Rapid7, Inc. (RPD) Q3 2017 Earnings Report, Transcript and Summary

Welcome to Rapid7's Q3 2017 Earnings Conference Call. [Operator Instructions] As a reminder, this conference is being recorded, Tuesday, November 7, 2017. I would now like to turn the conference over to Jeff Bray, Vice President of Investor Relations of Rapid7. Please go ahead, sir.

Thank you, Operator and good afternoon, everyone. We appreciate you joining us to discuss Rapid7's Q3 2017 Financial and Operating Results in addition to our financial outlook for the fourth quarter and full fiscal year 2017. I'm Jeff Bray, VP of Investor Relations, and I'm here today with Corey Thomas, our President and CEO; and Jeff Kalowski, our CFO. We distributed our Q3 2017 earnings press release over the wire and is now posted on our website at investors.rapid7.com. We have also posted our updated company presentation and financial metrics file on our Investor Relations website. This call is being webcast and can be accessed at investors.rapid7.com. The webcast of this call will be archived, and a telephone replay will be available on our website until November 11, 2017. We would like to bring the following to your attention. The date of this call is November 7, 2017. Our discussion today contains forward-looking statements about events and circumstances that have not yet occurred, including, without limitations, statements regarding our objectives for future operations and future financial and business performance. These forward-looking statements are based on our current expectations and beliefs, and on information currently available to us. Statements containing words such anticipate, believe, continue, estimate, expect, intend, may, will and other similar statements are intended to identify such forward-looking statements. Actual outcomes and results may differ materially from the expectations contained in these statements due to a number of risks and uncertainties including those contained in the risk factors sections of our most recently quarterly report on Form 10-Q filed with the Securities and Exchange Commission and subsequent reports that we file with the Securities and Exchange Commission. The information provided on this conference call should be considered in light of such risks. Actual results and the timing of certain events may differ materially from the results or timing predicted or implied by such forward-looking statements, and reported results should not be considered as an indication of future performance. Rapid7 does not assume any obligation to update the information presented on this conference call except to the extent required by applicable law. On this call, we will provide and talk about our results using non-GAAP financial measures and provide non-GAAP guidance. We believe that the use of these non-GAAP financial measures provides an additional tool for investors to use in understanding company performance and trends, but note that the presentation of non-GAAP financial information is not meant to be considered in isolation or as a substitute for the directly comparable financial measures prepared in accordance with GAAP. We have provided a reconciliation of the historical non-GAAP financial measures to the most comparable GAAP measures in the financial statement tables included in the press release issued today announcing our results. The press release announcing our financial results is available on our website at investors.rapid7.com. At times in our prepared comments or responses to your questions, we may offer incremental metrics to provide greater insight into the dynamics of our business or our quarterly results. Please be advised that this additional detail may be onetime in nature, and we may or may not provide an update in the future on these metrics. With that, I'd like to turn the call over to Corey.

