Rapid7 Inc (RPD) 2015 Q2 法說會逐字稿

Ladies and gentlemen, thank you for standing you by and welcome to the Rapid7 second-quarter 2015 earnings call.

(Operator Instructions)

As a reminder, this conference is being recorded Tuesday, August 18, 2015.

I would now like to turn the conference over to the Company. Please go ahead.

Thank you, Operator, and good afternoon, everyone. Thank you for joining us to discuss our first public Company financial and operating results for our second quarter of 2015.

I am Anita Gopalan, Controller and VP of Investor Relations. And I'm here today with Corey Thomas, President and CEO of Rapid7, and Steven Gatoff, our CFO.

We have distributed our Q2 earnings press release over the wire and have posted it on our website at www.investors.rapid7.com. We have also posted our Q2 earnings presentation along with an updated Company presentation for our Q2 results on our IR website. This call is being webcast at www.investor.rapid7.com and a replay will be available on our website.

We would like to bring to your attention the date of this call is August 18, 2015. Our discussion today may contain forward-looking statements about events and circumstances that have not yet occurred including, without limitations, statements regarding our objectives for future performance, our future financial and business performance for the third quarter and full year of 2015, statements containing words such as will, expect, anticipate, believe, plan, intend, should and other statements in the future tense are forward-looking statements.

Actual outcomes and results may differ materially from the expectations contained in these statements due to a number of risks and uncertainties, including the risks outlined in our filings with the SEC included in our prospectus filed on July 17, 2015. The information provided on this conference call should be considered in light of such risks. Rapid7 does not assume any obligation to update information presented on this conference call.

On this call we will provide and talk about our results using non-GAAP financial measures. Please refer to the tables included in our press releases for the various non-GAAP metrics and the reconciliation of non-GAAP results to GAAP results. The press release announcing our financial results is available on our website at www.investors.rapid7.com.

With that, I'd like to turn the call over to Corey.

Thank you, Anita, and good afternoon, everyone.

I'd like to start by thanking all of you for joining us today on our first conference call as a public Company. We're extremely excited to have priced our IPO in July. We believe it is an important milestone for Rapid7 and one that further enhances our brand awareness and increases the resources that we have available to execute the Company's long-term strategy.

To begin, I'm very pleased with our strong second-quarter financial results, which was highlighted by 44% revenue growth, continued momentum in adding new customers, expansion across existing enterprise customers and increasing overall renewal rates. We believe that Rapid7 is at the right spot at the right time with the right solutions.

Security has become widely recognized as the top IT priority. More importantly, companies are now realizing that they need the right data with the right context to make the best use of their limited resources in protecting their organizations. We believe our second-quarter results are evidence that Rapid7's security analytics platform is highly differentiated in the marketplace and we are uniquely positioned to help companies implement and execute their next generation security strategies. Indeed, we are very pleased with the returns we are seeing on the increased investments we have been making in our products portfolio, strategic services and go-to-market efforts.

As you're all aware, organizations of all sizes are under attack from malicious hackers who are well organized and well funded. In response, companies are spending a massive amount of money on security. But the problem is most cannot answer questions such as what should be protected, what vulnerabilities present the greatest risk, and how do I determine if and when I have been compromised.

This blind approach is what we refer to as preventative security. And the accelerated breach environment is evidence that traditional security methods are simply not working. A new approach is required as organizations are in desperate need of visibility, data and insights that will help them minimize their potential for compromise, while also optimizing how they structure and invest in their overall security strategy.

This new approach is referred to as risk-based security, and it requires that companies have a strong core capability around data collection and analytics. This is the only way that organizations can address the demands of boards, CEOs, CIOs, CCOs as they ask questions such as where am I most vulnerable, have I been compromised and how can I best optimize my limited resources.

Rapid7 has pioneered the security data and analytics market to address the needs of risk-based security approaches. And we are delivering real customer value in the process. We have built a platform that allows customers to obtain and integrate large amounts of data and analyze that data to answer their biggest questions.

This combination of extending and integrating security-related data while delivering packaged analytics allows our customers to run a risk-based security program without the manual pain of consolidating multiple isolated compliance repositories. We have done this in the traditional vulnerability management market by delivering better context and attacker insight. We are doing this in the incident detection response market with our focus on contextual awareness behavior analytics and fast effective incident response.

