Hamza Fodderwala: Josh, actually a question for you on the guidance. I actually thought the guidance raise was better than expected in light of what we’re seeing, I think, in software more broadly. I’m curious, it’s Q1, it tends to be the seasonally slowest quarter of the year, and it’s early in the year. So, what’s giving you confidence to raise that ARR guide by the magnitude that you did, given what’s still somewhat uncertain macro environment?
Josh Siegel: Yes. Thanks, Hamza. I think it really starts with the demand environment that Matt talked a lot about already in the earlier questions and in his prepared remarks and that’s kind of generating the pipeline coverage and the demand generation that we’re seeing for the course of the rest of the year. And I think the other point is we’re well positioned from a go-to-market team and engine. Matt just alluded to the fact that we’re about where we are on quota reps and quota carriers. And just pretty much everything that we see coming out of Q1 coming — first of all, coming out of Q4 and then what we saw in Q1 and what we’re seeing in the pipeline going forward and the overall demand environment that we’re getting from the customer base, we’re confident on being able to raise the guidance across those metrics.
Operator: Your next question comes from the line of Adam Borg with Stifel.
Adam Borg: Awesome. Maybe just on the cloud, it’s great to see the continued traction with Secure Cloud Access. And as we think about kind of the cloud opportunity more broadly, we often hear about either Kim or ITDR. I was hoping you could talk more about how you think about these adjacent cloud identity security markets as opportunities for CyberArk over time?
Matt Cohen: Yes. Thanks, Adam. So, we are — and you’ve all heard me talk about this opportunity of how we secure access to the cloud. And just to start with, that goes across of the identity groups that I was describing. The traditional IT users are increasingly having to access not only on-prem targets, but also cloud assets and cloud environments. And we need a — what would be considered a traditional PAM tool that’s able to actually manage those hybrid environments effectively or secure those hybrid environments effectively. And so, our ability to be able to take SCA and blend it in within our identity security platform, is a key component part of actually how we’re staying ahead in securing IT users. Then there is this new population of developers out there.
And these developers are hired at an exponential rate. And generally speaking, they’re higher to go innovate. And once they start innovating, they’re scaling up cloud environments, they have unfettered entitlements and access. And that is just not sustainable and organizations are understanding that they need to put in place controls in the cloud. So, our SCA solution, which allows for zero standing privilege, which is a unique approach. No privileges are assigned until the point of access allows us to be able to go in and talk to customers about securing that developer population, allowing them to use native tools and applying security controls at the point of access. So that’s a way of building up then to your question, which is, all right, what is the differentiation here?
And how do these other markets play in? When you start to think about CIM, when you start to think even about IT, it’s about really understanding or discovering what’s going on. It’s even, in some cases, about mapping entitlements versus targets. And we have a place to play in those areas. But the major place we play at CyberArk is an enforcement and in controls. And ultimately, once you discover, once you understand you have to control and our SCA solution is a light touch, easy to deploy security first tool we can apply for controlling privilege access and privilege access specifically as people try to access the cloud. So that’s just a little bit more background on it. I think it’s an opportunity for us to be able to differentiate this cloud access market from some of the other areas that you were describing.
And of course, our ability to be able to bring that into the overall platform is what sets us apart.
Operator: Your next question comes from the line of Roger Boyd with UBS Securities.
Roger Boyd: Great. I do want to go back to Joe’s question just on the guide. But regarding the duration tailwind that you’ve seen term license over the past two quarters, any color on what’s driving that higher? And Josh, can you just clarify what you’re expecting from a duration perspective throughout the rest of the year and how that might be impacting the different updates to the revenue and ARR guidance?
Josh Siegel: Yes. I don’t think that there was any one — there wasn’t a trend of it driving higher. I think we saw, though in the first quarter, it go up by a few months, and it contributed about just about $3.5 million in tailwind on the revenue side for the quarter. And I think when we look at it kind of overtime and kind of as we look into the pipeline, we kind of see it dropping down again by a couple of months, but it’s going to move around between the 20 and the 23-month range.
