Varonis : Citi 2023 Global Technology Conference Transcript

Corrected Transcript

06-Sep-2023

Varonis Systems, Inc. (VRNS)

Citi Global Technology Conference

	Total Pages: 13
1-877-FACTSET www.callstreet.com	Copyright © 2001-2023 FactSet CallStreet, LLC

Varonis Systems, Inc. (VRNS)	Corrected Transcript
Citi Global Technology Conference	06-Sep-2023

CORPORATE PARTICIPANTS

David Gibson

Senior Vice President-Strategic Programs, Varonis Systems, Inc.

Guy Melamed

Chief Financial Officer & Chief Operating Officer, Varonis Systems, Inc.

.....................................................................................................................................................................................................................................................................

OTHER PARTICIPANTS

Mark Zhang

Analyst, Citi

.....................................................................................................................................................................................................................................................................

MANAGEMENT DISCUSSION SECTION

Mark Zhang

Analyst, Citi

All right. Good to go. Great. Well, thank you guys so much. Good afternoon. Thank you for attending Citi's Global Tech Conference, my name is Mark Zhang. I support Fatima Boolani with the Citi's Software Research coverage. And today, I have the pleasure of having Varonis here with us. To my left, is David Gibson, SVP of Strategic Programs; and to his left is Guy Melamed, CFO and COO extraordinaire. So thank you guys for coming and all your time.

[ph] Might I just so (00:40) jumped right into it. Maybe just a quick overview for those who aren't familiar with what you guys do and what Varonis's mission. Can you just maybe give a quick summary on the state of the union, what you guys do, who you are, and what your capabilities and solutions solve for?

.....................................................................................................................................................................................................................................................................

David Gibson

Senior Vice President-Strategic Programs, Varonis Systems, Inc.

Certainly. So Varonis sells software that protects data. We have a SaaS-based solution that helps people understand their data, meaning what's important, who's got access to it, who's using it, where is it at risk? And then we use automation to lock down the risks that we can see with that new visibility, as well as monitor how it's being used so we can detect threats to data and stop them automatically like an insider, like a Snowden or a Teixeira, who is the insider with the Pentagon breach recently, or an external attacker like a ransomware or any other sophisticated attacker that may be after data.

	2
1-877-FACTSET www.callstreet.com	Copyright © 2001-2023 FactSet CallStreet, LLC

Varonis Systems, Inc. (VRNS)	Corrected Transcript
Citi Global Technology Conference	06-Sep-2023

QUESTION AND ANSWER SECTION

Mark Zhang

Analyst, Citi

Q

Got you. okay, perfect. Now, I guess, it sounds - obviously, you guys protect data, plant cybersecurity space, but cybersecurity is a broad landscape and it's getting broader every day. Can you maybe help just frame exactly where you play in the cybersecurity space? What does your solution help maybe protect against, who are the threat actors you basically target and protect your customers [ph] against (02:22)?

.....................................................................................................................................................................................................................................................................

David Gibson

Senior Vice President-Strategic Programs, Varonis Systems, Inc.

A

Certainly. It's interesting if you talk to any cybersecurity professional, of course, they would say we protect data. If you ask them like, is protecting data important to you? But if you really think about the history of security, most of the technologies really didn't start with data, right? The metaphor was more about keeping the bad guys out, kind of starting with a firewall, a network based kind of keep the bad guys from the Internet out or from the endpoint.

When you look these traditional approaches that people have been trying to keep the bad guys out, didn't start with data. So, our approach has always been to focus on where the biggest concentrations of data live in an organization. In these days, they don't really live on an endpoint. They live in massive data stores, in data centers, and in the cloud. And for the most part, the security technologies have been adjacent to these haven't really directly interrogated these data stores in a way that we have. That's really where our approach differentiates, is to look inside these massive data sets to find what's important. So, regulated data, sensitive information, information that might be financial records or credentials like passwords in clear text, right, or keys in clear text like the kind that really exacerbated the Uber breach, and then see who can touch them.

