Rapid7, Inc. (RPD) Q3 2024 Earnings Report, Transcript and Summary

Hello greetings, and welcome to the Rapid7 Third Quarter 2024 Earnings Conference Call. All participants are in a listen-only mode. Later we will conduct a question-and-answer session. [Operator Instructions] As a reminder, this conference is being recorded. At this time, I would like to turn the conference over to Elizabeth Chwalk, Senior Director of Investor Relations. Please go ahead.

Thank you, operator, and good afternoon, everyone. We appreciate you joining us today to discuss Rapid7's third quarter 2024 financial and operating results in addition to our financial outlook for the fourth quarter and full fiscal year 2024. With me on the ball today are Corey Thomas, our CEO and Tim Adams, our CFO. We have distributed our earnings press release over the wire, and it is now posted on our website at investors.rapid7.com, along with the updated company presentation and financial metrics file. This call is being broadcast live via webcast and following the call, an audio replay will be available at investors.rapid7.com. During this call, we may make statements related to our business that are considered forward-looking under federal securities laws. These statements are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995 and include statements related to the company's positioning, strategy, business plans, investments, growth drivers, financial guidance for the fourth quarter and full year 2024 and the assumptions underlying such goals and guidance and our expectations regarding 2025. These forward-looking statements are based on our current expectations and beliefs and on information currently available to us. Actual outcomes and results may differ materially from the future results expressed or implied in these statements due to a number of risks and uncertainties, including those contained in our most recent quarterly report on Form 10-Q filed on August 7, 2024, and our most recent annual report on Form 10-K on February 26, 2024, and in the subsequent reports that we file with the SEC. The information provided on this conference call should be considered in light of such risks. Actual results and the timing of certain events may differ materially from the results or timing predicted or implied by such forward-looking statements and reported results should not be considered as an indication of future performance. Rapid7 does not assume any obligation to update the information presented on this conference call, except to the extent required by applicable law. Our commentary today will primarily be in non-GAAP terms and reconciliations between our historical GAAP and non-GAAP results can be found in today's earnings press release and on our website at investors.rapid7.com. At times in our prepared comments or in responses to your questions, we may offer incremental metrics to provide greater insight into the dynamics of our business or our quarterly results. Please be advised that this additional detail may be one-time in nature, and we may or may not update these metrics in the future. With that, I'd like to turn the call over to our CEO, Corey Thomas. Corey?

