U.S. Markets close in 6 hrs 29 mins

Edited Transcript of FEYE earnings conference call or presentation 28-Apr-20 9:00pm GMT

Q1 2020 FireEye Inc Earnings Call

MILPITAS May 18, 2020 (Thomson StreetEvents) -- Edited Transcript of FireEye Inc earnings conference call or presentation Tuesday, April 28, 2020 at 9:00:00pm GMT

TEXT version of Transcript

================================================================================

Corporate Participants

================================================================================

* Frank E. Verdecanna

FireEye, Inc. - Executive VP, CFO & CAO

* Kate Patterson

FireEye, Inc. - VP of IR

* Kevin R. Mandia

FireEye, Inc. - CEO & Director

================================================================================

Conference Call Participants

================================================================================

* Christopher Caleb Speros

Stifel, Nicolaus & Company, Incorporated, Research Division - Associate

* Eric Michael Heath

Raymond James & Associates, Inc., Research Division - Research Associate

* Erik Loren Suppiger

JMP Securities LLC, Research Division - MD & Senior Research Analyst

* Fatima Aslam Boolani

UBS Investment Bank, Research Division - Associate Director and Equity Research Associate Technology-Software

* Gregg Steven Moskowitz

Mizuho Securities USA LLC, Research Division - MD of Americas Research

* Hamza Fodderwala

Morgan Stanley, Research Division - Research Associate

* Keith Frances Bachman

BMO Capital Markets Equity Research - MD & Senior Research Analyst

* Matthew Melotto Parron

JP Morgan Chase & Co, Research Division - Analyst

* Robbie David Owens

Piper Sandler & Co., Research Division - MD and Senior Research Analyst

* Saket Kalia

Barclays Bank PLC, Research Division - Senior Analyst

* Shaul Eyal

Oppenheimer & Co. Inc., Research Division - MD & Senior Analyst

================================================================================

Presentation

--------------------------------------------------------------------------------

Operator [1]

--------------------------------------------------------------------------------

Good day, everyone, and welcome to the FireEye First Quarter 2020 Earnings Results Conference Call. (Operator Instructions) Also, this call is being recorded.

At this time, I would like to turn the call over to Kate Patterson. Please go ahead.

--------------------------------------------------------------------------------

Kate Patterson, FireEye, Inc. - VP of IR [2]

--------------------------------------------------------------------------------

Thank you, Shannon. Good afternoon, and thanks to everyone on the call for joining us today to discuss FireEye's financial results for the first quarter of 2020. This call is being broadcast live over the Internet and can be accessed on the Investor Relations section of FireEye's website at investors.fireeye.com. With me on today's call are Kevin Mandia, FireEye's Chief Executive Officer; and Frank Verdecanna, Executive Vice President, Chief Financial Officer and Chief Accounting Officer of FireEye.

After the market closed today, FireEye issued a press release announcing the results for the first quarter of 2020.

Before we begin, let me remind you that FireEye's management will make forward-looking statements during the course of this call, including statements relating to FireEye's guidance and expectations for certain financial results and metrics, the impact of the COVID-19 pandemic, FireEye's priorities, initiatives, plans and investments, drivers and expectations for growth and business transformation, the expansion of FireEye's platform and the benefits, capabilities and availability of new and enhanced offerings, market opportunities, go-to-market strategies and FireEye's restructuring plan.

These forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. These forward-looking statements apply as of today and you should not rely on them as representing our views in the future, and we undertake no obligation to update these statements after the call. For a detailed description of the risks and uncertainties, please refer to our SEC filings as well as our earnings release posted 1 hour ago. Copies of these documents may be obtained from the SEC or by visiting the Investor Relations section of the website.

Additionally, certain non-GAAP financial measures will be discussed on this call. We have provided reconciliations on these non-GAAP financial measures for the most directly comparable GAAP financial measures in the Investor Relations section of the website as well as in the earnings release.

Finally, I'd also like to point out that we have posted the supplemental slides and financial statements on the Investor Relations section of the website.

With that, I'll turn the call over to Kevin.

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [3]

--------------------------------------------------------------------------------

Thank you, Kate. I would like to thank all the investors, employees, customers and partners for joining us today on the call. I hope that all of you, your families and your loved ones are staying healthy during the unprecedented conditions we are all currently enduring. As we are confronted with new and emerging challenges from the coronavirus, it's FireEye's top priority to ensure the health and safety of all our employees while also effectively safeguarding our customers from cyberattacks. I am proud of how fast our customers adapted to the new normal. I'm also proud of our employees who reacted swiftly to shelter-in-place and work-from-home orders while maintaining performance and our mission of safeguarding our customers.

Now I'd like to turn to FireEye's first quarter accomplishments. I will begin by discussing some Q1 highlights. And then I'll provide an update on our performance by category. I'll add commentary on how we are thinking about the impact of the current COVID pandemic on our business. I'll then turn the call over to Frank to discuss the details of our first quarter financial results, the impact of the COVID-19 pandemic and the resulting changes to our outlook for the year.

In the first quarter, we met our revenue guidance for the 13th straight time. We achieved the midpoint of our billings guidance range, and we exceeded our guidance range for earnings per share. Let me share some of the highlights with you.

Billings for the quarter was $170 million, at the midpoint of our guidance range. Revenue for the quarter was $225 million, which represented a first quarter record for us and was above the midpoint of our guidance range and up 7% year-over-year. Our revenue growth was led by year-over-year growth of more than 30% in our Platform, Cloud Subscription and Managed Services category, which includes our validation platform, our threat intelligence, managed defense offerings as well as our cloud-based security products. Annual recurring revenue for this category also increased by more than 30% year-over-year.

Revenue for the Mandiant Consulting services grew 25% compared to Q1 of 2019. Now this marks the eighth quarter in a row of record revenue for our professional services, the fifth quarter of year-over-year revenue growth exceeding 20% and the second quarter in a row that revenue exceeded $50 million. The combined revenue of our Platform and Cloud category and our Professional Services category eclipsed our more mature Appliance-based business again in the first quarter, and it accounted for 53% of our total revenue. This compares to 44% in the Q1 of 2019 and less than 40% in Q1 of 2018. And we expect this trend will accelerate throughout 2020 as we are transforming FireEye to a Security-as-a-Service company with our emerging solutions growing over 30% and eclipsing our product category.

We exceeded our earnings per share guidance, reduced our first quarter non-GAAP operating losses by over 50% year-over-year. We added 258 new customers in the quarter, up from 237 a year ago. The dollar amount of new customer billings increased more than 20% year-over-year. The total number of customers and the number of Global 2000 customers transacting in the quarter increased compared to a year ago. And our business was well diversified across all geographies. I was pleased that our largest transaction in the first quarter was a new customer added from Japan.

I believe our solid performance during the quarter was the direct result of the actions we have taken to transform and modernize our business over the last several years. I also believe our performance was aided by the speed and effectiveness in which we adapted to the working conditions brought upon by the COVID pandemic. We were able to shift our operations around the world almost seamlessly to a work-from-home model on very short notice. This allowed us to remain focused on our mission and to address the change in threat activities we witnessed in the first quarter.

Now I'd like to provide you an update on our Mandiant Consulting services. Customers around the world continue to call on Mandiant, not only to respond to security breaches, but also to proactively assess the resilience against the latest attacks, modernize their security operations and help them build in-house capabilities. Custom demand for these offerings has allowed our consulting business to consistently deliver record results. While our Consulting business is not completely immune to the impact of the global pandemic, I believe Mandiant Services will continue to be an important growth driver for our business, both during the pandemic and afterwards.

There are several reasons for this. First, the threat environment remains elevated. While most threat actors have continued to use the same tools and techniques, the attack surface is expanding with work-from-home mandates. We have seen targeted attacks by nation-state actors that appear to be seeking COVID-19-related data from both public and private sources. We have also seen the reemergence of some highly sophisticated state-sponsored attackers who appear to be targeting organizations associated with critical infrastructure, energy and the defense industries. In addition to nation-state attacks, we continue to see significant levels of ransomware activity and other disruptive attacks that we are currently responding to.

Second, the Mandiant Consulting organization has been able to quickly respond to the current work-from-home environment. We have adapted all of our services, including our education business, to provide remote delivery. We adapted fast because our technology was designed for us to send expertise and offer remote assistance to our customers. For incident response services, we are leveraging our endpoint technology, which is deployed and managed remotely, allowing our experts to work on multiple engagements simultaneously from anywhere. For our strategic services, we are making use of video conferencing and other collaboration technologies to help us bridge the portion we would typically perform on site.

The third reason I believe Mandiant Services will continue to grow is the relevance of our portfolio, which we are expanding even further. We are in the process of formalizing 2 new offerings to meet customer demand in the current environment. First, a remote security assessment, which is a lightweight, fixed-cost offering intended to address an organization's immediately -- their immediate concerns due to work-from-home mandates. And a ransomware technical assessment to help organizations determine how effective their security technology and processes are at containing a ransomware attack. We also introduced a new managed defense offering that covers shorter durations and allows customers and prospects to use our resources to surge or cover their security needs as they accommodate their remote workforce.

In addition to these new services, our security program assessments, red teaming and other strategic services allow customers to assess the effectiveness of their security programs. As the security landscape shift change rapidly in the last few months, more and more organizations are looking to complete assessments given the strategic importance of cybersecurity. For these reasons, we are confident in the demand for our consulting expertise, and we are looking to add more Mandiant consultants to increase our capacity to meet that demand.

Now I'd like to up to date -- excuse me, now I'd like to update you on our Platform and Cloud Subscription and Managed Services category. Every product in this category posted year-over-year growth with cloud endpoint once again leading the category with triple-digit growth. In the latest MITRE ATT&CK test, our FireEye endpoint security had the greatest number of total cumulative detections of any of the evaluated solutions. Additionally, the Naval Information Warfare Systems Command selected FireEye's Endpoint Security as the first place winner of the Artificial Intelligence Applications to Autonomous Cybersecurity Challenge. This recognition highlights how we have been able to transform our innovation into our cloud-based products.

Our cloud-based Network and Email Security, Threat Intelligence and Managed Defense offerings all posted double-digit year-over-year growth in annual recurring revenue in Q1. We continue to enhance our validation platform with new insights and new threat intelligence, releasing several updates during the quarter. And we expect continued growth in our Platform, Cloud and Managed Service category. There's a natural relationship between our Mandiant Consulting services and our platform offerings that drives long-term relationships with our customers and future adoption of our solutions.

Now I'd like to discuss our plan for 2020. Last quarter, we talked about the steps we have taken to modernize our business and our priorities for this year. I'd like to give you an update on our progress in the first quarter as well as recent actions we have taken to increase our investment in our growth areas.

First, we intend to be the best-in-world at incident response, red teaming and threat intelligence. As I shared earlier, we continue to add capacity to our Mandiant Services organization and to package our offerings in order to expand our reach.

Second, we intend to expand our dynamic threat detection and expertise to defend cloud-based infrastructure. In the first quarter, we acquired Cloudvisory. We launched our cloud security assessment service, and continue to expand our cloud-based email, endpoint and network security solutions. With Detection On Demand, we now offer our detection capabilities through an API. This creates new partnership opportunities and allows customers to augment the detection capabilities of their existing security products with our best-in-class detection.

Third, we deliver our Expertise On Demand seamlessly through our technology. We want to make our experts available at the point when customers need them most. So we continue to make progress on this front. And our Expertise On Demand billings grew 66% year-over-year.

And finally, we intend to be the best-in-world at security validation. What we want to do here is make the measuring of security effectiveness against the most current attacks simple, continuous and commonplace. With our Mandiant experts and our managed offerings, we believe a managed-validation-as-a-service would be a highly effective, differentiated way for organizations to measure their security effectiveness. We are uniquely armed at the latest attacker methodologies, and I believe we will be the company that closes the gap between the attackers' emerging techniques and the safeguards that are often too slow to adapt and stop or detect these attacks.

We recently took several additional steps as a company that we believe will allow us to increase our momentum. First, to more clearly convey the relationship between our services and our Security-as-a-Service subscription offerings, earlier this month, we officially unified our Validation, our Threat Intelligence, Managed Defense and Expertise On Demand offerings under the umbrella of Mandiant Solutions. The Mandiant brand is widely recognized by customers as a gold standard and cybersecurity consulting, and this unification is designed to help make the transition from our services to our SaaS offerings a more seamless experience for our customers.

Second, in parallel with our increased investment in the growth areas of our business, we are revamping our business operations to be more efficient and make it easier to do business with us. In short, we are evolving the business operations built for an appliance business, to business operations built for an as-a-service offering with more flexible pricing, modern licensing schemas and the ability to transact and provision software and services in minutes. I believe these efforts will be more important than ever in the aftermath of the COVID-19 pandemic.

And finally, we initiated a restructuring plan designed to enable us to increase investment in the growth areas of our business and position the company for improved operating performance. To be clear, planning was in motion long before the coronavirus outbreak. The restructuring includes a reduction of approximately 6% of the company's workforce, primarily in the mature appliance-based product areas. While there is never an ideal time for this type of action, I believe it was necessary for us to take the steps now to continue to transform our business to a comprehensive Security-as-a-Service company.

To conclude, I believe we are in the midst of a shift in the way organizations evaluate, buy and implement cybersecurity solutions, and the COVID-19 pandemic is likely to accelerate the shift. Organizations are increasingly focused on security outcomes rather than technology alone, and they are demanding proof of security effectiveness. This change is happening in parallel with the migration of workloads to the cloud. I believe the steps we are taking to leverage our differentiators, define and own the security validation market and transact in an as-a-service way, position us well for this shift change. Our strategic advantages, our expertise in threat intelligence remain unchanged. And while few companies will be untouched by the economic disruptions brought about by the COVID-19 pandemic, I believe we are well positioned to continue to grow our emerging solutions and services.

Now I'd like to turn the call over to our Chief Financial Officer, Frank Verdecanna.

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [4]

--------------------------------------------------------------------------------

Thanks, Kevin, and hello to everyone on the call. Before we move on to the details of our Q1 results and guidance for Q2 and 2020, let me remind you that I'll be referring to non-GAAP metrics except for revenue and operating cash flow. Our non-GAAP measures exclude stock-based compensation, amortization of intangibles, noncash interest expense on our convertible debt, restructuring charges and other nonrecurring items.

Turning to Q1 results, I echo Kevin's comment that I think we executed well against our plan as we quickly pivoted to a work-from-home organization. We delivered billings and revenue within our guidance ranges and exceeded our EPS guidance range. We estimate that COVID-19 global pandemic reduced our Q1 billings by about $10 million to $15 million and revenue by less than $2 million. The impact on billing, combined with an increase in DSOs related to the COVID-19 pandemic, resulted in operating cash flow below what we had anticipated in our pre-pandemic guidance. As we take a closer look at the details, I will focus my comments on ARR and revenue as the key indicators of our financial performance.

The ARR metric gives you insight into the expansion of our installed base of reoccurring subscriptions without regard to short-term changes in average contract line or in-quarter timing of large renewals which, as we've seen, can cause volatility in our quarterly growth rates for billings. Revenue reflects growth in our deferred revenue and drives our profitability. For these reasons, we believe ARR and revenue are better indicators of our progress on our transformation journey, especially in the current environment.

Looking at revenue and ARR by category and our operating results, Platform, Cloud Subscriptions and Managed Services revenue increased 33% year-over-year and accounted for 30% of total revenue compared with 25% of total revenue in Q1 of '19. ARR was up 32% year-over-year and 1% sequentially as we continue to expand our customer base in this category. This category now accounts for 49% of ARR, up from 40% at the end of Q1 of '19.

Mandiant Services revenues grew 25% year-over-year to a record $51 million and accounted for 23% of total revenue compared with 19% of total revenue in Q1 of '19. We continue to see strong demand for our expertise in both incident response and strategic consulting. As an FYI, we current -- we do not include any of our services or Expertise On Demand subscriptions in our ARR metrics, even though many customers purchased strategic consulting engagements year after year.

Revenue for Platform, Cloud Subscriptions and Managed Services and Mandiant Services categories accounted for 53% of total revenue compared with 44% a year ago. Our on-premise product and related business accounted for 47% of total revenue compared to 56% a year ago as our mix continues to shift to higher growth categories. Product and related revenue declined 11% from Q1 of '19 due to lower deferred revenue balances entering the quarter. Appliances accounted for the majority of the year-over-year decline. Remember that appliances originally sold in 2015 were fully amortized by the end of Q4 of 2019, creating a more difficult year-over-year comparison than prior quarters.

Product and related ARR decreased about 2% sequentially, a similar seasonal decline as last year. Net retention rates in these categories remained above 95%. Our ARR and retention metrics demonstrate that the product and related portion of our business has stabilized following the end-of-life event that impacted results in early last year. It also suggests that while we expect on-premise appliance-based sales to continue to decline as customers shift to virtual and cloud form factors, we are managing well through the transition, and we continue to retain our base of enterprise-class customers.

Gross profit margin of 71% was consistent with our guidance. The decrease compared to Q1 of '19 was due to a higher mix of services and total revenue as well as an increase in cloud hosting costs associated with higher cloud revenues. Note that although Mandiant Consulting services are at a lower gross margin, our services contribution margin is consistent with other areas of the business.

Total operating expenses were flat year-over-year, and increased about $6 million sequentially. The sequential increase was primarily related to higher employee payroll taxes that are seasonally higher in Q1. Our pre-shelter-in-place guidance had anticipated operating expenses of around $168 million on an absolute dollar basis or about $7 million higher than our actual results. The difference was primarily due to lower travel and event expenses in the last month of the quarter. With revenue and gross margin where we expected and lower-than-anticipated operating expenses, operating margin was 3 percentage points better than our midpoint of our guidance range.

Q1 2020 operating losses were 56% lower than Q1 of '19 at a $2.8 million loss. This translated into a net loss per share of $0.02, better than our guidance range of a loss of $0.03 to $0.05.

Turning to the balance sheet and cash flow, our balance sheet remains very healthy. We ended the quarter with cash and short-term investments of $980 million, which is more than enough to repay the $120 million in convertible debt that we expect to be required to repurchase on June 1, and to fund our operations for the foreseeable future, even in the more conservative versions of likely scenarios in this current environment. We ended the quarter with receivables of approximately $140 million, an increase of $29 million from a year ago. DSOs calculated on billings were 74 days. This is up from our usual 55 to 60 days. We attribute the increase to the COVID-19 pandemic and expect DSOs to remain in the 70- to 80-day range, at least through the second and third quarter of the year.

As I mentioned, cybersecurity remains a high priority, and we remain confident in our ability to collect payment, but we increased our bad debt reserve and reduced our near-term cash collection forecast as a precautionary measure.

Total deferred revenue at year-end was approximately $920 million, an increase of $14 million from the end of the first quarter of 2019. Platform, Cloud Subscriptions and Managed Services deferred revenue increased by about $36 million, and Services deferred revenue increased by about $24 million. The increases in the Platform, Cloud Subs and Services categories was partially offset by $46 million decline in product and related deferred revenue as prior period appliance sales continued to roll off the balance sheet. Note that this dynamic has a disproportionate impact on current deferred revenue. On a sequential basis, deferred revenue decreased by $55 million, reflecting normal seasonality in our quarterly billings.

Operating cash flow for the quarter was negative $24 million compared to our expectation of approximately breakeven. The difference was due to the increase in DSOs relative to our pre-pandemic expectations.

As Kevin mentioned, we have been taking steps to accelerate our transformation and set the stage for increasing growth and profitability in the future. This resulted in a restructuring charge of approximately $11 million in the first quarter. And we expect to incur additional restructuring costs of between $10 million and $15 million in the second quarter. We expect this action will reduce our operating expenses by at least $25 million in 2020 compared to 2019, primarily in the second half of the year, along with additional year-over-year savings related to lower travel.

When I review our Q1 operational metrics, including the increase in new customers, growth in ARR and net retention rates as well as our current pipeline of both new and renewal business, I'm confident our business remains healthy, and our transformation is on track.

Now let's turn to our current outlook for Q2 and the remainder of the year. My comments on our outlook take into account what we know today, but we recognize there are many unknowns, including the timing of reopening economies both in the U.S. and abroad. While we are operating with the same uncertainties that every other cybersecurity company, cybersecurity remains a top priority for our base of government and enterprise-class customers. I believe these are also the organizations best positioned to weather the storm. I believe the biggest unknown for us is the average contract length of billings. While customers may still commit to multiple years, given the current economic uncertainties we are assuming that some will be less willing to pay for upfront for multiple years. In recognition of this uncertainty, we are not guiding billings for the second quarter, and we are withdrawing our previously -- annual billings guidance for 2020.

Since billings drives our receivables, balance and cash flow, we are also withdrawing our cash flow guidance for the year. However, since we typically recognize more than 90% of quarterly nonservices revenue from deferred revenue on the balance sheet and for demand for our services remain high, we are providing revenue guidance for Q2. We are also providing revenue guidance for the year although we have expanded the range compared to prior periods. Expenses remain within our control, allowing us to provide visibility into operating margin and earnings per share for the quarter and the year based on current revenue assumptions.

For Q2, we expect revenue in the range of $213 million to $217 million, gross margin of between 68% and 69%, and operating margin of between negative 1% and negative 2% and EPS of a loss per share of $0.01 to $0.03. For the full year 2020, we expect revenue between $880 million and $900 million, gross margin between 69% and 70%, operating margin between positive 1% and positive 3%. This implies a decrease in operating expenses of $30 million to $35 million compared to 2019, which includes at least $25 million related to the restructuring actions as well as additional savings for operating costs such as lower T&E. As noted, this is based on what we know today and what we believe as of today. There's a lot of uncertainty that's being created because of COVID-19. And we are doing our best to manage and provide you with the guidance while operating in this uncertain environment.

That concludes my review of our guidance ranges and assumptions. I know there's a lot of detail here, so we have summarized the assumptions and math for you in the guidance section of our slides.

Operator, we'll now open the call for your questions.

================================================================================

Questions and Answers

--------------------------------------------------------------------------------

Operator [1]

--------------------------------------------------------------------------------

(Operator Instructions) Our first question comes from Michael Turits with Raymond James.

--------------------------------------------------------------------------------

Eric Michael Heath, Raymond James & Associates, Inc., Research Division - Research Associate [2]

--------------------------------------------------------------------------------

This is Eric Heath on for Michael. Kevin, just based on what you're seeing in conversations, can you just elaborate more on maybe what customers are -- or if your customers are actually deprioritizing maybe certain IT initiatives compared to others? And how you might see that shift in coming quarters?

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [3]

--------------------------------------------------------------------------------

Yes. So the number one question I've gotten, and realize my audience is usually Chief Information Security Officer or above, it was how do you protect your remote workforce, period? I didn't feel any shift in spend, meaning let's lower it. Although in this environment, obviously people are looking at discretionary costs and cutting them if they can. But I did not see security as discretionary. It's seen as important. So question number one, how do you defend the remote employee, period? And what do you do to make sure and validate that, in fact, you're running a secure infrastructure?

--------------------------------------------------------------------------------

Eric Michael Heath, Raymond James & Associates, Inc., Research Division - Research Associate [4]

--------------------------------------------------------------------------------

Great. And then for you, Frank, just can you provide some more color on contract lengths in the quarters? It looks like it was above your expectation. So curious what's going on there.

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [5]

--------------------------------------------------------------------------------

Yes. So it was pretty much flat. It was, well, slightly up year-over-year, but we did have a 5 year -- $5 million deal in the quarter that if you pull that deal specifically out, contract length would have went down by half a month. So surprisingly, we didn't see much of an impact on contract length in the quarter. But again, I mean, we only had 3 weeks of the pandemic in the quarter. So we would expect a bigger impact on contract length going forward.

--------------------------------------------------------------------------------

Operator [6]

--------------------------------------------------------------------------------

Our next question comes from Shaul Eyal with Oppenheimer.

--------------------------------------------------------------------------------

Shaul Eyal, Oppenheimer & Co. Inc., Research Division - MD & Senior Analyst [7]

--------------------------------------------------------------------------------

I had a quick question, Kevin. When looking at FireEye's portfolio, what do you see as more nondiscretionary products, services, solutions? And conversely, what is more discretionary from the CECL perspective?

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [8]

--------------------------------------------------------------------------------

Almost everything we do is relatively critical. And I know that sounds like boilerplate answer, but it's not. When you look at our services, we're either responding to the house is on fire or we're showing up before that to make sure we can do an assessment of your security program to make sure you don't have a problem to worry about. So I feel like on the services side, the demand is there. When you look at our products, they were always designed to detect what other safeguards missed, kind of to close the gap between legacy safeguards and what the attackers were doing.

So we're seen as a pretty instrumental layer with our products to people's security programs. And that's why I think you see high renewal rates for us. And the biggest challenge we had is going from appliance to cloud, getting -- and going from perpetual license to subscription and getting into form factors that are getting more and more common. We've done that work and now we have to leverage it. So I think through the portfolio, probably the biggest delay we had on things that were in-flight that got delayed were on training, education.

We do a couple of hundred classes a year for security professionals, and we had to sort out, in a short period of time, how do we take that training and still connect with remote folks, but we're starting to see that spin back up now. And I think as organizations recognize that we're all going to be working in a remote setting for an indeterminate length of time, that we have to figure out how to allow things like training to happen in remote environments. But out of everything we did, the only thing that hit my desk with delays was the training.

--------------------------------------------------------------------------------

Shaul Eyal, Oppenheimer & Co. Inc., Research Division - MD & Senior Analyst [9]

--------------------------------------------------------------------------------

Understood. And if I may, Frank or Kevin, month of April is coming to an end very shortly. Can you talk to us what you've been seeing so far? And maybe just a word about ASPs, where do they stand right now?

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [10]

--------------------------------------------------------------------------------

Yes. So far, Shaul, in the month of April, we're actually a little bit ahead of linearity from typically where we are in month 1 of a quarter. So I think so far, all signs have been very positive, which gives us a lot of confidence going into the remainder of the quarter.

--------------------------------------------------------------------------------

Operator [11]

--------------------------------------------------------------------------------

Our next question comes from Fatima Boolani with UBS.

--------------------------------------------------------------------------------

Fatima Aslam Boolani, UBS Investment Bank, Research Division - Associate Director and Equity Research Associate Technology-Software [12]

--------------------------------------------------------------------------------

Kevin, I'll start with you. Just with respect to Mandiant, appreciate the color you gave around the ability of the Mandiant professionals to remotely troubleshoot customer pain points and particularly those verticals that continue to be besieged by cyberattacks. So I'm wondering if you can kind of talk us through how the onboarding of additional capacity is going to play out over the course of the year. And to what extent are you having to backlog engagements because the billable hours and billable rates are at capacity? And then I have a follow-up for Frank, if I may.

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [13]

--------------------------------------------------------------------------------

Yes. So we feel like we're operating full bore. So the onboarding -- I think I'm going to answer your questions in reverse order. Now let me answer them in the right order. When it comes to working remotely, we started designing our endpoint in 2005 to do exactly this: Send expertise in seconds, and as you adopt our endpoint, if anything happens we always want to be that unbiased third-party that can reach in and investigate and sort it out for you. So we've always had the ability to do critical services from remote locations. And so that's not new. So when we had to go remote, in reality, we've already been doing it that way. We can't put people on Boeing 737s every time there's a breach and fly them in. You don't have the time to do that. You can't travel there. Software can travel there in 30 minutes or less, get installed and we're executing our expertise remotely.

In regards to onboarding, I know my way of doing it. They show up. We train them a little bit, but there's no better job than on-the-job training. So the reality is people that we hire, we've always gotten them busy fast. I mean that's just what you do in consulting. We do have training, we do have mentorship, but the onboarding of consultants really means you get repetitions. You get repetitions as soon as you hit the ground.

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [14]

--------------------------------------------------------------------------------

Yes. And Fatima, just to add to that, we had been growing the global consulting org for the last couple of years. And so we've had plenty of folks that have come aboard in remote locations that have gone through a remote training program. So that really wasn't that much of a challenge to get those folks up to speed.

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [15]

--------------------------------------------------------------------------------

It's an incredible journey.

--------------------------------------------------------------------------------

Fatima Aslam Boolani, UBS Investment Bank, Research Division - Associate Director and Equity Research Associate Technology-Software [16]

--------------------------------------------------------------------------------

Appreciate that. Go ahead, Kevin. No, no...

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [17]

--------------------------------------------------------------------------------

Go ahead...

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [18]

--------------------------------------------------------------------------------

It's Frank's turn.

--------------------------------------------------------------------------------

Fatima Aslam Boolani, UBS Investment Bank, Research Division - Associate Director and Equity Research Associate Technology-Software [19]

--------------------------------------------------------------------------------

Okay. Frank, since I have you, just digging into the outlook assumptions both from a revenue and OpEx perspective. So on the revenue front, are you expecting any changes from a renewal standpoint or rate of decline in appliances? And then on the cost front, given the restructuring, I'm wondering why the magnitude of change here is so much starker than the revenue being rebased lower? And that's it for me.

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [20]

--------------------------------------------------------------------------------

Yes. So from a revenue perspective, obviously we've brought down the revenue number for the full year, and we've expanded the range. We've done that across all categories, assuming that business would see an impact across various areas. To date, we haven't seen much of an impact. Obviously, we delivered on our Q1 numbers. But the Q2 guidance shows that we are expecting or we are at least taking conservative view on what could happen in the quarter. And so we are accounting for less appliance sales, we are accounting for assuming that there are going to be some service offerings that folks will want on-site and may delay until we get to a point where we can deliver that on site. So we've taken that into consideration.

From an OpEx standpoint, most of the restructuring actions have happened towards the tail end of the quarters. And so there'll be -- most of the positive impact to that will happen in the back half of the year. Obviously, depending on what travel's like for the remainder of the year, we may actually have additional savings there if we wind up being sheltered in place for a longer period of time.

--------------------------------------------------------------------------------

Operator [21]

--------------------------------------------------------------------------------

Our next question comes from Sterling Auty with JPMorgan.

--------------------------------------------------------------------------------

Matthew Melotto Parron, JP Morgan Chase & Co, Research Division - Analyst [22]

--------------------------------------------------------------------------------

This is Matt on for Sterling. I know you guys talked about this quarter kind of some of the segments that benefited or not benefited but had some increased interest from the current situation. Going forward, which parts of your business do you think are going to be negatively impacted from the current situation? And which ones do you think are going to have more of a positive impact?

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [23]

--------------------------------------------------------------------------------

Matt, obviously, we're not that far into this process. So it's very difficult to see -- forecast exactly which products are going to do better. Our early signs is renewal rates seem to be doing a little bit better. Appliance sales, probably a little bit worse. And then from a service offering, we've been able, because we've had a lot of backlog and because we've got a lot of demand there, we've been able to keep utilization and chargeability up high. But at some point, if things don't change, we would expect some impact there as well.

--------------------------------------------------------------------------------

Matthew Melotto Parron, JP Morgan Chase & Co, Research Division - Analyst [24]

--------------------------------------------------------------------------------

Got you. Great. That's very helpful. And then...

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [25]

--------------------------------------------------------------------------------

But obviously, our cloud products probably are positioned better for kind of remote install, remote work environments or cloud endpoint, cloud email.

--------------------------------------------------------------------------------

Matthew Melotto Parron, JP Morgan Chase & Co, Research Division - Analyst [26]

--------------------------------------------------------------------------------

Understood. And then one quick follow-up. In terms of the Mandiant Services component, is there any type of -- I know you talked about the implementation, but is there any type of situation that you wouldn't be able to perform in the current environment?

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [27]

--------------------------------------------------------------------------------

Yes, this is Kevin speaking. I mean there's always times where it's better to be in the room. Whenever there's an incident, right when we started doing the remote work, we often wondered -- for many companies, you start a war room, everybody crowds in the war room, you get to read verbal and nonverbal communication. So you got to do business a little bit differently. But our folks are very used to remote collection of information, remote forensics, remote analysis, remote counseling and discussion on remedial steps. But what you lose is that the customers sometimes want you in the war room. And by the way, the customer doesn't have that with their own people now. So it's just a different environment. So you lose a little bit of the connectedness when you hit some incidents that are in a sprint.

In regards to the security assessments, there's probably -- we're probably communicating at a 90% effectiveness rate, not 100% just because we're all remote and doing things in a different way. Sometimes it's easier to get on site, meet the 20 to 50 folks that you need to meet, and go through here's all the things that would make your security program more effective. So that's a long-winded way of saying that our communications are different today than what they used to be. And that for some folks, they may have to change their communication style to be more effective.

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [28]

--------------------------------------------------------------------------------

And Matt, we have seen people leverage our intel offering and our Expertise On Demand a little bit more as well. So I do think people are utilizing our internal expertise to augment their internal teams.

--------------------------------------------------------------------------------

Operator [29]

--------------------------------------------------------------------------------

Our next question comes from Rob Owens with Piper Sandler.

--------------------------------------------------------------------------------

Robbie David Owens, Piper Sandler & Co., Research Division - MD and Senior Research Analyst [30]

--------------------------------------------------------------------------------

Building on Matt for Sterling's question earlier around Mandiant. Curious just about billable hours. How -- the billable rate, I guess, Kevin, how it changes on-prem to remote? And you've got this large portfolio of new Mandiant Services that you talked about. So you should have leverage then, I guess. So is there a near-term hit when you move kind of to remote work for these guys, but you hope to make that up from the -- just from the simple standpoint, they might be able to participate more, offer more services to an end customer?

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [31]

--------------------------------------------------------------------------------

Yes. So a couple of thoughts there. Let me just be -- So I've read some of the analysis from folks saying, "Oh, services has been hit, and it's been hit negatively." Our rates haven't changed one bit. 5 years ago, when there was an incident, we did exactly what we're doing today then. We'd send software, we'd be on the phone, we'd start communicating with the customer and we'd start sending our expertise and responding from a remote location. So for us, this is almost business as usual. We were -- we're actually almost too busy to send people in travel hours. That's how busy we are. So no change in the rates right now, Rob. We haven't even seen compression in them at all or even a debate about it. So I feel comfortable there. And then for us, I think that the customer prospects behavior has changed because they have a work for us now that's remote and their security force is remote. But I think we're doing a lot of business-as-usual for us, right. So I don't feel like it's changed too much.

--------------------------------------------------------------------------------

Robbie David Owens, Piper Sandler & Co., Research Division - MD and Senior Research Analyst [32]

--------------------------------------------------------------------------------

Great. And then second, if I may, just an update on the Verodin acquisition, the rebranding, kind of how the acceptance has been by end customers? And is this proving to be a tip of the spear for FireEye Solutions? Or is it more of that different consulting validation of preexisting infrastructure sale?

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [33]

--------------------------------------------------------------------------------

Yes. So it came down to working with Chris Key, the founder of Verodin, where he believed and probably rightfully so, FireEye is a controls business when you think about endpoint, network, e-mail and the cloud SIM. Mandiant was always seen a little more agnostic, controls-agnostic. When you do validation as a business, you want to have -- you want to be the honest broker. And the Mandiant brand was seen as more of the honest broker in regards to that, a non-controls business brand. And if you look at what Verodin does, it measures security effectiveness. We want to be the honest broker, not game it. When you run Verodin, you get unvarnished truth, whether you stop or detect attacks. And the Mandiant brand has kind of survived. For whatever reason, it's still here, it's still with us, and it's more agnostic to just what are the right damn answers right now to secure your network. And so it's more fitting in a go-to-market for a validation story. So Verodin is now Mandiant Validation.

--------------------------------------------------------------------------------

Operator [34]

--------------------------------------------------------------------------------

Our next question comes from Erik Suppiger with JPMorgan -- JMP.

--------------------------------------------------------------------------------

Erik Loren Suppiger, JMP Securities LLC, Research Division - MD & Senior Research Analyst [35]

--------------------------------------------------------------------------------

First off, can you talk a little bit about vertical markets? Are you pretty well insulated from some of the key markets that have been hit like hospitality or travel? And then could you talk a little bit about whether your products feed into remote access infrastructure? Are you particularly securing remote access at all? Or are these products largely separate from the build-out of a lot of remote access infrastructure this last quarter?

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [36]

--------------------------------------------------------------------------------

Got it. So I got -- so that's 2 questions. Kevin speaking. In regards to the different verticals, believe it or not, we did business in basically every single vertical last quarter to include some that are significantly impacted like the airlines industry. So I think at that point, it's more about the payment terms, where you'll see the industries that are more impacted are probably going to try to negotiate different payment terms than those that are less impacted. And Frank could probably speak to that.

In regards to remote access infrastructure, we have an assessment that our consultants do on remote access, where we test people's remote access. Does everybody really need 2-factor authentication? Is it actually in practice? So we do that.

And then in regards to our solutions, we have a partnership with a company called iboss, which is a cloud SaaS network security. Really, it's -- you download their endpoint and all of your traffic would be going through our detection capabilities. So that's a powerful partnership. That, to me, is how you get really shields up on a remote workforce. It's a nice iboss plus FireEye detection kind of combination there.

And then the third way is endpoint. Endpoints guard endpoints. So bottom line is, yes, on remote access and what CISOs are worried about, we've been doing those tests for years.

--------------------------------------------------------------------------------

Erik Loren Suppiger, JMP Securities LLC, Research Division - MD & Senior Research Analyst [37]

--------------------------------------------------------------------------------

And then let me ask one last one. Just on the shift to a remote workforce, how long do you think we have to benefit from the effort to secure that change? Are we still very early in terms of where CISOs are from the way they're looking at this shift to building out their remote workforce?

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [38]

--------------------------------------------------------------------------------

I think it will come in waves. And I think for 1A Enterprises and the CISOs I know they are already well into it or already -- you're not ever done. That's the funny thing about security. People think, oh, we did 3 things, wash your hands, done. You have to do a lot of rinse, repeat and test. But I think that it's happening fast. It needs to happen fast, and it will be the new normal by the end of the year. There are folks that, for whatever reason, nobody knows what's going to happen after the pandemic might flatten the curve as they say, and I'm no expert. But behaviors are going to change for a long time right now. And the question is, does that mean 1/3 of the workforce stays remote, 2/3, 3/4? Nobody knows. But the change happened so abruptly and cybersecurity is so important, I think the vast majority of this is going to happen this year.

--------------------------------------------------------------------------------

Operator [39]

--------------------------------------------------------------------------------

Our next question comes from Gur Talpaz with Stifel.

--------------------------------------------------------------------------------

Christopher Caleb Speros, Stifel, Nicolaus & Company, Incorporated, Research Division - Associate [40]

--------------------------------------------------------------------------------

This is actually Chris Speros on for Gur. For Kevin, given FireEye's unique viewpoint into the threat landscape, how has the threat environment evolved since COVID? Are you seeing any sort of uptick in nation-state sponsored activity?

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [41]

--------------------------------------------------------------------------------

All I can tell you, and I kind of mentioned it, we're seeing a lot of incidents right now. We're exceptionally busy and I would tell you, calls are coming in daily to help companies deal with it. But I don't know if I can tie it to COVID or just tie it to things such as -- I'll give you one example that's created a problem. When I was responding to breaches, if someone hacked in and extorted you, the person that hacked you and extorted you was the exact same person. And they were probably great at hacking you but not very good at extorting you. So you paid $5,000, problem solved.

Somewhere in 2018, 2019, we started seeing the separation of duty where you have folks that break in because that's what they're good at. And then they're handing their access and break-in to practiced folks that are criminals that can extort. So we're just seeing more ransomware cases. Those things are very disruptive to business. And you combine the separation of duty between hacking and extorting with anonymous digital currency, and you've got a hell of a perfect storm to monetize breaches, far easier than the olden days of stealing credit card data and fraudulently buying things. So we're just seeing an uptick because you can make more money breaking in now than ever before.

The nation-state stuff's here to stay. Clandestine operations, espionage, it's done online now. So that's just going to always have a steady escalating hum. But the amount of money folks are making now, I just feel like the financial crimes are escalating as well.

--------------------------------------------------------------------------------

Christopher Caleb Speros, Stifel, Nicolaus & Company, Incorporated, Research Division - Associate [42]

--------------------------------------------------------------------------------

That makes a ton of sense. And one more for Kevin, if I may. How should we think about the current appetite for security validation? And how has it been impacted by COVID-driven disruption across the enterprise?

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [43]

--------------------------------------------------------------------------------

Yes. Yes. My read on the first quarter is in 90 days, I can't tell. I feel like we're still tracking for the year, but it's early on. But there's 2 different audiences for validation: there's the technologist and then there's the CISO and above. And my angle on it is it matters more to the CEO and CISO. Can the attacks I'm reading about work on my network? Do we have an infrastructure of technology and processes and people that are ready to withstand the attacks that are most relevant to our organization?

So you're going to see us do tweaks or I think we're going to pivot our go-to-market more towards the senior staff, not the junior staff. And I think in the past, people saw Verodin as a technical buy. Now that Verodin is part of FireEye, and they're working side-by-side with Mandiant expertise, I believe we need to bring it to market in a managed way, similar to Rapid7, similar to Qualys. I don't want to run a damn vulnerability scanner every day, but I would like to get the output from somebody else from time to time. And I think that Verodin gives us a great platform for that. So stay tuned. We're pivoting that. It's a technology you can buy. 1A Enterprises will, and they'll run it themselves. It will put their own intel in it, and they'll share indicators and they'll do those sort of things.

In addition to that, though, we want to be able to run validation. And I think the true value in the validation is twofold. It's not just binary, yes, these attacks work or no, they don't. I think the more important aspect of it is tracking the remedial steps that organizations will take and that, to me, will require our expertise working with the customers' expertise. So I see it as a -- I'm excited about what I'm calling validation-as-a-service. We have created packages to do that. And then I think I'd rather have -- if you buy the technology, that's great. And you can have people running it at your company, you get people inputting stuff. You know what's also great, is the folks that are responding to over 700 incidents a year are inputting a bunch of data into that system as well. So bottom line, that's a long-winded way of saying, I feel we're on track. I'm excited about the validation space. I think we're going to define it, and we're going to grow it.

--------------------------------------------------------------------------------

Operator [44]

--------------------------------------------------------------------------------

Our next question comes from Melissa Franchi with Morgan Stanley.

--------------------------------------------------------------------------------

Hamza Fodderwala, Morgan Stanley, Research Division - Research Associate [45]

--------------------------------------------------------------------------------

This is Hamza in for Melissa. Just a couple of quick ones for me. So I know it's early days, but as you look at sort of the past 5 to 6 weeks or so, what are you seeing in terms of buying behavior as it relates to existing customer expansion and new customer adds? And as you look out to the rest of the year in your guidance, what is the assumption around net retention?

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [46]

--------------------------------------------------------------------------------

Yes. I'll address this first, and then Frank will probably say exactly what I say because almost every day or 2, I'm like, Frank, what are we seeing? What are the patterns? And right now, it's almost like there's not a pattern other than we'll sell less on-prem gear, and we feel that there might be a rise in renewal rates, meaning people that have already spent for something are more inclined to renew it. And that may mean that there's less inclination in buying patterns to buy something new. So that being said, we added more customers this year than last year. And we had more of an uptick on net new logos in their spend this year than last year. So I ask Frank every day, what are we seeing? And we're not seeing a pattern other than that, what I just said. Renewals seem to be going up in rate. And on-prem gears, probably going to go down.

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [47]

--------------------------------------------------------------------------------

Yes. And I think as we get through the second quarter, obviously, we'll have a lot better visibility into that by product. And -- but as we look throughout the remainder of the year, we've taken a very conservative approach to assuming that renewal rates are much more closer to historic norms rather than go up. We've also assumed that appliance sales would go down more than we expected because of COVID-19 and that we'd also see more challenges on some of the newer products and some of the services. Hopefully, none of that stuff will come to fruition and we'll be in a much better spot. But given the uncertainty, we weren't going to take chances on our guidance on any of those items.

--------------------------------------------------------------------------------

Hamza Fodderwala, Morgan Stanley, Research Division - Research Associate [48]

--------------------------------------------------------------------------------

That's really helpful. And just one more quick one. Are you seeing any supply chain constraints around the appliance business at all?

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [49]

--------------------------------------------------------------------------------

We are not -- we did -- if you looked at our balance sheet, we did increase our inventory a little bit over the -- year-over-year, and that was really just to make sure that if there was any challenges going forward that we'd have a little bit more supply. But so far, our contract manufacturer is operating at full capacity and the component parts -- we have multiple suppliers there. And so we haven't really seen any challenges there.

--------------------------------------------------------------------------------

Operator [50]

--------------------------------------------------------------------------------

Our next question comes from Keith Bachman with Bank of Montreal.

--------------------------------------------------------------------------------

Keith Frances Bachman, BMO Capital Markets Equity Research - MD & Senior Research Analyst [51]

--------------------------------------------------------------------------------

My question relates to the previous one. And I was wondering if you could just talk about your views on product revenues. And what I mean by that, the context is at the Analyst Day, you had laid out a scenario whereby product revenues will be expected to flatten out over time. Obviously, the COVID virus has disrupted that. But is there any context you could give, a, about what you think product revs' impact maybe this year? And then, b, more importantly, as we come out of COVID, is it you're still -- your expectation that product revenues flatten out? Or do you think investors should assume some ongoing declines with product revenues? And that's it for me.

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [52]

--------------------------------------------------------------------------------

Yes, I think what we had talked about previously at Analyst Day was the fact that the year-over-year decline in the amortization of product revenue was going to -- that rate of decline was going to flatten out as we got into late 2020. And we still expect that. It's going to be more focused on adding new appliance sales to the waterfall schedule. Our expectation right now will be -- there will be probably less appliance sales than we originally expected. And so we'll see a little bit of a bigger impact on the product revenues due to COVID. But longer term, we've talked about -- we expect more and more business to move to virtual and cloud. And so the pure appliance product revenue will continue to decline over time. We just think the rate of decline will flatten out a little bit.

--------------------------------------------------------------------------------

Operator [53]

--------------------------------------------------------------------------------

Our next question comes from Gregg Moskowitz with Mizuho.

--------------------------------------------------------------------------------

Gregg Steven Moskowitz, Mizuho Securities USA LLC, Research Division - MD of Americas Research [54]

--------------------------------------------------------------------------------

Just a couple for me. Kevin, you alluded to more flexible pricing and if I think back, you had already introduced subscription-based pricing across network endpoint and e-mail quite some time ago. So other than introducing shorter duration options like you have for Managed Defense, I was just wondering if there was something else here that is actually new.

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [55]

--------------------------------------------------------------------------------

Yes. I think over time -- and this is something I've done with our product marketing folks -- you look out 3 to 5 years. It'd be really nice to download software, run it when you need it, pay for as much as you need at that time, the consumption-based pricing. We're not there yet. We don't need to do it now. Frank is probably cringing as I talk to you about this. But I've always defined 6 qualities to Security-as-a-Service, and one of them was always just consumption-based pricing, elastic pricing. You see AWS doing it, you see cloud-based companies sort of doing it. And I just want to be ready for that. I want to have a back-office where folks may need to do shields up.

Years ago, there was a specific event. And you can think of a major sporting event or you can think of a major entertainment event, where people just want to do shields up. And I'd love to be able to tell the CEO, "Hey, have your tech guy grab this, upload it, and we'll charge for you as you go." Per-user pricing is something we have now. But I want consumption-based, true SaaS and one day we'll have it. And we'll have the -- at least the means to do it, should we choose to do it. And that's what I mean by that. Right now, we built a back office that has a SKU for everything. It's an appliance shipping back office, and that's how we transact.

And I think we can do better than that. We can transact in a way that is more flexible for our customers, where we can provision faster. We can have a licensing scheme that's not an appliance-based licensing scheme, and we can get people up and running in minutes from when they purchase from us. So that's what I mean by that. And I won't bore you with the slides that I routinely show internally to FireEye, and I'll be showing them again tomorrow at our all-hands. And here's the 6 criteria to be genuine SaaS. We got a lot of it, but we got a few more steps to do.

--------------------------------------------------------------------------------

Gregg Steven Moskowitz, Mizuho Securities USA LLC, Research Division - MD of Americas Research [56]

--------------------------------------------------------------------------------

Okay. That's really helpful and makes a lot of sense. And then just as a follow-up, so Frank, you talked about a $10 million to $15 million negative billings impact in Q1 from COVID-19. Kevin, I think you said the only delays that hit your desk were training-related. And so I wanted to clarify that you're not saying the $10 million to $15 million impact is mostly or entirely tied to lower training because it just would seem to be really high. I would have thought there probably would have been a component or 2 on the product side. Again, just a clarity.

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [57]

--------------------------------------------------------------------------------

Yes. And to be clear, I was talking about delays for deals that were already closed, where in relation to services, all closed deals, most of it moved forward. But on training, I knew that there were delays where we had to cancel classes and move them out because we weren't sure how we'd perform it. So...

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [58]

--------------------------------------------------------------------------------

Yes. And Gregg, that was really more of an impact on revenue. But because of the amount of backlog we had and the demand, we didn't see much of an impact on revenue. The $10 million to $15 million impact on billings, I think those were just deals that we would have normally got through the normal gauntlet, but because customers' purchasing departments was all of a sudden in a remote spot, we definitely saw some delays. We saw some countries that we actually could not even ship to because of COVID. And so there were some deals that just kind of pushed out a couple of weeks that came in into April already but did have an impact on things that we would have seen in the last week of March.

--------------------------------------------------------------------------------

Gregg Steven Moskowitz, Mizuho Securities USA LLC, Research Division - MD of Americas Research [59]

--------------------------------------------------------------------------------

And Frank, is it your view that all of these, as far as you can tell, are delays or deferrals as opposed to anything that would be a cancellation?

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [60]

--------------------------------------------------------------------------------

Yes. None of those were lost deals. They were -- strictly, they just didn't get through the customer's procurement cycle in time for us to ship and deliver by 3/31.

--------------------------------------------------------------------------------

Operator [61]

--------------------------------------------------------------------------------

Our last question is from Saket Kalia with Barclays.

--------------------------------------------------------------------------------

Saket Kalia, Barclays Bank PLC, Research Division - Senior Analyst [62]

--------------------------------------------------------------------------------

I'll keep it to one. Maybe for you, Kevin. It's really a high-level one. But I guess as you spend time with your sales leaders, what are you hearing about the growth and sort of quality of the pipeline?

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [63]

--------------------------------------------------------------------------------

Well, the reason I'm pausing on that is most of the time, when I look at pipeline, I'm not looking at all of it, I'm looking at very specific things and how it's doing because I'm trying to shift this more to cloud, shift this more to the services that are relevant, and that pipeline is growing. I inspected the validation pipeline yesterday, and I liked what I see. So yes, I can't speak of the pipe in its entirety. But in regards to validation and emerging products, I feel very good about it.

--------------------------------------------------------------------------------

Frank E. Verdecanna, FireEye, Inc. - Executive VP, CFO & CAO [64]

--------------------------------------------------------------------------------

Yes, overall pipe, Saket, year-over-year is very strong. I think as Kevin mentioned, it's more of a difference in mix. Like I said, the appliance component obviously is lower year-over-year, but the cloud stuff and the validation is up.

--------------------------------------------------------------------------------

Operator [65]

--------------------------------------------------------------------------------

Thank you. And now I'd like to turn the call back over to Kevin Mandia for closing remarks.

--------------------------------------------------------------------------------

Kevin R. Mandia, FireEye, Inc. - CEO & Director [66]

--------------------------------------------------------------------------------

I want to thank everybody for joining us today. Thank you for your interest in FireEye. I look forward to speaking to all of you in 90 days. Until then, stay safe and healthy. Thank you very much.

--------------------------------------------------------------------------------

Operator [67]

--------------------------------------------------------------------------------

Ladies and gentlemen, this concludes today's conference call. Thank you for participating. You may now disconnect.