CyberArk Software Ltd (CYBR) CEO Udi Mokady on Q2 2018 Results - Earnings Call Transcript

|
About: CyberArk Software Ltd. (CYBR)
by: SA Transcripts

CyberArk Software Ltd (NASDAQ:CYBR) Q2 2018 Earnings Conference Call August 7, 2018 5:00 PM ET

Executives

Erica Smith - Investor Relations

Udi Mokady - Chairman and Chief Executive Officer

Josh Siegel - Chief Financial Officer

Analysts

Saket Kalia - Barclays

Fatima Boolani - UBS

Mike Casado - KeyBanc Capital

Sai Sharma - JPMorgan

Anjelo Austria - Morgan Stanley

Daniel Bartus - Bank of America

Gur Talpaz - Stifel

Gabriela Borges - Goldman Sachs

Howard Smith - First Analysis

Ken Talanian - Evercore ISI

Catharine Trebnick - Dougherty

Jonathan Ho - William Blair

Michael Romanelli - Cowen & Company

Erik Suppiger - JMP

Tanner Hoban - Oppenheimer

Operator

Good day, ladies and gentlemen and welcome to the Q2 2018 CyberArk Software Ltd Earnings Conference Call. At this time, all participants are in a listen-only mode. Later, we will conduct a question-and-answer session and instructions will follow at that time. [Operator Instructions] As a reminder, this call will be recorded. I would now like to introduce your host for today’s conference, Erica Smith. Please go ahead.

Erica Smith

Thank you, Chris. Good afternoon, everyone. Thank you for joining today to review CyberArk’s second quarter 2018 financial results. With me on the call today are Udi Mokady, Chairman and Chief Executive Officer and Josh Siegel, Chief Financial Officer. After preliminary remarks, we will open the call up to a question-and-answer session.

Before we begin, let me remind you that certain statements made on the call today maybe considered forward-looking statements, which reflect management’s best judgment based on currently available information, specifically our expectations and beliefs regarding our projected results of operations for the third quarter and full year 2018. Our actual results might differ materially from those projected in these forward-looking statements. Please see the risk factors contained in the company’s annual report on Form 20-F filed with the U.S. Securities and Exchange Commission and those referenced in today’s press release. CyberArk disclaims any application or undertaking to release publicly any updates or revisions to any forward-looking statements made today.

Additionally, non-GAAP financial measures will be discussed on this conference call. A reconciliation to the most directly comparable GAAP financial measures is also available in our earnings press release, which can be found on www.cyberark.com in the Investor Relations section. And please note that a webcast of today’s call will be available on our website in the Investor Relations section.

And with that, I would like to turn the call over to Udi. Udi?

Udi Mokady

Thanks, Erica and good afternoon everyone. Thank you for joining the call today. Strong execution and robust demand across all geographies drove our results in the second quarter. Revenue increased 35%, reaching $78 million and we were very pleased to see license revenue growth by 36% to $41 million. We generated $17 million in operating income and our cash flow from operations was $56 million in the first 6 months of the year. It was a great quarter and we are thrilled with our results.

A number of secular trends are contributing to the momentum in our business. Compliance requirements and rigorous regulations like GDPR, persistent attacker innovation and escalating cyber threats, the execution of digital transformation strategies, the complexities of cloud migration and protecting hybrid environments, and most importantly, privileged access security is broadly recognized as a top priority critical to security strategies. In fact, in a smarter with Gartner, Gartner top 10 security projects for 2018 blog post published on June 6, 2018, Gartner summarizes the recent security and risk management summit held in June.

At the event, Gartner analyst Neil MacDonald recommended that CISOs, Chief Information Security Officers, focus on projects that reduce the most amount of risk and have the largest business impact and he identified privileged account management as the number one focus for organizations. Today, privileged access security is viewed as foundational to successful security strategies and is now the number four control on the CIS, critical security controls for effective cyber defense compared to 4 years ago when protecting privileged access was not even a top 10 control. These trends are contributing to our growth with the Americas and APJ generating record revenues again this quarter and while EMEA had an easy compare versus the second quarter of 2017, the region outpaced our expectations growing by more than 60% in Q2.

On the new business front, we are now helping secure over 4,000 organizations around the world winning nearly 200 logos in the second quarter, including 4 Fortune 500 and 22 Global 2000 organizations. The majority of our new business continues to be Greenfield, including 3 of the 4 Fortune 500 wins. A few new business highlights include a financial services company has deployed a number of disparate privileged access security solutions and wanted to standardize enterprise wide. The leadership team recognized that CyberArk was the only vendor who can scale to seamlessly manage secure and provide a single point of control across on-premise, hybrid and cloud.

Our proven track record, delivering innovation also gave the team confidence that we can support their long-term security strategy. A leading technology company picked CyberArk over an incumbent vendor to securely implement its digital transformation strategy, which will begin with deployment in Google cloud platform. We will be securing this mission-critical program, because we are battle tested in public cloud and hybrid environments and we are able to secure privileged access to modern infrastructure, technology and processes.