Thank you, Elizabeth. And welcome to everyone joining us on the call today. Rapid7 ended the third quarter of 2024 with $823 million in ARR, while delivering revenue and operating income above our guided ranges. Our threat detection response business, which remains an area of strength and durable double-digit growth continued to drive the majority of our growth in the third quarter. As our robust capabilities, deep expertise and investment innovation continues to support a proven world-class detection and response experience for our customers. There is positive momentum across our business and this is a key pillar that undermines our compelling opportunity to reaccelerate growth. Our Q3 ARR results also reflect customer budgets that remain in flux, especially around the time it has been. We saw deal cycles continue to elongate with additional levels of approval for the release of budget dollars, particularly for larger deals in North America. These longer deal cycles remain broad-based across mid-market and large enterprise customers. This change put modest pressure on new ARR in the third quarter driving ARR results slightly below our expectations. We have extrapolated these dynamics into the fourth quarter and coupled with the growing mix of large deals that we expect towards the end of the year, we're allowing our 2024 ARR outlook to a range of $835 million to $845 million. Now, I'd like to give a broader overview of where our business is and the great progress we've made this year on product and service experience for our customers. Vendor consolidation continues to be a strong secure dream across software, especially in security operations where the market remains fragmented. Our consolidated offerings are addressing this market wide customer paying point as security teams look for better outcomes and stronger value propositions. We continue to see strong demand for our consolidated offerings across both threat detection and risk management which together have scaled to make up over $175 million of ARR. Additionally, the average ARR per customer for customers who own one of our consolidated offerings is roughly $150,000 highlighting the meaningful revenue opportunity for both new and existing customers that expand across our broader SecOps platform. Exposure come in, our recently launched consolidated risk management solution has also shown encouraging early progress. We introduced the Command platform at Black Hat conference in early August. And with less than two months in the market, we have generated over 70% more pipelines for the overall risk management business compared to the second quarter of this year. When I refer to the risk management business, that includes our full suite of cloud security, vulnerability management and attack service management solutions, including Exposure Command that help customers manage and prioritize risk across their attack surface. As expected, Exposure Command is gaining steady traction as customers seek to improve visibility across their attack surface, while consolidating on the integrated platform at a compelling price point. Over time, we expect the average ARR from risk management customers to grow driven by product expansion within the category as well as expanding scope of coverage of their environment. As an example of the early success we're seeing in Exposure Command is a six figure ARR deal that we closed during the quarter, with a technology company looking to track all of their cloud assets in a centralized automated way. Rapid7 won against three well known cloud security players based on our proven use cases, added business context with the customers' attack surface and the ease of use of the Command platform's user experience. Rapid7 was able to offer the customer multi-cloud data in one place and the single source of truth is critical in removing constant manual workload for an under resourced security team. We started 2024 with a clear set of priorities and three primary focus areas: innovating to deliver world-class detection response experience to our customers, expanding our partner ecosystem for scale and efficient demand generation and accelerating cloud security adoption. We knew this will be a product investment year for us and an opportunity to establish leadership in future growth markets for security operations. We made the decision to prioritize our investments in customers' product and service experience, while being more measured on investments in sales and marketing. As we near the end of the year, I am pleased with what we accomplished in these areas. The work we have done this year provides a critical foundation to our success and we continue to believe these investments will position us for better long-term and durable growth. First, our Detection & Response business continues to drive healthy momentum, particularly for customers looking to extend their SecOps capabilities with our managed services. Our commitment to driving innovation within InsightIDR is creating a stronger value proposition for our customers who increasingly need a centralized actionable view of the environment. There are a number of specific reasons that security teams are choosing Rapid7. To better pinpoint threats driven by our embedded and expanded detection library, which provides relevant and timely insights from Rapid7 security operations center, open source community and threat intelligence teams. For better ability to scale and reduce manual attacks with embedded automation and AI for stock efficiency, particularly during the alert life cycle. And for the ease of use of our integrated platform, with growing coverage and ability to ingest and analyze third-party security data. Additionally, the breadth and depth of the Rapid7 platform continues to be a competitive differentiator in a market that is still quite fragmented. Our leadership in this space was validated by recent vendor assessments by IDC, which positioned Rapid7's InsightIDR solution as a market leader in SIEM solutions for both SMB and enterprise. Security teams of all sizes are leveraging our core SIEM capabilities as part of our broader detection response platform to gain comprehensive and contextualized view of threats across their environment. The second major area of focus for this year has been on expanding our partner ecosystem for scale and efficient demand generation. We made substantial progress, and there's still a long runway of opportunity here. In the third quarter, 90% of new ARR bookings were sold through our partner ecosystem. This achievement marks a significant milestone and underscores our dedication to collaborating with our partner community aligning with purchasing channels, many customers already use to source their security solutions. As we remain committed to advancing our partner programs and experience this quarter, we introduced the Rapid7 Partner Academy, which equips our partners with technical expertise around the Command platform. This program is designed to educate our partners quickly as we innovate and is particularly beneficial as we recently delivered a series of important launches. We're also enhancing the partner experience through the recent launch of our channel partner portal, which supports streamlined engagement and a smoother sales process. Overall, the progress in this area demonstrates our dedication to seamless interaction, collaboration and business growth for our Rapid7 partners. Lastly, our approach to accelerate cloud security adoption is well underway. Our strategy is resonating strongly with customers by bringing cloud security capabilities into a broader platform that provides customers a high-quality integrated view of their broader attack surface. The launch of our Command platform, including Exposure Command has been extremely well received. As I mentioned earlier, we increased our quarterly pipeline creation by over 70% on a sequential basis for risk visibility and exposure management. The positive early feedback we're hearing from the market is concentrated around a few major themes. The Command workflows and user experience stand out from the current market offerings, particularly by our ability to aggregate a diverse range of third-party security data into a single source of truth. This integrated platform experience for cost-effective management of an organization and attack service is a clear differentiator for Rapid7. Second, customers like our improved cloud risk prioritization and visualization tools, which allow them to assess risk in the context of prevention gaps, including allowing security teams to monitor toxic combinations, provide guardrails for secure AI development and view executive level risk reporting. And thirdly, many customers lack a firm grasp of the assets across their hybrid IT environments. With Gartner estimating that less than 20% of organizations can clearly identify an inventory a majority of their assets. Our integrated asset discovery capabilities bring crucial visibility for attacks service management and speak to a common pain point for customers of all sizes. Additionally, our MSSP partners which have historically been focused mainly on detection response have shown strong interest in our new exposure management offerings. Though we had a slow start to 2024, we've since taken the right steps to focus on our strategic priorities. I am proud of how our team has executed over the last six months to improve the foundational aspects of our business and we see clear signs of progress and momentum particularly around the Command platform. As we look out to the next year, there are plenty of promising indicators on the horizon. The investments and focus areas of this year have made a meaningful impact in our ability to go to customers with the best possible security operations platform and we are already seeing tangible proof points of distraction. We expect to start 2025 with a stronger pipeline than last year based on how demand generation is currently trending. And we continue to believe that our risk visibility and exposure management offerings will be meaningful long-term drivers of growth for us. We also have more work to do to successfully convert positive customer feedback and early pipeline traction for the Command platform into a material contributor of new ARR. As we look ahead to the next year, we're taking a measured approach with respect to both the timing of when that contribution materializes and when we will see customer budget stability and consistent deal cycle timing. While we expect to provide formal guidance on our February earnings call, our early expectation for 2025 is that our total ARR growth rate for the year should show flat to mild acceleration in growth from our 2024 exit growth rate of ARR. That view assumes continued longer deal cycles, particularly for large deals in managed detection response and relatively stable demand environment. The strong fundamentals of our business are intact, and we are creating a broad based platform of integrated security operations solutions that will have long-term product relevance in a dynamic market environment. In the meantime, we plan to continue making shifts in our business model amidst slower near-term growth by evolving our products to be leaders in their specific categories, by evolving our pricing model to align to customers' priorities and budget capacity in these areas and by remaining focused on scaling free cash flow across our business. Thank you for joining us on the call today. I will now turn the call over to our CFO, Tim Adams to share additional detail on our financial results and outlook. Tim?