Thanks Jeff, and good afternoon, everyone. Thank you all for joining us today on our third quarter 2017 earnings call. We had another strong quarter and we continue to see broad-based demand and are executing well against our plan, resulting in strong financial performance. We delivered revenue growth of 25%. We continue to grow our recurring revenue by over 30% and we grew our billings by 31%, with strength across products and go-to-market teams. We are on track to improve our annual operating margin and to generate positive cash flow from operations for the year and in line with last year. And as we see our business mix shifting towards subscription, a growing percentage of our billings are for recurring revenue. And as a result, our ARR grew by over 30% this quarter. Our Threat Exposure Management, or TEM, business has grown consistently throughout the year and we are clearly still gaining share in the vulnerability management market. Our Incident Detection and Response, or IDR, business continue to grow comfortably by over 100%. And in 3Q, IDR contributed over 20% of our billings. Our strong performance has been driven by a differentiated set of products that leverage the power of the Rapid7 Insight platform. 5 years ago we made a bet that data consolidation, advanced analytics and UBA will be critical to effectively respond to modern cyber attacks. We committed to move our data and analytics architecture into the cloud to provide customers cost-effective access to speed and power not available in an on-premise solution. In 2015, we launched the Rapid7 Insight platform. In 2016 we launched our SIEM, InsightIDR. With our product launches earlier this year, Rapid7 is the first to offer vulnerability management, Web Application Security Testing, IT log-in analytics and a UBA-powered SIEM, all operating on a shared, cloud and data collection infrastructure. Meaning, that our customers only have to collect their data once to get the broad visibility across their environment, resulting in higher levels of security and IT productivity. On top of that, our remediation workflows are helping operations teams more effectively manage their task. With the acquisition of Komand in July, we now offer an orchestration and automation solution to help our customers quickly and efficiently resolve issues in their environment. Komand is an elegant user-friendly solution that provides advanced automation workflows that interact with applications across the IT environment. This allows organizations to reduce their reliance on home-grown scripts and labor-intensive manual processes, helping solve the core challenge facing organizations today: too much work and too few skilled resources. While it's still early, our customers and sales teams have responded enthusiastically to the introduction of Komand, and we have already expanded beyond 180 plug-ins. We look forward to further integrating this solution into the Rapid7 product family. Our platform uses the same lightweight agent, data collectors and scan engines across all of our solutions. We aggregate data from endpoints, machine logs, cloud assets, application and other sources, providing broad visibility on a single source of critical IT and security data. All of our products are informed by our deep understanding of the threat environment, reinforced by our research and our decades of experience. We design our solutions with the resource-constrained IT and security teams in mind, simplifying their view of the environment and helping streamline their workflows with a lower, total cost of ownership. As more customers take advantage of the Rapid7 Insight platform, we see increasing evidence of consolidated spending with Rapid7. We have witnessed increased product usage and adoption, more upsells and cross-sells from our platform customers, and customers choosing to cover more of their environments. The net result for Rapid7 is larger, initial and larger upsell deal sizes. And we had another quarter of 60% plus growth in cross-selling. Our InsightIDR customers, in particular, appreciate our platform vision, as 2/3 of our IDR customers have purchased another Rapid7 product and nearly half are getting their vulnerability management on our platform. Our product development continues to evolve along with today's modern IT environment, including improved support for container deployments, and enhanced visibility into AWS and Azure environments. Looking at the performance of our go-to-market teams. Our mid-market international results continue to be strong. The great news is that our enterprise teams have returned to solid growth, and we expect their productivity to continue to improve. Now let's review our business in the context of our 2017 goals. Looking at our first goal, this quarter, our customer count grew 15% year-over-year. We're still seeing significant number of new customers, and we are finding that our new customers are making larger initial commitments to Rapid7. We also see that our new customer dollar billings have grown in both TEM and IDR, and our subscription products are driving an increased mix of recurring revenues. While adding new customers is important, the quality of new customers combined with the upsell and cross-sell potential is driven by our expanded platform providing strong foundation for growth. In the first 2 quarters, InsightVM has gotten off to a great start and we are pleased with the initial reaction from both our sales team and our customers. We are ramping our migration to the existing customers, and a meaningful percentage of our new customers are coming to us on InsightVM. We believe InsightVM is contributing to a healthy pipeline, and we've reached the point where the majority of our VM pipeline build is for InsightVM. As I've shared before, a significant portion of our existing pipeline was built for Nexpose so it will take several quarters for this transition to complete. This quarter, one of our InsightVM highlights was a new customer win at a Fortune 1000 communications, construction and engineering company. After evaluating their security posture, they realized they needed to upgrade their vulnerability management solutions. InsightVM showed the customer that it cannot only provide a simple view of risk in their environment, but also offers remediation workflows to quickly address those risks. Remediation workflows have become a huge differentiator as InsightVM delivers all the detail and context required for operations teams, and allows security teams to monitor the progress of closing vulnerabilities. The high level of stakeholders not only appreciate the visibility InsightVM provides, but also value our service level, platform approach and product vision, leading to an excellent opportunity to expand the relationship in the future. More customers are recognizing the value given their analytics from Rapid7's Insight platform, and more and more we are hearing that our remediation workflows are also a differentiator. Our ongoing shift to InsightVM will help drive our revenue mix towards more recurring revenue. Now on to our second goal, which is to disrupt the SIEM and IT log analytics markets. Rapid7 reached a significant milestone in the third quarter. IDR billing has exceeded 20% of our billings for the quarter, more than double year-over-year with 79% customer growth. InsightIDR is a SIEM that combines our powerful User Behavior Analytics with our broad data collection and robust search capability, all in an easy-to-deploy and easy-to-use interface, designed to quickly identify anomalies and provides the context to allow for a speedy, efficient response. InsightIDR has proven to be a great product for both new customer additions and cross sales. This quarter, one of our existing multiproduct platform customers was looking to more quickly identify malicious activity in their environment. Their requirements included UBA and deception tools. Rapid7 has already built a high level of trust with its global financial services firm, and it became clear that our platform is differentiated due to our threat intelligence and our ability to tie together user and asset information. They also found InsightIDR had a remarkable time to value, delivering actionable alerts within weeks of beginning their installation. On top of that, when this customer saw a demonstration of our Komand product in action, they added our newest solution to their portfolio. This quarter our top 3 deals were multiproduct deals that included IDR, highlighted with one of the largest deals that we have ever closed. Overall, a great quarter for IDR. We are now relevant in this market and are starting to gain recognition across the industry. As for our final goal, we will remain on track for operating margin improvement for the year and expect operating cash flow in line with last year. Our cross-selling is gaining traction, validating our product strategy, which is increasing our confidence in our ability to improve our customer economics with our land and expand model. Before I hand the call over to our CFO, Jeff Kalowski, to discuss our financial results, I would like to remind you that we will be hosting our first Investor and Analyst Day on December 12, where our management team will discuss the product, operational and financial strategy and vision of Rapid7. With that, I can turn the call over to Jeff.

