Logo of jester cap with thought bubble.

Image source: The Motley Fool.

Tenable Holdings, Inc.  (TENB -6.36%)
Q1 2019 Earnings Call
April 30, 2019, 4:30 p.m. ET

Contents:

  • Prepared Remarks
  • Questions and Answers
  • Call Participants

Prepared Remarks:

Operator

Greetings. Welcome to Tenable First Quarter Earnings Call. At this time, all participants are in a listen-only mode. A question-and-answer session will follow the formal presentation. (Operator Instructions) Please note, this conference is being recorded.

I'll now turn the conference over to Andrea DiMarco, VP, Investor Relations and Strategy. Thank you. You may begin.

Andrea DiMarco -- Vice President, Investor Relations and Strategy

Thank you, operator, and thank you all for joining us on today's conference call to discuss Tenable's first quarter financial results. With me on the call today are Amit Yoran, Tenable's Chief Executive Officer; and Steve Vintz, Chief Financial Officer. Prior to this call, we issued our earnings release for the first quarter financial results, it's available on our Investor Relations section of our website.

let me remind you that we will make forward-looking statements during the course of this call, including statements relating to Tenable's guidance and expectations for the second quarter and full year 2019, growth and drivers in Tenable's business, changes in the threat landscape in the security industry and our competitive position in the market, growth in our customer demand for and adoption of our solutions and planned innovation new products and services. These forward-looking statements involve risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. You should not rely upon forward-looking statements as a prediction of future events. Forward-looking statements represent our management's beliefs and assumptions only as of today and should not be considered representative of our views as of any subsequent date. We disclaim any obligation to update any forward-looking statements or outlook.

For further discussion of the material risks and other important factors that could affect our actual results, please refer to those contained in our most recent annual report on Form 10-K filed with the SEC and subsequent reports that we file with the SEC, available on the SEC website, sec.gov.

In addition, during today's call, we will discuss non-GAAP financial measures. Our earnings release that we issued today includes GAAP to non-GAAP reconciliations for these measures.

Now, let me turn the call over to Amit.

Amit Yoran -- Chairman and Chief Executive Officer

Thank you, Andrea, and thank you for joining us on the call today. I'm pleased to share that Tenable delivered another strong performance for Q1. Revenue grew 36% year-over-year to $80.3 million and calculated current billings grew 25% year-over-year to $81.2 million.

Our performance reflects the growing opportunity for Cyber Exposure, which we believe will become the industry standard for managing and measuring cyber risk in the digital era. Cyber Exposure provide broad visibility into exposures across all connected assets and deep analytics that translate this data into actionable intelligence.

The evolution of vulnerability management from a compliance to a risk driven higher value added process include, deeper analytics that combined vulnerability data with the other indicators of risk, including threat intelligence and asset criticality. This provides a more comprehensive view of cyber risk that enables CISOs and executives to take appropriate action, to reduce their risk and exposure.

Responsible vulnerability management is the foundation of reducing cyber risk. According to Gartner's A Guide to Choosing a Vulnerability Assessment Solution report published in April of 2019. By 2022, organizations that use the risk-based vulnerability management method will suffer 80% fewer breaches.

Over the past few years, the vulnerability management market has become a much more strategic and important focus for the enterprise due to growing recognition that many breaches can be prevented, through a focus on the fundamentals of good cyber hygiene. Historically, VM was largely compliance driven, security teams focused on the limited number of traditional assets to secure PC's, laptops and servers. They conducted periodic scans, they were checking the box and moving on. Most enterprise assess a small sample of their environment and conducted ad hoc scan. The new spreadsheets to try to centralize and prioritize data. Today, as enterprises continue their path to digital transformation, their new assets coming online all the time. Enterprises must first identify all assets on their networks, ranging from desktop computers to connected printers, and cameras to cloud deployments and operational technologies.

Then, they must have set every single device to identify, prioritize, and resolve thousands of known vulnerabilities, that hackers can exploit. The path eventually for a hacker multiplied in the number of breaches, preventable breaches has increased exponentially. Because of the complexity of today's digital environment, vulnerability management has also become much more complex.

It can no longer be responsibly managed in silos on spreadsheets and with manual processes. It can no longer be a cobbled together type of approach with multiple tools or outsource an annual audit.

