Mandiant, Inc.
Q3 2017 Earnings Call Transcript

Published: 2 Nov 2017

Operator:

Good day, everyone and welcome to FireEye Third Quarter 2017 Earnings Results Conference Call. This call is being recorded. With us today from the company is Chief Executive Officer Kevin Mandia, Chief Financial Officer and Chief Accounting Officer Frank Verdecanna, and Vice President of Investor Relations Kate Patterson. At this time I would like to turn the call over to Kate Patterson. Please go ahead.
Kate Patterson:

Thank you. Good afternoon and thank you everyone on the call for joining us today to discuss FireEye's financial results for the third quarter of 2017. This is call is being broadcast live over the internet and can be accessed on the Investor Relation section of FireEye's website at investors.fireeye.com. With me on today's call are Kevin Mandia, FireEye Chief Executive Officer and Frank Verdecanna, Executive Vice President, Chief Financial Officer and Chief Accounting Officer of FireEye. After the market close FireEye issued a press release announcing the results for the third quarter of 2017. Before we begin, let me remind you that FireEye's management will make forward-looking statements during the course of this call, including statements relating to FireEye's guidance and expectation for certain financial results and metrics, FireEye's priorities, initiatives, plans and investments, FireEye's path to profitability, drivers and expectations for growth, the expansion of FireEye's platform, and the capabilities and availability of new and enhanced offerings, market opportunities and go-to-market strategies. These forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause results to differ materially from those anticipated by these statements. These forward-looking statements apply as of today and you should not rely on them as representing our views in the future, we undertake no obligation to update these statements after the call. For a detailed description of the risks and uncertainties, please refer to our SEC filings as well as our earnings release posted a few moments ago. Copies of these documents may be obtained from the SEC or by visiting the Investor Relations section of our website. Additionally, certain non-GAAP financial measures will be discussed on this call. We have provided reconciliations on these non-GAAP financial measures for the most directly comparable GAAP financial measures in Investor Relations section of the website as well as the earnings release. Finally, I'd also like to point out that we have posted the supplemental slides and the financial statement on the Investor Relations section of the website. With that, I'll turn the call over to Kevin.
Kevin Mandia:

Thank you, Kate. And thank you to all the investors and the folks at team FireEye, our customers and our partners who are joining us on this call. I appreciate your interest and support. Before we begin our discussions on our Q3 performance, I'd like to comment briefly about the alleged breach of FireEye that I spoke about at the beginning of our Q2 earnings call. For the past 90 days we've worked closely with law enforcement both domestically and internationally to assist in the investigation and identification of the anonymous person who is responsible for the attack on one of our employees and who falsely claimed to have breached our corporate networks. As a result of our joint investigation on Thursday, October 26 an individual is arrested by International Law Enforcement and taken into custody. I would like to express my personal gratitude and the gratitude of the entire FireEye team to the law enforcement officers who have worked with us to make this happen. Over my career, I found it frustrating how little risk or repercussions exists for the attackers who hid behind the anonymity of the internet and cause real harm to good, well intention people. These attackers rarely, if ever get caught and therefore I'm pleased, that in this case we're able to impose repercussions for the attacker and achieve a small victory for the good guys. Now let us get back to the reason you're all here with us today, our Q3 earnings and performance. Our past year and half we have been focused on two main priorities, right sizing our cost structure to support balance of growth and profitability and evolving our product portfolio to a comprehensive security platform delivered as a service, on-premise in hybrid environments or in the cloud. Going forward, we remain committed to innovating at a rapid pace and keeping our cause aligned with our opportunity. These are fundamental things we need to do to build for the long-term. Now it's the time for us to take advantage of the significant innovation we have delivered and to focus on growth and to refine our go-to-market strategies. Therefore today, I'm going to focus on three main topics the point to the progress we're making. Our Q3 highlights and update on our innovation and then some initiatives we're taking to drive growth. For Q3 highlights, first we did what we said we would do in Q3 meeting or exceeding our guidance ranges for our key financials metrics. In fact, we exceeded our guidance ranges for revenue, earnings per share and cash flow and our billings came in toward the high end of the range. On the billings front, product subscriptions grew 28% sequentially as we started to see demand build for our new solutions. We added 57 new Helix customers in the quarter and FaaS and iSIGHT also showed strong growth. HX, our endpoint security product had its best quarter ever. This is result of over a decade of front line experience responding to the breaches and knowing the features our customers need to withstand today's attacks. Mandiant Services had a record billings quarter and our team continue to respond to the breaches that matter most across the globe. We continue to execute well on our NX renewal and appliance refresh opportunity. From a billings perspective, we generated sales of more than 100% of the annual contract value up for renewal yet again in Q3 and we did the same in Q2 and we accomplished this through cross sell of additional solutions. We continued to drive operational efficiencies across the FireEye organization. We reduced our non-GAAP operating losses by approximately $22 million compared to the third quarter of 2016. In fact, we have reduced our non-GAAP operating losses by a total of more than $125 million during the first three quarters of 2017 compared to the first three quarters of 2016. Also year-to-date, we have reduced our non-GAAP expenses by over $100 million compared to this point in 2016. This is not a simple task. To reduce expenses while increasing our pace of innovation, that is exactly what we have done here at FireEye. I want to pause here to recognize the effort it has taken to get to this point and say thank you to all the FireEye employees. It takes a great company, with great people, with intentionality and focus to deliver innovation at an accelerated pace while significantly reducing our costs. Now I'd like to talk about some of this innovation we did in Q3. As I discussed these innovations I'd like to draw your attention to the fact that these innovations are derived by in our direct result from the observations we make during hundreds of thousands of hours responding to security breaches when other security products fail. We see what attackers do first hand. How they evade technologies, how these attackers operate and we learn what capabilities are needed to detect and stop these attacks. I believe we're perfecting a critical feedback loop, a cycle of innovation obtaining our knowledge directly from the front lines of cyber conflicts and feeding the right capabilities into our products. I'll turn to Helix first. We shipped Helix version 1.2 in the third quarter. This version builds on our goal providing security analyst a single platform to progress from alert to fix in a simple automated way. We incorporated additional alert management capabilities designed with the expertise of our Mandiant internet responders and our FireEye as a service analyst; we spend hundreds of thousands of hours annually finding the needle in the haystack of alerts. Speaking as a customer of our own products, where FireEye analyst use our software daily, we believe we've greatly enhanced our customer experience in Helix. We also linked all of our intelligence context every event in Helix to allow security analyst to make the best risk based decisions as they manage and prioritize their alerts and events from FireEye products or third-party products. Providing our Intel's like adding hundreds of threat analyst to our customer's security teams. Our analyst have the benefit of over more than 10 years' experience tracking the most advanced attackers on the globe and our customers can learn what we know about a threat at the click of a button. They learn at the critical moment of triage, when it matters most. No internet searches, no analysis, just answers. Although we're in the very early stages of the Helix introduction, we continue to see interest in adoption from customers ranging from Fortune 100 companies to small and medium businesses. In addition to Helix, we expect HX our next generation endpoint product to drive growth. We successfully released our signature based malware prevention capability with our Q3 release of HX version 4.0, the addition of legacy anti-virus capabilities make HX a replacement for legacy security endpoint products. HX can be deployed as an appliance, virtual or cloud solution and as a complete endpoint security platform that performs three important roles. First it detects what anti-virus detects, second it detects what anti-virus misses using our unique behavioral based and indicators engines and third it scales an organization security experts to perform forensics as needed with our best in class EDR solution. With the ability to consolidate endpoint agents in the areas of EDR and endpoint prevention at aggressive price points, we have made the FireEye value more compelling and simple for our customers and our channel partners. We also made important improvements to our network security product known as NX. Our Mandiant team has investigated hundreds of breaches over the last 10 years and developed a detailed understanding of how advanced attackers, these successful attackers move laterally through an enterprise after the initial compromise and how these attackers steal sensitive data and remain meretricious. With the release of smart vision for NX, we harness our front line expertise in an engine that detects lateral movement and data exfiltration using advanced analytics and event correlation, the smart vision capability allows it to amplify and correlate weak signals into real detection an unauthorized access an internal or what's called East-West traffic. While most network security solutions are still focused on the point of initial compromise NX is now able to alert across all stages of an attackers kill chain and operations. Advances in our machine learning innovations that produce noticeable increases in threat detection across our offerings this year. This is especially true for our email security offerings. Our email solutions provide an advance way of detection to more than 25 million mailboxes at some of the most critical commercial and government organizations in the world. We analyze approximately 70 billion URLs in each month. This volume of relevant data allows us to rapidly adapt our threat detection models. In short, our models get better, faster. Early in Q3, we updated our machine learning model to detect malicious URLs embedded in email and re-architected our cloud-based email solution to rapidly deploy and tune our models at scale. As a result, our ETP or cloud email solution detection, a malicious URL has increased more than 30-fold since the beginning of the year. Our email solutions are often deployed to bolster legacy email security offerings and we observed other email security solutions detecting less than 5% of the malicious URLs identified by our models. Even one week after we first detected the malicious URLs. With so many attacks originating in email, we're increasing our investment in this area. We recently completed a small technology tuck-in acquisition that will deliver additional capabilities in our ETP cloud email offering and Frank will provide more details on the financial aspects of that deal. In Q3, we also began shipping our fifth generation appliances across our entire network and email security products. These new Intel based appliances allow us to defend Windows and macOS devices on a single platform while offering increased performance. The new line of hardware appliances also includes the chipset capable of SSL decryption which is a feature we intend to enable in our software update in 2018. For customers who continue to deploy on-premise appliances our fifth generation hardware offers improved price performance and a clear migration path to hybrid and cloud-based security architectures. So we've had an abundance of innovation at FireEye and now it is time to promote the new FireEye solutions in the market. Therefore I'll focus the rest of my comments on some changes we're making to close the gap between the progress we've made innovating and getting the message out to our customers, our partners and to our prospects. First, and most importantly we strengthened our marketing team with the addition of new Chief Marketing Officer, Vasu Jakkal, I'm overjoyed that she has joined FireEye and she's leading our efforts to transform our marketing engine to reflect the innovation and thought leadership position that we hold. Now Vasu cannot do all this alone, so we also bolstered our team with our new Vice President of Product Marketing, Phil Montgomery. Vasu, Phil and their team are on a mission to transform our marketing to help customers better understand and benefit from our offerings and to develop the training, demand generation and channel marketing programs our field and partners need to make this transformation happening. In addition to transforming our marketing engine, we're taking other steps to showcase FireEye's innovation and increase the adoption of our products. We're making the Helix, the user interface for all of our spoke products. I've referred to our Helix interfaces as mission control, but it is the interface we have developed for our Helix platform that blends our spoke technologies, our intelligence and our expertise so FireEye is a seamless extension of our customer's security operations. We understand the importance of integration products and security relevant data and I believe the Helix interface will be best suited for all of our products. It is being strategically deployed to renewing NX customers in Q4 and will roll out to all customers for all of our spoke products over the course of 2018. Not only do we have the Helix interface provides the best customer experience, but it also enhances the value of all our spoke products with better work flow, linked intelligence and the ability to do countermeasures and orchestration. Integrating all the FireEye products, the intelligence, the third-party data into a single platform is the right route to take for our customers and I believe our seating strategy for the Helix interface will provide more opportunities for FireEye to grow. In addition to new marketing leadership and our Helix seating strategy, we intend to stay the course on our efforts to simplify our messaging, simplify our pricing and packaging and continue our commitment to our channel partners. To wrap up, in Q3 we did what we said we would do. I'm very proud of our efforts to innovate faster, while becoming far more efficient as a company. I believe in our vision and we're executing to it. We're focused on relentlessly protecting our customers with great innovative products, all built with lessons learned from the front line to the side room conflict. We have also been committed as a team to focus on building a company for the long-term. This requires us to drive growth, achieve non-GAAP operating profitability and generate positive operating cash flow. We made significant progress so far and I'm confident we will achieve these key financial milestones in Q4, 2017. Frank will now walk you through our Q3 financial results and Q4 guidance.
Frank Verdecanna:

Thanks, Kevin. I'm pleased to report that from a financial perspective we made significant progress on our path to profitability again in the third quarter. We also achieved several significant milestones including a sequential increase of $21 million or 28% in product subscription billings, record product subscription and support revenue and positive operating and free cash flow. We also met or exceeded expectations on all of our Q3 financial metrics including billings, revenue, gross margin, operating margin, expenses, EPS and operating cash flow. On today's call, I will focus on some additional details on the drivers of our Q3 results and our thinking around the fourth quarter guidance ranges. Before we begin, let me remind you that when discussing gross margin, expenses, operating income and EPS. I will be referring to non-GAAP measures which excludes stock-based compensation, amortization of intangibles, non-cash interest expense on our convertible debt and other non-recurring items. Starting with the P&L, billings of $201.7 million were above the midpoint of our Q3 guidance range and reflect a continued execution on the NX refresh migration opportunity. Record endpoint sales and sequential on year-over-year growth in the Mandiant Consulting business which continued to operate near capacity throughout Q3. We also posted year-over-year growth in both FireEye as a service and iSIGHT threat intelligence. At high level, we continue to see broad distribution of business across our vertical markets. Our Fed business was seasonally strong as expected and accounted for approximately 22% of our Q3 billings. We also started to see some momentum build in the EMEA region under Kevin Taylor's sales leadership and our channel partners have built a very strong pipeline for the endpoint security going into the fourth quarter. Looking at the details, total billings of $201.7 million declined 6% from a year ago, reflecting the year-over-year decline in product billings. We continue to outperform our expectations on the NX refresh opportunity, but we're starting to see some increased adoption of our Cloud MVX offering. While we believe this is a positive for us in the long run, it created something of near term headwind to our product billings. The increase in adoption of Cloud MVX coupled with growing momentum in our unattached iSIGHT's intelligence and FireEye as a service subscriptions and strong renewal performance drove us 28% sequential increase in our product subscription billings. Both FireEye as a service and iSIGHT threat intelligence had strong quarters and we added 57 new Helix customers bringing the total to 71. The average contract length was 25 months, up slightly from Q2 but down from the 27 months in the third quarter of 2016. The sequential increase in the average contract length reflects typical seasonality associated with the higher mix of longer term government contracts compared to Q2. The decrease in contract length year-over-year reduce subscription and support billings by approximately $11 million compared to what billings would have been had the average contract length remained constant at 27 months. We expect contract length to stabilize in the 20 to 24 months range on an annual basis with seasonally shorter contract lengths in the first half of the year and seasonally longer contract lengths in the second half of the year, due to the government contracts in Q4 budget flash. While the headwinds from the decline in appliance sales and average contract length continue to impact our growth overall. There were several indicators in the detailed metrics that suggest we were starting to build momentum in their business. Overall the number of customers with three or more products deployed increased 16% year-over-year. At the end of Q3, approximately 38% of our customers had purchased three or more of our product families. Transaction velocity continue to increase with total transactions up on a year-over-year and sequential basis as our existing customers continue to renew and expand their deployment of FireEye solutions. We added 234 new customers in the quarter up from 221 in Q2. Our renewal rate which represents our customer retention rate was consistent with the first half of 2017 at approximately 90%, with dollar-based yield above 100% on a rolling four quarter basis. We booked 43 transactions greater than $1 million including two transactions just over $5 million. This compares to 47 transactions greater than $1 million and two transactions greater than $5 million including a $9 million contract with the government agency in Q3 of last year. Both of the $5 million plus transactions this quarter included the breadth of our solutions including network, email and endpoint security as well as FireEye as a service and professional services. All but two of the 43 greater than $1 million transactions included multiple products and 25 included three or more product families. About half of these deals included endpoint security and about a quarter of them included FireEye as a service contributing to strong quarters for both of those products. On the revenue side, double-digit year-over-year growth in subscription, support and professional services offset the decline in product revenue and resulted in a total revenue of $189.6 million an increase of 2% from the third quarter of 2016. Just a couple notes on the components of revenue, product revenue of $30.5 million was essentially flat with Q2 and in line with our commentary from last quarter's call. Recall [ph] that we outperformed on product revenue in Q2 and expected to be relatively flat in Q3 with Q2. Product subscription revenue of $89.9 million increased 11% from a year ago and 4% or $3.6 million from Q2. Mandiant professional services post revenue of $33.5 million up 13% from Q3, 2016 as we continue to operate newer capacity and chargeability remains high. Historically Mandiant engagements have resulted in additional product and FireEye as a service billing in future quarters and our continued strength in this segment of the business is one of the reasons I remain confident our long-term strategy and outlook. Our top line over performance was accompanied by continued discipline on the cost and expense lines. Resulting in better than expected operating margin and EPS. Gross margins of 73.8% improved slightly on both a sequential and year-over-year basis. Product gross margin increased by more than two percentage points from the second quarter reflecting a stable pricing and continued efficiencies. Subscription and services gross margin remained essentially flat on a sequential basis. Total operating expenses were $144.6 million, a decrease of nearly $20 million or about 12% from a year ago. On a sequential basis, compared to Q2 expenses increased by about $3 million primarily on the R&D line. The sequential increase in R&D expenses reflected a modest increase in headcount associated with the accelerated innovation plans. Headcount increased by 79 people from Q2, 2017 as we backfilled some of the open positions. Our strong revenue performance coupled with continued expense discipline resulting in better than expected operating margin of negative 2%. Our Q3 operating loss has decreased by $20 million from a year ago and we're on track to deliver non-GAAP operating profitability in Q4. Our improved operational efficiency also allowed us to outperform against our operating cash flow guidance range posting an operating cash flow of $12.5 million compared with a range of $1 million to $10 million. We added approximately $10 million to our accounts receivable balance in the quarter and DSOs measured on a basis of billings decreased by three days to 55 days from the end of Q2. Our balance sheet remains strong with cash and investments of $879 million and deferred revenue of $631 million. Compared with the end of Q2, current deferred revenue increased by $13.6 million to $409 million while non-current deferred revenue declined by $1.5 million. The decrease in long-term deferred revenue reflects year-over-year decline in average contract length. Those are the highlights of our Q3 financial performance. Let's turn to the outlook for the fourth quarter. For Q4, we're now expecting billings in the range of $210 million to $230 million and revenue in the range of $190 million to $196 million. These top line guidance ranges reflect Q4 seasonal strength as well as the continued growth in pipelines for both Endpoint and Helix. While we're encouraged by the momentum we're seeing in the subscription based solutions we're taking a slightly more conservative view of the fourth quarter and narrowing the range and taking down the Q4 billings guidance because there are some larger committed subscription deals in our pipeline, that look to have shorter contract lengths compared to what we're expecting when we reiterated our annual guidance last quarter. We're expecting gross margins to increase to 75% and operating expenses to be flat to slightly down on a sequential basis resulting in a small non-GAAP operating profit for the fourth quarter at the revenue midpoint. We also expect to generate positive operating cash flow of between $16 million and $25 million in the fourth quarter bringing the full year operating cash flow guidance range to $1 million to $10 million. The increase in Q4 operating cash flow compared with Q3 reflects the higher beginning receivable balance and increased billings. Using shares outstanding of approximately $182 million for Q4, we expect to post the loss per share in the range of $0.03 to breakeven. Our Q4 guidance takes into consideration the small acquisition Kevin mentioned earlier, which we expect to have less than $500,000 impact to the top line and net neutral to the operating margin. This acquisition had a purchase price of approximately $9 million half of which was paid in cash and half in stock. For 2017, our Q4 guidance combined with our Q3 year-to-date actual result in guidance ranges $736 million to $756 million for billings. $739 million to $749 million for revenue and a loss per share of $0.16 to $0.19. Our guidance for capital expenditures have changed a bit as we will have some CapEx relating to our headcount removed slipped into Q1. We now expect CapEx for the full year in the range of $40 million to $45 million which includes approximately $20 million associated with our move into headquarters single building. We expect to complete that move in January 2018. That's it for my prepared remarks. Before I turn the call back over to the operator to begin Q&A I want to let you know that we continue to work on recasting our 2016 and 2017 under the 606 revenue guidelines. We expect to provide full financials with our Q4 earnings release in early February and anticipate that our 2018 guidance will reflect adoption of the standard in Q1, 2018. Finally mark your calendars for our 2018 analyst day on March 1, at the NASDAQ Entrepreneurial Center in San Francisco. With that I'll turn the call back over to the operator for Q&A.
Operator:

[Operator Instructions] our first question comes from the line of Gabriela Borges from Goldman Sachs. Your question please.
Gabriela Borges:

Maybe just picking up where Frank let off, in the shorter contract length. Frank, I'm curious if you look at the pipeline from an annual contract value standpoint, do those metrics maybe look a little healthier and did anything else change in the forecast. And I know there is a lot of moving pieces, maybe if you look out beyond 4Q, you give us a sense of our overall conviction level and being able to grow billings after 4Q. Thanks.
Frank Verdecanna:

Thanks, Gabriela. As we look at the pipeline I think, it really pertains to a handful of larger deals that are looking to track to shorter contract terms and when I say shorter contract terms I'm talking about how much bill upfront, most of these will actually be longer term agreements but build annually. So I wouldn't when we look at kind of beyond Q4 it doesn't look like there's much difference than our historical contract terms, right now.
Gabriela Borges:

Okay that's helpful, thank you. Maybe as a follow-up to Kevin. You touched on some of the changes in making, to how your go-to-market with Helix in the prepared remarks. Could you maybe just give us a little more detail on the different between the Helix and to phase [ph] that will be included with some other renewals, versus maybe monetizing Helix through some of the rich intelligence data and the remediation playbooks that would other be available for upsell. Thanks.
Kevin Mandia:

Yes, it's a good question. So first and foremost, I'd like to say, when you come up with a new product like Helix. It takes time for the reputation of the company to catch up and so we're just in the early innings of Helix, it's being adopted and you'll see more and more momentum behind it, when our customers are recommending it to other customers. But I also feel we're also battling what is 13 to 14 years of history as an appliance company and now we're trying to build a real security operations platform, so it does take time to sway the market and push the market and get a reputation aligned with our actual innovation, so there's a lag there we'll focus on it. The second thing is this, I do believe our Intel is a differentiator and I want to go back to our customers. It doesn't feel right to me that we have many products in many interfaces and there one way you can do a lot of these things, that's the best way to do it. If you have an event that matters, you want to go from that event or that alert to knowledge about it and to fix rather quickly that's a repeated pattern best built once and provide it to all of our products, so that's what we intend to do. We also like the idea of putting the context in Helix first, we do have all our spoke products benefit from our intelligence but the interface that we're building for Helix is for that security operator and I think that it's just the right interface for all our spokes, so the vale will be Intel, it will be the remediation, it will be the ability with any of the FireEye products to integrate other alerts into the interface and I just think, that's what I would want, if I were sitting on an op center, so why not give it to the folks that have invested in us, so we're going to do that. And we want to drive adoption Gabriela because that's how you get momentum behind your products. We're in the first inning, this is the best way to get that momentum. Get people using it, learn from it, get it out there and get a reputation of operationalizing security.
Gabriela Borges:

I appreciate the color. Thanks very much.
Operator:

Thank you. Our next question comes from the line of Anne Meisner from Susquehanna. Your question please.
Anne Meisner:

So Frank quick follow-up on just sort of the Cloud MVX impact to billings and revenue. I assume that with the mix shifting a little more to Cloud MVX that might be what is incrementally weighing on those items? I'm just assuming that the MVX deals would tend to be one-year in duration since they're SaaS deals and then also ratably recognized versus the alternatives which would be MVX on the appliance or the data center which I assume is product revenue, do I have it right?
Frank Verdecanna:

Anne, it's exactly it. So basically if you think about the impact. The impact of moving the cloud will have some shipped between product and product subscription, but it will also impact the contract term because some of the subscription deals tend to be shorter term than the appliance sales.
Anne Meisner:

Okay, great. And then quick follow-up for Kevin on the Endpoint product. I know it's still early days with respect to the newest release that has a full anti-virus replacement. But I'm wondering who you're seeing competitively out there in those deals, you obviously did have a lot of activity there this quarter and how has that changed relative to the competitive set that you saw with the traditional Mier [ph] Endpoint products?
Kevin Mandia:

Well, Mier [ph] did have a real competitive set, it was used to enable our services folks to be investing for the responders in the world and the nice thing about the Endpoint is we've had the opportunity behind virtually every single Endpoint technology as we respond to breaches. There is a lot of people in the market and what differentiates us, is first and foremost the table stakes are, you have to detect what anti-virus detects. We now do that and a lot of other technologies do that. But in addition to that, you have to detect the attacks the anti-virus and signature based technologies miss. We do that and now you have a reduced set of Endpoint players that do that, but third maybe the most differentiating is we already scale the forensic experts and that's important, sometimes 99% detection efficacy just isn't good enough or you have your own unique needs where you need forensic experts to deep dive boxes and that's a capability that we have along with containment that brings the set of Endpoint products down to very small handful of folks that can show up and make similar claims. So I like what we're doing there and I think the true advantage is, we've been doing this not for five years, but well over a decade of building a technology that really was built to be there when the other technologies fail, that's a great position to own, we do own that position in my opinion and it helps us build the right Endpoint product because we're seeing the attacks first hand. That forensic capability is critical in my opinion, it's the hardest one to build, we already have it.
Anne Meisner:

And that's great. Thank you.
Operator:

Thank you. Our next question comes from the line of Andrew Nowinski from Piper Jaffray. Your question please.
Jim Fish:

It's Jim Fish on for Andy, thanks for the questions. First, Frank can you talk a little bit about this on the prepared remarks. Can you give us a little bit more color as through the pull through of the Mandiant business of product and subscription in the quarter and any update on the attached versus unattached within the subscription line today?
Frank Verdecanna:

Sure, we continue to see pull through from both the incident response and compromise assessment engagements I think that's historically been pretty consistent. So I think if you think about the significant breach activity quarters, where you still see a decent amount of pull through in the next few quarters thereafter. If you're looking at on a product subscription basis, about 65% of that was coming from unattached this quarter versus 35% coming from attached.
Jim Fish:

Okay, got it. Any update for that compared to last year, was it kind of reversed?
Frank Verdecanna:

So last year was closer to 50-50, it's been trending closer to 60-40. 60% unattached. This quarter was 65% because of the strong quarters were both FireEye as a service, iSIGHT intelligence, and cloud Endpoint and network.
Jim Fish:

Okay, got it and then Kevin probably more for you. On the small asset purchase you did here within email, what did that company give you that you didn't have before that make EPP more competitive.
Kevin Mandia:

I think on the email product, we're really good at detecting what everybody missed. I think every company starts [indiscernible] you have to go into adjacencies we had to broaden what we detected and we had to do more of what I would call, the blocking and tackling and hygienic portions because that's what our customers are asking us to do. We have a lot of customers there, Jim that keep saying, can you just do this? So we picked up a small company with a bunch of email, security experts, take the broad in from only detecting pretty much the most advanced attacks to doing more of detecting all the attacks that you see in large volumes every day.
Jim Fish:

Got it. Thanks guys.
Operator:

Thank you. Our next question comes from the line of Sterling Auty from JPMorgan. Your question please.
Sterling Auty:

One question, one follow-up. I'm still little confused in terms of when we look at the billings outlook. Frank I heard what you said about conservatism on couple large subscriptions but I think what we're all trying to get is, normalizing for duration, once you get past the conservatism of those couple of subscription, large contracts, how should we think about the growth dynamics from here in terms of the billing component?
Frank Verdecanna:

You know I think certainly we'll talk about 2018 after our next call, but our expectation is that in Q4, that we're going to be able to overcome kind of the headwind on the product side and grow billings in revenue because of the growth on the product subscription side. So the contract term definitely has an impact and that's why I think you see the range coming down, but again our expectation is that we will be able to see year-over-year growth there and that will be the first time we're seeing billings growth in over a year.
Sterling Auty:

Thanks. And then, final question would be to the government sector you mentioned tough comparison I think last year the big contract. What did you experienced this year? Did you see the business in the government grow year-over-year and what kind of dynamics did you see in this sector?
Kevin Mandia:

I'll start first anecdotally and then Frank will give you the specifics, but FireEye products as well as our intelligence is very popular with our government. Lot of us, Sterling herald from that community. We have hundreds of employees that are former military, former government around the world and so we've always been popular there, but speaking to the exact numbers, Frank. I think I heard them but.
Frank Verdecanna:

I mean we had a great Fed quarter, it was kind of as expected because we did a light Q1 and Q2 in the Fed business, so we expect the Q3 was going to be a little bit of catch up there and it was, year-over-year it looked very similar. I think if you pull out the big deal from last year. There was a growth in number of transactions and total billings.
Sterling Auty:

Thank you.
Operator:

Thank you. Our next question comes from the line of Gur Talpaz from Stifel. Your question please.
Gur Talpaz:

So I want to start off by asking about Helix. Number of customers here spiked in the quarter by pretty significant amount off a small base obviously, but did you check anything within your go-to-market to drive this and then as a follow-up to that on Helix. I believe you're not selling it unbundled to [indiscernible] NX subscription. Can you talk about the expected impact from that pushed on bundled Helix? Thank you.
Frank Verdecanna:

Sure. So Gur on the Helix side, we did change the go-to-market in the sense that we also started providing Helix as the user interface for our single spoke sales. So we did have some strategic renewals in the quarter on the NX side where we did provide Helix as the user interface. And so if you look at the 57 customers that we added in Helix, I would say about half of those were paying Helix subscriptions and about half of those were providing the user interface as part of another spoke sale or renewal.
Gur Talpaz:

Okay, that's helpful. Default to that, with the push to common UI, across products and over the next kind of two or three quarters. How should we think about the potential for upsell, as you make this push and as you make this change?
Kevin Mandia:

I can tell you right now, when you see all our products in the single interface, first you get to see the access to Intel. The first [indiscernible] if you're not a Intel subscriber is a, you get about the first paragraph it's a lot of information but not probably answering mail for real security analysts, but it points you in a right direction to assign risk. Second thing is, you start recognizing that our products and other products, but our products will work in concert to go from that alert to the fix. So we believe if you're an NX buyer using the Helix interface maybe we'll see wait a minute there's an Endpoint product at this company and it works seamlessly with the network portion that matters, that's something that's needed in security, it's been needing for decades, but we've always had network security companies and then Endpoint security companies nobody pulled it together. Helix does that and but I think you go into accounts Gur, right now most people aren't ready to just rip out everything and start fresh, so you go in with the spokes, but the best way to bridge someone from one spoke to another, is in fact the Helix interface.
Gur Talpaz:

That's helpful. Thank you.
Operator:

Thank you. Our next question comes from the line of Melissa Franchi from Morgan Stanley. Your question please.
Melissa Franchi:

So Kevin you talked a lot about the product investments that you've made I guess over the past year and now you have a new CMO and so presumably you'll be ramping marketing investments. But I'm just wondering if you feel like you have the right sales structure in place to execute on this new product portfolio and particularly in relation to sales capacity, do you feel like you have update on the street?
Kevin Mandia:

Yes, we do.
Melissa Franchi:

Okay.
Kevin Mandia:

We're good.
Melissa Franchi:

All right. And then just one follow-up for Frank, sorry to beat a dead horse on the Q4 billings, guys. But just to clarify is the greater subscription mix, slower duration the only reason for the more conservative view on Q4 or is there other kind of macro or product considerations in that view.
Frank Verdecanna:

There really isn't any macro or specific product items driving that. It really is, just as we look at the quarter ahead and we look at the large deals in the pipeline a lot of them are just tracking to a shorter term than we were expecting. I think good news is, we still see the momentum on all the growth drivers ultimately a short of contract term is a not a bad thing, in lot of cases these are customers that are actually committing to longer term deals, that are being billed annually.
Melissa Franchi:

Okay, thank you.
Operator:

Thank you. Our next question comes from the line of Walter Pritchard from Citi. Your question please.
Walter Pritchard:

First question around the NX refresh. Can you give us the sense as to where we are in the cycle with the customer base from three, four or five years ago refreshing their NX appliances?
Frank Verdecanna:

Sure, Walter. So 2017 and 2018 are really the big refresh years if you think through. Most of the earlier product sales were kind of three-year terms and we had pretty significant product years in both 2015 and 2016, so a lot of those are coming up for renewal. Through Q3 year-to-date, we've done a great job on the refresh opportunity, we've had a lot of customers go refresh the hardware, we've had a lot of customers actually expand deployment by using some hybrid version of our cloud offering and that's one of things we saw in the third quarter was we're really starting to see some traction on the Cloud MVX side. So we've been very happy to-date we've seen up unto Q2 we've seen primarily appliance purchases and then in Q3 a lot more movement to kind of hybrid or cloud.
Walter Pritchard:

Got it and then just as a follow-up, I guess to what Melissa was asking around the factors. As it relates to Q4, is this transition of MVX, appliance to MVX cloud driving some of which you are talking about in the Q4 and how would you encourage us to think about that dynamic generally as we move forward. It sounds like something that could continue.
Frank Verdecanna:

Yes I think it is definitely part of the Q4, if you look at kind of Q4 pipeline some of those deals are NX refresh opportunities and they're going kind of Cloud MVX. There also is a lot of Endpoint deals that are going Cloud Endpoint which does go being sold as subscription and have the shorter contract terms. I think going forward, we would expect that will level out in some period in the - I think in 20 to 24-month range. Which is a little bit lower than [indiscernible] contract terms?
Walter Pritchard:

Okay, thank you.
Operator:

Thank you. Our next question comes from the line of Keith Bachman from Bank of Montreal. Your question please.
Keith Bachman:

I wanted to ask two questions. Number one, you mentioned there is a lot of transition going on including adding new marketing folks. How are you thinking about the broader implications of your price sets? More specifically FireEye's generally thought about as the premium price category. Are you trying to get more aggressive as you think about the next year or two in terms of your product capabilities? And I'm going throw in my second question, just in the interest of time. Just on Helix, understand completely that it's an avenue that could certainly increase cross-sell. And I just want to clarify as Helix standalone, do you also anticipate as you make the transitions with Helix in terms of positioning with customers? It is a revenue generator or you're thinking about more as the facilitator for cross-sell. Thank you.
Kevin Mandia:

Yes, I'll start on the first one and then pass it over to Frank. But one of the things that we were very cognizant of, and I get to talk to hundreds and CICOs [ph] and CIOs and CEOs every year and I can't tell you how fast it's pivoting, but the marketplace itself. When I talk to security professionals and buyers, it is pivoting at some pace to subscription mindset and annual billings. [Indiscernible]. And so we want to manage to that and that's why we did a study on our pricing because we were always pay for three years upfront and we were always in a perpetual license model. We want our buyers ultimately to be able to pick how the consumer technology whether by subscription or perpetual license and that's why we did that work, so we can be more nimble, more modern as this market place shifts. And I can't tell you what percentage of buyers prefer subscription and maybe a change is based on the tech they buy, but the change is happening at a certain pace. So and we'll keep you posted and we'll manage through that. So I wanted to address that. The market place is slowly pivoting more to a subscription mindset and more to annual billings.
Frank Verdecanna:

Yes I think Keith on the larger set of customers on the large enterprises I think you can think of the pricing changes that will make being more simplification and creating more different way to consume the technology. I think in the mid market there will be some opportunities for lower pricing like we did with our cloud, Endpoint solution which we think is really competitively priced within that market.
Keith Bachman:

Okay, great. And then Helix facilitator versus revenue.
Kevin Mandia:

I think the general path that we're going to be taking there is overtime. The more data that Helix manages, the more revenue we will see. So and we're trying to put more machine learning model in analytics. When you have hundreds of thousands of hours of finding the needle in the haystack every year as a company. If you just productize that and make it easy, you shouldn't, overtime we know we're not going to be source for all security relevant data. It's going to come from other products. But if we can manage the data, help people down select and fix it, which is what we do with our human every day. I think you'll monetize and I think you'll monetize it by saying the more you depend on Helix, the more you trust us and send the data into the system to manage your security operations, that brains, that hub of all the spokes will be monetized.
Keith Bachman:

Okay, all right. Great. Many thanks.
Operator:

Thank you. Our next question comes from the line of Jonathan Ho from William Blair. Your question please.
Jonathan Ho:

I just want in, one of your comments around the increased use of automation and capabilities around Helix. And can you maybe talk a little bit about what that does and both from an upside standpoint as well as the ability to increase your competitiveness.
Kevin Mandia:

And this is Kevin speaking. The reality when you look at the state of orchestration today, it's a productivity gain, that's really what it is. When you look at the tools like analytics, machine learning and automation it's making your experts more productive and faster. When we rollout orchestration at the large companies and we've done it in the government organization and the large organization. What we've noticed first is, what you automate first is the data collection all the triage steps that Tier 1 and Tier 2 analyst used to have to do, to now be automated and presented to you, and in some used cases like spear fishing you can straight through the whole thing from spear fish to fix. Every company ultimately will have to fine tune the automation at least today, where there is such heterogeneous networks and most companies have a 70 to 90 different at the large enterprises anyway many different techs. I can't quantify its 70 to 90, but I had run into that many before. But the automation is making you more effective, more efficient, more productive first and for some used cases it just automates the whole fix. Overtime what you'll see as people get more comfortable like the Helix system and their earned trust and the fidelity of works coming in, they'll automate more and more. But the stage we're at it, on my opinion as an industry is orchestration makes people far more productive than in the past. I've often caught next gen sim [ph] because you're going from the presentation of data to the actual action after the presentation of data. So I'm not sure that's the answer you're looking for, but as the real state, as we rollout orchestration that's what [indiscernible]. Make sure security teams get far more productive and they're automating some used cases today in overtime you'll see more and more automation. Fast forward three years from now, boy wouldn't you like to see machines at machine speed doing the majority of the fixes.
Jonathan Ho:

That's perfect. I just wanted to also follow-up with another comment that you guys made about breach rebranding [ph] potentially leading to few quarters of follow-on spend pick up. Given the activity that we saw this quarter. I guess I'm little bit surprised, we wouldn't see a little bit more of that in the fourth quarter, is that going to be a sort of longer term or is there a little bit breach fatigue out there, I'm just trying to understand through the dynamics relative to that comment in the guidance.
Kevin Mandia:

I'll turn this over to Frank. My first comments are, I don't know what breach fatigue is, we've been doing this as a business at Mandiant since 2004, so what we do is core business, we respond to breaches all the time and really when people notice upticks we don't we always have full bore just responding to breaches. There are pull through you get to be a trusted advisor, you meet people at the time of duress where they have to trust you and when you see them through those tough times that generally creates long-term relationships. But I've never quantified it quite frankly how that leads to massive sales down the road. We're just kind of stuck in the moment saying how do we handle this thing the best we can, so on the wrong got [ph] answer what does that mean for business in the out years because for us, we're just full bore responding to breaches all the time.
Frank Verdecanna:

Yes the short-term is much more challenging to kind of nail down because a lot of these breaches, we could actually deploy our equipment and actually rent in for a period of time before a larger overall purchase. So timing wise, we've seen anywhere from a quarter to two, three quarters out from the time of the breach.
Kevin Mandia:

From my standpoint I truly don't know if there's really an uptick, you may be reading about more today what that really shows you not necessarily uptick in breaches, but that potentially the liabilities are more severe today than in the past.
Jonathan Ho:

Thank you.
Operator:

Thank you. Our next question comes from the line of Gray Powell from Deutsche Bank. Your question please.
Gray Powell:

So I just had another question on Helix and to some extent you've probably answered it, but I just want to make sure that I actually understand it. So when you talk about seeing the customer base and rolling out Helix to all customers in 2018, I'm thinking it to me, that you're effectively giving it to them for free in order to drive additional product sales and then overtime as they run more data through Helix that will be a relevant opportunity, just want to make sure that's correct. And then are there different versions of Helix, is there like a free version of Helix that you're rolling out to everybody versus like a more feature rich version with more threat intelligence that you charge for. I just want to make sure that I fully understand it.
Kevin Mandia:

Yes I'll answer the question and then I'll turn it over to Frank and he'll clarify any confusion I'll leave behind. The first and foremost we've got tons of great UI developers building the same darn features in different interfaces, it makes no sense to me that's not efficiency, we should have our best people creating the workflows, the workflow for all our products is almost identical. I don't see a difference to it. So we should be working towards one customer experience, one interface and that's what Helix is. And where you'll get the upsell, if we're just doing FireEye alerts into that. Our FireEye alerts are high fidelity alerts. If you're getting a lot of FireEye alerts that's a big problem, quite frankly. We usually alert, we minimize on the fly and where other appliances and products maybe noisy, we're generally not noisy. But we're the alerts you pay attention to. So I can't see us, if you're just firing FireEye products into Helix that being in abundance of data, but the value of Felix as we prove it out, that give us your net probe, give us your active directory logs, give us other security data and bring it altogether so that all your products can integrate and perform at a level that is more aligned with your risk profile then I think you're going to see more and more of an ability to monetize because people are going to rely and depend on other features and other products being integrated in. so the bottom line is, there will be a threshold point, where the alert volume and data does grow and it will grow the charges, but I think that right now in the first inning we want to make sure the experience using all our products is as great as it can be and that's putting all our resources on creating an interface that can deliver.
Frank Verdecanna:

Yes, Gray. I think the way to think about it is, if it's going to be a user interface for one of our spokes, there may not necessarily be an up charge unless they add additional spokes to it or they add additional alerts from other technologies into it and use it as a true mission control center. If it's just the user interface they may get that as part of renewal or part of renewed spoke sale.
Kevin Mandia:

Gray I'm sensitive to this because my first job ever was guy sitting there pivoting from screen to screen to screen from top secret, to secret to unclass to this system, that system. In fact I'm holding up, that we had to login every darn system separately to review the log files. Our stuff is so - a lot of people consume it through [indiscernible] consume it through analytics platform but we have all those expertise, we have all that talent. We know what bad looks like, our interface should be able to integrate with any other products and that's we're building towards.
Gray Powell:

Understood, that's helpful. Thank you.
Operator:

Thank you. Our next question comes from the line of Ken Talanian from Evercore ISI. Your question please.
Ken Talanian:

I wanted to hop back to talk about the NX renewals. I'm wondering if you can talk about the deal cycle length there. And then anything in terms of statistics around the percentages that you're seeing on renewals of folks moving to either renewal hardware or go hybrid or cloud. Then I have a follow-up.
Kevin Mandia:

Yes my first observation at the highest level of abstraction Ken is big enterprises are renewing and what I looked at, when I looked at highest price band and next one down. I think I saw 100% renewal rates for those folks and you see that for a while, till you get down to the small deals and the small renewals and then it's a far less percentage that are renewing. So I take this and my conclusion is, the large enterprise that when FireEye products are committed to. And the smalls seen the show less commitment to them.
Frank Verdecanna:

Ken I think, if you look at the average contract term. We do see on renewals contract average of like kind of 14 to 18 months, so a little bit lower than new business.
Ken Talanian:

Okay, I was also thinking about it sort of the sale cycle. So in other words, as you it's a two part question, as you approach your renewal for a customer formally had a piece of hardware and are now given the choice to go hybrid or cloud, does that linked in the sales cycle. And then following at, have you solidified price between the form factors?
Frank Verdecanna:

So on the sales cycle, we're typically working on renewal 90 days to 120 days in advance. So that typically is enough of the sale cycle to get any type of purchase done before the end of that term.
Ken Talanian:

Okay and on the pricing side.
Frank Verdecanna:

Between the cloud and on-prem.
Ken Talanian:

I mean, do you have a clear differentiated pricing between hardware hybrid and virtual form factors.
Frank Verdecanna:

Yes I think it's pretty clear differentiated pricing, but the difference is, it really depends on are they now expanding their deployment to cover more branch offices and subsidiaries that potentially they weren't covering before when they just had handful of boxes at the main egress points. So a lot really depends on the environments that customer, you typically when they're going to hybrid or cloud environment they're trying to expand their deployment to cover more network exit points.
Ken Talanian:

That makes sense. Thanks very much.
Operator:

Our next question comes from the line of Saket Kalia from Barclays. Your question please.
Saket Kalia:

Most of mine have been answered, so I just have one for you Frank, if I may. Can you just talk about the difference in duration broadly for attached subscriptions versus unattached, Frank? And I guess where I'm going with that is, are you still seeing customers willing to pay multi-year upfront for attached? And the lower duration phenomenon in the fourth quarter is really focused on unattached or is it something more uniform that you're seeing.
Frank Verdecanna:

No I think you hit it right on in the head, Saket. It's basically our traditional appliance sales with attached subscriptions continue to be longer term in that kind of 26 to 34 months range and then the newer subscriptions are in the call, 18 to 24 months.
Saket Kalia:

Got it. That's helpful. Thanks for squeezing me in again.
Operator:

Thank you. Our next question comes from the line of Rob Owens from KeyBanc Capital Markets. Your question please.
Rob Owens:

Couple questions, I guess. First off, can you value proposition kind of sits well beyond the couple of boxes you mentioned at those egress points? Can you talk a little bit about go-to-market and how consumable it is via kind of your existing channel versus what you need to build out for this bigger value proposition of Helix and how it's going to be run and how it's going to be sold?
Kevin Mandia:

I feel like going to get our CMO for this question, Rob. Yes I mean it does take a change right. I mean you look at the every company evolves, every company changes. Almost every company starts niche, moves into adjacencies becomes bigger. When I look at this, it starts first and foremost in solidifying our early adopting customers and getting them to talk about it and how they talk about it, will create the grounds while we need. We have to have a bigger plan than that, we got a sales kick off in January that I'm excited about and we're really honing a lot of the messaging for that between now and then, what we focused in Q3 when it comes to the channel and enabling them is more HX and Endpoint kind of stayed laser focused on that for Q3 and I think we gave the channel our first appropriate priced, appropriate product for channel then and we're watching that and now we're kind of turning our focus to now Helix and what's the right way to promote it in the market place. For a company that's deeply entrenched in NX and appliances, we're now really creating an analytics platform, that's productizing how we tell good from bad in hundreds of different ways. So we'll get it right, we have a new marketing department working on it. I don't want to speak for them and hopefully Rob at one of our conferences you'll meet our marketing folks and I will give you a long timeline and lay out of that plan.
Rob Owens:

Thanks Kevin and second as you think about Europe and some of the conversations you're having over there. Can you speak with respect to GDPR, is it part of customer's conversations and thinking at this point and how does FireEye in your view play into that?
Kevin Mandia:

So we have our, we had a whole initiative at the exact level here at Fire to make sure our lawyers were training up all our folks. In my read it's very simple, too soon to tell. It's out there, it's real. People are bringing it up. It's impact on how people are implementing FireEye it just, we haven't seen anything yet. So that's kind of where it's at, just so it reminds of me any time, any regulation, any standard that everybody chooses to follow or any legislation [indiscernible] there is always a lag to determine its impact and what it does. I think we're in that phase of the lag. But people are aware of it, people are concerned about it. And what that forces us to do, is we have a privacy officer, we have to know what products are storing, what data, where we're storing the data, all this stuff we've had to deal with for years quite frankly. But it created more work for us and we're doing that work.
Rob Owens:

Great. Thanks.
Kate Patterson:

I think we have time for one more questions.
Operator:

Thank you. Our question then comes from the line of Fatima Boolani from UBS. Your question please.
Fatima Boolani:

Question for Kevin and quick one for Frank. Kevin just around the Mandiant business you've been very positive year-to-date on the utilization and chargeability, we can see from our seats that the brand continues to be resilient, so can you help us understand the scope of incremental investment in scaling this business and being mindful about the brand and then a quick follow-up for Frank.
Kevin Mandia:

I always thinking especially in the services it's kind of law firm, those who do the job and do it right have the brand, that's simple. And you market it all day long, but the reality is the brand is built by the customers who you served and they've been pleased with the results. And that's our Mandiant [indiscernible]. It had very small marketing department for seven or eight years. I know little bit how Mandiant was built. What was the follow-up to your question? Our investments on it, it's - I don't sit every quarter going well services should be 10% of our business or 18% or 22%. Probably we look more to the margins, but you always want to own the moment of responding to every breach I think it's strategically important because it does drive innovation, it does give you firsthand knowledge of what you need to build. It is paid for market research and it's at the moment of crisis where market research is really the most valuable. So I look at it that way ,we have to be the best in the world responding to breaches and handling it in all facets, notifications. Every aspect of a breach and what you have to consider from board room down to technologists we want to be there for those folks. So I just look at it that way, be the best no matter what you do. It size may go up, may go down as long as I know we're the best at it. I don't necessarily have a strategic range of revenue that it should be. I know Frank does and he can tell you what that is, but my charter to them be the best, respond globally and own that moment .and I think another portion of what Mandiant does, is they know how to because we see cyber security every day at often most complex level makes us phenomenon instructing other to do what we do, so I think we need to expand that capability. Aside from that the men and women of Mandiant, the men and women of FireEye keep that brand alive by just doing the job. The engineers make the products that the Mandiant team uses and so we can't forget that, there's a dependency there. We couldn't be the best in the world responding to every breach without the technologies that we in fact build, but the brand I think it's been there due to performance, you do the job right.
Fatima Boolani:

That's very clear. And then Frank a quick one for you on the cost side of the house. You [indiscernible] significant back office consolidation and streamlining effort [indiscernible] last year. Can you remind us sort of where we are in the process qualitatively as well as quantitatively with respect to how far down the line we are in terms of being all the cost efficient you flow into the model, from the rationalization effort?
Frank Verdecanna:

It's a great question and it is something that we've been focused on over the last year and if you look on a year-to-date basis, we've taken over $100 million of OpEx out of the business. I would say the lion share of that work is done, we'll continue to look for opportunities to be more efficient and we'll continue to reallocate resources in areas of the biggest ROI, but if you can look to kind of the level of OpEx staying relatively stable here moving forward and with the growth on the top line is where we'll see continued leverage in the model.
Kate Patterson:

Okay, I think that concludes the Q&A session.
Operator:

Thank you. I'd like to hand the program back to Kevin Mandia for any further remarks.
Kevin Mandia:

Yes I'd like to thank everybody for making the time, great set of questions. I want to conclude by just reiterating. I believe in our vision. It is really an exceptional vision. It's with hundreds of thousands of hours of witnessing the landscape on a daily basis and we're relentlessly focused on building great products and innovating based on those lessons learned. I also want to end by saying we're committed as a team to focus on building the company for the long-term and this requires us to drive growth, achieve non-GAAP operating profitability and generate positive operating cash flow and we've made significant progress and I'm confident we'll achieve these key financial milestones in Q4. Thank you for your time today.
Operator:

Thank you ladies and gentlemen for your participation in today's conference. This does conclude the program. You may now disconnect. Good day.

Mandiant, Inc. Q3 2017 Earnings Call Transcript

Other Mandiant, Inc. earnings call transcripts:

Mandiant, Inc.
Q3 2017 Earnings Call Transcript