Good day, and thank you for standing by. Welcome to the Rapid7 third quarter 2021 earnings conference call. At this time, all participants are in a listen-only mode. After the speaker's presentation, there will be a question-and-answer session. To ask a question during the session, you will need to star one on your telephone. Please be advised that today's conference is being recorded. If you require any further assistance, please press star zero. I would now like to hand the conference over to your speaker today, Sunil Shah, Vice President of Investor Relations. Please go ahead.
Thank you, operator, and good afternoon, everyone. We appreciate you joining us today to discuss Rapid7's third quarter 2021 financial and operating results in addition to our financial outlook for the fourth quarter and full fiscal year 2021. With me on the call today are Corey Thomas, our CEO, and Jeff Kalowski, our CFO. We have distributed our earnings press release over the wire and it is now posted on our website at investors.rapid7.com, along with the updated company presentation and financial metrics file. This call is being broadcast live via webcast and following the call, an audio replay will be available at investors.rapid7.com until November 10th, 2021. During this call, we may make statements related to our business that are forward-looking under federal securities laws.
These statements are made pursuant to the Safe Harbor Provisions of the Private Securities Litigation Reform Act of 1995 and include statements related to the company's positioning, our future goals and financial guidance for the fourth quarter and full year 2021, and the assumptions underlying such goals and guidance. These forward-looking statements are based on our current expectations and beliefs and on information currently available to us. Actual outcomes and results may differ materially from the expectations contained in these statements due to a number of risks and uncertainties, including those contained in our most recent quarterly report on Form 10-Q and in the subsequent reports that we file with the SEC. The information provided on this conference call should be considered in light of such risks.
Actual results and the timing of certain events may differ materially from the results or timing predicted or implied by such forward-looking statements, and reported results should not be considered as an indication of future performance. Rapid7 does not assume any obligation to update the information presented on this conference call, except to the extent required by applicable law. Our commentary today will primarily be in non-GAAP terms, and reconciliations between our historical GAAP and non-GAAP results and guidance can be found in today's earnings press release. At times, in our prepared comments or in response to your questions, we may offer incremental metrics to provide greater insight into the dynamics of our business or our quarterly results. Please be advised that this additional detail may be one-time in nature, and we may or may not provide an update in the future on these metrics.
With that, I'd like to turn the call over to our CEO, Corey Thomas. Corey?
Thank you, Sunil, and good afternoon, everyone. Thank you all for joining us for our third quarter 2021 earnings results call. I'm thrilled to report that Rapid7 delivered a milestone quarter, exceeding $500 million in ARR for the first time. Accelerated demand for our security transformation solutions, coupled with sustained growth of our vulnerability management and our recent IntSights acquisition, drove Q3 ending ARR to $550 million, growth of 38% year-over-year and growth of over 30% organically, driven by strong contribution from both our land and expand engines in the quarter. Our business was driven by strong customer interest for the expanding set of capabilities on our Insight platform and solid execution on the part of our Rapid7 team.
Moreover, we have been pleased with the early reception from our customers to the recent addition of Insight's threat intelligence offering. Our third quarter results also demonstrate how we're delivering on our customer mission while balancing our dual mandate to drive durable growth and expand profitability and free cash flow as we scale. Alongside our accelerated ARR growth, we delivered over 150 basis points of year-over-year operating margin expansion during the third quarter, even as we absorbed our largest ever acquisition to date. Jeff will share more details on our strong operating results in his remarks and how it positions us to continue investing behind our growth engine while delivering on our growth and profitability framework.
Before we step into those details, I'd like to spend a few moments to share with you how Rapid7 is working to help customers achieve better security outcomes in a rapidly evolving threat landscape. Organizations of all sizes are investing aggressively in scaling the digital experiences they must deliver to their customers, employees, and partners in today's distributed economy. However, as they embrace these broad digital initiatives, they are increasingly faced with the critical challenge of managing a dynamic cyber risk profile across their internal, cloud, and external footprints. As we speak with customers and prospects on a day-to-day basis, many are struggling with the same set of questions. How do I gain visibility to the threats and vulnerabilities in my environment and better manage my risk profile? How do I identify and respond to attacks happening in my environment?
How do I improve my security team's productivity to drive better security efficacy in an increasingly tight cybersecurity talent market? These questions are at the core of today's security operations challenges and the expanded security achievement gap that I spoke with you about earlier this year. To solve this challenge, many customers we engage are seeking a more holistic approach to monitoring the threats and vulnerabilities in their environment, as well as detecting and responding to attacks across their internal and external digital footprints. As I shared at our Investor Day in March, Rapid7 is leading the charge by delivering some of the most advanced capabilities around security analytics and automation, unified on an integrated platform that are also massively accessible to a wider audience of enterprise and mid-market organizations.
This is how we're disrupting the market, by enabling customers to marry advanced capabilities with high efficacy and productivity to achieve better security outcomes for their stakeholders. A great example of how customers are leveraging this value was a six-figure deal in the quarter with a multi-million-dollar government-contracted firm. This customer was looking to build a more effective detection and response program after experiencing a security incident with their existing solution. They wanted a comprehensive solution, but one that would also drive improved efficiency for their modest-sized security team. As an existing InsightVM customer, they were excited about how quickly and easily they could stand up and integrate additional Insight platform solutions.
