Cyberark Software Ltd
NASDAQ:CYBR
US |
Fubotv Inc
NYSE:FUBO
|
Media
|
|
US |
Bank of America Corp
NYSE:BAC
|
Banking
|
|
US |
Palantir Technologies Inc
NYSE:PLTR
|
Technology
|
|
US |
C
|
C3.ai Inc
NYSE:AI
|
Technology
|
US |
Uber Technologies Inc
NYSE:UBER
|
Road & Rail
|
|
CN |
NIO Inc
NYSE:NIO
|
Automobiles
|
|
US |
Fluor Corp
NYSE:FLR
|
Construction
|
|
US |
Jacobs Engineering Group Inc
NYSE:J
|
Professional Services
|
|
US |
TopBuild Corp
NYSE:BLD
|
Consumer products
|
|
US |
Abbott Laboratories
NYSE:ABT
|
Health Care
|
|
US |
Chevron Corp
NYSE:CVX
|
Energy
|
|
US |
Occidental Petroleum Corp
NYSE:OXY
|
Energy
|
|
US |
Matrix Service Co
NASDAQ:MTRX
|
Construction
|
|
US |
Automatic Data Processing Inc
NASDAQ:ADP
|
Technology
|
|
US |
Qualcomm Inc
NASDAQ:QCOM
|
Semiconductors
|
|
US |
Ambarella Inc
NASDAQ:AMBA
|
Semiconductors
|
Utilize notes to systematically review your investment decisions. By reflecting on past outcomes, you can discern effective strategies and identify those that underperformed. This continuous feedback loop enables you to adapt and refine your approach, optimizing for future success.
Each note serves as a learning point, offering insights into your decision-making processes. Over time, you'll accumulate a personalized database of knowledge, enhancing your ability to make informed decisions quickly and effectively.
With a comprehensive record of your investment history at your fingertips, you can compare current opportunities against past experiences. This not only bolsters your confidence but also ensures that each decision is grounded in a well-documented rationale.
Do you really want to delete this note?
This action cannot be undone.
52 Week Range |
191.53
329.15
|
Price Target |
|
We'll email you a reminder when the closing price reaches USD.
Choose the stock you wish to monitor with a price alert.
Fubotv Inc
NYSE:FUBO
|
US | |
Bank of America Corp
NYSE:BAC
|
US | |
Palantir Technologies Inc
NYSE:PLTR
|
US | |
C
|
C3.ai Inc
NYSE:AI
|
US |
Uber Technologies Inc
NYSE:UBER
|
US | |
NIO Inc
NYSE:NIO
|
CN | |
Fluor Corp
NYSE:FLR
|
US | |
Jacobs Engineering Group Inc
NYSE:J
|
US | |
TopBuild Corp
NYSE:BLD
|
US | |
Abbott Laboratories
NYSE:ABT
|
US | |
Chevron Corp
NYSE:CVX
|
US | |
Occidental Petroleum Corp
NYSE:OXY
|
US | |
Matrix Service Co
NASDAQ:MTRX
|
US | |
Automatic Data Processing Inc
NASDAQ:ADP
|
US | |
Qualcomm Inc
NASDAQ:QCOM
|
US | |
Ambarella Inc
NASDAQ:AMBA
|
US |
This alert will be permanently deleted.
Good morning. My name is James and I will be your conference operator today. At this time, I would like to welcome everyone to the CyberArk Fourth Quarter and Year-End Earnings Call. All lines have been placed on mute to prevent any background noise. And after the speakers’ remarks, there will be a question-and-answer session. [Operator Instructions] Thank you.
I would now like to turn the call over to the Vice President of Investor Relations, Erica Smith. Ms. Smith, please go ahead.
Thank you, James. Good morning. Thank you for joining us today to review CyberArk's fourth quarter and full year 2018 financial results. With me on the call today are Udi Mokady, Chairman and Chief Executive Officer; and Josh Siegel, Chief Financial Officer. After prepared remarks, we will open the call up to a question-and-answer session.
Before we begin, let me remind you that certain statements made on the call today may be considered forward-looking statements, which reflect management's best judgment based on currently available information. I refer specifically to the discussion of our expectations and beliefs regarding our projected results of operations for the first quarter and the full-year 2019. Our actual results might differ materially from those projected in these forward-looking statements.
I direct your attention to the risk factors contained in the company's annual report on Form 20-F filed with the US Securities and Exchange Commission and those referenced in today's press release. CyberArk expressly disclaims any obligation or undertaking to release publicly any updates or revisions to any forward-looking statements made herein.
Additionally, non-GAAP financial measures will be discussed in this conference call. A reconciliation to the most directly comparable GAAP financial measures is also available in today's press release, which can be found at www.cyberark.com in the Investor Relations section. Also a webcast of today's call will be available on our website in the IR section as well.
With that, I'd like to turn the call over to our Chairman and Chief Executive Officer, Udi Mokady.
Thanks, Erica. And good morning, everyone. Thank you for joining our fourth quarter and year end conference call. We had a phenomenal record breaking 2018, executing on all of the strategic goals that we outlined for you early in the year.
Through our innovation, we have cemented our leadership position as the industry's global solution provider to secure privileged access from on-premise to the cloud. We're increasingly a critical component of our customers’ digital transformation strategies by securing cloud assets and access, application credentials and secrets in the DevOps pipeline.
We extend our reach to our partner ecosystem and we significantly enhanced the efficiency, productivity and consistency of our sales and marketing engine. Our momentum continued to build throughout the year. And in the fourth quarter, we delivered amazing results, exceeding our guidance across all measures.
