This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
Rapid7, Inc.
5/6/2021
Good day, and thank you for standing by, and welcome to the Q1 2021 Rapid7 Earnings Conference Call. At this time, all participants are on a listen-only mode. After the speaker's presentation, there will be a question and answer session. To ask a question during the session, you need to press star 1 on your telephone. If you require any further assistance, please press star then 0. I would now like to introduce your host, Sunil Shah, VP Investor Relations. You may begin.
Thank you, Operator, and good afternoon, everyone. We appreciate you joining us today to discuss Rapid7's first quarter 2021 financial and operating results, in addition to our financial outlook for the second quarter and full fiscal year 2021. With me on the call today are Corey Thomas, our CEO, and Jess Kulowski, our CFO. We have distributed our earnings press release over the wire, and it is now posted on our website at investors.rapid7.com, along with the updated company presentation and financial metrics file. This call is being broadcast live via webcast, and following the call, an audio replay will be available at investors.rapid7.com until May 13, 2021. During this call, we may make statements related to our business that are forward-looking under federal securities laws. These statements are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995 and include statements related to the company's positioning, our future goals, and financial guidance for the second quarter and full year 2021 and and the assumptions underlying such goals and guidance. These forward-looking statements are based on our current expectations and beliefs and on information currently available to us. Actual outcomes and results may differ materially from the expectations contained in these statements due to a number of risks and uncertainties, including those contained in our most recent quarterly report on Form 10-K and in the subsequent reports that we filed with the SEC. The information provided on this conference call should be considered in light of such risks. Actual results and the timing of certain events may differ materially from the results or timing predicted or implied by such forward-looking statements, and reported results should not be considered as an indication of future performance. Rapid7 does not assume any obligation to update the information presented on this conference call except to the extent required by applicable law. Our commentary today will primarily be in non-GAAP terms, and reconciliations between our historical GAAP and non-GAAP results and guidance can be found in today's earnings press release. At times, in our prepared remarks or in response to your questions, we may offer incremental metrics to provide greater insight into the dynamics of our business or our quarterly results. Please be advised that the additional detail may be one time in nature, and we may or may not provide an update in the future on these metrics. With that, I'd like to turn the call over to our CEO, Corey Thomas. Corey?
Thank you, Sunil, and good afternoon, everyone. Thank you all for joining us for our first quarter 2021 earnings results call. I'm thrilled to report a strong start to the year for Rapid7 as we accelerated year-over-year ARR growth to 30% while demonstrating strong free cash flow dynamics in our business. We continue to execute against our goal of delivering best-in-class security that meets customers where they are in their SecOps journey. Our performance in the quarter was driven by accelerating momentum and security transformation solutions, coupled with durable growth and our vulnerability management offerings. These results are a great validation of the vision we laid out at our recent investor day and demonstrate ongoing progress in our effort to help customers close their security achievement gap. Our strong start to the year also positions us to deliver a notable raise to our full-year ARR outlook which Jeff will cover in his remarks. I'll begin today with some perspective on how we're executing against our core strategy to drive durable growth while scaling profitability, then share a brief update on our innovation and goals before turning it to Jeff to detail our financial results and guidance. In March, we shared with you the incredibly exciting journey about how Rapid7's Insight platform is helping customers all over the world accelerate their pace of innovation securely. Customers are facing a fundamentally new dynamic as COVID exacerbates what was already a rapid pace of adoption for digital and remote experiences, cloud technologies, and SaaS consumption. Amidst this technology acceleration, we're finding that customers are challenged to manage a growing risk footprint across their enterprise. In fact, many are seeing a widening gap between the risk that they can effectively manage and the risk born from this rapid pace of innovation. As a result, customers are turning to Rapid7's Insight platform to help close the security achievement gap. We're delivering for our customers with a focus not just on industry-leading and forward-leaning capabilities, but with a unique focus on world-class accessibility for our technology platform. This combination of best-in-class capability and accessibility is the magic formula that makes Rapid7 so successful and is what enables us to continually disrupt the market. The accelerating demand we've seen for our detection and response offering in recent quarters demonstrates our success in disrupting the market. Customers are increasingly turning to IDR because of its ability to deliver market-leading technology coupled with best-in-class usability and top-to-value that ultimately helps them achieve better security outcomes. I'm pleased to report that this vision is resonating with customers not just within our Insight Platform pillars of detection and response, vulnerability risk management, and cloud security, but also across them. In March, our Chief Innovation Officer, Lee Weiner, spoke about our focus on delivering a unified StackOps experience in the cloud. It's clear that customers are beginning to see the better together value of our integrated best-in-class platform suite and experience. We continue to grow our mix of multi-product customers. And in fact, seven of our top 10 deals this quarter included multiple platform customers. A great validation of this trend was a six-figure deal in the quarter with an enterprise consumer goods company who purchased our Insight One platform offer. Insight One is one way we're lowering barriers to broad-based platform adoption by making it easier for customers to purchase all of our Insight products, Insight VM, Insight IDR, Insight AppSec, and Insight Connect, to deliver a unified SecOps experience. This customer initially came to us looking for detection-based SIM with advanced user behavior analytics capabilities. But upon seeing how seamlessly our Insight products work together, they chose