Security and Compliance for the Digital Transformation
Sumedh Thakar, President and CEO Joo Mi Kim, CFO
February 5, 2026
Investment highlights
Industry-leading cloud security and
compliance platform forcomprehensive risk management
Multiple levers of recurring revenue growth
Scalable business model and industry-leading profitability
Uniquely positioned to capitalize on
stack consolidation and cloud transformationLegacy Qualys Cloud Platform
Transforming from focus on providing visibility, vulnerability
Sensors
Passive Network Internet
Sensor Scanner Scanners
Virtual Scanners
Cloud Connector
APIs
SaaS Connector
management, and data analytics to…
Qualys Cloud Platform | ||||||||
Asset Management | Vulnerability Management | Threat Detection | Response & Remediation | Compliance | ||||
Qualys Threat Research & Intelligence Unit 100+ world-leading experts enabling rapid protection across all threat vectors |
Platform Services RBAC • ML/AI • Scalability • Alerts/Notifications • Workflow • Scripting • Dashboards & Reporting |
Unified Data Platform Data Normalization • Indexing • Categorization • Enrichment |
API & Integrations |
Control Center
SecOps
ITOps
Devops
Risk
Compliance
C-suite
IT Environment
Workstations
Servers
Virtual Machines
Cloud
Mobile
Containers
IOT/OT/ICS
Introducing Qualys Enterprise TruRisk Platform… leveraging risk analytics to deliver desired business outcomes
Asset Management
Asset Management
Vulnerability
Remediation
Threat Detection TotalCloud
Qualys Enterprise TruRisk Platform
CyberSecurity Asset Management
Discover All Assets
Get inside-out and outside-in visibility of all assets with an attackers view of the network
Get Complete Asset Context & Visibility
Add business context, tags, enhance visibility by seamlessly
integrating with CMDB's, Third Party & ITSM solutions, bring business
context into asset criticality for managing risk
Identify Security Gaps
Detect EOL/EOS software, unmanaged assets, unauthorized software, missing business critical software, evaluate cyber risk per subsidiary, inventory open-source software, packages & libraries
Asset Management
Remediation
Threat Detection TotalCloud
Vulnerability
Vulnerability
Qualys Enterprise TruRisk PlatformVMDR
Measure Cyber Risk
Quantify risk across vulnerabilities, assets, and groups of assets helping organizations proactively reduce risk exposure and track risk reduction over time with Qualys TruRisk
Communicate Cyber Risk
Communicate risk across different teams, business units and geographic locations by leveraging dashboards, reports and ITSM tools
Reduce Risk Faster
Unify security and IT threat response paths for faster remediation with seamless integration between ITSM tools and path management solutions. Automate and orchestrate operational tasks with Qualys Qflow
Remediation
Qualys Enterprise TruRisk PlatformComprehensive Risk Reduction
Eliminate Cyber Risk
Deploy the right remediation, mitigations or isolation strategies to balance risk reduction with business impact
Save time and reduce MTTR
Leverage smart automation to ensure software is up to date, risky vulnerabilities are patched or mitigated, and misconfigurations are fixed across hybrid environments
Consolidate IT-Security Stack
Orchestrate risk reduction by seamlessly integrating with your SCCM, ITOps, and developer tools
Asset Management
Vulnerability
Threat Detection
TotalCloud
Remediation
Asset Management
Vulnerability
Remediation
TotalCloud
Threat Detection
Threat Detection
Qualys Enterprise TruRisk PlatformThreat Detection and Response
Protect Against Zero-day threats
Leverage behavior & AI/ML-based antivirus to thwart exploits, ransomware, phishing attacks, and zero-days
Unify VM, Patching, and Endpoint Security
Correlate endpoint threats to identify vulnerabilities actively exploited in your environment with integrated patch management
Automate & Orchestrate
Comprehensive endpoint (EDR) and Cloud Detection and Response with enterprise integrations (i.e., SIEM, ITSM, CMDB)
Qualys Enterprise TruRisk Platform
TotalCloud (CNAPP)
Unified Multi-Cloud Security
Unified vulnerability, threat and posture management from development through runtime in cloud and container environments
Extended TruRisk Insights
TruRisk insights for cloud and multi-cloud assets, unifying risk posture and remediation actions between on-prem, hybrid, and cloud workloads
Comprehensive Security across IaaS and SaaS
Orchestrate security between multi-cloud environments, asset inventories, and users leveraging a single agent, sensors, snapshots, and APIs or all four methods with Qualys FlexScan
Asset Management
Vulnerability
Remediation
Threat Detection
TotalCloud
Qualys Enterprise TruRisk Platform
Enterprise TruRisk Management
Centralized Risk Aggregation
Visualize the entire attack surface with unified asset inventory, integrate data from Qualys and third-party sources, consolidate risk finding across all asset types and environments
Risk Quantification with Business Context
Enrich risk data with Qualys curated feeds from over 25 threat intelligence sources, add business and financial context to quantify and prioritize cyber risk by evaluating loss attributes based on severity, exploitability, asset criticality and business impact
Risk Response Orchestration
Orchestrate precise risk response using AI-driven workflows for integrated patching and other mitigating controls with Qualys TruRisk Eliminate, automated tickets, and real-time alerts
Asset Management
Vulnerability
Remediation
Threat Detection
TotalCloud
Qualys Enterprise TruRisk Platform AdvantagesOne view across the entire global hybrid-IT environment, allowing customers to consolidate their stack for better security outcomes
Seamlessly add new coverage,
users, and services as you need them.