And we are also demonstrating the same value and services with our focus on evaluating and building data-driven security programs versus historical compliance-driven penetration testing services. In short, we believe that we are providing the fastest on-ramp to a holistic security and data analytics platform which is uniquely positioned to capitalize on a large and growing multi billion-dollar market opportunity.

During the second quarter we saw broad-based demand for our platform with meaningful growth across all of our products and services, including threat exposure management, incident detection response and security advisory services. What is most important and interesting, however, is the fact that irrespective of what products or combination of products customers may be buying, a majority and growing number of customers are increasingly investing in a partnership with Rapid7 because they see that our vision for risk-based security is consistent with where they are moving today or where they know they need to be in the future. And they also recognize that Rapid7 has a highly differentiated approach and platform.

During the second quarter, we are also pleased with the uptake of our security advisory services, which further enable us to get closer to senior level executives and board members as we help them transform their security programs to be more actionable and impactful through data-driven risk-based analysis. These teams are scaling and we expect to continue to see more leverage as demand for these services keeps ramping.

We're also finding that these strategic services are a great on-ramp to our security and data analytics platform. Given the success that we're seeing in the US, we have launched teams in EMEA as well, and are optimistic about our prospects.

In order to build awareness and drive adoption for our risk-based security and data analytics platform, we have built a scalable go-to-market model that leverages inside sales, field sales, channel partners and customer success teams globally. We currently have more than 4,150 customers, an increase of approximately 34% year over year. They represent a cross section of verticals, geographies and mid-market to Fortune 1000 customers.

Our model is based on our ability to land with any of our solution offerings and expand to other solution areas. This ability has accelerated in the last year as our engineering team has delivered both more products and capabilities on our platform.

To support our innovation and cross-sell initiatives, in April we acquired NT OBJECTives, a leading web and mobile application security testing company and are offering this technology under the name Rapid7 AppSpider. AppSpider is immediately helping Rapid7 meet the growing need of helping customers manage and reduce threats through the collection and analysis of data across their infrastructure including users, mobile assets, cloud data storage and web applications. While it's still early, we have been very pleased with the uptake of this offering and it's already shown to be a key differentiator for Rapid7 in the marketplace.

Our efforts to expand geographically are also taking hold. North America is our largest market and continues to show strong growth, increasing 43% year over year in the second quarter. We see significant opportunity to grow internationally and increasing our presence in Europe and Asia has been an area of focus over the last two years. We have increased our sales personnel, market initiatives and partner channel programs and have seen a very positive impact to our business. During the second quarter rest of world grew revenue 51% compared to Q2 2014.

Looking forward, 2015 is shaping up to be a very exciting year for Rapid7. The demand for our products is at an all time high and we have laid the groundwork for strong growth over the long term. Some of the key components of our growth strategy include reaching the many thousands of mid-market and enterprise customers where Rapid7 is not today and increasingly leveraging our customer success teams and expanded product suite with our own large and growing customer base.

We will continue to invest in our sales organization on a global basis in order to capitalize on our significant market opportunity and strong market position. Importantly, we are seeing the payback on our investments which is evidenced by our strong growth in the second quarter. And we plan to continue investing in our security data and analytics platform to further expand our capabilities and ultimately serve as the hub for cyber security.

In summary, we are very pleased with our second-quarter results. Our market opportunity is large and we remain optimistic about our growth outlook for the rest of the year as well as the long term. We're excited about the fact that we are now operating as a public Company and are focused on building our organization for long-term success.

With that, let me turn it over to Steven.

Thanks, Corey. Good afternoon, everyone, we're glad to be with you.

As you saw in our financial results, we delivered strong revenue growth in the second quarter of 44% year over year as total revenue came in at $25.8 million. This solid performance was driven by a combination of our sales, marketing and products initiatives and investments that are generating strong demand for our solutions.

As this is our first call with you, we'd like to first spend a few minutes to provide an overview of our business model and revenue profile. We'll then go through the Q2 financial results in detail, and we'll end with our guidance for Q3 and full year 2015.