Total revenue reached a record $109 million, with growth accelerating to 36%. We were thrilled that our License revenue growth outpaced old revenue and accelerated to 38% in the fourth quarter. We delivered our best ever non-GAAP operating income of $40 million. And we signed over 250 new logos, the largest number in the company's history, ending the year with more than 4,450 customers.
For the full year, revenues reached $343 million, growing 31%. Non-GAAP operating income was $90 million and we generated a record cash flow from operations of $130 million.
Today's business paradigm dictates that every organization, the insurance company, the retailer, the airline, utility, is a software company. Implementing digital transformation strategies and migrating workloads to the cloud. They are leveraging speed, automation and agility as a competitive advantage. This is causing organizations around the world to rethink security and prioritize impactful initiatives.
Escalating privileges of human and non-human credentials remains at the center of almost every major attack. In this new, more complex environment privileged accounts are being created and privileged access expanded at unprecedented rate. Chief information security officers are also increasingly talking a security-first approach to solving compliance challenges, like GDPR, NIST, SOX, and PCI.
As a result, awareness and demand for privileged access security has increased across geographies, verticals and from companies of all sizes. In fact, on the 3rd of December 2018, Gartner published its first ever Magic Quadrant for Privileged Access Management, stating, and I quote, “Privileged Access Management is one of the most critical security controls particularly in today's increasingly complex IT environment. Security and risk management leaders must use PAM tools in a long-term strategy for comprehensive risk mitigation.”
We were proud that our ability to execute and completeness of vision were recognized by Gartner in the Magic Quadrant as a leader, farthest to the right on the completeness of vision, access, and the highest on the ability to execute access.
While strong market fundamentals certainly played a factor in our record result this year, our execution and strategic moves globalizing the team, delivering continuous innovation and simplifying our pricing were among the biggest contributors to our success, with revenue growth accelerating in all major [theaters].
The Americas revenue growth rate accelerated from 20% in 2017 to 26% in 2018. EMEA from 20% to 37%, and APJ growth accelerated from 30% to 47% in 2018. All geographies performed exceptionally well.
A number of seven figure add-on deals in the fourth quarter demonstrated the impact of our strategy. We were the only vendor who provided a leading bank in EMEA with a battle-tested global privileged access security program that complemented its cloud-first strategy in Azure.
With our new licensing we simplified the customers’ buying journey and solve the critical pain point providing visibility into unmanaged unauthorized privileged access across its on-premise and cloud environments with threat analytics.
A Global 2000 insurance company began with Enterprise Vault in the UK in 2015. Because of our team’s deep privileged access domain expertise the customer is standardizing on CyberArk across all data centers in the Americas, EMEA and APJ. With the simplicity of Version 10 the customer was up and running quickly after closing the deal.
A top five lifetime value customer significantly expanded its CyberArk program in Q4. The customer is adding Endpoint Privilege Manager for credential theft blocking and Conjur to secure application development in Pivotal Cloud Foundry and AWS. Both solutions help address its number one priority to quickly and measurably reduce risk across the enterprise.
Our strategy also contributed to a record number of new logos. In a competitive ripping and replace deal a larger European manufacturing company chose CyberArk because of our global scalability and support. We increasingly see organizations who bought privileged access security for compliance turn to CyberArk to implement holistic, scalable privileged access programs.
As part of its cloud-first strategy, a leading SaaS company has deployed CyberArk in AWS. After an extensive POC we won unanimous cross-functional support from information security, identity and access management and the application developers. With Core PAS and Conjur the organization will realize material security and operational efficiencies from centralized control and a single pane of glass into human users, machine identities, production applications and application development.
We saw Application Identity Manager and Conjur as key differentiators this year as CIOs and CISOs look to strike the balance between flexibility, growth and risk mitigation. In fact AIM and Conjur were included in six of our top 10 deals this year.
Innovation is critical to our long-term strategy. In 2018, we again set the standard and redefined privileged access security being first to market with new and enhanced solutions that automate and drive efficiency for security and operational teams. We accelerate the pace of our innovation, enriching our Core Privileged Access Security solution with eight new versions that included key functionality like Streamline Workflows, Just-In-Time Access, Automated Discovery, on-boarding of privilege accounts and Simplify Deployment.
We introduced enhanced protection in AWS, Google Cloud Platform and Azure as well as DevOps and containerized platforms to strengthen our customer security as they execute their digital transformation strategies.
In addition, we launched Privileged Session Manager for cloud which secures cloud administrators and privileged business users who are often targeted by attackers. We also empowered our customers to deploy or access CyberArk anywhere on-premise, in the cloud or as a service with CyberArk Privilege Cloud and our MSP solution. And our labs team is leveraging extensive experience to analyze the latest hacker threats and help inform our product roadmap decisions.
Another example from earlier in 2018 is the CyberArk marketplace. The industry's broadest and deepest portfolio of integrations for privileged access security, customers have a trusted platform to easily access and deploy integrations across their entire technology stack, including security, IT operations, cloud, DevOps and Robotic Process Automation software. Our advisory, value-added reseller and technology partner ecosystem also played a key role in our results with about 67% of our revenue coming from indirect channel, up from 61% in the full year 2017.
Deals influenced by advisory firms, like PwC, Deloitte, KPMG and Accenture increased by more than 85% in 2018. Our partners understand that a best of breed approach to mission critical security projects like digital transformation and identity improves the customers overall security posture.
