Greetings. Welcome to the Tenable Q4 2021 Earnings Conference Call. (Operator Instructions) Please note, this conference is being recorded.
I will now turn the conference over to your host, Erin Karney, Head of Investor Relations. Thank you. You may begin.
Erin Karney - Tenable Holdings, Inc. - Senior Director of IR
Thank you, operator, and thank you all for joining us on today's conference call to discuss Tenable's fourth quarter and full year 2021 financial results. With me on the call today are Amit Yoran, Tenable's Chief Executive Officer; and Steve Vintz, Chief Financial Officer. Prior to this call, we issued a press release announcing our financial results for the quarter. You can find the press release on the IR website at tenable.com.
Before we begin, let me remind you that we will make forward-looking statements during the course of this call, including statements relating to Tenable's guidance and expectations for the first quarter and full year 2022; growth and drivers in Tenable's business; changes in the threat landscape in the security industry and our competitive position in the market; growth in our customer demand for and adoption of our solutions; the potential benefits of our acquisitions, planned innovation and new products and services; Tenable's expectations regarding long-term profitability and the impact of COVID-19 on our business and on the global economy.
These forward-looking statements involve risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. You should not rely upon forward-looking statements as a prediction of future events. Forward-looking statements represent our management's beliefs and assumptions only as of today and should not be considered representative
of our views as of any subsequent date. We disclaim any obligation to update any forward-looking statements or outlook. For a further discussion of the material risks and other important factors that could affect our actual results, please refer to those contained in our most recent quarterly report on Form 10-Q and subsequent reports that we file with the SEC, which are available on the SEC website at sec.gov.
In addition, during today's call, we will discuss non-GAAP financial measures. These non-GAAP financial measures are in addition to and not a substitute for or superior to measures of financial performance prepared in accordance with GAAP. There are a number of limitations related to the use of these non-GAAP financial measures versus their closest GAAP equivalents. Our earnings release that we issued today includes GAAP to non-GAAP reconciliations for these measures and is also available on the Investor Relations section of our website.
I'll now turn the call over to Amit.
Amit Yoran - Tenable Holdings, Inc. - CEO
Thank you, Erin, and thank you for joining us today.
Today, I'll discuss our financial performance in Q4, strength in core VM, our traction with our individual exposure solutions and the expansion and differentiation of our unified platform. With that, let me first touch on our Q4 results.
We saw tremendous strength in the fourth quarter driven by contributions from all products and theaters. Our CCB growth for the quarter was 29%, capping a year where we saw accelerated growth at scale balanced with profitability, including strong unlevered free cash flow. During Q4, we added 562 new enterprise platform customers and added 100 net new 6-figure customers. Both are record adds for us in a single quarter.
As the leader in VM, our expertise is finding assets, identifying how those assets are configured and how and where they're vulnerable and prioritizing those vulnerabilities and exposures, guiding our customers on how best to manage risk. Nessus has been and continues to be the standard for assessing system security and vulnerabilities. Over the last few years, we have seen an acceleration of downloads of Nessus. And in Q4, we saw continued strength with Nessus customers on-ramping to our enterprise platforms.
Our drive to lead the market in terms of vulnerability coverage, accuracy of our assessments, time to market for developing new checks as critical new vulnerabilities emerge are highly appreciated and recognized by our customers. In Q4, Log4j highlighted and continues to highlight the strategic importance of discovering and managing vulnerabilities. Regardless of marketing claims, no WAF, no next-gen firewall, no EDR, no XDR, nor any other product is able to assess, identify and prevent the growing breadth of Log4j. Tenable already covers over 100 Log4j vulnerability detections, including direct checks and checks over HTTP, HTTPS, SMTP, POP3, IMAP, Telnet, SSH, SNMP, NTP, FTP, NetBIOS and other protocols. And we've only begun to pull on the long tail of Log4j-related issues. If it's your mission within the enterprise to answer the question, how secure am I? How at risk am I? Then Tenable has differentiated itself as the market leader and platform to use.
