SecureWorks Corp. (NASDAQ:SCWX) Q1 2025 Earnings Call Transcript

SecureWorks Corp. (NASDAQ:SCWX) Q1 2025 Earnings Call Transcript June 6, 2024

SecureWorks Corp. beats earnings expectations. Reported EPS is $0.05, expectations were $-0.01.

Operator: Good morning. My name is Emily and I’ll be your conference operator today. At this time, I would like to welcome everyone to the SecureWorks First Quarter Fiscal 2025 Earnings Conference Call. All lines have been placed on mute to prevent any background noise. A supplemental slide presentation to accompany the prepared remarks can be found on the company’s website. After the speaker’s remarks, there will be a question-and-answer session. [Operator Instructions] At this time, I would like to turn over the call to Kevin Toomey, SecureWorks’ Vice President of Investor Relations. Mr. Toomey, you may begin your conference.

Kevin Toomey: Thank you, operator. Good morning, and welcome to SecureWorks’ first quarter fiscal 2025 earnings call. Joining me today are Wendy Thomas, our Chief Executive Officer, and Alpana Wegner, our Chief Financial Officer. During this call, unless otherwise indicated, we will reference non-GAAP financial measures. You will find the reconciliations between these GAAP and non-GAAP measures in the press release and presentation posted on our website earlier today. Finally, I’d like to remind you that all statements made during this call that relate to future results and events are forward-looking statements based on current expectations. Actual results and events could differ materially from those projected due to a number of risks and uncertainties, which are discussed in our press release, web deck, and SEC filings, which you can also find at the Investor Relations website at investors.secureworks.com.

We assume no obligation to update our forward-looking statements. With that, I’ll turn the call over to SecureWorks CEO, Wendy Thomas.

Wendy Thomas: Thank you, Kevin, and welcome everyone. We reached a significant positive milestone with the close of first quarter. This moment was several years in the making as we executed against our strategy to transform our business from a pure play services company into a product led SaaS business as the foundation for long-term growth and success. We delivered on this transformation in our committed time frame while delivering even better security outcomes to our customers as a result. We are pleased to move past the financial headwinds from the sunsetting of our non-strategic lines of business going forward. Our Taegis business continued its strong momentum in first quarter as Taegis’ revenue grew 10% year-over-year to $69 million.

Taegis’ annual recurring revenue, or ARR, now stands at $287 million. And we delivered Q1 total revenue and adjusted EBITDA above our guidance ranges. It’s important for me to also recognize our progress on profitability. We continue to see further opportunities to benefit from the scale our business model offers, and we remain committed to delivering positive adjusted EBITDA for the full fiscal year. This quarter, we launched new Taegis modules and capabilities and announced major global partners. Importantly our unique open XDR-based approach is increasingly receiving accolades by the market. This quarter, we were recognized by Frost & Sullivan as a leader in the 2024 MDR Radar for our understanding of the industry, customer demands, and for taking a collaborative approach, positioning us as one of the most innovative companies in the space.

Our efforts have set us up to drive sustained growth with a business model that has a proven ability to scale, underpinned by our unique cloud architecture and advanced automation and AI capabilities. Specifically for first quarter, I’ll highlight several important results. We delivered expanding gross margins with Taegis gross margins improving 430 basis points year-over-year. We added marquee global partners who recognize the strength of Taegis in our security expertise and who further broaden our reach and expand our addressable market. We launched two Taegis modules. New products propel expansion and retention with our customers and allow us to further increase our industry-leading Taegis average revenue per customer of $145,000. With our other MSS business reaching end of life, we can be singularly focused.

All of our go-to-market and product development resources are focused on our go-forward business, with the opportunity to accelerate innovation even further through both add-on and native security products within the R&D envelope. To that end, we made two significant product advancements for our customers in first quarter. First, NDR, Network Detection and Response. For context, the dominance of cloud applications and hybrid workforces with the growing return to office have created a surge in network traffic, up over 20% in the last year. Adversaries are taking advantage of these increased volumes to lurk unseen and slip past cyber defenses. With threat actors obfuscating their behavior, legacy network controls, such as IDPs and firewalls are no longer able to keep pace nor offer sufficient protection against evolving adversarial tactics.

