Feb 10, 2014
Executives
Don McCauley - CFO Philippe Courtot - CEO
Analysts
Phil Winslow - Credit Suisse Matthew Hedberg - RBC Capital Markets Saket Lala - JPMorgan Rob Owens - Pacific Crest Securities Steve Ashley - Robert W. Baird Eric Suppiger - JMP securities Michael Kim - Imperial Capital Sanjit Singh - Wedbush Securities Fred Ziegel - Topeka Capital Markets Robert Tabriz - Sterne Agee Capital Markets
Operator
Good day everyone, and welcome to the Qualys’ Fourth Quarter 2013 Investors Conference Call. This call is being recorded.
At this time, all participants are in a listen-only mode. Later, we will conduct a question-and-answer session and instructions for asking a question will be given at that time.
I would now like to turn the call over to Don McCauley, CFO of Qualys. Please go ahead sir.
Don McCauley
Welcome to the Qualys fourth quarter and full year 2013 investor conference call. I'm Don McCauley, CFO and I’m here with Philippe Courtot, our Chairman and CEO.
Before we get started, we would like to remind you that during this call management expects to make forward-looking-statements within the meaning of the federal securities laws. Forward-looking statements generally relate to future events or our future financial or operating performance.
Forward-looking statements in this presentation include, but are not limited to statements related to our business and financial performance and expectations for future periods; our expectations regarding capital expenditures, including investments in our cloud infrastructure; and our expectations regarding the introduction of new solutions and enhancements to existing solutions Our expectations and beliefs regarding these matters may not materialize and actual results in future periods are subject to risks and uncertainties that could cause actual results to differ materially from those projected. These risks include those set forth in the press release that we issued earlier today, as well as those more fully described in our filings with the Securities and Exchange Commission, including our quarterly report on Form 10-Q that we filed on November 7, 2013.
The forward-looking statements in this presentation are based on information available to us as of today and we disclaim any obligation to update any forward-looking statements, except as required by law. I’ll also remind you that this call will include a discussion of GAAP and non-GAAP financial measures.
The non-GAAP financial measures are not intended to be considered in isolation or as a substitute for results prepared in accordance with GAAP. A discussion of why we present non-GAAP financial measures and a reconciliation of the non-GAAP financial measures discussed in this call to the most directly comparable GAAP financial measures are included in our earnings press release that is available on our website.
Now to begin the discussion, Philippe will provide an overview of the Company's performance for the fourth quarter and full year 2013 and I will cover our financial results and factors that drove the quarter and the year in more detail, as well as our outlook for the first quarter and full year 2014. Then we will open up the call for your questions.
With that, I will now turn the call over to Philippe.
Philippe Courtot
Thank you Don and welcome to all of you that are joining us on the call today. The fourth quarter of 2013 was a very solid quarter for Qualys, and a year with strong progress in all aspects of our business.
While Don will cover the financial details of our performance for the fourth quarter and the year, let me first start out by providing you with an overview of key highlights that are driving strong momentum in our business. In 2013 our total customer accounts grow to over 6700 across more than 100 countries.
In the fourth quarter we added many new noteworthy accounts including Carlsberg, Catholic Health, Cielo, Davis Polk & Wardwell, Gazprom, Hearst Corporation, State of Ohio, Oshkosh, Royal KPN, J Sainsbury, Scotts Miracle-Gro, Stanford University and Starwood Hotels & Resorts. While our Vulnerability Management Solution remains the largest component of our business, we continue to make meaningful progress in diversifying our revenue base.
We derived 84% of our 2013 revenue from subscriptions to our VM solution, which continues to grow well, compared to 87% of revenues for 2012. This continued diversification of our revenues is principally due to increased sales of our Web Application Scanning and Policy Compliance solution, both of which continue to show strong growth.
As you know, we are still in the early days of selling additional solutions into our customer base that was for the most part being on our Vulnerability Management solution. In fact we’re making very good progress with inserting new solutions into our customer base.
We’ve progressed from a year ago when only 20% of our customers had both more than one solution from Qualys to the point where 30% of our customers have adopted more than of our solutions. We continue to see strong demand for private cloud platform with revenue growth for multiple customers and partners worldwide.
In Q4, we have added successful installation at Royal KPN in the Netherland, Infosys in India and a large financial institution in the U.S. Our Private Cloud Platform leverages virtualization technologies, allowing us to install our entire QualysGuard Technology stack on a VCE Vblock within our customers or partners datacenters to use QualysGuard suite of security and compliance solutions while keeping the data within their premises.
We continue to make significant technological advancements in our cloud platform and we’re very excited to introduce at the upcoming RSA Conference later this month new Continuous Monitoring Solutions for the perimeters while these groundbreaking technology allows customer to continuously assess the security of their Internet facing systems and application and be alerted when a new vulnerability misconfiguration or network anomaly is discovered. We strongly believe this is the new paradigm for vulnerability management as it empowers customers to take immediate action for mitigating vulnerabilities that can lead to cyber-attack.
