Investing.com - Financial Markets Worldwide

Varonis at TD Cowen Conference: Accelerating SaaS Transition

Published 28/05/2025, 20:24
Varonis at TD Cowen Conference: Accelerating SaaS Transition
VRNS
5.31%

On Wednesday, 28 May 2025, Varonis Systems (NASDAQ:VRNS) presented at TD Cowen’s 53rd Annual Technology, Media & Telecom Conference 2025. The company showcased a strong first quarter with notable growth in its annual recurring revenue (ARR) and a strategic shift towards a fully SaaS-based model. However, challenges remain in navigating the competitive data security landscape.

Key Takeaways

  • Varonis reported a 19% growth in ARR for Q1, with expectations to exceed 20% post-SaaS transition.
  • The company’s SaaS mix has increased to 61%, with a year-end target of 80%.
  • Varonis aims to complete its transition to a fully SaaS model by the end of 2025, ahead of schedule.
  • Emphasis on data security continues as breaches persist, with a focus on insider threats and ransomware.
  • The acquisition of Cyral is set to enhance Varonis’ capabilities in database activity monitoring.

Financial Results

  • ARR Growth: The company achieved a 19% ARR growth in Q1, up from 18% in the previous quarter, with plans to surpass 20% after completing the SaaS transition.
  • SaaS Mix: Varonis increased its SaaS mix guidance for the year from 78% to 80%, reflecting a strategic focus on SaaS offerings.
  • Free Cash Flow: Projected free cash flow for the year is between $120 million and $125 million, a significant increase from just over $50 million the previous year.

Operational Updates

  • SaaS Transition: Varonis has expedited its transition to a SaaS model, reducing the timeline from five years to three, with completion expected by year-end.
  • MDDR Platform: The Managed Detection and Response (MDDR) platform is Varonis’ fastest-growing offering, with a goal of achieving a 100% attach rate.
  • Acquisition: The acquisition of Cyral will bolster Varonis’ database security capabilities.

Future Outlook

  • Growth Strategy: Varonis plans to expand its customer base and increase sales to existing clients, leveraging short-term and long-term investments.
  • Revenue Targets: The company remains committed to its goal of reaching $1 billion in revenue by 2027.
  • GenAI Impact: Varonis is positioning itself to address data protection needs arising from the deployment of Generative AI tools.

Q&A Highlights

  • SaaS NRR: The SaaS Net Retention Rate is driven by additional platforms sold to existing customers, excluding conversions.
  • Pricing Strategy: SaaS offerings are priced 25-30% higher than on-premise solutions, reflecting the added value of the SaaS model.

For more detailed insights, readers are encouraged to refer to the full transcript of the conference call.

Full transcript - TD Cowen’s 53rd Annual Technology, Media & Telecom Conference 2025:

Shaul Eyal, Research Analyst, TD: Good afternoon, everybody. Thank you for joining us. I hope you have all enjoyed lunch. Shaul Eyal, research analyst covering cybersecurity for TD. Very happy to host Guy Melamed and David Gibson from Varonis.

This is a fireside chat. I’m gonna leave some some time, probably the final five minutes or so, if anyone has any questions. We have plenty of questions here, so do not hesitate to kind of raise your hands and kind of keep it as interactive as possible. Maybe we’ll kick it off with I’ll tell you this. Somebody once told me that you’re the guy who describes Varonis the best.

I had somebody sitting actually here, I think, like two years ago, came out of the session and was telling me, wow, now I really understand what they do. Swear to God. So maybe, just for the sake of the audience, slightly less familiar with Varonis, maybe Dave on in in in a sentence or two, what is it that you guys do for a living?

Guy Melamed, Varonis: No pressure, David.

David Gibson, Varonis: Yeah. No. Whoever that was, I gotta give them another 20. But so Varonis makes software now delivered as a SaaS as of about two and a half years ago that protects data where it lives. So we’re talking enterprise data that has been accumulating both in the data center and in the cloud for many years now.

