X

FireEye Inc (FEYE) Q3 2020 Earnings Call Transcript

FireEye Inc  (NASDAQ: FEYE) Q3 2020 earnings call dated Oct. 27, 2020

Corporate Participants:

Kate Patterson — Vice President of Investor Relations

Kevin Mandia — Chief Executive Officer and Board Director

Chris Key — Executive Vice President of Products, Mandiant Solutions

Frank Verdecanna — Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Analysts:

Matt Parron — J.P. Morgan — Analyst

Chris Speros — Stifel — Analyst

Fatima Boolani — UBS — Analyst

Rob Owens — Piper Sandler — Analyst

Jonathan Ruykhaver — Robert W. Baird — Analyst

Saket Kalia — Barclays — Analyst

Hamza Fodderwala — Morgan Stanley — Analyst

Brian Essex — Goldman Sachs — Analyst

Lee — Oppenheimer — Analyst

Presentation:

Operator

Good day, everyone and welcome to the FireEye Third Quarter 2020 Earnings Results Conference Call. [Operator Instructions]

At this time, I would like to turn the call over to Kate Patterson. Please go ahead.

Kate Patterson — Vice President of Investor Relations

Thank you, Josh. Good afternoon and thanks to everyone on the call for joining us today to discuss FireEye’s financial results for the third quarter of 2020. This call is being broadcast live over the Internet and can be accessed from the Investor Relations section of FireEye’s website at investors.fireeye.com.

With me on today’s call are Kevin Mandia, FireEye’s Chief Executive Officer; Frank Verdecanna, Executive Vice President, Chief Financial Officer and Chief Accounting Officer of FireEye; and Christopher Key, FireEye’s Executive Vice President of Products for Mandiant Solutions.

After the market closed today FireEye issued a press release announcing the results for the third quarter of 2020. Before we begin, let me remind you that FireEye’s management will make forward-looking statements during the course of this call, including statements relating to FireEye’s guidance and expectations for certain financial results and metrics; FireEye’s priorities, initiatives, plans and investments, drivers and expectations for growth and business transformation, the expansion of FireEye’s products, subscriptions and services and expectations, benefits, capabilities and availability of new and enhanced offerings, market opportunities and go-to-market strategies.

These forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. These forward-looking statements apply as of today, and you should not rely on them as representing our views in the future, and we undertake no obligation to update these statements after the call. For a detailed description of risks and uncertainties, please refer to our SEC filings as well as our earnings release posted an hour ago. Copies of these documents may be obtained from the SEC or by visiting the Investor Relations section of our website.

Additionally, certain non-GAAP financial measures will be discussed on this call. We have provided reconciliations on these non-GAAP financial measures for the most directly comparable GAAP financial measures in the Investor Relations section of the website as well as in the earnings release. Finally, I’d like to also point out that we have posted supplemental slides and financial statements on the Investor Relations section of the website.

With that, I’ll turn the call over to Kevin.

Kevin Mandia — Chief Executive Officer and Board Director

Thank you, Kate. And I would like to thank all of you for joining us today and I hope that you and your loved ones are healthy and safe. I remain proud of the FireEye team and how we have adapted to new challenges that have emerged for all of us. We continue to transform FireEye while delivering strong results each quarter. Our results over the last few quarters reflect both stabilization of our product businesses and strong continued demand for our emerging solutions and services.

Today, I’ll discuss some of the operating highlights of the third quarter and then provide more details on our recent innovations in both Mandiant Solutions and our FireEye control products. I will then turn the call over to Chris Key, our Executive Vice President of Products for Mandiant Solutions, and the driving force behind the SaaS platform, we call the Mandiant Advantage, which we launched approximately three weeks ago. Chris will provide a deeper dive on Mandiant advantage, including the roadmap for additional offerings deployed through the cloud native platform. And Frank Verdecanna will wrap up the prepared remarks with the discussion of our third quarter financial results and our updated outlook for the fourth quarter and the full year.

We did what we said we do in the third quarter and we exceeded our guidance range of both the top line and bottom line metrics. In fact, our revenue, non-GAAP operating income, net income and earnings per share were all at all time record levels. Let me share some of the highlights. Third quarter revenue was $238 million, at the $11 million above the midpoint of our guidance range. Revenue growth was again led by our platform, cloud subscription and managed services category, which grew 21% compared to a year ago. This category includes our security validation platform, threat intelligence and managed defense offerings as well as our cloud-based security control products. Our annual recurring revenue for this category increased 4% sequentially and 18% year-over-year.

Cloud endpoint, threat intelligence and security validation continue to drive the growth of this category. Revenue for our Mandiant consulting services grew 19% compared to the third quarter of 2019. This marks the 10th quarter in a row of record revenue for our professional services and the fourth quarter in a row that our services revenue exceeded $50 million. Demand for our expertise is stronger than ever and we continue to operate at a very high tempo. Combined revenue of our platform cloud category and our professional services category eclipsed our more mature appliance based business again in the third quarter and accounted for 54% of total revenue. This compares to 48% in the third quarter of 2019 and 40% in the third quarter of 2018, even as the composite of our revenue continues to shift from appliance based control products to our cloud-based products and Mandiant Solutions, our traditional appliance based products remain deeply embedded in many organizations. In fact, we had sequential growth in product and related ARR for the first time since the fourth quarter of 2018.

We added 279 new logo customers in the quarter and closed 45 transactions greater than $1 million, and both these metrics increased year-over-year and sequentially. And we achieved these results while continuing to improve our bottom line. We generated a record 12% non-GAAP operating margin and record non-GAAP operating income, net income and earnings per share. Now, last year we mentioned, we were seeing two different, but related areas of focus emerged within FireEye. Since that time we have structured our business around two separate brands, FireEye products and Mandiant Solutions. And we have been able to accelerate innovation, improve our go-to-market and leverage the equity of each brand.