Thanks, Corey. We're pleased with our strong performance in the third quarter. Total Q3 revenue was $50.5 million, an increase of 25% year-over-year and above the high-end of our guidance. Product revenue was $29.6 million, increasing 28% year-over-year, driven by strength in both TEM and IDR with expanding recurring revenue. Maintenance and support revenue was $11.7 million, increasing 20%, and our professional services revenue was $9.2 million, an increase of 23% year-over-year. We continue to have a very high visibility into our revenue forecast with 86% of Q3's revenue having been on the balance sheet as of the first day of the quarter. We have made adjustments to the calculation of the contribution of deferred revenue to each quarter's revenue, and we updated the historical data on our website. And over the last 4 quarters, the average difference was small, approximately 200 basis points. This adjustment had no impact on recorded revenues. 70.5% of our revenue was subscription-based recurring revenue, versus 67.7% in Q3 of last year and our recurring revenue grew 30% year-over-year. In Q3 2017, 81% of our product revenue was recurring, up from 76% last year. Our ARR increased by over 30% year-over-year. We define ARR as the annualized value of all recurring revenue related contracts in place at the end of the quarter. Total deferred revenue grew 26% year-over-year to $188.6 million at the end of Q3. Calculated billings for the third quarter were $58.7 million, or up 31% year-over-year, with broad-based strength highlighted by another strong quarter from IDR and ongoing strength in the TEM market. Average contract lengths were 23 months for total billings, which compares to 21 months in Q3 of last year. In Q3, we're pleased to see the customers for InsightVM as well as our other SaaS offerings committed to more multiyear deals than we had forecast, resulting in higher contract lengths. We want to point out that given the mixed shift from perpetual to SaaS, our billings are resulting in more recurring revenue and greater lifetime customer value. Consequently, contract lengths may no longer be a meaningful comparison to prior periods during this transition, as they don't capture the benefit of a higher mix of recurring revenue on our billings. As Corey mentioned earlier, our recurring revenue and ARR grew over 30% in Q3, and we view this as a more relevant metric. We will be providing more detail on this topic during our Investor and Analyst Day presentation in December. Looking at the business geographically, North America revenue was $43 million, an increase of 24% year-over-year and comprised 85% of revenues. Rest of World revenue increased 30% year-over-year and contributed 15% of total revenue in the third quarter, compared to 14% in Q3 2016. We intend to invest globally to drive the momentum in this underpenetrated market. Our customer count increased by 15% year-over-year, and we ended Q3 with more than 6,700 customers globally. We again experienced higher ASPs through better customer penetration and more multiproduct sales, more large deals and increased recurring revenue, which are important parts of our growth strategy. And as Corey mentioned, our cross-sell billings, again, grew by over 60%. Our renewal rate was 119% and our expiring renewal rate, which measures the renewal of the prior year's revenue run rate, was 89% in the third quarter. Turning back to the P&L, non-GAAP total gross margin for Q3 2017 was 74% compared with 77% in the prior year period. Non-GAAP product gross margins were 80%. And as expected, were down from 87% last year due to increased usage of our SaaS platform and managed services offerings. Our non-GAAP maintenance and support gross margin increased to 86% from 82% in the year-ago period. In aggregate, our product plus maintenance gross margins were 82% as compared to 86% in the prior period, and 82% in Q2's 2017. As we migrated more customers to the platform, we think it is important to look at this gross margin on a combined basis. Our non-GAAP professional services gross margin was 39% in Q3 compared to 38% in the year-ago period. Net-net, we expect