Q1 2020 Earnings Call
One of 2020 earnings results conference call.
At this time all pitches are in listen only mode.
Meter you're going to question answer session.
Disruptions will follow at that time.
If you're quite frankly shifts please go start there.
I hope it's called accordingly.
At this time, although I turn the call the Kate Patterson. Please go ahead.
Thank you Shannon good afternoon, and thanks, everyone on the call for joining us today to discuss firefights financial results for the first quarter of 2020.
This call is being broadcast live over the Internet and can be accessed on the Investor Relations section a fireeyes web site at investors Dot Fireeye Dot com.
With me on today's call or Kevin Mandia virus, Chief Executive Officer, and Frank <unk> Executive Vice President Chief Financial Officer, and Chief Accounting Officer of firearms.
After the market close today fiery issued a press release announcing the results for the first quarter of 2020.
Before we begin let me remind you that forest management will make forward looking statements. During the course of this call, including statements relating to raise guidance and expectations for certain financial results and metrics impact of the cobot 19, pandemic fireeyes priorities initiatives planned and investment drivers and expectations for growth and business.
Transformation the expansion as far as platform and the benefits capabilities and availability of new and enhanced offerings market opportunities go to market strategies and Fireeyes restructuring plan. These forward looking statements involve a number of risks and uncertainties some of which are beyond our control, which could cause actual results to.
Really from those anticipated by these statements. These forward looking statements apply as of today and you should not rely on them as representing our views in the future and we undertake no obligation to update these statements after the call.
For a detailed description of the risks and uncertainties. Please refer to our SEC filings as well as our earnings release posted an hour ago copies of these documents may be obtained from the FCC or by visiting the Investor Relations section of the website. Additionally, certain non-GAAP financial measures will be discussed on this call. We have provided reconciliations on these new.
Non-GAAP financial measures for the most directly comparable GAAP financial measures in the Investor Relations section of the website as well as in the earnings release. Finally, I'd also like to point out that we have posted a supplemental slides and financial statements on the Investor Relations section of the website with that I'll turn the call over to Kevin That's a cake.
I would like to thank all the investors employees customers and partners for joining us today on the call I hope that all of you your families. In your loved ones are staying healthy during the unprecedented conditions. We are all currently enduring.
As we are confronted with new and emerging challenges from the krona virus is fireeyes top priority to ensure the health and safety of all our employees, while also effectively safeguarding our customers from cyber attacks.
I'm proud of how fast are customers adapted to the new normal I'm also proud of our employees, who reacted swiftly to shelter in place and work from home orders, while maintaining performance in our mission of safeguarding our customers.
Now I'd like to turn to Fireeyes first quarter accomplishments.
I'll begin by discussing some Q1 highlights then I'll provide an update on our performance by category Oh I had commentary on how we're thinking about the impact of the current kobin pandemic on our business.
I'll, then turn the call over to Frank to discuss the details of our first quarter financial results the impact to the coated 19 pandemic and the resulting changes to your outlook for the year.
In the first quarter, we met our revenue guidance for the 13th straight time, we achieved the midpoint of our billings guidance range and we exceeded our guidance range for earnings per share.
Let me share some of the highlights with.
Billings for the quarter was 170 million at the midpoint of our guidance range revenue for the quarter was 225 million, which represented the first quarter record for us It was above the midpoint of our guidance range it up 7% year over year.
<unk> revenue growth was led by year over year growth of more than 30% and our platform cloud subscription and managed services category, which includes our validation platform. Our threat intelligence managed defense offerings as well as or cloud based security products.
Annual recurring revenue for this category also increased by more than 30% year over year.
Revenue for the Mandiant consulting services grew 25% compared to Q1 or 2019.
Now this marks the eighth quarter in a row of record revenue for our professional services.
Fifth quarter of year over year revenue growth exceeding 20%.
And the second quarter in a row that revenue exceeded $50 million.
