Yahoo Finance

Joo Mi Kim

Thanks, Sumedh, and good afternoon. Before I start, I'd like to note that except for revenue, all financial figures are non-GAAP, and growth rates are based on comparisons to the prior year period unless stated otherwise.
We're pleased to report a healthy finish to the year, highlighting our continued execution, financial discipline and scalable business model. For the full year, we grew revenues by 10% to $607.6 million and achieved adjusted EBITDA margin of 47% even with continued 14% growth in investments in sales and marketing.
Net income and EPS grew 16% to $229 million and $6.13 per diluted share, respectively. And free cash flow reached $231.8 million or 30% of revenue, all of which exceeded our expectations for the year.
Turning to fourth quarter results. Revenues grew 10% to $159.2 million. The channel continued to increase its contribution, making up 48% of total revenues compared to 44% a year ago. As a result of our continued commitment to leverage our partner ecosystem to drive growth, we were able to grow revenues from channel partners by 18%, outpacing direct, which grew 3%.
By Geo, 15% growth outside the US was ahead of our domestic business, which grew 7%. US and international revenue mix was 58% and 42%, respectively. With customers confirming their prioritization of security within IT budgets, we anticipate the selling environment in 2025 to remain stable with ongoing budget scrutiny persisting for the foreseeable future. Reflecting the sentiment in Q4, our gross retention rate remained approximately at 90% and our net dollar expansion rate came in at 103%, unchanged from prior quarter.
In terms of product contribution to bookings, Patch Management and Cybersecurity Asset Management combined made up 15% of total bookings and 24% of new bookings in 2024. Our cloud security solutions, TotalCloud CNAPP, made up 4% of 2024 bookings. We attribute the success to our customers' need for broader contextualized awareness of their attack surface with natively integrated risk management and remediation workflows across all environments on a single platform.
Turning to profitability. Adjusted EBITDA for the fourth quarter of 2024 was $74.2 million, representing a 47% margin compared to a 46% margin a year ago and 45% last quarter. The stronger-than-expected performance resulted from our targeted optimization efforts, which was part of our 2025 planning process. Consequently, operating expenses in Q4 remained relatively flat to last quarter, while sales and marketing investments grew moderately by 5% from last quarter.
EPS for the fourth quarter of 2024 was $1.60, and our free cash flow was $41.9 million, representing a 26% margin compared to 22% in the prior year. In Q4, we continue to invest the cash we generated from operations back into Qualys, including $5.8 million on capital expenditures and $42.3 million to repurchase 312,000 of our outstanding shares.
As of the end of the quarter, we had $143.4 million remaining in our share repurchase program. We're pleased to announce that our Board has authorized another increase of $200 million to the share repurchase program, bringing the total available amount for share repurchases to $343.4 million.
With that, let us turn to guidance, starting with revenues. For the full year 2025, we expect revenues to be in the range of $645 million to $657 million, which represents a growth rate of 6% to 8%. For the first quarter of 2025, we expect revenues to be in the range of $155.5 million to $158.5 million, representing a growth rate of 7% to 9%.
This guidance assumes no material change in our net dollar expansion rate with moderate growth contribution from new business in 2025. We also realize that there may be some near-term adjustments to the plan given the upcoming CRO departure, we'll be sharing updates as we make progress throughout the year.
Shifting to profitability guidance. For the full year 2025, we expect EBITDA margin to be in the low 40s, implying 18% to 20% increase in operating expenses and free cash flow margin in the low to mid-30s. We expect full year EPS to be in the range of $5.50 to $5.90.
For the first quarter of 2025, we expect EPS to be in the range of $1.40 to $1.50. Our planned capital expenditures in 2025, expected to be in the range of $8 million to $13 million and for the first quarter of 2025 in the range of $2 million to $4 million.
In 2025, we anticipate gross margin to contract by approximately 1% given certain investments we are currently making in some of our data centers to achieve greater operational efficiencies and reduce medium to long-term marginal costs.
With respect to operating expenses, we plan to align our product and marketing investments to focus on specific initiatives aimed at driving more pipeline, accelerating our partner program and expanding our federal vertical. As a percentage of revenue, we expect to prioritize an increase in investments in sales and marketing and engineering with a more modest increase in G&A.
With that, Sumedh and I would be happy to answer any of your questions.