our Q4 total gross margin to decrease from the Q3 level, primarily due to increased usage of our cloud-based products and lower professional services gross margins. We will be detailing our long-term outlook for gross margins at Analyst Day. Reviewing our Q3 non-GAAP operating expenses, R&D expenses were $11.6 million or 23% of total revenue, an improvement from 25% in the prior year period. We continue to invest for growth, and Q3 expenses also reflect the incremental cost associated with the Komand acquisition in July. In Q3 of this year, R&D expenses were reduced by approximately $440,000 due to capitalized internal use software costs related to our SaaS product development. Sales and marketing expenses were $26.7 million or 53% of revenue in Q3 compared to 49% in the prior year period, mainly driven by higher headcount and higher commissions and the shift of our UNITED user conference into Q3 this year. Our increased spending reflects our investment to ramp up our sales force to drive growth across our expanded product platform, which we expect to result in higher recurring revenues and help to build the scale and leverage in the business. G&A expense in Q3 2017 was $5.8 million or 12% of revenue in Q3, an improvement compared to 15% of revenue in the year-ago period. As a result, Q3 non-GAAP operating loss was $6.8 million or a margin of negative 13% compared to a non-GAAP operating loss of $5.3 million or a margin of negative 13% in Q3 2016. On a year-to-date basis, our operating loss margin was negative 13%, an improvement over last year's negative 21%. During the third quarter, adjusted EBITDA loss was $5.6 million compared to a loss of $4.1 million in the third quarter of 2016. Year-to-date, adjusted EBITDA loss was $15.2 million compared to $20.4 million last year. Non-GAAP net loss per share was $0.15 in Q3 2017 compared to a non-GAAP net loss per share of $0.13 in Q3 2016. We realized a tax benefit this quarter of $2.6 million as a result of our acquisition of Komand. We recorded a deferred tax liability as part of the acquisition. And as a result, we released a portion of our valuation allowance, which generated the benefit. This deferred tax benefit was noncash related and was excluded from our non-GAAP net loss per share. We ended Q3 with a total cash and investments of $85 million compared with $92.1 million as of December 31, 2016. Our ending cash balance as of September 30, 2017, decreased due to the $14.8 million in cash paid for the acquisition of Komand, which closed on July 12. Our operating cash flow for Q3 was $5.7 million, and year-to-date operating cash flow was $5.1 million. Moving to our fourth quarter and full year guidance. For Q4 2017, we anticipate total revenue to be in the range of $53.9 million to $55.3 million. This equates to a year-over-year growth of 20% to 23%. We anticipate non-GAAP operating loss for Q4 to be in the range of $7.9 million to $7.1 million. We anticipate non-GAAP net loss per share for Q4 2017 to be in the range of $0.18 to $0.16. This is based on an anticipated 43.5 million weighted shares outstanding. We are raising our guidance for the full year 2017. We are raising our billings guidance and now expect to be in the range of $236.5 million to $239.5 million, representing 21% to 22% year-over-year growth. We are raising our revenue range to $197.1 million to $198.5 million, representing 25% to 26% year-over-year growth. We are updating our range for non-GAAP operating loss to a loss of $26.5 million to $25.7 million, and we now anticipate non-GAAP net loss per share to be in the range of $0.62 to $0.60. This is based on an anticipated 43 million weighted average shares outstanding for the full year 2017. We also continue to estimate the shift in product mix will impact our growth and operating cash flow. And as a result, we continue to expect 2017 operating cash flow to approximate 2016 levels. In summary, we had a strong growth quarter and continue to project improving operating margins for the full year 2017. With that, we appreciate your time and support. And now I will turn the call back to Corey for closing comments. Corey?

