Rapid7, Inc. (RPD) Q2 2021 Earnings Report, Transcript and Summary

Good day, and thank you for standing by. Welcome to the Rapid7 Second Quarter 2021 Earnings Conference Call. [Operator Instructions] Please be advised that today's conference is being recorded. [Operator Instructions] I would now like to hand the conference over to Sunil Shah, Vice President of Investor Relations. Thank you. Please go ahead.

Thank you, operator. And good afternoon, everyone. We appreciate you joining us today to discuss Rapid7's second quarter 2021 financial and operating results, in addition to our financial outlook for the third quarter and full fiscal year 2021. With me on the call today are Corey Thomas, our CEO; and Jeff Kalowski, our CFO. We've distributed our earnings press release over the wire and it is now posted on our website at investors.rapid7.com, along with the updated company presentation and financial metrics. This call is being broadcast live via webcast. And following the call, an audio replay will be available at investors.rapid7.com until August 11, 2021. During this call, we may make statements related to our business that are forward-looking under federal securities laws. These statements are made pursuant to the Safe Harbor provisions of the Private Securities Litigation Reform Act of 1995 and includes statements related to the company's positioning, our future goals and financial guidance for the third quarter and full-year 2021, and the assumptions underlying such rules and guidance. These forward-looking statements are based on our current expectations and beliefs and on information currently available to us. Actual outcomes and results may differ materially from the expectations contained in these statements due to a number of risks and uncertainties including those contained in our most recent quarterly report on Form 10-Q and then subsequent reports that we file with the SEC. The information provided on this conference call should be considered in light of such risks. Actual results and the timing of certain events may differ materially from the results or the timing predicted or implied by such forward-looking statements, and reported results should not be considered as an indication of future performance. Rapid7 does not assume any obligation to update the information presented on this conference call, except to the extent required by applicable law. Our commentary today will primarily be in non-GAAP terms and reconciliations between our historical GAAP and non-GAAP results and guidance can be found in today's earnings press release. At times in our prepared comments or in response to your questions, we may offer incremental metrics to provide greater insight into the dynamics of our business or our quarterly results. Please be advised that the additional detail may be one-time in nature and we may or may not provide an update in the future on these metrics. With that, I'd like to turn the call over to our CEO, Corey Thomas. Corey?

