Qualys (QLYS) Philippe Courtot on Q2 2016 Results - Earnings Call Transcript

| About: Qualys (QLYS)

Qualys, Inc. (NASDAQ:QLYS)

Q2 2016 Earnings Call

August 03, 2016 5:00 pm ET

Executives

Melissa B. Fisher - Chief Financial Officer

Joo Mi Kim - Vice President, FP&A and Investor Relations, Qualys, Inc.

Philippe Courtot - Chairman and Chief Executive Officer

Analysts

Sitikantha Panigrahi - Credit Suisse Securities (NYSE:USA) LLC (Broker)

Gur Talpaz - Stifel, Nicolaus & Co., Inc.

Craig Nankervis - First Analysis Corporation

Matthew George Hedberg - RBC Capital Markets LLC

Michael Wonchoon Kim - Imperial Capital LLC

Jack Andrews - D. A. Davidson & Co.

Srinivas S. Nandury - Summit Redstone Partners LLC

Steve M. Ashley - Robert W. Baird & Co., Inc. (Broker)

Operator

Good day, everyone, and welcome to the Qualys Second Quarter 2016 Investors Conference Call. This call is being recorded. At this time, all participants are in a listen-only mode. Later, we will conduct a question-and-answer session and instructions for asking a question will be given at that time.

I would now like to turn the call over to Melissa Fisher, Chief Financial Officer. Please go ahead, ma'am.

Melissa B. Fisher - Chief Financial Officer

Thank you, Catherine. I would like to welcome everyone and take the opportunity to introduce Joo Mi Kim, our new Vice President of FP&A and IR. Joo Mi was previously an investment banker and then worked at software companies in the valley including Anaplan. We are delighted to have her.

Joo Mi Kim - Vice President, FP&A and Investor Relations, Qualys, Inc.

Thank you, Melissa. We would like to remind you that during this call, we expect to make forward-looking statements within the meaning of the federal securities laws. Forward-looking statements generally relate to future events or our future financial or operating performance. Forward-looking statements in this presentation include but are not limited to the following; statements related to our business and financial performance and expectations for future periods including the rate of growth of our business; our expectations regarding capital expenditures, including investments in our cloud infrastructure and the intended uses and benefits of those expenditures; trends related to the diversification of our revenue base; our ability to sell additional solutions to our customer base, and the strength of demand for those solutions.

Our plans regarding the development of our technology and its expected timing; our expectations regarding the capabilities of our platforms and solutions; the anticipated needs of our customer; our strategy, the scalability of our strategy, our ability to execute our strategy and our expectations regarding our market position; the extension of our platform and our delivery of new solution; the expansion of our partnerships and the related benefits of those partnerships; our ability to effectively manage our costs; our expectations for currency exchange rates; our plans to pursue arrangements with MSSPs which are multi-year contracts at fixed prices; and finally, our expectations for the number of weighted average diluted shares outstanding and effective GAAP and non-GAAP income tax rates for the third quarter and full year 2016.

Our expectations and beliefs regarding these matters may not materialize, and actual results in future periods are subject to risks and uncertainties that could cause actual results to differ materially from those projected. These risks include those set forth in the press release that we issued earlier today, as well as those more fully described in our filings with the Securities and Exchange Commission including our latest Form 10-Q and Form 10-K. The forward-looking statements in this presentation are based on information available to us as of today, and we disclaim any obligation to update any forward-looking statements except as required by law.

We also remind you that this call will include a discussion of GAAP and non-GAAP financial measures. The non-GAAP financial measures are not intended to be considered in isolation or as a substitute for results prepared in accordance with GAAP. A discussion of why we discuss non-GAAP financial measures and a reconciliation of the non-GAAP financial measures discussed in this call to the most directly comparable GAAP financial measures are included in our earnings press release issued earlier today.

Joining me for today's call are Philippe Courtot, our Chairman, President and CEO; and Melissa Fisher, our CFO. Philippe?

Philippe Courtot - Chairman and Chief Executive Officer

Thank you, Joo Mi, and welcome to all of you. We are pleased to have delivered another excellent quarter. At $48.5 million, our revenues was up 21.5% year-over-year. This was above our guidance of $47.6 million to $48.3 million.

As we're expanding our footprint with current customers, as well as landing new customers, this is driving our confidence to raise our outlook for the year. Specifically, we are raising the bottom of our revenue guidance, so that our new revenue range is now $197.1 million to $198.6 million. And similarly, we are moving up the bottom of our GAAP and non-GAAP EPS range.

Our Cloud Platform now consolidates 10 enterprise strength security solutions, giving customers unprecedented visibility and intelligence about all of their global IT assets, whether they reside on-premise, in the cloud, or at endpoints. And also drastically reducing their total cost of ownership this year.

We're seeing tremendous adoption of our disruptive Cloud Agent. And during the second quarter, achieved a remarkable milestone, as we have now deployed over 1 million agents in our customers' environment, exceeding even our own very high expectations.