to unify on Insight One, displacing existing point vendors in the process. We remain in the early days for this platform opportunity, but are excited about our progress to date and see sustainable paths to execute it against the four durable growth drivers that Jeff shared with you at our investor day. Let me take a moment to update you on how our first quarter results demonstrate progress across all four of these growth drivers. First, our platform opportunity. The growing urgency to secure cloud and digital investments is driving strong demand for our insight platform today. Our COO, Andrew Burton, spoke in March about how we're working to make it easier for customers to consume more capabilities across our Insight platform. This is highlighted by a recent six-figure deal with one of the largest domestic energy suppliers in the UK. This existing Lapid7 customer was lacking security visibility and coverage across their total infrastructure footprint as they expanded into the cloud. Additionally, after recognizing what was possible from a small Insight Connect deployment. They wanted to automate everything they could. As a result, this customer grew into a larger platform deal, adding on Divi Cloud while expanding their existing VM, DNR, and automation coverage, positioning Rapid7 as one of their most critical security partners. This is yet another example of how our expanding product set is driving deeper engagement with our customers. Which leads to our second growth driver, our land and expand engine. We remain very early in penetrating our $420,000 average size customer opportunity. During the first quarter, we saw strong execution with accelerated growth in our upsell and cross-sell motions as we expand within our existing customer base. This drove ongoing strength in our ARR per customer, which grew 17% year over year to eclipse the $50,000 milestone for the first time. Our platform value is resonating with customers, and we see a long runway for growth here. Third, our focus on growing high-value customers. We had a great start to the year that saw us accelerate customer growth during Q1. We added over 200 net new customers in the quarter and ended with over 8,900 customers globally, still early as it relates to penetrating our overall customer market opportunity. Moreover, total customer growth is only part of our story as our high-value platform customers grew faster than total customers and continue to grow as a percentage of the base. And finally, our international growth opportunity. We have a long runway for international growth given our best-in-class products, our focus on accessibility, and more greenfield opportunities internationally. VEM remains a core growth driver during the first quarter, and we saw an accelerating trend in our security transformation solutions internationally. We continue to invest in our international teams, and growth in international ARR once again outpaced total ARR growth. So, as you can see, we have multiple paths to deliver our long-term growth objectives, and I'm pleased to share strong execution across the board as we begin 2021. Of note, we're executing on these growth drivers while also ramping profitability and scaling pre-cash flow. We remain on track to deliver on our growth and profitability framework this year. I'd like to highlight that these strong results are rooted in Rapid7's longstanding commitment to technology investment and innovation. We are investing aggressively to remain on the leading edge of making the best in security operations available to all. Let me share a brief update on some of our current initiatives. We continue to invest in scaling enterprise readiness and detection response, building upon recent enhancements to network and endpoint with newer capabilities that enhance role-based access and improve alert customization and tuning for sophisticated security teams. But innovation is not a siloed effort. At Rapid7, we have always valued the collective wisdom of the security research community. And I'm so excited to welcome the Velociraptor team and the open source community to the Rapid7 family. What we've learned in the SIEM market is that it's not enough just to collect data and detect threats, but rather the response is increasingly more important in today's dynamic threat landscape. Our recent announced acquisition of Velociraptor moves us another step forward in helping customers better respond to threats and attacks by leveraging Velociraptor's leading community-driven digital forensics and incident response technology to monitor malicious activity across endpoints. We continue to push the envelope in VM with our recent integration to Kubernetes container environments that allow customers to aggregate container and traditional asset information and enables a live container visibility. Looking ahead, we're also advancing our cloud capabilities as we unify traditional VM asset risk visibility with cloud configuration insights from DIVI Cloud to provide more holistic infrastructure risk visibility that improves risk intelligence for better remediation outcomes. Turning to cloud security, our ongoing effort to integrate ALSI's Kubernetes Central Container Security technology accelerates our path to delivering an integrated cloud native security platform that combines best-in-class CSPM, cloud identity management, and now cloud workload protection. Combining risk assessment, runtime monitoring, and threat detection in the cloud is a critical component for ourselves and our customer security roadmaps, which is why we continue to invest heavily in cloud security. Overall, we're excited about our Insight Platform Innovation Pipeline as we work to make the best in security operations accessible to all. I'll conclude my remarks today with a brief review of our enduring goals. Our ongoing investment in delivering a unified SecOps experience in the cloud is resonating with customers, driving progress on our first goal to be a leader in enabling customers to transform their security operations around the cloud. Second, our effort to lower barriers to broad-based insight platform adoption is delivering on our goal of accelerating our platform distribution engine. This can be seen by our strong results in ARR growth, customer growth, and ARR per customer during the first quarter. And finally, our balanced execution demonstrated by strong top-line growth coupled with underlying leverage in our business is enabling us to deliver on our third goal of scaling profitably while investing for growth. In closing, Rapid7 remains focused on securing the digital experience on behalf of our customers, meeting them where they are in their SecOps journey by delivering a unified platform experience with best-in-class capabilities alongside world-class accessibility. I want to thank our entire team for all of their contributions in working to help our customers close their security achievement gap. Thank you all, and I will now turn the call over to our CFO, Jeff Golowski. Jeff?