As we look at the year ahead, our primary focus is to deliver innovation and drive long-term sustainable growth. We are in a greenfield market and have tremendous opportunity to expand our relationships with our more than 4,400 customers. As a result, our major strategic initiatives for 2019 include: increasing enterprise customer penetration in new and add-on business, formalizing our motion in the mid market, driving adoption of our application and privileged endpoint solutions and delivering clinical innovation and expanding our solutions across on-premise and cloud to automate, simplify and better protect our customers.
2018 was an amazing record setting year, and I'm very proud of our team. Our results strengthen our conviction that we are in the early stages of our opportunity and that momentum in the privileged access security market is accelerating. As we move into 2019, we are in a strong position to continue to build an enduring leader in cyber security, and I'm incredibly excited about the opportunity in front of us.
With that, let me turn it over to Josh, to discuss our record results. Josh?
Yes, thanks Udi. Before we begin reviewing the quarter, I wanted to remind everyone that our fourth quarter and year-end results reflect the modified retrospective approach to disclosure for accounting standard 606. As you’ve heard from Udi already, we delivered another quarter of outstanding results, capping off a record year.
In the fourth quarter, we generated $109.1 million in revenue, accelerating growth to 36% year-on-year. Our outperformance in the fourth quarter was driven by strong execution coupled with broad-based demand and greater than expected year end budget flush. License revenue reached a record $66.8 million with year-on-year growth accelerating to 38%. In the fourth quarter License revenue represented 61% of total revenue, that's up slightly from the 60% in the fourth quarter of 2017.
Maintenance and Professional Services revenue increased by 33% to $42.3 million and represented 39% of total revenue. The Professional Services revenue associated with this line was $7.7 million or 7% of total revenue.
The Americas reached another record of $60.9 million in revenue and growth accelerating also significantly to 40% in the fourth quarter. EMEA also reached a record of $41.6 million in the fourth quarter and growing 28% year-on-year. We are also pleased to see the Asia Pacific Japan region grow by 56% year-on-year to $6.5 million in revenue for the quarter. We had a strong demand across verticals in the fourth quarter with manufacturing, telecom, IT services and software, retail and pharmaceuticals, all of them growing faster than 50%.
As I move through the P&L, all line items will be discussed on a non-GAAP basis, please see the full GAAP to non-GAAP reconciliation in the tables of our press release.
Gross profit for the quarter was $98.2 million, increasing our gross margin to 90% compared to $70.6 million or an 88% gross margin in the same period last year. We continued to experience higher utilization of our Professional Services team, resulting in the improved gross margin for the quarter.
On the expense side, our priority continues to be to invest in innovation, growth and scaling the organization. Our R&D grew 23% year-on-year to $13.2 million or 12% of total revenue. Sales and marketing for the quarter increased 7% year-on-year to $36.5 million or 33% of total revenue and G&A expense increased 41% $8.7 million or 8% of total revenue.
In total operating expenses increased 15% in the fourth quarter to $58.4 million compared with $50.9 million for the same period last year. Our revenue outperformance and disciplined investments drove strong leverage again in the fourth quarter. Operating income and margin both reached the record of $39.8 million and a 36% operating margin, a strong increase from operating income on $19.7 million or 24% operating margin in the year ago period.
Net income was $33.4 million or $0.89 per diluted share for the fourth quarter of this year, more than doubling from $15 million or $0.41 per diluted share for the fourth quarter last year.
Now let me summarize our strong results for the full year of 2018. Total revenue for the year was again ahead of guidance reaching $343.2 million, with growth accelerating to 31%, compared to $261.7 million in 2017. License revenue for the year was $192.5 million with growth accelerating to 30% year-on-year and representing 56% of total revenue.
In 2018, 60% of License revenue was generated from existing customers, purchasing additional licenses and approximately 40% of revenue from new customers, consistent with the revenue mix that we saw in 2017.
On the product side, AIM and Conjur together represented about 10% of License revenue for the year and our Endpoint Privilege Manager represented about 8% of License revenue for 2018.
Maintenance and Professional Services revenue increased 32% over last year, reaching $150.7 million and representing 44% of total revenue. The Professional Services revenue associated with this line was $26.7 million or 8% of total revenue, very consistent with the prior year. Again in 2018, our renewal rate was over 90% which was attributed to mission-critical nature of our solution and our strong customer service.
As Udi mentioned earlier, growth accelerated across all geography for the year. The Americas generated $205.5 million in revenue growing 26% and representing 60% of total revenue. EMEA revenue grew by 37% in 2018, reaching $112.1 million or approximately 33% of total revenue. Asia Pacific Japan grew 47% to $25.6 million or 7% of total revenue.
For the full year our business was also well diversified across [Audio Gap] both accelerating to 32% of those deals -- on those deals from 27% in 2017. We also had 133 deals over $500,000 compared to 92 deals over $500,000 in 2017.
We are pleased with the healthy growth for these larger deals not only in the Americas, but also across EMEA and APJ which demonstrated that privileged access security is moving up on the list of priorities for CISOs those globally, as Udi mentioned earlier.
Our gross margin for the year was 88%, compared to 86.5% in 2017, which was ahead of our expectations due to the higher utilization of our Professional Services team as we have discussed throughout the year. While we continue to make strategic investments in growth and innovation, our strong P&L demonstrates the efficiency of our operations.
For the full year R&D represented 14% of total revenue consistent with the 14% last year. Sales and marketing represented 39% of total revenue and G&A represented 8.5% of total revenue, resulting in record operating income of $90.5 million in 2018, or 26% operating margin, which was ahead of our guidance and a strong increase from the $51.9 million or 20% operating margin in 2017.
