Name: Global Partner Webinar: Exposure Command Commercials
Uploaded: 2026-04-09T15:16:35.457Z
Duration: 23 min 32 s
Description: Global Partner Webinar: Exposure Command Commercials

Transcript for "Global Partner Webinar: Exposure Command Commercials": Alright. There we go. Hello, everyone. My name is Sean Drummy. I'm the director of product management for exposure command, and this is my colleague, Joel. Wanna introduce yourself? Yeah. Hey, everyone. Joel Cohen here, product marketing manager for our exposure command side of the business. Super excited to talk to you all today about the portfolio update that we have planned for exposure command. Lots of months of work went into this. We got a lot of feedback from all over the rapid seven universe around this. We feel like there's a lot of improvements on the way, a lot of simplicity on the way, and we're gonna share all this with you today. I do wanna know, crucially, this is not your last chance to learn about these things. This is not your only chance to ask questions. Comments, feedback, anything that you might have, we're gonna be communicating more and more about all of these things throughout the month of April, and we'll share timeline as well. So don't worry. There are a fair amount of changes, but we really believe this is gonna be for the best. So with that, let's get started. Okay. To drink it all in in a single slide, I'm gonna go through this in summary, and then we're gonna talk about it again. Like I said, this is not the last chance to review all this information. Okay. So what are some of the key highlights? First of all, we're going to end of sale exposure command advance. We felt that the friction and confusion that it caused having that middle tier just wasn't very helpful. And going down to two, essentials and ultimate were probably the best choice. Indeed, in doing that, what we're doing is changing the pricing strategy, especially when it comes to ultimate. Advanced was meant as a bridge between the very high 49 per asset list price of ultimate and people who wanted some cloud. Well, we're gonna remove that friction entirely. What we're going to do is change the per asset list price to $25 for Ultimate and $21 for essentials. These will be quite close in the way they're curved as well because what we're trying to do is capture as many customers into the exposure command ultimate skew, not sell the old point solutions, not trap them into essentials where they only really have surface command and vulnerability management. We want them to be, even if they're only a VM customer to start, able to expand comfortably into lots of different types of assets as they grow and as they are using the product. We're also really crucially lowering the minimums for both of these skews. Now essentials customers only need to spend 5,000 ARR net to rapid seven in order to qualify. And ultimate customers have the same stipulation, but at 15 k. Previously, we had a thousand asset minimum. Your price per asset could come from a lots of different things. The ARR could be all over the place. You would arbitrarily cut people out who should rightfully qualify, for instance, for ultimate. We don't wanna do that anymore. We're changing the way we do this from assets to ARR, and de facto, we're actually lowering it quite a bit. And we're also changing the way that we count assets. You may think initially when you see 49 to 25 that that's a significant reduction in price. But because we're going to change our strategy on how we tally up billable assets when we quote to customers, actually, what's gonna happen is we're gonna be quoting for a lot more billable assets, but just at a lower price point. And we'll explain the rationale for this once we get into a few more details further on down the deck. Okay. Finally, really important piece to this. After the sale comes in, how do we keep customers trued up and trued forward with what they're actually utilizing? We want to encourage lots of comfortable, predictable growth in the amount of assets that they use in the exposure command family. For example, a customer who's just a vulnerability management customer may well find that they want to include DAST and they want to have AppSec. That's great. We wanna see you know, you actually have some assets available. You're under your maximum utilization. Plug a couple of applications in and try that capability without any risk. And if you like what you see, you can upsell some additional billable assets to cover all the applications that you'd like. The other key point to that is, as you buy more, your price per asset goes down. And that means that you get a discount, not just on application security, but on all the other assets that you're protecting exposure command. That is such an important point. I'm gonna repeat it at least twice before the end of this deck. So don't worry if you don't quite get what I mean. Once we get into more details, it will be clearer. Okay. Why? Why are we doing these things? Well, first of all, we wanna lower barriers. We want you to be able to position exposure command ultimate as to a a the most broad segment of customers as you possibly can. Because we believe even a customer that only wants a single capability, we wanna give them the opportunity to grow with as little friction and as little premium as possible. And the other the other reason is simplicity. We felt that the original portfolio had a lot of complexities. People had to end up working around the pricing and packaging instead of leveraging it as a way to land Noombe's business and expand existing. Simplicity was the key here that we missed originally, and now we believe we've really hit something that's much easier to understand and sell. We've also aligned the ratios to perceived customer value and tried to eliminate ratios that just either introduced friction or wasn't really generating a