Our second quarter results continue to show that we can, in fact, drive both strong revenue growth and top tier profits. This is a function of our ability to deliver a steady stream of new offerings that we can sell very efficiently into our installed base, leveraging the Cloud Platform we have built over time. We're seeing increased uptake of our new solution, both on initial contracts and in upsell scenarios. And this is underscored by the fact that the percentage of our Enterprise customers who have three or more of our offerings has doubled versus three years ago, from 11% in Q2 2013 to 21% this quarter.

Not surprisingly, this drives larger contract size as upsells can be several multiples larger than the core VM engagements. The average deal size booked in the quarter increased by 18% from a year ago.

We are now definitely in the right place at the right time. And to capture the opportunity, we have been reinforcing our sales organization. We have both grown our enterprise sales force and strengthened sales management by promoting from within and attracting great new talent as well. At the end of Q2 2016, we had 18 regional sales leader covering more than 100 countries. And the sales management team has, on average, five years of tenure with Qualys.

We operate, in fact, in a healthy demand environment and believe that we are a prime beneficiary of the trend, the undisputable trend, I should add, to cloud computing. We feel confident that this will help us sustain and even improve our growth rates in the coming years.

There's an increasing need among customers to leverage cloud-based security solution, as they are now accelerating the migration of their IT infrastructure to cloud solutions. Furthermore, the reality is that in order for companies to prevent breaches, rather than react after the fact, they must leverage enormous amount of data. And there is simply no way to do this cost effectively with on-premise Enterprise software.

These views are shaped not just by the data itself, but also by the significant amount of time I personally spent with clients. And for example, I recently met with a CIO of a major European financial institution and a Qualys customer. He echoed that, Vulnerability Management is increasing in importance for his company. The regulation they must abide every quarter they have visibility on all IT assets, not just the perimeter. And that they be able to demonstrate this.

On-premise Enterprise software solution become cost prohibitive at this scale. In addition, this is no choice but to move to cloud-based IT model to improve the agility and reduce the costs of the IT infrastructure. In fact, he shared that his goal is to have 80% of his IT infrastructure in the cloud three years from now.

Additionally, as all companies must do more with less, they are looking to consolidate vendors, and we are gratified to hear from many of our customers that they would like to do more with us. As a result, we're pleased to be chosen for an increasing number of partnerization (09:45) arrangements, both with customers and with partners. The validations are powerful and position us as a disruptive force in the security and compliance industry. Being a strategic vendor to our customers is a function of the current capabilities of our solution, as well as are confident that they will continue to innovate and extend our features and functionalities. We have released several exciting innovations in the second quarter, namely Qualys ThreatPROTECT that became generally available in the quarter. As many of you already know, this helps customer prioritize vulnerabilities based on a number of key threat indicators.

At the Gartner Summit, we announced a groundbreaking new form factor to extend our private cloud security and compliance to medium-sized companies, delivering our entire Cloud Platform in a one new format, totally remotely managed and self-updating. It now allows us to address those companies who need to retain data on-premise or within local geographies, but do not have a big enough IT infrastructure to adopt our larger Private Cloud Platform, and who has now 30 Private Cloud Platform deployed all over the planet. This new Private Cloud Appliance, as we call it, support both scanners and Cloud Agents, and include an comprehensive integrated suite of Qualys apps for automating asset discoveries, security assessment and compliance management.

Our Security Assessment Questionnaire 2.0 was also released in the second quarter. This is a cloud-based solution that orchestrate IT audits with automated validation to dramatically simplify third-party and vendor risk assessment. We achieved the first level of FedRAMP Certification in the quarter, and expect to have the full FedRAMP Certification this current quarter. This offers federal agencies a path to quickly adopt Qualys, our Qualys Cloud Platform for continuous security and compliance for – to provide them with a continuous view of their security and compliance postures.

Subsequent to the end of the second quarter, we announced the expansion of the Qualys Cloud-based Security and Compliance Platform to support Microsoft Azure with a new Azure-certified virtual scanner appliance. This enable organization to assess the security and compliance posture of their Azure environment from the Qualys console. Each of these new offering brings key solutions to market that were previously not served extensively or at all. Let me finally emphasize that we're not only taking share from our legacy competitors, but we're also entering new markets, enabling our customers to consolidate their spending with us, and delivering better performance as a function of our solution being integrated and accessible through a single platform. Thank you.

Melissa B. Fisher - Chief Financial Officer

Thanks Philippe, and good afternoon. Our strong second quarter performance reflects the recognition by our customers of the operational and financial value of our cloud-based security platform, which provides a holistic view of our customers' assets and their vulnerabilities. Total revenues in the second quarter were $48.5 million, which represents 21.5% growth over the second quarter of 2015. As we discussed last quarter, we signed an attractive new arrangement with one of our MSSPs, which resulted in additional revenue being recognized in 2016 for the same customers. In the second quarter, this represented a little over $1 million of revenues, slightly higher than in Q1. In contrast, FX again muted second quarter revenue. Excluding the impact of the MSSP and FX, our year-over-year revenue growth rate was still a robust 28.4%.