Thank you, Corey, and good afternoon to everyone on today's call. Thank you for taking time to join us today. Before I turn to our results, a quick reminder that except for revenue, all financial results we will discuss today are non-GAAP financial measures unless otherwise stated. Additionally, reconciliations between our GAAP and our non-GAAP results can be found in our earnings press release. Rapid7 ended the third quarter of 2024 with $823 million in ARR, representing 6% growth over the prior year. This ARR result reflects the continued strength in our Detection and Response business as well as elongated deal cycles, particularly for large deals in North America. ARR growth in the third quarter was weighted towards sales expansion as ARR per customer grew 4% over the prior year to $71,000 and our total cost base grew 2% year-over-year to end the quarter with over 11,600 customers. Third quarter revenue of $215 million grew 8% over the prior year and exceeded our guided range. Recurring product subscription revenue grew 8% over the prior year to $206 million, which was better than expected on favorable linearity in the quarter. Our revenue mix continues to shift towards international, which grew 17% year-over-year and now represents nearly 1/4 of total revenue. Turning to our operating and profitability measures for the third quarter. Product gross margin was 76% in the quarter and total gross margin was 74%, both of which are in line with the prior year. Sales and marketing expense was 31% of revenue, down from 34% in the prior year. R&D and G&A expenses were in line with the prior year and made up 16% and 6% of revenue, respectively. Third quarter operating income of $44 million was above our guided range and represented a roughly 21% operating margin. The outperformance was driven by higher-than-expected revenue and the timing benefit of a few million dollars in professional services and marketing spend, which we expect to incur in the fourth quarter. Adjusted EBITDA was $50 million in the quarter, and net income per diluted share was $0.66. Moving to our balance sheet and cash flow. We ended the third quarter with cash, cash equivalents and investments of over $500 million, slightly above the $494 million at the end of the second quarter. We continue to ramp up our free cash flow generation with $39 million in the quarter, up from $29 million we reported last quarter. This brings us to our outlook for the rest of the year. We now expect full year ending ARR to be in the range of $835 million to $845 million, which represents growth of 4% to 5% over the prior year. We have adjusted our outlook for the remainder of the year based on the elongated sales cycles we saw in the third quarter and have carried forth our assumption that these customer budget dynamics will continue through the rest of the year. For full year revenue, we are raising and narrowing our range to $839 million to $841 million, representing growth of 8%. This increase from our prior guidance of $833 million to $837 million reflects revenue outperformance in the third quarter. On profitability, we are raising and narrowing our full year operating income range to $157 million to $159 million from our prior guidance of $152 million to $156 million. Our updated range represents an implied operating margin of 19%, growing over 550 basis points from the full year 2023. We expect full year net income per share to be in the range of $2.28 to $2.31 based on an estimated $74.7 million diluted weighted average shares outstanding. For free cash flow, we are updating our full year expectation to a range of $145 million to $155 million based on our updated ARR range. We remain strongly committed to expanding profitability. Moving to quarterly guidance. For the fourth quarter of 2024, we expect total revenue in the range of $211 million to $213 million, representing growth of 3% to 4% over the prior year. Non-GAAP operating income for the fourth quarter is expected to be in the range of $33 million to $35 million, reflecting an implied operating margin of 16%. We expect non-GAAP net income per share of $0.48 to $0.51, which is based on 75.7 million diluted weighted average shares outstanding. I would like to thank our team for the great work they have accomplished so far this year, especially on the foundational improvements across our Detection and Response business, our partner ecosystem, in our push to drive cloud security adoption. The early traction for Exposure Command is encouraging, particularly as it relates to the pipeline growth we saw in our risk visibility business during the third quarter. As always, we remain focused on balancing these growth initiatives with profitability improvements in what continues to be a dynamic market environment. With that, we will now open the call for questions. Operator?

Our leadership in this space was validated by recent vendor assessments by IDC, which positioned Rapid7's InsightIDR solution as a market leader in SIEM solutions for both SMB and enterprise.

[Operator Instructions] Our first question comes from Fatima Boolani from Citi.

Corey, you talked at length about some of the external dynamics that are contributing to improved customer feedback and receptivity to the launch of the Command portfolio and then just general strong feedback. But I wanted to reconcile that with the results and some of what you're baking into the guidance, right? And specifically, I wanted to ask you on internal dynamics, do you now have had a full quarter of that organizational streamlining that you undertook in terms of the organizational structure. So can you give us a sense of what some of the proof points of success are there and why maybe that's not moving the needle and overcompensating or at least counterbalancing some of these external dynamics on sales cycle elongation?

