Mandiant, Inc.
Q3 2016 Earnings Call Transcript

Published:

  • Operator:
    Good day, everyone, and welcome to the FireEye Third Quarter 2016 Earnings Results Conference Call. This call is being recorded. With us today from the company is Chief Executive Officer, Kevin Mandia; Chief Financial Officer and Chief Operating Officer, Mike Berry; and Vice President of Investor Relations, Kate Patterson. At this time, I would like to turn the call over to Kate Patterson. Please go ahead.
  • Kate Patterson:
    Thank you, Candice. Good afternoon, and thank everyone on the call for joining us today to discuss FireEye's financial results for the third quarter of 2016. This call is being broadcast live over the Internet and can be accessed on the Investor Relations section of FireEye's website at investors.fireeye.com. With me on today's call are Kevin Mandia, FireEye's Chief Executive Officer; and Mike Berry, Executive Vice President, Chief Financial Officer, and Chief Operating Officer of FireEye. After the market close, FireEye issued a press release announcing the results for the third quarter of 2016. Before we begin, let me remind you that FireEye's management will make forward-looking statements during the course of this call, including statements relating to FireEye's guidance and expectations for certain financial results and metrics; FireEye's priorities, initiatives, plans and investments; FireEye's path to profitability; the expansion of FireEye's platform and the capabilities and availability of new and enhanced offerings, and growth drivers, and market opportunities. These forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. These forward-looking statements apply as of today, and you should not rely on them as representing our views in the future. And we undertake no obligation to update these statements after the call. For a detailed description of the risks and uncertainties, please refer to our SEC filings, as well as our earnings release posted a few moments ago. Copies of these documents may be obtained from the SEC or by visiting the Investor Relations section of our website. Additionally, certain non-GAAP financial measures will be discussed on this call. We have provided reconciliations on these non-GAAP financial measures for the most directly comparable GAAP financial measures in the Investors Relations section of the website as well as the earnings release. Finally, I'd also like to point out that we have posted the presentation we are showing in this webcast on the Investor Relations section of the website, you'll find detailed results on the third quarter and fourth quarter and 2016 guidance. With that, I'll turn the call over to Kevin.
  • Kevin R. Mandia:
    Thank you, Kate, and thank you to everyone joining us today on my first full earnings call as CEO. There are two points I want to relate to us today. First, I'm pleased to report that we're able to accomplish what we set out to do in the third quarter. We delivered financial results that exceeded our guidance ranges on all key metrics, and we remained focused on balanced growth and our path to profitability. I want to first thank all the employees for their hard work and heads-down execution of our mission to relentlessly protect our customers. And I'm extremely proud of the way we operated through the distractions of our restructuring in Q3 and changes in sales leadership to deliver the results we did. Speaking off, I know many of you are wondering about this and I can tell you that we are in the very last stages of our process and hope to announce a new head of worldwide sales later this month. I also want to thank all our customers and partners. And I'm humbled by the fact that so many of the biggest and best companies in the world trust FireEye to help them to secure the most valuable assets. We take our missions seriously, and we are committed to the trust of relationships we've worked hard to garner with our customers and our partners. And second, we delivered important enhancements to our platform and laid the foundations for FireEye's future. And I believe FireEye knows more about what cyber attackers are doing than anyone else, and our platform now protects our customers from these attackers in the cloud, on-premise, or both. And I'll speak more about our platform in a few minutes, but I invite each of you to come see our platform for yourselves at our Cyber Defense Summit in Washington, D.C. in late November when we demo the product. Now taking these two points in order, let me first turn to our financial results of Q3. We exceeded our guidance ranges across all our key metrics. Billings came in at $215.4 million, above our guidance range of $200 million to $215 million, and revenue was $186.4 million, above our guidance of $180 million to $186 million. With our continued focus on cost optimization productivity, we reduced our non-GAAP operating expenses by more than $12 million from Q2 sequentially and delivered the best operating margin in the history of FireEye. The decline in our total non-GAAP costs allowed us to deliver earnings per share that was $0.13 better than the midpoint of our guidance of negative $0.30 to negative $0.32. And we also generated $14 million in operating cash flow. And we remain committed to our goal of balancing growth with profitability. And I'm convinced that our renewed discipline and improved efficiency have helped us clarify our mission and enabled us to prioritize our innovation to maximize our future growth opportunities. And our customers seem to agree. 