Investing.com
Published May 28, 2025 03:12PM ET
On Wednesday, 28 May 2025, CyberArk Software (NASDAQ:CYBR) presented its strategic outlook at TD Cowen’s 53rd Annual Technology, Media & Telecom Conference 2025. The discussion highlighted CyberArk's robust market position and its proactive approach to emerging technologies like AI. While the company is thriving in its SaaS transition, it faces challenges in scaling its partner ecosystem and navigating the competitive landscape.
Readers are encouraged to refer to the full transcript for a detailed understanding of CyberArk's strategic direction and market insights.
Shaul Real, Cybersecurity Research Analyst, TD Cowen: That has been my room all day long.
Eduardo, COO, CyberArk: You've been sitting here?
Shaul Real, Cybersecurity Research Analyst, TD Cowen: Yeah. Very good. All the great cybersecurity companies. Good afternoon, everybody. Thank you for joining us.
My name is Shaul Real. I'm TD Cowen, cybersecurity research analyst. And we are delighted to host Eduardo, CyberArk's COO. Pleasure to have you.
Eduardo, COO, CyberArk: Good afternoon. Pleasure to be here. Thank you, Sean.
Shaul Real, Cybersecurity Research Analyst, TD Cowen: So before touching on strategy, products, etcetera, you joined early twenty twenty four.
Eduardo, COO, CyberArk: Yes.
Shaul Real, Cybersecurity Research Analyst, TD Cowen: And I think it is fair to say you have joined a very well oiled machine from an R and D perspective, from a go to market perspective. But what is it that you came in, you looked at things, you looked at processes. What are the takeaways thus far? And where can you guys continue and improve the flawless execution that we have seen over the course of the past few years?
Eduardo, COO, CyberArk: Yeah. So it's almost getting to the eighteen months mark, not yet. Very fortunate, very happy to be here at CyberArk. As you said, they're very well organized and well oiled machine on the execution side across all fronts. You know, very trusted employee base and leadership.
So I'm very feel very fortunate to be part of it. I would say where I really very strong go to market organization historically, and I've seen that as I as I've joined. Where my focus been on and really a lot of the work that is being done is around continue to make sure that that go to market engine, that scale, you know, scales, you know, well beyond where we are today to the 2,000,000,000 and and above. Yep. That does that across, you know, a a spectrum of portfolio of really positioning the platform, the solutions that we can continue to absorb.
Like if we buy Venafi, we buy Zillow, we develop new solutions that we have the engine built from everything from how we leverage precision on the marketing side, on really where we see the biggest potential. We deploy the resources in the right place that we can solve across all the spectrum of our solutions, to our ability to continue to scale with the partner ecosystem. I know as we talked about in investor day, we do more than 90% of our bookings through partners, but continue to scale that engine, that machine as as we get bigger at scale. And then I would say that comes through across the two axis from you, will continue to be a priority, our engine to land new logos and land new business. We have more options to do that now.
We talk about all the different paths to land. Land with PAM, land with two, three products, land with Venafi, land with Zilla. And then a huge opportunity within our own install base. We talked about 10,000,000,000 total addressable market in our install base. There's a lot of room for upsell, for cross sell.
And that's been really my focus. All of that always with customer value at the center of everything we do has been my my focus and it's, you know, it's continuing to show in the results.
Shaul Real, Cybersecurity Research Analyst, TD Cowen: No questions about it. You you joined the company, you joined CyberArk as it was in in during like a SaaS transition.
Eduardo, COO, CyberArk: Yes.
Shaul Real, Cybersecurity Research Analyst, TD Cowen: And I know that the good news kind of you also kind of cut short on that transition, which I think was well accepted by us, by the investor community. Talk to us about whether CyberArk maybe had to push some of your customers to adopt the SaaS. Was there any friction in that respect? Maybe once they've realized all the benefits of a SaaS transition, it was much easier.
Eduardo, COO, CyberArk: So I would say, I would put it in different perspective. Right? One of the things that I really loved, and I've lived in other enterprise software companies with different policies. One of the things I really love here and it still holds true is more than a forced or pushed transition, we've seen a natural motion and natural behavior. Customers that maybe are staying on prem with their maintenance base, but they are starting to consume all the rest of the portfolio in SaaS and they they are gradually going to move 100% to SaaS.
