All right. Good afternoon, everyone. Thank you for joining us. My name is Brian Essex. I'm JP Morgan Security Software Analyst, and with us today, we have Andrew Burton, Chief Operating Officer of Rapid7, and Elizabeth Chalk from IR. You don't have to say anything, do you?
No.
Not prepared?
No, no, no, no. Go.
All right, great. Great. Well, thank you for joining us.
Thanks for having us.
We really appreciate it. Maybe we could start off with a brief overview of, you know, for those that maybe aren't intimately familiar with Rapid7, you know, the evolution of the company. You know, you used to be like pure play VM, and then you expanded into other markets. So maybe a little bit of a background to lead into some of these other questions that I have for you.
Yeah, no problem. So, so we started out largely with this key insight around the underserved or mainstream enterprise opportunity before cybersecurity people that were looking for visibility into their environment about where vulnerabilities might exist, what has largely been characterized as the vulnerability management segment. And in that, those early years, and largely up through the IPO back in 2015, we were largely a VM provider to this kind of mainstream enterprise buyer.
Mm-hmm.
And what we heard from these buyers is it was great to give them visibility where they were. They had a really easy use, affordable, kind of, you know, quickly consumable product. But that as we gave them visibility into where they had exposures, they needed to also understand were those exposures being exploited, were they being actively or breached, or were there incidents that could occur?
Mm-hmm.
And so our second chapter of the company was really expanding out what we think of as our security operations offering, which was largely around the extended SOC and this idea of the SIEM being inverted to be more detection-based. And we've built out a pretty substantial piece of our business that is now growing over $300 million over 20%. And that was in this proposition of helping security teams, again, mainstream enterprise, to understand what's going on in their environment and be able to monitor and detect if malicious activity is occurring or could occur, how to take proactive steps, right? And now what we're doing is largely bringing this consolidated and integrated view to security teams.
Again, mainstream enterprise, where we can give people visibility across their attack surface, and better visibility leads to better monitoring and detection, which also then allows their security teams to achieve better outcomes. So the history of the company is from originally this VM company around, understanding exposures.
Mm-hmm.
to an integrated SecOps company around understanding exposures plus active monitoring and prevention, to now a consolidator for the mainstream enterprise around really delivering better security outcomes around these problems.
Right. And what about on the cloud side of the business and how that maybe evolved as well?
Yeah, it was interesting. The cloud is. I think as folks, you know, hindsight's 20/20, but, you know, at the time, what we saw, and everyone has seen now, is clearly the emergence of public cloud and cloud environments, and not one, but multiple clouds. And so these mainstream commercial or mainstream enterprise companies have nowadays, it's obvious they have a multi-cloud environment, right? And so as the cloud emerged, a lot of our customers said: Well, it's important for us to have the policies, controls, and assessments in place for the cloud. Now, at the time, there was a lot of active debate is who would own cloud security, and would that be separate teams, or would that be one of the teams we're already working with?
The early years, we were building out dedicated cloud security capabilities in a dedicated offering, right?
Mm-hmm.
What we have seen is really a more integrated approach that security teams mainstream enterprise not high-end or cloud-native organizations. But when we think about mainstream enterprise, you know, I think about it as the Russell 3 or, you know, in three-quarters of the rest of the Fortune 5. So it's folks that have a security team, but they're not, you know, the super-rich or the super well-funded.
Mm-hmm.
They're people that are often outside of financial services or, you know, maybe outside of one of the core, you know, tech-enabled spaces, right? And so what we saw was this security team that was being asked to cover the fuller environment, not just traditional workloads, but cloud workloads.
Mm-hmm.
What we've seen is that as the cloud has matured and has become really a core part now, it seems obvious now, but as we see now, as the cloud is a core part of an organization's infrastructure, security now is responsible for securing the entire environment. They still have to work with IT and DevOps and Cloud Ops teams, but they're ultimately responsible to both the board and the CEOs and CFOs to have a good security program.
Mm-hmm.
So we have gone on this journey. We had a dedicated cloud offering, but now we have brought that into our broader SecOps and integrated SecOps offering.
