Rapid7, Inc. (RPD) Q3 2021 Earnings Report, Transcript and Summary

Good day, and thank you for standing by. Welcome to the Rapid7 Third Quarter 2021 Earnings Conference Call. At this time, all participants are in a listen-only mode. After the speakers presentation there will be a question and answer session. [Operator Instructions] Please be advised that today's conference is being recorded. [Operator Instructions] I would now like to hand the conference over to your speaker today, Sunil Shah, Vice President, Investor Relations. Please go ahead.

Thank you, operator, and good afternoon, everyone. We appreciate you joining us today to discuss Rapid7's third quarter 2021 financial and operating results, in addition to our financial outlook for the fourth quarter and full fiscal year 2021. With me on the call today are Corey Thomas, our CEO; and Jeff Kalowski, our CFO. We have distributed our earnings press release over the wire and is now posted on our website at investors.rapid7.com, along with the updated company presentation and financial metrics file. This call is being broadcast live via webcast, and following the call, an audio replay will be available at investors.rapid7.com, until November 10, 2021. During this call, we may make statements related to our business that are forward-looking under federal securities laws. These statements are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995, and include statements related to the company's positioning, our future goals and financial guidance for the fourth quarter and full year 2021 and the assumptions underlying such goals and guidance. These forward-looking statements are based on our current expectations and beliefs and on information currently available to us. Actual outcomes and results may differ materially from the expectations of a number of risks and uncertainties, including those contained in our most recent quarterly report on Form 10-Q and in the subsequent reports that we filed with the SEC. The information provided on this conference call should be considered in light of such risks. Actual results and the timing of certain events may differ materially from the results or timing predicted or implied by such forward-looking statements, and reported results should not be considered as an indication of future performance. Rapid7 does not assume any obligation to update the information presented on this conference call, except to the extent required by applicable law. Our commentary today will primarily be in non-GAAP terms and reconciliations between our historical GAAP and non-GAAP results and guidance can be found in today's earnings press release. At times, in our prepared comments or in response to your questions, we may offer incremental metrics to provide greater insight into the dynamics of our business or our quarterly results. Please be advised that this additional detail may be onetime in nature, and we may or may not provide an update in the future on these metrics. With that, I'd like to turn the call over to our CEO, Corey Thomas. Corey?

