Rapid7, Inc. Q4 FY2021 Earnings Call

Good day, and thank you for standing by. Welcome to the Rapid7 Fourth Quarter and Full Year 2021 Earnings Conference Call. At this time, all participants are in a listen-only mode. After the speaker's presentation, there will be a question and answer session. Please be advised today's conference is being recorded. I would now like to hand the conference over to your host today, Sunil Shah, Vice President, Investor Relations. Please go ahead.

Thank you, operator, and good afternoon, everyone. We appreciate you joining us today to discuss Rapid7's fourth quarter and full year 2021 financial and operating results, in addition to our financial outlook for the first quarter and full fiscal year 2022. With me on the call today are Corey Thomas, our CEO; and Tim Adams, our CFO. We have distributed our earnings press release over the wire and it is now posted on our website at investors.rapid7.com, along with the updated company presentation and financial metrics file. This call is being broadcast live via webcast, and following the call, an audio replay will be available at investors.rapid7.com until February 16, 2022. During this call, we may make statements related to our business that are forward-looking under federal securities laws. These statements are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995 and include statements related to the company's positioning, our future goals, and financial guidance for the first quarter and full year 2022, and the assumptions underlying such goals and guidance. These forward-looking statements are based on our current expectations and beliefs and on information currently available to us. Actual outcomes and results may differ materially from the expectations contained in these statements due to a number of risks and uncertainties, including those contained in our most recent quarterly report on Form 10-Q and in the subsequent reports that we filed with the SEC. The information provided on this conference call should be considered in light of such risks. Actual results and the timing of certain events may differ materially from the results or timing predicted or implied by such forward-looking statements, and reported results should not be considered as an indication of future performance. Rapid7 does not assume any obligation to update the information presented on this conference call, except to the extent required by applicable law. Our commentary today will be primarily in non-GAAP terms and reconciliations between our historical GAAP and non-GAAP results and guidance can be found in today's earnings press release. At times, in our prepared comments or in response to your questions, we may offer incremental metrics to provide greater insight into the dynamics of our business or our quarterly results. Please be advised that this additional detail may be onetime in nature, and we may or may not provide an update in the future on these metrics. With that, I'd like to turn the call over to our CEO, Corey Thomas.

Thank you, Sunil, and good afternoon to everyone on today's call. Thank you for joining us. Rapid7 finished 2021 on a high note, delivering strong fourth quarter results on broad-based strength across our security transformation and vulnerability management solutions. Security transformation saw year-over-year organic ARR growth of over 50%, exceeding our expectations for the quarter and the year, driven by our team's strong execution and a growing need for customers to manage increasingly complex security environments. We ended the year with $599 million of ARR, growth of 38% over the prior year, and growth of over 30% on an organic basis. These growth rates highlight the compelling value proposition our Insight platform is delivering to our customers and support our belief that 2022 will be another strong year for Rapid7. Our commitment to executing on our growth and profitability framework is evident in today's results. We delivered nearly 100 basis points of non-GAAP operating margin expansion for the year, while accelerating ARR growth and absorbing our largest-ever acquisition to date. We also saw significant scale and cash flow, exceeding $50 million of operating cash flow in 2021 and delivering $35 million of free cash flow for the year, ahead of expectations. This puts us on a great trajectory to execute against our mid- and long-term free cash flow targets. While Tim will share more on our operating results during his prepared remarks, these financial highlights illustrate the strength of our underlying business and our commitment to making responsible investments in growth. We began last year with our three enduring goals in mind to enable customers to securely transition to the cloud, to expand the capabilities and value proposition of our best-in-class Insight platform, and to balance our dual mandate of scaling profitably while strategically investing to drive durable growth. In March, we expanded on this vision at our Investor Day, where we outlined our medium- to long-term financial goals and elaborated on a few key opportunities, including the large and expanding addressable market for our solutions, our ability to grow ARR per customer by cross-selling and upselling into our base, focusing on higher-growth strategic customers to support this expansion, and an underpenetrated international market with significant room for share gains. During 2021, we executed extremely well across all of these opportunities. We accelerated ARR growth while expanding our addressable market beyond $30 billion. ARR per customer grew 17% for the year, approaching $60,000 per customer. Customer growth accelerated, driven by increased demand and notable improvements in retention as we eclipsed 10,000 customers globally. We saw approximately 50% year-over-year growth in our international revenue. Moreover, the escalating cyber threat landscape we experienced throughout the year validates the durability of these opportunities, as customers transform their business, cloud adoption gains pace, and the ability to manage cybersecurity risk becomes even more challenging. These issues are now a top priority for executives and boards, particularly as the labor market for security professionals tightens and regulatory scrutiny and brand risk increase. These market conditions provided a healthy secular backdrop for our strong growth in 2021 and should support durable ongoing growth in 2022. I'll highlight three areas that are driving our success today. First, our Insight platform provides customers with a broad-based integrated suite of best-in-class security operation solutions. We've invested in and expanded our capabilities over the last few years to build a leading position in the extended detection and response, cloud security, and vulnerability risk management markets. We further strengthened our customer value proposition by adding platform services, including SOAR and threat intelligence to provide security teams with comprehensive visibility, analytics, and observation that they need to manage an evolving IT environment. The depth and breadth of our platform is increasingly becoming a competitive differentiator. It's driving demand with our customers, particularly as security teams look to consolidate an increasingly fragmented set of security solutions. This is demonstrated by the strong growth we saw across our Insight platform throughout 2021, with particular strength driven by our security transformation solutions, which now represent the majority of our total ARR. We see a long runway ahead in terms of our platform opportunity as we expand our base of multi-product platform customers. The recent log4shell vulnerability highlights the value of holistic visibility and monitoring our Insight platform can provide in helping customers to drive better security outcomes. Beyond the critical importance of InsightVM in providing visibility to the risk in customer traditional environments, customers are leveraging Insight cloud sec to identify vulnerable cloud entities InsightIDR to monitor for attacker behavior related to log4shell. Our application security capabilities to both monitor and block against attack attempts and velociraptor for forensic analysis of exploitation attempts against the vulnerability. The scope of incidents like log4shell demonstrates the persistent nature of the elevated threat landscape our customers are facing today and why we expect cybersecurity will remain top of mind for organizations of all sizes as we look ahead. The second aspect of our business I want to highlight is our market-leading incident detection and response. As the topic of XDR gains more traction, many of you have asked how Rapid7 InsightIDR is delivering customer impact in this space. The answer is that we've always approached IDR from this perspective. When we began building IDR in 2013, most people were focused solely on data collection. Rapid7 took a detection-first approach, hence the name, incident detection and response. By combining leading data collection capabilities on our Insight platform with detections from our analysis of attacker behavior and layering on user behavior analysis by integrating compliance dashboards, we were able to build not just a market-leading SIEM, but also a market-disrupting capability to detect and respond to attacks more effectively. We have since extended the breadth and depth of our offerings at risk capabilities, including endpoint detection and forensics and network traffic analysis to provide more comprehensive visibility across customer environments as well as embedding automation to drive productivity to help customers deliver better security outcomes. Our investments in natively integrating these capabilities is why customers are choosing InsightIDR to help minimize the seams and gaps that exist in their fragmented technology environment today. We continue to invest in expanding our platform capabilities, most recently via the addition of Insight's best-in-class threat intelligence offering. We remain early in our integration efforts, but have begun to see the vision of combined internal and external attack services monitor and resonate with our customers. During the fourth quarter, we saw great progress in our ability to sell Insight into our existing customer base with nearly 40% of our new threat intelligence business driven by cross-sell. A great example of this was a 6-figure competitive displacement with a well-known global food and beverage brand. The customer added threat command alongside our detection and response and vulnerability management solutions, in part because of the enterprise-relevant alerts and the ability to automate workflows to improve the efficiency and effectiveness of their teams. We remain bullish on our long-term opportunity to deliver a market-leading XDR solution to our customers as we continue to integrate threat intelligence into IDR. Lastly, I'd like to take a moment to discuss the emergence of our cloud-native security platform, Insight cloud sec. Digital transformation and the accelerating customer shift to cloud-based infrastructure is disrupting security programs. Cloud environments are more dynamic and scale and difficult than the traditional IT environment. This is why security teams are increasingly looking for solutions that are built from the ground up to manage the unique risks in their cloud environments. While the cloud security market remains in its early days, it is clear to us that success in the future in the cloud relies on holistic data collection, analytics, and automation, all capabilities that are core to Rapid7. This is how we have architected Insight Cloud Sec, by integrating 3 critical areas of technology to bring together multi-cloud data for which visibility and analysis across cloud posture management, cloud workload protection, and cloud identity and entitlement management. We continue to innovate and invest heavily in this space given the massive opportunity ahead to help our customers migrate securely to the cloud. Our approach is resonating with customers as evidenced by a competitive 6-figure deal with a Fortune 500 company. The customer's homegrown approach to securing and growing multi-cloud environments will struggle to scale with the pace of their cloud development. They selected Insight Cloud Sec for our scalable automation, seamless integration with Insight VM, and our public cloud provider coverage that few competitors can match. Our swift time to value and out-of-the-box capabilities provide tangible benefits for the customer, allowing Insight Cloud Sec to become, in their words, a cornerstone of their security program. As we look across all three of these areas, we expect that many of the market dynamics we experienced in 2021 will continue to intensify in 2022. The attacker landscape continues to become more hostile and the pace of innovation, particularly the move to the cloud, is accelerating, and the security gap is getting wider. It is clear that security now has a permanent seat at the table in executive and board discussions. We expect this to fuel durable growth for our best-in-suite Insight platform as we look ahead to 2022. These dynamics are also impacted by the increased turnover many companies are facing in today's labor market, exacerbating what has already been a tight talent environment for cybersecurity professionals. Rapid7's sustained focus on addressing the needs of resource-constrained customers, by delivering best-in-class productivity and efficacy of security programs while lowering the cost of operations positions us well to drive strong customer impact through our Insight platform in this environment. As we march forward into 2022, we remain committed to executing against our three enduring goals for Rapid7: enhancing our customers' ability to securely transition to the cloud, building out an increasingly integrated best-in-suite platform experience, and driving to attain profitability growth. We believe that secular tailwinds in security in the evolving IT environments put us in a great position to execute on these goals in 2022. We are confident that we have the right technology and people to drive another year of durable growth. Our team remains committed to delivering on our 2025 goal of becoming an over $1 billion Rule of 40 company, and we see great line of sight to achieving that given our strong execution in 2021. Amidst an ever-escalating cyber threat landscape, I'm tremendously grateful to all of the security professionals around the world who work tirelessly to keep our technology environment safe. The Log4Shell vulnerability strained security teams at the end of an already busy year, and I'm proud of our Rapid7 team for their commitment to supporting our customers during the ongoing remediation efforts. We know that the threat environment continues to impact organizations of all sizes and that gives us conviction in the importance of our mission to make the best in security operations achievable for all. Thank you to our team and to our customers for supporting us on this journey. Before I turn the call over to our new CFO, Tim Adams, I would like to thank Jeff Kalowski for his significant contributions over the last 5 years. When Jeff joined the company, we had a VM solution and an annual revenue run rate of around $150 million. Today, we have a broad-based best-in-class security operations platform generating nearly $600 million in annualized recurring revenue. Jeff was a critical player in this transformation. We wish him all the best in retirement. Tim, we're thrilled to have you on board as we usher in the next chapter of growth for Rapid7, and I'm excited about all the great experience you will bring to our leadership team. Thank you for joining us today. And now I will hand the call over to Tim.

Thank you, Corey. Good afternoon, everyone. Thank you for joining us on the call today. I look forward to working with all of you and hopefully meeting you face-to-face in the near future. First, let me say I'm very excited to be part of such a great company. I have known Corey and the Rapid7 team for a few years, and I am truly honored to be here. I've been on board for just over a month, and I have been impressed by the level of talent and experience across the organization. There is a strong culture of collaboration, teamwork, and customer focus. As one of the executive leaders, I will be working across the company to ensure that we continue to align our business and finance strategies to support our overall growth and long-term financial targets. Now before I turn to the results, a reminder that except for revenue, all financial results we will discuss today are non-GAAP financial measures, unless otherwise stated. Additionally, reconciliations between our GAAP and non-GAAP results can be found in our earnings press release. Rapid7 delivered strong fourth quarter and full year 2021 results. Total ending ARR of $599 million grew 38% over the prior year driven by growing customer demand across our portfolio of security transformation and vulnerability management solutions. ARR growth was over 30% on an organic basis in 2021, an acceleration over the prior year and highlights Rapid7's exceptional ability to drive durable growth as we scale our business. Full year revenue of $535 million grew 30% over the prior year and exceeded the high end of our guidance range. Strong demand for our Insight platform solutions drove product revenue growth of 31% over the prior year to $501 million. As Corey shared earlier, the need to manage risk across an increasingly complex IT environment fueled organic growth of over 50% in our security transformation solutions ARR in 2021. We are thrilled to share that our security transformation solutions now represent the majority of our total ARR. We continue to see a healthy mix of growth coming from both new and existing customers during the year in addition to experiencing strong and improving customer retention rates throughout the year. Our customer base grew 18% over the prior year, ending 2021 with over 10,200 customers globally. Our expanding suite of leading security solutions and the compelling value proposition of our Insight platform is underscored by the ARR per customer of $58,300 at year-end, which is up over 17% over the prior year. Our commitment to driving durable growth while expanding margins within our profitability framework is clear in our operating results. Rapid7 generated approximately $8 million of operating profit, a year-over-year improvement of nearly 100 basis points, and $35 million of free cash flow during 2021, both of which exceeded our guidance. We were able to achieve these results while increasing our investments in growth, absorbing our largest acquisition to date, and hiring and retaining talent in a more competitive labor environment. Now turning to our fourth quarter results. Total revenue in Q4 of $152 million was up 34% over the prior year and above the high end of our guidance. Product revenue grew 35% year-over-year to $141 million. Our international revenue grew 59% and represented 20% of total revenue for the fourth quarter, while North America revenue grew 29% over the prior year and represented 80% of total revenue. Product gross margin was 75% in the quarter, while total gross margin for the quarter was 71%, down slightly from the prior year but in line with our range of expectations. As we've shared previously, we continue to expect product gross margin to trend in the mid-70s and overall gross margin in the low 70s. During the fourth quarter, we continued to invest in growth and innovation and absorbed a full quarter of expenses from our Insight acquisition. Sales and marketing expenses grew 34% year-over-year and represented 44% of revenue as we ramped investments to position ourselves for growth in 2022. R&D investments grew 45% year-over-year and represented 22% of revenue, while G&A expenses grew 31% and represented 9% of revenue. Our ability to reinvest our top-line overperformance from the second half of last year provides a strong foundation for growth in 2022 while maintaining the commitment to executing against our profitability framework. Fourth quarter operating loss of $6 million was slightly better than our guidance. Our adjusted EBITDA loss was $2 million in the quarter, and net income per share was a loss of $0.16. Moving to our balance sheet and cash flow. We ended the year with cash, cash equivalents, and investments of $258 million compared to $310 million at the end of Q3 2021. The reduction was primarily driven by the November redemption of the remaining $45 million of our convertible senior notes due in 2023. We delivered better-than-expected fourth quarter and full year cash flow from operations, reflecting strong ARR growth, and we exceeded our expectations by generating $35 million of free cash flow in the year. This brings us to our guidance. The strong results we achieved in 2021 highlight the large and growing opportunity we have to deliver our best-in-suite Insight solutions to customers as they face an increasingly complex risk environment. Our demonstrated success across the three areas that Corey elaborated on: the breadth and depth of our Insight platform as customers look to consolidate down to strategic security vendors, our unique approach to delivering a market-leading extended detection and response solution, and our early traction in helping customers migrate securely into the cloud, provide a solid foundation for our outlook into 2022. With that in mind, for the full year 2022, we expect an ending total ARR of $740 million to $750 million, which represents growth of 24% to 25%. We plan to share relevant ARR guidance updates likely in the second half of the year. We expect total revenue for the full year to be in the range of $682 million to $690 million, representing growth of 27% to 29%. On profitability measures, we anticipate non-GAAP operating income to be in the range of $17 million to $24 million for the full year, with non-GAAP net income per share in the range of $0.05 to $0.16. This is based on an estimated 60.9 million diluted weighted average shares outstanding. For full year 2022, we expect to generate strong growth in operating cash flow, which when coupled with slightly higher CapEx infrastructure investments to support our growth should drive healthy overall growth in free cash flow to a range of $40 million to $45 million for the year. The operating margin expansion we expect in 2022 reflects our growth outlook and is consistent with the profitability framework we have previously outlined. Moving to quarterly guidance. For the first quarter of 2022, we expect total revenue in the range of $153 million to $155 million, representing year-over-year growth of 30% to 32%. We expect non-GAAP operating loss for the first quarter in the range of $7 million to $5 million, driven in part by early year investments and some annual Q1 events such as kickoff. We expect a non-GAAP net loss of $0.18 to $0.15 per share for the quarter, which is based on 58.3 million basic weighted average shares outstanding. In conclusion, we remain committed to driving durable growth and margin expansion within our profitability framework as we continue on our path to becoming an over $1 billion Rule of 40 company. Thank you for joining us on the call today. And with that, we will open the call for questions.

Our first question comes from Rob Owens with Piper Sandler. Your line is open. Please go ahead.

Obviously, a strong quarter punctuated by acceleration in looking at that organic ARR number, it's clear that the environment is as good as it's ever been. So Corey, with the vulnerabilities out there with all the attacks, do you have any sense, is there a pull-in of demand that we're seeing right now curious how sales cycles are trending? And how sustainable are these levels? And I do note that it does look like you're going to hit your midterm goal of $750 million in ARR one year early, just based on your guidance alone.

Rob, it's a great question. So one, I would say the demand environment overall is quite healthy. And we started highlighting that in detail in the end of last year. And I think it's driven partially by some of the big name vulnerabilities or compromises. But I do think that it's actually moved to a level where this is on the permanent agenda now for both CEOs and Boards. And we think that's a very good backdrop for our business and our organizational role. I think part of the thing that has allowed us to capitalize on that well is I think that our team has a great story and great delivery on the ability to give customers the productivity that they want and the efficacy they need. Many organizations are looking for both of those. So just because it's in demand, they still want efficiency and productivity. I think that's really the story that transcends. To answer your core question, we think that, that is durable. We don't tend to chase sort of like the latest vulnerability or the latest retailing compromise. We focus on the long-term outlook and prospects, and we are seeing a high level of focus on customers, and we do think that we actually have durability of opportunity ahead of us.

And our next question comes from the line of Saket Kalia with Barclays. Your line is open. Please go ahead.

It's Saket Kalia from Barclays. Welcome, Tim. Corey, could you discuss the cross-selling success this year? You've mentioned nearly $60,000 in ARR per customer with just the best-in-suite offerings. How do you view the cross-sell efforts as you move into 2022, especially as your product list continues to grow?

As you know, we've expanded our product portfolio over the last few years. Our focus, first and foremost, is making sure that we're creating the right products that customers want to adopt. I believe we've nailed the formula for how to deliver highly effective sophisticated products that are also adaptable and consumable for a wide range of customers. I think we got that right. For that part of the equation, it was incredibly important not just to actually cross-sell the package, but to make sure that each of those offerings could stand on their own. And we've proven that out over the last several years. Over the last year or so, you've heard me start to talk about packaging and pricing. Now that we've proven that we have this 'best of suite', we're thinking about how to reduce friction for customers and generally improve our customer engagement. Cross-selling becomes quite strategic over time. In our pilots, we've seen evidence of customer attractiveness and adoption. We've seen proof points, and we're continuing to scale those as we move forward. So, while it won’t be one big thing overnight, we plan to improve how we find the optimal mix of adoption that works for our customers and us. Our goal is to deliver to customers at the pace they can adopt technologies, as that leads to enduring success and the best long-term customer economics.

Got it. That makes a lot of sense. Tim, maybe for my follow-up for you, since this is our first call altogether. I was wondering if you could just talk a little bit to us about what attracted you to the opportunity at Rapid7? And understanding that it's only been a month at the company, anything you want us to know just about your process or rigor when thinking about the guidance, just the overall guidance philosophy?

Yes, Saket, thanks. First, let me reemphasize I'm thrilled to be here. I've known Corey for about 5 years, and Jeff Kalowski, and they're first-class people. They’ve built a great company, which I think all of you will agree with. So I'm really thrilled to be here. In the 30-plus days that I've been here, I've had the chance to meet a lot of folks face-to-face, and you can tell they are very smart, hard-working, engaged, passionate, and really focused on the customer, which I think is critically important. Corey talks a lot about the culture of a company, and to me, that really matters. That mindset drives how we operate, behave, and work with each other. This is a very mission-driven organization, and there are a lot of bad actors out there creating havoc in the world. We strive to get ahead of that and prevent it. In terms of the guidance, we feel very good about what we put out, showing very strong year-over-year growth with the top line ARR range we shared. This team does an outstanding job; they are very thoughtful and thorough. It's a collaborative approach, not just of the finance team, but we reach out to sales leaders. Our COO, Andrew Burton, is engaged. It’s a very thoughtful process, and I feel comfortable with how it all comes together, and we feel good about the guidance we’ve shared today.

And our next question comes from the line of Matt Hedberg with RBC Capital Markets. Your line is open. Please go ahead.

And I'll offer my welcome to Tim as well. Looking forward to working with you. Corey, security transformation products are clearly driving a lot of your growth. And I think there's a huge focus on the TAM expansion. But obviously, you still have a pretty healthy VM business. I'm wondering if you could comment on, as we think towards next year, maybe the relative health of that business versus some of the start trends.

Yes. I'll talk about both of those. As we go forward, it becomes less important, mostly because of the way we sell and operate to actually break out security transformation from VM. As we continue to drive the cross-selling, the packaging, and the adoption strategy, we'll focus much more on driving productive usage and consumption for our customers. That said, we’re seeing great growth in security transformation and continuing growth in vulnerability management. We're optimistic about all aspects of our business. We're rigorous in our assessments and approaches, and we expect to see stable growth rates as we move forward. Visibility remains a consistent driver of demand, significantly influencing both vulnerability management and cloud solutions. Our complete portfolio holds extraordinary opportunity, and we see potential to meet customers wherever they are in their journey.

That's great. Maybe just a really quick follow-up. Did the log4shell incident have any impact on your Q4 growth rates? How do you think about that as a potential demand generator for 2022?

Yes, that's a great question. We view all of these incidents as healthy backdrops. However, we don't pursue sales simply driven by crises. We focus on how to help customers build strong security programs, and these events remind customers why security is important. We encourage our sales teams to emphasize long-term benefits rather than relying solely on urgent incidents. Nevertheless, these incidents help emphasize security’s importance and support our engagement with customers on lasting solutions.

And our next question comes from the line of Brian Essex with Goldman Sachs. Your line is open. Please go ahead.

First of all, Tim, congrats on the new role. Looking forward to working with you. And then Corey, can we talk a bit about the algorithm for growth throughout the year? You had a balanced land and expand strategy with customer growth and expansion within existing customers. Are we looking at the same algorithm in 2022? Could you address any investments you’ve made in sales and marketing, the sales force, and pricing configuration that might drive consistency or differ from historical trends?

It’s a great question, Brian. Our growth drivers include new customer acquisition and driving ARR within existing customers. The total addressable market (TAM) is vast. Our expectations remain that ARR per customer will contribute more than new customer acquisition over the medium to long term. It's not that we don't value new customers; we definitely love adding them, but we also see immense potential to serve existing customers effectively. While we will add some new customer metrics, we don't impose rigid structural limits on our sales teams to ensure they prioritize long-term customer growth and sustainability. Our belief is in favoring the durability of getting customers' solutions and services that suit their needs in the long run.

Got it. Super helpful. And maybe just a follow-up. Since Tim has only recently joined, any thoughts on customer perceptions of cloud security spending? Some peers mentioned 5% to 6% of total cloud IT spend should be the figure, but it still seems like an evolving market. What’s your perspective?

We are pragmatic in our TAM estimates and update them over time. The cloud adoption trajectory remains early, and we're witnessing solid success. It's crucial to iteratively refine our TAM as we gauge customer behavior and demand for cloud services. While our current estimates are promising, we recognize that this is an evolving market with potential for adjustments in the future. Effective collaboration with customers, embedding their needs in our solutions, will enhance our growth outlook as the cloud landscape continues to mature.

Let me add to what Corey mentioned earlier. You’re right; security concerns are now top-of-mind at C-level and Board levels. There’s a heightened sense of urgency regarding cybersecurity strategy, which can often prompt increased spending given that the risks associated with security incidents far outweigh the investment required to protect against them.

And our next question comes from the line of Fatima Boolani with Citi. Your line is open. Please go ahead.

Tim, very nice to meet you. Corey, I have one for you and one for Tim. So I'll start with you. You alluded to the international performance in your prepared remarks. I wanted to explore that further. You've seen four straight quarters of accelerating growth in your Rest of World execution. Can you share notable drivers of this growth? Any pattern observed in certain countries or products driving international performance?

Absolutely, Fatima. Great question. I would highlight two things. The demand for cybersecurity investment has grown significantly. While historically, international organizations had varied priorities and focus, we're seeing a shift in this dynamic. Customers are now increasingly aware and more willing to invest in their cybersecurity programs, particularly as the regulatory landscape evolves. The second driver is tied specifically to our company. Our innovative solutions are moving into international markets more effectively, and we have expanded our offerings globally. The operational work by our core infrastructure and platform teams has allowed us to optimize services for various regions. This is essential as we acknowledge data sovereignty's importance in today's market, which enables us to meet this demand elegantly. We've also fortified our partner ecosystems and strengthened our global service teams to fully support international customers.

I appreciate that, Corey. Just to echo what you said, expanding our international reach requires ensuring that we deliver measurable value back to the customers in various regions. Thus, partnerships and awareness of localized solutions are essential as we grow abroad.

And our next question comes from the line of Jonathan Ho with William Blair. Your line is open. Please go ahead.

Let me echo my congratulations. Just with the strong ARR per customer growth, is there a way for you to parse this out a little more? Perhaps between larger platform lands, expansion in existing assets, or new product additions? I want to get a bit more granularity on the sources of that strong ARR per customer growth.

That's a great question. Unfortunately, there isn't a straightforward parsing mechanism to provide the clarity you’re looking for; it's a blend of multiple contributors. We continue to excel with customer segments, both large and small. Each product offers various pricing based on segment and geographical distribution. In simpler terms, historical trends suggest that two main factors influence ARR per customer: cross-selling opportunities, which we discussed earlier, and upsell potential, which refers to usage and adoption rates. Overall, we are witnessing a combination of these elements, particularly in segments overlapping with cloud and IDR, which tend to reflect higher ARR averages as we enhance our target offerings.

And our next question comes from the line of Michael Turits with KeyBanc. Your line is open. Please go ahead.

Congrats on the quarter, and Tim, welcome. I want to come back to the cross-sell question that Saket started with. Corey, I know at Analyst Day you mentioned that 22% of your customers are multi-platform sales. Is there an update on that and where it's going? Can you discuss the specific products that often overlap in sales? How are you packaging multiple products to drive those multi-product sales?

Yes, we have continued to improve in that regard. I don't have specific new metrics to provide at this moment, but we continue to build momentum. Generally, we see clusters in product overlaps as noted in our early packaging pilot. For example, we’re seeing strong ties between IDR and SOAR, and insights in provisioning. Our focus aligns with customers' needs, with cross-selling increasingly becoming part of the standard sales motion as these offerings gain traction. As we operationalize our sales strategy, we're keen to understand our customers' preferences and behaviors while aligning our product offerings to accommodate those needs effectively. In short, we plan to remain attentive to customer thoughts on how they view our offerings to collectively package effective solutions.

And our next question comes from the line of Jonathan Ruykhaver with Baird. Your line is open. Please go ahead.

Sorry about that. Possible to ask for your thoughts on the competitive landscape for enterprise-grade detection and response capability? Specifically, as the market evolves with expanding endpoint offerings, how do you perceive the competitive landscape shaping?

Certainly. Instead of naming specific competitors, I can share how I view the attributes of effective detection and response capabilities. Organizations must focus on bringing data in natively and across a broad array of inputs, including endpoint data, network data, and logs. Fast, automated investigations and high-quality detection are critical in today’s landscape. Rapid7 is well-positioned in this competitive context. Many new players are emerging with fragmented coverage. As we work towards delivering a comprehensive solution, we continue improving our offering for our customers, which include across-technology integration, automating incident resolution, and reducing operational burdens, particularly in a landscape where rapid response is increasingly necessary. Thus, we view our integrated model as an essential competitive differentiator.

And our next question comes from the line of Brad Reback with Stifel. Your line is open. Please go ahead.

Just real quick, Corey, are your customers seeing any issues with staff levels affecting the deployment of your solutions?

Yes. It's something we're tracking closely. We've seen customer concerns around staffing capacity, which can impede their implementation of our solutions. This situation is of significant concern, as the customers' ability to effectively utilize our technology often relies on having the right personnel in place. We’re focused on investing heavily not just on our sales teams but also on our partner ecosystem, aiming to offer solutions to support customers as they face these staffing challenges. We’re committed to helping them successfully implement our solutions even during labor shortages.

Thank you. This concludes our Q&A session for today's conference. I would like to turn the conference back over to Corey Thomas for any further remarks.

Well, thank you, operator. Thank you all so much for joining us today. We enjoyed it, and we appreciate your support. We look forward to the next one.

This concludes today's conference call. Thank you for participating. You may now disconnect.