Got it. And you've done, you know, a few acquisitions to kind of get to that point too. I mean, what have you kind of acquired versus built organically, and how has this all been assembled on-
Yeah
-the platform?
Yeah. So back when, so we had an organic effort around our traditional VM base of helping people assess their workloads. And what we saw at the time is we had an opportunity to accelerate our development efforts. So we acquired a company called DivvyCloud, which was a the cloud security posture management, right? And that was, at the time, that was the core thesis of having the policies and controls around your cloud workloads, and not just one cloud, but multiple clouds. And what became apparent, and again, in hindsight, it's 20/20, is that people also wanted to assess vulnerabilities in their cloud environments. And so we augmented some organic work we were doing with also buying a company called Alcide, which is an Israeli company.
Our belief was that these separate cloud capabilities would combine and consolidate into a singular set of cloud security offerings, right?
Right.
Now, it seems pretty obvious, but emergent, you know, technology often comes out in point solutions and then it evolves into being a more consolidated, integrated offer. So we've seen workload assessment and workload protection consolidate with policy management, entitlement, and event management coming together.
Mm-hmm.
I think now we're seeing it really expand or integrate into the broader security program. And so one of the things that we're focused on is making better security in the cloud, but also across the attack surface, more accessible to mainstream enterprise.
Got it. And I guess if we think about, you know, some of the peers in your space-
Yeah.
You know, a few of them originated from some of the same kind of vulnerability.
Mm-hmm, mm-hmm
management focus, and they've branched into certain different directions
Yeah
Compared to where Rapid7's gone.
Yeah.
You know, how do we think about the way peers have evolved versus the way that you've evolved? And how would you characterize your business, you know, in terms of a point of differentiation with regard to maybe some of the 2VM peers-
Yeah, yeah
that people most naturally compare you to?
I'd say it's a great question. I'd say one of the most, kind of most significant distinctions was our belief that you would need to be actively monitoring and detecting things in the environment.
Mm-hmm.
That's in addition to telling you, is there risky, are you exposed, or do you have risky exposures, right? So when we largely the SIEM market, when we created a, we were, I think, if not the first, one of the first to build a cloud-based SIEM, but we built it to do detections at its core, right?
Yeah.
And so, the original VM players all took different paths, but our probably we were unique in that we said, "Hey, you know what? It's really gonna be important is that these environments are gonna continue to expand, they're gonna become more dynamic, and they're gonna become more diverse. And you will need a detection first or detection-based security program at the core," right? And so we built that out, and I think we've had quite a bit of success doing that. But that was probably one of the first and probably one of the biggest distinctions.
Yeah.
Now, we still believe visibility is important. Assessing your environment, understanding what your security posture is, where vulns are, we still believe that's very important, but it's part of a broader proposition.
Right.
And so I think there's been debates between the different VM companies about, is visibility and assessment in and of itself, the market?
Mm-hmm.
Or is it part of a bigger proposition? We have argued that it's important, but it's part of a bigger proposition.
Yeah. How do you think about some of the larger vendors getting into VM?
Yeah.
I mean, you have some of these larger platform vendors-
Yeah
-and they'll-
Yeah
you know, they'll say, "Well, you know, we, we look at some-
Yeah.
vulnerability management in cloud or whatever.
Yeah. Elizabeth and I were discussing this earlier. So you see, like, two notable names, right? Microsoft and CrowdStrike-
Yeah
are talking about vulnerabilities, vulnerability management as being part of their security offerings.
Mm-hmm.
I think this largely validates two things. One, it's hard to do, right? It, this is not something anybody can do. I mean, CrowdStrike and Microsoft are quite, you know, quite significant security players.
Yeah.
They have a massive amount of resources, and it requires expertise. But too, it isn't something in and of itself that is a standalone business, right?
Mm-hmm.
I think when you look at what the vendors, including us, ourselves, are saying, is... If you look at Microsoft, it is visibility across your attack surface is important, right?
Mm-hmm.
Understanding potential vulnerabilities or misconfigurations is the first step. And I think it actually validates our strategy to say, "This is important, but it's part of a broader proposition." So, if I would worry is if no one—if people were saying it wasn't important, right?
Right.
