Rapid7, Inc. Q3 FY2021 Earnings Call
Rapid7, Inc. (RPD)
Call artefacts
Call audio is not captured yet.
A slide deck is not captured yet.
Transcript
Auto-generated speakersGood day, and thank you for standing by. Welcome to the Rapid7 Third Quarter 2021 Earnings Conference Call. At this time, all participants are in a listen-only mode. After the speaker's presentation there will be a question and answer session. Please be advised that today's conference is being recorded. I would now like to hand the conference over to your speaker today, Sunil Shah, Vice President, Investor Relations. Please go ahead.
Thank you, operator, and good afternoon, everyone. We appreciate you joining us today to discuss Rapid7's third quarter 2021 financial and operating results, in addition to our financial outlook for the fourth quarter and full fiscal year 2021. With me on the call today are Corey Thomas, our CEO; and Jeff Kalowski, our CFO. We have distributed our earnings press release over the wire and is now posted on our website at investors.rapid7.com, along with the updated company presentation and financial metrics file. This call is being broadcast live via webcast, and following the call, an audio replay will be available at investors.rapid7.com, until November 10, 2021. During this call, we may make statements related to our business that are forward-looking under federal securities laws. These statements are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995, and include statements related to the company's positioning, our future goals and financial guidance for the fourth quarter and full year 2021 and the assumptions underlying such goals and guidance. These forward-looking statements are based on our current expectations and beliefs and on information currently available to us. Actual outcomes and results may differ materially from the expectations of a number of risks and uncertainties, including those contained in our most recent quarterly report on Form 10-Q and in the subsequent reports that we filed with the SEC. The information provided on this conference call should be considered in light of such risks. Actual results and the timing of certain events may differ materially from the results or timing predicted or implied by such forward-looking statements, and reported results should not be considered as an indication of future performance. Rapid7 does not assume any obligation to update the information presented on this conference call, except to the extent required by applicable law. Our commentary today will primarily be in non-GAAP terms and reconciliations between our historical GAAP and non-GAAP results and guidance can be found in today's earnings press release. At times, in our prepared comments or in response to your questions, we may offer incremental metrics to provide greater insight into the dynamics of our business or our quarterly results. Please be advised that this additional detail may be onetime in nature, and we may or may not provide an update in the future on these metrics. With that, I'd like to turn the call over to our CEO, Corey Thomas. Corey?
Thank you, Sunil, and good afternoon, everyone. Thank you all for joining us for our third quarter 2021 earnings results call. I'm thrilled to report that Rapid7 delivered a milestone quarter exceeding $500 million in ARR for the first time. Accelerated demand for our security transformation solutions, coupled with sustained growth of our revenue management and our recent Insight acquisition drove Q3 ending ARR to $550 million, growth of 38% year over the prior year and growth of over 30% organically driven by strong contribution from both our land and expand interest in the quarter. Our business was driven by strong customer interest for the expanding set of capabilities on our Insight platform and solid execution on the part of our Rapid7 team. Moreover, we have been pleased with the early reception from our customers to the recent addition of Insights threat intelligence offering. Our third quarter results also demonstrate how we are delivering on our customer mission while balancing our dual mandate to drive durable growth and expand profitability and free cash flow as we scale. Alongside our accelerating ARR growth, we delivered over 150 basis points of year-over-year operating margin expansion during the third quarter, even as we absorbed our largest ever acquisition to date. Jeff will share more details on our strong operating results in his remarks and how it positions us to continue investing behind our growth engine while delivering on our growth and profitability framework. But before we step into those details, I'd like to spend a few moments to share with you how Rapid7 is working to help customers achieve better security outcomes in a rapidly evolving threat landscape. Organizations of all sizes are investing aggressively in scaling the digital experiences that they must deliver to their customers, employees and partners in today's distributed economy. However, as they embrace these broad digital initiatives, they are increasingly faced with the critical challenge of managing a dynamic cyber risk profile across the internal cloud and external footprint. As we speak with customers and prospects on a day-to-day basis, many are struggling with the same set of questions: how do I gain visibility to the vulnerabilities in my environment and better manage our risk profile? How do I identify and respond to attacks happening in my environment? I want to improve my security team's productivity to drive better security efficacy in an increasingly tight cybersecurity talent market. These questions are at the core of today's security operations challenges and the expanded security achievement gap that I spoke with you about earlier this year. To solve this challenge, many customers we engage are seeking a more holistic approach to monitoring the threat landscape, as well as detecting and responding to attacks across their internal and external digital footprints. As I shared at our Investor Day in March, Rapid7 is leading a charge by delivering some of the most advanced capabilities around security, analytics and automation, unified on an integrated platform that are also massively accessible to a wider audience of enterprise and mid-market organizations. This is how we're disrupting the market by enabling customers to integrate advanced capabilities, high efficacy and productivity to achieve better security outcomes for their stakeholders. A great example of how customers are leveraging this value was a six-figure deal in the quarter with a multimillion dollar general contracting firm. This customer was looking to build a more effective detection and response program after experiencing a security incident