Cyberark Software Ltd
NASDAQ:CYBR
US |
Johnson & Johnson
NYSE:JNJ
|
Pharmaceuticals
|
|
US |
Berkshire Hathaway Inc
NYSE:BRK.A
|
Financial Services
|
|
US |
Bank of America Corp
NYSE:BAC
|
Banking
|
|
US |
Mastercard Inc
NYSE:MA
|
Technology
|
|
US |
UnitedHealth Group Inc
NYSE:UNH
|
Health Care
|
|
US |
Exxon Mobil Corp
NYSE:XOM
|
Energy
|
|
US |
Pfizer Inc
NYSE:PFE
|
Pharmaceuticals
|
|
US |
Palantir Technologies Inc
NYSE:PLTR
|
Technology
|
|
US |
Nike Inc
NYSE:NKE
|
Textiles, Apparel & Luxury Goods
|
|
US |
Visa Inc
NYSE:V
|
Technology
|
|
CN |
Alibaba Group Holding Ltd
NYSE:BABA
|
Retail
|
|
US |
3M Co
NYSE:MMM
|
Industrial Conglomerates
|
|
US |
JPMorgan Chase & Co
NYSE:JPM
|
Banking
|
|
US |
Coca-Cola Co
NYSE:KO
|
Beverages
|
|
US |
Walmart Inc
NYSE:WMT
|
Retail
|
|
US |
Verizon Communications Inc
NYSE:VZ
|
Telecommunication
|
Utilize notes to systematically review your investment decisions. By reflecting on past outcomes, you can discern effective strategies and identify those that underperformed. This continuous feedback loop enables you to adapt and refine your approach, optimizing for future success.
Each note serves as a learning point, offering insights into your decision-making processes. Over time, you'll accumulate a personalized database of knowledge, enhancing your ability to make informed decisions quickly and effectively.
With a comprehensive record of your investment history at your fingertips, you can compare current opportunities against past experiences. This not only bolsters your confidence but also ensures that each decision is grounded in a well-documented rationale.
Do you really want to delete this note?
This action cannot be undone.
52 Week Range |
211.68
329.71
|
Price Target |
|
We'll email you a reminder when the closing price reaches USD.
Choose the stock you wish to monitor with a price alert.
Johnson & Johnson
NYSE:JNJ
|
US | |
Berkshire Hathaway Inc
NYSE:BRK.A
|
US | |
Bank of America Corp
NYSE:BAC
|
US | |
Mastercard Inc
NYSE:MA
|
US | |
UnitedHealth Group Inc
NYSE:UNH
|
US | |
Exxon Mobil Corp
NYSE:XOM
|
US | |
Pfizer Inc
NYSE:PFE
|
US | |
Palantir Technologies Inc
NYSE:PLTR
|
US | |
Nike Inc
NYSE:NKE
|
US | |
Visa Inc
NYSE:V
|
US | |
Alibaba Group Holding Ltd
NYSE:BABA
|
CN | |
3M Co
NYSE:MMM
|
US | |
JPMorgan Chase & Co
NYSE:JPM
|
US | |
Coca-Cola Co
NYSE:KO
|
US | |
Walmart Inc
NYSE:WMT
|
US | |
Verizon Communications Inc
NYSE:VZ
|
US |
This alert will be permanently deleted.
Thank you for standing by. My name is Kath, and I will be your conference operator today. At this time, I would like to welcome everyone to the First Quarter 2024 CyberArk Software Earnings Conference Call. [Operator Instructions]
I would now like to turn the call over to Erica Smith, Senior Vice President of Finance and Investor Relations. Please go ahead.
Thank you, Kath. Good morning. Thank you for joining us today to review CyberArk's strong first quarter 2024 financial results. With me on the call today are Matt Cohen, our Chief Executive Officer; and Josh Siegel, our Chief Financial Officer. After prepared remarks, we will open up the call to a question-and-answer session.
Before we begin, let me remind you that certain statements made on the call today may be considered forward-looking statements which reflect management's best judgment based on currently available information. I refer specifically to the discussion of our expectations and beliefs regarding our projected results of operations for the second quarter full year 2024 and beyond.
Our actual results might differ materially from those projected in these forward-looking statements. I direct your attention to the risk factors contained in the company's annual report on Form 20-F filed with the U.S. Securities and Exchange Commission and those referenced in today's press release that are posted to CyberArk's website.
We expressly disclaim any application or undertaking to release publicly any statements or revisions to any forward-looking statements made today. Additionally, non-GAAP financial measures will be discussed on today's call. Reconciliations to the most directly comparable GAAP financial measures are also available in today's press release as well as in an updated investor presentation that outlines the financial discussion in today's call. A webcast of today's call is also available on our website in the Investor Relations section.
With that, I'd like to turn the call over to our CEO, Matt Cohen. Matt?
Thanks, Erica, and thanks, everyone, for joining the call today. I want to start by acknowledging CyberArk's 25th anniversary, which we celebrated just a few weeks ago. Udi Mokady, Cyberark's Founder and Executive Chair is a visionary who, along with the founding team, identified a market need and fit out to secure the most valuable information within the world's most complex global organizations.
Along the way, CyberArk pioneered the privileged access management market, a segment of identity that has become a critical security layer and consistently moved up the CISO's priority list. Since its founding, CyberArk has grown and evolved in many ways. Our success was driven by an unwavering commitment to our mission of securing the world against cyber threats. So together, we can move fearlessly forward. To execute our mission, we consistently delivered a cutting-edge innovation and transformative value to all our customers. Perhaps most importantly, in a world of constantly escalating threats. We have been relentlessly focused on the security first mindset in every decision we make since day 1 of our founding.
