mentioned Purview, which, if I'm understanding this correctly, like Purview, I always thought of as more of just a DLP solution that measures data leaving your organization, like data leaking out of your organization, which certainly doesn't seem to be the same as Copilot exposing data to employees that they shouldn't see. That data's not leaving the organization, so.
Also, Copilot doesn't expose any data. Copilot just makes it easy to see and get and leverage the access that you already have. With Copilot, data already is exposed. You just didn't know about it until people started using Copilot. You're right. Purview is really great at doing things like blocking data from leaving. But part of ensuring that Purview is working is you need to make sure that all of your data is labeled, is marked as sensitive or confidential, and then Purview works. But who's going to put those labels there? Varonis does it, and we do it automatically. When you're using Varonis, all of your data's labeled, so Purview works. Now you don't have to pay people to go out and review where all of your files are. We make that very easy. We make it automatic.
When you have Varonis deployed, not only is your data locked down and you can use Copilot safely, not only do you have MDDR, so if anything happens, you know about it, but your data's also labeled, so Purview works, and you get more out of the security capabilities and the DLP that you already have.
Well, that goes back to, I think, just the core use. I mean, these are all use cases of, of Varonis, but even the data classification piece of it. Once you classify the data, then you can see that, "Hey, I don't have Wells Fargo customer information on my local laptop. It's sitting in a secure file share somewhere." So it kind of reduces the risk overall of the organization of where the data's exposed, not just for Copilot, but for.
For everything. Yeah. We think we call it the blast radius. Where do I have data that's open to people who don't need to have access to it, and even if I found it, what do I do about it? How do I make sure that it's properly locked down? Varonis reduces the blast radius, and we do it automatically. That's the key. Every single security team is stretched thin. I sit in rooms where I ask CISOs, "How many of you have more projects than people?" and almost every hand goes up. Every team is stretched so thin, so just giving somebody a report or a list of where they have problems, giving somebody findings doesn't secure data. Varonis secures data because we turn findings into outcomes.
We say, "Here's not only where you have problems, here's the buttons that you can push to automatically solve them and keep them solved.
What do you think, you know, over the course of this year, you know, a lot of people have been. I think we were talking about Copilot as a catalyst for your business a year ago at this time, and maybe even a year ago last summer, so it's been kind of slowly, you know, taking a more of a wait-and-see approach. But, you know, Microsoft just talked about having 70% of the Fortune 500 is now using Copilot. I'm, I'm sure that's, you know, counting customers or organizations where it's very a narrow use case or a small number of users at this point, but probably more of a, you know, an inaccurate metric that's kind of in.
What I would say is I would agree with what Microsoft is saying. But to your point, most of those organizations are using it in pockets because they're trying to solve these privacy and security issues before they go widely deploy. We do know that many Microsoft customers are now widely deploying it because they're Varonis customers. We have public case studies now of customers that have done risk assessments, identified huge exposures, automatically removed those exposures safely without breaking anything. And I'm not talking a matter of months. I'm talking a matter of days. And now they're safely and widely deploying Copilot. Every single company I talk to has a Copilot pilot going on. But to your point, you're talking about a dozen users here or a hundred users there. It's not 50,000 people that are using it.
And it's because they need to solve these problems first.
Okay. Well, I want to kind of stay on this topic a little bit longer as well. But given that you're a CTO, you can probably answer some of these more technical questions you've had. So last night, Zscaler talked about also the data protection and providing, you know, protecting data that's Copilot's exposing. And they were talking about how they have an advantage because they sit in line with the path of network traffic that's delivered to Copilot or Microsoft 365. And then they have out-of-band protection as well too. Like, how do you think about where Varonis sits and this argument that Zscaler as a network security provider can also provide maybe some of these capabilities because they're in the path of traffic?
I would, here's how I would respond to that. In order to protect data, you need to protect the data. In 365, I can get access to an individual file through a group membership or a shared link. I can get access from a device or a service. I can get access while I'm on premises or on the road. The only way to protect that file is to protect that file, to protect the data itself. That's what only Varonis does. Zscaler is a great company. The endpoint companies are great companies. They don't solve the problem of data protection because they're not on the data. Varonis started with the data. We don't just classify it. We monitor it, and we lock it down at the data level itself.
Unless you do that, data will be exposed via Copilot or somewhere else to either a threat actor or accidentally to somebody. There is no other way to solve that problem.
Can you also talk about, so another acronym that comes up a lot is this DSPM, Data Security Posture Management. We hear about CSPM, ASPM, and now, of course, DSPM.
Lots of SPMs.
Yeah, a lot of SPMs. But there's been a number of vendors like Palo Alto acquired Dig Security. CrowdStrike acquired Flow Security, which are more DSPM plays. Can you just help us understand where does DSPM fit? Because I believe Varonis has had DSPM for many years.
We were DSPM before there was a DSPM. It's great that finally there's enough investment in this space that somebody created a category that starts to describe what we do. However, DSPM and the DSPM tools typically support a subset of capabilities. By that, I mean they're looking, they do data classification, what data is sensitive, and when you talk about posture management, they're looking at the surface-level security settings and configurations. What they are not doing is doing a deep analysis of the permissions and access controls. They're not monitoring the data itself, and they don't fix any of the problems that they find.
I saw a POC of another DSPM vendor, and the CISO showed this to me because when they did a bake-off between Varonis and this other vendor, their other vendor's approach was, "Well, here's a dashboard, and it's going to give you a number of findings. Here are the problems that you need to solve. It's sensitive data that's potentially exposed." And their approach was, "For every one of these findings, you should open a service ticket or configure and build an automation yourself or just hand this to your privacy team, and they'll fix it." Our approach is, "Well, Varonis will fix the problem for you." That's what I mean by automation. We will automatically fix it and we'll monitor it and tell you when something goes wrong. And the reason this was so noteworthy is the CISO said, "We have 2.9 million findings.
If I opened a service ticket for every one of those findings, that would be more service tickets than we have opened in the history of this company. That is not a solution. That just tells me I have 2.9 million problems that I can't solve." Varonis solves them. That's what we do. The other big difference between, at least right now, all of these other DSPM vendors is in the breadth of coverage. DSPM tools were built to support databases and structured systems in the cloud. Varonis supports databases and structured systems in the cloud. We also support file systems. We also support them on premises. We also support applications. We support data in all kinds of different places, so Varonis offers more coverage in more places, deeper coverage because we're looking at things like access control and permissions that the DSPM vendors can't see.
We do monitoring and alerting, and with MDDR, we'll tell you when something goes wrong, and we have all the automation to fix the problems that we find. This is why outcomes matter so much. The DSPM tools that you mentioned, companies struggle to get real outcomes out of them. With Varonis, we've made the outcomes automatic so our customers can get them very easily.
It sounds like if you wanted to have a complete platform on this, not just identifying the problem but fixing it and automating it, I mean, when you guys come in and they actually go with Varonis, are you consolidating out a lot of other point product solutions besides just DSPM?
Yeah, we are. Like companies, one of the questions we get and a version of the question you're asking is, "What is a company doing if they don't have Varonis?" Right? How are they solving these problems? The short answer is they're not. The longer answer is they are trying to cobble together manual processes and point tools, and they have an incomplete picture and no way to really solve these problems at scale. With Varonis, they get a much more complete picture, and they get the automation to solve the problems. So yes, we are, we displace point tools, and we displace manual processes, and we make security teams and privacy and compliance teams dramatically more effective because we are giving them capabilities that they didn't have otherwise, and it's all automatic.
Got it. We've got a few minutes left. Are there any questions in the audience that I could weave in here? If not, I can certainly go a few more here. I was curious as we, you know, coming up towards the end of the year here, like, what are you getting excited about for next year, 2025? What do you think about what drives Varonis and, not only financially, but maybe even on the product side? What.
That's all I can really speak to. I'm in the middle of building our roadmap for our sales kickoff, which is in January. This year, in 2024, we had, I think, 50% more, close to twice as many major press releases for new, new capabilities, new products. Today or yesterday, we announced Varonis for Databricks. Last week or 10 days ago, we announced Varonis for GCP, for Google C loud. This year, we've done 50% more than last year, and last year was more than the 10 years previous combined. What I am excited about is we have more innovation ahead of us than behind us. Next year, we are going to be able to launch products and capabilities in places that we don't support yet. There are applications and, you know, other major enterprise applications that store important data that we want Varonis to support.
Then there's depth of telemetry. There are things that we can build technology to monitor that will make MDDR more effective, that will make our automation more effective, that will help us catch more threats in more places, help us block things from happening. Our goal is that if you're a Varonis customer, your data is protected. You catch threats. You do not get breached. We're going to be able to do that in more places, for more organizations, more easily and more automatically. There's so much more ahead of us. That's what I'm excited about.
Is this inflection in capabilities, I'm guessing it's largely because of the fact that you have a SaaS platform. Does that make it easier to roll out new features?
Yeah, absolutely. Because we can build a capability and then deploy it to all of our customers basically instantly. If you're a Varonis SaaS customer and I have a new automation or a new set of capabilities that I've built for you, you just get it. Whereas in the self-hosted world, you'd have to go through an upgrade, and our customers would go through maybe annual upgrade cycles. It meant that for us to innovate, it was a very, generally a slow process. If I develop, we develop a major new capability, we have to deploy it to rings of customers, have them go through upgrades, get feedback, make sure it works. In a SaaS world, we can just give it to you, and we can make sure that it works before we do that.
So we've been able to innovate dramatically more quickly, to your point, because we are SaaS now.
I did think, you know, the announcements around Databricks and GCP were also really interesting. We didn't have a chance to get into that today, but being able to address data where it resides now, which is also something that you probably couldn't do with an on-prem solution.
I mean, you could. It would have just taken us much, much longer to do. We can go, we can develop capabilities and visibility into places that we couldn't before or that would take a, take too much development or too much time before. It happens so much more quickly now. So the right way to think about Varonis going forward is we're going to be able to support data in new places, in new clouds, in new, new data stores and new applications, and we're going to be able to continue to develop more and more automation. The more I can automate for you, the more value you're going to get more quickly.
One thing I've learned, I've been at Varonis for about 15 years, is that if it's not automatic, if there's not a button you can push, or if it's not a capability that we can do for you, there's a pretty good chance you're not going to do it because you're not going to have the people to do it. You're not going to have the time to do it. So everything for us philosophically is let's automate it and/or let's do it for you like we do with MDDR.
Got it. Well, thank you so much for your time today, Brian.
Thank you as always. Take care.