Qualys announces fourth quarter and full year 2017 financial results

Qualys, a provider of cloud-based security and compliance solutions, announced financial results for the fourth quarter and full year ended December 31, 2017. For the quarter, the Company reported revenues of $62.9 million, net income under Generally Accepted Accounting Principles ("GAAP") of $2.9 million, non-GAAP net income of $13.0 million, Adjusted EBITDA of $23.8 million, GAAP earnings per diluted share of $0.07 and non-GAAP earnings per diluted share of $0.32. For the full year ended December 31, 2017, the Company reported revenues of $230.8 million, GAAP net income of $40.4 million, non-GAAP net income of $43.5 million, Adjusted EBITDA of $84.9 million, GAAP earnings per diluted share of $1.01 and non-GAAP earnings per diluted share of $1.09.

"We achieved significant milestones in 2017, finishing the year with a strong fourth quarter in terms of revenues and operating margins and delivering an impressive suite of new technology and application components to our Cloud Platform. We continue to accelerate our product roadmap, most recently signing a term sheet to acquire a company in India, which has developed a well architected and comprehensive agent technology for mobile platforms and which we plan to integrate into our platform. The scalability, accuracy, immediacy and breadth of our platform helps our customers consolidate their security and compliance stack, drastically reducing the cost and complexity associated with deploying and maintaining on-premises solutions while helping them to build security into their digital transformation initiatives," said Philippe Courtot, chairman and CEO of Qualys. "We ended 2017 with record operating margins and because of our highly cash-generative model, we are also pleased to announce a $100 million share repurchase program to offset dilution from employee grants and M&A as well as $25 million designated for venture investing."

Fourth quarter 2017 financial highlights

Revenues:

Revenues for the fourth quarter of 2017 increased by 20% to $62.9 million compared to $52.2 million for the same quarter in 2016. Normalized for the impact of FX (foreign exchange) and the MSSP (Managed Security Service Provider) contract, revenues increased by 22% over the same quarter in 2016.

Gross profit:

GAAP gross profit for the fourth quarter of 2017 increased by 20% to $48.5 million compared to $40.4 million for the same quarter in 2016. GAAP gross margin percentage was 77% for the fourth quarter of 2017 compared to 77% for the same quarter in 2016. Non-GAAP gross profit for the fourth quarter of 2017 increased by 21% to $49.5 million compared to $40.9 million for the same quarter in 2016. Non-GAAP gross margin percentage was 79% for the fourth quarter of 2017 compared to 78% for the same quarter in 2016.

Operating income:

GAAP operating income for the fourth quarter of 2017 was $9.7 million compared to $8.8 million for the same quarter in 2016. Non-GAAP operating income for the fourth quarter of 2017 was $18.6 million compared to $13.8 million for the same quarter in 2016.

Net income:

GAAP net income for the fourth quarter of 2017 was $2.9 million, or $0.07 per diluted share, compared to $5.9 million, or $0.15 per diluted share, for the same quarter in 2016. Due to the U.S. Tax Cuts and Jobs Act, GAAP net income for the fourth quarter of 2017 includes a $10.4 million tax expense for the reduction in the value of Qualys' U.S. deferred tax assets caused by the U.S. corporate tax rate reduction. Non-GAAP net income for the fourth quarter of 2017 was $13.0 million, or $0.32 per diluted share, compared to non-GAAP net income of $8.8 million, or $0.23 per diluted share, for the same quarter in 2016.

Adjusted EBITDA:

Adjusted EBITDA (a non-GAAP financial measure) for the fourth quarter of 2017 increased by 29% to $23.8 million compared to $18.5 million for the same quarter in 2016. As a percentage of revenues, Adjusted EBITDA was 38% for the fourth quarter of 2017 compared to 35% for the same quarter in 2016.
 

Fourth quarter 2017 business highlights

Select new customers:

Adventist Health System, Brigham Young University, Celestica, London Metal Exchange, Penguin Random House, Progressive Insurance, Qatar Petrochemical Company (QAPCO), Quanta Services, Western Digital Corporation.

Business highlights:

• Announced the acquisition of NetWatcher: NetWatcher will provide significant domain expertise in building and delivering cybersecurity and real-time threat intelligence offerings. NetWatcher's technology combines asset discovery, vulnerability management, intrusion detection, behavioral monitoring, Security Information and Event Management (SIEM), log management and continuous threat intelligence all-in-one solution that looks for anomalous behavior 24x7 and provides businesses with a real-time view of the security posture of assets, including weak passwords, unsafe behavior, and outdated software.
   
• Announced a partnership with STC Solutions: STC Solutions will integrate and deliver the Qualys Private Cloud Platform and suite of Qualys Cloud Apps from STC Solutions' data center in Riyadh to expand its managed security services offerings and allow Saudi Arabian enterprises to consolidate a full range of security and compliance solutions in a single-pane-of-glass view.
   

Full year 2017 financial highlights

Revenues:

Revenues for 2017 increased by 17% to $230.8 million compared to $197.9 million for 2016. Normalized for the impact of FX (foreign exchange) and the MSSP (Managed Security Service Provider) contract, revenues increased by 19% over 2016.

