Rapid7, Inc. (RPD) Q1 2024 Earnings Report, Transcript and Summary

Thank you for standing by. My name is Eric, and I will be your conference operator today. At this time, I would like to welcome everyone to the Rapid7 First Quarter 2024 Earnings Call. [Operator Instructions] Thank you. I would now like to turn the call over to Elizabeth Chwalk. Please go ahead.

Thank you, operator, and good afternoon, everyone. We appreciate you joining us today to discuss Rapid7's first quarter 2024 financial and operating results in addition to our financial outlook for the second quarter and full fiscal year 2024. With me on the call today are Corey Thomas, our CEO; and Tim Adams, our CFO. We have distributed our earnings press release over the wire, and it is now posted on our website at investors.rapid7.com, along with the updated company presentation and financial metrics file. This call is being broadcast live via webcast, and following the call, an audio replay will be available at investors.rapid7.com. During this call, we may make statements related to our business that are considered forward-looking under federal securities laws. These statements are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995 and include statements relating to the company's positioning, strategy, business plans and financial guidance for the second quarter and full year 2024 and the assumptions underlying such goals and guidance. These forward-looking statements are based on our current expectations and beliefs and on information currently available to us. Actual outcomes and results may differ materially from the future results expressed or implied in these statements due to a number of risks and uncertainties, including those contained in our most recent annual report on Form 10-K filed on February 26, 2024, and in the subsequent reports that we file with the SEC. The information provided on this conference call should be considered in light of such risks. Actual results and the timing of certain events may differ materially from the results or timing predicted or implied by such forward-looking statements, and reported results should not be considered as an indication of future performance. Rapid7 does not assume any obligation to update the information presented on this conference call, except to the extent required by applicable law. Our commentary today will primarily be in non-GAAP terms, and reconciliations between our historical GAAP and non-GAAP results can be found in today's earnings press release and on our website at investors.rapid7.com. At times in our prepared remarks or in responses to your questions, we may offer incremental metrics to provide greater insight into the dynamics of our business or our quarterly results. Please be advised that this additional detail may be onetime in nature, and we may or may not update these metrics in the future. With that, I'd like to turn the call over to our CEO, Corey Thomas. Corey?

