Investing.com - Financial Markets Worldwide

Rapid7 at William Blair Conference: Expanding Security Horizons

Published 03/06/2025, 21:26
Rapid7 at William Blair Conference: Expanding Security Horizons
RPD
0.80%

On Tuesday, 03 June 2025, Rapid7 Inc (NASDAQ:RPD) presented at the 45th Annual William Blair Growth Stock Conference, sharing insights on its strategic direction. The company highlighted its focus on detection and response services, leveraging automation and AI to maintain high gross margins. Despite challenges from larger competitors, Rapid7 remains optimistic about its growth prospects, particularly in compliance management and risk visibility.

Key Takeaways

  • Rapid7’s detection and response business accounts for over half of its ARR, growing in the mid-teens.
  • The company is expanding into risk management and attack surface management.
  • Investments of approximately $30 million have been made to accelerate growth.
  • Rapid7 is setting up a security operations center in India to enhance its MDR services.
  • The company focuses on providing affordable security solutions with integrated AI and automation.

Financial Results

  • Gross Margins: Rapid7 maintains mid-70% gross margins through AI and automation.
  • ARR: Over 50% of ARR is derived from the detection and response business.
  • Growth Investment: Approximately $30 million invested to boost growth.
  • Detection and Response Business: Valued at over $400 million and experiencing mid-teens growth.

Operational Updates

  • Risk Management Expansion: Moving beyond traditional vulnerability management to include attack surface management.
  • Security Operations Cloud: Development of a cloud platform to scale security operations.
  • MDR Services: Launch of a more customized enterprise MDR service in April.
  • Security Operations Center: Establishment of a new center in India to support detection and response capabilities.

Future Outlook

  • Growth in Detection and Response: Expected benefits from investments in 2026, focusing on larger deal sizes.
  • Compliance Focus: Increasing investment in compliance management due to regulatory complexities.
  • Market Needs: Aiming to provide cost-effective security solutions with comprehensive monitoring.
  • AI and Automation: Emphasis on integration and orchestration engines for AI-driven decision-making.

Q&A Highlights

  • Competitive Landscape: Rapid7 views the MDR market dynamics as favorable, with less subsidization in public and private markets.
  • Differentiation in SIEM/XDR: Focus on integration and insights, not just log collection.
  • Customer Demand: Growing interest in outcome-based solutions for scalable security operations.
  • Investor Concerns: Addressed through evidence of success and strategic focus.

For a detailed understanding, readers are encouraged to refer to the full conference call transcript.

Full transcript - 45th Annual William Blair Growth Stock Conference:

Operator: With that, I’ll hand it over to Corey for a quick overview of the company, after which we’ll have a fireside chat. Corey?

Corey, Unidentified, Rapid7: Yep. A short overview of the company. But no, I want thank you all for coming today. Rapid7 is a cybersecurity company that’s focused on helping organizations scale their security operations programs. Our observation on the market within it for a long time is that more and more companies are going be responsible for actually driving improvement in the overall cybersecurity program and they do not have the skills and expertise to do this.

The program that we’ve built at its core is an integration orchestration program that allows them to understand their attack surface, manage vulnerabilities, manage compliance, and detect and respond to attacks. Over the last couple of years, we’ve really expanded Over half of our ARR comes from the detection response business. We’ve selected we’ve successfully leveraged both automation, AI, and managed services to deliver high quality, I would just say, SOC services at high gross margins. So, you know, we maintain mid 70% gross margins as we’ve done more and more both managed service. And that’s because we’re leveraging AI and automation to actually do that at scale and at quality.

Now, the remaining part of it is for us to actually expand that coverage of the security operations program stack. The most strategic part, to be clear, was the detection and response area, but now we’re steadily expanding that out over time to actually do the active compliance management, active vulnerability management, active attack surface management, and managing both the remediation response across that ecosystem. And that is sort of like an easier move. It’s a much harder move to go from a product based vulnerability management company to a AI service driven detection response business, doing it at gross margins that no one in the industry had actually seen before. That was a really hard step in the evolution.

Now it’s about expanding on that success and then frankly going back in and picking up some of the stuff that we have to let go in the traditional vulnerability management, some of the stuff that we deferred in cloud security and bringing that into that security operations cloud that allows us to help organizations scale their total programs. But we made some intentional choices to do the hard thing first. We’ve got sort of like critical mass there. We’ve got scale. We’ve got growth there.

But there are things that we have to actually pick up that we left behind in that acceleration, that run up because we didn’t have infinite resources.