Thanks, Corey, and good afternoon, everyone. Before I begin, a brief reminder that except for revenue, all financial results we will discuss today Our non-GAAP financial measures are less otherwise dated, and reconciliations between our GAAP and non-GAAP results can be found in today's earnings press release. Rapid7 had an outstanding start to the year with ARR acceleration driven by strong execution across our business while underlying leverage drove upside to Q1 profitability. Total ARR ended the quarter at $455.8 million, growth of 30% year-over-year, driven by accelerating demand for security transformation solutions and sustained growth in our vulnerability management offering. This strong ARR performance and our associated billing strength also drove strong free cash flow generation to start the year. The massive market opportunity we see ahead of us, coupled with ongoing strength in our business, fuels our confidence in continuing to invest for durable growth and margin expansion ahead. As Corey shared in his remarks, we're executing well against the growth initiatives we laid out in March as we work to close the security achievement gap on behalf of our customers. Let me briefly review the three fundamental financial goals we shared at our investor day and how our strong start to 2021 positions us to deliver on these objectives over time. The first goal we spoke about was multiple paths for Rapid7 to drive durable growth on the back of a large and expanding market opportunity. Strong Q1 results in ARR growth, ARR for customer, customer growth, and our international business demonstrate progress across all four of these growth paths. Our multi-product platform opportunity is resonating as security transformation solutions represent over 40% of our total ARR mix, growing over 40%. We saw continued success in our land-to-expand engine with strong cross and upsell performance, driving Q1 ARR per customer up 17% year-over-year to $51,000. Our customer-centric innovation focus is paying off as we ended the quarter with over 8,900 customers, an acceleration to 11% year-over-year growth. As a quick reminder, this is based on the updated customer account methodology we presented our investor day, which better aligns our quarter-end customer account with our quarter-end ARR metrics And finally, four, we continue to execute well across geographies. During Q1, North America revenue grew 22% year-over-year and represented 82% of revenue, while the rest of the world grew 35% year-over-year, increasing to 18% of revenue. The multitude of growth drivers gives us confidence in executing against our durable growth strategy as we look ahead. However, we recognize the importance delivering value to the bottom line over time as we continue to grow our business. This leads me to our second financial goal, to scale profitability and free cash flow over time. Rapid7's first quarter results once again demonstrated our ability to scale efficiently. Non-GAAP operating profit, which included a partial quarter of LSEED expenses, exceeded the midpoint of our guidance range by approximately $2 million as top-line overperformance flowed to the bottom line. As is our typical approach, we will look to reinvest this overperformance throughout the year to support long-term growth in the business, which leads to our third financial goal to become a $1 billion Rule of 40 business, which we define as ARR growth plus free cash flow margin. We see a huge long-term opportunity to scale our business, and we believe we're well-positioned to execute on the mid- and long-term targets we set out at our investor. Turning now to some specifics on our Q1 financial results. First quarter revenue of $117.5 million was above the high end of guidance and grew 24% year-over-year. Strong demand across our insight platform drove upside to products revenue, which grew 25% year-over-year to $109.3 million. Total gross margin for the quarter was 73%, consistent with Q4 as well as the year-ago period. Sales and marketing expenses improved to 42% of revenue compared to 47% of revenue in Q1 2020 and benefited from improving sales efficiency combined with lower annual kickoff and T&E costs. R&D expenses for the quarter were 22% of revenue, up modestly from 21% in the prior year as we continue to invest in innovation. G&A expenses in the first quarter were 8% of revenue, down from 10% in the prior year. First quarter operating profit of $1.9 million was ahead of our guidance range, driven predominantly by overachievement on revenues. Adjusted EBITDA for the first quarter was $5.8 million, and net income per share was a loss of 3 cents, also ahead of guidance. Shifting to our balance sheet and cash flows, we ended Q1 with cash, cash equivalents, and investments of $616.9 million, compared to $322.6 million at the end of Q4 2020. The increase from Q4 predominantly reflects the net proceeds of approximately $511 million related to our convertible notes offering and cap call transactions, offset by the repurchase of approximately 183 million aggregate principal amount of our 2023 convertible notes