metamorworks

Investment Thesis

Tenable (NASDAQ:TENB) is the leading provider of Device Vulnerability Management solutions. Slowing growth and concerns over the impact of vendor consolidation in the cybersecurity stack has led to a situation where current price embeds 3-4% 10y FCF Growth. Yet, the company has been gaining share, and recently upgraded its FY24 Revenue Outlook, whilst the end-market seems resilient. I see a potential for >25% return in the next twelve months as they exit the year with accelerating billings, and improved profitability, which will likely result in a shift in investors’ perceptions and an expanded multiple. There is some downside risk at 6x EV/TTM Sales and 4-5% UFCF yield, and with the risk to 2H24, I keep it a small position for now.

The Download

In 2002, Ron Gula, Jack Huffard and Renaud Deraison founded Tenable, as they set to monetise the open-source Nessus remote security scanner Renaud created in 1998. With the release of Nessus 3 in 2005, Tenable closed source the scanner, laying the foundations for a more sustainable business.

Since then, Nessus adoption has grown, and Tenable offering expanded organically and through acquisitions. The company IPOed in 2018. Today, Jack is still on the Board, but Amit Yoran, the current CEO, took over in Dec-16. Steve Vintz, the CFO, joined in that position in 2014.

Tenable offers solutions enabling IT organizations to track their exposure to cybersecurity risks. According to IDC, Tenable ranked first in market share, at 29%, in the $2bn Device Vulnerability Management (DVM) market (see Fig. 2). The data suggests that:

The market is concentrated; Tenable, Qualys (QLYS) and Rapid7 (RPD) capture 63% of sales. Tenable has gained share since 2018, when the company captured 24% of the market. The market delivered an 18% 4Y CAGR.

The DVM market is a segment of the broader VM & Assessment market, quoted at $6bn in 2023, and predicted to grow at a 13% CAGR to CY27. Of the three main VM vendors, Tenable has the most exposure to the DVM market; 87%, compared to 75% for Qualys and 35% for Rapid7.

But, as in other parts of the cybersecurity market, market definitions are shifting. Customers want to consolidate their cybersecurity stack. Traditional VM vendors are increasingly faced with competition from adjacent markets. CrowdStrike (CRWD), Palo Alto Networks (PANW), Microsoft (MSFT) and other security providers have developed offerings encroaching on the VM market.

Tenable reacted by embarking on an ambitious program to expand its offering, mostly through acquisitions. Since the IPO, Tenable has spent more >$600m on acquisitions in Operational Technology (Indegy), Active Directory (Alsid), Attack Surface Management (Bit Discovery) and Cloud Native Application Protection Platforms (Ermetic and Accurics).

In Oct-22, Tenable announced Tenable One (see Fig, 1), which combines the vendor’s technologies in Vulnerability Management, Cloud Security, Identity Exposure, Web App Scanning, Operational Technology Security (for IoT assets), to offer customers a holistic view of their attack surface, vulnerabilities, and risk, allowing them to reduce it and prioritize where they spend their time and budget.

Fig. 1: Tenable One, the Exposure Management Platform

Q1'24 Company Presentation

Source: Q1’24 Company Presentation

As a result, the company now quotes, in the Q1’24 corporate presentation, a $33bn TAM growing 18% CAGR to 2027, made of $16bn in Cloud, $5bn in Vulnerability Management, and $12bn in Specialty Assets. Cloud includes Analytics and Cloud Native Application Protection Platforms. Specialty Assets include Attack Surface Management, Operational Technology, Active Directory and WebApp. Whilst Tenable VM strengths are clear, the attractiveness of its solutions in most of the quoted TAM remains to be demonstrated.

Tenable generally price subscriptions and perpetual licenses based on the number of IP addresses or Total IT assets that can be monitored. In most cases, the buyer is the IT security team in an organization. They have 44k customers, spanning a wide range of industries; Tenable count 65% of Fortune 500 and 50% of Global 2k as customers. The company derived 54% of revenue from the US in Q1’24 and no other country accounted for more than 10% of revenue. No single customer represented more than 2% of revenue.