Operator: Absolutely. Absolutely. So as part of this transition process, it seems like traditional vulnerability management customers that want to do more with Rapid7 also maybe can set aside some larger budgets and more resources to transition. Can you talk about how this maybe impacts the closure rates and cadence of deals as they become larger and potentially more complex?

Corey, Unidentified, Rapid7: You mean for the text and response? Yes. Yes. So look, we’re still getting used to actually no, we made our original business off doing we made our original business off of doing a bunch of like sub 50 ks deals and vulnerability management, lost a bunch of companies. And frankly, we still have to be able to do that.

But if you look at detection response, they’re just much larger deals. So you’re in the 6 and 7 figure deals more regularly. That was a, frankly, a growth curve and a learning curve about how we actually do those and now how we actually manage both the larger deals and the mid sized deals at the same time, especially in this economic environment where larger deals take longer. And our sales team is and frankly, myself and our team is still learning how to actually forecast those large deals in in an economically turbulent environment. But the thing is the growth is still there if you actually zoom out.

We talked about last quarter is that we had some delays, subsequently closed. But we’re still learning how to actually tune and optimize that.

Operator: That makes a total Yeah. Oh, it’s great to have the mic. It that makes a ton of sense. In the risk exposure management area, you know, it doesn’t seem like this is well understood by the markets based on our conversations. There are a lot of, you know, larger private companies that are actually doing quite well in this market and growing quickly that overlap with the traditional, VM market as well.

Can you help us understand how Rapid7 can bridge the product set from traditional VM into areas like attack surface management, risk management, and help us understand where customers are in that journey as well?

Corey, Unidentified, Rapid7: Yeah. It’s it’s a great question. So if you look at where lots of the public companies are focused in the areas of vulnerability management and c now for cloud security management. You know, vulnerability management is a great market. It’s a critical market, but, like, it’s primarily focused on on premise environments, which are not growing.

In fact, the on premise environment is shrinking at a slower rate, but it’s still shrinking in orientation. The cloud market is still growing. It’s just that the spend is less than, I think, anyone in the market expected it actually to be. We all you know, whether you’re public, whether you’re private, you and the private company is not growing any faster in the cloud space other than Wizz, which is its own dynamic. The other cloud providers are not growing there.

If you look at the growth parts of the private space, it’s off of a small base. But, like, if you look at the attack surface management and the CASM space, that is a very growth market. But, like, the largest player is still, a hundred million dollars. So it’s not like a a massive market yet. That’s where we we have a lot of focus is that being the heart of our risk orchestration engine that provides integrated risk visibility, integrated compliance management, and integrated attack surface management.

And we entered that market late last year, and it’s going quite well for us too. It’s just going off a very small base. We went from zero, but it’s probably one of the most rapid product growth that we’ve actually had even in this more challenged in environment. It’s just off a very small base, which is similar to the market in general. But it’s not like it’s a it it’s good growth in the market, but it’s still a very small market in aggregate.

The other part that you actually see growing is in that market is compliance. And we’re pretty look. Compliance sounds mundane. It’s a lot of stuff. The world is fragmented from a compliance perspective.

The US is becoming more disassociated with the rest of the world. The states are doing their own thing. And when you have mysteries and when you have complexity, that’s an opportunity for technology. And so it’s something certainly that we’re invested in when we think about sort of, like, your security operations cloud and drive a security operations program. It start with, do you actually know what you have, which is the core chasm or the core visibility across the attack surface, The risk management that we’ve always done with vulnerability management, cloud security management.

But the compliance management and controls management is a big part of that.

Operator: Excellent. Excellent. And maybe just in terms of your go to market motion, you know, what is has to risk managers are oftentimes not the same people as traditional VM and ops teams. You know, how do you maybe start a more strategic discussion based on your platform, you know, with these folks? You know, who who are they?

Maybe just start out.

Corey, Unidentified, Rapid7: Yeah. Look. This is the benefit of it. It’s it’s much easier today than it was a few years ago. Look.

The hard thing that we had to do was move beyond, I would just say, the tactical the tactical VM manager and go upset. When we sell a detection and response service to manage someone’s entire enterprise, we’re selling to the CISO. That’s our customer. So the ability then to actually take that relationship and expand that to risk management, compliance management, the attack surface management, the controls gaps management, the automation remediation, it’s just a much easier proposition to actually do that from there. So today, we are predominantly telling to the CSO or the CSO’s direct reports, which is a different position than we were in even three years ago when that was, a quarter of our business.