The U.S. represented 71% of Q2 revenues, or the same as the year-ago period. Some of our international clients pay us in U.S. dollars, so our revenue exposure to foreign currencies was only around 17% of total Q2 revenues. Our revenue plus the change in our current deferred revenue balance grew 29% year-over-year. I highlight this because I recognize it's a metric investors track as a proxy for current booking. However, I would like to point out that this calculation will not always mirror our current bookings due to the timing of the actual invoicing as well as impacts of items like FX. This quarter, it does reflect our strong performance. However, please note that it was positively impacted by the large slipped renewals from Q1 that we mentioned in our last call, as well as being negatively impacted by the MSSP contract and FX.

Said in other way, when I compare our historical quarterly bookings growth rate to the historical year-over-year growth of revenue, plus the change in current deferred revenue, they are not always in line. Our current deferred revenue balance was $104 million as of June 30, 2016, 19% greater than our balance at June 30, 2015. As we have discussed, the change in MSSP contract reduces our current deferred revenue balance account because it's built on a quarterly basis. Excluding the impact from the MSSP contract as well as FX, our current deferred revenue balance would have grown 21% year-over-year.

Last quarter, we discussed that our existing disclosure metrics may not be the best reflection of the positive trends in our business. We have evolved from a single product company to a multi-product platform business, with 10 solutions that have varying pricing, growth rates, and release dates. We're adding new capabilities, extending the breadth of our solutions, and we've enhanced our core VM offerings through new solutions, as well. Through the end of 2016, we will maintain the current disclosures. We expect to roll out new metrics at our upcoming Analyst Day on November 17 that more properly reflects how our business is trending.

On the existing basis, our Vulnerability Management solutions remains strong, thus continuing to represent 79% of second quarter revenues, in line with results in the second quarter of 2015. Our last 12 months bookings growth rate for Policy Compliance and Web Application scanning was 26% year-over-year. Note that this figure does not include newer solutions like our Cloud Agent used for Vulnerability Management, our PCP and ThreatPROTECT. As an initial step toward our new metrics, we've shared with you the percentage of our Enterprise customers who have purchased three or more Qualys products.

While we sell our platform cost effectively to both small customers of 50 employees, as well as to large enterprises, we expect to see additional solution uptake more pronounced in our Enterprise customer base. Our prior disclosure was a percentage of total customers with two or more products including PCI, and this figure was 63% in Q2, up from 60% a year ago. Incidentally, we are adding an updated investor deck to our investor relations website today to increase the clarity of our message. Before moving at profit and loss items, I would like to point out that unless otherwise specified all of the expense and profitability metrics I will be discussing on this call are non-GAAP results.

Our non-GAAP metrics excludes stock-based compensation and non-recurring items. A full reconciliation of all GAAP to non-GAAP measures is provided in the financial tables of the press release issued earlier today and is available on the Investors section of our website. Gross profit increased 21% year-over-year to $38.8 million in the second quarter of 2016. Gross margin was 80% equal with second quarter last year. Our strong margins are a testament to the scalable operational model of Qualys, and our higher than other comparable security and SaaS companies. Our platform enables us to easily launch new mission-critical capabilities that will plug and play with other Qualys offerings, and are therefore highly cost effective to sell.

In fact, our 2015 revenue for sales and marketing head is over $1 million as compared to a median of approximately $540,000 for comparable security and SaaS companies. One driver is that our cloud-based platform enables we try-and-buy at generating sales at a lower cost than on-premise software companies. Furthermore, we're continuing to leverage low-cost geos with a percentage of our customer support, operations and R&D head count in India having increased to 36% in 2015 from 15% in 2013. And by having a strong operation there, we can innovate 24x7, which accelerates our ability to develop solutions for our customers.

We are taking advantage of our highly profitable model to invest for growth as we see multiple levers to drive additional revenue. Operating expenses increased by 21% year-over-year to $27 million, in line with our stated goal to increase our investments in terms of head count, systems and other services to scale the business. In fact, we added 92 people in the first half of 2016, compared to 53 people in the first half of 2015.

Research and development expense increased to $7.7 million or 26% year-over-year primarily due to higher head count. While we are adding personnel there, it is important to note that we have a highly efficient R&D organization with an average annualized personnel expense per employee of approximately $110,000 as of Q2.

And our R&D organization has delivered many new products over the last 12 months, including the Cloud Agent platform, ThreatPROTECT, the Security Assessment Questionnaire 2.0, and the 1U PCP Appliance, as well as new feature functionalities such as ElasticSearch and AssetView integration with ServiceNow.

Sales and marketing expense increased to $13.1 million, 11% year-over-year, primarily due to higher sales head count as well as costs related to our salesforce.com implementation, offset by somewhat lower expense in marketing. As Philippe mentioned, we have been growing our Enterprise sales force and are proud of our high productivity.

G&A increased to $6.3 million, 41% year-over-year, largely due to higher head count and legal, accounting and consulting fees related to our increased scale worldwide.

Due to our strong revenue growth, adjusted EBITDA for the second quarter of 2016 increased by 20% to $15.7 million, compared to $13.1 million in the second quarter 2015. Again, the MSSP contract change had a positive effect, since revenues were higher. But excluding this impact, adjusted EBITDA would still have increased over the second quarter of 2015.

Adjusted EBITDA margin in the second quarter of 2016 was 32%, as compared to 33% in the second quarter of 2015.

