Clouded Judgement

Share this post

Clouded Judgement
Clouded Judgement
Rubrik: Benchmarking the S-1 Data
Copy link
Facebook
Email
Notes
More

Rubrik: Benchmarking the S-1 Data

Jamin Ball
Apr 04, 2024
59

Share this post

Clouded Judgement
Clouded Judgement
Rubrik: Benchmarking the S-1 Data
Copy link
Facebook
Email
Notes
More
1
Share

Recently Rubrik their initial S1 statement. A S-1 is a document companies file with the SEC in preparation for listing their shares on an exchange like the NYSE or NASDAQ. The document contains a plethora of information on the company including a general overview, up to date financials, risk factors to the business, cap table highlights and much more. The purpose of the detailed information is to help investors (both institutional and retail) make informed investment decisions. There’s a lot of info to digest, so in the sections below I’ll try and pull out the relevant financial information and benchmark it against current cloud businesses. As far as an expected timeline - typically companies launch their roadshow ~3 weeks after filing their initial S-1 (the roadshow launches with an updated S-1 that contains a price range). After the roadshow launch there’s typically ~2 weeks before the stock starts trading. So we’re looking at roughly 5 weeks before any retail investor can buy the stock.

Rubrik Overview

From the S1 - “We are on a mission to secure the world’s data. Cyberattacks are inevitable. Realizing that cyberattacks ultimately target data, we created Zero Trust Data Security to deliver cyber resilience so that organizations can secure their data across the cloud and recover from cyberattacks. We believe that the future of cybersecurity is data security—if your data is secure, your business is resilient. We built Rubrik Security Cloud, or RSC, with Zero Trust design principles to secure data across enterprise, cloud, and software-as-a-service, or SaaS, applications. RSC delivers a cloud native SaaS platform that detects, analyzes, and remediates data security risks and unauthorized user activities. Our platform is architected to help organizations achieve cyber resilience, which encompasses cyber posture and cyber recovery. We enable organizations to confidently accelerate digital transformation and leverage the cloud to realize business agility.

Product Overview

From the S-1: “Rubrik has a unique and purpose-built Zero Trust Data Security approach to help organizations achieve business resilience against cyberattacks, malicious insiders, and operational disruptions. Despite investment in security tools focused on infrastructure security, encompassing networks, applications, endpoints, and identity, cyberattacks continue unabated. We believe a comprehensive cybersecurity strategy requires data security in addition to traditional infrastructure security approaches. We enable organizations to implement a Zero Trust framework at the data layer, deliver data availability that withstands the aforementioned adverse conditions, and uphold data integrity even when infrastructure is compromised or attacked.

RSC, built with a Zero Trust design, automates data policy management and enforcement, delivers threat analytics and response, and orchestrates rapid recovery. RSC is a cloud native SaaS platform that secures data across disparate sources, allowing customers to have a single point of control from one user interface. RSC is built on a proprietary framework that represents time-series data and metadata generated across enterprise, cloud, and SaaS applications. We build products on top of RSC to address a myriad of use cases that help our customers achieve cyber resilience, from hardening their data security posture to cyber recovery. These use cases include protection and recovery from cyberattacks, malicious insiders, and operational disruptions; orchestration of cyber and operational recovery, failover/failback testing, and cloud migration; sensitive data classification and visibility into over-privileged data access; monitoring for governance, regulatory compliance, and data breaches; and identification, containment, and remediation of ransomware and other security threats.

Our access to time-series data and metadata allows us to deliver a breadth of products that span the following areas:

Data Protection. Cyber-proofs various sources of data in an organization with secure, access-controlled backups. Our data protection products are built for ease of deployment and use, scalability, and rapid recovery from cyberattacks, malicious insiders, and operational disruptions. We offer data protection products to manage enterprise, unstructured data, cloud, and SaaS applications.

Data Threat Analytics. Detects data threats and identifies the blast radius of a cyberattack to speed up data recovery. Combines Anomaly Detection, Threat Monitoring, and Threat Hunting. Anomaly Detection uses advanced machine learning to detect deletions, modifications, and encryptions. Threat Monitoring continuously monitors for indicators of compromise commonly used by bad actors to establish persistent access, move laterally, or exfiltrate data. Threat Hunting allows incident responders and Security Operations Center (SOC) analysts to hunt for indicators of compromise and determine the initial point, scope, and time of infection.

Data Security Posture. Strengthens cyber posture by locating sensitive data proliferation and identifying data risks. Includes Sensitive Data Monitoring and User Intelligence, which altogether discovers where data lives, sensitivity of data, and user access and activity.

Cyber Recovery. Improves cyber readiness and incident response with orchestrated Cyber Recovery Simulation and Threat Containment. The former is used to create, test, and validate recovery plans, while also staying compliant with policy and audit requirements. The latter is used to quarantine data infected with malware so that recovery is enabled without reinfection. Cyber Recovery can also be used to recover compromised data within a safe environment for forensic analysis.”

