This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
spk00: Ladies and gentlemen, thank you for standing by, and welcome to the fourth quarter 2020 Rapid7 Earnings Conference Call. At this time, all participants are in a listen-only mode. After the speaker's presentation, there will be a question and answer session. To ask the question during that time, you will need to press star 1 on your telephone. Please be advised that today's conference is being recorded. If you require any further assistance, please press star 0. I will now hand the conference over to your speaker today, Sunil Shah, Vice President of Investor Relations.
spk08: Thank you, Operator, and good afternoon, everyone. We appreciate you joining us today to discuss Rapid7's fourth quarter and full year 2020 financial and operating results, in addition to our financial outlook for the first quarter and full fiscal year 2021. With me on the call today are Corey Thomas, our CEO, and Jeff Galowski, our CFO. We've distributed our earnings press release over the wire, and it is now posted on our website at investors.rapid7.com, along with the updated company presentation and financial metrics file. This call is being broadcast live via webcast, and following the call, an audio replay will be available at investors.rapid7.com until February 16, 2021. During this call, we may make statements related to our business that are forward-looking under federal securities laws. These statements are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995 and include statements related to the company's positioning or future goals and financial guidance for the first quarter and full year 2021, the assumptions underlying such goals and guidance, including the anticipated impact of COVID-19 on our financial guidance, business, financial condition, results of operations, and renewals, and our assumptions on the pace of economic recovery in the global economy on our future results of operations and product strategy. These forward-looking statements are based on our current expectations and beliefs and on information currently available to us. Actual outcomes and results may differ materially from the expectations contained in these statements due to a number of risks and uncertainties, including those contained in our most recent quarterly report on Form 10Q and in the subsequent report that we filed with the SEC. The information provided on this conference call should be considered in light of such risks. Actual results and the timing of certain events may differ materially from the results or timing predicted or implied by such forward-looking statements, and reported results should not be considered as an indication of future performance. Rapid7 does not assume any obligation to update the information presented on this conference call, except to the extent required by applicable law. Our commentary today will primarily be in non-GAAP terms and reconciliations between our historical GAAP and non-GAAP results and guidance can be found in today's earnings press release. At times, in our prepared remarks or in response to your questions, we may offer incremental metrics to provide greater insight into the dynamics of our business or our quarterly results. Please be advised that this additional detail may be one time in nature, and we may or may not provide an update in the future on these metrics. With that, I'd like to turn the call over to our CEO, Corey Thomas. Corey?
spk12: Thank you, Sunil, and good afternoon, everyone. Thank you all for joining us today for our fourth quarter and full year 2020 earnings call. I am pleased to report the Rapid7 team delivered a strong finish to 2020 that exceeded our expectations across both security transformation solutions and vulnerability management. Full year ARR growth of 28% to $433 million demonstrates our ability to capture the large and growing opportunity as organizations transform their security operations for the cloud. Rapid7 remains steadfast in our effort to help customers advance securely into the cloud. To further this goal, we began 2021 by expanding and strengthening our cloud security offering with the recently announced acquisition of Owlseat, which I will touch on in a moment. Looking back on 2020, I am proud of our team's resilience and commitment to serving our customers amidst a challenging year for many. I will begin today by sharing some insights on recent customer engagements that provide clarity and confidence into Rapid7's long-term position and prospects. I will then touch briefly on our innovation-focused and enduring goals before turning it to Jeff to detail our financial results and guidance. Over the last 10 months, we have seen organizations respond to unprecedented global disruption by accelerating digital transformation to cope with a more distributed cloud-centric world. Enterprises and mid-market businesses alike are overhauling their systems to build new cloud-native applications to digitally engage with customers, employees, and partners. These investments are happening across industry lines in retail, manufacturing, education, and healthcare, to name a few. But in the midst of this massive increase in digital investment, recent events in the cybersecurity landscape are a sobering reminder that digital risk has never been greater. These events put security squarely back in focus for boards and management teams, solidifying security as a critical component of ongoing transformation investments. Even prior to these events, we saw an escalated security focus amongst our customers and prospects throughout 2020 as security was reprioritized alongside digital initiatives. During the fourth quarter, we saw strong demand for our Insight platform products as customers looked beyond investing to work-from-home enablement to an enduring set of initiatives tied to securing cloud and digital investments. One initiative is that customers expand their technology footprint they are engaging with Rapid7 to upgrade their SOC with modern detection response to better monitor expanding threat vectors. This was the case for an existing Fortune 500 retail customer who was actively transforming their customer experience. They were challenged to consolidate risk visibility across an expanding footprint with an assortment of disconnected security technologies and services. Having a single trusted security partner that they could scale with spoke volumes to them. So this customer centralized their security architecture on the insight platform by adding IDR alongside their existing insight VM deployment. Because our cloud native offering and unified insight agent, this customer was actively monitoring within two weeks of purchase. This time to value is critical to our customer success in today's dynamic threat environment. During 2020, we saw IDR resonate with international customers in part for this reason. For example, in the fourth quarter, we engaged with an international healthcare customer who was seeking improved threat visibility after experiencing a security event. This customer loved the ease of getting IDR up and running along with the visibility it