Mandiant, Inc.
Q3 2014 Earnings Call Transcript

Published: 9 Nov 2014

Operator:

Good day, ladies and gentlemen and welcome to the FireEye Third Quarter 2014 Financial Results Conference Call. At this time, all participants are in a listen-only mode. Later, we will conduct a question-and-answer session and instructions will be given at that time. (Operator Instructions) As a reminder, today’s program maybe recorded. I would now like to introduce your host for today’s program Kate Patterson, Vice President of Investor Relations. Please go ahead.
Kate Patterson:

Thank you, Jonathan. Good afternoon and thank you for joining us on today’s conference call to discuss FireEye’s financial results for the third quarter of 2014. This call is being broadcast live over the Internet and can be accessed on the Investor Relations section of FireEye’s website at investors.fireeye.com. With me on today’s call are Dave DeWalt, FireEye’s Chairman of the Board and Chief Executive Officer and Michael Sheridan, Senior Vice President and Chief Financial Officer. After the market closed, FireEye issued a press release announcing the results for the third quarter of 2014. Before we begin, let me remind you that FireEye’s management will make forward-looking statements during the course of the call, including statements related to FireEye’s guidance for the fourth quarter of 2014 and the full year 2014, industry growth drivers, customer adoption of our solutions and FireEye’s position in the industry, continued revenue and billings growth and momentum in FireEye’s business, trends in FireEye’s business operating results and customer wins, the general availability and expected capabilities and benefits of new FireEye products and FireEye-as-a-Service and expectations of new partnerships. These forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. These forward-looking statements apply as of today and you should not rely on them as representing our views in the future and we undertake no obligation to update these statements after the call. For a detailed description of the risks and uncertainties, please refer to our SEC filings as well as our earnings release posted a few moments ago to our website. Copies of these documents may be obtained from the SEC or by visiting the Investor Relations section of the website. Additionally certain non-GAAP financial measures will be discussed on this call. We have provided reconciliations on these non-GAAP financial measures for the most directly comparable GAAP financial measures in the Investor Relations section of the website as well as in the earnings release. Also let me add that we will be New York next week and will host an Investor Update the afternoon of the 12
Dave DeWalt:

Okay, Kate, thank you very much and good afternoon everybody and thanks everyone for joining us on the call today. We appreciate your continued support in FireEye. Alright, it’s now been almost exactly a year since we hosted our first earnings call, following our IPO in September 2013. Since then we’ve scaled our business, expanded our customer base and partner model and significantly build out our product line. We launched FireEye-as-a-Service offering, find partnerships with three other world’s largest service provider and expanded our operations worldwide, through internal development and strategic acquisitions we brought together the people, technologies and bright intelligence necessary to re-imagine security. In the process we expanded our markets, extended our technology lead and created a security company unlike any other. We’ve come a long way, grown our business with our billing growing more than 10 times in less than three years, from $57 million in 2011 to an estimated $580 million in 2014. With that I’d like to thank all of the FireEye employees for their dedication and focus on our mission. I believe the best is yet to come. So going back for a moment to January 2, 2014, that was when we announced the acquisition of Mandiant we raised our guidance for 2014 revenue by more than 60% and provided a comprehensive financial model for the full year. I’m pleased to report that today we have beat that model for nine months and we expect to surpass nearly all major metrics for the full year of 2014, more specifically in January 2014 we stated that we expected to attain full year billings of $540 million to $560 million and we’re now adjusting that full year range to $573 million to $588 million. We more than doubled our billings every single quarter this year and this is the fifth consecutive quarter we raised our billings guidance. We out performed against our original revenue guidance for the 2014 of $400 million to $410 million and we now expect the full year revenue guidance of $418 million to $430 million. In January we expected a non-GAAP loss per share of $2 to $2.20 for 2014, and we are narrowing that range to $2.05 to $2.50. We also expect to add about 1,500 new customer’s this year and end the year with more than 1,000 channel partners, all-in-all we’ve consistently performed ahead of expectations and created a strong foundation for the future. Moreover I’m pleased to report that we met and exceeded each of our Q3 guidance metrics and demonstrated continue leverage in our financial model. Our Q3 billings performance of 45% sequential growth and 133% year-over-year growth was driven by broad demand across multiple industries and customers of all sizes and geographic regions, because a significant and growing portion of our business is subscription based, we believe our billings are an important indicator of our growth. Billings drives our cash flow and are leading indicator of our future revenue growth. Our revenues increased to 168% year-over-year for Q3 and 171% for the nine month period to-date. Our product subscriptions revenue increased 133% as well. The increase in both the number and severity of advanced attack is evident in all aspects of our business. Our incident response teams operate round the clock responding the breaches and we remain active in a record number of engagements worldwide from. From threat intelligence standpoint we discovered two more zero-days in Q3 bringing the total numbers zero days we discovered in the wild to 60. We also published new research on threat actors in Russia, China and the Middle East including report on a group of Russian hackers we designated as APT28. If you read our blog you will see new posts on a daily basis detailing newly discovered threats and profiling the activities of different threat actors. We’re now tracking more than 400 separate threat actors and order of a magnitude increased from about 40 threat actors in 2009. Our threat intelligence is a key competitive differentiator and accelerates demand for our solutions. We believe that without this intelligence it would be impossible to effectively detect today’s attacks. From where I sit, the opportunity in cyber security has never been greater. The cyber threat landscape is never been more severe and the incumbent legacy security model has never been weaker. We estimate that over 90% of all organizations are breached and more and more companies are realizing they need a new, more adaptive security model. I believe FireEye has exactly that model. Scott Borg, who is the CEO of the United States Cyber Consequences Unit summed up the current state of cyber security well, when he said the most notable thing about these recent cyber breaches is not that they happen, but they went on so long without being detected. Companies are being blank sided because they are not watching for the specific kinds of cyber-attacks that are really going to hurt them. It’s clear that the signature and sandbox based Defense-in-Depth models, which are built on point product solutions including firewalls, antivirus, IPS devices, web and email gateways et cetera cannot detect today’s attacks and actually create more problems than they saw. These solutions, which generate more than 100 false alerts for every actual threat, create a burden on customer security organizations. That caused them to miss attacks and probably more importantly, prevent them from responding to attack. On the other hand FireEye has 99% accuracy in our alerts. Bottom line, companies spend over $20 billion annually on legacy products that do not provide the protection they need. At the time of IPO roadshow we predicted that the majority of these dollars will migrate to more effective security solutions. As awareness of advanced threats and attacks increase and customers realize they are unprotected. With announcements of new wide scale breaches nearly every day I believe we’ve reached an inflection point in the industry and that as a technology and market share leader in APT detection and advanced security FireEye is uniquely positioned as the trend to advanced security accelerates. This is reflected in our strong Q3 results, our billings of $165 million were up 133% from a very strong third quarter a year ago, an increase of nearly 140% year-to-date. The underlying trends in our business suggest broad based demand that stretches across both industries, geographic regions and customer segments. So let me give you little more detail on our top-line. First of all, we closed a record number of transactions greater than $500,000 in value including 23 seven figure deals, compared with $11 million deals in Q3 of 2013, and seven last quarter. We closed large transactions with companies in a variety of vertical markets including technology or hi-tech, financial services, retailers, healthcare, and telecom, as well as U.S. government agencies. But big deals are only part of the story. We expanded our installed base by nearly 1000 new customers compared with Q3 a year ago. Adding more than 100 new Global 2000 customers and more than 900 new customers smaller than the Global 2000. We doubled the number of mid-market and smaller customers compared to Q3 2013, proving again that the value of intellectual property rather than the size of the organization that drives the purchase decision. Our reseller channel play the important role in our expansion beyond the large enterprise and our channel metrics continue to improve. The number of new partners increased from 127 in 2012 to nearly 1,000, actually 992 to be exact. And while we still have work to do in order to realize leverage from our channel strategy, business with our top 10 partners increase more than 60% from a year ago. Notably deal registrations in Q3 increased by more than 40% sequentially representing net new opportunities brought to FireEye by our channel partners. Not surprisingly given the breach environment we added many new internet response customers as well. The growth in our professional services billing, which our largely internet response services reflects Mandiant’s reputation as the platinum standard in internet response. While