One of our goals for 2018 was to drive growth, while improving productivity and efficiency of our investments, we delivered in 2018. Our net income was $76.5 million or $2.06 per diluted share in 2018 increasing nicely from $41.9 million or $1.16 per diluted share in 2017. Our effective tax rate for the year was 19.5%.
We ended the year with 1,146 employees worldwide compared to 1,015 at the end of 2017, and that includes 541 employees in sales and marketing at year-end, up from 491 at December 31, 2017.
We generated record cash flow from operations in 2018 of $130 million or 38% cash flow margin. This compared with $81 million in cash flow in the full year of 2017 or 31% cash flow margin. Our stronger than expected cash flow from operations was driven primarily by improved linearity throughout the quarters and the year and outperformance in bookings while maintaining a disciplined approach to investments.
Turning to the balance sheet, we had $451 million in cash and cash equivalents deposits, marketable securities at December 31, that's an increase from $330 million at the end of 2017. Deferred revenue for the full year increased 42% to $150 million at year end.
Moving on to our guidance for the first quarter of 2019 and the full year. As a reminder, our guidance does not consider any potential impact to financial, other income and expenses associated with foreign exchange gains or losses, as we do not try to estimate future movements in foreign currency rates.
So for the first quarter of 2019, we expect total revenue to be in the range of $91 million to $93 million or 28% growth, at the midpoint of the range. We expect non-GAAP operating income to range from $18.5 million to $20 million and non-GAAP net income per diluted share of $0.39 to $0.42. This assumes $38.2 million weighted average diluted shares and a tax rate of approximately 21%.
We're initiating our guidance for the full year of 2019. We expect total revenue for the -- in the range of $411 to $415 or growth of approximately 20% at the midpoint. We expect a mix of License and Maintenance and Professional Services revenue in 2019 to be between approximately 54% to 56% from License revenue and the balance of 46% to 44% coming from the Maintenance and Professional Services revenue.
We expect our gross margin to be between 87% to 88% for the full year. We expect non-GAAP operating income to be in the range of $92.5 million $95.5 million and non-GAAP net income per diluted share of $1.94 to $2.00. This assumes $38.5 million weighted average diluted shares. Our guidance for the full year assumes an effective tax rate of approximately 21% for 2019.
We typically experienced a sequential revenue decline into the first quarter, moderate sequential growth into the second quarter and then into the third quarter, and Q4, in our largest revenue quarter of the year. On the expense side, we typically see a step up in expenses in the third quarter as a result of seasonal employee expenses as well as our marquee Americas customer event.
We also wanted to provide you with a bit more color on some line items for 2019. We expect total capital expenditures to be in the range of $6 million to $8 million, which represents approximately 2% of revenue at the midpoint of the range. As we look at the full year 2019, we expect our cash flow from operations margin to run between 5 to 10 percentage points higher than our non-GAAP net income margin. We recommend analysts to evaluate our cash flow on an annual basis, given that our cash flow from operations can vary quarterly based on seasonality of the business and taxes. We do not plan to provide quarterly updates on guidance for cash flow from operations.
Fundamentals for privileged access security continue to be robust, and as a result, our priority for 2019 is to strengthen the organization, to generate sustainable growth over the long-term while staying true to our operating principle of delivering profitability through disciplined investments.
As Udi mentioned, our key areas of focus in 2019 are sales and marketing and R&D. We had a great 2018 and the team delivered against all of its objectives. As a result of our execution we are entering 2019 with strong momentum, and are looking forward to the year ahead.
I will now turn the call over to the operator for Q&A. Operator?
[Operator Instructions] Your first question comes from the line of Saket Kalia from Barclays Capital. Go ahead, please. Your line is open.
Thanks for taking my questions here. Udi, maybe just to start with you. I think it's pretty clear in the results but I just want to make sure this question is asked. Did you feel like you saw higher win rates, that is higher competitive win rate for the quarter? Or do you have any other anecdotal observations from the quarter related to competitive disruption?
Sure, Hi, Saket and thank you. Yes, absolutely. I think we indicated in the last several months that we're seeing disruption with our competitors primarily with the roll ups by private equity, they create disruption in existing customers, they definitely create disruption for them in active sales processes. And yes, so we saw an increase in our win rate, I would say consistently throughout the year. It was one of our strategic objectives into 2018. And of course, cementing our market leadership with the Magic Quadrant by Gartner, the Forrester report and others kind of made it very clear. And with the growing demand was a great setup for ‘18 and beyond.
Got it, that's really helpful. Josh maybe my follow up for you. You gave some helpful metrics just around big deals and how they did in ‘18 versus ‘17. Maybe just dig a little bit deeper in that. Can you talk about the average deal sizes that you saw here in 2018 and how you sort of factor that into your guide for 2019 anecdotally?
Yes, so we actually start our average deal size pretty consistent within what we've seen over the last several years in the same range. We did see our add-on business trend up a bit and our new business in line with what we've seen over the last few years. And the way we look at 2019 is really consistent with our guide. We believe that we expect to see a similar trend in where our average deal size are and continued growth in -- relative to our business in the larger deals.
And Saket just to add to my previous answer, I mentioned private equity disruption to the competitive based but we also had CA acquired value by Broadcom and that was also a very significant competitive disruption.
And your next question comes from the line of Melissa Franchi, from Morgan Stanley. Go ahead, please. Your line is open.
So it sounds like you've benefited from a number of drivers in Q4. I'm wondering if you could help us parse through what was most significant. Was it the fact that the market itself is accelerating just because there's greater awareness or do you think it's more your execution and the ability to capitalize on that opportunity?