This quarter, we launched Taegis Network Detection and Response to help organizations protect against these threats. SecureWorks NDR closes the gap to detect network-based attacks and anomalous insider threats and comply with the ever-growing audit and compliance requirements. Taegis NDR furthers Taegis’ defense-in-depth approach with a full prevent, detect, and respond set of capabilities. The key differentiation of Taegis NDR lies in its design to add context to the detection of adversarial behavior and stop threat actors from traversing the network with no interruption to business traffic. NDR provides a complete picture of all internal traffic, not only moving between endpoints, but also traffic entering and exiting the network at the edge, with added visibility into hypervisor attacks, all managed centrally within the Taegis UI.

Endpoint solutions alone are not sufficient. Organizations often have operational control gaps or technology gaps where they cannot apply or deploy an EDR, leaving them vulnerable if they do not have an NDR in place. Taegis NDR simplifies security management by eliminating the burden of device management through a fully managed cloud offering with on-premise protection, saving customers time and resources that can be deployed elsewhere. And Taegis’ AI engine uncovers hidden threats with AI-powered behavior detection, and NDR goes beyond detection to prevention, automatically blocking threats in real time, blocking nearly 1 million threats per month and preventing 99% of malicious activity identified across all network traffic. The second product advancement that I’ll highlight from first quarter is squarely aimed at solving one of the most entrenched pain points in cybersecurity, protecting against software vulnerabilities.

As our Counter Threat Unit’s recent State of the Threat Report documented, software vulnerabilities remain one of the largest risk factors for organizations, representing a third of initial access by threat actors in successful breaches. Organizations are faced with an overwhelming and growing number of software vulnerabilities to be mitigated, taxing both security and IT resources in the process. With Taegis VDR and prioritization, we offer the first security platform that integrates and unifies two worlds, vulnerabilities with threat detection, investigation, and response within Taegis XDR. Ingesting vulnerabilities from both our native vulnerability scanner and third-party vulnerability products, we streamline investigation and remediation workloads.

The platform offers tailored vulnerability prioritization based on each organization’s unique threat landscape and operational context. This personalized approach ensures that security efforts are focused on the most pressing threats, improving overall risk management and resource allocation. Furthermore, with C-suite and Board attention more focused on cyber risk than ever, Taegis VDR provides an overall health score that helps executives understand their organization’s security posture and prioritize the best way to improve it. This contextual information supports informed decision-making and strategic planning, empowering leaders to drive and demonstrate continuous improvement in their security programs. A great example of customer success with VDR this quarter was a utility company dealing with ongoing resource constraints in prioritizing and remediating the high-risk vulnerabilities in their environment.

Taegis VDR’s risk-centric prioritization engine has drastically improved their timely remediation of high-risk IT vulnerability backlogs. Our dashboard also solved their need to provide meaningful visibility into their risk posture to their senior leadership and stakeholders. Bringing together the combination of our vulnerability and alert prioritization engines, each differentiated in their respective markets. Integrated with the real-time threat observability of our XDR platform, we are redefining integrated vulnerability management programs to provide for unmatched security operations. Moving to an update on our go to market. This quarter, we continue to expand our partner ecosystem across tech alliances, solution providers, managed services providers, and cyber insurance partners with leading providers in each category.

For example, we recently announced a managed security services provider partnership with Softbank, one of the largest multinationals in Asia Pacific. Softbank joins more than 50 MSSPs in our partner ecosystem, providing further validation of Taegis’ ability to drive scale for large MSSPs with global footprints. Building on our decade-plus market presence and leadership position in Japan, we’ve seen early traction with this partnership, with the onboarding of new customers well into the double digits since deploying Taegis. We also launched new capabilities for our partners to customize and further scale their MDR offerings. Partners can write and port their own custom detectors, supported with their proprietary threat intelligence additions, enabling them to show unique differentiation for their customers.