Gross profit:

GAAP gross profit for 2017 increased by 16% to $179.2 million compared to $154.8 million for 2016. GAAP gross margin percentage was 78% for 2017 compared to 78% for 2016. Non-GAAP gross profit increased by 16% to $181.9 million for 2017 compared to $156.7 million for 2016. Non-GAAP gross margin percentage was 79% for 2017 compared to 79% for 2016.

Operating income:

GAAP operating income for 2017 was $37.2 million compared to $30.1 million for 2016. Non-GAAP operating income for 2017 was $64.8 million compared to $51.0 million for 2016.

Net income:

GAAP net income for 2017 was $40.4 million, or $1.01 per diluted share, compared to $19.2 million, or $0.50 per diluted share, for 2016. Non-GAAP net income for 2017 was $43.5 million, or $1.09 per diluted share, compared to non-GAAP net income of $32.8 million, or $0.86 per diluted share, for 2016.

Adjusted EBITDA:

Adjusted EBITDA (a non-GAAP financial measure) for 2017 increased by 25% to $84.9 million compared to $68.0 million for 2016. As a percentage of revenues, Adjusted EBITDA was 37% for 2017 compared to 34% for 2016.
 

Full year 2017 business highlights

Market recognition

• Recognized by IDC as the market-share leader in the $1.7 billion Worldwide Vulnerability Assessment Market -- which is comprised of the Worldwide Device Vulnerability Assessment Market and Application Security Market segments.
• Recognized by Frost and Sullivan with the 2017 Global Vulnerability Management Market Leadership Award, highlighting the Company's areas of excellence in growth strategy, product quality, customer ownership experience, and technology leverage.

Business development

• Announced the acquisition of Pune, India-based Nevis Networks, expanding Qualys' domain expertise in passive scanning and deep packet inspection as well as accelerating its entrance into the mitigation and response market segment, natively from the Qualys Cloud Platform.
• Announced an expanded partnership with IBM that will add Qualys' continuous cloud-based IT security and compliance solutions to its Managed Security Services portfolio. Launched a new Qualys App for IBM's QRadar Security Intelligence Platform that allows customers to visualize their network IT assets and vulnerabilities in real-time.
• Announced an extension of Qualys' single-pane view of security and compliance posture into Google Cloud Platform (GCP). Qualys Virtual Scanner Appliance (QVSA) can now be directly deployed from the Google Cloud Launcher to GCP. This will provide customers with continuous security and visibility for their global IT assets whether on-premises or in the cloud.
• Announced a partnership with Bugcrowd allowing joint customers the ability to share vulnerability data across automated web application scanning and crowdsourced bug bounty programs.

Products & Features

• Unveiled CloudView App Framework, which gives customers the full insight across all their cloud environments -- inventory, configuration, and continuous view of their security and compliance postures -- and showcased its first two components, Cloud Inventory (CI) and Cloud Security Assessment (CSA). Currently in beta.
• Unveiled CertView App Framework, which provides discovery and management of digital certificates, and showcased its first two components, Certificate Inventory (CRI) and Certificate Assessment (CRA). Currently in beta.
• Unveiled Container Security, a new cloud-based Qualys solution that enables customers to address security for containers in their DevOps pipeline and deployments across cloud and on-premises environments. Currently in beta.
   

• File Integrity Monitoring (FIM): Logs and centrally tracks file change events across global IT systems and a variety of enterprise operating systems to provide customers a simple way to achieve centralized cloud-based visibility of activity resulting from normal patching and administrative tasks, change control exceptions or violations, or malicious activity -- then report on that system activity as part of compliance mandates.
• Indication of Compromise (IOC): Expands the capabilities of the Qualys Cloud Platform to deliver threat hunting, detect suspicious activity, and confirm the presence of known and unknown malware for devices both on and off the network.
• Security Configuration Assessment (SCA): Allows customers to expand their vulnerability management program with configuration scanning capabilities and simplified workflows to assess, report, monitor, and remediate security-related configuration issues based on the CIS benchmark.

 

Financial performance outlook

The outlook provided below is on an ASC Topic 606 basis, which Qualys is adopting for its fiscal year 2018 using the modified retrospective transition method. The most significant impact of the standard relates to the potential deferral of sales commissions and contract costs.

First quarter 2018 guidance

Management expects revenues for the first quarter of 2018 to be in the range of $63.4 million to $64.1 million, representing 19% to 21% growth over the same quarter in 2017. GAAP net income per diluted share is expected to be in the range of $0.13 to $0.15, which assumes an effective income tax rate of 27%. Non-GAAP net income per diluted share is expected to be in the range of $0.32 to $0.34, which assumes an effective non-GAAP income tax rate of 23%. First quarter 2018 EPS estimates are based on approximately 41.6 million weighted average diluted shares outstanding for the quarter.

Full year 2018 guidance

Management expects revenues for the full year 2018 to be in the range of $275.5 million to $278.5 million, representing 19% to 21% growth over 2017. GAAP net income per diluted share is expected to be in the range of $0.71 to $0.76, which assumes an effective income tax rate of 27%. Non-GAAP net income per diluted share is expected to be in the range of $1.39 to $1.44, which assumes an effective non-GAAP income tax rate of 23%. Full year 2018 EPS estimates are based on approximately 42.0 million weighted average diluted shares outstanding.