This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
Rapid7, Inc.
8/4/2021
Good day and thank you for standing by. Welcome to the Rapid7 Second Quarter 2021 Earnings Conference Call. At this time, all participants are into listen-only mode. After the speaker's presentation, there will be a question and answer session. To ask a question during the session, you will need to press star 1 on your telephone. Please be advised that today's conference is being recorded. If you require any further assistance, please press star 0. I would now like to hand the conference over to Sunil Shah, Vice President of Investor Relations. Thank you. Please go ahead.
Thank you, Operator, and good afternoon, everyone. We appreciate you joining us today to discuss Rapid7's second quarter 2021 financial and operating results, in addition to our financial outlook for the third quarter and full fiscal year 2021. With me on the call today are Corey Thomas, our CEO, and Jeff Kalowski, our CFO. We've distributed our earnings press release over the wire and it is now posted on our website at investors.rapid7.com along with the updated company presentation and financial metrics file. This call is being broadcast live via webcast and following the call, an audio replay will be available at investors.rapid7.com until August 11, 2021. During this call, we may make statements related to our business that are forward-looking under federal securities laws. These statements are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995 and include statements related to the company's positioning, our future goals, and financial guidance for the third quarter and full year 2021, and the assumptions underlying such goals and guidance. These forward-looking statements are based on our current expectations and beliefs and on information currently available to us. Actual outcomes and results may differ materially from the expectations contained in these statements due to a number of risks and uncertainties, including those contained in our most recent quarterly report on Form 10Q and in the subsequent reports that we filed with the OTC. The information provided on this conference call should be considered in light of such risks. Actual results and the timing of certain events may differ materially from the results or timing predicted or applied by such public statements, and reported results should now be considered as an indication of future performance. Rapid7 does not assume any obligation to update the information presented on this conference call, except to the extent required by applicable law. Our commentary today will primarily be in non-GAAP terms, and reconciliations between our historical GAAP and non-GAAP and guidance can be found in today's earnings press release. At times, in our prepared comments or in response to your questions, we may offer incremental metrics to provide greater insight into the dynamics of our business or quarterly results. Please be advised that this additional detail may be one time in nature, and we may or may not provide an update in the future on these metrics. With that, I'd like to turn the call over to our CEO, Corey Thomas. Corey?
Thank you, Sunil, and good afternoon, everyone. Thank you all for joining us for our second quarter 2021 earnings results call. I'm pleased to once again report sustained outperformance and our business as Rapid7 delivered strong second quarter results, exceeding both our growth and profitability goals for the quarter. Strong demand across our Insight platform drove year-over-year ARR growth of 29% into the quarter at approximately $489 million. As we shared a few weeks ago, this strong organic growth is a validation of both our strategy and our execution as we continue our journey to make the best in security operations accessible, and achievable for all. Our ability to meet customers where they are in their SecOps journey with leading capabilities across vulnerability risk management, detection response, and cloud security is resonating. It's evidenced by two consecutive quarters of accelerated customer growth to start 2021. I'll share more on this momentum and our customer growth engine shortly, but I'd like to start today with some perspective on the security landscape and what we're hearing from our customers. If you think back to our investor day in March, I share with you how we are in a fundamentally new dynamic right now when it comes to the pace of technology adoption. Companies of all sizes across industries and regions are dramatically increasing their focus on delivering world-class digital and remote experiences for their customers and employees as they look to keep up with the pace of innovation. However, alongside this rapid expansion of their technology footprint, Customers are experiencing an evolving threat landscape. We are in an environment where the accelerated investment in digital transformation is turning every company into a technology company, driving an explosion in the service area that customers must monitor and protect. This is being met by a shift in the attacker landscape over the past year, with escalating risk driven by a clear increase in both the scope and the impact of attacker activity. Against this backdrop, our strong 2021 performance to date is a clear indication that customers are recognizing how Rapid7's integrated insight platform portfolio is designed to address the challenges of today's threat landscape. Let me take a moment to level set you on why we believe our strategy to build a unified SecOps platform experience in the cloud is well positioned to address multiple aspects of this shifting threat landscape. Rapid7's vulnerability management solution remains a critical component of our customer security hygiene. Accelerating technology adoption is opening even more vectors of attack. Managing risk visibility is more important than ever for our customers. Many of today's threats continue to leverage known vulnerabilities, so having a best-in-class VM program remains foundational to protecting against pervasive threats such as ransomware. This is demonstrated by the durable growth we continue to deliver in VM, which saw an acceleration in ARR during the second quarter. However, a strong VM program is just a part of the equation. Remediating vulnerabilities takes time, and an increasing trend with recent attacks is that people don't know about them until after the attack occurs. This is where customers increasingly need best-in-class detection response capabilities to alert them to suspicious activity. For the second year in a row, Rapid7's Insight IDR has been recognized as a leader in the Gartner Magic Quadrant for SIEM. But we believe this is just one component of the IDR story. If we reflect back on the roots of IDR six years ago, we had a strong point of view that driving alerts off traditional logs like most SIEMs did then, and many continue to do today, was insufficient. This drove us to build a differentiated capability for SIEM. one that began with behavioral analytics and has since expanded to include logs, import telemetry, network traffic visibility, attacker analytics, and cloud visibility, among other market-leading capabilities. The best validation of our winning formula with IDR beyond its sustained high growth at scale has been the emergence of the extended detection and response market, which exposes this view of comprehensive detection and response that spans across SIEM, EDR, SOAR, and now Threat Intelligence. Our recent addition of Insights positions Rapid7 to lead the XDR movement, enabling our customers to drive comprehensive security transformation alongside their digital investments. But as