Question and Answer Session

Operator

Thank you. (Operator Instructions)
Kingsley Crane from Canaccord Genuity.

Kingsley Crane

Hi. Thanks for taking the questions. Congrats on the great quarter. So again, you have so many great products in the portfolio. We've seen some others in the space up for more of a consolidated consumption plan that simplifies pricing and can get more products in the hands of the customers. So any thoughts on creative packaging opportunities over this next year?

Sumedh Thakar

Yes, that's a great question. I think for us, as I mentioned in my script, really customers are looking at ways that they can anchor, how they're looking at their cybersecurity spend by looking at their -- the business risk and how they are able to articulate that spend by reducing business risk and that is a combination of bringing Qualys modules wherever available, bringing data from third-party solutions that are available. And so as we are early in this journey right now with ETM and the main feedback that we are getting right now from the early adopter customers for ETM and the POCs that we're going,
I think as an evolution of that, we continue to look through the year at getting feedback from these early customers and how we can help them adopt the product platform, both in terms of the integration, but also pricing, and it is something that we will be continue to review throughout the year to see where we have opportunities for packing that sort of a model anchored around the adoption of ETM rather than individual modules.

Kingsley Crane

That’s great to hear. And Sumedh, with Dino's departure, it sounds like you're going to oversee sales efforts a bit a bit more hands on. You recently has taken on more with product and marketing as well. So just wondering, any updated plans on or thoughts on your bandwidth and if you wouldn't hire any key leaders across the business and how you plan to balance your time the upcoming year? Thanks.

Sumedh Thakar

Yes. Thank you. I've done this a couple of times in the past, and I'm happy to jump in periodically to help as needed. Again, we thank Dino for being part of the team, but we have been working on this for a while with the broader team, not just the CRO and our 2025 planning is in a good place. So now it's really about focusing on execution. And as you see key part of our execution is celebrating the success that we're seeing with our engagement with the partners and how can we pivot more towards a partner-oriented GTM strategy, which means that the focus will go a bit less on direct and growing direct and more on how do we partner with our partners from relieve gen, pipeline gen as well as execution on clothing deals, et cetera. So I think we continue to focus on executing that, working closely with partners and aligning our sales our sales leadership.
With that, the good news is that leadership below Dino is very strong. Many of them have been here even before Dino joined us, and they are very connected, dedicated to the mission. And so I look forward to continuing to do that.
I think on the product side, we have great leaders on -- with our CTO, Dilip Bachwani, as well as our SVP of Product Management, both have been here for over 10 years. And really driving working with me, the execution that is needed on the product side, again, aligning to our vision of delivering capabilities like MRO, which will encourage our partners to do more with us, not just from the GTM side as well, but also from the product side.
So again, we -- for us now, it is really more about finding the right leader who understands our partner focus and will be leaders who will be working with us on making sure that we are not necessarily focusing on the direct side of growing the business, but more around focusing on how do we pivot our partner focus and make sure that all the different aspects of business are going in that direction.

Kingsley Crane

Make sense. You definitely has deep bench. Thanks for the time.

Operator

Matthew Hedberg from RBC Capital Markets

Matthew Hedberg

Hey, guys. This is Mike Richards on for Matt. Thanks for taking the question here. Maybe let me go back to Dino's departure and appreciating that you probably already had your sales kick off here and you had a plan for the year. But what are some of the changes that maybe we could expect or that I think could really improve the sales motion this year given his exit and you've taken the reins here?

Sumedh Thakar

Yeah. We really finished our planning for 2025 towards the end of last year, and now it is about executing on the sales goals with our sales head -- that's helping -- essentially manage the sales team globally, SVP of Product -- SVP of Partnerships and then our VP of Sales Ops & Enablement. And so as I talked a little bit about this and you saw the release of mROC, which is our partner-focused managed services platform as well as really focusing on working with our partners on how do we increase the deal hedges, how do we leverage essentially our margin to make sure that we are able to balance bringing customers to these partners, but also how these partners can actually create revenue for themselves with services that they can anchor around the Qualys platform with consolidation of multiple different capabilities with risk quantification, remediation, et cetera.
And so for us, really focusing on the pillars of how are we going to make sure that we last year, as we said, our focus was partner-led for new business. We started end of last year, and this is our key execution this year is how do we also work on our existing business, which has direct customers to leverage that relationship with our partners to potentially bring them some of our direct customers while working with them on a partnership where they bring us new logos so that we can execute towards creating more opportunities for ourselves.
So there are multiple different things that we're focusing on that as well as a focus on our federal business, which is something that we are excited about the potential opportunity so we'll continue to execute on that aspect as well, because our current contribution to the business from federal is extremely small. And so there continues to be a much larger opportunity there.
So it's really about how do we pivot our execution, which has been a mix of direct and indirectly reduce the friction that is there and then build the confidence with our partners by not only giving them that confidence of the business.
We can bring them that is direct with us, but also giving them a potentially significant revenue stream by adding services around the managed rock capability, which we are seeing a lot of global enterprises and driving it towards given that it adds a layer on top of their existing groups as well.

