Mandiant, Inc.
Q2 2015 Earnings Call Transcript

Published: 31 Jul 2015

Operator:

Good day, everyone, and welcome to the FireEye Second Quarter 2015 Earnings Results Conference Call. This call is being recorded. With us today from the company is the Chairman and Chief Executive Officer Dave DeWalt; Chief Financial Officer, Michael Sheridan; and the Vice President of Investor Relations Kate Patterson. At this time, I would like to turn the call over to Kate Patterson. Please go ahead.
Kate Patterson:

Thank you. Good afternoon and thank you all for joining us on today's conference call to discuss FireEye's financial results for the second quarter of 2015. This call is being broadcast live over the Internet and can be accessed on the Investor Relations section of FireEye's website at investors.fireeye.com. With me on today's call are Dave DeWalt, FireEye's Chairman of the Board and Chief Executive Officer; and Michael Sheridan, Senior Vice President and Chief Financial Officer. After the market closed, FireEye issued a press release announcing the results for the second quarter of 2015. Before we begin, let me remind you that FireEye's management will make forward-looking statements during the course of this call, including statements relating to FireEye's guidance and expectations for the third quarter of 2015 and the full year 2015; growth drivers, market opportunities and opportunities with partners; customer demand for and adoption of FireEye's products and services; continued growth and momentum in FireEye's business and the ability to expand growth opportunities; trends in FireEye's business and operating results, customer wins and partnerships; FireEye's competitive position in the market, expectations regarding the timeframe to achieve cash flow and operating targets; the expansion of FireEye's platform and availability of new offerings and CFO's transition. These forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. These forward-looking statements apply as of today, and you should not rely on them as representing our views in the future. We undertake no obligation to update these statements after the call. For a detailed description of the risks and uncertainties, please refer to our SEC filings as well as our earnings release posted a few moments ago to our website. Copies of these documents may be obtained from the SEC or by visiting the Investor Relations section of our website. Additionally, certain non-GAAP financial measures will be discussed on this call. We've provided reconciliations on these non-GAAP financial measures for the most directly comparable GAAP financial measures in the Investor Relations section of the website as well as in the earnings release. Thank you. I'll now turn over the call to Dave.
Dave DeWalt:

Okay. Good afternoon, everyone, and thank you Kate, and thank you everyone for joining us on our call today to discuss our Q2 results. First of all, let me say, Q2, 2015 was one of the strongest quarters the company had ever. The combination of accelerating growth, increasing market share, expanding portfolio of products, and now positive cash flow from operations really led to historic milestones for the company. The power of our virtual machine platform of now network endpoint and cloud coupled with our powerful Mandiant services continues to drive a lot of new opportunities for the company, and really best-in-class growth across the security industries. Since the second quarter of 2013, just two years ago, we've now quadrupled our business and raised our billings guidance eight consecutive quarters. Having said that, I'd like to thank all of the 2,771 employees, our customers and our partners for their hard work and dedication to our mission, as well as all the shareholders for their continued support. Our continued strong growth has driven improvement and our bottom line as well. Our Q2 operating margin improved by more than 40 percentage points year-over-year. The power of our recurring subscription-based model, combined with our explosive growth was demonstrated by our cash flow performance. We generated more than $39 million in operating cash flow, and $27 million in free cash flow this quarter. As a result, we're accelerating the target timeframe to cash flow breakeven by more than two years. We now expect to be cash flow breakeven this year give or take about $10 million. Following our successful senior convertible offering, we now have more than $1.2 billion in cash on our balance sheet. I've never been more confident in our future that I am today. We entered the second half of the year with a robust pipeline in new business, growing partner support and a ramping sales organization steadily improving its sales productivity. Based on our strong Q2 performance and our continuing business momentum, we're raising our 2015 guidance ranges across the board. Our 2015 billings guidance increases by $15 million at the midpoint to a range of $840 million to $850 million, implying a second half run rate of over $1 billion. I think this maybe the fastest ramp to a $1 billion in the history of the security industry. And, I believe the best is yet to come. As we continue to extend our technology leadership through innovation including some of the very exciting new offerings during the second half of 2015 and early 2016. We're also expanding the Mandiant securities expertise globally and our Threat Intelligence is becoming more differentiated every day, as we respond to the breaches that matter. In addition, we continue to strengthen our leadership team at the management and the board levels. In June, for example, we announced that Steve Pusey, Vodafone Group's CTO has joined our board. Steve brings a perspective of more than 35 years of international technology and service provider experience to FireEye. He offers our board strategic technology insights, coupled with the perspective of an end-user, which is important and I'm very excited to welcome Steve to the Board and look forward to the council as we continue the journey. We also had a new talent to our senior management team with two key hirers, one being David Ramirez, who will be joining as President Of Global Government and Vijaya Kaza our new SVP of Cloud Engineering. David joins from us from L3 Communications, where he served as president and brings more than 20 years of experience in global government. Vijaya joins us from more than 17 years of engineering leadership and roles at Cisco. David and Vijaya joined our teams as season sales leaders and talented engineers to help drive progress on our government and cloud initiatives. I'm also pleased to announce the promotion of Grady Summers to our World-Wide Worldwide Chief Technology. Grady hails from Mandiant and prior to that spend many successful years at GE. In addition, we promoted Jason Martin to the position of SVP of Cloud Operations. Jason was formerly the CEO of Secure DNA and brings extensive cloud experience. With growth also comes change, and today we also announced that Mike Sheridan, our CFO since 2011 has given notice of his intention to resign to become CFO of a private technology companies in another sector. Mike was instrumental in the successful execution of our IPO, secondary and convertible debt offering and he leaves us with solid financial foundation. We wish Mike all the best in his future company. We've already initiated an external search for the CFO. And I'm very confident, we'll have an exceptional new leader in this area soon. In the meantime, I'm proud to announce Frank Verdecanna, our VP of Finance will serve as Interim CFO, following Mark's departure in early August. Frank joined us in 2012 as VP of Finance and has been responsible for accounting FPN audit, revenue and tax. He knows our business well, and he has many years of prior experience as a public company CFO. I'm 100% confident of Frank's ability to lead our finance and accounting teams until we hire a new permanent CFO. So, with that, let's drill down on some on the details of our strong Q2 results. Our billings increased by 57% year-over-year and 18% sequentially in acceleration and growth from Q1. Demand was strong across all major platforms, industries, and geographic regions. We added 300 new customers in the quarter, ending the quarter with more than 3,700 customers in 70 countries. The diversity of demand across our product platforms and the strength of our professional services business are among the reasons I'm so bullish on our future. I believe that they both demonstrate the power of our platform to help customers reduce the risk of cyber-attacks. In less than two years, we've gone from two appliance-based products to a broad portfolio of appliance and cloud-based products and services. We now have more than 9 product lines generating more than $10 million in quarterly sales. Each product line offers multiple deployment options, add-on subscriptions, and upgrade opportunities. We also have another six new product and service lines that are emerging as high growth areas all generating over $1 million this quarter. The totality of our platforms is taking shape and we have more to go. Today, the FireEye platform is the only advanced security platform with detection and prevention at every major attack vector. We're also the only vendor to combine our technology with analytics, forensics, and services to support customers through all phases of the threat lifecycle. The breadth of our platform contributes to our momentum in several ways. First, it gives us multiple ways to engage with new customers, it allows us to become a trusted adviser and strategic partner and it drives a steady increase in the number and value of multiple product transactions each quarter. Transactions with more than one product line accounted for more than half of our business in Q2. By the end of Q2, just over half of all customers had deployed more than one FireEye product line. Of the 30 customers who spend more than a $1 million with us in Q2, 29 of them purchased more than one product line, about one third of these large deals also included one or more of our cloud solutions and another one third of them included our end-point security. Additionally, two thirds of these larger deals where the customer purchased Mandiant Technology expertise, which demonstrates demand for expertise as well as our technology. We're in very early innings of the cross-sell up-sell opportunity. I estimate there's an enormous opportunity in our install base, enough we never close another new customer. And as our renovation engine continues to release new products, I believe this opportunity will continue to expand. While our flagship NX network platform continues to anchor our business with new and existing customers, we are seeing strong growth across the platform. Record sales of network, end-point cloud and services demonstrates the power of the platform and underscore the opportunity. Within our network line, we continued to gain traction with new subscriptions, about 30% of our NX appliance that shipped in Q2 included our IPS blade, more than doubling the Q1 attach rate, which had doubled from Q4. We also saw a strong early attach rates to our advance threat intelligence upgrade the DTI which went GA near the end of Q1. Attach rates for this product we're in the double-digits as well. Our e-mail security platform had an outbreak quarter in Q2, reflecting increased customer awareness of e-mail, as one of the top threat vectors for advanced attacks. We're now well over 100 million run-rate in e-mail, supporting more than 20 million users. Rounding at our network products, we also had strong attach rates from our network storage security solutions, called FX and AX as customers are expanding their deployments to include our entire network security platform. In addition, we built strong forward momentum on the endpoint, as customers recognize the value we deliver today and embrace revolutionary virtual machines or ultravisor as we call it endpoint security. Q2 sales of endpoint more than doubled compared to Q2 a year ago. We now have more than 6 million agents deployed, we also closed some large mobile transactions in the quarter. I'm very excited about our endpoint business. The pipeline of new customers is very strong going into the second half of this year. As you can see from our product subscription performance, our cloud solutions, which includes FireEye as a service continued to gain traction. The number of [ph] FAAS customers increased tenfold year-over-year, and our cloud analytics platform achieved a 10 million bookings milestone faster than any other product in our history. I also want to comment on the success of our Network Forensics packet capture platform called PX. Sales of PX were up tenfold from a year ago, making that our fastest growing product in Q2. While this growth is from a small base, remember we just acquired nPulse a year ago. So, that's only a partial quarter, the demand is there, and we believe it creates another large cross-sell opportunity. We're selling our platform to customers in a wide variety of industries as well. Sales to financial services companies and other early adopters continued to grow. But, we booked sizable transactions with companies in traditional, what we call security laggard verticals such as retail, entertainment, and healthcare, as recent breaches drove demand. Many of the non-breach customers reached out to us initially for a security compromise assessment following a high-profile breach in their industry, which is another example of the power of our platform. The government vertical also had a strong quarter both in the U.S. and abroad. And, as I said at the Analyst Day recently winning the government is a strategic imperative for us. Today, more than 70 governments around the world are using the FireEye platform. The international government business reflected solid demand across all geographies. For the first time, we're starting to generate multiple seven figure transactions from international customers. The Asia-Pacific region posted particularly strong performance as our expanded presence in the region and our Singtel partnership opened up new opportunities. The EMEA region also posted strong bookings performance as the sales team began to close their pipeline. With the EMEA sales team now well established, I feel very good about the second half prospects in this region. A few represented international transactions in Q2 included a mid-sized six-figure transaction with a European manufacturer, who committed to the NX network and HX endpoint platforms as they transform their security infrastructure from a reactive, alert driven defense in-depth model to a proactive resilient network architecture. A multi-platform sale to an Asia-Pacific government agency where we're able to demonstrate the efficacy of our network and e-mail platforms compared to other solutions. This customer was very impressed with our roadmap to deploy advance security in the data center with FX and the endpoint with HX and provided advanced forensics with PX. And we have a multiple future cross sell opportunities with that same customer. On Eastern European intelligence agency building across agency security infrastructure to detect and investigate advance attacks and APTs, purchased our product lines. We're able to prove the efficacy of our technology and implemented NX and EX across 60 agencies and more than 50,000 users. While the ramp in sales productivity has been our biggest driver of our growing international business, investments we made in the internationalization of our platform are also starting to help here too. We've released HX in multiple languages in Q2, including Japanese and German. We plan to also open advanced security operation centers for our FaaS offering in both countries, later this year. These investments expand our ability to sell and what I believe could be our number two and three markets in the world. We've also been building technology-enabled consulting capacity internationally as we extend the Mandiant expertise globally. We're seeing significant growing demand, especially outside the U.S. and an increase in government agency referrals has us ramping our consulting head count in both Europe and Asia. In Q2 alone, we conducted more than 115 compromise assessments, up nearly a factor of 10 year-over-year. With a 90% conversion rate to subsequent product sales, often with the value of many times out of the original purchase, ramping Mandiant technology is a key opportunity for us. Additionally, since follow-on purchases tend to spread over multiple quarters and typically include a high mix of reoccurring subscriptions, these service engagements build the long-term billings and revenue stream that support our growth. As an added benefit, our consultants use our end point of forensics or network and our analytics solutions in their work, so each engagement services are a real-time demonstration of our platform capabilities. For example, in one of our Q2 engagements, a Mandiant consultant was using our PX, Network Forensics Platform to complete an investigation. And the in-house team was so impressed with this capabilities that they purchased PX out right, even though they had not considered it before. We've seen this again and again. The services led sales motion still generates a relatively small proportion of our total transactions in any quarter, but is a powerful growth engine for us. In addition to generating standalone business and enables new strategic partnership such as HP and the Visa relationships we announced in Q2. The HP alliance, which is focusing on delivering co-branded advanced security services and FireEye as a Service to HP's largest managed outsource service customers is just three months old and has already generated substantial new pipeline of over $20 million and we closed our first few transactions in Q2 as well. We're also excited about the potential benefits of our alliance with Visa, which brings FireEye Mandiant security assessments and other services to Visa's global network of merchants. We are still working through some of the details of the implementation, but we have already engaged with our first international customers. I believe these non-traditional alliances will play an important role in extending our platform to new market segments. We see broad opportunities to partner with insurance providers, consulting companies, law firms, and other risk management organizations to connect the dots between their practices and our platform. I also believe these next gen partnerships complement, rather than compete with the classic two-tier of our distribution model and a strong VAR channel continues to be an important part of our go-to-market model. The trends in our partner metrics continue up into the right in Q2, as our partner program continues to mature. We ended the quarter with nearly 1,200 active partners and technical assessments and accreditations were up substantially, indicating increasing technical competency and commitment to selling FireEye's solution. In short, the quality of our channel is higher today than a year ago. And as a result, deal registrations for pipeline and partner enabled bookings were all up substantially on a sequential and year-over-year basis. With these highlights of our Q2 performance, I hope I've given you a sense of the breadth and the depth of our demand for advanced security platform. There's no other company in our industry with the technology, the expertise and the threat intelligence as FireEye. These are the three pillars that differentiate our platform, these assets are why we continue to discover more zero days and more advanced attacks and why customers choose FireEye as their strategic security partner. In summary, I believe we're well positioned to benefit as the threat landscape continues to evolve. The powerful synergies of FireEye plus Mandiant are built on a foundation of the best talent in the industry. From our consultants in the field, for researchers in our labs, our analysts, and our engineers around the world we're driven by a mission to protect our customers from cyber-attacks and in the last, I want to thank all of our 2,700 plus employees for their hard work and dedication. With that, let me turn the call over to Mike for his comments on our financial performance, including our strong cash flow and accelerated timeframe to achieve cash flow and operating targets. Mike?
Michael Sheridan:

Thanks, Dave. I'd like to begin my comments with the heartfelt thank you to the management, employees and Board of FireEye for entrusting the CFO position to me for the last four years. And I'd like to specifically thank Ashar Aziz and Dave DeWalt for their outstanding leadership. My decision to accept the CFO position of a private technology company outside of the security industry was solely motivated by the alignment of the challenges of this new role with my personal interests. It is in no way motivated by a desire to leave my current position. To the contrary, I have never been more confident in FireEye's future than I'm today. And this is evidenced by the outstanding financial results I'm about to summarize. Before I begin, let me remind you that, I will be discussing our non-GAAP financial results and metrics, except for revenue which is a GAAP metric, our guidance range is - are also non-GAAP. Echoing Dave's earlier comments, this was one of the strongest quarters in our history. The momentum that drove our results in Q1 in the latter half of 2014 continued to build and we entered the second half of the year, well positioned to execute against our plan. There are several key takeaways from a financial perspective. Number one, we continue to accelerate our progress on our path to profitability. Operating margin improved year-over-year by nearly 41 percentage points and on a dollar basis, operating losses declined year-over-year for the first time since 2012. Operating and free cash flow each improved by more than $100 million year-over-year, demonstrating the power of our model to generate substantial financial returns. $39 million in positive operating cash flow and $27 million in positive free cash flow was the result of strong billings growth, improved linearity, significant improvement in our DSOs and increasing operating leverage. Number three, we maintained our focus on growth, as we expand our installed base of customers, ramped new partnerships and invested aggressively in new product developments in critical areas such as endpoint, analytics and cloud. Our ability to balance investing for growth with improving financial performance demonstrates the tremendous power inherent in our recurring revenue model and the strength of our differentiated product offerings. Turning now to the details of our Q2 top line results, our billings grew to $178.3 million from $113.8 million last year, a 57% increase year-over-year. We achieved continued momentum in our growth across multiple products, geographies and customer segments, containing the trends of the past few quarters, we saw a strong expansion in our customer base. Our worldwide customer base grew to more than 3,700 customers in Q2, from approximately 2,600 customers, in Q2 of last year, a 42% increase year-over-year. With the breath of our platform and the success of our land and expand model, the expansion of our installed base creates significant up-sell and cross-sell opportunities. Similar to Q1, the majority of our Q2 transactions included more than one product family and a growing number of customers purchased three or more products across our technology, intelligence and service platforms. This helped drive an increase in the average deal size to just under $300,000, this compares to an average deal size of approximately $160,000 in Q2 of 2014. Email, endpoint, analytics, FireEye as a Service and network forensics, all contributed meaningfully to our growth this quarter. We also had 30 transactions in excess of $1 million, more than four times the number of seven figure deals in Q2 a year ago. Several of these transactions were new customers, which is further evidence of our diversified growth from new and follow-on orders. The balance between new and existing businesses is another encouraging trends, because it signals the depth of market demand and is an indication the customers are experiencing the value of our solutions, and are increasing the breadth of their deployments as a result. Finally, in terms of growth drivers, the percentage of transactions that closed without a proof-of-value trial increased again and now stands at just over 60%. I believe there are several factors contributing to this trend, including an increasing awareness of our brand and our unique value proposition and the increasing use of our products and compromise assessment and incident response engagements. These engagements allow customers to experience the value of our solutions in their environments as part of the paid transaction. This trend to POV less transactions reduces our sales cycles, as well as the amount of dental appliances inventory we have to keep on hand. As result, that contributes to our sales productivity and our leverage. Within total billings, our product and product subscription billings grew to $121 million from $78 million in Q2 of last year, a 56% increase year-over-year. Our unique ability to offer our advanced security as a service, gives customers greater deployment flexibility and we believe the combined product and product subscriptions metric gives a better indicator of customer adoption of our security platform than either product or product subscriptions alone. Historically product subscriptions have been driven by a 100% attach rate for DTI Threat Intelligence to all our appliance-based products and the URL subscription attached to our email appliances. And, this continued in Q2. Additionally, strong initial customer response to ATI from DTI, and growing adoption of FireEye as a service and our thereat analytics platform and cloud-based email and mobile solutions all contributed to the 72% year-over-year growth and product subscriptions this quarter. This resulted in the continued gradual recurring subscriptions which is a leading indicator for revenue growth. The recurring subscription based portion of our billings include both product subscriptions and customer support and is recognized ratably. In Q2, recurring subscriptions and support grew 71% year-over-year to $103.5 million and accounted for 58% of our billings mix compared to 53% in Q2 of last year. We believe this growth in recurring subscriptions is a positive trend in our business model. It drives future revenue and visibility, expands our base of renewals and strengthens our customer relationships. I'm pleased to report that our renewal rate was again above 90% for Q2 and renewals remain a strong contributor to the growth and subscriptions and support billings. This continued high renewal rate is another indication of high level of our customer satisfaction in the value provided by our solutions. The growing mix of recurring subscriptions in our business model continues to drive growth in deferred revenue, which increase 77% year-over-year to approximately $410 million at the end of Q2. The mix of current and non-current deferred revenue remain consistent with Q1 in historical averages at 57% current and 43% non-current. This reflects the stability in our average contract length which was 31 months in Q2. Turning to revenues. Our total revenues grew to $147.2 million in the first quarter, a 56% increase over $94.5 million in revenue in the second quarter of 2014 and above the midpoint of our guidance range by approximately $5 million. Appliance product revenues were $49.7 million, up 32% year-over-year and represented 34% of total - revenue near the midpoint of our guidance range for Q2 product mix. Product subscription revenues recognized from deferred were $48.5 million, up 73% year-over-year. On a combined basis product and product subscription revenues grew to $98 million in Q2 of 2015, a 49% increase year-over-year. Our total recurring subscriptions and support revenue grew to $70 million in Q2 of 2015, a 75% year-over-year increase and accounted for 48% of revenue, compared to 42% of revenue in Q2 of 2014. Our professional services revenue increased to $27.6 million in Q2 of 2015, an increase of 63% for Q2 of 2014, as we continued to experience the high demand for our Mandiant best-in-class class incident response and security assessment services. While professional services make up a smaller percentage of total revenues, we believe they are a leading indicator for future product and product subscription sales and are critical to our growth and our strategy. In terms of growth, we have a greater than 90% conversion rate to product and product subscription sales following IR engagement. Overtime, these post engagement purchases typically total many times the amount of the original service fees. Additionally, our security assessments often result in discovery of a new breach, driving additional IR billings and subsequent product purchases. Finally, in terms of overall strategy, our incident response consultants continue to respond to the breaches that matter and therefore, have mere exclusive access to critical threat intelligence that to continues to drive the industry-leading detection efficacy of our products and product subscriptions, such as FireEye as a Service. Our growth in Q2, resulted in strong progress on our path to profitability. Gross margins increased to 73% in Q2 of 2015, compared to 69% gross margins in Q2 of 2014. Gross margins for products, subscriptions and professional services all increased sequentially and year-over-year. More specifically, product gross margins increased to 73% in Q2 of 2015, compared to 71% in Q2 of 2014. This improvement relates primarily to higher product revenue, which gives us more leverage of our manufacturing operations costs, and to a lesser extent continued declines in product costs. The gross margin for subscriptions and support was 81%, compared to 75% in Q2 of 2014, as revenue recognized from deferred grew faster than cost of our global support infrastructure. Gross margin for professional services was 51% in Q2 of 2015, compared to 47% in Q2 of 2014. In Q2, we had stable billing rates and higher utilization rates. While we continue to increase our investments in research and development, sales and marketing and global infrastructure, our operating expenses as a percentage of revenue decreased from 150% in Q2 of 2014 to 114% in Q2 of this year. Each of our operating expense categories improved as a percentage of revenue in Q2 of 2015 compared to Q2 of 2014. Most notably, our investment in sales and marketing as a percentage of revenues decreased from 80% in Q2 of 2014 to 64% in Q2 of 2015, and was below our guided range of 66% to 70%. This improved leverage is resulting from continued growth in our domestic and international markets, the increased productivity of our sales force, growing business through our channel partners and strong product and product subscription sales into our service engagements. Growth through innovation remains our number one priority, and we continue to invest more in R&D than any other security company of comparable size at 36% of revenue, compared to 48% in Q2 of 2014. G&A expenses of approximately $22 million were flat sequentially and up only 5% from a year ago representing [ph] 15% of revenue in Q2 2015 compared to 22% of revenue in Q2 of 2014. Our continued revenue growth, improved gross margins and slower operating expense growth resulted in a $16.9 million year-over-year decline in our non-GAAP operating loss to $60.2 million. Although, we've been demonstrating operating leverage on a percentage basis, this is the first time since 2012 that our operating losses and absolute dollars have declined. We believe this is a very important milestone on our path to profitability. In addition, the decrease in our loss in absolute dollars made a substantial contribution to our positive cash flow performance this quarter. And speaking of cash flow, we generated $39 million in positive operating cash flow this quarter, an increase of nearly $100 million compared to the negative $62 million in Q2 of 2014. In addition, our free cash flow improved year-over-year from a negative $79 million in Q2 of last year to a positive $27 million in Q2 of 2015, an improvement of more than $106 million. This improvement in cash flow performance was due to improved linearity of billings within the quarter, our improved operating leverage and improved DSOs related to new programs and timely payments. These billings outstanding declined from 95 days in Q1 to 54 days in Q2, as our receivables balance declined by $55 million even though, billings increased by approximately $27 million. In terms of our financial condition, we exited the first quarter with approximately $1.2 billion of cash and investments. The increase from just under $400 million at the end of Q1 reflects our positive cash flow performance and the proceeds of our convertible bond offering, which added approximately $750 million after the prepaid forward stock repurchase and purchase discounts. Although, we have sufficient cash - we have sufficient cash on hand at bundle growth before this offering, market conditions allowed us to raise capital at favorable rates, and we decided to take advantage of the window of opportunity to strength in our balance sheet. We've included a few slides to summarize the impact of the offering on our GAAP and non-GAAP P&L and our balance sheet. Our guidance ranges for EPS for Q3 and for full-year 2015 include the net interest expense, as well as the impact of the reduced share count related to the this offering. Turning to guidance. We're raising our full-year guidance to reflect our Q2 performance, as well as the continued strengthen in momentum we see in our business. For full year 2015, we expect our billings to be in the range of $840 million to $850 million, an increase of $15 million at the midpoint. In terms of full-year revenue guidance, we are raising our guidance range for total revenues to $630 million to $645 million. For the full year, we expect product revenues to make up 35% to 39% of total revenues. Subscription and support revenues to comprise 45% to 49% of the total and professional services to comprise 14% to 18% of the total revenues. For the full year of 2015, we expect gross margins to be in the range of 71% to 74%. For operating expenses, as a percentage of revenue, we expect R&D spending to fall into the range of 33% to 36%. Sales and marketing spending to be in the range of 61% to 65%, and G&A spending to be in the range of 13% to 17%. Our expectations for the tax provision have not changed and we expect to record a tax provision of approximately $4 million to $5 million or approximately $1 million to $1.25 million per quarter in 2015. In the second half of 2015, we expect to incur approximately $6 million in cash interest expense related to the convertible debt and three million shares decreased in weighted average shares outstanding related to the stock repurchase. Based upon these estimates and weighted average shares outstanding of 152 million shares, we expect our loss per share in the full year 2015 to be in the range of $70 to a $80 loss per share, which includes a $0.06 impact of the convertible offering. Excluding the impact of the convertible offering loss per share guidance would have been $1.64 to $1.74 loss per share, an improvement of $0.11 per share at the midpoint. Finally, we expect 2015 operating cash flow to be - to fall in the range of negative $10 million to positive $10 million with a midpoint to breakeven, compared to a negative $131 million in 2014. This reflects DSOs within the target range of 65 days to 75 days, which is a range we believe is sustainable in the longer term. Turning to Q3 of 2015, we expect third quarter billings in the range of $225 million to $230 million and we expect revenue in the range of $164 million to $168 million. Seasonality impacts the mix of our revenues with appliance products representing a smaller percentage of revenues in Q1 and Q2 than the annual range and the higher percentage in the seasonally larger Q3 and Q4. Accordingly, in Q3, we expect product revenues to make up 35% to 39% of total revenues, subscription and support revenues to represent 45% to 49% of the total and professional services to represent 14% to 18% of total revenues. We expect our Q3 gross margins to be in the range of 70% to 73%. For operating expenses, as a percentage of revenue in Q3, we expect R&D spending to fall in the range of 33% to 36%, sales and marketing spending to fall in the range of 61% to 65% and G&A spending to fall in the range of 13% to 17%. Based upon our estimated weighted average shares outstanding of $154 million shares, we expect our loss per share in Q3 to fall within the range of $0.44 to $0.48 per share, which includes a $0.3 impact related to the convertible offering. That concludes my prepared comments, I will return the call to Dave for some closing comments and then we will take your questions.
Dave DeWalt:

Okay, thank you, Mike and thank you operator. Thanks to everybody joining the call. Today, as I said in my opening remarks, I believe this quarter was one of our best quarters ever, it just was. We executed across the board, accelerating growth, increasing market share, expanding our portfolio, and really hitting a positive cash flow from operations is a great milestone for the company. When you really look to it, we've expanded our install base in government, the enterprise, the midmarket, we cross sold and up sold well, our momentum is there on our product platforms, the mix of recurring subscriptions is strong in both billings and revenue, and we saw a great early indications of success with our next gen partners like HP and VISA. We strengthened our partnerships with our VARs and distributions are seeing up into the right indicators for our two-tier model and we completed a lot of internationalization across the board as a company in the first half. So, we're excited. We have a lot of trends that are continuing in the first few weeks of Q3. We remain very confident in our leadership position, our ability to execute and really look forward to reporting our Q3 results to you later this year. Just a quick reminder before we go to Q&A, we do have a very large event coming up; October 11 to October 14. That's our cyber security summit in Washington, DC, formally called MIRcon, which was the Mandiant event, which we've expanded quite a bit. So, for all of you who are invited and we have great speakers there; Colin Powell and Kevin Mandia, excited to see them. So, with that [ph] Candace, will you help us get some Q&A started.
Operator:

Absolutely.
Kate Patterson:

Thank you.
Operator:

[Operator Instructions] And our first question comes from Gur Talpaz of Stifel. Your line is now open.
Gur Talpaz:

Great. Thank you. So, Dave and Michael for the second quarter, we've seen sales and marketing growth in own the mid 20% range and billings rose kind of double that, showing nice signs of leverage. How sustainable is that and really what's driving that, and maybe gives a little bit more color about where that leverage is coming from?
Dave DeWalt:

Yeah, I can start Mike, feel free to add-on. The two things have jumped out of you Gur, the question is number the productivity keeps improving on the sales force sales force we have, if you remember, we've - we hired a fair bit of sales personnel in 2013, late 2014, the ramping - the ramping both in the U.S. markets, international markets. So, productivity per rep is improving nicely, that's creating leverage for the company. The second piece is the partner models. The models that we have, amount of registrations, we're getting from partners is helping the marketing engine and the lead engine. The amount of business we're doing through the channels continuing to improve. So, a combination of kind of yielding our go-to-market model. The third one for me that jumps out is the service model is very strong and creating leverage too and the service conversions over 90% more incidents were responding to, more compromised assessments yield higher product. So, all that's creating a good leverage for the company. Mike, do you want to add on to that?
Michael Sheridan:

Yeah. A couple of a things, I would mention. I think the decrease in our POVs that I mentioned is improving our leverage. I think also the success that we're having now in cross-selling more and more of our platform of products is increasing our deal size and is increasing that growth and that leverage.
Gur Talpaz:

That's great. And then on the cash flow side, obviously a really strong surprise here and a sharp decline in DSOs, maybe a little bit more color about what drove that decline? What gives you confidence and sustainability of that decline? And then Michael in the past, you've noted sort of a one year lag between non-GAAP EPS profitability and cash flow breakeven, is it still fair to assume that that one year lag here, and maybe help us think about non-GAAP profitability going forward?
Michael Sheridan:

Yes.
Dave DeWalt:

Why don't you take that Mike, and I'll let on the other one.
Michael Sheridan:

Sure. Sounds good. So starting with the first quarter part of your question which is what drove the improvement in the DSOs? I think, there is a couple key factors. One was if you looked at Q1, we had a little bit of less than normal linearity, and in Q2, we had - we had better linearity. So we had a little higher collections of billings that occurred in Q1, and we also had higher in period collections of billings that occurred in Q2. So that was an important driver. I think, the - I mentioned the improvement in our spend and the reduction of our operating loss, was a contributor. And I think that, we've had some programs and some focus just on getting more timely payments and those programs are really now starting to kick in. So overall, we had a very positive outcome, I think much of it is sustainable, some of those elements might be a little bit of a one-time factor, like linearity and so forth, which is why I gave you DSO range of 65 days to 75 days. But overall, I think, the outcome is that we're a bit ahead of our schedule in terms of when we thought, we could to our positive operating cash flow. In terms of the relationship of that operating cash flow to our longer-term target model, it's probably a little bit early to comment too much on those timeframes until we have a little more history behind us and watching how these trends progress through the second half.
Gur Talpaz:

That's great.
Dave DeWalt:

Yeah. And I just want to add on. Go ahead, go ahead if you have another question?
Gur Talpaz:

I do, yeah, to do my full time. Dave, you didn't mention in the prepared remarks, but the Safety Act has been a pretty front and center issue this quarter, can you talk about any sort of impact that may have had during the quarter, what you've seen thus far? And I know it's quite early, but any sort of color you can give around, that would be great. Thank you.
Dave DeWalt:

Yeah. Gur, thank you. SAFETY Act has been a real nice effort by the team here and as I mentioned when we did the announcement, it's the highest level of certification. We're the first cyber security company to get it. And it can really help in some protections for our clients in the act of terror. So, it's a step in the right direction for a lot of the issues and risks that's occurring in the cyber community and obviously, we're partnered well with the government to perform that. So, so far, so good. It's been a great one as have the other partnerships we have. Not just the government and the referrals we're getting and the relationship with the safety act, but also the insurance industry, the credit issuers, the outsource partners. We've been really innovating in the partner community as a company and as you alluded the SAFETY Act as one of those partnerships that's starting to help the company. Operator, next question, please.
Operator:

Thank you. And our next question comes from Saket Kalia of Barclays. Your line is now open.
Saket Kalia:

Hi, guys. Thanks - thanks for taking my question here. First for Dave. Dave, I think you mentioned that about 30% of appliances are attaching IPS. Can you just talk about whether you're displacing maybe designated IPS boxes like SourceFire or customers may be turning after IPS subscription in the Firewall in favor of yours?
Dave DeWalt:

Yeah, [indiscernible] this is a good question. I was pretty proud to announce that our platform on the network has really taken roots and when you look back just eight quarters when we went public, we largely had a singular feature set on our web appliance, e-mail appliance and we've been cross-selling not just well, with the network platform from web to e-mail, but features within the network platform and one of those you've allude to, which is the intrusion prevention solutions. We've literally doubled our rates or attach rates the last few quarters. The attach rates are very nice as they grow. We now attached not only the IPS, but now the advanced threat intelligence, that's got up to double digits. We also had a nice quarter with forensics capture, what we call our PX product, which is a nice attach to the NX as well. So, the platform on our network is beginning to take shape. And as Mike alluded to some of those product subscription kind of features are very strong in terms of leverage for the company, not just cross-sell, but also margins and things like that they crate leverage. And I think we're seeing that IPS sort of solution in the defense-in-depth architecture giving way the platforms like ours and great opportunity for us to take even more market shares we go forward and I hope that rate continues.
Michael Sheridan:

Good question.
Saket Kalia:

Great.
Kate Patterson:

Next one.
Saket Kalia:

Absolutely. Thank you.
Kate Patterson:

Thank you.
Operator:

Thank you. And our next question comes from Melissa Gorham of Morgan Stanley. Your line is now open.
Melissa Gorham:

Great. Thank you. Dave, just a question for you on Mandiant. You saw an acceleration in growth in this quarter. I'm just wondering if that largely just driven by a ramp in hedge or was there any change in terms of pricing maybe higher speed enable that ramp. And then, how should we think about your ability to scale that business over time, given a limited resources of security professionals?
Dave DeWalt:

Yeah. Melissa, this is a great question and this is I think is the magic of Mandiant. And what Kevin and team have built here is, first, you just talked a little macro for a second. We have a very unique model in that one consultant from Mandiant is often times able to handle multiple accounts, which is very rare because typically in the consulting and professional services market, it's multiple consultants per account as opposed to one consultant to multiple accounts. So, the scale model is very good, coupled that with all the technology enablement and software that the Mandiant business brings. We're able to start to do service engagements without professional services showing up at the beginning of them. So we're able to start to automate IR, automate compromise assessments and so really scale it. I alluded to a little over 100 compromise assessments we did in Q2, up dramatically year-over-year. So, we're scaling it not just with consultants per account, but also with automation. And then of course, a lot of talent coming to the company and we received over 30,000 applications last quarter. 30,000 applications, I've never seen anything like that. We had a lot leadership coming into the company, a lot of growth in Mandiant and high talent. So, it's kind of good to have the brand that we have and the Mandiant personnel. So, we're able to grow not just with people but with margin, with the amount of accounts, with scale of software. And now we're going international, so the demand is picking up there. It's a really nice complement to our sort of product led motion, now service led motion, something I alluded to on the script, Melissa was we saw two thirds of our transactions over a 1 million, we did 30 of them that had a services component to it, which is - was a really nice mix. And we also had a third of them that had endpoint, 29 out of the 30 had multiple elements to it. So you start to see the Mandiant and FireEye pieces in synergies coming together and that's a good area, we're scaling well. Good question.
Kate Patterson:

Next question.
Operator:

Thank you. And our next question comes from Daniel Ives of FBR Capital Markets. Your line is now open.
Daniel Ives:

Yeah. Thanks.
Dave DeWalt:

Hi, Daniel.
Daniel Ives:

Maybe just talk about how things have changed in terms boardrooms, in terms of the importance to cyber security, compared maybe where we are today versus six months to nine months ago, I found it interesting? Thanks.
Dave DeWalt:

Yeah, Daniel. This is Dave. So I found it interesting too. I think, here at FireEye we're finding a higher level access than I've ever experienced I think in my 30 years of high-tech now. The opportunity is to present - I presented in three boards in the last two weeks to the Fortune 500 boards, Kevin has as well. We're finding a lot of access, there is a lot of interest at board levels and really they're asking the right direct question now, I think, which is how do I reduce my risk, these security breaches seem to be coming at us regularly, how do we reduce risk? And the ways that we can reduce risk is people and product working together and that's really FireEye and Mandiant. And so, we're finding good access, high level of trusted advisor relationships, and never before have we seen such volume of requests to come in at a senior level as we are today. And frankly, if you look at some of the partnerships Daniel, we're having now with the insurance industry, with credit issuers, it really keeps elevating our sort of trusted advisor status with companies as opposed to just selling a product. We're able to sell advice and consulting and a solution at a much higher level. So, it's been growing rapid and more and more, I think we'll see this. We're at the very beginning stages of I think the western world at least really getting mindful of this problem and trying to solve it, but it's happening and we're there to help provide a solution for it. Good question. Next one please.
Operator:

And our next question comes from Ryan Hutchinson of Guggenheim. Your line is now open.
Ryan Hutchinson:

Yeah. I have a follow-up question on sales force productivity and where it is relative to last couple of quarters, and specifically where it is domestically versus internationally? And then as part of that, can you speak to the hiring activities and what your plans are over the next 12 months on the sales force?
Dave DeWalt:

Yeah, Ryan, absolutely. First off all sales productivity continues to climb. I feel like each quarter since the Mandiant acquisition, now six quarters in a row we go a little stronger each quarter. And it takes us a little bit of time to get the products integrated, get the service model integrated, to get Mandiant internationalized, all that is beginning to help get productivity in the sales force. I mentioned we're in many international markets now with Mandiant, but we're just beginning to get some of the other capabilities international. So, to your point, our domestic productivity has been ramping faster than our international productivity. But now, that we're making these investments, I think it's really going to show some good return downstream. I mentioned we're building a FireEye as a Service shock in Germany and Japan. And we have even building out our whole capability of those network endpoint and cloud across the globe. And of course, the international markets are not as advanced with all those capabilities as the U.S. one is, but we also are seeing some good productivity there. And as I mentioned, Europe, Middle East and Africa, particularly we gentrified some of the organizational model, built some infrastructure. And I think the second half looks good there for us to grow. So, I think the trends are in a good direction. I think international will outgrow the U.S. from productivity growth point of view over time, and it gives us a strong angle for the future. Good question.
Ryan Hutchinson:

Okay. Okay.
Kate Patterson:

Next question please?
Operator:

Thank you. And our next question comes from Walter Pritchard of Citi. Your line is now open.
Walter Pritchard:

Hi.
Dave DeWalt:

Hi, Walter.
Walter Pritchard:

I wonder if - hi, Dave. How it's going?
Dave DeWalt:

Great.
Walter Pritchard:

I wondered if could talk about - help us understand what type of competitors you're seeing most and I'm particularly interested in whether it's the sort of firewall vendors with a more integrated solution or whether you're seeing more of the various point product companies that have products focused on some of the discrete challenges here in areas like, preventing advanced malware on the desktop or the network. Just trying to understand who's - everybody seems to be a pretty competitive space right now? I'm just trying to understand, who we're seeing the most up?
Dave DeWalt:

Yeah, Walter. You know this market well and when you look at it from FireEye's lens, we sort of have four big pillars now to our platform. So, the answer of competitions are a little more complicated, but think about us having a network product platform. You're alluding a little bit to some of the competition there, the next-gen firewall is trying to add kind of UTM or multiple [ph] blades kind of model. We have our email area, which is a little more point specific. Product areas are AX and FX, which is our network storage kinds of products. There is some technology there, albeit smaller ones. So, the network is sort of one competitive set, the endpoint is another competitive set, and then the cloud is another competitive set, and then of course services is a different competitive set i.e. Mandiant. But what really we've been able to do is package that all together. I alluded to the multi-element transactions over a $1 million. The platform we're selling is really nicely being received. NX sales to EX sales, we have one of our best email quarters in Q2. We have one of our best HX quarters in Q2. So, NX is cross-selling not just with the attachments of IPS and advance threat intelligence, but also crossing over to the other network platform. So, a little bit of network, firewall vendors, a little bit of endpoint, incumbent vendors, and upstart vendors, but putting it all together, I think it's what clients are trying to solve for, and of course wrapping it with a people element really creates a competitive differentiator for the company. So, it's a bunch of little ones competing in various areas of our platform, but no one company competing across our platforms and that gives us a lot of advantage, particularly in the Global 2000, where we're having our greatest success in penetration. I think you saw we had 300 new logos this quarter, up pretty substantially from the first quarter, a lot of them are large companies, many of them were large companies buying over a million for the first time. So, we feel good that we're getting traction in the enterprise in competing very well against any of the competitors in the higher end of the market. So, so far so good. We're keeping our toes and we will, and I think again, we have some additional product coming out in the second half of the year, they will make the competitive landscape even weaker against us. So, good question. Next question, please.
Walter Pritchard:

Got it.
Dave DeWalt:

Go ahead, Walter. Go ahead.
Walter Pritchard:

Okay. Just for Mike, on the - we know there is sort of an interplay here between products and the subscription revenue stream, especially FireEye as a Service. I think we look at product on a standalone basis. It did decelerate. You had a little bit of a tougher comp. Is that simply conversion over to the FireEye as a Service or is there anything going on in the product revenue that would have driven, what looks like deceleration there?
Michael Sheridan:

Well, a couple of things, Walter. One is that I think if you look at the guidance range we had for our in-period appliance products, we're right at the midpoint of the guidance, so was in line with our expectations. And I think you are alluding to what we've talked about in prior quarters which is, we do have a pretty broad set of offerings in our platform and you mentioned one of the them FireEye as a Service, though we have other offerings as well that are cloud based that are ratable. So, that mix is going to from one quarter to the next continue to fluctuate some. And as you've seen a general migration towards our recurring subscriptions. But if you look at our guidance for the second half of the year as we've alluded to in the past, we typically have a higher in-period product percentages, you get into those seasonally larger quarters and our guidance range is mapped to that.
Walter Pritchard:

Okay. Thank you.
Michael Sheridan:

Thank you.
Kate Patterson:

Next question?
Operator:

Thank you. And our next question comes from Sterling Auty of JPMorgan. Your line is now open.
Sterling Auty:

Yeah. Thanks. Hi, guys. Wonder if you can give us a sense of how much of the quarterly billings and bookings are now coming through either the nontraditional channels thinking the Singtel partnership, Horizon et cetera or even through direct sales because it feels like there is a little bit of mismatch between what people are coming back with in terms of sentiment through the traditional channel, in terms of channel checks versus the results that you're actually posting and just want to try to help, connect the dots there?
Dave DeWalt:

Yes. Sterling, this is Dave. That's a very insightful question and it is shifting. And so we, we have a multitude of go-to-market model that we are delivering, which is pretty powerful and flexible for the company. A two-tier distribution model is one of them, but it's only one of three or four that we're deploying now pretty successfully to our clients. So the other ones of these what I would consider almost one tier strategic partnerships. I think HP outsourcing, I think some of the insurance industry stuff we're doing, some of the Telco work we're doing and in some cases they are very powerful and very scalable, so we're getting, we're getting business coming from that angle. We then have a very strong services-led model, which often times is coming from an incident response, direct call to the company largely responding to it, often times under NDA, which drives up sort of that, that components service led direct kind of model. Our government business has gotten much bigger, so there's almost a whole new class of partners coming there. That's not traditional two-tier either and oftentimes these are classified partners that we work with, sort of what you would consider one-off sort of partners that are traditionally below the radar screen of what you would think of as traditional security bars. So we have a little different model that's been blending here a bit, but that creates some power for the company as well as we're able to really control our fate and our flexibility in a lot of different ways. Mike, did you want to add on?
Michael Sheridan:

Yeah. One of the thing I would add to that, Sterling, is sometimes we do have these small sample size channel checks, which sometimes can give you a variant of an answer. One thing I would point to in Q2 is our channel registrations grew very strongly. So, that traditional channel, in addition to everything that Dave just outlined, remained very strong in Q2.
Sterling Auty:

Yeah. Thank you.
Operator:

Thank you. And our next question comes from Gregg Moscowitz of Cowen. Your line is now open.
Gregg Moscowitz:

Thank you very much, and good afternoon, guys. Most of my questions have been asked. I guess just a real quick housekeeping, because I had this in my notes and checked the transcript as well to verify. But Mike, it's showing a 27-month average term length in Q2, 2014 versus what I think it show a 29 months in today's press release. I know you guys, read 31 this Q2. So, I just wanted to confirm which one was correct? Thank you.
Michael Sheridan:

Yeah. Last year, it was 29 months, and this year, it was 31 months.
Gregg Moscowitz:

Okay. So, it is up to sequentially. If I can throw another quick one actually if you don't mind.
Michael Sheridan:

No. No. That's was year-over-year. Sorry, Gregg, that was year-over-year. So, Q2 of 2014 was 29.
Gregg Moscowitz:

Okay. Thank you.
Michael Sheridan:

Last quarter I believe was 30 or 31.
Dave DeWalt:

It was pretty consistent sequentially and up two months year-over-year.
Michael Sheridan:

Right.
Gregg Moscowitz:

All right. Thanks, guys. And then, Dave, just wondering because I realize it's pretty early, but if you can provide an update on your mobile threat prevention product? And how that's been doing so far? Thanks.
Dave DeWalt:

Yeah. This is a very encouraging markets that one of the things I eluded to Gregg, was we're now having these nine product families that have generated over $10 million in the quarter, which was very encouraging. We've another six product families that generate over $1 million. So, there is a bunch of emerging products that are coming in, and a bunch of products that are scaling, and it's almost what you want to see, if you're managing a product portfolio is ones that are really scaling. You're starting to get some mass on. These are the web and email areas, some of our services areas, some of our attach rate areas, and then, you get some of these like mobile which have a big total adjustable market opportunity, but we're still somewhat nascent in our total billings. The good news is there, we want some very significant what I would consider lighthouse accounts, some household names deployed one - one of them deployed over 250,000 agents on a single deal shows the scale. This was a very important financial institution. We're able to deploy it very quickly, help them with malware analysis real time and enforcement real time on the mobile phones. And of course, we support both Apple and Google with that platform. So, we're getting near with that platform. And then, we combined that mobile solution with all the endpoint inertia we have PCs and Mac traditionally is giving us a pretty strong angle here on this endpoint TAM that's a big one. So, so far so good and mobile is getting - that's a good question. Thank you.
Kate Patterson:

Next question, please.
Operator:

Thank you. And our next question will come from Robert Breza of Wunderlich Securities. Your line is now open.
Robert Breza:

Hi. Thanks. Mike, if you look out towards the revenue mix let's say, two quarters, three quarters a year from now, how do you think about the revenue mix with more revenues moving towards the subscription side. Just kind of help us think further out. And then, Dave for you, as you think about that portfolio that you talked about, it appear to me at least from the outside that a lot of those emerging products are coming from within specifically through Mandiant sort of, love to hear your thoughts about internal R&D? Thanks.
Dave DeWalt:

Sure, Rob. I'll take the first part of that. So, if you look at our revenue mix, maybe the best way to understand it is, if you look at how it is changed from 2014 to our guidance for 2015, you will see an increasing mix towards our recurring subscription based revenues, not because there's any slowdown in our in-period appliance-based product revenues, but because there are so many drivers that drive the subscription side of our business whether it is for every product that we sell, we are selling with the DTI, ATI, URL and so forth, tabs subscriptions. The expanding success for our cloud-based offerings, whether it is FireEye service or enterprise threat protection or mobile threat protection, those are all contributing. Our high renewal rates for all our existing installed base, those are all contributing. So there is a lot of drivers in our core business model, including the drivers within our appliance-based business that will continue to move us towards that very powerful recurring subscription-based model. So I think what you'll see in the years outside of 2015 is - that migration continues to amortize higher our transition from 2014 to 2015. And then Robert, just to add on. We've had some very strong innovation at this company through a variety of angles. Our research and development expensed revenue over 30% has really yielded results for the company. And when you compare sort for us to many of our peers that are public during the 10% to 15% on R&D ranges, I mean that is a big difference in what we're spending and what opportunity that creates for the company downstream. So, we even build not to cloud, well with building out of our socks for FireEye service well, we've been building out of our network platform with IPS attach rates and other attach rates. We're building this four end point suite. So there's a lot of, what I think, pipeline of new innovation coming from the company. And remember, when we integrated Mandiant - the whole Mandiant product engine integrated immediately with the FireEye product engine. So it's all one now 18 months later, so that whole engine is generating a very nice set of products and offerings, and that's why I think future is very strong for the company, because we're doing a nice job, innovating organically, and you'll see that again in the next few quarters as we keep releasing innovative products. It's a good question.
Kate Patterson:

One more question, Keith.
Robert Breza:

We'll go a little bit longer.
Kate Patterson:

Okay. Go for the next question please.
Operator:

And our next question comes from the line of Karl Keirstead of Deutsche Bank. Your line is now open.
Karl Keirstead:

Thanks. Question is for Michael on the billings. It looks like the mix of DR [ph] from long-term was up a little bit year-over-year. You flagged in a prior question an uptake in the average contract length. I'm just curious whether there was any year-over-year change in invoicing duration that may have been a little bit of a contributor to your billings performance that's worth calling out, thank you.
Michael Sheridan:

Yeah. My view of it is Karl that, if you look out over the last several quarters, we have been pretty consistently in that range of the very high 20s and the very low 30s, any one quarter to the next you might have a one month or two months change in that, but I don't think anything that would really drive any major trends or in understanding how the quarter went. So our interpretation of each of these average contract lengths quarter-to-quarter over the last year or two has been that - that's been a very stable factor.
Karl Keirstead:

Got it.
Michael Sheridan:

And growth has been very consistent across the board around 29 months to 30 months or 31 months, Q3 tends to be little higher because of the government and but generally speaking we see, pretty consistent in contract length. We're not trying to shrink it or erase it, it feels good to us, it creates stickiness of three-year contract kind of term and clients are buying us, because it gives us a chance to land and expand, so first fast of that they're. Next question please.
Operator:

Thank you. And our next question, comes from Rob Owens of Pacific Crest Securities. Your line is now open.
Rob Owens:

Thank you. Dave, you mentioned the inertia you're seeing the endpoint market right now, let me just give an update in terms of competition pricing and I know there has been a lot of capital that's flowing into that space, particularly over the last couple of weeks with a couple of private vendors. And then second on the threat intelligence front, you mentioned how your storage becoming more differentiated every day, can you talk about how this market is taking shape? How you're monetizing it, how it is priced right now. You're seeing end customers take threat intelligence from multiple vendors. Thanks.
Dave DeWalt:

Yeah, Rob, great question. So, I might need an hour to answer this one, but I'll try to do in a minute. The endpoint market is very interesting and I think potentially open market. I think that's why you're seeing so much capital raise going on, and the traditional vendors with a traditional antivirus types sweet, the effectiveness there, I think everybody knows is pretty low at this point, sits too high in the stack and kind of get disarm pretty easy, efficacy low, false positive sty, only runs really on PCs, cost a lot of money, goes really slow. We put that all together in a very big TAM, someone is going to disrupt that. And the question is who is that someone. We've been making a lot of progress as I'm trying to report on that market, the number of new logos we have is very high, a number of times we're able to sell endpoint with the bigger deals is high. We now have multi-languages supported with the endpoint, that's very good. We're just about to deploy some of the exploit detection and micro laser support later this year and early next year. So, we've got a lot of good angles on that market. I feel like we're getting ourselves in position, but it's going to be a lot of competition. There is a number of vendors wind for that, but remember, now we have over 2,700 employees. We're in 70 countries. We have a lot of customers. It's hard to get that. And so the install base and the opportunity to leverage cross sell is good for us, vis-à-vis others, and I give ourselves a pretty good opportunity there. Pricing wise, I've been finding a much higher price point thus for things like forensics, advance threat detection, prevention then it was the antivirus market, but we know this, I think it's going to play up very similar to the way the AV market played. It's going to be blazed on an endpoint. You know, kind of have AV, the way that worked, you went to spyware, you went to host intrusion, data loss prevention, and you had four, five, six, eight different products. The nice part about FireEye right now is, we have those products. We have a whole set of products and product subscriptions in a single agent already as we build it. So, I'm encouraged by what we're dealing. We have a fabulous what I would consider like a Google search front-end, enterprise search front-end to our endpoint we're releasing. And so, we're getting there in terms of this solution set. And of course, we have it for not just traditional PC, Mac kind of solutions but also for full mobile and deployed, so nice market. I think this will open up for a number of companies and especially for us. And then I thought your question on the Intel was very insightful. Another market that's expanding quite rapidly is what I just say selling Threat Intel, not just with the product, but standalone away from the product. We now have four, five offerings in this area. We have our traditional one, which is our dynamic Threat Intelligence, which we sell one-way and two-way to our appliances. We now have what we call ATI or Advanced Threat Intelligence which gives all the contextual intelligence. We have what we call ATI Plus, which includes a FireEye intelligence console, which really helps aid in intelligence management, queue management, community management, and we've got a number of other solutions where we're bringing a market there. So, we think that's coming and that market will thrive as well. And to your last comment, it probably is a multivendor scenario. People want insurance from a couple different vendors. I don't think it's more than three, but it could one, two or three. And I think with Mandiant and with FireEye, we can be one of those three. And if we are one of those three, it opens up a big TAM as an another market segment for us to attack and we're on it. It's a good question. Thanks.
Operator:

Thank you. And our next question comes from the line of Gray Powell of Wells Fargo. Your line is now open.
Gray Powell:

Hi. Great. Thanks for welcoming me in. So, maybe a follow-up on Walt's earlier question around competition. I mean, really, the most frequent question we hear on FireEye is how you can justify a 35% to 50% price premium versus peers. Can you give us a sense as to how customers view the return on your products set and why FireEye is able to win against peers with cheaper products that at least are your - maybe they try to market similar detection rates?
Dave DeWalt:

Yeah, Gray. So, this is Dave. So, obviously, you get what you're paid for, and like we've seen on the quarter and give some of these products for free and actually cost a lot more. So, what people forget is, there is a lot more than what you're detecting, which is true. So, what we try to show clients is, it's not just what your detection efficacy is. It's what rate of false positives you're giving as well. And then, also, what's important is, what's called your false negative turnaround time. So, for example, at FireEye, we typically only detect 8 to 10 sort of alerts per appliance per day. That may not sound like a lot, but their efficacy around that is 99% plus true. We rarely falls positive. The flip is two of our competitors. So, if you false rate a thousand or tens of thousands or even millions of times per day, what kind of workload does that create for security people, plus it's almost infinite. And what it causes is, more risk, not better security. So, if your product is falsing and you're having a whole security team chase false positive, you actually cost the company more than what we deliver So, in many ways, I think 35% to 50% is actually light compared to our value. And as a result, many of these products are giving false sense of security for companies, because they false so much and that's the truth. IPS solutions, antivirus solutions, firewall solutions false in millions per day. What kind of staff does it take to response a millions of false positives, say, a very big way. So if FireEye can streamline net efficacy and streamline that false positives, return false negatives quickly, that's where our value is, that's why people buy our product. And of course with Mandiant and incident responders and our intelligence, we create a lot of really true detections for our clients, and that's why we continue to have a premium, that's why we will continue to have a premium. We have the best virtual machine engine on the market by far. And I think we'll continue to do that, that's why our product sales are where they're at vis-à-vis the competition. A good question. Thanks.
Operator:

Thank you. And our next question comes from Brent Thill of UBS. Your line is now open.
Brent Thill:

Thanks. Dave, just back to the product revenue, I think we all recognized there's a mix shift towards subscription in FireEye service, but the product revenue did materially accelerate relative to what you saw last Q1 on a sequential basis and obviously on year-over-year basis. So a number of investors just asking, not many of your competitors are seeing that, actually many of your competitors are multiple times in size the product, growing the product line faster. So, is your message going forward that, don't keep just focused on product, look at the recurring subscription and that's actually the better mile marker to judge, to help the company, because I think there's obviously execution quarter-on-quarter out based on what's been going on in the product line?
Dave DeWalt:

Yeah, Brent. So I think you're hitting on it. First of all, the product revenue was in line with where we said it would be in line. So we saw this coming from like what a surprise, Q2 quarter is typically where we said it was going to be, we could see our product subscription services and other components of our platform are merging quicker and faster than the product. And so, it just a little bit of the totality of our platform, product subscriptions area, services area is in hot domain by our clients. So, it's a totality of it all, but I think it's important and when you're showing 57% growth on the billings and 77% growth on deferred revenue, and you're showing the 300 clients that we have and the partner registrations we have. It doesn't matter, which one of our solutions, they buy many times, we don't even know which one are they are going to buy until the very end. Sometimes they want to buy FireEye as a service. Sometimes, they just want to buy the hardware and run it themselves, but in the end, they are buying FireEye. And that's what's powerful about what we have to offer today. So, I think I would give the advice like you're saying, is focusing on one area of our P&L, one area of our top-line income and revenue which is product is missing the bigger picture of what we are doing. But, I would also caution you, it can be seasonal too. So, you get to the next quarter, you can see different results in these lines, just because okay, government picks up a little bit as a percentage, it buys more product, it doesn't do as much FireEye as service. So, you just got to look at the totality of the story as it goes through a multiple quarter period and a multiple year period, and I think you'll see those results, this is the best I can describe. Mike you want to add anything.
Michael Sheridan:

No. I think that exactly right. I think, that it's a variability that we have discussed in the past, and again I think as Dave pointed out, the ranges that we're providing we're solidly within those and as I mentioned in my script, the product - plus product subscriptions growth is in our view the most meaningful way to look at how we're penetrating the market.
Dave DeWalt:

Thank you. Next question, please.
Operator:

Thank you. And our next question comes from Andrew Nowinski of Piper Jaffray. Your line is now open.
Andrew Nowinski:

Thanks. Just a question, on your e-mail product, the Wall Street Journal had an article they were highlighting email-based hacking which is not surprising. I think you said the EX series is now at a $100 million annual run rate, but I'm wondering if you could give us your thoughts on the competitive position of the EX and whether it needs any further investment to enhance its position and continued driving the growth?
Dave DeWalt:

Andrew, great question. I think you're right on. I mean we see over 90% of all the incidences we're responding to, start with what we call spear phish and typically that's an email payload. So, email payloads are very prevalent and a lot of the breaches that you are seeing, and as a result you not only need strong email protection, but you need correlation from email to web and other areas of the architecture and hence why people are buying our platform across all these solution areas. So, these end points go home. They're on the network; they're off the network, their mobile. And so, if you are not protecting them in totality, you get breached. So, that's what's providing it. But on email specifically we're seeing an uptake in that. The detection rates and efficacy that we see in that is really growing. We have the cloud version, which is scaling really nicely, we call ETP as well as our premise-based solution. We can correlate both from [ph] prem to cloud and we can correlate from both prem to cloud, email to web. So we have a very unique solution set that helps customers migrate from premise-based solutions to cloud-based solutions, whatever form factor they want. So, we really find ourselves competing very favorably right now in that sector because the other competitors that are niche there can't compete with us on the web or the cloud areas like we have or the endpoint. So, that's a nice market for us. I think that will grow pretty substantially and continue to scale as a nice driver for the company, so not much real to build out. There are always things to keep doing, but we have a very nice product and had it for a while now. Thank you.
Kate Patterson:

Next question?
Operator:

Thank you. And our next question comes from Steve Koenig of Wedbush Securities. Your line is now open.
Steve Koenig:

Hi, there. Thanks for taking my question. I'd love to get just your thought process on, when it comes to setting products, how you do that in a way that gives you confidence, you have the right mix of realism versus aggressiveness in your sales products? Thank you.
Dave DeWalt:

Yes. Obviously, that's a bit of an art and science. And it all depends on the territories and the vectors and named accounts versus new base that you have. But we do a great job and I think this is the fruits what you're seeing John McGee deliver now as the sales operations leader of this company he has been here now one year. The discipline in operational controls that we now have in place around the world are very strong. The capacity model we're building, their productivity analysis he has been building, the forecasting accuracy, the focus on linearity improvements in all things starting to help the company as we go forward, but obviously, it's an art from getting quota right and getting them trained and ramped right, but you got to make adjustments as you go, we do that, but so far so good. We're tracking well and I think again, like I said the second half would be better. Thanks.
Kate Patterson:

We'll take one more question.
Operator:

Thank you. And our last question will come from the line of Shaul Eyal of Oppenheimer. Your line is now open.
Shaul Eyal:

Thank you. Hi, good afternoon, guys. Thank you for squeezing me in. Dave, I wanted to build on Daniel asks question on a boardroom discussions. In your view, what is the time gap from the point when you're bringing valid to those board's discussion beginning to educate them about what the security level that they need? And between that point and the point when FireEye's actually being handed the purchase order, is it three months, six months, nine months, what - how should be thinking about it?
Dave DeWalt:

Yeah, Shaul. We didn't squeak you in. We saved the best for last. So I mean, you're hitting on, I think one of the most important trends in cyber security and I said this little earlier is, it used to be we're to sell to network administrators and Ashar remembers this, Kevin too, we had to sell lower in the organization and work your way up. And oftentimes, the sea level and the board level was really frugal and why should spend this, really prove, am I really getting breached and it's going the other way now. The CEOs and boards are driving down to the organization, creating transparency, creating accountability. So, we're finding more and more opportunity there as I mentioned, but - and what is doing us compressing timeframes and compressing sales cycle, which is fantastic. So if we can get that access oftentimes, we're able to help them, build a roadmap to improve their risk posture, which is usually what they're asking. They're not just asking about hey, there's a threat here? What is my risk? How do I resolve that risk? And what do I - what the lowest cost way I can do that? And so a lot of time this is where our FireEye as service comes in, almost immediately on as a capability. We oftentimes come into a compromise assessment or risk assessment for the board or for the audit committee that can take four weeks to six weeks to sort of perform. Once we do a compromise assessment, we help them understand what the problems are. And then from there, we can convert quickly to FireEye as a service, which is essentially the same thing that was used in the compromise assessment, just purchased in one-year or three-year increments. And so, we turn that on, and usually we can reduce risk effectively. So, it's does shorten timeframes, in a way in which we conduct our assessments, on boards the products or the what we call, FireEye as a service model. So, it's a helpful driver for the company. We're very unique in being able to deliver that and the more we can multiply, Kevin Mandia and Ashar, the better it will be. And we're cloning them now and we're working hard to get around the world to educate and I think that again sets up a nice second half.
Dave DeWalt:

So, with that, I'll say thank you to everybody, who joined us and thank you for the questions. And really Mike, I appreciate all of your time, four years working together, it's been awesome. Many of you get got a chance to chat with him in Q&A as well. And with that, we'll say, good bye. Thanks.
Operator:

Ladies and gentlemen, thank you for participating in today's conference. This does conclude today's program. And you may all disconnect. Have a great day, everyone.

Mandiant, Inc. Q2 2015 Earnings Call Transcript

Other Mandiant, Inc. earnings call transcripts:

Mandiant, Inc.
Q2 2015 Earnings Call Transcript