provided across their external attack surface. They also realized the platform value of a unified agent that both detects threats and monitors for vulnerabilities, and as a result, purchase insight VM at the same time. Another enduring security initiative is that as customers accelerate cloud investments, they're grappling with limited insights and are trying to rapid seven for improved visibility and control in their cloud environments. During the fourth quarter, we continue to see growing interest for our cloud security technology across both new and existing customers. A great example of this was a cloud security deal in the quarter with an existing Rapid7 technology customer. Upon evaluating DiviCloud, this customer recognized the power of its automation capabilities and adaptability for their environment, driving them to consolidate onto Rapid7 by replacing their existing cloud security offering. This deal resulted in a greater than tenfold increase in this customer's ARR. These deals clearly validate Rapid7's success and expanded beyond our vulnerability management roots to become a leading cloud native security operations company today. They demonstrate the increasingly strategic nature of Rapid7's best in switch approach to solving the full scope of our customer security operations challenges from VM to detection response to cloud security and automation. The result is that once again, we experienced strong demand for our security transformation solutions in the quarter. which grew over 40% exiting the year. We expect continued momentum as we look ahead to 2021 and are excited about the opportunity to build upon this success. We remain focused on delivering an inside platform experience that combines market leading technology and platform value for differentiated customer experience. One great proof point is the early validation we saw in the fourth quarter with our attached motion. Specifically, we saw strong early customer demand for our capability to attach automation as an add-on to other Insight products purchases, driving a record quarter for Insight Connect. Coupled with the ongoing success of our network traffic analysis and enhanced endpoint telemetry modules, we see a compelling opportunity to drive deeper customer engagement on our Insight platform. A great example of this was a new manufacturing customer we signed in the quarter. This customer was looking to scale security operations and improve visibility in response to a breach. But managing desperate tools was a major pain point for them. They recognized that a single Insight platform experience could improve coverage and make management significantly easier. They purchased Insight VM to remediate risk, Insight IDR with NTA to detect and respond to threats, and Insight Connect for automation across the platform. We remain early in our platform journey, but see tremendous opportunity ahead and will continue to evolve our bundling and packaging opportunities throughout 2021. We expect this will support durable growth in our ARR per customer, which ended the year at $44,500, growth of 18% over the prior year. Turning now to innovation, starting with the cloud. As companies migrate to the cloud, the influence of DevOps is critical to the process. Rapid7 is focused on delivering cloud security that sits at the intersection of dev and DevOps. So I'm excited to share more about our recently announced acquisition of IELTS. As developers rapidly adopt Kubernetes for freedom and flexibility in cloud-native development, security must keep pace. Ouseed's leading cloud workload protection platform is designed to enable organizations to innovate in the cloud without sacrificing security by providing real-time visibility, container runtime monitoring, and threat detection. Adding Ouseed's cloud workload protection to Rapid7's existing cloud posture management and cloud identity capabilities in Divi Cloud positioned us to deliver a market-leading cloud-native security platform. that delivers continuous security to our customers across multi-cloud environments. The acquisition of Owl Seeds puts us another step forward in solving the security stakeholders need to manage risk and compliance while meeting the DevOps teams where they are in the cloud. Shifting to vulnerability management. It is important to note that the cloud is not the only place today where customers lack visibility. As organizations' asset footprints expand, with OT and IoT connected devices, so too does the threat footprint. Security teams are increasingly responsible for protecting and managing risk in these environments, but often lack the visibility and controls to do so. Rapid7's recent strategic partnership with K-Defense, a market leader in industrial cybersecurity, and Medigate, a leading medical device security provider, provide our respective joint customers with a more holistic risk visibility and management across their digitally connected environments. These integrations will enable visibility to OT, IoT, and medical device information directly in Insight VM so that security teams can perform active scans to gain improved visibility into those environments. Wrap it up with a brief update on our goals. Last year, I shared three enduring goals for our business that remain core to our focus today as we look ahead. Our first goal is to be a leader in enabling customers to transform their security operations around the cloud. Over the past year, we have invested in our product capabilities and built a meaningful position in cloud security. We recognize that customer challenges in the cloud are multifaceted, and during 2021, we will continue to innovate as our customers leverage our security transformation solutions to secure their digital experience. Our second goal is to accelerate our platform distribution engine. The early success we have seen with our evolving expand motion in 2020 validates our long-term opportunity to expand ARR per customer. Over the coming year, we will continue to focus on lowering the barriers for our customers to more easily adopt a broader set of our best in class insight platform products and solutions. Finally, our third goal is to drive long-term operating leverage while investing for growth. We're proud to have demonstrated strong execution and operational discipline this past year by maintaining profitability while absorbing our largest ever acquisition and navigating a volatile macro environment. Moreover, we have done so while continuing to invest aggressively behind a large and compelling market opportunity, which positions us to continue driving durable growth as we focus on scaling free cash flow over the long term. In closing, I'm excited about the opportunity that lies ahead and would like to thank our entire Rapid17 for their ongoing efforts to make the best in security operations accessible to all. Before I turn the call over to our CFO, Jeff, I would like to take a moment to invite all of you to our upcoming Virtual Investor Day to be held on the afternoon of March 10, 2021. If you have not yet received an invite, please reach out to our IR team. We hope you can attend. Thank you all.