While releasing our Web Application Firewall or WAF for general availability on Amazon EC2 as well as for on-premise deployments on VMware’s virtualization platform, QualysGuard WAF is delivered via our cloud platform integrated with our Web Application Scanning solution. The solution combined allows customers to more rapidly deploy robust security for their web application while minimizing administrative efforts and costs thanks to the centralized cloud-based management capabilities of our solution.
We also partnered with SANS and a Council on CyberSecurity to release a new free service helping organizations to quickly determine if the PCs in their environment have properly implemented the Top 4 security control, which the Council on CyberSecurity estimates and - can a company prevent 85% of cyber-attacks. This is the latest necessary of premier services that Qualys is using in its 2014 marketing campaign.
We are on track with a new innovation, while making to the Qualys platform including the cloud agent and the advanced malware detection and protection service with a goal to release this new offering in beta later this year. I would also like to take a moment to discuss key strategic alliances and partnership that we have announced recently, notably the partnership we mentioned was announced that there will be end of life with previous Vulnerability Management solution and transition customers to Qualys.
Similarly we signed an agreement with PathDefender, the new operating entity for McAfee Secure Seal to migrate it services to vulnerability management, web application scanning, malware detection and PCI compliance to Qualys. We expect these new channel partners to help expand our reach into new markets and sell Qualys solutions to the customer base.
We also expanded our partnership with Accuvant, which announced a managed vulnerability management solution powered by Qualys. We believe that these partnerships exemplify a shift in the consulting industry while now moving through the cloud and offering security in compliance services on a continuous basis.
Given our strong momentum throughout 2013, while beginning to realize the benefits of our investment and building a security and compliance cloud platform upon which we can deliver enhancements and new solutions and we believe that our cloud platform will continue to play critical role in enabling Qualys to stay ahead of our competition. Now for a review of our financial performance and our guidance, I will now turn the call over to Don.
Don McCauley
As Philippe said, we finished 2013 with strong momentum and this will be evident as we review the results and metrics. Revenue grew in the fourth quarter to $29 million, which represented 18% growth over the same quarter last year.
Full year 2013 revenues also grew 18% to $108 million. For the full year the U.S.
represented 70% of revenues, compared to 68% in 2012. Moving down into revenue growth for the full year 2013, total revenues grew by $16.5 million.
Revenues from customers’ existing at or prior to the beginning of the year grew by $8.7 million in 2013, compared to $7.8 million last year on a same basis. Revenues from new customers that were added in 2013 contributed $7.8 million to 2013 revenue growth, compared to $7.4 million in 2012.
As you can see from these numbers, Qualys continues to have a balanced approach of growth coming from new as well as existing customers. Fourth quarter bookings, which are revenues for the past four quarters plus the change in current deferred revenues over a period were $119 million at December 31, 2013, compared to $101.2 million at December 31, 2012.
This increase of $17.8 million represented a year-over-year growth of 18%. As we discussed in last quarter’s call, we are opting to move away from reporting of the fourth quarter bookings metric as it is less indicative of bookings progress since 90% of the metric is comprised of the revenues of prior periods.
So this will be the last time that we report this metric to you on our quarterly update. Instead we find a change in deferred revenues to be more straight forward indication of bookings progress, and these accounts showed good growth at December 31, 2013.
Current deferred revenues are 19.5% greater than one year ago and total deferred revenues are 17.3%, net of the comparable figure last year. GAAP gross profit increased to $22.5 million in the fourth quarter of 2013, compared to $19.7 million in the fourth quarter last year.
GAAP gross margin was 78% for the fourth quarter of 2013, compared to 80% in the same quarter of last year. Very similarly, non-GAAP gross profit in the fourth quarter increased to $22.6 million, compared to $19.8 million in the same quarter last year, non-GAAP gross margin was also 78% in the fourth quarter compared to 80% in the same quarter last year.
For the full year 2013 GAAP gross profit increased to $83.3 million, compared to $73 million in 2012. And the 2013 GAAP gross margin was 77% compared to 80% in the prior year.
Non-GAAP gross profit increased to $83.7 million in 2013, compared to $73.3 million in 2012 and non-GAAP gross margin was 78% in 2013, also compared to 80% in 2012. As we have discussed previously, these decreases in gross margin percentages are due to the increased depreciation resulting from a higher level of capital expenditures to support the growth of our infrastructure for new solutions and functionality we are developing as well as the expansion to our data centers in the U.S.
and in Europe. Adjusted EBITDA for the fourth quarter of 2013 increased by 1% to $4.5 million compared to $4.4 million in the fourth quarter of 2012.
As a percentage of revenues, adjusted EBITDA decreased to 15% in the fourth quarter of 2013, compared with 18% in the same quarter last year. For the full year 2013 adjusted EBITDA increased to $17.4 million, which was a 26% increase over the $13.8 million achieved in 2012.