Absolutely its execution against growing market fundamentals. And so I think we've outlined throughout 2018 some of our strategic initiatives around globalizing the sales force, the services team, simplifying our products continuously, multiple releases that really show the customers our approach to more simplification and automation, the simplicity in our prices. And that execution and of course, coupled with the innovation and being first to market with the innovative size of DevOps and Privileged Cloud. But coupled that with a growing demand environment with privilege really rising up to a key priority, we talked about how privileged access security has been rising up as one of the major things CISOs need to do if they want to reduce dramatic risk in various industry reports and the growing awareness around that. And coupled that with digital transformation where it's very clear that okay, your job and the security team’s job is not just to protect the business but also enable the digital transformation that's going to drive growth. We really need to take chunks of risk off and privileged access security is a major thing there. So that's all. I didn't rate them for you but I would say a strong execution, delivered execution against growing market fundamentals.
Got it, that's helpful. And then just a follow-up for Josh. Josh, you mentioned a better than expected Q4 budget flush I believe in your commentary. Do you feel -- well, I guess first, what do you think is driving that better than expected budget flush, and do you feel like there were any deals that maybe got pulled forward into Q4 that you anticipated in 2019?
Yes, I think with regard to budget flush it's something as enterprise vendor we see every year, it's just hard for us to gauge whether or not the enterprises are going to move some of their flush to us or to our competitors. And I think it really dovetails with what Udi just said is that we basically we're seeing enterprises using it with us. And because of the dynamics of where privileged access security is on their priority list. And so I think it's coming from there, the deals are -- a lot of these deals are in our pipeline at some form or fashion and then can get executed in the fourth quarter.
In terms of any -- seeing enterprises move things in, unnaturally we did not really see that in the fourth quarter.
And your next question comes from the line of Shaul Eyal from Oppenheimer. Go ahead please Your line is open.
Thank you. Good afternoon guys. Congrats on the ongoing strong performance and guidance. Udi, Josh, thank you for the transparency with respect to Conjur and the other tuck-in acquisitions you mentioned. I want to actually go and revisit the Conjur acquisition you guys have done if I'm not mistaken a little less than two years ago. Talk to us about the trend you're seeing within the DevOps, DevOp IT security arena, I think CyberArk was actually amongst the first company and I would even say the pioneer on the security front that triggered the cycle of a small tuck-in acquisitions, focusing on a DevOp. What's happening on that front and if Conjur was the same part of the 10% License revenue, where could we be seeing that by the end of 2019 or even 2020?
Yes, thanks Shaul, Udi here and thanks for the warm words. We acquired Conjur in May of '17 as you mentioned, and I would say a very strategic acquisition for us in our play in the digital transformation for our customers. And first of all as innovators we were the first and then probably still the only privileged access security vendor with capabilities to extend all the way to the DevOp cycle and give the organization, the chief security officer a holistic approach to on-premise cloud and the DevOps environment. I would say that it's almost every customer right now is going through the discussions of migrating their applications, either migrating to the cloud or just adopting DevOps as the methodology to accelerate application development. And so it became really a natural piece of our Application Identity Management business to deal with this migration no matter where the customer is on the cycle. And hence as Josh indicated it was 10% of License revenue and behaving as a growth engine for us and very strategic in customer decisions to select CyberArk because they know that we can take that journey with them.
I would say 2019 we're not putting something specific in terms of the numerical but it's a major initiative for us. We continuously train our salesforce and our channels to be able to, I would say, expand from core privileged access security that grew and was really the reason for the outperformance in 2018 to our growth engines, which include Conjur and also EPM.
Got it. Got it. And we think about the go-to-market and your growing channels and partners relation, do you see anyone specific, or a handful or a number of strategic guys that have been doing a little better pushing your products out there, whether it's in the U.S., whether it's in Europe? Or, Udi, pretty much a status quo from what we have been seeing throughout 2017 and 2018?
Yes, absolutely. I would say the continuum of just progress is what we indicated on the advisory side, advisory firms, and just growing the amount of deals that they are influencing with us, as we mentioned. And the other end of it is the fact that they are growing their business and really training teams and putting people to help identify these opportunities and help customers go through privileged access security programs. So, I would say advisory firms.
I'm also personally very pleased to really see CyberArk move up the chain in major value-added resellers as key revenue producers for them. And that's a win-win. The more we get high up there, from Top 15 to Top 10 to Top 5, in some cases, revenue producers for value-added resellers around the world, the more they continue to invest in the various phases of the sales cycle. And so that has been a positive trajectory. I think very much in line with our revenue growth is also the growing importance of how we're perceived in the VAR channel.
And then the third element is the technology partnerships. We talk a lot about the C3 alliance. We've really increased the amount of partner integrations, collaborations in the field. Customers really appreciate the ongoing innovation and the fact that they have a marketplace and they can find these connections to other investments they make.
And your next question comes from the line of Fatima Boolani from UBS. Go ahead, please. Your line is open.
Good morning. Thank you for taking the question. Either for Udi or Josh, you both mentioned that the investment priorities for next year will be focused in the sales and marketing arena and the R&D arena, specifically. So, I actually wanted to get some more specificity on what you mean on the sales and marketing side. Is it greater sales capacity? Is it more overlays? Just trying to better understand that dynamic as I look at your financial results and they are well in excess of the medium-term targets that you set at Analyst Day. So, I just wanted to kind of reconcile what's changed and what specific areas you are looking to invest in '19. And a follow-up, if I may.
