Rapid7 Inc

NASDAQ:RPD

Ladies and gentlemen, thank you for standing by and welcome to the Fourth Quarter 2020 Rapid7 Earnings Conference Call. [Operator Instructions] Please be advised that today's conference is being recorded. [Operator Instructions]

I will now hand the conference over to your speaker today, Sunil Shah, Vice President of Investor Relations.

Thank you, operator, and good afternoon, everyone. We appreciate you joining us today to discuss Rapid7's fourth quarter and full year 2020 financial and operating results, in addition to our financial outlook for the first quarter and full fiscal year 2021.

With me on the call today are Corey Thomas, our CEO; and Jeff Kalowski, our CFO. We've distributed our earnings press release over the wire and it is now posted on our website at investors.rapid7.com, along with the updated company presentation and financial metrics file. This call is being broadcast live via webcast. And following the call, an audio replay will be available at investors.rapid7.com until February 16, 2021.

During this call, we may make statements related to our business that are forward-looking under federal securities laws. These statements are made pursuant to the Safe Harbor provisions of the Private Securities Litigation Reform Act of 1995 and includes statements relate to the company's positioning, our future goals and financial guidance for the first quarter and full year 2021, the assumptions underlying such goals and guidance including the anticipated impact of COVID-19 on our financial guidance, business, financial condition, results of operations and renewals and our assumptions on the pace of economic recovery in the global economy, on our future results of operations and product strategy.

These forward-looking statements are based on our current expectations and beliefs and on information currently available to us. Actual outcomes and results may differ materially from the expectations contained in these statements due to a number of risks and uncertainties, including those contained in our most recent quarterly report on Form 10-Q and in the subsequent report that we filed with the SEC. The information provided on this conference call should be considered in light of such risks.

Actual results and the timing of certain events may differ materially from the results or timing predicted or implied by such forward-looking statements, and reported results should not be considered as an indication of future performance. Rapid7 does not assume any obligation to update the information presented on this conference call, except to the extent required by applicable law.

Our commentary today will primarily be in non-GAAP terms and reconciliations between our historical GAAP and non-GAAP results and guidance can be found in today's earnings press release. At times, in our prepared remarks or in response to your questions, we may offer incremental metrics to provide greater insight into the dynamics of our business or our quarterly results. Please be advised that this additional detail may be onetime in nature, and we may or may not provide an update in the future on these metrics.

With that, I'd like to turn the call over to our CEO, Corey Thomas. Corey?

Thank you, Sunil, and good afternoon, everyone. Thank you all for joining us today for our fourth quarter and full year 2020 earnings call.

I am pleased to report that Rapid7 team delivered a strong finish to 2020 that exceeded our expectations across both security transformation solutions and vulnerability management. Full year ARR growth of 28% to $433 million demonstrates our ability to capture the large and growing opportunity, as organizations transform their security operations for the cloud.

Rapid7 remain steadfast in our effort to help customers advance securely into the cloud. To further this goal, we began 2021 by expanding and strengthening our cloud security offering with the recently announced acquisition of Alcide, which I will touch on in a moment. Looking back on 2020, I am proud of our teams resilience and commitment to serving our customers amidst a challenging year for many.

I will begin today by sharing some insight on recent customer engagements that provide clarity and confidence into Rapid7's long-term position and prospect. I will again touch briefly on our innovation focus and enduring goals before turning it to Jeff to detail our financial results and guidance.

Over the last two months, we have seen organizations respond to unprecedented global disruption by accelerating digital transformation to cope with a more distributed cloud-centric world.

Enterprises and mid-market business alike are overhauling their systems to build a new cloud native applications to digitally engage with customers, employees and partners. These investments are happening across the industry lines in retail, manufacturing, education and health care to name a few.

But in the midst of this massive increase in digital investment, recent events in the cyber security landscape are a sobering reminder that digital risk has never been greater. These events put security squarely back in focus for boards and management teams, solidifies security as a critical component of ongoing transformation investments.

Even prior to these events, we saw an escalated security focus amongst our customers and prospects throughout 2020, as security was reprioritized alongside digital initiatives. During the fourth quarter, we saw strong demand for our Insight Platform products, as customers look beyond investing to work from home enablement to an enduring set of initiatives tied to securing cloud and digital investments.

One initiative is that customers expand their technology footprint, they are engaging with Rapid7 to upgrade their stock with modern detection response to better monitor expanding threat vectors. This was the case for the existing Fortune 500 retail customer, who is actively transforming their customer experience.

They was challenge to consolidate risk, visibility across an expanding footprint with an assortment of disconnected security technologies and services, have a single trusted security partner that they could scale with spoke volumes for them.

For this customer, who centralize their security architecture on the Insight Platform by adding IDR alongside their existing InsightVM deployment because our cloud native offerings and unified Insight agent, this customer was actively monitoring within two weeks the purchase. This time to value is critical to our customer success in today's dynamic threat environment.

Throughout 2020, we saw IDR resonate with international customers in part, for this reason. For example, in the fourth quarter, we engage with the international healthcare customer, who are seeking improve threat visibility after experiencing a security event.