Thanks Jeff. This quarter, we continue to see broad-based demand and are executing well against our plan. We believe our results validate that Rapid7 has the right strategy across our markets. Our approach of providing multiple, high-impact analytics solutions based on the Rapid7 Insight platform is resonating with customers and driving consolidation of some spending with Rapid7, as lean IT and security teams strive to leverage their security resources and improve their effectiveness. We continue to evolve our product set. Our recurring revenue is showing strong growth. We also look forward to seeing you at our First Investor and Analyst Day on December 12. With that, I will turn the call over to the operator for Q&A.

[Operator Instructions] And we have a question from the line of Gregg Moskowitz with Cowen and Company.

Corey, you've mentioned that InsightVM is now the majority of your total VM pipeline. And I know it's still early innings, but I'm wondering if you're seeing any change in the sales cycles or in the pipeline conversions of InsightVM as compared with Nexpose?

Thanks Gregg. And before I jump into the answer, I just want to apologize for the delay. Our newswire service had technical difficulties, resulting in the delay of our press release. And we delayed the start of the call to make sure that everyone had the opportunity to read and review the release. To answer your question, is that we're seeing very, very good traction on the InsightVM pipe build and in our opportunities. It's too early now to actually know if there's going to be a change in either the deal sizes that result from that. Or what I would say is that we're quite comfortable and we're encouraged by the volume of pipeline build that we're seeing, both in aggregate and also on a program basis.

And then one thing that we've been hearing more often from customers is that the amount of coverage of their environment from a VM scanning standpoint is growing significantly. Can you expand a bit on what you're seeing in that regard? And also, how does cloud impact this?

Yes. It's a great question. We are seeing expansion in both in terms of more coverage for new customers, so that's resulted in higher ASPs for net new customers that come in, as well as existing customers expanding their coverage of their environment, frankly, with all of our products but that includes InsightVM.

And then one last one, if I could. One of your competitors recently stated that GDPR was helping them in Europe. Do you think this has translated into more business for Rapid7 as well? Or is it a bit too soon?

I think it's too soon. We expect this to have major positive impact to the business over time. What we see is that our business today is driven by core set of fundamentals. And we expect that GDPR to be accretive to the business in the coming years.

Our next question is from the line of Rob Owens with KeyBanc.

Corey, you mentioned some of the enterprise success that you are seeing this quarter. Maybe you can drill down a little bit more in terms of these larger deals that you're seeing, your ability to execute on them and move them through the pipeline to fruition?

Yes. I mean, we're seeing 2 things. As you know, in 2016, we identified that we needed to work on our process and pipeline management, and we're reaping the benefits of that today. And so what we're seeing is that: one, we actually have much better understanding and clarity into our overall pipeline including our enterprise pipeline; two, we're seeing better productivity out of our enterprise sales reps, and that's resulted at us starting to see larger deals and larger ASPs. I think one of the things that's actually helping us significantly is our platform leverage. While there's a set of competitive deals that we see in every segment as we actually acquire more customers that are leveraging our platform, we're starting to see the early stages of increased usage of customers taking a first look at us. And in some cases, only a look at us because they're using other of our products and technologies.

And I guess along those lines, pretty strong customer addition. Can you say kind of where the -- I understand the platform play and the multiple products look good, but where's the beachhead with new customer acquisition? Is it around SIEM? Is it around VM? Kind of where are you coming in competitively displacing and expanding from there?