Sure, Fatima. Udi here. I'll start. I think, as I indicated with some of the 2019 elements, we're seeing that the enterprise business is definitely our prime market and is very much greenfield, both for new business but also, as Josh indicated, a lot of add-on opportunities. Another element that we're adding in the year is really increasing, I would say, our muscle in the ability to go into mid-market. And so I would say it's still early but that would be another area of investment for our go-to-market. And as we go, I would say for the prior question and for this, we also continue to invest in the channel. We really see this as a strategic piece for us and it's also the team that's supporting and enabling and training and selling with the channel. On top of that, of course, as the market leader and, finally, after many years of market education, we have the Magic Quadrant and that position there. It's also an opportunity firm up on the marketing pedal and take this to market. And all this in an across-geographic manner. I mean, we're very proud with the diversification we have as a key strength, a rough 60/30/10 between the theaters, and then diversity on the verticals. And so to push all of that to all markets.
And actually a quick follow-up on the mid-market focus. How should we think about potential for any pricing changes or any pricing tweaks because the appetite in this market is a little bit different? The spending posture in this market is a little bit different than the enterprise. And then along those lines, I think one of your peers is sort of going to raise the subscription transition with a predominantly perpetual license model. So, how do you guys think about or discount or manage for a changing appetite for what traditionally is a perpetual license product for you and any pricing implications that may result as you push harder into the mid-market? Thank you so much.
Sure, sure. Absolutely. So, I would say we really prepared for it and we seeded it in 2018 with the pricing simplification and in brackets, of course, the ongoing product simplification. And that was already kind of geared into addressing or preparing to address the mid-market and the ability for an easier way to scope the solution and to identify and to be able to accommodate smaller deal sizes for that market. Although I have to continually emphasize, enterprise is our major market and mid-market being a new muscle. With regards to model switch, no model switch. We're seeing that most of our customers want to own our solution and, definitely in the enterprise, they view this as mission critical. And although we've had options to buy this in subscription, primarily the enterprise customers want to own it. And then they're able to run it anywhere. They can run it in the cloud and install it in the cloud. For mid-market, they have the opportunity to buy it as subscription or as TPL but we're going to see that as a gradual infusion of our revenue and not any change. And so that's how I would present that.
Your next question comes from the line of Daniel Bartus from Bank of America Merrill Lynch. Go ahead, please. Your line is open.
Yes. Hey, guys. Thanks for taking the question. First, on new logos, I was just curious if you could discuss how much of the business now is greenfield versus rip-and-replace and just maybe how that changed over the course of 2018 from what you saw?
I would say we still primarily see this as greenfield in all markets, including kind of the enterprise space and, definitely, all theaters. There are truly new geographies, like Latin America, but we still view, in all theaters and all customer sizes, that it's primarily a greenfield opportunity. And even within the customer base, we didn't put up a new number on penetration rates but we have a lot of add-on to do with our customers as we take them from a project to program.
Okay. And then if I could just ask quickly on GDPR as well and getting a little bit more color there. Just how important of a driver was that in 2018, if you can try to parse that out a little bit? And then does that continue into 2019? Are you guys expecting any kind of slowdown related to that?
Yes, sure. So, I'll continue with that. I would say that it wasn't a big contributor to results in the fourth quarter or in the year. We did see some deal kind of cite GDPR as one of the factors but it wasn't a driving force. I view that as a positive because it actually means that it's another kind of ongoing drum beat of a tailwind that will push us farther and not just seasonal. And as we've indicated, what GDPR can also create, and we're hearing more and more about companies that are being fined, not just the well-known players but even smaller companies that are being fined on privacy issues, that's going to further, maybe, accelerate awareness. And, of course, if there will be big breach disclosures, we can see that, again, being a stronger driver like we've seen in other regions. It is interesting to see that GDPR is cited not just in Europe but also by multinational companies that have European customers. So, I think it's here to stay as an ongoing additional tailwind driver but the main driver for us, and the important one, is the ability to really reduce a big amount of risk for our customers.
Your next question comes from the line of Robbie Owens from KeyBanc Capital Markets. Go ahead, please. Your line is open.
Yes. Good morning, guys, and thank you for taking my question. I don't think I've ever been called Robbie on a call but I'll take it. I want to focus a little bit on privacy, especially domestically, where the conversation does seem to be intensifying and whether or not that's starting to resonate within the customer base as they're looking to get ahead or could that be a GDPR situation where everyone is going to play catch up?
Hi, Robbie. Rob, right?
You can go either way. Actually, my mother calls me Robbie so it's all good.
We can do a new trend here. But I think what we're seeing is chief security officers really viewing and being very smart about, OK, I have other elements to deal with, like privacy -- the upcoming California regulation, which is GDPR-like, just like you said, and being brought up in the U.S. But, on the other hand, they need to reduce risk because they're trying to protect the organization. And I would say that's a trend we're seeing. We even talk about it sometimes in various panels and events that these CSOs are looking at -- let's couple these things. Let's reduce risk while meeting compliance requirements. And, for us, that's really a homerun.
And when you go into competitive replacement situations, can you give a little more context around what that customer is consuming? Is it broader deployment of privilege? Obviously, you've got a better application stack than, I'm sure, what you're going and replacing but just to understand how you're taking more wallet share, I guess, within some of those customers that are looking to your solution versus having a competitor's that might be 5-10 years old.
Yes, absolutely. I think there are a couple of flavors there. I think the most exciting one is when we see a customer with one of the solutions of one of our competitors and they're not considered innovative and they understood that this is a big strategic risk remover from them and they take a broader look and they see, OK, who's going to take us on a roadmap for the full -- like you said, for the full stack. Take us all the way from mainframe to cloud and DevOps. And just raise their head and call us or we call them and choose us strategically because they understood that the layer is a strategic. And a big part of it is our innovation on their cloud assets and on their DevOps pipeline and also scalability. They want to take this wide. They need a scalable solution. It's not enough if they selected another vendor for compliance reasons in a point area.