Thank you, Sunil, and good afternoon, everyone. Thank you all for joining us for our third quarter 2021 earnings results call. I'm thrilled to report that Rapid7 delivered a milestone quarter exceeding $500 million in ARR for the first time. Accelerated demand for our security transformation solutions, coupled with sustained growth of our revenue management and our recent Insight acquisition drove Q3 ending ARR to $550 million, growth of 38% year over the prior year and growth of over 30% organically driven by strong contribution from both our land and expand interest in the quarter. Our business was driven by strong customer interest for the expanding set of capabilities on our Insight platform and solid execution on the part of our Rapid7 team. Moreover, we have been pleased with the early reception from our customers to the recent addition of Insights threat intelligence offering. Our third quarter results also demonstrate how we are delivering on our customer mission while balancing our dual mandate to drive durable growth and expand profitability and free cash flow as we scale. Alongside our accelerating ARR growth, we delivered over 150 basis points of year-over-year operating margin expansion during the third quarter, even as we absorbed our largest ever acquisition to date. Jeff will share more details on our strong operating results in his remarks and how it positions us to continue investing behind our growth engine while delivering on our growth and profitability framework. But before we step into those details, I'd like to spend a few moments to share with you our Rapid7 is working to help customers achieve better security outcomes in a rapidly evolving direct landscape. Organizations of all sizes are investing aggressively in scaling the digital experiences that they must deliver to their customers, employees and partners in today's distributed economy. However, as they embrace these broad digital initiatives, they are increasingly faced with critical challenge of managing a dynamic cyber risk profile across the internal cloud and external footprint. As we speak with customers and prospects on a day-to-day basis, many are struggling with the same set of questions, how do I gain visibility to the direct to vulnerabilities in my environment and better manage our risk profile. How to identify and respond to attacks happening in my environment. And I want to improve my security team's productivity to drive better security efficacy in an increasingly tight cybersecurity talent market. These questions are at the core of today's security operations challenges and the expanded security achievement gap that I spoke with you about earlier this year. To solve this challenge, many customers we engage are seeking a more holistic approach to monitoring the threat and ability in their environment. as well as detecting and responding to attacks across their internal and external digital footprints. As I shared at our Investor Day in March, Rapid7 is leading a charge by delivering some of the most advanced capabilities around security, analytics and automation, unified on an integrated platform that are also massively accessible to a wider audience of enterprise and mid-market organizations. This is how we're disrupting the market by enabling customers to marry advanced capabilities, high efficacy and productivity to achieve better security outcomes for their stakeholders. A great example of how customers are leveraging this value with a 6-figure deal in the quarter with a multimillion-dollar general contracting firm. This customer was looking to build a more effective detection and response program after experiencing a security incident with their existing solution. They wanted a comprehensive solution, but one that would also drive improved efficiency for their modest sized security team. As an existing InsightVM customer, they were excited about how quickly and easily they could stand up and integrate additional Insight platform solutions. When coupled with the depth of our detection and responsive capability, and the critical value our automation offering brought to their team, it became clear to them that few competitors could match the combined efficiency and efficacy of our platform. As a result, this customer chose to expand their relationship with Rapid7 as a trusted security partner, adding InsightIDR with our enhanced endpoint telemetry and network traffic analysis to adults, as well as InsightConnect for automation to provide a more comprehensive visibility across their environment and the ability to more quickly respond to incidents. This is a great validation of Rapid7's vision decision and approach towards our extended detection response strategy, which is to help customers minimize the themes and games that exist in their technology environments, through our natively integrated Insight platform. Our approach is built on a premise that to have effective security, you have to have profitability and cost environment. This is why we have invested aggressively over the years to become a leader in enabling that visibility. The core of what Rapid7 does is collect fragmented data across the technology environment, endpoint data, deep cloud data, vulnerability data, API, logs, network data, fast data, all collected and aggregated natively on our Insight platform. This allows us to look at risk more holistically across the environment to not just detect the text, but to perform the forensics and analysis across the environment and ultimately drive remediation with our automation framework. Increasingly, today's detectors are exploiting the data gaps and themes that exist in customers' fragmented security ecosystem. This has led to an increasing focus on an extended approach to detecting a responding to threat in the environment to reduce visibility gaps and introduce that risk. Rapid7's core differentiation is this pervasive end-to-end data collection that allows us to deliver leading security analytics and automation that enables customers to more effectively assess risk, detect attacks and drive remediation across their environments. We're seeing this focus on more holistic risk visibility reflected in our engagement with customers. A good example of this was an international enterprise customer who had an interesting platform journey with us leading up to their purchase of our recently introduced IDR ultimate product -- package. Let me take a moment to step you through that journey. Despite having a market-leading SIM solution, this customer was lacking full coverage of their environment. So they engaged with us early in the year in an effort to achieve the detection response value they were seeking. At the same time, they were preparing to replace their existing VM solution. Our cohesive SecOps platform vision and the idea of a single trusted security partner resonated with them. And so they actually ended up purchasing InsightVM first, demonstrating our ability to meet them where they were in DevSecOps journey. Around this time, they were also beginning their cloud security journey and exploring leading solutions for this. The combination of our best-in-class cloud capabilities and our native integration with InsightVM on our platform put us ahead of the pack. And so they purchased InsightCloud Tech early in Q3. By the time they were ready to make a detection and response decision later in Q3, the integrated platform experience positions IDR as a clear program. With IDR Ultimate, our advanced IDR tier, they were able to gain more full coverage of their environment. While also reducing data gaps by tapping into our extended capabilities, including enhanced endpoint data for more comprehensive forensic analysis and automation for increased efficiency and accelerated response over time. In each part of this customer journey, our complete platform vision as a key value driver for the customer, not to mention a competitive differentiator, and they are now leveraging a large portion of our Insight platform as they approach 7 figures in total ARR. Over time, we believe the winners in this space will be those that can provide this type of extended approach to reducing fragmentation and increasing visibility in our customers' technology environment as we continue to invest in delivering this on our Insight platform. Most recently, our acquisition of Insight amplifies our platform and XDR vision, while layering on external attack service visibility, further minimizing SIEM and elevating each of our vulnerability management, detection response and cloud security capabilities across our Insight platform. Turning now to a brief update on progress towards our enduring goals. First, we continue to lead the charge in enabling customers to transform DevSecOps practices around the cloud. You've seen us successfully extend the core capabilities of our Insight platform, both organically and through strategic acquisitions to help customers effectively scale their 3 operations. Our strong and accelerating customer growth, as we approach 10,000 customers is a great validation of our progress to meeting customers where they are in DevSecOps journey with an expanded set of market-leading capabilities. Second, we're investing to accelerate our platform distribution engine through enhanced pricing and packaging for products like IDR, but also by making it easier for customers to seamlessly expand on the Insight platform through natively integrated experiences. This success is delivering a best-in-class platform experience, continues to drive ownable expansion in customer last year as demonstrated by our ARR per customer, which grew 18% year-over-year to over $55,000. And third, we remain focused on driving long-term operating leverage and cash flow scale while investing for growth. This is evidenced by our strong cash generation and operating margin expansion, even as we continue to invest in innovation and absorb our recent Insight acquisition. In closing, it's clear that organizations across the world are undergoing significant digital transformation and met an escalating cyber threat landscape. Our team is investing to deliver a highly differentiated and more holistic approach to security analytics and automation that better enables customers to bring security transformation alongside the digital investments. We believe this will remain a long-term demand driver for our business as we continue our mission to make the best and security operations achievable for all. With that, thank you, all. And now I will turn the call over to our CFO, Jeff Kalowski.

Thank you, Corey, and hello to everyone on the call this afternoon. Before I begin, a reminder that except for revenue, all financial results we will discuss today are non-GAAP financial measures, unless otherwise stated, and reconciliations between our GAAP and non-GAAP results can be found in today's earnings press release. Turning to results. We are pleased to report strong performance as we ended the third quarter with $550 million of annualized recurring revenue. ARR grew 38% over the prior year driven by organic acceleration in our security transformation solutions and sustained growth in vulnerability management as well as the contribution from our newly-acquired threat intelligence software. Third quarter revenue of $139.9 million grew 33% over the prior year and exceeded the high end of our guidance range on strong underlying demand trends for our Insight platform. Revenue over performance was led by upside in products revenue, which grew 33% to $131.2 million. There was also a modest outperformance on the professional services side, which naturally varies quarter-to-quarter. We continue to execute well on our international growth strategy, which when combined with a higher mix of Insights customers outside North America drove 58% year-over-year growth, bringing international to 20% of total revenue in the quarter. North America revenue grew by 28% year-over-year and comprised 80% of total revenue in the quarter. We ended the third quarter with over 9,900 customers globally, which represents 17% growth from the prior year. The customer count includes slightly over 300 net new customers acquired as part of the Insights acquisition. We continue to see strong upsell and cross-sell activity on our Insight platform, with just over 50% of our new ARR coming from existing customers in the quarter. This drove ongoing strong expansion in ARR per customer during the quarter, which grew 18% to $55,500. Strong secular tailwinds across the security operations market fueling our ability to both land new customers and expand within our existing base. And third quarter ARR growth was driven by a healthy balance of growth between these land versus expand dynamics. Turning to operating and profitability measures for the third quarter. We came in ahead of our guidance on these metrics primarily due to revenue overachievement. Most of that incremental revenue flowed through directly to profitability, highlighting the strong leverage profile of our subscription software business. As has been our typical cadence, this positions us well to reinvest the overperformance in future quarters to support our goal of driving durable growth over the long term. We continue to balance high-return investments in growth with our focus on delivering consistent annual improvement in operating margin and free cash flow. Total gross margin for the quarter was approximately 74% consistent with the prior year and in line with our range of expectations. As we've shared before, we expect gross margin to vary within the mid-70s at the product gross margin level and in the low 70s at the consolidated level. Sales and marketing expenses grew 27% year-over-year, reflecting continued growth in headcount and improved to 40% of revenue compared to 42% in the third quarter of 2020. R&D expenses grew 35% over the prior year, driven in part by the acquisition of Insights and represented 21% of revenue consistent with the prior year. G&A expenses grew 24% and were approximately 8% of revenue, down slightly from 9% in the prior year period. All in all, we delivered strong operating profit in the third quarter with operating income of $5.7 million, well above our prior guidance. And we generated $9.9 million of adjusted EBITDA and $0.06 of net income per share, also above our guidance. Moving to our balance sheet. We ended Q3 with cash, cash equivalents and investments of $310 million compared to $613 million at the end of Q2 2021. The reduction was primarily driven by July's Insights acquisition with a net amount of $306 million paid at closing. Turning to the cash flow statement. You can see we benefited from ARR outperformance and strong operating results in the quarter. These dynamics, coupled with stronger-than-expected collections trends to third quarter cash from operations of $19 million and we generated $14 million in free cash flow. This brings us to our guidance for the remainder of the year. We delivered strong third quarter results and feel confident about demand trends and our ability to continue to execute on these opportunities. As we succeed in meeting customers where they are in their security journey, we continue to expect that organic security transformation solutions ARR will grow over 40% year-over-year in 2021, with vulnerability management continuing to grow over 10%. Given these dynamics, we are raising our outlook for the year. We now expect full year ARR to be approximately $586 million, growth of 35% over the prior year, up 2 points from our prior expectation of 33% growth. We also expect higher revenue for the full year in the range of $528.7 million to $530.3 million or 29% growth over the prior year at the midpoint, up from our prior expectation of 27% growth at the midpoint. Our full year operating income outlook remains unchanged at $7 million. Our strong year-to-date performance, combined with high visibility and confidence in the demand environment, support our reinvestment of year-to-date upside and the compelling growth opportunities in front of us. And we plan to do this while remaining committed to our growth and profitability framework. We expect non-GAAP loss per share for the full year to be a loss of approximately $0.07 per share, which is based on an anticipated 55.2 million basic weighted average shares outstanding. I'm pleased to report that we are once again raising our free cash flow expectations and now anticipate full year free cash flow of approximately $25 million an increase from our prior expectation of approximately $20 million, driven by our strong ARR performance. As we've said, we remain focused on investing in durable growth while maintaining our commitment to delivering consistent free cash flow and operating margin improvement on an annual basis. Now turning to quarterly guidance. For the fourth quarter of 2021, we expect revenue in the range of $144.9 million to $146.5 million, growth of 28% to 29% over the prior year. We expect an operating loss of approximately $6.7 million, a non-GAAP loss of $0.18 per share, which is based on an anticipated 57 million basic weighted average shares. In summary, our third quarter results highlight the strong demand for our best-in-class security transformation and vulnerability management solutions as well as our ability to execute on our strategy and unique set of opportunities. Thank you for taking the time to join our call today. And now I'll open the line for any questions. Operator?

[Operator Instructions] Our first question comes from Rob Owens with Piper Sandler. Your line is open.

I want to unpack the ARR guide for the year. And then just in contemplating the net new ARR of about $36 million and comparing it with last year, I think you're up kind of mid-single digits. So was there anything in the comp from a year ago or anything in that number that we should be aware of?

No. There's nothing unusual. Remember that we have raised the guidance from 33% to 35%. No unusual activity. It's possible that the consensus seasonality may have been off for the quarter. So we're taking the full -- we're taking the full year up from 33% to 35%. And we think it's a good reflection on the continued strong demand we see for the platform, but nothing unusual.

And then, Corey, as you look at another successful quarter here with your third quarter prints, maybe help paint what the environment looks like relative to security demand and the kind of thought process for fourth quarter and anything you want to give us into next year. Do you think these heightened spending levels will persist as we think about and contemplate 2022?

Yes, Rob, it's a great question. When I look at the demand environment, we're talking to customers directly coming to our teams, it's robust. We continue to see people shifting more to technology and upgrading their technology and digital transformation and we continue to do security a priority. I mean it's hard not to have security as a priority around that today if you take any into what's happening in the world. And we continue to actually have the support of not just the customers who want to do it, but the Board and the CEOs who are now prioritizing security more than ever. The thing that I would actually say as we go forward is that as we solve the durability of the demand environment, one of the things that we started doing is bigger share that we were actually set up to ensure that with the most service customers and continue to meet the demand where it is. And so we focus on making sure that we have the staffing level to support the more sustained demand environment. On that point, my biggest focus and the biggest thing that I'm looking at in the main environment right now is customers have the appetite for sort of like treated projects. But they're seeing the same thing that everyone all over the world is seeing right now, they have to step up. And so we're watching that closing. As you know, our strategy is, long term, we want to make sure that customers are buying at the pace that they can consume and get value from it. This is how we actually grow and this is how we expand. And so that's our core focus as we go forward. The last thing I'd say is when you just think about our business, we see durability on both the VM side and the security transformation side, and we're continuing to make investments to support that.

Our next question comes from Matt Hedberg with RBC Capital Markets. Your line is open.

Congrats on a really strong quarter. Corey, you guys have done a really good job of expanding your platform, obviously, well beyond just the -- in just sort of broader DevSecOps. I'm curious now, as the platform matures and you're able to touch things like automation and orchestration, how do you see the competitive environment these days? I have to imagine you're able to consolidate perhaps some fragmentation out there with maybe some point solutions. I mean -- and do customers increasingly see you guys as that consolidator across this kind of the DevSecOps landscape?

Yes. So I'll tackle it first, and then Jeff will follow if I can add. First and foremost, we are definitely seeing the platform strategy that we've articulated multiple times working well. And that's that if you actually lead across all the areas, and you provide a common platform that delivers productivity, efficacy, efficiency at a consistent user experience, customers like that. And you saw that in some of the customer examples that I used on the call. The other thing that I'll highlight is that we have the benefit of multiple places to land. If you look across specifically, the vulnerability risk management, the IDR and the cloud. But because we actually have put ourselves in a strategic position with customers, we are now more easily able to add on added security services. So when you think about things like network traffic analysis. 5 years ago, we could have actually done that because it wasn't the right thing to actually land with. But now we actually have a robust customer base and robust demand. We're seeing lots of customers interested in fully filling out their security strategy and their security platform with Rapid7 Insight platform products or product that's highly integrated with the Rapid7 and that platform offers. And we think that that's a real long-term advantage for us.

And then that's super helpful in terms of additional land spots. And then I guess just maybe a question on return to work. I guess what is Rapid7's sort of strategy around that as we think about 2022? And do you expect salespeople to start to increase their travel next year? And could that have a positive impact on pipeline generation relative to this year?

Yes, we expect travel to increase next year versus this year. I mean, again, remember the last 2 years have been historical lows. And even we thought we're coming out of Delta came back that went down. That said, we've actually gotten a lot smarter about what traveled is effective and valuable. I personally, I'm a deep believer in the power of culture, which is one I think that we have such an impressive team with relatively good 10 years. And so we do believe that the hybrid world works for employees can have the flexibility that they need. They can travel to see customers in value-added ways. I do think there's value to actually spending time with customers and prospects. That's it, all the ways that we actually felt about that we need to spend time with customers and prospects. Not all of that was value add. And so we're definitely looking at sort of like a reconciliation of what's truly value add and what's not. And so it will be more -- but we're not also going back to the world the way that it was in 2018 and 2019. That state is not coming back.

Our next question comes from Saket Kalia with Barclays. Your line is open.

Corey, maybe just start with you. In your prepared commentary, you talked a good bit about enhanced pricing and packaging, and also talked about meeting the customer where they are. Can you just maybe give us some broad brushes on some of the new packages that maybe have worked particularly well? And maybe how you sort of see that pricing and packaging sort of strategy evolving as we go into next year?

Yes, it's a great question, Saket. I talk about reading sort of like the pricing and packaging and how they went together, but also the experience and the selling agent because all of these contribute. But the core idea is how do we actually help our customers be as productive and effective as possible and how we actually make our go-to-market engine as effective, predictable as possible. So both of those are sort of where the value comes together. So first thing on the pricing and packaging, we've talked for a little while about some of the areas that we are still I want to about this. We're an active, active exploration. We have some that are working great. We have some new wins that are coming out all the time, and we have some that we're actually holding and optimizing. As an example, and these are just examples is we've had great success with our IDR, which really serves that tech response use case and delivering a package that not just includes so like core sort of IDR VA. And also, I talked about our IDR ultimate package which also includes enhanced endpoint telemetry, unlimited sort of like Oracle full sore capability that allows you to actually automate workflows in the environment and network traffic analysis. And we're enjoying that with the ability to expand and add things like threat intelligence. Those type of packages really resonate from customers because they solve a holistic solution that customers know are deeply integrated, and that integration provides productivity. So you have deep integration that provides productivity, but best-in-class product capabilities, which actually drives the efficacy, which is really the name of the game for customers. So that's the first thing. The second thing that I want to highlight, just as importantly though, is that for both our customers and our sales team, some of them can buy packages up front, some of them can upgrade packages. But some of them just want us to prove the value, which is actually great. And so one of the customer examples that I gave was the customer that came in and said, "Hey, look, I have these problems. Solve whatever my first problem is." And they don't -- we know it's going to be IDR and they said no, it's VM problem that actually have first and foremost. And by the way, they would not have bought more if they had not had a great experience. And so we came in, we gave them a great experience, and they said, "Oh, you're really delivering on that experience." And then they added to level to cloud and eventually the IDR. And so while we had 1 order in our mind, the customer had a completely different order that they want to prove out the value that we have. So that ability to not just sell packages, but to help customers understand how they can have frictionless expansion and we can prove that we meet their needs is core to both our sustained growth, but also giving customers the experience that they want.

Jeff, maybe for my follow-up for you. I think you mentioned this in the prepared remarks, but could you just remind us how big is VM as a percent of total ARR, roughly? And can you just remind us sort of how that's growing versus security transformation?

Sure. So both VM and security transformation had a good quarter, as Corey said in the prepared remarks. Right now, security transformation is obviously our high-growth engine. VM is just under -- it's below 50% now of the total. So as you can imagine, security transformation is growing faster, so it's gaining as a percent of the total. VM is still growing over 10% a year and security transformation over 40%.

Our next question comes from Caters with KeyBanc. Your line is open.

This is Eric Heath on for Michael. Congrats on the really strong results. Corey, it looks like another strong quarter for customer adds, accelerating again even organically. So maybe you could just give us some color on what's driving the success, whether it's a strengthening macro, better win rates or even if it's being driven by particular products?

Yes. At the core of the combination of a strong demand environment and strong execution environment. So I want to mean about that is that our new adds are healthy because there's lots of demand in the environment, and we see that across the products with the growth rates that Jeff has talked about. And then I mentioned earlier, it's clear that security transformation is doing quite well. But also, we are on [Indiscernible] keep our momentum and vulnerability management, and we're quite happy with the sustainability and the health of that business. But the second thing is good execution by our teams of our product teams and our customer engagement teams because another core driver of that is we're doing a really, really good job of retaining more customers. And so our ability to actually retain more customers and pay more revenue from customers, that's continuing to improve year-on-year, and that also drives the net customer adds.

And then one more, if I could. I mean, Corey, earlier you talked about kind of the need for customers to staff up. So I wanted to ask on your MDR offering. It seems like an area of the market that's seeing stronger demand and maybe spurred by the increasingly difficult hiring environment and growing complexity of attack. So could you just talk about how you think about this market strategically as part of the broader Insight platform?

We think -- and we've got this for a long time the [Indiscernible] detection is quite strategic for us. We've -- our entire strategy, one way to think about it, it's designed around the presumption is that customers would have to be highly effective, highly efficient and that there's going to always be talent constrained. And so we make products that address that you take, and we actually looked at -- and we looked at things like MDR that actually address the use case. Our strategy is really twofold is, one, we have some of our own MD offering. But again, our biggest part of our strategy is to work with our managed services partners to deliver that. And we have a massive demand in the managed services ecosystem for rapid severance solutions to solve the managed services challenge. Now part of our goal is we're only interested in providing high-quality managed services. So there's a lot of managed services organizations that lets us get more focused on their own margin than the customer experience and customer effectiveness. And so what we've been really doing is beefing up our ability to find and mostly right now, select partners that share our view on quality. And customers are willing to pay for quality, we've proven that out ourselves. And so we're a big believer in the market long term. We'll continue to work with our partners to address that market opportunity.

Our next question comes from Jonathan Ho, William Blair. Your line is open.

Congrats on the strong results. I just wanted to start out with the 40% organic ARR growth you're expecting for security transformation. Is there a way for you to maybe unpack for us like the growth rates? Are they all fairly similar? Are there certain products that are going much more quickly? Just some additional color in terms of how you're thinking about the ST side.

Yes, it's a great question. We don't break it out. It just has a lot to do with our packaging strategy that we talked about earlier, especially if we do more of the experimentation, and we frankly do a better job of selling both the joint deal of the packages to customers. It becomes somewhat arbitrary about how you allocate some like this much value to this product versus this. So our primary way -- the reason we break out VM is because suppose you all and our investors are interested in understanding sort of like how things like VM performed and sort of our sole security transformation solutions. So we try to give you enough visibility, but also without distant too much from where the business is actually lending and operating. And the way that we operate the business is really focusing on always solving the customers' problems. And then we drive share of wallet so that customers are trusting more of their security operations spend budget with us and increasingly, the allocations when you have lots of our packets are somewhat arbitrary. So we'll continue to sort of articulate security transformation solutions at the high level, so you get some fits of the growth rates, but breaking it out within that become increasingly arbitrary over time.

And then just in terms of the contribution from Insights, I may have missed this, but can you give us, I guess, the numbers in terms of the contribution as well as ARR coming from insights?

Yes. So I'll start, and Corey can add. When we acquired them, we brought on $27 million of ARR. There are about 200 employees, and they were growing over 40%. In the quarter, they contributed about $3.8 million of revenue in the quarter. And that was net of deferred revenue haircut that we took for purchase accounting.

Our next question comes from Brian Essex with Goldman Sachs. Your line is open.

I just wanted to dig into vulnerability management a little bit. And I guess maybe, Corey, if you could help us understand how you're thinking about that business, given its growth rate relative to the rest of the business, and the rate of growth of some of the peers. Is that just a steady kind of growth business? And maybe the -- I guess, maybe if you can compare and contrast the sales incentives from the sales force on that side of the business versus security transformation. And then I have a follow-up.

Yes. And I'll just reiterate for the one listed is that what we said and maintain was the -- our expectations of the growth rate durability management to be over 10% and we think that has durability there. We also think that from a long-term perspective, we still expect to take share in the market overall. And we expect to take significant usage share in the market, if you think about people using vulnerability and solutions. Part of the reason that we continue to invest heavily in a market-leading VM solution from an R&D perspective is we think it's strategic to our customers. And so while we have parts of the business, specifically our security transformation that are going faster, we think vulnerability is an incredibly both strategic and healthy part of our business long term. And so we actually treat it like that. We invest in it. We continue to do innovations and enhancements around it. What I would say, you'll see over time, again, is we are indifferent to the line item distribution or allocation. What we're really, really focused on is how customers consume and then maximize the share of wallet that we talked about earlier. And so again, as we move forward, I would say our goal is to make sure that we're leading, especially in terms of usage around vulnerability management, to actually be -- continue to gain share in the overall market and to grow our ARR per customer and the share of wallet strategically. And we think all of those are still in force with one of them.

And then maybe just as a follow-up. I don't know if you saw, but the Biden administration issued an operational directive to federal agencies this afternoon to reduce known vulnerabilities. And I guess the question is, how much exposure do you have on the federal side from your experience when these kinds of announcements are made? How long does it take to trickle down to state, local and SMB and then large enterprise as maybe that's kind of like a leadership by example type issue?

We see good progress on the federal level. But to be clear, we're still early innings. We have both our fed ramp and in our expanded sales and customer engagement for the public sector, but we expect to expand significantly over the next 5 years. But that said, we've seen great progress to date. As far as how the mandates trickle down to the broader environment, we think it's positive, like look, but today, you actually have most both the CEOs and Boards of Directors that are aware. I don't like to add anything incremental. So I think it actually increases our confidence in our public sector investments. And I think it definitely has some implications for additional state and local budgets, which I think is sort positive. But for the corporate sector, we've seen really, really good. But what we hear from our customers, it's just really good engagement with both the executive team and the Board of Directors, which provides a lot of the air cover and support for a long-term healthy environment.

Our next question comes from Mr. Ruykhaver with Baird. Your line is open.

Congrats on the strong ARR performance. It's nice to see that organic acceleration. So I want to talk about cloud stack. It's been quite a few days since the acquisition of DivvyCloud, obviously, bringing you CSPN. But I'm wondering if you can provide some customer interest, maybe adoption trends around some of the newer parts of that product, the cloud workload protection, cloud identity and access management. And then also, maybe you could comment on how you see customers buy that solution set? Is it the whole portfolio? Or is it more of a land and expand type of sales motion?

And you mean within the cloud sec portfolio is to answer the question.

Yes. The cloud sec portfolio, including CSP, Cloud Workload Protection, cloud identity.

Yes. I would say, one, we're still we're seeing very, very healthy demand for cloud in general. What you would expect with the digital transformation. And so we have a lot of confidence, both near term and long term about the opportunity in cloud sector, especially if you have digital transformation. As far as the process of the packaging, it's early days. We definitely see people starting with sort of like one part of the solution is expanding. Part of the reason we started our investment was cloud security posture management is that tends to be how a lot of customers start their journey. But if you look at both the IAM and cloud workload protection, we see lots of customers just like, "Hey, just give me the solution on product actually want to look at the holistic. I don't have a determination right now nor am I that overly concerned, just like about discussion on price impacted earlier is we really let the customer preferences drive it. Now we don't give them an overwhelming number of choices because that would just call so like stressing body, but we try to give them concrete choices that say, listen, you can control your rollout of your journey in the past to best suit you. And so when they purchased it all at once, which we have some customers that do or whether they actually sort of like buy it as they actually use the capabilities. We have customers on both of those things today, and we have not steer customers either way.

And then I think also just looking forward, Corey, would love to hear your thoughts on how you see that cloud sec portfolio evolving? Where you think it might be holes that would be a natural fill-in for the company over time?

So I think that -- well, I can't answer the question around the hole, but that has more to do with the earliness of the cloud market in general. I know we think about sort of like cloud security and cloud applications as something that's been around. But look, this is really sort of like if you look at mainstream adoption, we had 5-year link. And so if you look at the massive shifts in how we've actually manage and deploy technology in the cloud over the last 5 years, there's been some big shifts and there will be even bigger shifts. So this is the one area that we're going to be investing in and we have the capacity to invest in organically and inorganically to make sure that we stay relevant. But if you had asked me 3 years ago, I had no clue that identity will be such a big opportunity. But we actually noticed 18 months ago or 2 years ago, that identity is a really significant opportunity, and we allocated the resources to organically build out that identity solution. And so that's kind of the approach. Cloud is still early stages. We have a great portfolio in cloud, and that portfolio absolutely will evolve because the cloud market itself will evolve.

Our next question comes from Brad Reback with Stifel. Your line is open.

Corey, maybe following up on those last comments. When you're walking into an existing customer or net new and you're selling them, we'll say, the entire platform, is most of the net new products that you're selling them, greenfield opportunity as opposed to the customer replacing a legacy tool?

It's a great question. We see greenfield and legacy. The more upmarket you go, are larger accounts, we see more replacements. The only thing I would say is that by and large, the majority of what we're seeing is replacement of things that are unhappy and efficient or greenfield. So meaning that like it's not that we're -- our sales team very -- does not very often go try to convince customers to actually go replace something that the customer is happy with or satisfied with. Most of the time, the customer has some level of satisfaction. Even sometimes with great products, they're just like they're too hard to use or they're too expensive or the -- or they have gaps. And so like the fragmentation calls me to actually not be able to train up my team of vision. And so by and large, when you think about it, is we're selling to either greenfield or dissatisfied customers. And what I hear from our sales team is that that's not sort of like opportunity limit. There's lots of people that are dissatisfied, and that's mostly because the market has not focused on productivity the user experience or how to make sure that customers can actually have the results they want at a reasonable cost. And those are all problems that we're tackling and solving.

Our next question comes from Adam Tindle with Raymond James. Your line is open.

This is Alex on for Adam. Just curious, with the number of monitoring vendors moving into AppSec recently over the last few months, how do you think the competitive dynamic may shift? And with so many vendors, do you think there's any risk that application security becomes commoditized at any point in the future?

It's a great question. One, we are -- we participate but AppSec is a highly fragmented market to start off with. And so I would say that yes, it's more bigger than anything. But application security on all the market that it's a smaller part of this is very healthy, but a smaller part of our business. It is also the most fragmented ecosystem and part of the business. What it become commoditized is I don't think so. And the primary reason is that if you look at the foundation is people are building more apps than ever before. And by the way, if you think about the other side of the equation is that we had a really difficult global cyber security ecosystem when it was professional ISVs building applications. Now we have a bunch of professional ISVs and a whole bunch of organizations who are new to actually building commercial-grade applications. We're building it sort of at scale and faster than ever. That should be a robust opportunity for our security. That said, we see some of the biggest opportunities in the cloud and as we extend backwards. And so I think the application security market is highly fragmented. It, just like the cloud, I talked about, will evolve over time. But I don't see near-term commoditization, even with the competition, and even seeing players coming in from other markets who actually have great relationships in the application security space, join it. I see many of those players joining into actually participate in the upside, not just to actually traffic to 0, but we'll see where it goes.

Perfect. And then in case I missed it, just a housekeeping question, can you speak to net retention rate or any changes in gross retention rate?

Go ahead, Jeff.

We haven't been disclosing it, the net retention rate. But what we will say is that it has improved sequentially over the past few quarters. And we've done a very good job with that area of customer retention. We've invested in it. But we aren't disclosing the specific metric anymore.

Our next question comes from Gregg Moskowitz with Mizuho. Your line is open.

So the 58% rest of world revenue growth was pretty remarkable. I think it's been 5 years since we've seen that type of growth and the compares that you faced this quarter was actually the toughest that you'll face all year. Corey, were there any regions that were particularly strong for Rapid7 that you would highlight?

The growth internationally is strong. It was not sort of like specific to a single. We didn't -- we saw, I would say, broad-based health. Whilst it wasn't the same across the port we saw broad-based health and growth and strong growth across the board, across all regions. I think a big part of that was -- I think I've talked about this dynamic before, is that internationally, it's a lot more work to actually get -- especially as you have new offerings to get both the channel, the branding and the sales team sort of like selling the platform. I think our international leadership team and sales team to go to market and customer services team. I've done a very, very good job of shifting to the platform from some of our traditional transactional offerings like there's a point, which is great and highly strategic and highly valuable. But as they've shifted over to the platform that help drive the growth. And frankly, if they also improve the customer retention, that's also driving growth.

And then just as a follow-up, how is the labor market from your vantage point?

Yes. Let me just Jeff have any follow-up comments on the last question because you have a last perspective.

Yes. Yes. I just wanted to mention, Greg, that we did benefit, there was a tailwind for the Insight acquisition, which wasn't in the prior year numbers. So they have a greater percentage of international revenue. So that contributed to the 58%, but international revenue was very strong and grew in excess of our overall ARR rate this quarter.

And then Corey, any thoughts on the labor market?

Yes. So it's a great question on labor market. Look, we're experiencing the same thing that everyone else is experiencing. The labor market has definitely tightened. I think that from my perspective, I think we're probably a beneficiary. And what I mean by that is that if you look at our hiring plan, we performed well against our hiring plan. If you look at attrition, attrition is not as good as it was in 2020, where people really create job stability. But it's normalized from what it was in '19. So over the period. So it's more normalized versus some of these super high crazy attrition, I think that some organizations are seeing. And we're seeing that we are -- our employer brand and our focus on culture has been able to attract talent in. Now one of the biggest challenges that we have, frankly, as we go forward, is that as we've seen greater growth in the demand environment, we've actually invested in hiring to support that growth. And so we opened up that capacity to make sure that we are supporting the customers and support the growth as we go into next year. And so -- and that's a lot in this talent market right now to actually expand your hiring in this talent market. But that's it. We're having success, but it's something I watch and we talk about on an ongoing basis.

Our next question comes from Hamza Fodderwala with Morgan Stanley. Your line is open.

Corey, maybe just one question for you. Really strong growth in new customers. I was wondering, just given the rising threat environment, to what extent are -- is the growth in InsightIDR being influenced by more deals around incident response? Is that something that you're seeing contribute more to larger customer lands, in particular?

Yes. I think you mean they're not incidental services, I mean that customers have an incident and therefore, the [Indiscernible]

Fund services. Yes.

Yes. And so one is, I would say, service is not a material drop of that business. I mean we have a services business. But you can about the services business for us being most about having the capacity to serve our customers and getting intelligence about what's happening in the threat environment. So services in that way in the responses in [indiscernible]. Now one of the drivers is, is customers have incidents and they decide to upgrade their market capability. And that's a great driver for us. I don't have statistics on it because, as you can imagine, not every customer that upgrades tells us that they have an incident. Some of them want to talk to them [indiscernible] or actually share that, but they don't always share that with sales people. And so I would say we don't have a statistical answer around that. But I would say that we definitely know that that's a trap.

Our next question comes from Shebly Seyrafi with FBN Securities. Your line is open.

Yes. Is there a reason why the professional services revenue growth spike to 34% from like 12% in Q2? Was that Insights as well?

No. Just overall, we had stronger bookings in the quarter, which led to delivering more revenue this quarter, but it was nothing unusual in that other than the volume increase this quarter.

So with that strength that you're seeing, do you expect services revenue growth to be elevated compared to the past for the next several quarters?

It's not a big part of our business. As you can tell, we -- as Corey said, it does lead to product revenues. I think the way you should look at our professional services going forward, it will be in that mid- to high single digits growth over the next 4 quarters, over the next year?

Thank you. And I'm showing no further quote at this time. I'd like to turn the call back over to Corey Thomas for closing remarks.

Thank you all so much for joining us today on our earnings call, and I hope that all of you are healthy, and I look forward to speaking with you all later on the next call.

This concludes today's conference call. Thank you for participating. You may now disconnect.