Compared to competitors Qualys and Rapid7, Tenable relies more on channel partners. Qualys and Rapid7 are both moving towards leveraging the channel more, though. In 2023, Tenable derived 93% subscriptions and perpetual licenses revenues from channel partners, compared to 62% for Rapid7. Ingram Micro is the largest of their distributor and accounted for 36% of revenue in 2023.

In the last three years, the company has grown Sales at a 21% CAGR, delivered gross margins of 77-82%, reduced Opex/Sales from 91% to 83%, and delivered FCF/Sales of 16-18%. They sit on c$100m of Net Cash. As a software business, their cash flow generation benefits from the customers paying in advance. They paid 18% of Sales in stock-based compensation; share dilution averaged 4.5% per year in the last three years.

Table 1: FCF Margin, 2019-2023

10Ks

Source: Financial data extracted by the author from Tenable 10Ks for 2019, 2020, 2021, 2022 and 2023

Growth has slowed down for Tenable and other cybersecurity vendors. Since 1Q23, Tenable billings growth has remained below 20%, with ARR decelerating from 33% YoY in 1Q22 to 15% in 1Q24.

Market Not Believing the Long-Term Opportunity and Quality

My goal is to find stocks that work with a minimum risk budget. That means I seek companies able to deliver better than expected results, which stocks are not yet discounting that possibility.

The company must deliver higher sales, higher margins, or a combination of both. That might happen because the opportunity is larger than expected, the company is executing better than expected, or the nature of the business allows management to reinvest in growth more profitably than expected. I benchmark the Tenable investment case against other cybersecurity peers along these dimensions:

Long-term opportunity, based on TAM, TAM Growth and Market Value to TAM Execution, based on last three years revenue CAGR, latest ARR/Billings Growth, and latest RPO growth. Quality, based on average gross Margin over the last three years, minimum Gross Margin over the last three years, TTM OpCF/Sales and average Share-based Compensation/Sales.

Author calculations based on reported metrics from the various vendors

Tenable scores well on LT Opportunity because 1) investors have not discounted the opportunity much, reflecting the fact that most of the $33bn TAM they quote relies on new products rather than the core VM workhouse, 2) growth prospects for their TAM are fine relative to other TAMs. It scores poorly on execution given lower growth than peers, especially in more recent periods as highlighted by billing and RPO growth. From a Quality standpoint, they are average. GMs are high, but so are SBC/Sales.

The other leg of outperformance comes from the market not discounting the opportunity properly. Clearly, investors are sceptical towards Tenable ability to deliver. Shares are priced at 6x TTM Sales, compared to 10x on average for peers.

Using a reverse DCF to further delve into expectations suggests an implied FCF growth rate of 3-4% in the next 10y. The inputs are simple: 1) WACC, 2) Perpetuity Growth Rate (after Y10), 3) Next Twelve Months Forward FCF, 4) Current Price. I solve for the implied FCF growth rate between Y1-10. The purpose of the exercise is to get a rough idea rather than a precise number. Changes to inputs such as the Perpetuity Growth Rate, risk-free rate or equity risk premium would modify the implied FCF growth rate.

Author calculations

Finally, I seek the minimum amount of risk to achieve these returns. We measure risk through Beta and annualized 3m volatility, Tenable scores well on these metrics relative to other Cybersecurity stocks.

Positive Revisions After 1Q24 Results and Accelerating Fundamental Going Into 2025

The key concern plaguing Tenable shares is that their solutions will lose share to the larger vendors. Instead, I view Tenable as likely to benefit from vendor consolidation.

First, the issue of vendor sprawl seems most acute in Security Information and Event Management. Staff is lacking, and legacy providers such as IBM or Splunk have not kept up in terms of innovation and costs savings. There is a need to modernise the Security Operations Center (SOC). Consolidation happens there first, as illustrated by the recent Palo Alto/QRadar deal; it is a more strategic position to ingest data and remediate.