So starting with our business model, we would offer that there are three compelling attributes. One, our revenue model is comprised of a high degree of recurring revenue and uses ratable revenue recognition that together provides us with high visibility going into every quarter. Two, strong renewals and upsell dynamics are enabling us to capitalize on attractive customer economics. And three, even as we continue to invest for growth, our financial model is scaling well as we drive operating efficiencies and a solid operating cash flow profile.

At Rapid7, we're very focused on leading and differentiating with technology. You see this in our product centric business model where 81% of our revenue in Q2 came from our products and related maintenance subscriptions and 19% came from professional services. We see this as a steady state mix over time of approximately 80/20 products and maintenance versus professional services that drives strong product usage, revenue growth and sticky customers.

We make our product offerings available to customers in several delivery models in order to support what works best for them to consume our technology solutions. Whether it's a customer purchasing our Threat Exposure Management software, or subscribing to our managed services or taking cloud delivery of our UserInsight incident detection solution.

As I noted a moment ago, our revenue model provides us with a high degree of recurring revenue and this is comprised of four revenue types. One, our content subscriptions that customers subscribe to with their purchase of our Nexpose and Metasploit software, and that is one of our core differentiators that gives customers critical access to the most current database of security vulnerabilities and exploits.

Two, subscriptions to our managed services. Three, our cloud-based subscriptions such as UserInsight. And four, our maintenance and support subscriptions that also accompany customers' software purchases. These four streams accounted for 61% of total revenue in Q2.

Our high visibility revenue model is further supported by our use of ratable revenue recognition for all of our revenue streams other than standalone professional services, which are recognized as services rendered. Under ratable accounting, total customer sales, including our software license sales, are deferred on the balance sheet and then taken into revenue on the P&L evenly, or ratably, over the term of the customer agreement, which as an aside is averaging about 27 months for new deals and 15 months on renewals.

This dynamic further contributes to a compelling revenue and business model. Let's talk for a moment about why that is. The combination of our high proportion of recurring revenue along with our ratable revenue recognition translates to strong growth in deferred revenue. We have delivered year-over-year deferred revenue growth of 45% in recent quarters including, again in the second quarter of 2015.

We care about this dynamic because this high growth in deferral revenue provides us with good visibility going into our quarters. This was reflected again in the second quarter where we had 83% of Q2 revenue that was on the balance sheet in deferred revenue as of the first day of the quarter. This visibility helps us plan our business well, provides reduced revenue risk and adds to our predictability.

Looking at our overall revenue, we see what we believe is a solid and diversified revenue base that provides an attractive and lower risk profile across industry, geography and individual customers. We have no material concentration across customers, segments or verticals. In fact, while we have customers who have purchased greater than $1 million from us, currently no customer accounts for even 2% or more of total revenue.

Our revenue growth is driven by our compelling products portfolio and by a highly effective global sales model. We complement our inside and field sales team with a very hands-on global channel strategy that expands our reach and accounted for 40% of total revenue in the second quarter. Unlike typical distributor or reseller arrangements, however, our Rapid7 sales reps are meaningfully involved in the sales process with our channel partners. Rapid7 reps in fact generate the vast majority of the opportunities for the channel and in nearly all cases maintain strong and active relationships with the end customer.

And so with that context, I'd like to now turn to our results for the second quarter of 2015, for which there were three overall themes to our performance. First, we delivered strong revenue growth, as we've discussed. Second, we continued to have good customer engagement that drove another quarter of both solid renewal rates and strong growth in deferred revenue. And third, we're continuing to successfully scale the business and drive operating efficiencies that is reflected in improved operating expense margins and operating cash flow.

Let's dive into this a bit. Total revenue for the second quarter came in at $25.8 million, ahead of expectations. Products revenue increased 33% year over year, driven by nice strength in threat exposure management. Maintenance and support revenue increased 40% year over year. And our strategic and complementary professional services revenue more than doubled as we benefited from the newer security services initiatives that Corey spoke about.

We would call out that about 3 percentage points, or $600,000 of Q2 total revenue growth, is from some unplanned upside that was attributable to slightly higher than expected standalone professional services that were closed and recognized in the quarter and slightly higher appliance revenues.