And the way we protect it is we map the data stores, find what’s important, lock it down so that only the correct people have access to the data that they should have in a couple different ways. And then we monitor the heck out of it to detect when you might have an insider or a ransomware or an external attacker or potentially somebody abusing AI now is another another thing that we detect. So that that’s what Varonis does in a nutshell. And, you know, we’ve been doing this since 02/2005 or so and we have quite a bit of success helping people get their data protected much better. I think one of the big things is with SAS, we’ve delivered the solution with so much automation that we’re able to to help people avoid breaches, reduce their impact, respond to them more quickly, become more compliant more easily without much effort, right, because we’re doing so much for them.

Guy Melamed, Varonis: Sure. I’m a competitive guy, so if

Shaul Eyal, Research Analyst, TD: I’ll By all means, be ready.

Guy Melamed, Varonis: No. But honestly, just to to give some additional color for the nontechnical people like myself, the way to think about Varonis is literally when when there’s a bank and you’re trying to protect the vault, there are a lot of ways to protect it. You need to have the guard outside. You need to have the cameras. You need to have the fence, the security, the gate, and all of all of the perimeter defense securities.

We think about data security and in a slightly different way. We protect the vault by sitting on the vault and trying to see who’s trying to touch the data. Any abnormal behavior that is in relations to data, we can identify through pretty sophisticated algorithms. It doesn’t mean you don’t need the guard. It doesn’t mean you don’t need the fence.

You need all of those protections, but eventually someone will try to break in. And when they do break in, we can identify it through those algorithms. What’s also important to note is that when you’re protecting the sensitive information, it’s not just people from the outside that are trying to come in. It’s also people from within, employees within the organization that try to get the information, either sell it to competition or, they’re about to leave and they take the information with them. If you have an organization of 10,000 employees and as an executive, you think that all 10,000 employees are ethical, you probably shouldn’t be on the c level executive, of that firm.

So what we try to do is identify anything that is happening whether you’re logging in from a different computer, you’re logging in at a different time, you’re opening files that you don’t usually open. If that happens, for the most part, someone has taken over your credentials and is trying to get access of that sensitive information. No one tries to break into the bank to steal the pens. So eventually, they’re trying to get to the crown jewels and we sit on those literally on those crown jewels to identify anything that’s happening within the organization. Fair enough.

Shaul Eyal, Research Analyst, TD: Maybe Guy, if we go and look back at your first quarter results several weeks back, absolutely solid. Maybe can you recap it for us? And what is it that you would have loved the audience buy side, sell side kind of to take away and walk away from the recent set of results?

Guy Melamed, Varonis: Yeah, I think you kind of nailed it. It was a very the strong quarter. It was pretty straightforward driven by momentum that came from new customers and existing customer conversions. We finished q one with 18% with 19% ARR growth. 18 was in in q four, so we were actually accelerating our ARR growth.

We were able to finish q one with 61% SaaS mix. So that allowed us to raise our SaaS mix guidance for the year from 78% to 80%. I think what was very interesting is that, you know, we There were a lot of lessons learned from 2024 when we did, kind of the full year of of, conversions and transition. We know what we need to do in order to improve kinda that whole conversion process. There were a lot of things that we implemented that actually allowed us to cut the transition period from five years to four years and now to three years.

We plan to be, done with the transition at the end of this year. We’re definitely seeing good momentum with new customers and we’re trying to kind of be done with this and be a full fully SaaS company at the end of this year.

Shaul Eyal, Research Analyst, TD: You know, RSA also took place late April, beginning of May, concluded I think the May. ’1 of the, call it, takeaways, one of the hot topics discussed during RSA was data security. Aside from Gen AI and HNTK, I will get to that in a few minutes, but I wanted to kind of to ask what is it that you’re seeing from the data security as data data volumes actually continue to grow exponentially? And how does that impact your business? And just yeah, anything on data security and the fact that it is becoming, again, it’s been around, it would appear as if this market is seeing good vibrations, seeing some renewed interest based on some of the underlying drivers.