Doing Vulnerability Management well requires significant investments to cover the whole exposure surface, and it is unlikely, from our conversations with Chief Information Security Officers, that they will seek to replace the leading vendors, which, by and large, are well rated.

Besides, a large portion of the VM market remains served by small vendors or homegrown solutions. There are still decent greenfield opportunities; in the last earnings call, the CFO Steve Vintz said that a third of new logos are greenfield opportunities rather than displacements. I think IT organizations will seek consolidation within their VM and Exposure Management stack, which should drive further market share gains for Tenable and its Tenable One platform.

Amidst a general slowdown across cybersecurity and software more broadly, the market needs a steady stream of beat and raise to change its view on the opportunity. The good news is that it already started. In F1Q24, the company beat its billings guidance and lifted the full year guidance. Management commented in the last earnings call: ‘The outlook for the year is more improved than 90 days ago.’ With the help of a growing Ermetic pipeline, billings should accelerate towards year-end. They grew 12% YoY in 1Q24 and expect to grow 14% for the full year, implying 15%+ exiting the year.

Even more interesting, they have done so as their main competitors did the opposite. Rapid7 reduced Full-year Sales growth guidance from 9-10% to 7-8%. Qualys narrowed the full year guidance but kept the growth rate unchanged at 9%.

Looking ahead, management provided the following guidance for 2024: 1) Sales of $900-908bn (13-14% YoY), 2) Current Calculated Billings of $986-994m (+13-14% YoY), 3) 17-18% Non-GAAP OPM (+250-300bps vs 2023), 4) 25% Unlevered Free Cash Flow (+250-300 bps vs 2023), 5) 125m diluted share (3.5% dilution). I expect Tenable to deliver 12-15% growth in gross profits in FY25, with another year of 200-300bps OpM expansion and Unlevered FCF margin improvements, resulting in UFCF Margin of 27-28% and non-GAAP OPM of 20%.

I use an EV-to-NTM Gross Profit framework for our relative valuation, given the differences in Opex investments. Against the sell-side expected growth, Tenable seems reasonably priced. Improvements in profitability and cash generation should help close the discount to peers. Using 10x EV/GP, and accounting for 5% of dilution, I see Tenable shares priced at $66 in a year, a 58% IRR. I might not reach that level, but it highlights the potential for 25%+ upside as perceptions change.

Interactive Brokers Estimates Data, Author Calculations

This one-year ahead Price Target complements our Short-term Opportunity framework, based on Seeking Alpha Growth Grade and EPS Revision Grade, Expected IRR based on an EV/GP Price Target, and Expected Sharpe.

Seeking Alpha, Author Calculations

Risks

Consolidation

Larger competitors Palo Alto Networks and CrowdStrike seek to consolidate customers’ spending on their platform. They have developed their offering to capture adjacent markets. Some of the markets pursued are core to Tenable, including Vulnerability Management. This could cause in the long-run market share loss, and in the short-term longer sales cycles as customers pause to rethink their technological roadmap.

Billings are slowing

Tenable has experienced, as other cybersecurity vendors, slowing billings. This may be due to tough comparisons, slower demand, or market share losses to the larger platform vendors. Management seems optimistic about 2H24, based on the pipeline, and in contrast with direct competitors Qualys and Rapid7. Since Tenable relies heavily on channel partners, they might actually lack direct feedback from customers, and have yet to realise what the peers have about demand. If the company cannot deliver accelerating billings in 2H24, shares will not increase.

Share Dilution

Tenable display, high SBC/Sales and relatively high dilution. That eats into shareholder returns and could reduce its ability to re-rate or reduce our expected return.

Conclusion

Tenable represents an attractive short-term opportunity among cybersecurity vendors. I see the potential to benefit from multiple expansion and earnings growth. Revisions are positive and accelerating. I think it will continue in 2H24 and into FY25, with billings, OPM and UFCF margin set to expand. I view some downside protection given EV/TTM Sales of 6x and EV to FY24 UFCF of 4.4% on a FCF stream set to grow 10-20% CAGR, but not enough to make it a large position.