When coupled with the depth of our detection and response capabilities and the critical value our automation offerings brought to their team, it became clear to them that few competitors could match the combined efficiency and efficacy of our platform. As a result, this customer chose to expand their relationship with Rapid7 as their trusted security partner, adding InsightIDR with our enhanced endpoint telemetry and network traffic analysis add-ons, as well as InsightConnect for automation to provide a more comprehensive visibility across their environment and the ability to more quickly respond to incidents. This is a great validation of Rapid7's vision and approach towards our extended detection response strategy, which is to help customers minimize the seams and gaps that exist in their technology environments through our natively integrated Insight platform.
Our approach is built on the premise that to have effective security, you have to have broad visibility across your environment. This is why we have invested aggressively over the years to become a leader in enabling that visibility. The core of what Rapid7 does is collect fragmented data across the technology environment, endpoint data, deep cloud data, vulnerability data, APIs, logs, network data, SaaS data, all collected and aggregated natively on our Insight platform. This allows us to look at risk more holistically across the environment to not just detect attacks, but to perform the forensics and analysis across the environment and ultimately drive remediation with our automation framework. Increasingly, today's attackers are exploiting the data gaps and seams that exist in customers' fragmented security ecosystems.
This has led to an increasing focus on an extended approach to detecting and responding to threats in the environment to reduce visibility gaps that introduce that risk. Rapid7's core differentiation is this pervasive end-to-end data collection that allows us to deliver leading security analytics and automation that enables customers to more effectively assess risk, detect attacks, and drive remediation across their environments. We're seeing this focus on more holistic risk visibility reflected in our engagement with customers. A good example of this was an international enterprise customer who had an interesting platform journey with us leading up to their purchase of our recently introduced IDR Ultimate package. Let me take a moment to step you through that journey. Despite having a market-leading SIEM solution, this customer was lacking full coverage of their environment.
They engaged with us early in the year in an effort to achieve the detection response value they were seeking. At the same time, they were preparing to replace their existing VM solution. Our cohesive SecOps platform vision and the idea of a single trusted security partner resonated with them. They actually ended up purchasing InsightVM first, demonstrating our ability to meet them where they were in their SecOps journey. Around this time, they were also beginning their cloud security journey and exploring leading solutions for this. The combination of our best-in-class cloud security capabilities and our native integration with InsightVM on our platform put us ahead of the pack, and so they purchased InsightCloudSec early in Q3. By the time they were ready to make a detection and response decision later in Q3, the integrated platform experience positioned IDR as the clear frontrunner.
With IDR Ultimate, our best IDR tier, they were able to gain more full coverage of their environments while also reducing data gaps by tapping into our extended capabilities, including enhanced endpoint data for more comprehensive forensics analysis and automation for increased efficiency and accelerated response over time. In each part of this customer journey, our complete platform vision was a key value driver for the customer, not to mention a competitive differentiator. They are now leveraging a large portion of our Insight platform as they approach seven figures in total ARR.
Over time, we believe the winners in this space will be those that can provide this type of extended approach to reducing fragmentation and increasing visibility in our customers' technology environments as we continue to invest in delivering this on our Insight platform. Most recently, our acquisition of IntSights amplifies our platform and XDR vision by layering on external attack surface visibility, further minimizing SIEM and elevating each of our vulnerability management, detection response, and cloud security capabilities across our Insight platform. Turning now to a brief update on progress towards our enduring goals. First, we continue to lead the charge in enabling customers to transform their SecOps practices around the cloud. You've seen us successfully extend the core capabilities of our Insight platform, both organically and through strategic acquisitions, to help customers effectively scale their security operations.
Our strong and accelerating customer growth as we approach 10,000 customers is a great validation of our progress in meeting customers where they are in their SecOps journey with an expanded set of market-leading capabilities. Second, we're investing to accelerate our platform distribution engine through enhanced pricing and packaging for products like IDR, but also by making it easier for customers to seamlessly expand on the Insight platform through natively integrated experiences. This success is delivering a best-in-class platform experience, continues to drive ongoing expansion and customer wallet share, as demonstrated by our ARR per customer, which grew 18% year-over-year to over $55,000. Third, we remain focused on driving long-term operating leverage and cash flow scale while investing for growth.
This is evidenced by our strong cash generation and operating margin expansion, even as we continue to invest in innovation and absorb our recent IntSights acquisition. In closing, it's clear that organizations across the world are undergoing significant digital transformation amidst an escalating cyber threat landscape. Our team is investing to deliver a highly differentiated and more holistic approach to security analytics and automation that better enables customers to bring security transformation alongside their digital investments. We believe this will remain a long-term demand driver for our business as we continue on our mission to make the best in security operations achievable for all. With that, thank you all. Now I will turn the call over to our CFO, Jeff Kalowski.
