Mandiant, Inc.
Q3 2018 Earnings Call Transcript

Published: 31 Oct 2018

Operator:

Good day, everyone, and welcome to the FireEye Third Quarter 2018 Earnings Results Conference Call. At this time, all participants are in a listen-only mode. Later, we will conduct a question-and-answer session, and instructions will follow at that time. Also, this call is being recorded. At this time, I would like to turn the call over to Kate Patterson. Please go ahead.
Kate Patterson:

Thank you, Daniel. Good afternoon, and thanks everyone on the call for joining us today to discuss FireEye's financial results for the third quarter of 2018. This call is being broadcast live over the Internet and can be accessed on the Investor Relations section of FireEye's website at investors.fireeye.com. With me on today's call are Kevin Mandia, FireEye's, Chief Executive Officer and Frank Verdecanna, Executive Vice President, Chief Financial Officer and Chief Accounting Officer of FireEye. After the market closed today, FireEye issued a press release announcing the results for the third quarter of 2018. Before we begin, let me remind you that FireEye's management will make forward-looking statements during the course of this call including statements relating to FireEye's guidance and expectations for certain financial results and metrics; FireEye's priorities, initiatives, plans, and investments; drivers, and expectations for growth; the expansion of FireEye's platform and the benefits, capabilities, and availability of new and enhanced offerings; competitive position, market opportunities and go-to-market strategies. These forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. These forward-looking statements apply as of today, and you should not rely on them as representing our views in the future. We undertake no obligation to update these statements after the call. For a detailed description of the risks and uncertainties, please refer to our SEC filings as well as our earnings release posted an hour ago. Copies of these documents may be obtained from the SEC or by visiting the Investor Relations section of the website. Additionally, certain non-GAAP financial metrics will be discussed on this call. We've provided reconciliations on these non-GAAP financial measures for the most directly comparable GAAP financial measures in the Investor Relations section of the website as well as in the earnings release. We'd also like to remind you that the results included in this call and the earnings releases are using the ASC 606 revenue standard. Finally, I'd like to point out that we have posted the supplemental slides and financial statements on the Investor Relations section of the website. With that, I'll turn the call over to Kevin.
Kevin R. Mandia:

Thank you, Kate, and I'd like to thank all of the investors, employees and customers and partners that are joining us on this call. We appreciate your continued support in FireEye. This is the seventh consecutive quarter we have done what we said we would do. Meeting or exceeding our guidance ranges for all our key financial metrics. We posted billings at the high-end of our range. Revenue, operating margin, and cash flow were above guidance. And we achieved non-GAAP profitability for the second consecutive quarter. And these are the results of a company building for the long term. In addition to delivering our financial results, we continued to increase our innovation velocity, improve our entire product portfolio while also providing world-class security services and threat intelligence. Now, Frank, will take you through the detailed financial metrics in a moment, but I'd like to reinforce our message from the last few quarters. We have made tremendous strides improving FireEye's productivity and efficiency. We have returned FireEye to sustainable growth while increasing profitability and cash flow. And we have accelerated innovation across our entire portfolio of products and services. Over the past few years, we have turned FireEye from an appliance company with declining sales into a more efficient software company with sustainable growth while building a platform that will power the future of security operations. With the transformations we are achieving and with our expertise and intelligence driving a continuous innovation cycle, this is an exciting time to be at FireEye. So I want to take a moment to recognize and thank all the FireEye employees for their effort, their ingenuity, and the teamwork that brought us to this point. Now let's discuss some recent highlights. We continue to leverage our diversified portfolio to drive growth. Most security companies are one-dimensional but FireEye is diversified and we are able to acquire customers and find new ways to deliver value to existing customers. We have done this by creating a multiple of avenues into our customer base, including services, threat intelligence, Endpoint Security, E-Mail Security, Network Security as well as our Helix platform. So we have many avenues in, many avenues for up-sell. Of the 43 transactions in the third quarter that were over $1 million, 42 involve multiple products or services and approximately 75% of these transactions involve three or more of our solutions. We added 243 new logo customers to FireEye. We provision more than 100 new Helix customers. And we had another record quarter for Mandiant Services revenue. And year-to-date we have responded to more security incidents, provided more proactive security assessments and expanded internationally. We have evolved the SIEM component within Helix, adding approximately 30 new reports and other capabilities. In addition to adding value to SIEM deployments with orchestration in our embedded threat intelligence, our SIEM capabilities have led to displacement of some of the most popular providers of SIEM solutions to enterprise class customers. We launched MalwareGuard, our machine-learning signature-list Endpoint protection capability, which has led to the displacement of the legacy Endpoint providers. Beyond detecting what AV detects, our Endpoint Security solution also detects threats that AV misses and arms incident responders with the comprehensive forensic capabilities they need. We are on pace this year to train more security experts than any other year in our history. And it is important to note that these classes are not just product training but more than 20 different security courses addressing the needs of intelligence officers, law enforcement personnel, government personnel and security practitioners from around the world. By training the security experts we are helping to create the next generation of security capabilities and professionals. We continue to distinguish ourselves from the pack with a thought leadership and threat intelligence. In recent months some of this work has included first, identifying an Iranian influence campaign designed to impact public opinion during elections in the United States. Second, attributing global financial crimes to North Korean cyber attackers [Technical Difficulty] (6
Frank E. Verdecanna:

Thanks, Kevin, and hello to everyone on the call. On our last two quarterly calls I said that I believe that with our best-in-class products, simplified pricing and packaging, and an energized team, we were on a path to sustained growth and leveraging our financial model. In Q3, our vision for the future of security supported by our differentiated threat intelligence and expertise resonated with customers, resulting in increases in the number of new logo customers and expanded commitments from our existing enterprise and government customers. The metrics also underscore the dramatic transformation of our business and our business model over the past few years. The positive trends over the past few quarters continued into Q3. First, business momentum continues to diversify across product families and geographies. In 2015, excluding professional services, almost a-third of our non-services billings were for physical appliances. And through Q3 2018 year-to-date, appliances accounted for less than 15% of billings. In 2015, on-premise network and e-mail with their related subscriptions and support accounted for approximately 70% of our non-services sales. For year-to-date Q3 2018, the mix split is about 50-50 between network and e-mail appliances and attached subscriptions. And our newer products such as Managed Defense, Endpoint, Intel, Helix and cloud or virtual versions of our e-mail and network products. This is a remarkable transformation less than three years. Second, as billings shift away from appliance-based products to virtual, cloud and hybrid, the mix of recurring subscriptions and support is increasing, which is good for the long-term growth of our business. At the same time, billings for appliance hardware has stabilized and even grew slightly on a year-over-year basis this quarter. Third, we continued to drive efficiencies and leverage in our operating model. A higher mix of software and cloud solutions, increased operating efficiencies and a focus on productivity are all factors in our improved margin profile. We've gone from negative 7% billings growth in 2017 to implied new growth of 10% at the midpoint of our 2018 guidance, a swing of 17%. As Kevin has said earlier, very few companies are able to make this turn and even a few are able to do so while increasing operational efficiency. I'm proud to be part of the team that made this happen and I'm excited about what's in store for the future. Before I review the detailed metrics, let me remind you that I'll be referring to non-GAAP metrics except for revenue. Our non-GAAP measures exclude stock-based compensation, amortization of intangibles, non-cash interest expense on our convertible debt, and other non-recurring items. Also note that prior-period results have been adjusted to reflect the adoption of ASC 606 as of January 1, 2018. The adoption of the new standard resulted in multiple changes to our business model, most significantly the ratable recognition of most of our appliances. As we go through the detail of our Q3 results, I will highlight a few key points to address some of the questions we have heard over the last few quarters as investors and analysts adjust their models. Turning to the results. Total billings were $219 million, at the high end of our guidance range of $210 million to $220 million. Product and related subscriptions and support billings were up 7% year-over-year. This category includes all products deployed on-premise or in hybrid environments, it includes both physical and virtual appliances, Cloud MVX, on-premise Helix security orchestrator and all the subscriptions and support billings related to these products. We have disaggregated this category further to give you a view into product versus recurring billings. In Q3, product accounted for approximately 30% of the product and related subscription and support category and increased 5% from Q3 2017. Product-related subscriptions and support formerly known as the TAP subscriptions and support accounted for approximately 70% of this category and increased 8% from Q3 2017. Growth in virtual deployments and Cloud MVX was a significant contributor to this subscription growth in the quarter. The second breakout category, cloud subscriptions and managed services increased 20% sequentially and 16% year-over-year. Reflecting ongoing strength in Managed Defense, stand-alone iSIGHT Threat Intelligence, Helix subscriptions and cloud e-mails. In Q3, this category accounted for 27% of total billings. With strong performance in both product-related and cloud subscriptions, recurring billings grew 11% year-over-year and accounted for 80% of our non-services billings or 65% of total billings. We continue to achieve renewal yields of greater than 100% including cross-sell and up-sell. The weighted average contract length for product and related category was about 31 months, down a half a month from Q3 2017. The ACL for cloud subscription category, which is all recurring subscriptions, was about 25 months, down from about 26 months a year ago. The weighted ACL across all ratable billings in Q3 was about 29 months, down about a month from Q3 2017. I know ACL is closely followed, so I want to provide some additional color on the trends we've seen over the past few years. First, the declining trend in the weighted ACL for product and related billings has reflected the decrease in appliance sales both in absolute dollars and as a percentage of total billings. The decline in appliance has also impacted the weighted average ACL across all ratable billings. However, if you exclude appliances and look at the average contract length for just the reoccurring billings, the ACL has averaged about 24 months since 2017. This is an important point. The stability in the recurring billings average contract length suggest that this metric is not a meaningful headwind or tailwind to overall billings growth. For the same reason, ACL trends do not indicate any meaningful change in customers' preferences or commitment to FireEye's technology. I believe that the best indicators of customers' willingness to commit to FireEye technology today and into the future are one, the customer retention rate; two, the yield on subscriptions up for renewal; and three the growth in new customers. Our customer retention rate remains approximately at 90% and we added more new customers in Q3 2018 than we did in Q3 2017. Our performance on retention, cross-sell and new business are all reflected in the annual recurring revenue or ARR metric. For ARR to increase, the pool of recurring business must expand. Straight-up renewals without up-sell or new customer subscriptions would just keep it flat. We ended the quarter with $538 million in annual recurring revenue, an increase of $50 million, or 10%, year-over-year and an increase of $60 million, or 3% sequentially. ARR for subscriptions for both breakout categories increased. ARR for cloud subscriptions and managed services increased more than 20% year-over-year for the second quarter in a row, reflecting the momentum we are seeing in this segment of the business. Turning to revenue in the income statement. Revenue in the quarter was $212 million above our guidance range of $206 million to $210 million and up 7% year-over-year. Approximately 90% of our non-services revenue, or $159 million was recognized from current deferred revenue associated with prior quarter billings. Our strong revenue performance was accompanied by continued discipline on the cost and expense lines with total COGS and operating expenses down about $800,000 from Q3 2017. The year-over-year increase in revenue was fully reflected in operating income, allowing us to achieve record operating margin of 7%. The decrease in expenses from the second quarter was primarily due to lower payroll taxes. Turning to the balance sheet and cash flow. We continue to maintain a very healthy balance sheet with cash and short-term investments of $1.1 billion, an increase of $13 million from prior quarter. We ended the quarter with receivables of about $129 million and DSOs calculated on billings of 54 days, slightly below the low end of our target range of 55 to 65 days. And in deferred revenue, it was approximately $887 million, split 60-40 between current and long term. Since I know many of you track the change in current deferred revenue as a way to adjust for changes in the average contract length of recurring billings, let me take a moment to go into a little bit more detail on how the adoption of ASC 606 is currently impacting our current deferred revenue. Under the 606 standard, we recognize appliance revenue over 48 months. Because appliance sales were higher in prior periods than they are today, we are recognizing more appliance revenue from deferred revenue than we are adding back from appliance sales in the current quarter. As a result, in Q3 current deferred product and related revenue declined by $6 million from Q2 and $20 million from Q3 a year ago. This decrease was more than offset by increases in current deferred revenue and other areas of the business. The net result is a sequential increase in current deferred revenue of approximately $3 million that you can calculate from our balance sheet. If you exclude the changes in deferred product and related revenue associated from past appliance sales, current deferred revenue would have increased approximately $36 million year-over-year and approximately $9 million sequentially. Total deferred revenue would have increased $14 million sequentially and $61 million from a year ago. Turning now to [our 2018 guidance, which reflects our strong Q3 performance. Our 2018 billings guidance range is now $835 million to $845 million, an increase of $5 million from the prior midpoint. For revenue, we are bringing up the low end of the range to $827 million and raising the high end of the range to $831 million. The implied midpoint of the range increases by $4 million. We are also raising our target operating margin range to 2% to 4%, and our earnings per share guidance range to $0.06 to $0.08 based on average diluted shares outstanding of 199 million.] Non-GAAP operating cash flow, which excludes $43.6 million non-cash item associated with the repurchase and retirement of the 1% convertible notes is expected to be between $60 million and $65 million, a $2.5 million increase at the midpoint compared to the midpoint [of our prior guidance]. GAAP or as reported operating cash flow is expected to be in the range of $16 million to $22 million. CapEx is expected to be in the range of $45 million to $50 million. CapEx for 2018 includes approximately $60 million associated with our move to our new headquarters earlier this year. Based on the above and excluding the non-cash item associated with the retirement of convertible notes in Q2, we expect to achieve positive free cash flow for the year. Our outlook for the fourth quarter is essentially unchanged from the outlook implied by third quarter on annual guidance ranges we provided last quarter. For Q4, we expect billings in the range of $245 million to $255 million, implying 4% year-over-year growth at the midpoint. Recall that Q4 2017 billings included a $10 million plus transaction, excluding the $10 million plus transaction from Q4 2017, the Q4 growth rate at the midpoint of our guidance range would be 9%. We expect revenue in the range of $214 million to $218 million, implying 5% year-over-year growth at the midpoint. Given this revenue range, we expect operating margin between 5% and 7% and earnings per share of $0.04 to $0.06 based on fully diluted weighted average share count of approximately 201 million. Our earnings per share guidance reflects cash interest expense of approximately $3.5 million and tax expense between $1 million and $2 million. Operating cash flow is expected to be in the range of $30 million to $35 million and we expect it to generate free cash flow in the fourth quarter. That concludes my prepared remarks. We'll now take your questions. Operator?
Operator:

Our first question comes from Andrew Nowinski with Piper Jaffray. Your line is now open.
Andrew James Nowinski:

Thank you very much and congrats on another good quarter.
Kevin R. Mandia:

Thanks, Andrew.
Andrew James Nowinski:

Maybe if you could just start Kevin, I've got a – just a one question and a follow-up, if you just give us any color on the U.S. federal demand this quarter and how that tracked according to your expectations?
Kevin R. Mandia:

Yes. It tracked exactly what we wanted to do, in fact, it exceeded expectations a little bit. We have a great federal sales team with great experience, and what I've found especially here in the U.S., a lot of the government buyers love to buy our technology along with some services to go along with it. And because we have both halves of that equation, we can provide more value. So bottom line, we did what we expected to do with, in regards to our federal business and we have a strong federal business.
Andrew James Nowinski:

Great. And then with regard to the endpoint. I think you mentioned you displaced some legacy vendors, are those...
Kevin R. Mandia:

Yes.
Andrew James Nowinski:

Yes, are those primarily existing FireEye customers that are deploying other FireEye solutions in addition to now your Endpoint, or are you seeing your Endpoint solution coming in as a stand-alone win and bringing in new customers at FireEye?
Kevin R. Mandia:

So in general, when I look at bringing in the new logos, endpoint is one of the top three ways that we do that. But on the one that came to mind where we replaced a legacy antivirus endpoint. It was a customer that's bought several of our solutions.
Andrew James Nowinski:

Okay. Thanks. Keep up the good work.
Kate Patterson:

Thanks.
Kevin R. Mandia:

Thank you, Andrew.
Operator:

Thank you. And our next question comes from Saket Kalia with Barclays Capital. Your line is now open.
Saket Kalia:

Hey, guys. Thanks for taking my questions here. How are you?
Kevin R. Mandia:

Hey, Saket.
Saket Kalia:

Hey, Frank, maybe just for you, I'd love to dig into that cloud subscription billings line a little bit, I think there are a few puts and takes kind of quarter-to-quarter, I think you said last quarter, there were fewer iSIGHT renewals, maybe next quarter we've got a slightly different comparable. And so the question is, can you help us think about growth in that line item over the long term, especially as we see more – to your point, see more of a shift to cloud products and cloud form factors?
Kevin R. Mandia:

Yes, Saket, I think that line item is where you're going to see a lot of our growth coming from and if you think about what's rolling into that line item, you've got Helix, the subscriptions related to Helix and that would include both Expertise On-Demand. It would include kind of the SIEM takeout, which is really our Threat Analytics subscription. It also includes our cloud email Managed Defense and our Threat Intelligence subscriptions all which had a strong quarter in the third quarter, which was one of the reasons we saw a nice growth in that line item. But I think you're going to see that continue in Q4 and into 2019 given that most of our growth drivers are coming on that line item.
Saket Kalia:

Got it. That makes sense. Maybe follow-up for you Kevin kind of related to the earlier question on U.S. federal. Clearly, a strong vertical for FireEye one that you're clearly connected with. A lot of focus just in the media this year on security around elections.
Kevin R. Mandia:

Right.
Saket Kalia:

I guess maybe just the two part question that is how true is that in terms of elections maybe driving more scrutiny and security spending? And then I guess relatedly, is the strength in that vertical, sustainable in a non-election year or slower election season like next year for example?
Kevin R. Mandia:

Yeah. I think, I answered this question even more broadly. And just, you see the rising importance of cybersecurity, not just in the impact on information operations and trying to sway public opinion, not just in the threat of trying to tamper with the democracy or the systems that promote democracy. But as you look at self-driving cars, you look at watches that can talk, you're going to have medical condition or not. We are all living more connected, ergo the importance of trusting those connections have never been more important. So I put election security into just a sub-bucket of the increasing importance of getting security right and what's at risk if we don't get it right, self-driving cars, human health, the production of energy and the outcomes of elections. That being said, getting straight to the elections use a Star Trek term from the past where shields up in this nation on the elections, right now it's a community defense effort with lots of organizations behind that efforts. So I feel confident that we'll be just fine this election.
Saket Kalia:

Got it. Very helpful. Thanks, guys.
Operator:

Thank you. And our next question comes from Walter Pritchard with Citi. Your line is now open.
Walter H. Pritchard:

Hi. Thanks, Kevin. I wonder if you can talk about – it sounds like still a little bit of a product headwind and your underlying business is growing a little bit faster. Could you talk about within that non-product business or were you're seeing the most incremental success relative to maybe expectations a few months back? And then as we look at into next year, do you think you'll still be talking about the product headwind sort of having to adjust those out to look at the growth rate of the business, you think will be more of a clean growth number if that stuff going on?
Kevin R. Mandia:

Yeah. So we're always going to be looking at. We had some core products start to decelerate a few years ago and we always want to overcome them with the new products. What I look at is three things in regards to things outside of those core products we IPOed on years ago, first Managed Defense added one of its best quarters ever and that's the ability to get endpoint network and email security and our expertise behind it. Our endpoint getting into endpoint protection was important for this company. We were the company that detected what everybody else missed. That's a great niche to be in, but over time, you got to expand into adjacencies like detecting what everybody else detects as well and we've done that on the endpoint, we're doing that in email and that's good. About the thing I'm most bullish about going into 2019, is I love the idea of what we are launching on Expertise On-Demand, Walter, and what that means is, we have great malware analysts. We have great forensic analysts, we have threat intelligence folks that speak 32 different languages. These are all expensive resources for every company to maintain on their own. We have a way to be a seamless extension of everybody security operations. Right now, we can already sell it, but I want to be able to put right in the product they click to chat with a malware analyst, click to get that forensic analysis done. And I think those things can create good growth for us because it's consumption-based, customers can engage us when they need us most. And I think that's going to be a driver as well. We've only been selling that for about a quarter now and I expect to see that grow more and more as we bring it more into our products and more into our thought processes. So hopefully I answered your question, but I look at Managed Defense, our cloud-based emails doing well, threat intelligence is doing well and inside of this services, I also think it's very important. The way – when I advise senior leaders of companies, they always want to know how good is my security and you got to test it. And I think the only way to get unvarnished truth testing it is to do what we call Red Teaming exercises. So as I go to prospects, I do feel for that particular service, it's hot right now, there is a need for Red Teaming. And when I mean Red Teaming, I mean an exercise to test the security of an organization and not just see if you can break into the organization, but see if you can break in and get to somebody's email, or break-in and get to customer data, or break in and make some kind of threat become a reality that the CEO doesn't want to see. So I think that, if you're looking for the specifics that feels like a hot service to me right now and training is always important. We've trained some of the best minds in security and we're having our best year ever and I'm seeing, as I travel around, particularly in government buyers, in other nations, they want us to train their folks. So I'll stop there, I could keep going, but I think I've provided enough.
Walter H. Pritchard:

And just one follow-up there Kevin.
Kevin R. Mandia:

Sure.
Walter H. Pritchard:

On the e-mail side, do you think – can you talk about what percentage or sort of how frequent it is, do you feel you're being deployed in the primary defense in the new business there versus sort of behind in a product?
Kevin R. Mandia:

Right now, I think primarily we are second layer of defense in emails still.
Walter H. Pritchard:

Okay. Thank you.
Operator:

Thank you. And our next question comes from Gabriela Borges with Goldman Sachs. Your line is now open.
Gabriela Borges:

Good afternoon. Thanks for taking my question. One for Kevin, if I may, on the SIEM landscape. Could you give us an update on how customers are thinking about adding you as an additional layer on top of their SIEM versus maybe some of the displacement opportunities that you talked about in the prepared remarks?
Kevin R. Mandia:

Sure.
Gabriela Borges:

And what types of functionality is standing out versus some of the incumbents in the space? Thanks.
Kevin R. Mandia:

Yeah. So when I look at security operations, the SIEM to me – at least the traditional SIEM was the data aggregator and then present the data you aggregated to make sure you are compliant with some capacity. And then the second generation was let's take that data and allow some action on it, not necessarily smooth automated orchestration, but some action. As we build Helix, Gabriela, what I'm noticing is, we're building it to take threat intelligence and provide context and answers. We're building it so that you can go from data, to action, to fix, I always call that the alert to fix process. And as we're building Helix and the apps that go with it, it just so happens that we have to create a SIEM app, that app that takes in a common event format and other data and presents it in a meaningful way to the folks that are sitting in the Security Operations Center, which is what the first-gen of SIEM kind of did. And then we added the compliance reports to it. So I kind of almost want to answer the question and what does the next-gen SIEM do? Well, it's got to be able to do analytics. It's got to be able to have threat intelligence management from many different sources. It should be able to answer questions, provide better workflow, aggregate the data and orchestrate the countermeasures and automate the security operations that you can automate. And as we keep building Helix, what we've noticed is, we're getting to a point in Helix where a SIEM takeout is a reality. We can do it. That doesn't mean, we can't offer value sidesaddle to a SIEM, meaning if you already have as a prospect, all your data in the SIEM by adding Helix it's like adding our security expertise to your security operation center, you can know what we know based on our threat intelligence. We can take alerts from the minimization you do in your current SIEM and provide context to it and provide value on top of that. So we don't have to go in and tear SIEMs out and say, here we are. We offer value on top of pre-existing SIEMs in regards to orchestration and threat context. But we've also recognized as we build out Helix we need those SIEM features in there.
Gabriela Borges:

That's helpful. Thank you. The follow-up is for Frank, if I could. I thought that $36 million disclosure was really helpful on what the short-term deferred would have been had it not been for the change in product revenue recognition. Do you have a sense for what that would have been for billings year-over-year growth? And the forward-looking question is, could you just give us an update on how much visibility you feel you have into the pipeline now versus a year ago now that all the go-to-market changes have been implemented? Thank you.
Frank E. Verdecanna:

Sure. And with respect to the change, yes, we started providing that slide in that metric just to show the big impact from ASC 606 and that headwind from product going down and relieving current deferred revenue and then not adding back as much into that. But I think as you look through that you can see that the other areas of the business, primarily the cloud subscriptions and managed services more than made up for that decline. And then with respect to the pipeline, I think we've got – given that we've got a mature sales leadership team. I think from a pipeline perspective, we have a very much consistent methodology about our forecasting in pipeline, and I think you've seen that in the results with us achieving our numbers the last seven quarters in a row. And so I feel really good about kind of our pipeline visibility into kind of the next few quarters, obviously beyond that, we obviously, don't have a ton of visibility into much beyond the next few quarters. But as we sit here today, we feel really good about the pipeline.
Gabriela Borges:

I appreciate the color.
Operator:

Thank you. And our next question comes from Gregg Moskowitz with Cowen and Company. Your line is now open.
Gregg Moskowitz:

Okay. Thank you very much, and good afternoon guys. I will add my congratulations as well. First question is for Frank, just wondering if there is any way to roughly measure what impact the new subscription model had on billings and recognize revenue in the quarter?
Frank E. Verdecanna:

So the new pricing and new subscription model had an impact in the third quarter, but I would say it's still really early days. We just came out with that really at the very beginning of the second quarter. So we saw some good contribution from that in the third quarter, but more importantly, we saw a pretty significant uptick in the pipeline relating to those new subscription offerings.
Gregg Moskowitz:

Okay, perfect. And then just for Kevin, you always I think have sort of thing around (38
Kevin R. Mandia:

I haven't felt a shift in the pricing. I've always believed with – we had signature-based detection on the Endpoint then we went to signature-less and that's what the next-gen does. And I'm very pleased with the results that we've seen with our MalwareGuard. So we have the next-gen detection capability in the FireEye Endpoint now. And yes, I'd like to use this opportunity, most people don't think of FireEye as an Endpoint company. We absolutely are. We just backed into it. We built the forensics capabilities first, which I think are the hardest things to build, then we got into Endpoint Protection with signature-based and the signature was tough that we're not new to it. We have had models and we've been working on it since 2009, 2010 timeframe, but we got it to market, I believe in August of this year in Q3, and we just love the results we're getting on the protection. On the pricing, to answer your question directly, I have not felt a shift in the pricing on next-gen Endpoint.
Gregg Moskowitz:

Okay. That's helpful. Thanks, Kevin.
Operator:

Thank you. And our next question comes from Michael Turits with Raymond James. Your line is now open.
Michael Turits:

Hey guys, good evening. Two questions. First on the Helix, now with the new capabilities out for a point third-party data as well as automation. I was wondering, what – if you could talk about what you think the outlook is for monetary conversions of Helix? And then I've a follow-up.
Frank E. Verdecanna:

Yes, Michael. So in the quarter, we did close over 100 Helix customers, about a third of those included subscription for the Threat Analytics. So if you think about those customers are basically signing up to be able to ingest third-party products into Helix and they're paying us on an events per second basis. So that's one monetization model, but one of the other things as Kevin talked about earlier was the launching of the expertise on-demand, which is basically going to be a click to chat button within Helix. And so we just started selling that and we really expect that to have a pretty significant monetization stream on top of Helix as well.
Kevin R. Mandia:

Yeah. And the third one is just bringing the intelligence to the person in the operation center, where we can marry up that contacts that you subscribed to and you can get full color. What I found throughout my career and to some extent it surprised me when someone has a compromise, who did it absolutely matters, what those people normally do when they break in the company's absolutely matters. So that you can assess risk and we have the ability to bring our intelligence to market not just as a subscription directly, but also make it easier to consume right in Helix.
Michael Turits:

Great. And then for my follow-up, I just wanted to – last quarter, you commented that I believe the billings to me that you said, your pipeline growth was double-digit. And we have some nice double-digit metrics. This quarter is still around cloud subscription. Can you comment again on how that pipeline is doing and maybe walk us through to the point where we can actually see that driving both top line and billings at that double-digit level?
Frank E. Verdecanna:

Yeah. So I mean the pipeline has been growing very nicely. And I think, again, we focus very much on the current quarter and the next quarter thereafter. Beyond that people aren't as – don't put as much data into the tool beyond the next few quarters. But I think as we look at the cloud subscriptions and managed services, you can see that has been growing nicely double-digits and when you look at the newer products that we've launched and the innovation on those new products, we have been seeing double-digit growth there.
Michael Turits:

Thanks.
Operator:

Thank you. And our next question comes from Fatima Boolani with UBS. Your line is now open
Fatima Boolani:

Good afternoon and thank you for taking the questions. Kevin, maybe to start with you a question on your consulting business with Mandiant. It's been pretty strong internationally and I know this quarter was a little bit lighter than what we were looking for. But I'm curious if that's a function of you just being capacity constrained, as an organization or if sort of there is any change into the domestic demand environment for Mandiant Consulting Services? And I have a follow-up for Frank.
Kevin R. Mandia:

Yes. I don't feel any change in the demand for and we're a product company, first and foremost, but we love being out on the front lines. And I think, maintaining that, what I call the Incident Response Vantage point, where we responded the breaches that matter and we try to get that front row seat to help technologies abated, how processes need to work and we take advantage of that by building and innovating our products around it. I don't feel – when I look at the services and I look at our chargeability and what we're doing I feel its performance. Yes, I don't know what your expectations were. But I looked at it and it did what we expected it to do.
Frank E. Verdecanna:

Yes, Fatima, we actually had a record services revenue quarter. I think you were referring to services billings and the thing to keep in mind in services billings is, there is always a different mix of fixed bid versus time and material contracts. And so demand has been as strong as ever. It's just a matter of – the billings number will always change based on the mix of how many deals are time and materials, which are built after delivery versus fixed bid compromise assessments that would be billed upfront.
Kevin R. Mandia:

And to reiterate from my remarks earlier – the prepared remarks, year-to-date, we're responding to more breaches than in the past and we're doing more assessments than in the past. And then I reported last quarter that about a third of our business was international. I didn't break it down this quarter yet, but you can feel the expansion internationally and we are hiring consultants as an as needed basis. We don't like to have a lot of consultants on the beach. So sometimes we're hiring maybe behind the power curve in regards your growth there, but we have found that's just the right way to run a services organization, you get – you keep people on the streets, doing the work.
Fatima Boolani:

That makes a ton of sense. And Frank, a quick one for you, just digging into ARR and the trajectory there. So as we think about your product and appliance business sort of stabling out and sort of plateauing as customers elect more hybrid deployment, and virtual deployment, and cloud deployment. How should we think about the maintenance support trajectory within the ARR bucket? And then to the extent, you've had customers transition their existing support agreements to other form factors of your products. To what extent do you have either a proactive or reactive programs to kind of help them consume your product functionality in the way that's best suited for them?
Frank E. Verdecanna:

Sure. So with respect to the kind of the ongoing maintenance and subscriptions related to kind of the appliance business that should – assuming we continue to keep our renewal rates where they're at. That should have a negligible effect on ARR. Basically if you're renewing exactly what's coming up for renewal, ARR would stay the same and then we'd see growth in ARR with the growth in additional cloud subscriptions and managed services and other new subscription offerings. As far as – when you look at the various components of what continues to drive that. We do have some customers that were legacy on-prem customers that are moving to our cloud offering. That's going to have a positive impact on ARR because your annual spend with us is going to be higher than the legacy support and subscription spend. So that should have a continued positive impact on ARR. And we do have playbook in place for customers that are moving to the cloud. We have an easy way for them to go from on-premise to our cloud solution.
Fatima Boolani:

That's very helpful. Thank you, Frank.
Operator:

Thank you. And our next question comes from Melissa Franchi with Morgan Stanley. Your line is now open.
Anjelo D. Austria:

Hi, this is Anjelo Austria in for Melissa. Thanks for taking my question. First question is just wanted to comment on, you mentioned another strong quarter internationally. Were there any regions showing outside strength in Q3 or showing particular promise going forward?
Kevin R. Mandia:

Yeah. I think we are referring to, and this is Kevin speaking, in regards to services, we had a – we are growing it and expanding it internationally year-over-year. Traditionally, our services is very strong in the United States that's where it heralds from and that's where it started, but with a concentrated effort we've been expanding it internationally and it's been growing in last quarter about a-third of our business was international in regards to our services component. In regards to our overall performance in every geography, I think almost all of it was in line with our expectations for the most part.
Anjelo D. Austria:

Got it. Thank you. And just on new customer adds another quarter of year-over-year growth although decelerating a little bit from a really strong Q2. How's that new logo add growth come versus your expectations?
Frank E. Verdecanna:

So we actually saw year-over-year growth in new customer logos for the second consecutive quarter and I think what we're seeing like Kevin mentioned is that we are seeing new customer logos come from a few different areas, which is nice to see that it's not – we used to have network be the tip of the spear. Right now, you can see new logos coming from e-mail, Endpoint, services and then also we still do get some new logos from the network side of the business as well.
Anjelo D. Austria:

Got it. Thank you.
Frank E. Verdecanna:

Thank you.
Operator:

Thank you. And our next question comes from Shaul Eyal with Oppenheimer. Your line is now open.
Shaul Eyal:

Thank you. Good afternoon, guys. Congrats from my end as well with respect to solid set of results. Sure. Kevin, perception-wise and, again, just perception, FireEye is not a name, which is observed as probably one of the things gaining market share. In your view, are you beginning to see more displacements? And if so, who is the major market donor? Is that the legacy guys, some of the Endpoint guys, maybe on a specific company or market category perspective, any views on that front?
Kevin R. Mandia:

Yeah. I'm not sure what you're referring to when saying we're not perceived as gaining market share. We have – our products are growing and it depends on which one as to what we're up against. I still feel that we respond to virtually every single security breach that matters. We know more about the threat actors than anyone with our threat intelligence, our Endpoint's been growing year-over-year for most quarters, our e-mail security platform has shown growth, even our network. So which market specifically you're talking about because we play in several different markets.
Shaul Eyal:

Fair enough. Let me try and rephrase it, maybe on the network front.
Kevin R. Mandia:

Yeah. On the network front, we are – the reality is as we've been designed at the onset as a platform that had signature-less based detection of threats that the firewall traditionally missed. What we've seen over the years is that we had to stabilize that business that declined in sales in 2016. We found a way to get it into other areas. We're going into other niches like network traffic analysis and we're showing value in east-west traffic and we're continually adding features to it. But it is a – as I refer to, it is a layer two behind the firewall safeguard. The good news about security is you need multilayer security and we do detect what traditional safeguards miss with our Network product. I'm really not sure there's a competitor for it. It's whether people want two layers of defense or not on their network.
Frank E. Verdecanna:

I guess, Shaul, just to add to it. One of the things we are really excited about is the fact that we moved to that first line of defense in a lot of cases has opened up some pretty big opportunities for us. And in the third quarter, we had a seven figure deal where we actually replaced a legacy AV vendor. We've also – our Helix sales have been traditionally replacing some legacy SIEM providers and in October, we actually closed another seven figure deal where we actually replaced the next-gen SIEM. So I think that movement and the innovation on those folks has really helped us be able to go in and compete for existing budget, which has helped.
Shaul Eyal:

Got it. Thank you for that elaborated reply. And maybe just as a follow-up with respect to Kevin's prior comment on trying to avoid consultants hanging down on the beach, Frank, what will the overall head count by the end of the quarter versus last year. How's the overall hiring environment?
Frank E. Verdecanna:

It's slightly up, Shaul. And the good news is that's one of the areas that we continually to focus on adding folks because if you look at what we've been able to do over the last, I'd probably say last year-and-a-half, for the most part we've been selling more services than we've been able to deliver. And so we've created a backlog of opportunities primarily on compromise assessments and penetration testing where we can actually go in and once we get these folks hired and trained, we can deliver on those services. So that's – we continually keep those – that hiring process and that machine going, those folks are not easy to come by, but I think we've done a great job on finding that talent and also retaining that talent.
Shaul Eyal:

Great. Keep up that great job. Good luck.
Frank E. Verdecanna:

Thank you.
Kevin R. Mandia:

Thank you, Shaul.
Operator:

Thank you. And our next question comes from Sterling Auty with JPMorgan. Your line is now open.
Sterling Auty:

Yeah. Thanks. Hi, guys. I'm curious what you're seeing in terms of what are the average discounts in deals looking like this quarter versus over the last several quarters?
Frank E. Verdecanna:

Hey, Sterling, actually it's pretty remarkably consistent when we look at the discount rate across products and even on the new pricing. We've just tended to have – we have processes in place and controls in place. So there's typical thresholds that more people need to get involved. And so it's been relatively consistent over the last couple years really.
Sterling Auty:

All right. Great. And then with all the talk of the shift in terms of appliances, et cetera. What do you think needs to happen to see consistent double-digit billings and revenue growth from FireEye moving forward?
Kevin R. Mandia:

Well, the first thing that had to happen Sterling was a stabilization on the product. And I think we've seen that over this year and that's why 2018 is return to growth. I think going forward, as you look, the new product continue to grow really nicely. I think we're start – and more importantly, they're becoming a bigger piece of the overall business, and we talked about in my prepared remarks that the newer products are now 50% of our overall sales. So I think just that the fact that it becomes a bigger part of our business will help the overall growth rate, and we're tracking exactly kind of where we had expected. And so we'll continue to kind of – continue on the innovation and we feel really good about those products and the competitiveness of those products.
Operator:

Thank you. And our next question comes from Gur Talpaz with Stifel. Your line is now open.
Gur Yehudah Talpaz:

Okay. Thanks for taking my questions. One for Kevin, one for Frank. So Kevin, a philosophical question. One thing I'm noticing in your tone in your commentary, especially over the past few quarters is sort of a greater willingness to serve less as an augmentation layer and more as a first line of defense, especially, in areas like Endpoint and like SIEM. So can you talk a bit about that, what's giving you confidence here to kind of strike that tone beyond just sort of the handful of deals you're referencing?
Kevin R. Mandia:

Well, so Gur, I mean, I'm a proponent of it, but we are doing other things as well. So, and I love the last question that Frank got and I probably could talk for half an hour on it. But obviously when you go into any opportunity, you sometimes end up in what I call a spoke-on-spoke knife fight, Endpoint versus Endpoint. And we have to evolve our company so that we don't lose any spoke-on-spoke knife fights by saying, when you have our spoke meaning either e-mail, or network, or Endpoint with Helix as the interface, we then bring to bear intelligence, Expertise On-Demand, greater value, better visibility . And I'm doing a lot on the inside with the team. Our engineers did a great job this quarter. And I said in my prepared remarks, we have a click-to-try. We're pushing to have click-to-try, click-to-buy, click to make everything easier to do business with FireEye button and I think that's going to make a major difference. So when we're in spoke-on-spoke, we do have to have some layer one capability, So we did that with our Endpoint. We're doing that with our email. On network, it's a tougher challenge. I don't see us getting into the firewall business, okay? So we may be a layer two for network, but there's still a lot of value you can offer when you combine Endpoint, email and network visibility through the Helix interface. We're going to have some transformational Helix updates over the next four quarters and beyond. And when we have those updates and bring more of the expertise with our spoke products together with our intelligence together, that's what makes me feel pretty bullish on the growth story. People under estimate all the time the incident response vantage point that on a daily basis, we get a lot of hours of witnessing how the common safeguards are circumvented, how the process is broke down, which products are effective or ineffective and what people need to not be a headline. We witnessed it as far as I know more than anybody on the planet. If we build our products based on what we're learning from these experiences. It's going to be a lot of great future for us.
Gur Yehudah Talpaz:

That's a great color. Kevin, and thank you for that. Frank, sort of looking back to March, the Analyst Day guidance you gave for the long-term, rather the near to mid-term. How do you feel about that sort of pushing near into 2019 recognizing that you know you don't want to guide to 2019. But just kind of looking back to that framework. Is that still an appropriate framework do you think?
Frank E. Verdecanna:

Yeah. I think it's an appropriate framework. I mean one of the things that the only difference probably from the Analyst Day is, we have been seeing a significant amount of kind of Cloud MVX and virtual appliances that are being deployed in hybrid environments. And ultimately those are winding up on the product and related subscription and support line items. So I think you've seen a little bit more strength there and a little less strength on the cloud subscription just because of that classification. But really that's the only real change. I think 2018 is tracked very much on target of what we've talked about and in fact we've been at or above, pretty much every major guided metric.
Gur Yehudah Talpaz:

That's helpful. Thanks a lot and congrats.
Frank E. Verdecanna:

Thanks, Gur.
Kate Patterson:

We have time for one more question, please?
Operator:

Thank you. And our last question comes from Ken Talanian with Evercore ISI. Your line is now open.
Fenn Hoffman:

Hi. This is Fenn Hoffman on for Ken. Thanks for taking the questions. I was wondering if you could just talk a little bit maybe conceptually about how you're thinking about free cash flow margin for 2019?
Kevin R. Mandia:

Sounds like a great question for Frank.
Frank E. Verdecanna:

Yes. So we have – on the end of our Q4 call, we'll give our 2019 guidance, but traditionally free cash flow margin has been a little bit ahead of operating margin because of the fact that our average contract term is more than one year. So we expect continued growth on free cash flow and I think you started to see the leverage in the model of both in Q3 and in our Q4 guidance.
Fenn Hoffman:

Okay, great. And just as a follow-up maybe for Kevin. Can you talk a little bit about what kind of traction you're seeing with the channel versus the first half of this year?
Kevin R. Mandia:

What I have – my observables on that is the sentiment is better with FireEye, since we brought on Bill and senior leadership there we got consistent in the policies on how we're working with the channel. We've done some pricing modifications and some product campaigns. And I think that what I expect is just a – what I would call incremental increasing in channel leverage quarter-over-quarter.
Fenn Hoffman:

Okay, great, thanks.
Operator:

Thank you. Ladies and gentlemen, that concludes our question-and-answer session for today's call. I would now like to turn the call back over to Kevin Mandia for any further remarks.
Kevin R. Mandia:

I would like to thank everybody for attending this call. When I observe FireEye, I'm very proud that we're learning on the front lines, we're responding to the breaches that matter and learning from those. We are the trusted advisors when cyber security matters most. We are deploying people worldwide to learn more about what the threat actors are doing on the Internet today and what they're going to do tomorrow than any other company that I'm aware of. And we are taking the lessons learned from the front lines and we're relentlessly protecting our customers by automating every single thing we can in our software to protect our customers. I'm proud of how the engineering team has galvanized around with Helix and what we're building. And I'm just excited for the next 90 days and I look forward to talking to everybody probably exactly 90 days from today. Thank you.
Operator:

Ladies and gentlemen, thank you for participating in today's conference. This does conclude today's program. And you may all disconnect. Everyone, have a wonderful day. ***Text inserted in square brackets indicate edit requests, which directly came from the company IR on account of the technical difficulty they had during the call.

Mandiant, Inc. Q3 2018 Earnings Call Transcript

Other Mandiant, Inc. earnings call transcripts:

Mandiant, Inc.
Q3 2018 Earnings Call Transcript