spk14: Jeff? Thanks, Corey, and good afternoon, everyone. Before I begin, a brief reminder that except for revenue, all financial results we will discuss today are non-GAAP financial measures, unless otherwise stated. and reconciliations between our GAAP and non-GAAP results can be found in today's earnings press release. We're pleased to report solid execution as Rapid7 delivered a strong finish to the fourth quarter and full year 2020. Total ending ARR of $432.9 million grew 28% over the prior year as customers turned to Rapid7 to help solve their security transformation and vulnerability management challenges. A strong reaction we see across our business fuels our confidence in continuing to invest for durable growth and margin expansion ahead. Full year revenue of $411.5 million exceeded the high end of our guidance, growing 26% over the prior year. We experienced strong demand for our Insight platform products during the year, resulting in better than expected products revenue growth of 29% over the prior year to $382.9 million. As Corey shared earlier, we see the early stages of an enduring wave for organizations to secure their growing cloud and digital investments. This is reflected in the success of our security transformation solutions, which once again grew over 40%, led by strong demand for our detection and response cloud and automation offerings. Rapid7 is well positioned to help customers advance securely into the cloud with our Insight Platform, and we're investing to capture this high-growth market opportunity. This is evident in our operating results as we reinvested top-line overperformance back into the business while still delivering operating profit at the top end of our guidance range of $2 million for the full year. Our success in 2020 was once again driven by balanced contribution of business from both new and existing customers throughout the year, with our security transformation solutions representing over 50% of new ARR for the full year. We saw continued healthy growth in our customer base as we ended the year serving over 9,700 customers globally, a year-over-year increase of 8%. We also experienced great success expanding relationships with existing customers throughout the year as they leveraged more of our VM and security transformation products to secure their growing digital footprint. As a result, we ended 2020 with ARR per customer of approximately $44,500, growth of 18% over the prior year. Turning to fourth quarter results. Fourth quarter total revenue of $113.2 million was above the high end of our guidance and grew 23% year-over-year, while products revenue grew 26% year-over-year to $104.4 million. Looking at the business geographically, North America revenue grew by 23% year over year and comprised 83% of total revenue for the fourth quarter, while rest of the world grew by 26%, representing 17% of total revenue. Total gross margin for the fourth quarter was 73%, down slightly from the prior quarter and down from 75% a year ago, driven by a growing mix of our cloud-based offerings. Sales and marketing expenses grew 22% year over year, reflecting continued investment and growth and improved to 44% of revenue in the quarter compared to 45% in the year-ago period. R&D expenses grew 34% over the prior year and represented 20% of revenue, up slightly from 19% in Q4 2019 as we continued to invest in innovation. G&A expenses grew 12% and improved to 9% of revenue compared to 10% a year ago. Fourth quarter operating loss of $0.7 million was slightly better than the high end of our guidance range of $0.8 million, reflecting strong execution coupled with our focus on reinvesting top-line outperformance to support durable growth and profit expansion ahead. Adjusted EBITDA for the fourth quarter was approximately $3 million, and net income per share was a loss of 7 cents. Moving to our balance sheet and cash flows. We ended Q4 with cash, cash equivalents, and investments of $322.6 million compared to $331.4 million at the end of Q3 2020. Fourth quarter operating cash flow of $.6 million was better than expected, driven by strong billings and collections activity in the quarter. As a result, full year operating cash flow of $4.9 million exceeded our prior expectation of approximately break-even. During 2020, we completed a significant portion of our facilities expansion projects, resulting in full-year capital expenditures of $13.8 million. We also incurred $6.1 million in capitalized software spend, resulting in full-year 2020 free cash flow of a loss of $15 million, a notable improvement for the prior year loss of $36.9 million. Shifting now to guidance for 2021. The strong demand we experienced during the second half of 2020 validates our thesis that organizations of all sizes are undergoing digital transformation, driving the need to modernize their security architectures. As customers lean into the cloud, they are leveraging Rapid7's best in suite insight platform to extend their security operations in the cloud. Looking ahead, we plan to continue investing behind our best in class security transformation and vulnerability management offerings in 2021 to provide enhanced monitoring, automation and cloud security capabilities to our customers. Given these trends, we see a compelling opportunity to drive durable growth in 2021, but recognize that some magnitude of pandemic-induced economic risk remains due to an uncertain resolution timeframe. As a result, in framing our initial expectations for 2021, we are balancing long-term optimism for our business with ongoing near-term global health challenges. With that framework in mind, let me start by sharing our full year expectations. For the full year 2021, we expect to deliver total ARR growth of approximately 20%. We will aim to share relevant updates to this expectation as we gain increased visibility to a more broad-based resolution of the pandemic likely during the second half of the year. We anticipate total revenue for the year to be in the range of $488 million to $496 million, representing approximately 20% growth at the midpoint. We expect non-GAAP operating income to be in the range of $12 million to $16 million for the full year. This reflects ongoing investments in growth and innovation while still delivering on our growth and profitability framework. As is our typical approach, we expect to reinvest any upside back into the business to support our long-term objectives. Before I provide non-GAAP EPS guidance, a brief aside on the updated accounting standard, ASU 2020-06, issued in mid-2020 and related to the accounting for convertible debt instruments. The updated standard changes the way that convertible debt is accounted for, among other things requiring the use of the if converted method for diluted EPS calculations. We intend to early adopt this standard on a modified retrospective basis as of the start of our new fiscal year beginning January 1, 2021. The updated standard will have the effect of reducing our GAAP net interest expense on our income