Earnings Call: Q1 2018

May 8, 2018

Ladies and gentlemen, thank you for standing by, and welcome to the Rapid7 First Quarter 2018 Financial Results Conference Call. During the presentation, all participants will be in a listen only mode. Afterwards, we will conduct a question and answer session. As a reminder, this conference is being recorded Tuesday, May 8, 20 18. I would now like to turn the call over to Mr. Jeb Bray, VP of Investor Relations. Please go ahead. Thank you, operator, and good afternoon, everyone. We appreciate you joining us to discuss Rapid7's Q1 2018 financial and operating results in addition to our financial outlook for the Q2 and full fiscal year 2018. I'm Jeff Brade, VP of Investor Relations. I'm here today with Corey Thomas, our President and CEO and Jeff Kalowski, our CFO. We distributed our Q1 2018 earnings press release over the wire and is now posted on our website at investors. Ravin7.com. We've also posted our updated company presentation and financial metrics file on our Investor Relations website, which includes additional information to help explain the impact of shifting to 606 on our Q1 financials. This call is being webcast and can be accessed at investors. Brepen7.com. The webcast of this call will be archived and a telephone replay will be available on our website until May 15, 2018. We would like to bring the call to your attention. The date of this call is May 8, 2018. Our discussion today contains forward looking statements about events and circumstances that have not yet occurred, including, without limitations, statements regarding our objectives for future operations and future financial and business performance. These forward looking statements are based on our current expectations and beliefs and on information currently available to Statements containing words such as anticipate, believe, continue, estimate, impact, intend, may, will or other similar statements are intended to identify such forward looking statements. Actual outcomes and results may differ materially from the expectations contained in these statements due to a number of risks and uncertainties, including those that contain in the Risk Factors section of our most recent Annual Report on Form 10 ks filed with the Securities and Exchange Commission and subsequent reports that we file with the Securities and Exchange Commission. Information provided on this conference call should be considered in light of such risks. Actual results and the timing of certain events may differ materially from the results or timing predicted or implied by such forward looking statements, and reported results should not be considered as an indication of future performance. Rapid7 does not assume any obligation to update the information presented on this conference call except to the extent required by applicable law. On this call, we will provide and talk about our results using non GAAP financial measures and provide non GAAP guidance in an otherwise stated. For For purposes of comparability, we'll be presenting results in accordance with ASC 605. We believe that the use of these non GAAP financial measures provides an additional tool for investors to use in understanding company performance and trends, but note that the presentation of non GAAP financial information is not meant to be considered in isolation or as a substitute for the directly comparable financial measure prepared recorders with GAAP. We provide a reconciliation of historical non GAAP financial measures to the most comparable GAAP measures in in the financial statement tables included in the press release issued today announcing our results. The press release announcing our financial results is available on our website investors. Rapid7.com. At times in our prepared comments or in responses to your questions, we may offer incremental interest to provide greater insight to the dynamics of our business or our quarterly results. Please be advised that this additional detail may be one time in nature, and we may or may not provide an update in the future on these metrics. With that, I'd like to turn the call over to Corey. Thanks, Jeff, and good afternoon, everyone. Thank you all for joining us today on our Q1 2018 earnings call. Rapid7 had a strong start to 2018, putting us in a great position to achieve our 2018 goals, our long term aspirations and our overall SecOps vision. Enterprises are prioritizing cybersecurity in their IT budgets and products that provide visibility, analytics and automation continue to outgrow the overall market for security software. With a broad set of market leading solutions, our SecOps portfolio and platform are resonating with our customers and it's a broader market. The highlight of our Q1 was our annualized recurring revenue, which accelerated to 38% year over year growth. In addition, in Q1, we delivered ASC 605 recurring revenue growth of 40%, ASC 605 revenue growth of 29%, and we also made progress towards hitting our 2018 2019 profitability goals. Based on the strength of our business so far this year, we are raising our guidance for growth in both ARR and revenue for 2018, maintaining our guidance for 2018 operating loss and reiterating our goal of achieving profitability in 2019. At the RSA Conference in April, customers, partners and prospects validated our strategy to provide SecOps solutions that are easy to install and easy to use. Today, most security, IT and DevOps teams find themselves operating in silos, struggling to work together. This misalignment not only results in poor security practices, it also slows an organization's ability to innovate. SecOps is the practice of aligning security, IT and DevOps teams through a shared set of data and tools. Shared visibility supported by analytics and automation creates a common language for teams that breaks down barriers and ultimately accelerates innovation. The Rapid7 Insight platform unifies data collection and delivers the visibility, analytics and automation needed to power a well managed SecOps program. The biggest news of the quarter came in March. When Forrester Research recognized Rapid InsightVM as a leader in the Forrester wave for vulnerability risk management. In Forrester's words, Rapid7 has already implemented what VRM will look like in the future. InsightVM earned the highest scores in their scorecard across nearly every criteria. Also in April, InsightVM was recognized as the best vulnerability management solution by ST Magazine. These types of recognitions reinforce InsightVM as a leader that increasingly demands more from vulnerability management solutions, helping to open doors to more and more opportunities. These InsightVM recognitions follow 2 key Gartner reports in 2017. 