Enterprise attack surfaces keep expanding, creating opportunities for Tenable's exposure solutions. We saw another quarter of tremendous traction in our solutions for operational technology and active directory as we bring our expertise to these underserved markets. We believe we're the only vendor that provides complete understanding of IT and OT converged environments, coupled with a deep understanding of exposure and risk. This unique understanding of both of these environments enables us to provide a differentiated and compelling solution in the market. We also see strong traction in Tenable.ad, our active directory security product and expect that to continue to be very attractive market for us. 86% of enterprises are expecting to increase their spending on active directory security in 2022. We believe we're solving a great pain point in this largely greenfield market where we have the leading technology.
In addition to our traction in these markets, we're seeing strength in our cloud products and excitement around cloud expansion. We've long focused on helping our customers secure their cloud environments. Cloud-based capabilities require assessing the security web applications and a deep understanding of containers. We've had cloud-native connectors for years. And more recently, we've introduced frictionless assessment. With continued demand from our customers to help them secure their cloud environments, we've extended our investment into Infrastructure as Code, into Kubernetes and into cloud security posture management with the acquisition of Accurics.
As we continue to build out and integrate our full portfolio of cloud capabilities, our reach expands all the way from the far left, from building and assessing vulnerabilities in code and fixing them preproduction, all the way to the far right, where we're discovering assets, evaluating drift and exposures in runtime. We identify misconfigurations and fix assets across their entire life cycle. Tenable becomes the definitive place to go to for assessing and understanding risk across the entire cloud deployment, not just the development piece, and not just the cloud and Kubernetes infrastructure configuration, and not just the containers or the virtual machines themselves.
If it's your job to assess cyber risk for the Audit and Risk Committee, for the CSO, for the CEO, for the Boards of Directors, Tenable.ep, our exposure platform, can help you understand cyber risk in the broader context of your business. Our market leadership in VM, in assessing and addressing cyber risk put us in position of strength to evolve naturally with our customers into new environments. Security teams cannot properly assess risk in their IT environment without understanding and integrating risk from their AD environment, their cloud environment and others. They demand this unified integrated approach.
And we're seeing this play out in the market. Tenable.ep had another strong quarter, and we expect that traction to continue as we're now expanding Tenable.ep to incorporate more of our exposure solution, including Tenable.ad and Tenable.cs, which includes Infrastructure as Code, Kubernetes, CSPM, container and other cloud security capabilities. With these integrations, Tenable.cs as part of EP will deliver a cloud-native application security platform as an integrated end-to-end security solution and a complete picture of cyber risk across the modern attack surface with unified visibility into code, configurations, assets and workloads.
Earlier today, we announced that we've reached an agreement on a tuck-in acquisition of an attack path analysis company in Israel called Cymptom, which we expect to close this quarter. Cymptom's technology maps vulnerabilities and exposures across asset types into attack paths and prioritizes how to address likely paths of exploitation.
After the closing, this technology, when integrated into EP, will run alongside enhancements to Lumin and other market-leading analytics, enabling security teams to preemptively focus response efforts ahead of and during breaches. Serving our customer's need to understand their cyber risk is what drives our vision and our expansion across VM, active directory, public clouds and OT environments into an integrated unified workspace. We believe augmenting EP's unified data sets and analytics with attack path analysis will enable Tenable to continue to extend our leadership in cyber risk management.
The world of the CISO is managing many risks across many interconnected and interdependent system. Assessing risk means understanding discrete elements of exposure but also their interdependency. Weaknesses in identity and IT can affect OT and shut down a pipeline. Ransomware and nation-state breaches breach IT and target active directory. At Tenable, we're not only focused on delivering best-of-breed technologies in exciting markets. We're pursuing a platform vision for understanding and managing cyber risk that we believe is unlike anything else available.
And this brings me to the key conclusion I want to leave you with. Yes, we see strong performance in VM. Yes, we see strong growth and potential in our individual exposure solutions across active directory and operational technologies and cloud security. But if there's one single thought, one sole conclusion it's this: that it's nearly impossible to accurately assess the risk associated with any one piece of technology in isolation. Our unified platform not only brings together market recognized leading exposure solutions, we're bringing more of these data sets together in a unique cyber exposure platform with differentiated and compelling analytics.
I'd like to turn the call over to Steve now.
