Rapid7 Inc (RPD) 2016 Q1 法說會逐字稿

Ladies and gentlemen, thank you for standing by. Welcome to the Rapid7 first quarter 2016 earnings call.

(Operator Instructions)

As a reminder, this conference is being recorded. I would like to now turn the conference over to the Company. Please go ahead.

Thank you, operator, and good afternoon, everyone. This is Steven Gatoff, CFO of Rapid7. I wanted to take a quick moment to introduce you to Mark Donahue, who recently joined Rapid7 in the newly created position of Vice President of Treasury and Investor Relations. We're excited to have Mark join the team here, and he brings a terrific background and skill set to the Company and to our stockholders.

We also want to take the opportunity to thank Anitha Gopalan, our Controller and VP of Finance, who did an excellent job building and running our Investor Relations function from scratch through to our IPO. Now that she's taken on additional responsibilities for FP&A, she too is thrilled to have Mark here on the team. Mark?

Well, thank you, Steven. I appreciate the warm welcome I have received at Rapid7 from both you and Corey, as well as the rest of the Company. I am honored and excited to be part of this strong team, and I see many great things ahead for Rapid7. It is an exciting time in the security market, and I believe our positioning and product portfolio in the security, data, and analytics space is both impressive and compelling. I look forward to working closely with the investor community to share our story and long-term vision.

Now, on to the business of our call today. I would like to thank you for joining us to discuss our Q1 2016 financial and operating results. I am on the call today with our CEO Corey Thomas, and as you've already heard, our CFO, Steven Gatoff. We've distributed our Q1 2016 earnings press release over the wire, and have posted it on our website at Investors.Rapid7.com. We have also posted our Q1 2016 results earnings presentation, along with an updated Company presentation, on our investors website, as well. This call is being webcast at Investors.Rapid7.com, and a replay will be available on our website.

We would like to bring the following to your attention. The date of this call is May 11, 2016. Our discussion today may contain forward-looking statements about events and circumstances that have not yet occurred, including without limitations, statements regarding future market conditions and Management's plans and objectives for future operations, and Rapid7's future financial and business performance. Statements containing words such as will, expect, anticipate, believe, plan, intend, should, and other statements in the future tense are intended to identify such forward-looking statements.

Actual outcomes and results may differ materially from the expectations contained in these statements, due to a number of risks and uncertainties, including those contained in the Risk Factors section of our annual report on Form 10-K for the year ended December 31, 2015, and filed with the Securities and Exchange Commission on March 10, 2016, and in our future filings. The information provided on the conference call should be considered in light of such risks.

Actual results and the timing of certain events may differ materially from the results or timing predicted or implied by such forward-looking statements. Reported results should not be considered as an indication of future performance. All information provided on this call is as of today, May 11, 2016, and Rapid7 does not assume any obligation to update the information presented on this conference call, except to the extent required by applicable law.

On this call, we will provide and talk about our results using non-GAAP financial measures and provide non-GAAP guidance. The presentation of non-GAAP financial information is not meant to be considered in isolation, or as a substitute for the directly comparable financial measures prepared in accordance with GAAP. We have provided a reconciliation of the historical non-GAAP financial measures to the most comparable GAAP measures in the financial statement tables included in the press release announcing our results. The press release announcing our financial results is available on our website at Investors.Rapid7.com. With that, I would like to turn the call over to Corey.

Thank you, Mark. Good afternoon, everyone. I would like to start by thanking you all for joining us today on our first quarter 2016 conference call. We are pleased to report that we had a strong first quarter, with revenue growth of 48% year over year. Importantly, we are focused on running the business, and we are continuing to make good progress on the three key objectives that I discussed last quarter: Expanding the threat exposure management opportunity, disrupting the traditional SIMM market, and driving scale and leverage as we build our business.

During the first quarter, we generated strong demand for our [aesthetic] exposure management offerings, as customers focus on improving the productivity and efficiency of security teams, with better analytics. We saw particular strength in the mid-market, and in driving customer deals to transition Intel MBM customers to Rapid7 solutions. However, our biggest focus for the first quarter was successfully launching our new Insight IDR platform as the primary replacement for SIMMS, which are undergoing a major upgrade cycle.