Moving on now to earnings per share. For the second quarter of 2016 GAAP EPS was $0.09 per diluted share, same as the second quarter of 2015. Non-GAAP EPS was $0.20 per diluted share in the second quarter of 2016, up from $0.16 in the second quarter of 2015.

Our Q2 non-GAAP expenses, net income, and EPS exclude a one-time tax-related expense. I'd note that non-recurring items included in non-GAAP expenses, net income, and EPS over the last couple of years have been immaterial.

Net cash from operations in the second quarter of 2016 increased by 12% to $17.3 million, compared to $15.5 million in the same period in 2015. Free cash flow generated in the second quarter of 2016 was $12.7 million, compared to $11.3 million in the comparable period of 2015.

In the second quarter of 2016, capital expenditures were $4.8 million, compared to $4.3 million in the second quarter of 2015. In addition to this, we front-loaded approximately $7 million of CapEx that is scheduled to be paid later in the year. Of the $7 million, $5 million was related to the early renewal of a license arrangement, as we were able to lock in an attractive rate on database software for the next several years. This was CapEx that otherwise would have been spent in 2017 and does not represent a change in our business model.

In the third quarter of 2016, we expect capital expenditures to be in the range of $5.5 million to $6.5 million, excluding the previously mentioned $7 million incurred in Q2. We expect to spend only $3.5 million to $4.5 million in capital expenditures for Q4, offsetting the increased Q2 and Q3 spend. So excluding the early license renewal, we are projecting capital expenditures of $20 million to $22 million in total for 2016.

Now turning to our guidance. Starting with revenues for the third quarter of 2016. We expect revenues to be in the range of $50.3 million to $51 million. For the full year 2016, we are raising the bottom end of our guidance for revenues, bringing our current guidance to a range of $197.1 million to $198.6 million.

As to earnings per share guidance, we expect GAAP EPS for the third quarter of 2016 to be in the range of $0.08 to $0.10 per diluted share, while non-GAAP EPS is expected to be in the range of $0.17 to $0.19 per diluted share. For the full year of 2016, we are raising the bottom end of our guidance for both GAAP and non-GAAP EPS. Our current guidance for GAAP EPS is now $0.37 to $0.41, and for non-GAAP EPS, $0.75 to $0.79.

We expect our operating expenses to sequentially increase in Q3 and Q4. We are continuing to invest in our business, as we scale for the roll-out of additional solutions to our platform, because we have a highly profitable operational model.

Our third quarter EPS estimates are based on approximately 38.8 million weighted average diluted shares outstanding. And our full year 2016 EPS estimates are based on approximately 38.9 million shares outstanding. For the third quarter and full year 2016, we have used an expected effective GAAP tax rate of 38% and an expected effective non-GAAP tax rate of 36%.

I'm thrilled to be at Qualys. I'm now almost 100 days into my tenure here, and I've gained significant visibility into the growth opportunities for our business, and a scalable, operational model.

With that, Philippe and I would be happy to answer any of your questions.

Question-and-Answer Session

Operator

Thank you. Our first question comes from Siti Panigrahi with Credit Suisse. Your line is open.

Sitikantha Panigrahi - Credit Suisse Securities (USA) LLC (Broker)

Hi, thanks for taking my question. I just wanted to focus on the VM market. You talked about 10% growth last quarter. I'm just wondering what sort of growth rate you saw this quarter, and what sort of competitive landscape are you seeing any kind of legacy displacement in the market that's driving growth at this point?

Philippe Courtot - Chairman and Chief Executive Officer

So we didn't speak of 10% growth. I mean, we're saying that our VM marketplace, that we're growing at around 20%, 21% growth. So this is what we said. And as far as the competitive landscape, so we have, essentially, in our space that has what I call the two last men standing, essentially, Tenable, which is a private company, and Rapid7, who's a public company. And we essentially have an extremely strong position with the large enterprise. Rapid7, we see them gaining more in the mid markets, and Tenable is strong in governments and with consultants, essentially. They're all trying, of course, to go and attack our large customer base, but I think we remain today the company which has really, truly a cloud platform, which is a huge advantage.

We also deliver new services, fully consolidated with our platform, so that increased the barrier to entry significantly against Qualys. And to speak about the VM marketplace, as I mentioned during the call, is that we see Vulnerability Management becoming as a significant core security application that companies must absolutely adopt. And this is relatively new, and this is because you cannot secure what you don't know, everything is interconnected with everything. You need to have a global view of all of your IT assets, and then you need to ensure that they are not vulnerable to attacks. And then you need to prioritize the remediation, remediate as fast as you can today, it's a question of time, and prioritize the remediation, and improve your remediation capabilities.

Sitikantha Panigrahi - Credit Suisse Securities (USA) LLC (Broker)

And as a follow up, you talked about cloud is in deployment around 1 million already. And also release ThreatPROTECT. I'm wondering what sort of feedback – late feedback (29:11) you've got on ThreatPROTECT, and what sort of adoption you are expecting?