statement. It will have no impact on our reported non-GAAP net income. Based on our current expectations, the if-converted method is not dilutive to non-GAAP EPS for the full year 2021. So at this time, we do not expect adoption of this standard to impact our non-GAAP diluted EPS calculation for the full year 2021. The updated standard will also result in an increase to the carrying value of our convertible debt on our balance sheet to the principal value less any unamortized debt issuance costs with an offsetting decrease to stockholders' equity. The standard will have no impact on our cash flow from operations. With that, turning back to guidance, we anticipate non-GAAP net income per share for the full year to be in the range of a loss of 3 cents to a positive 4 cents per share, which is based on an estimated 53.5 million basic and 56.4 million diluted weighted average shares outstanding. With our major facilities expansion investments now behind us, our focus turns to scaling positive free cash flow over the long term as we invest for durable growth in our business. For the full year 2021, we expect to generate free cash flow of approximately $10 million. As a reminder, we define free cash flow as cash flow from operations plus capital expenditures and capitalized internal use software costs. Moving to quarterly guidance. For the first quarter of 2021, we anticipate total revenue to be in the range of $113.2 million to $114.8 million, growth of 20 to 22 percent. We anticipate non-GAAP operating income for the first quarter to be in the range of a loss of $0.7 million to positive $0.3 million, and non-GAAP net income per share to be in the range of a loss of eight cents to a loss of six cents, which is based on an anticipated 52.5 million basic weighted average shares outstanding. Note that our first quarter and full year 2021 guidance includes the anticipated impact of the alt-seed acquisition, which as we shared is not expected to have a material impact to our financials. In conclusion, as we enter 2021, we remain excited about our opportunity to drive durable growth while scaling profitability and cash flow over long-term as we work to make the best in security operations accessible to all. With that, we appreciate your time and support and will now open the call for any questions. Operator?
spk00: Thank you. Ladies and gentlemen, if you have a question at this time, just press star then 1 on your telephone keypad. To withdraw your question, simply press the pound or hash key. Please stand by while we compile the Q&A roster. Our first question comes from Sakit Kalia with Barclays. Your question, please.
spk04: Hey, guys. Thanks for taking my questions here. How are you?
spk12: Doing well. Good chat with you.
spk04: Yeah, same here. Hey, Corey, maybe first for you. You touched on this a little bit in the prepared remarks, but can you just talk about what customers that you speak with are saying post-SolarWinds breach on the importance of vulnerability management? And maybe relatedly, talk about how this impacts other parts of Rapid7's portfolio, like SIM and application security.
spk12: That's a great question. And so we've been spending a lot of time, as you can imagine, trying to understand how our customers see the world post the breaches that happened at the end of last year. And there's a couple of key observations. The first and probably the most important is, is that security is back in the forefront of boards and management teams' minds, which I actually think bodes well for sort of long-term demand and long-term focus. The second thing, as you can imagine, directly to your question around vulnerability management, is that most of the people that we're talking to see vulnerability management and the visibility around it as strategic. The thing that they're also very aware of, though, is that it's not just identifying and having the visibility into the vulnerabilities. You also have to remediate them. That's a long-term task. And so they're focused on that and they're looking at how they do that. In relation to the other part of your question, what we're seeing very, very clearly is just as people see visibility and vulnerability management as strategic, they're seeing detection and response as a hot, urgent need right now. Because the question is, do I actually have attackers in my environment right now? And so what we see is an acceleration and a sense of urgency around detection and response. So when you think about our broader portfolio is digital transformation is clearly driving both cloud and, frankly, all of SecOps. The recent attacks is driving high urgency, especially in the time period that we're in now around do I have attackers in my environment and detection and response. And then people are thinking about the fundamentals of how they manage their cybersecurity, which bodes well for the long-term health of vulnerability management overall.
spk04: Got it. Got it. That's helpful. Jeff, maybe for my follow-up for you, maybe just on the cost and margin side, can you just talk about how you're thinking about travel and office-related costs coming back in 2021? You talked about sort of balancing some views, including kind of the pandemic through the year. And maybe as part of that, just broadly remind us how you think about that growth and margin formula long-term. Does that all make sense?
spk14: Sure, sure. It's a good question. So look, in the first half, we're not expecting any significant increase in our travel. It's very much a wait-and-see attitude just to see how the pandemic plays out. We would expect that in the second half, those costs would gradually increase. But look, we're really dependent on what we see with COVID. So to the extent that you know, it's very favorable, then we'll increase travel and increase those expenses. And I would expect, you know, most companies are looking at it the same way. With respect to our growth and profitability framework, you know, I want to reiterate, you know, our framework that we've been talking about. So if, you know, in our growth ranges, we do expect modest leverage. If we're in 20% to 25%, we would expect that we would increase leverage in the 2% to 3% range. If it's 25 to 30, 1 to 2, and it's over 30%, it would be less. I will point out that, as Corey mentioned, we are planning an analyst day on March 10, and we'll do a much deeper dive into our long-term margins at that point.
spk03: Look forward to it. Thanks, guys.
spk14: Thanks. Thank you.
spk00: Thank you. Our next question comes from Matt Hedberg with RBC Capital Markets. Your question, please.
spk02: Sure. Hey, thanks for taking my question, guys. Jeff, 2020, in your deck, you talked about 28% ARR growth was really a combination of 8% growth in customers and 18% ARR expansion. As you look to the 2021 guide at a starting point of around 20%, how do you think of the components of those, I guess, both on the new customer side, the ARR expansion, and maybe a little bit more on the churn aspect of the story as well?