Enterprises today are looking for a continuous and comprehensive visibility, and assessment of exposures across their entire compute environment with an enterprise wide VM solution such as Tenable.sc or Tenable.io or with a combination of both. And with all the new assets coming online, the increase in exposures makes prioritization even more critical than ever.

Today, our customers can automate prioritization of exposures for remediation with Predictive Prioritization. Predictive Prioritization automatically prioritizes each vulnerability based on the likelihood it will be exploited. We combine our vulnerability data with our data science algorithm that tell us about the exploitability of each vulnerability. And third-party vulnerability data and threat intelligence using proprietary machine learning algorithms to help customers take action on the small percentage of vulnerability that matter most to their enterprise.

But Cyber Exposure is much more than a comprehensive asset coverage and exposure prioritization. We see so, and become a central part of articulating an organization cyber risk, and guiding strategic investment decision at the C-Suite and the board.

As a result, not only has vulnerability management become more strategic, but CISO (ph) requirements for VM solutions have changed. To answer the fundamental question facing organizations today, how secure are we CISOs need to know, where to focus investments based on business risk. They need visibility into how the effectiveness of their security investments and the cyber risk are tracking over time, and how their company compares to its peers.

The need for Cyber Exposure is ubiquitous. That's why we're so excited about our Cyber Exposure platform, designed to address the strategic cyber risk issues at the C-Suite and board level executives are facing everyday. Over time the release and development of Lumin will integrate and contextualize additional data alongside vulnerability information to provide even greater intelligence.

Lumin uses data science to provide the measurement of Cyber Exposure, scoring and trending over time with benchmarking. We believe the growing importance of VM and it's evolution to Cyber Exposure represents a huge incremental opportunity for Tenable. When we think about our market opportunity, we look at the growth in the end markets for Cyber Exposure.

We look at the shift to cloud deployment. We have solutions that connect, scan and ingest data from all the major public cloud providers. And part of our differentiation is the fact that we deploy in hybrid cloud and on-premise solutions for our customers, as they try and manage their hybrid compute environment.

We have almost a 1,000 customers who are using both our on-prem and cloud deployment combined. The market require this type of hybrid approach to VM. We look at the growth in web applications, container usage, IoT devices coming online as the expanded opportunity for Tenable. We have solutions to address these needs. In fact, for over a decade, we've been deploying passive network monitoring capability, that many of our customers use today to address their IoT requirement. Tenable is also positioned to participate in the growth of operational technologies in the security market.

According to Gartner's competitive landscape, operational technology security report published in October of 2018, annual OT spend will grow over 46% CAGR through 2022. This market is in its infancy. But according to our recent survey we commissioned with the Ponemon Institute, most organizations in the OT sector have already experienced multiple cyber attacks, causing significant downtime and business disruption.

Consider the overall modern asset growth in the market with another quote from Gartner Security Summit titled, Fix Whatever Matters, Provide DevOps teams with Risk-Prioritized Vulnerability Guidance, presentation from 2018.

Through 2021, the single most impactful enterprise activity to improve security will be mitigating vulnerability. That's a powerful quote about the strategic importance of our industry. In our view, operating a technology infrastructure without a mature understanding and active management of cyber hygiene can be viewed as negligent. By combining forecasts for connected enterprise IoT devices, cloud deployments, container instances and other new and traditional assets, we believe there are total addressable market reaches $16 billion this year. And we get very excited about the opportunity in front of us. We believe our scalable Cyber Exposure solution is differentiated by three key strength; first, in the breadth of asset coverage. We assess vulnerabilities across the entire enterprise attack surface, including traditional and modern assets as we've been describing; second, the depth of our analytics. We combine vulnerability data with an understanding of exploitability and threat information and use our algorithms to help organizations predict, prioritize and address their highest levels of vulnerability.

We have heard from a long-standing Tenable.sc customer, now using Predictive Prioritization, that they have a much deeper understanding of their actual, quantifiable level of vulnerability and exposure for any given set of vulnerability. And this is only the first of many analytic applications we can build, which leverage vulnerability data and help organizations prioritize, measure and address their Cyber Exposure.

With our soon to be released Lumin product, we will include asset criticality and benchmarking as a new capability; and third, our focus on a best-of-breed singular approach to vulnerability management.