A medical device company will be implementing endpoint privileged manager for about 25,000 workstations and 3,000 window servers. Customers continue to embrace our unique combination of lease privilege, application control and credential theft blocking and we were pleased to see endpoint privileged manager represent about 10% of our license revenue in the second quarter. During the second quarter, CyberArk was chosen to not only mitigate risk and prevent the damage from cyber attacks, but also to solve critical compliance requirements for NIST, GDPR, Swift and PCI. Every organization needs to protect privileged access. Over the last 12 months, 9 verticals contributed more than 5% to the business.

A major highlight in the second quarter was the global government vertical, which represented more than 15% of the business. It was particularly rewarding to see U.S. federal, have a record quarter in advance of the fiscal year end in September. We signed 31 new U.S. federal agencies across 20 departments. Existing U.S. federal customers also standardized on CyberArk during the quarter demonstrating that we have quickly become the facto standard across many U.S. civilian agencies. We are building a strong foundation in global government and U.S. federal and are confident that they will be important contributors for long-term growth. In the quarter, we signed a 7-figure deal with a European government agency that suffered public scrutiny after privileged access was exploited to steal data and damage credibility.

Our mission is to secure organizations before successful cyber attacks, but a breach dramatically increases the urgency for privileged access security. While we are experiencing strong industry tailwinds, the execution of our strategy also contributed to our success in the first half of the year. The enhanced functionality and simplification of Version 10 has further extended our leadership position, which is reflected in our strong new and add-on business in Q2. Customers love the simplified workflows, streamlined implementation and the overall user experience, the new version has had a meaningful impact in sales engagements.

In addition, our investments in securing the cloud application credentials and the DevOps pipeline are enabling us to protect customers’ digital transformation strategies. In a 7-figure win, an existing financial services customer will leverage our solution in its application and development strategy for all consumer-facing applications. A few years ago, CyberArk was predominantly protecting infrastructure in on-premise datacenters. Today, customers recognized that securing privilege across the entire enterprise all the way to consumer-facing applications is critical to effective business operations. Application Identity Manager and Conjur are continuing to gain traction and so far this year represents about 10% of license revenue. We are winning deals for both new and add-on business. Security teams are pushing for programmatic privileged across both on-premise applications and the new DevOps pipeline as we saw with a major cross-sell deal with an existing technology customer in the second quarter.

Add-on business represented more than 55% of the license revenue in the second quarter driven by the tremendous value our solution provides as well as our high levels of customer’s satisfaction. We held our Americas and EMEA customer events in July, representing the largest gatherings of privileged security professionals in each of the regions. The feedback from the events reinforces that privileged access security is the top priority and that the majority of customers are early in the deployment of their cyber programs. There is significant room for growth. We acquired Vaultive in March and are pleased with the progress of the integration. The response to Vaultive at our customer events was overwhelmingly positive as customers are looking for solutions to secure highly privileged business users and SaaS and cloud administrators.

We continue to set the pace of innovation in the privileged access security market with our June introduction of the CyberArk privileged cloud. Customers have more options today and can deploy our access to CyberArk anywhere, on-premise, in the cloud and as a service or through an MSSP. Given the demand for our solution is driven primarily for buy on-premise deployments, we are not expecting CyberArk privileged cloud to be a meaningful contributor to our results in 2018, but we have recognized that the market will evolve over time and introducing CyberArk privileged cloud helps future proof our leadership position in privileged access security. Our momentum with advisory firms like Deloitte, PWC, KPMG and Accenture continues to build. They are investing in CyberArk, building world-class practices specialized in privileged access security. In the second quarter, new and add-on business influenced by advisory firms increased by more than 50% over last year and our indirect business represented more than 65% of revenue in the second quarter.

Our C³ Alliance is increasing awareness of privileged access security beyond our traditional stronghold with security teams and into IT and business operations group as well as within the identity and cloud teams. We are seeing strong traction with technology partners like ForeScout, Okta, Proofpoint, SailPoint and ServiceNow, cloud providers such as AWS, Google and Microsoft and robotic process automation vendors like Blue Prism, UiPath and Automation Anywhere. C³ is a meaningful differentiator in the field and we now have more than 100 technology partners. Through our partnerships, we also continue to extend the reach of our solution. Conjur Enterprise is now running on Red Hat OpenShift container platform and we introduced Conjur as a Kubernetes application in the Google cloud platform marketplace. And in June, we launched our core privileged access security solution in the AWS marketplace.

The speed and agility of software automation and modern application development are changing the face of business operations. Cloud migrations are well underway. Organizations recognized that securing privileged access is critical to security. Our investments in cloud, DevOps, product simplification and strategic partnerships are completely aligned with these broader industry trends and have significantly distance us from the competition. With our execution the first half of 2018, we have a tremendous opportunity and are in a great position to deliver both growth and profitability in 2018 and beyond.

With that, let me turn it over to Josh to discuss more details about our terrific results. Josh?