Matthew Hedberg

Great. And then I just wanted to ask on TotalAI. I mean it seems like there's such a big opportunity there. Maybe stepping back, has there been any early customer feedback on TotaLAI? How are you thinking about it in terms of a growth driver for next year or maybe just picking up steam?
And then, I know it's all greenfield but who else are you seeing when you're going in and talking about TotalAI? Is there anyone else kind of doing what you're doing here or anything else on just competitive dynamics there?

Sumedh Thakar

Great question, I think if you look at the journey of AI itself over the last couple of years. I think in year 2023, a lot of people are looking at that, in 2024 lots of POCs took place in many companies around leveraging LLMs.
And then, as we get into 2025, we are going to start to see deployment of a more and more AI LLMs into actual production environments. We saw a little bit of that starting to happen at the end of Q4.
And so the -- the questions from customers really are about, how -- what are the things that they can do to secure their AI workloads. And the first question we ask is, well, how many do you have? And they cannot even answer that.
And so in that sense, the TotalAI capability, and you probably saw a recent blog, we pointed our Qualys TotalAI to DeepSeek and found a whole bunch of issues. And it's really about helping customers to get a that level of comfort that whatever they are putting out in the production environment is not something that could be jail broken, it's not something that is leaking information that it should not. It is following compliance guidelines as well as detecting vulnerabilities in this.
And so -- in that sense, the way we see it is TotalAI is fairly unique, because we're actually able to leverage our existing footprint in the customer environment to first help discover their AI workload so they don't have to deploy a resolution to discover AI in the first place.
And then once we discovered those AI workloads, we're actually able to scan them using the scanner, the agent that they already have from Qualys and then provide them that visibility.
So early feedback has been very good, in fact, in our Strategic Advisory Board when we ask our strategic advisory board CSOs to pick the area that is top of mind for them for 2025, AI security came up the most.
So we look forward to those engagements, turning into paid opportunities. However, CSOs are also going through this right now, trying to figure out how are they going to pay for this?
Where does that come from? Do they get additional budget? Are they going to get additional rates for security? Are they going to move some of money around from the exiting budget, given that overall increase in cyber spend is not that significant? We don't anticipate it to be that significant.
So I think right now, it's a little bit early for us to know kind of impact it is going to have, but the opportunities that we are starting to see build up are definitely encouraging and positive. And in that sense, that the way we are scanning AI, we feel that it's pretty unique. And that's the feedback that we're getting from customers is this is a great way because they look at it as like the e-gates at immigration, like, the security will scan that LLM before it goes into production, and then give a thumbs a thumbs up or down, so that they can go back and see it.
And again, if you want to see the, kind of, things that our scanner is able to detect, you can read our blog around, when we pointed it to DeepSeek, what are the things that we founded on that. So we're excited about that. We just don't know right now and monitor really how that opportunity is going to evolve. And yes, it is greenfield, but also depends on how much additional budget resource we’ll be able to get from the CFO this year versus next year in terms of investing more in AI security, and we expect that to start this year and have a gradual ramp into next couple of years.

Matthew Hedberg

Great thanks again congrats.

Operator

Rudy Kessinger from DA Davidson

Rudy Kessinger

Hey, thanks for taking my questions. The last two quarters now, you guys have had pretty good outperformance on both revenue and current calculated billings, I guess just particularly in Q4, just what -- relative to your guidance and expectations, what came in specifically better than expected? I know you said you had a weaker Q4 pipeline going into the quarter. But again, pretty strong revenue, current calculated billings in the quarter.
And then just as I look at guidance for Q1 to next year, it doesn't seem like you're really expecting that to continue, particularly in Q1 with the revenue decline expected. So I don't know was there anything maybe onetime in Q4 that drove the upside? Or I'm just trying to put together the strength in Q4 and Q3, but not really seeing that continue in the guidance that you're providing.