In addition to the strong revenue growth, the results of these efforts is that our full portfolio has been very well received in the market place, resulting in the strongest and highest quality pipeline in the history of the Company. This sets the foundation for strong billings in the second half of the year, as we expected. Exiting the first quarter 2016, we have confidence in our ability to execute during the rest of the year, and generate positive operating and free cash flow.

We continue to see positive trends in the security, data, and analytics markets that are driving the momentum in our business. For organizations of all sizes in all areas of the world, the risk of compromise continues to proliferate, as IT environments become increasingly distributed and complex, and cyber crime remains highly lucrative. Worsening the situation, many security professionals have deployed point solutions over the years that have created silos in the IT environment, and ultimately leave blind spots that attackers can exploit.

A core issue in today's IT environment is that traditional security programs primarily apply static rules to identify threats. These rules are based largely on a compilation of historical observations, which continually need to be updated. This is an expensive and taxing undertaking that is only as good as the last known attack. This approach can also generate thousands of alerts, placing a great burden on IT organizations.

For instance, if an employee accesses a website with multiple services and advertisements, sends or receives an e-mail with multiple recipients and attachments, or utilizes cloud-based applications, each of these normal business activities could trigger hundreds of security events. Currently across our customer base, an average employee might generate upwards of 100,000 security events per day, which translates into tens of millions of security events per year and rising. What is becoming increasingly clear is that the evolving IT environment leaves organizations exposed to security risks that are too cumbersome to manage with traditional means.

Security risk has garnered increased attention at the highest levels of organizations, including the Board of Directors. Spencer Stewart recently published their 2016 Board of Directors Survey, and cited cybersecurity as one of the top three issues on boards' minds in 2016, along with the economy and the regulatory environment. This lends credence to the wallet shift we are seeing in overall security spending in favor of a consolidated approach focused on data, analytics, and automation.

We believe the key to successful security programs is to deliver a differentiated solution that identifies anomalies requiring investigation or immediate action as quickly and accurately as possible. Rapid7's core value proposition is manifested in our ability to leverage multiple types of enterprise-wide data to dynamically protect the IT environment.

Log data end points are very important, but are far less helpful in isolation. Rapid7 brings vast amounts and types of data together through a single, well-integrated platform designed to handle high volumes of contextualized data, perform behavioral analytics, and achieve actionable results with fast search. Our customers continue to tell us they see this as a game changer to the traditional static and rules-based solutions in the market place today.

While some competitors try to capitalize on the volume of data, we believe that the pay-per-volume approach, charging customers to use their own data and tools, does not scale, and will eventually leave customers in the predicament of deciding between increased security risk or over-paying to secure their environment. We have designed an architecture that leverages the power of high volumes of data to drive customer value in a cost-effective way. We have seen our solutions displace as many as three legacy competitive products at once, as organizations recognize the need to eliminate the fragmented security models of the past.

With the ever-changing attack surface, our threat exposure management solutions continue to evolve to provide industry-leading vulnerability management with on-point attack simulation, deep risk analytics, and web application testing. This approach helps security professionals to quickly detect and prioritize the most critical vulnerabilities upon which to execute remediation, to reduce business and operational risk.

In particular, our AppSpider solution is seeing strong demand, as security professionals look to ensure they are addressing their growing web application risks. Web application attacks remain the most common attack vector, representing 40% of all reported security incidents, according to the 2016 Verizon Data Breach Investigation Report. The threat of invalidated inputs remains a critical problem for web applications, which are evolving at a very fast pace.

Rapid7's AppSpider solution specializes in testing complex and dynamic applications, leveraging sophisticated automation techniques to effectively test inputs. This is a prime example of how we are strengthening our threat exposure management offering, and why we are winning market share by expanding the scope of traditional vulnerability management.

We don't design our solutions simply to identify every possible risk. We focus on the outcomes. We employ analytics to ensure businesses can focus on what will have the most impact.

We also continue to see and make significant progress in our goal to both disrupt and expand the traditional SIMM market. This past quarter, we launched our InsightIDR solution. InsightIDR uses next-generation behavioral analytics and fast search to address challenges faced by SIMM offerings.

Traditionally, SIMMS have built and been built for compliance based on static rules. That can overwhelm security professionals with alerts, and make it difficult to hone in on the key indicators of compromise. InsightIDR eliminates the noise of heavy alert volume, and greatly improves the effectiveness of IT teams.