Turning to customer growth for the second quarter, as Corey noted, our total base increased 34% year over year to end Q2 with more than 4,150 customers globally. We're proud to now have 34% of the Fortune 1000 as customers of Rapid7 and in Q2 58% of our revenue came from enterprise accounts. Those defined as customers with greater than $1 billion in revenue or 2,500 employees.

In the second quarter we were also bullish on our land and expand execution with 44% of sales coming from existing customers. Looking at existing customer economics, our renewal rate in Q2 was 115% which compared to 108% in Q2 2014. As existing customers continue to buy more of the products that they initially purchased, as well as purchasing additional Rapid7 products.

We would note that this renewal rate is calculated on our product sales only and does not therefore include the cross-selling of any professional services or security advisory services. And it's calculated by looking back at the preceding 12 months, a period in which arguably the majority of our new products were only just being rolled out. Overall, it's this nice combination of renewals, upsells and cross-sells that's driving strong and increased renewal rates.

Importantly, we also continue to see increases in our expiring revenue renewal rate, which measures the renewal of the prior year's exiting revenue run rate on an apples-to-apples basis. The expiring revenue renewal rate in Q2 increased to 87% across all customers with our core enterprise customer renewals coming in at greater than 90% for the quarter.

We also saw good revenue growth in our international businesses. Total international revenue increased 51% year over year to $3.2 million, or 12% of total revenue for Q2 as our teams continue to engage with global customers.

Moving down the P&L, GAAP gross margin for Q2 2015 was $19 million, or 74%. While this was lower by 2 percentage points year over year, we were pleased to see the investments that we've been making start to bear fruit, and sequentially we saw a 2 percentage point increase in total gross margin and a 10 percentage point increase in professional services margins from Q1.

As we've discussed, we continue to make investments to address the considerable market opportunity in front of us, to drive awareness in adoption of our solutions and to continue our technology leadership role and security data and analytics. Specifically, from late 2014 through Q2 of this year, we increased our headcount in our highly strategic professional services organization as we rolled out our incident response and security program development services.

While this was a modest drag on near-term gross margin as we ramp these professionals and assembled some uniquely talented security response teams, we're already starting to see these investments and teams driving high contribution revenue as we see total gross margins start returning to more historic levels in the mid to high 70s.

Turning to operating expense for Q2, it's a similar story of efficiency improvements. We continue to invest for growth and we're focused on managing the path to profitability. Even as we continue to invest in our products and customer support, grow our direct sales force, leaning into marketing a bit more and incurring costs related to operating as a public Company, we nonetheless saw good scale in the business with material improvements in our operating expense to revenue ratios in Q2. To provide some color on this, sales and marketing efficiencies continue to be realized as evidenced in the expense to revenue ratio improvement of 900 basis points year over year to 55% on a non-GAAP basis as we're generating leads more efficiently and seeing continued rep productive increases.

On the R&D side we're expanding our offshore operations as we continue to invest in technology to support the growth of our platform and products offerings. Our investments in our engineering and development center in Belfast, Northern Ireland, are helping to drive cost efficiencies in our R&D line where you see the R&D expense to revenue ratio improve from 35% last year to 30% in Q2. And finally on G&A, we continue to scale our operations well and realize efficiencies with a G&A expense to revenue ratio improving by about 100 basis points in Q2 year over year on an apples-to-apples basis, offset by the incremental cost of now operating as a public Company.

With that said, let me highlight for you what we are focused on in managing and assessing the economic performance of our business, that is operating cash flow. We see meaningful leverage and cash generation from our business model on an OCF basis, driven by the fact that we receive cash upfront from our customers whereas the revenue gets recognized in the P&L over longer contract terms. So while the P&L shows GAAP op inc losses, operating cash flow has been hovering just below breakeven, where despite our meaningful investments and go-to-market and technology, cash used in operating activities in Q2 was a modest $1.2 million compared to $3 million used in the previous quarter.

And finally, looking at our balance sheet, cash and working capital continue to be strong and well managed, particularly in light of factoring in the July IPO-related proceeds of approximately $115 million. And as mentioned, deferred revenue came in at $97.5 million at the end of Q2, increasing 45% year over year, our 17th quarter of solid sequential growth and representing the good traction we're experiencing with our customers.