Hello, everyone, and thank you for joining us this afternoon on our first quarter 2024 earnings call. Rapid7 ended the first quarter with $807 million in ARR, representing 11% year-over-year growth. We saw sustained momentum with our Direct Complete consolidation offerings, which continued ramping nicely. However, our ending ARR result was below expectations, driven by our slower-than-anticipated shift of our VM base into our integrated risk offering, Cloud Risk Complete. I'll spend some time addressing both of these dynamics on our call today in the context of our long-term investment strategy, which will also include steps that we are actively taking to improve our integrated risk momentum as we progress through the year. As a reminder, we are making deliberate long-term investments to build the strongest SOC ecosystem for mainstream enterprises and to deliver the leading data platform that contextualizes risk across a fragmented complex environment. In 2024, these discrete areas of focus include building on our detection response momentum by leveraging AI to drive improved SOC efficacy and security operations; expanding beyond VM to accelerate cloud security adoption by improving our integrated risk management offering that contextualizes data across customers' hybrid attack services; and investing further in our substantial services and partner ecosystem to increase our capacity for service delivery as well as provide a strong source of efficient demand generation. We remain steadfast in our belief that these long-term investments will deliver the best value and economics for our customers. Over the past year, it remains clear that amid the current budgetary environment, customers are deeply focused on, one, consolidating, reconciling and integrating their base security ecosystems; and two, achieving better outcomes from their security providers at a more compelling value. Detection and response is one area that we're seeing benefit of these trends. Rapid7's consolidated detection and response value proposition is particularly compelling to these customers in today's landscape because of our unique managed service offering and ecosystem that allows teams to extend their technology capabilities with our deep security expertise. We are actively bolstering this growing business with expanded detection coverage, monitoring of third-party alerts and AI innovations for speed, accuracy and scalability. Specifically, our managed detection response analysts are using AI throughout the alert life cycle from machine learning-driven detection, intelligent triage to AI-assisted investigation and remediation guidance. Our analysts are leveraging our internal SOC AI assistant train on proprietary MDR insights to augment our workforce talent and reduce response time for customers. As we continue to invest behind these customer needs, we saw solid performance in the first quarter with our Direct Complete offering, which gives customers integrated detection and response capabilities across their attack surface. Our overall D&R business maintained growth of over 20% year-over-year in the first quarter as mainstream enterprise customers continue to prioritize monitoring and detection of threats across their distributed environments. Shifting now to our focus on extending our core customer base beyond traditional vulnerability management and accelerating cloud security adoption with an integrated risk management experience across the complete attack surface. Last year, we launched an integrated risk management package, Cloud Risk Complete, which includes access to both cloud set and VM capabilities. Although we saw increased attention and demand and accelerated cloud security growth, which validated the clear customer need, cloud was complete and its current version lacked the depth of integrated experience that drove far stronger momentum in our threat complete offerings. We entered 2024 with a prioritized plan to innovate and deliver an improved Cloud Risk Complete experience that integrates distributed hybrid data sources with better economics for rapidly evolving cloud security market, and we remain on track to deliver this improved integrated risk management solution this summer. As it relates to the first quarter, while we had a healthy start to the year with overall results that tracked well to our expectations in January and February, we saw this pace so as we progressed through March. This is primarily due to a slower-than-expected transition in the quarter of selling our current integrated risk management package into our traditional VM base, both on new bookings and renewals. We believe we are in a transition period during which customers are not yet able to see the benefit of the compelling foundational work that we are doing to increase customer value by evolving our Cloud Risk Complete package into an improved integrated experience. Another core component of this updated offering is the acceleration of our cloud security capabilities. We are launching significant capabilities, including revamped cloud vulnerability assessment, and the general availability of cloud VM across AWS, Azure and GCP. This updated risk management offering will not only meaningfully improve attack service visibility and capabilities, but the data integration at the platform level will greatly improve the economics and allow us to be a price leader in this space. Looking forward, we expect this transition to temporarily weigh on our growth outlook through the remainder of the year as we expect to launch the updated Cloud Risk Complete this summer and begin to regain momentum exiting 2024. Now that we've covered our strength and detection response and the ongoing evolution of our integrated risk management offering, I will touch briefly on how we're increasing both demand generation and service delivery through our partners and channels. We discussed last quarter that we are strategically shifting to more efficient pipeline sources with stronger conversion. For example, our partner ecosystem added over 80% of new ARR in the first quarter and our top partners drove a 20% increase in partner-sourced leads over the prior year. We remain focused on the strategic nature of these relationships and scaling both the relative and absolute contribution they deliver to our business on a lower basis. As we work to drive efficiency across our organization, this channel is an extremely compelling lever for growth and scale. While we are seeing promising strength in the channel as a primary demand generation driver, we are not yet making up for the pipeline sources that were deemphasized as we enter the year. Our focus on long-term growth investments in demand generation efficiency led to what we believe is a temporary slowdown in new pipeline generation as we have transitioned away from lower-quality, less-efficient sources. In addition to the promising channel strength here, we're actively accelerating and seeing early traction with actions around partnerships and marketing campaigns and improved sales and influence. Our updated ARR guidance range assumes that pipeline growth improved modestly in the second half of the year, but not at the rate initially assumed in our February guidance range. Despite these transitional dynamics, we maintain confidence that we are pursuing the right long-term strategy. We firmly believe that providing visibility across a customer's risk environment by integrating traditional vulnerability management with a broad set of cloud security solutions, and pairing that with world-class D&R SOC efficacy all in one place allows customers a more effective solution and better overall security outcomes at the price value customers are seeking. As we build better, more connected customer experiences across our security operations platform, I am happy to welcome Greg Adams to Rapid7 as our Chief Product Officer. He will oversee our product management, operations, and overall user experience and design. Craig has an extensive cybersecurity background and high-growth companies, including spending 20 years at Akamai. We are thrilled to have Craig on board and believe he will provide expertise and structure for our teams to deliver innovative solutions and compelling value propositions to our customers. While we are working to do these transitional challenges this year, we are making progress on our overarching strategic plan and are confident that we are pursuing the right strategy for the long term and value creation. Rapid7 has a compelling opportunity to be a leading platform consolidator in security operations as we build better, more connected customer experiences across our platform. We believe that the foundational work we're doing, while somewhat disruptive in the moment will position us to drive market share gains and higher durable growth over the medium-to-long term. Overall, we are focused on responding quickly to address the changes that need to be made in our business to shift more swiftly towards consolidated risk management offerings and to accelerate more efficient sources of pipeline growth. We believe that our integrated risk solutions will address customers' needs and accelerate consolidation on our platform for mainstream enterprises. We believe the changes in strategic investments that we are making in our business today will support better top and bottom line growth and a strong value proposition for customers that need to solve increasingly complex security challenges. At the same time, I'm proud of our team's commitment to drive business efficiency and scaling our free cash flow. As we continue to realign our business to be more efficient overall, we will benefit from the operational flexibility within our cost structure and financial model. and remain squarely focused on and are on track to scaling free cash flow and are reiterating our $160 million free cash flow target for the full year 2024. With that, thank you for joining us on the call today. I will now turn the call over to our CFO, Tim Adams, to share additional detail on our financial results and outlook. Tim?