This customer love the ease of getting IDR up and running, along with the visibility it provided across their external attack surface. They also realized the platform value of a unified agent that both detects threats and monitors for vulnerabilities, and as a result, purchase InsightVM at the same time.

Another enduring security initiative is that, as customers accelerate cloud investments, they are grappling with limited insights, and they are turning to Rapid7 for improved visibility and control in their cloud environment.

During the fourth quarter, we continue to see growing interest for our cloud security technology across both new and existing customers. A great example of this was a cloud security deal in the quarter with an existing Rapid7 technology customer. Upon evaluating DivvyCloud, this customer recognized the power of its automation capabilities and adaptability for the environment driving them to consolidate onto Rapid7 by replacing their existing cloud security offering. This deal resulted in a greater than 10-fold increase in this customer's AAR.

These deals clearly validate Rapid7's success and expanded beyond our vulnerability management routes to become a leading cloud native security operations company today. They demonstrate increasingly strategic nature of Rapid7's best in future approach to solving the full scope of our customer security operations challenges from VM, to detection response, to cloud security and automation. The result is that once again, we experienced strong demand for our security transformation solutions in the quarter, which grew over 40% exiting the year.

We expect continued momentum, as we look ahead to 2021 and are excited about the opportunity to build upon this success. We remain focused on delivering an Insight Platform experience that combines market leading technology and platform value for a differentiated customer experience.

One great proof point is the early validation we saw in the fourth quarter with our tax motion. Specifically, we saw strong early customer demand for our capability to attach automation as an add-on to other Insight products, purchases driving a record quarter for InsightConnect.

Coupled with the ongoing success of our network traffic analysis and enhanced endpoint telemetry modules, we see a compelling opportunity to drive deeper customer engagement on our Insight Platform.

A great example of this was a new manufacturing customer we signed in the quarter. This customer, who is looking to scale security operations and improve visibility and response to a breach, but managing desperate tools was a major pain point for them. They recognize that a single Insight Platform experience could improve coverage and make management significantly easier. They purchase InsightVM to remediate risk, InsightIDR with NTA to detect responses threat and InsightConnect for automation across the platform.

We remain early in our platform journey, but see tremendous opportunity here, and we'll continue to evolve our bundling and packaging opportunities throughout 2021. We expect this will support durable growth in our ARR per customer, which ended the year at $44,500 growth of 18% over the prior year.

Turning now to innovation, starting with the cloud. As companies migrate to the cloud, the influence of DevOps is critical to the process. Rapid7 is focused on delivering cloud security that sits at the intersection of DevOps and SecOps. So I'm excited to share more about our recently announced acquisition of Alcide.

As developers rapidly adopt Kubernetes for freedom and flexibility in cloud native development, security must keep pace. Alcide's leading cloud workload protection platform is designed to enable organizations to innovate in the cloud without sacrificing security by providing real time visibility, container one time monitoring and threat detection.

Adding Alcide's cloud workload protection to Rapid7's existing cloud posture management and cloud identity capabilities and DivvyCloud positions us to deliver a market leading cloud native security platform that delivers continuous security to our customers across multi-cloud environment. The acquisition of Alcide put us another step forward in solving the security stakeholders need to manage risk and compliance, while meeting the DevOps teams, where they are in the cloud.

Shifting to vulnerability management. It is important to note that the cloud is not the only place today, where customers lack visibility. As organizations asset footprint expand with OT and IoT connected devices, so to the threat footprint. Security teams are increasingly responsible for protecting and managing risk in these environments, but often lack the visibility and control to do so.

Rapid7's recent strategic partnership with SCADAfence, a market leader in industrial cybersecurity and Medigate, a leading medical device security provider, provide our respective joint customers with a more holistic risk visibility and management across their digitally connected environment. These integrations will enable visibility to OT, IoT and medical device information directly in InsightVM, so the security teams can perform active scans to gain improved visibility into those environments.

Wrap it up with a brief update on our goals. Last year, I shared three enduring goals for our business that remain core to our focus today, as we look ahead. Our first goal is to be a leader in enabling customers to transform their security operations around the cloud.

Over the past year, we have invested in our product capabilities and built a meaningful position in cloud security. We recognize that customer channels in the cloud are multifaceted and during 2021, we will continue to innovate, as our customers leverage our security transformation solutions to secure their digital journeys.

Our second goal is to accelerate our platform distribution agent. The early success we have seen with our evolving expand motion in 2020 validates our long term opportunity to expand ARR per customer. Over the coming year, we will continue to focus on lowering the barriers for our customers to more easily adapt a broader set of our best-in-class Insight Platform products and solutions.

Finally, our third goal is to drive long term operating leverage, while investing for growth. We're proud to have demonstrated strong execution and operational discipline this past year, while maintaining profitability, while absorbing our largest ever acquisition and navigating a volatile macro environment.

Moreover, we have done so, while continuing to invest aggressively behind a large and compelling market opportunity, which positions us to continue driving durable growth, as we focus on scaling free cash flow over the long term.

In closing, I'm excited about the opportunity that lies ahead, and we would like to thank our entire Rapid7 team for their ongoing efforts to make the best and security operations accessible to all.