Joo Mi Kim

Yeah, the second half of 2024 current billings, if you keep looking at that it was higher than the bookings performance partly due to the invoicing cycle. But if you take a look at the revenue in Q4 in particular, we did have better linearity, a little bit better on the renewal in terms of how the deals closed in the quarter that did have an impact on the revenue that we booked in Q4.
Looking into Q1, one of the reasons why Q1 looks a little light is because we're not taking into any consideration from the late renewal slippage into Q1 and then plus the fact that the number of days in Q1 is lower by Q2 relative to Q4.
And then looking at the full year, one of the assumptions that we've made was if you take a look at our net dollar expansion rate, currently at 103%, which is great from the predictive of it stabilized. However, if you take a look at a year before or even two years ago, it's down.
So taking that into consideration, looking at the trajectory of the business, we are assuming no improvement in net dollar expansion rate going into 2025. And then also the fact that we are taking that partner first approach, so which means that with the partner business currently making up 48% of revenue, in Q4 relative to 44% a year ago. We are expecting that trend to continue into 2025, which could have a shorter-term negative impact in the growth.

Rudy Kessinger

Okay. And on the new logo front, I know for the first half of quarters in 2024, you caught out, I think, double-digit year-over-year growth in new logo bookings. I know Q4 was a tougher comp. But where did that land in Q4? And I know you're keeping that expectation of DBNER to remain steady, 1 of 3. Like what is your expectation then on new logo bookings growth in 2025? It would seem to be -- it's expected to be weaker growth than '24.

Joo Mi Kim

Yes. That is the assumption that we're making right now because in Q4, like -- last quarter earnings, we had called out the fact that Q4 looked to be a little bit light from the new bookings perspective and actually it did turn out to be bad. We were a little bit disappointed with new bookings performance and the amount that it added to the revenue growth rate. So, we're kind of assuming that it will continue on that path into 2025, we're not expecting meaningful growth in the new business, especially particularly just because we are more focused on landing new logos through our partners. So we'll be working with them very closely to see what kind of incentives that we can offer them, so that they can really go out into the market and help us to get new customers in.

Rudy Kessinger

Okay, that's all very helpful.
Thank you.

Operator

Josh Tilton from Wolfe Research

This is Mark on for Josh Tilton. Just one quick question. We've heard several vendors talk about the services related to the federal vertical and the administration change. And we just wanted to ask, how are you thinking about that for the coming year in terms of potential opportunity and how it's factored into the guidance? Thanks.

Sumedh Thakar

Yes. We're super excited about the opportunity, right? And I think what exactly the administration will do on a day-to-day basis. I think it's -- your guess is as good as mine right now with all the things that are changing. However, think the narrative from the new administration has definitely been about not doing things the old way and really bringing more efficiency in everything that the federal government is doing. And so that -- we look at that as opportunities for us because manufacture agencies for many years have been using on-prem vulnerability assessment capabilities that are arcane that are costly to maintain, need a lot of hardware, need a lot of people. And so, as we await our FedRAMP high certification, which will then make our platform as one of the only FedRAMP high platforms that does vulnerability management, patent management and EDR -- risk management, all in a single platform.
We are excited about the potential opportunities that it can bring. We continue to invest in our federal team. That is one of the things we're focusing on this year, focusing GTM, growing the team as well on the federal side. And with that and just a little bit hard right now to know when we will get that FedRAMP high certification this year with administration changes, but we are hopeful for that. And once we get that, that can open up quite a bit of opportunities for us, but hard to tell right now what impact it will have on 2025. So we're not factoring that anything major in it right now. But overall, given the narrative of being able to bring efficiencies and being able to modernize infrastructure and moving in a more positive direction, we think we're well suited to capitalize on that versus on-prem older on-prem solutions that have been incumbent there for a while.

Operator

Yun Kim from Loop Capital Markets.

Yun Kim

Hey, great. Thank you. Quick question on the Enterprise, TruRisk Management or ETM. It seems like that's a clear differentiator for you guys out there. And it's definitely something that at least I'm keeping an eye on. If you can just talk about the overall go-to-market motion around ETM, the competitive landscape. And obviously, we're heavily leveraging the channel this year. Is this a product that could be leveraged into the channel? Not just direct? Thanks.