lot of interest or revenue in deals, again, to get back to radical simplicity. And finally, we believe that enhancing visibility into what you're using and why will power growth. And so we're gonna be rolling out dashboards that our customers will be able to use and see right within their product to see how much they're entitled and what they're actually utilizing in terms of billable assets. Our reps on the Rapid7 side will have that same data available to them in Salesforce, so there's no more uncomfortable true up conversations as an example where the customer was unaware how much they were utilizing and a rep happened to have gone in and see it. We're gonna really improve that process a lot. So with that, I'm gonna talk I'm gonna hand it over to Joelle who will go into a little bit more about the why and the current situation as to why we made these changes. But before I do that, I should also note that there's a really important point about timeline. And, again, we'll repeat all this. I know it's a lot. We are looking at doing enablement now. We're enabling you right now. We're starting the enablement right now. The reps are also undergoing a similar enablement on the rapid seven side in early April. Lots more to come, more content, more opportunities to ask questions. We're hoping by the April, the new essentials and ultimate skews will go out, and we will stop selling advanced. But, crucially, this does not mean all your quotes that are outstanding go away. It does not mean you need to requote these things. You can still close on whatever you have outstanding through the end of the quarter because we're ultimately here to close deals and make customers happy. Right? Trying to requote everything would create chaos. So that's alright. The new SKUs are out there, but the quotes you have on the old SKUs are still honored. They're fine. When June 30 comes around, the last day of the quarter, after that day, we ask that you please requote anything on the old SKUs into the new ones because at this point, they've been out there for a while. We've had ample opportunity to close. Okay. Now, finally, you can stop listening to me and listen to my colleague, Joel. I'll hand it over to you, sir. Yeah. Thanks thanks, Sean. The great thing about this is, you know, when we talk about recording or whatnot, the great thing is that these the this pricing change reflects where customers are going. It reflects where our customers how our customers are purchasing solutions, and there's some key dynamics and situations that kind of drive towards that. These are just some examples. And just to level set here, there's many more reasons why customers are are are would prefer this type of pricing structure. You've seen tons of other companies kind of leverage this this type of structure as well. So we're confident that this is, addressing some key friction points. So couple of examples here. So in terms of agility or crisis agility. Right? Let's say, you know, customer has a zero day or faces one of those, you know, immediate attacks. You know, customers and teams, they they don't wanna deploy, they don't wanna go through a a a sales motion to purchase new solutions. They look at what they have on their stack and they say, can we use anything that we currently are using today to solve one of these new challenges? Again, the ideal approach is they don't wanna start initiating a sales motion when there's obviously, high urgency, high impact situations. And if you're not in those situations, if you're not, you know, a solution that's already in the customer's, Rolodex, you're gonna get left out of those conversations. Ideally or in addition to this, there's also platform consolidation components. Right? You hear it time and time again, the customers we speak to, CISOs, they're exhausted managing these different, you know, these different contracts, these different solutions. They want to kind of standardize, and they wanna make sure that they're not, adding friction to how they operate and also overhead and costs, etcetera. And finally, there are these modernized environments, and, obviously, we're in the midst of it. We hear it. Companies virtually every company today is a digital company. And so if they wanna shift from on prem to cloud, old licenses quickly become outdated. Right? And so they want flexible models. They want flexible pricing that enables infrastructure shift. It enables innovation, again, without having to go through another formal sales process to purchase an additional package, to purchase additional functionality. They want the solutions, and they want the functionality that they purchased from a vendor to be there when they need it most. And so, again, these are kind of some dynamics, some situations. There's several more reasons why we're standardizing on these, but here are some key things that we identified in how we were doing things and what we're addressing. So in terms of IBM renewals, right, the standard motion is you'd customer you'd upgrade a customer to exposure command essentials from inside VM. The challenge was that you kind of introduce in that case, situations where you have to, upgrade a customer then to the advanced, packages when they're ready to go that route. So, again, there's now friction. You get a customer to expose your command essentials. They have inside DM, and they have, attack surface management. At the moment, they're ready to adopt more functionality, then they have to now go to the advanced packages or ultimate. So, again, creates kind of that step up. It creates friction there in those, natural adoption of functionality. Similar to that, again, there's kind of that shift between ECA and ECU. Customers weren't always sure exactly, well, what is the difference? What is the difference in terms of cloud functionality from one SKU to the other? Again, creating confusion, creating some friction