As a result of our strong execution and the trust that our security first mindset has created with customers and partners, 25 years later, we are broadly recognized as the leader in identity security. Today, our unique value proposition to secure all identities with the right level of privileged controls on our identity security platform is resonating with customers.
I am confident that we are only scratching the surface of this large and rapidly growing market opportunity. Our strong first quarter results demonstrate that we built on the momentum we experienced throughout 2023. The durability of demand for our solutions and our execution is highlighted by subscription ARR of $621 million, growing 54% year-over-year. Total ARR of $811 million, growing 34% year-over-year. And Q1 results significantly exceeded guidance across revenue, operating income and EPS.
Total revenue growth accelerated to 37%, reaching approximately $222 million. Non-GAAP operating income came in at $33 million, a big improvement from a loss of $12.6 million in the first quarter of 2023, highlighting the operating live beverage in our business model. Non-GAAP earnings per share was $0.75, up significantly from a loss of $0.17 in the year ago period. We are thrilled to report $67 million in free cash flow for the quarter significantly up from $4 million in Q1 of last year and a proof point of our commitment to profitable growth.
The strength of our results and business momentum gives us the confidence to raise our guidance for the full year 2024 on all metrics, which Josh will talk about later. Our ongoing success is fueled by a number of secular tailwinds, including the pace of attacker innovation, digital transformation, ongoing migration to the cloud and exponential increases in human and machine identities. Identity is the common denominator in every major cybersecurity breach. Our research has shown that over 90% of organizations have suffered from an identity-related cyber attack, a significant increase from about 60% in the prior year.
Last quarter, we discussed the extensive security challenges faced by CIOs and CISOs and safeguarding the entire spectrum of identities across IT, developers, workforce and machines. In today's severe threat landscape, customers recognize that merely managing identities without privileged security controls is a risk they cannot afford. The security risks are further exasperated by the rise of AI proliferation of machine identities and increased elevation of access for human identities.
As a result, organizations need to undergo a paradigm shift in identity security. They can no longer rely on yesterday's solutions and approaches to address today's problems. We at CyberArk are helping customers secure all identities, human and machine as they access all environments, including hybrid and multi-cloud environments. Our differentiation comes from our deep domain expertise and privileged access and retailer privileged controls for each identity group to mitigate risk effectively.
We discover, secure and manage across the entire life cycle of each identity group. We are the vendor best positioned to apply comprehensive intelligent privilege controls across standing access, just-in-time access and a zero standing privilege approach, all from a unified identity security platform. Our land and expand motion and the subscription flywheel continues to gain momentum. It all begins with new logos, and we signed nearly 200 customers in the first quarter. While the majority of customers land with PAM, approximately half of these new logos bought two or more solutions with many choosing to secure multiple identity groups from day 1. This speaks volumes about the power of our platform and the importance of identity security.
A few exciting new logo examples from the quarter included a deal that perfectly showcases our platform selling motion and new routes to market, which was a financial services company that landed with PAM, EPM for workstations and servers, Conjur Cloud and identity flows in a large 7-figure ACV deal that closed to the Azure marketplace. The PAM market has evolved well beyond securing only high-risk IT personnel. Today, modern PAM programs protect a much broader group of privileged users, including developers, shadow IT and database and cloud administrators.
As an example, we have a great customer -- we have great customers in the government and healthcare verticals. And this quarter, we are excited about our new relationship with NHS resolution. A body of the U.K. Department of Health and Social Care. They kicked off their relationship with CyberArk with Privilege Cloud and Secure Cloud access and are planning to grow their footprint in the future. Each workforce identity is more powerful today than ever and traditional MFA and SSO solutions are easily circumvented. We reimagined workforce identity by wrapping MFA and SSO with more controls to our secure web sessions, workforce password manager, EPM and our new secure browser.
This quarter, a large logistics company, pick CyberArk for PAM and workforce identity after a head-to-head competition with a leading IDAS vendor. Our best-in-class security and breadth of our platform were the deciding factors in winning this amazing new logo. Our customer base is also an important growth vector for CyberArk and our platform selling motion is accelerating expansion deals. Overall, we had a strong quarter of expansion within our base across all our solutions with particular strength in our sequence management business.
The world of securing machine identities is changing rapidly. Organizations are grappling with a larger variety and an ever-growing number of machines from applications to bots to workloads to IoT devices. Each one of these machines needs to be secured and managed across the life cycle of multiple identity components from secrets to digital keys to certificates. The proliferation of AI is further accelerating the growth and complexity of machine identities. This is becoming a top security challenge. Traditionally, managing machines often sits outside the security teams remit of control.
However, this practice exponentially increases risk and is unsustainable in today's threat landscape. Customers increasingly realize they need to scale their machine identity security programs beyond local vaults, loosely enforced policies and open source tools. They need an enterprise-ready machine identity security approach that can scale and is tied into their human identity security program through a single platform.
One great win that exhibited all I am describing was with a CyberArk customer who has been with us since 2018. We expanded our long-standing relationship with the Department for Work and Pensions in the U.K. with an expanded program while kicking off a robust secrets management program. With CyberArk as a key strategic partner, they are focused on aligning their identity security road map for human and machine identities supporting the U.K. government's focus on a stronger cybersecurity posture.