and the cash outflow of approximately $50 million related to our acquisition of LC. I will also note that our ending debt balance for Q1 reflects early adoption of the new accounting standard, ASU 2020-06, which, as we shared last quarter, results in a reclassification of our debt discount from shareholders' equity back to debt. We delivered strong cash flow results to start the year, with free cash flow of approximately $18 million first quarter driven by strong billings and collections activity in the period. Moving now to our updated guidance for the year. Our strong start to 2021 reflects ongoing momentum with the growth and innovation strategy we laid out at our investor day in March. Our investments in building a unified SecOps platform in the cloud are clearly resonating with customers, enabling us to meet them where they are in the SecOps journey. As customers progress, to drive durable growth in ARR over time. Additionally, the dynamic nature of today's cyber risk landscape has once again put security investments squarely back in focus for boards and leadership teams. While it remains early in the year, these trends fuel our confidence in raising our full-year ARR expectations for 2021. As a result, we now expect to deliver full-year ARR of approximately $530 million, with growth of 22% compared to our prior guidance of approximately 20% growth just a quarter ago. This guidance accounts for the solid momentum we see in our business today while contemplating ongoing uncertainty as it relates to the timeframe for broad-based resolution to the current global health challenges and the associated economic risks. Building off of our strong start to the year, we're raising our full-year revenue guidance by $11 million at the midpoint and anticipate revenue to be in the range of $5 growth of 22 to 23%. Consistent with our typical methodology and given the multitude of growth drivers we see ahead of us, we plan to reinvest our year-to-date operating profit over performance to support our long-term growth objectives. As a result, we continue to anticipate non-GAAP operating income for 2021 to be in the range of $12 million to $16 million for the full year. We anticipate non-GAAP net income per share for the full year to be in the range of a loss of 3 cents to positive 4 cents per share, which is based on an estimated 55.2 million basic and 57.4 million diluted weighted average shares outstanding. Turning to cash flow, we remain focused on investing for growth while scaling free cash flow generation over time. I'm pleased to report that we're raising our full-year free cash flow expectations to approximately $15 million from our prior expectation of approximately $10 million. This is driven by a strong free cash flow performance in Q1, offset in part by an upcoming IP transfer tax payment related to the recent acquisition of LC. Moreover, we experienced very strong collections activity in Q1 and are not forecasting this will continue at the same pace for the balance of the year. Closing now with our quarterly guidance. For the second quarter of 2021, we anticipate total revenue to be in the range of $121.7 million to $123.3 million, growth of 23% to 25%. We anticipate non-GAAP operating income for the second quarter to be in the range of $4.3 million to $5.3 million, and expect timing of incremental investments tied to our Q1 overperformance to be more back-half weight We anticipate non-GAAP net income per share for the second quarter to be in the range of two cents to three cents, which is based on our anticipated 57.7 million diluted weighted average shares outstanding. Note that our second quarter and full year 2021 guidance includes the impact of the recently announced acquisition of Velociraptor, which is expected to be immaterial to our financials. So in summary, our strong start to 2021 demonstrates continued execution against our fundamental goals to drive durable growth in our business while scaling profitability and free cash flow to become a $1 billion Rule of 40 company over time. With that, we appreciate your time and support, and we'll now open the call for any questions. Operator?
Ladies and gentlemen, if you have a question or a comment at this time, please press the star then the one key on your touchtone telephone. If your question has been answered and you wish to move yourself from the queue, please press the pound key. Our first question comes from Rob Owens with Piper Sandler.
Great. Thanks for taking my questions, guys. I wanted to drill in a little bit around the ARR acceleration that you saw and also new customer acquisition. First off, with all seeds, was there any contribution there, even minimal, that kind of aided that? Maybe you can drill down a little bit more then into that. what you're seeing from a new customer perspective, especially given since we're still, you know, still have COVID kind of running rampant.
Yeah, Rob, I'll start out. With respect to outfeed, it was immaterial. There was no material contribution to ARR in the quarter or, you know, for that matter, for the year. It's not significant.