Before I turn the call over to our CFO, Jeff, I would like to take a moment to invite all of you to our upcoming Virtual Investor Day to be held on the afternoon of March 10th, 2021. If you have not yet received the invite, please reach out to our IR team. We hope you can attend. Thank you all. Jeff?

Thanks, Corey, and good afternoon, everyone.

Before I begin, a brief reminder that except for revenue, all financial results, we will discuss today are non-GAAP financial measures unless otherwise stated and reconciliations between our GAAP and non-GAAP results can be found in today's earnings press release.

We're pleased to report solid execution, as Rapid7 delivered a strong finish to the fourth quarter and full year 2020. Total ending ARR of $432.9 million grew 28% over the prior year, as customers turn to Rapid7 to help solve their security transformation and vulnerability management challenges. The strong reaction we see across our business fuels our confidence and continuing to invest for durable growth and margin expansion ahead.

Full year revenue of $411.5 million exceeded the high end of our guidance, growing 26% over the prior year. We experienced strong demand for our Insight Platform products during the year, resulting in better than expected products revenue growth of 29% over the prior year to $382.9 million.

As Corey shared earlier, we see the early stages of an enduring way for organizations to secure their growing cloud and digital investments. This is reflected in the success of our security transformation solutions, which once again, grew over 40%, led by strong demand for our detection and response cloud and automation offerings.

Rapid7 is well positioned to help customers advance securely into the cloud with our Insight Platform, and we're investing to capture this high growth market opportunity. This is evident in our operating results, as we've reinvested top line over performance back into the business, while still delivering operating profit at the top end of our guidance range of $2 million for the full year.

Our success in 2020 was once again, driven by balanced contribution of business from both new and existing customers throughout the year, with our security transformation solutions representing over 50% of new ARR for the full year. We saw continued healthy growth in our customer base, as we ended the year serving over 9,700 customers globally a year-over-year increase of 8%.

We also experienced great success expanding relationships with existing customers throughout the year, as they leverage more of our VM and security transformation products to secure their growing digital footprint. As a result, we ended 2020 with ARR per customer of approximately $44,500, growth of 18% over the prior year.

Turning to fourth quarter results. Fourth quarter total revenue of $113.2 million was above the high end of our guidance and grew 23% year-over-year, while products revenue grew 26% year-over-year to $104.4 million.

Looking at the business geographically, North America revenue grew by 23% year-over-year and comprised 83% of total revenue for the fourth quarter, while rest of world grew by 26%, representing 17% of total revenue.

Total gross margin for the fourth quarter was 73%, down slightly from the prior quarter and down from 75% a year ago, driven by growing mix of our cloud-based offerings. Sales and marketing expenses grew 22% year-over-year, reflecting continued investment in growth and improved to 44% of revenue in the quarter compared to 45% in the year ago period.

R&D expenses grew 34% over the prior year and represented 20% of revenue, up slightly from 19% in Q4, 2019, as we continue to invest in innovation. G&A expenses grew 12% and improved to 9% of revenue compared to 10% a year ago.

Fourth quarter operating loss of $0.7 million was slightly better than the high end of our guidance range of $0.8 million, reflecting strong execution coupled with our focus on reinvesting top line out performance to support durable growth and profit expansion ahead. Adjusted EBITDA for the fourth quarter was approximately $3 million and net income per share was a loss of $0.07.

Moving to our balance sheet and cash flows. We ended Q4 with cash, cash equivalents and investments of $322.6 million compared to $331.4 million at the end of Q3. 2020. Fourth quarter operating cash flow of $0.6 million was better than expected, driven by strong billings and collections activity in the quarter. As a result, full year operating cash flow of $4.9 million exceeded our prior expectation of approximately breakeven.

During 2020, we completed a significant portion of our facilities expansion projects, resulting in full year capital expenditures of $13.8 million. We also incurred $6.1 million in capitalized software spend, resulting in full year 2020 free cash flow of a loss of $15 million, a notable improvement from the prior year loss of $36.9 million.

Shifting now to guidance for 2021. The strong demand we experienced during the second half of 2020 validates our thesis that organizations of all sizes are undergoing digital transformation, driving the need to modernize their security architectures. As customers lean into the cloud, they are leveraging Rapid7's best and switch Insight Platform to extend their security operations in the cloud.

Looking ahead, we plan to continue investing behind our best-in-class security transformation and vulnerability management offerings in 2021 to provide enhanced monitoring automation and cloud security capabilities to our customers.

Given these trends, we see a compelling opportunity to drive durable growth in 2021, but recognize that some magnitude of pandemic induced economic risk remains due to an uncertain resolution timeframe. As a result, in framing our initial expectations for 2021, we are balancing long term optimism for our business with ongoing near term global health challenges.

With that framework in mind, let we start by sharing our full year expectations. For the full year 2021, we expect to deliver total ARR growth of approximately 20%. We will aim to share relevant updates to this expectation, as we gain increased visibility to a more broad-based resolution of the pandemic lightly - likely during the second half of the year.