Our FireEye products are control technologies to best protect our customers from cyber attacks and our Mandiant Solutions are product agnostic offerings that can enable and empower all security technologies to best leverage our frontline intelligence and security expertise. I would like to highlight a few of our recent innovations in our product businesses that are led by Bill Robbins. Our products leverage our frontline knowledge to provide what I believe is the best layer of detection in security and we are focused on maintaining this position. We have continued to improve our detection with machine learning and AI based features that learn from our frontline intelligence. And we have increased the correlation of data between our products and we have made significant progress, creating a single-user interface through Helix. We added several new capabilities to Helix, including integrations to accept data streaming from our endpoint agent and to perform endpoint remediation and response actions. Other new capabilities in Helix include asset based alert correlation, a federated view and email queue management to view and flush emails from our email security products directly from the Helix interface.

We also added a pivot to cloud advisory to streamline cloud security management capabilities for our customers and added more than 50 compliance checks in cloud advisory designed by the Mandiant cloud security assessment team. To sum up, Helix is stronger and more robust and better equipped to empower security operations for FireEye product customers. Our endpoint security releases during the third quarter highlight the power of our innovation architecture to speed innovation and improve detection, improve prevention and improve endpoint investigation workflows. Specifically we released three new modules, process guard, event streamer and enricher.

The process guard module detection stops unauthorized processes from obtaining and stealing user IDs and passwords. The event streamer module automates streaming Windows event logs to Helix and two third party SIMs [Phonetic] and our enricher module automates the analyst workflow by applying Mandiant intelligence to the data, allowing analyst to understand and take action to remediate. And cloud endpoint remains an important growth driver for us and we have accelerated our investments in this area.

In email, we made a number of enhancements, completing improvements to our outbound email scanning features, which led to a 20% increase in outbound scanning adoption by our customers. We focused on our Microsoft integration providing retroactive alert remediation for O365 and active directory integration for easier and more effective ways to protect recipients that are labeled VIPs.

We started the quarter with an announcement of our network security 9.0 release across our product family. With 9.0, we announced the ability to run in Microsoft’s Azure and we released our Smart Grid product for use on AWS with bare metal instances, and this capability meets the growing demand for many of our large customers that have strict data residency requirements and are building private data centers in AWS.

Now I’d like to update you on Mandiant Solutions, which consists of our consulting, threat intelligence, managed defense and security validation. Building solutions that allow us to scale the delivery of our intel and expertise through software to any security environment is the foundation of our Mandiant Solutions’ growth strategy. Therefore, in October, we achieved a significant milestone in this strategy with the launch of Mandiant Advantage, our cloud native security-as-a-service platform. We believe the simplicity, elegance and ease of use of the Mandiant Advantage platform make our intel and expertise accessible and actionable by customers of all sizes using any security products in any infrastructure. We also believe it will be instrumental and increasing the adoption of our threat intelligence and our validation technology.

Now I’d like to turn the call over to Chris Key, who will be discussing the details of our Mandiant Advantage platform and how it revolutionizes customer access to our frontline intelligence and our experts. Chris, over to you.

Chris Key — Executive Vice President of Products, Mandiant Solutions

Thanks, Kevin. As mentioned we launched Mandiant Advantage earlier this month, with the goal of being a SaaS platform for all things Mandiant, including our threat intelligence, security validation formerly Verodin, managed defense MDR and consulting services. Mandiant Advantage will deliver integrated bundled offerings powered by our frontline intelligence and backed by our experts. These offerings will be focused on addressing the top questions our customers are asking. Are they compromised? Can they be compromised? Is there security posture improving over time? And are they using their security budget effectively and efficiently? With flexible delivery, we plan to offer solutions ranging from 100% technology driven to expert backed, to fully managed, enabling us to meet our customers wherever they are, from a resourcing and maturity perspective.

Mandiant Advantage opens up many new opportunities for our customers and our business. Advantage provides our customer with an easy to deploy, easy to use technology interface to our expertise in frontline intelligence. We expect that by leveraging Advantage customer security teams will feel like Mandiant experts are virtual extension of their team, up leveling their skill and improving their effectiveness. Customer analyst will be able to see the world through the eyes of Mandiant consultant as we overlay and embed our breach and other front line intelligence into their day-to-day workflows highlighting what is most important and guiding them on where to focus. For Mandiant Solutions, Advantage provides a powerful technology scale for our expertise. Imagine, if what a single Mandiant consultant learns tomorrow while battling through an incident response could immediately be leveraged by thousands of customers to improve their defenses.

Advantage allows us to scale this real-time intelligence across an unlimited number of users. For every consultant we have, I believe the ripple effect across our customer base is exponential. Mandiant Advantage enables us to extend the reach and impact of what makes us unique. Advantage also expands in our total addressable market by expanding the number of potential customers, building on our original vision for Helix, Advantage enables us to empower every security team in the world with our expertise and intelligence regardless of the SIM [Phonetic] or control products that they have deployed. Given the unique position we hold as the go-to-organization for incident response, we believe that the knowledge we have of attackers is unparalleled and incredibly valuable. Advantage enables us to leverage this unique position to continue to up level FireEye products but also scale and be relevant to the security teams that may have chosen another vendor for their controls. Going to market is an easy to try, easy to buy SaaS solution, will enable us to take advantage of this new expanded opportunity.

The first module we launched on Advantage was Mandiant Threat Intelligence. This represented a shift in how we provide threat intelligence to our customers, moving from a traditional focus on reporting and finished intelligence to giving our customers direct access to our raw data and enabling our customers to know what we know when we know it. As part of this new approach, we also decided to provide a freemium tier, enabling customers to easily sign up and experience the new offering. Confident that our unique and proprietary intelligence is a major differentiator, we’ve included millions of open source indicators and a machine learning driven confidence score at no cost to our freemium users. The level of open source data we are providing for free is equal to have many vendors providing their paid offerings. We think this approach will be disruptive. In just the first few weeks, we have seen hundreds of organizations sign up for our free tier and many of those have already requested information on pricing, getting a demo and trialing the paid version. We’re looking forward to see what impact this new approach has on our business in 2021 and beyond.

As we move through Q4 and Q1 ’21, we plan to add additional modules to Mandiant Advantage. By the end of this year, we will add both validation on demand, as well as managed validation. Validation on demand will enable customers to go from investigating a threat actor in the Mandiant Advantage to testing their actual environments against that actor’s techniques in just a few clicks. By validating their resilience using our frontline intelligence in their environment, we believe that our customers will be able to rapidly prioritize and deploy their resources to address these shortcomings. In a recent demo of this upcoming capability, we see sort of a global retailer remark, this quantifiable data completely changes its plans, not just for 2021, but the next five years. Being able to validate this environment against what Mandiant is seeing in breaches is a game changer.