As a percentage of revenues adjusted EBITDA increased to 16% in 2013, compared to 15% in 2012, demonstrating another year of solid progress and profitability even while we continue to make strong investments in our business. Moving on to earnings per share.
For the fourth quarter of 2013 GAAP EPS was $0.00 per diluted share versus $0.03 per diluted share in the fourth quarter last year and non-GAAP EPS was $0.05 per diluted share in fourth quarter of 2013 compared to $0.06 per diluted share in the fourth quarter of last year. For the full year 2013, GAAP EPS was $0.05 per diluted share, compared to $0.08 per diluted share in 2012.
Only thing to point out here is that the full year share count for 2012 is much lower than 2013 due to the issuance of our IPO shares on October of 2012. So, GAAP EPS only appears to be lower than last year.
GAAP net income attributable to common shareholders was actually much higher in 2013 than in 2012 as you will see when you review our income statement. Non-GAAP EPS was $0.20 per diluted share in 2013 equal to the $0.20 per diluted share in 2012.
Turning our focus to balance sheet, we continue to have a strong cash position with $133 million in cash and investments and $800,000 remaining of capital lease obligations. In fourth quarter of 2013 capital expenditures were $3.3 million, compared to $3.1 million in the fourth quarter of 2012.
So, capital expenditures were $15.7 million compared to $11.2 million in the prior year. And just to repeat our previously stated intention, we plan to average approximately $3 million per quarter in capital expenditure spending in 2014 as we continue to expand our cloud infrastructure to support more customers and add more solutions and functionality to our platform.
Now turning to our outlook for 2014, starting with revenues, for Q1 of 2014 we expect revenues to be in the range of $29.3 million to $29.8 million. At the midpoint this represents 19% growth over the first quarter of 2013 revenues.
For the full year 2014, we expect revenues to be in the range of $128.5 million to $130.5 million. At the midpoint this represents 20% growth over 2013 revenues.
Earnings per share, we expect GAAP EPS for the first quarter of 2014 to be in a range of negative $0.06 to negative $0.04 and non-GAAP EPS is expected to be in the range of $0.01 to $0.03. Our first quarter EPS estimates are based on approximately 37 million weighted average diluted shares outstanding.
For the full year, we expect GAAP EPS to be in the range of negative $0.06 to negative $0.02 and non-GAAP EPS to be in the range of $0.22 to $0.26. Our full year EPS estimates are based on approximately 37.4 million weighted average diluted shares outstanding.
With that Philippe and I would be happy to answer any of your questions. Operator.
Operator
Thank you. [Operator Instructions].
And our first question comes from Phil Winslow from Credit Suisse. Please go ahead.
Phil Winslow - Credit Suisse
Just have a question on the cross-sell. Obviously you guys have been increasing cross-sell but when you look at just the go-to-market right now, whether it be your channel partners or direct sales guys, how do you feel from an infrastructure standpoint, [indiscernible] blocking and tackling to go out and actually sell this product portfolio and then when you look at 2014 and the guidance that you are giving, what’s really kind of standing out to you as far as the incremental above VM that’s driving the growth?
Don McCauley
We continue to see more movement to the channel on our business. In fact we had done 40% channel business in 2012 and we are still hovering right around there.
So channel business continues to be very strong here. We continue to see really strong performance from both policy compliance and web app scanning, policy compliance more on the enterprise side, web app scanning spread throughout the customer base and also we have got hundreds of new customers who have come aboard on Qualys with their first product being web app scanning.
So it’s become a new landing point. That’s continued nicely in Q4.
So we just see continued progress and as Philippe mentioned with like Accuvant and the McAfee announcement mentioned that more and more of these partners are shifting to Qualys and like with Accuvant especially setting up whole services powered by Qualys and bringing that to their customers using our infrastructure.
Philippe Courtot
Yes. And I will add one thing to this and at the same time also what we see is that we are trying to do deals which are more sizable than historically.
In fact companies can come and buy the entire suit of solution which naturally increases the average deal size. So that’s the trend that we see continuing very much.
Operator
Thank you. And our next question comes from Matt Hedberg from RBC Capital Markets.
Please go ahead.
Matthew Hedberg - RBC Capital Markets
Yes, thanks for taking my questions. I am curious about the demand environment across the Americas and Europe and then maybe as a follow-up, since it’s a competitive environment there have been few other announcements made from some competitors.
Kind of curious about your thoughts there?
Philippe Courtot
Which competitor announcement are you referring to?
Matthew Hedberg - RBC Capital Markets
Well, there has been announcements in some of the other cloud based web application firewall markets and [indiscernible] were making some news recently, there is some news in the private company space as well.
Philippe Courtot
Okay, so let me then answer the question in two parts. As far as the first one in term of the growth, what do we see today is that Europe is I would say doing well now.
We went through a difficult time in Europe. This is behind us.