1st, where InsightIDR was named a visionary by Gartner in the SIEM Magic Quadrant and second, when our application security solutions earned the highest scores in Gartner's evaluation of dynamic application security testing or DAST. We've always said that we have great technology, but now we're getting 3rd party validation across our portfolio. You can understand why we are so proud of our R and D teams and why we continue to lead in customer growth and retention rates. Now let's review the quarter in the context of our 2018 goals. First off, the highlight of the Q1 performance was our ARR, which accelerated to 38% growth, well ahead of our goal of at least 30% growth. ARR growth is being supported by the overall health of the markets that we address, our shift from perpetual to subscription across all of our products and strong performance of our go to market teams who are quickly transitioning to selling based on ARR. During the quarter, we officially shifted all of our products to subscription pricing and we saw a dramatic shift to subscription contracts during the quarter. Our customers have quickly embraced the simplicity and ease subscription pricing and continue to migrate to our cloud platform based solutions for enhanced visibility, analytics and automation. One metric we are now tracking is ARR per customer, which also saw strong growth, increasing 23% year over year to almost $25,000 per customer. The entire Rapid7 organization is aligned to drive ARR growth and we are enjoying those results today. Our management team is compensated on ARR, our sales quotas are based on ARR and we now have a full complement of SaaS and subscription products across our product portfolio. Our sales team has done a great job of positioning to an ARR model and we have also experienced higher than expected retention of our sales team during this critical transition, which is helping drive confidence in our plan for ARR growth. As for our second goal, which is to leverage the expansion of our Secop portfolio to keep driving new customer growth and cross selling into our customer base, we had a strong quarter in sales to both new and existing customers. This quarter, we grew customers by 12% year over year. The quality of our customer growth continues to be high with our platform customers growing 82% year over year and very strong growth in ARR per transaction as we shift to subscription. One effect of our shifting incentive compensation towards ARR is that we are seeing slower growth in overall services customers and revenues, although we are generating higher ASP per services customer. We are now focusing on more strategic services relationships, which also contributes to a stronger higher quality customer and revenue base. The net impact is that we believe we are increasingly focused on adding customers that have the greatest lifetime value. InsightVM continues to be our primary tool for customer acquisition, driving new customers across the Fortune 1000, mid market and internationally. Once again, we increased our Fortune 100 penetration to 55%. One example of a new InsightVM customer is a Fortune 1000 video game publisher with a small team responsible for a huge vulnerability management environment with over 200,000 assets. Their existing solution had too many manual processes and lacked quality integrations with ServiceNow and other solutions in their SecOps environment. With InsightVM, the customer is able to quickly improve visibility across a very complex modern infrastructure and can now leverage remediation workflows to integrate directly with their ServiceNow deployment. Application security and command. This is a good example of why we have confidence in being able to continue to lead the market in customer acquisition. Once again this quarter, we achieved a strong renewal rate of 120% as our existing customers continue to return to Rapid7 for more coverage and more solutions to solve their security and SecOps challenges. Our cross selling continues to accelerate with new ARR cross selling growth up 83% year over year and cross selling transactions up plus 50%. We continue to see strong growth for InsightIDR as customers increasingly see value in powerful visibility and analytics solutions that can improve their risk profile by dramatically reducing the time to discover a breach as well as reducing the time to investigate reaches. The market understands that a strong user behavior analytics tool is required for detection and that only a cloud based solution can quickly and cost effectively enable detection and response. Our existing customers also recognize the value in consolidating their visibility and analytics solutions with 1 provider. For example, a $400,000,000,000 asset manager with a 3 person security team was looking to upgrade their legacy SIEM, which is only capable of providing them with compliance reporting today. The customer is already a VM and application security customer of Rapid7. The team required a strong UBA solution, especially one that can identify lateral movement by attackers. Not only did InsightIDR perform the best in their evaluation, other deception features and integrations into our cloud platform for vulnerability management proved to be a major differentiator. And the customer was able to experience the excellent time to value that InsightIDR can provide. We also continue to see growing interest in application security as customers increasingly realize that web facing applications are a major risk for attacks and also an area where they often lack visibility. We entered this market in 2015 with our AppSpyder product, which is an on premise solution and is offered on a term license basis today. As part of our shift towards cloud based solutions and ARR, last year we launched Insight AppSec on our cloud platform. While our AppSpyder solution had a great Q1 with overall interest increase in application security and the maturation of our cloud solution, we are beginning to see demand shift towards InsightAppSec. Jeff will go into the accounting impact of this