So just how do you guys see it?

David Gibson, Varonis: Yeah. I definitely see more activity and more thought about data security than at any point in my career with Verona, and I’ve been with Verona since 02/2006. So, it makes sense. You know, people have done just about everything else, right? They’ve secured their perimeters, they’ve secured their networks, they’ve secured their endpoints, and yet we still continue to have breaches and breaches.

So I think it makes sense. Okay, maybe we better protect the thing that people are stealing, which is the data. So I think people are coming around to the idea that data protection is a is a thing. And I think there’s some debate on, you know, how to protect it or what what it means, you know, which solutions. I think there are a lot of different solutions that people have tried historically that they’re now looking to augment with something that’s a little bit more like a data security platform.

There are a few different technologies around there. I think our methodology is that you need to understand where the important data is, really understand all of the controls that govern access to that data deeply, and then also understand who’s using the data, you know, kind of like the camera in the bowl, you know, or like a bank keeps a register of all the transactions. And you need these kind of three pillars as ingredients to enable you to actually address the problems out there. So we’re focused on delivering outcomes in an automated way, making sure the data is more protected, all those controls that I mentioned are optimized, making sure that you’ve got those detections that Guy talked about. Right?

When we see an insider, somebody behaving strangely, somebody maybe asking weird questions out of their AI, that you’ve got some detection that will flag that even though data’s locked down. As said, chances are somebody is gonna be compromised. Right? Either an insider or an account is gonna get compromised. So to be able to spot that activity and stop it in its tracks is is another big outcome there.

So I think I think we’ve been doing it for a while, and our methodology has proven effective in that space, which is getting a lot more attention.

Shaul Eyal, Research Analyst, TD: So maybe if if if we stay and maybe double click on on that point, maybe a little bit of a compare contrast on DSPM Mhmm. Data security posture management. What is it the view that you guys are taking towards DSPM? And maybe how do you separate or differentiate yourself from the competition? Because by the way, DSPM, that’s another very noisy category over the course of the past several years and also coming out of RSA.

David Gibson, Varonis: That’s a great question. I see DSPM as a subset of what we do, so it’s focused on discovering what’s important and maybe wrapping a little bit of what people call posture. That’s the P in DSPM. What posture really is is kind of broad configurations, like have you enabled multifactor authentication? Do you require strong passwords?

Which it’s important to get these things right, but you have to go much deeper to actually protect the data. And so I guess the big important message is discovery is not security. Discovery is a start, but you actually have to be able to do deep discovery and then address whatever you find. Otherwise, you’re left with liability or a lot of manual busy work, which is not actually doing the security of the data.

Shaul Eyal, Research Analyst, TD: Understood. As as as we think about, some of the investments that are being done within the category, and indeed, we had seen several huge investments, How would you compare, contrast what is it that Veronis kind of has to offer? And maybe I would say, given, you know, your your kind of tenure in in the market versus some of the new emerging products or solutions out there?

David Gibson, Varonis: What I see is that from a discovery perspective, most solutions started in the database world, and they also started with sampling. So they said, let’s look at a small piece of data. And just really, let’s try to identify what’s sensitive and, as I mentioned, maybe throw in a little bit of configuration. So when you contrast that with our approach, which is that you can sample in databases that make make sense for you, but really, you have to be built to look at all the data. Right?

And people have these massive data stores both in the data center, both in and in the cloud. You have to have the coverage footprint to be able to do something meaningful. But to be able to look at all the data and then go more deeply into the controls around that data and how it’s being used, that’s where I think we’ve we’ve we’ve got a lot more mileage. And and I think if you think about it rationally, it’s not enough to just see smoke. Right?

You know, you might see smoke in one room, but the the other part of the house is actually on fire. You know? So I I think it’s a very different approach to securing data. And so we’re seeing, I think, definitely like you, a lot more noise around DSPM or a lot more, you know, talking about that as well as just discovery, and that’s really good for us. We’re able to participate in many more discovery RFPs, many more DSPM RFPs and the the if there’s any kind of willingness or any kind of desire to secure data, which for most people there is, then that is a very good situation for us to be in.