The big difference here is that within U.S. the size of the deal in the U.S.
is being -- we’re doing now bigger deals in the U.S. S the weight of the U.S.
now is becoming bigger. We of course anticipate that we will see the same phenomenon in Europe next year or the year after as always Europe has this tendency of lagging about a year behind the U.S.
And as far as the competitive announcement I think what is very unique with our web application scanning, so we see again VM, essentially continue growing very strongly. We are becoming more and more, the market.
In fact at the very high end of the marketplace, we’ve 60% plus of the market. So we’re becoming the market in VM, and as far as the policy compliance and the web application scanning specifically, we continue seeing very strong growth and if you look at the web application, what differentiate us today are the web applications power side, the fact that we can bring, we can scale with web applications scanning, meaning that we can identify and scan essentially all the web application that a corporation has as we mentioned I think earlier on the previous call that a web -- for a large company scanning 5000-6000 web application on a weekly basis and now we’re, whether we can control, which is about to go GA, differentiates from these other more traditional solutions is the fact that we can scale firewall, all the probabilities and essentially providing alternated mitigation.
This is very [indiscernible] in testing our engine very much to ensure that we minimize the number of possibility which is really the enemy of security and therefore because we can scan all of these applications at the scale that nobody else can today in the marketplace, I think our web application is very well positioned and since we’re going to bring that to [indiscernible], we’re going to see the adoption and so forth in the months to come.
Matthew Hedberg - RBC Capital Markets
That’s great and then maybe one for Don. Curious how many sales reps you ended up adding in the quarter?
I think you were targeting maybe about a 125? And maybe how should we think about that for 2014.
Don McCauley
We came close. We finished at about 123 net and we’re looking to increase that by 25 to 30 during this year.
Operator
Thank you. And your next question comes from Sterling Audrey from JPMorgan.
Please go ahead.
Saket Lala - JPMorgan
It’s Saket here for Sterling. Don how should we think about some of the new products you’ve spoken about contributing in 2014 - to 2014 revenue, and which of them do you think could make the biggest contribution qualitatively?
Don McCauley
We have two products that will be released later this month, at RSA, continuous perimeter monitoring and web application firewall. They both have terrific potential.
It’s really hard to project these things and it’s not like I know the answer and I’m not telling you. There’s really no way to gauge exactly what the pace of progress will be.
We’re all optimistic we could grab products for the customers. We have very good at deployment -- but it’s very -- there’s really no way for me to give you a real insight as to what we think the take or break would be on those products.
Philippe Courtot
And then we add you know the continuous monitoring, I think this is a really ground breaking and a change on the VM side. In order for use, you must now today look at continuously at your perimeter because that’s what the hackers are doing.
We’re already a very strong presence with our customers, providing them with the ability to continuously monitor their perimeter, which by the way that perimeter is not anymore your corporate servers et cetera. It’s everything which is internet facing, everything in your corporation which touches the internet, whether it’s your browsers, whether it’s your application you have on Amazon, whether it’s off course all of your corporate servers, it’s also all your web application which are touching the internet.
So Qualys being essentially today the only company which has a cloud infrastructure to address that. I think that puts us in a very strong position, we’ve already large customer base and in addition we bring now the new metaphor that allows us to essentially immediately alert the security people and the operation people, like for example if an FTP server which is supposedly not allowed accidently appeared on your perimeter which is an indication that something is really wrong, somebody may be trying to access private data or just an operator mistake that suddenly that FTP server suddenly became visible.
So that I think is a very big game changer, that builds on the Qualys strength that we already have and of course as I mentioned earlier, when I look at the web application firewall, that web application firewall builds on the strength of our web application scanning.
Don McCauley
Saket, just one another thought on continuous perimeter monitoring. Qualys is according to IBC the number one vendor in device vulnerability with about a 14.9% market share, which means that there is 85.1% market share that we have not yet enjoyed and continuous perimeter monitoring could be an exciting new landing point for companies who are really trying to, struggling with, always checks on their perimeter with a much easier to deploy solution to specifically address that problem, even if they hadn’t previously signed up for maybe the entire corporate vulnerability management program.
Saket Lala - JPMorgan
That’s really helpful. Just for my follow-up if I can; as continuous monitoring and WAF ramp up, do you sort of see them changing your kind of core gross margin profile?
Are they roughly similar to the vulnerability management business?
Philippe Courtot
Exactly the same from our point of view. Remember, we’re a software-as-a-service, no installed software.
We don’t sell hardware. So it’s really -- from a business model point of view, it’s more of the same.
Operator
Thank you. And our next question comes from Rob Owens from Pacific Crest Securities.
Please go ahead.
Rob Owens - Pacific Crest Securities
I wanted to focus a little bit on new customer acquisition. If I look at your customer count in ‘13 versus ‘12 and then ‘12 versus ’11, it seems like you added more customers in 2012 than you did in 2013.
So, I was just wondering where is the focus? Is that metric correct and what’s going on, on that front to drive new customer acquisition?
Don McCauley
Rob, I think it was pretty close. I’m not sure which numbers you are looking at but we finished at 67, over 6700 [ph] and we were over 6,000 to start the year.