We also delivered capabilities to support their operating efficiency with enhancements to securing diverse technology stacks with a federated multi-tenant approach, enabling our partners to manage thousands of customers at scale while segmenting access seamlessly. As a growing number of end customers look to consolidate vendors, our platform approach to supporting a wide remit of third-party controls makes us the vendor of choice for MDR providers to expand their addressable market. Our investments to offer native security controls and capabilities in Taegis, from SOAR and EDR to MDR and VDR, means partners have a path to meet customer desires for consolidation while enabling our partners to grow more profitably. A good example of vendor consolidation comes from a partner deal to replace a legacy SIEM at a large property developer in EMEA looking to consolidate Endpoint and other vendors feeding and managing their SIEM.

This customer was looking to address alert fatigue from a stream of false positives, consolidate prevention capabilities, and automate investigation and response actions holistically across their diverse and multi-cloud technology stack. Our ability to go live quickly with their existing stack while providing the path to consolidation as various contracts came up for renewal met the desire from their executives for a fast path to risk reduction while also reducing vendor sprawl. On the cyber insurance partnership front, we also entered into an incident response partnership with Tokio Marine & Nichido Fire Insurance Company, a market-leading insurance company in Japan. Cyber risk partners come to SecureWorks to not only respond to incidents, but also to reduce breach exposure for their customers by leveraging our portfolio of solutions.

The power and peril of AI continues to be top of mind for customers. AI has always been core to the design of Taegis and our security solutions as fundamental to outpacing the adversary and combined with automation underpins the expanding scalability of our business. Some examples of Taegis’ leverage of AI in its various forms apply to several areas. First, security analysis efficiency and efficacy. Through continuous iteration and feedback from our expert analysts, we achieved significant reductions in false positives, leading to a more efficient and effective security operation. Game-changing capabilities like automated investigations, provide near-instantaneous summaries of complex threat actor behavior, enhancing analyst accuracy and productivity by seamlessly integrating AI and automation into their investigation and response workflow.

Second, superior detection. Our security flywheel starts with cutting-edge threat and detection research and thousands of IR engagements each year, which are fed into Taegis via threat intelligence, watch lists, and tactic graphs. When coupled with expertise from our data scientists and engineers to build our proprietary advanced detectors, Taegis operates at a high signal-to-noise ratio to find things that the competition cannot. Our alerts are fed into our SecOps pipeline and constantly curated, enabling our machine learning algorithms to predict and scale what our analysts are focusing on. With machine-mutable threat intelligence updating our detectors every hour, Taegis power superior detection with unmatched speed. Lastly, faster response time.

We leverage large language models to explain detection logic, complex command lines, and esoteric third-party alerts, as well as draft key findings for investigations and automate response actions, accelerating investigation time and reducing time to respond. From detection and triage to investigation and response, AI empowers us to enhance detection capabilities, streamline operations, and ultimately better protect our customers. This quarter, our innovations in AI to deliver meaningful return on investment for our customers and partners was recognized by receiving the CIO 100 award for integrated AI for better security operations. In conclusion, demand for our Taegis platform and offerings remains strong. We are fulfilling the promise that is the foundation for Taegis by adding features and capabilities to protect against the initial access vectors, including vulnerability, identity, and email compromise.

Providing organizations with holistic coverage and a multi-layered cybersecurity strategy to outpace and outmaneuver the adversary and using AI and machine learning to drive automation and efficiency through every aspect of the platform. We have and will continue to deliver innovations to meet the security needs most valued by our customers and partners. We remain confident that our unique, open without compromise approach has opened the door to continue expanding our successful partnership ecosystem. Taegis is a platform of choice for organizations in an environment where vendor consolidation and scaling spend on both security, technology and talent is key, simultaneously helping organizations deliver an improved security risk posture and outcomes.