Philippe Courtot - Chairman and Chief Executive Officer

Yeah. So we're expecting a very strong adoption of ThreatPROTECT. We have essentially that solution went (29:25) about a month ago. We already have quite a few orders. A big demand for that. It's a very natural extension of our platform. We replaced here either standalone solution that we're taking the data out of Qualys, and then correlating that data with threat information, and/or company taking that Qualys data, putting that into Splunk, and then putting threat information to Splunk and doing that application in Splunk. So obviously, I think that native on Qualys, it seems easier and better for our customers. So we see all our customers, which have already used this kind of solution that I've mentioned, are looking at migrating to Qualys. And of course, it becomes also very big differentiator when we compete for new business.

Operator

Thank you. And our next question comes from Gur Talpaz with Stifel. Your line is open.

Gur Talpaz - Stifel, Nicolaus & Co., Inc.

Great. Thanks for taking my question. So I want to talk about Cloud Agent adoption, Philippe. You noted over a million end points, and that's a pretty big metric given how relatively new the product is. Maybe you could talk about what's driving that adoption, what's driving that strength, and maybe walk us through what a typical Cloud Agent deal looks like in terms of penetration of a customer.

Philippe Courtot - Chairman and Chief Executive Officer

Yes, so this, in fact, this doesn't really surprise us, where a lot of people saying, it's so difficult to put agent, et cetera. And the argument I was making then was that, what our Cloud Agent does first is to essentially make the Vulnerability Management application significantly easier to deploy and manage because you don't need now credentials, you don't need scanning windows and you have real time. So this is quite significant. Now, so we see customers, existing customers, adding the Cloud Agent to some of these IPs that we're scanning, so adding on the device of course.

And also, interesting enough, it allows us now to move into end points. So we see also customers adopting the Agent for their end points. And furthermore unlike anybody, our agents also they go into the cloud. So our agent has that unique ability to go to on-premise, on servers, et cetera, on end points, as well as on cloud environment. We've just announced, by the way recently that we have worked with Microsoft, and now we are in the process of finishing the total integration of our agent with a Microsoft Azure platform so customers could directly, from the Microsoft Security Center, immediately has the agent available at the click of a button. So this is significant integration and we're working as one with all these other cloud vendors to do exactly the same thing. So this is significant adoption.

So of course, it has now started to do the same thing for the Policy Compliance, and let me remind that we see the agent is really a new platform or an extension of our Cloud Platform. And this is going to allow us to deliver in a relatively short period of time additional functionalities that all of our customers are asking, which are the file integrity monitoring capabilities, the detection of viruses, the patch management capabilities, and also we're working on the digital certificate as well. So this is absolutely a no-brainer for our customers, essentially.

Gur Talpaz - Stifel, Nicolaus & Co., Inc.

That's great color, Philippe. One last question. In your script you noted achieving FedRAMP compliance. In the past you talked about the federal opportunity. Can you talk about the pipeline there now that you've achieved a level of compliance in that arena? Do you see it building up? Is it a real opportunity sort of beginning to play out?

Philippe Courtot - Chairman and Chief Executive Officer

Definitely, I think we're at the right time at the right place now with federal. As you know, everything in federal takes time. So we're not expecting to see any kind of significant revenue this year. But I think we're very well positioned for next year because again, as you see, the federal is absolutely crippled with data breaches. And the reason is because they are using all these Enterprise security solutions. They don't integrate. They have massive networks. Enterprise security software just doesn't cut it. And so you need to have that scalability that our Cloud Platform provides so you can identify again all of your global IT assets, their vulnerabilities, their security posture. And in the past, the federal didn't want us because we're eliminating a lot of – because of the complexity of the procurement cycles, et cetera, so being FedRAMP is really the key for us. So I think we're expecting, we're very confident that next year ought to start to see ready business coming from the federal government.

Operator

Thank you. And our next question comes from Craig Nankervis with First Analysis. Your line is open.

Craig Nankervis - First Analysis Corporation

Thanks. Good afternoon. Nice quarter, folks. Philippe, you mentioned that scenario about the – over in Europe someplace about the regulations or visibility into all IT assets. Are you pursuing any special initiative to really capitalize that over there, and any part of the market seems like it would be really something that could add to your growth?

Philippe Courtot - Chairman and Chief Executive Officer

In fact, yes, because – now, that's a very good point, Craig, because in Europe our deal size has been historically much lower than in the U.S., and the reason because of the European companies were much slower at adapting that cloud-based Vulnerability Management solution that we are for the internal network. So the banks that I've mentioned to before was in fact our customers since 2002, very happy with Qualys. But it's only now that they looking at essentially deploying us on the inside.

And so the regulation is really a very big driver of that, because the regulation in Europe is really becoming – there essentially you could see a change from the regulator to try to reverse the burden of proof. So you have to prove now almost that you have taken everything, you've done everything you could have done to secure your network. So that's really tough. And again, so the fact that today we have very strong partnership with companies like Orange Business System, Airbus Cyber Defense, Siemens. We have very big partners. We can deliver also private clouds locally. So all this issue is about where does my data reside, and certainly not in the U.S. They don't want that anymore. We have solved all of these problems. So I think Europe is right for us to see bigger deals from our existing customers. And we have a large customer base in Europe. And as well as our competition there is not very strong, so really being capable of becoming a major player in Europe as well.