Thanks for the question. So look, there's two focus areas internally that we actually have is -- and one of them was just to make sure we have rigorous processes so that we can actually forecast and deliver consistently well. The second one was making sure we executed our launch of the Command platform and Exposure Command. As you know, we've been relying on this year on this single selected focus on D&R, which has performed very, very well. But at the same time, we need to actually launch our updated strategy for the risk management business with our integrated risk strategy. So the loss of that has been a primary tool. And I have to say the execution is going well there. If you zoom out and you said, all right, how does that translate into the results? Is that we built back up the pipeline frankly exceeded the targets that we actually wanted to see. But most of our pipeline for this year, we told to the core thesis was going to be around the D&R business, of which we have substantial pipeline, but there are larger deals. I think this may be the first kind -- in our history, we've had over half of our pipeline deal for Q4 that are over the $100,000 mark. And so with the elongation of the sales cycle, a higher mix of larger deals, and what we saw both in Q2 and Q3 is our primary focus was making sure that we were actually being thoughtful about what sales cycles were for the pipe and then sharing that information came with you all.

And our next question comes from Saket Kalia from Barclays.

Corey, maybe just to start with you, in your prepared remarks, you talked about higher ARR per customer for those that buy bundled or rather consolidated offerings. Could you just dig into that a little bit? I think you mentioned 150,000 number. I'd love to just dig into that a little bit. And maybe more broadly, can you just talk about what percentage of the base is sort of on that kind of consolidated type of offering?

Yes. It's roughly 150,000 as I said in the prepared remarks, it is frankly live by D&R. So if you think about so far, like lots of the consolidation strategy has been laid by the Detection and Response business. It's an area where we actually have robust pipe now if you look at D&R and now it Exposure Command which is, frankly, a much better consolidation story from list than what we had previously and we've taken lots of the process and learnings that we actually have from last year. That said, we still think we have significant amount to actually go in and raise, as I would say, of our base. I say a little over 10% or so of our base is on one of the consolidated offerings. And we're having steady adoption, a steady uptick in pipeline, but those bills are also larger in orientation and therefore have longer deal cycles.

That makes sense. Maybe for my follow-up for you Tim. I appreciate the early look at 2025. I think that's prudent. Maybe the question is, how do you think about the mix of sort of customer growth versus that ARR per customer dynamic even qualitatively, as you think about that preliminary outlook?

Look, I think we have the opportunity on both fronts to continue to grow. We have over 11,000 customers today. We think that market opportunity is roughly 70,000. So there's always room to expand with new logos. And to Corey's earlier point, when you look at the strength that we're seeing in the consolidation offers, they do come in at a higher ARR per the average of around 71,000 that we see on customers. So by selling into the packages, certainly the strength of MDR being larger deals gives us opportunity to do the expansion. And even to Corey's earlier point on Exposure Command, if you think of that as a great way to land with new customers and then you have that upsell, cross-sell opportunity with MDR with those customers. So I think you can see it from both new customer acquisition and expansion of customers as well.

[Operator Instructions] Our next question comes from Matt Hedberg from RBC.

Maybe I'll just double click on the guidance portion as well. It seems like you're taking a conservative initial approach to the framework of what seems like maybe kind of mid-singles to maybe slightly better growth next year. I'm curious, Corey, are there things that you can do from a go-to-market perspective that could combat elongated deal cycles like one thing. It really seems like you're getting a lot of channel momentum. I'm kind of curious as you think about company specific things that could combat some of these macro pressures. I'd be curious on kind of how you think about that.

Yes. I mean, look, the primary thing that we're actually focused on is we like the dynamic that we have both on the consolidation offers and the D&R traction. They are larger deals. I would just say customers have their own specific budget dynamic. So we want to keep the good. What we want to add to that is, I would just say more velocity business as we actually termed it, which is you can think about that more sort of upgrade, upsell motions in the installed base, that's the upside. We do have that. I mean testing Exposure Command as we start to see that in the pipeline, but it's definitely premature to actually sort of like take pipeline and actually predict conversion rates and how much of that flows to do. So I just think it's just too early, but that is our strategy for actually keeping the good stuff where we have the larger deals, increasing share of wallet, healthy dynamics are in the stack but added in a mix of velocity deals that are at lower ASPs and frankly, balanced out some of the large sale momentum that we actually have.

Our next question comes from Joe Gallo from Jefferies.

I appreciate the question and appreciate the deal cycle elongation commentary. Is that broad-based? Or are there some areas of the platform that are most impacted? I know you don't give updated mixes, but just any sense of the growth rates for the different segments? And then maybe on the reverse, like the gross retention side, was there any impact on the core vulnerability management or have gross retention rates stayed stable?