The other thing has to do with the lack of innovation and disruption that I mentioned earlier. Companies being acquired, like the CA acquisition. A lot of resumes out there from the security teams or the rollups where the customer kind of knows where the trend is going. There's not going to be innovation. The attackers are innovating. So, I need to partner with a company that's investing in innovation and is here for the long run. So, I would say competitive disruption that is causing that is there.
And then there's the customers that are really going global, going wide across their environments, and the ability to execute. The ability for us to take a customer that has offices in Singapore, France, and New York, and also a team in India, and give them a full solution, the ability to support them, and the ability to scale with them. Those are some examples there and kind of indicate that, beyond the greenfield, we also have the rip-and-replace opportunity.
Your next question comes from the line of Andrew Nowinski from Piper Jaffray. Go ahead, please. Your line is open.
Thank you and congrats on a great quarter. I just have a few questions on the new per user pricing model that you introduced in early 2018. So, the normal sales cycle is, I guess, in the 6-9 month range, I was wondering if this was the first quarter where you saw an impact from that pricing model because this is the most upside that we've seen in any of the previous quarters.
Yeah. Hi, Andrew. In terms of sale cycle, no, I think we're still -- we're very much on a, as you know, 2-3 quarter average sales cycle. And I say average because we deals coming in, it take 4-6 quarters even, or even longer. For new deals, in particular. For add-ons, it could be as fast as one quarter and also as long as 4-5 quarters. And the new pricing, what that's done is, while it hasn't necessarily shortened the sales cycle, it's made a much more, what I would call, quality sales cycle of 2-3 quarters, in that the content, the discussion, and the negotiation and the sale process is around the product.
It's around how to best set it up. It's around devising -- Udi mentioned the project to program theme that we always take with every enterprise. It's around, OK, this is how we start the process but let's also talk about what's going to happen over the next couple of years. And with the simpler pricing, it allows them to really forecast their own budgeting needs really easily and also to really scope out, quickly, not what their immediate needs are but also going forward. So, it's not necessarily shortening the cycle but it makes the cycle less painful for the customer, which is always good, and also we get more content out of it.
Got it. And then you mentioned that add-on sales trended up in Q4, I believe, or I'm not sure if that was a 2018 metric. But were most of those add-on sales to those customers leveraging your new pricing model or are they still purchasing more on an a la carte basis?
So, actually, a lot of -- and I don't have the statistic of what percent -- most of them were still on the a la carte. But we did have a nice sample, a nice group of customers that, as they came onboard, they actually converted onto the new pricing model. So, as part of their add-on there, we were able to say, OK, let's not just add more EPV users, let's also give you PSM, monitoring, and threat analytics content to the users that you have. So, the other thing that it helped do was be able to have more focus on the Endpoint Privilege Manager and on the AIM and Conjur products.
That's great. And just a real quick clarification …
So, 63% of all of our customers are now on the new pricing.
Thank you. And then just real quick, did the U.S. government shutdown have any impact on your quarter?
I would say that some minor impact on Q4 on federal sales but, overall, really minor. And, of course, we did overachieve on many other fronts and U.S. fed had a very strong first nine months. I think, as we indicated, the diversification in the government business was so strong that, as a vertical, it actually grew more than 40% -- global government grew more than 40% in the year. And that's really because -- federal is a big part of that but also state and local, European countries, countries in Asia, Canada, and others really contributed to that. So, it's a fast-growing vertical and the impact on the federal team, specifically, was minor but there was some in Q4.
And your next question comes from the line of Sterling Auty from J.P. Morgan. Go ahead, please. Your line is open.
Hi, guys. This is actually Ugam Kamat on for Sterling Auty. So, in your prepared remarks, Udi, you mentioned that add-on business constituted around 60% of the license revenue. As we try to assess our models for 2019, I just wanted to get a qualitative commentary on how much runway do you think still exists within the existing customers and how much upsell opportunity is still left within those?
Yes, it's a great question. Thanks. This is Josh. Yeah, I did mention this year, for 2018, 60% of our license revenue came from existing customers, which was very similar to what it was or identical to what it was in 2017 as well. So, it's the second year in a row where we're at about a 60/40 mix. And when we look at going forward, we actually still believe that we're in the first half with our customer base, with our 4,400 customers that we have. Obviously, there's a handful that are higher than half but the majority of our customers, we believe that we have a long runway and a big market to fill.
Got you. And as a follow-up, the industry vertical concentration has remained fairly consistent, I would say, over 2017. Any particular programs that you are planning in 2019 to increase the vertical concentration beyond, say, banking, government, and manufacturing? And, if yes, what is the vertical that you think would be the most promising one?
This is Udi. I would say that the vertical diversification is one of our major strengths. I mean, more than ten verticals were over 5% of the business. And Josh, in his prepared remarks, kind of indicated growth across multiple verticals. So, I would say the trend is increased diversity. And there's no longer an industry that we think is on standby. I mean, we used to say that a couple years ago about healthcare or manufacturing. And in different cycles, we've seen them join the bandwagon. It's become very clear. It's No. 1 on the Top 10 priority list from Gartner on how do you reduce risk and it's not vertical specific. And so it's really one of our strengths -- vertical diversification across the world. And so it's kind of a multiplier of diversification and then you can multiply it by another diversity, which is we address the cloud journey no matter where the customer is on that cloud journey.
And your next question comes from the line of Gabriela Borges from Goldman Sachs. Go ahead, please. Your line is open.