The combined revenue of our platform in cloud category and our professional services category equipped our more mature appliance based business again in the first quarter and that accounted for 53% of our total revenue. This compares to 44% into Q1 of 2019 less than 40%.
One of 2018, we expect this trend will accelerate throughout 2020, as we're transforming fireeye to security as a service company with our solutions growing over 30% and eclipsing our product category.
We exceeded earnings per share got introduced to our first quarter non-GAAP operating losses by over 50% year over year, we added 258, new customers in the quarter up from 237 years ago. The dollar amount of new customer billings increased more than 20% year over year. The total number of customers and the number of.
Global 2000 customers transacting in the quarter increased compared to a year ago.
And our business is well diversified across all geographies I was pleased that our largest transaction in the first quarter was a new customer added from Japan.
I believe our solid performance during the quarter, what the directory sold the actions we have taken to transform and modernize our business over the last several years I also believe our performance was aided by the speed and effectiveness in which we adapted to the working conditions brought upon by the coven pandemic, we were able to ship their operations around the world almost seamlessly to.
Our work from home model on very short notice.
It's allowed us to remain focused on her mission and to address the change in threat activities, we witnessed in the first quarter.
Now I'd like to provide you an update on our Mandiant consulting services.
Customers around the world continue to call on Mandiant, not only to respond to security breaches, but also to proactively assessed the resilience against the latest attacks modernize their security operations and help them build in house capabilities custom demand for these offerings has allowed or consulting business to consistently deliver record.
Good results.
While our consulting business is not completely immune to the impact of the global pandemic I believe Mandiant services will continue to be an important growth driver for our business, but during the pandemic and afterwards there are several reasons for this.
First a threat environment remains elevated while most threat actors have continued to use the same tools and techniques. You attack surface is expanding with work from home mandates. We have seen targeted attacks by nation state actors that appear to be seeking covert 19 related data from both public and private sources.
We have also seen the reemergence of some highly sophisticated state sponsored attackers you appear to be targeting organizations associated with critical infrastructure energy into defense industries.
In addition, a nation state attacks, we continue to see significant levels of ransomware activity. Another disruptive attacks that we're currently responding to.
Second Amendment consulting organization has been able to quickly respond to the current work from home environment. We've adapted all of her services, including our education business to provide remote delivery, we adapted fast because our technology was designed for us to send expertise and offer remote access assistance to our customers.
For incident response services, we are leveraging our endpoint technology, which is deporting managed remotely, allowing our experts to work on multiple engagement simultaneously from anywhere for our strategic services. We are making use of video conferencing. Another collaboration technologies Tapas bridge. The portion we would typically perform on site.
The third reason I believe managed services will continue to grow is the relevance of our portfolio, which we are expanding even further we are in the process of formalizing two new offerings to meet customer demand in the current environment first our remote security assessment, which is a lightweight fixed cost offering intended to address and organizations immediately there.
Media concerns due to work from home mandates and a ransomware technical assessment to help organizations determine how effective their security technology and processes are at containing a ransomware attack. We also introduced a new managed defense offering that cover shorter durations and allows customers and prospects to use.
Our resources to surge or cover their security needs as they accommodate their remote workforce.
In addition to these new services.
Purity program assessments red teaming and other strategic services allow customers to assess the effectiveness of their security programs as a security landscape shift change rapidly in the last few months more and more organizations are looking to complete assessments given the strategic importance of cyber security for these reasons, we're confident in the demand.
And for our consulting expertise and when you're looking to add more mandiant consultants to increase our capacity to meet that demand.
Now I'd like to up to date excuse me now I'd like to update you on our platform in cloud subscription and managed services category.
Every product in this category posted year over year growth with cloud endpoint once again, leading the category with triple digit growth and the latest Mitre attack task our fire I endpoint security had the greatest number of total cumulative detections of any of the evaluated solutions. Additionally, the naval information warfare systems command selected Fireeyes endpoints.