Data stored and processed in a
n-tiered architecture of load-balanced servers.
Largest knowledge base of
vulnerability signatures. Real time security updates.
Unprecedented
scaling
Data stored
securely
Always
Up-to-date
Easily perform assessments
across global hybrid-IT
environment.
With everything in the cloud
there is no capex and no extra
human resources needed.
Nothing to install or manage,
and all services are accessible via
web interface.
Easy to deploy
and maintain
Lower
operating costs
No hardware to
buy or manage
Available as a Public or on-premises Private Cloud
Full server rack
For governments, enterprises, and
MSSPs
Standalone appliance
For small businesses
Virtual rack
For governments, enterprises, and MSSPs
FedRAMP authorized
Large expanding market opportunity
1.41x
Expand
$75B
$53B
$8.6B
$25.0B
$6.7B
$19.0B
$14.7B
$8.2B
$6.7B
$4.6B
$8.9B
$6.0B
$8.2B $12.3B
CY2026E CY2029E
VM Assessment & Mngt. Compliance Asset Management Cloud Security Threat Detection & Response Risk Remediation
Source: IDC, Qualys estimates
Qualys' Current Total Addressable Market
10,000+
Subscription customers
74%
of the
Forbes
Global
50
57%
of the
Forbes
Global
500
35%
of the
Forbes
Global
2000
Note: A customer is defined as any customer with subscription revenue at the measurement date
Scalable go-to-market modelMarket segmentation & key strategic partners
CHANNEL
Existing
customers
New
customers
Small / medium business
(Up to 5,000 employees)
MID-MARKET
Existing
customers
New
customers
Large enterprise
(Over 5,000 employees)
ENTERPRISE
2025 REVENUES
51%
Direct
49%
Indirect
Attractive value proposition for partnersHigh-margin recurring revenue with no capex / maintenance costs
MSSPs
Cloud Provider
Partners
Outsourcing
Providers
Value Added
Resellers
Consultants
Balanced revenue growth and profitability
($ in millions)
$490
Revenues
47%
47%
47%
45%
Adj
EBITDA %
10%
10%
13%
19%
Y/Y
growth
11%
CAGR
$608
$554
$669
$219
Adjusted EBITDA
13% CAGR
$283
$259
$313
2022 2023 2024 2025 2022 2023 2024 2025
Revenues Adjusted EBITDA
($ in millions)
Platform adoption driving higher customer spendNumber of
customers
160
183
207
215
10%
Aggregate
Revenues
Growth
$192
$230
$257
$283
LTM Q4 2022
LTM Q4 2023
LTM Q4 2024
LTM Q4 2025
Differentiated new products continue to6%
6%
5%
9%
8%
10%
Net Dollar Expansion Rate
105%
103%
103%
51%
10%
8%
5%
9%
8%
55%
8%
7%
4%
9%
8%
8%
9%
57%
Last twelve month
total bookings mix
LTM Q4 2023
LTM Q4 2024
LTM Q4 2025
Vulnerability Mgmt ETM/CSAM Patch Mgmt TotalCloud TotalAppSec Policy Audit Other
Note: Net Dollar Expansion Rate is calculated on a foreign exchange neutral basis by comparing the Annual Recurring Revenue (ARR) generated from the cohort of customers at the end of the year ago reporting 19
period to the ARR from that same cohort of customers in the current reporting period. See our Forms 10-K and 10-Q for additional detail. Sums may not total due to rounding.