Thank you, Corey, and good afternoon to everyone on today's call. Thank you for joining us. Before I turn to our results, a quick reminder that, except for revenue, all financial results we will discuss today are non-GAAP financial measures, unless otherwise stated. Additionally, reconciliations between our GAAP and non-GAAP results can be found in our earnings press release. Rapid7 ended the first quarter of 2024 with $807 million in ARR, representing growth of 11% year-over-year. Revenue was at the high end of our guidance range, and we delivered strong operating income that exceeded expectations despite our ending ARR being below expectations for the quarter. We saw healthy traction in our detection and response business, particularly for our Threat Complete consolidation offers. However, our total ARR was impacted by a lower-than-anticipated contribution during the first quarter from the transition to integrated risk management offers. We saw ARR growth in the first quarter coming from both new and existing customers, with ARR per customer that grew 7% over the prior year to $70,000, and a global customer base that grew 4% year-over-year to end the quarter with over 11,000 customers. As it relates to our sequential change in customers, moderate positive sequential growth in our platform customer base was more than offset by a sequential decline in our non-platform customer base, as we saw slower-than-anticipated traction in our integrated risk offering, Cloud Risk Complete. First quarter revenue of $205 million grew 12% over the prior year and was at the high end of our guidance range. Our recurring product subscription revenue grew 13% over the prior year to $197 million. International revenue grew 22% year-over-year and represented 23% of total revenue, while North America revenue grew 9% and represented 77% of total revenue. Turning to our operating and profitability measures for the quarter. Product subscriptions gross margin was 76% in the first quarter and overall gross margin was 74%, both in line with the prior year. Sales and marketing expenses represented 32% of revenue, down from 39% in the first quarter of last year. R&D and G&A expenses were 16% and 6% of revenue, respectively, compared to 20% and 8% in the prior year. We delivered first quarter operating income of $40 million, above the high end of our guidance range and representing an operating margin of 20%. Our adjusted EBITDA was $47 million in the quarter. GAAP net income per share was $0.03 and non-GAAP diluted net income per share was $0.55. Moving to our balance sheet and cash flow. We ended the first quarter with cash, cash equivalents and investments of $464 million compared to $439 million at the end of 2023. Cash from operations during the first quarter reflects a benefit from stronger-than-expected cash collections, helping drive $28 million of free cash flow in the quarter. This brings us to our outlook for the rest of the year. As Corey shared in his remarks, we are revising our guidance ranges to incorporate our slower-than-expected start to 2024. Specifically, we are derisking our expectations for contributions from integrated risk offerings throughout the middle of the year and now anticipate only a modest contribution in Q4 from our upcoming summer launch of our improved Cloud Risk Complete offering. As a result, for the full year 2024, we now expect ending ARR of $850 million to $860 million, which represents growth of 6% to 7% over the prior year. While we are disappointed in this range of growth, we remain confident that we have the right long-term strategy to deliver the best value, outcomes and economics for our customers and to ultimately reaccelerate this growth rate. While we do not customarily provide quarterly commentary on ARR, given the slow start to the year and as we work through the executional dynamics that Corey detailed, we feel it would be prudent to share some forward direction today. For the second quarter, we anticipate a high single-digit sequential increase in millions of net new ARR dollars, with further sequential improvements in net new ARR in the back half of the year as we improve our execution. We are revising our revenue guidance range to reflect our new ARR growth outlook and now expect total revenue for 2024 in the range of $830 million to $836 million, representing growth of 7% to 8%. Turning to full year profitability. I am pleased to share that we are maintaining our full year profitability targets for both operating income and free cash flow. Despite a lower top line outlook for the year, we believe we have sufficient flexibility and expense levers to maintain our original profitability targets. As such, we continue to expect 2024 operating income of $150 million to $158 million and net income per share in the range of $2.10 to $2.21, based on an estimated 75 million diluted weighted average shares outstanding. We remain committed to scaling free cash flow in our business, so we are also maintaining our expectation to generate at least $160 million of free cash flow for full year 2024. Moving to quarterly guidance. For the second quarter of 2024, we expect total revenue in the range of $203 million to $205 million, representing growth of 7% to 8%. We expect non-GAAP operating income for the second quarter in the range of $35 million to $37 million and non-GAAP net income per share of $0.50 to $0.53, which is based on 74.6 million diluted weighted average shares outstanding. Thank you for taking the time to join us on the call today. And with that, we will open the call for questions. Operator?

[Operator Instructions] Your first question comes from the line of Fatima Boolani with Citi.