47 customers spent more than $1 million with us during the quarter across a broad range of industries and across the globe compared with 34 $1 million transactions in Q3 of 2015. We closed our first-ever seven-figure deal for FireEye Security Orchestrator or FSO and two of our top five transactions were for subscriptions to our FireEye iSIGHT threat intelligence. In total, we added 287 new logo customers in the quarter, including customers in the financial services, heavy industry, healthcare, retail, education as well as government and law enforcement agencies around the world. New logo adds were especially strong in the Asia-Pacific and Middle East regions, where the market for our advanced security solutions is just beginning to take off. Moving on to my second point, delivering important enhancements and laying the foundation for FireEye's future. Let me start by going back to our Q2 earnings call. And during that call, I focused on three key product areas
  • Michael J. Berry:
    Great. Thank you, Kevin. Good afternoon, everyone on the call. On today's call, I will provide some additional color on our third quarter financial results, review the impact of the restructuring plan that we completed during the third quarter, provide additional commentary on the financial implications of our new platform and products that Kevin discussed in his section, especially as it relates to our continued focus on supporting our customers move to the cloud. And I will wrap up with our guidance for the fourth quarter and some preliminary commentary on 2017. As usual, when discussing our gross margin, expenses, operating income, operating margin and EPS amounts, I will be referring to the non-GAAP measures. I'm very happy to start by reiterating Kevin's comment that we were quite pleased with the financial results particularly given all of the distractions in the quarter. We did better than our guidance ranges for all of our key financial metrics, including billings, revenue, operating income, EPS and cash flow from operations. I believe you'll see it was a pretty straightforward quarter from a financial perspective. Billings finished at $215.4 million a year-over-year increase of 2% and 11% on a year-to-date basis for the third quarter. Platform billings increased by 1% on a year-over-year basis. Inside of our platform billings, product billings declined by 20% in the third quarter and product subscription billings grew by 16% year-over-year. The growth in product subscriptions were mainly driven by strong renewals and upsell as we saw a year-over-year growth in our subscription billings for all of our major appliance products
  • Operator:
    Thank you. And our first question comes from Andrew Nowinski of Piper Jaffray. Your line is now open.
  • Andrew James Nowinski:
    Hey, great. Thank you. Maybe just to start off with a question on, now that Cloud MVX is out in the market, I was wondering if you could possibly outline or rank order the high level growth drivers for 2017 that we should be thinking about?
  • Michael J. Berry:
    Hey, Andy. It's Mike Berry. How are you?
  • Andrew James Nowinski:
    I'm great. Thanks.
  • Michael J. Berry:
    Good. Yeah. So, just to clarify, Cloud MVX will be out later this month. So as you look into 2017 the growth drivers that we would look at are similar to the ones that we talked about last quarter, in terms of the MVX private cloud we think will continue to be a growth driver both for new and existing customers, even though FaaS hasn't performed as we would like, we're really excited about that going into 2017, it is the one part of security that continues to grow. And we think that the changes that we've made, the new pricing will really resonate as well. We continue to be excited about endpoint, HX had a great first half and continues to do well, so we're excited about that going into next year. Cloud MVX I think, at least initially will be a great driver of new customer acquisitions probably not as much on the billing side because they're likely to be a little bit smaller. Keep in mind from a revenue perspective those will be recognized ratably. And then the other big driver is one of the things that the sales team has done both our great insight team as well as our reps is to cross-sell and upsell at the time of renewal. We still have a good bit of our customer base, only has one maybe two products. So we also look at that as a great cross-sell, upsell and a growth driver next year.
  • Andrew James Nowinski:
    Got it. And maybe just a quick follow-up on that. The FireEye as a Service, you said hasn't performed well. I guess, is that a factor of that doesn't alert on third-party products yet or is that going to be expanded due to integrate with other products?
  • Kevin R. Mandia:
    Yeah. This is Kevin speaking, Andrew. And thanks for the question. I think there's a couple of factors there. One, we were very tightly coupled to our own technology in the past and we're just bringing to the market a more openness and more of an integrated approach. We want people to leverage their prior technology spend, leverage their prior security spend, and we just need to open it up to that and we're just getting our sea legs in the sales motion as we bring that to market. But I think that's one of the largest factors for it. The FireEye as a Service tightly coupled to our products only, and we've only just increased the aperture to say, you know what, we know more about the bad guys than anybody, give us all your alerts, give us all your events and we'll safeguard you with the knowledge, the analytics and the capabilities we bring to bear. So we're in the early stages and we just got to keep building pipeline for it.