Josh Siegel

Thanks, Udi. Before we begin reviewing the quarter, I wanted to remind everyone that our second quarter results reflect the modified retrospective approach to disclosure for accounting standard 606. So as Udi mentioned, we had a great second quarter capping off a very strong first half of 2018. Our sales execution coupled with robust demand resulted in revenue, operating income and EPS that were ahead of guidance and another quarter of strong cash flow from operations.

Total revenue growth accelerated to 35% year-on-year reaching $77.7 million in the second quarter. License revenue reached $41.1 million, increasing 36% over the second quarter last year and representing 53% of total revenue. We showed growth across all geographies and for both new and add-on business. Maintenance and professional services revenue was $36.6 million increasing 35% over the prior year period and representing 47% of revenue. Professional services revenue during the quarter by itself were $6.8 million or 9% of total revenue, which is at a high-end of the typical range we see of 7% to 9%. We saw overall better efficiency from our services group and an uptick in services from EMEA compared to the last several quarters.

Geographically, the Americas reached another record of $48.4 million with growth accelerating to 24% and representing 62% of total revenue. We often discussed the consistency of the Americas. The second quarter represented the ninth quarter of sequential growth in that region, which we are pleased to see given the strong seasonality we typically would experience in the fourth quarters. During the second quarter, EMEA revenue increased 62% to $22.4 million or 29% of total revenue while the growth in EMEA is often easier compare we are pleased with the strong execution in the last several quarters. APJ also achieved a record $6.9 million for the quarter growing 54% and representing 9% of total revenue. In addition, demand for privileged access security is increasing across verticals. During the second quarter, 7 verticals grew by 50% or faster, including banking, education, energy, insurance, IT services and software and telecommunications. As Udi mentioned, global government had a record quarter more than doubling from the second quarter of last year.

As I move through the P&L, all financial results will be discussed on a non-GAAP basis, please see the full GAAP to non-GAAP reconciliation in the tables of our press release. Our second quarter gross profit was $68.2 million or an 88% gross margin compared to 85% gross margin in the same period last year. The strength in our gross margin was due to increased utilization of our professional services team and the lower use of third-party subcontractors. Given that we are still in the early innings of our opportunity, we are continuing to invest in growing and scaling our operations. R&D expense grew by 47% year-on-year to $11.8 million as a result of a number of factors, including one, R&D headcount increasing by 27%, which included the acquisitions of Conjur in May of last year and Vaultive in March of this year, coupled with movements in the currencies.

Sales and marketing increased 19% to $32.4 million as we expanded our sales organization across all geographies to support direct and indirect sales. G&A expense increased 40% year-on-year to $6.9 million as we scale the business to support our growth, including the implementation of various IT systems, such as a new ERP. In total, operating expenses for the second quarter increased 27% to $51.2 million compared with $40.2 million for the second quarter last year. We ended the second quarter with 1,077 employees worldwide, up from 1053 at March 31 and compared with 921 at the end of second quarter last year. We ended the quarter with 513 employees in sales and marketing that’s compared to 502 at March 31, 2018 and 445 at the end of the second quarter last year. Another driver of our total expenses comes from our moves to the new offices located in Israel, London and Singapore to support the growth of the organization.

Operating income was ahead of our guidance at $17 million or 22% operating margin. This compared to an operating income of $8.8 million or 15% operating margin in the year ago period. Net income was $13.5 million or $0.36 per diluted share for the second quarter of this year compared to $7.7 million or $0.21 per diluted share for the second quarter of last year. We were pleased to generate $56.2 million of cash flow or 38% margin for the first half of 2018. That’s representing an increase of 90% over the first 6 months of last year. The strong cash flow continues to be driven by strong collections as well as our high maintenance renewal rates. As a result, we ended the quarter with $378 million in cash and investments. This compares to $330 million in cash and investments at year end and we ended the second quarter with $130 million in total deferred revenue, a 23% increase from $105 million at year end and a 56% increase from $83 million at June 30, 2017.

Turning to our guidance, as a reminder, our guidance does not consider any potential impact to financial other income and expenses associated with foreign exchange gains or losses as we do not try to estimate future movements in foreign currency rates. So, for the third quarter of 2018, we expect total revenue of $77.8 million to $79.3 million or 21% growth year-on-year at the midpoint. We expect non-GAAP operating income to range between $11.4 million to $12.6 million and non-GAAP net income per diluted share of $0.25 to $0.28.

Our third quarter guidance reflects a similar step up in expenses from Q2 to Q3 that we have experienced in prior years. The increase is primarily related to seasonal employee expenses in our third quarter marketing programs, which include our signature annual customer impact events held this year in Boston and Berlin as well as our new defense customer series. The defense series is a new sales and marketing initiative being held this quarter across 12 cities in North America and attracting more than 1,000 participants. Our guidance also assumes 37.5 million weighted average diluted shares and a tax rate of 21% for the third quarter. Because of our strong first half execution and demand for our solution, we are increasing our guidance for the full year of 2018. We expect total revenue to be in the range of $320 million to $324 million or growth of approximately 23% at the midpoint. We are also increasing our guidance for non-GAAP operating income to be in the range of $64 million to $67 million and non-GAAP net income per diluted share of $1.43 to $1.50. This assumes 37 million weighted average diluted shares.