I’m incredibly excited by the initial response to Mandiant Advantage and look forward to continuing to build out its powerful capabilities over the next several quarters. We are just getting started.

Kevin Mandia — Chief Executive Officer and Board Director

Chris, thank you very much for that report. In closing, I want to remind all of you of the four priorities that we had for 2020. First, we intend to be the best rewarded internet response red teaming and threat intelligence. We performed more investigations during the first three quarters of 2020, then during the same timeframe last year. We continue to add capacity to remaining services organization, expanding our consulting services in all areas, including cloud security, IoT, security transformation and red teaming.

Second, we intend to extend our dynamic threat detection and expertise to defend cloud-based infrastructures and we address a lot of this priority with our acquisition of cloud advisory and the launch of our cloud security assessment service. And again with our network security 9.0 release including multiple enhancements to support secure migration of workloads to the cloud.

Third, we intend to deliver our expertise on demand seamlessly through our technology. And finally, we intend to be the best in the world at security validation. As you heard from Chris, with Mandiant Advantage, we are combining our intelligence, security validation and our expertise into a platform. We are working to make the process of merging security effectiveness against the most current attacks simple continuous and commonplace. I believe our new Mandiant advantage platform are closed through security gap between the attackers emerging techniques and the safeguards that are often too slow to adapt and stop or detect these attacks.

I also believe that adding validation on demand, as well as managed validation offerings will be instrumental to security validation adoption. The platform will also make our experts available at the point when our customers need them at most. As a proof point, our expertise on demand adoption continues to increase and utilization of our experts continues to diversify. Revenue generated from the use of expertise on demand increased by more than 300% again in the third quarter with approximately 66% of the use of these experts for the delivery of non-incident response services.

And now I’d like to turn the call over to Frank.

Frank Verdecanna — Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Thanks, Kevin and hello to everyone on the call. Before we move on to the details of our Q3 results and our updated guidance for Q4 in 2020, let me remind you that I’ll be referring to non-GAAP metrics except for revenue and operating cash flow. Our non-GAAP measures exclude stock-based compensation, amortization of intangibles, non-cash interest expense on our convertible debt, restructuring charges and other non-recurring items. There are three key takeaways from our Q3 results.

Q3 extended the year-to-date trend of strong results, building on the strength we saw in the first and second quarters. Demand remained solid across our products and solutions, and we have increased our revenue and profit outlook for Q4 and 2020. And with the stabilization of our more mature products and growth in the emerging solutions, I believe we have set the stage for a strong close to 2020 and a great foundation to enter 2021.

Turning to the specifics of our Q3 results. In Q3, we had another strong performance across all key financial metrics. We delivered revenue, record revenue that was $11 million above the midpoint of our guidance range and we reduced our operating expenses by $18 million compared to Q3 of ’19. As a result, we delivered another record quarter for operating profit. We also delivered positive operating cash flow of $33 million and free cash flow of $29 million. As the high-level summary of the quarter, now let’s turn to the details. We remain focused on annualized recurring revenue and revenue as the most important indicators of our financial performance. ARR provide insight into the expansion of our installed base of recurring subscriptions without regard to short-term changes in average contract length, the timing of large renewals or hardware refresh cycles.

As we’ve seen, any or all of these factors can cause volatility in the year-over-year growth rate for billings. For these reasons, we believe ARR and revenue are better indicators of our progress on our transformation journey, especially in the current environment. But we know billings continues to be a widely followed metric, so, while we are no longer guiding to billings, we will provide some color on our Q3 billings performance.

For Q3, we delivered $239 million in billings, down $9 million or 4% from Q3 of ’19. This is much better than the 8% year-over-year decline in Q2, which I believe was the low point for the year-over-year billings growth. I will outline a few of the reasons we believe, the year-over-year growth rates in billings will continue to improve by a few percentage points each quarter. First, the product and related billings compare for the first half of 2020 were difficult due to the refresh activity of our third generation appliances in the first half of 2019. With that growth over, behind us, the trends in product and related billings growth have normalized. This is validated by the sequential increase in product and related ARR. Second, we are seeing a strong pipeline growth for our emerging solutions in the platform and cloud subs category, as organizations map out their long-term security strategies.

Finally, our non-financial operating metrics of new logo customers, greater than $1 million transactions and ARR are all trending up. Looking at the large transactions, not only is the number increasing, but we are seeing in the number of products and solutions per transaction trend upward as well. In Q3, 75% of the greater than $1 million transactions included four or more products or services. Before we turn to revenue and ARR, let me make a — take a moment to provide some additional context on the year-over-year billings growth rate for the platform, cloud subs and managed services category.

The reported growth rate turned negative in Q3. I believe this is an aberration rather than a trend, similar to what we incurred in the first half of 2019. The year-over-year decline was a result of a very strong quarter the year prior and the timing of some very large renewals. Based on deals closed quarter-to-date and our visibility into the pipeline in the fourth quarter, I expect that growth rate to bounce back in Q4 to a level consistent with or slightly better than the billings growth rate we achieved in this category in the first half of 2020. Cloud endpoint, Helix, intel and validation performed very well year-over-year, but our managed defense billings had a sizable year-over-year decline due to some large deals and renewals in the Q3 of ’19 quarter.

Looking at revenue and ARR, cloud-based and cloud deliver solutions showed continued strength in Q3 with the platform cloud subscription and managed services category having revenue up 21% year-over-year. This category accounted for 31% of total revenue compared with 27% of total revenue in Q3 of ’19. ARR for this category was up 4% sequentially and 18% year-over-year. Every product in this category increased year-over-year with growth led by cloud endpoint, intel and validation. Revenue associated with our on-premise product and related subscriptions business decreased 8% year-over-year compared to decreases of [Technical Issues] the prior three quarters. Revenue for this category increased by about $5 million sequentially versus our expectation of approximately flat with Q2. The outperformance was largely due to strong sales of our PX forensic appliances in the quarter, which are recognized upfront. ARR for the product and related category increased 1% sequentially, an important indicator of this portion of the business has stabilized.