This underpins our growth strategy now and in the future. Thank you for investing in our mission to secure human progress with Taegis defining the future of threat detection and response, driving long-term sustainable growth and value creation. And thank you to our customers and partners for joining forces with us. With that, I’d like to hand the call over to Alpana to cover our financial results and guidance.

Alpana Wegner: Thanks, Wendy. Good morning, everyone. I will review our Q1 results before I provide expectations for Q2 and fiscal year ‘25. We once again hit our financial commitments in Q1. We delivered total revenue of $86 million, above our guidance range of $83 million to $85 million, primarily due to professional services revenue. Total revenue continues to be impacted by the wind down of our non-strategic legacy business, which represented 15 points of the 9% decline year-over-year. Taegis subscription revenue was $69 million, up 10% year-over-year. Taegis ARR increased 7% year-over-year to $287 million, which was in line with our expectations. We ended the quarter with 2,000 Taegis customers and our average revenue per Taegis customer was $145,000.

On a year-over-year basis, Taegis ARPC was up 10% in Q1 and remains a premium to the industry average, underscoring the value that Taegis provides their customers. As our Taegis pricing is largely on a per endpoint basis, growth in endpoints is another indicator of platform expansion. Our endpoint count grew 11% year over year in the first quarter. Our Q1 operating results were strong, reflecting our continued focus on operational efficiencies, productivity improvements, and cost discipline. Q1 non-GAAP Taegis subscription gross margin expanded 120 basis points sequentially to 74.3% and showed an improvement of 430 basis points versus first quarter a year ago driven by automation, continued cloud architecture scaling, and by leveraging our AI and machine learning capabilities.

Total gross margin expanded by 1,000 basis points to approximately 70% in the quarter. Adjusted EBITDA was $6 million, exceeding our guidance of breakeven to $2 million and an improvement of $26 million from Q1 of the prior year. The Q1 outperformance was driven by the revenue performance I just discussed, acceleration of the elimination of a portion of our redundant costs, and the push in timing of certain discretionary spend to later in the year. GAAP net loss was $36 million for the first quarter or $0.41 per share compared with gap net loss of $31 million or $0.36 per share in the same period last year. GAAP net loss reflects $26 million in non-cash tax expense for valuation allowance recorded as a result of our tax deconsolidation from Dell Technologies effective in Q1 of this year.

Non-GAAP net income was $4 million or $0.05 per share compared with non-GAAP net loss of $17 million or $0.20 per share in the same period last year. Turning to the balance sheet and capital allocation, we ended Q1 with a strong balance sheet with $47 million in cash, no debt, and an undrawn $50 million credit facility. We used $13 million of cash from operations compared with $41 million used in the prior year period. The decreased use of our operating cash is driven by our focus on cost discipline, reduction in duplicative costs, and increase in operational efficiencies. As a reminder, our cash flow can fluctuate from quarter to quarter, and first quarter is seasonally the highest use of cash, primarily due to annual incentive payouts and the timing of equity compensation-related taxes.

Now, turning to our second quarter and full year ‘25 guidance. For Q2 fiscal year ’25, we expect total revenue of $80 million to $82 million, adjusted EBITDA to be between $1 million and $3 million. Our outlook for Q2 EBITDA reflects the timing difference in completing the revenue wind down of other MSS in Q1 and the remaining redundant costs, which will be eliminated in the second half of fiscal year ‘25, as well as our expectation for lower non-strategic professional services. And we expect non-GAAP EPS to be breakeven to $0.02. For the full year fiscal ‘25, we now expect total ARR to be $300 million or greater, total revenue of $325 million to $335 million, total gross margins to be 68%, inclusive of Taegis gross margin to be 74%, adjusted EBITDA to be between $6 million and $12 million, non-GAAP EPS to be between $0.03 and $0.09, cash flow from operations to be between cash used of $2 million and cash generated of $8 million and we expect CapEx to be in line with fiscal year ‘24.