Sumedh Thakar

Yes, that's a really good question. Especially, if you look at right now, we don't – we believe we don't see any other solution in that space that is as comprehensive of ours because you have some aggregation solutions that are very focused on vulnerability aggregation, but they don't do risk quantification. There are some that do some risk quantification, but they don't do the aggregation part as well. And definitely, they don't see anybody who is kind of doing that, also doing a good job at remediation.
And so if you look at the Qualys ETM platform and the concept of the risk operation center, which a lot of our CISOs are super excited about because they don't want to go to the Board for next year's strategy and say that they just want to implement another solution for multifactor authentication as their strategy. They want to be able to say we're building out the risk operation center, just like 10 years ago, we built our security operations center for Threat Detection.
We want to do proactive risk management. And the ETM platform enables bringing out a risk operation center. And that's why because it provides various quantification, it provides the ability for the CISO to be able to have a conversation.
Today, they say we fix so many things and we had so many issues, but that doesn't mean anything to the business. ETM allows them to go out and be able to say, look, our $500 million business as a potential loss of $10 million a day. And currently, based on risk signals from multiple different products, the possibility of that happening is high. And if we invest $500,000, we can bring that risk down to an acceptable level and so now it is a much better conversation that the CISOs can have with the CFOs to say, "Look, we can invest $500,000 in this particular area of cybersecurity and to bring down the potential of losing $10 million a day by 80%, that's a much better conversation as to how they look at it and that's the feedback that we have gotten. And we don't see other platforms out there right now that are really enabling that.
I think the GTM definitely evolved for us this year as ETM comes out because now it's less about a replacement conversation about your existing vulnerability management solutions, so our new business sellers can really go out there and say, that's okay, you can keep the current solutions that you have, if you have this cloud provider and that vulnerability provider and that identity provider. We're not here to have an immediate replacement conversation.
We can easily take the data from all of them, and we can show you a consolidated view of the risk coming from all these existing solutions, which makes it a little bit easier for the CISO not to have to go for a fight with their internal teams to replace the tool that is already working well for them just because they're getting some additional potential discount. So it essentially means our new business sellers, any customer that has any cybersecurity tool set becomes a potential customer for us for acquiring new logos and doesn't have to take that long as it would if you're replacing another solution.
Our post-sales team, they get an opportunity for existing customers that might have some other solutions for cloud security for EDR to then go and layer that on top. And we already had one customer that has a well-known cloud security provider just for their cloud estate, but then they are purchasing the ETM capability, paying us additional revenue on top of what they're paying their cloud provider to consolidate those findings into one, right? So it gives us the opportunity to make revenue on top of any investment that the customer might have made in other tools as well.
But also from a partner perspective, as we work with partners, of course, the partners have been selling our competitor solutions for certain margin, and you could give them a little bit more margin here or there, but that doesn't move the needle as much. However, many of the providers who are resellers, et cetera, are moving to figuring out how they can increase revenue significantly with managed services because services is where they can make a lot of business. And so today with the deployment of ETM where we largest customers are actually the ones who are looking at deployment, they need services around that and services for risk quantification, service for aggregation, service for risk monitoring, service for risk elimination. And these are brand-new services.
So these partners today are in the MDR market, which is a cutthroat market and the MDR source is provided by many people. But the reason why partners are excited and can potentially bring even more business to Qualys because every business of purchasing Qualys products that they bring can add additional services for them on top of Qualys that they can generate revenue on.
And so that is where a key part of what we are doing. And you saw the reads that we did with mROC is really about enabling ETM to be delivered through our partners for the most part, so that partners are excited about larger deals, bringing those to us and also they don't have to constantly get in the conversations of replacing tools to make additional revenue.
So a little bit of a longer answer, but it's something that is definitely an interesting way for us to tweak our GTM and have less replacement conversations and more about consolidation and letting them use the existing tool set that they have us. Because honestly, when we talk to our CISOs, very few of them, if at all, are actually thinking that they're going to replace all of their tools with a single vendor.

Yun Kim

Well, I can tell that you're very excited about the opportunity around ETM. So just another question around the investments that you're making around the indirect channels. You already talked about the opportunity around MSSPs, but what about the hyperscalers and CSP? Is this something that could be also deployed on the cloud environment as well, meaning the CSP environment?