Our solution quickly identifies key compromises as they occur, and provides the end-point forensics and search, what security teams need to investigate so they can move to containment in hours, versus days or months. With the SIMM market on the cusp of an upgrade cycle, we believe Rapid7's well positioned to take advantage of this significant market opportunity.

We have already seen great traction in Q1 for InsightIDR with new customer wins, including the following: A financial advisory firm headquartered in the Mid-Atlantic deployed InsightIDR in Q1 as an alternative to their existing and inefficient SIMM solution. The capability of our product was immediately recognized by their chief information security officers, who have been accustomed to traditional products that require significant time to manually write and fine-tune rules. They applauded the breadth and depth of our pre-built detection analytics, as well as the fast time to deployment, which helped get their team up and running in days, versus their typical experience of weeks to months.

We also signed a three-year deal with a company in central Europe that specializes in technology for the health care industry. This customer has extensive experience in deploying security programs. We set up, deployed, and completed the roll-out in just a few weeks, resulting in fast feedback from the customer. Their chief information security officer informed us that InsightIDR had given him everything he ever wanted to get from his SIMM, but had never managed to get.

Finally, in terms of driving scale and leverage, we remain focused on closely managing our spend to ensure we're building our business to achieve profitability. Our key initiatives are in support of product innovation, relentless focus on customer success, and revenue generation. I am very pleased with the progress we have made executing against our objectives this quarter, as well as the strong pipeline we are building across our entire portfolio. With that, I will turn the call over to Steven.

Thanks, Corey. Good afternoon, everyone. We appreciate you joining us. We're glad to provide details and color around our Q1 financial results, and walk you through our guidance for Q2 and the full-year 2016. As always, we'll wrap up by opening the call to your questions.

Reviewing our Q1 performance, three highlights stand out. First, we delivered strong revenue and deferred revenue growth year over year. Second, we continued to successfully execute our land-and-expand strategy, with strong renewal rates. Third, we continue to make progress on our path to profitability through thoughtfully scaling the business and disciplined cost management.

Diving into the numbers, Q1 total revenue came in at $34.8 million, a strong increase of 48% year over year, and above the high end of our guidance. Products revenue also increased 48% year over year, driven by increasing demand for our unique security data and analytics offerings. Maintenance and support revenue grew 45% year over year, and our professional services revenue increased 52% year over year, largely driven by our differentiated security advisory services, which continue to generate strong demand.

Looking at our business geographically, North America revenue grew 48% year over year, and represented 87% of revenue, on continued strong growth and customer adoption. Internationally, we delivered solid results as well, growing 45%, and contributing 13% of total revenue in Q1.

Our channel partners continue to play a nice role in our ecosystem, and contributed a fairly consistent 37% to total revenue in the first quarter. With 86% of Q1 revenue already on our balance sheet as of the first day of the quarter, and 61% of our revenue being subscription-based recurring in nature, we continue to have very high visibility into our revenue forecast. With that context, total deferred revenue grew 49% year over year, coming in at $131.9 million at the end of Q1. Implied billings for the first quarter contributed to this strong result with growth of 34% year over year, in range with our expectations, given the seasonal trends in our business.

So far as the business metrics driving these results, weighted average contract length was 22 months in Q1, a modest change compared to 24 months in the year-ago period. As we've discussed, average contract length fluctuates a bit, primarily due to some lumpiness in large deal sizes.

With regard to billing seasonality, we've typically seen about 40% occur in the first half of the year, and about 60% of billings occur in the second half. For 2016, we expect billings to be one to two points higher in the second half of the year, largely as a result of our Q1 launch and strong pipeline of InsightIDR, as well as the good traction that's building with Intel MVM customer migrations.

On the customer front, we had another quarter of strong year-over-year new customer growth, with our total customer base increasing by approximately 37%, as we added Q1 with more than 5,300 customers globally at the end of the quarter. This includes the addition of approximately 350 new customers from the Logentries IT Search business that we acquired in October 2015. We continue to see large enterprise adoption, and now have 36% of the Fortune 1000 as customers of Rapid7, up from 33% a year ago on their re-balanced definition of the index. In Q1, revenue from enterprise accounts grew 41% year over year.

As I mentioned, one of the highlights of our performance during the quarter was our continued success executing on our land-and-expand strategy. We saw this in Q1 across both our enterprise customers and the mid-market. This expansion was reflected in our very strong renewal rate, which increased to 126% in Q1, compared to 112% a year ago, and nicely consistent with the seasonally strong performance in the prior Q4 quarter.

This increase in customer adoption was driven by the ongoing theme that we've been seeing for a few quarters now. Our customers are buying more of the products that they initially deployed, and they are purchasing other Rapid7 products as we demonstrate the value and effectiveness of our offerings, and continue to introduce new products on our technology platform.

We clarify products, because these renewal rates do not include the up side and increased revenue from customers who are also buying professional services from Rapid7, which provides additional up-sell and cross-sell opportunities. We believe that our track record of generating material customer cross-sells and up-sells further validates the return on our investments that we're making in newer areas like security behavioral analytics, search, and the whole SIMM upgrade cycle, in which we now find ourselves really well positioned and garnering good pipeline traction with customers.

Importantly, our baseline customer retention is also strong, as our expiring revenue renewal rate, which measures the renewal of the prior year's revenue run rate, increased to 89%, versus 85% in Q1 2015.

Moving on and looking at our cost structure and path to profitability, we're pleased to deliver another good quarter of non-GAAP gross margin, with Q1 coming in at 77%, an improvement from 74% in Q1 2015, and from 75% in the prior Q4 quarter. Our professional services profitability continues to complement our strong products margin, and grew to 30% gross margin in Q1 on a non-GAAP basis, compared to 11% in Q1 2015. This is the result of our sales and professional services teams' continued success in driving higher-margin services like incident response and security program assessment, scaling the business, and managing implementation spend well.

We continue to take a disciplined approach to managing our spend and moving down the road to profitability. With our gross margin just shy of what we would see as a steady-state gross margin in the 78% to 80% area, we take confidence by the fact that we see ourselves delivering profitability through a higher operating margin contribution to the bottom line, and not from some new product line or structural cost reduction down the road. We get to profitability specifically from growing sales efficiencies as we continue to scale, and continuing to benefit from our already lower marginal R&D costs.

With that perspective, let's look at our Q1 non-GAAP operating expenses. Let's start with sales and marketing. The non-GAAP expense-to-revenue ratio was 57% of revenue, and improved significantly on a sequential basis, from 64% in Q4 2015. We expect to continue to see marginal improvements in sales and marketing expense ratios as we move through the year. We would also note that there's some variability in the timing and magnitude of transitioning Intel's MVM customers to Rapid7, which could potentially affect the timing of royalty payments.

Overall, we're being thoughtful and disciplined in our approach to our go-to-market spend, basing our sales and marketing expenditures on what we're seeing in increases in pipeline, sales rep productivity, and customer traction.

Turning to R&D, our non-GAAP R&D expense was 31% of revenue in Q1, reflecting the investments we are making across our technology platform. In particular, both operationally and strategically, a big shout-out to our product and engineering teams, who in four short months took the core search technology from our acquisition of Logentries, integrated it into our platform, and launched our new InsightIDR offering this February.

Our team is delivering great and timely technology into the hands of our sales force and customers, and they're doing it at a lower marginal cost. This is due in large part to our talented offshore engineering teams in Belfast and Dublin. As a result, we expect continued marginal decreases in our R&D expense-to-revenue ratios in 2016.

Finishing out OpEx, non-GAAP G&A costs in Q1 2016 were 16% of revenue, consistent with Q1 of last year, and down marginally from Q4 2015, as we're already showing leverage improvements in our operations as we scale the Company. Like the improving leverage and support of our paths to profitability with our R&D spend, we expect to see continued marginal improvements in G&A expense-to-revenue ratios as we move through 2016. Pulling this all together, Q1 2016 non-GAAP operating loss was $9.5 million, squarely within our guidance, and non-GAAP loss per share was $0.23, the top of the range of our guidance.

Turning to cash and cash flow, we ended Q1 with cash of $83.5 million. As expected and communicated, our Company-wide annual bonus and sales commission structures have higher cash outlays in the first quarter. Our operating cash flow, while a negative $1.6 million for Q1, was better than expected on strong customer collections. As we've discussed previously, we expect to generate meaningfully positive operating cash flow in 2016, a particularly important metric and leading indicator in demonstrating our success on our path to profitability.

With that, let's now turn to our outlook, where we have set a dual mandate of continuing to drive strong revenue growth, while making sure we're delivering on improving profitability. With those two criteria, we believe we're taking a balanced approach to investing in our product platform, growing our sales force responsibly, and supporting our marketing programs to increase customer awareness and adoption.

Our guidance therefore for Q2 2016 is as follows. We anticipate total revenue to be in the range of $35.4 million to $36.8 million. This equates to strong year-over-year growth of 40% at the mid-point. We anticipate non-GAAP operating loss for Q2 to be in the range of $9.4 million to $10.4 million, and we anticipate non-GAAP loss per share for Q2 2016 to be in the range of $0.23 to $0.25. This is based on an anticipated 41.5 million weighted average shares outstanding.

Looking at the full year 2016, we are encouraged by both our strong Q1 results and our pipeline build. We're therefore raising our guidance for all three metrics: Revenue growth, an improving non-GAAP operating loss, and an improving non-GAAP EPS loss. For the full year 2016, we expect total revenue to be in the range of $149 million to $154 million, representing 35% to 39% year-over-year growth, respectively.

We anticipate non-GAAP operating loss for the full year 2016 to be in the range of $35.5 million to $39.5 million. This equates to a meaningful improvement on our path to profitability, as the non-GAAP operating loss margin for 2016 improves by about 500 basis points versus 2015. We anticipate non-GAAP loss per share for the full year 2016 to be in the range of $0.86 to $0.96. This is based on an anticipated 41.7 million weighted average shares outstanding for 2016. Finally, we continue to anticipate generating approximately $10 million of operating cash flow in 2016, and being free cash flow positive for the year.

In closing, we're extremely pleased with the start to the year, and we're particularly excited with the customer reception and up-take of our new InsightIDR offering, and its disruption of the SIMM market, in which an important upgrade cycle is now under way. Of course, we continue to be very bullish on the overall growth profile and customer adoption that we're seeing with our unique security data and analytics platform. With that, we appreciate your time and support, and we're glad to open the call for any questions. Operator?

Thank you.

(Operator Instructions)

The first question comes from the line of Rob Owens with Pacific Crest Securities. Please go ahead.

Great, and thank you for taking my question. First off, I just wanted to touch a little bit more on InsightIDR in terms of when you guys go to bake-offs, who are you seeing in terms of competition? What legacy vendors are you displacing? Then relative to either ticket size with customers or monetization, what type of expansion is this driving within that customer opportunity?

Yes, it's a great question. In comparison to the same customer size, addressing the first question about what's the opportunity, these deals are typically larger than the comparable threat exposure management deal, which is a very positive tail wind for us. It gives us a lot of optimism about what we're seeing in the business in the first half of the year from a pipe perspective, and also from an early conversion perspective.

As far as the customers that are -- we're displacing, it is a number of the traditional vendors that have deployed technology in the last three to five years. It's just not met the needs as they're trying to get more responsive to the data that they need. They tend to actually have data that's consolidated just in logs, just in enterprise. What they're missing is a wider range of perspective around the data in their business. More importantly, they're missing a dynamic ability to actually figure out which attacks are happening today.

As far as the competition that we see for those deals, the primary competition that we see for those is Spunk, which actually has both behavioral analytics and search. We have that approach. We think that's a modern approach to that. LogRhythm has also made some good investments in that space. But we are seeing a shift to companies that are shifting away from static rules and reporting focus, to much more a focus on behavioral analytics and a search focus. We think that's extremely positive for us.

Great. Thanks, Corey. Steven, relative to the billings number in the 34% growth, I think you mentioned there was a compression in duration of about 10% or so. Help us understand how the quarter played out? The 34% number, while still strong, is one of the slower growth rates you've seen over a couple of years. Just curious in terms of how that played out? As we look forward, the confidence in an acceleration, or more of the new business as it should help the back half of the year? Thanks.

Yes, sure. Thanks, Rob. Yes, to your point, we feel -- A, we feel good about the trajectory through the year, for sure. The nature, as you know, we talked about it a moment ago for the quote seasonality, as it tends to be 40%-60%, if you will, front end to back end of the year. That's something that's consistent and known, so that's comforting.