Opportunity to increase market share and maximize share of wallet$3.00
$2.00
$1.00
$0.50
$0.50
$1.00
VMDR CSAM ETM
(upgrade from CSAM)
VMDR & ETM PM
VMDR & ETM & PM
1
VMDR
Exposure Detection
$1
Detect/Assess Exposures
Finds vulnerabilities, misconfigurations, and attack surface across your environment
CHALLENGES POST EXPOSURE VISABILITY
VMDR delivers visibility, not risk decisions
+$1
ETM
Agentic AI + Cyber Risk Management
$1
VMDR
Exposure visibility
Unlocking the next dollar of spend,moving from visibility to measurable cyber risk management
ETM (includes CSAM)
Cyber Risk Prioritization & Management
+$1
Prioritize and Manage Cyber Risk
Turns exposures into prioritized, business-relevant risk decisions with AI automation
ETM = CTEM + Cyber Risk Quantification (CRQ)
Agentic AI
Marketplace of specialized cyber risk agents and cyber risk assistant
Drive every step in cyber risk management autonomously to reduce the cost of risk operations
ETM is the risk engine of the Qualys Enterprise TruRisk Platform
Unified inventory & Attack Surface Management with integrated CSAM/ESAM
Aggregate and prioritize exposures with threat and business context using TruRisk
Communicate cyber risk in quantifiable terms specific to an organization's risk
tolerance
Confirm exploitation of risky exposures with TruConfirm
Manage the risk of trending threats in an industry with TruLense
|
business impact? |
|
AI be helpful? |
2
PM eliminates cyber risk to reduce the window of exploitation, unlocking an additional dollar
PM (TruRisk Eliminate)
Reducing Average Window of Exploitation (AWE)
+$1
Reduce Cyber Risk
Remediate risk across asset and exposure classes in an adaptive, automated manner
RemOps = CTEM Mobilization
Complete the CTEM framework by executing remediation plans
ELIMINATE CAPABILITIES
Patch + Mitigate + Isolate
Multi-strategy approach to risk reduction
100% Ransomware Vulnerability Coverage
Mitigate all known ransomware attack vectors
Multi-vendor Remediation
Zscaler, SCC/Intune, CrowdStrike, ServiceNow, etc.
VMDR & ETM (includes CSAM) Cyber Risk Prioritization & Management $2 (VMDR $1 + ETM $1) What ETM delivers
IT'S NOT ABOUT MEASURING CYBER RISK, IT'S ABOUT REDUCING IT | ||||
|
How to reduce the average window of exploitation for risky exposures | ||||
| How to reduce risk without patching and balancing business impact | ||||
ETM tells you WHAT to fix, PM shows you HOW and DOES it | ||||
$1 VMDR Exposure visibility | +$1 ETM Agentic AI + Cyber Risk Management | +$1 PM Agentic AI + Risk Reduction | ||
Total value: $3 - from detection (VMDR) to quantification (ETM) to elimination (PM)
($ in millions)
Strong cash flow generationReturning capital to shareholders
$183
Free Cash Flow (FCF)
36.5
37.4
37.6
39.3
Diluted
WASO
45%
38%
43%
37%
FCF
Margin %
18% CAGR
$236 $232
$304
Share repurchase amount
$317
$171
$140
$183
2022 2023 2024 2025 2022 2023 2024 2025
Free Cash Flow Share repurchase amount
Relative margin outperformance to peersSecurity
2024 Adjusted EBITDA margin vs.
select Security and SaaS peers
SaaS
QLYS 47%
Peer Median: 25%
Achieving rule of 50+: growth + profitabilitySecurity
2024 Rule of 40 vs. select Security and SaaS peers
SaaS
QLYS 57%
Rule of 40
AppendixReconciliation of Adjusted EBITDA
Q3 2024 Q3 2025
YTD YTD
$129.7 $145.2
12.1 9.4
2.3 1.9
26.3 37.2
56.5 56.3
(18.2) (19.3)
$208.6 $230.8
47% 47%
($ in millions)
2022 | 2023 | 2024 | 2025 | |
Net income | $108.0 | $151.6 | $173.7 | $198.3 |
Depreciation and amortization of property and equipment | 28.9 | 23.9 | 15.6 | 11.9 |
Amortization of intangible assets | 5.7 | 3.1 | 2.9 | 2.6 |
Income tax provision | 25.7 | 27.1 | 36.1 | 48.5 |
Stock-based compensation | 53.4 | 69.1 | 77.1 | 77.0 |
Total other income, net | (3.2) | (15.6) | (22.6) | (24.9) |
Adjusted EBITDA | $218.6 | $259.1 | $282.8 | $313.4 |
Adjusted EBITDA Margin | 45% | 47% | 47% | 47% |
($ in millions)
Q3 2024 Q3 2025
YTD YTD
2022 | 2023 | 2024 | 2025 |
$198.9 | $244.6 | $244.1 | $309.4 |
(15.4) | (8.8) | (12.3) | (5.0) |
$183.5 | $235.8 | $231.8 | $304.4 |
GAAP Cash flows provided by operating activities
Less: Purchases of property and equipment, net of proceeds from disposal
Non-GAAP Free cash flows
Revenue mix49%
46%
43%
42%
Geographic
Direct vs. Partner
40%
40%
42%
44%
60%
60%
58%
56%
51%
54%
57%
58%
2022 2023 2024 2025
US Foreign
2022 2023 2024 2025
Direct Partner
| Attention: This is an excerpt of the original content. To continue reading it, access the original document here. |
Attachments
- Original document
- Permalink
Disclaimer
Qualys Inc. published this content on February 05, 2026, and is solely responsible for the information contained herein. Distributed via Public Technologies (PUBT), unedited and unaltered, on February 05, 2026 at 21:10 UTC.