Corey, I wanted to just dig in a little bit more deeply on some of the comments you made in the prepared remarks as it relates some of the package slowdown, momentum being derailed by the fact that customers aren't "necessarily" seeing the value. So I wanted to really unpack those comments a little bit further, and frankly, just pair them against or compare them against some of the dynamics you are already seeing as it relates to elongated sales cycles. So why would the packages having been in the hands of the sales force for the better part of the year are some of the slowdowns manifesting sort of even more pronouncedly. And again, some of the more nuanced feedback on why customers aren't seeing the value here, and a follow-up, please.

Thanks, Fatima, and thanks for the opportunity to clarify that. So I just want to be very clear, is on the Direct Complete, we're actually seeing consistent momentum and the performance is in line or better than expectations. So we're very comfortable there. I would say the big thing that we actually did was we took the learnings. Last year, we saw acceleration and a healthy pickup in the CRC dynamics, but we're pretty clear that it wasn't as strong as the Threat Complete demand. And as we dug into it, we saw a couple of things. One, I think we talked about before, we needed to actually continue to make investments to accelerate the cloud, which we've actually done. And that's actually on track and is part that's already launched and [indiscernible] margin now. But the other part is actually driving more integrated experience. Now I would just say that part of it that we didn't know, as well as we could have, was the execution around that transition. We started talking to our teams about the fact that we're going to be moving to this more integrated offering, taking some of our learnings and really focusing on taking our Cloud Risk Complete and our integrated risk offering to the next level. Part of that was also going to be how we actually reassessed packaging and pricing around that specific offering. And I would just say how we managed that transition caused a little bit of a slowdown, especially in new sales, as our sales teams were actually waiting for us to actually release and actually bring forward the updated solution over the course of the year. So both our planning and our communication around that could have been better. But that's also why we're optimistic that we'll see some of the benefits of that as we actually progress throughout the back end of the year and move into next year. But I do want to clarify, it was primarily the momentum we saw last year, taking the learnings and actually making adjustments to the Cloud Risk Complete strategy that was where we felt the pressure. The Direct Complete strategy is still executing quite well, and the momentum is strong.

I mean, great to hear. Just to put a quantitative flair or point on some of this discussion. I know you don't actively or consistently talk to dollar-based net expansion rates or net retention rates. But I'm curious, in light of some of these slower conversions and some trends around feet dragging as it relates to moving over to these new packages, is there anything you can speak to with regards to churn in the base or potential cannibalization of the traditional VM spend in the base that is also a contributing factor to the 30% to 40% cut you're taking to revenues and ARR.

Yes. Fatima, good question. It's Tim. So we did see the customer count go down modestly sequentially Q1 to Q4. But the platform customers were actually up sequentially quarter-over-quarter. So it's really more of a function of some of the non-platform customers that were lost in the quarter, where we saw a little bit of a headwind to churn into the customer count. But when it comes to a platform basis, the count was actually up in the quarter.

I think the only thing I'd add, Fatima, is just to get to the core question. I do think that we saw some pressure, we expect some this year over what we saw last year picking up was selling CRC into our installed base. And we do expect that to be a modest headwind over the next sort of like a few months. but we expect that to improve as we actually exit the year. But yes, on the net expansion rate, that will be pressure. And I think that we feel very good about the launch that we actually have coming up, but we did see incremental pressure there.

Your question comes from the line of Saket Kalia with Barclays.

Corey, maybe's for you on Cloud Risk Complete and maybe the demand there not being quite as strong as we expected. Can you just remind me what are the biggest differences between threat complete and Cloud Risk Complete. As we just think about sort of -- maybe the product areas where customers were maybe thinking a little bit more in terms of scrutiny?

Yes. Saket, it's a good question. I don't think it's actually a demand issue. I think it's more of a execution and how we actually time to getting -- we're going to be introduce -- so let's just talk about what it is first. So Cloud Risk Complete is the integrated risk across the environment, whether it's on-prem, endpoint or cloud, and providing visibility assessment of risk across the environment and the ability to look at tech PAPs across the overall environment and the direct exposure of the environment. So that's Cloud Risk Complete. Direct Complete is primarily used as a detection and response offering. We've always said that that's a pretty high up in the quality stack, and we continue to see momentum there overall. That said, I do want to be clear. I don't think it's a demand issue. I think there's sort of like 2 dynamics. One, I think we froze ourselves out a little bit as we were doing the transition to updating our packaging on our Cloud Risk Complete ad our integrated risk offering. And so I think as we actually introduce that, I think we'll see momentum on that pickup as we actually exit the year. And so I think that that's more of going from 1 product to have an upcoming launch and how we actually execute that transition. So that's the first part of it. The second part is, I think people are pretty hungry for both integrated risk visibility, having ability to do that across their entire environment at a reasonable price point and regional costs. And I'll remind you that our integrated risk strategy is about how you get visibility and risk across the environment, but also doing that at a reasonable cost and more affordable rates because mainstream enterprises, if you think about the [ Russells ] and [indiscernible] they still lack on adopting cloud security because, one, it's expensive; and two, the experience needs to be productive and integrated.