So the fact that you have multiple vendors saying it's important, I think, recognize. Now, the question is: How does it fit into our broader strategy, right?
Mm-hmm.
I think our point of view is that visibility leads to better monitoring and better detection, and so it's the entry or the first step into a better security program.
Mm-hmm.
But we are very clear, it's a step, it's an entry, it's not the main event.
Got it. And then maybe taking a step back and looking at, you know, recent events with company performance.
Mm-hmm.
You recently changed your posture around investing in growth, shifting focus towards margins and the cash flow-
Mm-hmm
... announcing a reduction in force, you know, last year. And, you know, maybe if you could frame out the thought process behind that shift-
Yeah
and how it's evolved since.
Yeah. Yeah, I'll frame it as a couple of steps we took.
Sure.
Right?
Sure.
So last summer, we looked at our business, and we felt like we had really done a nice job around our MDR or our Managed Detection and Response business-
Mm-hmm
Of consolidating multiple capabilities. We had log analytics, we had endpoint protection, we had network detection, we had UBA. We, we consolidate a lot of capabilities into a singular integrated offering. And that is, as I was saying, is a very healthy piece of our business.
Mm-hmm.
Right? And when we looked at that, we said: Look, this is really a strategic bet for us. And we looked at how the company was set up, how it was, how, where the investments were occurring, and we found that we needed to make some structural changes to the business to help us better align to where we were building things.
Mm-hmm
... how we were going to market, and we really decided to introduce a couple of things. One, integrated consolidation offerings, right?
Mm-hmm.
Similar to our MDR, we said: Look, we're gonna offer and capture more ARR per customer. We wanted to build out our offerings in a way that they were integrated, but could offer customers more value for their dollar, right?
Mm-hmm.
The macro had changed at this point, and people began to really think about how to maximize their security investments.
Mm-hmm.
Because security is still number one in the spend of IT spend, but it's not immune to these macro environments-
Right
... right? So, we looked at it and said: Look, we've got to take advantage of more offshore development. We've got to take advantage of alignment-aligning our investments and our people to this strategy. And so we did do a reduction and a restructure, right?
Right.
Now, that set us up for an efficient growth model, the balance between, you know, free cash flow and growth. So we said we would double free cash flow from $80 to $160, and we now have a $160 number that's out there for this year, right? That we feel very good about.
Mm-hmm.
It began to really set up efficient growth. The first step was: Are you organized for success, and do you have the strategy to execute? That's what I think about last summer.
Okay.
Then we had been piloting these consolidation offerings, and our MDR offering, again, growing quite well, having quite a bit of success. We continued to really focus our go-to-market efforts and our sales and product efforts around that. As we entered this year, the visibility side of the equation, the ability to consolidate integrated visibility across the attack surface, what we call CRC, was our traditional VM business and our cloud security business.
Mm-hmm.
And we said, "Look, we're going to integrate this as well." And when we set guidance last quarter, one of the things that we had assumed was that the rate- so we saw an uplift of some security and-
Mm-hmm
some cloud security and VM spend in Q4, and we assumed that that would continue this year. And what we saw was actually the depth of integration needed when it was going to be planned for this summer, and that we needed to introduce some. There was some price dislocation in the market.
Mm-hmm.
And so we felt like this, to drive CRC, we needed to make these changes, but the rate of purchasing and the rate of spend around vulnerability management and our cloud offerings went down as we were working on this new offering.
Okay.
There was a couple of reasons why, but that's what led us to take a step back and basically say, "Hey, we, we want to reset our outlook." Still have free cash flow, right? So, so our profit-
Mm-hmm
and free cash flow is unchanged. But we said: Look, we want to adjust our guide so we can do this investment in building this new consolidated offering.
Mm-hmm.
And we have shared or provided an outlook that has basically-
Okay
... has very minimal contribution of our CRC offering.
Mm-hmm.
We continue to really expect no change in the macro, but our MDR MTC offering will continue to maintain its current healthy pace.
Right. How do we think about that, kind of like, dip in CRC adoption?
Yeah, I think it was a couple fold. I think, one, in the mainstream enterprise, if you were born in the cloud or a cloud-dominant organization, cloud security has been very important to you.