there from customers. And then finally, usage usage expansion. Right? So, we we had some, limited visibility into the amount of licenses, the type of licenses that customers were consuming. Specifically, what I mean by that is we didn't really know or have the visibility of to, to know whether, hey. Is a customer leveraging Rapid7 for, you know, monitoring a third party asset or or insight, you know, vulnerability management asset? There was a little bit of of, limited visibility into that, and so we are addressing that with these updates again. We'll dive into more details of that. So these are some key areas, some key challenges we've solved. Every time we've talked, internally to our sales teams here, it's been resoundingly positive also within partners as well. Everyone has been very, very positive about what this represents in terms of growth for Rapid7, but also growth for our customers as well, enabling a a more secure environment. So let's level set, and then I'll hand it over to Sean again about what our, exposure plan family looks like today. So we've got the three, standalone, solutions today. So you've got from a vulnerability use case standpoint, obviously, inside VM. You've got inside cloud side for cloud security, and you've got surface command for attack surface management. Then you've got the three tiers of exposure command, exposure command essentials, advanced, and ultimate. Each of those, again, it's you know, you've got the the essentials with limited functionality, then you've got step up functionality, etcetera, etcetera. And ultimate today includes all the functionality that that, you know, from from cloud, to AppSec, to VM, to attack surface management. The price points on those, again, it's it's step up step up. So what's happening, to reiterate, if you've got a customer that's on IBM today and they're moving into you know, they want some cloud functionality, well, all of a sudden the price per asset is almost double from what they were paying today. So it almost becomes a friction point for them to adopt cloud functionality. So you can see here packages that we have today, different price points, minimums that are, you know, in in many cases, high for what our customers, how we were kind of transacting with our customers. So 1522, '23, 49 step up, and you have a lot of different options for customers to go. So we're streamlining all of this and streamlining towards the default sales motion with exposure command ultimate and exposure, and in in situations where customers don't want, you know, the all the functionality, exposure command essential. So I'm gonna hand it over to you, Sean, again to kinda walk us through, what the key changes, are here. Joel. So as you can see, this is how we think about the new exposure command family. There are a lot fewer boxes in this slide than the previous slide. Are we going to end of sale vulnerability management and Insight CloudSec and AppSec? No. Those still exist, but the default land motion should be ultimate. Why? Because you will still be super competitive in the market The way that we have devised this pricing, whether you're trying to unseat someone for vulnerability management or you're trying to land a six substantial amount of DAST in in AppSec using the exposure command skew instead of going to the point solutions as was previously probably commercially more viable. And we've done a lot of research and calculations to make sure that we will hit those price points to be competitive, but to hit that good balance between competitive but still making a good amount of money to not need the point solutions in the case of a customer only wanting the one thing. We can still get them into ultimate. So as you can see, I'm gonna repeat some of the stuff I touched on. We've got essentials, which has your chasm capability via surface command and vulnerability capabilities vulnerability management capabilities. That's a 21 per asset global list. The price floor is 5,000 USD in terms of ARR net to rapid seven. So that has those two pieces. So you have the ability to still do your standard vulnerability management with some Chasm add on by having surface command in one package, especially if you have a lot of IBM existing customers, for instance. Or you have a deal where really and truly they're not interested in cloud or app, but we really hope that those are few and far between that there's no chance they'd look at it. That's what that SKU is there for. But, really, it's not what we're trying to land with. The 25 per asset global list with the 15 k price floor in ultimate is where we believe customers will get the most value even if they're only interested in vulnerability management or cloud right now. And we often hear the objections from customers like, well, I don't want cloud. I don't wanna pay for all these other capabilities. That's fine. If you're not gonna use any cloud, you don't pay for it. You only pay for what you use. That's why the asset table is so important. If you're in ultimate and you only have vulnerability management, that's the only thing you're being charged for. It's not a bundle. There is no shelfware. It is merely access if and when you are ready to use the other capabilities that you will have when you go to ultimate. So there's really no downside to it. I'd also like to note, and there'll be more enablement coming about this in separate sessions, that we're adding the optional add on of runtime security, which was a key key gap that we had in our cloud offering previously. Now runtime security is coming. It's gonna be an awesome integrated feature. Lots of exciting news to come about that. Actually, Joel's running point on that as well, but I'll leave it at that. Stay tuned for more on that as well. So when you're selling cloud, there's a really big new capability coming there too. Okay. So let's talk a little bit less about the