Shaul Eyal, Research Analyst, TD: I think you had MDDR, I think, for about a year now, and it has it is seeing great success interest, which is being translated into, I think, hard revenues. What’s driving that success, that MDDR product?

Guy Melamed, Varonis: The value proposition is simple to digest for the customer and it eliminates all the hardship that they have to go through in ensuring that their data is protected without the need for real manual labor on their part. The environment is extremely complex. The hacking is becoming way more challenging to to try and address. And when you have technology that provides automation, can identify anything that’s happening in an abnormal way. And if there’s anything that pops up that is truly strange, you get a phone call.

It doesn’t get any better than that. And I think that’s the reason it’s been so well received by customers. When we look at the SaaS offering and the fact that we were able to increase our footprint with new customers, increase our ASPs, it really is coming from the essence of we’ll do everything for you. All you need to do is pay. And that’s resonating really well.

MDDR is by far the fastest growing platform Varonis has ever had and not even close to any any second. So we’re really happy with the way this has been adopted. It’s definitely been consumed by the vast majority of every new sale we sell with MDDR. We still have existing customers that we need to get on the MDDR side. We’ve talked a lot about the fact that we see MDDR as a need for every single customer.

This should have a % attach rate eventually. It’s gonna take some time. Mhmm. But we truly believe that customers need it no matter.

Shaul Eyal, Research Analyst, TD: And it’s customers of all marketeers. Does it matter? Yeah. Yep. Understood.

We promise to double click again on Gen AI and the opportunity that you’re seeing. So I’ll tell you this. We have heard from some companies that AI has been around for several years. They’ve been using it maybe a little differently. But now, maybe the time has arrived for mass deployment.

How do you guys think about GenAI and where is it beginning to impact your set of products, platform and also from a customer perspective?

Guy Melamed, Varonis: I don’t think we’ve we’re even close to seeing Gen AI in its mass deployment stage. I think it’s in very early stages, very early innings. But I I think when you you think about the world evolving, I don’t see a situation where it doesn’t get that to that mass deployment stage. If you look at even chat GPT and and the personal behavior of people on using chat gpt, once you try it, you’re going back to your old search ways? Probably not, no.

So I know a lot of organizations are extremely hesitant to deploy Copilot because of the risk of having things blow up. We have seen some scary, scary things with customers that haven’t taken care of the sensitive information prior to deploying it. Have an employee that goes into a chat box and says, who got a raise last year, and suddenly gets the full list of employees with their salary increases. That’s catastrophic. Or an employee that asks for the equity file gets it in seconds because they didn’t have the sensitive information blocked, where only the right people have access to the right data.

So you cannot go and roll out Copilot without thinking about the the unintended consequences of what can happen if you’re not locking down the data properly. But our company is gonna be prevented from from rolling this out in four or five years because they’re afraid of sensitive data? No. They’re gonna have to fix the sensitive data because there’s gonna be demand from the field to improve productivity. So I think if you look at the end goal of how the world looks in five years, it could be five, it could be six, it could be seven.

I don’t know when this happens. But does this move in a direction where everyone needs those productivity gains? I think it’s a safe answer to say yes. When exactly is that inflection point? Is it this quarter, next quarter, a year from now, two years from now?

No one knows. And anyone that knows, please send me his number. I’d love to know. But eventually, it’s gonna get there. So we’re there to be able to capitalize on that opportunity.

And by the way, it’s not just Copilot. It’s any gen AI that is out there, whether it’s Gemini, whether it’s Salesforce, eventually you get to a point where employees are using whatever tools they have for productivity gains. And if you don’t take care of the sensitive information in advance, you’re gonna have real real problems.