Got it. Got it. And maybe the follow-up there, just to make sure I completely understand. And I'm sorry if this was mentioned during the early part of the prepared remarks. But is -- as you kind of go through just maybe some revised -- or maybe the question is, what is some of the revised pricing packaging that you're going through on Cloud Risk Complete? I believe that as well as Threat Complete had been packages that have been around for a little bit of time now. It sounds like something changed and that created a little bit of miscommunication or friction. Can you just dig into what that change was?

Yes. There's 2 things. One is we attempted to do integrated risk across the environment. Cloud is just priced very differently than the traditional environment. You have 1 price on assets, 1 price on resources. The multiple of cloud and the price of cloud is astronomically high versus traditional asset. And these, typically, they are in different silos. Our goal is to actually rationalize that and make sure it's affordable and just look at how you actually simplify getting visibility across the environment. If you look at what we actually do with Threat Complete, part of the success of that and part of the success of IDR overall was simplifying how you actually do detect and response across your environment. Instead of charging for storage, we just said, listen, we'll look at all the assets across the environment and charge per asset. Similarly, on the Risk Complete side, we're actually rationalizing and simplifying the model, making sure the price is affordable. And asking the question just like we did on the Direct Complete side is how is it affordable for every organization to be able to market risk across the environment? Now while that is a change, I think it's one that will benefit our customers. I will say, Saket, is that we probably could have actually communicated sooner and more effectively about how we were actually executing that change so that we actually didn't freeze ourselves in the process.

Your next question comes from the line of Matthew Hedberg with RBC Capital Markets.

This is Mike Richards on for Matt Hedberg. I was just wondering what the sort of guide down in the top line but keeping the profitability for the year. I was just wondering how your investment philosophy has changed from 90 days ago and sort of where investments might change moving forward for the rest of the year?

Yes, it's a very fair question. So one, we had a fair amount of flexibility that was actually built into our overall model. Where we're leaning heavy is that we're focused heavily on making sure that we're building our product and our technology for the long term. We actually think that the strategy that we actually have about making security operations, detection response, managing the attack surface, both affordable and effective is where we actually want to actually put our focus. We are keeping our other investments, frankly, quite tight, but we're delivering superior products and superior service to our customers, and that's where we put most of our investments. And that strategy, we think, allows us to be set up well to actually not just sort of show improvement exiting the year, but also set up well for sustained long-term growth as we go forward. It is a strategy that is actually focused on the long term while we take some short-term pain, but we think it's the right one that actually does both the best for shareholders but also for customers over the same period.

Your next question comes from the line of Gray Powell with BTIG.

Okay. Great. I apologize for some background noise here, I'm just traveling today. So yes, I want to make sure that I have the new -- the slope for net new ARR correct for the rest of the year? I think you said that for Q2, you expect a high single-digit improvement. First of all, is that correct? And then does that mean you get up to adding $20 million plus per quarter in the second half of the year? And can you just sort of talk about the confidence in that ramp and what underpins it?

Yes. Maybe Tim and I'll take them. I'll just provide some broad context. So what the team did is we just kept what the trends that we actually saw in the early part of the year consistent. So we expect continued growth overall in the detection and response rate, which is still well over 20%, and so we feel very comfortable about that. But we did actually sort of moderate our expectations on the impact of the results that we see this year with the transition as we're actually executing. We're launching this summer. We're rolling it out, and so we want to be very modest in the expectations there. At least, from my perspective, if I remind you, I think Tim will talk to and he gave the expectations for -- I think Q3 tends to be very modest and they keep into a bigger Q4, it's just in the of our business. But Tim, do you have additional details.

Yes. No, Corey, that's right. Gray, thanks for the question. We did say on the prepared remarks, high single digits in millions of ARR dollars in Q2. So if I just try to simplify that and go to the midpoint of what that would be, it's in the neighborhood of $7.5 million. To Corey's point, we do expect to see a sequential increase in Q3 and then another step-up in net new sequential increase in Q4, and that will get you to the midpoint of the updated guide. But to Corey's point, we really tried to focus on what is working well. The D&R business, growing north of 20%, it's still a very healthy business for us, and that's what we tried to anchor on in the updated plan.

Got it. Okay. And then just a follow-up. What percentage of Cloud Complete -- I'm sorry, what percentage of the complete bundles has been Threat Complete versus Cloud Complete. I thought the cloud side was just a much smaller contributor to incremental growth in the past.