To a lot of our new business, which is already pretty much SaaS with a pretty general adoption really an embracing of of SaaS of all the additional benefits. Once you get into the platform, once you're in SaaS that you can get across the whole portfolio. And doing broad acceptance and then customers in certain countries, in certain regions that have maybe less, they're a little bit slower in that transition. The good news thing is that we've been able to work with the installed base across all that spectrum and do it in a way that we are able to maintain the level of trust and the level of actually value that they're receiving without necessarily going overboard and forcing a transition or even a transition in two steps that I've seen happen in many other companies out there where you force the customers from a perpetual to on prem subscription and then subscription to SaaS. And we haven't done that, and we've seen the benefits really of just letting a bit more natural progression towards SaaS happen.
That being said, we do see that natural progression towards SaaS accelerating as you know, some of the bigger entities are already in SaaS and have started to move.
Shaul Real, Cybersecurity Research Analyst, TD Cowen: You you touched before on on the concept of, you know, platform, and maybe I wanna double click on that platformization concept. We have been talking to some other cybersecurity companies earlier today. So indeed, a topic du jour over the course of the past, call it, two years or so, without a doubt, RSA, that also has been part of the noisy part of RSA and there's always noise coming out of it. Talk to us about CyberArk's customers' appetite to adopt an entire platform approach. And I know you hinted at kind of, you know, you can land with, you know, PAM and then kind of expand to EPP and developer and again now with with Venafi on the machine identity front.
But but that move to, embrace and adopt the entire solution from maybe one or two providers. Mhmm. Is is that gaining genuine traction? Or there's still some CSO that they don't want to place all the eggs in one basket?
Eduardo, COO, CyberArk: I think it's Answering the first question, it is gaining traction and I'll tell you what we've seen even different this year. Last year was in Asheville, our first customer, my first customer impact event versus this year in April in Boston. We already see a huge change and I'll talk a little bit of what that change is. The reality, what is really resonating with the customers is that in an exponential era, in a exacerbated threat environment with so many of the attacks, obviously fueled by AI, but not only. You see all the nation states attacks also.
Where that threat landscape is not getting any easier for the CISOs and the security teams respond to. In the world where, maybe a few years back, you could contain, right, where you thought it was, who in your organization was privileged, which was a small amount of your organization. Your IT admins and so on. Today, that privilege being absolutely everywhere in your organization. Your researchers, your data scientists, your developers, anyone in the organization.
To the machine side, you know, the the We are at more than 80 machine identities for a human identity. And I think that the What we think is that that's gonna go Higher. To the infinite with the with AI coming in. AI being a potentiator of like of the new breaches, of like new codes, new data sources being created in the companies, new identities being created in the companies. You think about those three trends, The security teams, the CSOs, they need a different response.
They can't be spending their time on point best of breed solutions. That's what they're telling us. And that doesn't mean they want to consolidate everything and put all the eggs in one basket. But what it is, it's creating that look between my network platform or my endpoints or my cloud platform and my identity platform, I wanna work with a smaller number of trusted partners that can really create, you know, cover a much bigger breadth of my, in this case, of my identity platform, platform, my identity issues that I need to go address, you know, in CyberArk is super well positioned because we have the trusted and the reputation as a leader in the market to go and do that. That conversation, we've seen it accelerate significantly even in the last year.
Where it was a little bit, not that we were pushing, but the customer would come in, oh, I want to talk about PAM and I want to talk about secrets. And we would say, oh, okay, but let's talk about workforce, so let's talk about certificates. Today, we get through these conferences, impact or RSA and others, and they're, I want that. I want that identity secure platform across all the spectrum of my identities. Now help me get there.
How do I get there? And how I get there, sometimes it is replacing point solutions. A lot of it is change of change of philosophy. Right? You you get away from just standing access and you embrace zero standing privileges and just in time.
And you start working on your machine piece. So that consolidation in a smaller number of more strategic vendors, absolutely, we've seen it accelerate.
Shaul Real, Cybersecurity Research Analyst, TD Cowen: Let's talk for a second about the macro. On the one hand, CyberArk reported another solid set of results.
Eduardo, COO, CyberArk: Yep.