Professional services revenue also increased sequentially to a record $55 million versus our expectation of approximately flat with Q2. We continue to maintain high utilization rates and chargeability, which resulted in services gross margin of 55%, above our historical average of about 53%. Total gross profit margin was relatively flat with Q2 of ’20 and at the high end of our guidance. Operating expenses were flat sequentially and down $18 million from Q3 of ’19 reflecting our reduced cost structure following the first half transformation activities as well as continued travel reductions and lower facilities costs. We estimate the savings on travel, events and facilities related costs associated with the pandemic were about $8 million this quarter. The combination of higher-than-expected revenue and reduced operating expense levels resulted in record operating margin of $28 million or 12% and earnings per share of $0.11 or $0.03 above our high-end of our guidance range.

Turning to the balance sheet and cash flow, our balance sheet remains very healthy. We ended the quarter with cash and short-term investments of $942 million. The sequential increase was driven by our free cash flow of $29 million. We ended the quarter with $134 million in receivables, an increase of $14 million from $120 million at the end of Q2. DSOs based on billings was 51 days in the quarter. With most of our facilities closed worldwide, as well as the purchase of fewer demo appliances as we continue to shift towards more cloud-based solutions, our capital expenditures were less than $5 million in Q3, a record low. We ended the quarter with $894 million in deferred revenue. The decrease from prior year reflects the continued amortization of appliance sales from prior years.

Before we get to our outlook, we have had several incoming questions about our federal business. In Q3, our federal bookings reach record levels with the strongest growth we’ve seen in the past two years. Now let’s turn to our current outlook for Q4 and 2020. With the strong revenue results posted in Q3 and the continued momentum we see in early Q4, we are raising our revenue and earnings per share guidance for the year. For Q4, we currently expect revenue in the range of $237 million to $241 million approximately equal to Q3 revenue at the midpoint. We are taking a more conservative approach, and assuming that the large PX appliance sales will not be repeated in Q4, resulting in less upfront revenue. We also expect that — expect that services revenue will be relatively flat with Q3 due to less billable days because of the holidays in Q4.

On a year-over-year basis, our guidance implies revenue growth of approximately 2% which I believe will be the low point. Although we are not specifically guiding to 2021, I believe we will see quarterly year-over-year revenue growth rates reaccelerate from here. We expect gross margin of between 70% and 71%. We expect gross margin on our services to return to the long-term average of about 53% as we return to average utilization and chargeability in the quarter with fewer working days due to the holidays. We expect operating margin of between 10% and 11%, implying a $1 million to $2 million sequential increase in operating expenses, this is primarily due to the higher commission expense driven by sequential growth in billings. We expect fully diluted earnings per share of between $0.09 and $0.11.

For 2020, we are raising our revenue guidance range to $930 million to $934 million, an increase of $17 million at the midpoint on a narrow range. We expect gross margin of between 70.5% and 71.5%. We are raising our operating margin guidance range to 7.5% to 8%, which reflects our year-to-date results and our Q4 outlook. Embedded within this guidance are some assumptions, including assumptions about the ongoing impact of the COVID-19 pandemic on our operating metrics that you should consider as you build your models.

First, we expect T&E and facilities operating costs to increase slightly compared with Q3 as some restrictions are relaxed globally. That said, as restrictions on travel have continued, it has become clear that we can operate effectively at reduced levels. So post pandemic, we do not expect these expense categories to return to pre-pandemic levels. Second, we remain somewhat cautious about the potential impact of the pandemic on our services billings growth rates. More specifically, based on our current outlook, we are not anticipating the same surge in prepaid services we saw in Q4 of last year, when services billings exceeded $70 million. Although, we expect continued strong revenue performance in our services category as outlined in the revenue section, we are anticipating that services billings will likely decline year-over-year in Q4. This is by no means an indication of softening demand or ability to deliver services, both remain extremely strong.

We also expect expertise on demand sales to continue to grow. However, billings for services are more dependent on the mix of fixed bid or prepaid services versus time and material contracts, which is why revenue is a better indicator for services performance. Finally, our Q4 outlook assumes no material impact from the newly launched Mandiant Advantage solution. Let me close by saying that although uncertainties remain, we believe, our performance year-to-date demonstrates the strength of our business. I’m confident, we will continue to show progress on all fronts as we expect the adoption of emerging solutions to increase and the headwinds that have impacted our growth to lessen.

Operator, we’ll now open the call for questions.

Questions and Answers:

Operator

Thank you. [Operator Instructions] Our first question comes from Sterling Auty with J.P. Morgan. You may proceed with your question.

Matt Parron — J.P. Morgan — Analyst

Hi, guys, this is Matt on for Sterling. Thanks for taking the question. I think I caught in your — in the prepared remarks you talked about product ARR growing. I was wondering if you could break that down, what really is driving the performance in product this quarter? Thanks.

Frank Verdecanna — Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Yeah, we had a strong product quarter really across the Board. I think our network, email and endpoint products and Helix specifically had good quarters and Q3 is a larger Fed quarter and we do see a better mix towards products in the Fed quarters.

Matt Parron — J.P. Morgan — Analyst

Got you. And last quarter you talked about accepting or now working with third party solutions for the Mandiant Solution. What’s been the reaction you’ve seen so far in terms of additional uptake from customers?

Kevin Mandia — Chief Executive Officer and Board Director

Chris, this is Kevin speaking, would you like to take that question please?

Chris Key — Executive Vice President of Products, Mandiant Solutions

Absolutely. Yeah, I mean, we’ve had kind of a two passive [Phonetic] reactions. One, the customers and prospects, we’re talking to definitely are very excited about it. They’re looking to be able to leverage the uniqueness of our expertise and our intelligence, regardless of the control product decisions that they’ve made as well as our existing FireEye control customers are excited about having a deeper level access into the data that we have. Additionally, with industry analysts, it’s definitely something that has resonated well, so far it’s been a very good positive reaction of all around.

Matt Parron — J.P. Morgan — Analyst

Great. Thanks, guys.

Operator

Thank you. Our next question comes from Gur Talpaz with Stifel. You may proceed with your question.

Chris Speros — Stifel — Analyst

Hi, this is actually Chris Speros on for Gur. For Kevin, can you provide some incremental details surrounding FireEye’s enhanced relationship with Microsoft, particularly the demand that you’re seeing for Mandiant Security assessment within both Office 365 and Azure, as well as the opportunity related to adding Mandiant intelligence to the defender technology.

Kevin Mandia — Chief Executive Officer and Board Director

Yeah, it’s something that we recognized, Microsoft is everywhere, you know, and with that ubiquity what we want to be able to do is make sure we can overlay our intelligence, specifically with the managed defense service on endpoints besides just our endpoint, we think our endpoint differentiates with a lot of the forensics capabilities, but there is other end points out there that our customers or prospects want us to support. So we’ve been working hard to incorporate the ability to sell our customers or prospects. Hey, do you use Microsoft Advanced endpoint, we can do that. We can put a — overlay our intelligence and our experts and manage that for you and be an extension of your security team. So we’re rolling that out over the course of this quarter. We have a beta customer that we’re working with on that, but prior to that, the service managed defense is really, wholly dependent on us using our endpoint. And so Microsoft is the first of several other third parties that we’re going to expect to over time, we want to be able to apply our skills in Intel too.

So still too soon to say the impact, but that being said, it’s a move in the right direction. We want the Mandiant Brand that we’ve seen is product agnostic. Obviously, FireEye products and controls will be advantaged by being in the same house and under the same roof as Mandiant, but we want to take that intel and that expertise, which I think our biggest differentiators, and let other products leveraging. So…

Chris Speros — Stifel — Analyst

That makes a ton of sense and one for Frank, you noted that 75% of the greater than $1 million transactions included four more products. Can you talk about which products are being — are being included, and to what degree the validation and technology is being included and in driving these large transactions?

Frank Verdecanna — Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Yeah, I mean one of the real benefits to FireEye is how comprehensive our offering is and so if you look at a lot of those greater than $1 million transactions where you see is multiple products and multiple solutions. And so a lot of cases, you’ll have a point product like an network email or endpoint and then you couple that with a Helix subscription and then we’ll add on managed defense or expertise on demand. So I think you see a really nice broad kind of set of multiple products and services being, there isn’t one tip of the spear that kind of leads the way every time, it really is still dependent and customer-dependent on what they — their immediate needs are.

But I think the important point for this is that when we look at the business today versus when we looked at it a year or two go. We are just selling a lot more of the platform and a lot more of the comprehensive offering than in previous years, we have one large product driving the vast majority of the deal. So I think it’s a healthier way to operate, because we were getting expansion within those customer bases at a much higher level.

Chris Speros — Stifel — Analyst

That’s great. Thanks, guys, and congrats on the quarter.

Frank Verdecanna — Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Thank you.

Kevin Mandia — Chief Executive Officer and Board Director

Thank you, Chris.

Operator

Thank you. Our next question comes from Fatima Boolani with UBS. You may proceed with your question.

Fatima Boolani — UBS — Analyst

Good afternoon, team. Thank you for taking the questions. Frank, couple of questions for you. As we think about the product performance this quarter, I know you highlighted the PX appliances is maybe out shining, but as we think about the Gen 4 Gen 5 appliances that you have in your base, can you talk us through some of the lifecycle considerations on those appliances in the base and how we should think about those rolling through over the next couple of quarters. And then I have a follow-up as well.

Frank Verdecanna — Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Yeah, I think for the refresh activity, I think you’re going to see, it is pretty acute, the last time when we went through the refresh of the third generation. At this time around, it’s going to be much it’s going to go over a longer period of time. And right now, the only thing that would be refreshed typically would be our fourth generation appliances and I think you can think of that happening, primarily in 2021, but again I don’t think it’s — going to be as acute as we saw concentrated within a couple of quarters in 2019 that we saw.

Kevin Mandia — Chief Executive Officer and Board Director

Yeah, and Fatima, this is Kevin. One of the things that’s going to change a little bit is, when we were selling a lot of the Gen 3, it was at a time our FireEye’s product growth was exceptional with 90% growth, 50% growth, 60s and we were selling down market one in two appliances. So when we did the Gen 3 refresh, that’s where we saw some less commitment to FireEye as the small to medium businesses that bought the products back in 2014, 2015. What we’re seeing is that flushed out some of the smaller, but we’re seeing the big, the large 1A enterprises renew and stay committed. So now when we look at our base, it’s more of the 1A enterprises where FireEye plays better and has more strength. And so I’m more confident that we’ll handle the next refresh cycle, better than the prior one. The fit between us and the customer is better, and we’re going to handle it better.

Frank Verdecanna — Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Yeah. And while our…

Fatima Boolani — UBS — Analyst

[Indecipherable]

Frank Verdecanna — Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Our forensic appliances, we’re a little bit better than we had planned. It’s still a very small piece of the overall product business.

Fatima Boolani — UBS — Analyst

Fair enough. And just as a broader question, as I think about the breadth of the portfolio, how much have expanded and how much more software enablement, it is being rolled out, especially under the Mandiant umbrella, as I think about the long tail on some of the support revenue streams and maintenance revenue streams you have with some of your customers. I’m wondering if you have sort of an active program or campaign or any specific initiatives targeted towards customers who may be looking to move to the cloud and aren’t necessarily certain there, wanting to expand their spend. I’m curious if you have any sort of I guess the maintenance conversion programs to some of your other form factors in the portfolio. And that’s it from me. Thank you.

Frank Verdecanna — Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Yeah, Fatima I’d say, I’d answer it two ways. One is, we are working with our customers to really be where they want to be. So if they have a cloud migration strategy, we are moving along with them to the cloud. In a lot of cases we have on-premise customers that moved to a hybrid environment before they go 100% of the cloud and the good news is across our entire product set, we have both on-premise, hybrid and fully cloud. So we want to be where they want to be, but ultimately we realize that we want to eventually move the vast majority of our customers to the cloud. So we do work with them. We also do incent the sales force, a little bit in 2020 and a little bit more in 2021 on having them push for initial cloud sales. So then we don’t have to go through kind of any migration process.

Kevin Mandia — Chief Executive Officer and Board Director

Yeah. And this is Kevin. With the remarks to the broadness of the portfolio, it’s, we have eight different things in the portfolio, network security, endpoint security, email security, Helix as the interface that can integrate all of that and then we have intel, validation, Mandiant Services, managed defense. When we talk about Mandiant Advantage, what we’re actually doing is taking that eight avenues into a customer and we’re taking intel, validation, managed defense and expertise on demand and merging them into Mandiant Advantage. So there’s five avenues into a customer. So we’re actually trying to take $100 million of our business and put it into the Mandiant Advantage. So it’s an easier and simpler portfolio.