Okay. That was a lot. So I’m trying to make sure I got all of it. So on the deal cycle elongation, I think it's primarily large us. I would say it's less product based with deal size based. Like when you become a material part on someone's budget in this budget environment, we're just seeing customers so like, there's a gap now between sort of like your recommended and a customer says they're going to go with you and how long it takes them to actually cut your out like when the budget knowledge and going to land. So that's kind of how we describe it. And we are -- like I would just say be cautious and thoughtful about like our expectations for the year and it's been consistent with what we've seen overall. As you can imagine is that it's still primarily that's just because the Exposure Command pipe is actually new. We would expect the same six month deal cycle. So it’s early in that cycle. So this -- that is more D&R weighted, so you ask sort of like what's happening. And the growth rates in D&R continue to be strong, and we expect them to stay strong as we actually go forward. And then the last one is the gross retention rates. I think we -- I think that's probably in relationship. Earlier in the year, we had highlighted that we were seeing in some gross retention pressures. Those feel like those are actually are in the process of bottoming out. I would just say the early indicators that we're seeing around those are actually quite positive. Part of that is that customers are seeing what the what we're doing around the Exposure Command that are the VM customers, and they do like the strategy. And so we're starting to see early confirmations around that. But I would just say that the -- we think on the net gross retention trends are positive to up and we feel good about those as we go forward. I think I got all the questions.

Our next question comes from the line of Hamza Fodderwala from Morgan Stanley.

Just there's been a lot of improvement on the profitability side in the last few years. You're close to 20% free cash flow margin. Obviously, you want to accelerate your growth for 2025. I know we're not providing the full formal guidance. But as you think about that balance between growth and profitability, should we expect to see additional leverage going forward? Or is the focus going to be more around investing more for growth?

Yes. Look, the clear focus we actually have right now. If you think about it, we started -- last year, we shipped to driving consolidation. I want to say we did good in one part of the business, the threat detection part of the business we thought like we did not -- we thought we had room to improve on the overall risk side of the business. This year, we invested in the products and the offering around risk while continue to expand profitability. We've actually built a pipeline. We're seeing the early indicators. We feel like the set up next year is focused on the growth risk acceleration. So that's the core focus of the business as we actually go forward next year. We think it's a good time to do it because we actually have the products, the product set up well the feedback from customers and the sales team. We're not out over our skis in terms of the expectations just because right now, early indicators are, but they're still early indicators. So my expectation is that like we're happy with the profit dollar range that we're in. We certainly expect to see more free cash flow dollars as we actually go forward. But the real focus that we actually have is reaccelerating growth of the product base that we actually have today.

Our next question comes from the line of Rob Owens from Piper Sandler.

Corey, in prepared remarks, you did talk about shifts in the business model and particularly on pricing and in the Q&A, you did talk about increasing velocity business. Does it speak to that? Or is there something else a foot? If you can maybe elaborate.

Yes. I think they're interrelated. When we look out at our customer base, we've done a really good job in positive threat detection business, I'm actually sort of like -- just actually, I was just executing, I would say, a larger deal, larger business becoming more strategic to our customers. That's evidenced by the business that we have there. The thing that we actually have not done a good job is how do we actually get to 20%, 30% upgrade in uplift in the installed base. And all they use get a little bit of that from the people adding more VM assets overall but we didn't get -- we did not get enough of that share originally as people move to the cloud. The part of what we actually found there was the cloud pricing was high, we would have looked at our install-based. Lots of our customers just don't have any solution at all and so what we flipped around there is how do we actually monetize, I would just say, share of wallet in risk management, in the install base with a more integrated value proposition that sit around the attack surface source of truth from the endpoint to the on-prem to the cloud environment and how do we monetize and upgrade the installed base. And so that's the strategy that Rob is sort of like making sure that we actually don't become just a business that does large D&R yields from a sales focus and from an offering focus. Again, that's not our sales team. It's more of our operating strategy. I feel like we've really nailed -- I mean so far, the feedback, very early, but we've now that with Exposure Command where it's the first time we kind of upgrade to our VM with installed-based customers. It also makes the customers stickier because they like the strategy that we're actually doing. It also allows us to actually add more assets per customer from a cloud perspective. And it's a stickier solution to normal management. VM was about scan and report or collect data and report and this is about sort of like collect data, but integrate data and become the attack surface source of truth in the environment. And when you are a system of record and environment, it's just a much better, much stickier value proposition. So Rob, that's the one that we're talking about is how do we actually sort of like have more offerings that are not just the bigger ASP, we execute well. Again, this is the first time I think half of our pipeline is over 100,000 deals. And that's okay, but we really do want to keep a line of that velocity business.

Our next question comes from the line of Gray Powell from BTIG.

I just want to make sure I understood some of the commentary correctly. So when you say in the pipeline for risk visibility and exposure is up 70% from Q2, just can you help us think through what the base of comparison is there for example, like is it 70% growth off of a small number? Or is risk visibility and exposure a more meaningful part of the pipeline at the end of the quarter? Yes, just any additional detail there would be really helpful.