And I think that was within 50 or 75 of the prior year. We didn’t see a big difference in this year versus any other year, not a meaningful change.
Rob Owens - Pacific Crest Securities
And then second from a VM perspective, you mentioned your kind of mid-teens market share. How can you accelerate that and if we look at the growth of the VM business and that in to ‘14, would you expect it to stay about the same, is there a chance of increasing or will it decrease just given the size of the numbers?
Don McCauley
Our VM market share of the vulnerability marketplace obviously, it should definitely increase. We have been increasingly historically because every competitor of ours is selling on on-time [ph] enterprise software and there is a lot of it to replace.
And you see trends here with Lumension, McAfee Secure Seal, these guys are migrating now to Qualys, using Qualys but also there is continuous perimeter monitoring we think could be the, in one respect the first rejuvenation of vulnerability management in 10 years with a very topical, easy to deploy product that only Qualys can sell because you need a cloud platform to effectively, as Philippe was saying, to scan everything that touches your perimeter effectively, having a cloud platform is really the way to go. So we think that could --we haven’t seen a stimulating new product in vulnerability management in a long time.
Philippe Courtot
Yes, and also to add to what Don said is that you see also that with Accuvant that the traditional channels in security, considering an organization such as Accuvant start to realize that’s really bringing a more automated managed security solution is really what they need to do instead of reselling preferential parts of a solution. So, you see - I’m anticipating that we will see more and more of these traditional channels realizing that they are much better off from the business product standpoint try to present these kind of cloud based vulnerability management services, and therefore helping us to replace faster these existing enterprise software solution.
Operator
Thank you. And our next question comes from Steve Ashley from Robert W.
Baird. Please go ahead.
Steve Ashley - Robert W. Baird
I think I would just say housekeeping question. Don you mentioned on the call that a percentage of revenue from the Americas was 70% for the full year.
Do you know what that metric was in the fourth quarter?
Don McCauley
No, I don’t see.
Steve Ashley - Robert W. Baird
Okay. And my next question had to do with the web application firewall.
When you launched web application scanning several years ago, it took a while to iterate it, to harden it and to get it really where it is today, where it is not throwing off false positives, it took a while to iterate in the public market before it really saw traction. To look at web application firewall, is your expectation that that will mature and be ready, hardened at a faster pace than web application scanning might have been?
Philippe Courtot
Good question. So in fact two things.
If you recall, I mentioned I think in one of the earning call that we did learned our lesson. So we are not rushing to put products into GA until we have had enough proof to ourselves that we are doing maturely from security standpoint.
So, this is what we have done with the WAF. The second thing, one of the biggest challenge that we had with web application scanning is the scale at which we wanted to deal the solution like scanning, tens of thousands of application with very positive is not something that you do overnight.
On web application, the problem if different. We have much lesser that scale issue because we already have the platform.
And here what happens is that as long as we identify the vulnerabilities and we can essentially create the [indiscernible] essentially to block to get impact so you should refer these vulnerabilities. So we have much less of a scalability challenge here than we had with the web application.
And again, and we’re here building from an existing while really becoming existing customer base which have already adopted web application scanning. So it’s very natural to go to the next step.
When in the past the web application scanning was some kind of a new modality that we’re bringing on customers which really like our VM solution but they were using already other tools for the web application scanning.
Steve Ashley - Robert W. Baird
And then lastly you added to your management team with Ann Johnson and that looks like a really nice hire. I wonder if you could remind us a little bit of her background and who her direct reports will be and what her responsibilities might be within your organization?
Thank you.
Philippe Courtot
Sure. So Ann came in from RSA where she was running a $300 million business, their phone business and currently today who are focusing on to essentially the worldwide the field phase operation, including our SMB business as well as the customer support operation and that’s where the focus is and as we have done that, then we’re also expanding our management in marketing.
As you will see we’ll make soon some announcements. So, increasing the breadth of the management of Qualys is what we’re doing as well as the same time.
Operator
Thank you. And our next question comes from Erik Suppiger from JMP Securities.
Please go ahead.
Erik Suppiger - JMP Securities
Can you -- first off, can you just confirm was the web app scanning and the policy compliance, do they continue to grow at 50% or more rate year-on-year?
Don McCauley
Yes, they did.
Erik Suppiger - JMP Securities
Okay. How many of your -- how many private cloud deployments do you have at this point, can you tell us?
Philippe Courtot
Yes. I think we have 14, about 14 private cloud.
It’s going to pick up more. As you may recall we’ve been in the early days with our first generation which was not virtualized, we were very careful because there was much more listing [ph] to do but not today.
We’ve got fully virtualized, fully integrated solutions [indiscernible] VBlock [ph] is becoming significantly easier -- by the way much even more effort to package them, to make them almost like we create images and it’s done. So it’s a very good -- it's not technically necessary for customers but what it serves is a purpose of you can keep your data on premise and essentially have the credentials.