shift a little later. As an example of the building momentum for InsightAppSec, our largest ARR deal this quarter was a Fortune 500 Financial Technology customer already relying on Rapid7 for Nexpose, Metasploit and AppSlider. They were looking to consolidate multiple application security solutions with a provider that could quickly and effectively scan their 4,000 apps every month across both legacy and modern applications. The customers are able to consolidate a legacy product with Rapid7 as InsightAppSec proved to be the most flexible and effective solution and also clearly provided the best time to value. With only 1.5 solutions per customer on average today, we still have plenty of runway to cross sell into our existing base. As for our 3rd goal, we remain committed to improve profitability and to generate operating cash flow in 2018 as well as to generate profit for 2019. In the Q1, our operating loss was within our guidance range and we generated $7,300,000 in cash from operations. We were able to do this even while we increased some investments in our go to market efforts through accelerated hiring of account executives and an accelerated deployment of a new CRM system for improved operational efficiency. We chose to make these investments to help maintain our momentum in ARR growth, providing a strong foundation for 2019 when we can begin to realize the full leverage of our land and expand model and our shift to subscription pricing and the goal of generating non GAAP operating profit. Overall, the first quarter was a great start to 2018 and we made good progress on our 2018 operational and financial goals. Our focus on ARR has been embraced by our sales teams and customers and our Secop portfolio is meeting a critical need for both new and prospective customers. I am very excited about what is ahead for Rapid7. With that, I'd like to turn the call over to Jeff to discuss our financial results and our guidance. Jeff? Thanks, Corey. Before I begin discussing our strong results for the Q1 2018, I want to remind everyone that as of January 1, we've adopted ASC 606 on a modified retrospective basis and therefore we will report each quarter's results under both ASC 606 and ASC 605. We have included all of these details in our earnings press release today. When discussing our year over year growth rates and other key trends in our business, we will be comparing our results on an ASC 605 basis. As we don't have prior year operating results under 606 and the comparison would not be meaningful. To summarize Q1, on an ASC 606 basis, total revenue was $54,500,000 and non GAAP operating loss was 8,900,000 dollars On an ASC 605 basis, total revenue was $58,200,000 and non GAAP operating loss was 6,900,000 dollars We are pleased with our strong performance in the Q1. As I just mentioned, total Q1 revenue on an ASC 606 basis was $54,500,000 and above the high end of guidance. Product revenue was $35,300,000 maintenance and support revenue was $10,800,000 and our professional services revenue was $8,500,000 I will now discuss our revenue on an ASC 605 basis in all comparisons are to the prior year. Total revenue for the Q1 2018 was $58,200,000 an increase of 29 percent. Product revenue was $37,800,000 an increase of 46%. Maintenance and support revenue was $11,700,000 an 8% increase, and our professional services revenue was $8,700,000 a 3% increase. Our product revenue was once again driven by strong bookings in both VM and IDR with accelerating recurring revenue. As we expected, with the shift towards ARR quotas for our sales force, we did see a slowing in professional services bookings and associated revenues. Going forward, we expect professional services revenues will be closer to flat to down compared to 2017. During Q1, we also had a benefit from the impact of revenue previously deferred in 2017 that met the criteria for revenue recognition in the Q1. However, even without this benefit, we would have exceeded the upper end of our guidance. As a reminder, the major differences in revenue recognition between ASC 606 and ASC 605 are as follows: lower perpetual license revenue in 2018 as we spread those revenues over 5 years under 606 and lower maintenance revenue as we use a different allocation method under 606. Finally, Aspire term under 606. Finally, ASPIRE term licenses are recognized upfront under 606, which provided a benefit in Q1. As Corey mentioned, the shift of our application security business towards our SaaS solution appears to be accelerating, which means that more of our application security revenue may be deferred and recognized over the contract term as opposed to recognized upfront under 606. This is purely income statement accounting and has no impact on cash flow. This is the reason the midpoint of our 2018 revenue guidance under 606 is not increasing as much as it is under 605. We continue to have very high visibility into our revenue forecast. Recurring revenue was 77% of total revenue under ASC 606. Under ASC 605, recurring revenue was 75 percent of total revenue in the Q1 of 2018, up from 69% in 2017, which is growth of 40%. 85% of total revenue under ASC 606 and 89% of total revenue under ASC 605 came from deferred revenue on the balance sheet at the beginning of the quarter. Majority of this difference was due to less perpetual revenue being recognized under ASC 606. The value of our annualized recurring revenue increased to $177,800,000 at the end of the first quarter, a 30 8% increase year over year, which we believe is indicative of the success we are having with our shift to subscription. Calculated billings for the Q1 were $48,000,000 or up 9% year over year. Average contract lengths were 18 months for total billings, down significantly from 23 months in the prior year period. As we said since we launched InsightVM, given the mix shift from perpetual to subscription, we've expected our customers to shift towards 1 year contracts, and we saw that materialize in Q1. Also, our 2018 quotas for our sales reps are now based upon new ARR. Consequently, we believe billings and contract lengths are no longer a meaningful comparison to prior periods during this transition as they don't capture the benefit of a higher subscription mix and growth of our annual recurring revenue. The net result is that our billings are resulting in more recurring revenue and greater lifetime customer value. Looking