Craig Nankervis - First Analysis Corporation

Well, are you adding more sales heads there by chance to...

Philippe Courtot - Chairman and Chief Executive Officer

We have already made – in fact what is interesting is that we don't have a very good productivity in Europe as compared to the U.S. because, again, what I told you about the deal size is much lower. But we are very well staffed in Europe. So already, as I mentioned, we have five regional VPs in the U.S., and we're now today about 14 outside of the U.S. So it's, we have significant already, presence established with long-term customers. So we're very strong in Europe. It's just a question about the deal size which is now starting to move into our favor.

Craig Nankervis - First Analysis Corporation

Can you also just review where your data center locations are over there now with – does Brexit have any impact on the services you...

Philippe Courtot - Chairman and Chief Executive Officer

Yeah. No. Absolutely. Very good question again. So historically, we had a data center in Geneva. And now we're adding another data center in Amsterdam. And the reason is because today with this new regulation, Switzerland is not part of the EU. So that Switzerland, which was the place of peace, is not anymore the place of peace, if I may say so. So you've got to have your data outside of the – you have to have your data in the EU community, which is what we are doing now.

And in addition to that, what company like Deutsche Telekom or T-Mobile, which they have their own private cloud. We have Orange Business System (sic) [Services] (38:48) which has also private cloud. Airbus Cyber Defense (sic) [Airbus Defence and Space Cyber Security] (38:52), a private cloud. Siemens, a private cloud. So where also that ability of really delivering private cloud very easily.

And so all of these regulation works in our favor, because we keep the power of our cloud model. But now we can really deliver it on-premise or within a local geography, like with du Telecom in Dubai, Saudi Telecom in the Kingdom and others. Okay?

Operator

Thank you. Our next question comes from Matt Hedberg with RBC Capital Markets. Your line is open.

Matthew George Hedberg - RBC Capital Markets LLC

Yeah. Thanks for taking my questions. Philippe, in your prepared remarks, you talked about your expectations for improving growth rates longer term. Now I know you guys have 10 products. But I'm curious outside of sort of your core VM, WAS, PCI and Policy Compliance, if you could only pick one, which of these additional products do you think has the highest potential to become really a major contributor to future growth?

Philippe Courtot - Chairman and Chief Executive Officer

The major contributor to future growth with no question asked is the Cloud Agent platform for the reasons that I mentioned earlier. All these additional revenue streams that are working to generate and relatively early in the year for next year with file integrity monitoring, detection (40:02) for compromises, the patch management, the digital certificates. And then, so this is something we see coming very, very strongly.

And then we have interesting additional products, which like ThreatPROTECT, which are really – we charge 30% of the VM subscription to our customers to have the benefits of ThreatPROTECT. So that's a nice little bump on a huge VM customer base. We have also our Security Assessment Questionnaire that we see also adding to the Policy Compliance application. These are things that currently today are in production and doing very well. So that's what we see.

Matthew George Hedberg - RBC Capital Markets LLC

Great. And then maybe one for Melissa. You guys had a nice earnings beat this quarter. And I know you did raise the low end of your full-year guidance slightly. But I'm curious, why didn't it go even higher? Is this a reflection of additional hiring or conservatism? Just want to make sure I understand sort of the thought process around the full year earnings guide.

Melissa B. Fisher - Chief Financial Officer

Yeah. Another great question, Matt. It's a couple of factors. As we've mentioned, we have been increasing hiring, so to the extent we do that within a quarter, that is one factor that contributes to the sequential increase in expenses, as well as there is additional investment in these areas like head count that we're continuing to make.

Operator

Thank you. And our next question comes from Michael Kim with Imperial Capital. Your line is open.

Michael Wonchoon Kim - Imperial Capital LLC

Hi. Good afternoon, guys. Can you just talk a little about pricing trends, and specifically on Continuous Monitoring and ThreatPROTECT? I think you did mention possibly a 30% lift to the current VM subscription. And, I think, last quarter for CM, maybe something like a 20% lift. Are you still doing some price discovery? And how is that holding?

Philippe Courtot - Chairman and Chief Executive Officer

No, the price is holding fine. I think we're just absolutely, but we will see praise (41:51) from our customers, and now we've got enough of them. So it's just not just one or two.

That said, they were very happy with our pricing. They thought it was a fair price, no question asked. And we had, in fact, everything we do, we'll always try to engage customers before, so we don't come and suddenly surprise our customers. We work with them on the new product, on the new pricing. We try to really understand what they are expecting. So that was really – we're very, very confident with the pricing.

Michael Wonchoon Kim - Imperial Capital LLC

And then with the up-sells getting larger, are you seeing any change in average contract length? And how might that adjust the pricing?

Melissa B. Fisher - Chief Financial Officer

We haven't seen any change in average contract length, per se. What we've talked about in the past is that when we do have larger deals, larger deals take longer to close, because it's a more involved procurement process and more approvals required. We haven't seen much movement today now.

Philippe Courtot - Chairman and Chief Executive Officer

Yeah. On the contract lengths specifically, we see more and more for our large customers. They want multi-year contract. So we are doing more three-year contracts at the request of our customers. And so that has been a trend, so we are doing.