Our guidance for the full year assumes an effective tax rate of approximately 21% for the year. We are pleased with our strong execution and our great results in the first half of 2018, which positioned us now very well for the remainder of the year. I will now turn the call over to the operator for Q&A. Operator?

Question-and-Answer Session

Operator

Thank you. [Operator Instructions] And our first question comes from Saket Kalia with Barclays. Your line is now open.

Saket Kalia

Hi, guys. Thanks for taking my questions here and well done. First, maybe for you Josh, you mentioned services were ahead of the typical range in terms of revenue, maybe just for comparison what was the rough split last quarter and how have you thought about that split in the second half vis-à-vis your guidance for the year?

Josh Siegel

Yes. So, last quarter it was 8% and we have been running at kind of 7% to 9% for years and I would anticipate and we are modeling around 8% for the second half.

Saket Kalia

Okay, that’s really helpful. Maybe a more strategic question for you, Udi, we all saw the acquisition of CA recently realizing that it’s still very early, can you just talk about whether you have seen any glimmers of sort of competitive shift as it relates to CDM and whether that’s something that you have actually seen when your other competitors have been acquired in the past, whether that’s like Quest or Lieberman or a lot of companies in your space have kind of changed hands. So, what’s been the history that you have seen in terms of competitive opportunity?

Udi Mokady

Absolutely. And then thanks Saket for the congrats, we are really excited about the results here. I would say that we have not yet seen beyond the news that came out the immediate impact, but like everyone here we read that there is an intention to get drive significant synergies and cost-cutting. So, we expect that this could be another opportunity for us for competitive displacement. If we look at past similar acquisitions, CyberArk was able to benefit and from displacement opportunity, especially for customers who are strategically thinking about the space and want to go deep in privileged access security, specifically Xceedium, we have the CA Xceedium solution, we have displaced in multiple organizations. So, this is what we view as likely positive and again based on what we saw in the past.

Saket Kalia

Very helpful. Thanks very much guys.

Udi Mokady

Thank you.

Josh Siegel

Thank you.

Operator

And our next question comes from Fatima Boolani with UBS. Your line is now open.

Fatima Boolani

Good afternoon. Thank you for taking questions. Maybe one for Josh or either Udi, you now have two quarters of data point on privileged access security bundle initiative that you undertook. I am wondering if you can quantify the impact this is having on your transaction velocity or pipeline growth and then part B of the question is as it relates to the bundling, do you have guardrails importantly to protect against any deal size contraction? And a follow-up for Josh if I may.

Udi Mokady

Yes, hi, Fatima. I will start on the pricing. So, we do have two quarters now. Roughly in the first quarter though, I think only about a third of the business was going through our new pricing. That jumped up nicely into the second quarter. I think overall if we look at the whole first half, roughly half of the business came through our new pricing model. At this point though, I would still say that we are not seeing a necessarily shift in the order size. What we are seeing I think is more – as a lot of qualitative benefits within the sales cycle of the engagement process between the sales and the customers and an ease of the quoting and a smoother transaction. I think it’s still too early to tell that it’s reducing the sales cycle, but what I do think it’s doing and at least certainly qualitatively is leaving a lot more room for discussion of the product and less around the pricing machination. So, I think overall we are still keeping very close tabs on it. With regard to your second piece, we don’t see yet of having to have any unnatural guardrails so to speak on the pricing mechanism. It’s pretty straightforward. It’s a by-user price and then there is, it can be a discount applied and the discount rules are very rigid within the organization and controlled through approval processes. So I think at this point, it’s pretty much similar to how we are doing business a year ago but in a much more simple format.

Fatima Boolani

That makes a ton of sense. And just really quickly on your customer add rate according to what I see it’s probably some of your best new logo ad rate, in many quarters almost comparable to a fourth quarter ad rate. I am wondering what are some of the driving factors of that increasing new logo ad velocity? And that’s it for me. Thank you.

Udi Mokady

Yes, Fatima, thank you. It’s definitely the combination of strong execution on top of executing on our strategy, which including launching v10 last year, which is all about simplified workflow for the customer that makes it easier in the proof-of-concept, makes it easier in the implementation phase and really contributes to the new logo cycle pricing that you mentioned is definitely a positive there. And on top of that, it was an extraordinary quarter on the government side and the addition of so many U.S. federal customers in a non-end of fiscal government quarter cycle. So that really contributed to the high logo, new logo count.

Fatima Boolani

Very clear. Thank you.

Udi Mokady

Thank you.

Operator

And our next question comes from Rob Owens with KeyBanc Capital. Your line is now open.