We anticipate total revenue for the year to be in a range of $488 million to $496 million, representing approximately 20% growth at the midpoint. We expect non-GAAP operating income to be in a range of $12 million to $16 million for the full year. This reflects ongoing investments in growth and innovation, while still delivering on our growth and profitability framework. As is our typical approach, we expect to reinvest any upside back into the business to support our long term objectives.

Before I provide non-GAAP EPS guidance, a brief aside on the updated accounting standard, ASU 2020-06 issued in mid 2020 and related to the accounting for convertible debt instruments. The updated standard changes the way that convertible debt is accounted for, among other things, require use of the if-converted method for diluted EPS calculations.

We intend to early adopt this standard on a modified retrospective basis, as of the start of our new fiscal year beginning January 1, 2021. The updated standard will have the effect of reducing our GAAP net interest expense on our income statement. It will have no impact on our reported non-GAAP net income.

Based on our current expectations, the if-converted method is not dilutive to non-GAAP EPS for the full year 2021, so at this time, we do not expect adoption of this standard to impact our non-GAAP diluted EPS calculation for the full year 2021. The updated standard will also result in an increase to the carrying value of our convertible debt on our balance sheet to the principal value, less any unamortized debt issuance costs, with an offsetting decrease to stockholders equity. The standard will have no impact on our cash flow from operations.

With that, turning back to guidance. We anticipate non-GAAP net income per share for the full year to be in a range of a loss of $0.03 per share to a positive $0.04 per share, which is based on an estimated $53.5 million basic and $56.4 million diluted weighted average shares outstanding.

With our major facilities expansion investments now behind us, our focus turns to scaling positive free cash flow over the long term, as we invest for durable growth in our business. For the full year 2021, we expect to generate free cash flow of approximately $10 million. As a reminder, we define free cash flow, as cash flow from operations, less capital expenditures and capitalized internal-use software.

Moving to quarterly guidance. For the first quarter of 2021, we anticipate total revenue to be in the range of $113.2 million to $114.8 million, growth of 20% to 22%. We anticipate non-GAAP operating income for the first quarter to be in the range of a loss of $0.7 million to positive $0.3 million.

And non-GAAP net income per share to be in the range of a loss of $0.08 to the loss of $0.06, which is based on an anticipated $52.5 million basic weighted share - weighted average shares outstanding. Note that our first quarter and full year 2021 guidance includes the anticipated impact of the Alcide acquisition, which as we shared is not expected to have a material impact to our financials.

In conclusion, as we enter 2021, we remain excited about our opportunity to drive durable growth, while scaling profitability and cash flow over the long term, as we work to make the best and security operations accessible to all.

With that, we appreciate your time and support. We'll now open the call for any questions. Operator?

[Operator Instructions] Our first question comes from Saket Kalia with Barclays. Your question, please.

Corey, maybe first for you. You touched on this a little bit in the prepared remarks, but can you just talk about what customers that you speak with are saying post SolarWinds breach on the importance of vulnerability management. And maybe relatedly talk about how this impact other parts of Rapid7's portfolio like SIM and application security?

Yes. It's a good question. And so we've been spending a lot of times, you can imagine trying to understand how our customers see the world post the breaches that happened at the end of last year. I think there's a couple of key observations. The first, and probably the most important is that security is back in the forefront of boards and management teams minds, which I actually think bodes well for sort of long term demand and long term focus.

The second thing, as you can imagine direct with your question around vulnerability management is that most of the people we’re talking to see vulnerability management and the visibility around it as strategic.

The thing that they're also very aware of though is that, it's not just identifying having the visibility into the vulnerabilities, you also have to remediate. That's a long term task. And so they are focused on that and they are looking at how they do that.

In relation to the other part of your question, what we're seeing very, very clearly is just as people see visibility and vulnerability management as strategic, they are seeing detection and response as a hot urgent need, right now. But the question is, do I actually have attackers in my environment right now. And so what we see is an acceleration and a sense of urgency around detection and response.

So when you think about our broader portfolio is - digital transformation is clearly driving both cloud, and frankly, all SecOps, the recent attacks is driving high urgency especially in the time period than we are now around, do I have attackers in my environment in detection and response. Indeed people are thinking about the fundamentals of how they manage their cybersecurity, which bodes well for the long term health of our vulnerability management overall.

Jeff, maybe my follow up for you. Maybe just on the cost and margin side, can you just talk about how you're thinking about travel and office related costs coming back in 2021, you talked about sort of balancing some views including kind of the pandemic through the year. And maybe as part of that just broadly, remind us how you think about that growth and margin formula long term. Does that all make sense?

Sure. Sure. It's good question. So look in the first half, we're not expecting any significant increase in our travel. It's very much a wait and see attitude to see how the pandemic plays out. We would expect that in the second half, those costs would gradually increase. But look, it's, we're really dependent on what we see with COVID. So to the extent that it's very favorable, then we'll increase travel and increase those expenses. And I would expect most companies are looking at it the same way.