Melissa B. Fisher - Chief Financial Officer

But it hasn't been enough to move the needle to-date.

Philippe Courtot - Chairman and Chief Executive Officer

So no, it doesn't change the revenues. It doesn't change at all our booking either, because we haven't realized everything.

Melissa B. Fisher - Chief Financial Officer

Right.

Philippe Courtot - Chairman and Chief Executive Officer

So we have some prepaid deal, which sometimes could of course impact the current deferred (43:32), but these one are relatively rare as big prepaid. But we have a few of those.

Operator

Thank you. And our next question comes from Jack Andrews with D. A. Davidson. Your line is open.

Jack Andrews - D. A. Davidson & Co.

Hi. Good afternoon. Thanks for taking my question. Philippe, you introduced a slew of new products early in the year, and as we're sitting here slightly past I guess the halfway point of 2016, can you update us just in general on your thought process for additional products, are there any particular market adjacencies perhaps that look attractive to you?

Philippe Courtot - Chairman and Chief Executive Officer

So first of all, they were not early in the year that much, with the exception of the Cloud Agent. ThreatPROTECT was very recent. Our Security Assessment Questionnaire was very recent in fact. So this being said, we are expecting today essentially with the new services that we're planning to deliver, we are looking at I think them as a showcase at our user conference in October. We probably will showcase them at our Analyst Day as well in November. So we see them as generating revenues early next year, starting early in the year. And then in terms of market adjacency, we're just continuing to essentially expand really naturally. So you look at ThreatPROTECT, this is adds to VM. There's a very interesting market that we believe we can really make a very big difference, in fact two markets; one is the asset discovery. We believe that today we have absolutely the best technology today to do asset discovery and inventory; and then synchronize like we are doing today now with ServiceNow. So that's almost like more of an IT, if you prefer, market.

So our view here is that we can bring security and compliance and IT security and compliance into one single solution. We are starting to really compete very effectively against Tanium as – if you could consider it as an additional market. And then there is, we are looking at digital certificates, we think really, we have a very good solution. We already have half of the solution for digital certificates in the sense that we can discover all of your digital certificates, and then we can analyze where they are coming from, when they are going to expire. The only thing which we're missing today to really provide the full solution, which we are working on as we speak, which is the ability to update or manage these digital certificates. So we're not far from having also that solution. And that's the kind of really adjacent market as well.

Jack Andrews - D. A. Davidson & Co.

Thanks. I appreciate that. And then just as a quick follow up, could you give us an update in terms of just your senior management team, are there any meaningful roles that you are still looking to fill at this point?

Philippe Courtot - Chairman and Chief Executive Officer

Yeah. I mean, we're always expanding our management team. Today I'm a little bit – we're starting to really looking very seriously at doing some acquisitions, albeit very carefully, which is a way to increase the management. So currently I'm looking at adding a Chief Security Officer, so we're currently actively looking. And we add our VP of Worldwide Sales which went back with his previous company, and so that he needs the opportunity to really look for somebody as well. So these are essentially the two key position on a management level that we're looking at adding.

Operator

Thank you. And our next question comes from Srini Nandury with Summit. Your line is open.

Srinivas S. Nandury - Summit Redstone Partners LLC

Right. Thank you for taking my call. This question is for Philippe. Philippe, I know your Cloud Agent that was initially for Windows, and last quarter you released the products for Linux and Mac OS. Can you talk about whether these products have been deployed in the field, and could you talk about how the pricing for these new services are? And then I have a follow up please.

Philippe Courtot - Chairman and Chief Executive Officer

So I'm not so sure that I understood the question. You were asking about the price for this Cloud Agent or...

Srinivas S. Nandury - Summit Redstone Partners LLC

Well, the price, as well as you launched Linux portion of your Cloud Agent and Mac OS earlier last quarter. So I just wanted to understand how those products have been doing in the market and what your conversations have been.

Philippe Courtot - Chairman and Chief Executive Officer

Okay. So this is Philippe. The UNIX agent for it is essentially the big market for them, it's of course, with companies which are using UNIX servers and as well as the cloud environment. The cloud environment are essential in UNIX. So we put that down. And so very successful. It was in big demand. The Mac is much more for the endpoint essentially. And so that's also strengthened our position and offering on the endpoint. And all-in-all today when I look at these agents, so there's a combination of adding to the existing VM that we're doing, so we have on an average today with this Cloud Agent generating significant, we are in above, I would say $5 per agent per year. So it's got to be an interesting add-on to our business, and it's growing very well. (49:15).

Srinivas S. Nandury - Summit Redstone Partners LLC

Okay. Yes. Just extending the Cloud Agent technology, it looks like it's a natural extension for endpoints such as Android devices and iOS. You and I talked about this a while ago. Do you expect to release a Cloud Agent for handheld device as well and...

Philippe Courtot - Chairman and Chief Executive Officer

No. The issue with the Android devices and iOS devices is that you cannot really put an agent, or let's say the agent that you can put can give you really minimum information, and there's already a market with the MDM application. So for us our strategy at the moment there is to essentially take the data from this MDM vendor to enrich information that we have, and put all of that into our cloud back-end, rather than doing an MDM agent because it's already pre-occupied. This being said, when and if Google and Apple open up their OS then – so we could put an agent, then we're ready for it.