  • Andrew James Nowinski:
    Got it. Thanks.
  • Operator:
    Thank you. And our next question comes from Ken Talanian of Evercore ISI. Your line is now open.
  • Ken Talanian:
    Hi, guys. Thanks for taking the question, just curious, you are obviously going for a restructuring, still looking for a head of sales and sounds like still looking for a sales rep for EMEA. I was curious if you have any thoughts in your initial go-to-market changes as you enter next year?
  • Kevin R. Mandia:
    Well, I know, I have a few there, I mean you're always wanting to simplify your selling motion, as FireEye evolved, we have HX, we have EX, we have NX, we have PX, we have all these great products, we need to unify them a little bit better, and have more of a motion, that's a platform motion. When you added inorganically iSIGHT and we added Invotas, and we added nPulse, it takes a little bit of time to assimilate these technologies, integrate them with our stack, and get that sales force used to that selling motion of one platform all things unified, so we're still on that journey, we're accelerating that journey, but I think that's a part of it. We've got products that are going to market, and some of our folks who are used to FireEye having had one product or two products, and that became their playbook. We got a broad map, we're constantly doing sales, enabling them to do it, but it takes time for that to stick.
  • Michael J. Berry:
    The other thing Ken, it's Mike, I would add to that is, one of the things we're excited about Cloud MVX is the potential to increase the amount that's coming through the channel. And so that is a big piece of what we want to do, we did do Essentials earlier in the year, it was okay, it wasn't as great as we would like, so Cloud MVX really driving it through the channel, and getting them back in the FireEye campus is an important initiative for us.
  • Ken Talanian:
    And along those lines and I think when you first acquired Mandiant, there's a question as to whether the channel would still be able to embrace your product set, has there been any change in the level of acceptance from the channel, relative to your acquisition of both Mandiant and your launch of Fire as a Service?
  • Kevin R. Mandia:
    Yeah. I think this is Kevin speaking. I mean when I look at the channel, first thing a channel likes is clarity of our policy. And I think, some ambiguity existed right after that Mandiant acquisition as to what services we'd be wanting to do, and what we went direct with or not direct with. So we worked real hard to make sure we have clarity of process, that our organization works with our channel, works with our partners. We don't go direct, we fulfill through the channel. And then I looked at, and so how do we increase throughput through there and channel leverage. A lot of it is the process we have working with our channel, and lot of its price. When you see Cloud MVX, one of the biggest reasons that we're releasing that is it allows us to bring our – what I think is generally accept that it's the best threat detection technology into a price range that vastly opens new markets to us. And so that's why we're doing that. So it's clarity of how we engage with our partners as well as the product, the process, and the price behind it.
  • Ken Talanian:
    Great. Thank you very much.
  • Michael J. Berry:
    Just add on to that, I mean we do talk obviously to our partners quite a bit, and at least within the last quarter or so we have gotten feedback that it's not as bad as it was before, that there has been less conflict. So, hopefully those policies continue to drive better awareness within the partner community.
  • Ken Talanian:
    Okay. Great. Thank you.
  • Kevin R. Mandia:
    Thank you.
  • Operator:
    Thank you. And our next question comes from Walter Pritchard of Citigroup. Your line is now open.
  • James E. Fish:
    Hey, guys. This is actually Jim on for Walter. Thanks for the questions.
  • Kevin R. Mandia:
    Hey, Jim.
  • Michael J. Berry:
    Hey, Jim.
  • James E. Fish:
    Hey. I guess I think Mike, you kind of went into this little bit, but why have trends seemed a bit better in Q3, did you lower your Q4 guidance here?
  • Michael J. Berry:
    Yeah. So Jim, let's go through that. So, keep in mind that we raised our guidance for operating income EPS and cash flow, so I don't want to lose that part of it. As we look into Q4, when we gave guidance for the rest of 2016, we really looked it at as a second half guidance. Obviously, we exceeded the midpoint, I'm going to use the midpoint in this explanation by about $8 million, and again we're excited about Q3. As we looked at the pipeline, as we looked at where we stood from a geo perspective, as we looked at the different products and especially and again, the EMEA team is doing a great job of dealing with all the distractions. I think it's pretty clear that the distractions in the field especially, they're related to some additional attrition, it hurt our sales capacity enough that I wanted to bring it down a little bit, not much, $7 million on a full year basis, but we really needed to take that into account because it's hard for me to sit on a phone with you and give you a number if we don't have the sales capacity to hit it. So that's really what drove it. And then from a revenue perspective we really tightened the range there and although I gave you pretty clear guidance on what we thought product revenue would be. And as I said in the script, the swing factor there is always product. And we do our best to try to forecast what we think will come in as a product, might come in is FaaS, might come in as TAP, something else. So we're trying to make sure that we're prudent as it relates to that for Q4. And everybody knows, Q4 is the biggest quarter of the year.