Shaul Eyal, Research Analyst, TD: So maybe in that context, you’ve you’ve recently kind of introduced support, you know, for agent force. What’s the implications of that as it touches on Varonis?

David Gibson, Varonis: So as Guy said, there are many flavors of AI. And whether it’s agentic or it’s a copilot, the underlying problem is a data security problem. And I think with AgenTik AI that the stakes get a little higher because the agents can take actions and go to multiple sources. But the important thing I think that people are realizing is they’re going to have to protect the data that AI harnesses and and uses or else there are gonna be situations where data is exposed way way too way more quickly than before. So I I just see this I was just saying AI is like salsa.

It seems to make everything better. It goes with everything now. And it it just you know, it’s it’s coming up in all sorts of places and in all sorts of use cases that that I think it’s part of the momentum behind what people are talking about data security.

Shaul Eyal, Research Analyst, TD: Guy, it would appear as if the SaaS NRR is tracking significantly higher than kind of the overall NRR. Maybe can you walk us through the cornerstones and kind of what is what’s driving that much improved SaaS NRR?

Guy Melamed, Varonis: First and foremost, it’s the richness of the platform. It’s the richness of the technology. The fact that once you see the value with the SaaS offering, you wanna be protected on additional platforms with the same offering. And again, it goes back to the ease of use where the hardship of the on prem subscription and the challenges that you had to face are eliminated with a SaaS offering. And we took all the goodness and from the on prem and put it in the SaaS and we took whatever was challenging and improved it.

So it’s a much much better product. The value proposition there is much easier to digest from a customer’s perspective. And when they try it and when they see it, there’s so much more for us to sell, which gets us to a point where the SaaS NRR is much higher than the reported NRR. I think one of the biggest misconceptions that investors still have is this notion that we’re growing because of the transition and because of the conversion. We believe that once we get through the transition, we go back to the base and we can start selling additional platforms.

And the SaaS NRR gives us that confidence. Part of the reason of talking about going back to the 20 plus percent growth rate of ARR. We’re growing now at 19%. If we can continue to increase our new customer base in the same rate and the SaaS NRR is much higher than the reported NRR, that gets you to the 20 plus percent already in simple math. So, when we look at where we are from a technological perspective, from a from a, the amount of platforms that we have to offer that we can help protect, We feel very good about the the opportunity.

By the way, part of the reason we were trying to squeeze this transition and make it shorter. We believe that if we can get this done in three years, then you don’t need the same attention that the reps are putting on the conversion side and they can start start spending their time on upselling to the base. So definitely part of the the thought process that we had in this time frame of shortening the transition.

Shaul Eyal, Research Analyst, TD: Super. Questions from the audience? You in the front.

Unidentified speaker: Yes. So Guy, can you talk a bit about can you decompose the NRR improvements in terms of upsell, pricing, stuff like that? How does that sort of break out? And then for for David, you you mentioned again you talked about all the different flavors of AI and how they all benefit you. So two questions on that.

One is, does that mean that you go from, in the old days, sampling data

David Gibson, Varonis: I can talk about that. You wanna You can

Guy Melamed, Varonis: start with yours, and then I’ll

David Gibson, Varonis: Okay. So, you know, it’s a great question. So when we’re talking about sampling, you know, the other technologies that I’ve seen when they’re trying to handle large data sets go to sampling, right? And it’s they often use it as a rationalization for not being able to scan everything. We are built to scan all the data and keep up as data is created or changed.

That’s one thing that’s a big differentiator for us is because we actually see the data activity, we can do that and keep up with these massive data stores. So I see that the AI problem, the the data security problem that AI exacerbates will encourage people to not only understand what’s important, but, you know, make sure that the important stuff or the wrong stuff isn’t in the training data. Make sure that the the training data, it has an its integrity intact, right, what hasn’t been poisoned, things like that. There are all kinds of use cases when you’re you’re you’re developing a model there. But the the data that the that the model’s being trained on has to be locked down because almost all these AIs work the same way.