these digital transformation initiatives accelerate, businesses are increasingly leveraging the cloud to drive more innovation. As a result, cloud infrastructure usage is skyrocketing, and so too is the need for security teams to gain visibility and understand risk across these environments. Rapid7's newly released Insight CloudSec is leading the charge to provide customers a single cloud security solution that natively integrates cloud posture management, cloud identity management, infrastructure as code, and Kubernetes workload protection. This fully integrated cloud-native security platform enables broad visibility across multiple cloud environments, enhancing cloud security programs by automating continuous security and compliance. We remain focused on innovating to help security and DevOps teams shift to the left, reducing noise and complexity, and protecting their container environments and automating workflows to drive better security outcomes as customers scale into the cloud. Each one of these mandates to provide foundational VR invisibility, to deliver comprehensive extended detection and response, and to enable continuous protection of complex cloud environments is top of mind for our team here at Rapid7. In fact, Rapid7 is one of the only vendors in the market today that can offer best-in-class products across each of these three critical security vectors. As the attack surface expands, RapidSupport's platform is increasingly relevant because security teams are struggling to manage a myriad of independent security tools. Resource constraints and vendor sprawl are a critical concern in today's fast-moving threat environment as customers are tasked with minimizing the visibility gaps that exist between their disparate products. Rapid7 is addressing this challenge by investing not just in building market leading products in their respective categories, but natively integrating these solutions into our Insight platform and delivering them via a single unified experience in the cloud. This is why our strategy to build a unified SecOps platform in the cloud that reduces these gaps through an integrated automation driven experience is resonating with customers today. customers are increasingly looking to consolidate to help to a smaller number of critical security partners without sacrificing best-in-class security capabilities. As security teams look to minimize coverage gaps and respond faster to emerging threats, Rapid7's integrated platform experience is increasingly more relevant. You see this reflected in our business momentum to date in 2021. We continue to deliver strong ARR growth in our business, driven in part for our accelerating customer growth engine, which saw 13% year-over-year growth in customers during the second quarter. This is led by two fundamental drivers. First, we continue to add more new customers more efficiently, led by our ability to meet customers where they are in their SecOps journey, by landing across any of our core platform pillars, while demonstrating ease of expansion over time. Second, our aggressive investments in technology innovation are driving compelling customer value realization, enabling us to deliver ongoing strong and improving growth retention in our business as our platform scales. This is coupled with a compelling cross and upsell opportunity in our existing install base, which is a core driver of our sustained mid-teens growth in ARR per customer during the quarter. As our platform story increasingly resonates with customers, we have expanded the ability for more of our sales teams to sell more of our product which should support durable growth in ARR per customer as we look ahead. A great example of this platform value realization was the competitive six-figure InsightOne deal during the quarter with a new international customer. As a brief reminder, InsightOne is an example of how we are looking to lower the barriers to platform adoption by making it easier for customers to purchase multiple Insight products, in this case, InsightVM, Insight IDR, Insight AppSec, and Insight Connect to deliver a unified SecOps experience. In this particular case, Insight One's unified approach not only separated Rapid7 competitively versus other point products, but our platform value proposition accelerated the customer's future projects to leverage this broad set of Insight capabilities. Our single agent and one platform story resonated with the customer who was looking for a leading security partner within their business. We're excited about the opportunity to continue partnering with customers like this to minimize their security coverage gaps as we further enable these platform-centric go-to-market motions during the second half of the year. Turning now to a brief update on the recent progress towards our enduring goals. First, we remain focused on leading the charge to enable customers to transform their security operations practices around the cloud. This is clearly demonstrated by our investments. In addition to accelerating our XDR vision and capabilities, the addition of Insight will deliver a differentiated SecOps experience in the cloud by elevating the capabilities across our Insight platform. We've already begun to see strong customer interest and momentum in this capability. We continue to work on accelerating our platform distribution engine. The recent launch of Insight CloudSec, which brings together the cloud and workload security capabilities of DiviCloud and OwlSeed into a seamless and integrated cloud security experience on an Insight platform is a key milestone. This further accelerates our ability to drop sales leverage across our portfolio, particularly as we enable more of our sales team to sell the platform value proposition. We will continue to deliver on this both from a product innovation standpoint as well as from a commercialization and customer perspective. And third, we are committed to driving long-term operating leverage in our business while investing for growth. A great validation point is that during the first half of 2021, we have delivered over 300 basis points of non-GAAP operating margin expansion over the first half of 2021. alongside improving free cash flow. This strong year-to-date operating profit performance, our solid growth execution, and our disciplined investment approach position us well to absorb the incremental expenses of the Insights acquisition while delivering on our prior operating profit expectations. Notwithstanding the Insights deferred revenue write-down, Jeff will share more details on this in his remarks. So in summary, we're addressing the challenges of today's escalating threat landscape by delivering a unified SecOps experience in the cloud that helps to minimize visibility gaps, detect threats faster, and deliver automated responses. I could not be more proud of our team for their ongoing commitment to our customers as we work to deliver on our goals by making the best in security accessible and achievable to all. And finally, As I'm sure many of you saw from our press release, our CFO, Jeff Galowski, has announced his intent to retire in 2022 once his successor is appointed. On behalf of the entire team, I want to thank Jeff for his outstanding leadership in helping us scale Rapid7 for the past five years. Jeff has been instrumental in our effort to transition and scale our recurring revenue business while also building a world-class culture and finance bench. He has served as a true partner to myself and the entire leadership team here at Rapid7. And I look forward to that continued partnership into the next year. With that, thank you, Jeff, and I will turn the call over to you.