Shaul Real, Cybersecurity Research Analyst, TD Cowen: I think also when we think about it from a guidance perspective, it would appear as if the macro has no impact on CyberArk and its outlook. Last week, we had Palo Alto reporting results. They've indicated that during the month of April, they had seen a little bit of a pause, but they completed April on a strong note. Again, they're an off quarter company. What is it that you're seeing from a macro perspective right now?
Doge would appear to have had no impact on your business, tariffs as as well. So maybe you can share with us what is it that you're seeing a macro discussions with customers.
Eduardo, COO, CyberArk: From discussions with customers, I mean, I I get to to see a lot of customers. I was in Japan last week. I was in Europe the week before. I talked to a lot of customers also here in The US and Canada, Latin America. I think there's there's two things.
Right? Two dynamics. For sure, if you're talking to CISOs or the CIOs, they're they're part of the business, so they have concerns. Right? And it was with the automotive vendors in Germany Two Weeks ago in Dusseldorf.
Obviously, they have concerns. But as I say, I lived there ten years ago, they had other concerns, but there's always There's
Shaul Real, Cybersecurity Research Analyst, TD Cowen: always some concern.
Eduardo, COO, CyberArk: There's always something happening. And, you know, you can say the same across the board in different aspects. That being said, it's not making its way to the the need, even the accelerated need to make investments in cybersecurity. And within cybersecurity, identity is the core place because that's where the attacks are coming. So we we we as we said in our q one results, we haven't seen change in that.
You know, we are now here at the May, but again, you know, our courses are always more back ended. So a lot of work for us to do in June, but we have nothing, we haven't seen anything, you know, significantly different to to report.
Shaul Real, Cybersecurity Research Analyst, TD Cowen: Understood. Another topic du jour over the course of the past twelve, eighteen months, and you you also hinted and you touched on that was Gen AI
Eduardo, COO, CyberArk: Yes.
Shaul Real, Cybersecurity Research Analyst, TD Cowen: And agentic AI.
Eduardo, COO, CyberArk: Yes.
Shaul Real, Cybersecurity Research Analyst, TD Cowen: How does CyberArk look at the GenAI opportunity on AgenTik AI internally, but also externally when you're facing your customers?
Eduardo, COO, CyberArk: So I'll start with internally at CyberArk. So at CyberArk, a couple of different threads, obviously. One, we as a company have it as one of our top company corporate priorities to transform the way we work at CyberArk with AI. Obviously, when you talk about transforming it with AI, it impacts processes, many other things, right, the way people work. And really leaning in ELT sponsored, CEO Matt Cohen sponsored, making the investments to really accelerate and transform the way our organization works.
Of course, the early stages of that is global enterprise usage of productivity tools, Copilot, enterprise, chat GPT, putting the infrastructure in place like the guidelines, what people can do, what should not, what access. But then starting to look at the second phase of that, which is deploying, actually starting to get into autonomous agents and agentic AI deployed, which will come later in this year. So internally is a big focus and we really believe both from a productivity and evolution of also what we can offer the customers is important. From a solution point of view, obviously we have built capabilities of our platform is powered by Core AI. Core AI helps our customers with policy, with automation, with threat and detection, and with a lot of productivity tools and our customers being able to do things they were not able to do before within our platform.
But the big thing that we've been working with our partners, like Accenture, like ServiceNow and others, and internally that we announced is our position around what it means to secure AI agents once they're deployed in production. And our position there, we actually launched well, we announced the solution, securing AI agents to be released GA by the end of this year. So in the in the the perspective of things, it's a few it's six months away or seven months away, although it feels a long time away. And it's a it's a perspective that really puts securing AI as as an identity problem. That's the way we see it.
See an AI agent. Once you start being they're autonomous, they're adaptable, they're nondeterministic, they can do work in our behalf. We see that these agents, once they get deployed, they're going to behave a lot like a privileged user, and they're going to find ways to get to the goal that you set for them. And that if that means trying to find ways to elevate privilege, to request, or get access to things.
Shaul Real, Cybersecurity Research Analyst, TD Cowen: Change credentials.