And it allows us to penetrate markets like was really more difficult to penetrate them before.
Don McCauley
And Erik the pace of our pipeline on these things is increasing as more and more interest in large customers and partners keeping data on prem and they see this as a very good solution.
Philippe Courtot
Especially abroad and also within large corporations in the U.S. which really then, in that case they have the advantage of having everything dedicated for them.
In fact as you may have read, Salesforce.com is has now essentially adopted that model they offer kind of, on the version dedicated version of their platform. So customers who want that could be hosted by Salesforce.com and then the key here is the same code base.
This is not another version of our datacenter. This is exactly the clone of our datacenters that I can deliver to your premise.
We have all the functionality, everything is the same and we have that will show us is we have only one good base to maintain.
Erik Suppiger - JMP Securities
Okay. How many if you have 14 at the end of the quarter, how many did you have at the beginning of the quarter, do you know?
Don McCauley
Well, we had three. We had three in the quarter, yes.
Erik Suppiger - JMP Securities
Okay. On the -- in light of the various cyber-attacks that we saw in the holiday season at the end of 2013, did that generate any incremental demand for you or customers looking at you as a way of protecting against APTs at all or how did you look at some of those attacks?
Philippe Courtot
So, it’s a very good question here. So two things first of all what it does is that increase significant interest in the continuous monitoring of the parameter because that’s the only way.
The first order of priority is to present the bad guy to come in. And of course it continues parameter monitoring with all the new functionalities we have, et cetera makes that solution ideal for that.
And then of course the second question is once they are in, how do you do to detect them again and that’s where you see the firewall [ph] essentially answering the question where we have been comprised and we don’t know about it. So this is a kind of a still very new market and in fact as we disclosed earlier we are building the solution around our platform to essentially provide the malware protection and detection so you can look at these indications compromise et cetera.
So we’re building that platform and we’re expecting to release that solution sometime this year to the market and that will address the second question of the APTs. But first if you don’t protect your perimeter, you don’t do the --identifying your vulnerabilities and doing something about it you’re going to be penetrated.
Then what is happening is that detecting the bad guys once they’re in, it is very, very difficult, and today all these solutions are that does exist, creates a lot of forcibility. We need to get a lot of consultants, forensic people.
It is not easy because that becomes very self and very sophisticated that evading detection techniques and you cannot really look at your entire network, today. It is not really practical.
So I’ll go with essentially provide a solution that like everything that Qualys does scale as low forcibility and is a real platform that consulting organization can really leverage.
Erik Suppiger - JMP Securities
Okay, and then in terms of your outlook, you gave a revenue outlook. Might we presume that your bookings outlook would track at least correspond with that or is there any reason why your bookings growth would be consistent with your revenue growth?
Don McCauley
No, there isn’t but we don’t forecast that.
Erik Suppiger - JMP Securities
Of course, okay, and last question. Can you talk a little bit about what kind of changes Ann Johnson is making or plans to make?
Philippe Courtot
I think this is a game. There is nothing really to change at Qualys fundamentally, at the same time except that accelerating our growth.
I think we have done a significant market penetration and so what needs to be done is do more of the same. These new products are going to make that easier.
So it’s about strengthening sales force with a fantastic customer report. So I think it’s essentially bringing more far fine power into the threshold.
That’s essentially why we hired her.
Operator
Thank you. And our next question comes from Michael Kim from Imperial Capital.
Please go ahead.
Michael Kim - Imperial Capital
So just following up on the expansion in private cloud; can you talk about if the Continuous Monitoring Solution for perimeter is applicable to Federal Cyber Security opportunities, especially now that we have a budget deal in place and how you might see opportunity to capture that, especially with some large programs for continuous diagnostics and mitigation with the Federal Civilian Agency? Thanks.
Philippe Courtot
I think that absolutely fits very well. The capacity, we have resistance as you know in the federal space, which we’re very slow at adapting the cloud, even though you nailed it, some very high level comments about it, but because of the procurement process, because of a lot of things, they’ve been very slow.
Today, if you look at your perimeter, if you are an agency, there is no other way then doing it from the Internet. So we’re eliminating essentially the barrier and continuous monitoring is exactly what we adopt to order.
So I think that puts us in a very strong position, already a very good strong performance in the federal space with the Security and Exchange Commission, the OCC and few others and of course that is now private cloud that we could essentially make more government if you prefer, ready. That also will increase our footprint.
So we just hired somebody to run our federal team, which came from Accenture and VHS, and so what [indiscernible] really prepared for much longer position in federal market.
Michael Kim - Imperial Capital
And then Don, one for you. With the strengthening in channel mix or mix from the channel, how do you see your relationship with Lumension or PathDefender and Accuvant starting to change or potentially changing the economics of the model, either in pricing or go to market?
Don McCauley
Well, I think it represents a potential shift of lots of their customers now on the Qualys platform overtime. And as far as shifting, fundamental shifts in the market are pricing.