We talked earlier about how we are protecting the workforce using a reimagined approach that goes beyond SSO and MFA. And for this approach, it needs to extend also to the endpoint, the most common entry point for attackers. By removing local administration rights and enforcing lease privilege and detecting identity-based threats targeting the workstations and servers, organizations can reduce the endpoint attack surface. This strategy also protects organizations from attackers who turn off EDR agents and proceed quietly without being detected, which is one of the main reasons a multinational food company in Latam signed a high 6-figure ACV EPM deal in the first quarter. This customer is looking to deploy CyberArk everywhere as part of its broader identity strategy.
During the past few years, EPM experienced strong growth and recently surpassed $100 million in ARR. This achievement is a testament to the solution's ability to extend adenine security and zero trust to workstations and servers. We are excited about the potential for further growth in our EPM business, both with new and existing customers. We also talked though about the exploding population of developers and the need to start securing them as privilege identities without interfering with their speed of innovation.
Our Secure Cloud Access solution or SCA, provides best-in-class privileged controls to hybrid and multi-cloud environments. It applies the principle of least privilege access by granting just in our permissions with zero standing privileges while still allowing developers, data scientists and cloud engineers to work natively and efficiently without having to change their preferred workflows.
We are incredibly excited about the solution. And in the first quarter, we continue to see excellent traction with the offering. And a deal with a major retailer, the customer broadly deployed CyberArk SaaS solutions and a continued move to the cloud, but they cited secure cloud access as the most important differentiator and signed a high 6-figure ACV deal that also include Privilege Cloud, secrets and workforce identity.
Q1 was an exciting quarter for our focus on innovation and new releases. Last year, we discussed our plans to expand our routes to market and increase our market reach through MSPs. According to Gartner, 40% of security customers are expected to consume solutions to a managed service by 2026. To accelerate this channel, we recently launched the CyberArk MSP console. By providing MSPs with a single command center, this console is a key step in helping our MSP partners build managed services that secure their customers' human and nonhuman identities. We are also very excited about the general availability of CyberArk Secure Browser, the industry's first identity-centric secure browser. It is purpose built for a cloud-first world and protects our customers against emerging threats while enabling productivity and ease of use across all CyberArk solutions.
Secure Browser is designed to help protect customers from fast-growing attack methods like cookie harvesting and browser-based attacks, both at and beyond [ Logan ]. It is natively integrated with our workforce solutions, providing a seamless unified user experience and serves also as a direct access portal to our entire platform. We believe Secure Browser will not only enhance security for our customers, but also drive adoption of our solutions.
Lastly, CyberArk has recently received FedRAMP high authorization for two of its SaaS solutions, Endpoint Privilege Manager and workforce identity. Our investment in FedRAMP High highlights CyberArk's commitment to help the public sector implement strategies that adhere to zero trust principles and move to a more secure and efficient future. As excited as I am to talk about all these great developments, I'm even more excited by what we have in store for our customers and all of you at impact in Nashville in just a few weeks.
We have a tremendous lineup of truly innovative developments to talk about. So please tune in, and we look forward to seeing many of you there. Josh will go deep deeper into the P&L in just a moment, but I wanted to emphasize that although most of my comments this morning focused on the potential for tremendous growth, we remain equally committed to delivering profitability and cash flow. This was evident in our Q1 results, and we remain well on track to deliver on the long-term targets we introduced last year.
In summary, our momentum from 2023 continued in the first quarter, and we kicked off the year with a strong first quarter. I will leave you with four main takeaways. First, demand for our solutions remain strong, and identity security is at the top of CISO's priority list.
Second, our unified identity security platform is meeting a clear customer requirement to apply the right level of privileged controls to every identity, human and machine. Third, our security-first approach is a clear differentiator for CyberArk in the market, helping us win deals. And fourth, we have a long runway for growth and are making disciplined investments to capture a bigger share of a large and growing market opportunity.
Josh, I'll turn the call over to you.
Thanks, Matt. Q1, another strong quarter for CyberArk. We exceeded expectations across all of our guided metrics. We reported strong ARR and revenue growth drove significant operating margin expansion and generated healthy free cash flow. Our strong results highlight the durability of demand for our solutions, the ongoing adoption of our broader identity security platform and the power of our business model as we scale.
Moving into the results. Total revenue growth accelerated to 37% year-on-year, reaching $221.6 million and significantly exceeding the top end of our guidance demonstrating the continued momentum in our business, ARR reached $811 million, that's growing 34% year-on-year. We added $37 million in net new ARR, and that's compared to the $34 million in the first quarter of last year. Subscription ARR grew 54% and reached $621 million and is now 77% of total annual recurring revenue. Maintenance ARR was $190 million and like-for-like conversion activity still represents about a single digit of our year-on-year growth. Our strategy of upselling and cross-selling new solutions has been a significant factor in our strong growth.
This is demonstrated by the fact that at the end of the first quarter, the cohort of customers with an ARR of more than $100,000, grew to over 1,780 customers and for the cohort of more than $500,000 ARR, they grew to over 300 customers.
Now moving into the details of the revenue lines. For the first quarter, recurring revenue reached $205.8 million, growing 41% year-on-year and accounted for 93% of total revenue. That's compared to 90% in the first quarter last year. Subscription revenue was $156.2 million, growing 69% year-on-year and representing 71% of total revenue, while the primary driver of our outperformance was bookings, we did experience an increase in average contract duration on our self-hosted subscription deals relative to our guidance.
Maintenance and services revenue was $62.4 million. Of that, recurring maintenance revenue was $49.6 million. Our maintenance renewal rates remained strong and in line with historic levels. Professional services revenue was $12.8 million. From a geographic perspective, all regions showed healthy growth, Americas revenue was $124.5 million, growing 27% year-on-year. EMEA revenue was $74 million, up 59% year-on-year, partly benefiting from our bookings and the longer duration that I spoke about earlier. APJ revenue was $23 million, growing 37% year-on-year.