Thank you, Corey, and hello to everyone on the call this afternoon. Before I begin, a reminder that except for revenue, all financial results we will discuss today are non-GAAP financial measures, unless otherwise stated, and reconciliations between our GAAP and non-GAAP results can be found in today's earnings press release. Turning to results, we are pleased to report strong performance as we ended the third quarter with $550 million of annualized recurring revenue. ARR grew 38% over the prior year, driven by organic acceleration in our security transformation solutions and sustained growth in vulnerability management, as well as the contribution from our newly acquired threat intelligence offering. Third quarter revenue of $139.9 million grew 33% over the prior year and exceeded the high end of our guidance range on strong underlying demand trends for our Insight platform.
Revenue overperformance was led by upside in products revenue, which grew 33% to $131.2 million. There was also modest outperformance on the professional services side, which naturally varies quarter-to-quarter. We continue to execute well on our international growth strategy, which when combined with a higher mix of IntSights customers outside North America, drove 58% year-over-year growth, bringing international to 20% of total revenue in the quarter. North America revenue grew by 28% year-over-year and comprised 80% of total revenue in the quarter. We ended the third quarter with over 9,900 customers globally, which represents 17% growth from the prior year. The customer count includes slightly over 300 net new customers acquired as part of the IntSights acquisition.
We continue to see strong upsell and cross-sell activity on our Insight platform, with just over 50% of our new ARR coming from existing customers in the quarter. This drove ongoing strong expansion in ARR per customer during the quarter, which grew 18% to $55,500. Strong secular tailwinds across the security operations market are fueling our ability to both land new customers and expand within our existing base. Third quarter ARR growth was driven by a healthy balance of growth between these land versus expand dynamics. Turning to operating and profitability measures for the third quarter. We came in ahead of our guidance on these metrics, primarily due to revenue overachievement. Most of that incremental revenue flowed through directly to profitability, highlighting the strong leverage profile of our subscription software business.
As has been our typical cadence, this positions us well to reinvest the overperformance in future quarters to support our goal of driving durable growth over the long term. We continue to balance high-return investments and growth with our focus on delivering consistent annual improvement in operating margin and free cash flow. Total gross margin for the quarter was approximately 74%, consistent with the prior year and in line with our range of expectations. As we've shared before, we expect gross margin to vary within the mid-70s at the product gross margin level and in the low 70s at the consolidated level.
Sales and marketing expenses grew 27% year-over-year, reflecting continued growth in headcount and improved to 40% of revenue compared to 42% in the third quarter of 2020. R&D expenses grew 35% over the prior year, driven in part by the acquisition of IntSights and represented 21% of revenue consistent with the prior year. G&A expenses grew 24% and were approximately 8% of revenue, down slightly from 9% in the prior-year period. All in all, we delivered strong operating profits in the third quarter with operating income of $5.7 million, well above our prior guidance. We generated $9.9 million of adjusted EBITDA and $0.06 of net income per share, also above our guidance. Moving to our balance sheet.
We ended Q3 with cash equivalents and investments of $310 million compared to $613 million at the end of Q2 2021. The reduction was primarily driven by July's IntSights acquisition, with a net amount of $306 million paid at closing. Turning to the cash flow statement, you can see we benefited from ARR outperformance and strong operating results in the quarter. These dynamics, coupled with stronger than expected collections trends, drove third quarter cash from operations of $19 million, and we generated $14 million in free cash flow. This brings us to our guidance for the remainder of the year. We delivered strong third quarter results and feel confident about demand trends and our ability to continue to execute on these opportunities.
As we succeed in meeting customers where they are in their security journey, we continue to expect that organic security transformation solutions ARR will grow over 40% year-over-year in 2021, with vulnerability management continuing to grow over 10%. Given these dynamics, we are raising our outlook for the year. We now expect full year ARR to be approximately $586 million, growth of 35% over the prior year, up 2 points from our prior expectation of 33% growth. We also expect higher revenue for the full year in the range of $528.7 million-$530.3 million or 29% growth over the prior year at the midpoint, up from our prior expectation of 27% growth at the midpoint.
Our full year operating income outlook remains unchanged at $7 million. Our strong year-to-date performance, combined with high visibility and confidence in the demand environment, support our reinvestment of year-to-date upside in the compelling growth opportunities in front of us. We plan to do this while remaining committed to our growth and profitability framework. We expect non-GAAP loss per share for the full year to be a loss of approximately $0.07 per share, which is based on an anticipated 55.2 million basic weighted average shares outstanding. I'm pleased to report that we are once again raising our free cash flow expectations and now anticipate full year free cash flow of approximately $25 million, an increase from our prior expectation of approximately $20 million, driven by our strong ARR performance.
As we've said, we remain focused on investing in durable growth while maintaining our commitment to delivering consistent free cash flow and operating margin improvement on an annual basis. Now turning to quarterly guidance. For the fourth quarter of 2021, we expect revenue in the range of $144.9 million-$146.5 million, growth of 28%-29% over the prior year. We expect an operating loss of approximately $6.7 million and non-GAAP loss of $0.18 per share, which is based on an anticipated 57 million basic weighted average shares. In summary, our third quarter results highlight the strong demand for our best-in-class security transformation and vulnerability management solutions, as well as our ability to execute on our strategy and unique set of opportunities. Thank you for taking the time to join our call today.
Now I'll open the line for any questions. Operator?