We deliver breadth and depth through a singular focus on VM. Our best-of-breed approach leverages critical strategic integrations that are a key part of our strategy. We've highlighted our partnerships with ServiceNow, Splunk, AWS, Google, Siemens and numerous other companies. When I talk to customers, they want this best-in-class vulnerability management approach that's optimized to integrate and leverage the existing configuration databases, pickening (ph), patch management and enterprise infrastructure that they've already purchased.

We provide the integrations our customers need to successfully invest and leverage, best-in-class solutions.

With that, I'd like to highlight just a few six-figure wins from the quarter as evidenced of VM's growing strategic importance and continued investments in Cyber Exposure. One of our new logo ads, a large acquisitive healthcare company, needed to create more mature comprehensive vulnerability management program with actionable reporting (ph) and flexibility. Their existing tool was not scalable and did not meet their needs as an organization, which was growing and they needed to continue their digital transformation. For this, the customer required a hybrid approach, combining both Tenable.sc and Tenable.io to solve their strategic enterprisewide VM need. Another new logo ad was a global manufacturing company that was struggling with reporting and integration functionality of their existing VM solution. New asset scanning, such as IoT and web applications was also very important for this customer. Tenable.io, VM plus web app scanning solved most of their asset coverage requirement and we were also able to bring better reporting and integration capabilities to meet their needs. In addition, the customer also told us the Tenable's brand equity helped us win this logo and the decision maker used to use Tenable.sc at a prior company.

In our last example, I want to highlight one of our Nessus upsell, a large consumer packaged goods company that wanted to take their manual VM program, which was leveraged in Nessus professional to the next level. This included a more comprehensive scanning, including the deployment of agents, external scanning, multi-cloud environment scanning, passive monitoring and integration with their ticketing system, such as ServiceNow, and the customer told us that reporting functionality for the CIO and the board and the robust feature set for Tenable.sc and including Predictive Prioritization was absolutely critical to our differentiation and the win.

For all of these wins, we believe our continued evidence that Tenable is partnering more and more with customers interested in the best-of-breed strategic approach to understanding their cyber risk.

I'd like to now turn the call over to Steve to walk through our financial results for the quarter and our outlook for the year.

Stephen A. Vintz -- Chief Financial Officer

Thank you, Amit. As mentioned earlier, we are very pleased with the results for the quarter and excited about our outlook ahead. In particular, the investments we've made over the last several quarters in product and distribution are taking hold and are reflected in the more optimistic outlook we are providing for the remainder of the year. I will discuss our Q2 and full year guidance momentarily, but we'll start with a review of our Q1 results.

I'll begin by reminding you, except for revenue, all financial results we will discuss today are non-GAAP financial measures unless otherwise stated. As Andrea mentioned at the start of this call, GAAP to non-GAAP reconciliations may be found in our earnings release issued earlier today and on our website.

Now onto the results for the quarter. Revenue for the quarter was $80.3 million, representing 36% growth over the same quarter last year. It's worth noting that approximately 90% of our revenue recognized in the quarter was recurring, which is a benefit of our subscription model. Calculated current billings defined us the change in current deferred revenue, plus total revenue recognized in the period grew 25% year-over-year taking to $81.2 million in the first quarter of 2019.

Let's discuss customer momentum, which we believe is an indication of the sizable opportunity ahead of us and our ability to win share particularly in the enterprise market, where we are experiencing large land and expand deals.

First, we continue to see a robust greenfield opportunity from customers without formal enterprisewide VM programs. In the first quarter, we added 311 new enterprise platform customers. As much as 40% of our new logo ads in the quarter can come from this greenfield opportunity as vulnerability management and Cyber Exposure more broadly become increasingly strategic spending priorities; second, in terms of increasing the enterprise penetration, we added 41 net new six-figure customers in the quarter. These are customers who spend in excess of $100,000 annually on a last 12-month basis. This brings the total number of customer spending in excess of six figures to 494. These results are reflective both of our investments in dedicated enterprise sales resources, including named account sales reps, as well as our ability to assess an increasingly broad range of assets, including we believe applications, containers and operational technology.