If you go to many organizations and you ask them, show me all the data somebody can touch. That's a very hard mission, right. Who can touch them? Who's using them? And so, it starts there with understanding that approach, right, of how is the data laid out and how is it protected? And from there, we can automate a lot of the remediation tasks like locking things down, and then also use the same technology to make sure that people are using the data correctly.

.....................................................................................................................................................................................................................................................................

Mark Zhang

Analyst, Citi

Q

Got you. No, that's great. And that's great that you actually mentioned real world experience on whether it's for Uber and other data breaches. But any other sort of examples you could maybe give a sense of a full chain of whether it's from an attack to, I guess, like remediation to how to basically get back to I guess like run state back, I guess like, back to normalization?

.....................................................................................................................................................................................................................................................................

David Gibson

Senior Vice President-Strategic Programs, Varonis Systems, Inc.

A

Certainly. So, when we start with organizations and we have some of these conversations about where do you store your critical data and how confident do you feel about how well it's protected? That usually leads to a risk assessment. This is a core part of our selling motion where we will light up our SaaS solution and map a data store for them or couple of data stores. And invariably what we see is what people kind of knew was probably true to begin with. Yeah. There is - way too many people have way too much access to data and there are some

	3
1-877-FACTSET www.callstreet.com	Copyright © 2001-2023 FactSet CallStreet, LLC

Varonis Systems, Inc. (VRNS)	Corrected Transcript
Citi Global Technology Conference	06-Sep-2023

surprises where sensitive data is stored, how people are using it. And if you think about the way attacks work today, there's a huge threat landscape. There's all sorts of endpoints. There's all sorts of cloud applications. There are just an innumerable amount of ways that an attacker could get in, and it's almost impossible to tell where an attack is going to come from. But you know where it's going. It's always going to the data, right.

So, really, getting a handle on the data, what happens if an endpoint misses something? What happens if you have a vulnerable server? What happens if you have an insider like a Snowden? What's going to protect you then? Our risk assessments light up that kind of situation and illustrate how we can get back to that state you mentioned. We now have a blueprint. Once we do this risk assessment, here are the highest concentrations of sensitive data that are most exposed, and you don't have to live with that. Our automation automatically addresses these risks, and that's one of the things that's really appealing about our platform is the amount of results, the amount of outcomes you get without effort. Because a lot of security teams are stretched pretty thin these days.

.....................................................................................................................................................................................................................................................................

Mark Zhang

Analyst, Citi

Q

Right. Right. Yeah. That sounds like a unique offering and very competitive in the market. So, maybe, if I am a security analyst today, if I don't use Varonis, what are my alternative options? What else are you?

.....................................................................................................................................................................................................................................................................

David Gibson

Senior Vice President-Strategic Programs, Varonis Systems, Inc.

A

Sure. So - and let's broaden it from just a security analyst, I can talk about that specific use case, too, but just security teams, it's not like they're not trying to secure data to lock down data. Nobody would say that they're not trying. It's just that the amount of risks that are being generated every day are almost immeasurable and certainly irreparable manually.

With cloud repositories today, I don't know how many people here use Teams or Microsoft 365 or Box or Google Drive, these platforms have made it so easy for end users to collaborate without any help or any guidance from IT. I think of it as a party with no parents' home, right? There's just chaos happening in the time that we've had this conversation. There's been more risk generated by end users than we could count, right? So the idea that you can address some of these risks without specific automation that was built for it has just become kind of a non-starter for folks. So, people have started with native technologies, point solutions, other security technologies that eat around the problem but don't address it head on.

.....................................................................................................................................................................................................................................................................

Mark Zhang

Analyst, Citi

Q

Got you. And then to that point, can you maybe give a sense of what the competitive landscape looks like, who you compete against? How do you differentiate yourself when it comes to maybe a platform vendor like a Microsoft. Obviously, Microsoft this is 300-pound gorilla or [ph] 500-pound gorilla, 800-pound gorilla (09:01) that is turning everyone. Do you guys see sort of a threat from them as well? And how do you sort of differentiate yourself from this?

