FireEye, Inc. (NASDAQ:FEYE) Q3 2020 Results Earnings Conference Call October 27, 2020 5:00 PM ET
Kate Patterson – Investor Relations
Kevin Mandia – Chief Executive Officer
Christopher Key – Executive Vice President, Products, Mandiant Solutions
Frank Verdecanna – Executive Vice President, Chief Financial Officer and CAO
Conference Call Participants
Matt Parron – JPMorgan
Chris Speros – Stifel
Fatima Boolani – UBS
Rob Owens – Piper Sandler
Jonathan Ruykhaver – Baird
Saket Kalia – Barclays
Hamza Fodderwala – Morgan Stanley
Brian Essex – Goldman Sachs
Yi Fu Lee – Oppenheimer
Good day, everyone. And welcome to the FireEye Third Quarter 2020 Earnings Results Conference Call. At this time, all participants are in a listen-only mode. Later, we will conduct a question-and-answer session, and instructions will follow at that time. [Operator Instructions]
Also, this call is being recorded. At this time, I would like to turn the call over to Kate Patterson. Please go ahead.
Thank you, Josh. Good afternoon. And thanks to everyone on the call for joining us today to discuss FireEye’s financial results for the third quarter of 2020. This call is being broadcast live over the Internet and can be accessed from the Investor Relations section of FireEye’s website at investors.fireeye.com.
With me on today’s call are Kevin Mandia, FireEye’s Chief Executive Officer; Frank Verdecanna, Executive Vice President, Chief Financial Officer and Chief Accounting Officer of FireEye; and Christopher Key, FireEye’s Executive Vice President of Products for Mandiant Solutions. After the market closed today, FireEye issued a press release announcing the results for the third quarter of 2020.
Before we begin, let me remind you that FireEye’s management will make forward-looking statements during the course of this call, including statements relating to FireEye’s guidance and expectations for certain financial results and metrics, FireEye’s priorities, initiatives, plans and investments, drivers and expectations for growth and business transformation, the expansion of FireEye’s products, subscriptions and services, and expectations, benefits, capabilities and availability of new and enhanced offerings, market opportunities and go-to-market strategies.
These forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements.
These forward-looking statements apply as of today, and you should not rely on them as representing our views in the future and we undertake no obligation to update these statements after the call.
For a detailed description of the risks and uncertainties, please refer to our SEC filings, as well as our earnings release posted an hour ago. Copies of these documents may be obtained from the SEC or by visiting the Investor Relations section of our website.
Additionally, certain non-GAAP financial measures will be discussed on this call. We have provided reconciliations on these non-GAAP financial measures for the most directly comparable GAAP financial measures in the Investor Relations section of the website, as well as in the earnings release.
Finally, I’d like to also point out that we have posted supplemental slides and financial statements on the Investor Relations section of the website.
With that, I’ll turn the call over to Kevin.
Thank you, Kate. And I’d like to thank all of you for joining us today and I hope that you and your loved ones are healthy and safe. I remain proud of the FireEye team and how we have adapted to new challenges that have emerged for all of us.
We continue to transform FireEye while delivering strong results each quarter. Our results over the last few quarters reflect both stabilization of our product businesses and strong continued demand for emerging solutions and services.
Today, I’ll discuss some of the operating highlights of the third quarter and then provide more details on our recent innovations in both Mandiant Solutions and our FireEye Control products. I will then turn the call over to Chris Key, our Executive Vice President of Products for Mandiant Solutions and the driving force behind the SaaS platform we call the Mandiant Advantage, which we launched approximately three weeks ago. Chris will provide a deeper dive on Mandiant Advantage, including the roadmap for additional offerings deployed to the cloud native platform. And Frank Verdecanna will wrap up the prepared remarks with the discussion of our third quarter financial results and our updated outlook for the fourth quarter and the full year.
We did what we said we do in the third quarter and we exceeded our guidance range on both the topline and bottomline metrics. In fact, our revenue non-GAAP operating income, net income and earnings per share were all at all time record levels. Let me share some of the highlights.
Third quarter revenue was $238 million. That’s $11 million above the midpoint of our guidance range. Revenue growth was again led by our platform cloud subscription and managed services category, which grew 21% compared to a year ago. This category includes our Security Validation Platform, Threat Intelligence and Managed Defense offerings, as well as our cloud-based security control products. Our annual recurring revenue for this category increased 4% sequentially and 18% year-over-year. Cloud Endpoint, Threat Intelligence and Security Validation continued to drive the growth of this category.
Revenue for our Mandiant Consulting services grew 19% compared to the third quarter of 2019. This marks the 10th quarter in a row of record revenue for our professional services and the fourth quarter in a row that our services revenue exceeded $50 million. Demand for expertise is stronger than ever and we continue to operate at a very high tempo.
Combined revenue of a platform cloud category and our professional services category equipped our more mature appliance-based business again in the third quarter, and accounted for 54% of total revenue. This compares to 48% in the third quarter of 2019 and 40% in the third quarter of 2018.
Even as the composite of our revenue continues to shift from appliance-based control products to our cloud-based products and Mandiant Solutions, our traditional appliance-based products remain deeply embedded in many organizations.
In fact, we had sequential growth in product and related ARR for the first time since the fourth quarter of 2018. We added 279 new logo customers in the quarter and close 45 transactions greater than $1 million. And both these metrics increased year-over-year and sequentially.
And we achieved these results while continuing to improve our bottom line. We generated a record 12% non-GAAP operating margin and record non-GAAP operating income, net income and earnings per share.
Now, last year we mentioned we were seeing two different, but related areas of focus emerged within FireEye. Since that time, we have structured our business around two separate brands, FireEye Products and Mandiant Solutions. We have been able to accelerate innovation, improve our go-to-market and leverage the equity of each brand.
Our FireEye Products are control technologies to best protect our customers from cyber attacks and our Mandiant Solutions are product agnostic offerings that can enable and empower all security technologies to best leverage, our frontline intelligence and security expertise.
I would like to highlight a few of our recent innovations in our product businesses that are led by Bill Robbins. Products leverage our frontline knowledge to provide what I believe is the best layer of detection and security and we are focused on maintaining this position.
We have continued to improve our detection with machine learning and AI-based features that learn from our frontline intelligence. And we have increased the correlation of data between our products and we have made significant progress creating a single user interface through Helix.
We added several new capabilities to Helix, including integrations to accept data streaming from our endpoint agent and to perform endpoint remediation and response actions. Other new capabilities in Helix include asset-based alert correlation, a federated view and email queue management to view and flush emails from our email security products directly from the Helix interface.
We also added a pivot to Cloud Advisory to streamline cloud security management capabilities for our customers and added more than 50 compliance checks in Cloud Advisory designed by the Mandiant Cloud Security Assessment team. To sum up, Helix is stronger and more robust, and better equipped to empower security operations for FireEye Product customers.
Our endpoint security releases during the third quarter highlight the power of our innovation architecture to speed innovation and improve detection, improve prevention and improve endpoint investigation workflows. Specifically, we released three new modules, process guard, event streamer and enricher.
The process guard module detects and stops unauthorized processes from obtaining and stealing user IDs and passwords. The event streamer module automate streaming windows event logs to Helix and to third-party SIMs. And our enricher module automates the analysts workflow by applying Mandiant Intelligence to the data, allowing analysts to understand and take action to remediate. And cloud endpoint remains an important growth driver force and we have accelerated our investments in this area.
In email, we made a number of enhancements, completing improvements to our outbound email scanning features, which led to a 20% increase in outbound scanning adoption by our customers. We focused on our Microsoft integration providing retroactive alert remediation for O365 and active directory integration for easier and more effective ways to protect recipients that are labeled VIPs.
We started the quarter with announcement of our Network Security 9.0 release across our product family. With 9.0 we announced the ability to run in Microsoft Azure and we released our Smart Grid product for use on AWS with bare metal instances. And this capability meets the growing demand from many of our large customers that have strict data residency requirements and are building private data centers in AWS.
Now, I’d like to update you on Mandiant Solutions, which consists of our Consulting, Threat Intelligence, Managed Defense and Security Validation. Building solutions that allow us to scale the delivery of our Intel and expertise to software to any security environment is the foundation of our Mandiant Solutions growth strategy.
Therefore, in October, we achieved a significant milestone in this strategy with the launch of Mandiant Advantage, our cloud native security-as-a-service platform. We believe that simplicity, elegance and ease of use of the Mandiant Advantage platform make our Intel and expertise accessible and actionable by customers of all sizes, using any security products in any infrastructure. We also believe it will be instrumental in increasing the adoption of our Threat Intelligence and our Validation technology.
Now, I’d like to turn the call over to Chris Key, who will be discussing the details of our Mandiant Advantage platform and how it revolutionizes customer access to our frontline intelligence and our experts. Chris, over to you.
Thanks, Kevin. As mentioned, we launched Mandiant Advantage earlier this month, with the goal of being a SaaS platform for all things Mandiant, including our Threat Intelligence, Security Validation, formerly Verodin, Managed Defense, MDR and Consulting services.
Mandiant Advantage will deliver integrated bundled offerings powered by our frontline intelligence and backed by our experts. These offerings will be focused on addressing the top questions our customers are asking. Are they compromised? Can they be compromised? Is there security posture improving over time? And are they using their security budget effectively and efficiently?
With flexible delivery, we plan to offer solutions ranging from 100% technology driven to expert backed to fully managed, enabling us to meet our customers wherever they are from a resourcing and maturity perspective.
Mandiant Advantage opens up many new opportunities for our customers and our business. Advantage provides our customer with an easy-to-deploy, easy-to-use technology interface to our expertise in frontline intelligence. We expect that by leveraging Advantage, customer security teams will feel like Mandiant Experts are virtual extension of their team, up leveling their skill and improving their effectiveness.
Customer analysts will be able to see the world through the eyes of Mandiant Consultant as we overlay and embed our breach and other frontline intelligence into their day-to-day workflows, highlighting what is most important and guiding them on where to focus.
For Mandiant Solutions Advantage provides a powerful technology scale for our expertise. Imagine if what a single Mandiant Consultant learns tomorrow while battling through an incident response could immediately be leveraged by thousands of customers to improve their defenses.
Advantage allows us to scale this real time intelligence across an unlimited number of users. For every consultant we have, I believe the ripple effect across our customer base is exponential. Mandiant Advantage enables us to extend the reach and impact of what makes us unique.
Advantage also expands in our total addressable market by expanding the number of potential customers, building on our original vision for Helix, Advantage enables us to empower every security team in the world with our expertise and intelligence, regardless of the SIM or control products that they’ve deployed.
Given the unique position we hold as the go-to-organization for incident response, we believe that the knowledge we have of attackers is unparalleled and incredibly valuable. Advantage enables us to leverage this unique position to continue to uplevel FireEye Products, but also scale and be relevant to the security teams that may have chosen another vendor for their controls. Going to market as an easy to try, easy to buy SAS solution will enable us to take advantage of this new expanded opportunity.
The first module we launched on Advantage was Mandiant Threat Intelligence. This represented a shift in how we provide Threat Intelligence to our customers, moving from a traditional focus on reporting and finished intelligence to giving our customers direct access to our raw data and enabling our customers to know what we know when we know it.
As part of this new approach, we also decided to provide a freemium tier, enabling customers to easily sign up and experience the new offering. Confident that our unique and proprietary intelligence is a major differentiator, we’ve included millions of open source indicators and a machine learning driven confidence score at no cost to our freemium users.
The level of open source data we are providing for free is equal to many vendors providing their paid offerings. We think this approach will be disruptive. In just the first few weeks, we have seen hundreds of organizations sign up for our free tier and many of those have already requested information on pricing, getting a demo and trialing the paid version. We’re looking forward to see what impact this new approach has on our business in 2021 and beyond.