In summary, we're pleased with our top line results for the quarter, especially given the context we highlighted on our last call. First, as it relates to our Federal business, we did overcome much of the impact from the 35-day federal government shutdown. However, the closing for certain new Fed deals and renewals is expected to happen later in the year. This is expected to just be timing and does not impact our outlook for the full year. Second, it's also worth noting that growth and calculated current billings in Q1 was impacted by a strong quarterly compare with over 45% reported growth last year.

That said, we're pleased with the continued momentum in our business, which is reflected in the updated guidance for 2019 that I will review shortly.

Now I'll turn to expense and profitability. Gross margin was 85% in Q1 compared to 86% in Q1 last year. And the gross margin was essentially flat compared to Q4, it is better than expected that the investments we are making in public cloud infrastructure, with the delivery of our Tenable.io platform are scaling better overall. Tenable continues to enjoy attractive gross margins on increasing demand and adoption for Tenable.io globally, all while providing a product platform that offers hybrid deployment options based on our customers' requirements.

However, we continue to add new functionality and additional points of presence globally and long term, expect gross margins to settle in low 80% to high 70% range over time. But as we look out the rest of the year, we expect gross margins to moderate to the high end of this range.

Now turning to operating expenses. We are focused on improving operating leverage in our business over the long term.

But in the near term, we are investing for growth. Sales and marketing expense in Q1 was $49.3 million compared to $39 million in the first quarter last year. This represents 61% of revenue for the quarter, down from 66% in Q1 2018, but up sequentially from 59% in Q4.

As a reminder, sales and marketing expense as a percent of revenue is typically higher in the first half of the year for us due to a large number of industry and other events as well as incremental investment in sales capacity in the first half of the year, which is expected to produce leverage over time. R&D expense in Q1 was $19.9 million compared to $16.7 million in Q1 last year. As a percent of revenue, R&D was 25% versus 28% in Q1 of last year and essentially flat to last quarter.

Innovation remains a top priority for us across all of our products, but especially around data science, analytics and coverage of new paradigm assets, including OT, IoT, cloud and containers.

G&A expense was $11.9 million for the quarter compared to $7.9 million in Q1 last year. As a percent of revenue, G&A was 15% versus 13% in Q1 2018 and essentially flat to last quarter. The increase largely reflects new costs associated with being a public company.

Our non-GAAP loss from operations in the quarter was $13.2 million. This result reflects $1.4 million of employee-related payroll taxes associated with option exercises, specifically Medicare and other forms of payroll taxes. Option exercises may vary quarter-to-quarter, so to the extent that employer-related taxes are significant in future periods, we will let you know.

Now the $13.2 million operating loss compares to a loss of $12.9 million in the first quarter last year. Non-GAAP operating margin was negative 16% compared to negative 22% from the first quarter last year, a negative 14% in Q4. Pro forma non-GAAP net loss per share was $0.13, which was $0.05 above our guided range of a loss of $0.19 to $0.18 per share. $0.02 (ph) for the beat is attributed to better than expected revenue with the remainder due to better overall gross margins and operational efficiency.

Focusing on the balance sheet. We finished the quarter with $299 million in cash and cash equivalents and short-term investments. In terms of cash flows, free cash flow burn was $3.2 million for the quarter compared to a burn of $1.1 million for the first quarter of 2018. However, included in the cash outlay this quarter is employee stock purchase plan activity. As a reminder, we started our ESPP program in August of 2018 and the first purchase date was on March 1 of 2019. Overall, the ESPP negatively impacted Q1 free cash flow by $4.9 million primarily from the contributions previously received as they were reclassed through a financing activity at the purchase date. On an annual basis however, the ESPP is not expected to have a significant impact of free cash flow due to the timing of future contributions and purchase periods.

Since we are on the topic of cash flow, as a reminder, later this year, we expect to incur approximately $10 million of nonrecurring CapEx related to the buildout of our new headquarters, which will primarily impact free cash flow for the second half of the year. Although, we still expect to become free cash flow positive as we exit 2020.

In summary, our Q1 results provided a solid foundation for successful 2019, which was well on the top line and demonstrated significant margin leverage.