  • James E. Fish:
    Got it. Makes sense. You used to give out the percentage of unattached billings. Can you give us an update on that?
  • Kevin R. Mandia:
    So I give you an update every year at Analyst Day. So you please show up in New York in March. Here is what I'd say about the percentages and the growth rates is, and I want to underline this a lot. Even with the decline in product billings, the attached subscriptions have grown double digits. And I made a note in the script to say, it's not just one product. They have grown year-over-year in network, email, and endpoint. And what that really shows is not only strong renewal rates, but that great cross-sell, upsell traction that we're really getting going on. So that's a good part of it. iSIGHT did very well and that shows up in unattached. Candidly the issue or the drag on growth in the unattached has been FireEye as a Service. And that has not grown as fast as we would like. So that gives you some idea, but I think the important metric is attach continues to grow, ETP which is in unattached is having a great year and that had a super quarter as well.
  • James E. Fish:
    Got it. Thanks for the time again (51
  • Kate Patterson:
    Thanks.
  • Kevin R. Mandia:
    Thank you.
  • Operator:
    Thank you. And our next question comes from Gur Talpaz of Stifel. Your line is now open.
  • Gur Talpaz:
    Great. Thanks very much for taking my questions. So can you walk us through some initial customer response here around the MVX Smart Grid and then the forthcoming launch of Cloud MVX? And then taking that one step further here in conjunction with some of your color around 2017. As you roll out Cloud MVX, would you expect that to eventually subsume any of your deployed appliances or just kind of become a bigger part of the overall piece of the puzzle? Thank you.
  • Kevin R. Mandia:
    Yeah. Gur, I'll start with this. First off, we're releasing Cloud MVX in Q4, so I can only tell you what prospects think of it, but not actual buyers yet because we haven't released it.
  • Gur Talpaz:
    I'll take that.
  • Kevin R. Mandia:
    Yeah, so in regards – well, I can tell you, then I'll just give you my opinion. But in regards to the on-premise private, it's just the ability of us to do dynamic inspection and incredibly effective detection with low false positives at line speed, that's the biggest advantage to be able to have the throughput we have and do the advanced threat detection we do at line speed is something very few people, if any, can replicate. It's hard to do. But we can do it on-premise by separating the MVX analysis brain from the sensor, so that's very valuable to be able to do that. In regards to Cloud MVX, one of the best things about that is other technologies – when I say Cloud MVX, I want everybody to realize, to me that's a cloud-based brain for detection; that's the non-nerdy way of saying it. It has machine learning, it has models for behavior, it has the dynamic inspection that Ashar built years ago that works phenomenally well and has low false positives, high fidelity. Other products can now leverage it. Our endpoint technology can leverage it and query it, and that MVX analysis engine is phenomenal at saying is this traffic good or bad, or is this file good or bad. We're going to keep updating it, but when we put it in the cloud, it is more accessible to other technologies we build, so we can provision protection faster with software.
  • Michael J. Berry:
    Hey, Gur, it's Mike. And the other thing on your question about the mix, and I know we've chatted a lot with everybody on the phone about this. Certainly my expectation would be that Cloud MVX will be initially focused on driving new logos. While I do think that there'll be some of our current customer base that will be interested, my expectation is that will be an incremental deployment that they will continue with their existing deployment of either NX or EX or HX. And if they're looking to expand into a hybrid environment, I would expect the majority of that to be incremental. Hopefully there will be very few issues of where I assume your question is going in terms of cannibalization.
  • Gur Talpaz:
    Right.
  • Michael J. Berry:
    And so to that point, we will watch it very carefully. I can assure you that we've had multiple discussions, sometimes very heated about the whole cannibalization issue, but we really feel that from the design of the product, the way it's priced, the capacity of it, because we can also limit some of that, that especially in 2017 hopefully very little to no cannibalization.