With respect to our growth and profitability framework, what - I want to reiterate our framework that we've been talking about. So if - in our growth ranges, we do expect modest leverage. If we're in 20% to 25%, we would expect that we would increase leverage in the 2% to 3% range. If it's 25 to 30, 1 to 2, and it's over 30% would be less. I would point out that as Corey mentioned, we're planning an Analyst Day on March 10, and we'll do a much deeper dive into our long term margins at that point.

Our next question comes from Matt Hedberg with RBC Capital Markets. Your question, please.

Thanks for taking my question, guys. Jeff, 2020 in your deck you talked about 28% ARR growth was really a combination of 8% growth in customers and 18% ARR expansion. As you look to the 2021 guide at a starting point of around 20%, how do you think of the components of those, I guess, both on the new customer side, ARR expansion. And maybe a little bit more on the churn aspect of the story as well?

Yes. So with respect to the ARR per customer, we have multiple levers. I mean it's really, as you know, growth in customers and growth in the ARR per customer. So we have ARR from brand new customers. We have up sells and cross sells. And this year, all three elements grew and contributed to that both new, up sell and cross sell. It is a healthy balance.

Historically, it's been sort of a 50/50 mix from ARR from brand new customers and from the base. With the pandemic, it's probably leaned a little bit more towards the base. This year it was 18%, I'm sorry, 8% customer growth and 18% ARR per customer. Those two leverage drove about a 28% overall ARR growth.

So with respect to 2021, we would expect the same healthy mix. It's difficult to predict exactly those percentages. But I think you can look at on the customer growth, you can look at sort of those levers - those levels to continue. With respect to churn, I think our churn rates are healthy - our retention rates are healthy. So we don't see any trend there that would alter that. Right now, all the trends are positive.

Yes. And just to follow-up on Jeff, we expect to see balance. What I would say is that with the momentum that we're seeing overall on the platform side, I would expect a slight shift potentially in the ARR per customer on the balance side of the equation just because we're really building our customer brand, and we're seeing good response from customers.

Well, that's great, Corey, and actually dovetail to my second question. It was great to hear you talk about DivvyCloud this quarter, obviously that's - it's a - it could be a material driver of ARR per customer. How do you think about where we're at right now in sort of the messaging, obviously you called out the nice win, but just, is there other things that you guys can do to drive broader adoption of that because it seems like that's obviously a material driver that could represent some upside here at some point?

Yes. So just for where we're, as you think Matt, as we exited last year, we've really started the process of having DivvyCloud accessible to the broader Rapid7 sales force. This year, you can expect it to be more fully into - especially our enterprise sales force. I think you can think about it as a larger team selling DivvyCloud and also reflected in our partner organizations.

And so we're acquiring business that actually is very healthy one, new partners. And so that's a big focus area. So one way to think about it is that DivvyCloud has gotten great customer feedback, great adoption, and we're steadily increasing the distribution, but in a way and in a pace to make sure that we're onboarding customers in a successful way.

Now our next question comes from Brian Essex with Goldman Sachs. Your line is open.

Thank you very much, and thank you for taking the question. Maybe Corey, you mentioned in your prepared remarks, you talked about enterprises looking beyond work from home into our cloud security. And then, in response to Saket's question, you mentioned, I think, there should - VM was becoming strategic, where do you feel as though VM is with regard to spending priorities within your customers' budgets. And can you put some context around how this kind of shift in mindset would affect the priorities?

Yes. So you mean, specific to VM.

Yes. Both VM and identity kind of the broader platform as well.

Yes. No, absolutely. So I think one way to think about it is VM is strategic, but the benefits of it are long term oriented. And so what you're seeing is that people planning around VM, you see some uptake, but it doesn't have the same urgency, as we actually see in areas like the detection, response and cloud, and even some of the automation stuff, where we saw higher urgency, as people were building out their stocks.

That said, we expect continued healthy growth in the vulnerability management business. We're continuing to see growth and expansion in vulnerability management. But in general, it does not have the same level of urgency, as some other parts of our security operation solutions.

Understood. That's helpful. Maybe to follow-up. You also referenced a new manufacturing customer looking to scale their security operations and the management of disparate tools is a pain point for them. Could you provide a little more detail around what they were using and what the opportunity was that you addressed, and who you might have displaced there?

Yes. So we don't typically comment on competitors. It's not our style. But I would say what they were trying to really do was speak about how they upscale the entire security operations infrastructure. And what we're finding more broadly is more and more both our customers and even new customers, which is a little bit of a surprise to me are started thinking more holistically about how they build out a more robust security program in practice.

And maybe with this win because you had a broader platform or was it the quality of the technology, how do - how would you kind of frame that?

All of the above. I mean first and foremost, we believe deeply that the only way for us to win is to actually be best-in-class in what we do. So we have a strategy of best-in-class technologies and solutions on a common platform that provides accessibility and ease of use. And we find it, that's the winning solution.

If you give customers a best-in-class technology, that's one of the top 2 in its field, and you actually say, you have it on a common platform that focuses on your productivity and ease of use. That's a consistent winner. And we say that message resonate more and more.

Our next question comes from Jonathan Ho with William Blair. Your question, please.

I just wanted to maybe start out with what you're seeing in the DevOps environment and also particularly around cloud container. What can - I guess, the Alcide acquisition add to your portfolio. And how quickly, is that market growing now like, have you seen some sort of inflection or some sort of increased investment over the past year? Thanks.

No. It's a great question because could is moving fast, as you can well imagine. And so if you think about our platform, we're focused on holistic cloud security. We want to be hands down. The same thing that we do for security operations of helping people have visibility, helping people analyze their infrastructure and helping people automate the containment and the security of their infrastructure is our goal for the cloud environment.

Now, cloud have a slightly higher focus on both automation because that fits more with the DevOps approach to doing things. And that's, frankly, a slightly higher approach to protection because that's more consistent with what you actually need in a cloud environment. And so that's our focus, as we actually think about the evolution.

The big change in the last year, and you think about why Alcide was so relevant is we've seen a shift in containers. We'll see a bigger pickup around - and momentum around Kubernetes specifically.

And so we believe that general container security is absolutely essential and important, but we're seeing lots of people say really think about scaling into the cloud and frankly scaling their cloud and container investments, take a Kubernetes centric approach, and we're seeing that both in our customers and in the broader overall market.

As far as what Alcide specifically does, it actually give us a couple of different capabilities. One, it gives us both enhanced visibility, you can think about that aligning tightly around our overall cloud security posture management, but think about doing that for Kubernetes. But it also provides both great analytics capabilities and protection capabilities that really help us think about how do we secure the Kubernetes environment in the cloud.

And then you talked about making it easier for customers to buy multiple products, what are the - some of the initiatives that you're targeting that can maybe reduce some of the friction in order to recognize that opportunity? Thanks.

Yes. It's a - it's a great question. So it's a big area of focus for us. So there is a couple of different ways that we're actually approaching sort of reducing friction overall. The first thing is, as you can imagine, just making the packaging and pricing simpler about how you actually vary either that you can for pricing and packaging. And you saw in some of my commentary and some of the prepared remarks about how some of those approaches even though they are earlier paying early dividends. And so we're quite optimistic about going along the path.

But the second aspect, which is frankly more important is how do we actually instantiate that in product offerings. And so we're really making heavy investments in the platform team that allows people to actually pivot from one solution to another solution in context of what they're doing and then be able to select the ability to be able to build for that appropriate over time. That is an investment not just in the technology itself, but also in the infrastructure that supports the dynamic usage and the building of that over time.

Those are two things that we're really focused on heavily that allows our customers to get the value that they need - when they need it without having to make lots of decisions upfront about what solutions, they are going to face in the future.

If you think about security, it's a problem that you don't necessarily know when you start a year, what's your problem is going to be. So what we want customers to be able to do is to - as they actually either have changed their priorities or have to tackle different problems, we want they would be fast and dynamic to actually deploy Rapid7 technologies to solve those problems.

Our next question comes from Adam Tindle with Raymond James. Your question, please.

I just wanted to ask, I think you mentioned that security transformation solutions are 50% of new ARR. I'm wondering if you could help us with what percent of total ARR they are at this point? And secondly, if you could touch on the profitability metric for that portion of the business. I'm wondering, are they hitting S-curves and driving the profitability that's implied in 2021 because you're going to add a similar amount of new ARR next year, but much healthier profitability profile. So wondering if they're hitting some S-curves on profitability?

Yes. So I'll take the initial. I'm going to tag team with Jeff about sort of like the total. So one way to think about security transformation and solutions is that we see it - it's providing durable growth. And so our expectation internally is that it's going to provide - our focus is sustained growth of over 40%.

We saw that last year our hope and our expectation is to see that continue over the course of this year. And of course, we actually expect the margins to improve on that, as it continue to scale. We tend to manage things in a pretty, as you would expect operationally efficient way. I think we're happy to make investments early on for high dividends in the future, but as things scale, we expect the margins to improve.

Now, I know, it's a little bit trickier because we have different things at different stages of evolution, but what I would say, in general, is security transformation solutions is - have a good growth profile. It's a reasonable share of both new and total ARR. And it actually continues the high growth pile that we actually laid out and over 40% last year and 40% this year. And the margins on that continued improvements we scale, which by the way is reflected in our broader margins continuing with actually scale at over time.

And I think your question was, what percent of the total ARR in security transmission products, it's over a third and growing rapidly still over a third, becoming a greater percentage of the mix each quarter.

Maybe just a quick clarification on the back of it. Jeff, you had mentioned just mechanically that in the back half of 2021 that costs are going to increase because T&E comes back, which is understandable. But if I look at the income from operations guidance, it looks, second half weighted or at least, Q2, Q3, Q4 based on Q1 guidance, what am I missing there, the costs are coming back, but the EBIT is going to expand. What are the offsets for when costs come back?

Well, excuse me, we have higher revenues and over the course of the - over the course of the remainder of the year, higher margin that's offsetting the OpEx increase over the course of the year. So Q1, we have some front loaded marketing expenses, and then, we get more profitable, as the year progresses. That's pretty much consistent with prior years.

Our next question comes from Rob Owens with Piper Sandler. Your line is open.