Yeah, and I'll just follow up. I would say the ARR performance that we saw was really just based on both strong demand and strong execution by our teams across the overall portfolio. And so we saw both customers, new customers coming in, which was healthy, but we also saw good performance across customer segments. We had one of our stronger quarters in large deal strength with over 50% there. So we feel very good about that, and I think it just validates our investment strategy and the path that we've been on for the last two years.
Great. And then, Corey, secondarily, I wanted to ask about XDR versus next-generation SIM, and one of the value propositions that they're talking about is consistent with where you've been for years, and especially on the verge of RSA here in a couple weeks, which is obviously the noisiest event around security. Are you starting to see the XDR proposition, especially from the endpoint guys, converge relative to what you're offering in your space, or do you see these as discrete and different opportunities.
Yeah, I would say what we're talking about, what people are talking about XDR today is sort of a trend that we observed years ago as one of our core thesis areas around our Insight IDR platform, which was the idea that you could not tackle security, and especially security monitoring in silos. And so we were a pioneer in bringing UVA log analysis and attacker-based analytics, but also endpoints visibility into the fold. We accelerated that with our Velociraptor acquisition this quarter. And so when we look at it holistically, we think, do you actually need a holistic very advanced and sophisticated, but easy to deploy strategy for monitoring and managing your environment? Absolutely. Is our strategy overlapping? Are there great areas of XDR? Sure, but there's still distinct needs. What you get with a platform like Insight IDR and SIMS is you get a complete login and forensic platform. You get a platform, especially with our extensions, that allows you to actually fully monitor and extend into the cloud and have full visibility about what's going on in cloud environments and monitor those environments. and automate remediation. And so the strategy about how you manage a modern SOC absolutely is aligned around the XDR theme. That's why you hear Garth and others talk about it. But there's still some rather unique needs that you still need logging platforms and a SIEM to bring to bear.
Curtis, we'll take the next question.
Thank you. Our next question comes from Matt Hedberg with RBC Capital Markets.
Hi, guys. Thanks for taking my questions. Congrats on the acceleration. You're great to see. Corey, I think this idea of closing the security achievement gap is one of the most interesting aspects of Rapid7 kind of due to the automation of the platform. How much of this do you attribute to the accelerated customer ads this quarter? But I think also secondarily, how does it help with your renewals of your existing base?
Yeah, two very good questions. So one, on the ads, look, our value proposition is resonating with customers. We had the thesis early on that customers would need to do a significant upgrade of their security infrastructure to keep up with digital transformation. And that is playing out quite well. And I'll remind you that our thesis was that they would want best of breed and best of suite capabilities. So they didn't want to They would not want to compromise on the quality, the efficacy, and the raw capabilities, but they wouldn't want to actually get that in a package that gave them economic scale, leverage, and most importantly, productivity. And so our focus on accessibility drives that. And so yes, we're seeing very healthy demand overall, and we think that that promise and that value proposition resonates quite well. I think the second part of your question is what are we seeing with existing customers? And we are seeing existing customers continue to actually be committed to Rapid7. You see with the growth in AR for customers, they're extending their relationships, and they're continuing to actually renew at very favorable rates.
That's great. And then I think, you know, the other compelling part of the story is, you know, international seems like a huge opportunity as well. And I guess, you know, how do you approach, you know, thoughtful investments overseas? And, I mean, I have to assume, you know, all of the issues that we see domestically are going on internationally, but how do you sort of allocate your resources to go after that in a thoughtful manner?
You know, you're absolutely right about the international opportunity. I would say that one of the benefits is that, as you recall, we started investing last year. As we start to see the momentum and the response to the demand, And that set us up well for this year. And what I'd say is we're going to continue to drive to our model of growth and profitability. And with that, we'll continue to invest as we see fit. Internationally, it's a different story in each region of the world. But overall, we're seeing very, very good demand from our international regions, especially we see growing demand for our security transformation solutions.
Thanks a lot, guys. Our next question comes from Sakit Khalil with Barclays.
Hey, guys, thanks for taking my questions here. Corey, maybe first for you, could you just talk a little bit about the overall customer demand environment, mainly in the vulnerability management market, and whether you feel like some of the breach activity from last quarter, even as recent as this quarter, is maybe starting to drive some more pipeline or more deal activity?
Yeah, so I would say to your specific question, we're seeing very healthy demand across the board. Vulnerability management is one of those areas that has seen consistent demand, and we saw improvement in demand this quarter. We feel that we have good visibility that if we said it was sort of like roughly 10% before, that our growth would be over 10%, and we have confidence in that for this year. I think that most importantly what you see is a story of the total value proposition and especially the strength of security transformation solutions. and also the efficacy of our fields now that they can actually go out and talk to customers about the problems that are on their mind or at the top of their list and start wherever customers want to start on that journey. And so when we look at demand, we really think about it from a perspective about what's going on with customers, and customers are looking to enhance and upgrade their security, and we're incredibly well positioned to do that with the investments and execution that we've made over the last few years.