Yes. It was one, well, it was smaller, just most Direct Complete was fairly large. And so we actually did see pretty substantial positive growth last year there. So it was -- Threat Complete was dominant, but Cloud Complete was healthy, and it actually saw a pretty substantial growth last year. That said, it was -- we actually thought that we needed to do some things to actually make it even more attractive So frankly, customers that were on the sideline in that mainstream enterprise. And so that's the actions that we actually undertook this year.

Next question comes from the line of Hamza Fodderwala with Morgan Stanley.

You got [ Arturo Saavedra ] on for Hamza. I want to dig into the what's embedded sort of in guidance. So last quarter, you indicated that for guidance, it doesn't assume an improving macro environment and no like material contributions from like those investments you've been making on the partner ecosystem. But given the performance in Q1 and the lowering of the guy, like to what extent are you seeing maybe like to what extent is like a worsening spend environment affecting your ability to land new customers versus the shift in sales motion that you mentioned? And maybe a follow-up, please.

Yes, it's a fair question. I don't presume that there's any material change in the environment versus last year. Does it's not any better even like you still see long sales cycles self high-deal inspection. And so that's not a change versus last year. We're still seeing continued momentum on the detection and response side of the house, which is an indicator. And so we are attributed this mostly to actually how we, as quickly as possible, but a family sort of ensure that we get updated price and packaging the customer experience to market and not a fundamental shift in the overall environment. There's been noise in the cloud environment for a while, but we've factored that in. That was part of our assumptions coming into the year about how we're going to do price and packaging. So that expectation, I don't think it's off at all. I do think that we probably misestimated that once we had thought to pursue this is the slowdown that would occur leading into that change.

Got it. And maybe as a follow-up, as we think about the ARR guidance, over the past 4 quarters, so the split between land and expand as fiscally and growth. Expand has relatively been stable at 7%, and land has been decreasing. The guidance is 6% to 7% year-over-year growth. So is that assuming that land sort of drops 0 or maybe expand drops a little bit and land still contribute? What's sort of the lesson to take?

Yes, that's a good question. So the easiest way to look at it is to think about the impact from a product line perspective. We think detection and response will continue. That has, I would just say, a reasonable mix of land and expand associated with it. I would just say, the cloud probably has a bit more of expansion bias, which puts a little bit more pressure on the expansion, and it goes to Fatima's question early on. And so that puts a little bit more pressure in the near term. We actually think from a pipeline perspective that, that will be quite fine and healthy from a pipeline perspective. We are being, I would just say, cautious about sort of the expectations about deal time. And so if you think about sort of like deals sort of like cycles elongated, if we're actually launching that in summer, we have some modest expectations of impact this year, but we didn't want to be out of our skis in terms of the impact in year of something that we're actually introducing in summer and then we're trying to equipping our sales team around.

Your next question comes from the line of Mark Cash with Raymond James.

This is Mark on for Adam. So Corey, if I can start with you, these accounts that are taking longer to move to the platform, I mean how would you characterize the delays? Is this a budgetary concern on their end? Or are they willing to see the product features you're talking about coming out in the summer? Or is there a competitive pricing dynamic going on? And then I have a follow-up, please.

So one, keep in mind, we're selling into a fragmented market. So I think our biggest obstacle overall, keep in mind, is the do-nothing obstacle. When we talk about the mainstream enterprise is you're talking about like that Russell 3000 mix. You're talking about the midsized enterprise, of which cloud security is still pretty pricey around sort of that overall being. And so one, I would just say that the need from the security team is still quite high. But in order to get funding, they got to make sure that they can actually meet all their needs. That's why we think we're providing an affordable enterprise-wide solution is going to be attracted to the audience. Because I think they are priced out of the market somewhat today. So we view ourselves as unlocking the market overall there. I think the second part of your question that you actually got to is sort of like is the driver. So I think that's one part about like is the value proposition and the simplicity and the ability not just to a part, but the overall environment, is that clear. And our goal of our packaging is actually making that clear, simple and compelling. The second part of the question is sort of like what drives the slowdown. And just as much, I think that's driven by the fact of how we actually focus and incentivize and align our sales team. I think that they are ramping in the back half of the year on the new solution. We had an initiative early last year and mid last year, where we were focused on the CRC. I would say that we'd probably focus a little bit more heavier on the detection and response later into this year, knowing that we were actually going to be updating the integrated risk strategy in CRC. And we probably should have planned a little bit better about the timing of that transition.

Okay. And Tim, if I could ask you, so coming into the fiscal year, you expected modest free cash flow contribution in 1Q and then to have a notable ramp in Q2. So just kind of wondering what kind of free cash flow cadence is now expected now that the kind of nitpicky here, but the guidance for free cash adjusted to be about $150 million from previous saying at least $160 million.