Thanks for the question because it does help clarify. So today you recall this year, as we were retooling and upgrading our strategy around risk management to move from the CRC stroke. So really an integrated product platform approach, we stop selling and building pipe on that. So like you could think about sort of like that really going down precipitously some exiting last year and coming into this year, which could -- I would just say more pressure on growth than we probably anticipated overall. And so what that signifies is one is now we're actually wearing back up that risk business overall. So while it's up quarter-over-quarter, most significantly is actually back sort of like the levels that it was sort of like in the middle of last year for the risk business. And most importantly, the total pipeline has actually sort of what fund out its deceleration in Q2 and actually has steadily risen up and that accelerated in Q3 as we actually move forward. So what we've also seen is just overall pipeline generation improving and that's what we really focus on. It's a contributor. By the way, it is the best contributor because D&R stay within its range of expectations. But we really have to recover that risk management pipeline generation, and we've actually seen that. And again, the early sort of like data in conversion is pretty good. So I think I captured.

Our next question comes from the line of Gregg Moskowitz from Mizuho.

This is maybe a bit of a high-level question and you may have touched on this a little bit in response to Rob's. But all of us on this call are -- as we're all aware, there are many security platforms out there, Corey, and to be fair, several of them are a lot bigger than Rapid7. What gives you the confidence that Rapid7 can be one of the real longer-term winners as a security consolidator?

Look, I think that there's two approaches if you're going to be -- well, I think you're right, like if you are a niche player, it's going to be hard. And there's two approaches that you can actually have for consolidation. You can be a general consolidator of which I think a lot of the companies have talked to our general consolidators. They have lots of stuff across a wide rent of overall security and they're using the customer relationship to deliver or you can be a focused consolidator. And if you're focused consolidator, what you really say is, we will be best in the world at this and we will do it at better economics than anyone else. We're focused on being a focused consolidator. What we're best in that is security operations consolidated. We collect more data for more systems than anywhere else in the world. No one's actually processing data across the on-prem with the traditional vulnerability management technologies, the cloud technologies, the endpoint data collection and by the way, we process data from every other select security telemetry provider. No one processing more data, integrates more data to actually paint a picture of the attack surface and then takes that data and then use us to monitor the overall environment for attacks. Security operations is about, do you have the data to paint a picture for your attack surface and then can you monitor that attack surface for attacks. We actually have been invested in this from long to anyone. We're still like the most comprehensive, even if you prepare every single player on the market today and we do it with better scale, better customer economics and a better value proposition. That is still resonating with customers. And if you dig into it, what you see is, in many ways, we've actually executed and continue to do better and grow faster than the market and the hardest part of it, which is the going upmarket with the D&R stuff, we're just adding back on the risk piece but we're adding it back on from a rebuilt risk engineering that's more about integration and the integrated the attack surface than it is about the traditional vulnerability management approach. But that's the approach that we actually have and we think wins, it’s focused consolidation efforts.

Our next question comes from the line of Jonathan Ho from William Blair.

Just wanted to see if you could give us a little bit of additional color on what you're seeing in the MDR space and with your own managed offerings as an add-on. And just how meaningful could this be as you start to think about trying to expand wallet share within your own customer base? And just similar to that, if you could talk a little bit about what's happening on the InsightIDR side, whether any of the consolidation that's been happening in this space is starting to show benefit there as well?

Yes. Jonathan, it's -- we are showing, look, part of the D&R backdrop is driven by the Detection Response product and the MDR service. Look, from our benchmarks, we have one of the highest quality MDR service in the market, it is backstopped by incredibly strong retention rates compared to the overall market. We are one of the few product companies that actually built and continued to build an MDR as a product stack. So we use in our Detection and Response product solution to actually build it out. We think that there's lots of opportunity there going forward. Our engineering team has been focused on how do we actually allow customers to not just monitor part the environment. Like a lot of the consolidators are still very narrowly focused on just their data. Our goal is for customers to make 100% of their environment and do that cost effectively. You have to be a product driven company versus a services company that adds technology or a product company that actually has MDR as an ancillary feature of how you manage their own offerings. So our goal is to monitor and manage 100% of the attack surface. Our team's focus there. The benefit on your question for our SIEM, our security analytics offering is that, that helps our SIEM customers the most productive solution for actually managing detection response in the environment because our MDR analysts have to be productive and we have to do it at scale and at quality, and that's part of why that solution so attracting so many of those customers. Again, that strategy of designing it to actually be a scale market solution that monitors 100% of the environment built as a product company allows us to actually have a great MDR offer, but most importantly, debt technology to be delivered to customers and partners, importantly, deliver great managed service business.

Our next question comes from the line of Josh Tilton from Wolfe Research.

This is Patrick on for Josh. Can you talk about the competitive environment and sort of what you're seeing there right now and maybe any changes observed over the last year? And then within that has there been any changes to your win rates over the first 11 months this year? And if so, what gives you confidence that you can at least stabilize those win rates or maybe improve them with a better pipeline in front of you?