When you ask a question or an agent asks a question, it looks at all the data you have access to to formulate the response or to derive whatever action is gonna take place next. And if that user or that agent has access to too much data, the chances of data being exposed or misused just it it it becomes almost a certainty. And I think that’s one of the reasons that this lens on data security has gotten so bright. It’s because people realize they need to lock the data down better or they cannot use AI safely, whichever flavor of AI they wanna use.

Guy Melamed, Varonis: And to answer your question about the SAS NRR, where is it really coming from, the one important thing to note is that SAS NRR doesn’t factor any conversions whatsoever. It’s taking SaaS customers a year ago and trying to see a year later where is what their ARR is. We’re seeing that coming mostly from additional platforms that are sold. So that’s really driving kind of that NRR being significantly higher than the reported number of one zero five.

Unidentified speaker: And like for like customers, you see them bought the whole price of purchase going up as they move to SaaS.

Guy Melamed, Varonis: So the price list apples to apples, SaaS versus on prem is $25.30 percent higher. What we are seeing is that some of the customers are buying the larger platform, And eventually, kinda having the MDDR and Copilot as part of the platform as one SKU. MDDR is really what we believe to be the glue because if we’re doing everything for you and we call you up and we say, listen, we’ve discovered some strange behavior whether it’s a ransomware attack or a hacking attack or even an employee within the organization that is trying to take data and give it to competition, but we’re not covering these platforms because you didn’t buy them so just keep that in mind. It becomes a way different type of conversation and that we believe can kinda help us in the upsells once they have the MDDR and they see the value of it.

Shaul Eyal, Research Analyst, TD: Guy or David, how has your TAM evolved over the course of the past few years? And how did the SaaS transition assisted in expanding that?

Guy Melamed, Varonis: So the SaaS offering has opened up new markets, new customers that we couldn’t really address before because they didn’t want to deal with the hardware, they didn’t want to deal the headcount, so it definitely increased our opportunity to sell. When we look at kind of the spaces that we have kind of gone to and we’re definitely seeing the TAM increase, I think when you look at kind of the new customers that we have and the existing customers that are buying more, there’s so much more so much more meat on the table for us to to take advantage of. We’re we’re definitely seeing that as a huge opportunity for us. And we didn’t talk about the Cyril acquisition either, which And we’ll

Shaul Eyal, Research Analyst, TD: Yep. Yeah. We can squeeze let’s squeeze it in before

David Gibson, Varonis: Very exciting. Know, monitoring the activity in databases is something that this acquisitions helps us accelerate. This is very important. We’ve been monitoring activity just about everywhere else, but the databases, some of the databases, the capturing that activity has been difficult. So excited to be able to to offer that and fold it into the rest of the platform because we’ve been classifying data in databases now for over a year, looking at some of the the configurations and the security of the database.

So to be able to add the activity in to our stack gives us an end to kinda capture that market as well, which is is sizable.

Shaul Eyal, Research Analyst, TD: Got it. Maybe, Guy, final thoughts. What does excite you as we look into, you know, the next several years from a Veroni’s standpoint, of course?

Guy Melamed, Varonis: A lot of things excite me. No. Honestly, when you think about kind of the path, the the five year plan that we laid out during the Investor Day in 2023, talked about getting to a billion dollars in 2027 and completing the transition by then. We cut the period of the transition from five to three. Our free cash flow has shown real improvements.

We’re guiding for a hundred and 20 to a hundred and $25,000,000 of free cash flow compared to just over 50 a year ago and breakeven the year prior. So, from a profitability perspective, we’re absolutely ahead of the game. But not only that, when we look at how we grow post that $1,000,000,000, we’re making some short term, medium term, and long term investments to capitalize on a much larger opportunity. Super.

Shaul Eyal, Research Analyst, TD: Dave, Guy, thank you so much. Thank you. Thank you everybody. Appreciate the time.

This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.

Latest comments

Install Our App
Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers
© 2007-2025 - Fusion Media Limited. All Rights Reserved.