Yes. So Mark, it's a good question. We were very pleased with the strength of free cash flow in Q1. And that was really fueled by, what I said earlier on the call, the strong collections in the quarter. We feel very confident in at least $160 million of free cash flow for the full year. Similar to what we saw last year, we expect Q4 also to be a very strong quarter for free cash flow, again, driven by the collections. So what you'll see in Q2 and Q3 is just a modest step-up sequentially over the previous quarter, starting with $28 million in Q1. But again, strong collections in Q1 and Q4 really driving those 2 quarters.

Your next question comes from the line of Shrenik Kothari with Baird.

This is Zach Schneider on for Shrenik. It appears that a transition away from stand-alone VM and your overall strategic pivot has brought you into closer competition with some larger players like Microsoft and Palo Alto. Could you just elaborate a little more on how Rapid stacks up against them and sort of the success and strategy going forward as your market -- for your market penetration efforts.

Yes. I think you were talking about specifically on the integrated risk side of the equation. So yes, I do think we have more exposure, probably more to the Palo Alto, if you just look at from a cloud security perspective overall. If you look last year, we saw healthy growth in the business, as I actually talked about earlier. We did not think, again, what we were looking at is lots of our customer base does not have -- it's not a competitive dynamic. Is that they don't have any material cloud security adoption, which is the primary thing that we're looking at about how do we drive adoption. We know they're adopting cloud. We know that they need it. We know that they're actually not using the native cloud technologies from a security perspective because of the complexity around that. And so our primary focus overall is how do we actually sort of deliver a mainstream enterprise solution. Again, this is very similar to what we did in detection and response plays. It takes something that was -- SIEM, that was just at the high end of the market and make it mainstream accessible, but with the level of sophistication and ease of use that everyone could use. And so that's our #1 sort of like focus areas, like how do we actually unlock that market? The second thing is when you look at the differentiation that we actually have, our view overall is that we want to provide the best experience of looking at risk end-to-end endpoint to the traditional on-prem environment, to the cloud environment, and have that be integrated across the entire environment and not 3 or 4 different sets of technologies and experiences overall. Thanks for the question.

Your next question comes from the line of Patrick Colville with Scotiabank.

I want to ask about, I guess, the balance between top line growth and profitability. I mean this quarter, non-GAAP operating margins were 19.5%, which is really impressive, but ARR was a bit soft and guidance was trimmed. So how should we think about the kind of balance between top line and the bottom line in light of the head count reductions we had in 2023?

Yes. So I mean, look, you have to actually figure out where you're going to focus your resources. We thought that the move that we made in 2023 set us up well this year to make sure that we've had a healthy amount of free cash flow. And then the second question is just like, okay, where do you invest? And we decided not to actually just split it equally, we just have to make a very focused investment and how do we actually make sure our products and services are actually ready for the next 5 years, not backwards looking. Yes, that clearly has some implications in the short term. But we believe it's setting ourselves up to make sure that we're investing in our products and our technologies and our teams around services is the path for what I would consider long-term healthy growth. So overall, we think that we've gotten our profit margins to a healthy state. Our expectations is that we're focused on not how we grow in the moment, but how do we actually have healthy growth and frankly, accelerate growth from today's levels over the next several years. And we think the best strategy to actually do that is actually focused on making sure that our products, strategy, capabilities and pricing are set up for the mid- to long term. And so that was the focus of the decision that we made. Now I would just say, being that close and focusing on the R&D and the services and the customer experience around and not putting all of our money in sales and marketing has some short-term implications. But we actually think that, overall, we can actually add back sales and marketing spend as we actually go forward, build off a much stronger base of technology, a platform pricing strategy that's actually compelling to customers. And overall service experience that delivers high-quality service. That's how we get our messaging.

Great. Okay. Okay. And I guess I want to just ask in my follow-up about net new ARR for the year. I mean the commentary you gave in the prepared remarks around the linearity of net new ARR was extremely helpful. What it implies is that this quarter, there's the kind of the trough. And then we have a decent net new ARR recovery through the year. Can we just circle back, just so I fully understood, just the confidence you have in that kind of recovery in net ARR through the year?

Yes. I would just say from -- if you look at our guidance, I think we have pretty strong confidence in it. I think that we didn't get out of our skis. The year tends to be a little bit back-end loaded. We have seen some of the pipeline and some of the deals get larger overall. But our assumptions are that we see only modest benefit from sort of our reorientation and our updated launch of so complete this year. So we didn't want to be too aggressive on the time line of something that was going to be introduced in the summer. So I think that our expectations are quite modest there. And so I would just say that if you look at what we've actually laid out, we have pretty high confidence that we can actually execute against that plan. And what we really took out, we really sort of based it off of the dynamics that we were seeing in sort of like the first half of the year, and they have very modest assumptions about improvements in the back half of the year. There are some, but I would just say they're relatively mostly orientation.