with their existing solution. They wanted a comprehensive solution, but one that would also drive improved efficiency for their modest sized security team. As an existing InsightVM customer, they were excited about how quickly and easily they could stand up and integrate additional Insight platform solutions. When coupled with the depth of our detection and response capability, and the critical value our automation offering brought to their team, it became clear to them that few competitors could match the combined efficiency and efficacy of our platform. As a result, this customer chose to expand their relationship with Rapid7 as a trusted security partner, adding InsightIDR with our enhanced endpoint telemetry and network traffic analysis, as well as InsightConnect for automation to provide more comprehensive visibility across their environment and the ability to more quickly respond to incidents. This is a great validation of Rapid7's vision and approach towards our extended detection response strategy, which is to help customers minimize the themes and gaps that exist in their technology environments through our natively integrated Insight platform. Our approach is built on a premise that to have effective security, you have to have profitability and cost efficiency. This is why we have invested aggressively over the years to become a leader in enabling that visibility. The core of what Rapid7 does is collect fragmented data across the technology environment: endpoint data, cloud data, vulnerability data, logs, network data, all collected and aggregated natively on our Insight platform. This allows us to look at risk more holistically across the environment to not just detect the threats, but to perform the forensics and analysis across the environment and ultimately drive remediation with our automation framework. Increasingly, today's attackers are exploiting the data gaps and themes that exist in customers' fragmented security ecosystem. This has led to an increasing focus on an extended approach to detecting and responding to threats in the environment to reduce visibility gaps and mitigate that risk. Rapid7's core differentiation is this pervasive end-to-end data collection that allows us to deliver leading security analytics and automation that enables customers to more effectively assess risk, detect attacks and drive remediation across their environments. We're seeing this focus on more holistic risk visibility reflected in our engagement with customers. A good example of this was an international enterprise customer who had an engaging journey with us leading up to their purchase of our recently introduced IDR Ultimate product. Let me take a moment to step you through that journey. Despite having a market-leading SIM solution, this customer was lacking full coverage of their environment. So they engaged with us early in the year in an effort to achieve the detection response value they were seeking. At the same time, they were preparing to replace their existing VM solution. Our cohesive SecOps platform vision and the idea of a single trusted security partner resonated with them. They ended up purchasing InsightVM first, demonstrating our ability to meet them where they were in their DevSecOps journey. Around this time, they were also beginning their cloud security journey and exploring leading solutions for this. The combination of our best in-class cloud capabilities and our native integration with InsightVM on our platform put us ahead of the pack. By the time they were ready to make a detection and response decision later in Q3, the integrated platform experience positioned IDR as a clear winner. With IDR Ultimate, our advanced IDR tier, they were able to gain more complete coverage of their environment, while also reducing data gaps by tapping into our extended capabilities, including enhanced endpoint data for more comprehensive forensic analysis and automation for increased efficiency and accelerated response over time. In each part of this customer journey, our complete platform vision served as a key value driver for the customer, not to mention a competitive differentiator, and they are now leveraging a large portion of our Insight platform as they approach seven figures in total ARR. Over time, we believe that the winners in this space will be those that can provide this extended approach to reduce fragmentation and increase visibility in our customers' technology environment as we continue to invest in delivering this on our Insight platform. Most recently, our acquisition of Insight amplifies our platform and XDR vision while adding external attack surface visibility, further enhancing our vulnerability management, detection response and cloud security capabilities across our Insight platform. Turning now to a brief update on progress towards our enduring goals. First, we continue to lead the charge in enabling customers to transform DevSecOps practices around the cloud. You've seen us successfully extend the core capabilities of our Insight platform, both organically and through strategic acquisitions to help customers effectively scale their security operations. Our strong and accelerating customer growth, as we approach 10,000 customers is a great validation of our progress to meeting customers where they are in their DevSecOps journey with an expanded set of market-leading capabilities. Second, we're investing to accelerate our platform distribution engine through enhanced pricing and packaging for products like IDR, but also by making it easier for customers to seamlessly expand on the Insight platform through natively integrated experiences. This success is delivering a best-in-class platform experience, which continues to drive ownable expansion in customer relationships, as demonstrated by our ARR per customer, which grew 18% year-over-year to over $55,000. Third, we remain focused on driving long-term operating leverage and cash flow scale while investing for growth. This is evidenced by our strong cash generation and operating margin expansion, even as we continue to invest in innovation and absorb our recent Insight acquisition. In closing, it's clear that organizations across the world are undergoing significant digital transformation amidst an escalating cyber threat landscape. Our team is investing to deliver a highly differentiated and more holistic approach to security analytics and automation that better enables customers to bring security transformation alongside their digital investments. We believe this will remain a long-term demand driver for our business as we continue our mission to make the best in security operations achievable for all. With that, thank you all. And now I will turn the call over to our CFO, Jeff Kalowski.