Joo Mi Kim

Yes, for sure, I think today, if you look at -- you can have this cloud security solution that is either provided by the CSP or is provided by one of the cloud-only solutions. But when I ask CISOs, I say that's great. So now you know you have 75 buckets that are open, but how does that impact your business? Do you know how much you'll stand to lose because of these budgets up and then they cannot answer that question because a lot of times, the risk may not be in the cloud directly, but the risk might be coming from a malware that is on the laptop of the admin who is looking to access that that particular cloud account. And a cloud-only provider cannot pick up, but an EDR provider will pick up the risk, how do you tie these two things together. And that's where something like ETM can be useful. And as our larger customers, they are working with different cloud providers, and they have EDP credits with different cloud providers, and they can leverage those.
We continue to work with them to find a way that we can essentially map customers that can -- that have other tools, but can actually use their credits to purchase things like ETM as well or working with partners who can then transact through some of these cloud providers for their credit. So, I think those are also opportunities that we are continuing to explore. We recently had a conversation with the cloud provider exactly around that. And so that's an area that we continue to push forward this year as well.

Yun Kim

Okay, great. Thanks and good luck with the ETN this year. Wish you the best around that.

Operator

Jonathan Ho from William Blair.

Jonathan Ho

Hi, good afternoon and congrats on the strong result. I just wanted to understand sort of relative to your guidance, how we should be thinking about the level of investments that you're making this year and maybe where you see the most opportunity to leverage that either relative to your go-to-market comments or on the product side? Thank you.

Sumedh Thakar

I think for us, we continue to evolve the product. And so there are opportunities for us to work with our partners on things like mROC. But I think our focus continues to be on GTM investments. That's where we were, again, tracking returns, seeing the success we're seeing with partners. And so it's really going to be about how do we continue to find ways with our partners to invest in GTM, but pivot more towards working with partners to bring them business and so that they can bring this business, doing co-marketing, joint marketing, et cetera, investing in road shows around mROC, et cetera, and then investments in the federal business, which is something that we want to continue to do.
So, those are essentially areas that we are looking to do. I think product development area is something that we do well and we do very efficiently as well. And so we will continue to add capabilities there.
And of course, there will be certain investments in solution architects and the functions around the sales team with success for being able to go out and do POCs around mROC and around ETM, et cetera. But that's really how I see where we're going to be continuing our investment and not necessarily so much on engineering and product increases.

Jonathan Ho

Got it. And just as a quick follow-up. I mean, I think we've seen a lot of emphasis around TruRisk and TotalCloud in our conversation. How do you think about this approach of selling on the bundling side and potentially what that uplift looks like from a revenue standpoint, maybe not immediately, but over time? And how do we think of that especially along the axis of adding additional product versus adding additional assets? Thank you.

Sumedh Thakar

Yes, we are actually excited about the opportunity. We see that as ETM, which is -- ETM becomes a layer on top of the different cybersecurity capabilities that the company has. And ETM becomes the layer through which the CISOs really interact with the platform.
And so the way we see that is that -- those who want to adopt ETM, the platform play becomes actually quite interesting because now for ETM, they can actually adopt inventory, they can adopt vulnerability management cloud security, some of these modules from Qualys as they need and then also bring data from other third-parties as well.
And so as we get feedback from our customers, we do see that ETM can allow us more conversations around, here's a platform that is going to essentially pull in the things that you -- the basic things that you need for your initial risk management and then you can layer on by using additional spend for third-party data coming in.
And as we learn through these conversations with our initial customers, I think that is going to inform later this year on how we come up with the packaging and bundling around ETM that includes multiple Qualys modules.
Today, we are already seeing conversations with our existing customers, where they are actually looking to buy additional Qualys modules just because they integrate into a singular score, right? That's the idea is that instead of getting all these big lists. And when I talk to CISOs and ask them what is the risk posture view today, they show me ten different dashboard from ten different tools, but that doesn't say anything about how much risk a particular entity in that environment has because every single facility tool is reporting a different set of findings. So true risk anchors to say, well, why should I buy AppSec from Qualys versus somebody else because the Qualys AppSec is already built into the platform, and there is no additional cost right now to use that within ETM.
So it's like you can bring AppSec data from a third-party, if you would like. So we're open to that, but then they pay for the data incision or if they use the Qualys module, which we already have, that they don't have to pay for the ETM ingestion license as an example, and that is an insight growth potentially for them.
So as we roll this out, we will get feedback from customers and see how that increases our attach rate additional products. And then how do we come up with the pricing that allows them to adopt more capabilities as part of ETM without having to create purchase orders every time they want to try something new.
So in a way, how do we find a way to give them access to bundle or at least to have access to multiple capabilities from Qualys within the spend that they have with us. So these are things that we are working through right now and that we are excited about getting feedback from our customers. And that should inform how we roll-out bundling and pricing at some point later this year.

