Rapid7 (RPD) Q2 2025: Detection & Response Surges to 50%+ Mix as Strategic Deals Reshape Pipeline
Rapid7’s second quarter marked a decisive pivot toward larger, strategic security deals, with detection and response now exceeding half of annual recurring revenue and commanding mid-teens growth. The company’s integrated Command Platform and new Incident Command launch sharpen its platform narrative, but longer deal cycles and a reset in smaller upgrade volumes prompted a narrowing of full-year ARR guidance. Management’s focus is now on operationalizing go-to-market execution and scaling expansion motions to capture the full opportunity set.
Summary
- Strategic Deal Mix Shift: Larger, multi-year security consolidations are displacing smaller transactional upgrades.
- Platform Integration Milestone: Command Platform and Incident Command unify data and AI-driven workflows for security operations.
- Execution Focus Intensifies: New commercial leadership aims to accelerate expansion and drive platform adoption.
Performance Analysis
Rapid7 delivered revenue and profitability above guidance, underpinned by strong performance in detection and response (DNR), which now accounts for over half of ARR and continues to grow in the mid-teens. The company ended Q2 with $841 million in ARR, up 3% year over year, and generated $42 million in free cash flow. Notably, the DNR segment’s expansion is offsetting persistent softness in legacy vulnerability management and lower-margin professional services, the latter of which management is deliberately de-emphasizing to improve margin quality.
International revenue provided a relative bright spot, growing 10% and now representing 25% of total revenue. Product gross margin held firm at 76%, reflecting the company’s continued focus on profitable growth, even as R&D and G&A investments rose to support platform innovation and global expansion. Operating income and EBITDA both exceeded expectations, though management flagged that investment in the India SOC and go-to-market will ramp in the second half. The balance sheet remains strong, with $600 million in cash and a new $200 million credit facility providing liquidity flexibility.
- Detection & Response Dominance: DNR’s mid-teens growth and 50%+ mix underscore a structural business shift.
- Deal Size Inflation: Larger, strategic deals are driving higher ASPs but extending sales cycles and increasing forecasting complexity.
- Margin Preservation: Deliberate pullback from lower-margin services is supporting gross margin stability.
While overall growth remains modest, the underlying business mix is evolving toward higher-value, stickier customer relationships, albeit with more back-end loaded ARR realization and less predictability from small-dollar upgrades.
Executive Commentary
"We’re uniquely positioned to capitalize on the escalating customer demand to bring AI tools and capabilities into the SOC. We have years of experience operating in security operations centers with our scale software and services MDR business. And this gives us a tremendous head start with proprietary data and experience."
Corey Thomas, Chief Executive Officer
"Revenue and profitability were above our guided ranges, and we continue to see healthy growth in detection and response and early progress in exposure command adoption. While the customer spending environment remains mixed, particularly in North American mid-market, the operating discipline and flexibility we built into our business model continues to serve us well."
Tim Adams, Chief Financial Officer
Strategic Positioning
1. Detection & Response as the New Core
DNR, detection and response, now represents more than half of ARR and is the company’s primary growth engine. The enterprise MDR (managed detection and response) rollout, which now supports co-managed detection and expanded cloud workloads, is enabling Rapid7 to win larger, multi-year consolidation deals—replacing fragmented point solutions with an integrated platform. Management sees the DNR opportunity as both expansive and defensible, particularly as regulatory scrutiny and attack surface complexity increase.
2. Command Platform and Incident Command Launch
The launch of Incident Command, next-gen SIEM (security information and event management), completes the Command Platform vision by enabling unified data ingestion, agentic AI workflows, and automated incident response. This platform-centric strategy is designed to provide customers with a holistic, de-conflicted view of risk and to accelerate threat detection and remediation. Management emphasized that the platform’s AI is trained on real-world SOC (security operations center) data, differentiating it from generic models and embedding operational expertise directly into customer workflows.
3. Go-to-Market Realignment and Leadership Change
Alan Peters’ appointment as chief commercial officer signals a renewed focus on operationalizing expansion motions, simplifying selling, and driving platform upsell across the customer base. Management acknowledged that while initial consolidation packages have succeeded in landing large accounts, the company has not yet “nailed” the pricing, packaging, and bite-sized expansion needed for sustained, predictable growth. The new CCO is tasked with building the rigor and process to scale cross-sell and upsell, particularly as the product suite matures.