Thank you, Corey, and hello to everyone on the call this afternoon. Before I begin, a reminder that except for revenue, all financial results we will discuss today are non-GAAP financial measures, unless otherwise stated, and reconciliations between our GAAP and non-GAAP results can be found in today's earnings press release. Turning to results. We are pleased to report strong performance as we ended the third quarter with $550 million of annualized recurring revenue. ARR grew 38% over the prior year driven by organic acceleration in our security transformation solutions and sustained growth in vulnerability management, as well as the contribution from our newly-acquired threat intelligence software. Third quarter revenue of $139.9 million grew 33% over the prior year and exceeded the high end of our guidance range on strong underlying demand trends for our Insight platform. Revenue performance was led by upside in product revenue, which grew 33% to $131.2 million. There was also a modest outperformance on the professional services side, which naturally varies quarter-to-quarter. We continue to execute well on our international growth strategy, which when combined with a higher mix of Insight customers outside North America drove 58% year-over-year growth, bringing international revenue to 20% of total revenue in the quarter. North America revenue grew by 28% year-over-year and comprised 80% of total revenue in the quarter. We ended the third quarter with over 9,900 customers globally, which represents 17% growth from the prior year. The customer count includes slightly over 300 net new customers acquired as part of the Insights acquisition. We continue to see strong upsell and cross-sell activity on our Insight platform, with just over 50% of our new ARR coming from existing customers in the quarter. This driven ongoing strong expansion in ARR per customer during the quarter, which grew 18% to $55,500. Strong secular tailwinds across the security operations market fueled our ability to both land new customers and expand within our existing base. Third quarter ARR growth was driven by a healthy balance of growth between these land versus expand dynamics. Turning to operating and profitability measures for the third quarter. We came in ahead of our guidance on these metrics primarily due to revenue overachievement. Most of that incremental revenue flowed through directly to profitability, highlighting the strong leverage profile of our subscription software business. As has been our typical cadence, this positions us well to reinvest the overperformance in future quarters to support our goal of driving durable growth over the long term. We continue to balance high-return investments in growth with our focus on delivering consistent annual improvement in operating margin and free cash flow. Total gross margin for the quarter was approximately 74%, consistent with the prior year and in line with our range of expectations. As we've shared before, we expect gross margin to vary within the mid-70s at the product gross margin level and in the low 70s at the consolidated level. Sales and marketing expenses grew 27% year-over-year, reflecting continued growth in headcount and improved to 40% of revenue compared to 42% in the third quarter of 2020. R&D expenses grew 35% over the prior year driven in part by the acquisition of Insights and represented 21% of revenue consistent with the prior year. G&A expenses grew 24% and were approximately 8% of revenue, down slightly from 9% in the prior year period. All in all, we delivered strong operating profit in the third quarter with operating income of $5.7 million, well above our prior guidance. We generated $9.9 million of adjusted EBITDA and $0.06 of net income per share, also above our guidance. Moving to our balance sheet, we ended Q3 with cash, cash equivalents and investments of $310 million compared to $613 million at the end of Q2 2021. The reduction was primarily driven by July's Insights acquisition with a net amount of $306 million paid at closing. Turning to the cash flow statement. You can see we benefited from ARR outperformance and strong operating results in the quarter. These dynamics, coupled with stronger-than-expected collections trends led to third quarter cash from operations of $19 million and we generated $14 million in free cash flow. This brings us to our guidance for the remainder of the year. We delivered strong third quarter results and feel confident about demand trends and our ability to continue to execute on these opportunities. As we succeed in meeting customers where they are in their security journey, we continue to expect that organic security transformation solutions ARR will grow over 40% year-over-year in 2021, with vulnerability management continuing to grow over 10%. Given these dynamics, we are raising our outlook for the year. We now expect full year ARR to be approximately $586 million, growth of 35% over the prior year, up 2 points from our prior expectation of 33% growth. We also expect higher revenue for the full year in the range of $528.7 million to $530.3 million or 29% growth over the prior year at the midpoint, up from our prior expectation of 27% growth at the midpoint. Our full year operating income outlook remains unchanged at $7 million. Our strong year-to-date performance, combined with high visibility and confidence in the demand environment, supports our reinvestment of year-to-date upside and the compelling growth opportunities in front of us. We plan to do this while remaining committed to our growth and profitability framework. We expect non-GAAP loss per share for the full year to be a loss of approximately $0.07 per share, which is based on an anticipated 55.2 million