Security as the first place winner of the artificial intelligence applications to autonomous Cyber security Challenge. This recognition highlights how we have been able to transform our innovation into our cloud based products.
Our cloud based network can email security threat intelligence and managed defense offerings, all posted double digit year over year growth and annual recurring revenue in Q1, we continue to enhance our validation platform with new insights and new threat intelligence, releasing several updates during the quarter and we expect continued growth in our platform.
Cloud managed service category, there's a natural relationship between our Mandiant consulting services and our platform offerings that drives long term relationships with our customers and future adoption of our solutions.
Now I'd like to discuss our plan for 2020.
Last quarter, we talked about the steps, we have taken to modernize their business and our priorities for this year I like to giving an update on our progress in the first quarter as well as recent actions weve taken to increase our investment in our growth areas.
First we intend to be the best underwater incident response, red teaming and threat intelligence as I shared earlier, we continue to add capacity or Mandiant services organization and the package our offerings in order to expand our reach.
Second we intend to extend our dynamic threat detection and expertise to defend cloud based infrastructure and the first quarter. We acquired cloud Advisory we launched our cloud security assessment service and continue to expand our cloud based email endpoint and network security solutions with detection on demand we now offer.
Detection capabilities through an <unk>. This creates new partnership opportunities and allows customers to augment the detection capabilities or their existing security products with our best in class detection.
Third we.
The liver expertise on demand seamlessly through our technology, we want to make our experts available at the point when customers need them. Most so we continue to make progress on this front and our expertise on demand billings grew 66% year over year and finally, we intend to be the best unwanted security validation.
What we want to do here is make the measuring of security effectiveness against the most current attacks simple continuous in common place with a mandiant experts and our managed offerings. We believe a managed validation as a service would be a highly effective differentiated way for organizations to measure to their security.
Back to US we are uniquely armed with the latest attacker methodologies and I believe we will be the company that closes the gap between the attackers emerging techniques and the safeguards that are often to slow to adapt and stop or do you get these attacks.
We recently took several additional steps as a company that we believe will allow us to increase our momentum first to more clearly convey the relationship between our services on our security as a service subscription offerings earlier. This month, we officially unified our validation.
Our threat intelligence managed defense and expertise on demand offerings under the umbrella Mandiant solutions. The Mandiant brand is widely recognized by customers as a gold standard in cyber security consulting and this unification is designed to help make the transition from our services to our SaaS offerings are more seamless experience for our.
Customers.
Second in parallel with our increased investment in the growth areas of our business. We are revamping our business operations to be more efficient and make it easier to do business with us in short we are evolving the business operations built for an appliance business to business operations built for an as a service offering with more flexible pricing model.
And licensing scheme us and the ability transact on provision software and services in minutes.
I believe these efforts will be more important than ever in the aftermath of the covert 19 pandemic and finally, we initiated a restructuring plan designed to enable us to increase investment into growth areas of our business and position. The company for improved operating performance to be clear planning was in motion long before the krona virus out.
Break the restructuring includes the reduction of approximately 6% of the company's workforce, primarily in the mature appliance based product areas. While there is never an ideal time for this type of action I believe it was necessary for us to take the steps now to continue to transform our business to a comprehensive security.
As a service company.
To conclude I believe we are in the midst of a shift in the way organizations evaluate by and implement cyber security solutions and the covert 19 pandemic is likely to accelerate the shift.
Organizations are increasingly focused on security outcomes, rather than technology alone and they are demanding proof of security effectiveness. This change is happening in parallel with the migration of workloads to the cloud.
I believe the steps were taken to leverage our differentiators defining known to security validation market and transacting and as a service way position us well for this shift change our strategic advantages our expertise in threat intelligence remain unchanged and while few companies will be untouched by the economic disruptions broader.
<unk> by the Cobot 19 pandemic I believe we are well positioned to continue to grow our emerging solutions and services.
Now I'd like to turn the call over to our Chief Financial Officer, Frank Vertica. Thanks, Kevin.