Matt Cohen: I think the bigger point on the look forward really is this idea that Josh hit on earlier around what do we see in the mix when we look into Q2, Q3 and Q4. And when I analyze the pipeline, which unfortunately I still do, as Josh and I have great sessions around that. We try to understand what is it shaping up. And with all of our new products coming into play, which are SaaS only, and then where the market is moving, we see the mix of SaaS really stepping up in the quarter and in the out quarters for the year. Now we’ve taken that into account in our guide. And even with that, we’ve been able to raise our revenue outlook for the year. But it is a pretty substantial shift in our pipe towards SaaS.
Operator: Your next question comes from the line of Andrew Nowinski with Wells Fargo.
Andrew Nowinski: I want to talk about the U.S. federal market. You mentioned you have FedRAMP high status for EPM and PAM now. I guess first, how is demand in the quarter? And then second, has that FedRAMP high status opened up a larger pipeline with new agencies that you can now sell to? And are they also purchasing SaaS or more on-prem?
Matt Cohen: Yes. So, I think when we think about our FedRAMP, let me first clarify, what we announced was FedRAMP High for EPM and for our identity products. And why did we start there, by the way, versus starting with PAM. It was because we only have SaaS versions of those products. So, in order to even be able to sell into the federal government with Identity and with EPM, we needed to be FedRAMP. We believe in the market opportunity. That’s why we went and did the heavy lift process, not just to get through FedRAMP but to get to FedRAMP High. That opens up not just the civilian side, of the federal market, but also the DoD side and frankly also helps us at the state level with the state side of the government organization.
We are very bullish and optimistic of our ability to bring EPM and identity into those markets. Now, we have an existing book of business with PAM on-prem that we’ve had for many years. We have invested in the on-prem certifications. We now are investing as well in PAM FedRAMP certification, and we’ll get to that in the time ahead. But in the meantime, we believe that one of the biggest industries or verticals that are being attacked is the government. It’s being attacked at the federal level, it’s being attacked at the state level. And our ability to be able to institute core security controls like I’m describing, lock down the end points have a bigger version of — or bigger story of identity beyond MFA SSO, allows us to be able to capture a bigger piece of the market in the federal space, which we’ve done well successfully so far in our history, but we think it’s an opportunity for investment and growth in the quarters and years ahead.
Operator: Your next question comes from the line of Ittai Kidron with Oppenheimer.
Ittai Kidron: I have two questions, maybe I’ll shoot them all at once. First for you, Josh, on the booking, can you just give us a little bit more color there on how much of that duration, new customers, expansion activity stronger than you expected, the mix of products there? Any color would be great. And Matt, going back to the point you mentioned to the question of complementary EPM being complementary to EDR. It is complementary today. But clearly, more and more of your portfolio right now is at the edge. I would think the browser. I think about that as an edge product as well. And so, as you’re moving closer and closer to the edge, can your EPM product evolve into an EDR-like product and be competitive with an EDR solution?
Matt Cohen: Sure. And I may take both just in the interest of time to move us along, but the questions. So, on the first front, when we look at the bookings performance in the quarter, remember, bookings has nothing to do with duration. So, the duration just wanted to be transparent. It was a bump up in the quarter. It’s about $3.5 million of contribution around revenue. But it’s not a contributing factor to the strength of our overall business. The strength of our overall business is based upon continued growth across the entire portfolio. We continue to see ARR just grow really strongly for each piece of the platform. Now I highlighted in the call kind of particular strength in the secrets management business, and I’m very excited by that because that, again, is showing our ability to compete effectively as a security sale in the machine identity space.
So, I would highlight that. I would also highlight, as we talked about earlier, our ability to be able to go back into the base and expand customers beyond PAM or securing IT into new areas like securing developers or our ability to be able to go compete effectively in the quarter around workforce and our differentiated workforce solution. So, across the board, I can point to the entire portfolio, talk about strong bookings and that kind of comes from that overall approach. Remind me again of the second question?
Ittai Kidron: EPM into EDR.
Matt Cohen: So, on the EPM side, I think we are very comfortable with our definition of identity security. Our definition for these four different identity groups, our ability to be able to be the control point and our ability to be able to apply privileged controls across those. And just like I think that EPM is a complement to EDR. I’m very respectful of the EDR businesses that are out there. I go to customers, and I tell them all the time, yes, they ask me, should I spend money on next-gen EDR and I say, yes. It’s a good security control to have in place. And a lot of them have the right security first mindset and how they approach it. But I think there’s plenty of space for us to carve out with the least privilege and privileged control side of the end point.