Because the challenge is not to build the agent. The challenge is really all the analysis you have to build that to hundreds of millions of agents, if not billions of agents. But first, it's today with large cloud providers now deploying 2 million agents of Qualys in the process of deploying these agents. So that's a question of scale, and of course that's a problem that we've solved. We're also working on providing an SDK for our agents, so people could build the agents themselves, and then we can provide all the processing if you prefer back end, to do all what needs to be done with the data that the agents are bringing back. Does that make sense?

Operator

And thank you. And our last question comes from Steve Ashley with Robert W. Baird. Your line is open.

Steve M. Ashley - Robert W. Baird & Co., Inc. (Broker)

Thank you very much. So Philippe, I just want to ask a high level question on the industry. And you kind of have a, statesman of the industry, and a big picture view. But there are rumors that McAfee might be for sale. There are rumors that FireEye might be for sale. There are rumors that Imperva might be for sale. We're seeing Symantec and Blue Coat merge. So there seems to be at least a rumor of a lot of consolidation of some meaningful-sized businesses. What do you see going on in the industry, and what kind of – why do you think this might be happening now? Thanks.

Philippe Courtot - Chairman and Chief Executive Officer

This is a fantastic question, Steve. I really appreciate it. But, yes, this is exactly what is happening. And by the way, this is not surprising. This is something, by the way, that I predicted many years ago, I'm a little bit late on the timing. You look at what happened with the mainframe industry, going through the mini-computer industry, which was more of a technological evolution, then a totally new architecture came with a client-server. And now, we're seeing the same thing happening with the cloud computing architecture. And now, today, what is happening is like we saw the mentoring, (52:28) meaning it's a consolidation of the old industry, which is about to die. Then the question is how long it will take. And then, the emergence of a new breed of company, which I strongly believe, Qualys is one of them, and nothing new here.

The only thing which is new is today, the very specific challenge that security has, which is very unique, and it's becoming very clear, and I was in discussion with Jeff Moss, in fact, this morning where we are just at Black Hat now with Jeff Moss, the Founder of DEF CON and Black Hat, and this is exactly the same thing. Security today has a huge challenge because things are going so fast. So you have the complexity has increased significantly, and now the speed at which the attacks are coming are absolutely incredibly fast. So the bad guys now can detect vulnerabilities in your organization even before you can yourself do. They've already created an exploit and you're attacked now in no time. So how do you protect against that?

So you really have to change. So this is where all these Enterprise solutions are falling apart because they are too slow, they are too costly to manage. What do you do with all that data, they don't integrate with themselves. So there's absolutely a need for that new breed of solution, and we see that from our customers. That's what we are really, really I think the market is coming our way big time.

Joo Mi Kim - Vice President, FP&A and Investor Relations, Qualys, Inc.

Great. Thank you. Thank you, everyone for attending our Q2 earnings call. We look forward to seeing many of you next week at the Pacific Crest Conference in Vale, and the Credit Suite Small and Mid-Cap conference in New York in September. We will be holding an Analyst Investors Day in New York on November 17, and if you would like to attend our Annual User Conference as well, which will be in Las Vegas in October, please let us know. Thank you.

Operator

Ladies and gentlemen, thank you for participating in today's conference. This does conclude today's program. You may all disconnect, and everyone have a great day.

Copyright policy: All transcripts on this site are the copyright of Seeking Alpha. However, we view them as an important resource for bloggers and journalists, and are excited to contribute to the democratization of financial information on the Internet. (Until now investors have had to pay thousands of dollars in subscription fees for transcripts.) So our reproduction policy is as follows: You may quote up to 400 words of any transcript on the condition that you attribute the transcript to Seeking Alpha and either link to the original transcript or to www.SeekingAlpha.com. All other use is prohibited.

THE INFORMATION CONTAINED HERE IS A TEXTUAL REPRESENTATION OF THE APPLICABLE COMPANY'S CONFERENCE CALL, CONFERENCE PRESENTATION OR OTHER AUDIO PRESENTATION, AND WHILE EFFORTS ARE MADE TO PROVIDE AN ACCURATE TRANSCRIPTION, THERE MAY BE MATERIAL ERRORS, OMISSIONS, OR INACCURACIES IN THE REPORTING OF THE SUBSTANCE OF THE AUDIO PRESENTATIONS. IN NO WAY DOES SEEKING ALPHA ASSUME ANY RESPONSIBILITY FOR ANY INVESTMENT OR OTHER DECISIONS MADE BASED UPON THE INFORMATION PROVIDED ON THIS WEB SITE OR IN ANY TRANSCRIPT. USERS ARE ADVISED TO REVIEW THE APPLICABLE COMPANY'S AUDIO PRESENTATION ITSELF AND THE APPLICABLE COMPANY'S SEC FILINGS BEFORE MAKING ANY INVESTMENT OR OTHER DECISIONS.

If you have any additional questions about our online transcripts, please contact us at: transcripts@seekingalpha.com. Thank you!