  • Kevin R. Mandia:
    And Gur, just to expound on that, the decision calculus for this for most buyers, actually some of it might be price, but I agree with Mike, it's absolutely new logo add, because the decision calculus is actually going to be risk profile. If you can't put Word documents, PDF documents, and other documents where sometimes there's embedded evil in those documents, out in a public cloud you need to do that on-premise in a private cloud. So it's been my experience dealing with prospects, it's a risk calculus that drives their buying behavior on this, and for large government agencies and financial institutions and healthcare, they're probably less inclined to farm-out content and documents to a public cloud and they'll opt for a private cloud version of it. But the Cloud MVX just gives us great reach for small geographical locations and more price flexibility.
  • Kate Patterson:
    Next question, please.
  • Operator:
    And our next question comes from Shaul Eyal of Oppenheimer. Your line is now open.
  • Shaul Eyal:
    Thank you. Hi. Good afternoon, Kevin, Mike and Kate. Congrats on a solid set of results. I want to start asking about iSIGHT partners. I believe that last quarter you indicated it to be slightly below initial expectations year-to-date. But I think you've expected it to ramp-up as you move forward. Just want to find out what's the current state of affairs of iSIGHT?
  • Michael J. Berry:
    Hey, Shaul. It's Mike. Yes. What we talked about in Q2 was that they were a little bit short of our expectations but that we fully expected them through Q3 and Q4 to get back and, knock on wood, hopefully even exceed those expectations. I think Q3 came through exactly as we expected. They did very nicely on renewals. And keep in mind that similar to our business, a good bit of their business is renewals and that's going to vary a little bit by quarter. As Kevin talked about, two of the largest transactions we did were with iSIGHT. So they had a very good quarter. We expect that to continue into Q4 because we just get better and better about integrating the message as well as enabling sales, both the iSIGHT sales team as well as the core FireEye team, to cross-sell that.
  • Kevin R. Mandia:
    And I'll expand on the current – Shaul, thank you for the questions.
  • Shaul Eyal:
    Sure.
  • Kevin R. Mandia:
    I get to pump up the current state of affairs for iSIGHT is I think it's an asset that's never going to be replicated outside of government intelligence. It is an amazing advantage for us when our products get an alert that we have folks operating in 30 countries speaking over 13 languages at our disposal to help us understand who might be behind this alert. Not all threat intelligence is created equal, but when you respond to as many breaches as we do and then you can also leverage a global group or unit or network of threat intelligence analysts to get answers now, you just have more actionable intelligence, more context, and our customers absolutely appreciate it.
  • Shaul Eyal:
    Got it. No, that's encouraging. A follow-up on the competitive landscape. Check Point had a good quarter with their SandBlast, Blade; Palo Alto seems to be doing well; even Fortinet with their subscription, a lot of noise around it. What's your guys' take, what are you guys seeing there from a competitive perspective?
  • Kevin R. Mandia:
    I don't see us as being just competitive with firewall companies. I'd like to open by saying, we respond to a lot of breaches and every one of those breaches is behind a firewall of some brand or another. We have found that there's a minimum of three fundamental truths in security
  • Shaul Eyal:
    Fair enough. Thank you. Good luck.
  • Michael J. Berry:
    Thank you.
  • Operator:
    Thank you. And our next question comes from Saket Kalia of Barclays. Your line is now open.
  • Saket Kalia:
    Hi, guys. Thanks for taking my questions here. How are you doing?
  • Michael J. Berry:
    Hey, Saket.
  • Saket Kalia:
    Hey, Mike. Hey, Kevin.
  • Kevin R. Mandia:
    Hi.
  • Saket Kalia:
    So I'll just keep to one here just in the interest of time. So not to go back to Cloud MVX, but can you just talk about how the pricing will compare there, quantitatively or qualitatively, leave it to you? How that pricing is going to compare to some of those good enough firewall solutions. And then what is it that you're going to do differently with Cloud MVX that maybe didn't work as well with FireEye Essentials?
  • Michael J. Berry:
    Yeah. Great question. So, of course, you know I'm going to give you a qualitative answer to the pricing.
  • Saket Kalia:
    Of course.
  • Michael J. Berry:
    I'm happy to do that.
  • Kevin R. Mandia:
    I know my answer.
