U.S. Markets closed

Edited Transcript of FEYE earnings conference call or presentation 29-Oct-19 9:00pm GMT

Q3 2019 FireEye Inc Earnings Call

MILPITAS Nov 1, 2019 (Thomson StreetEvents) -- Edited Transcript of FireEye Inc earnings conference call or presentation Tuesday, October 29, 2019 at 9:00:00pm GMT

TEXT version of Transcript

================================================================================

Corporate Participants

================================================================================

* Frank E. Verdecanna

FireEye, Inc. - Executive VP, CFO & CAO

* Grady K. Summers

FireEye, Inc. - EVP of Products & Customer Success

* Kate Patterson

FireEye, Inc. - VP of IR

* Kevin R. Mandia

FireEye, Inc. - CEO & Director

================================================================================

Conference Call Participants

================================================================================

* Christopher Caleb Speros

Stifel, Nicolaus & Company, Incorporated, Research Division - Associate

* Eric Michael Heath

Raymond James & Associates, Inc., Research Division - Research Associate

* Fatima Aslam Boolani

UBS Investment Bank, Research Division - Associate Director and Equity Research Associate Technology-Software

* Gregg Steven Moskowitz

Mizuho Securities USA LLC, Research Division - MD of Americas Research

* Kenneth Richard Talanian

Evercore ISI Institutional Equities, Research Division - Analyst

* Melissa A. Franchi

Morgan Stanley, Research Division - VP and Research Analyst

* Patrick Colville

* Saket Kalia

Barclays Bank PLC, Research Division - Senior Analyst

* Sterling Auty

JP Morgan Chase & Co, Research Division - Senior Analyst

* Walter H Pritchard

Citigroup Inc, Research Division - MD and U.S. Software Analyst

================================================================================

Presentation

--------------------------------------------------------------------------------

Operator [1]

--------------------------------------------------------------------------------

Ladies and gentlemen, thank you for standing by, and welcome to the FireEye Third Quarter 2019 Financial Results Conference Call. (Operator Instructions) Please be advised that today's conference may be recorded. (Operator Instructions)

I would now like to hand the conference over to your speaker today, Ms. Kate Patterson. Thank you. Please go ahead, ma'am.

--------------------------------------------------------------------------------

Kate Patterson, FireEye, Inc. - VP of IR [2]

--------------------------------------------------------------------------------

Thank you, Daniel. Good afternoon, and thanks to everyone on the call for joining us today to discuss FireEye's financial results for the third quarter of 2019. This call is being broadcast live over the Internet and can be accessed on the Investor Relations section of FireEye's website at investors.fireeye.com.

With me on today's call are Kevin Mandia, FireEye's Chief Executive Officer; Frank Verdecanna, Executive Vice President, Chief Financial Officer and Chief Accounting Officer of FireEye; and Grady Summers, FireEye's Executive Vice President of Products and Customer Success.

After the market closed today, FireEye issued a press release announcing the results for the third quarter of 2019.

Before we begin, let me remind you that FireEye's management will make forward-looking statements during the course of this call, including statements relating to FireEye's guidance and expectations for certain financial results and metrics; FireEye's priorities, initiatives, plans and investments; drivers and expectations for growth; the expansion of FireEye's platform; and the benefits, capabilities and availability of new and enhanced offerings; competitive position; market opportunities; and go-to-market strategies. These forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. These forward-looking statements apply as of today, and you should not rely on them as representing our views in the future, and we undertake no obligation to update these statements after the call.

For a detailed description of the risks and uncertainties, please refer to our SEC filings as well as our earnings release posted an hour ago. Copies of these documents may be obtained from the SEC or by visiting the Investor Relations section of our website.

Additionally, certain non-GAAP financial measures will be discussed on this call. We have provided reconciliations on these non-GAAP financial measures for the most directly comparable GAAP financial measures in the Investor Relations section of the website as well as in the earnings release.

Finally, I'd like to point out that we have posted the supplemental slides and financial statements on the Investor Relations section of the website.

With that, I'll turn the call over to Kevin.

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [3]

--------------------------------------------------------------------------------

Thank you, Kate, and thank you to all of you, the investors, employees, customers and partners joining us on this call. We appreciate your interest and support in FireEye as we continue to transform from our origins as a network security product vendor to a comprehensive security platform company.

We did what we said we'd do in the third quarter. In fact, the third quarter of 2019 marks the 11th straight quarter where we met or exceeded our billings and revenue guidance. In addition to strong top line performance in the third quarter, we returned to non-GAAP operating profitability, and earnings per share were at the high end of our guidance range. Let me begin by discussing some Q3 highlights followed by some updates on the business, and then I will turn the call over to Grady Summers, our Executive Vice President of Products, to discuss our product innovation.

First, some highlights from the quarter. We generated total billings of $249 million, an increase of 13% year-over-year. Revenue for the quarter was $226 million, an increase of 7% year-over-year and $5 million above the high end of our guidance range. What I'm most excited about is how our billings and revenue growth was led by our platform, cloud subscription and managed services category, which had a record quarter. Billings for this category grew 43% year-over-year, and revenue grew by 27% year-over-year. This growth was driven by strong sales of our cloud endpoint and cloud e-mail security solutions, our threat intelligence, the Helix platform as well as a near-record quarter for Managed Defense. Verodin also had a strong quarter. And for the first time in FireEye's history, billings for our platform, cloud and managed services subscriptions were greater than product-related subscriptions and support billings. Strong billings growth for this category resulted in an 11% sequential increase in platform, cloud and managed services annual recurring revenue to a record $263 million.

Mandiant Services had another record quarter. Billings from Mandiant Services were $55 million, an all-time high and up 40% year-over-year. Mandiant Services revenue growth increased by 28% year-over-year. Mandiant consultants have long been recognized as the premier experts to respond to security incidents. As demand for our expertise has grown, we have expanded our strategic services Expertise On Demand offerings to accelerate this growth.

Now I'd like to discuss FireEye's ongoing transformation within the context of our financial performance. 3 years ago, nearly 2/3 of our business was appliance-based and deployed on-premise. Today, the on-premise portion of our business represents less than half of our total sales, and appliances represent about 15% of our total billings. We have executed with purpose through this transformation, achieving double-digit billings growth in 5 of the last 7 quarters. I'd like to share some specific actions that I believe are responsible for this transformation.

First, we did the work to decouple and unlock our exceptional detection capabilities and our intellectual property from our appliances, which gave customers greater deployment flexibility and enabled our new cloud offerings. Second, we introduced subscription pricing and packaging across all of our offerings, allowing customers to purchase our software as a subscription-based on volume or number of users rather than appliance. This was an important step to competing effectively in the cloud and as-a-service markets. We introduced new subscription services in our threat intelligence and our Managed Defense offerings. We made our expertise available on demand inside our products, and we introduced Helix, an open, cloud-based security operations platform that serves as a portal to our intelligence and our expertise.

And during our transformation, 2 related but different areas of focus emerged within FireEye: technology-enabled solutions delivered through our consulting organization or as an intelligence our Managed Defense subscription and expertise-based products, including our network, e-mail and endpoint security offerings. The 2 are linked through our innovation cycle and connected by the Helix platform, but the development priorities and processes are different. Last quarter, in an effort to accelerate our time to deliver new products and as-a-service solutions, we reorganized and streamlined our development teams under new leadership in these 2 areas. Just one quarter later, we are seeing the benefits.

Within FireEye solutions, we expanded our Security as a Service portfolio with a number of new offerings. We introduced digital threat monitoring or DTM. DTM monitors the dark web, social media forums and other sites for threatening activity, collecting and analyzing the data centrally and automatically delivering it to customers. We created public resources for election security as state and local governments gear up for the 2020 election cycle in the United States. We are providing tailored threat intelligence and research, including the potential attack methods that could be used to impact elections and how to prepare for these attacks. We're also providing notification on disinformation campaigns as they emerge, communicating comprehensive security best practices and providing election-specific solutions to help secure elections in the United States and around the world. In short, FireEye's doing its part in defending a free and open election process.

We also expanded our Managed Defense subscription offerings with the Nights and Weekends offering and a U.S. government 24 by 7 offering to address the critical talent shortage in cybersecurity. We also introduced our Managed Defense for endpoint security, simplifying our go-to-market by combining Managed Defense and our endpoint security technology as a single, combined solution. Managed Defense for our endpoint security customers, they gain more extensive capabilities, including alert management, hunting, investigation and response, at a competitive price. And these new offerings contributed to a great quarter for Managed Defense in Q3.

And we integrated our threat intelligence into Verodin, introducing new attack intelligence to allow customers to validate the effectiveness of their security infrastructure as well as their resilience to real-world attacks. We also integrated Verodin into Mandiant Services and enabled new service offerings like the Purple Team offerings that we announced at our Cyber Defense Summit in early October. It's early in the fourth quarter, and we have already sold Mandiant Services engagements powered by the Verodin platform. In the future, we expect to deliver our managed Verodin capabilities through our Managed Defense. In addition to our professional consultants integrating Verodin into their practices, we have other news about the acquisition.

In the third quarter, we closed the largest Verodin deal ever. We also closed our first international Verodin deal, and we closed 2 Verodin deals over 7 figures, and we accomplished all of this in Verodin's first complete quarter as part of FireEye. As you can tell, we are excited about the opportunities to further integrate Verodin's capabilities into our subscriptions and services. I believe there's no other technology with the same potential to fundamentally change the way organizations implement, manage and measure their security infrastructures.

Our laser focus on products under the leadership of Grady Summers has accelerated our progress on that side of our business as well. Since taking on the role as our Head of Products on August 1, Grady has advanced our product innovation significantly and particularly in the areas of cloud security and the Helix platform. We recently introduced several key cloud security innovations, and we demonstrated a renewed urgency to innovate. I've asked Grady to join us on the call today so he can review his first 90 days as our Executive Vice President of Products. Grady?

--------------------------------------------------------------------------------

Grady K. Summers, FireEye, Inc. - EVP of Products & Customer Success [4]

--------------------------------------------------------------------------------

Thank you, Kevin. So it's been a busy few months since I've taken responsibility for the FireEye products team. We took immediate steps to realign the organization for more speed and accountability, improve our cost structure, refocus our customer retention efforts and accelerate new product introduction. While we will continue to refine the organizational structure, I'm very pleased with the renewed energy that this reorg has delivered. This energy and passion can be seen in our accelerated new product introductions. Upon assuming their new roles, the team immediately focused their efforts on designing and delivering new offerings for cloud security. This resulted in a launch at our Cyber Defense Summit of FireEye Network Security for Amazon Web Services and FireEye Detection on Demand. Both of these offerings are available today through the AWS Marketplace. I'm proud of how our cross-functional teams made this a reality through many nights and weekends of hard work.

To be clear, this is not just offering fulfillment of our existing on-premise Network Security technology via the AWS Marketplace. Rather, with this new offering, our Network Security and Forensics products can now run natively in AWS to protect workloads and traffic in the cloud. We're looking forward to launching the same cloud-native solutions in Microsoft Azure in the Azure Marketplace in the first half of 2020.

Detection on Demand is another major milestone for FireEye. For years as FireEye's CTO, I heard customers asking for a better way to leverage our detection outside of our core products. They wanted to integrate our analysis into their custom applications and into third-party products. Now the power of our MVX analysis is as easy and invoking -- as invoking an API. And this opens up thousands of new applications for us and our customers. For example, integrating the API to scan cloud-based file stores in an AWS S3 bucket is as simple as pointing and clicking from the Helix dashboard. A customer can now initiate a trial or a purchase from the AWS Marketplace and use FireEye Detection on Demand minutes later.

I would like to note that as part of our R&D work on Detection on Demand, we challenged ourselves to make our technology more efficient and truly cloud native. As such, Detection on Demand was built as a serverless product and is autoscaling and truly elastic. We also modified our MVX engine to achieve 10x greater scalability as it runs in the cloud. I mentioned these technical features as a few examples of how we are embracing the cloud in new ways, not merely lifting and shifting our legacy technology into the cloud.

We also announced a joint solution between FireEye and iboss, making our Network Security capabilities available as part of the iboss cloud-based secure web gateway. Our customers' desire to protect their employees regardless of location plus the desire to consolidate their on-premise web gateway infrastructure is what drives them to consider cloud-based secure web gateways. With our joint offering, these customers can take advantage of iboss' high-performance, scalable and secure service combined with the superior level of protection from threats that FireEye provides. Early interest in this solution has been strong.

Also at our Cyber Defense Summit, we launched the next generation of our Helix platform with a long list of new capabilities. This milestone version includes the ability to pull in and analyze telemetry from cloud-hosted services with a few clicks of a mouse. It includes self-parsing capabilities for customers, improved alert context, improved reporting, new analytics and modules, improved integration with FireEye products, federated instances so that MSSPs or large customers can gain visibility into all entities from a single view and new onboarding and contextual help to allow customers to realize value more quickly. These new solutions are all indicative of the type of security products we plan to introduce as we evolve our organization and our technology: more open, more extensible and more partner friendly.

To this end, in the last 3 months, we envisioned, designed and launched the FireEye Developer Hub at fireeye.dev and announced a new Developer Relations group. Developer Relations exists to enable our customers and their developers to build on FireEye APIs. When customers integrate their technology deeply with our APIs, they can get more out of our products, make themselves more efficient and become stickier customers for FireEye. We received positive early feedback on this initiative from our customers. Today, the hub features documentation, forms and how-to guides for FireEye Detection on Demand. And over the coming months, we intend to expand with similar content for all FireEye products.

We also know that growth is not just about adding new customers but also retaining our valuable installed base. While our salesforce is always focused on securing renewals, we are now taking more holistic approach to customer success. Our efforts include deeper participation from our product and customer success teams, instrumentation of our products to better measure customer engagement and functionality improvements to simplify product interfaces. We've also introduced prompt and on-demand help to guide users to their desired outcomes within our solutions. With these efforts we're already gaining new insights into customer behavior and translating them into actionable product features to improve customer engagement. We accomplished all of this in the midst of a cost optimization and a reallocation of resources. While such processes are never easy, the team responded effectively. I believe we're getting faster at the same time we are getting leaner, and we're more strongly aligned for growth than ever.

Looking forward, we are reorienting our product road maps to even more aggressively embrace the cloud, make our products easier to use, more open and better integrated into our customers' ecosystems. As we continue the fast pace of innovation that our product teams have set in the last several months, I believe we'll expand our market and our customer community. I look forward to updating you on our progress in future quarters.

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [5]

--------------------------------------------------------------------------------

Thank you, Grady. Everybody's impressed with what the team has done in the last 90 days, and we're really excited to hear more. As we continue to evolve into a comprehensive security platform, I believe our innovation cycle uniquely qualifies us to define and lead modern cyber defense, and we will do so in 4 ways. First, delivering the best layer of detection. We provide this with our endpoint network e-mail and platform solutions that together form an integrated compressive security suite that dynamically adapts to new threats to our innovation cycle. Our technology learns and it updates dynamically every day to meet emerging threats and to ensure our customers are safeguarded.

Second, delivering the best security validation. The Verodin platform operationalizes our threat intelligence and expertise to help customers measure and test their resilience to real attacks. In short, Verodin provides truth about cyber defenses when organizations are uncertain about how good their security is and how to measure it. I believe in the process of attack, measure, fix, then repeat. And FireEye intends to make this process simple, continuous and commonplace.

Third, delivering seamless Expertise On Demand where experts are available at the point when customers need them most. Our Expertise On Demand will continue to be further integrated within our products to make our experts a seamless extension of our customer security teams.

And finally, we'll always strive to automate security operations. We will continue to leverage our knowledge and expertise to automate the complex security operations required to protect organizations.

I want to thank all FireEye employees for their continued efforts and focus as we define and lead modern cyber defense. I believe we have all the pieces necessary to change the game in security. And I look forward to our continued progress. There's a lot to be excited about.

Now I'll turn the call over to Frank, our CFO.

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [6]

--------------------------------------------------------------------------------

Thanks, Kevin. And hello to everyone on the call. Since we just hosted our Analyst Day a few weeks ago, where we discussed our Q3 performance for billings, revenue and ARR as well as our long-term target model, I'm keeping my remarks relatively brief.

For those of you who were unable to attend Analyst Day, the slides are posted in the Investor Relations section of our website. We also have included the long-term model slides in the appendix to the Q3 '19 financial results slides.

Before we move onto the details of our Q3 results and our guidance for Q4 and 2019, let me remind you that I'll be referring to non-GAAP metrics, except for revenue and operating cash flow. Our non-GAAP measures exclude stock-based compensation, amortization of intangibles, noncash interest expense on our convertible debt, restructuring charges and other nonrecurring items.

Turning to our Q3 results. Billings of $249 million were near the middle of our guidance range, up 13% from a year ago. We have now posted double-digit year-over-year billing growth rates in 3 of the last 4 quarters. We achieved this sustained growth while diversifying our customer base beyond the 1A Enterprises and reducing our dependency on large deals. To be clear, our business with 1A Enterprise customers remains strong globally, and our sales with Global 2000 customers expanded in both dollars and number of transactions. However, a meaningful proportion of our billings growth in the third quarter was driven by non-Global 2000 customers.

Our increased traction with medium-sized enterprise customers is evident in a 30% year-over-year increase in the number of customers transacting in Q3 and by double-digit growth in new logo customers. We added 276 new logo customers in the quarter. We added new logo customers in every product, family and across every major geographic region. Notably, approximately 1/3 of these new logo customers adopted multiple products or services in the initial transaction. This multiproduct adoption was a key factor in a year-over-year increase in the average transaction size for new logo customers.

Taking a closer look at our billings performance and the related ARR metrics by the portfolio categories. First, platform, cloud subscription and managed services billings exceeded product and related subscriptions and support billings for the first time in our history. Platform, cloud subscription billings increased 43% year-over-year. Excluding Verodin, year-over-year growth in this category was 35%. This growth resulted in an 11% sequential increase and a 32% year-over-year increase in platform and cloud ARR to a total of $263 million.

While Verodin contributed to this growth, our cloud security solutions including e-mail, endpoint, Helix, Managed Defense and intel accounted for the majority of the increase. Mandiant professional services billings grew 40% year-over-year to an all-time high of $55 million. Services deferred revenue was also a record level, increasing 14% sequentially to $76 million. Finally, our appliance-based product and related ARR stabilized following the end-of-life of the third-generation appliances that had impacted our first half 2019 results.

Turning to revenue. Revenue of $226 million exceeded the high end of our guidance range by about $5 million. The overperformance was driven by a strong services quarter as well as a few million more of upfront revenue than we had forecast related to network forensics appliance sales where the majority of that revenue is recognized upfront. Approximately 86% of nonservices revenue was recognized from current deferred revenue on the balance sheet. Platform, cloud subscription and managed services revenue was at a record $62 million in the quarter. The growth rate accelerated to 27% year-over-year reflecting the growth in billings, ARR and deferred revenue we have experienced since early 2018. Mandiant professional services revenue up $46 million was also at an all-time high. The services revenue growth accelerated in Q3 to 28% year-over-year reflecting the continued strong demand and the capacity we had added in 2018 and 2019 year-to-date.

Product and related subscriptions and support revenue decreased 7% from Q3 '18 to $118 million. The year-over-year decrease in revenue reflected the $23 million year-over-year decline in current deferred revenue opening balance sheet for this category. As we've discussed in the past, we recognize appliance revenue ratably over 4 years under the 606 accounting standard. This means product revenue is directly correlated to deferred revenue and specifically to current deferred revenue. Since we sell fewer appliances today than we have in the past and 75% of all new appliances sales are added to noncurrent deferred, we are recognizing more revenue from current deferred revenue than we are adding back. This results in a net decrease in the current deferred for products and related subscriptions and support, which translates to lower product and related subscription revenue. This headwind to revenue impacts both the absolute dollar amount of product and related revenue recognized and the year-over-year growth rates. The good news is that the accelerating growth in platform and cloud subscriptions and managed services line should more than offset this backward-looking dynamic in product and related subscriptions revenue.

Gross profit margin as a percentage of revenue was 73% in the quarter, down from our Q3 '18 gross margin of 76%. The majority of the year-over-year decrease as a percentage of revenue was related to higher hosting costs for our cloud-based products compared to a year ago, which we discussed in detail on our last call. We have already made progress managing these costs. And cost of goods sold for nonservices was flat sequentially even with substantially higher sales of our cloud-based solutions. Overall, gross profit increased by about $7 million sequentially from Q2.

Total operating expenses increased about $1 million sequentially, reflecting a full quarter of Verodin operating expenses. Operating expenses as a percentage of billings declined from 67% in Q3 of '18 to 64% in Q3 of '19, demonstrating continued leverage in our business model as we execute on our long-term growth plan.

The increase in gross profit was greater than the increase in operating expenses, allowing us to generate operating profit of $4 million or 2% of revenue. With other income offsetting taxes, operating profit translated to net income of $4 million and an earnings per share of $0.02, which was at the high end of our guidance range. Included in the quarter was a GAAP restructuring charge of $6.5 million for an optimization and reallocation of resources, which occurred late in Q3.

Turning to the balance sheet and cash flow. We continue to maintain a very healthy balance sheet with cash and short-term investments of about $1 billion. We ended the quarter with receivables of approximately $154 million, an increase of $26 million from the end of Q2. DSOs calculated on our billings were 57 days, which is at the low end of our target range of 55 to 65 days. Growth in our billings combined with timely collections continues to drive our cash flow performance. We generated $18 million from operating activities in the quarter. This was within our guidance range of $15 million to $25 million and included approximately $6 million in restructuring payments. We ended the quarter with total deferred revenue of approximately $935 million, an increase of $23 million sequentially and $48 million from the end of Q3 '18. Product and related deferred declined $26 million year-over-year. And platform, cloud subs and managed services increased more than $50 million.

With the improving performance in Q3 as a backdrop, we are making some adjustments to our prior implied guidance ranges for the fourth quarter, which also drives some adjustments to our guidance ranges for the full year. We currently expect fourth quarter revenue to be between $224 million and $228 million. This calculates the 2019 revenue in the range of $878 million to $882 million, an increase of $10 million at the midpoint from the midpoint of our prior guidance range. This increase reflects the revenue overperformance in Q3 as well as higher platform, cloud ARR and an increase in services revenue. We expect fourth quarter billings in the range of $285 million to $295 million. This calculates to a range of $937 million to $947 million for 2019. While we usually don't guide billings or revenue mix between the portfolio categories, it's worth noting that we expect platform, cloud subscription and managed services category to contribute most if not all of the year-over-year growth in Q4 billings. This is because we expect continued momentum in Helix, Managed Defense, intel and cloud e-mail and cloud endpoint. Additionally, any incremental billings for our new AWS-hosted Network Security and Detection on Demand solutions will be captured in the platform and cloud category.

Recall that we saw a large increase in services billings in Q4 of '18, and we have continued to build a backlog of services yet to be delivered. As a result, we expect services billings to be relatively flat with Q4 of '18 and with Q3 of '19. Finally, our billings, guidance for Q4 assumes product and related subscription and support billings to be relatively flat with Q4 of '18.

For revenue, we expect services to be flat to slightly up compared with Q3. This is because we have already been operating near capacity in terms of billable hours, and there are fewer potential billable hours in Q4 due to the holidays. Revenue for the other portfolio categories is correlated to our current deferred revenue ending balances implying growth in platform and cloud subscriptions and a year-over-year decline in product and related subscriptions and support revenue.

We expect gross margin of 73% for both the fourth quarter and the full year. We expect fourth quarter operating margin to be between 3% and 5%, which implies a sequential decline in operating expenses of $4 million to $5 million. The implied sequential decline reflects the usual seasonal decrease in payroll taxes as well as the cost optimization exercise we completed in Q3. This calculates to an operating margin for the full year between breakeven and 1%.

Earnings per share is expected to be between $0.03 and $0.05 for Q4 and between $0.01 and $0.03 for the full year. Operating cash flow for Q4 is expected to be between $57 million and $67 million, an increase of approximately 100% from Q4 of '18 at the midpoint. This calculates to full year operating cash flow of between $85 million and $95 million, implying growth of approximately 50% at the midpoint. Our updated annual cash flow expectations for 2019 include the approximate $6 million of restructuring payments recorded in Q3. Finally, we expect CapEx for the year to be between $48 million and $50 million. We continue to expect our CapEx to decline modestly next year as we have completed all our major planned facility moves.

That concludes my prepared remarks. We'll now take your questions. Operator?

================================================================================

Questions and Answers

--------------------------------------------------------------------------------

Operator [1]

--------------------------------------------------------------------------------

(Operator Instructions) Our first question comes from Saket Kalia with Barclays Capital.

--------------------------------------------------------------------------------

Saket Kalia, Barclays Bank PLC, Research Division - Senior Analyst [2]

--------------------------------------------------------------------------------

Frank, maybe just to start with you. Nice performance on the platform billings. Can you just dig into the makeup of that line a little bit more? Meaning, how much of that is more product related with things like endpoint and e-mail and Helix versus other types of subscriptions like Verodin, for example? So what's sort of product related, what's sort of platform related inside of that line?

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [3]

--------------------------------------------------------------------------------

Yes. Saket, I think what really drove the really stellar performance with 43% year-over-year growth in that category was really across that category, and that's because we had a really solid quarter in the cloud solutions of both e-mail and endpoint and then also on Managed Defense, intel, Verodin and Helix all performed really well. So it wasn't one specific product within that category that drove it. It was really year-over-year solid growth across the category.

--------------------------------------------------------------------------------

Saket Kalia, Barclays Bank PLC, Research Division - Senior Analyst [4]

--------------------------------------------------------------------------------

Got it. Got it. And Kevin, maybe for you. When you think about the -- obviously, a really successful split between sort of the products and the platform organization in just 90 days, to your point, when you think about the go-to-market and just general kind of platform organization, can you just talk about the typical customer -- profile for a platform customer? How do deal sizes look in sort of that segment? Anything that you would call out in the platform business specifically just as we get to know these 2 businesses a little bit more independently?

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [5]

--------------------------------------------------------------------------------

Yes, so for the majority of our customers, the avenue in is services or endpoint or e-mail or network or intel. And we're looking at platform to kind of be the bridging function between all of it. So that if you want to experience FireEye, you get platform. And so what you're going to see in most buying experiences, the avenue in is one of those ways I mentioned, and platform comes along with it, and platform opens up a fusion of all of our capabilities. So if somebody buys endpoint and they're consuming endpoint and platform, the avenue in was endpoint. Platform shows added value because it shows an introduction to our intel, our Expertise On Demand and then some of the other services that we can do as well as the integration into network or e-mail. So I see the -- from now, the point of the spear is sometimes the spokes and the services. And I think over time, you'll see a rotation to, "we want the suite." But right now the reality of buyers, they're not here to buy the whole suite of everything. They're here because they have one need. We meet that need, and then the platform is the glue that shows the value of everything else. So I gave you one example of one spoke leading to everything we've got with platform as the way they consume the spoke and see just the fusion of all our capabilities.

--------------------------------------------------------------------------------

Operator [6]

--------------------------------------------------------------------------------

Our next question comes from Sterling Auty with JPMorgan.

--------------------------------------------------------------------------------

Sterling Auty, JP Morgan Chase & Co, Research Division - Senior Analyst [7]

--------------------------------------------------------------------------------

So listen, there's been a number of news reports recently in terms of what you guys might be thinking in terms of strategic alternatives. I know sometimes it's tough to comment. But just so in a public record you can at least give us some insight in terms of your thinking, any comments or ways that you would answer that question?

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [8]

--------------------------------------------------------------------------------

Yes. Sterling, this is Kevin. Just as a matter of policy, we don't comment on rumors. And then just a matter of personal habit, I don't get distracted by rumors. So I generally show up every day not thinking about how to we exit. I show up every day thinking how do we execute. And that's just what we do around here. So we're building this company to be the best security company it can be.

--------------------------------------------------------------------------------

Sterling Auty, JP Morgan Chase & Co, Research Division - Senior Analyst [9]

--------------------------------------------------------------------------------

I really appreciate that. And then in terms of looking at the subscription, the nonproduct related subscription, how much of that is coming from existing customers that you've already had relationships with from NX, et cetera versus how much are you starting to tap into new customers?

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [10]

--------------------------------------------------------------------------------

So I think the growth in that category is really coming from both new customer logos and then also just cross-selling and upselling within the existing customer base. I think we've seen a really nice land and expand strategy. Again, like Kevin mentioned earlier, the tip of the spear often could be e-mail, network or endpoint or services. But ultimately, I think we get our customers involved in that category in a lot of different ways.

--------------------------------------------------------------------------------

Operator [11]

--------------------------------------------------------------------------------

Our next question comes from Ken Talanian with Evercore ISI.

--------------------------------------------------------------------------------

Kenneth Richard Talanian, Evercore ISI Institutional Equities, Research Division - Analyst [12]

--------------------------------------------------------------------------------

So I was wondering, could you discuss your net retention rates, some of the factors driving it in the quarter? And then maybe related to that, can you just talk about how much variability there might be in your forecasting at this point given uncertainty in terms of purchasing patterns between physical appliances and virtual sensors?

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [13]

--------------------------------------------------------------------------------

Yes. So Ken, I think -- one of the things we're really excited about in the quarter is that we did see a nice bounce back in our retention rate. If you remember in Q1 and Q2, we had the end-of-life for -- of our third-generation appliances. So we saw a pretty big hit on ARR and retention rates relating to some of those customers. We saw a nice bounce back in Q3, got it above 100% again. And I think it kind of hit exactly where we expected it to do, which was a really nice bounce back because we only had $3 million left in ARR as of the end of June 30 related to the third generation.

And then with your second question with respect to the visibility within those categories. I think we still continue to see general migration to the cloud. So I think we feel very confident in the long-term growth in the platform, cloud subscription category. In any one quarter, the larger deals could go on-premise versus the cloud so we don't obviously have perfect visibility into which way the customer will prefer to purchase. But I think you can see with the growth in the platform and cloud subscription category that it's generally heading towards the cloud direction. And that's why we're so excited about a lot of the innovations we've done in the cloud.

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [14]

--------------------------------------------------------------------------------

Yes. And Ken, to be clear, we don't incent one way or another to our customers. They pick whether they want to go with on-prem solutions or cloud-based solutions. So we don't steer it any way. We provide the menu to the customer and let the customer choose, and that does probably create a little bit of variability there. But ultimately, we're letting the market pick the form factor. We're not gaming it in any way.

--------------------------------------------------------------------------------

Kenneth Richard Talanian, Evercore ISI Institutional Equities, Research Division - Analyst [15]

--------------------------------------------------------------------------------

And if I may, just quick follow-up. How are you thinking about linearity in 4Q given the holiday schedule this year?

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [16]

--------------------------------------------------------------------------------

Yes. Typically, Q4 has got probably the best linearity of any of the quarters just because, I think, people try to get the tail end of December off. So we typically have a much better cycle of purchases within the earlier part of the quarter and definitely the earlier part of December versus other quarters can be very back-end loaded.

--------------------------------------------------------------------------------

Operator [17]

--------------------------------------------------------------------------------

Our next question comes from Gregg Moskowitz with Mizuho.

--------------------------------------------------------------------------------

Gregg Steven Moskowitz, Mizuho Securities USA LLC, Research Division - MD of Americas Research [18]

--------------------------------------------------------------------------------

Kevin, I believe you mentioned a 30% year-over-year increase in the number of customers transacting in the quarter, which is pretty impressive. I would assume this is at least in part due to broader traction with the channel, but any additional color there would be very helpful.

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [19]

--------------------------------------------------------------------------------

Yes, definitely more traction with the channel, and Frank, you can expound on it. But I think we've seen this trend, maybe not to that percentage, but we've seen this trend for the last few quarters of just greater transaction velocity.

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [20]

--------------------------------------------------------------------------------

Yes. And I think it's also the fact that we've now got multiple products that are -- that is really the tip of the spear. If you think back 1 or 2 years ago from products perspective, network was typically the way we got into customers. If you look at the last couple of quarters, actually, e-mail and endpoint has been a higher proportion of new customer logos than network. So I think we're seeing a nice broad-based customer adoption across our product portfolio.

--------------------------------------------------------------------------------

Gregg Steven Moskowitz, Mizuho Securities USA LLC, Research Division - MD of Americas Research [21]

--------------------------------------------------------------------------------

Okay. Perfect. And then also, you guys always give good color around the particularly large deals. And so I'm just wondering if there are any very significant ones that might be in the pipe or if you're expecting any of those to actually close in Q4.

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [22]

--------------------------------------------------------------------------------

Yes, I think you're referring to $10 million or bigger deals. I'm not aware of any.

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [23]

--------------------------------------------------------------------------------

We don't have any built into the guidance for Q4, and we didn't have any in the third quarter.

--------------------------------------------------------------------------------

Operator [24]

--------------------------------------------------------------------------------

And our next question comes from Gur Talpaz with Stifel.

--------------------------------------------------------------------------------

Christopher Caleb Speros, Stifel, Nicolaus & Company, Incorporated, Research Division - Associate [25]

--------------------------------------------------------------------------------

It's actually Chris here on for Gur. For Kevin, obviously, demand from Mandiant Services continues to be record levels here. Can you talk about the nature of the current breach environment and how we should think about this growth in terms of sustainability?

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [26]

--------------------------------------------------------------------------------

Yes. The sustainability is high because the growth is actually coming in what we call strategic services. One of the things about responding to breaches is you learn what you need to be strategic. In other words, as we show up to what people perceive as a tactical moment, we've had a breach, what happened, what to do about it. In reality, during that moment, over the years, you learn what technology works, what technology doesn't, what technology is hard to implement, what technology when glued together and integrated how does it work, what processes are necessary. So we're taking the skills we've learned over the years during that moment of duress, and we're expanding our strategic services under Charles Carmakal and other very experienced folks who have had their decade-long run of responding to breaches because you're just really well-versed at that point in advising.

Remember that every time we respond to a breach, the outcome of that are remediation plans. So now we're starting to get more into that proactive selling motion of selling strategic assessments, strategic reviews of people's security programs. We have a Red Team business, which is the -- we sell that, and that's not responding to a breach that's, let's simulate the breach and see how good you are. And then Verodin, that purchase was literally meant to augment the Red Teams because I believe in security validation.

Everybody wants to know, hey, does my security stuff work? We're the best company out there to figure that out for you and say we've launched real attacks, and we've proven it. So we are expanding. And these are logical adjacencies based on our core competencies. We are expanding into these adjacencies, and that's why you're seeing services grow. It's because we're just doing more with the skill sets that we have.

--------------------------------------------------------------------------------

Christopher Caleb Speros, Stifel, Nicolaus & Company, Incorporated, Research Division - Associate [27]

--------------------------------------------------------------------------------

That's great color there...

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [28]

--------------------------------------------------------------------------------

It's now more breaches. Yes, it's now -- today, we're responding to thousands more breaches. We do generally respond to more breaches every year, but anecdotally you never want to get on a call like this and say, hey, but they're all small because somewhere out there, we are actually helping customers. And to them, this is the biggest darn problem they're going to have in their careers. But it feels to me that in general, the breaches are a little bit smaller but far more frequent.

--------------------------------------------------------------------------------

Christopher Caleb Speros, Stifel, Nicolaus & Company, Incorporated, Research Division - Associate [29]

--------------------------------------------------------------------------------

Okay and that's great color there. And one other one for Frank. It sounds like Verodin has performed quite well since the acquisitions closed with a couple million dollar deals in Q3. Can you talk about how its performance is tracking against the $70 million billings target for 2020?

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [30]

--------------------------------------------------------------------------------

Sure. Yes. The first milestone is actually $20 million for 2019, and I think we're tracking very well to that. I think everything that we've seen in the integration and the enablement would lead us to believe that the $70 million is absolutely tracking for 2020 as well. I think we've been really encouraged by the sales team and consulting teams' ability to latch onto this product and how excited they are about it. And I think we've been able to integrate the teams really well. So I think it's tracking as planned, but we have pretty high expectations for them. So I think it's great news that they're tracking to it.

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [31]

--------------------------------------------------------------------------------

Yes. One of the things that I mentioned in my script and I'll call it out here, is the thing we call purple teaming, where we do a Red Team exercise and we work with a witting customer and we go through, here's the alerts that were generated when we attacked your network, and let's instrument your network to stop these attacks or detect them in a manner where your processes can eliminate impact. And we've already sold that service and so you can see our services folks are building Verodin into that motion of let's use it during the engagements. But I see this, you go out a few years, I think what really will happen here, and we're going to have it before then. But a managed service similar to vulnerability management where people want to subscribe to the constant vulnerability management, I think the motion here will be, over time, there will always be customers that want to run the technology of Verodin themselves. But we are also going to have a fully managed capability of it that we can provide. We're the closest to the attacks with all the response we do, with all the global threat intelligence we collect and the red teaming we do. Why not have us run that for you and with our orchestration capabilities instrument fixes as well?

So I have a strong sense of urgency to get a managed version of this to market, and we'll update you on that. But that's the -- that's what I'd buy at FireEye just so I could have someone on my front lines plugging in attacks and trying it out. But boy, would I love to have that FireEye, Mandiant team continuously assessing my security posture with real attacks and then instrumenting those fixes. So stay tuned on that, but we're going to work hard towards having a nice managed approach to this.

--------------------------------------------------------------------------------

Operator [32]

--------------------------------------------------------------------------------

Our next question comes from Walter Pritchard with Citi.

--------------------------------------------------------------------------------

Walter H Pritchard, Citigroup Inc, Research Division - MD and U.S. Software Analyst [33]

--------------------------------------------------------------------------------

Two questions. First, Kevin on the endpoint side. It sounds like you're talking better about that business, seeing improved performance there. And I'm wondering how much of that is tied to a Managed Defense service on the back end where you're able to differentiate there, and that's helped to drive the performance.

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [34]

--------------------------------------------------------------------------------

I'm not sure as I sit here right now. I can't really answer that question. I mean there's always a relationship there. I just don't have the numbers to quantify it for you. Certainly that is the technology that our consultants use, and a lot of the value in our endpoint is the recognition that we can send the expertise to assist and do full forensic capability with it. But I really can't comment. Frank, do you know the answer to that in regard...

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [35]

--------------------------------------------------------------------------------

Well, I think it's -- most of the endpoint sales are standing on their own. They're not coupled with Managed Defense. I do think there are some larger deals that have Managed Defense and endpoint together, which has been a nice boost to endpoint. But overall I think we see a lot of stand-alone endpoint deals. And like I mentioned earlier, in the last couple of quarters, endpoint's been the tip of the spear of new customer acquisition.

--------------------------------------------------------------------------------

Grady K. Summers, FireEye, Inc. - EVP of Products & Customer Success [36]

--------------------------------------------------------------------------------

Yes, we just had -- qualitatively, we're seeing more and more -- this is Grady, by the way -- more and more endpoint deals because of customer concerns over ransomware and a desire to replace legacy antivirus. And so we're seeing more -- much more traction there than we were a year ago.

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [37]

--------------------------------------------------------------------------------

Yes. And Walter, I went right to like total billings numbers on that and don't have that broken out. Definitely from quantity, endpoint stands alone. If you just look at the number of transactions, endpoint gets sold more than endpoint plus Managed Defense. But one of the things that I've always felt people really like and was always comfortable with is knowing there's a second layer of defense. When they have endpoint plus Managed Defense, they know we're looking at the same alerts they're looking at. And we have expertise on all their problems so that if they feel they lack the internal staffing to deal with things, we can do it for them. So there's definitely a relationship, can't quantify it on the phone today.

--------------------------------------------------------------------------------

Walter H Pritchard, Citigroup Inc, Research Division - MD and U.S. Software Analyst [38]

--------------------------------------------------------------------------------

Great. And then, Frank, on your end, on the OpEx, you took some actions in the quarter. You talked about an OpEx run rate that'll be down in Q4. Can you help us understand sort of the steady-state, maybe OpEx base of the company as you head into next year some way? Because you have the M&A cost from Verodin that came in and then this risk and just quite a few moving parts for us to track.

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [39]

--------------------------------------------------------------------------------

Yes. I think the reorganization or reallocation of resources helped probably about $20 million annually, but we did reinvest some of those dollars in the platform, cloud area. So I think as we look at the 2020 from a run-rate perspective, you'll see a little bit of an increase in the sales and marketing side given the growth in billings. But for the most part, G&A and R&D, I think, will be relatively flat year-over-year from a head count perspective and probably slightly up from a dollar perspective just given kind of inflationary cost.

--------------------------------------------------------------------------------

Operator [40]

--------------------------------------------------------------------------------

Our next question comes from Patrick Colville with Arete Research.

--------------------------------------------------------------------------------

Patrick Colville, [41]

--------------------------------------------------------------------------------

Just a quick question on the third-generation appliances. So is that headwind over? And also, within that customer base you mentioned the past that the churn had mostly been around smaller customers. I mean, is that still the case? Did I understand it correctly?

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [42]

--------------------------------------------------------------------------------

Yes. It's over. So that -- we started that transition in Q4, Q1 and Q2. I think we had $3 million left in the renewal...

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [43]

--------------------------------------------------------------------------------

As of the end of June.

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [44]

--------------------------------------------------------------------------------

Yes. So Frank, where are we at on that? I mean...

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [45]

--------------------------------------------------------------------------------

So we completely flushed it through in Q3, and that's why you saw kind of a stabilization after 2 quarters of seeing product and related ARR go down. We actually saw it relatively flat quarter-over-quarter, and you saw a really nice uptick in overall ARR. So it was nice to see that flush through. And generally, it really has been kind of the smaller customers that have churned off. The larger customers from a retention perspective stayed remarkably consistent. Ultimately, those customers are very sticky and believe in our products.

--------------------------------------------------------------------------------

Patrick Colville, [46]

--------------------------------------------------------------------------------

Got it. And can I switch over to Mandiant? I mean if I look at your numbers, this quarter and also year-to-date, it's just been an unbelievable business, real acceleration. I mean, what's driven that? Is it an increasingly hostile threat environment? Is it you guys distancing yourselves from competitors? Is it new innovations? Just any color to help us understand would be very valuable.

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [47]

--------------------------------------------------------------------------------

I think there's a lot of different factors. There's the broadening of services. Back when we were added to the FireEye team in '14 or '15, there was always a little bit of getting your feet wet, learning how to work together. So there's usually when you first do an acquisition sometimes there's a little bit of slowing of growth and then you kind of recharge it over time as you get -- accumulate a comfort with a culture. So this thing stabilized grew steadily, and then right around '18, we started broadening the services that it did. And that's what you're seeing. I mean we knew we had a lot more capability than the niche that people know us for of responding to breaches, and it was time to advertise that a little bit and venture out from it.

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [48]

--------------------------------------------------------------------------------

Yes. And Patrick, after a few years of having billings in excess of the revenue deliver, we really kind of ramped up capacity in the services over the last 6 quarters, which has really helped as well. And then broadening the service portfolio to include things like Expertise On Demand and some of the strategic consulting services has really helped as well.

--------------------------------------------------------------------------------

Operator [49]

--------------------------------------------------------------------------------

And our next question comes from Melissa Franchi with Morgan Stanley.

--------------------------------------------------------------------------------

Melissa A. Franchi, Morgan Stanley, Research Division - VP and Research Analyst [50]

--------------------------------------------------------------------------------

Kevin, you noted strength in the endpoint business, and there certainly has been some shift in that landscape over the past few quarters with some acquisitions, particularly with Symantec. Just wondering if that was a positive driver for you all this quarter. Or do you think that opportunity for competitive displacements is largely on the comp?

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [51]

--------------------------------------------------------------------------------

The bottom line is I think endpoint is ripe for displacement. And when you look at what we do, I love the idea of combining tech with people. And when we do Expertise On Demand, it is not to sell more expertise. It's really to differentiate the products, and that's what I think you need in endpoint. So that's the one place where if there's a lack of cybersecurity talent, it is in the ability to do deep dive forensics and triage from alert to fix. So our endpoint, what's unique about that is combining our endpoint with Expertise On Demand, you get the expertise there. So all things being equal on the protection side of the house, I think people gravitate towards, well, I get endpoint protection and access to experts should I have questions that, that just differentiates. But the bottom line is the whole market has been ready for a long time for a replacement of the first-generation solutions, and I think the modern endpoint companies are all doing pretty well right now.

--------------------------------------------------------------------------------

Grady K. Summers, FireEye, Inc. - EVP of Products & Customer Success [52]

--------------------------------------------------------------------------------

Melissa, this is Grady. I would just say I think generally we're starting to see more questions from customers on what the Symantec acquisition means for them. I think there's -- increased replacement opportunities are going to come. Those questions are just starting to pop up now.

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [53]

--------------------------------------------------------------------------------

And welcome back, Melissa.

--------------------------------------------------------------------------------

Melissa A. Franchi, Morgan Stanley, Research Division - VP and Research Analyst [54]

--------------------------------------------------------------------------------

Just one follow-up question. Maybe this is for Frank or Kevin. So just thinking about sales and marketing spend over the past few years, you all have done a really great job in optimizing that line item. As we're looking ahead to calendar '20, I know that you're not guiding to that, but how do you feel about sales capacity and the trends you're seeing in sales productivity?

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [55]

--------------------------------------------------------------------------------

Yes. I think we feel really good about sales capacity. I think we feel really good about some of the new products that we've introduced. So I think the sales teams are going to have a lot more to sell in 2020. But I think as we look at capacity, I think we've got the right number of salespeople in the right regions, and I think we've been doing a really good job on continued enablement of the newer products. So I think we feel pretty good about being able to keep the costs on sales and marketing relatively flat.

--------------------------------------------------------------------------------

Operator [56]

--------------------------------------------------------------------------------

And our next question comes from Fatima Boolani with UBS.

--------------------------------------------------------------------------------

Fatima Aslam Boolani, UBS Investment Bank, Research Division - Associate Director and Equity Research Associate Technology-Software [57]

--------------------------------------------------------------------------------

Maybe I'll start with Kevin. As I drill into the strength in the Mandiant business I want to revisit that and drill into a little bit more, I'm wondering if you can comment on or delineate between the strength domestically versus internationally because I do understand that the capacity additions did skew more international. So that's part A.

And then part B, if you can qualitatively speak to sort of billable rates and the capacity utilization of existing personnel as it relates to billable rates, that would be super helpful. And I have a follow-up for Grady, if I may.

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [58]

--------------------------------------------------------------------------------

Sure. Yes, so couple of anecdotes. In general, because I don't have the exacts on this quarter on geographies we have been growing internationally but we've also been growing domestically. A couple of quarters, you see a bounce in maybe the composite being a little more growth internationally. Our utilization rates are high. Our chargeability is high. We don't keep people on the beach. I learned a long time ago managing a bunch of professional services folks you just got to keep everybody busy. So we don't hire ahead of the power curve much, and our folks are feeling pretty strained right now at the amount of effort they're putting in. So from utilization, they're above the line. From effective rate, they're above the line, and their hiring is right on par. So we have a very performant business there.

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [59]

--------------------------------------------------------------------------------

Yes. And Fatima, I think the effective rate being pretty consistent, I think, is a really strong sign given that we have kind of broadened the base of services to include a lot more strategic services, which are typically a little bit lower than our IR services. So it's really been great to be able to maintain that high effective rate even though we've grown that organization and expanded to different types of services.

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [60]

--------------------------------------------------------------------------------

Yes. When you look at utilization and the gaps there between any number and 100%, nobody can operate at 100% chargeability. But when you look at our delta, that delta isn't people not having work, it's those people doing sales and marketing functions or engineering functions to support the practice. So it's -- we're operating at full steam ahead there.

--------------------------------------------------------------------------------

Fatima Aslam Boolani, UBS Investment Bank, Research Division - Associate Director and Equity Research Associate Technology-Software [61]

--------------------------------------------------------------------------------

That's super helpful detail. And Grady, for you, you referenced the partnership with iboss in terms of having the FireEye capabilities embedded in their cloud secure web gateway. I'm wondering, a, if there are other partnerships that you have sort of at play just from an OEM-ing your capability standpoint; and secondarily, and maybe this is a better question for Frank, if there is any revenue attribution or rev share or an economic arrangement that you can talk to as it relates to this partnership. And that's it for me.

--------------------------------------------------------------------------------

Grady K. Summers, FireEye, Inc. - EVP of Products & Customer Success [62]

--------------------------------------------------------------------------------

Sure. Yes, you're right. We're really excited about the iboss relationship. It let's just get into an area where we hadn't been able play in the past, which is that increasingly popular secure web gateway in the cloud. I talked about Detection on Demand, and we see tremendous partnership opportunities there. At the Cyber Defense Summit, we announced launch partners Corelight and Accellion, which are like 2 neat examples, Accellion being a content collaboration platform with a real focus on security and then Corelight being a commercial packaging of on open-source network sensor called Zeek. So just 2 kind of diverse customers that shows how quickly we can plug our analytic capabilities into third-party products. And I can tell you, you'll see a lot more of that from us in the quarters to come.

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [63]

--------------------------------------------------------------------------------

And from a revenue kind of attribution and modeling perspective. We are going to market in different ways, and depending on who's the lead on that, there's different revenue ramifications. But ultimately, both iboss and FireEye would be seeing nice growth and nice business from any of those joint, combined deals.

--------------------------------------------------------------------------------

Operator [64]

--------------------------------------------------------------------------------

And our last question comes from Michael Turits with Raymond James.

--------------------------------------------------------------------------------

Eric Michael Heath, Raymond James & Associates, Inc., Research Division - Research Associate [65]

--------------------------------------------------------------------------------

This is Eric Heath on for Michael. Kevin, I guess, for you. I just wanted to follow up on the prior question on Verodin. Could you maybe elaborate on the sales process for these large Verodin deals, maybe how you guys got brought into the deal, the structure of the deal? And was there any other existing solution that they might have been looking at?

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [66]

--------------------------------------------------------------------------------

I can't -- so for the 2 that closed, they were most likely in motion before we purchased them. And I know where they're at, and they're in the financial services and a government buyer. And the bottom line...

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [67]

--------------------------------------------------------------------------------

So those were the 2 seven-figure deals that closed.

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [68]

--------------------------------------------------------------------------------

Yes, sorry. Well, good point. There's more than those. And the way I look at it is every time I meet a CEO or speak at a Board, it is just relevant right now to the discussion how good is my team? How good are my security safeguards that I have? And this is the way you test it. So I likened all the sales we're seeing to those early adopters that have recognized this is the only way to unvarnished truth: launch an attack that FIN7 does -- did last week and see how well you do. We live with it here at FireEye, and we're going to see people adapt. It's just highly relevant. And that's what led to these sales. And it doesn't surprise me, by the way, and that's why I mention it. Government does, believe it or not, when it comes to security, they are early adopters in a lot of technology. And the same with the financial services. So those are where those deals were at.

But I expect that sale cycle and the discussions I have, it's at a C-Suite level because it's so easy to understand. We run attacks and we tell you how you did. That simple. And that's a lot easier to comprehend than, we have 11,000 vulnerabilities and we're trying to rack and stack the prioritized order of what we're going to do about them all. So that's the relevance. And I find it -- it's probably -- and I can't speak for, is it relevant for the network security operator. My gut tells me, though, from the CISO on up, it resonates. Validate your security posture with real attacks. So that's the selling motion.

--------------------------------------------------------------------------------

Eric Michael Heath, Raymond James & Associates, Inc., Research Division - Research Associate [69]

--------------------------------------------------------------------------------

Got it. And if I could just squeeze one more in for Frank. I was just wondering if you can quickly maybe drill down or rank order maybe the -- what's leading to that billings acceleration on the cloud and platform deals to meet your long-term framework.

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [70]

--------------------------------------------------------------------------------

Yes. I think, like I said earlier, it really was driven across that whole portfolio set. So we had near-record quarter in Managed Defense. We had a record quarter on cloud endpoint. And then you look at intel, cloud e-mail, Verodin and Helix, all very strong quarters. Now obviously, Verodin's new to that category. It performed exactly where we expected it to, but obviously, it's a much smaller piece of that overall category.

--------------------------------------------------------------------------------

Operator [71]

--------------------------------------------------------------------------------

Ladies and gentlemen, this concludes our question and answer session. I would now like to turn the call back over to Kevin Mandia for any closing remarks.

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [72]

--------------------------------------------------------------------------------

Yes, I'll make these brief. We have talked about our innovation cycle for years and the importance of having that front-line expertise. That innovation cycle is real, and we will continue along the theme of delivering the best way of detection because of that innovation cycle. We see the attacks. We adapt to the attacks. We have a learning system that can defend our customers. We're going to deliver the best security validation. I think we're uniquely positioned as a company so that people can run the Verodin platform, attack their networks, measure the results and instrument the fixes so they can feel peace of mind in cyberspace.

We're going to deliver seamless Expertise On Demand, and we already have a version of that in our Helix platform. You can click and get chat with an expert and interact with us immediately, and we'll continue to refine that and bake that in. And we'll always work to automate the complex things that we do for our customers with humans today and computers tomorrow. I appreciate your interest in FireEye and look forward to speaking to many of you over the next 24 hours or in 90 days. Take care now.

--------------------------------------------------------------------------------

Operator [73]

--------------------------------------------------------------------------------

Ladies and gentlemen, this concludes today's conference call. Thank you for participating. You may now disconnect.