Stephen A. Vintz - Tenable Holdings, Inc. - CFO
As Amit mentioned earlier, we are delighted with the results for the fourth quarter, highlighted by significant acceleration in CCB growth, a notable beat in earnings per share and attractive levels of unlevered free cash flow. I will provide more commentary on each of these points momentarily. But first, please note that all financial results we discuss today are non-GAAP financial measures, with the exception of revenue. As Erin mentioned at the start of this call, GAAP to non-GAAP reconciliations may be found in our earnings release issued earlier today, which is posted on our website.
Now on to our results for the quarter. Revenue for the quarter was $149 million, which represents 26% year-over-year growth. Revenue in the quarter exceeded the midpoint of our guided range by $5 million. Visibility remains high as our percentage of recurring revenue was 95%, which is primarily a result of our annual prepaid subscription model. Revenue for the full year was $541.1 million, which represents 23% growth year-over-year.
The outperformance in revenue is a result of accelerating growth in calculated current billings. CCB, defined as the change in current deferred revenue plus revenue recognized in the quarter, grew 29% year-over-year to $194 million. Q4 capped a very successful year for us, in which we saw CCB growth accelerate throughout the year from 20% in Q1, to 23% in Q2, to 25% in Q3, and now to 29% in Q4. We attribute this inflection in growth to our differentiated VM capabilities, expanding product portfolio and increased investment in sales capacity and go-to-market activities.
During Q4, we saw strength across the board in both new and renewal business and in all geographies. It's important to note that we experienced very good linearity entering December, and we're on our way to one of our best growth quarters of the year. However, after the discovery of Log4j in December, we saw a significant uptick in our expansion rates as customers increased coverage of both assets and applications. Our expansion rates also benefited from exceptional renewals, including win backs and limited customer churn, all of which lifted our net dollar expansion rate.
Likewise, we also saw outperformance in new logos, particularly in the mid-market through our inside sales efforts and from no-touch Nessus sales channels given the relatively short sales cycles. New logo sales from large market customers with longer sales cycles also saw strong close rates for opportunities that were already advanced in the Q4 pipeline. New pipeline build in the quarter for the large market was also very healthy.
Now in terms of metrics underpinning our strong financial performance, we added 562 new enterprise platform customers in the quarter, which is a record for us and up from the 460 we added in Q4 last year. We also had success with large deals as we added 100 net new 6-figure customers in the quarter, which is up from 66 in the same period last year. Similar to new enterprise platform customers, the number of net new 6-figure customers we added in Q4 is our largest ever in a single quarter and brings the total number of new enterprise platform customers spending over $100,000 per annum to almost 1,100.
From a product mix perspective, our exposure solutions, which includes Tenable.io, Tenable.ep and its modules, active directory security and operational technology security, continue to gain traction and saw outsized growth. We attribute the strong demand to our customer's need to assess risk holistically across IT assets, identities and OT assets.
While we saw strength in cloud use cases, it should be noted that Accurics' contribution to CCB in the quarter was nominal since the acquisition closed in Q4 and Accurics' Infrastructure as Code capabilities were not integrated into our go-to-market motion in the quarter. We believe Accurics' ability to assess and secure critical cloud infrastructure prior to deployment will significantly enhance our existing cloud capabilities and augment our strength in runtime environments.
Accordingly, we plan to soon announce the availability of our more expansive cloud security offering and the integration of these capabilities with EP shortly. And given sales cycles, we expect CCB to begin to benefit in the second half of the year. In summary, we are delighted with the trend in the top line this year.
Now I'll turn to expenses, which include incremental investments in growth and the operating expenses related to Accurics. I'll start with gross margin, which was 82% this quarter, down 70 basis points from last quarter. Gross margin for the full year was also 82%. Cost of sales increased sequentially due to higher public cloud and related costs associated with the increased customer usage of our products and costs related to scaling the Accurics infrastructure in support of a more expansive cloud security offering.
We are also investing in a broader set of advanced analytics across the attack surface to help customers better predict attack paths and assess risk holistically. Looking ahead, we expect these investments to continue into 2022, which could modestly impact gross margin. Long term, we still expect gross margins to be in the high 70% to low 80% range.
Sales and marketing expense for the quarter was $69.5 million, which is up from $60.7 million last quarter. Sales and marketing expense reflects higher wages and benefits related to hiring more sales reps and other headcount as well as accrued payroll taxes. Further, it reflects higher
Tenable Holdings Inc. published this content on 02 February 2022 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 02 February 2022 18:58:03 UTC.