With that, let's now turn to our outlook for Q3 and the full year 2015. As we continue to execute moving through the second half of 2015, we look to several key dynamics driving our growth. We're focused on continuing to drive new customer additions and scale our existing customers. We're continuing to grow with enterprise customers and we're bullish on continued growth with mid market. As well, we're looking for continued uptake on our security data and analytics services.

Given these dynamics, for Q3 2015 we anticipate total revenue to be in the range of approximately $25.4 million to $26.8 million. We anticipate non-GAAP operating loss for Q3 to be in the range of $10.9 million to $9.9 million. And we anticipate non-GAAP loss per share for Q3 to be in a range of $0.38 to $0.35.

We'd also like to provide some visibility into the full year 2015, for which we anticipate total revenue to be in the range of $102 million to $105 million. We anticipate non-GAAP operating loss for the full year 2015 to be in the range of $35.4 million to $33.4 million. And we anticipate non-GAAP loss per share for 2015 to be in the range of $1.56 to $1.48.

In closing, our confidence in driving our security data and analytics platform is bolstered by an attractive market opportunity in front of us and our high visibility into our revenue growth path ahead. Stay tune for more good stuff on both of these fronts, and with that we appreciate your time and support and we'd be glad to open the call for any questions.

Operator?

(Operator Instructions)

And our first question is from the line of Melissa Gorham.

Great, thank you for taking my question and great quarter. Question for Corey, so with the 44% revenue growth you're clearly growing ahead of the overall vulnerability management market. So I'm wondering to what extent is this from continued share gains in that market and share gains in vulnerability management and penetration testing versus maybe you're starting to garner dollars from other buckets of security spending?

Yes, we see a fundamental shift in the market where the traditional vulnerability management market really had at its core focused on compliance. Today what we see is people really trying to figure out how to manage their threat exposure and that requires a focus on data and analytics.

And so as more and more companies shift to this risk-based approach to security, we're seeing two things. One, we're seeing them spend more money on what you could traditionally call vulnerability management but we see as broader about how people manage their threat exposure. And then secondarily we see more companies entering the market looking for this type of data and this type of analysis. Thanks, Melissa.

Okay and just one follow up, if I may. So I just wanted to follow up on the upsell opportunity, you're seeing an uptick in the upsell rate.

I'm just wondering if you're seeing the new customers that are coming in is there a change in their purchasing behavior such that they're buying multiple solutions? Or is it mostly still the land and expand strategy that you're executing well on where the upsell comes over time versus maybe on the initial purchase?

Yes we still see -- so one, we see a healthy amount of our customers who do buy multiple products and services. But at the core, our strategy and what we see in our business is the land and expand working. Where customers come in and they have a problem and they buy one of our solution offerings. And then as we solve that for them and they see the impact of what analytics can do, they expand and cover new solution areas.

Great, thank you.

Our next question is from the line of Rob Owens with Pacific Crest Securities.

Want to focus a little bit on new customer acquisitions. It was a strong number during the quarter and I think you commented 56% of your billings are coming from new customers versus the 44% from existing if I got that number right.

Can you talk about as you're going into these customers effectively who they're displacing, number one? And number two, what pricing looks like, how competitive is the VM market where you play in just VM? And how much does Metasploit and the other capabilities differentiating you right now?

Yes, thanks, Rob. So we are seeing a changing customer dynamic. What we see a mix of really two class of customers.

One, we're seeing lots of greenfield customers who are now starting to spend increasing amount of money on security. But they still want to get the best leverage out of their security dollars and they want data to guide them.

And some of those deals are competitive, but by and large they're really looking at who can provide the best analytics there and those deals we have a pretty strong position. Our focus on attacker insights, our focus on contextual analysis helps us succeed and be successful.

We do see part of the base that is looking to extend their traditional vulnerability management programs and that really falls into two categories of things. On one side of it you have a bunch of legacy technology that people are looking to update and upgrade the capability around. And with that we do see competition from traditional competitors and we really focus on our ability to highlight exposures, highlight attacker insight and remediation.

And then we do see a smaller set of things that are truly about the modern VM players and competitive environments there and we compete and we win well there. But that's a smaller fraction of the market that we see on a day-to-day basis.