Yes, it's good. So the win rate time and changed material is just the pipeline confidence position has changed and it's become -- again, for this year, we had a more of a D&R focused business. We're building back up the risk business with Exposure Command. So it's just too early. I mean this is why we're not out over our skis and what the embedded model and conversion rate assumptions are. I think the win rates will be somewhat high because like a significant -- half of that is just upgrades of the VM so like customer base. And so that's -- those tend to have different competitive deals. And by the way, those are also faster cycle deals to the question that was asked earlier. So while it's early, we would expect that to overall be positive and then we'll see how it fares in the head to head space. We did not pursue a lot of risk management and cloud opportunities leading into this year, like we gave at the start of last year when we were launching CRC. We really wanted to retool it for a better approach. So in the D&R, so we'll know more on the Exposure Commands, but it's actually early but I want to say it looks really good, but I don't want to overweight a small set of deals that actually happen to actually move a lot fast. On the detection response, we think we have a very, very competitive solution. We have high win rates. If we lose by far, it's because we are like walking away based on price or based on sort of like the extent the customizations that we'll do because we're taking a product based approach there. The good news there is that we're actually have been aggressively extending what we monitor naturally and we can actually do that in very, very good gross margins. And so I would just say on that MDR space, we actually have a premium solution there that's actually well regarded and we feel great about the competitive position overall there. I've actually hit it. So I don't think -- look, I think the biggest issue this year is we had to reaccelerate pipeline on the midsize. It's not that we were actually like generating pipe and losing. Our sales team was just waiting for us to actually redo our offering going forward.

Our next question comes from the line of Brian Essex from JPMorgan.

Corey, I think you mentioned during your prepared remarks that about 90% of new ARR is sold through the partner ecosystem. And I know previously, you talked about investing in channel relationships, MSSP partners marketplaces. Could you maybe talk a little bit about the mix of what you're seeing through the partner ecosystem? Is it leading to more consultative sales? Is there anything about that partner mix that might also be contributing to these elongated sales cycles?

The answer is I don't think that's the primary contributor. Look, I think having looked at it and spent some time in some of these myself, it's mostly -- it is -- we are now one of the more again, for the deals -- look, our pipeline mix has actually dischanged. We just have a lot of larger deals, in fact, than probably we have at any point in our history. And customers actually have more scrutiny for $150, $200, $300 plus line item than they actually do for a 20,000 -30,000 line item. I mean that's just the bottom line. So I think it's the deal size plus environment. I would not attribute that to our partners. I think our partners are doing a great job. We've seen that momentum they've been one to be contributors to our pipeline overall. And so I think it's more environmental and frankly, us not having enough offerings that are in that velocity space and actually really focusing our partners on our D&R business. I think that should change a little bit again as we actually continue to grow the exposure coming in, which again should be a little bit more of a velocity business at a lower ASP.

Our next question comes from the line of Joel Fishbein from Truist Securities.

Corey for you. Just love to hear anything that's going on in the Fed business and how that tracked this quarter and what the pipeline looks like there?

So recall, we have a strategic Fed business. It's actually good, but we do much more in state and local. We have some really exciting, I would just say, bit pipeline and launches come in that launch, is that like big true engagement coming up next year. And so I'll just say next year really starts our aggressive cycle in the U.S. federal government space where we have these certifications, we have the momentum. We've been working on lots of precursor work, but it's not a material factor right now for this quarter, on a new growth basis. We have some very strategic brands and companies in the federal government space but it's not a rate it's not a material factor for new business this quarter for this year.

Our next question comes from the line of Shrenik Kothari from Robert Baird.

So Corey, on the elongated deal cycle some cautions on customer budgets being more broad base. You and Tim, you guys touched upon, of course, pricing and bundling and so on [inaudible] Can you specific in terms of adjustments?

Yes, you're breaking up there. Could you repeat the question, please?

Yes. So I'm just trying to ask just taking a lead out of some other vendors, making any specific adjustments to the go-to-market in terms of perhaps exploring flexible financing, some trial periods, other value-based selling techniques just to kind of imply them to alleviate customer hesitation in adopting the platform. Just trying to understand others might be doing as well.

Yes, it's a great point. So I would just say we are active in discussions around that right now. We're learning for others. It's not the base plan that we actually gave you we're trying to see the durability of how it impacts. But I would just say we are looking at sort of like how we actually think about just securing the business as we go forward. We're doing it to a strategic and targeted, but we don't actually have a broad based program in place around some of those things. But I would just say our financing and our sales teams are actively looking at that right now.

Our next question comes from the line of Eric Heath from KeyBanc.

I just wanted to come back to the SIEM market. Obviously, been a lot of M&A activity across both enterprise focus and mid-market-focused vendors. And there's a lot of vendors out there circling the SIEM opportunities. So just curious if you think you're getting shots on goal there. And I don't know if that's one of the other sources of why you're seeing longer deal cycles. So, just any commentary there would be helpful.

