Mandiant, Inc.
Q1 2020 Earnings Call Transcript

Published: 28 Apr 2020

Operator:

Good day, everyone, and welcome to the FireEye First Quarter 2020 Earnings Results Conference Call. At this time, all participants are in a listen-only mode. Later, we will conduct a question-and-answer session and instructions will follow at that time. Also this call is being recorded. At this time, I would like to turn the call over to Kate Patterson. Please go ahead.
Kate Patterson:

Thank you, Shannon. Good afternoon, and thanks to everyone on the call for joining us today to discuss FireEye’s financial results for the first quarter of 2020. This call is being broadcast live over the Internet and can be accessed on the Investor Relations section of FireEye’s website at investors.fireeye.com.
Kevin Mandia:

Thank you, Kate. I would like to thank all the investors, employees, customers and partners for joining us today on the call. I hope that all of you, your families and your loved ones are staying healthy during the unprecedented conditions we are all currently enduring. As we are confronted with new and emerging challenges from the coronavirus, it’s FireEye’s top priority to ensure the health and safety of all our employees while also effectively safeguarding our customers from cyber attacks. I am proud of how fast our customers adapted to the new normal. I’m also proud of our employees who reacted swiftly to shelter-in-place and work from home orders, while maintaining performance in our mission of safe guarding our customers.
Frank Verdecanna:

Thanks, Kevin, and hello to everyone on the call. Before we move onto the details of our Q1 results and guidance for Q2 and 2020, let me remind you that I'll be referring to non-GAAP metrics except for revenue and operating cash flow. Our non-GAAP measures exclude stock-based compensation, amortization of intangibles, non-cash interest expense on our convertible debt, restructuring charges, and other non-recurring items. Turning to Q1 results, I echo Kevin’s comments that I think we executed well against our plan, as we quickly pivoted to a work from home organization. We delivered billings and revenue within our guidance ranges and exceeded our EPS guidance range. We estimate that COVID-19 global pandemic reduced our Q1 billings by about 10 million to 15 million and revenue by less than 2 million. The impact on billings combined with an increase in DSOs related to the COVID-19 pandemic, resulted in operating cash flow below what we had anticipated in our pre-pandemic guidance. As we take a closer look at the details, I will focus my comments on ARR and revenue as the key indicators of our financial performance. The ARR metric gives you insight into the expansion of our installed base of re-occurring subscriptions without regard to short-term changes in average contract length or in-quarter timing of large renewals, which as we’ve seen can cause volatility in our quarterly growth rates for billings. Revenue reflects growth in our deferred revenue and drives our profitability. For these reasons, we believe ARR and revenue are better indicators of our progress on our transformation journey, especially in the current environment. Looking at revenue and ARR by category and our operating results, platform cloud subscriptions and managed services revenue increased 33% year-over-year and accounted for 30% of total revenue, compared with 25% of total revenue in Q1 2019. ARR was up 32% year-over-year and 1% sequentially as we continue to expand our customer base in this category. This category now accounts for 49% of ARR, up from 40% at the end of Q1 of 2019. Mandiant services revenues grew 25% year-over-year to a record 51 million and accounted for 23% of total revenue, compared with 19% of total revenue in Q1 of 2019. We continue to see strong demand for our expertise in both Incident Response and strategic consulting. As an , we do not include any of our services or expertise on demand subscriptions in our ARR metrics, even though many customers purchase strategic consulting engagements year-after-year. Revenue for platform, cloud subscriptions, and managed services and Mandiant services categories accounted for 53% of total revenues, compared with 44% a year ago. Our on-premise product and related business accounted for 47% of total revenue, compared with 56% a year ago as our mix continues to shift to higher growth categories. Product and related revenue declined 11% from Q1 of 2019, due to lower deferred revenue balances entering the quarter. Appliances accounted for the majority of the year-over-year decline. Remember that appliances originally sold in 2015 were fully amortized by the end of Q4 2019 creating a more difficult year-over-year comparison than prior quarters. Product and related ARR decreased about 2% sequentially, a similar seasonal decline as last year. Net retention rates in these categories remained above 95%. Our ARR and retention metrics demonstrate that the product and related portion of our business has stabilized following the end of life event that impacted results in early last year. It also suggest that while we expect on-premise appliance-based sales to continue to decline as customers shift to virtual and cloud form factors, we are managing well through the transition and we continue to retain our base of enterprise class customers. Gross profit margin of 71% was consistent with our guidance. The decrease compared to Q1 of 2019 was due to a higher mix of services in total revenue, as well as an increase in cloud hosting costs associated with higher cloud revenues. Note that although Mandiant Consulting services are at a lower gross margin, our services contribution margin is consistent with other areas of the business. Total operating expenses were flat year-over-year and increased about 6 million sequentially. The sequential increase was primarily related to higher employee payroll taxes that are seasonally higher in Q1. Our pre-shelter-in-place guidance had anticipated operating expenses of around 168 million on an absolute dollar basis or about 7 million higher than our actual results. The difference was primarily due to lower travel and event expenses in the last month of the quarter. With revenue and gross margin where we expected, and lower than anticipated operating expenses, operating margin was 3 percentage points better than our midpoint of our guidance range. Q1 2020 operating losses were 56% lower than Q1 of 2019 . This translated into a net loss per share of $0.02 better than our guidance range of a loss of $0.03 to $0.05. Turning to the balance sheet and cash flow, our balance sheet remains very healthy. We ended the quarter with cash and short-term investments of 980 million, which is more than enough to repay the 120 million in convertible debt that we expect to be required to repurchase on June 1 and to fund our operations for the foreseeable future even in the more conservative versions of likely scenarios in this current environment. We ended the quarter with receivables of approximately 140 million, an increase of 29 million from a year ago. DSOs calculated on billings were 74 days. This is up from our usual 55 days to 60 days. We attribute the increase to the COVID-19 pandemic and expect DSOs to remain in the 70 day to 80 day range at least through the second and third quarter of the year. As I mentioned, cyber security remains a high priority and we remain confident in our ability to collect payment, but we increased our bad debt reserves and reduced our near-term cash collection forecast as a precautionary measure. Total deferred revenue at year-end was approximately 920 million, an increase of 14 million from the end of the first quarter of 2019. Platform, Cloud Subscriptions and Managed Services deferred revenue increased by about 36 million, and services deferred revenue increased by about 24 million. The increases in the platform cloud subs and services categories was partially offset by 46 million decline in product and related deferred revenue as prior period appliance sales continued to roll off the balance sheet. Note that this dynamic has a disproportionate impact on current deferred revenue. On a sequential basis, deferred revenue decreased by 55 million, reflecting normal seasonality in our quarterly billings. Operating cash flow for the quarter was negative 24 million, compared to our expectation of approximately breakeven. The difference was due to the increase in DSOs relative to our pre-pandemic expectations. As Kevin mentioned, we have been taking steps to accelerate our transformation and set the stage for increasing growth and profitability in the future. This resulted in a restructuring charge of approximately $11 million in the first quarter and we expect to incur additional restructuring cost of between 10 million and 15 million in the second quarter. We expect these actions will reduce our operating expenses by at least 25 million in 2020, compared to 2019, primarily in the second half of the year along with additional year-over-year savings related to lower travel. When I review our Q1 operational metrics, including the increase in new customers, growth in ARR and net retention rates, as well as our current pipeline of both new and renewable renewed business, I am confident our business remains healthy and our transformation is on track. Now, let’s turn to our current outlook for Q2 and the remainder of the year. My comments on our outlook take into account what we know today, while we recognize there are many unknowns, including the timing of reopening economies both in the U.S. and abroad. While we are operating with the same uncertainties that every other cyber security company, cyber security remains a top priority for our base of government and enterprise class customers. I believe these are also the organizations best position to weather the storm. I believe the biggest unknown for us is the average contract length of billings. While customers may still commit to multiple years given the current economic uncertainties, we are assuming that some will be less willing to pay for upfront for multiple years. In recognition of this uncertainty, we are not guiding billings for the second quarter and we are withdrawing our previously annual billings guidance for 2020. Since billings drives our receivables balance and cash flow, we are also withdrawing our cash flow guidance for the year. However, since we typically recognized more than 90% of quarterly non-services revenue from deferred revenue on the balance sheet and for demand for our services remain high we are providing revenue guidance for Q2. We’re also providing revenue guidance for the year, although we have expanded the range, compared to prior periods. Expenses remain within our control allowing us to provide visibility into operating margin and earnings per share for the quarter and the year based on current revenue assumptions. For Q2, we expect revenue in the range of 213 million to 217 million, gross margin of between 68% and 69%, and operating margin of between negative 1% and negative 2%, and EPS of a loss per share of $0.01 to $0.03. For the full-year 2020, we expect revenue between 880 million and 900 million, gross margin between 69% and 70%, operating margin between positive 1% and positive 3%. This implies a decrease in operating expenses of 30 million to 35 million, compared to 2019, which includes at least 25 million related to the restructuring actions, as well as additional savings for operating costs such as lower T&E. As noted, this is based on what we know today and what we believe as of today. There is a lot of uncertainty that has been created because of COVID-19 and we are doing our best to manage and provide you with the guidance while operating in this uncertain environment. That concludes my review of our guidance ranges and assumptions. I know there’s a lot of detail here, so we have summarized the assumptions and math for you in the guidance section of our slides. Operator, we’ll now open the call for your questions.
Operator:

Our first question comes from Michael Turits with Raymond James. Your line is open.
Eric Keith:

This is Eric Keith on for Michael. Kevin, just based on what you’re seeing in the conversations, can you just elaborate more on maybe what customers are – if the customers are actually de-prioritizing maybe certain IT initiatives others and how you might see that shift in coming quarters?
Kevin Mandia:

Yes. So, the number one question I’ve gotten and realized my audience is usually Chief Information Security Officer or above, it was, how do you protect your remote work for us. I didn't feel any shift in spend, meaning let’s lower it although in this environment obviously people are looking at discretionary cost and cutting them if they can, but I did not see security as discretionary, it’s seen as important. So question number one, how do you defend the remote employee. And what do you do to make sure and validate that in fact you're running a secure infrastructure.
Eric Keith:

Great. And then for you Frank, can you provide some more color on contract lines in the quarters? It looks like it was above your expectations, so curious what’s going on there?
Frank Verdecanna:

Yes. So it was pretty much flat, it was slightly up year-over-year, but we did have a five-year $5 billion deal in the quarter that if you pull that deal specifically out contract length would have went down by half a month. So, surprisingly we didn’t see much of an impact on contract length in the quarter, but again we only had three weeks of the pandemic in the quarter. So, we would expect a bigger impact on contract length going forward.
Eric Keith:

Great thanks.
Operator:

Thank you. Our next question comes from Shaul Eyal with Oppenheimer. Your line is open.
Shaul Eyal:

Thank you. Hi, good afternoon gentlemen. I had a quick question Kevin, when looking at FireEye's portfolio what do you see as more non-discretionary product services solutions and conversely what is more discretionary from the CECL perspective?
Kevin Mandia:

You know, almost everything we do is relatively critical and I know that sounds like answer, but it’s not. When you look at our services, we’re either responding to the house is on fire or we’re showing up before that to make sure we can do an assessment of your security program to make sure you don't have a problem to worry about. So, I feel like on the services side, the demand is there. When you look at our products they were always designed to detect what other safeguards missed, kind of they closed the gap between legacy safeguards and what the attackers were doing. So, we're seeing as a pretty instrumental layer with our products to people’s security programs and that’s why I think you see high renewal rates for us. And the biggest challenge we had is going from appliance to cloud getting, you know and going from perpetual license to subscription and getting into form factors that are getting more and more common. We’ve done that work and now we have to leverage it. So, I think through the portfolio, probably the biggest delay we had on things that were in flight that got delayed were on training, education, we do a couple hundred classes a year for security professionals and we had this sort out in a short period of time, how do we take that training and still connect with remote folks, but we’re starting to see that spin back up now. And I think as organizations recognize that we’re all going to be working in a remote setting for an indeterminate length of time that we have to figure out how to allow things like training to happen in remote environments. But out of everything we did, the only thing that hit my desk with delays was the training.
Shaul Eyal:

Understood. Thank you so much for this color. And if I may, Frank or Kevin, month of April is coming to an end very shortly. Can you talk to us what you’ve been seeing so far and maybe just toward about ASPS, where do they stand right now? Thank you so much.
Kevin Mandia:

Yes, so far a sale in the month of April, we’re actually a bit ahead of linearity from typically where we are in month one of a quarter. So, I think, so far all signs have been very positive, which is a lot of confidence going into the remainder of the quarter.
Shaul Eyal:

Thank you.
Kate Patterson:

Next question.
Operator:

Our next question comes from Fatima Boolani with UBS. Your line is open.
Fatima Boolani:

Thanks for taking the questions. Kevin I’ll start with you. Just with respect to Mandiant, appreciate the color you gave around the ability of the Mandiant professionals to remotely troubleshoot customer pain points and particularly those verticals that continue to be besieged by cyber attacks. So, I’m wondering if you can kind of talk us through how the on-boarding of additional capacity is going to play out over the course of the year and to what extent are you having to backlog engagements because the billable hours and billable rates are at capacity? And then I have a follow-up for Frank if I may.
Kevin Mandia:

Yes, so we feel like we’re operating full board. So, the on-boarding, I think I’m going to answer your questions in reverse order. Now let me answer them in the right order. When it comes to working remotely, we started designing our endpoint in 2005 to do exactly this. Send expertise in seconds and as you adopt our endpoint if anything happens we always want to be that unbiased third-party that can reach in and investigate and sort it out for you. So, we’ve always had the ability to do critical services from remote locations. And so that’s not new. So, when we had to go remote, in reality, we’ve already been doing it that way. We can’t put people on Boeing 737 every time there is a breach and fly them in. You don't have the time to do that, you can’t travel there. Software can travel there in 30 minutes or less, get installed and we’re executing our expertise remotely. In regards to on-boarding, I know my way of doing it. They show up, we train them a little bit, but there’s no better job than on the job training. So, the reality is, people that we hire, we’ve always gotten them busy fast. I mean that’s just what you do in consulting. We do have training, we do have mentorship, but the on-boarding of consultants really means you get repetitions and you get repetitions, as soon as you hit the ground.
Frank Verdecanna:

Yes, and Fatima, just to add to that. We have been growing the for the last couple of years. And so we’ve had plenty of folks that have come aboard in remote locations that have gone through our remote training program. So, that really wasn’t that much of challenge to get those folks up the speed.
Fatima Boolani:

Appreciate that and .
Kevin Mandia:

It’s Frank’s turn.
Fatima Boolani:

Okay. Frank since I have you, just digging into the outlook assumptions, both from a revenue and OpEx perspective. So, on the revenue front, are you expecting any changes from a renewal standpoint or rate of decline in appliances and then on the cost front, given the restructuring, I’m wondering why the magnitude have changed here is still much stocker than the revenue being rebased lower and that’s it from me. Thank you so much.
Frank Verdecanna:

Yes, from a revenue perspective, obviously we brought down the revenue number for the full year and we’ve expanded the range. We’ve done that across all categories assuming that business would see an impact across various areas. Yes, to date we haven’t seen much of an impact. Obviously, we delivered on our Q1 numbers, but the Q2 guidance shows that we are expecting or we are at least taking conservative view on what could happen in the quarter and so we are accounting for less appliance sales, we are accounting for assuming that there are going to be some service offerings that folks will want on-site and may delay until we get to the point where we can deliver that on-site. So, we’ve taken that into consideration. From an OpEx standpoint, most of restructuring actions have happened towards the tail end of the quarters and so there will be most of the positive impact to that will happen in the back half of the year, obviously depending on what travels like for the remainder of the year. We may actually have additional savings there if we wind up and sheltered-in-place for a longer period of time.
Fatima Boolani:

Very helpful. Thank you.
Operator:

Our next question comes from Sterling Auty with JP Morgan. Your line is open.
Unidentified Analyst:

Hi guys, this is Matt on for Sterling. Thanks for taking the question. I know you guys talked about this quarter kind of some of the segments that benefitted or not benefitted, but had some increased interest from the current situation. Going forward, which parts of your business do you think are going to be negatively impacted from the current situation and which ones do you think are going to have more of a positive impact. Thanks.
Frank Verdecanna:

Matt, obviously we’re not that far into this process, so it’s very difficult to see – forecast exactly which products are going to do better. Our early signs is renewal rates seem to be doing little bit better, appliance sales probably little bit worse, and then from the service offerings, we’ve been able because we’ve had a lot of backlog and because we’ve got lot of demand there, we’ve been able to keep utilization and chargeability up high, but at some point if things don’t change, we would expect some impact there as well.
Unidentified Analyst:

Got you. Great. That’s very helpful.
Frank Verdecanna:

Our products probably are positioned better for kind of remote install, remote work environment or cloud endpoint, cloud email.
Unidentified Analyst:

Understood, thanks. And then one quick follow up. In terms of the Mandiant services component, is there any type of, I know you talked about the implementations, but is there any type of situation that you wouldn’t be able to perform in the current environment?
Kevin Mandia:

Yes. This is Kevin speaking. I mean there is always times where it’s better to be in a room. Whenever there is an incident, right when we started doing the remote work, you often wondered for many companies, you start a war room, everybody crowds in the war room, you get to read verbal and nonverbal communication. So, you got to do business a little bit differently. But our folks are very used to remote collection of information, remote forensics, remote analysis, remote counseling, and discussion on remedial steps, but what you lose is that the customer sometimes want you in the war room, and by the way the customer doesn’t have that with their own people now. So, it’s a different environment. So, you lose a little bit of the connectedness when you hit some incidents that are in a sprint. In regards to the security assessments, we are probably communicating at a 90% effectiveness rate, not 100%, just because we’re all remote and doing things in different way. Sometimes it’s easier to get on-site, meet the 20 to 50 folks that you need to meet and go through, here’s all the things that would make your security program more effective. So, that’s a long-winded way of saying that our communications are different today than what they used to be and that for some folks, they may have to change your communication style to be more effective.
Frank Verdecanna:

And Matt, we have seen people leverage our internal offering and our expertise on demand a little bit more as well. So, I do think people are utilizing our internal expertise to augment their internal teams.
Unidentified Analyst:

Great. Thank you so much guys, that’s very helpful.
Operator:

Thank you. Our next question comes from Rob Owens with Piper Sandler. Your line is open.
Rob Owens:

Yes, good afternoon guys. Building on Matt for Sterling's question earlier around Mandiant. Curious just about billable hours, the billable rate, I guess, Kevin, how it changes on-prem to remote and you’ve got this large portfolio of new Mandiant services that you talked about. So, you should have a leverage then I guess. So, is there a near-term had when you move kind of to remote work for these guys, but you hope to make that up from the – just from the simple standpoint they might be able to participate more or offer more services to an end customer.
Kevin Mandia:

Yes. So, couple of thoughts there. Let me just . So I've read some of the analysis from folks saying oh’ services has been hit and it’s been hit negatively. Our rates haven’t changed one bit. Five years ago when there was an incident, we did exactly what we’re doing today then. We'd send software, we'd be on the phone, we’d started communicating with the customer and we’d started sending our expertise in responding from a remote location. So for us this is almost business as usual. We were – we are actually almost too busy to send people in travel hours. That’s how busy we are. So, no change in the rates right now Rob. We haven't even seen compression in them at all or even a debate about it. So, I feel comfortable there and then for us I think the customer prospects behavior has changed because they have a workforce now that’s remote and their security force is remote, but I think we’re doing a lot of business as usual for us. So, I don't feel it’s changed too much.
Rob Owens:

Great. And then second if I may, just something on the Verodin acquisition, the rebranding kind of how the acceptance has been by end customers and is it proving to be a tip of the spear for FireEye solutions or is it more that different consulting validation of pre-existing infrastructure sale?
Kevin Mandia:

Yes. So, it came down to working with Chris Key, the founder of Verodin, where he believed and probably rightfully so, FireEye is a controls business. When you think about endpoint network email and the cloud SIM, Mandiant was always seen a little more agnostic, controls agnostic. When you do validation as a business, you want to have – you want to be the honest broker and the Mandiant brand was seen as more the honest broker in regards to that, a non-controls business brand. And if you look at what Verodin does, it measures security effectiveness. We want to be the honest broker, not game it. When you run Verodin you get on Barnes Truth, whether you stop or detect attacks, and the Mandiant brand has kind of survived for whatever reason it’s still here, it’s with us and it’s more agnostic to just what are the right dam answers right now to secure your network and so it’s more fitting in a go-to-market for a validation story. So, Verodin is now Mandiant validation.
Rob Owens:

Alright, thank you.
Operator:

Thank you. Our next question comes from Erik Suppiger with JMP. Your line is open.
Erik Suppiger:

Yes. Thanks for taking the question. First off, can you talk a little bit about vertical markets, are you pretty well insulated from some of the key markets that have been hit like hospitality or travel? And then, could you talk a little bit about whether your products seed into remote access infrastructure, are you particularly securing remote access at all? Of are these products largely from the build-out of lot of remote access infrastructure this last quarter?
Kevin Mandia:

Got it. So I got – so that’s two questions. Kevin speaking. In regards to the different verticals, believe it or not we did business in basically every single vertical last quarter to include some that are significantly impacted like the airlines industry. So, I think at that point it’s more about the payment terms where you’ll see the industries that are more impacted that are probably going to try to negotiate different payment terms and those that are less impacted and Frank would probably speak to that. In regards to remote access infrastructure, we have an assessment that our consultants do on remote access where we test people's remote access, does everybody really need to factor authentication, is it actually in practice. So, we do that and then in regards to our solutions we have a partnership with a company called iboss, which is a cloud SaaS network security, really it’s – you download their endpoint and all of your traffic would be going through our detection capabilities. So that’s a powerful partnership that to me is how you get really shields up on a remote workforce. It is a nice iboss plus FireEye detection kind of combination there, and then the third way is endpoint, endpoints, guard endpoints. So bottom line is, yes, on the remote access and what CISOs are worried about, we’ve been doing those tests for years.
Erik Suppiger:

And then, let me ask one last one, just on the shift to a remote workforce, how long do you think we have to benefit from the effort to secure that change? Are we still very early in terms of where CISOs are from the way they are looking at this shift to building out their remote workforce?
Kevin Mandia:

I think they will come in waves and I think the 1A enterprises and CISOs I know they are already well into it or already, you’re not ever done, that’s a funny thing about security. People think we did three things, wash your hands done. You have to do a lot of rinse repeat and test, but I think that it’s happening fast, it needs to happen fast and it will be the new normal by the end of the year. There are folks that are, you know for whatever reason nobody knows what’s going to happen after the pandemic might flatten the curve as they say and I’m not expert, but behaviors are going to change for a long time right now, and the question is, does that mean one-third of the workforce stays remote, two-thirds, three-quarters, nobody knows, but the change happens so abruptly and cyber security is so important. I think the vast majority of this is going to happen this year.
Erik Suppiger:

Very good. Thank you.
Operator:

Thank you. Our next question comes from Gur Talpaz with Stifel. Your line is open.
Chris Speros:

Hi, this is actually Chris Speros on for Gur. So Kevin, given FireEye's unique viewpoint into the threat landscape, how was the threat environment involved since COVID? Are you seeing any sort of uptick in nation-state sponsored activity?
Kevin Mandia:

All I can tell you, and I kind of mentioned it, we’re seeing a lot of incidents right now. We’re exceptionally busy and I would tell you, calls are coming in daily to help companies deal with it, but I don't know if I can tie it to COVID or just tie it to things such as, I’ll give you one example that’s created a problem. When I was responding to breaches and someone hacked in and extorted you, the person that hacked and extorted you is the exact same person. And they were probably great at hacking you, but not very good at extorting you. So, you’d pay $5,000 problem solved. Somewhere in 2018, 2019 we started seeing a separation of duty where you have folks that break-in because that’s what they’re good at, and they they’re handing their access and break-in to practice folks that are criminals that can extort. So, we’re just seeing more Ransomware cases, those things are very disruptive to business and you combine the separation of duty between hacking and extorting with anonymous digital currency and you’ve got a hell of a perfect storm to monetize breaches far easier than the olden days of stealing credit card data and fraudulently buying things. So, we're just seeing an uptick because you can make more money breaking in now than ever before. The nation-state stuff is here to stay. Clandestine operations, espionage, it's done online now. So, that’s just going to always have a steady escalating home, but the amount of money folks are making now, I just feel like the financial crimes are escalating as well.
Chris Speros:

That makes a ton of sense. And one more for Kevin if I may, how should we think about the current appetite for security validation and how has it been impacted by COVID driven disruption across the enterprise?
Kevin Mandia:

Yes. My read on the first quarter is in 90 days that, you know, I can’t tell. I feel like we’re still tracking for the year, but it’s early on, but there is two different audiences for validation. There is the technologist and then there is the CISO and above. And my angle on it is, it matters more to the CEO in CISO, Can the attacks I'm reading about work on my network? Do we have an infrastructure of technology and processes and people that are ready to withstand the attack that are most relevant to our organization? So, you're going to see us do tweaks or I think we’re going to pivot our go-to-market more towards the senior staff, not the junior staff and I think in the past people saw Verodin as a technical buy. Now that Verodin is part of FireEye and their working side-by-side with Mandiant expertise, I believe we need to bring it to market in a managed way similar to Rapid7, similar to Qualys, you know, I don’t want to run a damn vulnerability scanner every day, but I would like to get the output from somebody else from time-to-time and I think that Verodin gives us a great platform for that. So, stay tuned, we’re pivoting that, it’s a technology you can buy, will and they will run it themselves and will put their own Intel in it, no share indicators and they’ll do their sort of things. In addition to though, we want to be able to run validation and I think the true value in the validation is two-fold. It’s not just binary, yes, these attacks work or no, they don't. I think the more important aspect of it is tracking the remedial steps that organizations will take and that to me will require our expertise working with the customer's expertise. So, I see it as, I’m excited about what I’m calling validation as a service. We have created packages to do that, and then I think I’d rather have, you know if you buy the technology that’s great, and you can have people running it at your company, you get people inputting stuff, you know what’s also great is the folks that are responding to over 700 incidents a year are inputting a bunch of data into that system as well. So, bottom line, that’s a long win to way of saying, I feel we’re on track, I’m excited about the validation space, I think we can define it and we’re going to grow it.
Chris Speros:

Great. Thanks guys.
Operator:

Thank you. Our next question comes from Melissa Franchi with Morgan Stanley. Your line is open.
Unidentified Analyst:

Hi guys, this is in for Melissa. Thank you for taking my question. Just a couple of quick ones from me. I know it’s early days, but as you look at sort of the past five to six weeks or so, what are you seeing in terms of buying behavior as it relates to existing customer expansion and new customer adds, and as you look out to the rest of the year in your guidance what is the assumption around net retention?
Kevin Mandia:

Yes. I’ll address this first and then Frank will probably say exactly what I say because almost every day or two, I'm like Frank what are we seeing, what are the patterns and right now it’s almost like there’s not a pattern other than we’ll sell less on-prem gear, and we feel that there might be a rise in renewal rates meaning people that have already spent for something are more inclined to renew it and that may mean that there is less inclination in buying patterns to buy something new. So, that being said, we added more customers this year than last year and we had more of an uptick on net new logos in their spend this year than last year. So, I ask Frank every day what are we seeing and we’re not seeing a pattern other than that what I just said. Renewals seem to be going up in rate and on-prem gears probably going to go down.
Frank Verdecanna:

Yes and I think as we get through the second quarter, obviously, we’ll have a lot better visibility into that byproduct and – but as we look throughout the remainder of the year we’ve taken a very conservative approach to assuming that renewal rates are much more closer to historic norms rather than go up. We’ve also assumed that appliance sales would go down more than we expected because of COVID-19 and that we would also see more challenges on some of the newer products and some of the services, hopefully none of that stuff will come to fruition and we’ll be in a much better spot, but given the uncertainty we weren't going to take chances on our guidance on any of those items.
Unidentified Analyst:

That’s really helpful. Just one more quick one, are you seeing any supply chain constrains around the appliance business at all?
Kevin Mandia:

We’re not, you know we did – if you looked at our balance sheet we did increase our inventory a little bit over the – year-over-year and that was really just to make sure that if there was any challenges going forward that we’d have a little bit more supply, but so far our contract manufacturer is operating at full capacity and the component parts are – you know we have multiple suppliers there and so we haven't really seen any challenges there.
Unidentified Analyst:

Thank you very much.
Operator:

Thank you. Our next question comes from Keith Bachman with Bank of Montreal. Your line is open.
Keith Bachman:

Hi, thank you. My question relates to the previous one and I was wondering if you could just talk about your views on product revenues, and what I mean by that, the context is at the Analyst Day, you had laid out a scenario whereby product revenues would be expected to flatten out over time. Obviously, the COVID virus has disrupted that, but is there any context you could give a about what you think impact maybe this year? And then, b, more importantly, as we come out of COVID, is it your still, you’re expectation that product revenues flatten out or should you think investors should assume some ongoing declines with product revenues? And that’s it from me. Thank you.
Kevin Mandia:

Yes. I think we had talked about previously at Analyst Day was the fact that the year-over-year decline in the amortization of product revenue was going to – you know that rate of decline was going to flatten out as we got into late 2020. And we still expect that, it’s going to be more focused on adding new appliance sales to the waterfall schedule. Our expectation right now and will be there will be probably less appliance sales than we originally expected. So, we’ll see a little bit of the bigger impact on the product revenues due to COVID, but longer-term we’ve talked about, we expect more and more business to move to virtual and cloud and sold the pure appliance product revenue will continue to decline over time, we just think the rate of decline will flatten out a little bit.
Keith Bachman:

Okay great. That’s it from me. Thank you.
Operator:

Thank you. Our next question comes from Gregg Moskowitz with Mizuho. Your line is open.
Gregg Moskowitz:

Okay, thank you very much good afternoon guys. Just a couple from me, Kevin you alluded to more flexible pricing and if I think back, you had already introduced subscription-based pricing across network endpoint and e-mail place some time ago. So, other than introducing shorter duration options like you have for managed defense. I was just wondering if there was something else there that is actually new?
Kevin Mandia:

Yes. I think over time, you know and this is something I’ve done with our product marketing folks, you look out 3 to 5 years it would be really nice to download software, run it when you need it, pay for as much as you need at that time, the consumption-based pricing. We’re not there yet, we don’t need to do it now. Frank is probably cringing, as I talked to about this, but I’ve always defined six qualities to Security-as-a-Service and one of them is always just consumption-based pricing, elastic pricing. You see AWS doing, you see cloud-based company sort of doing it and I just want to be ready for that. I want to have a back office were folks may need to do shields up. Years ago, there was a specific event and you think of a our major sporting event or you can think of a major entertainment event where people just want to do shields up, and I would love to be able to tell the CEO, hey, have your tech guy grab this, upload it, and we will charge for you as you go. Per user pricing is something we have now, but I want consumption-based true SaaS and one day, you know we will have it. And we will have the, at least the means to do it should we choose to do it. And that’s what I mean by that. Right now, we built a back office that has a skew for everything, it’s an appliance shipping back office and that’s how we transact and I think we can do better than that. We can transact in a way that is more flexible for our customers where we can provision is faster. We can have a licensing scheme that’s not an appliance-based licensing scheme, and we can get people up and running in minutes from when they purchase from us. So, that’s what I mean by that, and I won't bore you with the slides that I routinely show internal to FireEye, and I'll be showing them again tomorrow at our all hands. And here's the six criteria to be genuinely SaaS. We got a lot of it, but we got a few more steps to do.
Gregg Moskowitz:

Okay, that’s really helpful and makes a lot of sense. And then just as a follow-up, so Frank you talked about a $10 million to $15 million negative billings that impact in Q1 from COVID-19, Kevin I think you said the only delays that hit your desk were training related and so I wanted to clarify that you're not saying the $10 million to $15 million impact is mostly or entirely tied to lower training, because it’s just – would seem to be really high, I would have thought there probably would have been a component or two on the product side, again just a clarification?
Kevin Mandia:

To be clear, I was talking about delays for deals that were already closed where in relation to services, all closed deals, most of it moved forward, but on training I knew that there were delays where we had to cancel classes and move them out because we weren't sure how we would perform it. So…
Frank Verdecanna:

And Gregg that was really more of an impact on revenue, but because of the amount of backlog we had and the demand we didn't see much of an impact on revenue. On the $10 million to $15 million impact on billings, you know I think those were just deals that we would have normally got through the normal gauntlet, but because customers purchasing departments was all of a sudden in a remote sport. We definitely saw some delays, we saw some countries that we actually could not even ship to because of COVID and so there were some deals that just kind of just pushed out a couple of weeks that came into April already, but did have an impact on things that we would have seen in the last week of March.
Gregg Moskowitz:

And Frank is it your view that all of these, as far as you can tell are delays or deferrals as opposed to anything that will be a cancellation?
Frank Verdecanna:

Yes. None of those were lost deals. They were, you know strictly they just didn't get through the customer's procurement cycle in time for us to shift and deliver by .
Gregg Moskowitz:

Okay, perfect. Thank you.
Kate Patterson:

We have time for one more question please.
Operator:

Our last question is from Saket Kalia with Barclays. Your line is open.
Saket Kalia:

Hi guys. Thanks for taking my question here. I’ll keep it to one. Maybe for you Kevin, it’s really a high level one, but I guess as you spend time with your sales leaders, what are you hearing about the growth and sort of quality of the pipeline?
Kevin Mandia:

Well, you know, the reason I’m pausing on that is, most of the time when I look at pipeline, I’m not looking at all of it. I’m looking at very specific things and how it’s doing because I'm trying to shift this more to cloud, shift is more to the services that are relevant and that pipeline is growing. I inspected the validation pipeline yesterday and I like what I see. So, yes I can’t speak of the pipe in its entirety, but in regards to validation and emerging products, I feel very good about it.
Frank Verdecanna:

Yes. Overall pipe socket year-over-year is very strong. I think as Kevin mentioned, it’s more of a difference in mix, you know, like I said, the appliance component obviously is lower year-over-year but the cloud stuff and the validation is up.
Saket Kalia:

Makes sense. Thanks guys.
Kevin Mandia:

Thank you, Saket.
Operator:

Thank you. I now like to turn the call back over to Kevin Mandia for closing remarks.
Kevin Mandia:

I want to thank everybody for joining us today. Thank you for your interest in FireEye. I look forward to speaking to all of you in 90 days, until then stay safe and healthy. Thank you very much.
Operator:

Ladies and gentlemen, this concludes today's conference call. Thank you for participating. You may now disconnect.

Mandiant, Inc. Q1 2020 Earnings Call Transcript

Other Mandiant, Inc. earnings call transcripts:

Mandiant, Inc.
Q1 2020 Earnings Call Transcript