  • Michael J. Berry:
    Yeah. So we have looked at this a lot and here's the very direct answer is that we believe and we continue to believe that our products should have a premium to the market because of the efficacy of our products. However, that range is going to be a lot less, and we will use Cloud MVX to be much more aggressive. So let me take that one more level down. It's one thing when you're shipping a box and you have some cost associated with that not only just to develop it but also ship it, support it, all the rest of that stuff. A virtual appliance where you're shipping software, a whole different ball game for us. So we expect to be much more competitive and we're really going to try to use the channel a lot better and Kevin can jump in. Our Essentials was, again, that was a very good idea, but it was also still you had some of the issues in terms of dealing with FireEye. We're doing our best to knock those down, but from a pricing perspective we expect to be much, much more competitive with the just good enough.
  • Kevin R. Mandia:
    And second, I'll give you my answer, but I'm going to preface it with some bias towards FireEye – yeah, glad you have that there. But the way I've looked at this, I've always felt that at FireEye we are generally accepted as having better detection. And a lot of other brands are actually recognizing, yeah, we're good enough. And I could use your help in educating everyone out there that even if you have a product that detects 98% of the bad things that happen on in the Internet, the asymmetry is such that the 2% they don't detect can infect every darn enterprise on the planet. So good enough really doesn't help you a lot of the times. And we do spend a lot of effort understanding the attack, threat landscape, and that's why we think it's so important to respond to all the breaches that are circumventing other people's safeguards, so that we can update and respond and get the 2% to 3% that a lot of people miss. So I need help conveying the value of that because the asymmetry on the Internet seems to be misunderstood by folks.
  • Saket Kalia:
    Understood. Thanks a lot for the detail, guys.
  • Michael J. Berry:
    Thanks, Saket.
  • Operator:
    Thank you. And our next question comes from Melissa Gorham of Morgan Stanley. Your line is now open.
  • Hamza Fodderwala:
    Hi, this is Hamza Fodderwala in for Melissa Gorham. Thanks for taking my questions.
  • Kevin R. Mandia:
    Hi, Hamza.
  • Hamza Fodderwala:
    Hi. Just a quick question. Seems like your R&D spend was down quarter-over-quarter along with the sales reorg that you mentioned earlier. What gives you confidence that after this restructuring that the organization is right-sized for the growth opportunities ahead?
  • Michael J. Berry:
    So we spend a lot of time obviously when we're doing this to make sure that that we check the box on that exact issue. Look, we did the restructuring in Q3, both Kevin and I said it, we want to be won and done. We did it, we're done, and we're moving on. So we did not want to continue to nip at that issue. So we believe looking forward into 2017 and 2018 that we did right-size it appropriately. We want to make sure that we have sufficient sales capacity, that we are in the right countries, and we're in the countries that matter that from a R&D perspective that we're investing in the growth opportunities, and all of that went into this process. So there is a little bit of a crystal ball, but we think that what we did was the right thing and hopefully we've right-sized the organization. I want to underline that doesn't mean that outside of head count reductions, we are not continuing to look at how we run the business. That's what we get paid to do. And we're looking at everything in terms of making sure that our investments and where we spend money is driving growth. But we wanted to be won and done and we are comfortable with where we ended up.
  • Kevin R. Mandia:
    Yeah. And I would like to expand on that. So I looked at that and what I've observed is Jason Martin and engineering team having on-time and or even early releases. So we see that the innovation, in my opinion, has actually accelerated when we have Ramesh operating as well as he has, John Laliberte on endpoint. We have people just somehow compressing our innovation cycle as we transform our portfolio to having that hybrid and cloud solutions and having – I call it the trends we're trying to adhere to is going from a hardware to software company, on-premise to hybrid and cloud, from close to more open and integrated, from just advanced threats to all threats, from the fear, uncertainty and doubt type of sale to the total cost of ownership with a platform, and I'm just seeing us innovate and having releases that are even getting moved up sometimes on the calendar. So I feel pretty confident that Jason Martin and the engineering team is delivering.
  • Hamza Fodderwala:
    Okay. Just one more quick one, if I may. What was the strength for the U.S. federal business? There is another vendor that reported earlier today that mentioned that that segment was strong. And I just want to see how it was for you guys as well? Thank you.