Now let's turn to guidance. For the second quarter of 2019, we currently expect revenue to be in the range of $82 million to $83 million, non-GAAP loss from operations to be in the range of $15 million to $14 million. Non-GAAP net loss in the range of $14.5 million to $13.5 million and pro forma non-GAAP net loss per share in the range of $0.15 to $0.14, assuming a weighted average common shares outstanding of 95.7 million.

For the full year 2019, we currently expect revenue of $343 million to $347 million, calculated current billings of $413 million to $417 million; non-GAAP net loss from operations in the range of $57 million to $53 million; non-GAAP net loss in the range of $54 million to $50 million and pro forma non-GAAP net loss per share in the range of $0.56 $0.52 assuming a weighted average common shares outstanding of 96 million.

Included in the full year guidance is an expected annual non-GAAP provision for income taxes of $4.4 million to $4.6 million, which excludes the impact of stock-based compensation. Please keep in mind that the Q1 non-GAAP provision for income taxes was $750,000.

And now, I'll turn the call back to Amit for some closing comments.

Amit Yoran -- Chairman and Chief Executive Officer

In summary, we continue to be excited about the opportunity in vulnerability management and pioneering Cyber Exposure. We believe that the combination of our differentiated technology, even stronger now with Predictive Prioritization, our data integration capabilities and our strategic approach to VM position Tenable to successfully aid our customers in their journey to secure their digital transformation.

We now like to open the call up for any questions.

Questions and Answers:

Operator

Thank you. (Operator Instructions) Our first question is from Melissa Franchi with Morgan Stanley. Please proceed.

Melissa Franchi -- Morgan Stanley Equity Research -- Analyst

Good afternoon, and congrats on the quarter. Amit, maybe we can just start with a very high level question, on the health of the vulnerability management market, based on what you saw in Q1 and then just looking forward into the pipeline for 2019. How would you characterize the level of customer activity around VM relative to what you saw last year?

Amit Yoran -- Chairman and Chief Executive Officer

Yeah. All indications and engagement with our customers and prospects indicates that the market continues to heat up. There is continued recognition that VM is an absolutely foundational part of the security program. And as you see boards, audit risk committees and corporate directors, CEOs get more engaged in cyber issues, the foundational questions that they're asking are about what the state of their security program looks like. How exposed are they, how at risk are they? And those are foundationally questions that are answered from VM program. So we continue to see adoption and growth in account penetration in our existing accounts and we continue to see a pretty aggressive pace of new customer acquisition as well.

Melissa Franchi -- Morgan Stanley Equity Research -- Analyst

Okay, that's helpful. And then a follow-up for Steve. Just digging into the guidance for billings for -- or current billings for FY '19, you posted 25% growth in Q1, and I think the midpoint is implying 27% growth for the full year so a modest acceleration. Can you just walk us through what gives you confidence in that acceleration? And maybe discuss that in light of what you're assuming for the federal (ph) kind of deals coming back into the pipe in the second half?

Stephen A. Vintz -- Chief Financial Officer

Sure. Well, we do see increasing momentum as we look out in the year specifically in the second half of the year, as our guidance will contemplate. Our investments continue to take hold, both in terms of product and sales. In product, we continue to see improved competitive positioning and differentiation, both in terms of broad asset coverage as well as our analytic capabilities, such as Predictive Prioritization. And in terms of sales, we continue to add sales capacity and a large number of new logos and six-figure customers and we're expanding into new geos and major economies throughout the world. So what all this means is that, we're off to a good start for the year and we're well positioned for a successful 2019 and what we believe is a very large and growing market.

Melissa Franchi -- Morgan Stanley Equity Research -- Analyst

All right. Thank you very much.

Operator

Our next question is from Sterling Auty with JP Morgan. Please proceed.

Matt Parron -- JP Morgan -- Analyst

Hi. This is Matt Parron on for Sterling tonight. I have two questions. So I know you guys touched on little bit on the federal space, but I wanted to get a sense how was demand with federal space given the shutdown and what that could mean for Q2? And in addition, if you guys could describe a bit the competitive landscape in the quarter and if there are any changes to win rates? Thanks.

Stephen A. Vintz -- Chief Financial Officer

In terms of fed, we did comment earlier, but there were some modest impact from fed in Q1. But fed came in better than expected in the quarter but more notably, the better than expected results was due to overall better performance across the board globally as well as across product portfolios. So fed really has no impact on our outlook for the year. What we're really talking about is just timings in terms of quarterly flow. So the basis for the revised guidance is strictly on the basis of improved overall performance for the company.