at the business geographically. In Q1, North America comprised 85% of revenues. Rest of world revenue increased 22% year over year and contributed 15% of total revenue in the Q1. While our rest of world revenue growth was a little slower this quarter due to a large services deal recognized in Q1 2017, we did see our international bookings grow faster than overall bookings. Our customer count increased by 12% year over year, and we ended Q1 with more than 7,100 customers globally. Overall, we continue to see strong bookings from new customers, driven by larger deal sizes, multiproduct sales and increased recurring revenue, which we believe are important parts of our growth strategy, and as Corey said, fewer but higher quality services customers. Our renewal rate was 120%, and our expiring revenue renewal rate was 89% in the Q1. As Corey mentioned, we had a strong cross sell quarter. Turning back to the P and L. On an ASC 606 basis, non GAAP total gross margin for Q1 2018 was 72%. Product gross non GAAP gross margin was 79%, maintenance and support non GAAP gross margins were 83%, and professional services non GAAP gross margins were 28%. On an ASC 605 basis, non GAAP total gross margin for Q1 2018 was 74% compared with 74 percent also in the prior year period. Cost of goods sold were essentially the same for both ASC 606 and 605, and therefore, the gross margin difference is all due to the lower revenues in 606. Under 605, non GAAP product gross margins were 80% in Q1 and as expected, were down from 84% in the prior year period due to increased usage of our SaaS platform and managed service offerings, although they did improve from Q4 as we realized some of the benefits of increasing scale in our cloud offering. Our non GAAP maintenance and support gross margin increased to 84% in Q1 from 83% in the prior period. In aggregate, our product plus maintenance gross margins were maintenance maintenance gross margins on a combined basis as we migrate more customers to the platform. And our maintenance revenues and costs continue to migrate to product revenues and costs. We would still expect our combined product and maintenance gross margin to decrease slightly for the full year. Our non GAAP professional services gross margin was 31% in Q1 compared to 34% in the prior year period as we had slightly lower services bookings and utilization this quarter. We would expect professional services gross margins in the mid-30s for the full year of 2018. We continue to expect our total gross margin to stay in the low to mid-70s on both an ASC 605 and ASC 606 basis. For operating expenses, please note that the only difference between 605 606 was in sales and marketing expense, which was $1,700,000 lower than 606 due to the impact of deferring sales commissions, which is in line with our guidance. As for operating expenses, we saw modest leverage in sales and marketing year over year with sales and marketing decreasing to 50% of revenues. As Corey mentioned, given the opportunity that we are seeing in 2018, we decided to make 2 incremental investments in Q1 to help drive ARR growth this year. 1st, we accelerated sales force hires that were planned for later in the year. 2nd, we accelerated some upgrades to our CRM systems to drive more efficiency in our quoting and forecasting. Without these investments, we believe we would have reported a non GAAP operating loss better than our guidance range. We intend to make some additional investments again in Q2, but we still expect to see leverage on sales and marketing expense for the full year of 2018. Our R and D expenses were up slightly as a percentage of revenue this quarter, partly due to the Comand acquisition and some one time expenses. We continue to expect flat R and D as a percent of revenue for the full year. Moving to Q1 operating loss. On an ASC 606 basis, non GAAP operating loss was $8,900,000 which was at the favorable slightly better than the midpoint of our guidance of a loss of $7,400,000 to $6,500,000 On a 606 basis, adjusted EBITDA loss for the Q1 was $7,400,000 On a 605 basis, adjusted EBITDA loss was 5,400,000 dollars for the Q1 compared to a loss of $4,600,000 for the prior year period. On a 606 basis, non GAAP net loss per share was 0.19 dollars in Q1 2018. Our 605 basis non GAAP net loss per share was 0 point 15 dollars We ended Q1 with cash, cash equivalents and investments of $130,000,000 inclusive of the $31,000,000 raised from our public offering in January of this year. This compared with $92,000,000 as of December 31, 2017. Our operating cash flow for Q1 was positive $7,300,000 Moving to our 2nd quarter and full year guidance. As for ARR, given our strong momentum coming into 2018 and our strong performance on new bookings and churn in Q1, We're raising our guidance for full year and Q2 ARR growth to exceed 33%. For Q2 2018, on an ASC 606 basis, we anticipate total revenue to be in the range of $54,300,000 to $55,700,000 We anticipate non GAAP operating loss to be in the range of $9,800,000 to $8,400,000 We anticipate non GAAP net loss per share for Q2 2018 to be in the range of $0.21 to $0.18 This is based on anticipated 46,500,000 weighted average shares outstanding. On an ASC 605 basis, we anticipate total revenue to be in the range of $57,600,000 to $59,000,000 This equates to year over year growth of 21% to 24%. We anticipate non GAAP operating loss to be in the range of $8,700,000 to $7,800,000 As we mentioned, we are increasing some investments in our sales organization in Q2 to take advantage of the momentum that we have built in the business around ARR and our shift to the cloud. For the full year 2018, we are raising our total revenue guidance. On an ASC 606 basis, we are raising our guidance for total revenue to be in the range of $231,000,000,000 to $236,500,000 This equates to an impact of approximately 12.5 $1,000,000 to $13,500,000 from ASC 605. The midpoint of our 606 guidance is increasing by $1,000,000 less than 605 due to the impact of a mix shift of our application security bookings to Insight AppSec from our on premise solutions, resulting more radical upfront recognition, as we mentioned before. This is purely timing of when we recognize the revenue and has no impact on cash flow. We are maintaining our guidance for non GAAP operating loss to be in the range of $26,000,000 to $20,000,000 dollars We anticipate non GAAP net loss per share for 