That’s the benefit of actually having over half of our business lead detection response is that we actually have the relationships at that level for that set of customers. Now the ASPs are much larger, so it’s still a smaller part of our 11,000 customer base. But our sales teams now have the at bats to actually be able to engage with that customer base leading with that detection response offer.

Operator: Got it. Got it. You know, Rapid7 has been very successful in the traditional SIM market and moving to XDR as an early mover into the space. However, it seems like the space is getting more crowded with formidable players like hyperscalers and larger cybersecurity platforms now realizing the criticality. Where do you see the opportunity to differentiate and win in this market, particularly with, you know, what’s what’s happening with Splunk’s installed base?

Corey, Unidentified, Rapid7: Yeah. Well, I mean, that’s an opportunity I think that the market broadly sees is that lots of people are trying to figure out. But SpotCad is a great technology, but it’s expensive to operate and expensive to license and use. So people are trying to figure out how to actually cover their complete part of the environment. So we’ve certainly been a net beneficiary from that perspective.

I think your larger question, though, is the right one. Is you have lots of, quote unquote, SIEMs, which are, you know, data search engines where you ingest the data and you do searches on security stuff. Microsoft has a has a good one. CrowdStrike acquired acquired one. It’s still early, but they acquired And so you actually have a play.

I would say even with all that, the market is net probably competitively positive because you have many more people exiting the market or legacy or declining the market than you actually have entering the market in general. And you have more shared donors overall than you have share takers. The most important place is this will be somewhat controversial, is I think SIEM is necessary but not sufficient. And we have our SIEMs. We’re fine working with Microsoft SIEM as appropriate.

The core that we actually really invest deeply in is the integration engine and the orchestration engine that drives security programs. And so if you look at what we’ve actually built out, it’s the ability to actually track every asset, every cloud instance, every resource, what’s the configurations, what’s the control applied, what’s the activity provide. The data where the activity is stored is great because we do it more efficiently. But over time, I don’t really care where customers store the data. The thing that drives AI and security operations is the ability to actually be able to make decisions on the data.

And we have the richest context store on the decisions about the data because we know everything that’s in the environment. We know every configuration in the environment. We know every control in the environment. And that insight allows us to actually continue to get the dividends from AI and automation as we actually go forward because it makes a material you know, everyone else is just looking at what activity comes in the environment. Well, it matters is that do you have endpoint protection on the thing where that activity happens?

Well, that’s a really big deal. If I see that same activity, can I actually sort of, like, see everywhere that doesn’t have the protection? So I should probably go look there first. I should probably focus in if I see an attack in the environment. It’s just like, okay.

I know this attack exploits this vulnerability or this misconfiguration. Why don’t I go search there? But we can do that all instantaneously, and that’s why we spent so much time building our integration layer on the platform because when you’re using AI, the context about what activities and attacks are happening against what environmental controls configurations matters deep.

Operator: Absolutely. And I totally agree with you. Like, the log normalization and collection aspects of the SIEM is is not where the

Corey, Unidentified, Rapid7: value is And so we look. I I tell our teams, somewhat controversial, I said, we build a great SIM to save our customers money because it’s often inefficient, and so we have to lower the cost. We can run on any technology environment. Like, you know, we we we manage lots of data today out of s three buckets. Like, we don’t really it’s not the data storage is not the special sauce.

It’s just that we need to have customers be able to store lots of data at the right cost structure. But it’s really about, like, how do you actually mine that data and how you actually filter to do that data to actually find the signal from noise.

Operator: Absolutely. And, you know, just speaking of maybe customers being overwhelmed by their SIM or overwhelmed by their data stacks, you know, what are they telling you when it comes to the managed detection and response market opportunity? What are the customers looking for in terms of these solutions, and what kind of ecosystem partners can you build out here?

Corey, Unidentified, Rapid7: Yeah. We’re look. We’re early on in the ecosystem, Raj. We’re very bullish about the ecosystem. Let’s start with what customers want.

Look. Customers buy and keep in mind, we serve both mid enterprises enterprises and what we call mainstream enterprises. So think about the Fortune 1,000. Not as heavy folks in the Fortune 100, but we serve lots of large customers, but they tend to be resource constrained. They wanna have great security at an affordable price.

And so what does that mean is that, first and foremost, they wanna make sure that they’re not missing anything. So they wanna know what the environment is. Most SIEMs and most MDRs just start collecting data. They don’t have a primary focus about, like, what’s in the environment to be collected. We start with what’s the view of your attack surface, what should you be monitoring, and how do you actually have the right monitoring strategy in the environment.