Amit Yoran -- Chairman and Chief Executive Officer

Yes. I think maybe I'll just touch on the competitive win rates remain very strong. We win far more frequently than we lose whenever we get into a competitive situation and feel like our product sets deliver superior functionality and capability. So frequently, when we're in competitive engagements, if the customers are doing diligence, if they're hands on testing the products with an exceptionally high win rate from a technical standpoint. So we feel very good about our win rates and have not seen any significant change or any deterioration of that during the course of the quarter.

Matt Parron -- JP Morgan -- Analyst

All right. Thanks.

Operator

Our next question is from Jonathan Ho with William Blair. Please proceed.

Jonathan Ho -- William Blair & Company -- Analyst

Hi. Good afternoon and congrats on the strong quarter. I just wanted to start out with maybe some updated thinking around the Lumin timing and maybe, can you give us an updated thought on -- in terms of how that will factor into 2019?

Amit Yoran -- Chairman and Chief Executive Officer

Yeah, I'll talk maybe a little bit about the Lumin update. As you know, over the last couple of months, about two months ago, we released Predictive Prioritization into our Tenable.sc product. And over the last week or two, we released Predictive Prioritization into Tenable.io platform. The market reception for that capability has been very strong and as customers get into the deployment cycle, there -- we're already getting feedback from the field that it's radically changing how customers are thinking about their own vulnerability management programs and their enterprise risks. So we feel like we've got a great stepping stone for Lumin and getting customers condition to thinking about us, not only to gain insight into their vulnerabilities, but also in how they analyze and think about those vulnerabilities and translate those vulnerabilities into enterprise risk. We continue to move forward with Lumin. Lumin will build on Predictive Prioritization by adding in an understanding of asset criticality and also performing key benchmarking capabilities and functions. We said previously that we anticipate a 2019 GA release for Lumin and that remains our commitment.

Jonathan Ho -- William Blair & Company -- Analyst

Got it, got it. And then can you talk a little bit like -- I think you gave an example of a customer that was buying both SC and I/O. Can you talk about maybe the -- what the use case is for buying both of those products? And potentially, what types of pinpoints you can solve by having both SC and I/O?

Amit Yoran -- Chairman and Chief Executive Officer

Yeah. At this point, we have about 1,000 customers that are now using both Tenable.sc and Tenable.io where they have a majority of their VM capabilities in-house on-premise. They prefer to integrate with their on-premise platforms and leverage Tenable.sc. They also have some specific requirements if they want to leverage a cloud-based platform and infrastructure for us. So one common use case is mobile workforces, mobile agent technologies, where they want those systems to report back to their cloud infrastructures that are having to punch holes through the firewall and tunnel those external data sets into an on-premise product or application. Other great examples include assessing cloud-based infrastructure through native connectors to the three major cloud providers, and the elasticity requires in a lot of DevOps and container-based environment. So those are probably the use cases that are most frequently driving a hybrid-type approach to the enterprise market.

Jonathan Ho -- William Blair & Company -- Analyst

Great. Thank you.

Operator

Our next question is from Gur Talpaz with Stifel. Please proceed.

Gur Talpaz -- Stifel, Nicolaus & Co. -- Analyst

Great. Thanks for taking my questions. Congrats on the quarter. Amit, first question for you. I wanted to talk about new asset coverage, specifically in both ICS OT and then containers. And the question there is twofold; one, given sort of the fundraising that's happened in the space over the past quarter, have you seen a shift in awareness around this? And then two, from a customer standpoint, are you seeing greater interest in consolidating and managing all these disparate pieces of infrastructure in a centralized solution? I know it's early, but just kind of curious to see what you're getting out there these days? Thank you.