Fatima Boolani — UBS — Analyst

I appreciate the color. Thank you so much, gentlemen.

Kevin Mandia — Chief Executive Officer and Board Director

Thank you.

Operator

Thank you. Our next question comes from Rob Owens with Piper Sandler. You may proceed with your question.

Rob Owens — Piper Sandler — Analyst

Hey, good afternoon, guys and thanks for taking my question. Kevin now is, with Frank now talking about revenue acceleration as we move forward, and there’s been a lot of puts and takes of moving parts to the model, if I focus from here on execution or is there still more to be done around infrastructure around go to markets and how we see success. We’re not asking for ’21 guidance, but obviously it’s acceleration playing out, what would those proof points be?

Kevin Mandia — Chief Executive Officer and Board Director

Well, we’re very keen on the Mandiant Advantage getting adopted Rob, and modernize our intel, everywhere I went, customers are like, we want your operational intel today, not your finished intel three days later. So, we delivered that already. In the key to that actually was the source of truth, where we have — we went from a whole bunch of different intel sources, internally, we’ve got one now in the graph database is maintained by the smartest folks we have at the Company, making sure we input it. By taking our intel and marrying that up with validation, it is such a logical marriage to have one interface where you’re reading the news for the day in the Mandiant Advantage. You’re seeing the banners. This industry is being targeted. Here’s the most common vulnerabilities being exported based on insights into thousands of customers and all the intrusions we’re responding to.

Hey, I want to test to see if I’ve got this problem, to be able to get a click away, I think consolidating our portfolio into a platform, make it consumable, making it enabled from the cloud, making it easy to try and easy to buy is going to be the top driver going into next year and that’s why we had Christy on this call is because we put the Mandiant engineering, one of the biggest things we did last year as we took the engineering and kind of split it, with FireEye control products engineering and Mandiant Solutions engineering, and we have Chris driving that. And that platform is bringing our differentiators to market in simpler ways more relevant ways and ways that scale better. So I think that’s the big driver for 2021.

And everywhere I go Rob I’m getting the question, and I guess I might get this question more than the average security person, they reading the headline and saying, hey, do I have to worry about this attack? Well, test it, try it out. And we’re going to — just make that so simple and safe to do over the next few months that I think it’s going to be widely adopted.

Rob Owens — Piper Sandler — Analyst

Great, thanks. And then second for Frank. If I look at the platform cloud and MSP category both from a revenue perspective, as well as in the ARR perspective, the quarter-over-quarter performance was up, but probably didn’t grow as much as I would have thought. Were there any particular puts and takes there?

Frank Verdecanna — Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Yeah, I think it’s really just kind of driven by the large deals in the quarter. If we look at the Q3 deals, there was a lot of — a lot of large deals kind of skewed towards product, but if we look at the Q4 deals closed to date and the pipeline for Q4, we’re going to have a great platform cloud category quarter in Q4. And so I think you’ll see a pretty nice bounce back in Q4 there. And I think if you look at it on a trended basis you’ll see that category continues to grow very nicely in a pretty tight range, you get every now and then as we saw in Q1 of ’19. You get one negative quarter, but then it’s backed up by three quarters that are growing 20% to 40%. So, year-over-year. So I really do think it’s an anomaly that just some of the larger deals just happened to be more skewed towards product, part of that’s driven by the fact that we didn’t have a really strong Fed quarter which tends to skew towards product versus cloud right now.

Rob Owens — Piper Sandler — Analyst

Great. Thank you.

Kevin Mandia — Chief Executive Officer and Board Director

Thank you, Rob.

Operator

Thank you. Our next question comes from Jonathan Ruykhaver with Baird. You may proceed with your question.

Jonathan Ruykhaver — Robert W. Baird — Analyst

Yeah. Hey, guys. So on Mandiant the — the services business, obviously performed very well once again, and you looked at the growing portfolio of compelling capabilities EOD, security validation now, Mandiant, and it’s obviously helping there, but as we look into fiscal ’21, do you expect a pattern of continued relative outperformance from Mandiant just due to its growing portfolio. Could that impact, how we should be thinking of billings growth for Mandiant relative to FireEye products and services?

Kevin Mandia — Chief Executive Officer and Board Director

Well, I can tell you, I’m not sure of billings is the right metric and services firms billings is a trailing metric, because we do a lot of incident response, which is usually time and material contracts. So you build for it after you do to work. So that can — that can be a trailing indicator for us, but I definitely look at the growth rate of Mandiant Solutions to be faster and products period. It has to be, and when you look at that business, we’re the best role [Phonetic] at threat intelligence, we’re the best role at validation, we’re the best role at responding to breaches, where — we have incredible experts running our managed defense business. So I look at that and say, let’s take all the things that were exceptional and in the top right at, put it in the platform and make it more accessible to folks that are using FireEye controls, as well as not using the FireEye control products. So it’s absolutely the growth area, we’re emphasizing.

Frank Verdecanna — Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Yeah. And I think if you look forward to 2021, it’s going to — the growth drivers in 2020 are going to look pretty similar and we’re going to expect significant consistent growth across Mandiant Solutions, but also some of our products, cloud endpoint had a great year in 2020 and we expect to continue to have really good quarters going forward.

Jonathan Ruykhaver — Robert W. Baird — Analyst

Okay, good. It sounds great. And then just on product, you’ve talked about this stabilization and improvement in renewal rate. And I wonder if you can talk specifically about just the pricing dynamic and then the opportunity for add-on service adoption and how that might be impacting ACV at renewal and helping to stabilize the ARR?

Frank Verdecanna — Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Yeah, I think a couple of things are happening with the stabilization of ARR. One is, we have had a little bit better renewal rates on the product side. Part of that could be driven by COVID. But I do think that as we look at ARR and the kind of the go forward, we don’t have the big grow over challenges that we had in the first half of the year. And so product is definitely stabilized in Q3 and we expect it to remain stabilized in Q4, but I think the important thing is as we, and we’ve proved that are validated in the greater $1 million transaction is that, products bringing along with it. A lot of the solutions, solutions brings along with a lot of the products and we’re really able to kind of jointly sell a lot of the different products, which helps each individual growth rate, because we’re selling comprehensive solutions and a lot of cases.

Jonathan Ruykhaver — Robert W. Baird — Analyst

Very helpful. Thanks, Frank.

Frank Verdecanna — Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Thanks, Jon.

Operator

Thank you. Our next question comes from Saket Kalia with Barclays. You may proceed with your question.

Saket Kalia — Barclays — Analyst

Hey guys, thanks for taking my questions here. Frank, maybe first for you. Maybe just to pivot to profitability. Nice to see that double-digit profitability during the quarter. Could you just talk maybe how you think about the remaining cost savings from some of that restructuring activity, and I understand you’re not giving 2021 guidance. But maybe — maybe you could talk a little bit about anecdotally, the cadence that maybe back filling some of that in the coming quarters. If you do backfill it.

Frank Verdecanna — Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Yeah. I think when we look at opex, our expectation is that, 2021 will look a lot of like 2020. We’ll get the benefit of a full year in 2021 of the transformation activities we did in the first and second quarter. So we if you look at the model, I mean the great thing about what we’ve been able to do is we’ve been able to reduce overall opex, but at the same time significantly invest in the growth areas of the business. So as we look forward, we’ll continue to invest in the growth areas of the business, but I think the overall bucket of spend from an opex standpoint will be relatively flat in 2021 versus ’20, we will obviously see increases in COGS, because we will add Mandiant consultants. We will also add some cloud hosting costs as we continue to drive additional cloud growth.

Saket Kalia — Barclays — Analyst

Got it, got it. Kevin, if I follow-up maybe for you. I mean clearly very excited about Mandiant Advantage. So maybe I just put that beside just for a second, if I think about the cloud managed services part of the business, there are several products in there. And as you think about those products in coming years, what products are you may be most excited about having sort of a sustainable competitive in your mind. Does it makes sense?

Kevin Mandia — Chief Executive Officer and Board Director

Meaning, which products are we going to support inside of managed defense over the coming years.

Frank Verdecanna — Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Just the high growth products and the cloud.

Kevin Mandia — Chief Executive Officer and Board Director

Yes. Well, so inside of Mandiant Solutions, the validation on demand is going to be a cloud product that’s something that we made it, we did have kind of drive run of that based on some of the recent ransomware actors and it’s just it works, even we ran it, when time and value from the moment we decided, hey, we want to download an agent run the threats and see how well we do, it was 15 minutes time to value. So I’m very excited about validation on demand. For all the systems out there, it is small, even they might want to, hey, let’s see how good we really are and try that out. It was time to operationalize our intel, people always want to know where we know when we know it and Chris talked about that. So I’m just excited that we upgraded our intelligence offering meaning, we put our operational intel. It may not be cleansed, you know, it’s just — it’s coming in from the front lines right now. As we’re doing this call by the way, we’re doing over 150 investigations right now.

I mean we’re hot on the front lines. All that stuff is feeding right as we’re speaking, there are folks submitting data into Mandiant Advantage to make sure our customers can take advantage of it. So I’m pretty excited about that. I’m not sure if I understood the question right, but I am actually excited about our endpoint. I’ll add that. We have unique forensic capabilities in our endpoint, and I know endpoint forensics isn’t a enormous pan, but we back up, everybody else’s endpoint when it fails to protect people. And I think there’s value in our experts using our endpoint to really find the threats that a lot of folks conduct.

So looking at our managed defense service, we’re excited about our endpoint, we think it’s a differentiator. But we are going to go to other third-party products in the upcoming quarters. Simply because that’s what our customers want us to do.

Saket Kalia — Barclays — Analyst

Makes lot of sense. Thanks a bunch, Kevin.

Operator

Thank you. Our next question comes from Hamza Fodderwala with Morgan Stanley. You may proceed with your question.

Hamza Fodderwala — Morgan Stanley — Analyst

Hi, guys. Thank you for taking my question. Just maybe a follow-up to the previous question. Kevin, as you think about your, when you talk to your customers and you think about their spending priorities into 2021, obviously there was a lot of spending done to sort of enable that the rapid increase in work from home, but as they start to think about their security architectures and what will remain a more distributed work environment. Can you talk about where they’re focused as it relates to your product portfolio, and perhaps which part of the portfolio are maybe perhaps being more deemphasized?

Kevin Mandia — Chief Executive Officer and Board Director

Yeah, well, on-prem appliances are going to be de-emphasized. One of the things that absolutely happen with the emphasis on defending remote users is I think the majority of companies recognized, hey, let’s accelerate to the cloud. It’s just easier for us to manage it, then get cloud visibility and so you’ll see Caspian cloud security get important. I think endpoint is going through a great run right now. People are recognized with ransomware, you need to buy an endpoint that can learn, that can think, that adapts, that can do signature less based detection that is backed by expert, not eliminates a lot of the endpoint choices. So from our portfolio, I think endpoint is absolutely a growth driver. No question about it. I think cloud assessments is absolutely a growth driver. If people take a look at our Helix in the visibility. It provides now with cloud advisory, you can manage all your cloud-based resources, whether you’re in Google Cloud, Azure, AWS all in one place with FireEye products and get the controls in there to defend them. I believe in red teaming. And that’s validation on demand or humans doing it, if you want to prioritize your portfolio, I said if you’re just starting to security program today, you start with, hey I need a firewall, but about six innings into it, you got to start thinking about credential management, you got to start thinking about how do you all the controls, you have integrate and that’s where red teaming and validation becomes critical.

At some stage of your maturity level as a security organization, you have to start validating your security program, is in fact what you think it is and you had the configurations to think you have. So when I look at our portfolio, endpoint is going to matter. Helix is going to matter because of cloudvisory [Phonetic], cloud advisory and the cloud visibility that’s needed. Our services will always matter, because there’s always going to be another breach. And there’s always going to be a need for somebody to show up, yeah, what happened, and what to do about it. Validation will matter and be exceptionally important. And intel is going to matter, because that is what you need to drive better controls and to prioritize which events matter more than others. So I look at our portfolio and the things that are just less applicable on a go-forward basis, would be the on-prem appliance portion of it.

Hamza Fodderwala — Morgan Stanley — Analyst

Got it. Thank you.

Operator

Thank you. Our next question comes from Brian Essex with Goldman Sachs. You may proceed with your question.

Brian Essex — Goldman Sachs — Analyst

Great, thank you. Thank you for taking the question. I guess, maybe, Frank, I’d like to kind of hit on sales and marketing, a little bit, particularly post restructuring efforts, earlier this year, maybe if you can talk about efforts that you’re making to reaccelerate growth in the sales and marketing side, how mature is the sales force and what are changes you might make it the economy opens back up again and we can travel, where you might elect to kind of spend any kind of incremental dollars to drive better pipeline sales growth?

Kevin Mandia — Chief Executive Officer and Board Director

Yeah, I think we’ve seen a lot of improvements in sales productivity. I think a lot of that is we’ve got a set of leaders across all geos that have now been with the Company for a number of years at least three to four years, the vast majority of our sales leadership and they brought in a lot of good folks that have ramped up and are selling more than just one or two products like, they may have sold in the past. We’re now seeing a lot of comprehensive platform sales with multiple products and multiple solutions. So I think as we look forward, we expect productivity will continue there. We’ve been able to reduce the cost there and not really take a hit from a sales perspective. So I think we’ve done a really good job of kind of managing that expense down to a point where we are definitely more productive than we’ve been in the past and when, as things open up, we do expect T&E to go up a little bit next year as things open up, but we don’t expect it really to get back to the pre-pandemic levels. Because I think, even post-COVID, we will likely do some mix of virtual and in person events rather than all in person event. So I think there’ll be some savings there, and I think we’ve also just kind of got used to this working from home and zoom meetings and teams meetings and I think the team has been really effective. And so I think it will be kind of a paradigm shift kind of post-COVID, but the good news is we have been able to acquire new customers and been able to continue to cross-sell and up-sell. So we’ve been very happy with the sales performance.

Brian Essex — Goldman Sachs — Analyst

Okay, great. And maybe just a quick follow-up kind of housekeeping item. It looks like you had a bit of improvement in contract duration, maybe any insight around that and is this kind of the new level or was that primarily product-driven and we might see a kind of reversion back to the levels that we saw last quarter. Maybe impact to expect going forward.

Kevin Mandia — Chief Executive Officer and Board Director

Yeah, I think from an average contract length perspective, I think we will continue to see over time, kind of a shortening of the average contract length as we continue to move to more cloud services. I would expect, as we look at year-over-year we probably see last year-over-year declines of one, two months. I think Q3, because we did have a large product quarter and we had more multi-year kind of product. I do think that reverses a little bit in Q4. But I think the good news is, we’re not seeing that fall off a cliff. And I think, we really like to see it kind of manage down a little bit over time but not very significant in any one period, because we’ve been able to drive nice cash flows over the last year and I think we’re going to see nice continued cash flow growth there.

Brian Essex — Goldman Sachs — Analyst

Okay, great. Thanks again, guys. Appreciate it.

Kevin Mandia — Chief Executive Officer and Board Director

Thank you, Brian. Take one more question, please.

Operator

Thank you. Our last question comes from Lee [Phonetic] with Oppenheimer. You may proceed with your question.

Lee — Oppenheimer — Analyst

Thank you for taking my question, gents. And congrats on a strong set of results. Just one question on my end. Would it be to Kevin, Frank or Chris. Just maybe some colors in the general macro environment. We’ve seen the elevated cyber threat environment during the pandemic, and this will be helpful for the Mandiant Advantage business obviously in the cloud business as well. But then we — and in total lockdown in certain regions in EMEA and maybe a second wave, can you comment on that, Kevin, Frank or Chris, please.

Kevin Mandia — Chief Executive Officer and Board Director

Yeah, sure.

Lee — Oppenheimer — Analyst

That’s it for me.

Kevin Mandia — Chief Executive Officer and Board Director

Yeah, this is Kevin. Just looking at the macro environment, whether it’s geopolitics, COVID unrest, economic challenges, geopolitical conditions, there is no doubt, there’s an escalation in cyberspace, mostly wrapped around ransomware. I think healthcare is getting targeted I think industries that are more likely to pay to get their business back on line are being targeted and it just seems like it’s reached an tolerable level, so that’s driving a lot of the activity right now. So that’s my way of saying there is an escalation of activity in cyberspace that’s negative right now. There is an increase, it’s either an increase in tax or an increase in the impact of these attacks that’s keeping us busy and probably many factors that are contributing to, but probably the number 1 factor is their safe harbors. There is no risk or repercussions from the folks conducting many of these attacks at this juncture.

So it will be a while before that gets sorted out. In regards to any lock-downs that may happen in the future. We’re already working remotely and I think almost all organizations are period. So I think any lock-downs. It’s still going to be, it’s not going to be as impactful as what happened in March and we didn’t feel the impact then, we brace for it, but we are used to sending our expertise from remote locations. We are used to collaborating and remote ways and by now. So our customers or prospects or future customers. So I’m not too worried about an additional locked down especially considering, there’s a lot of organizations have said, hey, we’re not coming back ever again to the offices. I don’t see if that’s much of a difference in lockdown. There are organizations that are choosing to not have their employees come back to physical location. So the new normal is you got to be able to work in a distributed way, and FireEye is prepared to do that.

Lee — Oppenheimer — Analyst

Thanks for the color, Kevin and thank you, answering [Phonetic].

Kevin Mandia — Chief Executive Officer and Board Director

Thank you.

Operator

Thank you. And I’m not showing any further questions at this time, I’d now like to turn the call back over to Kevin Mandia for any further remarks.

Kevin Mandia — Chief Executive Officer and Board Director

Thank you. Yeah, I’d like to wrap up, but I wanted to share that I continue to be excited about our strong performance in this quarter and some prior quarters and our outlook for Q4. And it’s a result of our focused on structuring our business around products and solutions. I want to thank all the FireEye employees for the progress we have made towards our transformation for their continued efforts and focus through these most challenging times. And for your commitment to the security of our customers. And thanks again to all of you for joining us today and for your interest in FireEye please stay safe and healthy. Take care.

Operator

[Operator Closing Remarks]

Related Post