Moving to the P&L, all line items will be discussed on a non-GAAP basis. Please see the full GAAP to non-GAAP reconciliation in the tables of our press release. First quarter gross profit was $185.7 million or 83.8% gross margin compared to 81.3% in the first quarter last year. The expansion of our gross margin, primarily driven by revenue outperformance. In the first quarter, our operating income was $33 million. The operating income outperformance was driven by three main factors: the revenue outperformance, the timing of certain marketing-related expenses that we now expect to incur in the second quarter, and three, we did experience a slower hiring pace, particularly in R&D.
Net income came in at $35 million or $0.75 per diluted share, also significantly outperforming our guidance. We ended March with 3,070 employees worldwide including approximately 1,300 in sales and marketing. We continue to see healthy growth in our quota-carrying sales reps, particularly our fully ramped ones. We were thrilled to deliver strong cash flow of free cash flow, $66.8 million in the quarter. While we do not guide to cash flow quarterly, I would remind investors that cash flow is seasonally stronger for us in the first quarter and particularly this year, the strong cash flow is partly a function of strong bookings and renewals in the fourth quarter of 2023. For the remainder of the year, we expect cash flow to follow typical seasonal patterns that's lower in the second and third quarters and an uptick from the third quarter to the fourth quarter.
Turning now to our guidance. For the second quarter of 2024, we expect total revenue of $215 million to $221 million, which represents 24% year-on-year growth at the midpoint. We do expect SaaS to make up a bigger portion of our overall subscription mix in the second quarter, impacting recognized revenue in period. We expect non-GAAP operating income in the range of $12 million to $17 million for the second quarter. As a reminder, we will hold our Impact customer events in a couple of weeks, and our Impact World Tour will also begin in June increasing our planned marketing expenses for the quarter. We are also seeing a stronger hiring pace, which is reflected in our guidance.
We expect our non-GAAP EPS to be in the range of $0.34 to $0.44 per diluted share. Our guidance also assumes 48.1 million weighted average diluted shares and about $10.2 million in taxes. For the full year 2024, we are increasing guidance across all our metrics. We now expect total revenue in the range of $928 million to $938 million, representing 24% year-on-year growth at the midpoint. And as we look at our pipeline for the remainder of the year, SaaS continues to lead the way. Reflecting our continued commitment to driving operating leverage, we are increasing our full year operating income to a range of $90.5 million to $99.5 million.
We expect our non-GAAP EPS to be in the -- between $1.88 to $2.07 per diluted share we expect about 48.1 million weighted average diluted shares and about $51 million in taxes for the full year of 2024. We are also raising our annual recurring revenue now to be in the range of $975 million and $990 million at December 31 or about 27% year-on-year growth at the midpoint. We are significantly also increasing our free cash flow guidance for the full year 2024 to now being in the range of $115 million to $125 million.
To sum up, we are thrilled to kick off 2024 with another strong quarter of results. Demand for our solution is robust, our platform delivers tremendous value and identity security remains a business imperative. We believe we are well positioned to execute on our targets. I will now turn the call over to the operator for Q&A. Operator?
[Operator Instructions] And your first question comes from the line of Saket Kalia with Barclays.
Matt, maybe just to start with you. particularly in the wake of some M&A out there, right, particularly IBM and Hashi, I was wondering if you could just talk a little bit about the backdrop here competitively. And since there were so many multiproduct kind of examples on the call, maybe you could touch on that in terms of PAM and also broader identity. I know you spend a lot of time with customers. So just kind of curious what you're seeing competitively.
Yes, it's a great question, Saket. And I think what we see is the continued evolution competitive environment where our platform begins to put us sleep kind of heads and shoulders above everybody else that's out there. We are consistently able to tell the story of the spectrum of identity groups and our ability to bring more than one identity, more than just IT onto our platform. That to differentiate us from the traditional PAM competitors that are out there that aren't really able to deliver on that message.
So that starts to differentiate us in the PAM space and allows us to be able to continue to take share. Then when you start to look at our broader identity story, it brings us into spaces like we talk about access. And you hear me emphasize that a lot, which is in the world of commoditized MFA SSO isn't that much difference between vendors that are out there, but the ability to be able to wrap privilege controls on top of an MFA SSO solution, ours or somebody else's allows us to be able to start talking about how do we bring workforce identities back into our overall identity security platform.
And we see that strongly in some of the examples that I shared. The final piece, which you kind of hit on we were putting together our talk track for this earnings on our secret story well before the Hashi acquisition by the IBM acquisition of Hashi. We had a really strong secrets quarter. And we've been talking about the momentum building, not only in the products that we've had out for a while, but especially in our Conjur Cloud and Secret Hub and SaaS first solutions. And it really is this pivot where security is getting involved and wants to have an enterprise scalable approach to how you secure machine identities.
And what we've seen in the prior quarters and especially in this quarter, is that those deals are starting to pick up and actually also increase in size as customers want to put in place the enterprise backbone. So back to the point of hand, we've been feeling good about our competitive posture against Hashi as it's become more of an enterprise scale sale and a security sale. The disruption of IBM buying them how IBM is viewed in the market. I think it will just lean in to our ability to be able to capture that market around secrets and machine identity security.