basic weighted average shares outstanding. I'm pleased to report that we are once again raising our free cash flow expectations and now anticipate full year free cash flow of approximately $25 million, an increase from our prior expectation of approximately $20 million, driven by our strong ARR performance. As we've said, we remain focused on investing in durable growth while maintaining our commitment to delivering consistent free cash flow and operating margin improvement on an annual basis. Now turning to quarterly guidance. For the fourth quarter of 2021, we expect revenue in the range of $144.9 million to $146.5 million, growth of 28% to 29% over the prior year. We expect an operating loss of approximately $6.7 million, a non-GAAP loss of $0.18 per share, which is based on an anticipated 57 million basic weighted average shares. In summary, our third quarter results highlight the strong demand for our best-in-class security transformation and vulnerability management solutions, as well as our ability to execute on our strategy and unique set of opportunities.
Our first question comes from Rob Owens with Piper Sandler. Your line is open.
I want to unpack the ARR guide for the year. And then just in contemplating the net new ARR of about $36 million and comparing it with last year, I think you're up kind of mid-single digits. So was there anything in the comp from a year ago or anything in that number that we should be aware of?
No. There's nothing unusual. Remember that we have raised the guidance from 33% to 35%. No unusual activity. It's possible that the consensus seasonality may have been off for the quarter. So we're taking the full year up from 33% to 35%. We think it's a good reflection on the continued strong demand we see for the platform, but nothing unusual.
And then, Corey, as you look at another successful quarter here with your third quarter prints, maybe help paint what the environment looks like relative to security demand and the kind of thought process for fourth quarter and anything you want to give us into next year. Do you think these heightened spending levels will persist as we think about and contemplate 2022?
Yes, Rob, it's a great question. When I look at the demand environment, we're talking to customers directly coming to our teams; it's robust. We continue to see people shifting more to technology and upgrading their technology, and digital transformation, and we continue to do security a priority. I mean, it's hard not to have security as a priority around that today if you take any into what's happening in the world. We continue to actually have the support of not just the customers who want to do it, but the Boards and the CEOs who are now prioritizing security more than ever. The thing that I would actually say as we go forward is that as we solve the durability of the demand environment, one of the things that we started doing is taking a bigger share that we were actually set up to ensure that with the most serious customers and continue to meet the demand where it is. So we focus on making sure that we have the staffing level to support the more sustained demand environment. On that point, my biggest focus and the biggest thing that I'm looking at in the main environment right now is customers have the appetite for treated projects. But they're seeing the same thing that everyone all over the world is seeing right now, they have to step up. And so we're watching that close. As you know, our strategy is, long term, we want to make sure customers are buying at the pace that they can consume and get value from it. This is how we actually grow and this is how we expand. And so that's our core focus as we go forward. The last thing I'd say is when you just think about our business, we see durability on both the VM side and the security transformation side, and we're continuing to make investments to support that.
Our next question comes from Matt Hedberg with RBC Capital Markets. Your line is open.
Congratulations on a really strong quarter. Corey, your team has done an excellent job expanding your platform well beyond the basic offerings in DevSecOps. I’m interested in how you view the competitive landscape as your platform matures and begins to incorporate automation and orchestration. I assume you might be able to address some fragmentation in the market that exists with various niche solutions. Are customers starting to view you as a consolidator within the DevSecOps space?
Yes. So I'll tackle it first, and then Jeff will follow if I can add. First and foremost, we are definitely seeing the platform strategy that we've articulated multiple times working well. And that's that if you actually lead across all the areas, and you provide a common platform that delivers productivity, efficacy, efficiency at a consistent user experience, customers like that. You saw that in some of the customer examples that I used on the call. The other thing that I'll highlight is that we have the benefit of multiple places to land. If you look across specifically, the vulnerability risk management, the IDR and the cloud. Because we actually have put ourselves in a strategic position with customers, we are now more easily able to add on added security services. So when you think about things like network traffic analysis. Five years ago, we could have actually done that because it wasn't the right thing to sell. But now we actually have a robust customer base and robust demand. We're seeing lots of customers interested in fully filling out their security strategy and their security platform with Rapid7 Insight platform products or products that are highly integrated with the Rapid7 platform. We think that that's a real long-term advantage for us.