spk14: Yeah, so with respect to the ARR per customer, you know, we have multiple levers. I mean, it's really, as you know, growth in customers and growth in the ARR per customer. So, you know, we have ARR from brand new customers. We have upsells and cross-sells. And, you know, this year, you know, all three elements grew and contributed to that, both, you know, new customers upsell and cross-sell. It is a healthy balance. Historically, it's been sort of a 50-50 mix from ARR for brand new customers and from the base. With the pandemic, it's probably leaned a little bit more towards the base. This year, it was 18% customer growth and 18% ARR per customer. Those two levers drove about a 28% overall ARR growth. So with respect to 2021, we would expect the same healthy mix. It's difficult to predict exactly those percentages, but I think you can look at, you know, on the customer growth, you can look at sort of, you know, those levels to continue. With respect to churn, I think our churn rates are healthy. Our retention rates are healthy. So, you know, we don't see any trend there that would alter that. You know, right now, all the trends are positive.
spk12: Yeah, and just to follow up on Jeff, we expect to see balance. You know, what I would say is that with the momentum that we're seeing overall on the platform side, I would expect a slight shift potentially in the ARR per customer on the balance side of the equation just because we're really building our customer brand and we're seeing good response from customers.
spk02: Well, that's great, Corey. And actually, it does tell to my second question. You know, it was great to hear you talk about DiviCloud this quarter. obviously it could be a material driver of error per customer. How do you think about, you know, where are we at right now in sort of, you know, the messaging? You know, obviously you called out the nice win, but just, you know, is there other things that you guys can do to draw a broader adoption of that? Because it seems like that's obviously a material driver, you know, that could represent some upside here at some point.
spk12: Yeah, so just for where we are, as you think about it, as we exited last year, We really started the process of having DiviCloud accessible to the broader Rapid7 Salesforce. This year, you can expect it to be more fully into, especially our enterprise Salesforce. So you can think about a larger team selling DiviCloud and also reflect it in our partner organizations because we have a coin business that actually is very healthy going to partners. And so that's a big focus area. So, you know, one way to think about it is that DiviCloud has gotten great customer feedback, great adoption, and we're steadily increasing the distribution, but in a way and in a pace to make sure that we're onboarding customers in a successful way.
spk02: Thanks a lot. Congrats on a strong close to the year. Thank you very much.
spk00: Thank you. Our next question comes from Ryan Essex with Goldman Sachs. Your line is open.
spk13: Great. Thank you very much. And thank you for taking the question. Maybe, Corey, you mentioned your prepared remarks. You talked about enterprises looking beyond work from home and toward cloud security. And then, you know, in response to Socket's question you mentioned, I think that, you know, VM was becoming strategic. Where do you feel as though VM is with regard to spending priorities within your customers' budgets? And can you put some context around, you know, how this kind of shift in mindset would affect priorities?
spk12: Yeah, so you mean specifically VM?
spk13: Yes. Well, VM and then maybe a broader platform as well.
spk12: Yeah, no, absolutely. So I think one way to think about it is VM is strategic, but the benefits of it are long-term oriented. And so what you're seeing is that people planning around VM, you see some uptake, but it doesn't have the same urgency as we actually see in areas like detection and response and cloud, and even some of the automation stuff where we saw higher degrees of urgency as people were building out their stocks. That said, we expect continued healthy growth in the vulnerability management business. We're continuing to see growth and expansion in vulnerability management. But in general, it does not have the same level of urgency as some other parts of our security operations solutions.
spk13: Understood. That's helpful. Maybe to follow up, you also referenced a new manufacturing customer looking to scale their security operations, and the management of disparate tools is a pain point for them. Could you provide a little bit more detail around what they were using and what the opportunity was that you addressed and who you might have displaced there?
spk12: Yeah, so we don't typically comment on competitors. It's not our style. But I would say what they were trying to really do was to think about how they upscale their entire security operations infrastructure and And what we're finding more broadly is more and more both our customers and even new customers, which is a little bit of a surprise to me, are starting to think more holistically about how they build out a more robust security program in practice.
spk13: Got it. And maybe was this win because you had a broader platform or was it the quality of the technology? How would you kind of frame that?
spk12: All of the above. I mean, first and foremost, we believe deeply that the only way for us to win is to actually be best in class in what we do. So we have a strategy of best in class technologies and solutions on a common platform. that provides accessibility and ease of use. And we find that that's the winning solution. If you give customers a best-in-class technology that's one they talk to in its field, and you actually say you have it on a common platform that focuses on your productivity and ease of use, that's a consistent winner, and we're seeing that message resonate more and more.
spk13: Super helpful. Thank you so much, and congrats on the results. Thank you.
spk00: Our next question comes from Jonathan Hall with William Blair, your question, please.
spk09: Hi, good afternoon. I just wanted to maybe start out with, you know, what you're seeing in the DevOps environment. And also, you know, particularly around cloud container, you know, what can I guess the LC acquisition add to your portfolio? And you know, how quickly is that market growing now? Like, have you have you seen some sort of inflection or some sort of increased investment over the past year? Thanks.