And by the way, when you talk about our browser, you’re talking about the same thing, the idea of an identity-centric security control-focused browser that can integrate into our identity security platform. And I think there’s plenty of growth ahead of us without having to go into the larger EDR market.
Operator: Your next question comes from the line of Shrenik Kothari with Baird. Your line is open.
Shrenik Kothari: Matt, the follow-up on the secular browser GA looks very timely. As you said, addresses the growing demand for [indiscernible] market and designed to go beyond just log in, harvesting and browser products. One, this comment you made was you believe the browser will not only enhance security, but also drive adoption of all the other solutions. I know it’s still early days, but the market seems to be moving quite fast. So just curious, are you already kind of seeing signs or the browser is seeing differentiated becoming a landing point and driving demand for other solutions? And then just a quick follow-up on Azure.
Matt Cohen: Sure. So, I think just to ground everybody in the release, So when you go into the CyberArk secure browser, you are able to, obviously, from a security control perspective, browse freely with a cookie-less browsing with password replacement with other security controls built right in, and it’s designed for the privileged users to be able to get to other targets within the enterprise much, much more securely. And it kind of locks down and stops one of the most important or most difficult attacks to be able to protect against, which is post-session authentication hijacking. So, we look at it and we pitch it from that perspective, and it is a really nice security story. But underneath that, it is really a gateway and an easy navigation into our identity security platform.
When you go into the browser, you’re presented with a copilot that allows you to be able to access your single sign-on tiles. It allows you to be able to access your infrastructure targets, traditional targets for PAM users. You can go and write from the browser right from the main screen, you can get into your cloud service providers’ portals into the back-end micro services. and you can actually do things right in the browser that you would normally have to go into the back-end platform to go do. So that creates a much easier path for users and administrators to be able to leverage and use the platform effectively. So, when we look and we talk with customers and all the customers that have been using the product when it was in limited release, they start to see this improved pathway of usage, removing the friction of user access in the PAM space and allowing for total integration into our workforce tools.
Shrenik Kothari: Got it. Super helpful, Matt. And just quickly on the Azure marketplace. You mentioned about a seven-figure deal that you guys, kind of won aligned with PAM EPM and kind of flow through this new route to market. Can you talk a bit about go-to-market motion and kind of any sense about the relative size or mix or incremental trends around this marketplace motion?
Matt Cohen: Sure. And I think you’ve heard us talk in the prior quarters about the idea of — we believe that one of the upside opportunities for us is to continue to exploit new routes to market. You’ve heard us talk about that in the context of the MSP program, the launch of our MSP console, our ability to be able to actually leverage new channel partners go down market with distributors, continue to push on our SI partnership and our SI relationship. So, you see, overall, we’re investing in enabling and building stronger partnerships. One of those new routes to market is our marketplace. And you’ve heard us talk about the AWS relationship that we’ve built and continue to drive on to allow for frictionless buying to leverage the AWS sales force and then to be able to be part of the dollars that sit out there for marketplace purchases.
And it’s been a great lubrication in the sales cycle. In this quarter, we highlighted the deal that you mentioned, which went through the Azure marketplace. We’re earlier days from that perspective for sure. But it speaks to the overall marketplace opportunity as a buying vehicle and as a co-sell motion that can help drive our business forward.
Operator: That concludes our Q&A session. I will now turn the conference back over to Matt Cohen for closing remarks.
Matt Cohen: Thank you. And I want to go back as we celebrate our 25th anniversary to think about the fact that CyberArk is laser focused on driving innovation and delivering value to our customers. An achievement we owe to the hard work and dedication of over 3,000 CyberArkers today as well as our partners around the world. We are in an amazing vision as the leading identity security company that is built to last and thrive for at least another 25 years. We look forward to welcoming many of you at our Impact customer event in just over two weeks. Thanks for joining the call today.
Operator: Ladies and gentlemen, that concludes today’s call. Thank you all for joining. You may now disconnect.