In closing, our Q1 results give us confidence in our ability to meet our 2025 outlook. We will continue to invest in our growth strategy through opportunistic investment in sales and marketing to accelerate traction with partners and investments in product development on new and innovative capabilities, both add-on and native security products, to deliver additional value to our customers and partners, while remaining committed to EBITDA profitability as we continue to drive scale in our business. Thank you for joining us on the call today. Wendy will now rejoin us as we begin Q&A. Operator, can you please introduce the first question?

Q&A Session

Operator: [Operator Instructions] We will now take our first question which comes from the line of Saket Kalia with Barclays. Please go ahead, your line is now open.

Saket Kalia: Okay, great. Hey, Wendy. Hey, Alpana. Thanks for taking my questions here.

Wendy Thomas: Morning.

Saket Kalia: Wendy, maybe — hey there, good morning. Wendy, maybe to start with you, as you know, there’s been some consolidation in the SIEM market recently. And I found some of your customer examples in the prepared remarks really interesting just around SIEM. So the question maybe is, what are you hearing from customers about how they’re thinking about their SIEMs right now given some of these changes? And how do you think Taegis could benefit in that backdrop?

Wendy Thomas: Sure. Thanks, Saket. So we’ve been talking about this consolidation for some time, but it really has now begun in earnest and you certainly see that in some of the legacy players looking to consolidate. But in terms of customers, what we see as the opportunity is not just the SIEM replacement, but as an XDR platform with both native controls and capabilities across EDR, NDR, VDR, orchestration, pet intelligence, it means that there is a broader consolidation play going on in the marketplace that we can take advantage of. It’s more than SIEMs or even legacy MDRs. It’s some of these point products that really are features or capabilities of an integrated platform. And so when you think about our ability to serve as sort of that control hub for both our own native controls or a mixed tech stack or set of control environments, you not only provide the most optionality for customers to reduce vendors, get better total cost of ownership with SecureWorks, but given our experience, which we’ve just completed, of re-solutioning our MSSP customers, we are uniquely positioned to provide customers with the playbook and, frankly, the reference customers that demonstrates our ability to mitigate their risk and streamline the process of them transitioning controls and/or replacing their SIEMs without missing a beat.

And it’s why we see not only our customers come to us to replace their SIEMs, but MSSP that we’ve signed as well, because they see the opportunity not just for better security outcomes for their customers, but better margins for their business, and we don’t have to buy those customers in the process.

Saket Kalia: Got it, That’s actually super interesting. Alpana, maybe for you for my follow-up, I believe the ARR from the other MSS business here is really de minimis at this point. But maybe curious, where are we sort of in the arc of subscription revenue? And where does that sort of bottom before we start to see sequential growth? I mean, clearly that transition has happened on ARR. Revenue, of course, always lags that. Where are we sort of in that arc if that makes sense?

Alpana Wegner: Yeah, thanks for the question and good morning again. So you’re right in that with the completion of the end of life in at the end of this quarter Q1, we have very de minimis amount of remaining ARR. So effectively we’re 100% at this point Taegis ARR. So as we look ahead just on the subscription line alone, I would say that we feel good about the second half of this year, seeing that sequential growth start to come through. As we mentioned in our commentary, we continue to see good performance on Taegis. And with that being the full concentration of our book from a subscription standpoint, that’s what’s giving us the confidence as we look at the second half of the year and expecting that sequential growth to come through.

Saket Kalia: Got it, Makes sense. I’ll hop back in queue. Thanks, guys.

Wendy Thomas: Thank you.

Alpana Wegner: Thank you.

Operator: Our next question comes from Mike Cikos with Needham. Please go ahead. Your line is now open.

Matt Calitri: Hey. Good morning, team. This is Matt Calitri on for Mike Cikos over at Needham. Thanks for taking our questions. I was wondering, what can you tell us about your assumptions for the slope of net new ARR in the back half of the year now that the drawdown of other MSS is complete?