Mike Casado

Hey, guys. This is Mike Casado on for Rob Owens. Thanks for taking my question. Udi, given the growth in EMEA, can you elaborate on the progress Rich Turner has made in that geo in the quarter and also hone in on an objectives, I guess, for the remainder of the year?

Udi Mokady

Yes, absolutely. As I have alluded to in the past is number one thing was to improve consistency and really take the best practices that we have seen in the Americas market into the team. So we have seen improved execution over the last several quarters and I would say an increasingly successful and higher productivity from the team across region. We have also seen broader market awareness that’s a result of our marketing efforts and field marketing efforts and you couple that with the great improving market fundamentals specific to our space. Rich brings a very disciplined and focused approach and this translated to the results. Coupled with the continued work with the channel, that’s his background and it was strategic for us to further embrace, enable and partner with our channels in EMEA that includes the value-added resellers, but also the advisory firms that are taking an increasing role.

Mike Casado

Thanks, Udi and that makes total sense. It looks like the guidance raise on revenue and operating income roughly equal to quarters upside, just given the momentum you are seeing in the business, what are some of the mitigating factors in not pushing the guidance raise higher this quarter?

Udi Mokady

I think that we feel pretty good that we are able to pass through the full raise into the year and also be able to do it at the same time by levering also the bottom line and increasing our operating margin as well and our EPS. So, I think at this point we feel good it increases the total year growth rate. And in terms of the guidance, we are comfortable with what we gave for the full year.

Mike Casado

That makes sense. Thanks, Udi. Nice quarter.

Udi Mokady

Great. Thank you.

Operator

And our next question comes from Sterling Auty with JPMorgan. Your line is now open.

Sai Sharma

Yes, hey, guys. This is Sai Sharma on for Sterling Auty. Congrats on the quarter and so how much did GDPR benefit in the quarter?

Udi Mokady

I would say, hi, this is Udi. I would say we did see some activity that’s specifically referenced GDPR during the second quarter, but like we said after the Q1 call, we think GDPR will be more of a steady drumbeat and a steady tailwind for the business over a longer period of time, maybe many years versus just tied to the May deadline. So, it’s an overall tailwind positive, but for the long run, we also see that or believe that breach disclosure like we have seen in some cases may accelerate spending, but again we didn’t see that broadly yet.

Sai Sharma

Alright, thank you. And just one more, so were there any very big deals in the quarter greater than 5 million?

Erica Smith

So, we don’t actually disclose the number of deals. This is Erica. We had a typical quarter for size of deals and transactions this quarter. So, there is nothing to call out on the deal size from a deal size perspective.

Sai Sharma

Alright, thank you.

Udi Mokady

And there was nothing over 5 million.

Operator

And our next question comes from Melissa Franchi with Morgan Stanley. Your line is now open.

Anjelo Austria

Hi, this is Anjelo Austria in for Melissa. Thanks for taking my question. One area of particular strength was the sizable deferred revenue beat did you mind singling out any normal dynamics or drivers in the quarter to speak to the outperformance?

Udi Mokady

The deferred revenue was 98% support and maintenance contracts. It just goes to our continued high maintenance renewals and there was nothing – there was nothing unnatural in there other than the fact that we keep really driving strong renewals.

Anjelo Austria

Understood, got it. And just one more question for me, another bright spot was the acceleration in U.S. revenue growth returning to over 20% growth, are there changes in the go-to-market or demand drivers or anything going on to understand what’s driving that growth?

Udi Mokady

I would say, we went – whenever there were questions in the past, we talked about the fact that this is our most, best educated market and that we are seeing more and more customers move from a project-based approach to really taking our privileged access security program. And I would put into strong execution on both driving new business and educating existing customer to take a programmatic approach, coupled with the secular drivers that I mentioned before and privileged access security really driving to the top, so that the team executed on the opportunity.

Anjelo Austria

Got it. Thank you very much.

Udi Mokady

Thank you.

Operator

And our next question comes from Daniel Bartus with Bank of America. Your line is now open.

Daniel Bartus

Hi, guys. Thanks for taking my questions. I wanted to ask first on Cisco’s recent dual acquisition, I wonder if you had any thoughts on that and whether you partner at all and maybe just generally what’s your vision for the convergence of IAM and PAM over time?

Udi Mokady

Yes, this is Udi. Absolutely. Dual-R and one of our 100 partners in the C³ Alliance and we support their specification for customers who want to use them to authenticate to the CyberArk platform as multifactor authentication. The acquisition I believe validates that identity is a key pillar in security, but we don’t see the acquisition changing anything on our partnership front or accelerating the various pieces of identity consolidated.

Daniel Bartus

Okay, great. And maybe quick one for Josh just wondering if you can talk to how much of your EMEA revenues exposed to euro? Thanks.

Josh Siegel

In Europe, we sell in euro, sterling and dollars. I would say, roughly 60% euro, 25% sterling, 15% dollar.

Daniel Bartus

Okay, thanks very much guys.

Udi Mokady

Thank you.