2018 to be in the range of $0.55 to 0 point 42 dollars which is based on our anticipated 46,700,000 weighted average shares outstanding. On an ASC 605 basis, we are raising total revenue to be in the range of $244,500,000,000 to 249,000,000,000. This equates to year over year growth of 22% to 24%. We are maintaining our guidance for our non GAAP operating loss to be in the range of $25,000,000 to 21. Dollars Our full year guidance reflects our planned increased investment into our sales organization during the first half of the year, but more leverage from sales expense in the second half of twenty eighteen. Inclusion, we built strong momentum with our shift to the cloud and subscription, leading to raised ARR and revenue guidance, and we are maintaining our operating loss guidance for 2018 well as our plan to generate operating profit in 2019. With that, we appreciate your time and support, and we'll open the call for any questions. And our first question comes from the line of Saket Kalia with Barclays. Your line is open. Please go ahead. Hi, guys. Thanks for taking my questions here. How are you? Good, Saket. Maybe just to start with you, Jeff. Nice acceleration on the ARR. I think this was the really the Q1 where we had the sales force all aligned on ARR and also the Q1 or 1st full quarter where we introduced a subscription version of the product as well. Maybe qualitatively, how do you think about those different drivers to the acceleration of ARR this quarter? And just to make sure we ask the question, were there any one timers to call out because it was a nice acceleration in ARR? Yes, Saket. I think that we were very careful and we spent a lot of time structuring the comp plans to influence the right behavior. We've talked about it a lot is that we want them focused on ARR. And historically, we've been on TCV plans. So we made sure that that transition could go as smoothly as possible. And I think that what we saw in Q1 is that they really embrace dependent on multi year deals in TCV in the past. And I think that was a pretty big driver. Also, we saw a nice shift from subscription from our perpetual deals when they're on our non cloud products as well. That also drives more ARR per transaction. I think it's overall enthusiasm for the SecOps platform. I'll let Corey add some commentary there that he talked about in his prepared comments. Yes. I think one of the benefits we had, Zach, was that our IER products have been on ARR basis for a while. And when you think about the big shift, it was really in our vulnerability management offering, which had very, very healthy growth for the quarter. A big part of that though was that our sales team is selling to a customer base that was already in a market that was subscription based. And so that lessens the risk for us versus other companies and that translated through higher productivity and higher growth rates in ARR. Saket, I'm sorry, I forgot to answer your question on the one timers. No, we didn't see any one large excessively large deal that would have skewed the results at all. Got it. That's all really helpful. Maybe for my follow-up for you, Corey. It's been a couple of quarters since we brought Command into the fold. I guess the question is, how are you thinking about that product enhancing what we have in VM and SIM versus that as really a standalone tool to make a bigger play sort of into the orchestration market? Any thoughts on Command and its future would be helpful. Yes, absolutely. We've always said the Command orchestration and automation market is huge, and we see more and more customers looking for solutions there and we will be a major player in that market. Our priorities right now are integrate that into our platform. We believe that data and analytics driven automation will provide customers a much, much more robust platform. And our goal is to be a dominant player in the market and to add lots of innovation to the market and actually help make orchestration and automation mainstream. That said, you will see both a major product offering in command over time And you also see us roll out orchestration automation capabilities in our products this year that really are focused on solving the customer set up problem as well as differentiated our solutions versus others in the market. So the answer is both, it's a massive market, it's also a core capability to the platform. We think it's going to drive help drive continued growth. Got it. Very helpful, guys. Thanks very much. Thank you. Our next question comes from the line of Matt Hedberg with RBC Capital Markets. Your line is open. Please go ahead. Thanks. This is actually Matt Swanson on for Matt. Corey, you start off talking about inside VM, the success you've seen and some of the accolades you've received recently. Could you just talk a little bit more about some of the specific differentiation in the offering and kind of the competitive landscape you're seeing around it? Yes, no, absolutely. So if you think about vulnerability management, historically, it's been much more of a tactical solution. And our observation that really started 4 plus years ago that the problem of how people manage and maintain their IT environments was one of the single biggest causes of cybersecurity risk. And if we could actually translate what we were doing in vulnerability management to helping customers better manage, maintain, update, configure and control the environment and solve the IT complexity problem from a security operations perspective, then we would be doing a great service to our customers and make ourselves wildly successful. That is the core of the translation of how vulnerability management applies to the SecOps vision. It is about not just reporting, it's about taking data about the environment, analyzing the vulnerability state of the environment and then making it easy for people to remediate and shift that state of the environment. And so the big differentiator that we get credit for are analytics about risk exposure in the environment, our analytics about the remediation state of the environment, helping people understand not just what the vulnerabilities are, but how does that relate to their IT operational practices. And then what we're doing as we go forward is translating that remediation analytics and remediation workflows into remediation orchestration and automation that allows people