  • Michael J. Berry:
    Yeah. So our federal business, and actually I'll say our public sector business including our SLED business had a very good quarter. They came in higher than our expectations. And to get both those groups some kudos, they've done a great job on a year-to-date basis, both Fed and our state and local business are above what we expected. So it was a good quarter. I would say, though, keep in mind if you go back to Q1, our very large deal in Q1 was in the federal sector. So some of that got pulled forward, but they had a good strong Q3 and they've done great on a year-to-date basis.
  • Hamza Fodderwala:
    Okay. Thank you very much.
  • Kate Patterson:
    I think we have time for one more question.
  • Kevin R. Mandia:
    Thank you.
  • Operator:
    Thank you. And our final question comes from the line of Rob Owens of Pacific Crest Securities. Your line is now open.
  • Liz Verity:
    Hi. This is Liz on for Rob. Thanks for squeezing me in.
  • Kevin R. Mandia:
    Hi, Liz.
  • Liz Verity:
    Just really quickly. I know we're over time but just love to get, step back and get an update from you on what you're seeing in the threat landscape right now? And then on that same vein, what you're seeing in terms of customer behavior and where purchasing cycles have been? If you seeing lengthening of sales cycles, and then on the threat landscape side if you're still seeing...
  • Kevin R. Mandia:
    Sure.
  • Liz Verity:
    ...threats that end up with shorter Mandiant engagements?
  • Kevin R. Mandia:
    Sure. So, Mike, I'll jump on this, if you don't mind.
  • Michael J. Berry:
    Okay.
  • Kevin R. Mandia:
    I'll talk threat landscape first, purchasing behavior second. And on the threat landscape, couple of things. One, this year at the highest of the abstraction, the threat landscape parallels geopolitical conditions in the world. So if there is no repercussions to hacking a nation from another nation, you generally see those activities. In regards to China, we've seen a threat abatement occur. We published a report this year called Red Line Drawn where we had thousands of observables over a 10-year period based on the iSIGHT human intelligence, the Mandiant incident response work on over 5,000 customers that have bought our products. We just saw them dial it back. Rules of engagement have been agreed upon between most of the Western nations and China, and so that counterespionage or I should say that espionage hacking effort has come down in scale and scope. Now parallel that with what we're seeing this year, and some of you may have been reading in the press what the Russian state actors are doing in my opinion has increased quite dramatically. And we started observing that in 2014 in the fall and we were doing response work on-site and we just saw behavioral changes. We saw the targeting change, we saw that we were responding to Russian government state actors and they were not going away when they knew we were responding. They were allowed, they were brash, and we saw, what I would call, operational security down a notch because I think the Russian state actors were operating at a scale and scope that made it hard for them to cover their tracks. They were working with speed and maybe they didn't do the counter forensics at the same level of aptitude they did in the past. And then this year with the observables, we can see a fourth change in the Russian threat landscape is have – with the dots we can contact, and we've been working this for a long time, it looks like there could be government-sponsored folks releasing the documents that they have stolen onto the Internet, which is it changes in the rules of engagement. In regard to the purchasing behavior, it depends on the industry you're in. If you're in an industry where you're highly targeted by some of these state actors, you've got to have that, I call it the Ravens defense of 2000, if we don't play football, just an aggressive shield of defense. And the purchasing behavior is if you're up against the best hackers in the world and you're in certain industries like the financial services, healthcare, you got to put your shields up, and you got to create the moat and you've got to have response capabilities to respond to it, but I have seen a trend where there is more focus on total cost of ownership. Over the last few years, a lot of the 1A (1
  • Michael J. Berry:
    And Liz just to close that out, we haven't seen any change in the length of engagement of Mandiant engagement. They're pretty similar to what we saw in Q2.
  • Kevin R. Mandia:
    And so I'd like to just make some closing remarks. We are serious about our path to profitability at FireEye. And FireEye is also innovating at a rapid pace, and I think you heard that message today. We're laying the foundation for our future, and we're on the frontlines of the cyber-attacks that matter, and we know what works and we know what doesn't work to combat these attacks. We are unifying our technology, our experience, and our military grade threat intelligence to relentlessly protect our customers from the consequences of these attacks. And I look forward to seeing all of you at FireEye Cyber Defense Summit in late November when we will show you the next generation of FireEye's platform. I believe it's very impressive. Thank you for your time today.
  • Michael J. Berry:
    Thank you very much.
  • Operator:
    Ladies and gentlemen, thank you for participating in today's conference. This does conclude the program, and you may all disconnect. Have a great day, everyone.

Other Mandiant, Inc. earnings call transcripts: