Good morning, everyone. Welcome to the Varonis Investor Day. We've got a lot planned for you today. We've got presentations from our CEO, Yaki Faitelson, and Field CTO, Brian Vecci. We'll have a short break, followed by a session from our CFO and COO, Guy Melamed, and then we'll wrap up with a Q&A session after that. Before we kinda jump into everything, I've gotta read a couple disclosures. During this presentation, we may make statements related to our business that would be considered forward-looking statements, and due to a number of factors, actual results may differ materially from those set forth in such statements. The factors are set forth in our earnings press releases and our risk factors, which are described in our reports filed with the SEC. We encourage all investors to read our SEC filings.
These statements reflect our views only as of today and should not be relied upon as representing our views as of any subsequent date. Varonis expressly disclaims any application or undertaking to release publicly any updates or revisions to any forward-looking statements made. Additionally, non-GAAP financial measures will be presented, and reconciliations to the most directly comparable GAAP financial measures will be provided in this presentation as appropriate. Now I'd like to show a short video from our SVP of Strategic Programs, David Gibson.
People think that data is locked down and protected. In reality, employees have far more access than they need to do their jobs. When employees have too much access, insiders can do a lot of damage, and outside attackers don't need to work very hard. How do employees get too much access? Well, here's a story about a folder. Alan, the CFO, works on guidance financial projection models. Alan shares the earnings folder with Fred in IR to start building the quarterly earnings presentation. The earnings folder contains lots of sensitive information. Fred needs some help with graphics, so he shares the folder with the marketing manager, who shares the folder with the design team that includes all the designers as well as external contractors. That's how one shared folder can lead to a lot of risk, like external contractors with access to a company's five-year operating plan.
Think about how bad that could be. Employees share data every day on all kinds of collaboration platforms. This is why one insider or compromised user can do so much damage, and ransomware continues its destruction. While risks from oversharing keep growing, configuration risks lurk underneath, like the one that shared 3 TB of sensitive airport data to the whole world, or the misconfigured API that led to the worst breach in Australia's history. These are the kinds of problems that we find in risk assessments. Companies can't see them without Varonis. They can't see them, they can't fix them, and they can't keep them fixed without Varonis.
Hi, everyone. I'm very excited to talk about the SaaS, thank you so much for taking the time to be here today. SaaS is really for us is as big as the first version of DatAdvantage that essentially was the beginning of the company. The SaaS transitions is an orders of magnitude bigger than the transition to subscription. Subscription essentially enabled our customers to buy more licenses. SaaS is changing completely the way they get value from the licenses and the overall platform. The other thing that is critical to understand, and I hope that I will be able to explain it, we got here in the right way. We build our SaaS platform in the right way. With your permission, I will state the obvious.
We are in a world with a lot of uncertainty. We have the war in Ukraine, we have unprecedented amount of debt and stubborn inflation, there's really one certainty in the world, this certainty is pushing very hard the business case for Varonis. Whatever will happen, people will eat, sleep, and create data. The world is completely dependent on data. Data is, data is precious. If you have critical data, someone wants it. Peiter Zatko, the CISO, the former CISO of Twitter, as a whistleblower, when he talked to Congress, he did the best pitch for Varonis. In one s entence, what he said is the data is completely out of control.
To quote him word for word, he said, "First, they don't know what data they have, where it lives, or where it came from, and so unsurprisingly, they can't protect it. That leads to a second problem. Employee needs too much access to too much data on too many systems." When we started, people didn't know that they can solve this problem, and the problem was a small fraction of what it is today. Today, manually, you can't solve the data protection problem. It's just impossible. I don't know if there is any force, anything that is growing so much as data and our dependency on data and data stores. The hybrid world, this is how it works today, on-prem and in the cloud, is very chaotic and really growing at a staggering pace.
What is beautiful for us, for Varonis, you know, the data is growing relentlessly on massive data stores in the cloud and on premises, and the flows between them are very complex, especially when users are involved. You have users that are sharing a lot of data. If you can't share data, there is no value. Whatever data you will create today that is relevant for Varonis, will go email, in file shares. This is the product of this. This is extremely important to understand that data is going, and we need to share. Users are sharing it, application is sharing, and this is how you extract value from a data product. The other thing that is critical to understand, some things after COVID are transitory, some things are stationary.
The architecture of how people are using data is here to stay. What happened with work from home, that endpoints became access points, and most of the organizational data is stored in central repositories, on-prem and in the cloud, and this is how people are consuming data. It's fairly easy to go today to any modern organization and understand in which data stores you have your critical data. We have every year more and more data stores that are integrated, and infrastructure that is very close to these data stores. What happens is that you have so many systems, accounts, and people that create massive attack surface. You just need to compromise one user or one machine. This is an attack surface, just never-ending supplies of entry points. Like any software, have a lot of vulnerabilities.
This is usually the ratio. If you have one user, there is usually between five to six ways to get in. 10,000 users, 50 to 60,000 ways to get in, through the VPN, your phone, your laptop, your desktop, VDIs. It's critical to understand. Okay? The other thing that is happening, there will always be a system or a rogue employee, and you only need one. Not most, but a lot of warfare today is happening in the cyber space, and really a lot of these efforts, state actors are showing the way of how to do, you know, sophisticated attacks and cyber crimes. We see more and more sophisticated Advanced Persistent Threats, APTs.
The other thing that is happening, because of cryptocurrency, it's very easy to monetize cyber crime, and the biggest risk of all are insiders. Let's just let's think about the data breaches that changed the course of history, WikiLeaks, Snowden, the Panama File, insider with too much access that accessing critical data. This is the reality of the situation. The means always change, but data is always the objective. The objective of most breaches is data. This is the reality. You don't know from where and from whom an attack will come, but you always know that it's going in one direction, and the direction is towards, the direction is towards the data. This is why it makes sense to protect the data.
If the data is protected and you have many mistakes in the outer layers, think about it as an onion, nothing happened. If you touch the data, this is where you have lasting damage. You can't unbreach data. You can get a new endpoint, you can rebuild an infrastructure, but you can't unbreach data. If you will take any CISO today, and you will tell him, "What is your main objective? Why are you here? What do you need to do?" They will tell you that the lion's share, really the top priority of the mission is to protect data. This is the top priority. Obviously, you need infrastructure availability and everything else, but this is the main objective. Almost all efforts are in order to protect data. If bad actors can't touch data, there is no lasting damage.
You don't have lasting damage if they didn't touch data. If the data is in the wrong hands, it is all over. This what makes data protection one of the most important problems to solve, but also one of the hardest problem to solve. It's also what create a massive opportunity for Varonis. Opportunity is bigger than ever. Data protection is hard, but if you can solve it automatically with no friction, most probably a lot of security budgets will go to the data security platform that can solve the problem. Historically, our approach, we call it the data first approach, worked very well for all critical data. It start with revealing who has access to data, who is accessing it, what data is critical. In 2019, we went to subscription.
Subscription enable our customers to buy more licenses. They got more coverage, more automation, and more enrichment that gave very good visibility. Who can access data, a lot of coverage, make sure that we that customers can buy more licenses, they cover more data stores and user stores, and we provided a lot of functionality to solve the problem. Our customers achieve great outcomes. They can visualize the potential of access, they can reduce the blast radius, which this is really the holy grail of data protection, that only the right people can access the right data. They get high-fidelity alerts.
You know, if you think about the breaches that you saw, and you come into all of these breaches, and you see people had everything, end-endpoint protection, NSC and everything, million alerts, and the attack still happened because the attack was never on the right data streams. We give high-quality, data-oriented alerts that works extremely well, and compliance become very simple. When I can tell you who can access the data, who is touching it, and what data is critical, I can adhere to almost any compliance requirement. Also the reality that with the self-hosted platform, to get this outcomes, it took effort, time to deploy and maintain, time to configure, time to remediate, and time to respond. This friction and the time create bottleneck.
One, there is never enough time. The other thing, and I also believe that this is a massive secular trend for all security companies, there is a real shortage of technical skills and people. People are stretched too thin. Just very hard to get just the people that will do the work. With our SaaS platform, we changed the game completely. We started to develop the SaaS around five years ago. We started very small, and we wanted to make sure that we are doing it in the right way. For us, the most important thing was to make sure that our customers, they invest fraction of the effort and get significantly more value. We measured everything.
The north star for everything we do was effortless value, and we measured everything with a stopwatch. Time to installation, time to visualization, time to remediation, and proactive incident response. Everything, we just thought about it almost like robotic value to make sure with complete automation, we can reduce everything, and we maniacally measured every phase of the value proposition. With the SaaS, the outcomes are frictionless. Many times, you know, we reduce friction drastically. Many times, we don't need any customer involvement. We are now in the business of automated outcomes. Automated outcomes is everything for us. When a customer pay, they get this, they get the three outcomes with minimum or no effort at all. They can visualize and reduce the blast radius.
They can detect attacks early in the kill chain and any abnormal behavior towards the data, even if it's a very stealthy behavior, which this is key. Compliance gets easier. I want to tell you a story. I saw a customer towards the end of Q4. We're discussing an expansion. He said, "Yaki, I want to tell you about my reality." You know, I spend a lot of time with our customers. He said, "Throughout COVID, I lost my team twice." He said in terms of the turnover of his team. He said, "Your platform, your this, the self-hosted platform, give me great value, but constantly need, you know, the engineering to make sure that it's working.
Every time a new person is coming, we need to teach them how to use this solution. It just, it's I need to know that I'm getting value, and it's just, it's hard for me because there is a lot of friction. When everything is up and running, and I have the people, and we have the time, and the infrastructure group, the engineering group is helping me, it's great, but I don't have these resources." This is what I told him. With our SaaS, it was 365 and on-prem, Azure AD and Edge. We said, "Except of the on-prem collector, you don't need to do anything. We will come and classify the data completely automatically for you and this, and we're also going to label it. We will reduce the blast radius.
You will just come in the morning, you will see a widget. This is the oversharing that David just show you brilliantly, and this is how the robot is going to remove anything without breaking any business process. If we will see any abnormal behavior, you know, we will tell you about it or any posture problem. Most of the time, we'll eliminate the risk without any need from your end to do anything. Like, this is the key."
I told him, "The only thing that you need sometimes, and this is also sometimes, is just someone with a heartbeat that will pick up the phone and will tell us if the behavior that we detected is malicious or not." He told me, "If you can do that, you are my number one priority." This is the difference between huge success and potential. This was the key for us with everything we have done. I know many of you, and I know that you know, we have many people that understand enterprise software very well and following up technology for a long time. Transitions are hard. Many times, the companies that need to do transitions are not doing it right.
We are good students of the history of enterprise software and how to build software in the right way. In terms of the engineering effort, we crossed a real ocean, so we did it in the right way. Many people are not doing it right. Many people, what they are doing when they are going to SaaS, they are doing this lift and shift, not doing the right architecture. When we started small, we took every component and, of every code and said, "How we are going to repurpose it in the right way in the cloud?" The second I also will talk about the other productivity is the Varonis productivity from us delivering more innovation and what we need to do for our customers. This was the first thing.
The second thing is how to choose the right technologies in the SaaS to build the right multitenant to make sure that it's very secure and highly scalable. After we understood everything, you know, it was 20%, 30% of engineering. Two and a half years ago, a bit more, we just went all in, and the lion's share of the engineering resources was in building this, the SaaS infrastructure. I can tell you that we have a world-class SaaS asset with every KPI that you need to measure a SaaS product, and this is the foundation to build much more. Also we build the foundation for a lot of automation for Varonis, our ability to innovate, our ability to fix problem.
Also, if you are a security analyst or a support person or a partner of professional services, that you will have so much automation that you can support three, four times more ARR from the SaaS platform itself. Like, we really thought about everything and also made sure that we can iterate very fast on a highly scalable SaaS infrastructure. What is in our SaaS today? We already covered the most important stuff from the self-hosted, we leapedfrog the self-hosted in terms of automated remediation and proactive incident response. I will talk about both of them. If you are a new customer, it's just a no-brainer, you will choose the Varonis SaaS. There is just so much more ahead of us. It's not just the data is growing and growing in more data stores.
There is flow and integration between them. You saw, you know, there is APIs that are accessing, users that are accessing, a integration between this data and the user repositories. In the heart of everything is more automation and more coverage. From the data that we have, we also get a lot of force multiplier for usable classification, for incident response, for general analysis. We really opened the floodgate for innovation, and there is much more on the way. Brian is going to show you a product tool, and you will understand how more is more. The pace of innovation is constantly going to accelerate. Recently in Q1, we went wider with support of Azure Blob.
Azure Blob is the object storage for Azure. We went deeper with classification, with GitHub and Salesforce for both files and field. The other thing we have done, we are classifying very well secrets and tokens, credentials, you know that if you want to get access, this is the first thing that bad actors are doing. The other thing, we went very deep with automated remediation for Salesforce Box and Google Drive. I want to talk for a second about remediation. You know, at the end of the day, we need to fix problem. What you're starting to see is that visibility itself is not enough and findings fatigue is very real. What is happening when you provide only visibility, each finding represent a lot of work.
If you don't automate the remediation and know how to prioritize them, you're just drowning in many, many things that you don't know what to do with. It's only getting worse with this explosion of data stores and configuration. We are in the business of automated outcomes, and we're really building these remediation policies engines that can make sure that they can solve the problem without breaking business process. One thing is to be in the business of automated remediation, but one of the biggest issues with security is to manage the tension between security and productivity. You know, if no one can access any data, we don't have security issues.
The key is how in this environment that you collaborate and everybody's sharing data all the time and critical data, and this is what is driving every business, how you can do this automated remediation. You will have this intelligent robot that look at everything and can do remediation and make sure that you are secure without breaking any business process. Few years ago, around three and a half, four years ago, we introduced the incident response. You know, it started with ransomware. We saw that a lot of our customers have this ransomware attack, and we detect them. After that, we come in to how the ransomware came in, this what happened, and it worked extremely well. Almost every customer that using the IR renew and buy more. Proactive incident response, proactive IR, it's a natural extension of the IR service.
The same analyst can be far more productive, there is no need for customer effort. It's complete reduction of friction. I want to explain for a second. Today, if I'm, the, we have this self-hosted system, you know, we have some KPIs, but something happens or not happening. We just, you know, every week I want to do a session with Brian. I need to call Brian. We need to schedule. We need to do a Zoom, I need to go on the system. I need to tune the alert to understand what is happening and if there is any issue that something is down. You know. We need to understand what's going on. Today, everything is happening from our SaaS. You don't need to do anything. We see all the alerts, we turn them.
We see if there is any abnormal behavior. We can run playbook to stop a user, and we just call you, and you will hear from our customers and tell you that something happened. You need to understand, this is from the data out, okay? We are very close with the signal-to-noise. On Azure AD, Active Directory, Okta, we can see any abnormal behavior before you hit the data. If any stealthy attack is just touching the data, we tell you what happened. If something happened, we are coming in, and the time to resolution is super fast. Think about it. Just think about all the coordination, all the work that I just said, everything is happening automatically from our cloud.
If we see any issue, and we want, y ou know, we need to update any threat model, we just do it in the cloud, and it's going to all the customer population. The reality is that companies with the right data set, usually in technology, they reap big rewards. Hands down, we have the most important metadata for data security. Think about what we can see across thousands of customers. Once this metadata is in the cloud, it's in orders of magnitude more valuable for analysis, okay? We have really a bird's eye view on everything that is data-centric and all the behaviors that are going across the customer environments. When we have enough customers, we see millions of users and data profiles in services across all critical data repositories and user repositories.
Like, this is the best data set for data-centric threat detection and response for analysis. Like, with everything that we are doing for analysis, it just night and day. We will help customers to see new threats more quickly, even threats that are very subtle. You know, sometimes if it's an insiders or an APT or just an orchestrated attack, you know, we see many of those. You know, you're talking about something that, you know, it can be like a state actor level. You see today a lot with in the commercial space, as I said, because of crypto, you have critical data, I want it, we will put effort, and I know how to get paid. This is something that is very important.
We see everything from the cloud, really the signal-to-noise ratio work extremely well. We can see every stealthy attack without customer involvement. The best way to understand it is SolarWinds. When the SolarWinds attack started, we saw it, we saw the signal in individual customers. You know, we're going to every customers, we see a service that is doing this SolarWinds service, they're doing something that is fishy. With SaaS, we would have seen it across all the customers and stop it immediately. Like, no two ways about it. We would have seen it, you know, immediately. 10 customers, same service attack, same attack, kill the service, done. If you understand, we've been going to thousands of customers one by one, calling them, for one click from the cloud. This is a threat model, boom, kill it, done. No attack if you ever want.
Think about it for a second. Everything gets faster and more powerful. Alerting is faster, new threat models and techniques are faster. We create new threat models almost immediately. With the self-hosted, usually the way that we architected the SaaS, this is what I told you regarding building everything fast. We're making sure that the analysts, you don't need to go to engineering, can build their threat models very fast. What took us three to six months, take us now two days, and we can do it in two days, we can update the whole customer environment. We enable them, obviously, automatically. We enrich everything with new threat intelligence, and threat are detected and stopped with no customer effort. With the self-hosted platform, customers got a lot of value.
Actually, when they bought more, they got more value with less effort. There was correlation between effort and value. You need to put effort in order to get a lot of value. We totally changed the game with the SaaS platform, and the key was to change the equation. Much more value with significantly less friction and many times no effort at all. Complete reverse correlation between effort and value. As you add more coverage, you get less effort. You need to invest less effort. You get more value. Brian will show you how everything works in the product tool. I hope that I did a decent job, and you will remember three things from my presentation. One, most of the security efforts are to protect data.
It's make sure to put the effort where the data is. We are in the business of automated outcomes. You know, a lot of you ask me, you know, how it works and what it does. You need to understand today, we analyzed very well our customers, what they need to do, the most complex data environment in the world and, you know, the common ground between them, how can we go and solve the problems automatically and in places that we can solve it completely automatically, how we can augment it with our services, with our partner services, that customers will need to do very little only to pay. The other thing, that we build a tremendous SaaS asset.
First, it is the right architecture to make sure that we can reduce the friction, build all the automation and the outcome, and also the ability to create new functionalities very fast. To make sure that the economics of the cloud works very well. When you are doing a transition like that, you're not, you know, a startup, that it's very important that the economics work very well and it will be highly scalable. You know, I know that everybody are busy and, the weather is, not so good. I'm grateful that you took the time. I'm really grateful for your interest. With that, let's hear from our customers.
The Varonis SaaS offering was very important to GPC.
To not have to manage those systems and move over to the SaaS solution was huge.
We don't have to worry about maintaining the infrastructure, performing upgrades. It's also a little bit more cost-effective.
The inflation process was very simple.
That install was the smoothest that we experienced.
The first day of having Varonis on our network, we found hundreds of files with credit card data in it.
The number of sensitive data files out on our OneDrive was staggering.
We've discovered some PCI, PII, PHI.
We had a lot of information that is sensitive for us that we found that was shared by anyone who has the link. It's kind of scary really to see that information, you know, exposed like that.
The easiest route right now is just to click on that file and say, "Share with anyone, give me the link," and then they just email it. That's just how it is with Office 365, and there's a lot of applications like this one.
One of the great things about Varonis is that ability to automatically take remediation efforts. We're not really staffed to effectively remediate.
Varonis makes it super easy.
When Varonis notices sensitive files out in OneDrive or SharePoint, and people have created open access links to those files to share them, we're automatically remediating those links.
Quite frankly, we're fighting a war. The number of threats coming through, it's exponential. They're gonna try to phish you, they're gonna try whatever they can to try to get credit card information, tax information, Social Security numbers, whatever they can do to try to get that information.
If you're under a ransomware attack, people have one of your users' credentials. If they have your users' credentials, they can not only exfiltrate data out of your network, but they can also see these links that, you know, people have created to share these files.
Having something that's surveilling your environment is really critical. You will not be able to keep up if you don't use technology to help you.
To have a system out there that's monitoring our network in real time, noticing when files are being shared, when files are being created, files are being deleted, it gives us a little bit of peace of mind. Varonis will notice that files are being encrypted. It notices the user that's doing it, locks the user out of Active Directory, and stops the bleeding. You know, it could be an insider threat also, you know, someone who's fixing to leave, right? They just wanna pull all the data they can. Well, Varonis will notice that, alert us, we can go talk to the user and see what's going on.
We're looking to shift more from just being entirely reactive to more on the proactive and predictive side based off of the analytics that Varonis provides us. It is a key element in our insider threat transformation.
The big thing for us is having that one-stop shop, being able to actually investigate and drill into different things, not only on-prem but Office 365, kind of bringing it all together in one area and be able to actually do the remediation. I've done contracts with Microsoft, IBM, Salesforce, Oracle, AT&T. You are easily top five vendors to do business with, the best I've dealt with in a long, long time.
The Varonis package, for us is kind of a godsend. Simple to set up, simple to implement.
Hi, everybody. My name is Brian Vecci. I'm our Field CTO. I've been at Varonis now for about 13 years. Yaki said that the launch of SaaS is the biggest thing we've done from a technology perspective since the launch of DatAdvantage or the founding of the company. I agree. I've met many of you before. For some of you, it's new or I'm new, thank you for coming today. I'm as excited about our launch of SaaS as I have been about literally any other product or feature or functionality launch since I've been at Varonis in 2010. What I wanna do today is explain to you why.
Show you how this works, what's changed, where and how we fit in the security and technology landscape, give you an understanding of what makes Varonis unique and why nobody else does what we do in the way that we do it, and give you context about especially how our customers reach these outcomes. How does this work and how do they get value? All the customers you just saw, what do they actually see and how do they use this? The core problem we've been stating over and over and over today is that data is the most valuable digital asset that a company has. Nobody breaks into a bank to steal the pens. Somebody breaks into a bank to steal money.
If I get access to a device or an account or an application, if I phish one of your users, if I'm an insider, the target is always data. We have more of it on premises than in the cloud. We have applications that are connected together, creating and using data. We have users collaborating inside and outside, and security teams are stretched thin. There is no enterprise with enough people and time to go fix every problem, to understand all of the data that they have and where and how it's exposed and how it's being used. You put all this together, the blast radius of a potential attack or an incident or a mistake is massive.
The number of shared links, the number of files, the amount of sensitive data in all of the places that it lives, means that if something goes wrong, if a single account is compromised, if a user breaks bad, the blast radius is huge. Threat actors, whether it's an insider or an outside attack, a cyber criminal group, an APT, they go after data. Data is the target. We're the only ones that protect data in the way that we do. We see this everywhere. You've heard us talk a lot about risk assessments. I wanna show you today what that risk assessment actually looks like.
To give you a sense, whenever we go into a new customer, a new enterprise, or with an existing customer on a new data store, like they've got us for on-premises file systems, and now we wanna look at 365, we always see the same thing. Organizations have data that they didn't know about that's highly sensitive, exposed to people and applications that they didn't know about, configurations that are broken that could expose things, being used in ways they didn't expect. It happens everywhere. We know categorically, when we go into a new data store or a new enterprise, this is what we're gonna find. Data in places it's not supposed to be, accessible by people and applications that shouldn't have any access, being used in ways that it probably shouldn't. The trick is, who is actually going to go and fix all of these problems?
The outcome is that you want data to be protected. You wanna quickly detect and respond to threats, but if you don't have enough time and people to go look at the hundreds of thousands or millions of files that have sensitive information, that are exposed to people who don't need it, how are you actually gonna fix these problems? If you want to protect an asset, you need to understand it. One of the ways to think about this is, if you were to buy a company, what would you need to know about that company in order to make an intelligent decision? Well, you'd need to know the company's assets and liabilities. You need to understand how it makes money and what it spends money on. You need to understand its operations. The same thing is true with data.
If you wanna protect data, you need to really understand it. What does it mean to understand data? Well, you need to know whether it's important or not, or sensitive, or regulated, or valuable. You need to know whether data is somebody's vacation photos, on their laptop or whether it's PII, or customer information, or health information, or intellectual property. Sensitivity is just one lens that you would look at that data through. You'd also need to understand how it's being used, right? Who's actually creating and using and collaborating so that you could potentially catch a threat. You'd also need to understand the risk. Something that's locked down to just two people and doesn't have anything sensitive is a completely different level of risk than something that's highly sensitive that's open to everybody in the company, or these days, everybody in the world.
I can right-click on a file, create a link that anybody in the world can use to access potentially sensitive information. There is no CISO, there's no analyst, there's no engineer, there's nobody that we would talk to and say, "Is any of this not important?" Everybody says yes. The trick is, if you don't have all of this information, you can't actually get to the outcome that we're talking about. If all you know is what data is sensitive, if you've gone out and you've classified everything, you haven't actually solved the problem. The problem you maybe solved is now I know what sensitive data you have, but in fact, all you've done is create hundreds of thousands or millions of new problems, 'cause what do you do about it?
If all you know is how data is being used, if all you have are logs, well, you can't prioritize risk. What do you do with that? You don't have any context about how people are using data and why they're accessing it, what they're actually doing with it. If all you have is information about identities and permissions, well, again, you can't prioritize risk. You don't know what's important, and you can't fix anything, because you don't know what's gonna happen when you do. You can't fix anything if you don't know what's going to break. If you don't have all of these, the sensitivity, the permissions, the configurations, and the activity, you can't get to these outcomes. Varonis protects data where it lives.
We are the only technology that is this close to the data, and we've followed the data since the founding of the company. We started with on-premises file systems, big NAS platforms like Isilons and NetApps and Windows clusters. Then we moved into where people were collaborating, Microsoft 365, OneDrive, and SharePoint Online, and Teams, and Azure Active Directory. We moved into other SaaS applications and file storage like GDrive and Box, Salesforce and GitHub, object storage, and Amazon S3. We've followed the data and relevant behaviors wherever the biggest risks have been. What we do is, in all of these data stores and applications, we look at the data and related behaviors through those lenses. What's sensitive and what's important? Where is it? Where is it at risk? How is it at risk, and how is it being used?
We fix the problems that we find automatically. What we do is go out to data stores, find sensitive data, figure out what's important, map all of the configurations and identities, and permissions and links that get people access and expose data, and we monitor how it's used. We build automation on top of all of that. When we talk about outcomes, when I say our customers get valuable outcomes, what we mean is that when you have Varonis, you have visibility. You know what you have and where it is and how it's being used and where it's at risk. As Yaki said, I couldn't agree more. Findings fatigue is a real thing. Just showing you findings doesn't fix a problem. It's what am I gonna do with this?
We build automation on top of all of this analysis and intelligence, and we can automatically reduce the blast radius. We help ensure that only the right people have access to just what they're supposed to have access to, especially as things change. Just because I'm supposed to have access to something doesn't mean that what I'm doing with it is safe. Maybe my account got phished. Maybe I'm an insider breaking bad. We monitor the data. We monitor the target. We monitor what's important, so we know really quickly when something goes wrong. We reduce the time it takes to detect and respond to threats.
When you do all of that well, when you find sensitive information and map risk, when you monitor behavior, when you make sure that there's, we can call it least privilege, we can call it Zero Trust, we can call it Privacy by Design. There's lots of ways to talk about this, but the idea is everything's locked down and you're monitoring it effectively. Compliance and privacy becomes easy, becomes simple. It becomes a by-product of everything else that you're doing. Everything that we do gets better and faster now that we're a SaaS platform. I cannot understate this. We could spend, many of you have talked to me about this, but I could spend hours talking about all of the benefits, but I wanna sum things up to give you a sense of why this is so important.
With a self-hosted solution, if we wanted to do a risk assessment or we wanted to expand to a new data store, a customer needed to provide a fair amount of infrastructure. They needed to provide servers and database licenses. All that goes away. One minimal collector. That has a lot of benefits on its own. One collector, we handle everything else. The deployment happens in minutes, and you see value right away. It's also easier for us to ensure that a customer's environment is working properly. We see the issues before they do, and we can fix them without the member needing to give us a call. Previously, if there was an environmental issue, maybe our customer knew about it, maybe they didn't. When they saw an error, they would call us up.
We had to dial in, get on a Zoom, start fixing things and diagnosing them. Everything's in our tenant, everything's in our SaaS. We see it before they do, and we can fix it, and everything is so much more scalable. We don't really run into sizing problems anymore. We can develop new classification policies to find more types of sensitive data more accurately, and more threat models to detect and respond to especially advanced threats. We can develop them faster, days instead of weeks or months, and we push them out to all of our customers. They don't have to go through an upgrade. We see a new threat vector, we see a new attack, the next Log4j, the next SolarWinds, we can develop a threat model. All of our customers get it. They don't even know that they have it.
We're able now to build more automation into what we do. There's automation in our SaaS platform that never even existed in the self-hosted solution. Not only do we have better and we can deliver threat models more quickly, now we can be proactive about incident response. We can reach out to you when we see a threat before you even know that it's there. All of this is predicated on the fact that we can now build and release new features and functionality much, much more quickly and deliver them all to our customers effortlessly. Yaki has said we've had more press releases for new features and functionality in the last three months than we've had in the last three years. We're able to innovate much more effectively now. I wanna take you through what this actually looks like. The goal is to automate data security.
If you don't automate it, there's a really good chance that you're not gonna do it. We wanna make sure that these outcomes are as effortless as possible. The less effort a customer needs to put in in order to get value out of what we do, the better off they are. That graph that Yaki showed you, less effort, more value. I'm gonna show you what this actually looks like. I'm gonna put this into context, tell some stories, give you a sense of what our customers see and how they use it. It starts with visibility. You can't fix something that you don't know about. One of the biggest issues that every enterprise faces is that they don't even know where they're at risk. They don't know what's broken. You heard the customer testimonials.
We found hundreds of thousands of sensitive files in OneDrive. They didn't even know that they were there. The number of hospitals that I talked to. There's a CISO at a medical center down in Florida. What they said before they did a risk assessment with us is, "We don't have any patient records on our file systems." I said, "Well, do the risk assessment with us just to be sure. We'll just verify that for you. We'll do it at no cost. It'll take a couple of weeks at most. It's no effort on your end. We'll do all of the work. We'll find all the sensitive, w e'll classify, you know, configure the classification, and we'll set this up. You don't have to worry about anything.
At the end of a couple of weeks, you'll verify that there are no patient records on your file systems." What did we find? Millions of patient records all over the place. You can't fix things if you don't know that they're there. Here's what we mean by visibility. The first thing is, I've talked a lot about sensitive data, finding sensitive information. A couple things to note here. There are other ways. There's other technologies to go out and find sensitive data, right?
The advantages that we have is, first of all, it's a single set of policies, single set of rules to go find sensitive information wherever we look, whether it's an on-premises file system or OneDrive and SharePoint and Teams and 365 or in Salesforce or in GitHub to look for things like digital secrets and passwords and tokens that people might be looking for. It's a single engine. It works out of the box. It's highly configurable, which is really important because every enterprise is a little bit different, and if the classification is noisy, if I do a scan and suddenly tell you, "You know what? 99% of your data is highly sensitive," that's not very helpful, right? Doesn't help you prioritize anything. In fact, it could make things worse, and I'll explain why.
We make it really easy to ensure that this is accurate. We even have a team. Every one of our customers, when they deploy this, we come in and we make sure this is accurate. We verify with their legal and compliance team. We found PII, we found PHI, we found HIPAA data, we found PCI data, credit cards and other financial information. Is this right? Let's verify it. Great. Finding sensitive data, even if you did that accurately, doesn't actually solve a problem because by itself, what do you do with this? All you've done is say, "Yep, I've got lots of sensitive information." This is one key piece of visibility, but it's not where we stop. We go to every application, Azure Active Directory and Active Directory, Salesforce, GitHub, Okta, Zoom, Slack, and we map all of the configurations.
These are the settings that could expose things. In David's video, you saw the biggest data breach in Australia's history was based on one misconfigured API. We map all of that, show you the stuff that needs to be fixed. We look at the permissions. This is something nobody else does. We go down to every file, every folder, every SharePoint site, every team site, every Salesforce record, every GitHub repository, every S3 bucket, all of the places that we're looking at data. We go down to a very granular level, and we figure out all the different ways that all of these people and applications could get access to data. We help you understand not just where it is and what it is, but where it's at risk and where it's exposed. That means we can put all of this together to show you your data security posture.
Where do you have lots of sensitive information that's exposed to lots of people? However it's exposed, whether it's through a shared link or a configuration or a misconfigured folder permission. These become KRIs, key risk indicators for your data security program. We also monitor every single data touch. Every open and create, and move, and modify, and delete. Every link creation. Every time someone changes a permission or creates a user or changes a setting, we record all of it. Without doing anything, with just turning us on and with SaaS, that takes a few minutes. Now you know so much more about your data, about the most valuable digital assets that you have. Visibility is just step one. I can give you findings, but what do you do with it? You can't fix what you don't know about.
What do we do once we have visibility? The key here is automation. If we required that you needed somebody's time, an engineer's, an analyst's time, and these are not cheap roles to fill, to go and fix every one of those hundreds of thousands or millions of risks that we found, you are never going to do it. Sure, you've shown me that I've got millions of files that are open to everybody in the company, but what am I supposed to do about it? I can't delete it, and I can't just lock everything down, because if I do that, what's gonna happen? Everything's gonna break, and I can't do that.
We used to hear, 10 years ago, we would come in and before we did a risk assessment, a CISO might say, "You know what? You're gonna do this, and you're gonna, I know probably what you're gonna find. You're gonna find lots of data that's wide open. You're gonna find lots of sensitive data, and then I'm gonna have to fix it. I don't have the time. I don't have the people. I don't wanna do this." We don't really hear that anymore because we don't live in a world where you can bury your head in the sand. If the outcome is that everything is locked down, we need to do it automatically. I wanna show you an example of why automation is so critical. I'm gonna show you a few examples as we go through this that are slides from customer risk assessments. We didn't create these for this presentation.
I just went into customer risk assessments in QBRs, and I'll talk about that process, where we review their metrics, and I just copied and pasted them and put them in this deck because I want you to see something real. This came from a risk assessment that we started in December. They are now a customer, and we're about to go through the automation process. I wanna show you the before to give you a sense of scale about why automation is so critical. We went and scanned on-premises file systems. This is at a medium-sized enterprise. The way we broke this out is we're looking at all of their shared data. This is the data that gets locked down when you get hit with ransomware. Here's what we found.
Eight million folders that not only can be read and stolen by any single employee. This company, when they have a new employee start on Monday morning, that employee opens their laptop and logs in. They haven't asked for access to anything yet. All they've done is log into the network. They have access to 8.8 million folders, which is absurd. Imagine if you allowed every employee access to all of the money in your financial accounts. The other thing that I wanna highlight here is we started in December, now we're about ready to start the automation process, it's been a couple of months. The problem is big, the problem is growing fast. This doesn't go away on its own.
In order to fix this problem, in theory, if you'd never heard of Varonis, you'd have to go to 8.8 million different places and try to figure out, okay, who's supposed to have access to this? Is it just the people in the marketing department? Is it just this finance team? Is it just this engineering team? Who's actually gonna make all those decisions? The answer is nobody. The other option is you delete all this data, but that breaks things. This is a huge amount of really valuable information that people are using every single day. If you delete it all, well, you break everything. The reason that this problem never gets fixed is that nobody knows what's gonna happen when you try to fix it. This is why you need automation.
Nobody's got enough time to go look at 8.8 million different folders. Here's how our automation works. I'm gonna break this out into the ingredients that go into how we provide this automation, 'cause what's really key here is each one of these is unique to us, let alone when you put them all together. The first is obviously the classification. This helps for prioritization. Where do I start? What's the biggest problem? What do I need to fix right now because it's a massive compliance thing? This is the data that's gonna get lost or stolen or misused that might put us out of business. We do that across on-premises and file stores, on-premises and cloud data stores, single engine. We make sure that it's accurate. You don't have to do any work to get that. It's all automatic.
The next is the visibility of every single account and all of the ways they can access all this data. That's how I can get that number of 8.8 million, I can break that down at a highly granular level. We know where all of these accounts combine with the groups and the entitlements and the links to get people access to data and to expose it. We record every single data touch by every single user and every single application and all the object and configuration changes over a long period of time. Here's what really makes this unique. You put all of that together, now I can go back in time. I can say, "You know what? If I were to take access away from one of those 8.8 million folders, who would be affected?
What would break?" Then you can use automation to make sure that it doesn't break. Now you can use the classification, the visibility, the auditing, the analytics that are based on all of that, and you can build automation in the change engine to go fix the problems without any effort. Here's what it actually looks like. Again, this is another customer environment. We start with, here is where you're at risk. Here is exactly what we need to do to fix that risk. We make it easy to, right out of the box, just turn on automation. I wanna remove shared links that expose data. I wanna get rid of global access out of my file systems. I wanna make sure that these configurations don't expose us.
It's as easy as turning on a piece of automation, deciding where you want to run it, when you want to run it, and then clicking Go. Your environment basically becomes self-healing. We make it easy to get to this outcome. Here is what this actually looks like when we do this. I'm going to show you examples from three different customers. These are slides out of customer decks. Some of them they use to present to their board. This is how we measure success. When I say the outcome of your data is protected, here's what it actually looks like. I showed you an example of a before. Here's an example of after. This is a slide from what we call a customer QBR or a quarterly business value review.
This is when we sit down every single quarter with all of our customers and show them, "Here is what you cared about. Here's why you cared about it. Here's what we've done, and here's how you've measured success." I'm gonna make this easier for you to read. I wanna focus on one very specific thing. This is a manufacturing company in the U.K. They had 700,000-- 698,000 folders that were open to every single person in the company. This was a massive problem. Most of this data was highly sensitive. There was lots of GDPR data. They had to implement Privacy by Design. They had absolutely no way to do it. In December of 2021, they started. By March, it was down to basically zero. The reason that number is not zero is it's a lot like mowing your lawn.
You cut the grass and things start coming back. It starts growing again. What was interesting about this particular customer, and the reason I stole this slide, is that it was a really fun story. This was I was in the QBR, the CISO was presenting to the CIO the results of their data protection program. The CIO said something that I'll never forget. We were looking at these numbers. The CIO said, "I don't believe you." He said that to the CISO, "I don't believe you. I've done automation like this in the past. There is no way you're telling me that you made almost 700,000 changes and nothing broke. I don't believe you." What the CISO said was, "Yeah, we actually got a help desk call." The CIO said, "Gotcha." He said, "Well, here's what happened. We got a help desk call.
A woman came in and was unable to run a report. She got an access denied error. She called up, our help desk. We gave her access back, and we actually started to panic 'cause we thought this was going to be like the dam was about to break. Everything was gonna blow up. We had broken everything. That's what we were worried about, but nothing else happened. They gave her access back. She was able to run a report, no disruption. It was no problem." They did an analysis. Why did this happen? The way this automation works is, remember, we're looking at how data is being accessed by all of these people in applications. What Varonis does is we go back in time. For every one of those 698,000 folders, we go back in time.
This particular company decided that their policy was, "You know what? We don't want data open to everybody, but if you haven't touched it in the last four months, we're gonna take it away because you probably have no reason to access it." That was the policy that they decided. When they did this analysis, they found that this woman had been on maternity leave for five months, hadn't touched any data, came back in, and what the CISO said was that it proved Varonis did what it said on the tin. It worked exactly as it was designed. This was the exception that proved the rule. Let me show you another example. This was from another customer that went through this process, and I just wanna show you just how dramatic the reduction of risk is.
What you're looking at are two different graphs of the amount of data that is open to everybody. On the left, it's everything. On the right, it's just sensitive information, which is often really useful to prioritize. What you see here is that there is a ton of data and a ton of sensitive data that was open to everybody, and it was growing over time. We're looking at a graph that goes from, what is it? July of 2021 right till October. You can see over the course of a couple of days in October when they started the automation process. This illustrates how dramatic and fast the reduction of risk is, and nothing breaks. There is no other way to do this, period. You can go out, you can find sensitive data, you can aggregate logs, you can look at identities.
There is no other way to get this level of reduction of risk. The last example that I wanna show you is from a retailer out in California. They had to present to their board, "What are the results of our data protection program?" This was the one slide that they used. They went out, and they used Varonis to find lots of different kinds of sensitive data. You can see there's HIPAA data and PII and PCI data, which is totally normal. They're a retailer. They have employees. They have lots of highly sensitive information. That middle one, they have lots of clear text passwords that people were storing. The Excel spreadsheet is the new Post-it Note, I guess. People just store their passwords online, which is really useful if you're a threat actor. They also had a lot of California consumer information, CCPA data.
This was the reason that they had a data protection program. What they were able to prove is not only did they know about it, but that none of it was exposed to people who didn't need to have access. This is what this outcome actually looks like. We're able to implement this to get a customer to an outcome with almost no effort at all. You turn us on, let us run, the automation is automatic, it's out of the box. We make sure that it works, and we come in every single quarter to show you that it's working. We're able to do things that would take years or decades to do. This is a regional healthcare company. By their math, they thought if they were to try to do this on their own, it would take three and a half years. I think that number's soft.
It probably would have taken them a lot longer. That's assuming nobody created any new data while they were doing it. There was another bank on Wall Street. They had petabytes of data open to everybody. They hired a team of 40 people and said, "Your job is to lock down open shares." They estimated the project would take 18 months. After four years, they had gotten through 1.5% of their data. In fact, they'd broken more things than they fixed. This is an impossible problem to solve. We do it automatically. A lot of data protection conversations these days focus on data loss prevention or labeling. If you're using Microsoft 365, what Microsoft will tell you is, "Here is how you can protect your data." In theory, we're gonna apply a sensitivity label.
This is what we mean by a label to a file. This file's got a lot of information in it. We're gonna mark it as highly confidential. This file has a lot of financial information. I am going to mark it as highly confidential, right? I'm gonna apply a label to the file. You can do this manually, you could do this automatically. Then you create what we call policies, you can do this in Azure, that'll prevent things from happening to that file. You can prevent the wrong people from accessing it, or you can block it from being emailed or sent or shared, or you could do things like block it from being printed. You can make sure that it's encrypted, so that if it does get stolen, somebody can't have access to it.
You mark the file, you create the policies, and then DLP, Microsoft Purview Information Protection or Azure Information Protection or Microsoft Information Protection, whatever they're calling it this week, all these policies just work. It's like magic. It's great. What's the problem? Why doesn't this solve the problems that we're talking about? Why doesn't this protect data? The first and biggest problem is that most of your data doesn't have a label on it. Who's gonna put it there? If you use classification that's noisy, for instance, there was a major utility in the tri-state area here who tried to do this, and what they found was using the built-in classification that they had access to, it marked 99% of their data as sensitive. When you do that, suddenly all these policies are blocking everybody from working.
Or, you've got petabytes of data on premises and tons and tons of information in the cloud that doesn't have a label on it, and you don't have enough people to go mark all of this stuff. The files either have the wrong label or really frequently don't have a label on it. If the label isn't there or if the wrong label is on it, none of the controls I just talked about work. Everything breaks. You get in people's way, or all of this data starts slipping through. Even if you wave a magic wand, snap your fingers, and all of this data is accurately labeled, this is just one preventive control. It still doesn't solve the insider threat problem. It still doesn't solve your threat detection problem.
It's useful, it doesn't solve the data protection problems that we're talking about. Varonis makes DLP work. What we do is when we go out and do all this classification, we identify all the files that are sensitive that don't have a label on it. This is a great reason that a lot of our customers these days are doing risk assessments. They have a labeling and data protection program. They wanna make sure that the labels are accurate and, spoiler alert, they never are. We go out, and we automatically identify all the files that are sensitive that don't have a label. We take it a step further. We identify files that are either mislabeled or missing labels, and we either fix the label or apply it. We don't replace what happens by the user.
If the user wants to mark it as highly sensitive, that's great. We don't get in their way. What we do is make DLP actually work. I'll tell you a story. There's a global casino. You would recognize the name if you've ever been to Las Vegas or Macau. They had a massive labeling project because as you can imagine, they have a lot of very, very sensitive data. They have a lot of highly confidential financial information about some very, very wealthy people. What they found was two things. One, most of their data didn't have a label on it, so they couldn't actually implement these policies. Two, their users were actively mislabeling documents because when a document is marked as sensitive, suddenly they were getting dialogues that say, "You can't email this.
You can't print this." Their users were trying to find ways around it. The other thing that they realized is that the same person would label the exact same document differently depending on the time of day. If you've had lunch, you're more likely to think critically about what you're looking at. They used Varonis to automatically apply all of these labels. They said without us, they would have absolutely no way to operationalize this. This program's been a massive success. We help put good, what we call preventive controls in place. We make sure that data is locked down. We make sure that it's not exposed. We do that automatically. We make sure that the DLP controls to do things like blocking are accurate and applied. Those are preventive controls, what's also critical are detective controls.
To put this into context, your credit card company, all of us here have a credit card on them. Your credit card company is very, very, very good at detecting financial fraud because they watch every single penny that goes out of every single account. They also know who you are and where you live and what you shop for and where you're traveling. When something goes wrong, they know about it quickly. If you've ever had an issue with a credit card or a debit card, you know. You get a text and a phone call and an email within seconds. That's 'cause they watch the money. They have other context about how that money is being used. If you want to catch a threat to data, that's the whole point. Every security initiative is about protecting data.
You want to catch a threat to data, you watch the data. I could go through a detailed example of any recent breach, whether we talk about SolarWinds or Log4j or even WikiLeaks and Snowden and all these other insider breaches. The tools and the techniques constantly change. There are always new threat vectors. There are always new exploits that you can take advantage of, but the goal is always data. Going back to the first thing that I told you when I got up here, nobody breaks into a bank to steal the pens, they're after data. If I, as a threat actor, get access to an account, if I phish one of your users, or I break into a device, or I get access to an application, I crack one of your APIs, I'm going after data. That's the whole point. Ransomware goes after data.
Every data breach is after data. We monitor the data. We monitor every single data touch from the moment you turn us on. We also monitor the ways that you get access to data, all the authentication traffic and the object and configurations. We record every single event. Varonis is not a SIM. We're not something like Microsoft Sentinel or Splunk or QRadar. Valuable technologies, we do something completely different. What we do is we monitor all of this behavior and every single event that we collect, and for some of our customers, you're talking about billions of events a week. Every single event gets cleaned up. Instead of looking at something that's this inscrutable text file, we make it really easy to understand. Amy here is accessing this spreadsheet that lives in this place from these IP addresses at this time. We make it human readable.
This also means that we can store billions of events. This is critical. We need to have a long-term record of event activity, part of what we're doing when we're collecting all this information is making it easier for us to process and store. We take it a step further. The thing that only Varonis does is monitor the data and then add more information into every single event. Billions of times a day for some of our customers. Every event that gets collected, we add more information to it. We classify every single account. We know the users that are administrators. We know your executive team. We know which accounts are what we call service accounts. These are application accounts. We add that into the event. Now we know that this event is by Amy, who is also an executive.
We've already scanned every single file. We know that this document that she's touching contains sensitive data. We know if it's got PCI data or GDPR data or intellectual property, what have you. We add that into the event. Now we know Amy, who is an executive, is touching a file that is sensitive. We can look up her device name. We know that Amy is using this laptop. We even know where she's coming from. We add all of that into the event. What's happening here is Varonis is creating a record, kind of like a bank statement, that is really easy to understand, where we can store lots and lots of information, and we've added more information into the event that didn't exist in the original event. Nobody else does that.
Now we've got billions of events that have been cleaned up with all this additional information in it, so now you know what's normal. We know that Amy here is an executive. We know which device she uses. We know where she comes from. We know she's got access to a ton of data because we mapped all those permissions. We know that she has access to a lot of really sensitive information. Doesn't usually touch it. Sometimes she does. We know who her peers are. We know what times of day she normally works. Now, alert fatigue is a real thing. If I generated an alert, if Varonis generated an alert every time Amy logged in from someplace new, we call that a geo-hop or an impossible travel. Well, she's an executive. She's traveling constantly. Of course, she's logging in from someplace new.
If I chased every alert by every user that logged in from someplace new, that's all I would be doing. I'd be chasing ghosts. Similarly, if I got an alert every time Amy used a new device, well, maybe she got a new phone today, or maybe she dropped her laptop and IT just replaced it. I'd also be chasing ghosts. If I got an alert every time Amy touched something sensitive and I shut down her account, that'd be catastrophic. I'd prevent her from working. I'd probably get fired if I did that.
If I got an alert that Amy is using somebody else's device, in fact, it belongs to one of our engineers, and she's logging in from a place that she's never been, and she's accessing a bunch of sensitive information that she's never looked at, you put all of those things together, this is real. This is important. This is something I want my security team to go look at. That's how when we say Varonis generates a really small number of high-fidelity alerts, that's what we mean. We don't generate noise. We generate alerts that are really useful, and they're useful because they're about the data, and they give context about the user and the device that she's using and where she's coming from and what she's touching and why it's strange. That's how we reduce how long it takes to detect a threat.
We're not generating noise. We're generating really useful alerts about the target. We also generate alerts earlier in what we call the kill chain. We light up really quickly because we see that the SolarWinds service account is now accessing systems that it's never looked at before. That's how we catch those kinds of things. We make it very easy to come to a conclusion about what happened, time to response, time to recovery. We make it really easy not only to see that something happened, but to know, you know what? Amy's account and this device was accessing data not just in OneDrive, but also on our file system. She accessed Salesforce, and something weird happened in Zoom. We connect all of those dots together really quickly.
The whole reason that we can offer incident response services at no additional cost is because of this, because our IR team doesn't need to spend hours or days or weeks trying to figure out what happened. During SolarWinds, during SUNBURST, during that period, as Yaki said, we had a lot of customers that were getting alerts about what was happening, about SUNBURST. We didn't know it was SUNBURST then. We saw these SolarWinds service accounts. We would get on these calls. I was on one of them. Another incident response company was also on this call. They'd been contracted in to help with the recovery and response for this breach. He said something really interesting. He said, "You know what's funny?
We get called in, the first question we always get asked is, 'What data was touched?' Everything else you can rebuild and recover, you can rebuild the application, you can, you know, restore backups, you can get everything back up and running. You know what you can't do? You can't recover data that was stolen. We always get asked what data was touched." What he said, and stuck with me, was, "You know, I always answer, 'Do you have Varonis? Because if you do, just ask their guys, they'll show you. It'll take a couple of minutes.' If they don't have Varonis, we're there for weeks. Maybe we can tell them that this account authenticated to this network or accessed this server, but we can never actually tell you what data was touched.
We're the ones watching the data." I want you to hear from a customer that has gotten some value out of Varonis Incident Response. What I want to highlight here is now with SaaS, because we see our customers' data and we don't need to dial in or get on a Zoom to investigate things or to tune things, we do it for them. Now our incident responders are dramatically more effective, and we can be proactive. If we see something before you even see it, we'll call you. Our proactive incident response means you'll get an analyst. You deploy Varonis, you have somebody that's looking at your data and looking at your alerts, and we'll look at them every day. If we see something, and we're experts, we'll know, yeah, this isn't important.
It's a real alert, but it's probably not something you need to worry about. When we see something that you do need to worry about. There was a hospital down in North Carolina, they got an alert, and they thought it was noisy. We reached out and we said, "You know what? This looks like it might be real. One of your administrators has been resetting passwords of user accounts, and then those user accounts are accessing HR data." What they found was when we did the escalation, we reached out and we did the escalation. What they found was one of their administrators was going into HR folders using other people's accounts to look at employee salary information and then using that as part of their annual review. It was a really effective strategy to get bigger raises until we caught them.
This is the kind of thing that happens all the time. Now our customers don't even need to do the work themselves. When we see something, we'll reach out. Here's a customer that's had some experience with this.
Moving to SaaS reduced our overhead. Everything's in the cloud, which is a huge benefit for us. We were able to consolidate a lot. Instant results. You give it probably 10, 15 minutes, and you're already starting to see that data in the cloud. We've seen the value right out of the gates. Our implementations team was able to pick up on a few potential threats. Very proactive. They engaged us before we engaged them. There was some activity that they noticed in the SaaS platform. This attacker was going low and slow. They weren't triggering any of our lockout policies or anything like that, they were trying to access our VPN outside the SaaS platform. We'd have never known. The value is immeasurable, in my opinion, being able to inventory and classify the data. I mean, that's a huge task.
Being able to provide the analytics around access and the movement, you know, movement of the data or at least the activity around the data, there's not any other platform out there that I know of that's able to do both. All the threat modeling that goes along with that, is huge.
SaaS changes the game for us. We don't need our customers to provide really any effort, and they're getting these outcomes. We're able to detect things that nobody else can. We're able to reduce the time it takes to detect a threat, respond to it. We lock everything down to make it much less likely that a threat actor, an insider, an outside attacker would even get to things. They have to jump through so many more hoops, which makes it much more likely that you're going to catch them. I want to address the competitive landscape. I get asked by all of you every time we meet, "What's the competitive landscape? Who do you compete with?" I wanna put some of this into context because I've tried to illustrate as we go through this all of the unique things that only Varonis does.
When you put everything together, there is no other vendor that does what we do in the places that we do it. Outcomes are what's important. Data is protected, the time to detection and the time to threat is reduced, and compliance becomes easy. Nobody else can do that in the places that we do it. We are solving the biggest problem in security. There are other vendors and technologies that try to address this problem. The way to think about this is there are point tools that will do single use cases on single platforms. There are other ways to go out and find sensitive data, but once you've found it, what do you do? There are other ways to log access. There are, of course, you know, SIM vendors, and I'll talk about those in a moment too.
If all you have is logging, where are you at risk, what's important, and how do you fix anything? There are also reporting tools that will look at, for instance, identities or group membership, but that does not give you the depth of visibility, and it doesn't help you solve the problems, even if you happen to find them. Even if I had a tool that could tell me that eight million folders were open to everybody, what do I do next? I've got findings, great. I don't have the people to solve it, so I'm gonna shove it in a drawer and not worry about it and hope that nothing happens. There are also, of course, adjacent product categories that generally we're complementary with. I talked a lot about DLP. You know, Purview Information Protection because that's a great alignment. We make it work. Similarly with CASB.
CASB is DLP for the cloud. It doesn't solve these problems. SIEM, it's a log aggregator. We send our alerts to the SIEM. We make your SIEM implementation much more valuable because now you're getting a small number of alerts that have all this context, and you can use your SIEM for further correlation on the things that Varonis doesn't look at, like network activity and things like that. Identity management doesn't solve the problem of data 'cause there's no connection between identity management and data. It's really about governing access and controlling access to applications, which is fine. Doesn't solve the same problem. Similarly, with SaaS posture management, it looks at surface level configurations, but it doesn't solve the problem of data. This is how organizations are trying to address this problem.
The reason we do a risk assessment is that we know whether they've got some or, in many cases these days, all of these technologies, they're not solving the problem that Varonis solves. Here's how we make it easy. We go out, and we do a risk assessment. I'll get in front of a CISO, and I'll describe what it is that we do and how we do it. They'll say, "Great, you can either verify that all of our controls are good, or you can show us where you're at risk and put together a plan for solving it." This is so much easier now that we are a SaaS versus self-hosted. We can do a risk assessment with zero database licenses and absolutely minimal infrastructure. It's up in minutes. We're collecting data.
What we can do now is in the past, in a self-hosted risk assessment, if I wanted to do some analysis to show you where you're at risk and start putting together what we call an operational plan, how you're gonna get value, and how you're gonna measure success, I needed to get on a Zoom with you and get into your environment and have you run reports that I would then correlate. All that goes away. I can do it now without any intervention from you. The first time you see Varonis running, I already know here's where you're at risk, here's what we're going to solve. We start with a risk assessment. It's easy to run. Everything is delivered as a SaaS these days, and all of the applications that we look at, it takes two weeks and minimal effort.
We're talking about an hour or two from a customer in order to get value out of it. We've also made our licensing much, much simpler. In the past, it was broken out by module, by module, by module, customers sometimes didn't know exactly what did what and why they needed different licenses. The subscription transition was huge because it allowed customers to consume more licenses upfront, we know more is more. The more you have of our platform, the more valuable it is, the more automation you get, the more value you get right away and over time with the least amount of effort. With SaaS, we simplify things. It's Varonis. Where do you want Varonis? Do you want Varonis on your on-premises file systems? Great. You want Varonis for 365? Great. You want Varonis for Salesforce? You want Varonis for GitHub?
You want Varonis for Okta? You want Varonis for Slack? You want Varonis for Zoom? You want Varonis for a hybrid environment? That's it. That's all you need to worry about. You get all of the relevant functionality so we can ensure that our customers have what they need to get value quickly. Oops, I need to go back now. Now I hope that gave you some context about how our customers use this and how what they get out of it. We're gonna take a 10-minute break now. I'm looking at Tim. 10-minute breaks. We can all go use the bathroom, and then you'll get to hear from Guy, which is why you're all here. Thanks.
Hi, everyone. We'd like to start. Hey, how are you? Good to see you. We'll head back and start the [audio distortion]. We would like to start, so if everyone can kinda take their seats, that would be great. Thank you.
I think this is the part I just stand here and wait for the doors to come down so you can't leave, so. We'll let that. It was at a sensitive time, so. You have 10 seconds to change your mind if anyone.
Okay. Ready to start. First of all, thanks everyone for joining us today, and thank all the people that have joined through the webcast. We're very excited to be here, New York City, Times Square. 4 Times Square is the address. Going back 17 years is when Yaki came into this building and sold to one of our first customers, a deal that was $100,000 at the time. It's very fitting and symbolic that we're here today talking about our plan to get to $1 billion. It's kinda closing everything together. I wanna go back to February 11th, 2019. We just announced our move from perpetual to on-prem subscription.
When we spoke to many of you, and many of the people that are listening on the webcast, we got a lot of reference to go talk to company X, company Y, company Z, in order to make sure that we know what we're doing in order to transition in the right way. The answer we had at the time was that, A, we spoke to most of them as part of the preparation to make that move. The second thing that we said is that we really wanna get to a point where when we finish that transition, we will be that company X, Y, and Z that you guys reference. That actually happened. We've received so many calls since then on companies that announced the transition. One of the lessons learned from making that transition was communication.
We had thousands of conversations with analysts and investors throughout that time. We tried to be as transparent as we could. This transition is different, much more complex, not at the same pace, and it's much more complex for us, but it's definitely much more complex to all of you. That's why we decided to have an Investor Day and kinda lay the ground. What are the important metrics? How do we see success? How long is it gonna take? In the next 45 minutes, I'm gonna try and cover all of those. At the end of the day, Yaki and Brian kinda laid the ground in terms of the technology. In my presentation, I wanna go through the whole financial perspective and tie it all together. This is really the next stage for our company.
The plan was always part of a much longer, much bigger strategic plan. The move from on-prem from perpetual to on-prem subscription, and now the move to SaaS, was very clear with a defined strategy, really trying to make sure that we take advantage of the opportunity. We are a pioneer in data security and analytics. There's a culture of innovation at the company. We invested heavily in our technology. We're a leader in data security. There's a tremendous greenfield opportunity that we're trying to capture. On top of that, we have an existing customer base with a lot of opportunity to expand with. The story of moving from perpetual to on-prem subscription was always about the customer.
We wanted to have a lower entry point, allow our customers to consume more of the product, and with that, they would come back and buy more. With our move to on-prem subscription, we strengthened our business model and got to a point where we have close to 100% recurring revenue. This move to SaaS eliminates two main objections that we have been receiving. Objection number one, we don't have the hardware. Objection number two, we don't have the people and/or the time. All of these moves, the move from perpetual to on-prem subscription and the move now from on-prem subscription to SaaS, is about our customers, providing them value, giving them automation, and allowing them to be better protected. You've heard. Sorry. You've heard Yaki and Brian. This transition is as big as the company founding.
I know we're in March, so this is pretty early, but the feedback so far about the SaaS transition has been very positive, both from our customers and our sales force. This transition won't be perfectly linear, and most of the friction will take place in the first six months of this year. I'll go through that in a second. As we go and exit this transition, we have a clear path to drive strong top-line growth, generate more meaningful cash flow, and demonstrate continued operating leverage. Exactly nine years plus two weeks ago in this building, 10 floors down, we went public. In 2014, we had about 10 licenses to sell. Having a perpetual model made a lot of sense. We would sell one, two, or three licenses, show value, and we'd have customers that come back and buy more.
Between 2015 and 2018, we had approximately additional 15 licenses. Many of them were geared towards automation. Now it became more challenging for those customers to consume more of the product upfront. They wanted to be protected quicker. That's why in 2019, we announced the transition to on-prem subscription. It was driven by the customers who wanted to consume more of the product, get more automation, and be better protected. Between 2020 and 2022, we came out with additional licenses. Now we had more than 40, and we started to think about how to consolidate that. We started to think about outcomes. How do we simplify the conversation to both our sales reps and our customers? That's why in 2022, we introduced the bundles.
We have silver, gold, and platinum bundles, where we sell the outcomes with one SKU. 2023, we announced the Varonis SaaS transition, we're doubling down on those bundles. I'll talk about that later. Clear growth algorithm. You know, the bread and butter for us, and one of the things that we know we have to do on an ongoing basis is have strong renewal rates, which is what we have. We've had consistently over 90% renewal rates, and by the way, we believe that with SaaS, they can actually increase. I'll talk about that more in a second. Before I talk about the three growth drivers, new logos, expansion within existing customers, and the SaaS transition uplift, there's something that is really clear to us that I wanna make sure is really clear to you.
We don't perceive ourselves as a low double-digit growth company. You know, a lot of management has been here for a long, long time. Everyone within us understands the opportunity. We understand what we could achieve, all of us is working really hard in order to achieve that. You know, the first phone call Yaki and I have on a daily basis is usually in that 6:00 A.M. range, 6:00 A.M., 7:00 A.M. range. The last call is usually at 10:00 P.M., 11:00 P.M. We enjoy it, we see the opportunity, we're not working as hard as we are to be a low double-digit growth type of company. What basically happened when we gave guidance for 2023? Well, there were two factors that impacted the number. We finished 2022 with ARR of 24% on a constant currency basis and excluding Russia.
We gave color on 2023, and we baked in two things, two factors that impacted that. Factor number one was the SaaS transition. Basically, the assumption was that there will be most of that friction happening in the first six months. Why? Well, first of all, many of our reps are fully on board on making this transition. They understand the value to the customer, they understand the value to the company. Like every organization, you always have people that have more problem with change. Lessons learned from the previous transition is that some of them will leave. We baked that in.
The second reason for that friction in the first six months of the year, probably not less important, is just having reps that see the value, see how less friction you have as part of the risk assessment, how the outcomes are much, much better. They will try and take deals in flight and move them to SaaS. When our sales cycles are mostly between three to nine months, and on the larger deals up to 12 months, the majority of that friction, the majority of that pipeline will have to be cleared in the first six months of the year. The second factor that was impacting our ARR number was the macroeconomic environment. We obviously assumed longer sales cycles. We started seeing that in Q2 of 2022 in Europe.
That increased in Q3, we gave some color on that spilling over towards North America in Q4 of 2022. We baked in those two factors, the macroeconomic challenges and the SaaS transition, as part of our 2023 numbers. As we move past the initial stage of the transition and the challenging macroeconomic environment, we see our top-line growth moving towards healthy levels we've seen historically. In the years ahead, we see our growth being driven by three pillars. New logos. There's a tremendous greenfield opportunity for us, SaaS actually increases that opportunity because it allows us to go to new markets and new customers that we couldn't cater to before. The second pillar is expansion within our existing customers. The average number of licenses that an existing customer has today with Varonis is six. Think about it.
If we protect Windows and now a customer wants to protect Office 365, that will more than double the number of licenses that they have. Our ability to increase our ARR through that expansion is significant. The third pillar is the SaaS transition uplift. We are baking price list increase of 25%-30% for any SaaS deal versus the on-prem subscription. The overall opportunity is tremendous, and we wanna make sure that we take advantage of it. Let me start with the top-line growth. Not only is this the first Investor Day we have ever had, we're also providing, for the first time, a timeline for our $1 billion ARR. We're really happy that we can share this timeline with you. We had this plan internally for a very long time.
In the last transition, we didn't have all the cards out there because we knew that there was another transition to SaaS, so we couldn't share that timeline with you. We're happy that we can provide a five-year outlook currently. What are the assumptions for that $1 billion ARR? Assumption number one, this is happening organically without any M&A. An M&A might happen, and it would probably be a technological tuck-in, but we don't feel that we need necessarily to acquire anyone in order to get to that target. Assumption number two, we're assuming zero conversion of maintenance of perpetual. We can get there without converting any customer, and I wanna talk about that subject in more detail shortly. The third component, the third assumption, is that the macroeconomic uncertainty persists for the next 24 months.
We're extremely excited to put a target that we feel is achievable out here today. Go-to-market strategy. For all of you who have never heard the Varonis story before, we sell through the channel. The channel helps us get the deal, meet the person, and they help us close. We have an outside sales team that does all of the heavy lifting. Our outside sales team is the one that does the risk assessment. The selling process is very visual. You heard Brian talk about the examples. The jaw-dropping moment happens when people see sensitive data that they can recognize and relate to open to everyone in the company. If I told all of you that your company has millions of files open to everyone in the company, you'd probably shake your head, go make coffee, and rightly so.
If I was able, through a risk assessment, to show you an Excel file that you have worked on for six to 12 months with the best stock picks for 2023 and the best short ideas that is open to everyone in the company, and not only everyone in the company, but any visitor that logs to the company's Wi-Fi that can access that file, if you had the authority to execute on a Varonis PO, you would. That's why the risk assessment is so critical for us. The risk assessment is basically the blessing and the curse. We have to make sure that we get in front of our customers and do that visual process. We're not Check Point or Palo Alto that can hire one rep from the other and get a rep fully productive to do that risk assessment.
Our ramp-up time of reps in the past used to be up to 18 months. With the market moving in our direction, that has actually come down significantly. Now it takes us up to 12 months to get a rep fully productive. At the end of the day, there's a lot of education that gets involved. You have to make sure that they understand the positioning and what are the right use cases and how to do the risk assessment. It's a bit of a different type of sale. What we need to make sure is that we get the right people with the right DNA that can do that risk assessment in order to have good outcomes and high conversions. Finding the right sales rep and building them with a Varonis DNA is still our largest bottleneck for achieving faster growth.
The second bottleneck is some of the friction that we have seen as part of the risk assessment with the on-prem subscription that we're taking care of. How are we addressing the DNA? We've always had a Varonis academy, and in that Varonis academy, we were adding sales capacity through people that started as cold callers. They go through a process where they work for nine to 15 months. The good ones move to an inside sales role. In that inside sales role, they try and sell to companies with less than 500 employees. That takes another nine to 15 months. What we look for in the people that we hire is that they would be coachable, that they can deal with pressure, and that they have some ego. They have a competitive edge.
We've done that for a lot of years now, but over the last year plus, we increased those investments significantly. With our announcement of the move to SaaS, we're actually increasing what the inside sales team are dealing with. Now they're not just selling to companies with less than 500 employees, but they're going up market and selling to companies with less than 750 employees. The balance between new logos and upsells. The trend really continues. We're trying to balance both selling to new customers and expanding within our existing customer base. Our NRR at the end of 2022, on a constant currency basis, was 117%. With the new packaging that we're introducing, we expect larger customer lifetime value.
While we see great opportunity to expand within our existing customers, we have always and continue to view new customers as a critical building block to driving durable growth in the years ahead. High-quality subscription customers. This is the right focus for us, the way we measure customers, and this is how we think you should too. You know, Apple stopped measuring iPod users, but does measure iPhone users. The customers that we don't count here are customers that bought perpetual license, most of them before 2016. Many of them have one, two, or three licenses only. They don't know the level of automation that we provide. They are older customers that bought us for a different reason than what we have become over time.
We must approach them, we will approach them, sometimes it's easier to sell to new customers than upsell to those existing customers. In 2018, we had 38 subscription customers. All of them came from the pilot program that we did at the time in order to sell on-prem subscription. In 2019, we had 1,338 customers. 2021, we had 3,623 customers, at the end of 2022, we had 4,361 subscription customers. This will help you judge our success in adding new customers, we will provide this metric on an annual basis going forward. This is one of my favorite slides. It demonstrates the transformation, strength, and the potential of the business.
This company completely changed when we moved from perpetual to on-prem subscription in 2019. You can see how customer spending $100,000 ARR went from $39 million in 2018 to $335 million in 2022, a 9x increase. You can also see customers spending more than $1 million of ARR going from $2 million in 2018 to $17 million in 2022, a 33x increase. The announcement of the SaaS transition is another transformation, and we expect customer lifetime value to continue to increase with the new offering. Okay, this might be a bit painful, but it's important. Being an accountant and working in public accounting, it's definitely, r evenue is absolutely important. However, during the transition, sticking to this metric will generate noise.
ARR and free cash flow are the north stars of this transition. I want you to stay strong just for a bit. I know this brings back memories for some of you from Accounting 101 in college. I know there's a lot of happy events in life, but 606 is not one of them. The Accountant Self-Employment Act generated a lot of revenue for accountants, a lot of confusion for tech companies. That's why we have four slides on this subject. I'm going to take three examples of a $100,000, a $100,000 deal, on-prem subscription and SaaS, sold at three different points throughout the year. First example, first day of the year. Second example, mid-year. Third example, last day of the year. We will walk through the headwind that each timing generates.
I know some of you are saying, "Didn't you say that when you sell SaaS, you're expected to have a 25%-30% uplift?" Let's take it one concept at a time, and once we nail this, we'll move to the second concept and talk about the uplift. Let's talk about example number one. January 1st, a $100,000 deal. On-prem subscription, Q1, $85,000 recognized versus $25,000 recognized in SaaS. The headwind versus on-prem subscription is 70%. Full year on-prem subscription and SaaS are the same at $100,00. Zero headwinds. That is why ARR and free cash flow are the north stars of this transition. Example number two. June 30th. The same $100,000 deal sold mid-year, June 30th. On-prem subscription Q2, $80,000 versus less than $1,000 in SaaS.
Headwind versus on-prem subscription is almost 100%. Full year on-prem subscription recognizes $90,000 versus $50,000 of SaaS. Headwind versus on-prem subscription is 45%. That is why ARR and free cash flow are the north stars of this transition. Example number three. Saket, you strong? One more to go.
Ready.
Okay. Last day of the year, same $100,000 deal. Q4 on-prem subscription $80,000 versus less than $1,000 in SaaS. Headwind versus on-prem subscription is almost 100%. Full year on-prem subscription, again, recognizes $80,000, less than $1,000 of SaaS. Again, the headwind is almost 100%. That is why ARR and free cash flow are?
North star.
The north stars of this transition. Exactly. Let's move to the exciting stuff. I'd like to spend some time discussing the opportunity that we have with our SaaS transition. We have proven success navigating previous model transition. The move to on-prem subscription was a very different transition. We fully understand that. That was a financial exercise. This one has more operational components, which is why we're taking a more measured approach. Our goal over the next couple of years is to be able to add an S to the end of this title. Proven success navigating previous model transitions. When we moved from perpetual to on-prem subscription and started that in Q1 of 2019, we basically moved from less than 40% recurring revenue in Q4 2018 to 95% recurring revenue in five quarters alone.
That, by the way, was around the time we started working on our SaaS offering, just to give you context of timing. Like I said before, our last transition was very different, but there were many lessons that we took from that transition, and we are trying to apply that to this transition. There are three pillars that are critical in order to make sure that we move the right way. Pillar number one, technology. If you don't have a product that works better in where you're trying to get to, it won't work. We've invested more than $100 million in R&D over the last two-plus years, plus another 15 years of experience, in order to have a product that works the way it will. Second pillar, comp plan.
You can have the best technology, but if you don't compensate your reps in order to make them change their behavior, it won't work. In 2023, we have built a comp plan that fits with the company's strategy, which is selling SaaS to new customers. Those are the first two pillars. Pillar number three, management buy-in. You can have that technology, and you can have the comp plan, but if management is not fully on board and being committed to the transition, it won't work. I can tell you that we are fully committed to making this transition a success. SaaS, a compelling offering. There's been a lot of talk about DA Cloud and Varonis SaaS, and I just wanted to spend two seconds on explaining what each one is.
Varonis SaaS is what we invested over $100 million over the last two years on top of those 15-year plus of learning how to transform features of on-prem subscription into cloud-native SaaS offering. DatAdvantage Cloud was the first SaaS offering that we had introduced in 2021 following our acquisition, that covers SaaS application and cloud data storage we have never covered before. Over the last couple of months, one of the most common questions I got from analysts and investors was, "Why did DA Cloud perform below expectations?" The answer I gave everyone was that there's a natural evolution of licenses at Varonis. It takes time for the reps to feel comfortable in selling the product, we have seen that in the past with some of the other licenses.
I wanna support that with some data. When we started selling Automation Engine and Office 365, in the first year that we introduced that license, we sold approximately $200,000. Five years later, the ARR was significantly larger. Real material contribution from both. $18.8 million and $26.4 million for Automation Engine and Office 365, respectively. DA Cloud, in its first year, sold approximately $3.5 million. It was one of the best performing new products launched in recent years. We believe the opportunity we have with the DatAdvantage Cloud is significant. We can cover applications that we never covered before, and as reps feel more comfortable in selling that, we will see more meaningful contribution over the next couple of years. Here's another question I got a lot.
If you sold only $3.5 million of DatAdvantage Cloud, can you support cloud applications? We have a strong cloud history with a long runway ahead. Microsoft 365 has reached $95 million of ARR as of the end of Q4 2022. We've been covering important cloud assets for a very long time. Here's another interesting aspect to this. When we took the aggregate number of users that Microsoft covers today and compared that to how penetrated we are, the opportunity is tremendous. We only cover approximately 1%. The opportunity is huge. We haven't scratched the surface yet. You've heard both Yaki and Brian talk about why a customer would pay 25%-30% more for SaaS. I wanna talk about the benefits for Varonis. I wanna look at it from the other side.
The overall arching theme is that there's quicker time to value and improved customer satisfaction, which would lead to greater customer lifetime value and higher renewal rates. How would we get there? First of all, shorter sales cycles. Many of you have asked me if we can support with data having shorter sales cycles. Well, the beauty of statistics is that every deal we close to date has a shorter sales cycle. As we gain more data, we will provide more clarity. The expectation that we have is that the SaaS deals will actually take less time because it's easier deployment and because of the simpler pricing and packaging model. Larger lands. With our platform selling and with a price list that is 25%-30% higher, we expect larger lands. The overall total customer payment will be lower.
Total cost of ownership would be less because they don't have to pay for hardware and because they don't have to pay for people, and it takes less time. A very important point is the margin component. Margins should significantly benefit us on some of the other departments that are R&D, sales and marketing, and support PS. I wanna walk you through some of that in the next couple of minutes. When we think about the R&D department, today, not only do they cover two types of code, the on-prem subscription and SaaS, but within the on-prem subscription offering, we have different customers that have different versions. As we go over time towards one type of code, there will be additional benefits, additional leverage in the model. Support, customer success, PS, all of that becomes significantly easier with the SaaS offering. Here's an example.
Log4j, all of you heard about that. When Log4j happened, and with our on-prem subscription offering and the R&D had the fix that we had to share with our customers, we had to call every single customer and make sure that not only they got the email, but they downloaded it and installed it. With SaaS, all of that happens way quicker. All of this higher customer satisfaction, less friction should generate higher customer lifetime value with increased renewal rates. Outcomes. The SaaS platform pricing. This slide is already what's aligned and how the sales force is selling our products today. As I said before, we're doubling down on the packaging, on the bundling. It simplifies the conversation for both the customer and our sales force.
The biggest change here versus the gold, silver, and platinum bundle that we offered under the on-prem subscription offering is that we're not allowing customers or our reps to sell individual SKUs. They're selling the package. If you're buying SaaS for Windows, those six SKUs that you had to buy under the on-prem subscription are now one SKU, and you don't have the option to buy any of the SKUs individually. Same with the Office 365. If you wanted to buy it in on-prem subscription, you had the option to buy it individually. Under SaaS, that's not an option. That allows customers to utilize automation and see value within the product. SaaS metrics and how to measure success. Five quarters ago, I started talking about ARR as the leading indicator. Yes, the previous transition was a financial transition. This is more of a business transition.
Based on that third accounting example, that deal on the last day of the quarter, you can see that revenue will just be very noisy. As we start converting our existing customers, we might see even more headwind on the revenue side. The pace of the transition will impact the way the revenue is treated in the short term. Now in Phase 1, and I'll talk about that in a second, we're not targeting converting our existing customers. If a customer wants to come and switch to SaaS, we will work with them. The quicker the transition, the deeper the dip that you will see. That is why ARR and free cash flow are the north stars of this transition. We wanna add one additional one. When you think about the accounting slides, we had to introduce one more metric to judge our success.
ARR contribution margin, which is ARR minus total non-GAAP expenses. We have been committed to our margin improvements, and the only way to judge our success and our commitment is through the ARR contribution margin. That's why throughout this transition, we will provide this number annually. Let's talk about the new SaaS transitions KPIs. We're committed to transparency, and we're committed to walking you through this transition. We understand the puts and takes. We understand the complexity. We understand the fact that we're moving in a second time within less than five years. We understand all of that. We're here to walk you through that. We understand the complexity. That's why we're gonna provide SaaS mix on a quarterly and annual basis, ARR contribution margin on an annual basis.
We'll provide color on the conversion progress on a quarterly and annual basis, and we'll provide the subscription customer count on an annual basis. Timeline for the SaaS transition. Phase 1 should take anywhere between one to two years. Again, no forced conversion with our existing customers, but if any of them want to switch, we will work with them. Phase 2, between three to four years, targeting existing customers, starting that towards the end of Phase 1. Now, one important assumption that we have built in is that Phase 2 will have linear conversion of our existing customers throughout the period. Completing a transition for us is having anywhere between 70%- 90% of ARR coming from SaaS. Our base case scenario that we're modeling right now is five years. How to think about the ARR conversion uplift.
As I spoke about this before, ARR uplift for the on-prem subscription is 25%-30% at list price. On the perpetual of maintenance, as I said, it's a different beast. We're not factoring any of that uplift into our model and plan to get to $1 billion of ARR. The price list uplift is 2.5x-3x. Capital allocation and long-term financial model. Now that I covered how we should look at the SaaS transition and how it impacts the business from a financial perspective, I'd like to spend some time on how we think about the capital allocation and how the financial profile of the company should look exiting the transition. I'm sure all of you, for those who haven't been here on this planet over the last week, this won't be relevant.
For all the rest, we don't have an SVB bank account, Signature Bank account, and First Republic Bank account. I hope that's where that list ends. In terms of cash, we have approximately $730 million of cash on the balance sheet, and our free cash flow expectation for 2023 is $20 million-$25 million. In terms of capital allocation, we're planning to reinvest in the business through R&D and other organic initiatives to deepen our competitive moat and grow our market. In terms of acquisitions, as I said before, M&A is not part of a necessary requirement in order to get to that $1 billion target. If we see an opportunity, it would probably be on the technological side as a tuck-in acquisition. We constantly evaluate the build versus buy. Other capital allocation, share repurchase.
We just announced in Q4 a $100 million share repurchase. We repurchased $56 million at an average price of $19 a share. The other capital allocation is debt reduction, which we constantly evaluate. This is the slide you've all been waiting for. We're targeting the Rule of 40 as we exit the transition. The Rule of 40 for us is defined as ARR and ARR contribution margin. As you can see, ARR growth will be as we exit the transition in 2027, in the midpoint, 20%. Gross margin will come down in line with other SaaS companies because of the compute cost, but we will gain significant efficiencies with some of the other departments, the support, the R&D, customer success, sales and marketing.
By the way, the gross margins are expected to come down in a very linear way. We don't see a significant dip and then margins coming up. We just see it constantly coming slightly down to those levels. R&D, we expect to go from 27% as we finish 2022 out of ARR to high teens, 18%-20% as we exit the transition. And that should come from moving gradually to that one code that I talked about before. It will still be elevated in the first part of the transition, but as we come towards the end of the transition, we expect that to come down. Sales and marketing, we see that coming down from 47% to 34%-35% of ARR, and we see that improved leverage coming from efficiencies in the selling process, shorter sales cycles, higher productivity of our sales force.
G&A, we see that coming down from 9% to 6%-7% because the growth in G&A is obviously in smaller rate than the top line. The overall ARR contribution margin will be higher, in the midpoint being at 20%. As I mentioned previously, that's driven by scale, productivity, and efficiency. In summary, the SaaS transition is expected to be transformational for this company. We've invested heavily in that technology in order to provide automated outcomes for our customers. Our building blocks for growth are market expansion, which should come through new logos in existing markets and greenfield opportunities that opens up with our SaaS offering. We have another growth factor, which is expansion within our existing customer base, and our SaaS transition provides an uplift within our installed base. We're extremely excited to announce a date, 2027, for our $1 billion ARR.
All that we have done over the last couple of years, the 2019 transition and the 2023 SaaS transition, all of that has one purpose, providing value to our customers, and we want to get through that to our $1 billion target in 2027. Thanks very much. I hope this has provided some better understanding for all of you of how we look at this transition. We're going to set up a Q&A in the next couple of minutes, and we'll be happy to take your questions. I'm just going to go through the slide on the appendix so everyone can see that as well. That's for you, Dolf.
All right. Now we'll take some questions from the audience.
Gentlemen, thank you so much. Huh?
State your name and company, please.
Right. Hamza Fodderwala, Morgan Stanley. Thank you so much for the presentation today. Guy, I had a couple questions for you. One is, why not assume any conversion from the existing maintenance base? I think that would add about $150 million-$200 million of ARR. Then secondly, assuming the transition does occur in that five-year timeframe, in 2027, at what point will we see revenue growth re-accelerate? When would we see the margin leverage really start to come through? Thank you.
Two very good questions. In terms of the first question, why wouldn't we bake in any maintenance of perpetual into this model? Those customers are very different. Many of them bought Varonis prior to 2016 when we came out with so many of the automated licenses. Many of them have one, two, or three licenses, and that's it. One of the things that we have analyzed is that it's easier to take a customer from five, six licenses to double-digit number of licenses, than get a customer from one or two to five. The reason for that is because they don't know what we're doing. They bought Varonis for a very different reason in the past, before we provided the automation. We wanted to make sure that we take kind of a responsible approach as we think about it.
Some of them, I'm sure we'll be able to convert, but some we might just have to leave as is. We wanted to make sure that we bake that in. We don't have to convert them in order to get to that $1 billion ARR target and get to that 70%-90% of SaaS that we're expecting. That's why those were the assumptions that we baked in when we did that. Second question? Remind me.
When would we see the revenue growth?
Revenue. Okay. The highlight sentence is, ARR and free cash flow are the north stars of this transition, and revenue will be very noisy. Now, it really depends on the pace of the transition. The quicker the transition, the more headwind you'll see on the revenue. The pace of the conversion of existing customers will also impact the revenue number. When you think about Phase 1 and Phase 2 , revenue will have the majority of the headwind at the first year of Phase 1 and then at the first year of Phase 2 . That could change if the percentage of conversion moves. If Phase 2 isn't linear, but is more weighted to one year versus the other, you'll get more headwinds. That's why it becomes extremely complex. We wanted to keep it very simple and clear.
That's why ARR won't, i t won't matter how we convert our existing customers or how we sell. What's the percentage of new customers that we sell SaaS to? ARR will still, hopefully continue to increase over time and won't be impacted. I hope that answers the question.
Great. Thanks. Saket Kalia at Barclays. Thanks as well for hosting this session. Very helpful. Guy, maybe staying with you. You know, converting the existing term customer base, I think is one aspect of this transition. Can you just talk about some of the levers that you have to encourage that transition while also still capturing that uplift? Relatedly, can you just talk about the pace of those conversions as you look at Phase 2 ?
I'll start with the second part of the question. The pace that we see Phase 2 occurring is just linear throughout that period. The ability and the customers would wanna consume the SaaS offering because they get automation, they get the outcomes in a much simpler way. Yaki and Brian can talk more about the elements of the SaaS offering and how beneficial it is for our customers. Overall, we believe that we will be able to address that when we get to Phase 2 . This year, we're focused on Phase 1 . We've already seen existing customers that ask us about the SaaS offering. We're not targeting that conversion, any customer that wants that conversion, we will work with them. We won't delay that.
The testimony that you saw in Brian's presentation from the customer from AVX, he was a OPS customer that we transitioned to SaaS. You know, we'll talk more about it when we start to do it. We'll build the machinery around it, around the overall transition. In the heart of everything is just the value proposition for customers. Once they use it just, it's a no-brainer for them. You know, there is just a lot of operations that are going on around it. In terms of the value, this, the overall value proposition, it's just night and day. Something that is completely different from the time you install it, the value that you need, the effort that you need to put in.
You know, like everything, we'll start, we know how we execute, we make sure that we understand how everything works, we build machinery around it, and we go all in.
Great. Thank you so much. Alex Henderson at Needham, and congratulations on your stock, legs. You're saying it's up 8% this morning, so somebody's enjoying it. I was hoping you could talk a little bit about the model transition in terms of the mix between new customers and existing customers. It seems pretty clear that what you're saying about the SaaS cloud is that it's targeting a higher rate of new customer wins.
Conversely, does that negatively impact the net retention numbers over the short term as the focus is more on new customers? Second, if you could talk a little bit about what you think the conversion rate long term of your existing customer base will look like, and the degree to which you're supporting that existing customer base with any new features over the next four or five years, or whether you're, in fact, only are spending on the cloud functionality as opposed to, you know, the existing on-prem functionality. Thanks.
Most of the advancements will definitely, you know, will happen in the cloud. New customers will always focus for us. It's also need to be the right customers, you know, that really the most of the focus are on the southern plus customers and it works very well for us. I think that in terms of the overall value proposition, for most customers it's just a no-brainer that they move to the SaaS. You know, it is a gradual process, and it's always our customer success. You know, the company is intensely focused on the customers who make sure that the current customers with the on-prem, it works very well for them.
Most of the new customers, you know, over time, it needs to be the SaaS platform. We are definitely here in order to make sure that we are building a SaaS company. Like this is the direction, this is where we're going.
I want to address the expansion within the existing customer base. The average number of licenses that we have today for Varonis customers is six. One of the things that we have said for a long, long time is that more is more. The more licenses you buy, the more automation you get, the higher the customer satisfaction, the higher your desire to come back and buy more. When you take those six licenses, and just assume that they're covering Windows under SaaS, and now they wanna cover Office 365, they will get to that double digit number of licenses by almost doubling their ARR. There's a tremendous opportunity for us, even with larger lands, to be able to extract more meat on the bone that we have with our existing customers.
This is also before you take out of consideration everything that related to DA Cloud. If you see the coverage there, almost every Varonis customers has between three to eight, you know, platforms that we can cover, and this is starting to be part of the sales motion, and we believe that it will go very well.
Great. Thank you. Roger Boyd with UBS. Just thinking about the customer addressable market. I mean, you know the three equation or three parts of the growth algorithm. Just how do you think about new logo growth in the context of that? Thinking about the last time you disclosed customer count was around 7,000 in 2019, you're now talking about 4,000+ high quality customers. How do you think about what gap that could grow to over the next five years?
I can start and then.
Yeah.
The customers as we count them today are subscription customers because they're getting that automation component and we see how they can extract value with our platform. When you think about kind of the TAM, the total addressable market, this is a problem that every organization needs to take care of. There's a lot of things that keep me up at night. What doesn't keep me up at night is this opportunity and the TAM. We can address so much greenfield opportunity with customers that we haven't touched before. SaaS opens up a tremendous opportunity to address that with a new offering because it eliminates two of the biggest items that we would get pushback on. Item number one is we don't have hardware or we don't wanna deal with hardware.
Item number two is we don't have the people and/or the time. With a SaaS offering, we expect to be able to target more of that greenfield opportunity over time.
Also with the coverage, there are just so many ways to get in. Just think about the sheer size of Salesforce.com, all the object storage, just Azure and S3. You know, we just said these are massive data lakes and, you know. If you look at, you know, big breaches and big exposure, this is where they are happening. We know how to deal with these massive data sets and really fix the problem completely. Once you can show that it's fixing, you provide visibility and fix the problems.
The other thing that is beautiful about it is what we said, it's we really want these 1,000+ customers, but you know, relatively enterprises that are not big, with 2,000, 3,000 users can spend a lot of money with us now, which this is also, you know, it's, it has a lot of potential.
Hey, Joe Gallo from Jefferies. Really appreciate the question and appreciate the Microsoft 365 disclosure. If I can dare ask for more, how should we think about the growth rate of that versus the rest of the business and what the eventual penetration for that can be?
Right. You know, we. The Office 365 is just, you know, everybody using it and it gears toward collaboration. It's great for collaboration, but it generates tremendous risk. Like what is, when you're using Teams, what just Teams does, it's a, it's crazy because it's an abstraction layer that changes OneDrive and SharePoint and Azure AD, and a lot of critical data goes in the channel. We just think that with the automation and a lot of the automation we provided, the robotics are on this 365. There you can really do it with, you know, because you don't have application and stuff like that completely automatically. This is really the biggest attack surface that matter the most.
Virtually, I don't see a Microsoft 365 account that will not need it. You know, there is the sales motion, everything, but it works very well. We make everything very practical. Practical labeling, and it just works very well, and in my opinion, a tremendous value in this ecosystem.
Hi, this is [Anusha] from RBC. Thanks for taking my questions here. So when thinking about the long-term operating model, you talked about 24 months of macro uncertainty initially. How should we think about the pace of recovery baked into the $1 billion target beyond that 24 months timeframe? Then geographically, what assumptions have you baked into the guide in terms of the pace of recovery in the different regions?
When you think about kind of the color we gave for 2023, that's out there. Kind of just to reiterate what we already said in our previous earning call. For 2023, we baked in some assumptions on deteriorating macro conditions. Longer period in Europe versus what we saw in 2022. We saw that baked also kind of seeing some of that macroeconomic challenges moving to North America. All of that is baked into our 2023 numbers. We baked in a lot of things that could go wrong. Hopefully, not all of them do go wrong. In 2024, we kind of assumed the same continuation for 2023. We're giving a five-year model, so there's a lot of things that can happen in five years.
Where we sit today, we felt that the right thing to do with everything that's happening in the world is assume two years of macroeconomic challenges, and then gradually things become better. The pace of that and the exact timing are yet to be determined. We feel very confident with the numbers that we put out there.
You know, it's hard to predict the overall economic future. You know, we are not economists, but what we do know is that this whole modern economy is completely driven by data. Almost regardless of what will happen, for modern organization to survive and thrive, you need to protect your data. We essentially became each other information banks, we just saw last week what happened when we don't have trust. In order for organization to really function in this digital world, you need to protect data. For us, we are intensely focused on the most efficient way to do it. The other thing, we want to make sure that our customers, as much as possible, this is the north star, will be able to do it without effort. This is, you know, this is changing the game completely.
What we have done is we just took everything that we learned and when we went to subscription, we build all this customer success functionality that works extremely well. Do you think very high renewal rate for an on-prem platform, and we made sure and we really designed it, and we said, "How our customers can achieve tremendous goals without any friction?" I believe if we'll be able to do it relatively to other things, we can do very well in a hard environment. Whatever will happen, I just don't see an environment that people really. Regardless of what will happen economically, geopolitically, that you don't need to protect your critical data, and you constantly will not have this tension between productivity and security. The main thing is to do it with complete automation.
If you will do that, I also believe that it will be much easier for organization also in hard times to allocate a lot of fundings for these kind of solutions.
Got it. How are you thinking about the fed, federal vertical, and what are the assumptions around that when you think about the $1 billion target? Thank you.
The assumption is that it will be the same size of business that it is now for us. The federal government has a lot of critical data, and trust me, many people want it. I think that it's a big opportunity for us.
Erik Suppiger, JMP Securities. One, I guess, for Brian, just where is your SaaS cloud? Is it in your own data centers or how have you looked at it in terms of using the public cloud? What is the build-out of that? How much further building do you need, or are you at capacity at this point?
Capacity is the wrong way to think about it. It's split between Azure and AWS. We've got an Azure. We're using Azure in North America and now Western Europe, and we'll expand to other geos as we expand other customer bases in those regions who have requirements to have their, you know, their infrastructure and specific geo-location requirements. It's not about capacity. We're built out, we're ready to support our customers.
Okay. Well, for either of you. The salesforce turnover is a little bit of a surprise, just given that it's hard for me to imagine today that a salesperson wants to stay with a, you know, a on-prem subscription versus selling a SaaS. I'm curious, how much turnover are you assuming in your sales organization, and what have you seen at this point? 'Cause, we're a quarter in almost, what kind of turnover have you seen so far?
You're absolutely right. I think that when you think about how better the product is and how much value we can provide our customers through the SaaS offering, it is a no-brainer. You could say the same thing moving from perpetual to on-prem subscription, and we still saw elevated turnover. I think it doesn't necessarily have to do with the technology. It just has to do with some people within the organization that are more resistant to change. I can say that overall, the majority of our reps are fully on board, fully understand the benefits of this to our customers and for us as an organization. When we analyzed kind of lessons learned from the previous transition, we saw that elevated turnover happened in the first six months of the year.
It wasn't necessarily concentrated in January or February, but it was more in that first six-month period. When we tried to bake in kind of assumptions, we wanted to take those lessons and implement that. I don't know if it happens, but we wanted to factor that in. As we move through the year, we'll provide color on what we see, but we wanted to put that as part of the assumptions.
Do you think that it's conservative? Are you being particularly conservative with your assumptions in regards to that?
I think in the assumptions that we took, there were a lot of things that could go wrong. Not all of them will go wrong. I do wanna emphasize that the first six months are the period that would have the most friction. H1 of 2023 is where you'll see that friction. It's not just the turnover, it's also the fact that reps will want to go back to their customers that had a sales conversation already and try and convert them to SaaS. It's better for the customer and it's better for us. Every time you introduce a new concept to a deal in flight, you're adding turbulence, and we wanted to assume that. By the way, we saw that as well when we moved from perpetual to on-prem subscription. We wanted to take the same assumption and implement that.
Don't forget, when they move to SaaS, these are different contracts, and you need to change it, you need to explain how it works, and you have a security assessment. It's much better for the customers and it's much better for us. You know, it makes sense to take some friction and just to make sure that it's working. You have, you know, we are doing everything with these POCs. You have so much pipeline, so it just, you know, it takes.
Yeah. Yeah. The deals in flight make a lot of sense.
Yeah.
I was more thinking about the salesforce turnover.
It's another risk factor that we don't know if it'll happen, but we took under consideration to make sure we are guiding in a responsible way.
Hi, good morning. Brian Essex from JP Morgan. Thank you for taking the question. You know, I think a lot of the stuff that you've kind of laid out here makes a lot of sense, and we've seen it proven across many different vendors, you know, the benefits of the SaaS delivery model for both the vendor and the customers. I guess the question is, if we think about existing customers currently on term license agreements, what kind of consideration did you make for customers that may wanna move?
Particularly in this environment where we have a lot of macro issues, and it is easier to sell into existing customers, is there a way to maybe incentivize existing customers, maybe from a credit-based program so it's not economically more challenging to migrate to SaaS in a, I guess, more expeditious manner than waiting a couple years before you kind of incentivize it? We just wanna understand kind of the potential there for maybe pivoting to your install base and accelerating that conversion process. Thank you.
We'll discuss more, Phase 2 when, you know, when we'll do it in a more systematic way. Now the focus is more on new customers. But overall, the total cost of ownership in the SaaS is a no-brainer. You know, when you're going to a customer, you know, we have this calculator we just plug in, and it's very credible, and you just see how much it costs them in terms of hardware, software, people versus the cloud. It's, it's a no-brainer for them. you know, we definitely can use, you know, the cloud providers also, credit system to make sure that, you know, it's easier for the customers to buy.
There are just a lot of incentive from all over, from the value proposition itself, from the total cost of ownership, and the ability to use, you know, Azure and AWS credits.
I just wanna add one more thing. When we laid out kind of the timeline, we talked about Phase 1 being one to two years, and then Phase 2 kinda starting towards the end of Phase 1 and kinda lasting for three to four years. Some of the logic behind that is that when we sell on-prem subscription, we sell a three-year deal. If in 2023 you have a customer that bought or renewed or even upsold the first time, legally, from contractual perspective, you can reach out and talk about that conversion is 2026. That's also baked in as part of our Phase 2 assumptions. However, there could be situations where a customer says, "We don't wanna wait.
We wanna move quicker." We know how to do that and work with the customer in order to make sure that they're happy and it makes sense economically.
Okay. Thank you.
Thanks. Andrew Nowinski with Wells Fargo. Maybe just to start with a clarification. I think you said the completion of the transition is when total ARR reaches 90% or SaaS is 70%, 90% of that, or is that net new ARR?
No, no. We took a base case of completing this transition within five years, and completion of a transition for us is having 70%-90% of total ARR being coming from SaaS.
Yeah, that's what I, o kay, thanks. Then I also wanted to ask about, you know, you've said ARR and free cash flow are the north stars of the transition. I guess why not, when you measure that in terms of the Rule of 40, why not use the standard calculation with free cash flow margin as part of it?
It's a very good question. When we wanted to show kind of our commitment in managing expenses, we used ARR contribution margin because the only difference between the free cash flow and the ARR contribution margin, the biggest factor is taxes. When you think about the 174 tax section that is coming into place, we just wanted to make sure that everyone's kind of apples to apples, and you see what the commitment of the organization is to improving the leverage. That was probably the only reason we didn't use the free cash flow.
Thanks.
Hugh Cunningham with TD Cowen. First question is regarding the group of customers that are only purchasing one to three solutions. Why isn't that compelling argument that you made for the cloud working on them? What's the difference there?
I didn't say it's not a compelling argument. I said that the customers that purchased mostly one, two or three licenses are customers that purchased Varonis prior to 2016, before we came out with the significant number of licenses that were geared towards automation. Most of them, and they're all maintenance of perpetual customers, so they bought us for a specific use case. It could be as an auditing tool, and they don't fully understand how Varonis has evolved. We're still gonna target them, but we're targeting them as new customers that we need to show value. When we add them in, they will be part of our subscription customers that we talk about.
Okay. In terms of growth as we look forward, we should see another sort of when Phase 2 kicks in, should we see another deceleration in revenue growth just because of the shift from existing customers?
There's a lot of moving parts. Revenue will be very noisy throughout this transition, really dependent on what is the pace of the transition. I wanna be very careful with defining an exact percentage of revenue just because there's so many moving parts. That's why we're trying to simplify things and talking about ARR because if you sell on-prem subscription or SaaS, ARR is the same number. That's why it's very, very clear that ARR is the leading indicator throughout this transition. Revenue will get noisy. We'll obviously give color on the conversion on a quarterly and annual basis, so investors and analysts can understand how things would have looked otherwise. Conceptually, ARR is the way to go as a leading indicator throughout this transition.
Last one. Don't you have that little bit delay on the cash flow side, when you switch from?
That's a very good question, and I wanna clarify that. When we sell on-prem subscription today, we collect the deals annually in advance. As we sell it as SaaS, it will be the exact same collection method. That's why ARR and free cash flow are the leading indicators and the north stars of this transition.
All right. Thank you. One last confirmation. You're still looking for 15% mix of SaaS for 2023? Is that the number?
Correct.
All right. Thank you.
Thanks for taking the question. [Madeline Morholic] here from William Blair. Just wondering as you work through the SaaS transition, how do you see the competitive landscape changing at all?
It's exactly as Brian said. You know, I think that at this point we are the only complete data protection platform in the market that does these three things. You know, there are people that try to do some kind of classification and logging and reports. In order to remediate, you know, to do automated remediation, usable, very accurate classification, at scale, and this proactive threat detection and response, which is the Holy Grail that is data-oriented, at this point, we are the only solution that does it in the marketplace.
It's also important to note, our technical moat was huge beforehand. You asked specifically about the SaaS transition. Because we can innovate so much more quickly now, and because there's so much less friction with customers to actually using all that innovation and getting value more quickly, our technical moat's just gonna accelerate. We don't have any direct competition now, and it's less likely to change.
As we said before, we have a real treasure with the metadata. Like, you know, the metadata for analysis, you know how it is in tech. You have the right data, and if you can analyze it in the right way and mine it, you get tremendous results. This is what we have, and we have just thousands of customers and all this metadata that is going to the cloud in terms of threat detection, it's just, it's second to none.
Okay. Thank you.
All right. Thank you all for coming today. Appreciate your interest in Varonis.
Thank you so much.
Thank you.
Thank you.