Eduardo, COO, CyberArk: Change credentials. It can be so many things, but they're going to be doing that at the scale of machines. They're going to be spooled up, spooled down, they're going to get creative, they're going to disappear. You can believe what you want. There are studies out there talking about having millions, billions of agents deployed in the future.
So we believe it's a fundamental identity problem. Like, you need to discover these agents. We don't even know where they are in the organization. You need to be able to contextualize what they need access to. You need to be able to provision them with the right level of access and credentials and entitlements.
You need to be able to take those entitlements out and bring it down to zero standing. You need to be able to automate policy around these agents. You need to be able eventually, once you're providing audit and compliance reports, you need to be able to include what's happening with your deployment of AgenTik AI within your organization. So we fundamentally believe applying the strength of the CyberArk platform into a solution to secure AgenTik AI. It's, you know, we are leaning forward and are on the forefront of the industry here.
But still, know, a lot of work to do with the early adopter, partners to get to that solution.
Shaul Real, Cybersecurity Research Analyst, TD Cowen: You've mentioned before traveling quite a bit across the globe, Asia, Europe, clearly, you know, the The US. Talk to us a little bit about the differences, so maybe the differences in the selling motion within those continents and maybe some of the clients. Because what we keep hearing when we kind of do our field work, there could be some differences in terms of timing, willingness to adopt. I think the drivers are probably intact for the most part, but maybe the pace of adoption and maybe the decision making processes could differentiate on a geographic basis.
Eduardo, COO, CyberArk: Could, absolutely, Ann. So some things don't change as you said. The trends don't change. The security teams being overburdened, overwhelmed with all the different regulations, attack vectors and all of that. That doesn't change.
But then the appetite and the speed and the decision making is a little bit different. Talking about Germany, because I was there a couple of weeks ago, you'll see a lot of push and drive around securing of the cloud piece and the cloud and the development piece because it's a little bit like in some places, and again, it's it's new ones, you know, take it a little bit with a grain of salt, but it's like the the move to the cloud happened first, and then people started thinking about how to secure them. You know, in the in the German market, like in other European markets, it's like, okay, we are doing the move, but we want to do it with the security mindset from the beginning. For example, there it generates a lot of movement around and a lot of market dynamics and a good good opportunity for us as thought leaders in that space around securing the cloud environments, including the developers in a way that is different from securing an IT admin. On the flip side of that, don't go to those, that market is not even ready to talk about Copilot and enterprise chat GPT in their in their companies.
Shaul Real, Cybersecurity Research Analyst, TD Cowen: Not yet.
Eduardo, COO, CyberArk: Not yet. So it's a very different adoption mechanism. So our go to market teams are very experienced and they know how to position which solution depending on maturity. If you're in Japan, don't have IGA and they're very early into the PON deployments.
Shaul Real, Cybersecurity Research Analyst, TD Cowen: This is where Zilla can come into play for example.
Eduardo, COO, CyberArk: Zilla could come into play because it's an untapped market there and time to value and experience is critical for them. So it could be same way AI is because it's one of the critical factors of investment in this company is more around the AI piece. So those will be some of the nuances, consolidating towards small amount of vendors to to be able to cover a bigger portion of the scope, that doesn't really change.
Shaul Real, Cybersecurity Research Analyst, TD Cowen: Understood. Questions from the audience before we proceed?
Hugh, Unidentified speaker: Hugh, here. Two quick ones. One is, just want to confirm the threat vectors that you're seeing and the sensitivity to threat vectors is consistent across geographies. In other words, you're not seeing more sensitivity, for example, to the things that you're looking at for security agents seem to be the sort of the same things you've looked at historically. And, obviously, you use a lot of the things that you learned in
Eduardo, COO, CyberArk: So starting with the first one, in terms of the threat landscape, absolutely through what you said, I do not see a significant difference in the different regions, in the different countries when it comes to that threat vector. I see a lot of consistency there again. The nation state attacks, the cyber criminals, all of that, I see it very consistent across. To the second question, that's why we say it's actually bringing the two worlds together. I think a lot of what we are doing today, what the companies are doing today around machine identity and securing machine machine identities from the secrets, from the API, from certificates and the and the, you know, the exacerbated need to automate that, right, because of the proliferation plus the short and indirections and all of that.