The reason for the acceleration, if you will, for the even stronger performance in the back half of the year is really the two things Corey was just talking about. Also, it's the traction of MVM and having higher conversion potentially than we perhaps anticipated. As well, the whole launch of IDR in February in Q1 gives us good runway for the latter part of the year. That's where that acceleration, that higher growth comes from.

Thank you.

Our next question comes from the line of Gregg Moskowitz with Cowen and Company. Please proceed with your question.

Okay, thank you very much, and good afternoon, guys. One follow-up to start on one of our ops questions relating to InsightIDR. Corey, you pointed out a couple of really nice wins early on. In those two cases, are those companies actually displacing their SIMMs, or are they running InsightIDR in parallel?

What we find is that in the mid-market, we find new deployments. In the larger customers, we find that they are displacing SIMMs. Although the one comment I would make is that I would say most SIMMs today are poorly utilized and under-adopted in the environments, even when they've been purchased. We're able to go in and show a very strong value proposition around the technology that we built, and its ability to not just detect attacks, but to speed up the investigation and the forensics process.

Okay, thanks. Have you begun to see a benefit from MDM, from the (inaudible - poor audio) vulnerability management in the life program, or is it too early?

Well, I would say that it's exceeding our expectation in terms of potential timing. It's still too early to tell definitively, but one of the things we have observed is that more customers are interested in both having discussions and mapping out their process to migrate at an earlier path than we expected. That's a positive. It consumes our sales force time (inaudible - technical difficult) go through, but we've had a number of opportunities that went into the pipeline earlier than we expected in Q1, and we consider that a positive, both for this year -- and as we actually think about moving into next year.

Okay, great. If I can ask one last one for Steven, just getting back to the billings. The quality of the billings, if you will, does seem to be a bit higher than maybe it first appeared, just because your long-term defers were flat to down sequentially; whereas they had been growing at a strong clip on a sequential basis for each of the prior five quarters. I'm wondering if you had any commentary on long-term deferreds this quarter, as well as what you expect going forward?

Yes, I think the nature of the long-term deferred is simply a math exercise, Gregg, where as you said, it's a function of the change in duration of call it two months off of the long end, which is what we mentioned earlier, really a function of the lumpiness of the large deals that we have had. As we talked about in the past, we are very pleased that we did, let's say, a $1 million deal once a year, two years ago, and it picked up to once a quarter.

Now we're at a point where we're executing multi-hundred-thousand deals throughout the quarter. Having said that, it's a bit of a scallop function, so you have some lumpiness in the larger end. When you have larger deals that are longer duration, that pushes it out in so far as the duration of deferred and long-term.

To your first point, though, on the quality of bookings, one of the metrics that we feel really good about in so far as a growth profile for the quarter, and really for the two or three quarters, and our expectation for the rest of the year, is that all of our lines of business are contributing to growth -- meaning whatever growth profile we are posting, the 30-plus, mid-30s for this quarter, is really a function of it being evenly dispersed.

There's no one product that's driving the growth that you would say, oh, it's all VM, it's all AppSpider, it's all IDR, it's all SAS. It's a very balanced growth profile across all cylinders. It's nice when those are marginally producing well, each quarter going up a little bit. It really has a strong leverage effect on continuing to grow bookings as we go through the quarter.

Okay, that's helpful. Thank you.

Sure.

Our next question comes from the line of Jonathan Ho with William Blair. Please proceed with your question.

Hi, guys. Just wanted to understand, with the higher up-sell opportunity that has come with some of the renewals, can you tell us maybe what products you're seeing drive that? Is there -- has that happened more on the enterprise side than mid-market? Just wanted to get a sense for a little bit more detail in terms of what's driving that effect?

Yes, it's happening across the base. You do see it more biased towards larger customers, just because smaller customers have less of an environment to expand into, in some cases. It's primarily cross-sell when it comes to smaller customers, and you have the up-sell and cross-sell phenomenon with larger customers.

At the larger end of the spectrum, you see companies that might start out just looking at a North America region, for example. Then they may expand globally from a threat exposure management perspective, or to multiple subsidiaries around the world.