to much more effectively pass control and maintain the environment. What we're seeing as a natural outcome of that is that vulnerability management would just be managed by a very small subset of the security team focused on compliance. For our customers, it's now becoming a core capability that spans both security and IT. And as part of that, they operate have made sort of vulnerability management much more operational. That's great. And then if I could just ask one more, another really strong quarter for cross sell. I was just wondering how efficient you feel the go to market motion is right now around cross selling. Like are you firing on all cylinders or is there additional gains to be made in that? Yes, we're making so one, we make great gains. We're seeing great momentum in cross selling. And we believe that there are still greater gains to be made. We still are in the early stages of the ARR per customer that we can achieve, the number of products per customers we can achieve. And we're getting positive feedback and momentum from our customer base on our overall SecOp portfolio strategy. And so we're optimistic that we actually have sustainable growth in cross selling, which leads to much higher rates of ARR. All right, great. Thanks for the time. Thank you very much. Our next question comes from the line of Michael Turits with Raymond James. Your line is open. Please go ahead. Hi, guys. This is Eric Keith on for Michael. Congrats on the quarter. I just maybe a couple of questions to follow-up on Matt's questions. Could you maybe talk about how your resources between going after new customers versus expanding the existing customer base? Just kind of how you allocate those resources? And then further to how the sales force is organized to land new customers versus cross selling and up selling existing customers? Just kind of the dynamic between those 2. Yes, absolutely. So one, we actually have the luxury to be firing on all cylinders. And so because of that, we actually believe that the best thing is keep things simple. And so we're focused on one thing, ARR growth. And we achieved the ARR growth both by adding new customers, but also expanding. So it is an and for us. And the way that we structure our sales team is we have a team that actually focuses on customer relationship management and account management and the renewals ecosystem. And then we have a team that's responsible for new ARR growth. That can come from adding new customers or from expanding existing customers. And we for the states that we're at right now, we're fine with either one. We have massive growth in the number of customers that we can add to our platform. And we have substantial opportunities to grow the ARR by per customer by a huge multitude. And so because we actually have positive outcomes that we can achieve on either, we've actually left it to our sales team to actually think about what's the most efficient way to grow. Now we are managing it and we are looking at it. So we do put spiffs and incentives in place actually keep the balance. So you should continue to see us both add new customers and expand the ARR for customers. But right now, we're just focused on the overall growth of ARR because both of those are going to grow substantially over time. Great. That's helpful. And then maybe similarly on the VM kind of competitive landscape. Could you maybe just talk about what you're seeing with competition in terms of endpoint vendors that may be moving towards VM? It just seems like kind of a little bit of shift or a little bit of a trend that might see going on. And just how that impacts you strategically going forward? Well, it's not really a shift. There's always I think since the history of vulnerability management, there's always been players that have kept to add VM as a feature. And it's always been even in the days of when it was truly compliant, it's always been a while inadequate. Like everyone from IBM to Tanium to whole list of people to the current cost of people, who look at it as a feature of just saying, hey, I have a small view on the assets and I have a small view of a significant subset of vulnerabilities. If you think about what a modern vulnerability management program, which is evolved over time, it's about providing for basic visibility into the environment, not just the assets where you actually agents installed, it's about providing visibility to your cloud infrastructure, to all those HIC assets that have no agents installed and have never had agents installed in the environment and then understanding every application and service installed in those assets and not just what the past level or the vulnerability level is, but also understanding the configuration level of those assets and then being able to analyze what's the overall risk and exploitability of the environment and then translate that into a remediation workflow and action plan. And in the future, you will be able to automate. That is an incredibly difficult feat of engineering. And most people want to actually get into the details of what it takes to actually, 1, a modern GM program, realize that it's a market differentiator against other endpoint vendors or whatever other market that they're in. But none of those things have proven credible as they choose vulnerability and management solution. Great. Thanks, Corey. Thank you. Our next question comes from the line of Rob Owens with KeyBanc. Your line is open. Please go ahead. Hi. This is Liz on for Rob. Just curious if you could comment on the underlying market you're seeing in vulnerability management, whether you're seeing kind of a breadth of if you've seen any change in growth in that market and then whether or not whether that change is coming from increasing breadth of scans or sort of scanning more of your environment or more frequency of scans? Thanks. Yes. So we're different than lots of other vulnerability management companies because we're selling to the value proposition of how people operationalize their security. And so we're just as much selling into vulnerability management budget as we are what do you do about it and how do you operationalize security, how do you actually analyze your remediation and your IT processes And then how do you automate those over time and tie those into your workflows? Because we actually have that unique proposition, we're seeing much higher