I don’t see that yet but these are all good steps that show the power of what we’re providing and in some respects the futility of these other companies trying to continue to provide it on the old model.
Operator
And our next question comes from Sanjit Singh from Wedbush Securities. Please go ahead.
Pardon me, please check your mute button.
Sanjit Singh - Wedbush Securities
I had a quick question on McAfee, if there was -- how much of a competitor were they in the quarter notably in the management space, whether it’s in terms of market share or did they show a lot in competitors take off?
Philippe Courtot
Okay, so there is two things let separate. So McAfee has had two offerings on the vulnerability management space.
One, which was from the Foundstone acquisition, which was essentially the enterprise product which we have been competing since the very early days, I would say extremely successfully. We took most of the large accounts now.
We’re continuing displacing them. We don’t see them as much as a competitor anymore because the application is aged and enterprise software which is the salesforce.com versus Cybil [ph] system here.
And then that the other business which was called the McAfee Secure Seal where they acquired another company and I forgot the name of that company, which essentially was targeting to their low end of marketplace and merchants essentially providing that Secure Seal. And that’s the business that McAfee essentially spinned out, Intel in fact spinned out and now instead of relying on their vulnerability management backend that they have created, they are relying on Qualys and already the switch from their users has already taken place.
That essentially brings us into a marketplace where Qualys was not really there before, which was about -- they have about 300,000 merchants which are getting the Seal, which as we start to replace them, it give us of course a unique opportunity to excel them, additional services, continues monitoring [indiscernible] being a very obvious one. And of course this is much on the small merchant SME, SMB side.
Sanjit Singh - Wedbush Securities
And quick regards on to your investment plans for 2014, if you look at the guidance, the earnings per share, it was a little bit below what the street has it modeling. You can talk us about what areas you are investing in?
How much incremental investment or should we think about versus 2013?
Philippe Courtot
Sanjit as I mentioned in the headcount numbers, we’re stepping up our investment again in sales personnel. We added about 13 last year.
We expect to add at least double that this year, 25 to 30. So I would say that’s number one.
We’re also, as we introduce new products, we’re entering some new markets, so we get some increased marketing programs focused on things like firewall, eventually advanced malware and certainly the continuous perimeter monitoring, some of the marketing programs going on there. And a continued focus on R&D.
We’ve got numerous R&D teams focused on a whole host of new products and functionalities, including the ones we’ve discussed with you that are coming up this year but also ones that we’re working on for the future. So we’re still in heavy investment mode here, we got so many opportunities both in developing new products and bringing them to the marketplace.
That was a heavy year of investment for us.
Operator
Thank you. And our next question comes from Fred Ziegel from Topeka Capital Markets.
Please go ahead.
Fred Ziegel - Topeka Capital Markets
I’m curious when you talk to customers, is it a sense in terms of their IP budgets that particularly vulnerability management is a -- is that a line item or is it still something that you have to kind of fight the battle in terms their discretionary balance. And has that changed over the last year?
Philippe Courtot
Yes, I think the vulnerability management that was always that tension between patching and vulnerability management where you have a patch management system telling you don’t need to have vulnerability management because we do the patching and as long as we do the patching you are -- that's enough. Of course they were fighting for the dollars, but not today because of this scale issue.
The corporation has realized now that they need to know the inventory of what they are, they need to understand much more. Now vulnerability management in a way is starting to become a must, a very important part of the first thing you need to do, and I -- we personally believe that with the fact that when we’re changing vulnerability management from I scan, I analyze, I report to a much more dynamic solution, which is essentially you tell me what should be in that, what is a good environment, and then we will continuously monitor that environment and we’ll alert you when there is a change.
I think that’s a much more effective, much more action oriented metaphor and as we start with the perimeter first, we start to move the same product on the enterprise, the reason why we selected the perimeter first is because you have much data. And again as I mentioned earlier the perimeter is also the number one priority because that’s where you’re constantly attacked.
So you want to see the network exactly -- your parameter the way the hackers look at it. So that’s what I think is going to rejuvenate vulnerability management in making a much more palatable application, because then you can alert, move that into your sill and then you can essentially industrialize, operationalize vulnerability management.
Fred Ziegel - Topeka Capital Markets
Do you have any sense of whether there are any industry initiatives, I guess sort of like PCI that might be coming down the road to drive demand that perhaps isn’t there today?
Philippe Courtot
So there is one which is coming really very strong as we see to net fee income of that article of the New York Times, but if you look at what happened with Target, everybody knows now that what has happened is that an HVAC or HVAC system was in fact compromised by people essentially gaining the credential onto that system and then from there because that system was connected to the corporate network, it could go from there into the corporate network. So we see again all initials -- you are now to look at all of your point of entries.
And it’s going to become absolutely important for company to realize and to make sure not only identify if the current HVAC system is connected to their corporate network, which should be extremely careful about how the connection is if needed but then also monitor that continuously because again you don’t know. So, that’s another dimension which is taking place which will force you to look at the hygiene of your network, is it properly configured?