Amit Yoran -- Chairman and Chief Executive Officer

Yeah. We're definitely seeing growing interest and I think part of it is, and I don't know if's is the cart of the horse and which one comes first in this case, but there's certainly more funding going into the market, but there's also I think much more customer demand, greater awareness from the OT, from the operational side of the house, in leveraging expertise, cyber security expertise, that exist on the IT side of the house. And what we've seen over the last 18 months or so is that a lot of CISOs are now being given responsibility or at least invited over the fence and into the OT environments to help determine what the exposures and risks look like. From our perspective, we certainly focus or try to drive the point home that we can provide them a sort of unified view of their OT infrastructure along with their IT infrastructure. But it's not so much a unified view as much as it is nearly impossible today to assess an OT environment without also understanding the IT components that are part of that operational architecture. So you've got in these OT environments a lot of common compute platforms and operating systems, and if you're only looking at the OT components, you're not really understanding the risk of the broader control system and the broader environment. So -- and we think having that hybrid approach is critical and we're seeing it in -- when we have competitive wins against pure-play OT vendors. And I think you're seeing some other IT vendors also provide the sort of converged approach to OT/IT.

Gur Talpaz -- Stifel, Nicolaus & Co. -- Analyst

That's helpful. And maybe just on the product centric question around predictive prioritization. It's something you chose to include in both SC and now I/O. Are you starting to see create a that differentiation and space between you and the competitive subset out there? How has customer response been toward the inclusion of that into the product suite? Thank you.

Amit Yoran -- Chairman and Chief Executive Officer

Yeah. Actually the -- the market and the customer response has been extremely positive. When we tell them the story, they get really excited about the new capabilities and the fact that we've done a lot of sophisticated work around determining which vulnerabilities are exploitable, which ones have exploit code available on the wild, which ones are being leveraged by threat actors. And so the combination of these different perspectives helping them prioritize which vulnerabilities to go after. So we've heard a lot of positive feedback. And just -- these are fairly recent releases and they're early in the adoption cycle. I literally was in Denver yesterday talking to an enterprise customer. And he opened up the meeting by saying, thank you for Predictive Prioritization, it's literally changed how our security team thinks about vulnerability management. So the feedback is early, but it's positive and we remain very optimistic about it being a key differentiator for us.

Operator

Our next question is from Gray Powell with Deutsche Bank. Please proceed.

Gray Powell -- Deutsche Bank Securities -- Analyst

Great. Thanks for taking the questions. Just a couple, if I may. So can you talk about how your enterprise sales motion has evolved over the last couple of years? And then are there any insights you can give on the growth of your direct sales reps this year?

Stephen A. Vintz -- Chief Financial Officer

Yes. The one thing that we've made very clear is that we see a very sizable opportunity with VM and the broader mandate Cyber Exposure. As a result, given the confidence to continue to invest. So we continue to add self capacity on a year-over-year basis, continue go into new markets, which we have planned for this year, and in particular, major -- still major sectors of the economy that we're not addressing that we'll now have coverage on. But in particular, we also are adding named account reps, which we talk a little bit about last year. Those investments are taking hold. You can see the momentum that we're clearly demonstrating in the enterprise market, we're adding a steady and healthy rate of new logos, over 300 a quarter. Increasing larger number of land and expands. And -- so we think -- we're starting to see some early returns on the investments we're making, not just in terms of coverage and capacity, but also in particular, the ability to transact larger deals with sales reps that are focused on the largest of accounts. So I think as we look out the rest of the year, it's one of the reasons why we can still have confidence, no one gives us the outlook that we're providing today.

Gray Powell -- Deutsche Bank Securities -- Analyst

That's helpful. Then just a quick follow-up. Just any update on the mix or sort of revenue from new customers versus existing or the growth?

Stephen A. Vintz -- Chief Financial Officer

No. Nothing notable in that regard.

Gray Powell -- Deutsche Bank Securities -- Analyst

Okay. Thanks a lot.

Operator

Our next question is from Daniel Ives with Wedbush Securities. Please proceed.

Daniel Ives -- Wedbush Securities -- Analyst

Yeah. Thanks and great quarter. So does it feel like the conversations are becoming more strategic with customers relative to maybe where we were a year ago, even six months ago, just given what we're seeing in the field as well as your product suite?

Amit Yoran -- Chairman and Chief Executive Officer

I think that's fair to say. Over the last year or two that the VM market and understanding of what you have in your environment and where and how it's exposed has become one of the most important cybersecurity risk topics for corporate executive. So I'd say it's a fair characterization.