On the cross-sell perspective, we see adoption not just within threat exposure management moving from Nexpose to either the Nexpose Ultimate, which includes the AppSpider, or they add AppSpider on to that. Likewise, we're seeing healthy adoption of our InsightUBA, which is our user behavior analytics solution. Just recently, we saw some adoption, it's early, but we also saw lots of pipeline build around InsightIDR.

The thing that Steven just mentioned that actually gives us great confidence is we're seeing all engines operate efficiently and effectively, and that's exactly the thing we want to see.

Got it. Can you talk a little bit about the international growth? Are you seeing a pick-up or strength in any particular other regions? Are there any compliance drivers that might be pushing faster adoption in any areas?

Yes, we're seeing -- we remain and feel confident that international is a great growth opportunity. We're seeing ongoing growth, especially if you've got a longer time horizon in the international segment You do have lumpiness internationally because it's coming off of a small base, but we see strong growth prospects, and we continue to deliver good growth there.

What I would say is that security awareness and prioritization outside of the US is still less than it is within the United States. That said, it's still a good growth opportunity, and we're very focused, and we're seeing good conversion there.

Thank you.

Our next question comes from the line of Saket Kalia with Barclays Capital. Please proceed with your question.

Hi, guys. Thanks for taking my questions here.

Hi, Saket.

Hi, Steve. Hi, Corey. Firstly, maybe for Corey, can you talk about the go-to-market strategy for InsightIDR? I know it's early, but is this something that requires more of a direct sales touch, or is it something that can go through the inside sales machine?

It's something that we believe can go through the inside sales team. As you know, we have a small team of direct sellers, but we got off to a very strong start. We did take the time -- and we spent a lot of time this quarter both training, and enabling the sales team, and ramping up our sales specialists, and our SEs, who have expertise around this, and aligning them with the products groups.

We are seeing momentum in our inside sales team, and we do believe that it can be sold via the inside sales team in addition to our outside sales team. We're increasingly working with channel partners who are seeing the success that we're having on expanding our penetration and footprint of InsightIDR.

Got it. Then to stay on InsightIDR, you mentioned -- obviously the alert fatigue is something that InsightIDR is going to address. But you also mentioned a lower total cost of ownership. Can you give us a sense for what you're seeing, again realizing that it's early, when a customer is evaluating Insight IDR versus a legacy SIMM, for example, what sort of savings could that customer expect to see?

Absolutely. I'll talk about three broad ones. One, you actually talked about the alert fatigue. That's a factor of the static rules versus behavioral analysis that's there, and we're able to demonstrate that to customers. They actually see the value and proof of concepts very effectively.

The second piece is really the productivity, though, of security teams, because they still have a lot of things to investigate and respond to. What we found is that our contextual search model of being able to process and search through and relate and contextualize large amounts of data very fast makes incident responders much more effective and efficient in how they investigate and research and do forensics around events. That's valuable.

If you think about traditional SIMMs, they are much more geared towards being a single pane of glass into a reporting, versus contextualized search and investigations. That productivity driver just allows our customers to be a lot more efficient, and that really resonates well, because lots of security teams are just strapped for resources and they are undermanned.

The last part of it that actually is resonating very well, and I talked about this earlier, is we are seeing that customers have higher scrutiny. They are wanting to consolidate lots of their aspects of their data, and not have three to five different products that look at different aspects of data. They want to work with one company that has fewer solutions to be able to process and manage their data and their solutions. That's both what our platform and our TEM and IDR offerings are offering customers.

Got it, very helpful. That's it for me. Thanks.

Our next question comes from the line of Michael Turits with Raymond James. Please proceed with your question.

Hi, guys. Quick question, really, if you're seeing anything from a macro perspective? It's a tougher year. Stock market macro, things like that, and how that is, if at all, affecting the core TEM business? Then I'll ask something else.

No, we expect the TEM business to still grow, as we discussed before, at a multiple of the vulnerability management market. We're seeing strong demand in that business. The only macro -- and by the way, we are very aware of what's happening in the environment. The primary macroeconomic context that we see is customers have higher scrutiny. There's lots of things out there, there's lots of solutions, and customers want to make sure they're getting the most impact for what they are doing. That's extremely, extremely positive for us.