Yes. And Patrick, it's Tim. Welcome to the Rapid7 coverage team. And as you'll see, if you go back to prior year Q4 is that it's always the strong quarter from a seasonal perspective on the net new adds, and that we expect that again this year, similar to other quarters.

But it builds up. I would just say from -- Q2, Q3 and year in Q4.

Your next question comes from the line of Josh Tilton with Wolfe Research.

This is Patrick on for Josh. You had mentioned the churned customers in the quarter and, for the most part, they weren't platform customers. Just curious if you could expand more on sort of the broader reasoning for why they churned and how we should think about that going forward? And then maybe how much of an overall impact on expansion opportunities within the base that you foresee have that looking at?

Yes. I would tell you that the thing that we probably did not do a great job of in Q1 was actually driving expansion in our installed base, and that's mostly based on, we were still working through pricing and packaging and did not want to get too far ahead of ourselves. So if you think about net expansion rate, the expansion was definitely not as strong in the start of the year as we expect it to be exiting the year. So I think that -- so the clear expectation is that we will actually have clarity coming out of the summer on what the pricing packaging is, the ability to actually sell that into our installed base and drive expansion overall. So when you think about net retention rates, I would say, yes, we had significant pressure in the first half of this year on the expansion, mostly because we're working a lot of things, and we want to make sure that they're right before we go in and sign those, but we could have executed that better. But we do expect that to be a fairly temporary thing, and that's actually normalized as we actually exit the year, if not actually have some momentum as we go into next year.

Your next question comes from the line of Eric Heath with KeyBanc Capital Markets.

This is [ Shruti ] on for Eric. I was wondering what pricing dynamics that you're seeing in the market right now and from some of your peers? And how does that play into the pricing strategy that you laid out in your prepared remarks?

It's a good question. So I think -- so I'll keep -- the detection and response pricing has not materially changed. I think we were probably one of the largest changes when we changed from pricing, from storage, to a asset resource basis. So I don't think there's any material change in that. If you look at part of the things that we struggled a little bit with is that if you think about the risk market and you want to integrate it, the pricing in this cloud is very different than the pricing in the on-prem environment, and then the value proposition of the visibility on the endpoints is different. And so if you really want to simplify for customers, you have to rationalize both the pricing models and the -- also the pricing levels. And so you have a cloud that is volatility priced by the providers and, in general, quite expensive it keeps a lot of customers out. You have vulnerability management, which is effective, but like people are mix shifting to the cloud. And then you have endpoint, we have lots of visibility resources that you actually have to reconcile. So our goal, specifically, on pricing is how do we actually rationalize and take out the complexity. So make it as simple as possible for customers to actually price across the environment. And then our goal, because we actually have detection and response is we are a price leader. We actually want it to be -- we want customers to have full visibility into their environment because full visibility into their environment, we think that we can actually do a good job, and we continue to do a good job of that by then monetizing and selling customers the value of the detect and response. So in many ways, we think sort of like cost affordable, price leadership and integrated risk management is a great platform and a long-term good [ ad sell ] for detection and response. So we want to be pushing the boundaries there of how to get customers the best possible visibility at the best possible value. And then we can continue the success that we've seen in detection and response.

The next question comes from the line of Rob Galvin with Stifel.

These past 2 quarters, the gap between International and North America growth has widened, and international growth remained pretty stable versus the year ago period, while North America growth compressed by about 600 basis points. And I'm wondering if you could provide any commentary into what might be driving that difference in growth rates recently?

Yes. No, it's a good question. I don't think it's going to actually something that's going to sustain. I agree it's happening over the period. Keep in mind is that I think it was in 2022, we saw lots of pressure in Europe. So you had sort of like a deceleration there, so you had a widening gap there. I think that normalized coming out of last year. And so you do have some fluctuations in the baseline that you're actually looking at, depending on what period of time you're looking at. Our general expectation is that ignoring currency rates that we'll see fairly sort of like consistent growth around the world. And so we think that those are short-term differences, not long-term expectations or differences overall.

I will now turn the call back over to Corey Thomas for closing remarks. Please go ahead.

Well, thank you very much. I appreciate everyone taking time especially on an incredibly busy week. We look forward to talking to you on more important update on the next earnings call.

Thank you.

Thanks.

Thank you. Ladies and gentlemen, that concludes today's call. Thank you all for joining, and you may now disconnect.