Daniel Ives -- Wedbush Securities -- Analyst

Okay. And then how much of your success now, even building the pipeline is relative to your execution in the product suite and pipeline versus maybe even competitive seeking and sort of maybe a movement of share that's happened in the market? I mean maybe just anecdotally talk about that.

Amit Yoran -- Chairman and Chief Executive Officer

Yeah. It's a great question. I think we compete effectively. I think we win more frequently than we lose. We certainly do displace competitors on occasion. There's also I think, as you said, growing importance and understanding of the importance of VM. So there's a natural progression in growth within each account. We also look and do some fairly careful analysis of our large customer wins in any given quarter. We see consistently that about 30% of our new enterprise wins are coming to us from what we characterize as greenfield account. So enterprises that previously had no meaningful VM program. So they were relying on maybe an annual audit from some consultancy or big four or something like that, and they're now realizing that they have to have this much more mature capability doing in-house vulnerability management and Cyber Exposure. So, yeah, I think there's a combination. I think, look, we're laser focused. We're a best-of-breed provider. I think we've increased our lead from our competitors. I think our enterprise accounts are recognizing that they need more pervasive coverage in and across their environments. And also a lot of greenfield accounts waking up to the importance of VM.

Daniel Ives -- Wedbush Securities -- Analyst

Thanks.

Operator

Our next question is from Joshua Tilton with Berenberg Capital Markets. Please proceed.

Joshua Tilton -- Berenberg Capital Markets -- Analyst

Hi. Thanks for taking my questions. Just back to competition. And speaking with competitors, they've cited good win rates from competing financials customers, also I've seen an increase in advertisement for some of your competition outright saying they have better scanners than Nessus and Tenable. Has it become more difficult to convert Nessus customers to more expensive offerings? Just maybe you talk about the competitive landscape there possibly?

Amit Yoran -- Chairman and Chief Executive Officer

No. I think we consistently see very strong conversion rates from Nessus on to our enterprise platforms. And I would suggest that anybody that does any meaningful testing, there's a qualitative and a quantitative delta of significance between us and any of our competitor. So, yeah, I don't know if they're looking -- what specifically they're talking about, but in head-to-head technical competition, it is exceptionally rare that we'll lose on the technical testing.

Joshua Tilton -- Berenberg Capital Markets -- Analyst

Okay, that's helpful. And then just a follow-up really quick. Has there been any news of The Sea Turtle campaign or may be rushing attack or using malware to specifically target operational tech? Does that drive incremental conversations around the industrial security SKU?

Amit Yoran -- Chairman and Chief Executive Officer

I think there has been a steady -- the short answer is yes, I think there has been a steady war drum of increased awareness in the TO world and that's been probably driving a lot of the conversations between the CISO and operational environments. And it's certainly the campaigns, but it's also stories continuing to come out of -- and case studies and analysis of actual losses being incurred. Some high profile ones that you've seen in news, although, going back to not pitch in and before, where you're talking about hundreds of millions of dollars of tangible loss being incurred.

Daniel Ives -- Wedbush Securities -- Analyst

Thank you. That's really helpful.

Operator

This concludes our conference for today. Thank you for your participation. You may disconnect your lines at this time.

Duration: 46 minutes

Call participants:

Andrea DiMarco -- Vice President, Investor Relations and Strategy

Amit Yoran -- Chairman and Chief Executive Officer

Stephen A. Vintz -- Chief Financial Officer

Melissa Franchi -- Morgan Stanley Equity Research -- Analyst

Matt Parron -- JP Morgan -- Analyst

Jonathan Ho -- William Blair & Company -- Analyst

Gur Talpaz -- Stifel, Nicolaus & Co. -- Analyst

Gray Powell -- Deutsche Bank Securities -- Analyst

Daniel Ives -- Wedbush Securities -- Analyst

Joshua Tilton -- Berenberg Capital Markets -- Analyst

More TENB analysis

Transcript powered by AlphaStreet

This article is a transcript of this conference call produced for The Motley Fool. While we strive for our Foolish Best, there may be errors, omissions, or inaccuracies in this transcript. As with all our articles, The Motley Fool does not assume any responsibility for your use of this content, and we strongly encourage you to do your own research, including listening to the call yourself and reading the company's SEC filings. Please see our Terms and Conditions for additional details, including our Obligatory Capitalized Disclaimers of Liability.