Operator

And our next question comes from Gur Talpaz with Stifel. Your line is now open.

Gur Talpaz

Great. Thanks for taking my question and congrats on the quarter guys. So you talked a lot about government strength here in Q2 both internationally and domestic. And I guess what I am wondering is how do you feel about Fed opportunity as we now push into the fiscal year end for the government into Q3. Do you see sizeable pipeline or did you perhaps closed more than you expected in Q2?

Udi Mokady

Yes, hey, Gur, it’s Udi. I would say that this was not bringing Q3 deals earlier. The prime amount of the federal deals that I mentioned, were off of that cycle and we are on government contracts that were not subject to fiscal year end. So, we still see a healthy government pipeline for Q3.

Gur Talpaz

Okay, that’s helpful. And then Udi, you talked a lot about hybrid environments in the prepared remarks and what I am wondering is as customers go through their broader architectural revaluations, does that create a new opportunity for discussion for you guys? I mean, does that create a catalyst of sorts to bring you and then have a broader discussion about bringing PAM into the fold if you will for customers that may not have had you deployed previously?

Udi Mokady

Absolutely. I think it’s one of our strengths is that CyberArk is really relevant in that cloud migration space. No matter where it catches the customer it could be the on-premise customer that is only making the first steps into cloud or the customer that moves in all-in, but also to your question, the hybrid, the hybrid is here to stay for quite a while and in that hybrid, customers really appreciate having a solution that extends to all of their environments and very often whether it’s an existing customer, it triggers advanced discussions of how we help them take the journey and as I gave some examples. And if it’s a prospect that is in hybrid mode, they really appreciate our investments in making sure that we can take that entire journey and this includes of course, our self-developed capabilities, but also the extensions we have made with the Conjur acquisition, with the Vaultive acquisition in capturing the capabilities into their journey.

Gur Talpaz

That’s it. Thanks for taking my questions. Appreciate it.

Udi Mokady

Thank you. And I will probably add that we are always very proud to that in our business model we put diversity as one of our strength. So, we have often emphasized that geographic diversity and I think we really showed it this quarter. The vertical diversity as we have highlighted this quarter and Gur, to your question, it’s the diversity to be able to play both in on-premise, in all-cloud and in the hybrid in between as the strength for us.

Operator

And our next question comes from Gabriela Borges with Goldman Sachs. Your line is now open.

Gabriela Borges

Good afternoon. Thanks for taking the question and congrats on the quarter. Every quarter, we talk about a few specific areas, where you are building up the partnerships in the channels and the customer support side of the business. Maybe higher level question for either Udi or Josh, where do you feel you are now on the cadence of investment with being able to meet demand and the rates of channel you have and maybe just give us where your top couple of priorities are on the go-to-market over the next 12 months? Thank you.

Udi Mokady

I would say that if in the past we felt a major bottleneck in partner enablement and training, we are seeing the fruits of our investments in having more and more CyberArk certified engineers out there, although we do create a good problem an industry of really high demand for this talent out there, but we are seeing the fruits of that. It was very strategic for us to – and we talked about it many times to really invest in that layer on of the advisory firms that can help those customers take a risk-based approach and take CyberArk on the strategic journey from a project to a program. And I think I highlighted the 50% growth of in deals that were influenced by these advisories. Another aspect is doing that across geographies. And I would say the progress we are making and it’s still top priorities, is extending that to EMEA, extending that to APJ and that’s all in progress. So, that’s on the advisory level, but I would say in all phases, including the value-added resellers, it’s really making sure if they are enabled and able to take this to market in a year, in which and in the time where the – in which periods access is labeled a top priority. And so this is the time to make it happen and we are investing in it.

Gabriela Borges

That’s very helpful. Thank you. The follow-up is on PTA product, I am hoping you can give us some color on how often PTA is coming up in conversations relative to year ago, what do attach rates look like and how are they changing? And when you go into a sale with and PTA does come up how much of a differentiator is it relative to what you are typically able to compete with when you just go in with EPV and then PSM?

Udi Mokady

Yes. I think one of the important strategic moves we made for the benefit of our customers, but it’s really benefiting the business as well is to include privileged threat analytics in the new pricing model as part of core privileged access security. We believe every customer has to have Enterprise Password vault, privileged session management and threat analytics in the deployment as they are presenting lateral movement and privilege escalation attacking the networks and their clouds. So by putting that in there, we are seeing that it’s a differentiator in the PLCs. Customers don’t have to look through a variety of line items to pick and choose and actually get the benefit within this pricing. The fact that version, I think it was in 10.2 or 10.3, we really integrated PTA dashboard into the regular Enterprise Password vault dashboard even further simplified the adoption in new customer sales, but also in add-on business, where customers want this and now can easily benefit from threat analytics. So, we are not – we don’t have a metric to give you as a standalone product, because we are including it in CorpPass, but that move is driving more and more adoption of PTA.

Gabriela Borges

That’s helpful. Thank you.