Got it. That makes a ton of sense. Josh, if I can ask one follow-up for you. I think the part of -- I mean, great to see all the guidance metrics go up, but the one that really stood out to me was the increase in the free cash flow guide. As I think back historically, I think we've talked about sort of a bigger subscription renewal pipeline that maybe would renew at higher incremental margins. Is that sort of the biggest driver for raising at this point of the year? Or is it something else? And maybe on that point, where are sort of in that renewal flywheel for subscription -- sorry, a lot there, but does that make sense?
Yes, Saket, and thanks for asking. I mean, first of all, obviously, we had a great first quarter on cash flow. It was based off of coming off of a really strong year and particularly Q4 and a strong Q4, not just in new business, but as you start to point out, it also included a really nice renewal base from Q4, which is kind of what you started alluding to, which is kind of the beginning of the first glimpse of the power of this model after the transition and now really starting to see kind of the last piece of -- the last part of the flywheel come into effect, which is around cash flow.
And of course, we were able to boost from the first quarter by having excellent collections as well and early Q1 bookings, which also supports the cash and still continuing to control our expenses, which you know we like to do. So overall, it reports a stellar cash flow execution for the first quarter. And that really gives us the confidence as one, kind of the first part that I mentioned that actually the renewal and the recurring revenue does create that flywheel for billings and collections, assuming that we continue to collect at the -- at the well-executed rate that we are, that we expect to do. And then, of course, our overall bullishness in the business for the rest of the year as we also raised all of our metrics, not just the cash flow. And so I think it's a complete story around cash flow.
Your next question comes from the line of Gregg Moskowitz. with Mizuho.
Matt, I'd like to ask about EPM because it's an important solution and yet penetration rates remain very low across the industry, and quite honestly, you've been within your own installed base. And I think much of this might be due to a lack of awareness of EPM in some cases, in other cases, just a belief that having an AVR solution might be enough. But is there anything that CyberArk can do that you think can perhaps further accelerate the adoption curve going forward?
Yes, Gregg. So you know how we feel about EPM. And I think you've heard us talk about the idea that the core security control that really can protect the endpoint against breach. And our feeling is even stronger in this threat and landscape in this threat environment, that you need an EPM agent installed at the endpoint. You need it on your servers. You needed to protect your EDR investment and ultimately, you needed to secure the endpoint.
Now I think what we have really come to the conclusion on is you're right. It's a little bit of education still required in the market to explain that EPM isn't just about removing local admin rights. It's about implementing the least privileged workflow. It's about application control, and it's really about protecting ransomware. And so I think what we're trying to understand and do as a company is start to embed the EPM value prop into each one of those human identity groups that I've been describing. Build it deeper and tighter into the workflow of SSO and MFA.
Again, ours or anybody else's, make sure that developers workstation start with an EPM control installed. And then obviously, our bread and butter within securing IT, make sure that everyone understands that EDR is really not enough. Where you saw initial real success in EPM was in highly attacked and highly regulated industries. And those big enterprises have been buying EPM for years. And I think we need to take it beyond industries and make sure that everybody can understand the value prop that I just described.
So final point here is we're continuing to invest not only in the integration and the solutions, but frankly, also in the go-to-market talent to be able to complement our sellers out there to tell the story a little bit richer and deeper as I started to describe on the call.
Your next question comes from the line of Brian Essex with JPMorgan.
I just want to follow up on a question from Gregg on EPM. I think obviously, $100 million ARR is a great milestone, and it's a substantial adjacent TAM for you guys. But I guess, any plans to maybe evaluate go-to-market? And do you see any impact on customer adoption for next-gen EDR or to customers? And this is layer on top of legacy or best-of-breed ER solutions and would love to understand maybe the profile as you see customers adopt EPM, what does the profile of customers tend to look like, maybe the size of the customer, go sophistication, are they more identity focused? Or do you see that endpoint demand also driving the demand for EPM?
Thanks, Brian. So I think, first and foremost, as I was hitting on with Gregg, I think we believe that it's a necessary component to actually double down in our marketing organization and in our go-to-market organizations to increase our ability to be able to tell the story in the market, especially outside of the larger enterprises, which is an answer to one of your questions, which adopted the fastest.
I think people with organizations with a security first mindset that understood the threat landscape, they got started on EPM a little bit earlier. And they understood from day 1 that an EDR tool doesn't do the same thing. And in fact, they're very complementary. I think as we've started to expand further and penetrate as we built that $100 million business, we started to see industries like health care and manufacturing start to take off because those, again, are areas that are constantly under attack. You can almost map to the threat environment and the ransomware threat particularly in those industries and those verticals are really the ones that have really started to accelerate and help us with building the momentum around the product.
I think when we talk about the opportunity ahead, it's really about, one, making it more seamlessly integrated into our overall portfolio and then enabling and investing in the overlay and marketing capacity to make the story clearer. And then finally, it is about this idea of -- how do we make sure that we take the lessons learned from the big industries and bring it down market to other customers to help them understand why this is -- which be, am I using a, the security control that they should get started with. It's an interesting thing. And some of the less mature markets, let's flip over to places like the state and local governments, see EPM as being the landing spot. It's actually areas where they get started because they understand they can put in place a core security control very fast.
It's a SaaS-based product, easy to adopt, and they can lock down a privilege pathway at the endpoint. So I think, again, we're learning the approach. We're driving significant upside in the business through EPM and I expect that business to continue to build and grow for us in the quarters ahead.
Your next question comes from the line of Rob Owens with Piper Sandler.
I wanted to ask on net new subscription ARR, which was flat from a year-over-year perspective. And I wanted to ask a question, I guess, from the perspective of just security spending and environment overall. And within that, if you could parse maybe what you're seeing geographically or enterprise versus SMB, that would be helpful.
