Mandiant, Inc.
Q2 2020 Earnings Call Transcript

Published: 29 Jul 2020

Operator:

Good day, everyone, and welcome to the FireEye Second Quarter 2020 Earnings Results Conference Call. At this time, all participants are in a listen-only mode. Later, we will conduct a question-and-answer session and instructions will follow at that time. Also, this call is being recorded.
Kate Patterson:

Thank you, Joelle. Good afternoon, and thanks to everyone on the call for joining us today to discuss FireEye’s financial results for the second quarter of 2020. This call is being broadcast live over the Internet and can be accessed on the Investor Relations section of FireEye’s website at investors.fireeye.com. With me on today’s call are Kevin Mandia, FireEye’s Chief Executive Officer; Frank Verdecanna, Executive Vice President, Chief Financial Officer and Chief Accounting Officer of FireEye; and Brad Maiorino, FireEye’s Executive Vice President and Chief Strategy Officer. After the market closed today, FireEye issued a press release announcing the results for the second quarter of 2020. Before we begin, let me remind you that FireEye’s management will make forward-looking statements during the course of this call, including statements relating to FireEye’s guidance and expectations for certain financial results and metrics; the impact of the COVID-19 pandemic; FireEye’s priorities, initiatives, plans and investments; drivers and expectations for growth and business transformation; the expansion of FireEye’s products, subscriptions and services; and the benefits, capabilities and availability of new and enhanced offerings; market opportunities; and go-to-market strategies. These forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. These forward-looking statements apply as of today, and you should not rely on them as representing our views in the future, and we undertake no obligation to update these statements after the call. For a detailed description of the risks and uncertainties, please refer to our SEC filings, as well as our earnings release posted an hour ago. Copies of these documents may be obtained from the SEC or by visiting the Investor Relations section of our website. Additionally, certain non-GAAP financial measures will be discussed on this call. We have provided reconciliations on these non-GAAP financial measures for the most directly comparable GAAP financial measures in the Investor Relations section of the website, as well as in the earnings release. Finally, I’d like to point out that we have posted the supplemental slides and financial statements on the Investor Relations section of the website.
Kevin Mandia:

Thank you, Kate. I’d like to thank all of you for joining us today, all the investors, the employees, the customers and the partners that have such a strong interest in FireEye. I hope all of you, your families and your loved ones are staying healthy during these unprecedented times. I’m proud of how FireEye has responded to the current challenges the world is facing. We made the pivot to work from home in March. And as working from home continued over the months, we maintained productivity and we delivered the results we set out to accomplish in the second quarter. I’m going to begin today’s call by discussing some Q2 highlights. I’ll provide an update on our innovation, both Mandiant Solutions and FireEye products. I will then turn the call over to Brad Maiorino, our new Executive Vice President and Chief Strategy Officer. And then we will conclude our prepared remarks with the discussion of our financial results from Frank. We did what we said we’d do in the second quarter. We exceeded our guidance range on both the top line metrics, as well as the bottom line. In fact, revenues in the second quarter were the highest second quarter revenues in our history and our non-GAAP operating income was the highest we have ever had as a company. So let me share some additional highlights. Q2 revenue was $230 million, $15 million above the midpoint of our guidance range. Our revenue growth was led by year-over-year increase of 30% in our platform, cloud subscription and managed services categories, which includes our validation, threat intelligence and managed defense offerings, as well as our cloud-based security products such as EPP and cloud endpoint. Annual recurring revenue for this category increased 27% year-over-year. I’m very proud about the performance of the Mandiant Consulting services. Revenue for the service grew 21% compared to the second quarter of 2019. This marks the ninth quarter in a row of record revenue for our professional services, the sixth quarter of year-over-year revenue growth greater than 20% and the third quarter in a row that our services revenue exceeded $50 million. Our threat intelligence annual recurring revenue grew 27% year-over-year, reflecting just how differentiated our frontline knowledge and global threat intelligence really is. The composite of our revenue continued its shift from our appliance-based heritage and our control products to our cloud-based products and Mandiant Solutions.
Brad Maiorino:

Thanks, Kevin, and hello to everyone on the call. As Kevin said, I was the CISO for 15 years, leading the transformation of IT risk and security programs at some of the largest companies in the world. And the playbook I used to do this always included one company every single time and that company was FireEye. So why is FireEye always been a key partner in my transformation playbook? It all starts with the foundation of what makes this company so special. Simply said, I believe then and I believe even more strongly now that we have the world’s best cyber expertise and threat intelligence and that we know more about the bad guys than anyone in the industry. Our Intel is derived from an organization that’s been operating for over 15 years, and the knowledge gained from responding to over 800 incidents a year. And that work is supported by 180 analysts operating in 22 countries and monitoring in over 30 languages. This Intel is an applied upstream into all FireEye products and solutions, from our endpoint cloud solutions, how we respond to incidents, how we hone for bad guys in your network, help build and manager stock and test the effectiveness of your security program through red teaming and automated validation. There’s simply nothing else like FireEye’s comprehensive set of cyber expertise, threat intelligence and products and that is why I joined FireEye. So looking ahead, given the unprecedented rise in frequency and sophistication of attacks, one of the areas I’m most excited about is the security validation business. If there’s one thing all companies need to be doing right now is to validate the effectiveness of their security programs. And that’s exactly what Mandiant Validation is all about. We have taken the power of Verodin, which we acquired last year, and combined it with our global and breach intelligence to create a platform that helps companies answer two very simple questions. If I were attacked today, would they detect it? And how effectively could they respond to it? When someone reads a headline about a company being shutdown due to a ransomware attack, the first thing they ask themselves is that, could that happen to them? How ready are they for that? Companies want to know how effective their security program is, not hope it is effective, hoping is never a good strategy. And then also, given where we are in the COVID world, we’re all looking at ways to take costs out of our respective organizations. Mandiant Validation not only tells you what’s working or what’s not working, it can also tell you what return you’re getting on your security investments, giving you the data you need to make decisions about where you can effectively manage cost of ineffective security controls out of your organization. And we’re finding that more and more companies want this insight, given the cost constraints faced by all companies in this COVID world. And there are a number of companies that do this, but none of them have the combined power of the Verodin platform backed by Mandiant Intelligence. So this is why I’m here and excited to be part of this world-class team and help our customers combat this ever-evolving threat landscape. So thank you. And I’ll turn the call over to Frank.
Frank Verdecanna:

Thanks, Brad, and hello to everyone on the call. Before we move on to the details of our Q2 results and the guidance for Q3 and the remainder of 2020, let me remind you that I’ll be referring to non-GAAP metrics, except for revenue and operating cash flow. Our non-GAAP measures exclude stock-based compensation, amortization of intangibles, non-cash interest expense on our convertible debt, restructuring charges and other non-recurring items. As a high-level summary, Q2 was a really strong performance for us across all key metrics. I echo Kevin’s comments that we executed extremely well in this uncertain environment. We delivered revenue of $15 million above the midpoint of our guidance range and reduced our operating costs by $17 million compared to Q2 of 2019. As a result, we delivered our highest ever non-GAAP operating profit of $22 million. We also delivered positive operating cash flow of nearly $15 million and free cash flow of $9 million. Now let’s turn to the details. We remain focused on annualized recurring revenue and revenue as the most important indicators of our financial performance. ARR provides insight into the expansion of our installed base of reoccurring subscription without regard to short-term changes in average contract length, or timing of large renewals, which, as we’ve seen, can cause volatility in the quarterly growth rates for billings. Revenue reflects growth in our deferred revenue balances and drives our profitability. For these reasons, we believe ARR and revenue are better indicators of the progress on our transformation journey, especially in the current environment. Some color on our Q2 billings performance illustrates this point. We delivered $203 million in billings during the quarter, down 8% from Q2 of 2019. The year-over-year decline was a result of three factors. First, in Q2 of 2019, we booked a large multi-year government appliance refresh and renewal deal that was entirely on-premise e-mail security. While this deal did not reach the $10 million threshold that we typically disclose, it was at the very upper-end of a $5 million to $10 million range. We did not book any transactions approaching this size in Q2 of 2020. Interestingly, when I look at the details of large deals in Q2 of 2020 compared to Q2 of 2019, the most significant difference was in deals greater than $3 million. We booked five deals greater than $3 million in Q2 of 2020, compared to nine in Q2 of 2019. I believe the decline is most likely related to the uncertainties of the current environment, as deals as large are typically multi-year and paid upfront. Second, the same trend is reflected in the decline in average contract length in Q2. Overall, ACL declined by about two months and had the effect of reducing reoccurring and total billings by about $12 million. Finally, recall that the appliance sales were relatively strong in Q2 of 2019, due to the refresh cycle associated with the End of Life of our X300 appliances. Product and related subscription billings were up 5% year-over-year in Q2 of 2019, led by a 24% year-over-year increase in appliance sales. This compare made the Q2 decline in product and related subscriptions category look much sharper than longer-term trend suggests. I’m providing this detail, so you can see how factors that have little to do with our current operating performance can impact the uptick. Our sales have traditionally been weighted towards large enterprise and government customers. And this can drive big deals and make variation between quarters. However, our ARR metrics show that these long-term strategic customers rely on our products and solutions to protect their organizations as much as they always have. Looking at our revenue and ARR by breakout categories. Our shift to cloud-based and cloud-delivered solutions continued in Q2, with platform, cloud subscriptions and managed services revenue, up 30% year-over-year. This category accounted for 32% of total revenue, compared with 26% of total revenue in Q2 of 2019. Platform, cloud and Mandiant Services ARR increased 27% year-over-year and 5% sequentially and accounted for more than half of our ARR for the first time. Revenue associated with on-premise product and related subscription business was down 12% year-over-year. A large portion of the decline was associated with appliance hardware, as appliance sales from prior periods are fully amortized. ARR for the product and related subscription category continues to stabilize, with ARR down just 2% sequentially. This decline was more than offset by sequential increase in the ARR of the cloud version of our products. Professional services revenue was a record $53 million and accounted for 23% of total revenue, compared with 20% of total revenue in Q2 of 2019. Strong demand for our expertise and a higher mix of our incident response services allowed us to maintain high utilization rates and chargeability, which translated into record gross margin of 57% for services. Lower travel, which is charged back to customer at cost or 0% gross margin was also a factor. The increase in services gross margin helped drive our total gross margin to 72% consistent with Q2 of 2019 and above our guidance range of 68% to 69%. Operating expenses declined $17 million from Q2 of 2019, reflecting our reduced cost structure, following the first-half 2020 restructurings, as well as roughly $8 million to $10 million of lower travel and entertainment and lower facilities operating costs due to the worldwide shutdown related to COVID-19. The combination of higher than expected revenue, improved gross margin and lower costs translated into record operating income of $22 million and earnings per share of $0.09. Turning to the balance sheet and cash flow. Our balance sheet remains very healthy. We ended the quarter with cash and short-term investments of $914 million. The cash balance reflects payment of a significant portion of the Q2 restructuring charge and the repurchase of $96 million of the $120 million in Series A’s convertible notes. The total amount of convertible notes outstanding is now approximately $1.1 billion. We ended the quarter with $120 million receivables, a decrease of $20 million from the $140 million in ARR at the end of Q1. DSOs declined to our historical range at 54 days, a decrease of 20 days from the end of Q1 due to good billings linearity and collections of some of the outstanding receivables carried over from Q1. Our strong collection performance resulted in operating cash flow of $15 million and free cash flow of $9 million. Total deferred revenue at quarter-end was approximately $893 million, a decrease of $27 million sequentially and $20 million from the end of Q2 of 2019. Product and related deferred revenue decreased by almost $66 million from a year ago, as appliance sales and the related subscriptions and support from prior periods are fully amortized. The year-over-year decline in product and related deferred revenue was partially offset by a $20 million increase in platform, cloud and managed services deferred revenue. Note that deferred revenue associated with professional services projects declined about $3 million on a sequential basis from the near record levels of Q1. With increased capacity in our strategic consulting business from hiring over the last year, we were able to work through some of the backlog of committed projects. Our top line results validate the resilience of the business and the relevance of our strategy. While the improvement of our operating profit and cash flow demonstrates our resolve to transform our operating model and deliver profitable growth. Now, let’s turn to our current outlook for Q3 and the second-half of the year. As we’ve discussed before, changes in average contract length, the timing of large transactions and subsequent renewals, customer preference for on-premise versus cloud form factors and periodic billings, all have the potential to impact the quarter-by-quarter billings mix and growth rates. This is especially true in the current environment. As a result, we are not guiding to billings number for either Q3 or for the year. However, with more than 90% of our non-services revenue recognized from the balance sheet, we have good visibility into our revenue and operating model, and we are comfortable guiding to revenue, operating profit and earnings per share. I’m pleased to say that with the continued momentum we are seeing early in the third quarter, as well as the strong revenue and operating results posted in Q2, we are raising our guidance for revenue, operating margin and earnings per share for the second-half of 2020 and the year. For Q3, we expect revenue in the range of $225 million to $229 million, gross margin of between 70% and 71%, operating margin of between 7.5% and 8.5% and fully diluted earnings per share of between $0.06 and $0.08. For 2020, we are raising our revenue guidance range to $905 million to $925 million, an increase of $25 million at the midpoint from the previous guidance. We now expect gross margin of between 70.5% and 71.5%, compared to our prior period expectation of 69% to 70%. This range assumes our services gross margin returns to a more sustainable range of 52% to 53% in the second-half of the year. We are raising our operating margin guidance range to 6.5% to 7.5%, which reflects our increased revenue range and our reduced cost structure, as well as lower travel and facility operating costs as compared to 2019. Embedded in this guidance, our assumptions about the ongoing impact of the COVID-19 pandemic on our operating metrics that you should consider as you build your models. First, we do expect T&E and facilities operating costs to increase from the lows in Q2, as restrictions are lifted in certain international regions. As we outlined in our Q1 call, we expect the restructurings we did in the first-half to reduce our operating costs by about $25 million in 2020, compared to 2019, and this remains our expectation. We also expect to see a continued decline in the average contract length by about two months compared to a year ago. And finally, we remain somewhat cautious about the potential impact of the pandemic on services billings and revenue growth rates. More specifically, our current outlook does not anticipate a sequential increase in services revenue in Q3. Also, we do not expect to see the same surge in prepaid services billings we saw in Q4 of last year when services billings exceeded $70 million. As noted, this is based on what we know and believe as of today. There’s a lot of uncertainty that has been created because of the COVID-19 pandemic. But I believe we have proven the resilience of our business. We do – we are doing our best to provide you with guidance, while operating in this uncertain environment. But I’m confident in our ability to deliver on improved revenue and profitability outlook as we continue to transform our business. Operator, we’ll now open the call for questions.
Operator:

Thank you. Our first question comes from Sterling Auty with JPMorgan. Your line is now open.
Matthew Parron:

Hi, guys. This is Matt on for Sterling. Thanks for taking the question.
Kevin Mandia:

Hi, Matt.
Matthew Parron:

With regards to the impacts you’re seeing from COVID on the business, which products are you seeing? Did you see increased demand for throughout the quarter?
Kevin Mandia:

So similar to last quarter, we actually saw Intel and cloud endpoint performed very well in the COVID environment. Services, which is one area that we thought might be impacted more significantly by COVID, actually had an incredibly strong quarter. We saw a very high mix of incident response engagements, which because of the elevated threat environment, we were firing on all cylinders there as well.
Matthew Parron:

Got it. That’s very helpful. And then one follow-up. With regards to the services margin, long-term, do you think that the current environment maybe shifts, how much of the deployment that you can do remotely and that, that could potentially benefit the operating margin line? Thanks.
Kevin Mandia:

Yes. Really, the only impact from a services margin perspective, there were two components to it. The first component was a higher mix of incident response, which is at a higher rate per hour. So that obviously benefited the services gross margin. And then the fact that we’re not doing a lot of on-site travel. And so, that helped, because we don’t have a component of what we’re charging at very low margin. So, when we get reimbursed for travel, that’s basically at cost. So that does bring down the overall gross margin. I would expect that going forward, the new norm will probably continue to deliver a lot of stuff remotely, but there’ll be occasions for on-site engagements as well.
Matthew Parron:

Great. Thank you.
Kevin Mandia:

Thank you, Matt. Thank you.
Operator:

Thank you. Our next question comes from Gregg Moskowitz with Mizuho. Your line is now open.
Gregg Moskowitz:

Okay. Thanks very much and nice to chat with you guys. I guess, my first question is just on Verodin/validation. I think a strong argument can be made that the ability to implement and enforce security controls is more relevant in the current environment than ever, which I think Brad was talking about as well. What I’m wondering is, how much evangelism, if you will, is required today in order to help customers understand the value-add of that service?
Kevin Mandia:

This is Kevin speaking. I think there’s still a little bit of evangelism. There’s not real space there yet. So what I’m observing is a couple of patterns. And first, it’s – our sales force has warmed up to it. So you’re going to see, in my opinion, pipelines increasing nicely, and I like that. We’ve got the behavior amongst our entire sales force that it’s a relevant service. The second thing, though, is it depends on the state and maturity of their customer. And what will happen is a lot of times, if you red team a customer and they have two years of remediation to do, they don’t need to do continual red teaming. So this is something that there’s almost like your red team somebody, they do the remediation to that, and then the amount of drills, they do get more incremental and a little bit faster. So right now, I’d say, validation is something the 1A Enterprises and the mature teams are doing or will be doing shortly. And for the folks that are less mature, they may do it once, do a couple of quarters of remediation and then get back to doing it on a more repeated basis. But it’s still in emerging market, I’m just confident that it’s going to be one that matters. We had a multi-decade run of patch management, let’s just patch everything. But this is even better than that. This is unvarnished truth, doesn’t attack work or not. And to me, that is something you can take up to the Board and have a very tangible and simple conversation rather than, well, we scanned 122,000 hosts. We had 57,000 vulnerabilities. We rack and stack those into four different buckets from critical to non-critical, and then here’s where we’re at in our remediation drills. Nobody understands it, nobody can comprehend it. So I’m giving you a longer answer than what you asked for, but we like the growth that we’re seeing with validation. But again, if you go to Gartner, or you go to other analysts, they’re saying, this is a five years out sort of thing. Our goal is to let people know the value of it now, that it just provides more value now than so many other alternatives when you’re trying to tweak the knobs on your security instrumentation.
Gregg Moskowitz:

Okay. That’s really helpful, Kevin. Thanks for that.
Kevin Mandia:

Thank you.
Gregg Moskowitz:

And then Mandiant Advantage, I think, it’s interesting as well.
Kevin Mandia:

Yes.
Gregg Moskowitz:

How should we think about the price uplift for Mandiant Advantage versus the standalone threat Intel and validation? And then also, will there be some sort of promotional pricing for existing customers that have already bought one service, but not the other?
Frank Verdecanna:

Yes, Gregg, it will be an uplift, obviously. But it’ll really depend on the level of service they’ll be getting and how much they’re going to deploy it within their environment. But we will have an opportunity for some strategic customers to actually adopt it in Q3, and we’ll have some promos that we roll out in Q4 as well to get a decent amount of existing customer base on it.
Gregg Moskowitz:

Great. Thank you.
Kevin Mandia:

Thank you, Gregg.
Operator:

Thank you. Our next question comes from Jonathan Ruykhaver with Baird. Your line is now open.
Jonathan Ruykhaver:

Yes, good afternoon. I’m wondering if you can elaborate more on the smaller number of new logos added in the quarter just the challenges you’re seeing on adding new customers, is it a certain segment of the market you server or is it broad-based? Is it something you expect to continue?
Frank Verdecanna:

Hi, Jonathan, this Frank. Yes, I think in this environment, there’s plus and minuses in this environment. The plus is, we are seeing a little bit higher renewal rates. We’re also seeing a little bit more traction from follow-on business with existing customers. One of the downsides is your new customer acquisition is a little bit more challenging in this environment, because in a lot of cases, your sales force is obviously not able to be on-site and selling a new product to a new customer, I think, is a little bit more challenging in this environment. So, intuitively, that wasn’t surprised. Yes, that we did see year-over-year decline. But I think, if you look at kind of the large strategic customers, every aspect of our business from pipeline to every other key metric are trending really well. So, all customers aren’t created equally, and so new customer logos is a metric, but by no means one of the more significant ones.
Jonathan Ruykhaver:

Okay, that’s helpful. So I guess, that leads me into my second question just around the platform adoption. Can you talk to us about the products that are leading the charge in terms of adoption? Have you seen any change there related to COVID?
Frank Verdecanna:

Yes, similar to Q1, we saw a little bit of more uptick than we had seen in 2019 on Intel and cloud endpoint. So those seem to be things that become probably a little bit more important in this environment. That – those were probably the only really changes that kind of pre-COVID. We have seen – to our surprise, we have seen an entire – our entire services be able to be delivered remotely. And pre-COVID, we delivered a lot of services remotely, but not everything. And so, it was really good to see things like training that customers typically like on-site to be able to deliver that remotely in Q2.
Jonathan Ruykhaver:

So no real change in demand trends around EOD, like some managed defense?
Frank Verdecanna:

No. No, I think it’s pretty similar. It’s probably the only negative impact in some of those areas where we are – we did see contract length come down a little bit, which is not surprising that in this environment customers are oftentimes committing to a lot less paid upfront dollar engagement.
Jonathan Ruykhaver:

Right. Okay, good. Thank you.
Kevin Mandia:

Thank you, Jonathan.
Operator:

Thank you. And our next question comes from Fatima Boolani with UBS. Your line is now open.
Fatima Boolani:

Good evening, everyone. Thanks for taking the question. Brad, maybe I’ll start with you and welcome to the team. I’m curious about the key objectives for you as Chief Strategy Officer and the top initiatives that you plan to undertake in your role?
Brad Maiorino:

Yes, thank you. So first is, it’s really about taking kind of my experience and applying it to our strategy. And that’s – how do we go to market with what products and when. And just really being that in-house customer representing and evangelizing internally what our customers want and then turning around and evangelizing that externally.
Fatima Boolani:

That’s helpful. And, Frank, if I may follow-up for you. If you can help us put a finer point on the geographic performance and certainly vertical-based performance, anything to call out there in terms of acute areas of weakness and particularly, as the pandemic has sort of traveled globally and certain geographies and areas have lifted restrictions? I’m wondering how that sort of impacted the business in 2Q and how you’re sort of envisioning or incorporating that in your outlook for the year? And that’s it for me. Thank you.
Frank Verdecanna:

Sure. So, Fatima, I think from a geo perspective, obviously, the COVID pandemic has kind of had them flowed in different areas. But as we look at it from a delivery perspective, from a new customer acquisition perspective, it really hasn’t changed that much kind of pre-COVID, post-COVID. I think, there has been certain pockets and certain areas that probably saw a little bit more pressure at different points in the quarter. But even those areas within a full 90-day period, it seems to kind of ebb and flow. So I would say, from a geo perspective, just not a lot of difference by geo relating specifically to COVID. I think most of the various impact on things like contract length has been more across the Board.
Fatima Boolani:

And just the same question on a vertical basis, an end market basis?
Frank Verdecanna:

We’ve seen probably a little bit less in the kind of harder hit industries like oil and gas and transportation. But other than that, it really hasn’t been very much different from a vertical perspective. We had a very strong state and local quarter in the second quarter. We’ll have a very strong fed quarter this quarter. So it follows kind of the typical patterns.
Fatima Boolani:

Very helpful. Thank you so much.
Kevin Mandia:

Thank you, Fatima.
Operator:

Thank you. And our next question comes from Gur Talpaz with Stifel. Your line is now open.
Christopher Speros:

Hi. This is actually Chris Speros on for Gur. For Kevin…
Kevin Mandia:

Yes.
Christopher Speros:

…you mentioned in the prepared remarks that you were planning on adding incremental services to the Mandiant Consulting business. Can you talk about what services you plan to add and what’s driving those additions?
Kevin Mandia:

Absolutely. One of the things that we’re the best at is responding to breaches, it’s really hard to forecast that. Even though we have 17 years of history doing it, you tend to not know who is going to get compromised tomorrow and what to do about it. So what you start doing is, saying, if you want to have more predictable revenues and knowing where your folks going to be working six weeks out, we do a lot of that with red teaming, but we got to get into what we call more strategic services. And the interesting thing is, with our specialty, I think last quarter, over 40% of our services revenues and maybe even higher than that were from responding to breaches. It’s again hard to schedule it. But when you do those things, we’re writing these remediation plans. And here’s what to do about it. And most of the time when we’re the first ones through the door, the pros from Dover, we are being asked to take somebody from security point A to security point B, how do we get better and how do we get there? And over the years, we’ve kind of punted on those. And we said, you know what, that, that’s somebody else’s job, they can come in and do that. I believe right now, we’ve got all this incredible frontline expertise. We’re responding to these breaches. We’re figuring out what happened and what to do about it. And then we’re getting on the plane and flying back and we can’t do that. We got to go the extra mile and start doing those transformation services in greater volumes. They’re more predictable. They’re stabilized. The spikes that you can get in services over time to get a bunch of incidents one quarter and not as many the next. And it also – another reason why we brought in Brad and we have Charles Carmichael internally running this is that Mandiant over the last six or seven years, we really haven’t concentrated on the top of the pyramid for consulting. We’ve hired a whole bunch of frontline responders. We have a whole bunch of directors managing it. They’re unbelievably busy. They’re unbelievably chargeable. But then what the other consulting firms would call the partner level, we don’t have a lot of people. And if you want scale and services, that’s where you have to hire, that’s how you get it. So we’re focusing on strategic services. We’re focusing Jurgen Kutscher, who runs that on hiring at the top of the consulting pyramid to grow it. And we’re absolutely phenomenal at it. That’s one of the main thing. So everybody thinks, wow, you respond to breaches, that’s just so tactical. It means you actually have total command of the strategy around transforming security operations. I believe we may write more transformation plan than anybody on the planet. We just don’t help our customers go through them. So we’re going to start doing it.
Christopher Speros:

Thank you, Kevin. That’s a great color. And one for Frank. Can you talk about how we should expect the appliance business to trend through the back-half of the year?
Frank Verdecanna:

Yes, I think we’ll see a little bit more stabilization on the product and related business. If you look at the first two quarters of 2020, the compares were against heavy product refresh quarters in 2019. As you recall, we did the End of Life for the X300 appliances at March 31 last year. So Q1 and Q2 had some pretty significant refresh activity. Q3 is more of an apples-to-apples. So, I think you’re going to see stabilization there. And like I mentioned earlier, we are seeing a little bit of an uptick in our renewal rate. So we feel like that we’ll see that part of the business stabilize at the back-half of the year.
Christopher Speros:

Great. Thanks, guys.
Kevin Mandia:

Thank you, Chris.
Operator:

Thank you. Our next question comes from Rob Owens with Piper Sandler. Your line is now open.
Rob Owens:

Great. Thanks for taking my question.
Kevin Mandia:

How are you, Rob?
Rob Owens:

I’m doing well. How are you doing?
Kevin Mandia:

Fantastic.
Rob Owens:

Excellent. Kevin, can you kind of just play for us the COVID continuum relative to how the quarter played out on a linearity perspective. And we went into this at the end of March, which is usually a busy period. But curious as to your big deals are up, your logos were down quarter-over-quarter….
Kevin Mandia:

Right.
Rob Owens:

DSOs look good. How did the linearity play out? And how did the quarter take shape?
Kevin Mandia:

Yes. And Rob, you’re not going to like my answer, because in these 90 days, the linearity was better than ever before. I mean, we couldn’t explain it at the time of going through it and I’ve seen other CEOs say the same thing. It was almost like people push back against the COVID pressure and our linearity, we were always ahead during the quarter. The whole quarter, our sales professionals and what they predicted kind of fell right in line with what they said all along. So we did not feel the impact. In fact, we felt almost the opposite, better linearity, more discipline amongst the buyer. And yes, things fell in line for us.
Rob Owens:

Well, actually, I like that answer, Kevin. So I think you misinterpreted my response. So I think that…
Kevin Mandia:

Got it.
Rob Owens:

…that then begs the second question relative to your guidance.
Kevin Mandia:

Yes.
Rob Owens:

And I think the midpoint of the range, you lose about 5 points of growth quarter-over-quarter. Understand that this is the first full comp you have relative to Verodin. How much is associated with that versus just the general environment? And, of course, the thoughts on the federal Senate? Thanks.
Frank Verdecanna:

I think, Rob, this is Frank. The current environment, we are similar to last quarter when we gave guidance. We are expecting some level of impact from COVID on the services side. So we are expecting a sequential down quarter on the services side, that may not happen. But as we look at it today, Q2, that team was incredibly chargeable. I mean, yes, there’s no – well, it’s very unlikely that the mix will be as high of incident response engagements and it’s very unlikely we can maintain that level of chargeability in the third quarter, because the third quarter tends to be a little bit seasonal on the services side. There are more vacations, the summer slowdown in Europe, all kind of hits in the third quarter. And so that’s why you see from a revenue guidance perspective, a little bit of sequentially, potentially down quarter-over-quarter. But as we look forward, we’ve been adding to the services team. So we feel very good about that longer-term. And I think with the growth on the platform cloud side, I think, you’re going to see continued contributions there. And, like we talked about a little bit earlier on the stabilization on the product and related, I think, we’ll see a little bit of…
Kevin Mandia:

Yes.
Frank Verdecanna:

…benefit there as well.
Kevin Mandia:

And some of the color, Rob, having run that thing for over 16 years now, what I observed in Q2 is, we said no to a lot of jobs, and you can’t always control the inbounds when there’s a breach. But I felt like our nose were a little higher in Q2 based on capacity. But when that happens, you do get a little bit of burnout. When you get burnout, sometimes folks come off a couple of jobs and you have to give them a week to collect themselves, and that week is hitting in Q3 for us. And then at one of our last new hires, I just know the attendance at our last consulting onboarding was about 77 folks. When you add that many people, there’s also that half step backwards to go two steps forward. When you onboard in this environment, I’m not convinced I know what the new normal is for onboarding. Does it take them one engagement to be up to speed? Four engagements to get up to speed? Because I do know we’re working. We’re working remotely. We’re working in a little bit differently. But there’s no question, onboarding is probably going to take a tiny bit longer with on the job training. And then I think we’re going to have to change. We did fixed fee jobs. You pay for us upfront. I think we’re one of the only consulting cores running that way. I think in the COVID environment, we’re going to have to change that a little bit. And we’re a products company, we like billings, billings, collect upfront. That’s not a services business, but we’ve run our services in the model of it almost being a product. I think one of the ways we can continue the growth there is to start changing that payment cycle. Let’s do the services first and then charge for it. And that’s okay, and we may have to do a little bit more of that through this current environment.
Rob Owens:

All right. Thank you, guys.
Kevin Mandia:

Thank you, Rob.
Frank Verdecanna:

Thank you, Rob.
Operator:

Thank you. Our next question comes from Saket Kalia with Barclays Capital. Your line is now open.
Saket Kalia:

Okay, great. Hey, guys, thanks for taking my questions here. How are you?
Kevin Mandia:

Doing great, Saket. How are you?
Saket Kalia:

Good, good. Hey, Kevin, maybe just to start with you.
Kevin Mandia:

Sure.
Saket Kalia:

In your prepared commentary, you touched on some new SKUs that were available for network security in the public cloud. You spent a lot of time with customers, as well as Brad. I mean, I’m wondering what your customers are telling you about their desire to put an added layer of security like FireEye on what they may already have in the public cloud, if they have anything. Any thoughts on that?
Kevin Mandia:

Yes, it’s a little early to tell. But I can tell you for the 1A Enterprises, FireEye has always been that second layer of assuredness, right? That’s how we are in the network. In a way, that’s how we were on endpoint with forensics and on e-mail, and we’re kind of building into that layer one. So I believe this. The customers that have adopted FireEye, when they go to the cloud, it’s just far more probable. They’re going to bring us along with them, because they’ve learned to rely on our technology to defend their networks. It may create some new opportunities for us as well. And we got to do it regardless. I’m glad we did the work. But right now, it’s a little early to tell. We have a 15-year run of the appliance business and only a couple of year run of cloudifying that capability. But now, it’s really cloud native and we’ll see how it does it. So that’s a long-winded answer, Saket, to tell you this. 1A Enterprise, they want two layers of defense, they’ll do it. Down market or smaller businesses may not be as reliant on that
Saket Kalia:

Yep, sure. Sure. Frank, maybe my follow-up for you. Maybe derivative of a question that was asked earlier just about the core products business. But I want to focus in on sort of product ARR specifically, and how you think about that going forward? I guess, the question is, do you feel like you could sort of stabilize here in that $300 million range on product and related ARR? And maybe you could talk about some of the dynamics in that? Because you mentioned the amortization of product that we all know, could you just talk about some of the puts and talks to that, that product and related ARR and how we should sort of think about that going forward?
Frank Verdecanna:

Yes. I thought, if you look at in Q2, you did see some level of stabilization on sequential decline of 2%. There, obviously, is some customers that migrate from on-premise to cloud, and so there is some movement of dollars between buckets. So, I won’t say, it will – it will be stabilized forever at $300 million or so. But I think we’ll see it in a stabilized range going forward. And like I talked about a little bit earlier that Q3, we didn’t – it wasn’t – Q3 2019 wasn’t a huge refresh quarter. So I think, you’ll see some product stabilization there on the year-over-year compare. Yes, I think the important thing to keep understanding as you look at FireEye as a whole, the product and related business, while stabilized, it’s generating a significant amount of cash that we’re now able to invest in the growth areas of the business. So as we look at and as we get more efficient as a company, the more mature areas are really becoming a kind of a cash cow for us. And that’s really helps us invest significantly in areas that we believe will continue growing.
Saket Kalia:

Got it. Very helpful. Thanks, guys.
Kevin Mandia:

Thank you, Saket.
Operator:

Thank you. And our next question comes from Tal Liani with Bank of America. Your line is now open.
Daniel Bartus:

Hey, thanks, guys. This is actually Dan Bartus on for Tal, and thanks for taking our questions here. First for Kevin, interesting to hear that you guys are going to be managing third-party endpoints – endpoint products going forward. Can you just talk a little bit more about the strategy there? Maybe how many vendors you’d be interested in supporting, or some other areas of security that you think ends for you guys to start managing?
Kevin Mandia:

Yes. So by the way, it’s been the plan all along, I guess, maybe before FireEye bought us and then we had a five-year period, where we’ll be holding the FireEye products. It’s that – you’re not going to own every damn account on endpoint period. And the demand for our expertise in a second set of eyes to look at every single alert is something almost everybody I talked to once, and they’re not going to throw out their endpoint for our endpoint just to get that. So it just makes sense for us to go in and say, what do you got and can we support it? And we should have a list of supported products. One of the best things about being on the frontlines of every breach is, we know exactly the detection efficacy of everybody’s products. Granted, you can have user error and you configure them wrong and most products are probably only use it 60% of their potential. But we’re just sitting there on the frontline seeing what gets evaded, how it gets evaded? And we need to apply that knowledge to more than just our technology period. It’s just – it’s more valuable for us to do that. We can do that. And it’s just time we start doing it. So that’s the rationale behind doing it for the managed defense. And by the way, we even do it in services. You can always show up to a breach and say, “Hey, no matter what you’ve got, we’re not going to use it. We’re going to use our own stuff.” We do have technology-enabled services. But we have responded to incidents collecting data using other technology, you have to be able to do it. It’s as simple as well. I was just about to have an analogy that compared Microsoft with WordPerfect. But I don’t think WordPerfect is around anymore. But the bottom line is, we use different technology to get the damn job done and we got to elongate that. So we’re going to have supported products inside of managed defense, that’s being run by Marshall Heilman and will support other endpoint technologies. And that’s the number one use case for managed defense, verify that we have a damn problem. Answer the question every day all the time, are we compromised or not? And that’s what managed defense does. And I just think, we – it should be growing faster than it is. This is probably the fastest way to unlock growth.
Daniel Bartus:

Great. That sounds good. And then quickly for Frank, good to see the ARR growth improved up to 8%. I think that’s the best over the last year-over-year there. Can you just help us breakout what you attribute to Verodin in that growth, if that’s possible? Thanks.
Frank Verdecanna:

Yes. So we did see, obviously, Verodin continue growing and continuing to have nice traction year-over-year. We did grow 27% in the platform cloud category. From an overall billing perspective, the Verodin growth is probably close to half of that growth.
Daniel Bartus:

Okay. Thanks, guys.
Kevin Mandia:

Thank you very much.
Operator:

Thank you. Our next question comes from Hamza Fodderwala with Morgan Stanley. Your line is now open.
Hamza Fodderwala:

All right. Thank you for taking my question. Hope you’re doing well. Just a quick question on my end. Clearly, Q2 demand was really durable. I’m wondering what you’re seeing as far as early demand trends are concerned in July, particularly with some of the high profile breaches recently? Is that helping to create any new pipeline into the back-half? Just any thoughts you have there?
Kevin Mandia:

The one challenge when you mentioned that I immediately went to the 30% to 40% of our services revenue comes within quarter sometimes in regards to those breaches. We worked a bunch of big ones in Q2. We’ve probably got a couple of big ones right now, but some of the headline breaches, by the way, aren’t ones that are big headline breaches from a response standpoint. And so, I won’t comment on those specifically, but they weren’t going to be big jobs for us. Frank, I don’t have a good answer for this. I mean, early on…
Frank Verdecanna:

I think the best way to look at it is typically, when we have significant amount of breach activity, yes, there’s typically a fair amount of pull-through from those breaches over the next, call it, two to three quarters. And so the the fact that Q2 was a really significant breach quarter and incident response quarter that does kind of play well for the back-half of the year, because a lot of those engagements will have significant either product or solutions kind of pull-through. What we’re seeing early in Q3, yes, we have seen some kind of high-profile breaches, but Q2 was a really high mix of breaches. So we’ll see where Q3 end, but so far, we still see a lot of activity going on there.
Kevin Mandia:

Yes. And I think there’s always adaptation. We’ve always done our incident response work remotely. That’s just what we do. You need the pros from Dover. We send the expertise in minutes and help you out. But one of the things I’m certain we’ll have to do is, our strategic consulting has always done with some on-site visits, on-site interviews and things of that nature. We’re going to have to evolve a little bit on how we do that, build a little bit more about validation, having dashboards, so that we can interact with our customers remotely in a more effective way. And we’re building that with the Verodin platform, that ability to attack test and rinse and repeat. But I’m certain we’re going to have to look at the way we do our strategic consulting and change some of those methodologies based on a work from home environment.
Hamza Fodderwala:

Got it. Thank you.
Operator:

Thank you. Our next question comes from Shaul Eyal with Oppenheimer. Your line is now open.
Shaul Eyal:

Thank you. Good afternoon, guys. Congrats on the strong performance and the outlook for the second-half.
Kevin Mandia:

Thank you.
Shaul Eyal:

Kevin, I wanted to focus specifically on your e-mail related product.
Kevin Mandia:

Sure.
Shaul Eyal:

Are you seeing Microsoft being more pronounced and more visible in this market and in recent quarters?
Kevin Mandia:

Yes, absolutely. I think that we went through O365. What you’re seeing, in my opinion, and solely my opinion is the cloud suite of e-mail like Google Suite and O365 are definitely doing – they’re winning, because the alternative is us doing e-mail ourselves. And even as a CEO, I found it far easier for us to outsource that capability than insource it. And so that’s a good thing. So I think more and more companies are choosing third-party e-mail as their e-mail. And then by the way, once you do that as a third-party, you have to have security platforms as well. So we are seeing growth in our cloud, e-mail, ETP, as we call it, but we are not seeing growth in our on-prem appliance. And I don’t think too many people will see in the future on-prem e-mail gateways being successful. So bottom line, yes, Microsoft is, in my opinion, do an exceptional job winning enterprise e-mail period.
Shaul Eyal:

Got it. No, that’s extremely helpful. Thank you for that. And maybe on billable hours or billable rates…
Kevin Mandia:

Yes.
Shaul Eyal:

I would imagine that stayed relatively subtle, maybe have you been able to slightly up these rates – expand these rates a little bit?
Kevin Mandia:

We’re not increasing our rate. And a lot of folks, it’s kind of interesting. People will think we’re – that the rate itself can be perceived as high when we’re responding to breaches or doing other things. But the reality is, is we have more experienced folks and the overall cost of a lot of what we do is actually less than folks that send a whole bunch of folks at a lower rate. Eight people at $200 an hour is more than two people at $400 an hour and you get the same results. But we don’t really do that. I mean, in reality, different services have different rates. We, over time, have lowered the rate, if anything, although our average rate right now is high because of the incident response, where we have shown a willingness to lower the rates for what I would call strategic government work, where we just think it’s strategically important to be involved in different security operations in – across the globe, by the way, with different Intel agencies or different Departments of Defense. So in the – so I think in the long run, because just the way we run that, though, our hourly rates always hovered at around the same plus or minus 2%, the same thing. I think, it’ll stay there, but the range of the rate has grown a little bit.
Shaul Eyal:

Understood. Thank you so much.
Kate Patterson:

We have time for one more question.
Kevin Mandia:

Yes. Thank you. One more?
Kate Patterson:

One more.
Kevin Mandia:

Sure.
Operator:

Thank you. And that question comes from Brian Essex with Goldman Sachs. Your line is now open.
Kevin Mandia:

Brian, how are you?
Brian Essex:

Hi, guy. Hey, good. How are you? Thanks for squeezing me in. I appreciate it.
Kevin Mandia:

Sure.
Brian Essex:

Just one quick question for you. Just wondering any incremental contribution progress with the iboss partnership, just wondering how that’s going on the platform and kind of what to expect there going forward?
Kevin Mandia:

Yes. First off, love the technology of iboss and I looked at the performance. And obviously, we could probably do better there and train our sales force. And I think right now might be relatively specialized sale for us, where our sales engineers that get it or just better at, I think, positioning it. And I look at it as – it’s like a Zscaler thing, right? You get the FireEye protection…
Brian Essex:

Yes.
Kevin Mandia:

…but you get to just kind of use the eyeballs agent throughout all your traffic. We got room for improvement there. But on paper, the partnership looks great. They send all the data and it can go through all our virtual appliances.
Frank Verdecanna:

And Brian, just from a timing perspective, we had trained the sales force in Q1 on that.
Kevin Mandia:

Yes.
Frank Verdecanna:

So it does take a couple of quarters to build the pipeline. But if you look at where we sit today, we’ve got a lot of nice deals in the pipeline for Q3 and Q4. So we’re hopeful that we’ll see some nice traction there.
Brian Essex:

Right, that’s helpful. Maybe, Frank, just a real quick follow-up. So thank you for that. On cloud managed services, I know you talked about training your sales force.
Kevin Mandia:

Yes.
Brian Essex:

And I understand you’ve had some rationalization on the hardware side of the business. How has hiring been there? What does the sales force look like in terms of new hires and maturity? And how can we expect that to support growth going forward as we look at potentially stabilization hardware side of the business?
Frank Verdecanna:

Yes. When we look at kind of hiring across the Board, I think, given FireEye’s position in the marketplace with the level of intelligence and expertise we have, it’s an area that we’re very successful from. I look at a lot of the people that we bring aboard and we have a lot of talented new individuals coming aboard that I think can really help take us to the next level. I think that’s been an area of strength for us for quite sometime. And I think we feel really good about our ability to hire and our ability to kind of grow the growth areas of the business.
Brian Essex:

And is there a certain percentage of the sales force that’s still kind of getting up to maturity? Or is this kind of a steady state hiring just to support growth as you go along kind of process?
Frank Verdecanna:

No, I think it’s always evolving. But no, I think, we feel really good about kind of a lot of the enablement that we’ve been working on for some of the newer areas of the business. And I think Verodin, our Mandiant Validation is a perfect example of if you looked at the pipeline being built right well after the acquisition over the next couple of quarters, then you look at the pipeline being built after we went through a full kind of enablement and training, I think, the sales force got it. And I think they built a pretty significant pipeline that I think will drive significant growth there. So I think we’ve got the right resources to Board. We think they’re in the right level of as far as enablement goes. And so we should be in a good spot there.
Brian Essex:

Okay, that’s helpful. Thank you.
Kevin Mandia:

Thank you.
Operator:

Thank you. I’m not showing any further questions at this time. I’d now like to turn the call back over to Kevin Mandia for closing remarks.
Kevin Mandia:

Yes. I did write a couple of closing remarks right now. I’ll spit them out at New Jersey auctioneer speed, because I know we’ve been on for over an hour. But in closing, I just want to provide a quick update on the four priorities we outlined for 2020. Our first priority was we intend to be the best world at incident response, red teaming and threat intelligence. When I reviewed the first-half of 2020, we are performing more investigations at a faster pace this year than last year. And in third-party appraisals of our incident response and threat intelligence, we’re in the top right, so I feel we’re doing our jobs there. Our second priority was to extend our dynamic threat detection and expertise to defend cloud-based infrastructures. We addressed this priority with our acquisition of Cloud Advisory in the launch of our cloud security assessment service and consulting and our network security 9.0 release in the second quarter, which included our enhancements to support secure migration of workloads in the major cloud providers. Our third priority was to deliver our expertise on-demand seamlessly through our technology, where experts are available at the point where our customers need them most. And again, we developed expertise on-demand not to sell more services, but the differentiate our technology. I know, in my years of doing computer security at the Pentagon, I would have loved if we had a button to click on to get help. So we give that to our customers. And we are seeing our customers take advantage of this button, and our on-demand capability with their expertise on-demand revenue use up over 300% year-over-year, still a small number, but they’re using it. And that’s what we wanted. And finally, we want to be the best enrolled at security validation. We intend to make the process of measuring security effectiveness against the most current attacks as simple, continuous and as commonplace as we can make it. And the Mandiant Advantage portal that integrates our threat intelligence and validation will close the security gap between the attackers emerging techniques and the safeguards that are just too slow to adapt, or stop or detect these attacks. So I’m very pleased that we’re making progress in all our objectives. I want to thank everybody for joining us today. Thank you for your interest in FireEye. And I look forward to speaking to all of you in 90 days. Until then, please stay safe and healthy. Thank you very much.
Operator:

Ladies and gentlemen, this concludes today’s conference call. Thank you for participating. You may now disconnect.

Mandiant, Inc. Q2 2020 Earnings Call Transcript

Other Mandiant, Inc. earnings call transcripts:

Mandiant, Inc.
Q2 2020 Earnings Call Transcript