Mm-hmm.
Right? Our buyer is this mainstream enterprise, where it's a hybrid environment. They have a mix of environments. And so what we're seeing is they're largely being locked out of participating because it's a premium purchase for them.
Okay.
And so what we've heard from a lot of CISOs is, "Look, I need to protect my environment, but I can't, I can't narrow that coverage. So if you charge me more in one part of the environment, and my budgets are fixed," which they largely are constrained-
Mm-hmm
I have to narrow my coverage." We feel like that's a false choice.
Right.
And so what we've seen is the need to lower the price points on cloud security and have more of an integrated offering-
Mm-hmm
requires us to both lower the price point on the cloud security capabilities, but then also expand coverage so you can do 100% coverage.
Right.
Now, the thing I would share is, we did this once before with DNR, where people used to charge for data. They're like: "Oh, if you just want..." And security teams were like: "Well, I can't pay for all the data, so I'm going to constrain what I collect." And that was a false choice. And so we see that once again-
Mm-hmm
-in the attack surface side of the equation, where people are saying: "Well, if I pay these market rates on cloud or I pay a lower rate in year one and someone tries to charge me more in year two, that's forcing me to narrow my coverage.
Right.
And what we want to do is lower the price points to participate in cloud security, but then also expand coverage to provide integrated visibility across the attack surface. And so the CRC repackage or relaunch is going to include both integrated capability with a lower effective price point that's offset with broader coverage, if that makes sense.
Mm-hmm. Yeah.
And that's really what I think that it'll unlock, I think, one of two things. The VM, the existing VM customer who wants to expand-
Mm-hmm
that coverage, that's a, that's a win, and the ability for more people to participate in covering their full attack surface.
Right
If that makes sense.
Yeah. Yeah, it does. And so when do you anticipate you'll be able to have that, like, fully integrated CRC in the market?
Yeah.
What do you do in the interim?
Yeah. So we still have some nominal participation. We still have, you know, discussers. It's the consolidated offering-
Yeah
-that we're really focusing on. So there are two things. We've communicated that it will be this summer, we'll have the new integrated offering, what we call V2. And to be clear, it's an acceleration strategy-
Mm-hmm
versus something new, because we have this first version that was well received. People just said: I need two things. I need it to be more accessible to me at my budgets, and I need some, what we're an integrated approach. I call it integrated attack path mapping, which is a fancy way of saying, "I need to map laterally across the environment, just within a given silo.
Okay, got it. And as you mentioned, you know, you gave, I guess, cash flow guidance of, I think, $160 million this year. It's doubling over last year. How do you manage throttling investment in growth versus profitability? And, you know, as you prioritize one versus the other, you know, what are the levers that you'll pull to, you know, invest more in growth?
Yeah. So, one, I think we have, we've gotten this question today, actually, quite a bit around-
Sure.
How do you feel about your sales and marketing investments for growth?
Yeah.
I'd say we feel very good, and we feel like we have capacity available.
Mm-hmm
-to continue. Part of the reason we, we took down our guide was to create space for us to deliver the integrated offering-
Mm-hmm
and to do the repackaging, the repricing.
Mm-hmm.
Right? And so I think we feel like we have a lot of flex. We have a ton of confidence in the $160 of free cash flow.
Mm-hmm.
We have capacity in our go-to-market engine, right? And our investments are being actually directed at driving the core foundational work of pricing, packaging, and some of the integrated work.
Yeah.
Right? So I don't think of it as a throttling perspective. I think of it as, have we invested the right level to basically drive efficient growth, and do we have that balance between, growth and profitability?
Mm-hmm.
And the macro... Our assumption, by the way, we've gotten this question as well today-
Yeah
is the macro. We do not believe it changes. We believe it continues to be a constrained environment.
Mm-hmm.
That's something that's been going on for several quarters, and we've talked about that as such. So, deal inspection is high. Level of CEO, CFO, board level involvement is quite high.
Mm-hmm.
Large deal cycles are taking some time, but that's just something that we've been managing the last couple of quarters.
You don't feel as though your focus on margins and cash flow is constraining your growth at all, it's more of a demand issue?
Yeah, I think it's just we have to execute a little bit better-
Yeah
in some of our packaging and pricing. I would be clear, a lot of the foundational technology work, the hard work is done. One of our, we were meeting with one of our investors earlier, and we were talking about the ability to have integrated data context enrichment across the attack surface.
Mm-hmm.
We've built out what I would call the hard engineering capabilities.
Yeah.
Right? And delivering that at a very attractive cost basis is largely there, right? What we've shared is what we need to do is better execution on the packaging and the pricing, and then how we actually deliver the integrated capabilities to the market, right?
Mm-hmm.
And so that's what we've talked about is this summer.
Okay. And I'll look at Elizabeth when I ask this question, but...
Great.
Now, net new ARR was relatively low this quarter, right? And so you need an acceleration through the rest of the year to kind of hit your targets. I guess, how do you, how do you characterize the level of confidence you have in the ability to hit those targets? And what has to be done? Obviously, you just said execute, but, you know, what has to happen in order for you to get there?
Yeah, so what we've said for the remainder of the year, we expect single-digit or high single-digit in millions of net new ARR in the second quarter, and then, you know, that ramping throughout the back half. We said that that was really dependent on our detection and response business continuing to be healthy this year, and that is really the bulk of what is driving the net new ARR growth this year. Our expectations for Cloud Risk Complete and, you know, VM are fairly modest. You know, we expect that revamped offering midway through the summer to get some additional traction towards the end of the year, but there's a very modest amount of that built into our guidance for this year.
Yeah. How are things so far? I mean, we're halfway through the quarter. I realize your quarter may be somewhat back-end loaded, but, you know, how do things feel so far this quarter in terms of executing to those goals?
I mean, there's no update from what we said in our earnings call. Just, you know, things are tracking as we expect.
Yeah. I mean, what, what we tried to do, and I think this was a, this was a learning for us, obviously, a hard learning out of Q1-
Mm-hmm
- is to provide more specifics on what the levers are that we expect and what those are. So as Elizabeth shared, like, DNR is a healthy part of our business.
Mm-hmm.
It's over $300 million, it's growing north of 20%. We just expect that, and there's no reason to see otherwise why that won't continue, right?
Mm-hmm.
We see nominal contribution of this second package, the CRC package, and what contribution we see is very late in Q4. So you say-
Okay.
Okay, that seems reasonable, right? We also assume there's no change in the macro and the spending environment.
Mm-hmm
which is already constrained, right?
Mm-hmm.
And so we've tried to do a better job of exactly what the assumptions are. One that we did talk about at earnings was also we see we're investing more in the channel-
Mm-hmm
versus our... We had this, this shift out of direct, some higher-
Yeah
expense, direct efforts. And so we are seeing that channel focus having a really, a really nice impact, but it's kind of like rebalancing water levels, right?
Right.
Where that, we've got to see that mix, that mix shift occur. But again, I think our outlook takes these into consideration. And again, I think we've shown really nice command of the cost in the profit side of the equation.
Right.
So, you know, I think we feel, we feel pretty good about, you know, what we shared during earnings.
Got it. And I guess as we think about the level of investment that you're making into the business-
Mm-hmm
You know, what will drive the incremental, you know, particularly sales and marketing, what will drive the incremental investment in sales and marketing?
Yeah, I think it always starts for me with this idea of where—how did the customer, the broader customer value proposition-
Mm-hmm
How does that sit? And, I've been thinking about it as, like, a value hierarchy, right? With, with great visibility, you get better monitoring.
Mm-hmm.
Our core, our core business today and the value we provide, the share of wallet we get, is in the helping you detect and monitor and respond to potential malicious or risky behavior in your environment, right? That starts with visibility. So I think when we now that we're aligning those better, I think that will be key. And then how do we deliver value-added or even more premium services and products on top?
Mm-hmm.
So as we work through this, I think we have a lot of capacity in our sales and marketing engine, but as we look to reaccelerate growth in the second half, we don't need to invest or increase our investment in sales and marketing at this point. But as we start to unlock that, that reacceleration, I think you'll see a natural opportunity as we look at 2025 is to be able to drive and continue to drive efficient growth. We have talked about free cash flow expansion or increases of free cash flow through ARR growth.
Mm-hmm.
Right? So I think we can - we're set up well to, to do that, but we also recognize the next couple of quarters, we've got to focus on just deriving the execution around our pricing and our packaging and some of these integrated offerings.
Okay. And I think, you know, Corey's talked about before, you know, selling the platform.
Yeah.
Now you have Threat Complete, Cloud Risk Complete. What does the profile of your installed base look like? How much overlap is there, and are, I guess, platform sales going to be net new, or is it going to be more cross-sell of one into the other?
Yeah, it's a great question. So we have talked historically about platform versus non-platform customers, and the non-platform customers were kind of legacy software, people that were off the platform or not running in our cloud. So I think we'll increasingly talk less about those-
Mm-hmm
But that has led to some of the, kind of, what I'd say, the long tail, a lot of international customers and whatnot. So what, what I think you're really hitting on is, people that have one of your cloud products, what is their rate of them participating in these consolidated offerings?
Mm-hmm.
We've said this is... It's quite low, so there's plenty of white space there.
Mm-hmm.
One of the opportunities that you'd probably naturally wonder is to take our VM base-
Yeah
- and give them the broader proposition of participating in Cloud Risk Complete. That's absolutely part of our plans, right? We, you know, we value that part of our customer base, and we think that they have a broader challenge that we can help them with. And we also see the opportunity to take our MDR customers and have them continue, not just to do our Threat Complete offering, but be able to give them also the Cloud Risk Complete offering.
Mm-hmm.
So I kind of think of it as a little bit of an expansion on both sides of the equation, which will naturally drive us to have more expansion versus net land, but we'll still see some modest land, I think.
Okay. I wanted to pause for a minute and see if there are any questions from anyone in the audience, because I think we have got a few minutes left to the session... No takers. Okay. That's okay, I got more.
Oh, we got one.
Oh, we got one?
Maybe.
Maybe?
[inaudible] it's such a fragment in space.
Yeah.
It's such a priority, high priority area of spend that maybe the value prop on your platform resonates less, and people are more inclined to go best of breed.
Yeah, it's, it's a great question about the best of breed versus integrated platform. And, and so our thesis, you're definitely not going to compromise. People will not put their security programs at risk by taking subpar quality, right? I think the question we get is, what is my-- what is my security outcome I'm trying to get to? I'll use an, I'll use an example. The example I was mentioning earlier is attack path mapping, right? So in a cloud world, you say, "I want to be able to look across a threat graph and be able to see exactly how an attacker might be exploiting my environment." Well, what I've heard several CISO say is: "Andrew, that's, that's great, we need that. But my environment doesn't end at the wall of the... or at the barrier of my cloud, right?
People can come in across multiple different attack vectors, and I need to look at that holistically." And so what, what I think we're really trying to provide is fuller coverage with still excellent capability. And I think part of the, as you mentioned, the data. Data, security data, and I think we've seen this, whether it's with IBM and Palo, whether we see it with CrowdStrike, whether we see it with Microsoft. Security companies are talking more and more about the value of data or the flip side of the challenges of unlocking this data. And so when I look at it, I don't think of it as just providing a bunch of UI. I think of it as: How do you unlock the power of all this security data to tell you what's going on in your environment?
And I think this fragmentation that you referenced is the problem. Meaning, if you fragment the attack surface by having point tools, and you leave it up to the CISO to be the system integrator, a lot of those CISOs, mainstream enterprise, right, for our buyer, those mainstream enterprise security teams don't have the resources to integrate those products on their own. And so what we're trying to do is do the integration for them so they can focus on security, and so it's not fragmented, right? Not compromising capability, but in providing them with the ability to focus on their security program. So that's our core thesis, and I think it is a balance, right? But I think increasingly we're seeing people say, mainstream enterprise, right, is these folks, it's the majority, right? If you think about the curve.
For the majority of these teams, they're already overburdened, under-resourced, and they have too many vendors in there, and they've been left to stitch it together, right? And so we are seeing people say, they want to see a more holistic view of their attack surface.
All right. Any others from the audience?
Thank you for the question.
Yeah. Another one I had is, you know, it's been a really difficult environment for logo growth.
Yeah.
Your logo growth was, you know, a little weak in the quarter. Like, how, how focused are you on, on increasing the logo count? And how are you incentivizing sales force versus channel to drive that metric of the business?
Yeah. So our net logo growth, I mentioned the long tail of these, of the software, because we've talked about the non-platform customers.
Yeah.
So that, that was definitely a headwind on it, right?
Mm-hmm.
So that'll over time, even get less of a headwind.
Mm-hmm.
So that's one element. I think the other part is we are very much focused, and we have a great set of customers, right? Over, I think it's 11,000 now.
Mm-hmm.
Over 11,000 customers that we believe we can help, to the previous gentleman, to the gentleman's previous question, about providing a more integrated, holistic solutions to help them get to a better place, right? We did it with MDR. We're going to do it with Cloud Risk Complete, right? And so we do believe that's a natural expansion motion, as I think most vendors talk about, expanding into your current base is going to be less costly, it's going to be more profitable, and you're going to be able to get more share of wallet.
Mm-hmm.
But I do think there'll be some attraction with people that are also locked out. We'll have some modest customer growth over time, but our focus is on expanding and really t- having... providing our customers with a more comprehensive, integrated solution. And then we'll see some modest growth, but I don't think it'll be some dramatic change, but-
Yeah. As you, as you sell into your install base, do you try to expand within your install base?
Yeah.
What are you competing with? I mean, is it some of these larger platform vendors?
Yeah.
Or are there more point solutions or.
Yeah.
How do we think about that?
Yeah. I'll just use, in my head, a couple customers I've talked with, right? So the first thing they say is, "I've only got so much spend," right?
Mm-hmm.
One of the things we're competing with is just the availability for incremental spend or how they have looked at allocating existing spend. That's why I think a lot of security vendors are talking about consolidation, consolidation, because the spending budget environments are not like they were two, three years ago, right?
Right.
Where people are just, "Oh, hey, I need more money. I need more money." CISOs, like the broader IT spend, is constrained. So we're competing against either A, not doing anything.
Mm-hmm.
B, I've already got something that maybe isn't delivering what it needs, but there's money being locked in there. Or C, there's some level of inspection or review that our customers have to make a case for.
Mm-hmm.
But let's take that off the table for a moment. Assume . . . We still see, like, our MDR projects getting funded because the detection-based security program is really important.
Mm-hmm.
I think we see more and more people in our industry talking about those projects. We see that going through. Then what you're competing with is, to the previous question, is: Okay, well, am I going to go a point solution, or do I look for something that's a more integrated approach to help me, so I don't have to necessarily do all this work myself, right?
Mm-hmm.
I think you are seeing a couple of handful of vendors, some we've talked about, that are taking a more platform-based approach.
Yeah.
So the question is: Well, you're competing against standalone versus platform. Well, why is that? The platform vendors have an argument that by consolidating down, you will get to a better proposition because you can deliver more integrated services, right?
Mm-hmm.
So that seems reasonable to me, right? I think we're... You know, there's roughly 20-30 vendors in the average mainstream enterprise security teams environment. That's a lot, right?
Yeah.
I mean, you get to five or six, you're doing a nice job, right?
Mm-hmm.
So then you say, "Okay, well, then why does our platform have an advantage over these others?
Right.
Right? And this goes back to what I frame is better visibility equals better monitoring and detection response. We have built. We are a leader in this detection and response category, and we are continuing to innovate and invest in that offering, right?
Mm-hmm.
And so I think most security people, if you said, "Is your environment changing? Is it getting more dynamic? Is it getting more diverse? Is it..." You know, generally, that requires a detection-based approach-
Mm-hmm
Across the environment. It's not just the endpoint, and it's not just the cloud. It's from the endpoint to the cloud and everything in between. So our platform presumes you don't have a bias on where the data comes from, and you don't have a bias on only having certain tools in your environment.
Got it. Great. With that, I think we're out of time. So, Andrew, thank you very much.
Yeah, appreciate it.
I appreciate it.
Thank you. Thank you, everybody.