Alpana Wegner: Yeah, good morning. Thanks for the question. And this is Alpana. I’ll maybe start and then Wendy can add in if there’s something there that I missed. I would say that, we were — when we guided at the beginning of the year, we had taken into consideration several factors. Those factors haven’t really performed any differently as we look at the performance from Q1 and as we look ahead. And so we would continue to expect to see, as we’ve discussed in our last call when we set that guidance, we continue to expect to see similar sequential performance on the ARR line. And again, those primary factors that shaped that thinking was really the macro environment and what we’re seeing from buying behaviors. Q1 didn’t veer from that.

We’ve kind of seen steady state. And we continue to see good demand. The cybersecurity spend prioritization is still there. And we do think from a macro perspective as we see the market gaining some resiliency, we expect that to continue to improve. And really, our view is we’re kind of in a steady state right now as we’re progressing through the year, just being somewhat measured on how we think about that arc, that you’re asking about.

Matt Calitri: Okay, very helpful. And then last quarter, you called out deals both being pulled forward and closing earlier in the quarter. Is there anything to call out this quarter in terms of pull forward or linearity? And any comments on what was driving that and expectations for the rest of the year?

Wendy Thomas: We did talk about that in fourth quarter. We did not see anything of that nature kind of pull forward or acceleration, which you often see kind of at the year-end and fourth quarter seasonality wise. We tend to have to see really strong fourth quarters and more moderate first quarters. People are sort of getting their budgets under their belts and that kind of thing. So nothing of that nature this quarter that we would call out as a caution against second quarter.

Matt Calitri: Okay, great, thanks so much.

Operator: The next question comes from Hamza Fodderwala with Morgan Stanley. Please go ahead, your line is now open.

Hamza Fodderwala: Hey, good morning. Thank you for taking my question. And nice revenue beat in a difficult demand environment. Alpana, I’ll just keep it to one question for you. I’m curious how you’re feeling about the capital position, the financial condition of the company. You spoke about having sort of good amount of cash on the balance sheet. Obviously, the revenue is still on decline, but that seems to — that decline seems to be moderating. But I’m curious how you feel about the position of the company and the health of the company going forward. Thank you.

Alpana Wegner: Yeah. Good morning and thanks for the question. As you mentioned, we do feel good from a balance sheet perspective. The cash that we have on the balance sheet has certainly — puts us in a position to be able to have the appropriate balance sheet from a working capital perspective. And as I mentioned in my prepared remarks, we also believe that the current operating leverage that we have in the business allows us to invest in some key areas from a growth perspective, particularly as we look ahead in the year, both from a marketing and a demand and a go-to-market perspective as well as from a product. I think as we look ahead to the year and as we’ve shared, we see that sequential growth and revenue coming back in the second half of the year, which I think also helps us from a positioning perspective to feel that we’ve got good stability and sustainability in the business.

And we’re continuing to see a good operating leverage at the gross margin line. And so we really feel like we like what we’re seeing from how the business is performing in Q2. As we indicated previously, we do expect to be a bit of the bottom, both from a top line perspective as well as the bottom line with some of the redundant costs remaining in Q2, but we see that coming off in the second half. So as I look ahead, the second half has some key milestones ahead for us. And that will just continue to give us a higher degree of confidence in the balance sheet and in the operating leverage that we have.

Hamza Fodderwala: Thank you.

Wendy Thomas: Thank you.

Alpana Wegner: Thank you.

Operator: At this time we have no further questions. [Operator Instructions] We have no further questions. So I’ll turn the call back to the management team for any closing comments.

Kevin Toomey: Okay. Thank you very much. That wraps the Q&A for today’s call. A replay of this webcast will be available on our investor relations page at secureworks.com along with our supplemental web deck and additional financial tables. Thanks again for joining us today.

Operator: Thank you everyone for joining us today. This concludes our call and you may now disconnect your lines.