It’s unique because we actually, other than most of our MDR players, know what the environment is better than the customer once they actually tune in and bring in the complete attack surface management. The second part that customers want is they won’t scale. And what do I mean by they won’t scale? Is they want someone that can monitor the entire environment and do that economically. The choices that customers have had have actually been unaffordable scale.

So I have to do Splunk and a big systems integrator, which is prohibitively expensive to actually monitor my complete environment. Or if I wanna save money, I can choose just to manage manage endpoints. So there’s a bunch of endpoint providers that have managed services, but that’s pretty much managed endpoint providers. And then I gotta be willing to look at ignore most of data and security telemetry in my environment and not have it. So what they want is someone that can give them scale.

What’s unique about us is we have a full security operations platform and an integration engine that pulls in all the other data and the telemetry across the environment along with our own security operations stack. That allows us to enable customers to manage a % of the environment, cost effectively, which has always been one of our primary differentiators.

Operator: Absolutely. Absolutely. Maybe talking a little bit about the financial model. I mean, Rapid7 has made some pretty significant investments to accelerate growth, think around $30,000,000. Like, you know, how and when do these investments maybe start

And, you know, what does that reacceleration look like in terms of growth for the business?

Corey, Unidentified, Rapid7: Yeah. Look. We’re most of the that growth investment is going in behind the things that are actually working today. So it’s the detection response business, which is over $400,000,000, growing mid teens. And we are addressing, I would just say, the the core mainstream enterprise, but we have room up and we have distribution plays down.

So we’re investing behind that. We’re investing mostly if it’s around the world, but we have we’re setting up a big security operations center in India and some other places that we’re building up right now. So the investment is to really scale that detection response practice primarily, and we’re already seeing benefits of that today. Again, most of that is actually to do more enterprise MDR services because we have lots of joint development customers where we already have demand on it. We expect that to benefit 26 primarily because they’re larger deals when you have 7 figure deals.

We don’t count on that being short deal cycles, especially in that environment. But we already see that we’re off to a pretty good start now. We just launched in April for what it’s worth. And so so I don’t wanna overtalk about something that just launched. But we had a backlog of customers who were just like, can you build a more customized service for my environment?

I want you to manage monitor more of this, manage more of this. And we knew that we had latent demand there, and so we’re actually going out and pursuing that right now.

Operator: Yeah. We increasingly hear in our discussions from customers that they don’t want to buy more software. They don’t want to buy more from a reseller. They they want to buy an outcome. They want to buy something

Corey, Unidentified, Rapid7: They want buy the outcome. And that’s what we love. We we give customers the ability to actually we run and scale their security operations program, and we do it lower than the cost that they can do to operate it. And that is the thing that they wanna buy, and we provide the transparency, the accountability, and the visibility around that.

Operator: Excellent. Excellent. I’ve got one more customer one more question before we open it up to the audience. In terms of the many conversations, investors have sort of, guess, like where does detection and risk from a competitive set become, you know, it’s become a little bit more challenging. You know, how do you push back on the view, you know, for Rapid7 and with investors that, you know, maybe are missing, you know, that perspective from a surface level analysis?

Corey, Unidentified, Rapid7: Yeah. Look. I think it’s a noisy market, so it’s, you know, it’s easy to be risk off in noisy markets. And so we push back with facts and then increase them with evidence. So one is this is why we break out the fact that, like, half of our business is detection response.

It’s growing mid teens, and that’s I mean, is is and that’s with a narrower market scope than we need to have, meaning that we’re unlocking more of the addressable market around that. And so it’s already the anchor is already a successful business, and we’ve done the hardest part of the transformation. And so that’s the first thing I lean with is just the facts. And I think the competitive dynamic, frankly, serves us some more as we go forward. Because, frankly, public markets private markets can’t afford to subsidize businesses as much as they did in a nonzero interest rate environment.

So you see some of that playing out in the MDR market where people have been, I would just say, mispricing services for years, and that’s getting reconciled very quickly.

Operator: Absolutely. Any questions from the audience? A pretty quiet group. Okay. I think we’ll go ahead and give you a few minutes back.

So thank you very much.

Corey, Unidentified, Rapid7: Thank you all. Thank you, Corey. Thank you all.

This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.

Latest comments

Install Our App
Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers
© 2007-2025 - Fusion Media Limited. All Rights Reserved.