Operator

And our next question comes from Howard Smith with First Analysis. Your line is now open.

Howard Smith

Yes, thank you and I echo the congratulations on the broad strength of the business. Question dealing with how some of the newer products are affecting either the new logo ad or more likely the pipeline of new logos. You just talked about kind of your core that every customer should have with the password vault and some of the analytics, but are you able to now lead with Conjur, IAM at point and get them into the discussion and your partners kind of lead with that product and have that bring them into the ecosystem instead of thinking about as more add-on once they have the core adoption. And just any qualitative color around that would be helpful?

Udi Mokady

Sure. First of all, thank you Howard. I would say in the majority of the cases for a new customer they need to start with CorpPass to really secure their crown jewels and to make sure that they are not vulnerable for tax and we really believe in prescribing to customers the things that will give them the fastest protection and ROI and then allow them to expand on the journey. So most often they will start with that, but indeed these two growth engines for us, EPM for extending to the endpoint and Conjur AIM for extending to application for DevOps are often a place, where we land, but not in the majority of the cases. The beauty of Conjur AIM is its security, but also enabling digital transformation. So, we do see standalone pipeline that is built in response to catching customers in the early phases of their digital transformation strategies. There have even been conversions that start with the fact that we have an open source addition or the community addition of Conjur that is standalone pipeline expanding on I would say the massive pipeline marketing that we build with our marketing and field efforts. But I would say that is still early and over time we will see that become a larger piece. We still have a huge Greenfield on core privilege. So we have a good problem to handle here is really bringing customers the best protection with CorpPass and then take them to the advanced logistics.

Howard Smith

Okay, that’s it for me. Thank you and congratulations again.

Udi Mokady

Thanks Howard.

Operator

And our next question comes from Ken Talanian with Evercore ISI. Your line is now open.

Ken Talanian

Hi, guys. Thanks for taking the question. So first off, I was wondering you had a strong contribution from new customers during the quarter, have you made any specific changes to either sales comp plans or channel incentives that drive new customer growth?

Udi Mokady

No, nothing from that perspective, acquiring new customers is always a priority of ours and certainly is built in and focused on within the go-to-market strategy, but we didn’t make a specific change to that side of the business.

Josh Siegel

Since we are still talking about the new business, I want to add on to Howard’s question, I would also as we mentioned earlier, the new pricing lets us introduce the newer products earlier, because again, we removed a lot of complexity on understanding the various line items.

Ken Talanian

Okay. And could you discuss what portion of your customer base has started to use your solutions in a public cloud environment? And then around that how much upside can we see from up-sells there as you continue to penetrate your existing base alone?

Udi Mokady

So, we don’t have, I would say, numbers to give you today. Almost every discussion, every new implementation, almost every new statement of work of implementation includes their cloud assets and it could be as strategic. I mean, we gave example as strategic as fully deploying CyberArk in the cloud provider like the Google cloud platform example that I gave earlier or deploying the one of our components in the cloud or extending an existing implementation to secure cloud assets and securing the administrators of cloud infrastructure. So, it’s coming up in every, or in almost every deployment.

Ken Talanian

Great. Thank you very much.

Udi Mokady

Thank you.

Operator

[Operator Instructions] And our next question comes from Alex Henderson with Needham & Company. Your line is now open.

Unidentified Analyst

[indiscernible] on for Alex. Thanks for taking my question. So given the strong government in Fed penetration this quarter, could you just give us a sense of what’s sort of driving to accelerating interest in the vertical and what solutions are resonating with customers?

Udi Mokady

Yes, absolutely. I think it’s a combination of really our long focus and investment in the space. Early on, we invested in getting common criteria another defense-related certifications and really led our space with that. We have a dedicated federal team that is partnered with federal-oriented channels to go after the opportunity. And really CyberArk has created the momentum and leadership in the space, where the agencies look at each other and look at references and see that CyberArk is the solution that can really take them on a risk-based approach, where I would say that the biggest change in general government, but also in U.S. federal has been to look at this as we really need to put this as based on a risk-based approach and select the vendor who can take us on a full program journey. And so really, it’s the result of that change in mindset and our investments in the space.

Unidentified Analyst

Okay, great.

Operator

And our next question comes from Catharine Trebnick with Dougherty. Your line is now open.

Catharine Trebnick

Thanks for taking my question. Great quarter gentlemen. Two questions. One, really last quarter you talked more at the Analyst Day about hitting the mid-market, can you discuss what your go-to-marketing plan is to really drive revenue there? And the second part of the question is really early in the call you discussed the warm embrace by the advisory firms and what really is the secret sauce that’s driving them to adopt and embrace your solution and bring to their customers? Thank you.