spk12: It's a great question because cloud is moving fast, as you can well imagine. And so if you think about our platform, we're focused on holistic cloud security. We want to be hands down the same thing that we do for security operations, about helping people have visibility, helping people analyze their risk infrastructure, and helping people automate the containment and the security of of their infrastructure is our goal for the cloud environment. Now, cloud has a slightly higher focus on both automation, because that fits more with the dev approach to doing things, and a slightly higher approach to protection, because that's more consistent with what you actually need in a cloud environment. And so that's our focus as we actually think about the evolution. You know, the big change in the last year, and you think about why I'll see what's so relevant, is we have seen a shift in containers where you see a bigger pickup around and momentum around Kubernetes specifically. And so we believe that general container security is absolutely essential and important, but we are seeing lots of people, if they really think about scaling into the cloud and, frankly, scaling their cloud and container investments, take a Kubernetes-centric approach, and we're seeing that both in our customers and in the broader overall market. As far as what ILC specifically does, it actually gives us a couple different capabilities. One, it gives us enhanced visibility. You can think about that aligning tightly around our overall cloud security posture management, but think about doing that for Kubernetes. But it also provides both great analytics capabilities and protection capabilities that really helps us think about how do we secure the Kubernetes environment in the cloud.
spk09: Got it. And then you talked about making it easier for customers to buy multiple products. What are some of the initiatives that you're targeting that can maybe reduce some of the friction and allow you to recognize that opportunity? Thank you.
spk12: Yeah, it's a great question. So it's a big area of focus for us. So there's a couple of different ways that we're actually approaching sort of reducing friction overall. The first thing is, as you can imagine, just making the packaging and pricing simpler, about how you actually remove any barrier that you can for pricing and packaging. And you saw some of my commentary and some of the prepared remarks about how some of those approaches, even though they're early, are paying early dividends. And so we're quite optimistic about going along in the past. But the second aspect, which is frankly more important, is how do we actually instantiate that in product offerings? And so we're really making heavy investments in the platform team that allows people to actually pivot from one solution to another solution in context of what they're doing, and then be able to select the ability to be able to bill for that appropriately over time. That is an investment not just in the technology itself, but also in the infrastructure that supports the dynamic usage and the billing of that over time. Those are two things that we're really focused on heavily that allows our customers to get the value that they need when they need it without having to make lots of decisions up front about what solutions they're going to face in the future. If you think about security, it's a problem that you don't necessarily know when you start a year what your problem is going to be. And so what we want customers to be able to do is to, as they actually either have changed their priorities or have to tackle different problems, We want to be fast and dynamic to actually deploy rapid technologies to solve those problems.
spk09: Great. Thank you.
spk12: Thank you.
spk00: Our next question comes from Adam Tindall with Raymond James. Your question, please.
spk07: Okay. Thanks. Good afternoon. I just wanted to ask, I think you mentioned that security transformation solutions were 50% of new ARR. I'm wondering if you could help us with what percent of total ARR they are at this point. Secondly, if you could touch on the profitability metric for that portion of the business, I'm wondering, are they hitting S-curves and driving the profitability that's implied in 2021 because you're going to add a similar amount of new ARR next year but much healthier profitability profile to wondering if they're hitting some S-curves on profitability?
spk12: Yeah, so I'll take the initial one. My main tag team went to Jeff about sort of like the total. So, you know, one way to think about security transformation solutions is that we see it as providing durable growth. And so, you know, our expectations internally is that it's going to provide – our focus is sustained growth of over 40%. We saw that last year. Our hope and our expectations to see that continue over the course of this year. And of course, we actually expect the margins to improve on that as it continues to scale. We tend to manage things in a pretty, as you would expect, operationally in such a way as things. We're happy to make investments early on for high dividends in the future, but as things scale, we expect the margins to improve. Now, I know it's a little bit trickier because we have different things at different stages of evolution, but what I would say in general is security transformation solutions has a good growth profile. It's a reasonable share of both new and total ARR, and it actually continues the high growth pile that we actually laid out at over 40% last year, 40% this year. and the margins on that continue to improve as we scale, which, by the way, is reflected in our broader margins continuing to actually scale up over time.
spk14: And I think your question was what percent of the total ARR is security transformation products. It's over a third and growing rapidly, still over a third, becoming a greater percentage of the mix each quarter.
spk07: Okay, that's helpful. Maybe just a quick clarification on the back of it, Jeff. You had mentioned just mechanically that in the back half of 2021 that costs are going to increase because T&E comes back, which is understandable. But if I look at the income from operations guidance, it looks second half weighted or at least Q2, Q3, Q4 based on Q1 guidance. What am I missing there? The costs are coming back, but the EBIT is going to expand. What are the offsets for when costs come back?
spk14: Well, excuse me, we have higher revenues over the course of the remainder of the year, higher margin that's offsetting the OPEX increase over the course of the year. So Q1, we have some front-loaded marketing expenses, and then we get more profitable as the year progresses.
spk07: That's pretty much consistent with prior years. Got it. That's helpful. Congrats on 2020. Thank you.
spk00: Thank you. Our next question comes from Rob Owens with Piper Sandler. Your line is open.
spk11: Great. Thanks for taking my question. Corey, you mentioned, I think, in the Q&A around strategic prioritization of VM and how it's taken a backseat historically. But when you do see opportunities on that side of the business, is this a function of the formalization of VM programs, replacement opportunities, expansions of existing, kind of all of the above? Maybe you can walk us through where you're seeing traction on that front?