Corey, you mentioned I think in the Q&A around strategic prioritization of VM and how it's taken a backseat historically. But when you do see opportunities on that side of the business, is this a function of the formalization of VM programs, replacement opportunities, expansions of existing kind of all the above. Maybe you can walk us through where you're seeing traction on that front?

I would say, it's a great question, Rob. I think, you said pretty consistent. So we still see the maturing of the international market, so we still see opportunities there. And that's also true of our mid-market, where we see churn. When you think about the larger enterprises, I would think about that as upgrading the program and capabilities by and large. You'll say, this is a greenfield, but it's a heavy focus on upgrading the capabilities and maturing what they actually have in place from a vulnerability management side of the equation.

Do you see run into much open source, as you're upgrading those capabilities or is it kind of the vendors we all know that should be competing against?

I would say, it's primarily vendors that we all know. in some cases, you do see things like Netflix out there and people are looking - and people are thinking about sort of like how to upgrade and sort of provide a more enterprise wide vulnerability management solution. But there's still lot of the leg - secondly, I would say, there is still some legacy vulnerability management solutions out there, they still have traction in enterprise. It changes steadily, great, but they still exist.

Sure. And then, Jeff on retention rates, as we have seen that trend down, when should that start to move the other way, especially given some of the positive commentary around the expansion sales and cross selling?

Rob, your question is on the 103%, is that what you're asking about,

Yes. The 103 and when we should start to see that movie the other way if at all. I know there's a - a lot of different puts and takes to that number?

Yes. So a couple of points on that. First off, as you know, we don't manage to that metric. the 103%. When our mix shift towards more security transformation products versus VM, there is less up sell, but we get higher ARR because they are buying more their environment upfront. If things change with the cloud and there's more up sells over the course of the year that, that number could tick up. But right now, we're not managing it to it. We're not managing to it. Our key metric is ARR and ARR per customer. That's really what we're managing to,

Our next question comes from Gregg Moskowitz with Mizuho. Your question, please.

So Corey it doesn't sound as though you're embedding anything in your guidance. I'm just curious how you're thinking about the potential of the SolarWinds breach to influence your product offerings, as well as your services in 2021.

Yes. So I'm going to repeat the question because I think the question is, do I anticipate the SolarWinds breach changing our product strategy in 2021. And I would say no, because we were heavily focused on maybe some of the areas that are most relevant to service - to the SolarWinds breach.

If you think about sort of the big priorities that I talked about before is detection response, vulnerability and management, automation helps people actually get to more than faster. We happen to have been in a good spot where lots of this strategy and the solutions that we deliver are highly resonate with what people need to mature their solutions overall.

And then just as a follow-up. So you've announced to cloud security acquisitions over the past nine months covering PSTN and workload protection, you've also introduced an infrastructure entitlement solution. So how would you now assess your cloud security product portfolio? And then, also are you still looking to - to add cloud security capabilities via M&A?

Yes. I would - so one is the backdrop is cloud security is both the rapidly evolving market, and it's also a market that is actually getting lots of attention and it's a big priority for customers, as they think about their digital transformation efforts overall. That's it. I think we have one of the most complete robust cloud solutions in the market non-stuff, and we're continuing to invest in that organically in-house, as the market change that evolves.

So typical to anything else, we don't have plans or needs to actually go out and acquire stuff. But that's said, we have a very robust cloud security roadmap to tackle all the challenges that we see customers have in their cloud security. And what's wonderful that customers could give us feedback about the challenges they're facing, which is an opportunity for us to extend and what I think is a growing leadership position there.

Now, there are occasions, where we'll see something as strategic, and it's a reasonable acceleration, and it has a reasonable return and reasonable timeframe, and we may make a strategic acquisition similar to what we do with Divvy or Alcide. But right now, I think we have one of the leading overall cloud security solutions in the market.

Our next question comes from Hamza Fodderwala with Morgan Stanley. Your question, please.

So just a question around sort of guidance. I know you're focused on selling the broader portfolio of solutions. But to the extent that you could maybe give any color around what's embedded in terms of VM versus security transformation growth. I mean, this year, we saw the security transformation bundle grow twice the growth rate of VM right. So we expect that sort of mix to continue in 2021?

Yes. Well, I would say based on current demand, we're planning a very - we're taking a very long term approach. So we think our entire portfolio is relevant and we think VM is relevant. That's it. Based on current market demand is that we expect higher growth in security industry transformation solutions, and we'll still be growing vulnerability management.

I think the good position that we're in is that because we have multiple offerings and solutions on a common platform, we get to move, where the customer's needs are highest in any moment of time, and sometimes it's going to be cloud, sometimes it's going to be customer response, sometimes it's going to be about vulnerability management.

Right now, you see a higher urgency around both incident detection, response and cloud security. And so relatively, you'll see higher growth in security transformation solutions versus VM, but we still expect healthy growth in VM this year, and we expect that to move forward.

And then just on the Alcide acquisition, any color you can give us on sort of what the revenue run rate on that was prior to acquisition. I know it's not, there is no material assumption embedded in your guidance. But any color you can give us there?

Yes. It wasn't material, as we said overall. And so it allows us to actually accelerate our cloud security initiative, but the revenue wasn't material.

Our next question comes from Alex Henderson with Needham. Your question, please.

Just a couple of clarifications, if I could. Could you talk about whether your ARR per new customer is higher than the average of 44,000. Is that, I mean, it sounds like you're getting more upfront and that ultimately could drive a higher number on the ARR per new customers right up - right off the bat. Is that right?

Yes. We don't disclose the specific ARR per new customer, Alex. But generally brand new customer, historically it has been lower than the overall. But with the mix shift, it is increasing, ASPs have gone up across the board. But we don't disclose the specifics.

Yes. I would just say - more - I was going to add more broadly, Alex is that we don't really focus on the timing of the customer journey. Now, we may have some customers that are starting to actually cover more of their environment upfront and look for a larger thing.

Well, I would say that's not a strategy. What we're really focused on is how do we actually grow the relationship and the impact that Rapid7 has with the customer over time. But we're in different whether they start big and sustain or whether they start small and grow over time. We're just looking at how do we become the strategic place for them to manage their security operations.

It sounds like you're seeing larger deal sizes upfront and more up sell upfront, can you talk about whether you - you've seen an expansion and acceleration in your pipeline. It sounds like your pipeline is accelerated. And if there is any change in the amount of time it takes to close the deal, just a couple of the metric - key metrics around that would be really helpful.

Yes. So there is several different things that are driving some of the trends that you're alluding to there. It's one is keep in mind is things like IDR, you have to cover your retirement environment upfront versus VM, where you may have started with 20%, 30% of your environment being fail of time. So it's just a shift in detection response and the growth of that business in security transformation solutions causes a higher amount of the environment to actually be covered upfront.

The second thing, you also alluded to is we're in the very early stages of starting to see customers really think about buying strategically the entire security program. But that said, I'm not quite sure that's a trend that we need to continue because it's however they get there, we want the customers that actually get there at the pace that they are looking - that they look, they evolve and move their security program over time. And so those are two, and you have one more, Alex. What was the last question?

Yes. Is there any change in the amount of time it takes to from start to close on the deal transaction. Is your deal timeline - holding study?

Yes. I would say on average, it's probably holding. I would say it's a little bit tricky because last year there was just lot of starts and stops that were more to do with COVID. So it might take it - I'm not extrapolating any of the sort of like nine months of last year, as permanent trends because there was a huge COVID effect and also the SolarWinds effect that you actually had there, the underlying helper. And so I would say that it's fairly consistent, but there is no trends that I can extrapolate right now.

Our next question is from Joshua Tilton with Berenberg. Your question, please.

Just first, could you guys talk about the pace of net customer additions going into next year. Maybe what's baked into the ARR guide that you gave today. Do you expect that number to continue to improve in 2021? Do you guys kind of expecting it to stay flat?

Yes. I mean, so and Jeff and I can tag team it. I would say in general, when you think about our ARR guidance, it is a mix of ARR for customer and sort of like net customer expansion. We expect both of them to actually be positive. We do think on balance this year, we'll see a slightly higher contribution in the ARR per customer. And that's just a growth of the platform and the demand, and some of the other trends that we're actually seeing. That's not necessarily a permanent thing. That's just sort of the assessment today, and it's not something that we're actually managing to.

Yes. I mean, we're not going to give a specific growth rate on the new customer growth. But what we said earlier is that you can look at the trends, and in that zip code of where we are now, and it is a balance of ARR per customer and the customer growth.

Yes. Do you want to know how we managed our sales force. We just - right now, we're just saying go where the customers demand is. We're not adding any specific restrictions on it in this environment. We're saying like go where customers needs you and where we can be helpful.

And then, I know you've got a lot of questions tonight about the VM business. Just maybe one more for me. Is there any way you could just kind of ballpark, what do you expect that business to grow in '21? And then, maybe how does that compare to what you guys are seeing the overall VM market grow at in '21?

So I commented earlier that we are seeing VM part of strategic conversations, and we're continuing to see growth, and we are - but just not at the same pace of a much higher growth in security transformation solutions. That said, if I had to ballpark it, I would put in the plus or minus 10% range. And the way to think about that is, last year, we gave some estimates about what we saw and the overall economy was better and it performed slightly better than expected.

But that's what we see right now in terms of customer prioritization and urgency more than anything else. Again, our view is that right now customers are looking at VM as a strategic long term objective. They have higher urgency around some of the efforts around security transformation and specifically detection response and cloud. But we expect that to continue to be a long term driver of growth.

And just if I could sneak one more in. I know it's early for Alcide, but any expectation what the uplift in customer ASP would be if they went and bought this product?

No. It's too early to comment on that right now.

And I'm not showing any further questions in the queue. I would like to turn the call back to Corey Thomas for his final remarks.

Well, I just want to thank all of you for joining us this evening on our earnings call. And I would like to reiterate that we would love to see you at our Investor Analyst Day, and we look forward to talk to you then.

Ladies and gentlemen, thank you for your participation in today's program. You may now disconnect us.