As we move through Q4 and Q1 ‘21, we plan to add additional modules to Mandiant Advantage. By the end of this year, we will add both validation on demand, as well as managed validation. Validation on demand will enable customers to go from investigating a threat actor in the Mandiant Advantage UI to testing their actual environments against that actors’ technique in just a few clicks. By validating their resilience using our frontline intelligence in their environment, we believe that our customers will be able to rapidly prioritize and deploy their resources to address any shortcomings.
In a recent demo of this upcoming capability, we see sort of a global retailer remarked this quantifiable data completely changes his plans not just for 2021, but the next five years, being able to validate his environment against what Mandiant is seeing and breaches is a game changer. I’m incredibly excited by the initial response to Mandiant Advantage and look forward to continuing to build out its powerful capabilities over the next several quarters. We’re just getting started.
Chris, thank you very much for that report. In closing, I want to remind all of you of the four priorities that we had for 2020. First, we intend to be the best enrolled at incident response, red teaming and Threat Intelligence. We perform more investigations during the first three quarters of 2020 then during the same timeframe last year. We continued to add capacity to our Mandiant Services organization expanding our consulting services in all areas, including cloud security, IoT, security transformation and red teaming.
Second, we intend to extend our dynamic threat detection and expertise to defend cloud-based infrastructures. And we address a lot of this priority with our acquisition of Cloud Advisory and the launch of our Cloud Security Assessment Service. And again with our Network Security 9.0 release including multiple enhancements to support secure migration of workloads to cloud.
Third, we intend to deliver our Expertise On Demand seamlessly through our technology.
And finally, we intend to be the best in the world at security validation. As you heard from Chris, with Mandiant Advantage we’re combining our intelligence, security validation and our expertise into a platform.
We’re working to make the process of measuring security effectiveness against the most current attacks, simple, continuous and commonplace. I believe our new Mandiant Advantage platform will close the security gap between the attackers emerging techniques and the safeguards that are often too slow to adapt and stop or detect these attacks.
I also believe that in validation on demand, as well as managed validation offerings will be instrumental to security validation adoption. The platform will also make our experts available at the point when our customers need them at most. As a proof point, our Expertise On Demand adoption continues to increase and utilization of our experts continues to diversify.
Revenue generated from the use of Expertise On Demand increased by more than 300% again in the third quarter, with approximately 66% of the use of these experts for the delivery of non incident response services.
And now, I’d like to turn the call over to Frank.
Thanks, Kevin, and hello to everyone on the call. Before we move on to the details of our Q2 — Q3 results and our updated guidance for Q4 and 2020, let me remind you that I’ll be referring to non-GAAP metrics except for revenue and operating cash flow.
Our non-GAAP measures exclude stock-based compensation, amortization of intangibles, non-cash interest expense on our convertible debt, restructuring charges and other non-recurring items.
There are three key takeaways from our Q3 results. Q3 extended the year-to-date trend of strong results, building on the strength we saw in the first and second quarters. Demand remains solid across our products and solutions and we’ve increased our revenue and profit outlook for Q4 and 2020. And with the stabilization of our more mature products, and growth in the emerging solutions, I believe we have set the stage for a strong close to 2020 and a great foundation to enter 2021.
Turning to the specifics of our Q3 results. In Q3, we had another strong performance across all key financial metrics. We delivered revenue — record revenue that was $11 million above the midpoint of our guidance range and we reduced our operating expenses by $18 million, compared to Q3 of ‘19. As a result, we delivered another record quarter for operating profit. We also delivered positive operating cash flow of $33 million and free cash flow of $29 million.
As the high level summary of the quarter, now let’s turn to the details. We remain focused on annualized recurring revenue and revenue as the most important indicators of our financial performance. ARR provides insight into the expansion of our installed base of recurring subscriptions without regard to short-term changes in average contract length, the timing of large renewals or hardware refresh cycles.
As we’ve seen, any or all of these factors can cause volatility in the year-over-year growth rates for billings. For these reasons we believe ARR and revenue are better indicators of our progress on our transformation journey, especially in the current environment. But we know billings continue to be a widely followed metric. So while we are no longer guiding to billings, we will provide some color on our Q3 billings performance.
For Q3, we delivered $239 million in billings, down $9 million or 4% from Q3 of ‘19. This is much better than the 8% year-over-year decline in Q2, which I believe was the low point for the year-over-year billings growth.
I will outlined a few of the reasons we believe the year-over-year growth rates in billings will continue to improve by a few percentage points each quarter. First, the product and related billings compare for the first half of 2020 were difficult due to the refresh activity of our third generation appliances in the first half of 2019. With that grow over behind us, the trends and product in related billings growth have normalized. This has validated by the sequential increase in product and related ARR.
Second, we are seeing a strong pipeline growth for our emerging solutions in the platform and cloud subs category, as organizations map out their long-term security strategies.
Finally, our non-financial operating metrics of new logo customers greater than million dollar transactions and ARR are all trending up.
Looking at the large transactions, not only is the number increasing, but we are seeing the number of products and solutions per transaction trend upward as well. In Q3, 75% of the greater than $1 million transactions included four or more products or services.
Before we turn to revenue and ARR, let me make a — take a moment to provide some additional context on the year-over-year billings growth rate for the platform, cloud subs and managed services category.
The reported growth rate turned negative in Q3. I believe this is an aberration rather than a trend, similar to what would occurred in the first half of 2019. The year-over-year decline was a result of a very strong quarter, the year prior and the timing of some very large renewals.
Based on deals close quarter-to-date and our visibility into the pipeline in the fourth quarter, I expect the growth rate to bounce back in Q4 to a level consistent with or slightly better than the billings growth rate we achieved in this category in the first half of 2020.
Cloud endpoint, Helix, Intel and validation performed very well year-over-year, but our Managed Defense billings had a sizable year-over-year decline due to some large deals and renewals in the Q3 of ‘19 quarter.
Looking at revenue and ARR, cloud-based and cloud-delivered solutions showed continued strength in Q3, with the platform, cloud subscription and managed services category having revenue up 21% year-over-year. This category accounted for 31% of total revenue, compared with 27% of total revenue in Q3 of ‘19. ARR for this category was up 4% sequentially and 18% year-over-year. Every product in this category increase year-over-year, with growth led by cloud endpoint, Intel and validation.
Revenue associated with our on-premise product and related subscriptions business decreased 8% year-over-year, compared to decreases over the prior three quarters. Revenue for this category increased by about $5 million sequentially versus our expectation of approximately flat with Q2. The outperformance was largely due to strong sales of our PX forensic appliances in the quarter, which are recognized up front. ARR for the product and related category increased 1% sequentially, an important indicator this portion of the business has stabilized.
Professional Services revenue also increased sequentially to a record $55 million versus our expectation of approximately flat with Q2. We continue to maintain high utilization rates and chargeability, which resulted in services gross margin of 55%, above our historical average of about 53%. Total gross profit margin was relatively flat with Q2 of ‘20 and at the high end of our guidance.
Operating expenses were flat sequentially and down $18 million from Q3 of ’19, reflecting our reduced cost structure, following the first half transformation activities, as well as continued travel reductions and lower facilities costs. We estimate the savings on travel, events and facilities related costs associated with the pandemic were about $8 million this quarter.
The combination of higher than expected revenue and reduced operating expense levels resulted in record operating margin of $28 million or 12% and earnings per share of $0.11 or $0.03 above the high end of our guidance range.
Turning to the balance sheet and cash flow. Our balance sheet remains very healthy. We ended the quarter with cash and short-term investments of $942 million. The sequential increase was driven by our free cash flow of $29 million. We ended the quarter with $134 million in receivables, an increase of $14 million from $120 million at the end of Q2. DSOs based on billings was 51 days in the quarter.
With most of our facilities closed worldwide, as well as the purchase of fewer demo appliances as we continue to shift towards more cloud-based solutions, our capital expenditures were less than $5 million in Q3, a record low.
We ended the quarter with $894 million in deferred revenue. The decrease from prior year reflects the continued amortization of appliance sales from prior years.
Before we get to our outlook, we have had several incoming questions about our federal business. In Q3, our federal bookings reach record levels with the strongest growth we’ve seen in the past two years.
Now let’s turn to our current outlook for Q4 and 2020. With the strong revenue results posted in Q3 and the continued momentum we see in early Q4, we are raising our revenue and earnings per share guidance for the year.
For Q4, we currently expect revenue in the range of $237 million to $241 million, approximately equal to Q3 revenue at the midpoint. We are taking a more conservative approach and assuming that the large PX appliance sales will not be repeated in Q4, resulting in less upfront revenue. We also expect that services revenue will be relatively flat with Q3 due to less billable days because of the holidays in Q4.
On a year-over-year basis, our guidance implies revenue growth of approximately 2%, which I believe will be the low point. Although, we are not specifically guiding to 2021, I believe we will see quarterly year-over-year revenue growth rates reaccelerate from here.
We expect gross margin of between 70% and 71%. We expect gross margin on our services to return to the long-term average of about 53% as we return to average utilization and chargeability in the quarter, with fewer working days due to the holidays.
We expect operating margin of between 10% and 11%, implying a $1 million to $2 million sequential increase in operating expenses. This is primarily due to the higher commission expense driven by sequential growth in billings. We expect fully diluted earnings per share of between $0.09 and $0.11.
For 2020, we are raising our revenue guidance range to $930 million to $934 million, an increase of $17 million at the midpoint on a narrower range. We expect gross margin of between 70.5% and 71.5%. We are raising our operating margin guidance range to 7.5% to 8%, which reflects our year-to-date results and our Q4 outlook.
Embedded within this guidance are some assumptions — including assumptions about the ongoing impact of the COVID-19 pandemic on our operating metrics that you should consider as you build your models.
First, we expect T&E and facilities operating costs to increase slightly compared with Q3 as some restrictions are relaxed globally. That said, as restrictions on travel have continued, it is become clear that we can operate effectively at reduced levels. So post-pandemic we do not expect these cat — expense categories to return to pre-pandemic levels.
Second, we remain somewhat cautious about the potential impact of the pandemic on our services billings growth rates. More specifically, based on our current outlook, we are not anticipating the same surge in prepaid services we saw in Q4 of last year, when services billings exceeded $70 million.
Although, we expect continued strong revenue performance in our services category, as outlined in the revenue section, we are anticipating that services billings will likely decline year-over-year in q4. This is by no means an indication of softening demand or ability to deliver services both remained extremely strong.
We also expect Expertise On Demand sales to continue to grow. However, billings for services are more dependent on the mix of fixed bid or prepaid services versus time and material contracts, which is why revenue is a better indicator for services performance.
Finally, our Q4 outlook assumes no material impact from the newly launched Mandiant Advantage solution.
Let me close by saying that although uncertainties remain, we believe our performance year-to-date demonstrates the strength of our business. I’m confident we will continue to show progress on all fronts, as we expect the adoption of emerging solutions to increase and the headwinds that have impacted our growth to lessen.
Operator, w will now open the call for questions.
Thank you. [Operator Instructions] Our first question comes from Sterling Auty with JPMorgan. You may proceed with your question.
Hi, guys. This is Matt on for Sterling. Thanks for taking the question. I think I caught in your — in the prepared remarks, you talked about product ARR growing. I was wondering if you could break that down. What really is driving the performance in product this quarter? Thanks.
Yeah. We had a strong product quarter really across the Board. I think on network, email and endpoint products and Helix, specifically, had good quarters. And Q3 is the larger fed quarter and we do see a better mix towards products in the fed quarters.
Got you. And last quarter you talked about accepting or now working with third-party solutions for the Mandiant Solutions. Now what’s been the reaction you’ve seen so far in terms of additional uptake from customers?
Chris, this is Kevin speaking. Would you like to take that question, please?
Absolutely. Yeah. I mean, we’ve had kind of two passive reactions. One, the customers and prospects we’re talking to definitely a very excited about it. They’re looking to be able to leverage the uniqueness of our expertise and our intelligence regardless of the control product decisions that they’ve made, as well as our existing FireEye Control customers are excited about having a deeper level access into the data that we have. Additionally, with industry analysts, it’s definitely something that has resonated well. So, so far it’s been a very good positive reaction all around.
Great. Thanks, guys.
Thank you. Our next question comes from Gur Talpaz with Stifel. You may proceed you’re your question.
Hi. This is actually Chris Speros on for Gur. For Kevin, can you provide some incremental details surrounding FireEye’s enhance relationship with Microsoft, particularly the demand that you’ve seen for Mandiant Security Assessment within both Office 365 and Azure, as well as the opportunity related to adding Mandiant Intelligence to the defender technology?
Yeah. It’s something that we recognize Microsoft’s everywhere and with that ubiquity, what we want to be able to do is make sure we can overlay our intelligence, but specifically with the Managed Defense service, on endpoints besides just our endpoint. We think our endpoint differentiates with a lot of the forensics capabilities. But there’s other endpoints out there that our customers or prospects want to support.
So we’ve been working hard to incorporate the ability to sell our customers or prospects, hey, if you use Microsoft’s advanced endpoint, we can do that. We can put in an overlay our intelligence and our experts, and manage that for you, and being an extension of your security team.
So we’re rolling that out over the course of this quarter. We have a beta customer that we’re working with on that. But prior to that, the Service Managed Defense was really wholly dependent on us using our endpoint.
And so, Microsoft is the first of several other third parties that we’re going to expect to over time we want to be able to apply our skills in Intel too. So still too soon to say the impact. But that being said, it’s a move in the right direction. We want the Mandiant brand to be seen as product agnostic.
Obviously, FireEye Products and Controls will be advantaged by being in the same house and under the same roof as Mandiant, but we want to take that that Intel and that expertise, which I think our biggest differentiators and let other products leverage, so.
That makes a ton of sense. And one for Frank, you noticed that 75% of the greater than $1 million transaction included four more products. Can you talk about which products are being included and to what degree the validation technology is being included in and driving in these large transactions?
Yeah. I mean, one of the real benefits of FireEye is how comprehensive our offering is. And so if you look at a lot of those greater million dollar transactions, what you see is multiple products and multiple solutions. And so, in a lot of cases you’ll have a point product, like a network, email or endpoint and then you’ll couple that with a Helix subscription and then we’ll add on Managed Defense or Expertise On Demand.
So I think you see a really nice, broad kind of set of multiple products and services being, there isn’t one tip of the spear that kind of leads the way every time, it really is feel dependent and customer depending on what they — their immediate needs are. But I think the important point for this is that, when we look at the business today versus when we looked at it a year or two ago, we’re just selling a lot more of the platform and a lot more of the comprehensive offering than in previous years, we’d have one large product driving the vast majority of the deal. So I think it’s a healthier way to operate because we are getting expansion within those customer bases at a much higher level.
That’s great. Thanks, guys and congrats on the quarter.
Thank you, Chris.
Thank you. Our next question comes from Fatima Boolani with UBS. You may proceed in your question.
Good afternoon, team. Thank you for taking the questions. Frank, a couple questions for you. As we think about the product performance this quarter. I know you highlighted the PX appliances as maybe out shining. But if we think about the Gen 4 and Gen 5 appliances that you have in your base. Can you talk us through some of the lifecycle considerations on those appliances in the base and how we should think about those rolling through over the next couple of quarters? And then I have a follow up as well.
Yeah. I think for the refresh activity, I think, you’re going to see — it was pretty acute the last time when we went through the refresh of the third generation. This time around, it’s going to be a much — it’s going to go over a longer period of time.
And right now, the only thing that would be refreshed typically would be our fourth generation appliances and I think you can think of that happening primarily in 2021. But again, I don’t think it’s going to be as acute as we saw concentrated within a couple quarters in 2019 that we saw.
And Fatima, this is Kevin. One of the things that’s going to change a little bit is when we were selling a lot of the Gen 3, it was at a time when FireEye Product growth was exceptional. We had 90% growth, 50% growth, 60%s.
And we were selling down market one and two appliances. So when we did the Gen 3 refresh, that’s where we saw some less commitment to FireEye, the small to medium businesses that bought the products back in 2014, 2015.
What we’re seeing is that flushed out some of the smalls, but we’re seeing the big, the large 1A enterprises renew and stay committed. So now, when we look at our base, it’s more than 1A enterprises, where FireEye plays better and has more strengths and so I’m more confident that we will handle the next refresh cycle better than the prior one. The fit between us and the customer is better and we’re going to handle it better.
And while our…
I appreciate. Thanks.
…client is our forensic appliances.
We’re a little bit better than we had planned. It’s still a very small piece of the overall product business.
Fair enough. And just as a broader question, as I think about the breadth of the portfolio, how much expanded and how much more software enablement is being rolled out, especially under the Mandiant umbrella. If I think about the long tail on some of the support revenue streams and maintenance revenue streams you have with some of your customers, I’m wondering if you have sort of an active program or campaign or any specific initiatives targeted towards customers who may be looking to move to the cloud and aren’t necessarily certain that they’re wanting to expand their spend. I am curious if you have any sort of, I guess, maintenance conversion programs to some of your other form factors in the portfolio? And that’s it for me. Thank you.
Yeah. Fatima, I’d say, I’d answer that two ways. One is, we are working with our customers to really be where they want to be. So if they have a cloud migration strategy, we are moving along with them to the cloud. In a lot of cases, we have on-premise customers that move to a hybrid environment before they go 100% to the cloud. And the good news is across our entire product set we have both on-premise hybrid and fully cloud.
So, we’re — we want to be where they want to be, but ultimately, we realized that we want to eventually move the vast majority of our customers to the cloud. So we do work with them. We also do incent the sales force, a little bit in 2020 and a little bit more in 2021 on having them push for initial cloud sales, so then we don’t have to go through kind of any migration process.
Yeah. This is Kevin. With remark to the broadness of the portfolio, it’s — we have eight different things in the portfolio, network security, endpoint security, email security, Helix as the interface that can integrate all that. Then we have Intel Validation, Mandiant Services, Managed Defense.
When we talk about Mandiant Advantage, what we’re actually doing is taking that eight avenues into a customer and we’re taking Intel Validation, Managed Defense and Expertise On Demand and motioning them into Mandiant Advantage. So there’s five avenues into a customer. So we’re actually trying to take several hundred million dollars of our business and put it into the Mandiant Advantage. So it’s an easier and simpler portfolio.
I appreciate the color. Thank you so much, gentlemen.
Thank you. Our next question comes from Rob Owens with Piper Sandler. You may proceed with your question.
Hey. Good afternoon, guys, and thanks for taking my question. Kevin now with Frank talking about revenue acceleration as we move forward and there’s been a lot of puts and takes and moving parts to the model.
Is the focus from here on execution or is there still more to be done around infrastructure, around go-to-markets and how we see success, I am not asking for ‘21 guidance, but obviously with acceleration playing out, what those proof points be?
Well, we’re very keen on the Mandiant Advantage getting adopted Rob and modernize our Intel, everywhere I went, customers are like we want your operational Intel today, not your finished Intel three days away. So we delivered that already.
And the key to that actually was the source of truth, where we have — we went from a whole bunch of different Intel sources internally, we’ve got one now and the graph database is maintained by the smartest folks we have at the company, making sure we input it.
By taking our Intel and marrying that up with Validation. It is such a logical marriage to have one interface, where you’re reading the news for the day in the Mandiant Advantage. You’re seeing the banners. This industry is being targeted. Here’s the most common vulnerabilities being exploited based on insights into thousands of customers and all the intrusions we’re responding to, hey, I want to test to see if I’ve got this problem to be able to get a click away. I think consolidating our portfolio into a platform, make it consumable, making it enabled from the cloud, making it easy-to-try and easy-to-buy is going to be the top driver going into next year.
That’s why we had Chris Key on this call is because we put the Mandiant engineering. One of the biggest things we did last year is we took the engineering and kind of split it with FireEye Control Products engineering and Mandiant Solutions engineering and we have Chris driving that and that platform is bringing our differentiators to market in simpler ways, more relevant ways, in ways that scale better. So I think that’s the big driver for 2021.
And everywhere go Rob, I’m getting the question. And I guess I might get this question more than the average security person. They are reading the headline and saying, hey, do I have to worry about this attack? Well test it. Try it out. And we’re going to just make that so simple and safe to do over the next few months that I think it’s going to be widely adopted.
Great. Thanks. And then second for Frank, if I looked at the Platform Cloud and MSP category, both from a revenue perspective, as well as an ARR perspective, the quarter-over-quarter performance was up but probably didn’t grow as much as I would have thought. Were there any particular puts and takes there?
Yeah. I think it’s really just kind of driven by the large deals in the quarter. If we look at what the Q3 deals, there was a lot of large deals kind of skewed towards product. But if we look at the Q4 deals close to-date and the pipeline for Q4, we’re going to have a great Platform Cloud category quarter in Q4. And so I think you’ll see a pretty nice bounce back in Q4 there.
And I think if you look at it on a trended basis, you’ll see that category continues to grow very nicely in a pretty tight range. You get every now and then and as we saw in Q1 of ‘19, you get one negative quarter, but then it’s backed up by three quarters that are growing 20% to 40% so year-over-year.
So, I really do you think it’s an anomaly that just some of the larger deals just happen to be more skewed towards products. Part of that is driven by the fact that we did have a really strong fed quarter, which tends to skew towards product versus cloud right now.
All right. Thank you.
Thank you, Rob.
Thank you. Our next question comes from Jonathan Ruykhaver with Baird. You may proceed with your question.
Yeah. Hey, guys. So on Mandiant Services business obviously performed very well once again. And you look at the growing portfolio of compelling capabilities, the Security Validation, now Mandiant Advantage, so obviously helping there. But as we look into to fiscal ‘21, do you expect a pattern of continued relative outperformance from Mandiant, just due to this growing portfolio. Could that impact how we should be thinking of billings growth for Mandiant relative to FireEye Products and Services?
Well, I can tell you, I’m not sure if billings is the right metric and services firms billings is a trailing metric, because we do a lot of incident response, which is usually time and material contract. So you build for it after you do the work. So that can be a trailing indicator for us.
But I definitely look at the growth rate of Mandiant Solutions to be faster than products scope period. It has to be. And when you look at that business, we’re the best in world at Threat Intelligence. We’re the best in world at validation. We’re the best in the world at responding to breaches. We’re – we have incredible experts running our Managed Defense business.
So I look at that and say, let’s take all the things that were exceptional and in the top right at and put it into a platform and make it more accessible to folks that are using FireEye Controls, as well as not using the FireEye Control products. So it’s absolutely the growth area we’re emphasizing.
Yeah. And I think if you look forward to 2021, it’s going to — the growth drivers in 2020 are going to look pretty similar and we’re going to expect significant consistent growth across Mandiant Solutions, but also some of our products. Cloud endpoint had a great year in 2020 and what we expect to continue have really good quarters going forward.
Okay. Good. That sounds great. And then just on product, you’ve talked about the stabilization and improvement in renewal rate. And I wonder if you can talk specifically about just the pricing dynamic and then the opportunity for add-on service adoption and how that might be impacting ACV renewal in helping to stabilize that ARR?
Yeah. I think a couple things are happening with the stabilization of ARR. One is we have had a little bit better renewal rates on the product side, part of that could be driven by COVID. But I do think that, as we look at ARR and the kind of the go-forward, we don’t have the grow over challenges that we had in the first half of the year and so product has definitely stabilized in Q3, and we expect it to remain stabilized in Q4.
But I think the important thing is, as we and we proved that are validated in the greater and million dollar transaction is that, products bringing along with it a lot of the solutions, solutions brings along with a lot of products and we’re really able to kind of jointly sell a lot of the different products, which helps each individual growth rate, because we’re selling comprehensive solutions in a lot of cases.
Very helpful. Thanks, Frank.
Thank you. Our next question comes from Saket Kalia with Barclays. You may proceed with your question.
Hey, guys. Thanks for taking my questions here. Frank, maybe first for you, maybe just a pivot to profitability, nice to see that double-digit profitability here in the quarter, can you just talk, maybe how you think about the remaining cost savings from some of that restructuring activity? And understanding you’re not giving 2021 guidance, but maybe you could talk a little bit about anecdotally, the cadence that maybe backfilling some of that in the coming quarters, if you do backfill it?
Yeah. I think when we look at OpEx, our expectation is that 2021 will look a lot like 2020. We’ll get the benefit of a full year in 2021 of the transformation activities we did in the first quarter and second quarter. So we — if you look at the model, I mean, the great thing about what we’ve been able to do is, we’ve been able to reduce overall effects, but at the same time, significantly invest in the growth areas of the business.
So, as we look forward, we’ll continue to invest in the growth areas of the business, but I think the overall bucket of spend from an OpEx standpoint will be relatively flat in 2021 versus ‘20. We will obviously see increases in COGS, because we will add Mandiant Consultants, we will also add some cloud hosting costs as we continue to drive additional cloud growth.
Got it. Got it. Kevin, my follow up maybe for you, I mean, clearly very excited about Mandiant Advantage. So maybe I’ll just put that to the side just for a second. If I think about the Cloud Managed Services part of the business, there’s several products in there.
And as you think about…
… about those products in coming years, what products are you maybe most excited about having sort of a sustainable competitive advantage in your mind? Does it make sense?
Meaning which products are we going to support inside a Managed Defense over the coming years.
Just the high growth product…
…in the cloud.
Oh! Yeah. Well, so inside the Mandiant Solutions, the Validation On Demand can be a cloud product. That’s something that we made it. We did a kind of dry run of that based on some of the recent ransomware actors and it’s just it works. Even we ran it when time of value. From the moment we decided, hey, we want to download an agent, run the threats and see how well we do. It was 15 minutes time the value. So I’m very excited about Validation On Demand.
For all the systems out there at smalls, even they might want to, hey, let’s see how good we really are and try that out. It was time to operationalize our Intel. People always want to know what we know when we know it and Chris talked about that. So I’m just excited that we upgraded our intelligence offering.
Meaning we put our operational Intel, it may not be cleansed, it just it’s coming in from the front lines right now. As we’re doing this call, by the way, we’re doing over 150 investigations right now. I mean, we’re hot on the front lines. All that stuff is feeding, right, as we’re speaking there are folks submitting data into Mandiant Advantage to make sure our customers can take advantage of it. So I’m pretty excited about that. I’m not sure if I understood the question, right. But I’m actually excited about our endpoint. I’ll add that.
We have unique forensic capabilities in our endpoint and I know endpoint forensics isn’t this enormous TAM, but we back up everybody else’s endpoint when it fails to protect people and I think there’s value in our experts using our endpoint to really find the threats that a lot of folks miss.
So looking at our Managed Defense service, we’re excited about our endpoint. We think it’s a differentiator. But we are going to go to other third-party products in the upcoming quarters, simply because that’s what our customers want us to do.
Makes a lot of sense. Thanks a bunch, Kevin.
Thank you. Our next question comes from Hamza Fodderwala with Morgan Stanley. You may proceed with your question.
Hi, guys. Thank you for taking my question. Just maybe a follow up to the previous question. Kevin, as you think about your — when you talk to your customers and you think about their spending priorities in the 2021, obviously, there was a lot of spending done to sort of enable the rapid increase in work-from-home. But as they start to think about their security architectures and what will remain a more distributed work environment. Can you talk about where they’re focused as it relates to your product portfolio, and perhaps, which parts of the portfolio are maybe perhaps be more deemphasized?
Yeah. Well, on-prem appliances are going to be deemphasized. One of the things that absolutely happened with the emphasis on defending remote users is I think the majority of companies recognize, hey, let’s accelerate to the cloud. It’s just easier for us to manage it. Then get cloud visibility. And so you’ll see CAS-B and cloud security get important.
I think endpoint is going through a great run right now. People are recognized with ransomware, you need to buy an endpoint that can learn, that can think, that adapts, that can do signature list based detection that is backed by experts, that eliminates a lot of the endpoint choices.
So from our portfolio, I think, endpoint is absolutely a growth driver. No question about it. I think cloud assessment is absolutely a growth driver. If people take a look at our Helix and the visibility it provides now with Cloud Advisory, you can manage all your cloud-based resources, whether you’re in Google Cloud, Azure, AWS, all in one place with FireEye products and get the controls in there to defend them. I believe in red teaming and that’s Validation On Demand or humans doing it.
If you want to prioritize your portfolio, I’d say, if you’re just starting your security program today, you start with, hey, I need a firewall. But about six innings into it, you got to start thinking about credential management, you got to start thinking about how do all the controls you have integrate and that’s where red teaming and validation becomes critical.
At some stage of your maturity level, as a security organization, you have to start validating your security program is in fact, what you think it is and you have the configuration and things you have.
So when I look at our portfolio, endpoints going to matter. Helix is going to matter, because the Cloud Advisory and cloud visibility that’s needed. Our services will always matter, because there’s always going to be another breach and there’s always going to be a need for somebody to show up what happened, what to do about it.
Validation will matter and be exceptionally important. And Intel is going to matter, because that is what you need to drive better controls and to prioritize which events matter more than others. So I look at our portfolio and the things that are just less applicable on the go-forward bases would be the on-prem appliance portion of it.
Got it. Thank you.
Thank you. Our next question comes from Brian Essex with Goldman Sachs. You may proceed with your question.
Great. Thank you. Thank you for taking the question. I guess, maybe Frank, I’d like to kind of hit on sales and marketing a little bit, particularly post-restructuring efforts earlier this year, maybe if you can talk about efforts that you’re making to reaccelerate growth on the sales and marketing side? How mature is the sales force and what are changes you might make if the economy opens back up again and we can travel, where you might elect to kind of spend any kind of incremental dollars to drive better pipeline sales growth?
Yeah. I think, we’ve seen a lot of improvements in sales productivity. I think a lot of that is, we’ve got a set of leaders across all geos that have now been with the company for a number of years, at least three years to four years for — the vast majority of our sales leadership and they’ve brought in a lot of good folks that have ramped up and are selling more than just one or two products, like, they may have sold in the past. We’re now seeing a lot of comprehensive platform sales with multiple products and multiple solutions.
So I think as we look forward, we expect productivity will continue there. We’ve been able to reduce the cost there and not really take a hit from a sales perspective. So I think we’ve done a really good job of kind of managing that expense down to a point where we are definitely more productive than we’ve been in the past.
And when — as things open up, we do expect T&E to go up a little bit next year as things open up, but we don’t expect it really to get back to the pre-pandemic levels, because I think, even post-COVID we will likely do some mix of virtual and in-person events rather than all in-person events.
So I think there’ll be some savings there. And I think we’ve also just kind of got used to this working from home and Zoom meetings and teams meetings and I think, the team’s been really effective. And so I think it will be kind of a paradigm shift kind of post-COVID. But the good news is, we have been able to acquire new customers and been able to continue to cross-sell and upsell. So we’ve been very happy with the sales performance.
Okay. Great. And maybe just a quick follow up kind of housekeeping item. Looks like you had a bit of improvement in contract duration, maybe any insight around that and is this kind of the new level or was that primarily product driven and we might see a kind of reversion back to the levels that we saw last quarter, maybe intact to expect going forward?
Yeah. I think from an average contract length perspective, I think, we will continue to see over time kind of a shortening of the average contract length as we continue to move to more cloud services.
I would expect, yeah, as we look at year-over-year, we probably see like year-over-year declines of one month, two months. I think Q3, because we did have a large product quarter and we have more multiyear kind of product, I do think that reverses a little bit in Q4.
But I think the good news is we’re not seeing that fall off a cliff. And I think we really like to see it kind of managed down a little bit over time, but not very significant in any one period, because we’ve been able to drive nice cash flows over the last year and I think we’re going to see nice continued capital growth there.
Okay. Great. Thanks again, guys. Appreciate it.
Take one more question, please.
Thank you. Our last question comes from Yi Fu Lee with Oppenheimer. You may proceed with your question.
Yi Fu Lee
Thank you for taking my question gents and congrats on a strong set of results. Just one question on my end, whether it be for Kevin, Frank or Chris. Just maybe some colors in the general macro environment. We’ve seen the elevated cyber threat environment during the pandemic and this will be helpful for the Mandiant Advantage business obviously and the cloud business as well. But then we will hear and in total lockdown in certain regions in EMEA and maybe a second wave, can you comment on that, Kevin, Frank or Chris, please?
Yi Fu Lee
That’s it for me.
Yeah. This is Kevin. Just looking at the macro environment, whether it’s geopolitics, COVID unrest, economic challenges, geopolitical conditions, there is no doubt, there’s an escalation in cyberspace, mostly wrapped around ransomware.
I think healthcare is getting targeted. I think industries that are more likely to pay to get their business back on line are being targeted and it just seems like it’s reached an tolerable level. So that’s driving a lot of the activity right now.
So that’s my way of saying there is an escalation of activity in cyberspace that’s negative right now. There is an increase — it’s either an increase in tax or an increase in the impact of these attacks that’s keeping us busy and probably many factors that are contributing too.
But probably the number one factor is their safe harbors. There is no risk or repercussions from the folks conducting many of these attacks at this juncture. So it will be a while before that gets sorted out.
In regards to any lockdowns that may happen in the future. We’re already working remotely and I think almost all organizations are period. So I think any lockdowns, it’s still going to be, it’s not going to be as impactful as what happened in March and we didn’t feel the impact then.
We brace for it, but we are used to sending our expertise from remote locations. We are used to collaborating in remote ways and by now, so our customers or prospects or future customers. So I’m not too worried about an additional lockdown, especially considering there’s a lot of organizations have said, hey, we’re not coming back ever again to the offices. I don’t see if that’s much of a difference in lockdown.
There are organizations that are choosing to not have their employees come back to physical location. So the new normal is you got to be able to work in a distributed way and FireEye is prepared to do that.
Yi Fu Lee
Thanks for the color, Kevin, and thank you answering…
Yi Fu Lee
… if anyone connects you.
Thank you. And I’m not showing any further questions at this time, I’d now like to turn the call back over to Kevin Mandia for any further remarks.
Thank you. Yeah. I’d like to wrap up. But I wanted to share that I continue to be excited about our strong performance in this quarter and some prior quarters and our outlook for Q4. And it’s a result of our focused on structuring our business around products and solutions. I want to thank all the FireEye employees for the progress we have made towards our transformation, for their continued efforts and focus through these most challenging times and for your commitment to the security of our customers. Thanks again to all of you for joining us today and for your interest in FireEye, please stay safe and healthy. Take care.
Thank you. Ladies and gentlemen, this concludes today’s conference call.
Thanks for participating. You may now disconnect.