Market Opportunity

From the S-1: “We believe our total addressable market opportunity for our platform will be approximately $36.3 billion by the end of calendar year 2024 and approximately $52.9 billion by the end of calendar year 2027, based on market estimates in Gartner® research, representing an average 13% compounded annual growth rate. These market estimates are as follows:

Data Management. Based on market estimates in Gartner® research, we estimate that our addressable market for data management will be approximately $12.9 billion by the end of calendar year 2024, which includes $11.1 billion in Backup and Recovery Software and$1.9 billion in Archive Software. According to market estimates in Gartner® research, these markets will increase to $15.4 billion by the end of calendar year 2027.

Security. Based on market estimates in Gartner® research, we believe our addressable market for Application Security, Cloud Security, Cloud Security Posture Management, Data Privacy, Data Security, and Privileged Access Management Software will represent approximately $23.4 billion by the end of calendar year 2024 and approximately $37.5 billion by the end of calendar year 2027.”

How Rubrik Makes Money

From the S-1: “RSC is primarily adopted by our customers as a cloud-native, fully managed, SaaS solution. For select customers in highly regulated industries subject to stringent data control policies, we offer RSC-Private as an enterprise-ready, self-managed version. Both versions of our platform include various products built on top of RSC that, in combination, help organizations achieve business resilience against cyberattacks, malicious insiders, and operational disruptions.

Our platform can be purchased in three subscription editions. Our various editions include a combination of products across data sources (enterprise, cloud, and SaaS applications). We price our subscription editions primarily based on edition tier and data volume. Our subscription editions are as follows:

Foundation Edition. Keeps data secure and recoverable from cyberattacks and operational failures.

Business Edition. Builds upon Foundation Edition by proactively monitoring for ransomware.

Enterprise Edition. Builds upon Business Edition by continuously monitoring data risk and orchestrating cyber recovery.

We primarily sell subscriptions of RSC through our global sales team and partner network, where we target the largest organizations worldwide to mid-sized organizations. We also sell to smaller customers through a high-velocity engagement model driven by our inside sales team. Our platform’s broad capability allows us to serve organizations of all sizes across a wide range of industries and geographies. We are trusted by some of the world’s largest organizations and brands to protect their data.”

Benchmark Data

The data shown below depicts how the Rubrik data compares to the operating metrics of current public SaaS businesses.

Last Twelve Months (LTM) Revenue

Rubrik did $628m of revenue in its last twelve months

LTM Revenue Growth

Rubrik grew revenue 5% over its last 12 months. However, given their revenue model transition (to a SaaS) their revenue growth figure can be a bit misleading. They grew ARR 47% over the last 12 months (both are graphed below)

Quarterly YoY Revenue Growth Trends

LTM GAAP Gross Margin

Rubrik’s gross margins are 77%

LTM GAAP Operating Margin

Rubrik’s LTM operating margins were (49%)

LTM FCF Margin

Rubrik’s LTM FCF margins were (4%)

Net Revenue Retention

This metric is calculated by taking the annual recurring revenue of a cohort of customers from 1 year ago, and comparing it to the current annual recurring revenue of that same set of customers (even if you experienced churn and that group of customers now only has 9, or anything <10).

Rubrik’s net retention is 133%

Gross Margin Adjusted CAC Payback

(Previous Q S&M) / (Net New ARR x Gross Margin) x 12. This metric demonstrates how long it takes (in months) for a customer to pay back the cost at which it took to acquire them.

LTM S&M Expense as % of LTM Revenue

Rubrik spent 77% of revenue on S&M over the last twelve months

Rule of 40

In the below chart I’m showing LTM revenue growth + LTM FCF margin.

Rubrik’s LTM rule of 40 was 1% (this is using rev growth. Using ARR growth it would be closer to 43%

This post and the information presented are intended for informational purposes only. The views expressed herein are the author’s alone and do not constitute an offer to sell, or a recommendation to purchase, or a solicitation of an offer to buy, any security, nor a recommendation for any investment product or service. While certain information contained herein has been obtained from sources believed to be reliable, neither the author nor any of his employers or their affiliates have independently verified this information, and its accuracy and completeness cannot be guaranteed. Accordingly, no representation or warranty, express or implied, is made as to, and no reliance should be placed on, the fairness, accuracy, timeliness or completeness of this information. The author and all employers and their affiliated persons assume no liability for this information and no obligation to update the information or analysis contained herein in the future.

Leave a comment

59

Share this post

Clouded Judgement
Clouded Judgement
Rubrik: Benchmarking the S-1 Data
Copy link
Facebook
Email
Notes
More
1
Share

Discussion about this post

Morris Hsu
Morris’s Newsletter
Apr 6

Interesting that Zoom has a 151 month CAC payback, that's 12.5 years. Curious how that cost be justifiable? Would it be better to invest that CAC somewhere else or just pay it as dividend

Expand full comment
Reply
Share

No posts

Ready for more?

© 2024 Jamin Ball
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More