I mean I think -- yes, I think we're doing great at the shot on goal. I mean like -- and we're scoring a lot of points, too. I mean the D&R business has actually proven stable and healthy. And so we feel very good about that overall. It's a competitive market, but I would say our competitive position is actually quite strong and we're investing a lot in R&D there to actually continue to extend that strength in that leadership.

Yes. Corey, the D&R business is very healthy. It's half of the ARR that we have and the growth rate has been very exciting for us. So that remains very strong.

Our next question comes from the line of [Ansh Colville] from Scotiabank.

Patrick Colville from Scotiabank. Corey and Tim, I guess I just want to ask about the preliminary 2025 outlook. Did you say that we should use the 4Q exit ARR rate? But if so, I calculate that to be 4% in 4Q. So should use that to forecast 2025 ARR? And if I'm right in my math, I guess that guidance would suggest a kind of nice amelioration of demand trends. And so I guess, can you just talk us through the puts and takes as to how things are going to stabilize as we look into 2025?

Yes. I'm going to give you assumptions sort of like race there. So one, what we say is look at the exit rate and expect sort of like flat to mild acceleration. The core assumption around it, just to be clear is -- look, we don't love it but we actually had to actually reset expectations a couple of times this year. And while we have extreme excitement, we expect to be in our business to be stable because it is stable, it's actually very healthy. Exposure Command, we actually are saying it actually sort of continues to show the momentum in the retention rates that we actually see. But we are kind of taking away and see approach to see what the conversion rates are on that and we're not baking that into any base assumptions. We'll update you on that as we actually see it. But in launch later Q3, we've been thrilled with strategic expectations so far, but we want to get through its full deal cycles versus just taking a random estimate and actually putting into the model. So that's just the logic behind sort of like where we are but of course, we'll actually update in sort of so we actually have clarity of like there's that momentum that we actually see, carry through in the same deal cycles with the ASPs that we're expecting.

Yes. Corey and we just -- we talked about in Q3 and Q4 and elongated deal cycles, larger deals. We assume that going into next year.

Our next question comes from the line of Mark Cash from Raymond James.

This is Mark on for Adam. So can you just kind of circling back to the really strong ARR bookings from partners this quarter. It’s coming after the pipeline strategic partners being up 15% last quarter. So just kind of into what's driving that buy-in and pipeline from partners? And could you also comment tie-in how much of that has come from AWS or the impact of that relationship so far?

Yes. I would say we have a set of strategic partners that I believe I've talked to you all about before that are like our top -- our top strategic partners, I think 15 partners around the world. That's the lion's share of that sort of like increase. I do see that part of how you get momentum is partners great pipeline and the close pipeline and we're seeing those healthy trends. Keep in mind that we did shift lots of our investment away from purely internal sources to be more partner base last year. So this is expected. Some of this is expected I would say, again, similar to our overall business, more than D&R weighted. It's -- and frankly, it's early on the risk side but we actually think there's lots of growth opportunity on the Exposure Command side. I think about that as a part of the natural evolution of starting to see yields from the investments that we made exiting last year when we shifted from our own internal sources to more partner base, primarily D&R focused and we're expecting both the pipeline and the conversion to actually line up as we go forward on the Exposure Command and the risk management business.

Our next question comes from the line of Matt Dezort from Needham & Company.

I wanted to ask about the shift to a regional sales model that you implemented recently. Can you update us on how that's progressing? And given the early glimpse to 2025, any learnings or thoughts around changing go-to-market incentives for sales reps given the pipeline composition is shifting as you alluded to?

So I would say it's going very well so far. I mean, the pipeline acceleration you're seeing is focused execution around the world from our sales leaders to partner up with our partner teams. Based off having a full product set in market for the first half in a while, that we got competitive in the right product set. So what do you want to see? You want to see the pipeline build. You want to continue to see healthy conversion rates and win rates of D&R, which we actually have, you want to see the pipeline Exposure Command, convert and actually go forward. And that should drive sales productivity next year as we move forward. That's certainly sort of like the leading indicators that we actually see. But also the steps we go through. So like if you look today, our sales teams have been really focused on both building the pipeline and burden the existing line. And so they hit all the execution goals that we've actually laid out. They've also sort of like done a good job of going back and upgrading our installed base and building a pipeline around that. So I would say they've hit all the milestones that we've actually laid out and that we won't hit. What's next up is what allows us to actually go in and tell you more than mild acceleration is that we actually have to see what the deal cycles are for Exposure Command. We have to actually see what the conversion velocity is around that and we have to actually execute on that. That's the next update that we're really focused on -- all right. Well, thank you all. So -- do we have one more?

I was about to turn it back over to you, but please go ahead.

So I really appreciate everyone taking the time on the call today. This is going to say I feel -- I know we've had some changes throughout the year, but we continue the momentum with D&R. We've now led on a good integrated risk strategy that we actually feel good about. And really, our focus now is about how do we actually reaccelerate and drive growth as we actually go forward. Thank you all for your time.

Thank you.

That does conclude today's presentation. Have a pleasant day.