And then that's super helpful in terms of additional land spots. And then I guess just maybe a question on return to work. I guess what is Rapid7's sort of strategy around that as we think about 2022? And do you expect salespeople to start to increase their travel next year? And could that have a positive impact on pipeline generation relative to this year?
Yes, we anticipate an increase in travel next year compared to this year. The past two years have seen historically low travel levels, and even when there was hope for improvement during the Delta variant, travel decreased further. However, we've become more strategic about identifying which travel is truly effective and valuable. I strongly believe in the importance of culture, and we have an impressive team with good tenure. We see the hybrid work model as beneficial for employees, providing them with necessary flexibility while allowing them to travel to meet customers in meaningful ways. Spending time with customers and prospects is valuable, and we need to discern which interactions are truly beneficial. We are considering what is genuinely value-added versus what isn't. This will mean more travel, but we won’t return to the pre-2018 and 2019 travel patterns; that era is not coming back.
Our next question comes from Saket Kalia with Barclays. Your line is open.
Corey, maybe just start with you. In your prepared commentary, you talked a good bit about enhanced pricing and packaging, and also talked about meeting the customer where they are. Can you just maybe give us some broad brushes on some of the new packages that may have worked particularly well? And maybe how you sort of see that pricing and packaging strategy evolving as we go into next year?
Yes, that's a great question, Saket. I mentioned the importance of pricing and packaging in relation to the overall customer experience and the sales process because all of these factors contribute to our success. The main focus is on how we can enhance our customers' productivity and effectiveness while ensuring that our go-to-market strategy is efficient and predictable. Regarding pricing and packaging, we've discussed several areas that we're activating, with some being quite successful and others continually improving. For example, we've seen excellent results with our IDR solution, which effectively addresses threat response scenarios. This package not only includes the core IDR features but also our IDR Ultimate package, offering advanced endpoint telemetry and unlimited workflow automation, as well as network traffic analysis. These offerings appeal to customers because they present a comprehensive solution that is well-integrated, enhancing productivity. Additionally, it's important to note that while some customers opt for upfront package purchases or upgrades, others prefer to see the value before committing, which is beneficial for us. One example involved a customer who initially approached us with specific problems, stating they needed assistance with a VM issue rather than IDR. However, after we provided them with an excellent experience and addressed their needs, they acknowledged our effectiveness and later added cloud services and ultimately IDR. This approach, which focuses on understanding and meeting customer needs, is crucial for our growth and for delivering the experience our customers desire.
Both VM and security transformation performed well this quarter, as Corey mentioned in the prepared remarks. Currently, security transformation is clearly our main growth driver. VM now represents just under 50% of the total. As you can see, security transformation is expanding more rapidly, thus increasing its share of the total. VM continues to grow at over 10% annually, while security transformation is growing by over 40%.
Our next question comes from Eric Heath with KeyBanc. Your line is open.
This is Eric Heath on for Michael. Congrats on the really strong results. Corey, it looks like another strong quarter for customer adds, accelerating again even organically. So maybe you could just give us some color on what's driving the success, whether it's a strengthening macro, better win rates or even if it's being driven by particular products?
Yes. At the core of the combination of a strong demand environment and strong execution environment. So I want to mean about that is that our new adds are healthy because there's lots of demand in the environment, and we see that across the products with the growth rates that Jeff has talked about. And then I mentioned earlier, it's clear that security transformation is doing quite well. But also, we are maintaining our momentum in vulnerability management, and we're quite happy with the sustainability and the health of that business. The second thing is good execution by our teams of our product teams and our customer engagement teams because another core driver of that is we're doing a really, really good job of retaining more customers. And so our ability to actually retain more customers and pay more revenue from customers, that's continuing to improve year-on-year, and that also drives the net customer adds.
And then one more, if I could. I mean, Corey, earlier you talked about kind of the need for customers to staff up. So I wanted to ask on your MDR offering. It seems like an area of the market that's seeing stronger demand and maybe spurred by the increasingly difficult hiring environment and growing complexity of attack. So could you just talk about how you think about this market strategically as part of the broader Insight platform?