And Rob, it's Steven. The interesting part of that also and so far as the economics of it, potentially even surprisingly is discounts to Corey's point have been fairly consistent the past several quarters in total. So sure, there are volume discounts and whatnot and certain strategic transactions. But on the whole for us it's been relatively consistent.

And to the pricing math, our ASPs actually have improved quarter-over-quarter and deal size has gone up as well. And so the economics of the model, the P times Q, if you will, have actually both been favorable on volume and pricing.

Thanks for the additional color. One more for Steven is -- thanks for the revenue guidance, but as I think about billings, assuming a constant duration and mix moving forward, can we assume that that billing number is moving lock step with revenue right now as it was this quarter? Any color on how we should look at Q3 billings?

Sure. So we obviously don't give guidance on billings specifically but as you well know the growth in deferred revenue, the arbiter of billings growth, is a good indicator of future P&L experience, future revenue growth. The only caveat being that you can't do it one for one, Rob, because of the term nature of the billings.

And so the key thing, the old if I were you, I'd want to ask how contract length is doing. Because if you have a boom of a deferred revenue growth but it's all through much longer contract term then that will impact your P&L growth rate. In our case that was certainly not the case.

And so the term length of new deals actually came down two months. But to what we talked about on the call and we provide in the materials, it's roughly hovered in that 27- to 29-month zip code for the past several quarters.

All right, thank you.

And our next question is from the line of Gregg Moskowitz with Cowen and Company.

I'll add my congratulations on a very good quarter. First question just would love to hear about the uptake of the UserInsight, how that's been in the first half of the year.

Hi, Gregg. We've seen good uptake for UserInsight.

The core value proposition around UserInsight is it helps companies look across their entire enterprise and detect the most prevalent types of attacks that we see today which is attacks against users, attacks against their credentials. And one of the core problems that most businesses have is most of their detection capability exists in silos.

UserInsight solves that problems and customers are increasingly realizing that they have to be able to detect attacks across their environment and that they'd be able to detect attacks against users. And so therefore we're seeing both strong demand but also strong adoption of the technology.

Great, thanks, Corey. And then I know it's early at this stage but what are your expectations for the AppSpider product in the second half of this year and beyond? And if you could also elaborate on the go-to-market strategy for AppSpider specifically that would be helpful.

Yes. AppSpider is the core part of our threat exposure management offering that focuses on application security. And we have high expectations that it's continuing to meet or exceed as we go forward as more and more businesses in general are looking at our Threat Exposure Management portfolio and set of offerings there.

We don't break out specifically for this case the AppSpider numbers but it's a core part of our threat exposure management offering and we're seeing good uptake. It's exceeding expectations or our own internal expectations and it's been a great value-add to the portfolio.

Terrific, thank you very much.

And our next question is from the line of Sakit Kalia with Barclays Capital.

First, maybe a tactical question for you, Steven. Nice improvement in renewal rates. How much of that is maybe coming from a higher mix of enterprise customers that I think you mentioned are at that 90%-ish renewal rate versus maybe improving renewal rates within the mid-market base?

Yes, hey Sakit, thanks. So basically, yes, the enterprise strength that we experienced in the quarter was a meaningful driver for the uptick in both cross-sell, upsell that drove higher renewal rates, so spot on.

Got it, got it. And then for my follow up for Corey, a little bit more strategic.

I realize it's early days on some of the international expansion, but what's been some of the feedback on some of the new launches in Europe? I guess now UserInsight is available there as well as some of the strategic advisory services. Again realizing it's early days, what are some of the early data points showing on those offerings?

Europe in general, and I'll talk about Europe because that's where we have launched a lot of both the products and services initially, we all know that Europe has historically lagged the US in terms of security awareness and security spend in general. We are seeing a significant uptake and focus on security and we're seeing that begin to flow through our business.

UserInsight in the first part of this year we opened up the capability to have it located within Europe to both conform to some of the regulations but also some of the requests of our customers there. We've seen accelerating momentum and deals in the environment there that have us optimistic that we can see the same dynamic that's we see in the US. And the services as we discussed earlier are recently introduced in Europe and we're very optimistic about their long-term success.

Got it, that's it from me. Nice quarter.

Thank you very much.

Thanks, man.

Our next question is from the line of Michael Turits with Raymond James.