pricing and packaging and a little bit more about the assets. Because as I stated earlier, one of the key things that we're trying to do is provide discounting the more you consume and the more the diversity of assets that you have, you consume. So let me give you an example. You land a new deal that's just a vulnerability management deal, but it's in exposure command ultimate. That customer then says, I'd like to add AppSec, or I'd like to add compute instances in cloud. That's great. You can see that there's ratios here where vulnerability management is one to one. That's the flagship. That's what we're pinning our price per asset curve to, and everything else is tuned to that. So in this example, if I have 10,000 vulnerability management assets or a thousand, it doesn't matter, and I add cloud security to it, yes, there will be an incremental uplift for sure because you're adding compute instances. But you because you will go further down on the price per asset curve, that quote will be giving you a discount implicitly on your vulnerability management assets as well. So the more you consume with us, the lower the pricing goes so that you save on everything by just adding one thing. And we really think the psychology and the economics behind this is super compelling. So I'll also note on application security, we used to be at a one to one ratio if you remember, if you're really a, very closely following the commercials of rapid seven. We're going to one to a 100. There used to be a fair use issue where you could only use a certain amount of AppSec per amount of assets you had. Fair use limitations are going away, and we're just purely using these asset, ratios now because the fair use created more problems than it solved. One other super important point at the top of the table, risk based exposure management. That's at a half an asset. Basically, two to one is a half a billable asset. This is for your chasm capability. We do not double count assets. I don't wanna go into too much detail, but, basically, if you're assessing it with us, we're not gonna count it as both. If you have a Tenable integration and you wanna bring in a bunch of IoT, you know, assets, they're still important to you. You want that attack surface management. You want that chasm available to you to get that insight. If you bring them in, we count them as a half asset, which we expect will result in a modest uplift to most deals as well. It's also at parity with how the rest of the market prices this capability too. Okay. So the final column that we had at the outset of this presentation was about visibility, predictability, about true up. So I wanted to talk a little bit more in detail about what we have coming here. What you can see, may have to zoom in, apologies on that, is the dashboard presently in development for any customer signing on to the new ECU SKU that gives them near real time capability to see what they are utilizing and what they're entitled to. So if a customer happens to be 30% over what they're entitled to, they've got 10,000 assets, they're using 13,000, that's great. They have the ability to see that. You have the ability alongside your Rapid7 rep to go into these accounts and sell more. You're already getting the value. If you're happy with where you are, let's have the conversation. Let's true forward. Let's get you to 13 or 15,000 assets going forward. So as your attack surface grows, as you need to secure more assets in different ways, we're able to very seamlessly and predictably grow alongside you or grow the account alongside you. So there are no dirty surprises. There are no unpleasant conversations. And as I mentioned earlier, this exact same data will be surfaced to the reps in their, Salesforce tools to also see this as well to prompt these conversations easily. Okay. So there's more collateral coming that we will be publishing. There will be more opportunities to learn about this. There will be more opportunities to ask questions. Any feedback that you have, we're all ears. We wanna hear. But this is in a nutshell, these are the changes. Happy to take any questions. Yeah. And and and while questions come in, Sean, I think one one of the last things I'll add there, and I think it's important there that last slide around around predictability. You know, we hear it time and time again with with, you know, SaaS companies. You know, customers purchase a product, and then it's kind of like their use expands balloons, and they don't know what's happening. There's a little bit of a black box, and all of a sudden, it's it's you know, you get a bill kind of at the end of of of those those situations. You know, we're addressing here with with that dashboard is giving those customers full visibility and transparency into how they're leveraging our solutions, which was something we weren't doing before. Right? And so I think this is one of those areas where we've heard customers tell us this feedback. We're directly addressing it with this pricing update. You know, this wasn't just us updating a pricing or pricing and packaging. It was about how do we do something for customers where that we give them that transparency. We're doing something for them where we're not just punting this over the edge and it's like, yep. We just updated our pricing. Good luck. But now it's like, hey. Look. You have more control and visibility into how you're consuming, licenses and and what you are actually monitoring with Rapid7. So, again, these these updates, you know, shown them to to, you know, our our internal teams and others. It's been very well received, so we're really excited about this, what it means. Okay. Alright. Well, like I said, more opportunities to ask questions, more opportunities to learn about this. We look forward to speaking with you in other forums as well. Really appreciate your time. Thank you so much. Thank you, everyone.