Thank you. As a reminder, to ask a question, you will need to press star one on your telephone. To withdraw your question, press the pound key. Please stand by while we compile the Q&A roster. Our first question comes from Rob Owens with Piper Sandler. Your line is open.
Great. Thanks for taking my question this afternoon. I wanted to unpack the ARR guide for the year. Just in contemplating the net new ARR of about $36 million and comparing it with last year, you know, I think you're up kinda mid-single digits. Was there anything in the comp from a year ago or anything in that number that we should be aware of?
No. There's nothing unusual. Remember that we have raised the guidance from 33% - 35%. No unusual activity. It's possible that the consensus seasonality may have been off for the quarter. So we're taking the full year up from 33% - 35%. You know, we think it's a good reflection on the continued strong demand, you know, we see for the platform, but nothing unusual.
Great. Then, Corey, as you look at another successful quarter here with your third quarter prints, maybe help paint what the environment looks like relative to security demand and then kinda thought process for fourth quarter and anything you wanna give us into next year. Do you think these heightened spending levels will persist as we think about and contemplate 2022? Thanks.
Yeah. Rob, great question. When I look at the demand environment, both talking to customers directly and talking to our teams, I would say it's robust.
We continue to see people shifting more to technology and upgrading their technology and digital transformation, and we continue to see security a priority. I mean, it's hard not to have security as a priority around that today if you pay any attention to what's happening in the world. We continue to actually have the support of not just, you know, the customers who want to do it, but the Board and the CEOs who are now prioritizing security more than ever. The thing that I would actually say as we go forward is that, you know, as we saw the durability of the demand environment, one of the things that we started doing is making sure that we were actually set up to ensure that we could both service customers and continue to meet the demand where it is.
We focused on making sure that we had the staffing level to support the more sustained demand environment. On that point, you know, my biggest focus and the biggest thing that I'm looking at in demand environment right now is customers have the appetite for sort of like security projects. They're saying the same thing that everyone all over the world is seeing right now. They have to staff up. We're watching that closely because as you know, our strategy is long term, we wanna make sure that customers are buying at the pace that they can consume and get value from it. This is how we actually grow, and this is how we expand. That's our core focus as we go forward.
You know, the last thing I'll say is when you just think about our business, I would say we see durability on both the VM side and the security transformation side. We're continuing to make investments to support that.
Great. Thank you very much.
Thank you. Our next question comes from Matt Hedberg with RBC Capital Markets. Your line is open.
Great. Thanks for taking my question, guys. Congrats on a really strong quarter. You know, Corey, you guys have done a really good job of expanding your platform obviously well beyond just VM into just broader DevSecOps. You know, I'm curious now, as the platform matures and you're able to touch things like automation and orchestration, you know, how do you see the competitive environment these days? I have to imagine you're able to consolidate perhaps some fragmentation out there with maybe some point solutions. I mean, do customers increasingly see you guys as that consolidator across this kind of DevSecOps landscape?
Yeah, so I'll take it. I'll tackle it first, and then Jeff can follow up if he has something to add. You know, first and foremost, we are definitely seeing the platform strategy that we've articulated multiple times working well. That's that if you actually lead across all the areas and you provide a common platform that delivers productivity, efficacy, efficiency, and a consistent user experience, customers like that. You saw that in some of the customer examples that I used on the call. The other thing that I'll highlight is that we have the benefit of multiple places to land, if you look across, you know, specifically the vulnerability risk management, the IDR and the cloud.
Because we actually have put ourselves in a strategic position with customers, we are now more easily able to add on added security services. When you think about things like network traffic analysis, you know, five years ago, we couldn't have actually done that because it wasn't the right thing to actually land with. Now we actually have a robust customer base and robust demand. We're seeing lots of customers interested in fully filling out their security strategy and their security platform with Rapid7 Insight platform products or products that's highly integrated with Rapid7 Insight platform offerings. We think that that's a real long-term advantage for us.
Got it. That's super helpful in terms of additional land spots. I guess just maybe a question on return to work. What is Rapid7's sort of strategy around that as we think about 2022? Do you expect salespeople to start to increase their travel next year? Could that have a positive impact on pipeline generation relative to this year?
Yeah, we expect travel to increase next year versus this year. I mean, again, remember the last two years have been historical lows. Even when we thought we were coming out of it, Delta came back, that tapered it down. That said, we've actually gotten a lot smarter about what travel is effective and valuable. Now, I personally, you know, I'm a deep believer in the power of culture, which is why I think that we have such an impressive team with relatively good ten years. We do believe that the hybrid will work where employees can have the flexibility that they need. They can travel to see customers in value-added ways. I do think there's value to actually spending time with customers and prospects.
That said, all the ways that we actually thought about that we need to spend time with customers and prospects, not all of that was value add. We're definitely looking at sort of like a reconciliation of what's truly value add and what's not. It'll be more, but we're not also going back to the world the way that it was in 2018 and 2019. That state's not coming back.
Got it. Thanks a lot. Best of luck, guys.
Thanks.
Our next question comes from Saket Kalia with Barclays. Your line is open.