IR represents less than 20% of our total billing is highly strategic. By owning a response we’re closer to the breach giving us better threat intelligence and establishing a trusted adviser relationship with our customers. Additionally the conversion rate of internet response customers to other products is very high, making this business an important source to leads and pipeline. Turning to our products, in the last two months we extended our platform with several key product announcements and introductions, including support for Apple operating systems on our NX or web products and our mobile platforms. We’re now the only security vendor to detect threats targeting Microsoft, Apple and Google environment. We also released the next generation of our IPS solution and introduced our new forensic and analysis platform called the IA Series. The IA Series is based on technologies we acquired as a result of our N-poles acquisition and combined in depth analytic was fast packet capture and retrieval. On the end point, we extended our end point response platform with a new release and added more than a million new production endpoint agents in the quarter. We now have more than 3 million endpoints installed making us the leader in next generation endpoint security. Our HX endpoint platform leverages the combined threat intelligence of both FireEye and Mandiant and is integrated with our NX network security platform. As a result we can co-relate detection and prevention between endpoint and network perimeters preventing further breaches at the perimeter as well as the lateral spread of malware within the network. HX also includes our includes our agent anywhere technology so security analysts can determine that an endpoint is infected and quarantine the threat, even if machine is not on the network. We are delivering this integrated endpoint network solution today, with advanced endpoint protection in forensics. In Q4 we expect to deliver next generation detection capabilities for the HX platform, further extending our lead in this emerging market segment. And finally, when combined with the next release of our mobile threat prevention platform, including a new agent for Android and iOS mobile devices, we believe we’ll deliver the most comprehensive endpoint platform in the industry. These product releases represents significant begin progress on our product roadmap, extending our MVX engine to new attack vectors and expanding our technology leadership. They represent the first of what we expect to be many innovations to result from a combination of FireEye, Mandiant and nPulse. In addition to the new products we want launch the revolutionary FireEye-as-a-Service offering in September. FireEye-as-a-Service is uniquely positioned to help customers with the advanced threat landscape. The combination of our advanced detection virtual machines, our endpoint agent technology, our security experts and our threat intelligence all wrapped in a single service offered from the cloud enables companies to deal with this problem much more effectively and at a lower cost and ever before. Our fast service is proactive providing real time sweeping and elimination of advanced malware every 60 minutes using intelligence that has collected real time from over 5 million virtual machines and 3 million endpoints in 60 countries, from the most important networks in the world. Like our other security products FireEye-as-a-Service has more than 99% accuracy and less than 1% falls positive. We believe there will be a significant improvement over legacy security model. FireEye-as-a-Service is still the subscription service reducing the initial capital outlay compared with the more traditional purchasing model. This built in flexibility helps to address budget issues making our technology more accessible to a larger number of customers and perhaps most importantly allows customers to fully leverage our security expertise and visibility in the threat environment. Depending on your in-house security resources customers can choose to have us manage their entire FireEye infrastructure or user expertise to augment their own resources. We’re already managing hundreds of managed events where FireEye-as-a-Service customers from our operations and security centers around the world and we have capacity managed hundreds of more. FireEye-as-a-Service is different from and complementary to the compliance base managed security services you may be familiar with, the value proposition for the customers very compelling. Additionally because FireEye-as-a-Service is complementary to existing MSSP model, it is creating new distribution channels with the largest managed service providers. We’ve recently announced Verizon, SingTel, and yesterday Deutsche Telekom as our first MSSP we’ll be offering new services to their customers. SingTel will offer FireEye-as-a-Service to the entire Asia Pacific region branded as SingTel managed defense powered by FireEye. The partnership represents the major investment SingTel and FireEye’s security and includes security operation centers in Singapore and Sydney, Australia as well as training and marketing programs throughout the region. Verizon partnership is important as our first U.S. based MSSP. We believe it validates our MVX mobile threat prevention platform under the first phase of this agreement Verizon is creating to manage mobile security offering based on our MTP product that will be offered as part of managed mobile security services suite. Now, it’ll take a few quarters to fully operationalize these joint solutions. Both partnerships represent a significant extension of our sales reach and increased number of potential customers worldwide. It’s been exciting year and I believe we have the early innings of our opportunity. Let me finish up with the few high level thoughts. First, FireEye has always pursued a different vision from other security vendors. We pioneered the industry’s first virtual machine based detection engine and we continue to extend our technology leadership as we introduced new products across the security landscape. With acquisition of Mandiant and nPulse we expanded beyond APT detection to offer new analytical and response capabilities, integrated through our adaptive defense approach. Our solutions can detect an attack tell the customer who attacked them and what the attacker is likely to do next. This enables a proactive security posture. When a customer gets an alert, they have context from the attackers within minutes he can block data exfiltration, determine which end points have been compromised, maintain the attack immediately. This is a powerful value proposition and is expanding our install base enabling new go-to-market strategies, delivery models and strategic relationships. If you think FireEye’s business model in terms of subscriptions attached the boxes I encourage you to change your frame of reference. Unlike firewall and other appliance centric solutions hardware is not the primary driver of our growth. While we expect the sale of our appliances will continue to be important growing part of our business, I believe if you think of us as a box vendor you will underestimating the growth potential. Our Q3 results illustrate this point. Our products billings grew 63% year-over-year while our product subscription billings grew 183%. Given our growing product subscription business, we believe billings for both product sales and subscription services is the best measure of our customer adoption of our technology. This metric increased 121% year-over-year and we achieved it at a $500 million run rate in billings. So to summarize our future looks bright, our market is growing and we have a strong and differentiated solution. Demand remains high as the threat environment escalates; we are well positioned to lead the market. We strongly believe that other vendor is capable of offering this combination of technology, threat intelligence and expertise necessary to address today’s attack. So with that, I will turn the call over to Mike for his comment on our financial model and I’ll conclude afterwards. Thanks, Mike.
Michael Sheridan:

Thanks, Dave. First I would like to join Dave in thanking you for your ongoing support in interest FireEye. Before I begin, I would like to remind you that I will be discussing our non-GAAP financial results and metrics for the third quarter. Specifically our reported non-GAAP results exclude stock based compensation, the amortization of intangible assets, acquisition related costs, restructuring charge and non-recurring tax benefits related to the Mandiant and nPulse acquisitions. Our 2013 non-GAAP financial results also exclude changes in the fair value of the preferred stock warrant liability. In terms of our financial results, I would like to begin with a summary of our significant development that occurred in the quarter. First, we continue to expand our business to the very rapid rate in the quarter. With year-over-year quarterly billings growing at 133%, year-to-date billings growing at 138% and sequential billing growing at a very strong 45% over Q2. Similarly we experience year-over-year quarterly revenue growth of 168%, year-to-date revenue grow at 171% and sequential revenue growth of 21%, a strong indicator given the 62% of our business is subscription based. This growth occurred in all of our global regions and all of our market segments. Second, we experience rapid market adoption of our new product subscription offerings in the third quarter, in particular we had strong positive reception from our customers grow FireEye-as-a-Service offerings. FireEye is uniquely positioned to deliver on the stock based consumption models compared to any competitors because of our unique proprietary threat intelligence that allows our experts to provide the highest level of rapid threat detection, assessment and remediation available in the market today. We believe these offerings will be a key component to our continued expansion of our market share. Third, as you know there are many high profile cyber breaches that occurred during the third quarter. Our Mandiant team of incident responders were on the frontline of dressing and resulting many of these breaches, which enhance our incident response revenues. More importantly these engagements increased our pipeline of opportunities as these companies look to FireEye to deliver security solutions that address the shortcomings of the legacy firewall and other technologies. And finally you will note in my upcoming comments that we made significant progress in the third quarter in improving the leverage in our financial model. This impart relates to the rapid growth in billings and revenue I just summarized, but it also relates to cost optimization we achieved in the third quarter. We successfully reduced cost inefficiencies in our global headcount facilities primarily related to our acquisitions and we did so without reducing any of our focus on investments in our future growth. We will continue to further optimize our cause and drive growth going forward, to continue down our path to profitability. With respect to our Q3 financial results our billings grew to $165.1 million from $70.8 million, a 133% increase year-over-year. There are several key drivers to the billings growth we achieved in the third quarter. First, we continued the rapid expansion of our customer base, our worldwide customer base grew from 2,761 customers in Q3 from 1,349 customers in Q3 of last year, a 105% increase year-over-year and a 54% increase on a pro-forma combined basis. Our total billings growth was further driven by our business models the centers around recurring subscriptions and support. Our recurring subscriptions and support billings grew to $102.6 million from $41.5 million in Q3 of last year, a 147% increase year-over-year and a 93% increase on a pro-forma combined basis. Our recurring subscriptions and support billings accounted for 62% of the total billings in the third quarter. Historically, recurring subscriptions have been driven by 100% attach rate of our suite of subscription and support to our product sales and this continued in Q3. In addition, our FireEye-as-a-Service and Threat Analysis Platform subscriptions continue to add growth to our recurring subscriptions business. Our product driven subscriptions and support contract are paid 100% up front and are non-cancellable. In the third quarter of 2014 our average contract length for new orders is 34 months compared to 31 months in the third quarter of 2013. This increase related primarily to two federal contracts in the third quarter of 2014, both of which has five year terms. Excluding these contracts our average contract length was 29 months. Within total billings our product and product subscription billings include the sales of our appliances, our DTI cloud subscriptions, our email URL engine subscription, and our continuous monitoring subscriptions as well as subscriptions for our FireEye-as-a-Service and threat analytics platform. Our product and product subscriptions billings grew to $116.1 million in Q3 from $52.5 million in Q3 of last year, a 121% increase year-over-year. Our combined renewal rate remained above 90% for Q3, which drove billings growth and is another indication of the high level of our customer satisfaction and the value provided by our solutions. This rapid rate of growth in our billings continues to increase our visibility into future revenue streams. Our deferred revenues grew to $282.9 million in the third quarter a 51% year-to-date increase over deferred revenues of $187.5 million in Q4 of 2013. Turning to revenues our total revenues grew to $114.2 million in the third quarter, which was a 168% increase over $42.7 million in third quarter of 2013. Our product and product subscription revenue grew to $81.1 million in Q3 of ‘14 from $34.8 million in Q3 of ‘13, a 133% year-over-year increase. On a pro-forma combined basis our product revenues, product subscription revenues and combined product and product subscription revenues all grew at a rate in excess of 55%. Our customer support revenues grew to $14.2 million from $6.9 million in Q3 of the prior year, a 105% increase. Our total subscriptions and support revenue grew to $47 million in Q3 of ‘14 from $18 million in Q3 of ‘13, a 161% year-over-year increase. On a pro-forma combined basis, our total subscription and support revenues grew at a rate in access of 70%. Our professional services revenues increased to $18.9 million in the third quarter of 2014 from $955,000 in Q3 of ‘13. This increase is primarily related to the addition of Mandiant’s incident response business in 2014. In the third quarter, we experienced strong growth in our incident response organization, as they were called upon to respond to many of the high profile breaches that occurred during the quarter. Excluding professional services our geographic mix in Q3 included approximately 72% of our revenues coming from U.S. accounts and 28% coming from international accounts compared to 71% and 29% respectively in Q3 of ‘13. The significant revenue contribution from international regions is validating the investments we have made in these markets. Our product gross margin remain strong in Q3, as a percentage of product revenues or product gross margins were 74% in Q3 ‘14 compared to product gross margins of 71% in Q3 of ‘13. These strong product gross margins in the third quarter related to improved product discounts as well as better leveraged in our manufacturing operations. As a percentage of subscription and service revenues, our gross margin were 69% in Q3 of ‘14 compared to 72% in Q3 of ‘13. This decrease relates to a higher percentage of professional services revenues in Q3 of ‘14, which had gross margins of 53%. Our total operating expenses increased to $153.7 million in the third quarter of 2014 from $68.6 million in Q3 of last year. While we continue to increase our investments in R&D, sales and marketing and global infrastructure. Our operating expenses as a percentage of revenue decreased from 161% in Q3 of 2013 to 134% in Q3 of ‘14. This decrease impart relates to a successful optimization of our cost model in Q3, we incurred approximately $2.8 million of onetime charges related to these actions in Q3 and these charges are comprised primarily of severance cost and access lease cost. Each of our operating expense categories improved as a percentage of revenue in Q3 of ‘14 compared to Q3 of ‘13 and most notably our investment in sales & marketing is a percentage of revenue decreased from 95% Q3 of 2013 to 75% in Q3 of ‘14. This improved leverage is resulting from the continuing expansion of our revenues in our domestic and international markets, the increasing productivity of sales force as they ramp up and the more highly leverage sales that we are generating in the middle market through our inside sales reps. In terms of our financial condition we exited the third quarter with approximately $398 million of cash and investments on hand. Our operating cash flow improved sequentially from negative $62 million in the second quarter to negative $46 million in the third quarter just ended. In addition our free cash flow improved sequential from $79 million negative in Q2 to negative $71 million in Q3. Our accounts receivable increase to $156 million at the end of Q3, our aging and collections remain very strong, this increase in receivable relates to higher billings in the quarter as well as the higher percentage of these billings occurring near the end of the quarter. Our inventory levels remain stable and we do not anticipate any issues with respect to access or obsolescence in our stocks. In terms of guidance for the fourth quarter of 2014, we expect our billing to be in the range of $195 million to $210 million. This results in a range of billings for the full year 2014 of $573 million to $588 million with a midpoint of $581 million, an increase from our previously issued guidance of $560 to $580 million with a midpoint of $570 million. With respect to our revenue guidance, we’ve experienced a rapid market adoption of our FireEye-as-a-Service offerings in particular in the third quarter. This is a very positive development for our business, as it validates market interest in these product offerings, which further enhance our recurring subscription model. However, we recognize revenue for these product offerings ratably versus in period and as a result this shift in mix affects the amount of in period revenue generated from our billings. This impact can been seen in our Q3 results, where we guided a range of revenues from $114 million to $117 million and reported revenue at the lower end of this range despite the billings result that exceeded our guidance range. So for Q4, we expect our revenue to be in the range of $135 million to $147 million with a midpoint of $141 million. This is a wider range of outcomes than our historical guidance ranges to allow for the impact of this evolving mix shift. This guidance translates into an annual guidance range of $418 million to $430 million for revenue with the midpoint of $424 million, compared to our prior guidance of $423 million to $430 million with the midpoint of $426.5 million. We expect our Q4 gross margin to be in the range of 70% to 73%, for operating expenses as a percentage of revenue in Q4, we expect R&D spending to fall in the range of 34% to 37%, sales and marketing spending to fall in the range of 70% to 73% and G&A spending to fall in the range of 16% to 19%. Based upon our estimated weighted average shares of 144 million shares, we expect our loss per share in Q4 to fall within the range of $0.46 to $0.50 per share. This guidance for Q4 gross margin and operating expenses aligned with our prior annual guidance, such that we reiterate our annual guidance for 2014 gross margins in the range of 69% to 72%, R&D spending in the range of 41% to 44%, sales and marketing spending in the range of 76% to 79% and G&A spending in the range of 18% to 21%, excluding the impact of tax benefits related to the Mandiant and nPulse acquisitions, we expect to record a tax provision of approximately $1.7 million to $2 million in the fourth quarter. Based upon our estimated weighted average shares outstanding are 142 million shares we reiterate our expected loss per share in 2014 of $2.05 to $2.15 per share. That completes my prepared comments and I’ll return the call to Dave for some closing comments and Q&A.
Dave DeWalt:

All right, thank you, Mike. And before we turn it over for some Q&A just a couple last thoughts. First of all, we had a very strong quarter; we accelerated our momentum in this quarter. Obviously the growth rates here 133% year-over-year on billings, 168% year-over-year on revenue, when you look just the sequential 45% growth quarter-over-quarter in billings, 21% growth quarter-over-quarter in revenue, 74% gross margins, 23 deals over $1 million, record numbers of contracts and customers for the company, great momentum, great business we are continuing to take the lead in this threat landscape. Obviously the MPX threat detection engine is really the hallmark to that coupled with our response framework FireEye-as-a-Service. I believe our investments in R&D are really accelerating the pace here in terms of our ability to execute and we’re going to continuing to do that. So with that, I’d like hand the call back over to Jonathan and Kate for some Q&A and we’ll go for that. Jonathan?
Operator:

Certainly. (Operator Instructions) Our first question comes from the line of Daniel Ives from FBR Capital Markets. Your question please.
Jim Moore:

Thanks guys, it’s actually for Jim Moore for Dan Ives, maybe if you can just talk a little bit about the puts and takes in guidance. What we might really expect around the services as we go forward just giving the shift in subscriptions and the transition there? And is it really happening at a faster pace than you would have expected or is it kind of in line with your expectations? Thanks.
Dave DeWalt:

I’ll start, Mike feel free to add on here. No, we’re seeing a fantastic acceleration as I said in the business. What’s really being occurring here from a billings point of view is that we’re seeing a mix change a bit, a lot of our customers love the combination of FireEye and Mandiant as a capability and really when you take a step back when customers have a breach or customers having an epiphany that they could be breached, you are finding them looking at a whole new model and when they look at a whole new model they tend to look at the totality of our solution, which is what we call FireEye-as-a-Service. So as we saw the subscriptions piece, the product subscription piece really accelerate and a lot of that is directly related to the breaches you’re seeing everyday in the paper. We respond to those breaches, those breaches are converting to product subscriptions and it’s accelerating. So the mix change is happening and we think it’s a very strategic change that’s occurring and it allows us to be trusted advisers, that allows us to be stickier with the customer, perhaps more ratable on our revenue model and as you could tell we raised our guidance as well for billings going from the number are $540 million to $560 million beginning of the year, now $573 million to $588 million here for the full year. So we feel very bullish about the business and the model and obviously the performance. So any color there Mike, you want to add?
Michael Sheridan:

Yes, I would add a couple of things. I think first of all if you go back to the very beginning of the year when we guided the ranges of our revenue mix we said that products would represents 40% to 45% of our mix year-to-date through the end of September for a 39%, we said that our subscription support revenues would represent 40% to 45% or 43%, we said that professional services would be 15% to 17% or 18%. So the visibility that we had into the business at that time compared to our actual performance aligns very well. What we have seen especially in our most recent quarter is some of the consumption model that we offer FireEye-as-a-Service where our customers can access our technologies and our expertise in a subscription based model has outperformed our expectation, that’s a very positive for a business. So to be at a 39% instead of a 40% on the in period product versus subscription base products for us this is a very strong positive. That said we have a model that has some elements to it that on a predictability basis for exact in period performance for revenue little more complex than other models out there and we feel very good about the predictability of the business so far through the third quarter.
Dave DeWalt:

And last comment just there Tim for you is the power of FireEye now, when you look at our go to market motions. We have a product led motion that has a number of subscriptions behind the core product. Typically that product is either a web or email product, behind that now we have quite a few subscriptions that we sell as a part of that, it’s our threat intelligence. Now our advanced threat intelligence, our IPS solutions, our continuous monitoring solutions. So we’ve lot of sort of blaze if you will subscriptions behind our core product web model that’s driving a mix towards product subscriptions. And then conversely we have a service led model that’s largely Mandiant’s model, which drives from an IR engagement, our instant response engagement instead of converting to product in period, we’re now converting to product subscriptions, again creating more leverage for the company over a period of time. But those changes is really I think are pretty positive sign because you’re seeing that this kind of old model of buying premise based kinds of securities changing through a new model and we think we’re pretty uniquely positioned with FireEye-as-a-Service, with our subscription capabilities and obviously you see that reflected in our billings growth and raising those numbers. Next question?
Operator:

Thank you. Our next question comes from the line of Gur Talpaz from Stifel. Your question please.
Gur Talpaz:

Thank you. So you exceeded billings by $10 million in the quarter, yet revenue kind of came at the low end of guide. You talked a fair about this, but it seems like most of it is really due to the strong adoption of FireEye-as-a-Service and the deferred nature of those revenues. My question is how do you maintain the traditional sales model with these customers that adopted FireEye-as-a-Service, do you think you would have exceeded your revenue guidance for the quarter?
Michael Sheridan:

I think that we had product subscriptions that were ratable compared to in period product that absolutely would have I remember the revenues that we recorded were in the range that I have guided and yes certainly the small differential from the midpoint, there is plenty of product subscriptions that would have otherwise been in period that would have accounted for that gap.
Gur Talpaz:

Got it. And with regard to your sales force, do you incentivize them to sell one way or another? Are they given an incentive to sell FireEye-as-a-Service or do they have free will on how they approach their customers?
Dave DeWalt:

We don’t really differentiate from one product to another obviously now we have a whole series of FireEye products and now a rebrand Mandiant products under FireEye’s label. We don’t differentiate quite frankly a dollar for any of them. And that’s a good thing in lot of ways because it allows us to adapt and be agile in terms of what the customer is requesting from us. And again we’re seeing a shift towards more of a cloud based model, more of a subscription based model. I mean it’s not severe it’s just that we’re watching that each quarter try to move in that direction particularly in the Mandiant portion of the business, where we’re seeing internet response convert to a product subscription versus an end period product and that’s largely the difference you are seeing is that model service led converting their subscriptions not product, which is great because we’re getting longer term contract more stickiness with the subscription and thing and I think the efficiency is actually quite good with that sales force in that model.
Gur Talpaz:

Got it. And just one last product question. Can you talk about the customer interest level in the new end plan offerings that they come out here in Q4? Thank you.
Dave DeWalt:

Yes. We’ve been really gaining momentum and I think this is strong area for the company, if you look at when Mandiant was acquired we had an endpoint platform which was a critical element to our decision to acquire it. It was largely based on some new features in the endpoint landscape that hadn’t been seen before, things like validating malware, containing malware, searching for malware, being able to remediate now where and now what we’re doing is adding more capabilities around that including detection and ultimately prevention on the endpoint. We’ve now combined some of the Mandiant offerings with our mobile threat endpoint solution, which we’ve now added not just the Android platform but now the Apple platform. So we have a very comprehensive solution that allows us to look at all end points across an entire architecture, be able to do things and respond to malware like no other. We now have all the mobility capabilities and soon to do all the detection and you’re seeing that every day when we walk into IR engagements, we load that endpoint, we search for malware, it’s highly effective we convert those engagements to endpoint sales. So our model is pretty powerful and you saw some of the numbers over a million endpoints this past quarter added to our customer base and of course the number of customers and the size of those customers is very, very strong. So we like that platform or going that platform out I think we’re pretty uniquely positioned on the endpoint as we go into 2015. Thank you.
Kate Patterson:

Next question, please?
Operator:

Thank you. Our next question comes from the line of Brent Thill with UBS. Your question please.
Brent Thill:

Thanks. Mike, just the DSO had a major jump, and I know you mentioned the billings happened later in the quarter. It just seems like a number of the security vendors had a much more linear quarter, but you’re talking about having a much more back-end loaded quarter. Was that related to some of the sales changes that you made, or are there other factors at play here?
Michael Sheridan:

No, first Brent I would say that if you look at our DSOs quarter-over-quarter I think they are pretty flat actually. The back-end loaded nature of our quarters primarily has to do with the back that we’re selling into the enterprise and I think it’s a pretty typical element of most enterprise software companies and their sales model. The aging of our receivables remains extremely strong, very little if any write-offs the high credit worthiness of the customers into which we’re selling remains very stable and it’s a timing issue. We spend a lot of timing trying to figure out how to improve that linearity, I think that some of those techniques are starting to show some promise. But to be clear I think from a DSO standpoint that the business is pretty stable.
Brent Thill:

Okay. And just back to the migration to a service. The reduction in the guidance for the full-year, I would assume that is predominantly given the ship, there’s no other things that you are seeing in the business that you’re concerned about that you would take revenue lower, and the follow on to that is, for Dave, how over time do you expect as a mix shift of the overall business, what percent as a service is going to occupy because it’s obviously going to have a lot of ramifications for all of our models as we look out the next couple of quarters?
Operator:

Ladies and gentleman, please stand by. Your program will begin in moment. You may proceed.
Kate Patterson:

Thank you. Hi, it’s Kate we’re sorry about that disconnect there. But Brent if you would like to finish your question.
Brent Thill:

Yes, just the question was just the migration as a service and how you think that will progress over the next couple of quarters, and Mike, I would assume that in the fourth quarter guidance you basically took down the guide for all of the transformation as a service rather than any other weakness you are seeing in the core business?
Michael Sheridan:

I’ll start with an answer to that, Brent yes we came out of Q3 billing that the business performed very strongly and we feel the same about Q4 and that’s why we’re raising in our billings guidance, the change in the revenue mix has to do with the fast adoption of our FireEye-as-a-Service subscription offerings and that really is the key to the change.
Brent Thill:

Great, thanks.
Dave DeWalt:

And Brent this is Dave just a follow on their and I just want to make sure it’s clear for you and for everybody. You just got to understand the way the service model is working because when we do an internet response and I’m sure you’re all seeing there is a whole lot of breaches happening right now in a lot of large companies we’re in the middle of most of those large engagements. But once was a service model that had an internet response that converted to in period product is migrating, it’s changing and it’s changing to a service, it’s changing to what Mandiant I’d call the managed defense service, but now that we’ve put FireEye technology into there we call FireEye-as-a-Service. So what we were finding is the conversion from service model to product is changing to service model to product subscription, that in essence is the core of what’s happening and the more IR engagements we get involved with the more compromise assessments we do, the more that shift a product to product subscription occurs. And again in a long way, because they are signing up for a bigger version of our solution, not just what once was Mandiant managed defense, but now totality of FireEye product together with the managed defense solution. So this is what we’re building out with SingTel, we’re building out with the other service providers. So we see more of that coming in terms of customer adoption, more opportunity there and you’re seeing that a little bit in Q4’s guidance, but at the same time we think it opens up a lot more markets little more sticky for all the reasons we said. I just want to make sure that was clear to say you kind of heard that that’s the primary shift we’re seeing. Next question?
Operator:

Our next question comes from the line of Rick Sherlund from Nomura. Your question please.
Dave DeWalt:

Hey, Rick.
Rick Sherlund:

Can you touch on the status of the IPS solution? Is that selling well in the market now or are there still things that you need to do before you expect that product to gain a lot more traction, and maybe you could chat a little bit as well as about do you need to push more into the mid-market, and are you happy with the channel progress that you’ve had trying to reach down market a bit? Thank you.
Dave DeWalt:

Sure, Rick. So couple of comments there and Mike feel free to add on. So couple of things, IPS is doing well we’re finding a real opportunity largely because signature based solutions are pretty ineffective right now against these types of attacks that are breaching all the companies and we’ve created a much most effective model to do some signature solution couple with our virtual machine. So we’ve seen some good adoption of those combined capabilities, that’s been very positive, this is our first fall quarter now or having that product production and as you can probably tell we had some very strong adoption of our NX platform in this particular quarter. So that’s also a good segue because you mentioned the mid markets obviously offering these capabilities, both virtual machine plus the IPS, plus now nPulse and we have a nice nPulse quarter as well. You kind of see a combination there that enables us to continue to cross sell or land and expand with our core platform and the channel is picking up well. We have really expanded up to 992 partners as I mentioned this is up from 127 in 2012, we had 43% growth sequentially in deal registrations over $150 million of pipeline created quarter-over-quarter just from the channel, and that’s kind of the traditional model selling now the FireEye-as-a-Service model where we’re getting MSSPs engaged actually gives us an opportunity in 2015 to do even better with the channel, with the partnerships like SingTel, Verizon, Deutsche Telekom and others. So we are working hard on that channel, working hard to getting leverage and so far so good the metrics look positive. Good question.
Michael Sheridan:

Yes, Rick I would add to it. If you look at our performance in the middle market, it’s a good question because it’s a very important part of our growth. We’re doing very well in the middle market as you know our inside sales reps globally are primary go to market strategy for succeeding in the middle markets. And if you look at our growth on a bookings basis in that segment of the market we believe we’re taking significant market share.
Kate Patterson:

Next question, please.
Operator:

Our next question comes from the line of Raimo Lindshell from Barclays. Your question please.
Unidentified Analyst:

Hi guys, it’s [Sackett] on for Raimo. Thanks for taking my questions. First one for Mike, Mike can you remind us how the collections work for some of the different product subscriptions like FireEye-as-a-Service, and then similarly, how do the margins on a product subscription sort of differ then the product business?
Michael Sheridan:

Hi, Sackett. So first on collections. All of our contracts are built and collected upfront on a non-cancelable basis. As you know we sell typically in our attach rate products with our appliances one and three year subscriptions with the couple of exceptions in Q3 where we sold some FED contracts of five years subscription. But all of those are billed and collected up front. FireEye-as-a-Service subscriptions those are also build and collected upfront on non-cancelable basis. And so that part of our business model extends right into all of these new product subscriptions. From a margin standpoint, we think that the margins in our FireEye-as-a-Service and those products subscriptions remained very attractive and very consistent with our current financial model I guided gross margins for 2014 in the range of 69% to 72%, our long-term target model is 75% to 80% gross margins and we think that these products are very well aligned with that model.
Unidentified Analyst:

Got it. And then for my follow-up, a quick question for Dave. Dave, you talked about FireEye-as-a-Service being complementary to the MSSPs. Can you just talk about that versus, actually it maybe sounded a little competitive, so I was just a little confused on that. And then just along the competitive landscape question, how does –does FireEye-as-a-Service does it change the competitive landscape at all is really the question? Thank you.
Dave DeWalt:

Sackett it’s a good question because at first level you might think that but in reality it’s not really the case. You got to remember sort of what the legacy model is for a lot of the managed security providers and that model is largely using kind of a SIM or a security information of net manager to collect alerts of a network or of endpoints, you tend to look at the SIM or information to determine whether or not something is occurring and the reality of that model is it’s not working very well we’re seeing all the breaches that you are seeing a lot of these devices now are false seeing at 99% rate. They have very, very high alerting sometimes in the millions of alerts, and what happens which was documented pretty heavily our target during their retail breach there was they just got overwhelmed by alerts and had a hard time seeing the true positives that were occurring from a FireEye type appliance from all the other alerting that’s coming out. So what you end up seeing here is a little bit of shift that’s happening not only is the customer asking for a different model, saying hey instead of looking at all these false alerts to a SIM and perhaps engaging a contract with an MSSP to look at alerts they are flipping in around and saying hey let’s look at a more proactive, more adaptive model maybe we start to do sweeping, we start searching and hunting for malware and we start turning around that proposition. So one MSSP at a time is sort of looking at that model saying instead of being reactionary perhaps we could augment that with something proactive and that proactive model comes from FireEye-as-a-Service. And like I said we signed up few of these already I think they’re seeing it is a very powerful model and plug-in to what they currently doing. So kind of it creates a best of both worlds, kind of detection and prevention coupled with compliance, each side offer some solution and by the size of investment $50 million that SingTel is putting into this you can see kind of the power of that in terms of our opportunity to drive and leverage their type of model in the Asia market. So I think you’ll see more of this and I think you’ll see the MSSP model solely shift from a reactionary model to a pretty proactive model and you’ll see FireEye at the heart of a lot of that. So that’s what we’re showing and I think you’ll see lack of competition there as most of these vendors move to a new model or augmented model.
Unidentified Analyst:

Thanks very much.
Dave DeWalt:

Yeah, thank you.
Kate Patterson:

Next question please.
Operator:

Our next question comes from the line of Greg Moskowitz from Cowen & Company. Your question please.
Greg Moskowitz:

Thank you very much. Just had a couple questions first either for Dave on Mike. Just so we’re clear on the net effect, because I think there is a little confusion, or at least uncertainty, can you give us a sense of what the average financial impact is on both billings and on revenue if a customer if a customer buys FireEye-as-a-Service in lieu of an appliance.
Dave DeWalt:

The average financial impact whether they buy on-prem versus subscription as a service. What’s the difference? That’s the question you were asking.
Greg Moskowitz:

That’s right, Dave.
Dave DeWalt:

I mean it all depends on the size of customer, but generally it’s very similar if anything we’re actually seeing larger contracts with the FireEye-as-a-Service and remember again a lot of those are coming in at the infinite responding model where they had a breach, they had a kind of epiphany that there was a major problem with their current architecture that’s converting to a pretty large contract or FireEye-as-a-Service. So if anything we actually see in larger contracts were that so far, but now that we’re now bringing them down market to with some of our partnerships. So I think in the end sort of the defense-in-depth model where you just add boxes to the problem and hopefully that continues because we’re participating in that as well. Or going to a security as a service model, eventually I think you’ll see a cost neutral there as customers kind of look at both options and decide which they do. I think the difference is, is there a breach, was there something publicly disclosed, how big of an impact that it have on the company and I guess what’s really encouraging here at least for us in our model the more the impact, the more the education, the more they realize that old model is not working and there is a new model that’s better and more efficient and perhaps even more cost efficient than the old model and that’s we’re seeing the adoptions.
Greg Moskowitz:

Okay, so that’s helpful, Dave. So effectively it’s, obviously it’s a revenue drawdown, but it sounds as though it’s, if anything, a modest net billings uplift?
Dave DeWalt:

Yes on a bookings basis thus far has been very positive just because of a larger contract size is and we hope that continues obviously. But we’re going to be offering this all over the world now. We’ve now build security operation centers in Dublin, Ireland we’ve built some in two in United States, one in Singapore, we’re building another one in Sydney, Australia is part of the SingTel partnership. So we’re going global with it, we’re going down market with it and this utility much like you think of is like I don’t know home security like ADT for your home, you coming in and instrument your homes, smoke alarms, sensors things like that and then it’s monitor from a cloud, from a service center. We are doing the same thing and we’re very proactive with the model with all the intelligence that we gather. It’s really, really a powerful model chains that we’re seeing. And I think over the time might you’ll see more adoptions of this particularly as we get partners. So pretty positive. Yeah, Mike.
Michael Sheridan:

And Greg one thing I would add to that is over a customer’s life the value of these FireEye-as-a-Service engagement are subjected to renewal opportunities for us. So that’s another positive model.
Greg Moskowitz:

Right, and then if I can ask just a quick follow-up, Mike? This was the first quarter in which net headcount was virtually flat and I’m wondering if you could just comment on hiring this quarter? How it compared with what you had expected heading into the quarter, as well as what we should look for going forward?
Michael Sheridan:

Yes, so the flatness to the headcount, as you know we did go through some cost optimization work and some restructuring in the third quarter, it effective that headcount, so you’re looking at a net number. I would say the following we hired well over 100 people in the quarter. Our focus remains on growth across the business in particular in the area of sales. So that blended flat as you have to factor in both the reductions and the additions together that’s netted out.
Greg Moskowitz:

Great, thank you.
Kate Patterson:

Next question, please.
Operator:

Our next question comes from the line of Sterling Auty from J.P. Morgan. Your question please.
Sterling Auty:

Thanks. Hi guys. I think Gregg was going down the right path here. I think the feedback I’m getting from investors is they get the ratable recognition, the impact to revenue with the model shift, but where everybody is pinpointing is the fourth quarter billings guidance. I know you raised the full-year. You blew out the third quarter, and you’re talking very positively, but the overwhelming feedback I’m getting is, I look at that fourth quarter guide and it looks like you guided down on billings. That’s why we’re all looking for whether subscription has maybe, on an apples-to-apples, a lower contributions to billings because you don’t have the hardware component, or did you pull forward deals in the third quarter? People are really just trying to gauge what the message is with the fourth quarter billings guidance specifically.
Dave DeWalt:

Yes Sterling, again I wouldn’t read into it as much as maybe I just heard there, we’re obviously positive up the year, positive about the growth that we’re seeing and we were just trying to make sure we got a good number there that we can achieve and at the same time we conscious about the mix chains that we’re seeing in our business. So we did have some good strong Q3, we’re factoring that in as we look at Q4 and the combination of the second half when you look at what we came out of Q2 and what we guided to for Q3 and Q4 that number is consistent and up. So when you just kind of look at it in parts we feel good. Anything you want add Mike?
Michael Sheridan:

Well I think just at the highest level last quarter we guided $560 million to $580 million on the year when out guiding $573 million to $588 million on the year. So that’s certainly is not a reduction, I think that if you just simply assume that all of the out performance in Q3 gets factored into the guidance that’s not the right way to think about it either of course we forecast the second half and you can have some positive timing on certain transactions and so forth that affected to a minor degree. But overall I think the message on billings is we raised the guidance and we’re feeling very good about Q4.
Sterling Auty:

All right. And one question in a different area. You talked about over 90% renewal rate, but can you just give us a sense of as you’re going through those renewal transactions, what is the upsell cross-sell? I didn’t quite – if you can characterize that for me that would be great?
Michael Sheridan:

So I would tell you Sterling the statistics that we closed is the customer based statistic the much more conservative one. If you were to look at a dollar based renewal and were to factor in cross-sell and up-sells is a significantly higher number. We have a lot of success in going back to customers and the renewal cycle, with up-sells we don’t publish what those results are, but the way we want you to understand the renewals in our business is that the numbers we provide to you are the most conservative posture we take on it. We have an extremely strong renewal base in our business and that continued in Q3.
Sterling Auty:

All right, thank you guys.
Dave DeWalt:

One more question?
Kate Patterson:

Yes.
Operator:

Our final question comes from the line of Jonathan Ho from William Blair. Your question please.
Jonathan Ho:

Hi guys. I just wanted to get a sense from you – I don’t want to beat this to death, but basically what percentage of the new customers elected SaaS this quarter, and where do you see that number headed as we think about the impact to the models? That would perhaps be helpful in terms of just forward modeling.
Dave DeWalt:

This is Dave. We haven’t given out percentage of what’s the new customers are buying premise versus subscription, our product subscription. But I will give you this and I think this is the most important element, it’s seen that service led area that you see a pretty large shift from once was in period revenue related to the Mandiant product to now Mandiant defense or FireEye-as-a-Service as we bring it all together, most of the conversions from internet response or service-led engagements are tripping into a large subscription kind of model for us and that is the big part of the shift. Now we’re also giving a lot more add-on sales to FireEye’s model, where our core product is driving subscriptions behind it in the form of a number of other capabilities like a lot of our threat intel and some of our other services. So it’s a little bit of combination of the majority of the customers buying post IR are now driving into product subscriptions that’s the biggest percentage change and that is majority kind of number or greater just to give you a sense whereas a year ago that was a much a smaller percentage.
Michael Sheridan:

And I would add Jonathan, if you look at Q3 when you looked at our revenue guidance we had ranged it at $114 million to $117 million we came on the lower end of that at $114 million, but we were within the range. And so this effect that we are talking about in Q3 had a $1 million to $2 million kind of differential in our modeling. So what we’re looking at in Q4 is we’re seeing just a significant uptick in customer interest in these consumption models for our product. And so we’re trying to back with that in to the outlook for Q4 as we talked about before, with the billings going up and trying to be factor this makes sense. So we’re not giving out the exact percentages of how which customers are taking which format, but we believe that we’re analyzing the data correctly to try to capture these trends.
Jonathan Ho:

Got it. I just had one follow-up question which was is the SaaS model actually making it easier because the customers to buy or to consume using this model and therefore maybe bypass some of the upfront mix expenses associated with an appliance?
Michael Sheridan:

Absolutely that’s happening Jonathan, because what’s occurring here is you have options now between CapEx and OpEx to use, and as you know there is a bit of shortage of experts in the security industry. They are looking to augment their staffs or even how us run a lot of it for them and they are using combinations of budget from CapEx or OpEx to purchase and being able to be flexible when delivering a solution to a customer is required here, especially in the security breach environment. Sometimes they have the money one area or sometimes the other or combination of the two. We’re provider now as a company who can deliver any of those models or combinations of those models for our customers. So I think it’s a powerful strategic advantage against our competition not only with the people and the product and the intelligence together, but also the form factors that it can buy from CapEx or OpEx for us. So it creates unique capability that really we now can do. Thank you.
Dave DeWalt:

Okay, with that I’d like to say thank you for joining us today in our third quarter earnings call. As Kate said at the beginning we’re at a number of conferences coming up the Wells Fargo Conference, the UBS Conference, the NASDAQ Conferences. Mike and I’ll be at a few of those. So look forward to meeting everybody and thanks very much. Take care.
Operator:

Thank you, ladies and gentlemen for your participation in today’s conference. This does conclude the program. You may now disconnect. Good day.

Mandiant, Inc. Q3 2014 Earnings Call Transcript

Other Mandiant, Inc. earnings call transcripts:

Mandiant, Inc.
Q3 2014 Earnings Call Transcript