That level of automation and scale, it's absolutely critical to have solutions in place even before you get to securing the AI agents. It's going to come from that direction. But the solution to then do that, even if it is at scale and automated, it's more than just what you would need to do to manage certificates or manage keys. It's that plus the human privilege adaptative controls because they will behave a lot of that as as in that human behavior. So in terms of session monitoring, in terms of identifying threat and response of the behavior and the analytics behavior that we see of that identity, what it's doing, that's where the the the privilege the human side of the privilege, it's going to come in.
It's still a machine. It's just that we're to have to leverage controls from the human side to be able to protect it effectively because it's not going to follow. It's not a pure automation play, cause it's nondeterministic, it's adaptable, it will find ways to do and to reach a goal.
Shaul Real, Cybersecurity Research Analyst, TD Cowen: Eduardo, as as we think about CyberArk's go to market Mhmm. Strategy going forward, You've indicated 90% of revenues are being channeled through your partners for that Do you see any changes? And by that I mean, we had seen some companies in the past as they scale, as they become bigger, they are also standardizing more on the number of partners and maybe some of the smaller VARs, mid sized VARs, partners are receiving less attention. How do you see CyberArk's go to market strategy unfolding from that angle?
Eduardo, COO, CyberArk: So I think our our posture there is we I think that one of the secrets, right, of a well oiled and well executing go to market engine is actually both the size and the variety of our partner landscape. From the big GSIs to the MSPs to the small local niche boutique partners to the distributor to all the spectrum of the partnerships. I do not anticipate or foresee that we would have a change in that, and we'll continue to invest across the board. That being said, I think there's two or three dynamics, you know, maybe to highlight. One, you know, the continuing development investment of the business through MSPs, the managed service providers.
You know, that's a trend we've seen in our app. Year 50% growth year over year, I think last three years on the MSP, and we see that continue to play. I think with new solutions to land, like for example, Zilla, landing with more than IGA. And even, partially even on the Venafi side, the ability to this bars and distributors that have more of the dimension engines and the selling engines, being able to even pivot even more to help us with a new business, with a new logo generation is another area. And then, we'll always have the need to continue to build expertise in our partners.
Think we certified already hundreds of professionals at all partners to deliver, to deploy, Venafi, for example. Now with IGA, with the modern IGA, we'll need people certified on that. We need to be present with a light level of expertise in all the different regions and all the different portfolio solutions. My my convincement is that that creates creates opportunity for the whole ecosystem to scale versus maybe centralizing too much.
Shaul Real, Cybersecurity Research Analyst, TD Cowen: Got it. Maybe just to wrap it up, on the competitive landscape front, when we cover the identity, the access management from its various categories, PAM, authorization, authentication, IGA. We have always found that specific market to be highly complex. You don't have too many players in the first pay in the first place. We have seen rapid consolidation.
So maybe from where you sit, have you seen a lot of newcomers, new startups? Because from what we've said, there appears to be this pretty much status quo. Maybe there will be one or two newcomers to emerge. But unlike cloud security that has seen an influx of really a couple of dozens of companies, we don't see that in identity.
Eduardo, COO, CyberArk: Agree with you. I think if we talk about who's the competition that we see out there, like in the different parts of the market where we we have to wait. Kind of the same. So you have, you know, the Corp, know, sometimes, you know, like BeyondTrust or the linear come up, know, especially in certain parts of the market, a little bit more towards non market. You're talking secrets, you're still talking about HashiCorp.
Yeah, IBM. Showing up there with IBM. We talk Venafi, maybe the only at scale, same level of scale competition is key factor in some regions with a bigger presence than others. We only really go and compete with the Octans or others, if we are on a workforce opportunity. But now, with modern IGA, it's more, there's more of this kind of younger companies that were born in the modern IGA space.
But that's about it. I don't see a lot of change in the landscape. There's a lot of talking about it, right? With everyone becoming an identity company and coming into privileged access management. But it does not really translate into customer behavior.
Shaul Real, Cybersecurity Research Analyst, TD Cowen: Got it. With that, Eduardo, thank you so much for joining us. Thank you so much. Boris, thank you for joining us. Thank you everybody.
Appreciate it.
Eduardo, COO, CyberArk: Thanks.
This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.
Written By: Investing.com
Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.