Thanks, Rob. So overall, we had a strong quarter, our ability to be able to continue to drive momentum in the market. You've heard me talk for quarters about the difference in conversation with the CISO, with the CIO, with the C-suite and elevating the conversation up to the identity security story and really talking about how do we help them with their overall security posture and help enable them as they talk to their boards to their auditors and at the top of the list is identity security.
So we continue to see that building. We continue to see that strong. And Q1 was just a continuation of what we've been able to see over the last couple of quarters. As it relates to the Q1 performance itself, we were very happy with where we ended up and the overall performance. There was one element that actually occurred in the quarter where we had about $2 million or so of renewals basically wasn't able to come in due to the holidays and other stuff and as close sense. And that would have made the net new ARR look a little bit better. It then is demonstrated in our ability to be able to raise full year at a high level. So overall, I would tell you that Q1 was a strong quarter for us, and there's been no change in the environment that we've seen out there.
Your next question comes from the line of Fatima Boolani with Citi Group.
Matt, in your prepared remarks, you shared a lot of anecdotes about customers who are increasingly landing with a higher incidence of products across the portfolio. So when I internalize this as manifesting and maybe increased wallet share. Can you talk to us a little bit about the expansion rates and the in the dollar-based retention rates that you're realizing in the portfolio? And specifically in contrast to maybe some of the newer logo activity that relative to more recent a little bit slower. So just that compare contrast between the momentum and the size and scope of the momentum within the installed base versus the new logo activity in the quarter.
Yes, absolutely. So first and foremost, I mean, we have a great set of customers. we have more than [ 8,080 ] worldwide, these customers trust us from a security perspective. And so our ability to go back into that base to upsell them more PAM seats and then expand them into EPM into workforce into secrets into our Secure Cloud access. It's an incredibly strong position that we find ourselves in. And our sales team does an excellent job of really monetizing that base and expanding our footprint. And so I think you heard that in our talk track as we talk about that healthy expansion ability that we have.
And I think it comes back to an earlier question, which is our clear differentiation is the spectrum of identities and customers are buying into the idea that it's not enough to just secure the most privileged IT users with PAM. They need to apply privileged controls across the entire spectrum of identities. So I think on the existing business and our ability to upsell and expand it just continues to be strong. It's been strong, and we're excited to see where we take that for quarters to come.
From a new business perspective, we look at it and kind of say, any time we can get 200 new logos in the door in a non-Q4 quarter, we're pretty happy with that. That allows us to be able to start the process of turning them into these longer-term customers to expand across the multiple identity groups. And so we look at Q1. And we've always said that in this macro, in this environment, new logo deals are -- take a little bit longer. They take a little bit more work. We've gotten better and better at doing that. And we're really happy with our ability to be able to land those logos. And frankly, we're really happy about the pipeline on those new logos. The ones we just landed and when they are anticipated to come back for an expansion deal because then the flywheel is really kicking in, and it brings us back to the beginning of my answer.
Your next question comes from the line of Joseph Gallo with Jefferies.
Mr. Joseph Gallo, your line is open.
Can you hear me? I'm sorry, somehow my headset was not working. Thanks for the question. Awesome to see the cash flow machine turn on. It was impressive operating margin performance this quarter and the guidance, although the full year raise was modestly less than the beat. Can you just walk us through the dynamics for this year? Is that primarily rev mix shift I think you mentioned head count growth, but moderating. So just any other investments we should think through given the 34% ARR growth is highly indicative of a large opportunity.
Yes. I'll start here. I mean, basically, we're excited that we'll be able to -- that we're raising the metrics across all boards from cash flow through the operating -- through the revenue through the operating. In terms of color on that, we do expect SaaS to be a bigger player on the revenue side as we go into Q2 and into the second half.
With regard to the investments, we're catching up on some hiring on the slower hiring from Q1 and we anticipate to continue hiring into the second half as well. And so that's where we'll see some of the investment side in R&D and also, of course, in the go-to-market engine as we always like to pre-hire when we look at multiple years of growth. I think from -- I don't -- from another perspective, in terms of the mix, we see the mix continuing on other than the fact that we see it kind of inching up towards some more SaaS business.
And maybe just one add for me is when we look back on Q1, and we talked, as Josh just said, about a little bit of a slower hiring profile. We've seen that kind of kick in solidly here in April. And so that actually brings up the anticipation of expense, and that's built into our guidance going forward. One of the nice things for me, despite the lower higher in Q1 is when I actually look at the quota carriers, which is what we really are investing in to make sure that we capture the opportunity.
We had a nice quarter around ramping up quota carriers, especially fully ramped quota carriers. And that sets us up to be able to go capture the opportunity here throughout the year. As the year goes on, we'll look for more opportunity to be able to capture on this exciting growth opportunity ahead of us.
Your next question comes from the line of Hamza Fodderwala with Morgan Stanley.
Josh, actually a question for you on the guidance. I actually thought the guidance raise was better than expected in light of what we're seeing, I think, in software more broadly. I'm curious, it's Q1, it tends to be the seasonally slowest quarter of the year, and it's early in the year. So what's giving you confidence to raise that ARR guide by the magnitude that you did, given what's still somewhat uncertain macro environment?
Yes. Thanks, Hamza. I think it really starts with the demand environment that Matt talked a lot about already in the earlier questions and in his prepared remarks and that's kind of generating the pipeline coverage and the demand generation that we're seeing for the course of the rest of the year. And I think the other point is we're well positioned from a go-to-market team and engine.