4. Exposure Management and Upgrade Motion
Exposure Command, unified risk and exposure management, is seeing adoption in larger, more strategic deals rather than the anticipated 10–20% incremental upgrades. This shift is positive for ASPs but introduces longer sales cycles and less volume predictability. Management is recalibrating expectations and messaging to partners, emphasizing the platform’s value in consolidating risk management across cloud and on-premise environments.
5. Federal Opportunity and International Growth
Recent FedRAMP certification opens the door to federal government security workloads, with material upside expected to begin in 2026. International markets are also contributing outsized growth, particularly as the company’s SOC footprint expands in India and other regions, providing both scale and talent leverage.
Key Considerations
Rapid7’s Q2 highlights a business in transition, balancing the momentum of platform-led strategic wins with the operational and forecasting challenges of longer, less predictable sales cycles.
Key Considerations:
- Deal Mix Complexity: The pivot to larger, strategic deals drives higher ASPs but creates lumpiness and timing risk in ARR realization.
- Expansion Engine Under Construction: The absence of a robust, bite-sized expansion motion is a drag on growth predictability and customer penetration.
- Margin Management: Deliberate de-emphasis of professional services and focus on high-margin product revenue is supporting profitability.
- Platform Differentiation: Proprietary, expert-trained AI and integrated data architecture set Rapid7 apart, but require continued market education and operationalization.
- Leadership Transition: CFO succession and new CCO bring both execution risk and opportunity for fresh go-to-market rigor.
Risks
Rapid7’s shift toward larger, strategic deals increases forecasting risk and exposes the business to potential deal slippage, particularly in a volatile macro environment. The company’s ability to operationalize expansion and cross-sell motions remains unproven, and prolonged customer deal cycles could weigh on near-term ARR growth. Leadership transitions, especially in the CFO and CCO roles, add execution uncertainty at a critical juncture for the company’s go-to-market strategy.
Forward Outlook
For Q3 2025, Rapid7 guided to:
- Revenue of $215 to $217 million (up roughly 1% YoY)
- Non-GAAP operating income of $29 to $31 million
- Non-GAAP net income per share of $0.44 to $0.47
For full-year 2025, management narrowed ARR guidance to $850 to $865 million (from $850 to $880 million), maintaining revenue and margin targets. Pipeline conversion and deal closure are expected to be heavily weighted to Q4, consistent with historical seasonality. Management highlighted:
- Expectations for continued DNR outperformance and pipeline build
- Focus on operationalizing expansion and platform cross-sell to drive future growth
Takeaways
Rapid7 is executing a deliberate transition from transactional sales to platform-led strategic relationships, with DNR and the Command Platform at the center. While this shift is yielding higher-value deals and supporting margin quality, it introduces new operational challenges and increases reliance on large, back-end loaded deals.
- Strategic Platform Adoption: The Command Platform and Incident Command are resonating with enterprises seeking unified, AI-driven security operations, but require further go-to-market execution to scale expansion.
- Operational Inflection: The new CCO and upcoming CFO transition are pivotal for translating product innovation into predictable, repeatable growth.
- Future Watchpoint: Investors should monitor the volume and velocity of expansion deals, progress in federal and international markets, and early signs of improved cross-sell effectiveness under new commercial leadership.
Conclusion
Rapid7’s Q2 performance underscores a business in strategic transition, with platform integration and detection and response momentum offset by the unpredictability of large, strategic deal cycles. The next phase hinges on operationalizing expansion and executing a more scalable go-to-market motion under new leadership.
Industry Read-Through
Rapid7’s results signal a broader cybersecurity industry shift toward platform consolidation, with enterprises increasingly favoring integrated, AI-driven solutions over fragmented point products. The move to larger, more complex deals with extended cycles is likely to affect peers, reinforcing the need for operational discipline and robust expansion engines. The growing importance of managed detection and response, as well as unified risk and exposure management, highlights ongoing customer demand for comprehensive, outcome-driven security operations. Vendors unable to deliver platform integration and operational efficiency may see share shift toward those with proven SOC and AI expertise.