spk12: I think it's a great question. I think it's been pretty consistent. So we still see the maturing of the international market, so we still see opportunities there. That's also true, I would argue, of the mid-market where we see maturing. When you think about the larger enterprises, I would think about that as upgrading the program and the capabilities by and large. Your case is in Greenfield, but it's a heavy focus on upgrading the capabilities. and maturing what they actually have in place from a vulnerability management side of the equation.
spk11: Do you still run into much open source as you're upgrading those capabilities, or is it kind of the vendors we all know that you'd be competing against?
spk12: I would say it's primarily vendors that we all know. In some cases, you do see things like Nessus out there, and people are thinking about sort of like how to upgrade and sort of provide a more enterprise-wide vulnerability management solution. But there's still lots of the – shockingly, I would say, there's still some legacy vulnerability management solutions out there that still have traction in enterprise. It's changing steadily, but they still exist.
spk11: Sure. And then, Jeff, on the retention rates, as we've seen that trend down, when should that start to move the other way, especially given some of the positive commentary around expansion sales and cross-selling?
spk14: Rob, your question is on the 103%. Is that what you're asking about?
spk11: Yeah, the 103% and when we should start to see that move the other way, if at all. And I know there's a lot of different puts and takes to that number.
spk14: Yeah, so... A couple of points on that. First off, as you know, we don't manage to that metric, the 103%. With our mid-shift towards more security transformation products versus VM, there's less upsell, but we get higher ARR because they're buying more of their environment up front. If things change with the cloud and there's more... upsells over the course of the year, that, you know, that number could tick up. But right now, you know, we're not managing it to it. We're not managing to it. Our key metric is ARR and ARR per customer. That's really, you know, what we're managing to.
spk11: Great. Thank you, guys. Thank you, Rob.
spk00: Thank you. Our next question comes from Greg Moskowitz with Mizzou. Your question, please.
spk01: Okay, thank you, and thanks for taking the question. So, Corey, it doesn't sound as though you're embedding anything in your guidance. I'm just curious how you're thinking about the potential of the SolarWinds breach to influence your product offerings as well as your services business in 2021.
spk12: Yeah, I'm going to repeat the question, because I think the question is, do I anticipate the SolarWinds breach changing our product strategy in 2021? And I would say yes. No, because we were heavily focused on some of the areas that are most relevant to the service, to the solar wind breach. If you think about sort of the big priorities that I talked about before is detection response, vulnerability management, automation helps people actually get more done faster. We happen to have been in a good spot where lots of the strategies and solutions that we deliver are highly resonant with what people need to mature their solutions overall.
spk01: Okay, thanks, Corey. And then just as a follow-up, so you've announced two cloud security acquisitions over the past nine months covering TSTM and workload protection. You've also introduced an infrastructure entitlement solution. So how would you now assess your cloud security product portfolio? And then also, are you still looking to add cloud security capabilities via M&A?
spk12: So one is the backdrop is cloud security is both a rapidly evolving market And it's also a market that is actually getting lots of attention, and it's a big priority for customers as they think about their digital transformation efforts overall. That said, I think we have one of the most complete, robust cloud solutions in the market nonstop. And we're continuing to invest in that organically, in-house, as the market changes and evolves. So typical to anything else, we don't have plans or needs to actually go out and acquire stuff. But that said, we have a very robust cloud security roadmap to tackle all the challenges that we see customers having in cloud security. And what's wonderful is our customers keep giving us feedback about the challenges they're facing, which is an opportunity for us to extend what I think is a growing leadership position there. Now, there's occasions where we'll see something as strategic, and it's a reasonable acceleration, and it has a reasonable return and a reasonable timeframe, and we may make a strategic acquisition similar to what we did with Divi or with OwlSeed But right now, I think we have one of the leading overall cloud security solutions in the market. Very helpful. Thank you. Thank you.
spk00: Thank you. Our next question comes from Hamza Foderwala with Morgan Stanley. Your question, please.
spk05: Hey, guys. Thank you for taking my questions, and nice job on the results. So just a question around sort of guidance. I know you're focused on selling the broader portfolio of solutions, but to the extent that you could maybe give any color around what's embedded in terms of VM versus security transformation growth. I mean, this year we saw the security transformation bundle grow, you know, twice the growth rate of, of, of VM, right? So we expect that sort of, you know, mix to continue in 2021.
spk12: Based on current, again, we're taking a very long-term approach. So we think our entire portfolio is relevant, and we think VMs are relevant. That's it. Based on current market demand is that we expect higher growth in security transformation solutions, and we will still be growing vulnerability management. I think the good position that we're in is that because we have multiple offerings and solutions on a common platform, we get to move where the customer's needs are highest at any moment in time. And sometimes it's going to be cloud, sometimes it's going to be detection and response, sometimes it's going to be vulnerability management. Right now you see a higher urgency around both incident detection and response and cloud security. And so relatively you'll see higher growth in security transformation solutions versus VM, but we still expect healthy growth in VM this year, and we expect that to move forward.
spk05: And then just on the... Any color you can give us on sort of what the revenue run rate on that was prior to acquisition? I know there's no material assumption embedded in your guidance, but any color you can give us there?
spk12: You know, it wasn't material, as we said, overall. And so it allows us to actually accelerate our cloud security initiative. But the revenue wasn't material.
spk00: Okay.
spk10: Thank you.
spk12: Thank you.
spk00: Thank you. Our next question comes from Alex Henderson with Needham. Your question, please.