Is -- everything should be the way it should be and do that on a continuous basis. So, we personally believe that vulnerability management is going to become some of the thing that you absolutely want to do because if you don’t that, you expose yourself and no you can put as many firewall as you like and right and left; if your network is not properly configured, if you have vulnerabilities on that network, the bad guys will find a way to come in.
Fred Ziegel - Topeka Capital Markets
And don’t forget corporate refrigerator.
Philippe Courtot
Absolutely and with internet of things, where everything becomes now connected to the internet, there is going to be even more entry points. So, all of that has to be monitored and continuously and of course in order to do that you need to have an architecture that scale.
A network for example cannot just scale to that problem and that’s why you want to have to cloud, a cloud based architecture and then of course the advantage of the cloud based architecture is that you can put your sensors to monitor like today we secure our home. If you look at today the control that we have on our home about the temperature, who is coming, the pictures all that [indiscernible] home, then we need to do the same thing for our network and that what’s division of Qualys and I think we’re starting to really -- people start to understand that they need to embrace cloud solution because if not, they will never have the visibility and enterprise software doesn’t give you that visibility.
So, I think [indiscernible].
Fred Ziegel - Topeka Capital Markets
So in the internet of things, do you envision partnerships with the Silicon guys like ARM or Intel or Broadcom or [indiscernible]?
Philippe Courtot
Yes. That’s absolutely -- our priority today is to -- absolutely, but our priority is today is much more to try to partner with people which have the devices so we can create fingerprints so we can identify them, like identifying all of your HVAC systems that you may have connected to your network.
But for that we need fingerprints and you medical devices all these things which connects and this is where again we’re building from our strength today and then effectively as you very well say, there is more partnership opportunity because what Qualys does in addition to being capable of deploying sensors or looking at the signatures of sensors but we can also do - we have the cloud platform where we can correlate all that information and therefore make much more intelligent decision and this is exactly what we are starting to work with our cloud agent where we have now build these agents, where we’ve got hundreds of millions of agents in the world, not million, hundreds of million that beam up all the data relevant to the end points and then it’s the cloud which does all the computation, all the analysis to try to identify if there are suspicious devices here that we need to pay attention to.
Operator
Thank you. And our next question comes from Robert Tabriz from Sterne Agee Capital Markets.
Please go ahead.
Robert Tabriz - Sterne Agee Capital Markets
Philippe I was wondering if you could talk about, you talked briefly about some of the management changes here. Do you feel like you have your team build out here and they so, or if not I guess more importantly, where else do you think you need to make additions?
Thanks.
Philippe Courtot
Of course, as a company -- the company is frankly is growing much more than you may see from the revenues because remember we are pure service company. So in fact we are much bigger than we appear if you just look at the revenue.
So, of course you know we need to expand all management in quite a few direction and this is what we are doing. So we are for example now working to delegate some resources on the other corporate development.
So that’s an area where we need to absolutely add some headcounts. So, there are few places here where we expand the management to essentially have a broader reach, corporate development being one of them.
So, that’s what we are doing, essentially.
Operator
Thank you and our next question comes from Eric Suppiger from JMP securities. Please go ahead.
Eric Suppiger - JMP securities
Yes, Don, did you say what the contributions from the new services were in the fourth quarter.
Don McCauley
No. We talk about it on our year-to-date revenue basis.
Eric Suppiger - JMP securities
You’re not going to break it out on quarterly, is that right?
Don McCauley
Right. The trend has been moving about 300 basis points a year for two straight years.
So that’s been pretty steady pace.
Eric Suppiger - JMP securities
Okay. An then secondly, in terms of the guidance for the first quarter, it looks like the operating margin is coming down some.
Is that a function of gross margin or OpEx increasing?
Don McCauley
It’s a function of OpEx. It’s more sales, hiring in sales, more marketing programs and stepping up some R&D.
It’s all OpEx still.
Operator
Thank you. And I'm not showing any further questions at this time.
I would now like to turn the call back to Philippe for any further remarks.
Philippe
Thank you all for joining us today. We're pleased with our strong performance and continuing momentum in the marketplace as we begin 2014.
We believe that we are well positioned to deliver best of class security and compliance solutions to our customers and partners as we continue to expand our cloud platform and deliver more innovative solutions. If you have any follow up question, Don and I are available to you.
And we look forward to speaking with you next quarter. Thank you very much.
Courtot
Thank you all for joining us today. We're pleased with our strong performance and continuing momentum in the marketplace as we begin 2014.
We believe that we are well positioned to deliver best of class security and compliance solutions to our customers and partners as we continue to expand our cloud platform and deliver more innovative solutions. If you have any follow up question, Don and I are available to you.
And we look forward to speaking with you next quarter. Thank you very much.
Operator
Ladies and gentlemen, thank you for participating in today’s conference. This does conclude today's program.
You may all disconnect. Everyone have a great day.