We believe that detection has been a strategic focus for us for a long time. Our entire strategy is built on the assumption that customers need to be highly effective and efficient, and that there will always be talent constraints. We develop products that tackle these challenges; for example, we have examined our MDR offerings that cater to specific use cases. Our strategy is two-pronged: we offer our own MDR solution, but our primary focus is collaborating with our managed services partners to deliver this service. There is significant demand in the managed services space for quick solutions to address the challenges faced in this area. Our aim is to provide high-quality managed services. Unfortunately, many managed services organizations prioritize their margins over customer experience and effectiveness. Therefore, we have been enhancing our ability to identify and select partners who share our commitment to quality. Customers are willing to invest in quality, and we have demonstrated this ourselves. We are confident about the long-term market potential and will continue working with our partners to capitalize on this opportunity.
Our next question comes from Jonathan Ho, William Blair. Your line is open.
Congrats on the strong results. I just wanted to start out with the 40% organic ARR growth you're expecting for security transformation. Is there a way for you to maybe unpack for us the growth rates? Are they all fairly similar? Are there certain products that are going much more quickly? Just some additional color in terms of how you're thinking about the security transformation side.
It's a great question. We don't provide specific breakdowns. It primarily relates to our packaging strategy mentioned earlier, especially as we experiment more and improve our ability to sell bundled packages to customers. The way we assign value to different products can be somewhat arbitrary. We do highlight VM separately because we know that our investors want insight into its performance and our security transformation solutions. We aim to provide enough transparency while ensuring we focus on the overall business operations. Our main goal is to address customer challenges and increase their trust in us for their security spending. As we deal with numerous packages, the allocations can become somewhat random. We will keep communicating our security transformation solutions at a high level so you can get a sense of growth rates, but breaking it down further may become less meaningful over time.
And then just in terms of the contribution from Insights, I may have missed this, but can you give us, I guess, the numbers in terms of the contribution as well as ARR coming from Insights?
Yes. So I'll start, and Corey can add. When we acquired them, we brought on $27 million of ARR. There are about 200 employees, and they were growing over 40%. In the quarter, they contributed about $3.8 million of revenue in the quarter. And that was net of deferred revenue haircut that we took for purchase accounting.
Our next question comes from Brian Essex with Goldman Sachs. Your line is open.
I wanted to explore vulnerability management further. Corey, could you share your thoughts on the business's growth rate compared to the overall company and the growth rates of some competitors? Is it a consistent growth segment? Additionally, could you compare the sales incentives for the sales team in this area versus those in security transformation? I have a follow-up question as well.
Yes. And I'll just reiterate for the one listed is that what we said and maintain was our expectations of the growth rate durability management to be over 10% and we think that has durability there. We also think that from a long-term perspective, we still expect to take share in the market overall. We expect to take significant usage share in the market in terms of using vulnerability management solutions. Part of the reason that we continue to invest heavily in a market-leading VM solution from an R&D perspective is we think it's strategic to our customers. While we have parts of the business, specifically our security transformation, that are going faster, we think vulnerability is an incredibly both strategic and healthy part of our business long term. We treat it like that. We invest in it. We continue to do innovations and enhancements around it. What I would say, you'll see over time is we are indifferent to the line item distribution or allocation. What we're really, really focused on is how customers consume and then maximize the share of wallet that we talked about earlier. Again, as we move forward, our goal is to make sure that we're leading, especially in terms of usage around vulnerability management, to actually be able to continue to gain market share overall and grow our ARR per customer and the share of wallet strategically.
And then maybe just as a follow-up. I don't know if you saw, but the Biden administration issued an operational directive to federal agencies this afternoon to reduce known vulnerabilities. And I guess the question is, how much exposure do you have on the federal side from your experience when these kinds of announcements are made? How long does it take to trickle down to state, local and SMB and then large enterprise as maybe that's kind of like a leadership by example type issue?
We see good progress on the federal level. But to be clear, we're still in the early innings. We have both our fed ramp and in our expanded sales and customer engagement for the public sector, but we expect to expand significantly over the next five years. That said, we've seen great progress to date. As far as how the mandates trickle down to the broader environment, we think it's positive. Today, you actually have most both the CEOs and the Boards of Directors that are aware. I don't like to add anything incremental. I think it actually increases our confidence in our public sector investments. Definitely, it has some implications for additional state and local budgets, which I think is positive. But for the corporate sector, we've seen really good engagement with both the executive team and the Board of Directors, which provides a lot of air cover and support for a long-term healthy environment.
Our next question comes from Mr. Ruykhaver with Baird. Your line is open.
Congrats on the strong ARR performance. It's nice to see that organic acceleration. So I want to talk about the cloud stack. It's been quite a few days since the acquisition of DivvyCloud, obviously, bringing you CSPM. But I'm wondering if you can provide some customer interest, maybe adoption trends around some of the newer parts of that product, the cloud workload protection, cloud identity and access management. Then also, maybe you could comment on how you see customers buy that solution set? Is it the whole portfolio? Or is it more of a land and expand type of sales motion?
Yes. I would say, one, we're seeing very, very healthy demand for cloud in general. What you would expect with the digital transformation, we have a lot of confidence both near term and long term about the opportunity in cloud security, especially given digital transformation. As far as the process of the packaging, it's still early days. We definitely see people starting with one part of the solution and expanding. Part of the reason we started our investment was cloud security posture management; that tends to be how a lot of customers start their journey. The IAM and cloud workload protection, we see lots of customers just like, 'Hey, just give me the solution on the product I actually want to look at the holistic.' I don't have a determination right now nor am I that overly concerned, just like discussion on price impacting earlier; we really let customer preferences drive it. We don't give them an overwhelming number of choices because that would just call stress. But we try to give them concrete choices that say, 'Listen, you can control your rollout of your journey in the past to best suit you.' And so when they purchased it all at once, which we have some customers that do, or whether they actually sort of like buy it as they actually use the capabilities, we have customers on both of those things today, and we have not steered customers either way.
And then I think also just looking forward, Corey, would love to hear your thoughts on how you see that cloud security portfolio evolving? Where you think it might be holes that would be a natural fill-in for the company over time?
Well, I can't answer the question around the holes; it has more to do with the earliness of the cloud market in general. I know we think about cloud security and cloud applications as something that’s been around. But this is really sort of like if you look at mainstream adoption, we had five years low. If you look at the massive shifts in how we've actually manage and deploy technology in the cloud over the last five years, there have been some big shifts and there will be even bigger shifts. This is the area that we're going to be investing in, and we have the capacity to invest in organically and inorganically to make sure that we stay relevant. But if you had asked me three years ago, I had no clue that identity would be such a big opportunity. We actually noticed 18 months ago or two years ago, that identity is a really significant opportunity, and we allocated the resources to organically build out that identity solution. That's kind of the approach. Cloud is still in the early stages. We have a great portfolio in cloud, and that portfolio absolutely will evolve because the cloud market itself will evolve.
Our next question comes from Brad Reback with Stifel. Your line is open.
Corey, maybe following up on those last comments. When you're walking into an existing customer or net new and you're selling them, we'll say, the entire platform, is most of the net new products that you're selling them, a greenfield opportunity as opposed to the customer replacing a legacy tool?
It's a great question. We see greenfield and legacy. The more upmarket you go, larger accounts, we see more replacements. The only thing I would say is that by and large, the majority of what we're seeing is replacement of things that are unhappy and inefficient or greenfield. Meaning that our sales team very does not very often go try to convince customers to actually go replace something that the customer is happy with or satisfied with. Most of the time, the customer has some level of satisfaction. Even sometimes with great products, they're too hard to use or they're too expensive or have gaps. Fragmentation calls me to actually not be able to train up my team. By and large, when you're thinking about, we're selling to either greenfield or dissatisfied customers. What I hear from our sales team is that that opportunity is not limited; there's lots of people that are dissatisfied, and that's mostly because the market has not focused on productivity or the user experience, or making sure that customers can have the results they want at a reasonable cost. Those are all problems that we're tackling and solving.
Our next question comes from Alex Tindle with Raymond James. Your line is open.
This is Alex on for Adam. Just curious, with the number of monitoring vendors moving into AppSec recently over the last few months, how do you think the competitive dynamic may shift? And with so many vendors, do you think there's any risk that application security becomes commoditized at any point in the future?
It's a great question. One, we participate but AppSec is a highly fragmented market to start off with. I would say that yes, it’s bigger than anything. Application security on all the market that it's a smaller part of this is very healthy, but it’s also a smaller part of our business. What become commoditized is I don't think so. The primary reason is that if you look at the foundation, people are building more apps than ever before. By the way, if you think about the other side of the equation is we had a really difficult global cybersecurity ecosystem when it was professional ISVs building applications. Now we have a bunch of professional ISVs and a whole bunch of organizations who are new to building commercial-grade applications, building it sort of at scale and faster than ever. That should be a robust opportunity for our security. That said, we see some of the biggest opportunities in the cloud as we extend backwards. I think the application security market is highly fragmented. It, just like the cloud, I talked about, will evolve over time. I don't see near-term commoditization, even with the competition, and even seeing players coming in from other markets who actually have great relationships in the application security space, join it. I see many of those players joining in to actually participate in the upside, not just to actually traffic to 0, but we'll see where it goes.
Perfect. And then in case I missed it, just a housekeeping question, can you speak to net retention rate or any changes in gross retention rate?
Go ahead, Jeff.
We haven't been disclosing the net retention rate. But what we will say is that it has improved sequentially over the past few quarters. We've invested in it. We aren't disclosing the specific metric anymore.
Our next question comes from Gregg Moskowitz with Mizuho. Your line is open.
So the 58% rest of world revenue growth was pretty remarkable. I think it's been five years since we've seen that type of growth and the comps that you faced this quarter was actually the toughest that you'll face all year. Corey, were there any regions that were particularly strong for Rapid7 that you would highlight?
The growth in international markets is strong and not limited to one specific area. While it wasn't uniform across all regions, we observed widespread health and growth. A significant factor contributing to this was the extensive effort required, especially with new offerings, to establish the channel, branding, and sales teams for the platform. Our international leadership, sales, and customer service teams have excelled in transitioning from our traditional transactional offerings to the platform, which is highly strategic and valuable. This transition has fueled growth and also enhanced customer retention, further driving that growth.
And then just as a follow-up, how is the labor market from your vantage point?
Yes. Let me just Jeff have any follow-up comments on the last question because you have a last perspective.
Yes. I just wanted to mention, Greg, that we did benefit; there was a tailwind for the Insight acquisition, which wasn't in the prior year numbers. So they have a greater percentage of international revenue. So that contributed to the 58%. But international revenue was very strong and grew in excess of our overall ARR rate this quarter.
Yes. It's a great question on labor market. Look, we're experiencing the same thing that everyone else is experiencing. The labor market has definitely tightened. I think that from my perspective, I think we’re probably a beneficiary. What I mean by that is that if you look at our hiring plan, we performed well against our hiring plan. If you look at attrition, attrition is not as good as it was in 2020; people really create job stability, but it's normalized from what it was in '19. So over the period, it's more normalized versus some of these super high crazy attrition that some organizations are seeing. Our employer brand and our focus on culture has been able to attract talent in. One of the biggest challenges that we have, frankly, as we go forward, is that as we've seen greater growth in the demand environment, we've actually invested in hiring to support that growth. So we've opened up that capacity to make sure that we are supporting the customers and growth as we go into next year. That's a lot in this talent market right now to actually expand your hiring in this talent market. But we're having success; it's something I watch and we talk about on an ongoing basis.
Our next question comes from Hamza Fodderwala with Morgan Stanley. Your line is open.
Corey, maybe just one question for you. Really strong growth in new customers. I was wondering, just given the rising threat environment, to what extent is the growth in InsightIDR being influenced by more deals around incident response? Is that something that you're seeing contribute more to larger customer lands, in particular?
Yes. I think you mean that customers have an incident and therefore, the InsightIDR capabilities come into play. One is, I would say, service is not a material drop from that business. I mean, we have a services business. You could talk about the services business for us being most about having the capacity to serve our customers and gaining intelligence about what's happening in the threat environment. So services in that way in the responses matter. One of the drivers is, is customers have incidents and they decide to upgrade their market capability. That's a great driver for us. I don't have statistics on it because, as you can imagine, not every customer that upgrades tells us they have an incident. Some of them want to talk to them or actually share that, but they don't always share that with salespeople. I would say we don't have a statistical answer around that. But I would say that we definitely know that that's a trend.
Our next question comes from Shebly Seyrafi with FBN Securities. Your line is open.
Yes. Is there a reason why the professional services revenue growth spiked to 34% from like 12% in Q2? Was that Insights as well?
No. Just overall, we had stronger bookings in the quarter, which led to delivering more revenue this quarter, but it was nothing unusual in that other than the volume increase this quarter.
So with that strength that you're seeing, do you expect services revenue growth to be elevated compared to the past for the next several quarters?
It's not a significant part of our business. As Corey mentioned, it contributes to product revenues. Looking ahead, you can expect our professional services to grow in the mid- to high-single digits over the next four quarters and throughout the year.
Thank you. And I'm showing no further quotes at this time. I'd like to turn the call back over to Corey Thomas for closing remarks.
Thank you all so much for joining us today on our earnings call, and I hope that all of you are healthy, and I look forward to speaking with you all later on the next call.
This concludes today's conference call. Thank you for participating. You may now disconnect.