Thanks, Corey, and good afternoon, everyone. Before I begin, a brief reminder that except for revenue, all financial results we will discuss today are non-GAAP financial measures. Unless otherwise stated, and reconciliations between our GAAP and non-GAAP results can be found in today's earnings press release. Turning to our results, Rapid7's strong momentum continued during the second quarter of 2021, driven by sustained high growth of over 40% in our security transformation solutions and acceleration in vulnerability management. Second quarter ending ARR of $488.9 million grew 29% over the prior year, reflecting strong overall demand for our Insight platform as customers look to transform their security operations around the cloud. As a result of this ongoing momentum, second quarter revenue of $126.4 million exceeded the high end of our guidance, accelerating to 28% year-over-year growth. Products revenue of $119.1 million exceeded our expectations and accelerated to 29% growth, as our integrated platform opportunity is increasingly resonating with customers. We continue to execute well geographically, driving durable growth across our regions during the second quarter. North America revenue grew by 25% year-over-year and comprised 82% of total revenue in the quarter, while rest of the world grew by 40%, representing 18% of total revenue. As I've shared with you on recent calls, we see a huge and growing market opportunity ahead, and so we are continuing to invest in our business as we execute against our durable growth goals, all while continuing to drive ongoing margin improvements as we scale. I will share more detail on this shortly, including how we intend to leverage our strong year-to-date growth and operating profit performance to fund the incremental expenses from our recent insights acquisition. During the second quarter, we demonstrated ongoing progress towards the fundamental financial goals we laid out at our investor day in March. In addition to strong ARR growth, our customer-centric innovation focus is paying off as we saw a second consecutive quarter of accelerating customer growth led by our ability to meet customers where they are in their SecOps journey. As a result, we ended the quarter with over 9,300 customers globally, growth of 13% over the prior year. This sustained strength in our customer growth engine feeds ongoing long-term opportunity for our land-to-expand engine, which saw continued strong performance in the quarter with cross and upsell execution, driving 14% year-over-year growth in ARR per customer to end the period at approximately $52,500. These results demonstrate that our focus on delivering an integrated platform experience across our best-in-class detection and response, vulnerability risk management, and cloud security pillars is delivering a differentiated value proposition for customers. Turning now to some details on our operating results for the second quarter. Total gross margin for the quarter was 73%. consistent with the first quarter and down modestly compared to the year-ago period, driven by faster-than-expected growth in our cloud-based products versus a year ago, as we continue to see strong demand for our insight platform. Sales and marketing expenses grew 24% year-over-year, reflecting growth in headcount and improved to 40% of revenue compared to 41% in Q2 2020, as we see ongoing productivity improvements in the business. R&D expenses grew 31% over the prior year and represented approximately 20% of revenue, consistent with the prior year as we continue to invest in product and technology innovation. G&A expenses grew 14% and were 8% of revenue, down slightly from 9% in the prior year period as we continue to scale our business. Our strong revenue overachievement in the quarter enabled us to continue investing in our business while still delivering record quarterly operating profit of $6.1 million above the high end of our guidance range. Adjusted EBITDA for the second quarter was $10 million, and net income per share was 7 cents, also ahead of guidance. Moving to our balance sheet and cash flows, we ended Q2 with cash, cash equivalents, and investments of $613.2 million compared to $616.9 million at the end of Q1 2021. This is before the net cash impact of approximately $308 million paid at closing for the Insights acquisition in July. Our strong ARR growth and the associated strong buildings in the quarter drove better than anticipated second quarter free cash flow of approximately $5 million. Shifting now to our updated guidance for the full year. Our strong year-to-date ARR growth reflects the success of our ongoing efforts to invest in driving durable growth in our business. These investments have positioned us to help customers meet the challenge of an ever-expanding attack surface with an integrated platform experience across our best-in-class extended detection and response, vulnerability risk management, and cloud security solutions. We believe the acquisition of Insights only amplifies this value proposition and further expands the opportunity for Rapid7. The combination of these drivers and our team's strong execution today fuel our confidence in once again raising our full year ARR expectations for 2021. We now expect to deliver full year ARR of approximately $576 million or growth of 33% over the prior year. This accounts for both an improved organic outlook of now over 25% ARR growth for 2021 a strong improvement over our prior outlook of 22% growth, plus the addition of the Insights acquisition. As a reminder, Insights ended the second quarter with approximately $27 million of ARR. Given the strong momentum in our business, We're raising full-year revenue guidance, once again, to account for an improved organic outlook in addition to the contribution of Insights, and now anticipate revenue to be in the range of $520 million to $524 million, or growth of 26% to 27% after taking into account the Insights purchase account deferred revenue adjustment. Turning to operating profit. As Corey shared, we've delivered strong execution in the first half of 2021 with over 300 basis points of margin improvement compared to the first half of 2020. This puts us in a great position to continue reinvesting to drive durable growth, enabling us to leverage our revenue and operating profit over performance to absorb Insights operating expenses. As a result, we're adjusting our full year operating profit guidance strictly to account for the Insights purchase accounting deferred revenue adjustment of approximately $5 million, and now anticipate full-year operating profit of approximately $7 million. I will reiterate that if we were able to recognize Insight's full deferred revenue balance, we would anticipate delivering full-year operating profit in line with the low end of our prior operating income guidance of approximately $12 million, consistent with our growth and profitability framework. We believe these investments position us well to drive ongoing durable growth in our business as we look to accelerate our path to become a $1 billion business with the acquisition of Insights. Factoring all this in, we now anticipate non-GAAP loss per share for the full year to be a loss of approximately $0.09 per share. This is based on an anticipated 55.3 million basic weighted average shares outstanding. Turning to cash flow, we remain focused on investing for growth while scaling free cash flow generation over time. I'm pleased to report that given our strong ARR performance to date, coupled with our updated guidance, and even after accounting for the insights acquisition, we are raising our full-year free cash flow expectations and now anticipate delivering free cash flow of approximately $20 million this year. This is a great validation of the long-term free cash flow potential of our business. Moving now to quarterly guidance. Note that our third quarter guidance also includes the impact of the insights acquisition. For the third quarter of 2021, we anticipate total revenue to be in the range of $133.4 to $135 million, growth of 27% to 28%. We anticipate non-GAAP operating income for the third quarter to be a loss of approximately a half million dollars as we invest in the business and absorb a partial quarter of the inside expenses. We anticipate non-GAAP net loss per share to be a loss of approximately seven cents per share, which is based on an anticipated 56.1 million basic weighted average shares outstanding. So in summary, the first half of 2021 is a great validation of our ability to execute against our goal of driving durable growth while scaling profitability and free cash flow as we continue to invest to close the security achievement gap on behalf of our customers. And finally, I'd like to express my gratitude and appreciation to the entire Rapid7 team. It has been a privilege to work with Corey and a talented leadership team here for the past five years, and I'm extremely proud of everything we've accomplished. I look forward to ensuring a smooth transition when the time comes. And in the meantime, I look forward to continuing to work with all of you until then. With that, we appreciate your time and support, and we'll now open the call for any questions. Operator?
To ask a question, please press star, then 1. If your question has been answered and you'd like to remove yourself from the queue, press the pound key. Our first question comes from Robert Owens with Piper Sandler. Your line is open.
Great, and thank you guys for taking my question. Corey, I wanted to touch a little bit on the acceleration in new logos. And I know you've been adding additional capacity, and leaning in has been part of the story. But what are you seeing in terms of sales productivity as well with the preexisting sales force? And if you can kind of characterize – where the environment is right now relative to these additions, that'd be great. Thanks.
Thanks, Rob. It's a good question. So, you know, there's really two big factors. One is what I talked about earlier. It's a demand environment. It's a healthy demand environment for cybersecurity, but especially for the security operations innovations that we're offering to the market. So that's always helpful for sales productivity. The second one is, you know, we have a very disciplined model that as we actually introduce new products or we do acquisitions, As we actually prove out at home the sales process, we start out with specialized, and then we add more of those offerings to our sales teams over time. That is a positive tailwind to sales productivity. And the last thing, as you all noted, is that we're also investing in optimizing our product. In fact, we're very, very early in the journey there, but that's also been a positive tailwind to sales productivity. So all those things are coming together allowing us to actually grow our ARR and our raw sales productivity. And that's being reflected both in the new customer growth, but it's also being reflected in the ARR for customers.
Great. And then a second question for Jeff, I guess. If I look at your day's billings outstanding, it was far less than we had expected and obviously helps cash flow. Does that reflect the linearity of the quarter, or was there something unique relative to collections this quarter versus historic? Thanks.
Yeah, we had favorable linearity in the quarter, but I think we've seen dramatic improvement over the last couple quarters, and really due to our internal efforts and improving days' billings' outstandings. But I wouldn't say that it's... it's really dramatically different on linearity other than we did see some improvement. I think it's more just... All right.
Thank you both.
Yep.
Our next question comes from Matt Hedgeberg with RBC Capital Markets. Your line is open.
Hey, guys. Thanks for taking my questions. Well done on the quarter. And also, Jeff, congratulations on your retirement. We certainly feel like you're not leaving anytime soon. but we've enjoyed the ride here with you, so best of luck at the next chapter of your career. Yeah, it's been a fun, I think you said five years, so it's been a fun journey. We'll be here for a bit longer. We'll enjoy that. You know, Corey, I wanted to follow up on Rob's question. You know, at Analyst Day, you talked about 5% to 10%. was sort of the target level for new logo ads. Obviously, you added 13% growth this quarter. I just want to sort of frame that with your analyst days. Is this sort of a new normal? Was there anything unique with the customer ads this quarter? I mean, is kind of 5 to 10 kind of where you kind of continue to expect? Because it was obviously a lot better than you talked about previously.
Yeah, so I think there's a couple of important things. One is keep in mind that the analyst discussion was a CAGR over four to five years. And so you could imagine that. And in fact, earlier this year, we saw a little bit of performance above that. So you can expect it sort of like a CAGR to average over a sustained time period. The other thing to keep in mind is that we're doing an intentional move and migration to more strategic customers. And we talked about that before. And I think that's continuing apace. And so what I would actually say is we have very good confidence in the near term that, you know, we see trends in the double digits and continue momentum there in the very near term. But I would say I don't think our long-term CAGRs change material.
Got it. Okay, that's helpful. And then, you know, in your prepared remarks, you talked a little bit about Insight CloudSec, which is, I think, DiviCloud now. I know it's still early for that, and it carries higher ACV dollar values than kind of your base, but can you talk about kind of the level of penetration in your base and, you know, how are you successful when you, you know, what's sort of the recipe when you're able to cross-sell that back into your existing customer base?
I mean, keep in mind, like all of our solutions, especially our big main pillars around detection and response, cloud security, and vulnerability management, They're all landable solutions. That said, we're seeing increasing growth and traction on the crawl sales. To get to your specific question, is the catalyst for crawl sales digital transformation? And so it is when we're talking to a customer that is looking to actually roll out a big digital transformation initiative and they cross a critical threshold where they are changing enough of their IP infrastructure from a digital perspective security is a priority, and it needs to actually get the visibility to actually stay abreast, and the management to stay abreast, and the automation to stay current with that. That's the catalyst for those things. And our sales team is quite patient. We're seeing good growth and good momentum and good excitement there, but we like having that tie to digital transformation. It puts us in a position where it's not just a current growth driver, but that actually gives us a long-term growth dynamic. So if you look at any industry reports, both cloud security, but especially the drive of a digital transformation is expected to grow over the long-term horizon.
Scott, super helpful, guys. Thanks again.
Our next question comes from Sackett Kalia with Barclays. Your line is open.
Okay, great. Hey, guys, thanks for taking my questions here. And, Jeff, I'll echo my congrats on retirement. Very well deserved.
Thanks, Sackett.
Corey, maybe just to start with you, that was an interesting example of Insight 1, that bundle example you talked about during the prepare for marks. I was just wondering if you could just talk a little bit about how bundles are working, sort of what some of the data points are on that that you'd be able to share. And without pronouncing anything, are there any other bundles that might make sense to explore?
So I won't go into the numbers on it, this is just too premature to actually drill through numbers, but I will talk about trends a little bit. One, we have a number of pilots out there, I've talked before about some of the SOC automation, where you actually have IDR, network traffic analysis, the enhanced endpoint telemetry and SOAR together, and that's sort of like quite positive. We have several other things that we actually are piloting that are out there, and most importantly, we're moving forward with think about a sort of two-pronged strategy. One, it is a strategy that allows us to do bundling. Think about bundling is primarily deals at the time of sale when people are really looking to upgrade their overall security program. Now, subsequently, I'm sure we're going to do upgrades to bundling programs. But, you know, one focus of bundling is sort of like deals at the time of sale. The example that I gave here was a customer that said, hey, listen, I'm looking to do a significant upgrade in my security program. And so they wanted to actually look at the economics of the investment and the results across multiple categories. It made complete sense there. The only thing that I would say just to be clear is that I am not concerned, our team is not concerned with how customers buy. So if they buy up front because they actually are looking to actually do a big shot in the arm and improve their security quickly, that's great. And if you do it slowly over time, that's great also. Now, On the slowly over time, that gets to the third point that I'd actually emphasize, is that we also are investing in our packaging and pricing solutions to make it both predictable and economical for customers to actually plan for and build out and upgrade to their security operations over time. So those are the three areas of strategy. I would say that they're having traction. We're getting validation, so therefore we're accelerating. I would not call them massively material to the success today from the new packaging perspective, but I would say very, very positive momentum, such that our sales teams are coming back to us and these things are working, it's resonating well with customers, and therefore we're actually continuing to actually roll out the further phases of that.
Got it. That's helpful. Jeff, maybe for my follow-up for you, can you just remind us how fast that newly acquired Insight business I think we said it was about $27 million in ARR. How fast is that growing? And maybe as part of that question, just zooming out a little bit, when you look at that ARR base at the end of this year, I think the guide is for about $576 million, how do you sort of roughly think about the mix of VM versus kind of that broader sort of security transformation bucket? Does that make sense?
Yeah, so first off, it is $27 million that we acquired as of the acquisition date. And at Analyst Day, we said that VM was a bit over 50%, and security transformations was about 40%. You know, security transformation, we're saying, is going to grow over 40% this year. So it will become a bigger piece of the pie by the end of the year. We're not going to pick a specific percentage, but, you know, VM, since it's growing slower, will become less of the total pie. And I think we said at our call is that Insights was growing over 40%. And that will be included in our security transformation products, which, you know, even without Insights, will still grow over 40% this year is what we're projecting.
Got it. Very helpful. Congrats again, Jeff. Thanks.
Our next question comes from Brian Essex with Goldman Sachs. Your line is open.
Hi. Good afternoon. Thank you for taking the question. And, Jeff, congrats for me as well. Well done. Thanks, Brian. Perhaps, Corey, what I maybe want to touch on is, you know, with the acquisitions that you've done over the past several years, and if we think about things in these three pillars of How is your sales force aligned with regard to maturity and where you're incentivizing them in terms of, you know, which ones of these buckets are, I guess, more accretive to the bottom line versus others might have better unit economics? And then do you have, are you just looking for a sales force that has the maturity across the platform to kind of put, you know, all the arrows in that quiver, so to speak?
It's a good question. So I think there's two distinct parts of it. So the first thing is how do we, when we acquire or we build, how do we actually think about rolling it out to Salesforce? And in general, what we do is we always start with a dedicated team to make sure we have mastery of selling. Because what we really want to make sure is that we understand what the sales motion is and how to optimize the sales for everything. As we get the mastery of selling that, then we actually broaden the number of sales teams that can sell that. And that's not a one-shot where you just sort of like dump it into the sales force. That is a steady expansion out of the sales team. So we're constantly expanding the selling capacity of our sellers and what they can actually sell. But we want to do it in a way that we actually really have mastery of the sales, which allows us to actually steadily drive up total sales productivity over time. And that's actually worked out quite well. The second part that I think that you're referring to is how do we actually incentivize or focus the sales teams on which products operate. And while we actually track and manage that ourselves, we do not target the sales team either from an existing customer versus that new customer or from a product perspective to say you should sell this product to that. Now, there are occasional spiffs that happen when we're maybe doing something with a particular partner at some point in time. But by and large, we don't do it. And the reason for that is, you know, we have two levers. One is we actually have sales. But because we have such an innovation engine, we're constantly updating the profitability from an engineering perspective of the things that we actually sell to. And so both of those are changing over time. So we want our sales team systems to be focused on going out and meeting customers where they are. You hear us say that term a lot, meeting the customer where they are, because we don't want them introducing friction. that actually says that I want to steer you in this way. And that creates a lot of customer credibility for our sales team because they can take the customer's pain points and then actually focus on and deliver them a solution for that pain point. And so that's the strategy that we have. And then when we look at our customers, we are focused about, like, all right, how do we actually do things more and more properly over time, which is why we've been able to do the marketing expansion.
Got it. That's super helpful. I appreciate it. And maybe, Jeff, to follow up, could you maybe reconcile the adjustment to free cash flow guide for us? I mean, it seems like you're bumping it up by about $5 million, but you've already got a deferred revenue write-off and a cash from the insights acquisition and the cost associated with that business. So what are the puts and takes that gets you more confident bringing free cash flow guide up?
Yeah, the biggest driver is the cost. you know, increased ARR performance. But I believe for the first half, about $23 million, and we are projecting a net income loss for the second half, which is around $7.5 million, the implied loss. If you deduct that from the 23, really the balance is really what we can realize in cash flow from the incremental ARR with a raise, you know, from the previous guidance.
Got it. Super helpful. Thank you.
Our next question comes from Michael Turret with KeyBank. Your line is open.
Hey, guys. This is Eric Heath on for Michael. Thanks for taking the cue, and Jeff, congratulations as well. Thank you. Corey, you've shown good progress increasing that AR per customer metric as you do larger lands, but could you talk more about how you're progressing on educating customers in the sales force on the power of the combined unified platform to really drive expansion among those customers and increase attach rates?
Yeah, I mean, I would say that we're taking it steadily, not in one big go. I mean, you know, my take is that just prove that the customers don't just sell it to them. And so what we're looking for as we expand and we think about our expansion engine is taking customer pain points and showing them why we actually extend their leverage of their existing investments. So no matter where we start, if you say, hey, I have an IDR customer and they have an incremental pain point on cloud or on VM or applications, we're able to say, like, okay, listen, here's how your existing investment scales up. And so framing it as a scale up. But, again, it's not a big, hey, go buy more. It's more about, like, you made an investment, and we can actually scale that investment more efficiently and more effectively than anyone else. And again, we're still in the early innings here because lots of our engineering work right now and lots of our product and packaging work is about making it much easier for customers to recognize incremental pain points and scale up much more naturally and plan for that scale much more naturally.
Got it. That's helpful. And then I just want to touch upon VM. You mentioned accelerated this quarter. So would you attribute that to some of the breaches we've seen this year? Obviously, it's kind of top of mind right now and Do you think this is a sustained elevated level demand that you could kind of see VM continue to accelerate for the rest of the year?
Our fundamental outlook on VM hasn't shifted. We've always thought it was actually a sustainable market and market advantage. We continue to see vulnerability management as sustainable. It did accelerate, and that's a positive thing, but we feel pretty confident that it's going to have the long-term market demands that we saw One aspect of that acceleration is that we continue to overall, including the VM, see customers stay with us and have higher levels of commitment. So we talked before about the lower churn and the higher retention of customers, and that's also a factor of the growth.
Corey. Did you hear me? Yep, great. Thank you. Okay, thank you.
Our next question comes from Jonathan Roycaver with Baird. Your line is open.
Yeah, hi. Good afternoon. So I just have one question. Obviously, you've made a pretty marked shift from talking about IDR at the STEM to talking about about this XDR just in the last several months. So, Corey, I know you touched on that evolution in your opening comments, but I'm wondering if you could just dig deeper into those capabilities that you believe are critical to this XDR category. Maybe touch on some of those that you have today, some that you might not have today and might need in the future for competitive positioning.
When you think about extended detection response, which is what XDR is, it's really about reducing the gaps that you actually have in your security operations environment. If you think about why so many companies and organizations invest in security but still are so able to be compromised and attacked, it's because there's just lots of blind spots in that environment. So no matter where you start, the idea of XDR is actually minimizing those gaps in the overall security operations environment. So for us, very specifically, it actually starts with gaps in data. And so it's the ability to actually see not just the log data, which is traditional with them, but also to actually see the endpoint data, to be able to see the network data, and now to be able to see the external data in the environment. That should be viable. So it starts with data. But the second thing is that when you actually have the data, you actually have to be able to process. And so if you think about the additional innovation that we did with user behavioral analytics, it was about a different way of actually processing data to look for attacks in the environment, understanding the user context. We added attacker behavior analytics. But again, it was another way to actually make sure we were minimizing the gaps in the overall environment. And then the last area that you really have to focus on is, all right, I have the information. how do I make sure that I don't have gaps in my workflow? And whether that's my investigation workflows, my forensics workflows, or my remediation workflows. And that's where the SOAR technology comes in with the automation. So when we think about extended detection response, it's about minimizing the gaps. That's why you have to extend it there in the data, in the analytics, but also in the workflows and the automation around that. And that's why I claim as, you know, our vision of IDR has always been about minimizing those gaps. I just think that the XDR market is recognizing today the value of that strategy. And we're being recognized along with that, which is a big part of success.
Corey, one last item that I think is important. I'd love to hear your thoughts. It's just the ability to leverage intelligence. How do you view that, and where is that in the product portfolio today?
Intelligence. You said intelligence. Yes. So I think about that as sort of like part of two things, the data context, which is what's happening in the external environment. But I also think about it as the analytic context. One of the things that you actually have as you do digital transformation, you just have not just an expanding attack surface, you have so much more data which has the potential to create a lot more noise. And so what we're doing predominantly, we have a massive amount of engineers that just have to figure out how do you actually continuously up the game pulling out the signal from the noise. And the threat intelligence is another key tool and another key technology, another key strategy that allows us to actually pull out the signal from the noise. So those are the two places where it actually shows up.
Okay. That's helpful. Thank you.
Thank you.
Our next question comes from Greg Moskowitz with Mizzouho. Your line is open. Thank you.
Okay, thank you. Jeff, I know you're not going anywhere just yet, but you've done a terrific job and will most certainly be missed.
I appreciate that. Thanks, Greg.
Of course. Corey, I guess I had a follow-up to that last question. In light of all of the increased customer awareness of XDR, do you believe that most customers today are looking at the XDR and SIM areas as an or or as an and when it comes to their deployment of these technologies?
Well, I think, so one, it's a the market taxonomy is sort of developing. Most customers are looking at how do they actually reduce the gaps in their operations. And that's really clear. That stands out more than anything. Now, I think it's part of that what you have is companies that have actually had an XDR bias, which is like we said earlier, is we haven't used the term XDR before, but we're clearly getting massive customer adoption there. Why? Because customers are focused on that. So really, you could use my XDR as a proxy for, does it allow me to actually consolidate and improve my security operations with less gaps in my ability to manage my security operations? That customers are definitely shifting. Now, my belief because of that is that XDR center offerings and security, which means I'm able to consolidate, I'm able to actually minimize gaps in my ability to be able to manage my security infrastructure, I think people that do that are more likely to win in the future. So, yes, I think XTR-centric SIEMs are much more likely to take share in the overall security analytics or the SIEM market as you actually move forward. But that's because they're actually providing a real business value proposition, which is taking things that are highly manual, have lots of gaps in the environment, and simplifying it for customers, even as it becomes more complex as the scale and volume increase.
All right, that's very helpful. Thanks, Corey. And then just for Jeff, are you able to say roughly how much revenue from Insights you're expecting for Q3 and Q4? Obviously, ARR is the most important metric, just trying to get a sense of how much of the revenue guide increase is organic versus acquired.
Yes, about high single digits, upper single digits, for the half, for the second half.
The second half, okay, perfect. Thank you, guys.
Our next question comes from Brad Rebeck. With Stiefel, your line is open.
Great. Thanks very much. Corey, over the last few calls, you've called out retention gains broadly. Just wondering where you are in that process, if you think you've gotten most of that and it's incrementalism from here or if there are still meaningful gains to be had.
I mean, we have steady improvements in all of our different customer retention metrics. And I would say as we execute our strategy, I would say we have upside and opportunity as we actually go forward. I just think you see that most reflected in the AR for customer metrics, which is, again, that and that customer ads are our primary metrics. And we've made clear commitments and expectations that we expect our AR for customer to go steadily up. You can expect that that has either stable or increasing retention as a fundamental underlying assumption.
That's great. Thank you very much.
Our next question comes from Alex Henderson with Needham. Your line is open.
Thanks. I just wanted to follow up on that last question a little bit. ARR per customer statistic is a great statistic, but I was wondering if you could update us relative to the ARR of new customers, whether they're coming in near the average and that's helping boost that ratio or if they're coming in well below and still have a lot of room to move to the upside. Can you just give us that piece of the puzzle?
Yeah, Alex, they come in below the average of 52.5. They start smaller and then they grow with us. But there hasn't been a big change in that. It's going up a little bit with additional platform products and higher ASPs, but it's still less than the 52.5.
And I would say that's especially true on a like-for-like basis when you compare company sizes. You know, the one thing I would say that could draw it up over time is we are having – we've always had strength in the mid-market, but we have an additional – you know, we continue to have strong strength in our enterprise expansion. And that's been a continuing trend for, like, the last four or five years. And so I'd say you see strength across that segmentation.
So the environment clearly has changed quite significantly over the course of the last six, nine, maybe call it 12 months – as a result of an incredible number of attacks and the breadth of those attacks, as well as presidential edicts and things of that sort that have really moved the perception of perimeter defense down multiple notches and the need for defense in depth up a lot of notches. How has that been impacting your business? Is that part of the acceleration in customer wins? Is that something that is accelerating or is it static in terms of impact? Can you give us some sense of what the environment looks like as a result of all of these hacks?
Yeah, you know, it's tough to do specific attributions at different levels. What I would say is that you saw this as we actually gave commentary coming out of the second half of actually last year. It was very clear that the demand environment had actually been improving significantly. and I would say that the focus, the discussion, the seriousness, the fact that this is a topic at both the board levels and at the executive levels of companies is clearly making the demand environment more favorable. I think you see that most in some of our security transformation solutions categories where you actually, you know, if you look back two years ago, I would say security was not a must-have in the default digital transformation discussion. I would say today you're seeing security much more as a default in the digital transformation discussion. Now, I can't say whether that's the government, whether that's the press, whether that's the breaches, but I would say that the tie between digital transformation and the security transformation upgrade has gone up materially over the course of the last year. And I think there's some correlation there. It's just tough to do direct attribution. I see.
Thank you very much.
Thank you.
Our next question comes from Hamza Fadarwala with Morgan Stanley. Your line is open.
Hey, guys. Thank you for taking my question. And, Jeff, congrats again on the retirement. So just one quick question from my end. Just on gross margin, you mentioned that, you know, down slightly year on year. When could we expect that to, you know, start to normalize? What, you know, range should this sort of normalize at? Sort of mid-70s? Is that something that we should expect, you know, over the next few quarters?
Yeah. I just want to remind you that because of deferred revenue haircut, we may have a little bit of headwind in the second half because we have the cost, but we can't recognize all the revenue. But again, We would expect to still be in that mid-70% range.
Is that near or longer term?
For product margins. Got it. And overall in that 73% range. So no significant change. Okay. Thank you.
If there are no further questions, I'd like to turn the call back over to Corey Thomas for the closing remarks.
Thank you all for joining us today on our call, and I appreciate the fact that many of you shared the sentiments of how grateful we are for Jeff. But you will still be hearing from him. That's right. So thank you, and we look forward to chatting with you over time. Thank you very much.
This concludes the program. You may now disconnect. Everyone, have a great day.