demand because most of the customers that we're talking to and a big part of the growth that we're seeing, they're trying to move past the place of just having visibility into a place where they can actually really start operationalizing security and operationalizing the management of the environment. So we see incredibly strong demand, but it's not tied to narratively demand management, it's tied to our approach around SecOps and our focus on the remediation analytics, remediation workflows and the upcoming orchestration and automation around that, that resonates with customers saying, okay, I can actually do something about it now. Okay. That's really helpful. And then quickly, just curious if you had any change in sales attrition or turnover based on change in the comp plans, if there were some changes that need to be made. And clearly, it looks like you didn't see that in the quarter, but just wondering if there's any change there? Thanks. Yes. We talked earlier. We expect that we never just say it's confidential. We expect to have a slightly higher turnover. We didn't see it. We actually had higher retention and higher productivity of our sales team than was expected. And that gives us increasing visibility and confidence as we go through the year, which is one of the outcomes of us raising our guidance both in revenue and Our next question comes from the line of Gur Talpaz with Stifel. Please go ahead. Great. Thanks for taking my question. And Corey, Jeff and Jeff, congrats on the quarter. So ARR per customer, interesting metric to offer here. It looks like it accelerated here for the 6th great quarter, I think as far back to the data I have. If we break down the components here, you talked about 1 point 5 solutions per customer, still a lot of room there. How much of that growth here is inside IDR, inside ops, new solutions versus growth in VM? And then if we could expound that, if you think about the VM opportunity, how much how far do you think you're penetrated right now in your installed base just for VM? Yes. So multiple questions there. So the core I'll just break down about how we think about the expanding ARR growth. So the simple one is that expanding the number of customers. And so that clearly has ARR. When you think about on a per customer basis, there's sort of like 3 main levers that I'll point to. The first lever is sort of the amount of coverage of the assets that you have in the environment. And a big part of our growth is that we have more assets per customer in the environment. The second thing that you're actually pointing to is the number of products per customer. And what we have there is that we've expanded our product portfolio and our products that we've introduced in the last few years have actually done quite well in the market and been well regarded and well received. We're at the very early stages, but we're seeing great adoption on the expansion of the Brochmore customer. And that's actually translating into actual both recurring revenue and now starting to translate in revenue as time progresses on. And so it's not just something they're downloading, it's something they're actually paying significant amount of money for. So that's positive. The second part of that sort of aspect of the number of products for customer also has to do with the fact that our products have different ASPs. So things like IDR has higher ASPs than vulnerability management has. But you have a so what's happening is our ASP growth is slowly tripped up as we introduce new products. And then the last aspect is sort of in a temporary one, but that's the mix shift as you go from license and perpetual to a subscription basis. That started last year and that's a positive effect that you actually have. But the data we really focus on sustainably is continuing to steadily increase the customers. And then the really big lever is increasing the products for customer there. Hey, Gur, the other point is that the IDR continued to grow triple digit over 100% again, which doesn't directly answer your question on the mix, but it's a data point and VM had very strong growth as well this quarter. That's helpful. Thanks for that color. And maybe another question here on the shift to recurring, it's obviously a big emphasis for you guys. Can you talk about the response from the installed base as you made these changes this quarter, particularly the legacy base here perpetual customers now being sold into recurring models. How has the response been thus far from those customers? It's been positive, but a big part of the positivity is one, we didn't actually we learned from others. Again, we have the benefit of actually doing this transition later and actually taking the time to study what's worked and what hasn't worked. We didn't force it with a stick so to speak. We actually brought a lot of carrots. And so our cloud based platform compute power that you have capabilities that aren't just possible with the compute power that you typically have in most on prem environments. And so by taking a benefits approach, we're actually seeing much higher levels of conversion to our cloud based platform than we expected. That's great. Thanks guys and congrats again. Thank you. Our next question comes from the line of Jonathan Ho with William Blair. Your line is open. Please go ahead. Good afternoon and congrats on the strong quarter. I just wanted to start out with some of the commentary that you had around the Forrester placement different portions of the different portions of the market? Just want to get a little bit of sense of what that's meant so far. Yes. As we talked about earlier, we have achieved and we are achieving strong growth and strong pipeline there. I would say that we got the Forrester because of the capabilities that we were positioning. And so it came out somewhat later in the quarter, so it's too early to tell how much impact that has had. But we've been selling that value proposition and it's been resonating with customers. And part of that, you saw the outcome of that in the results. And we definitely see that in our competitive win rates, which were already high and continue to be high. And so I would say we're seeing more opportunities. We've become one of those companies that when people are looking to do something, that people look that they have to include by default. And I think that, that recognition helped