Mandiant, Inc.
Q4 2020 Earnings Call Transcript

Published: 2 Feb 2021

Operator:

Ladies and gentlemen, thank you standing by, and welcome to the FireEye Q4 2020 Financial Results Conference Call. At this time, all participants are in a listen-only mode. After the speaker presentation there will be a question-and-answer session. I would now like to turn the conference to your speaker today, Kate Patterson with FireEye Investor Relations. Please go ahead ma’am.
Kate Patterson:

Thank you. Good afternoon and thanks to everyone on the call for joining us today to discuss FireEye’s financial results for the fourth quarter of 2020 and the full-year 2020. This call is being broadcast live over the Internet and can be accessed on the Investor Relations section of FireEye’s website at investors.fireeye.com.
Kevin Mandia:

Thank you, Kate and thank you to all the investors, employees, customers, and partners joining us on this call. We appreciate your continued interest and support. The last few months were a pivotal time in the cybersecurity industry. During the fourth quarter, FireEye discovered a supply chain compromised by detecting a malicious backdoor in the SolarWinds platform. Further investigation showed that a threat actor had successfully implanted a backdoor, which we labeled SUNBURST in over 18,000 companies and organizations. These 18,000 victims included several government agencies, and the original implant was delivered as far back as March of 2020. No security products or security team detected it until FireEye did in December, exposing a cyber espionage campaign of significant scale and impact.
Frank Verdecanna:

Thanks, Kevin and hello to everyone on the call. Thank you for joining us today. Before we move on to the details of our Q4 and full-year 2020 results and our guidance for Q1 and full-year 2021, let me remind you that I'll be referring to non-GAAP metrics, except for revenue and operating cash flow.
Operator:

Thank you. Our first question comes from Sterling Auty with JPMorgan. Your line is now open.
Sterling Auty:

Yeah, thanks. Hi, guys. Kevin, actually just want to start with a thank you to you and the FireEye team for finding the breach when you think about the impact to the government, private companies, and kind of our country as a whole, you know, thank you for, you know, for the whole team for finding it. Shifting over to questions, can you give us a sense, so, obviously, you saw the big uptick in the services demand, it makes perfect sense. What have you seen in terms of any uptick in managed services, or product follow-on, you know, to, you know, to that demand?
Kevin Mandia:

Yeah, I can tell you our Managed Defense had a great quarter. I can't say it's in relation to the SolarWinds incident because that happened so late in the quarter. We went public on that December 8. I think we went public on the implant late on December 12. And that was kind of late in the quarter to have any real direct impact on the quarter. But Managed Defense had a great quarter. And cloud endpoint is something where everybody's working from home. They need to have a distributed Endpoint Protection. I think that our Services, Sterling, was acting at capacity prior to the SolarWinds incident and after the SolarWinds incident. So really, it's hard to measure difference there when they're at capacity and we just continue to hire and continue to perform there.
Sterling Auty:

Alright, sounds good. Thank you.
Operator:

Thank you. Our next question comes from Gregg Moskowitz with Mizuho. Your line is now open.
Gregg Moskowitz:

Okay, thank you very much for taking that question. And I like to echo Sterling's thank you, in a very heartfelt way. So, maybe just to double click on some perspective, Kevin, a bit of a follow up to what Sterling was asking. So, prospectively, you know, what impact going forward do you expect to see as it relates to, a, your services business, and then b, your products business?
Kevin Mandia:

I can tell you, on the services side this is the 11th straight record quarter we mentioned that and I anticipate almost every quarter saying the same thing, you know, but we think that services is strategically important to build the Mandiant Advantage platform and make sure our products have the best detection in class. So, what I've observed in the past is whenever we have a powerful services quarter, you do see all sea levels rise. And you know, the nice thing about services there’s not a bake-off for services. You know, with the kind of work that we do, a lot of people know us for our incident response capability and they feel that's very tactical. The reality is, is when you respond to breaches, you don't just figure out what happened, you also have to figure out what to do about it, which is very strategic. So, we've done a lot of advanced work on creating strategic consulting practices where we can take folks, you know, without a breach and proactively sell taking their security programs from point A to point B and we're seeing that grow well, that, you know, when I look at the products, the one that I have as a top priority is Mandiant Advantage. We have differentiated threat intelligence, it absolutely matters. When you can speak 30 something languages, you have analysts in 20 something countries, you respond over 1,000 breaches a year, you do over 500 red teams a year, we know more about how attackers break into networks than anybody. And we need to get that in a scalable way to technologies besides just FireEye’s Technology. And that's what we're doing with Mandiant Advantage. So, I think that's a great growth opportunity for us. And then the cloud versions of endpoint and Helix are doing very well as well. So, when I look at the growth drivers for 2021, it's Mandiant Advantage, services will keep doing what it always does, and we'll have a great year for cloud endpoint, great year for managed defense, and that Mandiant Advantage when you hear me say that think of it as our intel, and our validation combined with now the acquisition of Respond Software, because we're going to put all that together over the calendar year.
Gregg Moskowitz:

All right, terrific. That's very helpful. And maybe just a quick follow up, if I may. Frank, you mentioned that the 2015 and 2016 appliance lines have now been fully amortized. So, do you think we're now at a position where you can perhaps grow, you know, even if just very modestly, the product and related ARR from this point forward?
Frank Verdecanna:

Yeah, I think we've seen a stabilization on the product and related ARR, and as far as growing that, you know, obviously, that depends on kind of the customer's preferences for cloud versus on-premise. So, I think, you know, ultimately, we're going to see a lot more growth in the platform cloud subscription side. But we are definitely encouraged by the fact that we've now had a couple of quarters of pretty strong stabilization on the product and related ARR. And so now that is not becoming a huge drag on ARR.
Gregg Moskowitz:

Alright, terrific. Thank you.
Operator:

Thank you. Our next question comes from Brian Essex with Goldman Sachs. Your line is now open.
Brian Essex:

Great. Thank you for taking the question and congratulations on the results, both operationally and financially. So, I guess, you know, Kevin, can we break down a little bit in terms of the Mandiant Advantage, you know the Mandiant Solutions side of the platform, as you roll out incremental features and functionality like threat intelligence respond, how does that translate into adoption and spend by customers? And are these, I guess rollouts going to be substantially meaningful or more kind of gradual over time, in terms of the way that they impact growth across the platform?
Kevin Mandia:

Well, a couple comments on this, Brian. First, we have, you know, there's different speeds at which an organization works. We have Chris Key, who was our Verodin CEO running the product development there, we're moving at speed, it's all cloud for the cloud. And the number one request that I get when I talk to CISOs is first and foremost, we want to know what you guys know. Wouldn't it be great if we had a Mandiant expert looking at every single alert we've got. Well you can do that with the Mandiant Advantage. Why not backstop your team, whether they're experienced or inexperienced with the best threat intelligence on the planet? So that makes sense to me. And then the second question we get well, how do we know if all this stuff we're doing works, and that's the validation component. And we've lived our whole careers responding and this year we'll do over a thousand investigations. And these are firms that have bought the best technology you can buy. They have great capability and great people. So, why are there still breaches. You have to test it with validation, putting intel, which we've already got in the platform that's done. And that's modernized our intel offering and giving people the form factor they want. They know what we know, virtually in real time. We use it ourselves. So, if we're responding to a breach right now, everything we're seeing is going into the Mandiant Advantage. So, if there's anything new, now our customers are aware of it at the same moment that we are and we're getting that done. Combining that with validation, we can answer the question, how good is my security? And that's the number one metric that works in the Boardroom. You get unvarnished truth by doing validation. So, it's a real integration. It's all going to be through, you know, login with one account, all cloud-based. And then what I really liked about them, we tested this with the ransomware actor known as Maze. We did what's called on-demand validation. And we got a tremendous response to that because folks who had never used our validation before and under 30 minutes can download an agent, run the maze attack methodologies against their infrastructure and learn whether they could stop the attack or detect it or neither of those, which would be a bad outcome. And that's an under 30 minutes from deciding to use on-demand validation to getting real value. So, tremendous value prop, those two things will be together within the next few months. And then putting Respond in is fantastic because we bought them because we want software that thinks and learns. And we've been on a 17-year quest, they take the Mandiant analyst, and automate that person through technology. We do believe that you can automate a lot of the things that we do when we're hired to figure out what happened and what to do about it. So, we want to automate, not just the detection aspect of what we do, but the respond aspect of it. And I believe we can do that. So, we bought Respond, and with our managed defense capability in the thousands of customers we have and the 550 Mandiant consultants we have, I just think we can train it better. We can feed it better security relevant data, and we can automate so many of the tests that we're doing. So, I know that's a long winded answer, Brian and probably didn’t answer your question, other than bringing intel, validation, and the Mandiant experts thinking process to software is a powerful proposition that we're going to do in 2021.
Brian Essex:

All right, that's super helpful. Maybe if I can sneak in a quick follow-up, any shift in your, you know, M&A pipeline, given this strategic investment by Blackstone and ClearSky, you know, last quarter?
Kevin Mandia:

You know, we did that to get absolute conviction to our strategy. You know, we have a portfolio that's pretty darn broad. And we're making bets on portions of that portfolio and Blackstone, it just gave us conviction to the plan, and really endorsed what our strategy is here with the Mandiant Advantage and what we're doing. So, pretty pleased with that partnership.
Frank Verdecanna:

Brian, we're staying very close to, you know, a lot of the technologies out there, always looking for something that would benefit the platform. But you know, at this point, I don't think there's any big holes that we feel like we need to fill in the near term.
Brian Essex:

Okay, helpful color. Thank you very much.
Operator:

Thank you. Our next question comes from the Fatima Boolani with UBS. Your line is now open.
Fatima Boolani:

Good afternoon. Thank you for taking the questions. Kevin, maybe I'll start with you. You have been incredibly candid about your experience in, triaging this incident internally, and incredibly frank about the details that have emerged in your own process. And you know, one of the things I think you mentioned in some of your own blogging and literature to the security community is some of the Red Team tools that you “had to burn” as a result of, you know, some of the aftermath what has happened, so I'm curious how much of that has maybe translated into revenue implications or implications for your Mandiant franchise in terms of the tools, your Mandiant personnel used to assess, you know, victimized customers? And then I have a follow up.
Kevin Mandia:

Yeah. So first, there's no evidence Fatima that our Red Team tools that were stolen from us during a breach in the fourth quarter. There's no evidence they've been used by any third party, just us. Second, there's no impact. It's, you know, what we do for a living is respond to breaches. So all the R&D for our Red Team, almost all of it is done by the adversaries that we respond to. So, what we've always done is repurpose the things that we see out in the wild, we will observe some hour and say, wow, the threat actor did this and that it might have been harder to detect or more effective. So, our Red Team's R&D is augmented by cyber espionage campaigns from Russia, China, Iran, North Korea, and other locations and by cyber criminals. And you're always advancing in any way. So, as we respond to all these breaches, we keep upping the assessment capabilities that we have with our Red Teams. And I anticipate, you know, first, we'll still be able to use the tools that we had in the past, because there's always a big tail. From the moment we first see a method used by an attacker to the security community's ability to defend against it. So, no real impact at all. And we're already off to using and simulating more recent attacks.
Fatima Boolani:

I appreciate that clarification. Thank you, Kevin. Frank, maybe for you that $110 million in, what is essentially Mandiant Services backlog that's sitting in your deferred revenue now, can you give us a sense of how that has compared to prior periods and even prior fourth quarter period, so we have a sense of, you know, how much larger the magnitude is post, SUNBURST? And that's it from me. Thank you.
Frank Verdecanna:

Yeah. It’s an absolute record. So, we actually, we ended the fourth quarter at 110 million. A year ago, we were at 95 million, but did also increase 21 million sequentially. And so, I don't know, SUNBURST probably had a little bit of an impact, because we did have a lot of demand for our expertise from that incident. But, you know, like Kevin mentioned during the prepared remarks that, yeah, really didn't have a lot of impact on our Q4 revenue results, because that team was completely operating at capacity already. But it did give a, you know, a somewhat of a boost to the current deferred revenue on the professional services side. But we've been building that area, you know, for quite some time because of new offerings, like expertise on-demand have a nice impact to the current differed as well.
Fatima Boolani:

Very helpful. Thank you so much Frank.
Operator:

Thank you. Our next question comes from Keith Bachman with BMO. Your line is now open.
Keith Bachman:

Hi, thank you very much. I want to ask two. First for you, Kevin, is there any comments you wanted to make on ARR for 2021? I know you mentioned that products could flatten out here without any direction, but any other kind of puts and takes or parameters for growth you want to provide for ARR for 2021?
Frank Verdecanna:

Hi, Keith. This is Frank. Yeah, I think for 2021, I think we're not getting to a specific ARR number, but I think what we'd expect to see throughout the year and ending the year is really stabilization on the product and related, but accelerated growth on the platform cloud subscription ARR. If you think about the investments we’re making in the business, and the areas that we're really excited about from a growth opportunity perspective, it's all driving that platform cloud subscription, and managed service ARR.
Keith Bachman:

Okay, then ARR growth should, I mean, just putting those two together, ARR growth should improve in 2021 versus 2020 then?
Frank Verdecanna:

Correct.
Keith Bachman:

Okay. Just turning back to services for a second, you're guiding 2021 to 15% to 20%, kind of services growth, I just wondered if you could help frame that a little bit in terms of the constraining variable, because I would have thought that growth would have been candidly higher than that it may well end up being higher there, but is the key just capacity, and that it's linear growth, and you just can't find enough people? Because it would seem like, you know, given all the incidents that happened towards the end of the year that you'd reach 2020, and in fact, growth would be higher during this current fiscal year than last year, but maybe just flush that out a little bit for us. Thank you.
Kevin Mandia:

Yeah. And Keith, first and foremost, our intend is, could we grow our services faster? Yes. But right now, there's also what we've always had, and I've been doing this for 17 years, there does come a growth rate where first and foremost, we're about quality and capability.
Keith Bachman:

Yes.
Kevin Mandia:

So I think we can probably grow it faster, but at the same timeframe, we're trying to take a lot of that capability. And I don't think you'll ever completely replace humans in security. But we do want to have a platform that makes it easier for even our own services folks to scale. So, I do believe we can deliver more today than yesterday in regards to services. And to put that in perspective, when I was responding to breaches, I only could respond to one at a time. We've got folks now at Mandiant responding to seven to eight different computer intrusions at one time. So, we can already scale to technology is my hope that we meet the demand by being more technology enabled. We could go out and double the hiring rate right now. A, Frank would tell me, he doesn't like the expenses that's adding, but it also – it gives our frontline consultants a job and a half for a while. So, there's a long winded way and I can talk to you offline in a call back. When you assimilate new consultants, we got to teach them the Mandiant way that takes time. And I just like a 15% to 20% growth rate. And I’m fine when you go to 25, wheels on the best get wobbly from a quality standpoint. So, we like it where it's at.
Keith Bachman:

Yeah, fair enough, then. I just wanted to compliment you on the slide deck, you guys have been doing this for a while, and I think it's very helpful. So, much appreciated. Thank you.
Frank Verdecanna:

Thank you.
Operator:

Thank you. Our next question comes from Walter Pritchard with Citi. Your line is now open.
Walter Pritchard:

Hi, thanks. Kevin, just wondering on services and attach of more recurring revenue type offerings on the services side. What do you see in the pipeline with this recent round of services engagements and is that compared differently at all to what you've seen, you know, historically there just given the nature of the attack and the engagements?
Kevin Mandia:

Yeah, I can tell you, I don't know if it's related to the attacks you dealt with. But I see a stronger relationship between doing services and are Managed Defense behind our Mandiant Advantage . And I anticipate that to continue to grow. I think there's always been a strong relationship between those things. Because when our services folks show up, whether it's a strategic consulting engagement, or it's a incident response. With incident response, the logical lead behind is, lead behind our XDR capability with our folks running it. And that immediately ups the security profile of our customers from point A to point B with a shield up pretty quickly. But ever since we bought validation as well, it does take a while for our folks to get dependent on the software and get more technology enabled, because we had years of doing red teaming our own way, with our own platforms, and then we bought Verodin, but the relationships are getting stronger. So, in short, there will be a stronger correlation between services and a lead behind Managed Defense, or a lead behind Mandiant Advantage that whether we manage that capability or not for our customers.
Walter Pritchard:

Got it. And then just you mentioned on the million dollar deals, the high percentage of those that include three more products. Could you help us maybe lay out what are the three most common products or sort of sets of products that you see when it is through more that are ?
Kevin Mandia:

Go ahead Frank. Yeah, we do review them every quarter, and go ahead Frank.
Frank Verdecanna:

Kevin talked about that for the year, but for the fourth quarter, basically 50% of the greater than a million dollar transaction. So, of the 64%, you know 50% of them actually included services, and 72% of them included four more products. So what we're seeing in most of them is there is a services component, and then there is a product component in what might be network email endpoint, and then a Managed Defense for a threat intelligence as well. So each deal is a little bit different depending on the customer's need. But I think the thing that we're really happy about is, we're seeing a lot of these platform deals where our detection products on our platform are part of it, as well as some of the solutions. So, it's really taking advantage of our intelligence and expertise and our best-in-class detection product.
Walter Pritchard:

Great, thank you.
Kevin Mandia:

Thank you, Walter.
Operator:

Thank you. Our next question comes from Erik Suppiger with JMP Securities. Your line is now open.
Erik Suppiger:

Yeah, thanks for taking the question. Can you remind us how much your professional services is coming from Forensics and incident response?
Kevin Mandia:

You know, it varies, it can be anywhere from about 30% upwards about 50%, but it just jumps up and down. What I can tell you is, we're almost always at the same utilization regardless of the mix. There is always something there for our folks, if they're doing Forensics, that's great. If they're not doing that most of those folks can always be repurposed to strategic consulting or training and in the other service lines.
Frank Verdecanna:

And Erik, in 2020 obviously was a great year on the IR side. But if you looked across all the services, we had really strong growth across proactive strategic and investigative. So it wasn't just the IR that had a record year, it is really strategic and proactive as well.
Erik Suppiger:

Okay. Now, it sounds as though you operate at capacity pretty much most all the time and it doesn't sound like you're changing the rate of hiring in light of SUNBURST. You've talked a little bit about how this is helped out Mandiant Advantage and things like that, but can you discuss maybe which revenue streams get most affected by an incident like SUNBURST? Is there another area or product that is particularly reactive to opportunities arising from that?
Frank Verdecanna:

Yeah, I think one of the things that if you look at what during the incident, we really validated as how important our intelligence and expertise, you know the fact that FireEye was the only company out of 18,000 companies that was able to discover this breach after being out in the wild for almost nine months than a lot of companies, it really did validate the intelligence and expertise that we bring to the table. And so the fact that we have that innovation cycle and that our products are updated with that level of intelligence and expertise, you know it really does have a positive impact across our portfolio. So, obviously intelligence and expertise is going to have a really strong tailwind because of that, but also our products because our products are getting smarter every day, because of the intelligence and expertise.
Erik Suppiger:

And can you remind us what contribution you get from the intelligence?
Frank Verdecanna:

So, the intelligence is a really significant component of Mandiant Advantage and it's probably the one area, we'd expect the most growth in 2021.
Erik Suppiger:

Great. Thank you very much.
Kevin Mandia:

Well, there is a direct result of Intel and then there is indirect, I mean literally a product without an innovation cycle, product without a learning and capability is not that valuable. So, the fact that we have something new every few minutes to go look for is very powerful. So Intel is, kind of, it pervades every single product that we have, contributes to all of them.
Erik Suppiger:

Great. Thank you very much.
Operator:

Thank you. Our next question comes from Shaul Eyal with Oppenheimer. Your line is now open.
Shaul Eyal:

Thank you. Good afternoon, everybody. Congrats on the healthy performance, kudos again on the transparency back in December regarding the SUNBURST hack. My question actually is on potential GDPR implications. You guys are obviously at the front lines. You guys are talking to so many of your customers. Have any of them began discussing with you some potential implications, finds that could be associated with the SUNBURST hack at this stage or is it preliminary right now?
Frank Verdecanna:

Yeah, I'm unaware of any risk in that area at this juncture. And I'd be shocked and astonished if that would occur.
Shaul Eyal:

Got it. Thank you so much for that. I appreciate it.
Frank Verdecanna:

Thank you.
Operator:

Thank you. Our next question comes from Hamza Fodderwala with Morgan Stanley. Your line is now open.
Hamza Fodderwala:

Hey, guys. Thank you for taking my question. And I'd also like to echo my gratitude for your transparency. I'm wondering if you can talk a little bit about the growing sort of priority and demand for security even prior to SUNBURST right, I mean, you obviously have had an expanding attack surface area, plus COVID, a lot more complexity that's come about as well. So, can you speak to that as it relates to your pipeline and then more specifically any sort of thoughts – early thoughts that you have around security architectures perhaps changing overall post-SUNBURST or COVID. So, just sort of the general commentary on both aspects.
Kevin Mandia:

Yeah, clearly post-COVID, everybody's working remotely. Remote workforce protection and things that come from remote workforce protection is better identity, better authentication and movement to the cloud. So that's definitely everybody knew about those trends. They got accelerated by the pandemic. In regards to something like a SolarWinds, whenever you have an attack that everybody's nest and every single quarter that goes by, every organization depends more on their infrastructure – their IT infrastructure, it gets everybody to think, what is the effectiveness of our security programs and how would we fair and how would we detect these sort of things? So, I think there's going to be a couple of outcomes from this, especially from the big companies where their risk profile is such that, hey, we've got to secure our supply chain, we've got to make sure we don't have to deal with sophisticated attacks or if we do, we'll have an awareness. I think that's why we bought validation as I think, it's going to be very important, it gives you unvarnished truth, you've simulated attack, how did you do. So that's something that will increase. There is no question, supply chain, security is something that everybody is going to consider and then obviously all software companies are looking into, how do they develop code, where are their engineers, how their engineers check code in, and how do you audit that so that none of us is a supply chain risk to the folks that we serve. So that's just a quick answer. It’s probably a 45-minute discussion, but this breach got everybody to recognize there is a way to compromise some of the most secure organizations on the planet in a surreptitious way and that alarm people. And with that alarm comes an awareness and a desire for it to not happen again.
Hamza Fodderwala:

Right. Maybe just one quick follow-up, cyber security is obviously a top priority now for the Biden administration, obviously FireEye has a pretty large footprint in the federal vertical. I'm wondering to what degree is the company, being involved in sort of advising the federal government around sort of best practices and taking a role and sort of improving also national defense? And that's it for me.
Kevin Mandia:

Well, I appreciate that question. I think one of the biggest things that any administration would face is you have to impose risks and repercussions to the folks that attack American companies and that's something that I think is not a device of issue for our government and they will look into doing that. Starts with doctrine what do we stand for and what are the behaviors we expect in cyberspace. And then after the doctrine of what, you know do the best you can and define the red line for cyber. The second thing is to make sure those risks are repercussions to those who violate those rules. And those things are going to come to bear, I think over the next few years.
Hamza Fodderwala:

Thank you very much.
Kevin Mandia:

Thank you.
Kate Patterson:

Next question please.
Operator:

Thank you. Our next question comes from Tal Liani with Bank of America.
Tal Liani:

Yes. Hi.
Kevin Mandia:

Hi, Tal.
Tal Liani:

Your services Mandiant is doing great, the legacy of the product is – it's less bad, but it continues to decline. Is there any consideration in the company to focus more on the services part, and just not compete in areas where you're struggling or exit some of the areas that related to products and turn the company into a complete service company? I'm trying to understand what goes through your mind when you think about the long-term strategy?
Kevin Mandia:

Yeah, absolutely, Tal, I can tell you. First off, we know what our differentiators are. The world's best threat intelligence and incredible frontline expertise for Mandiant, we want to leverage those and prioritize our portfolio to take the most advantage over that. And I think one of the ways we do that is in fact with the Mandiant Advantage and we move fast, we have a cloud-based brain that thinks, that learns, that brings to market our Intel, our ability to not just share with you what we know, but automate all the analytic skills that we have and at the same timeframe automate our validation. Let's put it this way, Tal, who wouldn't want a Mandiant expert looking at every single alert coming into their company. We can bring that to bear through software and that's always been our goal. So we're going to focus on doing that and that's a long-winded way of saying we have prioritized our portfolio and we're prioritizing it based on what we're – the best in the world at and we're most differentiated at.
Frank Verdecanna:

And Tal, if you look at where we're putting the investment dollars, we're – that's the area, we're investing the strategic growth areas on the solution side. But if you look at the product side, the cloud growth pure products exceeded the decline on the on-premise solution. So, we actually did see growth in the third and fourth quarters on the product side, but also one really important point is the more mature area, the business is generating significant cash flow and that cash flow is then put back and invested in the company in the high growth areas. So, I think you can see that transformation happening as we speak. In the fourth quarter, two-thirds of our billings came from the high growth areas of platform cloud subscription and managed services and services. So, I think we're making that transformation. The more mature areas are helping fund that.
Tal Liani:

Got it. Great answer. Thank you.
Operator:

Thank you. Our next question comes from Saket Kalia with Barclays. Your line is now open.
Saket Kalia:

Hey guys, thanks for fitting me in here. Hey, Frank, maybe just first one for you, kind of housekeeping, can you just remind us how big Respond was from an ARR perspective, and I realize it closed intra-quarter, so there probably wasn't a ton of revenue, but I would imagine we're acquiring a book of business from an ARR perspective. So, any guard rails you could give us and how much that might have contributed the platform ARR in the quarter?
Frank Verdecanna:

Yeah, it added a little less than $5 million of ARR. It didn't have much contribution from a bookings, billings perspective in the fourth quarter revenue, because they were actually at January – end of January fiscal year-end. So, a lot of the deals that were in there fourth quarter actually closed in January of 2021. So, wouldn't been part of our Q4 results.
Saket Kalia:

Got it. That's helpful. And then, the quick follow up here is, I mean for you Kevin, obviously a lot of focus on Mandiant Advantage threat. Intel is sort of the starting point there. FireEye has had a great threat, Intel offering for years and years now, you know Mandiant Advantage sort of takes that step-up, I mean any broad brushes that you could talk about from a pricing premium perspective right when it comes to Mandiant Advantage threat Intel versus sort of FireEye threat Intel before?
Kevin Mandia:

So with respect to the addition, so Mandiant Advantage, it's basically now the only way to consume that threat intelligence feed and we've converted most of our existing Threat Intelligence customers to Mandiant Advantage platform where we'll really see the benefit is when we have multiple modules all connected through Mandiant Advantage. So, I mean you can think through when we add in validation and we add in the XDR capabilities from respond, the synergies of having that all in one dashboard and all in one place will really come to bear.
Saket Kalia:

Got it. Thanks again for the time guys.
Kevin Mandia:

Thanks. I appreciate it.
Operator:

Thank you. I'm not showing any further questions at this time. I would now like to turn the call back over to Kevin Mandia for closing remarks.
Kevin Mandia:

I'd like to thank all of you for joining us today. We've done a great job on our transformation in 2020. The portions of our business that are faster growing are now the larger half of our business, which is very important. We enter 2021 with tailwinds to that portfolio, that's higher growth and we’re more relevant than ever. When you look at the cyber espionage campaigns that we've responded to in the last month or two, everybody has cyber security top of mind. So, we're very excited about 2021 and I look forward to updating you at the end of the first quarter on our progress. Thank you to all of you.
Operator:

Ladies and gentlemen, this concludes today's conference call. Thank you for participating. You may now disconnect.

Mandiant, Inc. Q4 2020 Earnings Call Transcript

Other Mandiant, Inc. earnings call transcripts:

Mandiant, Inc.
Q4 2020 Earnings Call Transcript