The reason for that is we're able to demonstrate that customers can consolidate the security and data analytics needs they have across the organization, which means that they actually can go from multiple product solutions and partners now to a single partner, and actually get better efficiency and effectiveness out of that.

The other thing that we're seeing is we're seeing purchasing partners, purchasing departments take a lot more scrutiny as they look at deals, which could have some impact on timing; but we're seeing them still actually buying products as they move forward. But those are the two things that we're seeing that affect our business directly.

Then Steven, back on the duration question, I know you said it's volatile, big deals go up and down. Where do you think we are if you're down a couple months at this point? Is that the right new normal, or do you expect it to bounce around, or any trends we expect over the next year?

We would expect it, Michael, to bounce around for a pretty tight -- we're within a 10% band. You're talking two months of bounce on what's classically been a 24-month, 22- to 24-month metric for the last two years, and it's gone between 22 and 24, pretty consistently.

To your point, as you have more larger deals that tend to be farther out, then it's more towards the 24. When you have fewer and the mid-market practice has the bulk of the growth for that quarter, it's more towards the 22. But as I mentioned earlier, it feels like it's a bit of a scallop function. It's moving up and to the right in a scallop chart, not a linear straight line.

Yes, which is why we look at large deals on a -- not just a pipe but an annualized basis and see how they come in. We're seeing good traction and adoption across there. That's why that's our focus, because as Steven indicated, we're still scaling into that mega and that large-scale business.

Okay, great. That's good for me. Thank you.

Thanks, Mike.

Our next question comes from the line of Melissa Gorham with Morgan Stanley. Please proceed with your question.

Okay. Hi, guys. I just wanted to dig into InsightUBA a little bit, because that has been on the market for obviously a little bit longer than IDR. I'm wondering what you're seeing in terms of customer adoption, if you're seeing good growth, and whether it's meaningful from a revenue perspective today?

It's a great question. There's two comments about it. One, we're seeing amazing customer retention, and we're seeing good customer growth, although the thing that I would say is that InsightIDR is the lead product in the category. Just like with TEM, our Nexpose Ultimate is the lead product in the category. The shift that actually happened last quarter is that InsightIDR became the lead product in that category.

Because of that, we were able to have a few deals that actually we were able to up-sell in the process. We continue to close, and we saw very, very good growth in the category of our technologies and our products around incident detection and response. But we also had some additional deals that we decided it was better economics for both us and the customer for them to evaluate InsightIDR. We actually went long with those customers, and those deals may take longer. We think that's a healthy construct, because we would prefer our customers to be on our full solution and have the end-to-end experience.

InsightUBA, right now, is positioned as a complement to SIMMs, where customers can get the detection capability and some level of investigation and forensics, but not the full search experience. It allows them to get some of the behavioral analytics, if they want to keep their SIMM in there.

We do find that message resonates, and we are seeing adoption in larger enterprises that know they have to move from their legacy SIMMs over the longer-term time horizon, but it's not the right time right now. They find that InsightUBA allows them to go down the path to get some of the benefits in a way that's complementary. That's great for us.

Okay, that's helpful. Then Stephen, on the full year, you brought up revenue by $3 million, which is great. Operating income moves up more modestly. I'm wondering if there's been any change in the level of spending, or your expectation, or maybe there's an area in which you feel like you need to put more investment dollars?

Yes, good question, Melissa, thanks. No, there's definitely no view towards changing our spend for the up side. If anything, it's the opposite, where we expect to continue to deliver higher marginal returns to the bottom line for increasing revenue. You'll see that, as I think we talked about first and foremost in our R&D. That's really starting to come down nicely, and we'll really benefit from greater efficiencies and in sales.

The commitment is to return greater amounts of revenue growth to profitability, A. While we do that, the important leading indicator of that profitability is the operating cash flow profile. That's why we continue to be pretty bullish on delivering meaningful $10 million of OCF this year, 2016, as that key indicator of the effectiveness of the expense management and continued profitability. Thanks for asking, and good clarification.

Okay, thank you.

There are no further questions at this time. I'll now turn the call back to you.

Thanks, everyone, for joining us.

Thank you, all.

We look forward to connecting with you soon.

Thank you.

Ladies and gentlemen, that does conclude the conference call for today. We thank you for your participation, and ask that you please disconnect your line.