Good morning. Congratulations on the quarter. Udi, I wanted to follow up on some of your comments on privileged access moving up as the priority for spend in the context of what we've seen over the last five years. Because the last time I remember you saw a step-up in priority was around 2014 and now it feels like we're seeing a little bit of a resurgence and awareness and the Gartner Magic Quadrant formally coming out, etc. So, just a little bit of color on what you think is driving the resurgence and how important is it? Is there a positive impact from Gartner having put together the Magic Quadrant formally? Does that impact what you're seeing in the pipeline? Thank you.
Yes. Thank you and hi, Gabriela. I would say that it's -- I would put it as a continuum and that it's been climbing up there. And at some point, it got into a critical mass to the point where you have customers talking, you have partners talking, and you have a successful risk reduction project out there with CyberArk being in 50% of the Fortune 500. The awareness has really gotten there. The chief security officer, I think, you had a process of -- definitely, if you take a five-year progression, some chief security officers understood that the attacker will become -- a focused attacker can make it to the inside of the organization or to the cloud environments with a focused attack. And, therefore, I really have to strengthen my core and prevent lateral movement. And on the progression, it really moved up, where they're looking to -- they're going to be attacked, they're going to be infected, how do I really reduce risk, how do I prevent a network takeover, how do I prevent a cloud takeover? It really moved up there.
The mirror image of that is really the analysts, per your question. The analysts really moving it up in their recommendations. I mean, the industry analysts. And we referred in the past to the Top 10 list that Gartner put up and they listed privileged access security as the No. 1 there in risk reduction. And, of course, the Magic Quadrant coming out in December for the first time about this space and that definitely will help drive further awareness, especially to markets or verticals that were waiting for this kind of assurance that you have to do this and this is how we rate the vendors. There's more security technologies out there, there's the digital transformation, and so there's also a proliferation of credentials. And so the problem is only getting bigger. And that also answers a part of why it grew so big. How do I lower risk and still enable digital transformation? And we're a big part of that.
And your next question comes from the line of Gur Talpaz from Stifel. Go ahead, please. Your line is open.
Okay. Great. Thanks for taking my question and, Udi and Josh, congrats on the very strong quarter here and the strong results for 2018. So, Udi, in April of this year, you took the product multi-tenant and you initiated a broader push into MSSP. Can you talk a bit about what you've seen since that timeframe? And then I think, in terms of the broader context, how you think about that in relation to a bigger push into the mid-market that you're planning for this year?
Yes. Thanks, Gur. I think we strategically wanted to really enable customers to have different flavors of how they adopt CyberArk. We still see the majority want to secure the keys to the kingdom on-premise. We've invested to give customers the ability to also install and have CyberArk work for them in their cloud provider of choice. And I've given some examples of you can install us and we've been installed -- customers using us for their Azure, AWS, Google Cloud. And on that same thread, we also wanted to give customers the ability to kind of outsource the management part of the solution to third-party providers and, therefore, launched the MSSP version. We have several partners that jumped on board. Some of them also have the capability to both resell and be an MSSP provider. I would say it's still an early part in the revenue contribution but it really strengthens our leadership position. And, like you said, it will be an important avenue as we go further mid-market. So, I would say it's still early but it's part of our strength. It's really the ability to capture various appetites with the same solution. So, our team can really stay focused, in terms of R&D efforts, but provide the ability to consume it in different flavors.
Okay. That's helpful. And maybe just one last quick question. Given the success in acquisitions like Conjur, Vaultive, and Viewfinity, how do you think about potential for further M&A, whether this year or just kind of looking beyond? And any sort of areas you think you could push into or extend into that you could look at? Thank you.
Thank you. I think, even as indicated in the various reports, CyberArk leads not just in the ability to execute and going global with our partners and team, but also on the innovation side. And a lot of it has been organic but we also, like you said, made some very important non-organic acquisitions over the last couple of years. So, we definitely continue to hone that discipline. We feel like we lead the space by far and let's really focus on what's needed to secure our customers. And on that front, we have the CyberArk Labs that are really investigating how are modern day attacks progressing, what's the point of no return in an attack, and it's all coming back, most often, to credentials and lateral movement and either back to our solutions or more solutions on that front.
But we will also be very open-minded if we need to pick up other technologies to better secure our customers. We actually have a new VP of Corporate Development that reports to me that is working -- his name is Clarence Hinton -- that is working on further honing our CorpDev capabilities with no time pressure, just as an additional discipline in the company, on top of all the work we do organically.
And your next question comes from the line of Gray Powell from Deutsche Bank. Go ahead, please. Your line is open.
Great. Thanks for working me in. I'll be quick. So, at the Analyst Day last year, you mentioned that if you're growing at a 20% pace, then operating margin should be in the 17% to 21% range. So, you just closed out a strong 2018, you guided 2019 to 20% revenue growth and a 23% operating margin, so should we be rethinking that medium-term margin framework?
Hi, this is Josh. No, we're not touching that medium-term framework. I mean, right now, we're going into 2019 with a lot of momentum and we have visibility to how we're looking at the year. And, at this point, we're still looking -- we're pleased with the guidance we're able to give but we're not necessarily changing our medium-term outlook. We want to be prepared. We see a long runway of growth opportunity because of the greenfield opportunity and because of our install base that's still also with a long runway. So, we're not changing that.
And with that, I'd like to turn the call back over to Udi for some closing remarks.
Great. Thank you very much. I want to thank our customers, partners, and our dear employees who contributed to CyberArk's record results in 2018. Thank you, everyone, for joining our call today. Thank you.
This concludes today's conference call. You may now disconnect.