Matt just alluded to the fact that we're about where we are on quota reps and quota carriers. And just pretty much everything that we see coming out of Q1 coming -- first of all, coming out of Q4 and then what we saw in Q1 and what we're seeing in the pipeline going forward and the overall demand environment that we're getting from the customer base, we're confident on being able to raise the guidance across those metrics.
Your next question comes from the line of Adam Borg with Stifel.
Awesome.Maybe just on the cloud, it's great to see the continued traction with Secure Cloud Access. And as we think about kind of the cloud opportunity more broadly, we often hear about either [ Kim or ITDR. I was hoping you could talk more about how you think about these adjacent cloud identity security markets as opportunities for CyberArk over time?
Yes. Thanks, Adam. So we are -- and you've all heard me talk about this opportunity of how we secure access to the cloud. And just to start with, that goes across of the identity groups that I was describing. The traditional IT users are increasingly having to access not only on-prem targets, but also cloud assets and cloud environments. And we need a -- what would be considered a traditional PAM tool that's able to actually manage those hybrid environments effectively or secure those hybrid environments effectively.
And so our ability to be able to take SCA and blend it in within our identity security platform, is a key component part of actually how we're staying ahead in securing IT users. Then there is this new population of developers out there. And these developers are hired at an exponential rate. And generally speaking, they're higher to go innovate. And once they start innovating, they're scaling up cloud environments, they have [indiscernible] not sustainable and organizations are understanding that they need to put in place controls in the cloud.
So our SCA solution, which allows for zero standing privilege, which is a unique approach. No privileges are assigned until the point of access allows us to be able to go in and talk to customers about securing that developer population, allowing them to use native tools and applying security controls at the point of access. So that's a way of building up then to your question, which is, all right, what is the differentiation here? And how do these other markets play in?
When you start to think about CIM, when you start to think even about IT, it's about really understanding or discovering what's going on. It's even, in some cases, about mapping entitlements versus targets. And we have a place to play in those areas. But the major place we play at CyberArk is an enforcement and in controls. And ultimately, once you discover, once you understand you have to control and our SCA solution is a light touch, easy to deploy security first tool we can apply for controlling privilege access and privilege access specifically as people try to access the cloud. So that's just a little bit more background on it. I think it's an opportunity for us to be able to differentiate this cloud access market from some of the other areas that you were describing. And of course, our ability to be able to bring that into the overall platform is what sets us apart.
Your next question comes from the line of Roger Boyd with UBS Securities.
Great. I do want to go back to Joe's question just on the guide. But regarding the duration tailwind that you've seen term license over the past 2 quarters, any color on what's driving that higher? And Josh, can you just clarify what you're expecting from a duration perspective throughout the rest of the year and how that might be impacting the different updates to the revenue and ARR guidance?
Yes. I don't think that there was any one -- there wasn't a trend of it driving higher. I think we saw, though in the first quarter, it go up by a few months, and it contributed about just about $3.5 million in tailwind on the revenue side for the quarter. And I think when we look at it kind of over time and kind of as we look into the pipeline, we kind of see it dropping down again by a couple of months, but it's going to move around between the 20 and the 23-month range.
I think the bigger point on the look forward really is this idea that Josh hit on earlier around what do we see in the mix when we look into Q2, Q3 and Q4. And when I analyze the pipeline, which unfortunately I still do, [indiscernible] and I have great sessions around that. We try to understand what is it shaping up. And with all of our new products coming into play, which are SaaS only, and then where the market is moving, we see the mix of SaaS really stepping up in the quarter and in the out quarters for the year. Now we've taken that into account in our guide. And even with that, we've been able to raise our revenue outlook for the year. But it is a pretty substantial shift in our pipe towards SaaS.
Your next question comes from the line of Andrew Nowinski with Wells Fargo.
I want to talk about the U.S. federal market. You mentioned you have FedRAMP high status for EPM and PAM now. I guess first, how is demand in the quarter? And then second, has that FedRAMP high status opened up a larger pipeline with new agencies that you can now sell to? And are they also purchasing SaaS or more on-prem?
Yes. So I think when we think about our FedRAMP, let me first clarify, what we announced was FedRAMP High for EPM and for our identity products. And why did we start there, by the way, versus starting with PAM. It was because we only have SaaS versions of those products. So in order to even be able to sell into the federal government with Identity and with EPM, we needed to be FedRAMP. We believe in the market opportunity. That's why we went and did the heavy lift process, not just to get through FedRAMP but to get to FedRAMP High. That opens up not just the civilian side, of the federal market, but also the DoD side and frankly also helps us at the state level with the state side of the government organization.
We are very bullish and optimistic of our ability to bring EPM and identity into those markets. Now we have an existing book of business with PAM on-prem that we've had for many years. We have invested in the on-prem certifications. We now are investing as well in PAM FedRAMP certification, and we'll get to that in the time ahead. But in the meantime, we believe that one of the biggest industries or verticals that are being attacked is the government. It's being attacked at the federal level it's being attacked at the state level. And our ability to be able to institute core security controls like I'm describing, lock down the end points have a bigger version of -- or bigger story of identity beyond MFA SSO, allows us to be able to capture a bigger piece of the market in the federal space, which we've done well successfully so far in our history, but we think it's an opportunity for investment and growth in the quarters and years ahead.
Your next question comes from the line of Ittai Kidron with Oppenheimer.