.....................................................................................................................................................................................................................................................................

David Gibson

Senior Vice President-Strategic Programs, Varonis Systems, Inc.

A

Well, we're a Microsoft partner and we have actually a great synergy with Microsoft now. One of the ways that people are trying to protect data is to try to prevent sensitive data from being e-mailed out or being saved to a USB key or being printed. And for that, Microsoft has a nice technology called Purview Information Protection.

	4
1-877-FACTSET www.callstreet.com	Copyright © 2001-2023 FactSet CallStreet, LLC

Varonis Systems, Inc. (VRNS)	Corrected Transcript
Citi Global Technology Conference	06-Sep-2023

And the idea is that you put labels on these files that shouldn't be printed or you shouldn't be sent, right, or should be encrypted. And that happens automatically and that provides a layer of protection.

With Varonis, people are able to actually get the right labels on the right files far more quickly without even requiring users to put a label on the files at all. And so that helps the story, that kind of - it's a better together story there. So, more and more, I think as our platform has matured and as the ecosystem has developed, our place in it is becoming clearer. And how we help with other technologies like Microsoft is becoming clearer.

.....................................................................................................................................................................................................................................................................

Mark Zhang

Analyst, Citi

Q

Got you. Okay. Now, that's great. And now that the platform is maturing and you guys actually recently starting to talk more about your new model transition to SaaS, maybe we'll get Guy more involved here as well. But maybe can you give a sense of what this transition entails? What kind of most delivery you've had and what, I guess, like essentially it's net new with the SaaS model transition.

.....................................................................................................................................................................................................................................................................

Guy Melamed

Chief Financial Officer & Chief Operating Officer, Varonis Systems, Inc.

A

So, I think start from the important part, SaaS is a better product and we're getting a lot of positive reactions from our customers on how the product is so much better and we're getting very positive reaction from our sales force, so that's been a very interesting kind of as we track through the transition and we're very early in it, this is only our third quarter, we feel very good about where we are.

When we talked about kind of the timeframe for that transition, we talked about a five-year period. We talked about Phase 1 where we target new customers selling them SaaS and then we expected that to be anywhere between one to two years. And then as we get close to ending that part, we would start targeting Phase 2, which is converting our existing customers from self-hosted to SaaS. And we talked about Phase 2 being anywhere between three to four years. So, the aggregate transition expected to be five years and we defined a transition to be complete when we have anywhere between 70% to 90% of our ARR coming from SaaS.

Now, what's great is that at the end of Q2, we already reached about approximately 10% of our ARR coming from SaaS, which is great progress for us, and we talked about the fact that at the end of the year, we will have to reevaluate our timeframe because what's actually happening is that Phase 2, our existing customers, in a very natural way, are requesting to convert to SaaS. Our reps make money on anything they get on top of the renewal. So, it works for them, it works for our customers. As I said before, it's a better product. So it's a win-win for us, win-win for everyone.

.....................................................................................................................................................................................................................................................................

Mark Zhang

Analyst, Citi

Q

Got you. You say it's a better product, but can you maybe give a sense of why that SaaS product is different or better from the previous version for customers? Does it drive just greater adoption, just greater sales motion? I mean you mentioned greater sales motion, but anything else that we should keep in mind as you're going through this transition?

.....................................................................................................................................................................................................................................................................

Guy Melamed

Chief Financial Officer & Chief Operating Officer, Varonis Systems, Inc.

A

So, several elements. The first element is that in this environment where so many - the threat landscape is evolving by the minute, your ability to provide updates and upgrades in an instantaneous way through SaaS is

	5
1-877-FACTSET www.callstreet.com	Copyright © 2001-2023 FactSet CallStreet, LLC