Yes. So we are seeing across the -- so we're seeing it in both -- from a product side of both the SIEM and the VM side of the equation. In the mid-market, we're seeing lots of companies that were not doing anything, they're using consulting services. Ad-hoc consulting services actually deploy programs, which is adding net new customers to the overall market. We still see in the enterprise companies that were having a very compliant-centric program for vulnerability management, look to actually deploy an operational and strategic vulnerability management program, and we feel that we are really winning and gaining substantial share there. As for who we actually see it from, I would say it's both the - I would say the legacy players that have installed the equity over time, as well as some of the current entrenched players. The SIEM opportunity has been just much better than we could have ever hoped for. We are definitely seeing a refresh cycle in SIEM and that's contributing not just to good cross-selling opportunity, but SIEMs are also landing a healthy amount of new beachheads for us and we're very encouraged by that.

Our next question is from the line of Michael Turits with Raymond James.

Solid quarter all around. So two questions for Corey, and then we'll move to Jeff. So Corey, strong quarter, some of the network security guys did not have as good a quarter as this time around. Do you sense if there's any shifting demand away from network security and toward some of the things that you're doing? And is there any positive impact, you think, from Ransomware and [indiscernible] this summer?

I would say I'll speak to ours - and I think you are familiar with the refreshed cycle and everything around the network, but what I was saying is that we actually have a couple of what I think is doable, positive things going on in our business. The first is the SIEM refreshed cycle that I just talked about, which is creating a substantial amount of opportunity for us, and I think we're actually taking advantage of that opportunity fully. The second thing that I would say is that IT environments have gotten very, very complex and customers are prioritizing visibility, analytics of their complex IT environments and they're trying to figure out how they actually manage those complex environment with few resources. And because of that, I do think they're investing in feasibility solutions, in general, whether that's log, whether that's SIEM, whether it's vulnerability management, whether that's asset solutions. They are interested in how they can actually leverage their limited resources to really manage their environment better, and that's definitely a positive for us.

And then for Jeff, I understand the impacts of the shift to subscription on cash flow this year. As we get closer to '18 here, can you talk about what some of the puts and takes on cash flow will be as we go into '18 and whether it's not -- it would be reasonable to start to see that impact start to moderate a bit?

Yes. So for this year, it's still sort of a bit of a mixed model in that we do have the perpetual deals and the SaaS deals. I would say that as we go into the next year, it's very difficult to predict the contract lengths. We were surprised in Q3 that the contract lengths came in as high as they were. We were pleased to see that our SaaS customers committed to more multiyear deals. But the way to look at it is the recurring revenue was going to grow faster than the revenue and the revenue is going to grow faster than the billings next year, so we think it will be better than next year. But at this point, it's difficult to predict the number and maybe we'll give you some insight on Analyst Day.

Our next question is from line of Saket Kalia with Barclays.

First maybe for you, Jeff Kalowski, just off that last comment. So again, nice upside in billings. Now you mentioned more customers for InsightVM are committing to multiyear contracts than maybe you expected. Can you talk about the duration for some of the other SaaS products and whether you're seeing a similar trend? Just as, to your point, we start to think about average duration in future years.

Yes. Saket, there was really not much of a difference. We were pleasantly surprised by both InsightVM and the IDR product line. They both committed to longer contract lengths than we had forecast. So right now, and looking at going forward, based on what we saw in Q3, we don't foresee much of a decline in Q4 based on one full quarters of experience of InsightVM and of course the good bookings in InsightIDR.

And maybe that's a good segue, it's my follow-up for you, Corey. Today, you give some helpful stats on IDR just in terms of other products that these customers use. But can you maybe talk a little about how the mix looks qualitatively in terms of enterprise customers versus mid-market? And maybe just as correlator to that, correct me if I'm wrong, I think we're a little bit more than a year of that product in the market. So can you also talk about expire and renewal rates for IDR specifically?

So on the -- when you think about the customer segments, we are seeing traction across both the mid-market and the enterprise segment of IDR. I would say what we see in the mid-market is we see lots of net new customer adoption of people that really did not have any type of meaningful programs before. In the enterprise segment, this is where we're seeing the benefits of that refresh cycle, and I think we're doing a very effective job of targeting that resource-constrained buyer in the enterprise segment who had previously purchased and spent a lot of money on the SIEM, but they never really got to work or got full value out of it. And so we're seeing traction across both of those different segments. As for the renewal rates, you're absolutely right, we're sort of like crossing that earmark. It's too early to tell, but I would say is that we're very pleasantly surprised with the overall renewal rates that we're seeing in the IDR business. It's just not enough at-bats to actually to have a statistical model.

Our next question is from the line of Matt Hedberg with RBC Capital Markets.

This is actually Matt Swanson, on for Matt. Corey, you mentioned IT and security teams trying to leverage their scarce resources. This is something I feel like we've seen a lot in the news about the lack of cybersecurity talent. In customer conversations, do you guys sense on how this problem is trending? It seems like it could be a long-term tailwind for your products. And then kind of along the lines of Komand, how is this affecting the way you look at the product road map?

Yes. It's a great question. I think it is a very positive long-term tailwind for us. One of our central observations is that IT is going to get more complex. And the amount of complexity and the volume of IT technology, the current resources just wouldn't be able to keep up with that, and we're seeing that continue to get worse every year. We centered our value proposition, really, on 3 simple premises. One, you actually can't manage complexity if you don't see it and understand it and know what it is. So visibility is number one. The second is everyone talks about generic analytics. Part of the reason that we're winning so much is we focus on what we look at as productivity-centric analytics. That's really how do we actually put analysts in the products that actually help IT and security teams make decisions faster but more importantly, how do we actually help them have the maximum impact with their limited time? And that's resonating very well, both at the high level and with the ground troops in IT and security organizations. The last one is how do we actually help them get the work done? And we saw very positive response to the remediation analytics that we were doing, and some of the early work we did around orchestration and automation. And that was one of the reasons that we acquired Komand is because part of what we're doing, now that we have the visibility, now that we understand the work that actually drops the highest impact in the environment, our orchestration and automation solution allow us to actually automate lots of those manual IT processes, again, driving higher productivity in the environment. We see this as one of the reasons that we can actually grow, not just in the enterprise but also in the mid-market, and gives us lots of legs from a positive tailwind.

And if I can ask one more. You guys have had a very solid year, given that there was still some questions in the enterprise space. It sounds like it's doing better. How much of an impact in 2018 can we expect from better execution for a year from the enterprise sales team?

Yes. We expect -- it's definitely doing better. We recognized it in 2016. Some of the improvements we've put in, we've seen the benefits of this year. And we expect it to be even better as we go forward in the next year. We are sort of like taking our time and really building up the team in a very disciplined way, and we still have some improvement work to do. But we're clearly seeing the benefits, and that's the track that we plan to continue on.

And we have a question from the line of Jonathan Ho with William Blair & Company.

I just wanted to build on the question around Komand. Just given the comments around productivity enhancements, do you feel Komand is a relatively easy add-on sale? Or how should we think about the time for this product to ramp?

Yes. We view Komand as strategic, and it provides sort of 2 levels of value. One, it actually helps differentiate our existing solutions because we are able to offer it to the customer, not just the visibility, not just the productivity-centric analytics, we're also able to actually include aspects of Komand into both our VM and IDR solutions that actually make those teams more productive by doing it with automation and orchestration work for them. So it differentiates our existing solutions. The second thing, it provides upside to our business and that it's an additional thing that we'll actually sell to help IT and securities teams drop automation and orchestration across their business. In some ways, you can think about this in the same way of the search acquisition Logentries that we actually did, where a core part of the search capability went into our Incident Detection and Response or SIEM offering, and allowed that solution to be differentiated, combining a UBA-powered SIEM with log analytics and great visibility. Likewise, we'll have the embedded part of it that will differentiate our existing offerings as well as the standalone offering. From what we've seen so far, and what I would tell you is that I always look at not just sort of what we think but -- or what we're hearing on the ground. We've got very, very positive reception from both our customers and our sales teams about the potential of Komand. Yes, it's something that we will be working on. It's early days here, but we're excited with the initial feedback that we received thus far.

And then just relative to the changes in sales management and sales process earlier in the year. What's been most effective in terms of driving the productivity increases that you guys have done?