us continue on that track, ensure that we're in more and more deals over time, and we have more durability in that sort of vulnerability management aspect of our SecOps business. Got it. And then just in terms of the additional investments in sales, can you give us a sense of maybe where those investments are going to go? Is this going to be more on the international side? Are there certain segments of the market that you're targeting with those investments? Any color would be appreciated. Thank you. So our postal sales investment is really we invest where we actually see productivity and visibility. And if you look at our performance, we see broad based productivity and we see broad based visibility. And so our investments are across the board because we're investing behind demand. And because we see the demand and we see the opportunity, we were able to make the investments. And it really is happening across all aspects of our business. Our next question comes from the line of Ann Mizner with Susquehanna Financial Group. Your line is open. Please go ahead. Hi. Thanks for taking my questions. Corey, I just wanted to dig into the new strategy around services a bit more. You have a number of different types of services that you guys offer. Are there any that you're deemphasizing more than others as you focus on more strategic customers? I would assume that pen testing and incident response would remain somewhat strategic for you. So maybe you can just shed some light on how we should be thinking about that? No, absolutely. It's a great question, especially as we're seeing more demand for ARR and we're seeing and we're focused ourselves on what we consider more strategic services. The way that we think about more strategic services is services that have a net higher lifetime value for Rapid7, not just in terms of services, but also in terms of ARR. So what we're really looking at is focusing on companies and organizations that are looking to transition and transform their security program and actually really embody that SecOps vision. And we're aligning our services around that. Over time, what that means for us is that we're focused on less, I would say, transactional, whether it's pen testing or IR, less of the transactional appliance based work and more of the transformative work that will result in larger engagements, which we're already seeing, larger ASPs in our services contracts, but also more strategic relationships with our customers. That's the focus of what we're doing. Okay. That's helpful. Thank you. Thank you, Ed. Our next question comes from the line of Melissa Franchi with Morgan Stanley. Your line is open. Please go ahead. Great. Thank you. Corey, you talked a lot about investing in the direct sales force. And I'm wondering if you can maybe comment on investments in the channel and how they're being levered to help enable the journey to subscriptions and if they're fully ramped on that? That's a great question, Melissa. And so one, we're actually seeing increasing channel demand and demand for channel partners. I think a big part of that is both the recognition that we're receiving in the market from our technology, but also the traction that we're getting with customers. And so engaging with the channel from a position where the channel wants to engage with you is a much easier position to engage from. Our strategy now that we've actually sort of aligned everything on an ARR and a subscription basis, Our strategy with the channel is actually to focus on value added partners that can really help our customers achieve our SecOps vision and the vision that we think helps customers be more productive. And so we're not indiscriminate our choice of channel partners. We're actually taking a very thoughtful approach that combines near term revenue and ARR, but really with long term customer transformation that we believe will generate the greatest economics both for the channel and for ourselves over time. Okay. That's helpful. And then one quick one for Jeff. Jeff, I think last quarter you commented on cash flow for 2018. I don't know if I missed it this quarter. But wondering if you could maybe give an updated view on what you expect for cash flow? Yes, sure. So we did say that the cash flow this year would approximate 2017 levels. We're not seeing any change there. But having said that, if contract lengths go down further, could be yes, could it be a little bit less? Sure. Still be positive operating cash flow, but it's all dependent on really the contract lengths. For a few quarters, we've been talking we've been saying that we expected the contract lengths to go down, and it really materialized this quarter in Q1 with the focus on ARR, so we had less multiyear billings. But at this point, we're still staying in the same range of 2017. As I said, it might be a little less if that changes, but we'll have to see how it goes over the course of the year. Our next question comes from the line of Sarah Hindlian with Macquarie Group. Your line is open. Please go ahead. Hi. This is Fred Ademeyer on for Sarah Hindlian. I wanted to reiterate firstly what many others have said already here about a very nice reacceleration in ARR during this quarter. And I wanted to better understand some of the dynamics within ARR. Firstly, so on this, would you be able to describe how much of your ARR is related to purely SaaS subscriptions and how much is related to say perpetual licenses sold on a subscription or term basis? And then secondly around the ASC 605 and 606 guidance in presentation, Is there any way that you'd be able to help us bridge the difference between ARR reported under 605 and what we should be looking at it under 606 as we build our models? Thank you. Yes. We don't break out the components of that ARR, but the SaaS portion is increasing, obviously, as we converted the our vulnerability management products to InsightVM in the Q2 of last year. So it's becoming a bigger portion. But still, we still have the legacy of over $100,000,000 in that 35% portion from all the perpetual sales still carrying forward. So it's still the majority, but what we can say is that the SaaS portion is growing with the migrations. And of course, our IDR product line is all SaaS. And the way we define ARR is the same across the product line. There's no difference under recurring revenue SKUs, not the perpetual SKUs. Okay. Thank you.