Got it. Got it. That makes sense. Jeff, maybe for you – You know, that 17% growth in ARR per customer, it's been very consistent, but just, you know, really nice to see. I think, you know, we've touched on a few of the drivers here kind of through the call, but can you just maybe sort of summarize what some of the most meaningful drivers are in that ARR per customer? You know, I imagine some of it is mixed shift in the business, but anything else that you would sort of point to that's sort of driving that consistent growth in ARR per customer? Sure.
Sure. First off, with respect to MixShift, you know, clearly our security transformation solutions are a very big driver. Again, it's growing. It grew over 40%, again, this quarter, and also represented over 50% of our new ARR Those tend to have, you know, larger ASPs as well. You heard Corey talk about, you know, seven of our ten largest deals were multi-product, multiple products on the platform. We had very strong cross-sells and up-sells this quarter. I'll also point out that we had a modest improvement sequentially in our net retention rate. So, you know, overall, all of the four growth drivers that we laid out on Investor and You know, we've executed on all of them, customer growth, growth in platform customers, strategic customers. So I would say overall, you know, very strong core. Got it. Thanks very much, guys.
Thank you. Our next question comes from Brian Essex with Goldman Sachs.
Hi, good afternoon, and thanks for taking the question. Maybe Corey or Jeff, I don't know whichever wants to field this one. So you took your guidance up by, you know, greater magnitude than the level of B relative to the midpoint of the 1Q guide. So maybe if you could talk to, you know, what's driving that confidence? Is it pipeline? Is it, you know, maybe the economy opening up better than, you know, better than expected? Is it, you know, or is it just, you know, old-fashioned execution? How would you kind of grade, you know, the increase – you know, confidence and higher level of growth this year?
Well, I mean, clearly when we look at guidance, our pipeline is a major factor. And so I'll say, like, pipeline is a very significant factor. Overall, followed because we've been in periods of uncertainty with what we're expecting, but most importantly what we're hearing from our customers. in terms of their certainty and their confidence in their budgeting process. You know, keep in mind in the last year, we haven't lacked pipeline. What we've lacked is clear confidence from lots of our customers about what their own budgetary processes are. And we're not out of the woods there at all by any means, but we are seeing customers having more clarity into their processes, and that's going through to our ability to better forecast timing when it comes to our pipeline, which then goes through to guidance.
Got it. And maybe just to follow up on that, where do you anticipate to reinvest the upside? You're leaving, you know, operating performance relatively flat in spite of the, you know, revenue raise. So what are your key priorities and how do you kind of, you know, prioritize where that spending will go?
Yeah, so a couple of things. One is if you think about our strategic framework on driving leverage and scale, you know, the first thing is sort of like relevant. So we continue to invest in our innovation platform. and our technology and R&D because that gives a long-term return to our customers and therefore to our investors over time. The second thing is that we'll continue to actually make investments that are near-term investments that give us long-term scale. You recall at our investment analyst day, we talked about lots of the work that we're doing on both packaging and pricing and how we actually position and scale the platform and do land and expand as we actually go forward. And we still have near-term investment opportunities that we believe that we can invest in, achieve our balanced view of growth and profitability this year, but give us more scale and more efficiency over time.
Got it. Very helpful. Congrats for me as well on the results. Nice quarter. Thank you.
Our next question comes from Jonathan Ho with William Blair.
Hi, good afternoon. So I just wanted to maybe start with one of your comments in which you said that you were making it easier for your consumers or your customers to consume your products. Can you talk a little bit about how you're making it easier and is this a bundling approach or is this in terms of the technical integrations? I'm just trying to understand a little bit better what you mean by making it easier to consume.
Yeah, it's a great question, John. So there's a couple different dynamics. The first one is to your point about the technology is we're doing lots of things as customers start to actually look at us more for their platform level security and how they think about their security overall to actually make it seamlessly move from one problem to another problem without having to think about the context of what package did I purchase. And so, you know, I have a cloud security offering that I decide that I want to actually monitor what's happening in a specific part of my environment. That should be a seamless thing that I can do with efficiency without having to think about do I need to go get another SIM. I may have a SIM in place, but I may want to just really monitor this area and focus on this area. Likewise is that I'm doing application security, and I want to say, like, what's happening with the cloud stack under this specific application? Again, maybe I want to go do a whole DB Cloud employment, but maybe I just want to get more depth and visibility there. So there's lots of work that our teams are in the process of doing on just continuing to improve the ability for customers to dynamically expand their security in response to what's happening in their environment. Keep in mind. The environments are changing fast, and the attackers are changing fast, and so we want to minimize the errors. Now, the second aspect that we've talked about a lot is we're doing both lots of research and lots of pilots on packaging and pricing to say, what eases the consumption bar that makes it easy for customers to consume? We talked about one of those in Site 1 this quarter that's been extraordinarily well received by customers. We talked, I think, last quarter about our modern SOC that allow people to not just get inside IDR, but to get enhanced endpoint telemetry, network traffic analysis, and SOAR together, extraordinarily popular. But these are things that allow customers to really either upgrade or actually buy together things that are logical and efficient, and that's resonated quite well with customers.
Got it, got it. And then can you also talk a little bit about sort of the demand that you're seeing on the cloud side and potentially how that impacts your upsell or ARR potential? Thank you.
Yeah, look, the cloud is a hot area right now. The thing we love about it is it's early stages in the market overall, but we're seeing extraordinarily strong demand for customers, both near-term demand, but also longer-term demand. We're getting lots of validation from customers that these are strategic focus areas that they're going to be focused in over time. And so, from my perspective, both from an execution perspective and from an outlook perspective, we're extraordinarily confident and bullish about what's happening in the cloud security market.
Thank you. Thanks. Our next question comes from Adam Tindall with Raymond James.
Hi, thanks. This is Alex on for Adam. I'm just kind of curious how the adoption of the good, better, best strategy is going and just how the channel is reacting to that. And also, is it formulaic? That is to say, once you identify a customer in the good bracket, do you have kind of a roadmap and how long it will take them to get to the better and the best buckets?
I would say it's way too early. I mean, it's a great question, but it's just way too early to have conclusions. I would say the feedback that we've gotten from customers so far is actually positive. It's just way too early in the evolution for us to have any deterministic feedback. I would not expect that just to set expectations to late this year at the earliest because really it's about getting enough quantitative feedback to see if you optimize it. And by the way, the good, better, best notions are popular. They're out there. You just have to make sure you actually got the exact pricing levels right and the exact balance of what's in each bucket right. And those are things you actually get with a lot more volume of engagement.
Okay, perfect. Thanks. Secondly, when you go into a bake-off, you know, what is the driving product? Is there a driving product? Do you lead with VM or SIM? Or are customers beginning to kind of evaluate, you know, Rapid7 as a platform in adopting a broad portfolio? And could you also just speak to the number of new logo wins that are taking multiple products at once versus just, you know, kind of a point solution?
Yeah, so on your question is that part of our strategy is we believe that customers will not compromise on quality. And so this best of suite concept means that we can lead, and we do today successfully lead with any of our products. And our sales team now has the confidence that they can go head-to-head and do a bake-off in cloud, in VM, in the SIEM category, even the XDR category, and win and be successful. And that was a key criteria. What you start to see emerging, this is where we actually got some of the pricing, is that we now have more and more customers that are coming in talking to us from a platform perspective about how to think about managing their complete security operations. And that's still a new motion for us, but it's one that's actually quite promising, and we're seeing more deals occur in that vein, but it's still very, very early days.
Thanks, man. I may have missed it. Did you give the renewal rate this quarter?
No. No, we did not. As we talked about on Analyst Day, it's not a key metric that we're managing to. What we did say is, in terms of some context, is that it did improve sequentially, but, you know, we're not disclosing that metric going forward.
Okay. Thank you.
Thank you.
Our next question comes from Hamza Fattarallah with the Morgan Stanley.
Hey, guys. Thank you so much for taking my questions. Corey, I had a question for you on the Velociraptor acquisition. Cool name, by the way. Just as far as how do you see it, one, is this a data late play in that this is an open source tool that's bringing in, obviously, a lot of third-party data? Is it more of a, you know, sort of getting better automation on the incident response side? Can you maybe dig into that a little bit and then also – how do you kind of integrate that acquisition just given the fact that there's probably partners that Velociraptor might have that, you know, may also be competitors of yours?
