Rapid7 (NASDAQ: RPD), based in Boston, Massachusetts, is a recent addition to our Battle Road IPO Review Software sector coverage. The company was founded 15 years ago in New York City, where its founders took the city’s rapid transit train to work in mid-town Manhattan. RPD focuses on IT security software and services, with an emphasis on vulnerability and threat detection. The company recorded revenue of $77 million and a net loss of $33 million in 2014. For 2015 Consensus estimates call for revenue of $104 million and a Loss per Share of $1.53, followed by revenue of $131 million and a Loss per Share of $0.85.
Rapid7 priced its 6.45 million share IPO at $16 per share –above an expected range of $13-15—on the NASDAQ on June 16, 2015 for first trade the following day. All shares were offered by the company. Subsequently the underwriters exercised their over-allotment, enabling the company to raise about $110 million in its IPO. The deal was led by Morgan Stanley, Barclays Capital, KeyBanc Capital Markets/Pacific Crest, William Blair, Raymond James, and Cowen.
Rapid7 is led by Corey Johnson, President and CEO, who has risen through the ranks of the company in the last seven years, and served as Chief Operating officer, prior to his current position. His experience includes five years at Microsoft, where he was a Group Project Manager, with responsibility for the world-wide launch of SQL Server in 2005. Steve Gatloff, CFO, formerly CFO of iPass, held financial roles at United Online, Sterling Commerce, and VeriSign.
Rapid7 provides a portfolio of cloud-based software and managed services to detect and analyze cybersecurity threats for over 4,100 customers across a broad range of industries, including 34 percent of the Fortune 1000. In the last year, RPD added BJ’s Wholesale Club, Boyd Gaming, Dollar Tree, Fastenal, Iowa State University, Johnson Controls, Parker Hannifin, Samsung Electronics, and the Smithsonian to its growing list of business and government customers.
Roughly two-thirds of sales in each of the last three years comes from its Nexpose vulnerability and threat assessment software, which among other things, identifies weak points in a company’s data network, and helps to prevent cyber attacks across computer networks. About 88 percent of sales comes from the US, and the company utilizes a direct salesforce as well as channel partners that account for 41 percent of sales. RPD boasts an 87 percent renewal rate for existing products. The company recognizes about 80 percent of sales each quarter from backlog. At the end of the September 30, 2015 quarter, the company’s DSOs stood at 103, up from 95 in the previous quarter, a level that we consider to be high relative to other software companies that we research.
The market for security threat detection and assessment is a large and competitive one, with IBM, HP, and Intel, through its acquisition of McAfee, quite active in the market. In addition, RPD faces competition from several dedicated security software and services vendors, such as FireEye (NASDAQ: FEYE), Qualys (NASDAQ: QLYS), and others.