Okay, great. Hey, guys. Thanks for taking my questions here. Corey, maybe just start with you. You know, in your prepared commentary, you talked a good bit about, you know, enhanced pricing and packaging and also talked about meeting the customer where they are. Can you just maybe give us some broad brushes on some of the new packages that maybe have worked particularly well, and maybe how you sort of see that pricing and packaging sort of strategy evolving as we go into next year?
Yeah, it's a great question, Saket. I'll talk about three things, sort of like the pricing and packaging and how they blend together, but also the experience and the selling engine, because all of these contribute to the core idea of how do we actually help our customers be as productive and effective as possible, and how do we actually make our go-to-market engine as effective, predictable, as possible. Both of those is sort of where the value comes together. The first thing on the pricing and packaging is, you know, we've talked for a little while about some of the areas that we are still, and I wanna emphasize this, we're in active exploration. We have some that are working great, we have some new ones that are coming out all the time, and we have some that we're actually honing and optimizing.
As an example, and these are just examples, we've had great success with our IDR, which really serves that extended detection response use case, and delivering a package that not just includes sort of like core sort of IDR and UBA, but also I talked about our IDR Ultimate package, which also includes enhanced endpoint telemetry, unlimited sort of like or full SOAR capability that allows you to actually automate workflows in the environment and network traffic analysis. We're joining that with the ability to extend and add things like threat intelligence. Those type of packages really resonate for customers because they solve a holistic solution that customers know are deeply integrated, and that integration provides productivity.
You have deep integration that drives productivity, but you have best in class product capabilities which actually drives the efficacy, which is really the name of the game for customers. That's the first thing. The second thing that I wanna highlight just as importantly, though, is that for both our customers and our sales team, some of them can buy packages up front, some of them can upgrade packages, but some of them just want us to prove the value, which is actually great. You know, one of the customer examples that I gave was a customer that came in and said, "Hey, look, I have these problems.
Solve whatever my first problem is." They thought, we thought it was gonna be IDR, and they said, "No, it's VM problem that I actually have first and foremost." By the way, they would not have bought more if they had not had a great experience. We came in, we gave them a great experience, and they said, "Oh, you're really delivering on that experience." Then they added, so it was cloud, and then eventually the IDR. While we had one order in our mind, the customer had a completely different order that they wanted to prove out the value that we have.
That ability to not just sell packages, but to help customers understand how they can have frictionless expansion, and we can prove that we meet their needs, is core to both our sustained growth, but also giving customers the experience that they want.
Got it. That's really helpful. You know, Jeff, maybe for my follow-up for you, I think you mentioned this in the prepared remarks, but could you just remind us, you know, how big is VM as a percent of total ARR roughly, and can you just remind us sort of how that's growing versus security transformation?
Sure. So, you know, both VM and security transformation had a good quarter, as Corey said in the prepared remarks. Right now, security transformation is obviously our high-growth engine. VM is just. It's below 50% now of the total. So as you can imagine, security transformation is growing faster, so it's gaining as a percent of the total. VM is still growing over 10% a year and security transformation over 40%.
Got it. Very helpful. Thanks, guys.
Thank you. Our next question comes from Michael Turits with KeyBanc. Your line is open.
Hi, this is Eric Heath on for Michael. Congrats on the really strong results. Corey, it looked like another strong quarter for customer adds accelerating again, even organically. Maybe you could just give some color on why, what's driving that success, whether it's a strengthening macro, better win rates, or even if it's being driven by particular products.
Yeah. At the core, it's a combination of a strong demand environment and strong execution by our team. What I mean by that is that our new adds are healthy because there's lots of demand in the environment. We see that across the products. With the growth rates that Jeff just talked about and that I mentioned earlier, it's clear that security transformation is doing quite well. We are continuing to keep our momentum in vulnerability management, and we're quite happy with the sustainability and the health of that business. The second thing is good execution by our teams, both our product teams and our customer engagement teams. Because another core driver of that is we're doing a really good job of retaining more customers.
Our ability to actually retain more customers, retain more revenue from customers, that's continuing to improve year-over-year, and that also drives the net customer adds.
Great. One more if I could. I mean, Corey, you earlier talked about kind of the need for customers to staff up. I wanted to ask actually on your MDR offering. It seems like an area of the market that's seeing stronger demand and maybe spurred by the increasingly difficult hiring environment and growing complexity of attack. Could you just talk about how you think about this market strategically as part of the broader Insight platform?
Absolutely. We've thought this for a long time, that managed detection and response is quite strategic because our entire strategy, one way to think about it's designed around the presumption that customers would have to be highly effective, highly efficient, and that they're gonna always be talent constrained. We make products that address that use case, and we actually looked at, and we look at things like MDR that actually address that use case. Our strategy is really twofold. One, we have some of our own MDR offerings. But again, our biggest part of our strategy is to work with our managed services partners to deliver that. We have a massive demand in the managed service ecosystem for Rapid7 solutions to solve the managed services challenge.
Now, part of our goal is we're only interested in providing high-quality managed services. There's a lot of managed services organizations that, let's just say, are more focused on their own margin than the customer experience and customer effectiveness. What we've been really doing is beefing up our ability to find and mostly right now, select partners that share our view on quality. Customers are willing to pay for quality. We've proven that out ourselves. We're a big believer in the market long term. We're continuing to work with our partners to address their market opportunity.
Great. Congrats again.
Thank you.
Our next question comes from Jonathan Ho, William Blair. Your line is open.
Hi, good afternoon, and congrats on the strong results. I just wanted to start out with the 40% organic ARR growth you're expecting for security transformation. Is there a way for you to maybe unpack for us like the growth rates? You know, are they all fairly similar? Are there certain products that are growing much more quickly? Just some additional color in terms of, you know, how you're thinking about the ST side.
Yeah, great question. We don't break it out. It just has a lot to do with our packaging strategy that we talked about earlier, especially as we do more of the experimentation, and we frankly do a better job of selling both the joint deals and packages to customers. It becomes somewhat arbitrary about how you allocate, so like this much value to this product versus this. Now the reason we break out VM is 'cause mostly you all and our investors are interested in understanding sort of like how things like VM perform, and sort of like security transformation solutions. We try to give you enough visibility, but also without distancing it too much from where the business is actually running and operating.
The way that we operate the business is really focusing on are we solving the customer's problems, and then are we driving share of wallet so that customers are trusting more of their security operations spend budget with us. Increasingly, the allocations when you have lots of our packages becomes somewhat arbitrary. We'll continue to sort of articulate, security transformation solutions at the high level so you get some sense of the growth rates, but breaking it out within that become increasingly arbitrary over time.
Got it. Just in terms of the contribution from IntSights, I may have missed this, but can you give us, I guess, the numbers in terms of the contribution, as well as ARR, coming from IntSights? Thank you.
Yeah.
I'll start, and Corey can add. When we acquired them, we brought on $27 million of ARR. There were about 200 employees, and you know, they were growing over 40%. In the quarter, they contributed about $3.8 million of revenue in the quarter. That was net of a deferred revenue haircut that we took for purchase accounting.
Okay. Thank you.
Thank you. Our next question comes from Brian Essex with Goldman Sachs. Your line is open.
Hey, good afternoon. Thank you for taking the question. Yeah, just wanted to dig into vulnerability management a little bit. I guess maybe, Corey, if you could help us understand how you're thinking about that business, given its growth rate, you know, relative to the rest of the business, and the rate of growth of some of the peers. Is that just a steady kind of growth business? Maybe if you can compare and contrast the sales incentives from the sales force on that side of the business versus security transformation. Then I have a follow-up.
Yeah. I'll just reiterate, for anyone who missed it, is that, you know, what we said and maintained was our expectations of the growth rates of vulnerability management to be over 10%, and we think that has durability there. We also think that from a long-term perspective, we still expect to take share in the market, overall, and we expect to take significant usage share in the market if you think about people using vulnerability management solutions. Part of the reason that we continue to invest heavily in a market-leading VM solution from an R&D perspective is we think it's strategic to our customers. While we have parts of the business, specifically our security transformations, that are going faster, we think vulnerability is an incredibly both strategic and healthy part of our business, long term.
We actually treat it like that. We invest in it. We continue to do innovations and enhancements around it. What I would say you'll see over time, again, is we are indifferent to the line item distribution or allocation. What we're really, really focused on is how customers consume and then maximizing that share of wallet that we talked about earlier. Again, as we move forward, I would say our goal is to make sure that we're leading, especially in terms of usage around vulnerability management to actually be continuing to gain share in the overall market and to grow our ARR per customer and the share of wallet strategically. We think all of those are self-reinforcing with one another.
Got it. That's helpful. Then maybe just as a follow-up, I don't know if you saw, but the Biden administration issued an operational directive to federal agencies this afternoon to reduce known vulnerabilities. I guess the question is, you know, how much exposure do you have on the federal side? You know, from your experience, when these kinds of announcements are made, how long does it take to trickle down to state, local, and SMB, and then large enterprise as maybe that's kind of like a leadership by example type issue?
We've seen good progress on the federal level, but you know, to be clear, we're still early innings. We have both our FedRAMP and our expanded sales and customer engagement for the public sector that we expect to expand significantly over the next five years. That said, we've seen great progress to date. As far as how the mandates quote unquote, "trickle down" to the broader environment, we think it's positive. Like, look, but today you actually have most both CEOs and Board of Directors that are aware. I don't know if this adds anything incremental.
Right.
I think it actually increases our confidence in our public sector investments. I think it definitely has some implications for traditional state and local budgets, which I think is extraordinarily positive. For the corporate sector, what we hear from our customers is just really good engagement with both the executive team and the Board of Directors, which provides a lot of the air cover and support for a long-term healthy environment.
Got it. That's helpful. Thank you very much.
Thank you. Our next question comes from Jonathan Ruykhaver with Baird. Your line is open.
Yeah. Hey, guys. Congrats on the strong ARR performance. It's nice to see that organic acceleration. So I wanna talk about InsightCloudSec. You know, it's been quite a few days since the acquisition of DivvyCloud, obviously bringing you CSPM. But I'm wondering if you can provide some customer interest, maybe adoption trends around some of the newer parts of that product, the cloud workload protection, cloud identity and access management. And then also, maybe you could comment on how you see customers buying that solution set. Is it the whole portfolio or is it more of a land and expand type of sales motion?
You mean within the InsightCloudSec portfolio? I just wanna make sure I understand the question.
Yeah. The InsightCloudSec portfolio, including CSPM, Cloud Workload Protection, Cloud Identity.
Yeah. I would say, one, we're still exploring. We're seeing very, very healthy demand for cloud in general, which you would expect with the digital transformation. We have a lot of confidence both near term and long term about the opportunity in InsightCloudSec, especially as you have digital transformation. As far as the process of the packaging, it's early days. We definitely see both people starting with sort of like one part of the solution and expanding. You know, part of the reason we started our investment with cloud security posture management is that tended to be how lots of customers start their journey.
If you look at both the IAM and cloud workload protection, we see lots of customers just like, "Hey, just give me the solution up front 'cause I actually wanna look at the holistic." I don't have a determination right now, nor am I that overly concerned, just like my discussion on pricing and packaging earlier, is we really let the customer preferences drive it.
Now, we don't give them an overwhelming number of choices 'cause that would just cause sort of like stress and anxiety, but we try to give them concrete choices that say, "Listen, you can control your rollout and your journey, in the path that best suits you." Whether they purchase it all at once, which we have some customers that do, or whether they actually sort of like buy it as they actually use the capabilities, we have customers doing both of those things today, and we have not steered customers either way.
Yeah, that makes sense then. I think also just looking forward, Corey, would love to hear your thoughts on how you see that InsightCloudSec portfolio evolving, where you think there might be holes that, you know, would be a natural fill-in for the company over time.
I can't answer the question about the holes, but that has more to do with the earliness of the cloud market in general. I know we think about sort of like cloud security and cloud applications as something that's been around. Look, this is really sort of like if you look at mainstream adoption, a recent five-year thing. If you look at the massive shifts in how we've actually managed and deployed technology in the cloud over the last five years, there's been some big shifts, and there'll be even bigger shifts. This is the one area that we're gonna be invested in, and we have the capacity to invest in organically and inorganically to make sure that we stay relevant.
If you had asked me three years ago, I had no clue that identity would be such a big opportunity. We actually noticed 18 months ago or two years ago that identity is a really significant opportunity, and we allocated the resources to organically build out that identity solution. That's kind of the approach. Cloud is still early stages. We have a great portfolio in cloud, and that portfolio absolutely will evolve because the cloud market itself will evolve.
Right. Very helpful. Thanks, Corey.
Thank you.
Our next question comes from Brad Reback with Stifel. Your line is open.
Great. Corey, maybe following up on those last comments. When you're walking into an existing customer or net new and you're selling them, we'll say the entire platform, is most of the net new products that you're selling them greenfield opportunity as opposed to the customer replacing a legacy tool?
It's a great question. You know, we see greenfield and legacy. The more upmarket you go, our larger accounts, we see more replacements. The only thing I would say is that by and large, the majority of what we're seeing is replacements of things that are unhappy and inefficient or greenfield. Meaning that, like, it's not that our sales team does not very often go try to convince customers to actually go replace something that the customer is happy with or satisfied with. Most of the time, the customer has some level of satisfaction, even sometimes with great products.
They're just like, you know, they're too hard to use or they're too expensive or they have gaps and so, like, the fragmentation causes me to actually not be able to train up my team efficiently. By and large, we're at the way to think about it is we're selling to either greenfield or dissatisfied customers. You know, what I hear from our sales team is that that's not sort of like opportunity limit. There's lots of people that are dissatisfied, and that's mostly because the market has not focused on productivity, the user experience, or how to make sure that customers can actually have the results they want at a reasonable cost. Those are all problems that we're tackling and solving.
That's great. Thanks very much.
Thank you.
Our next question comes from Adam Tindle with Raymond James. Your line is open.
Hi. Thanks. This is Alex on for Adam. Just curious, with the number of monitoring vendors moving into AppSec recently over the last few months, how do you think the competitive dynamic may shift? With so many vendors, do you think there's any risk that application security becomes commoditized at any point in the future?
You know, it's a great question. We participate, but AppSec is a highly fragmented market to start off with. I would say that yes, there's more vendors in it, but application security out of all the markets that we participate, it's a smaller part of our business. It's very healthy, but smaller part of our business. It is also the most fragmented ecosystem and part of the business. Will it become commoditized? I don't think so. The primary reason is that the foundation is people are building more apps than ever before. By the way, if you think about the other side of the equation is that we had a really difficult global cybersecurity ecosystem when it was professional ISVs building applications.
Now we have a bunch of professional ISVs and a whole bunch of organizations who are new to actually building commercial grade applications, who are building it sort of at scale and faster than ever. That should be a robust opportunity for security. That said, we see some of the biggest opportunities in the clouds and as we extend backwards. I think the application security market is highly fragmented. It, just like the cloud I talked about, will evolve over time, but I don't see near term commoditization even with the competition and even seeing players come in from other markets who actually have great relationships in the application security space, join it. I see many of those players joining in to actually participate in the upside, not just to actually drive it to zero, but we'll see where it goes.
Perfect. Thanks. In case I missed it, just a housekeeping question, can you speak to net retention rate or any changes in gross retention rate?
Yeah.