Yeah, so we think about this. Velociraptor has built a brand in the open source community with, frankly, companies all over the world as the leading endpoint incident response platform. And if you think about what we're doing in the IDR space or if you think about the context of XDR, is having the leading open source sort of technology embedded into our Insight IDR platform gives our customers that much more capability and response, especially combined with our automation platform. So that's the focus. I would say it's incident response and automation centered on the endpoint, which is still one of the primary attack vectors. And the response capabilities that you actually need are different than what you actually get in a lot of other platforms that are on the market. So again, this is a simplified solution for us. How do you allow customers to have advanced capabilities that are easy to use? And this falls into that bucket. As far as the overall Velociraptor ecosystem, it's an ecosystem that's primarily companies and enterprises all around the world. And those companies and enterprises can continue to use Velociraptor for their internal use. We don't have a big focus on, you know, like OEM-ing our core technology, as you know. That said, we talked before about we have huge demand that we are fulfilling in the managed service space, and so there's opportunity for managed services partners to actually leverage and use the technology. Thank you. Thank you.
Our next question comes from Alex Henderson with Needham & Company.
Hey, team. You have Mike Sikos here on for Alex. Thanks for taking the questions. I wanted to touch on the ARR acceleration and the strong demand environment that you guys are talking to. I'm interested if you could touch on how much of this you would attribute maybe to budget coming to the market now that there have been a couple of months between us and SolarWinds or the Microsoft Exchange Server hack. And is it fair to assume when I think about the SolarWinds hack, maybe demonstrating to the mid-market and SMB that no company is too small to worry about being hacked, right? So are these segments of the market maybe moving towards you in a way that they hadn't before?
It's a good question. We had good performance in, I would say, the mid-enterprise, which is where we focus versus traditional small. But I would say our best performance, I think, well, we saw very, very strong performance in the large deal strength. We had over 50% growth in the deals that were over 100K. And so I would say it was probably balanced. And one of the characterizations I give for this quarter is that we had good performance across product categories. Of course, security transformation solutions was higher. We had good performance across segments. So I think the mid-market was actually strong. But we saw great performance in the large deal side of the equation. And to your first part of your question about what's the impact of the breaches, Look, when you actually have an environment where people are more aware of security and they focus more on security, that makes it easy. I think what's especially critical right now are the two combinations, or three together. One, digital transformation is a big priority for people who are aware of this. But the second one is that because of some of the incidents that you actually talked about, is security is a higher profile within companies and leadership teams. But the third one is just as important. I think organizations are getting a better handle and visibility on their own finances, which then allows them to actually finance the things that they actually think are important. I think all of those things are coming together. And, again, it's not perfect because we're still not seeing companies that have their full 12-month budgets like they did pre-pandemic, but we are seeing people have lots and lots more visibility into their budgets overall.
That's very helpful. Thank you for that. And one more, if I could, on the competitive front. just interested if you guys are seeing any changes in the market. I know, obviously, you're making these investments in the platform, making it easier to consume for customers, and to the extent that you can comment, when I think about someone like a Qualys or a Tenable, how often are you guys actually seeing them in the market when it comes to competitive make-offs? Thank you.
For VMs specifically, we're in the market. Keep in mind, we actually have, at the point that we are now, a range of deals. Some of them are competitive. Some of them are uncompetitive because people are talking to us about our platform. But what I would say is the competitive dynamics in the VM market have not changed substantially for a pretty long while now. You still have the same trends that you've actually always had.
Our next question comes from Joshua Tilton with Brandenburg Capital Markets.
Hey, guys, thanks for taking my questions. For my first one, when you guys talk about the security transformation solutions growing north of 40%, can you just give us some color on the growth? Is this growth accelerating as the demand for these solutions pick up? And how should we think about the pace of growth throughout the remainder of the year?
Yeah, well, we've only talked about sort of like what the growth rate was above 40%. What I would say is that We have very, very healthy demand overall. I would say we have increasing confidence and visibility into this, which is part of the reason that we were able to actually get the guide and raise that we did. But we're not actually given a detailed breakdown of the numbers about the specific sort of numbers for each part of the portfolio. And again, you know, I re-emphasize that it was over, we do expect it to grow over 40% this year. And we expect VM to grow over 10%. We give you that high level characterization just so you have some visibility.
That was helpful. And when you guys mentioned that deal for InsightOne, you had a customer that basically bought the entire Insight platform. Can you give us any insight into kind of which vendors you replaced with that deal?
Good question. I don't have the specific vendors that we replaced off the tip of my tongue. What I would say is, look, the proposition is simple, and we believe this all along. If you can actually upgrade your security, and you're not having to actually make trade-offs, and you're actually getting best-in-class technology, and at the same time, you actually get economics, and you actually get sort of like a great support experience, then that's compelling overall. And so while we did replace some competitors there, I can't remember which specific one right now.
All right, that's good.
Thanks.
And I'm not showing any further questions at this time. I'd like to turn the call back over to our host for any closing remarks.
Thank you all so much for joining us today on the call, and we wish you all a good weekend coming up.
Ladies and gentlemen, this concludes today's presentation. You may now disconnect and have a wonderful day.