I have two questions, maybe I'll insert them all at once. First for you, Josh, on the booking, can you just give us a little bit more color there on how much of that duration, new customers, expansion activity stronger than you expected, the mix of products there? Any color would be great. And Matt, going back to the point you mentioned to the question of complementary EPM being complementary to EDR. It is complementary today. But clearly, more and more of your portfolio right now is at the edge. I would think the browser. I think about that as an edge product as well. And so as you're moving closer and closer to the edge, can your EPM product evolve into an EDR-like product and be competitive with an EDR solution?
Sure. And I may take both just in the interest of time to move us along, but the questions. So on the first front, when we look at the bookings performance in the quarter, remember, bookings has nothing to do with duration. So the duration just wanted to be transparent. It was a bump up in the quarter. It's about $3.5 million of contribution around revenue. But it's not a contributing factor to the strength of our overall business. The strength of our overall business is based upon continued growth across the entire portfolio.
We continue to see ARR just grow really strongly for each piece of the platform. Now I highlighted in the call kind of particular strength in the secrets management business, and I'm very excited by that because that, again, is showing our ability to compete effectively as a security sale in the machine identity space. So I would highlight that. I would also highlight, as we talked about earlier, our ability to be able to go back into the base and expand customers beyond PAM or securing IT into new areas like securing developers or our ability to be able to go compete effectively in the quarter around workforce and our differentiated workforce solution. So across the board, I can point to the entire portfolio, talk about strong bookings and that kind of comes from that overall approach. Remind me again of the second question?
EPM into EDR.
So on the EPM side, I think we are very comfortable with our definition of identity security. Our definition for these four different identity groups, our ability to be able to be the control point and our ability to be able to apply privileged controls across those. And just like I think that EPM is a complement to EDR. I'm very respectful of the EDR businesses that are out there. I go to customers, and I tell them all the time, yes, they ask me, should I spend money on next-gen EDR and I say, yes. It's a good security control to have in place. And a lot of them have the right security first mindset and how they approach it.
But I think there's plenty of space for us to carve out with the least privilege and privileged control side of the end point. And by the way, when you talk about our browser, you're talking about the same thing, the idea of an identity-centric security control-focused browser that can integrate into our identity security platform. And I think there's plenty of growth ahead of us without having to go into the larger EDR market.
Your next question comes from the line of Shrenik Kothari with Baird.
Matt, the follow-up on the secular browser GA looks very timely. As you said, [indiscernible] the growing demand for [indiscernible] market and designed to go beyond just the [indiscernible] harvesting and browser products. One, this comment you made was you believe the browser will not only enhance security but also drive adoption of all the other solutions I know it's still early days, but the market seems to be moving quite fast. So just curious, are you already kind of seeing signs or the browser is seeing differentiated becoming a landing point and driving demand for other solutions? And then just a quick follow-up on Azure.
Sure. So I think just to ground everybody in the release, So when you go into the CyberArk secure browser, you are able to, obviously, from a security control perspective, browse freely with a cookieless browsing with password replacement with other security controls built right in, and it's designed for the privileged users to be able to get to other targets within the enterprise much, much more securely.
And it kind of locks down and stops one of the most important or most difficult attacks to be able to protect against, which is post-session authentication hijacking. So we look at it and we pitch it from that perspective, and it is a really nice security story. But underneath that, it is really a gateway and an easy navigation into our identity security platform. When you go into the browser, you're presented with a copilot that allows you to be able to access your single sign-on tiles.
It allows you to be able to access your infrastructure targets, traditional targets for PAM users. You can go and write from the browser right from the main screen, you can get into your cloud service providers' portals into the back-end micro services. and you can actually do things right in the browser that you would normally have to go into the back-end platform to go do.
So that creates a much easier path for users and administrators to be able to leverage and use the platform effectively. So when we look and we talk with customers and all the customers that have been using the product when it was in limited release, they start to see this improved pathway of usage, removing the friction of user access in the PAM space and allowing for total integration into our workforce tools.
Got it. So very helpful, Matt. And just quickly on the Azure marketplace. You mentioned about a sound [indiscernible] deal that you guys kind of won aligned with PAM EPM and kind of flow through this new route to market. Can you talk a bit about go-to-market motion and kind of any sense about the relative size or mix or incremental trends around this marketplace motion?
Sure. And I think you've heard us talk in the prior quarters about the idea of -- we believe that one of the upside opportunities for us is to continue to exploit new routes to market. You've heard us talk about that in the context of the MSP program, the launch of our MSP console, our ability to be able to actually leverage new channel partners go down market with distributors, continue to push on our SI partnership and our SI relationship.
So you see, overall, we're investing in enabling and building stronger partnerships. One of those new routes to market is our marketplace. And you've heard us talk about the AWS relationship that we've built and continue to drive on to allow for frictionless buying to leverage the AWS sales force and then to be able to be part of the dollars that sit out there for marketplace purchases. And it's been a great lubrication in the sales cycle. In this quarter, we highlighted the deal that you mentioned, which went through the Azure marketplace. We're earlier days from that perspective for sure. but it speaks to the overall marketplace opportunity as a buying vehicle and as a co-sell motion that can help drive our business forward.
That concludes our Q&A session. I will now turn the conference back over to Matt Cohen for closing remarks.
Thank you. And I want to go back as we celebrate our 25th anniversary to think about the fact that CyberArk is laser focused on driving innovation and delivering value to our customers. An achievement we owe to the hard work and dedication of over 3,000 CyberArkers today as well as our partners around the world.
We are in an amazing vision as the leading identity security company that is built to last and thrive for at least another 25 years. We look forward to welcoming many of you at our impact customer event in just over 2 weeks. Thanks for joining the call today.
Ladies and gentlemen, that concludes today's call. Thank you all for joining. You may now disconnect.