Jonathan Ho

Excellent thank you.

Operator

Brian Essex from JPM

This is (inaudible) on for Brian Essex. A quick question. I guess, you've now provided your revenue guidance for the year. How should we think about billings, especially with the strong billings that you had the last two quarters? Should it follow a similar trajectory to what you provided for revenue guidance? And overall, like how should we think of it throughout the -- going throughout the year? Thanks.

Joo Mi Kim

Yes. For current billings, we ended the year at 9% and total revenue growth rate of 10% for 2024. I would just assume for now since we don't provide current billing guidance, you can assume the same current billing growth rate in 2025 as a revenue guidance, which is $68 million.

Got it. Thanks. And I have a quick follow-up. Can you help me understand like what do you think still needs to happen in the channel to see investments translate to top-line growth? I know like overall investments in the channel can be a lagging effect versus just investing in direct. Like at what point do you think you've invested what you need to do? Is it just that you need to continue with product knowledge overall is what still needs to happen? Thanks.

Sumedh Thakar

Yes. I know, this is a multiyear program that we launched a couple of years ago and initially was just repairing our relationship with partners, in building confidence and getting initial deal regis up. We evolved that strategy into going fully new business partner first, which was, sort of, the next step. This year we are focusing on working to see how we can take some of our direct customers to the partners and have them bring us additional net new logos for having this partnership, the evolution -- next evolution of that is -- the margins and the percentages are fine, but how can we help them make $10 of services revenue on top of a dollar of product revenue potentially, right? That's where the evolution of mROC is.
And so I think we -- internally, of course, we continue to track our deal wages, we continue to track our win rates with partners, so it is particular that we're having good success with our strategy so far. And so now it is about pivoting towards that.
And I think you have done a pretty good job of going from 60-40 down to a 52-48 split, while we're reasonably maintaining our margin. And so I think the customer into the way that we are thoughtfully tracking our investments and working with all partners.
So we continue to work with our partners and continue to improve our deal wages and then improve our win rates over partners. And part of that is we're doing a lot of investment spending time with that at their SK or providing them opportunities for up-sells with collateral and material and then also a lot of training that we are doing these partners
So they become aware of the Qualys capabilities and how to pitch some of the Qualys capabilities. So that -- those are all areas that we have been investing in. And we continue to invest there.

Operator

Hamza Fodderwala from Morgan Stanley.

Hi. This is [Oscar] on for Hamza. Thank you for taking my question and congrats on solid result this quarter. Going back to guidance, last quarter, you noted expectations for ongoing budget scrutiny to proceed going forward.
Today, you're expecting NRR to sustain at around 10%. And if I heard correctly earlier, you noted expectations for near-term potential adjustments to guide incorporate the CRO transition. So can you help us bring all that together? And how should we think about level of conservatism to guide. Thank you.

Joo Mi Kim

Yeah. I think our guidance for this year takes into consideration of the points that you just laid out. I think that the biggest growth drivers in our business, it's still our existing customers.
So if you take a look at our net dollar expansion rate having ticked down consistently for the last couple of years, because of where we ended in 2024 at 103, we're assuming no improvement to that 103% entering 2025 and given the light new bookings performance in Q4, and we're assuming that will kind of continue into 2025, that's informed our guidance of 6% to 8%.
And this is what we see today. And we thought it was prudent for us to guide based on what we see today versus like Sumedh talked about. There's a lot of opportunities in the business and upside within our products like ETM, working very closely with partners to drive new local land as well as expand. But again, that's the timing of realizing that and recognizing into revenue is a little bit uncertain.

Got it. Very helpful. Thank you very much. That's it for me.

Operator

Thank you. At this time, this concludes today's conference call. Thank you for participating. You may now disconnect.