Two questions. One, and I've been on and off so I'm not sure exactly what's been asked or not, but a little bit more on UserInsight and your thoughts on really the opportunity around UserInsight as user behavior analytics that's been an expanding area.

And then my second question was about services which had a good quarter. You said including one time stuff, but --

Michael, I'll tackle both of those and I'll tag team with Steven on it. On the first, on UserInsight I believe the core of the question was around the market opportunity and how we think about it.

At the core, what we're seeing attackers doing as we think about it is really a market about detecting intruders in an environment. Because as attackers have gotten more sophisticated over time, they've learned to emulate users. They've learned to get better at hiding. They've learned to get better at deception. And the cost and complexity of detecting attacks has increased.

If you think about most of the investments that most companies have, it's about detecting malicious technology. Well, it's a different story when you really think about detecting malicious people. And at the core what we've done with UserInsight is we built a unique platform for detecting malicious people, malicious parties, malicious attackers in the environment by collecting data across the environment and then providing behavioral analytics on top of that data that allows us to have a very unique and very impactful way to detect the malicious people that are attacking customers' environments today.

And we see the baseline dynamics of that only escalating and going up over time because more and more attackers are changing their technology more frequently and therefore you have to look at the base of behavior that's underlying it. And so we're very optimistic. We're seeing good customer momentum.

Customers are starting to realize that their approach to just focusing on malicious technology is insufficient. They need to focus on malicious behaviors and malicious people.

The second part of the question was I think about our services. And so I might ask you just to rephrase it because you cut out a little bit towards the end there.

Sorry about that, Corey. Hopefully it's back in. Just as I said between the -- I know you had some one timers here, but you're getting chose to that 20%. So as you accelerate that business, are we now pushing past that target market 20%?

Michael, it's Steven. So that continues to be the target, give or take a point or so. And so the key point from us is that no, that's not a 25%, 30% contribution part of the business because we see high growth in the product side. And so the conversation particularly as what we were just talking about on AppSpider and certainly on the incident detection side with UserInsight, as the products begin to get increasing traction, we see growth in that coming to fruition, particularly in international markets and with the enterprise.

And so the services part is an important component and we were glad that investments we made to your question earlier paid off in so far as both a margin contribution that you saw uptick nicely in Q2. And then to the first part of your question was, hey, what was the one-time stuff, if you will.

It's not truly one-time because professional services that's done standalone if it gets actually delivered completely in quarter, it gets recognized in quarter. Typically the delivery cycle, life cycle of a post-services transaction is on average between 30 days and 90 days, so call it 60. So generally the next quarter.

And what happened was we just had more business that got executed and delivered in Q2 and therefore we had more revenue. So it's not nonrecurring. It's just not something you'd really plan for or expect to see, so a bit of a bluebird, if I'm us using that definition correctly.

So out of the 44 points of growth, that was 1 point or 2 for sure. And then we had some customers take delivery of appliances that nice upside, but not something we plan for.

Thanks, guys. Good quarter, appreciate it. Thank you.

Thanks, man.

Thank you.

Our next question is from the line of Jonathan Ho with William Blair.

Congratulations on the strong quarter. Just wanted to start out in terms of the pricing environment and whether you've seen any changes in the near term or anything shift in and around the environment?

Hi, Jonathan. No, we haven't seen any -- as Steven discussed earlier, we haven't seen any fundamental shifts in the pricing environment. It stayed relatively stable across most of our products and services. We did see a slight uptick in a few of our offerings from an ASP perspective but we've seen a fairly stable pricing dynamic.

Got it. And then in terms of the incident response and security advisory services, can you maybe talk a little bit about as new customers are electing these products, how many are being driven by the incident response or maybe attach rates relative to what you've seen in the past?

It's interesting. So we introduced the incident response services earlier this year. And my assumption at the time was it was going to be fairly reactive to customers' breaches, frankly.

We're seeing as customers get a more proactive stance on data analytics and services around their business, that we're seeing a healthy mix of customers coming in and essentially buying retainers from us as well as calling us to help them respond after breaches.

Great, thank you.

Thank you. And this was the last question for the presentation.

I'd like to thank everyone and our presenters and this concludes the call for today. I now ask everyone to please disconnect your line.