I really think it's the -- our COO has just been disciplined around the process and consistency, which has allowed us to both do better pipeline management. But at the end of the day, if you think about what drives productivity, it's how well do we manage, how we spend our time at the organization, and I would say our teams are doing a better job of managing how they spend their time which is resulting in higher levels of productivity.

And we have a question from Robert Breza with Northland Capital Markets.

Building up that last question, Corey, can you update us on where the progress is with the worldwide head of North American sales?

Yes. Absolutely. We have made good progress in the search. We've seen a great set of candidates. We're down to a set that we find compelling. And what I would say is that we expect to have the candidate in place to impact next year.

And then, Jeff, as you think about the planning process, I know you've got high recurring revenue coming up in the balance sheet, et cetera. When you look at sales capacity within the comments you made, it didn't sound like -- maybe not you made or Corey made or somebody made, how do you feel about sales capacity from a ratio or headcount perspective as you enter into or start your planning process for next year?

I'll pick that one up a little bit because I do think this is part of what I talked about. What I would say is that we're in a good environment where we see sort of more demand than we are actively pursuing. And so we'll be expanding the sales team, but our goal is to expand it in a disciplined way that enables to continue to actually improve our profitability, not just this year but also next year and as we go forward. So a disciplined pursuit of the opportunity is the way that we think about it. That's especially prevalent if you think about the enterprise segment, where we're seeing, clearly, lots of demand, but we've been very thoughtful about how we expand and our expansion there. And again, the focus is on profitable growth there.

Yes. I would just add that we've stressed the amount of growing recurring revenues. So over time, you'll see that leverage as we gain more traction and more recurring revenue, making up a bigger component of our overall sales.

We have a question from the line of Melissa Gorham with Morgan Stanley.

I just want to drill down on InsightOps. I'm just wondering if you can frame the opportunity around that relative to, I guess, the other Insight piece of the platform? And to what extent is that solution geared towards displacing existing technology versus new use cases?

Yes. So InsightOps -- and I would say Logentries, too, they both represent our push into a new market for us, which is the IT log analytics market. And we're off to a good start there. While it's still a smaller part of our business, we're actually getting strong traction overall in that overall market and it's a contributor to our overall growth. Our viewpoint is that if we get in early with an organization, with our IT log analytics technologies that provides us as a good growth opportunity over time for all of our of different visibility solutions. And so we're seeing that benefit -- if you look at who the target customer is, we're seeing the target customer of both the IT log analytics -- I mean, the DevOps customer as well as the core IT customers that look at our performance and management in the environment.

And then I'm wondering if maybe Corey or Jeff, if could maybe just give an update on the progression of the channel? I know that's been one of the focuses for you all. I'm just wondering if the conversation has changed with the Insight platform, either more positively now that you have more results or perhaps differently now that it's more of a subscription versus a license?

We're definitely seeing much stronger demand from the channel, which I would say is a big shift in the business over the last couple of years. Right now we have, frankly, more partners coming to us than we're ready to take in. And so we're looking at expanding -- and we have expanded both our channel program and we're looking to expand the number of partners that we have engaged as we go forward. I would say, this year, has been a critical year because one of the things that we wanted to do is we wanted to actually expand that program, but with our full platform in play. And a big part of that was actually getting everything on the platform and rolling it out. And so what I would expect is, over the next several years, to actually see increasing leverage from the channel and increased partnership in the channel.

And we have a question from Ryan Flanagan with Monness, Crespi, Hardt.

Just one quick one for me guys. When you're talking about federal, I know you mentioned that you're expecting that to improve relative to last year after some slippage. Does that come in where we thought or better or worse? Or what should we think about the materiality with that going forward?

Yes. It's come in -- the way we think about federal for the years, it's come in exactly where we expect it, probably slightly above where we expect it. It was not the primary driver of our performance this quarter. It was sort of fundamental and across-the-board this quarter. But federal has been much more positive than we expected this year. But again, we did taper our expectation at the start of the year.

And there are no further questions registered at this time.

Thank you, all, very much. And I look forward to seeing as many of you as possible for our upcoming Analyst Day discussion.

Ladies and gentlemen, that does conclude the call for today. We thank you for your participation. And I say, please, disconnect your lines.