Thank you, Sunil. And good afternoon, everyone. Thank you all for joining us for our second quarter 2021 earnings results call. I'm pleased to once again report sustain outperformance, and our business as Rapid7 delivers strong second quarter results exceeding both our growth and profitability goals for the quarter. Strong demand across our Insight Platform show year-over-year ARR growth of 29% in the quarter at approximately $489 million. As we shared a few weeks ago, this strong organic growth is the validation of both our strategy and our execution as we continue our journey to make the best as a truly operation accessible and achievable for all. Our ability to meet customers where they are in their SecOps journey with leading capabilities across portability risk management, detection response, and cloud security representing is evidenced by two consecutive quarters of accelerating customer growth to start 2021. I'll share more on this momentum and our customer growth engine shortly. But I'd like to start today with some perspective on the security landscape and what we're hearing from our customers. If you think back to our Investor Day in March, I shared with you how we are in a fundamentally new dynamic right now when it comes to the pace of technology adoption. Companies of all sizes across industries and regions are dramatically increasing their focus on delivering world class digital and remote experiences with their customers and employees as they look to keep up with the pace of innovation. However, alongside this rapid expansion of the technology footprints, customers are experiencing an evolving threat landscape. We are in an environment where the accelerated investment in digital transformation is turning every company into a technology company. Travel and explosion in the surface areas that customers must monitor and protect. This is being met by a shift in the attacker landscape over the past year with escalating risks driven by a clear increase in both the scope and the impact of attacker activity. Against this backdrop, our strong 2021 performance to date is a clear indication that customers are recognizing how Rapid7 has integrated Insight Platform portfolio is designed to address the challenges of today's threat landscape. Let me take a moment to level set you on why we believe our strategy to build a unified SecOps platform experience in the cloud is well positioned to address multiple aspects of the shipping threat landscape. Rapid7's vulnerability management solution remains a critical component of our customer security hygiene. Accelerating technology adoption is opening even more vectors of attack. Managing risk visibility is more important than ever for our customers. Many of today's threats continue to leverage known vulnerabilities. So having a best-in-class game program remain foundational to protecting against for basic threats such as Ransomware. This is demonstrated by the durable growth we continue to deliver in VM with solid celebration in ARR during the second quarter. However, a strong VM program is just a part of the equation. Remediating vulnerabilities takes time, and an increasing trend with recent attacks that people don't know about them to the after the attack occurs. This is where customers increasingly need best-in-class detection response capabilities to alert them to suspicious activity. For the second year in a row, Rapid7's InsightIDR has been recognized as the leader in the Gartner Magic Quadrant for SIEM, but we believe this is just one component of the IDR store. As we reflect back on the roots of IDRs six years ago, we had a strong point of view that's driving alerts off additional law like most simply had been, and many continue to do today was insufficient. This robust to build a differentiated capability for them one that began with behavioral analytics, and has since expanded to include law, import telemetry, network traffic visibility, attack analytics, and cloud visibility among other market leading capabilities. The best validation of our winning formula with IR, beyond a sustained high growth at scale has been the emergence of the extended detection response market, which espouses this view of comprehensive detection response that spans across SIEM, EDR, SOAR and now threat intelligence. Our recent edition of insights positions Rapid7 believes extra movement, enabling our customers to drive comprehensive security transformation alongside their digital investments. But as these digital transformation initiatives accelerate, businesses are increasingly leveraging the cloud to drive more innovation. As a result, cloud infrastructure usage is skyrocketing. And so too is the need for security teams to gain visibility and understand risks across these environments. Rapid7s newly released InsightCloudSec is leading the charge to provide customers a single cloud security solution that natively integrates cloud posture management, cloud identity management, infrastructure as co, and Kubernetes workload protection. This fully integrated cloud based security platform enables broad visibility across multiple cloud environments, enhancing cloud security programs by automating payable security and compliance. We remain focused on innovating to help security and DevOps teams shift to the left, reducing noise and complexity and protecting their container environments and automating workflows to drive better security outcomes as customers scale into the cloud. Each one of these mandates to provide foundational beyond visibility to deliver comprehensive, extended detection response, and to enable continuous protection of complex cloud environments is top of mind for our team here at Rapid7. In fact, Rapid7 is one of the only vendors in the market today that can offer best-in-class products across each of these three critical security vectors. As the attack surface expands, Rapid7's platform is increasingly relevant because security teams are struggling to manage a myriad of independent security tools. Resource constraints and vendor sprawl are a critical concern in today's fast moving threat environment, as customers are tasked with minimizing visibility gaps that exist between their disparate products. Rapid7 for the threat to this challenge by investing not just in building market leading products and their respective categories, but natively integrating these solutions into our Insight Platform and delivering them via a single unified experience in the cloud. This is why our strategy to build a unified technology platform in the cloud that reduces these gaps through an integrated, automation driven experience is resonating with customers today. Customers are increasingly looking to consolidate now to a smaller number of critical security partners without sacrificing best-in-class security capabilities. As security teams look to minimize coverage gaps and respond faster to emerging threats, Rapid7's integrated platform experience is increasingly more relevant. You see this reflected in our business momentum to-date in 2021. We continue to live a strong ARR growth with our business driven in part by our accelerating customer growth engine, which saw 13% year-over-year growth in customers during the second quarter. This is there by two fundamental drivers. First, we continue to add more new customers more efficiently, lap our ability and meet customers where they are in their SecOps journey by landing across any of our core platform pillars while demonstrating ease of expansion over time. Second, our aggressive investments in technology integration are driving compelling customer value realization, enabling us to deliver ongoing strong and improvement gross retention in our business as our platform scales. This is coupled with a compelling cross and upsell opportunity in our existing install base, which is a core driver of our sustained VM teams growth in ARR for customers during the quarter. As our platform story increasingly resonates with customers, we have expanded the ability for more of our sales teams to sell more of our products, which should support global growth in ARR per customer as we look ahead. A great example of this platform value realization with a competitive six figure insight one deal during the quarter was a new international customer. As a brief reminder, InsightOne is an example of how we're looking to lower the barriers to platform adoption, and making easier for customers to purchase multiple Insight products. In this case, InsightVM, InsightIDR, InsightAppSec and InsightConnect to deliver a unified SecOps experience. In this particular case, InsightOne's unified approach not only separated Rapid7 competitively versus other point products, but our platform value proposition accelerated the customer's future projects to leverage this broad set of Insight capabilities. Our single agent and one platform story resonated with the customer was looking for a leading security partner within their business. We're excited about the opportunity to continue partnering with customers like this to minimize their security coverage gaps as we further enable these platforms since with go-to-market motions during the second half of the year. Turning now to a brief update on the recent progress towards our enduring goals. First, we remain focused on leading the charge to enable customers to transform their security operations practices around the cloud. This is clearly demonstrated by our investments and this is to accelerate our SDR vision capability, the addition of Insights while delivering differentiated SecOps experience in the cloud by elevating the capabilities across our Insight platform. We've already begun to see strong customer interest and momentum in this capability. Second, we've been here work on accelerating our platform distribution, but recent launch of InsightCloudSec, which brings together the cloud and workload security capabilities of DivvyCloud and Alcide into a seamless and integrated cloud security experience on an Insight platform is a key milestone. This further accelerates our ability to drop sales leverage across our portfolio, particularly as we enable more of our sales team to sell the platform value proposition. We will continue to deliver on this both from a product innovation standpoint, as well as from a commercialization and customer perspective. And third, we are committed to driving long-term operating leverage in our business while investing for growth. A great validation point is that during the first half of 2021, we have delivered over 300 basis points of non-GAAP operating margin expansion over the first half of 2020 alongside improving free cash flow. This strong year-to-date operating profit performance, our solid growth execution, and our disciplined investment approach position as well to absorb the incremental expenses of the Insight's acquisition while delivering on our prior operating profit expectations, notwithstanding the Insight's deferred revenue write down. Jeff will share more details on this in his remarks. So in summary, we're tracking the challenges of today's escalating threat landscape by delivering a unified SecOps experience in the cloud that helps to minimize visibility gaps, detect threats faster, and deliver automated responses. I cannot be more proud of our team for their ongoing commitment to our customers, as we work to deliver on our goals by making the best and security accessible and achievable to all. And finally, as I'm sure many of you saw from our press release, our CFO, Jeff Kalowski has announced his intent to retire in 2022 once his successor is appointed. On behalf of the entire team, I want to thank Jeff for his outstanding leadership and helping us scale Rapid7 for the past five years. Jeff has been instrumental in our effort to transition and scale our recurring revenue business, while also building a world-class culture in finance management. He has served as a true partner to myself and the entire leadership team here at Rapid7. And I look forward to that continued partnership into the next year. With that, thank you, Jeff and I'll turn the call over to you.

Thanks, Corey, and good afternoon, everyone. Before I begin, a brief reminder that except for revenue, all financial results we will discuss today are non-GAAP financial measures, unless otherwise stated and reconciliations between our GAAP and non-GAAP results can be found in today's earnings press release. Turning to our results, Rapid7 strong momentum continued during the second quarter of 2021 driven by sustained high growth of over 40% in our security transformation solutions, and acceleration and vulnerability management. Second quarter ending ARR of $488.9 million grew 29% over the prior year reflecting strong overall demand for our Insight Platform, as customers look to transform their security operations around the cloud. As a result of this ongoing momentum, second quarter revenue of $126.4 million, exceeded the high end of our guidance, accelerating to 28% year-over-year growth. Products revenue of $119.1 million, exceeded our expectations and accelerated to 29% growth, as our integrated platform opportunity is increasingly resonating with customers. We continue to execute well geographically driving durable growth across our regions during the second quarter. North America revenue grew by 25% year-over-year, and comprised 82% of total revenue in the quarter, while rest of world grew by 40%, representing 18% of total revenue. As I shared with you on recent calls, we see a huge and growing market opportunity ahead. And so we are continuing to invest in our business as we execute against our global growth goals, all while continuing to drive ongoing margin improvements as we scale. I will share more detail on this shortly, including how we intend to leverage our strong year-to-date growth and operating profit performance to fund the incremental expenses from our recent IntSights acquisition. During the second quarter, we demonstrated ongoing progress towards the fundamental financial goals we laid out at our Investor Day in March. In addition to strong ARR growth, a customer centric innovation focus is paying off as we saw a second consecutive quarter of accelerating customer growth led by our ability to meet customers where they are in our SecOps journey. As a result, we ended the quarter with over 9300 customers globally, growth of 13% over the prior year. This sustained strength in our customer growth engine feats ongoing long-term opportunity for our land to expand engine, which saw continued strong performance in the quarter with cross and upsell execution, driving 14% year-over-year growth in ARR per customer to end the period at approximately $52,500. These results demonstrate that our focus on delivering an integrated platform experience across our best-in-class detection response, vulnerability risk management, and cloud security pillars is delivering a differentiated value proposition for customers. Turning now to some details on our operating results for the second quarter. Total gross margin for the quarter was 73%, consistent with the first quarter and down modestly compared to the year ago period, driven by faster than expected growth and our cloud based products versus a year ago, as we continue to see strong demand for our Insight Platform. Sales and marketing expenses grew 24% year-over-year, reflecting growth in headcount, and improved to 40% of revenue compared to 41% in Q2 2020, as we see ongoing productivity improvements in the business. R&D expenses grew 31% over the prior year, and represented approximately 20% of revenue consistent with the prior year, as we continue to invest in product and technology innovation. G&A expenses grew 14% and were 8% of revenue, down slightly from 9% in the prior year period, as we continue to scale our business. Our strong revenue overachievement in the quarter enabled us to continue investing in our business, while still delivering record quarterly operating profit of $6.1 million above the high end of our guidance range. Adjusted EBITDA for the second quarter was $10 million, and net income per share was $0.07 also ahead of guidance. Moving to our balance sheet and cash flows. We ended Q2 with cash and cash equivalents and investments of $613.2 million, compared to $616.9 million at the end of Q1 2021. This is before the net cash impact of approximately $308 million paid at closing for the IntSights acquisition in July. Our strong ARR growth and the associated strong buildings in the quarter drove better than anticipated second quarter free cash flow of approximately $5 million. Shifting now to our updated guidance for the full-year. Our strong year-to-date ARR growth reflects the success of our ongoing efforts to invest in driving durable growth in our business. These investments have positioned us to help customers meet the challenge of an ever expanding attack surface with an integrated platform experience across our best-in-class extended detection and response, vulnerability risk management and cloud security solutions. We believe the acquisition of IntSights only amplifies this value proposition, and further expands the opportunity for Rapid7. A combination of these drivers and our team's strong execution today fuel our confidence in once again raising our full-year ARR expectations for 2021. We now expect to deliver a full-year ARR of approximately $576 million for growth of 33% over the prior year. This accounts for both an improved organic outlook of now over 25% ARR growth for 2021, a strong improvement over a prior outlook of 22% growth, plus the addition of the IntSights acquisition. As a reminder, IntSights ended the second quarter with approximately $27 billion of ARR. Given the strong momentum in our business, we're raising full-year revenue guidance once again to account for an improved organic outlook in addition to the contribution of IntSights and now anticipate revenue to be in the range of $520 million to $524 million, or growth of 26% to 27%. After taking into account, the IntSights purchase account deferred revenue adjustment. Turning to operating profit. As Corey shared, we've delivered strong execution in the first half of 2021 with over 300 basis points of margin improvement, compared to the first half of 2020. This puts us in a great position to continue reinvesting to drive durable growth, enabling us to leverage our revenue and operating profit over performance to absorb IntSights operating expenses. As a result, we're adjusting our full-year operating profit guidance strictly to account for the IntSights purchase accounting deferred revenue adjustment of approximately $5 million, and now anticipate full-year operating profit of approximately $70 million. I will reiterate that if we were able to recognize IntSights full deferred revenue balance, we would anticipate delivering full-year operating profit in line with the low end of our prior operating income guidance of approximately $12 million, consistent with our growth and profitability framework. We believe these investments position as well to drive ongoing durable growth in our business, as we look to accelerate our path to become a $1 billion business with the acquisition of IntSights. Factoring all this in, we now anticipate non-GAAP loss per share for the full-year to be a loss of approximately $0.09 per share. This is based on an anticipated $55.3 million basic weighted average shares outstanding. Turning to cash flow. We remain focused on investing for growth, while scaling free cash flow generation over time. I'm pleased to report that given our strong ARR performance to date, coupled with our updated guidance, and even after accounting for the IntSights acquisition, we are raising our full-year free cash flow expectations and now anticipate delivering free cash flow of approximately $20 million this year. This is a great validation of the long-term free cash flow potential of our business. Moving now to quarterly guidance. Note that our third quarter guidance also includes the impact of the IntSights acquisition. For the third quarter of 2021, we anticipate total revenue to be in the range of $133.4 million to $135 million growth of 27% to 28%. We anticipate non-GAAP operating income for the third quarter to be a loss of approximately $0.5 million, as we invest in the business and absorb a partial quarter of IntSights expenses. We anticipate non-GAAP net loss per share to be a loss of approximately $0.07 per share, which is based on an anticipated $56.1 million basic weighted average shares outstanding. So in summary, first-half of 2021 is a great validation of our ability to execute against our goal of driving durable growth, while scaling profitability and free cash flow as we continue to invest to close the security achievement GAAP on behalf of our customers. And finally, I'd like to express my gratitude and appreciation to the entire Rapid7 team. It has been a privilege to work with Corey and the talented leadership team here for the past five years. And I'm extremely proud of everything we've accomplished. I look forward to ensuring a smooth transition when the time comes. And in the meantime, I look forward to continuing to work with all of you until then. With that, we appreciate your time and support. And we'll now open the call for any questions. Operator?

[Operator Instructions] Our first question comes from Robert Owen with Piper Sandler. Your line is open.

Great, and thank you guys for taking my question. Corey want to touch a little bit on the acceleration in new logos. And I know you've been adding additional capacity and leaning end-to-end part of the story. But what do you think in terms of sales productivity as well with the preexisting sales force and if you can kind of characterize, where the environment is right now relative to these additions that will be great? Thanks.

Thanks, Robert good question. So, there is really two big factors. One is what I talked about earlier, the demand environment is a healthy demand environment for cybersecurity, but especially for the security operations, innovations that we're offering to the market. So that's always helpful for our sales productivity. The second one is, you know, we have a very disciplined model, that as we actually - we introduce new products or we do acquisitions. As we actually prove out at home, the sales process we start out with specialized, and then we had more of those offerings to our sales teams over time, that is a positive tailwind to sales productivity. And then, and the last thing, as you all noted, is that we're also investing in optimizing our productive action. We're very early in the journey there. But that's also been a positive tailwind to sales productivity. So all those things are coming together, allowing us to actually grow our ARR and overall sales productivity and that's been reflected both in the new customer growth, but it's also been reflected in the ARR for customers.

Great. And then second question for Jeff, I guess. If I look at your day's billings outstanding, it's far less than we had expected and obviously helps cash flow. Does that reflect the linearity of the quarter or was there something unique relative to collections this quarter versus historic? Thanks?

Yes, we had favorable in the ARR in the quarter, but I think, we seen dramatic improvement over the last couple of quarters and really due to our internal efforts and improving days billings outstandings, but I wouldn't say that it's really dramatically different on linearity other than we did see some improvement. I think it's more…

All right, thank you both.

Yes.

Our next question comes from Matt Hedberg with RBC Capital Markets. Your line is open.

Thanks for taking my questions well done in the quarter and also Jeff, congratulations on your retirement. We certainly I felt like you're not leaving anytime soon, but we will certainly, we've enjoyed the ride here with you so best of luck the next chapter of your career?

Thank you, Matt.

Yes, it's been a fun I think you said five years. So it's been a fun…

I was hoping here for a bit longer.

We'll enjoy that. You know, Corey, I want to follow-up on Rob's question. On Analyst Day you talked about 5% to 10% was sort of the target level for new logo ads, obviously you added 13%, this quarter 13% growth this quarter? Is that, I just want to sort of frame that with your Analyst Day, is this sort of a new normal, was there anything unique with the customer ads this quarter? It's kind of 5% to 10%, kind of where you kind of continue to expect with those numbers see a lot better than you talked about previously?

Yes, so I think there's a couple of points like this one is keep in mind that the Analyst Day discussion was at CAGR over four or five years. And so, you could imagine that an in fact earlier this year, we saw a little bit of performance above that. So you can expect that sort of like CAGR average over as the same topic. The other thing to keep in mind is that we're doing an intentional move and migration to more strategic customers. And we've talked about that before. And I think that's continuing a pace. And so what I would actually say is we have very good confidence in the near-term, that we see trends in the double-digits. A continue momentum there in the very near term, but I would say I don't think our long-term CAGR change material.

And then in your prepared remarks, you talked a little bit about InsightCloudSec, which is I think DivvyCloud now. And also early for that and it carries higher ACV dollar values and kind of your basic. But can you talk about kind of the level of penetration your base and how are you successful when you - what's sort of the recipe, when you're able to cross-sell that back into your existing customer base?

Keep in mind, like all of our solutions, especially our big main pillars, around detection response, cloud security and vulnerability management, they're all lendable solutions. That's where we're seeing increasing growth in traction on the cross sales. To your specific question is the catalyst for cross sales, digital transformation. And so it is when we're talking to a customer that is looking to actually rollout a big digital transformation initiative. And they cross it through a critical threshold where they are in - change their number to IP infrastructure. From a digital perspective, security is a priority and it need to actually get the visibility to actually stay abreast and the management to stay abreast and the automation to stay current with that, that's the catalyst for those things. And our sales team is quite patient - we're seeing good growth, and good momentum, and good excitement there. But we'd like having that tied to digital transformation, we need to sort of it puts us in a position where it's not just the current load dropper, but they actually give us a long-term growth dynamic, but as you look at any industry reports, both cloud security, but especially the driver of a digital transformation, is expected to grow over the longer term horizon.

Our next question comes from Saket Kalia with Barclays. Your line is open.

Thanks for taking my questions here. And Jeff I'll echo my congrats on retirement very well deserved.

Thanks Saket.

Corey, maybe just to start with you, there was an interesting example of InsightOne that bundle example you talked about, during the prepared remarks. I was just wondering if you could just talk a little bit about how bundles are working sort of what some of the data points are on that, that you'll be able to share and without pre-announcing anything, are there any other bundles that might make sense to explore?

So it's a good question. I won't go into the numbers on it, it's too premature to actually drill the numbers, but I will talk about trends a little bit. One, we have a number of pilots out there I've talked before about some of the SOC automation, where you actually have IDR, networks traffic analysis, the enhanced endpoint telemetry and SOAR together and that's sort of like quite positive. We have several other names that we're actually are piloting that are out there. And most importantly, we're moving forward with think about some of the two prong strategy is one, it is a strategy that allows us to do bundling, bundling is primarily deals at the time of sale when people are willing to - looking to upgrade their overall security programs. Now subsequently I'm sure we're going to do upgrades to bundling programs. But you know one focus of bundling is so like field at the time of sales. The example that I gave here was a customer that says hey, listen I'm looking to do a significant upgrade in my security program. And so they wanted to actually look at the economics of the investment and the results across multiple categories, it made complete sense there. The only thing that I would say, just to be clear is that I am not concerned our team is not concerned with how customers buy. So if they buy a product, because they actually are looking to actually do a big shot in the arm and improve their security quickly, that's great. And if you do it slowly over time, that's great also. Now on the slowly over time I guess the third point that I'd actually emphasize is that we're also are investing in our packaging and pricing solutions that make it both predictable and economical for customers to actually plan for, build out and upgrade to their security operations over time. So those are the three areas of strategy, I would say that they're having traction, we're getting validation. So therefore we are accelerating, I would not call them massively material to the success today from the new packaging perspective. But I will say very, very positive momentum, such that our sales team are coming back to us, these things are working. It's resonating well with customers, and therefore we're actually continuing to actually roll out the further phases of that.

Got it, that's helpful. Jeff maybe for my follow-up for you, can you just remind us how fast that newly acquired Insight business is growing? I think we said it was about $27 million in ARR, how fast is that growing and maybe as part of that question, just zooming out a little bit. When you look at that ARR base at the end of this year, I think the guidance for about $576 million? How do you sort of roughly think about the mix of VM versus kind of that broader sort of security transformation bucket? Does that make sense?

Yes, so first off, it is $27 million that we acquired as of the acquisition date. And at Analyst Day, excuse me, we said that VM was a bit over 50% and security transformations was about 40%. So, security transformation, we're saying is going to grow over 40% this year. So it will become a bigger piece of the pie by the end of the year. We're not going to pick a specific percentage, but VM systems growing slower, will have - will become less of the total pie. And I think we set out our call is that IntSights was growing over 40%. And that'll be included in our security transformation products, which even without IntSights will still grow over 40% this year, is what we're projecting.

Got it, very helpful. Congrats again, Jeff.

Thanks.

Our next question comes from Brian Essex with Goldman Sachs. Your line is open.

Thank you for taking the question. And Jeff, congrats for me as well. Well done.

Thanks, Brian.

Perhaps Corey, what I maybe wanted to touch on is, with the acquisitions that you've done over the past several years, and if we think about things in these three pillars, how is your Salesforce aligned with regard to maturity? And where you're incentivizing them in terms of which ones of these buckets are, I guess more accretive to the bottom line versus others might have better unit economics? And then do you have - are you just looking for a Salesforce that has a maturity across the platform to kind of put all the arrows in our quiver so to speak?

It's a good question. So I think there's two distinct parts of it. So the first thing is, how do we when we acquire or rebuild, how do we actually think about rolling out Salesforce. And in general, what we do is we always start with a dedicated team to make sure we have mastery of selling, because what we really want to make sure is that we understand what Salesforce is and on optimizing the sales productivity. As we get the mastery of selling that then we actually broaden the number of sales team that can sell that. And that's not a one shot when you just sort of like dump into the Salesforce, that is a steady expansion of themselves. So cost expanding these selling capacity of our sellers, and what they can actually sell. But we want to do it in a way that we actually really have mastery of the sales, which allows us to actually steadily drive up total sales productivity over time. And that's actually worked out quite well. The second part that I think that you're referring to is how do we actually incentivize our focus on sales teams on which product offerings, and while we actually track and manage that our sales, we do not target the sales team either from an existing customer versus that new customer, or for my part product perspective to say, you should sell this product to them. The educational space that happened or maybe with something with a political partner at some point in time, but by and large, we don't do it, and the reason for that is we have two levers. One is we actually have sales. But because we have such an innovation engine, we're constantly updating the profitability from an engineering perspective of the things that we actually sell to. And so both of those are changing over time. So we want our sales teams as the focus on going out and meeting customers where they are, you hear us say that term a lot, meaning the customer where they are, because we don't want them introducing friction, that actually says that I want to steer you in this way. And that creates a lot of customer credibility for our sales team. If they could take the customers pain points, and then actually focus on delivering them a solution for that pain point. So that's the strategy that we have. And then when we look at our customers, we are focused on like, alright, how do we actually do things more and more profitable over time? Which is why we've been able to do the marketing expansion.

Got it? That's super helpful. I appreciate it. And maybe Jeff to follow up. Could you maybe reconcile the adjustment to free cash flow guide for us, it seems like you're bumping it up by about $5 million. But you've already got a deferred revenue write-off and a cash from the IntSights acquisition. So and the cost associated with that business? So what are the puts and takes that gets you more confident bringing free cash flow guide up?

Yes, the biggest driver is the increased ARR performance, but I believe for the first half about $23 million. And we are projecting a net income loss from the second half. And so you, which is around $7.5, the implied loss, you deduct that from the $23 million really - the balance is really what we can realize in cash flow from the incremental ARR with a raise from the previous guidance.

Got it. Super helpful. Thank you.

Our next question comes from Michael Church with KeyBanc. Your line is open.

This is Eric Keith on for Michael, thanks for taking the queue and Jeff, congratulations as well.

Thank you.

Corey, you saw good progress, increasing that ARR per customer metric as you do larger lands. But can you talk more about how you're progressing on educating customers in the Salesforce on the power of the combined unified platform to really drive expansion among those customers and increased attach rates?

Yes, I mean, I would say that we're taking it federally not in one week ago. I mean my take is that just prove that the customers don't just sell it to us. And so what we're looking for as we expand, and we think about our expansion engine is taking customer pain points, and show them why we actually extend their leverage with the existing investments. So no matter where we start if you say, hey, I have an IDR customer and they have an incremental pain point on cloud or a VM or applications. We're able to say like, okay, listen, here's how your existing investment scales up. And so claim it as a scale up. But again, it's not a big echo buy more, it's more about like, you made an investment. And we can actually scale that investing more efficiently and more effectively than anyone else. And again, we're still in the early innings here, because lots of our engineering work right now and lots of our product and packaging work is about making it much easier for customers to recognize incremental pain points and scale up much more naturally and plan for them to feel much more national.

Got it. That's helpful. And then I just wanted to touch upon the - you mentioned accelerated this quarter. So would you attribute that to some of the breaches we've seen this year? Obviously, it's kind of top of mind right now. And do you think this is a sustained elevated level demand that you could kind of seek VM to continue to accelerate for the rest of the year?

Our fundamental outlook on VM hasn't shifted. We've always thought it was actually a sustainable market, and more effective and updated. We continue to see vulnerability management as sustainable. It did accelerate. And that's a positive thing. But we feel pretty confident that it's going to have the long-term market demand that we saw. Now, what aspects of that acceleration is that we continue to overall, including the VMC customers, stay with us and have high levels of commitment. So we talked before about the lower churn and the higher retention of customers, and that's also a factor fee growth. Did you hear me?

Our next question comes from Jonathan Ruykhaver with Baird. Your line is open.

So I just have one question. Obviously, you've made a pretty mark in shift from target about IDR is the same to talking about an exceed or just not for the last several months. And so Corey I, I know you've touched on evolution in your opening comments. But I'm wondering if you could just dig deeper into those capabilities that you believe, are critical to this XDR category, maybe you've touched on some of those that you have today, some of you might not have today and might need in the future for competitive positioning.

When you think about extended detection response, which is what XDR is. It's really about reducing the gap that you actually have in this pre operational environment. If you think about why so many companies and organizations invest in security, but still are so able to be compromised and attack it, because it's just lots of blind spots and then environment. So no matter where you start, the idea of XDR is actually minimizing those gaps in the overall security operations environment. So for us very specifically, exactly starts with gaps in data. And so the ability to actually see that there's a lot of data, which is the traditional film, but also to actually see the endpoint data to be able to see the network data. And now to be able to see the external data in the environment, that's usually vital. So starts with data. But the second thing is that when you actually have the data, you actually have to be able to process. It's unique about the additional innovation that we deal with user behavioral analytics, it work about a different way of actually processing data to look for attacks in the environment, understanding the use of context. We had an attack vectors analytics, but again it was another way to actually make sure. We're minimizing the gaps in the overall environment. And then the last area that you really have to focus on is I have the information, how do I make sure that I'll have gaps in my workflow, and whether that's my investigation workflows, my forensics workflows or my remediation workflows. And that's what the score technology comes in with the automation. So when we think about extended detection response, it's about minimizing the gap. That's why you have extended there in the data and the analytics, but also in the workflows and the automation around that. And that's why IDR is, our vision of IDR has always been about minimizing those gaps. I just think that the XDR market is recognizing today the value of that strategy. And we're being recognized along with them which is a big part of the team's success.

And Corey one last item that I think support, let me hear your thoughts. It's just the ability to leverage intelligence. How do you view that and where is that in the product portfolio today?

The intelligence, you say intelligence.

Yes.

So I think about that and so like part of two things data context, which what's happened in the external environment. But I also think about is the analytic context, you know, one of the things that you actually have adopted, as you do digital transformation, you just have not just an expanding attack surface, you have so much more data, which has the potential to create a lot more noise. And so what we're doing predominantly like, we have a massive amount of engineers that just have to figure out how do you actually continuously up the game on pulling out the signal from the noise. And the threat intelligence is another key tool and another key technology, another key strategy that allows us actually to pull out the signal from the noise. So those are the two places what actually shows up.

Our next question comes from Gregg Moskowitz with Mizuho. Your line is open.

Okay, thank you, Jeff. I know you're not going anywhere just yet. But you've done a terrific job and will most certainly be missed.

I appreciate that, thanks Gregg.

Of course. Corey, I guess had a follow up to that last question. In light of all of the increased customer awareness of XDR, do you believe that most customers today are looking at the XDR and SIEM areas as and/or, or as an and when it comes to their deployment of these technologies?

So, one - the market economy so they're developing, most customers are looking at how do they actually reduce the gaps in their operations. And so - and that's really clear that stands out more than anything. Now, I think it's part of that what you have is companies that have actually had an XDR bias, which is like - something you said earlier, is we haven't used the term XDR before, but we were clearly getting massive customer adoption there. Why, because customers were focused on that. So really, you could use the XDR as a proxy for doesn't allow me to actually consolidate and improve my security operations, with less gaps in my ability to manage my security operations, that customers are definitely shifting. Now, my belief because of that, is that [XDR Citrix] are offering in security, which means I'm able to consolidate, I'm able to actually minimize gaps in my ability to be able to manage security infrastructure. I think people that do that are more likely to win the future. So yes, I think XDR Citrix SIEMs are much more likely to take share in the overall security analytics for SIEM market as you actually move forward. But that's because they're actually providing a real business value proposition, which is taking things that are highly manual, have lots of gaps in the environment, and simplifying it for customers, even as it becomes more complex as the scale of volume increase.

All right, that's very helpful. Thanks, Corey. And then just for Jeff, are you able to say roughly how much revenue from Insight's you're expecting for Q3 and Q4. Obviously, ARR is the most important metric, just trying to get a sense of how much of the revenue guide increased is organic versus acquired?

Yes, figure of high single-digits, upper single-digits for the half for the second half.

For the second half, okay, perfect. Thank you, guys.

Our next question comes from Brad Rebeck with Stifel. Your line is open.

Great thanks very much, Corey, over the last few calls, you've called out retention gains, you know, broadly just wondering where you are in that process. If you think you've gotten most of that and it's incrementalism from here, or if there's still meaningful gains to be had?

I mean, we have steady improvements, and all our different customer retention metrics. And I would say as we execute on our strategy so we have upside and opportunity, as we actually go forward, I just think you see that most reflected in ARR per customer metric, which is again - in their customer adds are primary metrics. And we make clear commitments and expectations that we expect our ARR per customer to go steadily up overtime. You could expect that has either stable or increase in retention as a fundamental underlying assumption.

Our next question comes from Alex Henderson with Needham. Your line is open.

Thanks, I just wanted to follow-up on that last question a little bit. The ARR per customer statistic is great statistic. But I was wondering if you could update us relative to the ARR of new customers, whether they're coming in near the average, and that's helping boost that ratio or if they're coming in well below and still have a lot of room to move to the upside. Can you just give that piece of the puzzle?

Yes, Alex they come in below the average of 52.5, they start smaller, and then they grow with us. But there hasn't been a big change in that new, it's going up a little bit with more platform products - with additional platform products and higher ASPs, but it's still, it's still less than the 52.5.

And I would say that's especially through on a like-for-like basis when you compare company sizes, the one thing I would say that could have dried up over time as we are having, we will always at trend in the mid-market. But we're having additional we continue to have strong split, in our product expansion. And that's going to continue in trends like the last four or five years and so I see strength across that segmentation.

So the environment clearly has changed quite significantly over the course of the last six, nine, maybe call it 12 months as a result of an incredible a number of attacks and the breadth of those attacks, as well as presidential edicts and things of that sort that they've really moved the perception of perimeter defense down multiple notches in the need for defense in depth up a lot of notches? How is that been impacting your business? Is that part of the acceleration in customer wins? Is that something that is accelerating or is it static in terms of impact? Can you give some sense of what the environment looks like as a result of all of these acts?

Yes, it's tough to do specific attribution to different levels, what I would say is that you saw that we actually get commentary coming out of the second half of actually last year. It was very clear that the demand environment had actually been improving. And I would say that the focus the discussion, the seriousness, the fact that this is a topic at both the Board levels, and at the Executive levels, companies is clearly making the demand, is making the demand environment more favorable. I think you see that most of in some of our security transformation solutions, kind of voice, where you actually - if you look back two years ago, I would say security was not a must have in the default digital transformation discussion. I would say today you're seeing security much more as a default in the digital transformation discussion. Now, I can't say whether that's the government, whether that's the press, whether that's the breaches, but I would say that it's hard between digital transformation and the security transformation upgrade has gone up materially over the course of the last year. And I think - there's some correlation there, it's just tough to do attribution.

I see, thank you very much.

Thank you.

Our next question comes from Hamza Fodderwala with Morgan Stanley. Your line is open.

Hey guys, thank you for taking my question and Jeff, congrats, again on the retirement. So just one quick question from my end, just on gross margin, you mentioned that you're down slightly year-on-year, when could we expect that to start to norm? What range should this sort of normalize sort of mid 70s, is that something that we should expect, over the next few quarters?

Yes, I just want to remind you that because of deferred revenue here cut, we may have a little bit of headwinds in the second half, because we have the cost, but we can't recognize all the revenue, but we would expect to still be in that mid-70% range.

Is that near or longer term?

For product, for product margins - and overall in that 73% range, so no significant change.

There are no further questions. I'd like to turn the call back over to Corey Thomas for the closing remarks.

Well, thank you all for joining us today on our call. And I appreciate the fact that many of you shared the sentiments of how grateful we are for Jeff, but you will still be hearing from him.

That's right.

So thank you and we look forward to chatting with you over time.

Thank you very much.

This concludes the program. You may now disconnect. Everyone, have a great day.