spk03: Thank you. Just a couple of clarifications, if we could. Could you talk about whether your ARR per new customer is higher than the average of 44K? Is that – I mean, it sounds like you're getting more upfront, and that ultimately would drive – you know, a higher number on the ARR for new customers right off the bat. Is that right?
spk14: Yeah, we don't disclose the specific ARR for new customer, Alex, but, you know, generally a brand-new customer, historically it has been lower than the overall, but, you know, with the mix shift, you know, it is increasing. ASPs have gone up across the board, but we don't disclose the specifics.
spk12: Yeah, I was just going to say more broadly, Alex, is that we don't really focus on the timing of the customer journey. Now, you know, we may have some customers that are starting to actually cover more of their environment up front and look for a larger thing, but I'll say that's not a strategy. What we're really focused on is how do we actually grow the relationship and the impact that Rapid7 has with the customer over time. But we're indifferent whether they start big and sustain or or whether they start small and grow over time. We're just looking at how do we become the strategic place for them to manage their security operations.
spk03: It sounds like you're seeing larger deal sizes up front and more upsell up front. Can you talk about whether you've seen an expansion and acceleration in your pipeline? It sounds like your pipeline is accelerated. And if there's any change in the amount of time it takes to close a deal, So just a couple of the key metrics around that would be really helpful.
spk12: So there's several different things that are driving some of the trends that you're alluding to there. One is keep in mind is things like IDR. You have to cover your environment up front versus VM where you may have started with 20%, 30% of your environment and then you would fail over time. So just the shift in detection and response and the growth of that business and security transformation solutions. causes a higher amount of the environment to actually be covered up front. The second thing you also alluded to is we're in the very early stages of starting to see customers really think about buying strategically their entire security program up front. That said, I'm not quite sure that's a trend that we need to continue because it's however they get there, we want the customers to actually get there at the pace that they're looking to evolve and move their security program over time. And so those are two high levels. And then you have one more, Alex. What was the last question?
spk03: Yeah, is there any change in the amount of time it takes to, you know, from start to close on the deal transaction? Is your deal timeline holding steady?
spk12: Yeah, I would say on average it's probably holding. I would say it's a little bit tricky because last year there was just lots of starts and stops that were more to do with COVID. So My take is I'm not extrapolating any of the sort of like nine months of last year as permanent trends because there was just a huge COVID effect and also the solar winds effect that you actually had there, the underlying helper. And so I would say that it's fairly consistent, but there's no trends that I can extrapolate right now.
spk03: Okay. Thank you very much for your answers.
spk12: Thank you very much.
spk00: Thank you. Our next question is from Joshua Tilton with Barenberg. Your question, please.
spk10: Yeah, hi, guys. Thanks for taking my question. Just first, could you guys talk about the pace of net customer additions going into next year? Maybe what's baked into the ARR guide that you gave today? Do you expect that number to continue to improve in 2021, or are you guys kind of expecting it to stay flat?
spk12: Yeah, I mean, so Jeff and I can tag team it. I would say in general, when you think about our ARR guidance, It is a mix of ARR per customer and sort of like net customer expansion. We expect both of them to actually be positive. We do think on balance this year we'll see a slightly higher contribution in the ARR per customer, and that's just the growth of the platform and the demand and some of the other trends that we're actually seeing. That's not necessarily a permanent thing. That's just sort of the assessment today, and it's not something that we're actually managing to.
spk14: Yeah, I mean... We're not going to give a specific growth rate on the new customer growth, but what we said earlier is that you can look at the trends in that zip code of where we are now, and it is a balance of ARR for customer and the customer growth.
spk12: Yeah, if you want to know how we manage our sales force, right now we're just saying go where the customer's demand is. We're not adding any specific restrictions on it in this environment. We're saying, like, go where customers need you and where we can be helpful.
spk10: Got it. And then I know you got a lot of questions tonight about the VM business. Just maybe one more from me. Is there any way you could just kind of ballpark what you expect that business to grow in 21? And then maybe how does that compare to what you guys are seeing the overall VM market grow at in 21?
spk12: You know, so I commented earlier that we are seeing VM part of strategic conversations. And we're continuing to see growth in VM, but just not at the same pace of the much higher growth of security transformation solutions. That said, if I had to ballpark it, I would put it in the plus or minus 10% range. And the way to think about that is last year, you know, we gave some estimates about what we saw, and the overall economy was better, and it performed slightly better than expected. But that's what we see right now in terms of customer prioritization and urgency more than anything else. Again, our view is that right now customers are looking at VM as a strategic long-term objective. They have higher urgency around some of the efforts around security transformation and specifically detection response in cloud. But we expect that to continue to be a long-term driver of growth.
spk10: Thanks. And just if I could sneak one more in. I know it's early for outside, but any expectations with the uplift in customer ASP would be if they went and bought this product?
spk12: No, it's too early to comment on that right now.
spk10: All right. Thanks, Ed.
spk12: Thank you very much.
spk00: Thank you. And I'm not showing any further questions in the queue. I would like to turn the call back to Corey Thomas for his final remarks.
spk12: Well, I just want to thank all of you for joining us this evening on our earnings call. And I would like to reiterate that we would love to see you on our Investor and Analyst Day, and we look forward to talking to you then.
spk00: Ladies and gentlemen, thank you for your participation in today's program.
spk12: You may now
Disclaimer