Udi Mokady

Sure. Hi, Catharine. It’s Udi. I would say as we have highlighted in the Investor Day and also beyond, we talked about the fact that the opportunity extends to – that the Greenfield opportunity extends also into the mid-market, but I think we have emphasized many times that we see the biggest opportunity in going after the enterprise as a prime focus for CyberArk and that it’s a huge Greenfield. I gave some examples of Fortune 500, Global 2000 and of course it goes on to the top 10,000, 20,000 enterprises out there. And with regards to the mid-market, it was one of the reasons why we launched MSSP offering is to give our partners the opportunity to launch service that would address this segment. And of course Version 10 was designed to simplify for all customers and will also help this segment and down the road, although it’s early, we will see our privileged cloud also further help address this market down the road. With regards to the advisories, yes, it’s absolutely one of the most exciting things I like to talk about against similar to my federal answer is it’s a combination of investment in it and partnering. The advisories want to help their customers with an impactful security layer and drive demand for their expertise. CyberArk is there as a company that leads the market and showcases to our advisory partners that we are in it for the long-term that we are investing and really be a solution that they can build a business practice on publicly traded investing in long-term innovation, making smart acquisitions, extending into the cloud, they can really see that they can build a business surrounded. And you can add an additional driver, they look at how they can help customers build an impactful security layer and they also want to be part of the customers’ digital transformation. So, that’s adding an additional drive to these this partnership.

Operator

And our next question comes from Jonathan Ho with William Blair. Your line is now open.

Jonathan Ho

Hi. Just wanted to I guess follow-up on your early commentary around the SANS framework and just rising up in terms of the prioritization, is this helping to change I guess decision-makers minds and how should we think about maybe the impact of pipeline over time when we look at things like this?

Udi Mokady

Yes, I think – thank you Jonathan. I think Jonathan is someone who followed the company in the space for many years. I think we have come a long way in making this a really top priority and of course it took years of publications that this is what the attackers are going after and it is now translated to like I mentioned the Gartner emphasis and being a top 4 control. What we believe this helps prioritize with the Chief Information Security Officer, it helps prioritize projects security up there. We never positioned CyberArk as the only thing they ever need to do. We actually partner with a lot of the solutions they put in place with the C³ Alliance but this has become a pillar of security and definitely helps us build a more strategic pipeline. Of course, we still – it’s not that we don’t have any education work left, but we are in a beneficial place to start from the top in many organizations and where we didn’t get to the top to work our way up to the top with the help of our various partners.

Operator

And our next question comes from Gregg Moskowitz with Cowen & Company. Your line is now open.

Michael Romanelli

Yes, hi. This is Mike on for Gregg. Thanks for taking my question. I was just wondering how you characterize the pricing environment this quarter?

Udi Mokady

I would say that probably the same I think most of our competitors are now private equity backed and those have been the prime changes. And so we encountered once in a while that they tend not to try to innovate, but rather push on pricing. I think we have seen an increase in our win rates. I think the new pricing that we launched across the board in Q1 is really helping us even in those situations. So, I would say, it was always competitive and I think we have improved our position with the combination of simplified pricing and of course Version 10 and everything I talked about earlier.

Operator

And our next question comes from Erik Suppiger with JMP. Your line is now open.

Erik Suppiger

Yes, thanks. Just looking at the free cash flow strength you had this quarter, do you think that there is you think that you will see any repeat of that next year, is there any seasonal element to that? And then secondly as you look out to next year, do you think we can still model for free cash flows to exceed net margins by I think it’s 0% to 10%, is that still a good rule of thumb to work from?

Udi Mokady

Yes. So, we are really careful about not giving quarterly, because there is seasonality, but I can’t necessarily predict all the seasonality, if it will, fall within Q4 or Q1, so lot of it has to really do with since renewal rates and then the linearity within the quarter and so forth. But I think overall, I think looking forward the business model kind of supports the same type of cash flow margins that we have been talking about and that you mentioned above net income within 10%. Obviously, this year we will certainly in the first half have exceeded that. And I think we have a good chance of coming out certainly hit the top or beating that for this year.

Operator

And our next question comes from Tanner Hoban with Oppenheimer. Your line is now open.

Tanner Hoban

Hi, guys. Thanks for taking my question and congrats on the solid quarter. And just wondering about given next quarter, it’s the fiscal year end for the Federal vertical, were there any deals in the pipeline that closed early, which caused some of the strength in the new customer acquisition across that vertical or it’s just the pipeline exhibiting healthy performance across the entire segment? Thank you.

Udi Mokady

Yes. As I mentioned earlier, one of the unique elements was that the prime amount of U.S. federal deals here, we are not – we are buying off of contracts that are not subject to fiscal year end. And so in other words, we didn’t pull out from the Q3 pipeline and we still have a healthy pipeline for Q3.

Operator

And I am not showing any further questions at this time. I would now like to turn the call back to Udi Mokady for any further remarks.

Udi Mokady

Thank you. In closing, I want to congratulate our team for a terrific Q2. I want to thank our customers, partners, employees and shareholders for contributing to our strong record quarter results and supporting our strategy. Thanks everyone for joining the call today. Thank you.

Operator

Ladies and gentlemen, thank you for participating in today’s conference. This does conclude today’s program. You may all disconnect and everyone have a great day.