We-
Go ahead, Jeff. Sorry.
We haven't been disclosing it, the net retention rate, but what we will say is that it has improved sequentially over the past few quarters. We've done a very good job with that area of customer retention. We've invested in it, but we aren't disclosing the specific metric anymore.
Perfect. That's helpful. Thank you.
Our next question comes from Gregg Moskowitz with Mizuho. Your line is open.
Okay. Thank you. Good afternoon, guys. The 58% Rest of World revenue growth was pretty remarkable. I think it's been five years since we've seen that type of growth. The comp that you faced this quarter was actually the toughest that you'll face all year. You know, Corey, were there any regions that were particularly strong for Rapid7 that you would highlight?
You know, the growth internationally is strong. It was not sort of like specific to a single region. We saw, I would say, broad-based health. While it wasn't the same across the board, we saw broad-based health, and growth and strong growth, across the board, across all regions. I think a big part of that was, I think I've talked about this dynamic before, is that internationally it's a lot more work to actually get, especially as you have new offerings, to get both the channel, the branding, and the sales team sort of like selling the platform.
I think our international leadership team, sales team, marketing, and customer services team have done a very, very good job of shifting to the platform from some of our traditional transactional offerings like Metasploit, which is great and highly strategic and highly valuable. As they've shifted over to the platform, that's helped drive the growth. Frankly, they also improved the customer retention. That also has driven growth.
All right. Perfect. Just as a follow-up, how is the labor market from your vantage point?
Yeah. Let me just make sure Jeff didn't have any follow-up comments on the last question because he has a lot of perspective. Yeah.
I just wanted to mention, Greg, that we did benefit. There was a tailwind for the IntSights acquisition, which wasn't in the prior year numbers. They have a greater percentage of international revenue. That contributed to the 58%, but international revenue was very strong and grew in excess of our overall ARR rate this quarter.
Thanks, Jeff. Corey, any thoughts on the labor market?
Yeah. Yeah. It's a great question on the labor market. Look, we're experiencing the same thing that everyone else is experiencing. The labor market has definitely tightened. I think that from my perspective, I think we're probably a net beneficiary. And what I mean by that is that if you look at our hiring plan, we perform well against our hiring plan. If you look at attrition is not as good as it was in 2020, where people really crave job stability, but it's normalized from what it was in 2019. It's over the period. It's more normalized versus some of these super high crazy attrition, I think that some organizations are seeing.
We're seeing that we are our employer brand, and our focus on culture has been able to attract talent in. Now, one of the biggest challenges that we have, frankly, as we go forward, is that as we've seen greater growth in a demand environment, we've actually invested in hiring to support that growth. We opened up that capacity to make sure that we were supporting the customers and to support the growth as we go into next year. That's a lot in this talent market right now to actually expand your hiring in this talent market. That's it. We're having success, but it's something I watch, and we talk about on an ongoing basis.
Very helpful. Thank you, guys.
Thank you. Our next question comes from Hamza Fodderwala with Morgan Stanley. Your line is open.
Hey, guys. Good afternoon, and thank you for taking my question. Corey, maybe just one question for you. You know, really strong growth in new customers. I was wondering, just given the you know, the rising threat environment, to what extent is the growth in InsightIDR being influenced by more deals around incident response? Is that something that you're seeing contribute more to larger customer lands in particular? Thank you.
Yeah. I think you mean there are not incident response services, meaning that customers have an incident and therefore they're upgrading their-
Yep. Yeah, incident response services. Yeah. Yeah.
Yeah. Well, one is, I would say service is not a material driver of that business. I mean, we have a services business, but you can think about the services business as for us being mostly about having the capacity to serve our customers and giving intelligence about what's happening in the threat environment. Services in that way isn't for incident response services driver. Now, one of the drivers is customers have incidents, and they decide to upgrade their monitoring capability. That's a great driver for us. I don't have statistics on it because as you can imagine, not every customer that upgrades tells us that they had an incident. Some of them, when I'm talking to them one-on-one, will actually share that, but they don't always share that with sales people.
I would say we don't have a statistical answer, around that. I would say that we definitely know that that's a driver.
Thank you.
Thanks.
Thank you. Our next question comes from Shebly Seyrafi with FBN Securities. Your line is open.
Yes. Thank you very much. Is there a reason why the professional services revenue growth spiked to 3%-4% from, like, 12% in Q2? Was that IntSights as well?
No, just overall, we had stronger bookings in the quarter, which led to delivering more revenue this quarter. There was nothing unusual in that other than the volume increase this quarter.
With that strength that you're seeing, do you expect services revenue growth to be elevated compared to the past for the next several quarters?
You know, it's not a big part of our business. As you can tell, we, as Corey said, you know, it does lead to product revenues. I think the way you should look at our professional services going forward, it'll be in that mid- to high-single-digits growth over the next four quarters, over the next year.
Okay. Thank you.
Thank you. I'm showing no further questions at this time. I'd like to turn the call back over to Corey Thomas for closing remarks.
Thank you all so much for joining us today on our earnings call. I hope that all of you are healthy. I look forward to speaking with you all later on the next call.
This concludes today's conference call. Thank you for participating. You may now disconnect.