Load everyone on the call.
Before we move onto the details over Q1 results and guidance for Q2 in 2020.
Let me remind you that I'm, referring to non-GAAP metrics, except for revenue and operating cash flow.
Our non-GAAP measures exclude stock based compensation amortization of intangibles.
Noncash interest expense on our convertible debt.
Restructuring charges and other nonrecurring items.
Turning to Q1 result, I Echo Kevin's comment that I think we executed well against our plan as we quickly pivoted to work from home organization.
We delivered billings and revenue within our guidance ranges and exceeded our EPS guidance range.
We estimate that cobot 19, global pandemic reduced our Q1 billings by about 10 to 15 million.
And revenue by less than 2 million.
The impact on billing combined with an increase in dsos.
Related to the co bad Kobin 19 pandemic resulted in operating cash flow below what we had anticipated in our pre pandemic guidance.
As we take a closer look at the details I will focus my comment on air our and revenue as the key indicators of our financial performance.
The air our metric gives you insight into the expansion of our installed base of recurring subscriptions without regard to short term changes in average contract like.
We're in quarter timing of large renewals.
Which as we've seen can cause volatility in our quarterly growth rates for billings.
Revenue reflects growth in our deferred revenue and drives our profitability.
For these reasons, we believe error and revenue are better indicators of our progress on our transformation journey, especially in the current environment.
Looking at revenue and air or by category and our operating result.
Platform cloud subscriptions and managed services revenue increased 33% year over year and accounted for 30% of total revenue compared with 25% a total revenue in Q1 of my team.
Air our was up 32% year over year, and 1% sequentially as we continue to expand our customer base in this category.
This category now accounts for 49% of they are up from 40% at the end of Q1 of 19.
[noise] Mandiant services revenues grew 25% year over year to a record 51 million and accounted for 23% of total revenue compared with 19% of total revenue in Q1 of 19.
We continue to see strong demand for expertise in both incident response and strategic consulting.
And that's why we currently we do not include any of our services or expertise on demand subscriptions in our air our metrics, even though many customers purchase strategic consulting engagements year after year.
Revenue for platform cloud subscriptions in managed services and Mandiant services categories accounted for 53% of total revenue compared with 44% a year ago.
Our on premise product and related business accounted for 47% of total revenue compared to 56% a year ago as our mix continues to shift to higher growth categories.
Product and related revenue declined 11% from Q1 of 19 due to lower deferred revenue balances entering the quarter.
Appliances accounted for the majority of the year over year decline.
Remember that appliances originally sold in 2015 were fully amortized by the end of Q4 2019.
Ladies and more difficult year over year comparison than prior quarters.
Product related Ayr, our decreased about 2% sequentially, a similar seasonal decline as last year.
Net retention rates in these categories remained above 95%.
Our air our and retention metrics demonstrate that the product and related portion of our business has stabilized following the end of life events that impacted results in early last year.
It also suggests that while we expect on premise appliance based sales to continue to decline as customer shift to virtual and cloud form factors.
We are managing well through the transition and we continue retain our base of enterprise class customers.
Gross profit margin of 71% was consistent with our guidance.
The decrease compared to Q1 of 19 was due to a higher mix of services in total revenue as well as an increase in cloud hosting costs associated with higher cloud revenues.
Note that although mandiant consultant services are at a lower gross margin our services contribution margin is consistent with other areas of the business.
Total operating expenses were flat year over year, an increased about 6 million sequentially.
The sequential increase was primarily related to higher employee payroll taxes that are seasonally higher in Q1.
Our pre shelter in place guidance had anticipated operating expenses of around 168 million on an absolute dollar basis or about 7 million higher than our actual results.
The difference was primarily due to lower travel and event expenses in the last month for the quarter.
With revenue and gross margin, where we expected and lower than anticipated operating expenses operating margin was three percentage points better than our midpoint of our guidance range.
Q1, 2020 operating losses were 56% lower than Q1 of my team had a $2.8 million water loss.
This translate into a net loss per share of two cents better than our guidance range of loss of three to five cents.
Turning to the balance sheet and cash flow.
Our balance sheet remains very healthy we ended the quarter with cash and short term investments of 980 million.
Which is more than enough to repay the 120 million in convertible debt that we expect to be required to repurchase on June onest and to fund our operations for the foreseeable future.
Even in the more conservative versions of likely scenarios in this current environment.
We ended the quarter with receivables are approximately 140 million an increase of 29 million from year ago.
Dsos calculated on billings were 74 days.
This is up from our usual 55 to 60 days.
We attribute the increase to the cobot 19 pandemic and expect Dsos to remain in the 70 to 80 day range at least through the second and third quarter of the year.
As I mentioned cyber security remains a high priority and we remain confident in our ability to collect payment, but where we increased our bad debt reserve a reduced our near term cash collection forecast as a cautionary measure.
Total deferred revenue at year end was approximately 920 million.
An increase of 14 million from the ended the first quarter of 2019.
Platform, how subscriptions and managed services deferred revenue increased by about 36 million.
And services deferred revenue increased increased by about 24 million.
The increases in the platform called subs and services categories was partially offset by 46 million.
Decline in product and related deferred revenue as prior period appliance sales continue to roll off the balance sheet.
Note that this dynamic has a disproportionate impact on current deferred revenue.
On a sequential basis deferred revenue decreased by 55 million, reflecting normal seasonality in our quarterly billing.
Operating cash flow for the quarter was negative 24 million.
Compared to our expectation of approximately breakeven.
The difference was due to the increase in dsos relative to our pre pandemic expectations.
As Kevin mentioned, we have been taking steps to accelerate our transformation and set the stage for increasing growth and profitability in the future.
This resulted in a restructuring charge of approximately $11 million in the first quarter and we expect to incur additional restructuring costs of between 10 and 15 million in the second quarter.
We expect these action will reduce our operating expenses by at least 25 million in 2020 compared to 2019.
Similarly in the second half the year, along with additional year over year savings related to lower travel.
When I review, our Q1 operational metrics, including the increasing new customers growth in air our net retention rates as well as our current pipeline of both new and renewal business.
I'm confident our business remains healthy and our transformation is on track.
Now, let's turn to our current outlook for Q2, and the remainder of the year.
My comments on our outlook take into account, what we know today, while we recognize there are many unknowns, including the timing of reopening economies both in the U.S. and abroad.
While we are operating with the same uncertainties that every other cyber security company.
Cyber security remains a top priority far base of government and enterprise class customers.
I believe these are also the organization best position to weather the storm.
I believe the biggest unknown for US is the average contract length of billings.
Well customers may still commit to multiple years given the current economic uncertainties. We are assuming that some will be less willing to pay for upfront for multiple years.
In recognition of this uncertainty we're not guiding billings for the second quarter and we are withdrawing our previously.
Annual billings guidance for 2020.
Since billings drives our receivables balance and cash flow. We're also withdrawing our cash flow guidance for the year.
However, since we typically recognized more than 90% of quarterly non services revenue from deferred revenue on the balance sheet.
And for demand for our services remain high we are providing revenue guidance for Q2.
We're also providing revenue guidance for the year, although we have expanded the range compared to prior periods.
Expenses remained within our control, allowing us to provide visibility into operating margin and earnings per share for the quarter in the year based on current revenue assumptions.
For Q2, we expect revenue in the range of 213 to 217 million.
Gross margin of between 60 and 69%.
And operating margin of between negative one and negative 2%.
EPS of loss per share of one to three cents.
For the full year 2020, we expect revenue.
Between 880 900 million.
Gross margin between 69 is 70%.
Operating margin between positive one and positive 3%.
This implies the decrease in operating expenses of 30 to 35 million compared to 2018.
Which includes at least 25 million related to the restructuring actions as well as additional savings for operating costs, such as lower Cheney.
As noted this is basis.
Based on what we know today.
And what we believe as of today.
There's a lot of uncertainty there has been created because of covert 19, and we are doing our best to manage and provide you with the guidance while operating in this uncertain environment.
That concludes my review of our guidance ranges in assumptions I know, there's a lot of detail here. So we have a summarized the assumptions a math for you in the guidance section of our slides.
Operator, we'll now open the call for your questions.
Ladies and gentlemen tests question, we need to press star one of your telephone to withdraw your question press the pound key.
Please symbolic composites many roster.
My first question comes from Michael Turits with Raymond James Your line is open.
Hi, This is Eric has done for Michael.
Kevin just based on what you're seeing a conversation can you just elaborate more maybe what customers are customers actually de prioritizing maybe certain I'd see initiatives there are others.
Hey, Mike to that shifts in coming quarters.
Yes, so the number one question I've gotten and realize my audiences UGI Chief information Security officer or above it was how do you protect to remote workforce period, I didn't feel any shift in spend meaning let's lower it although in this environment. Obviously people are looking at discretionary costs.
And cutting them, if they can but I did not see security as discretionary they'd seen as important.
So question number one how do you defend the remote employee period.
And what do you do to make sure and validate that in fact, you're running a secure infrastructure.
Great and then are you Frank just can you provide more color on a contract length in the quarters. It looks like it was.
Above your expectations I'm curious whats going on there.
Yes, it was pretty much flat it was slightly up year over year, but we did have a five year 5 billion dollar deal in the quarter that you have you pulled that deal specifically out contract like would've went down by half a month.
So you know surprisingly, we didn't see much of an impact on contract life in the quarter, but again I mean, we only had three weeks of the pandemic in the quarter. So you would expect a bigger impact on contract like going forward.
Great. Thanks.
Thank you. Our next question comes from Shaw you with Oppenheimer. Your line is open.
Thank you hi, good afternoon getting them.
I had a quick question Kevin.
When looking at Fireeyes portfolio.
What do you have more non discretionary products services solutions and Conversely, what is more discretionary out from the Cecil perspective.
You know almost everything we do is relatively critical and I know that sounds like boilerplate answer, but it's not when you look at our services will either responding to the houses on fire or were showing up before that to make sure. We can do an assessment of the security program to make sure you don't have a problem to worry about so I feel like on the services.
Side the demand is there when you look at our products. They were always designed to detect what other safeguards mess kind of the close the gap between legacy safeguards and what the attackers for doing so we're seeing as a pretty instrumental layer with our products to People's security programs and that's why I think you see high renewal.
Rates for us and the biggest challenge we had is going from appliance to cloud getting going from perpetual license to subscription and getting into form factors that are getting more and more common we've done that work.
Now we have to leverage it so when I think through the portfolio probably the biggest delay we had.
On things that were in flight that got delayed where on training education. We do a couple of hundred classes year for security professionals, and we had the sort out in a short period of time, how do we take that training and still connect with remote folks, but we're starting to see that's been backed out now and I think as.
Organizations recognize that we're all going to be working in a remote setting for an indeterminant length of time, and we have to figure out how to allow things like training to happen in remote environments, but I have everything we did the only thing to hit by Das with delays was the training.
Understood. Thank you so much what its honor and if I may.
Back or Kevin.
No month of April it's coming to an end a very shortly can you talk to us what you've been seen so far and maybe just to what about eight.
What do we stand right now thank you so much.
Yes, so far cell and the month of April were actually a little bit ahead of linearity pump typically where we are in month one of a quarter.
So I think you know so far.
All signs that very positive which.
Lot of confidence going into the into the the remainder of the quarter.
Thank you next question.
Our next question comes from 15 number one with yes. Your line is open.
Thanks for taking the questions Kevin I'll start with you I just with respect to Mandy and appreciate the color you gave around the ability of the the mandiant professionals to remotely troubleshoot Astra pain points, and particularly those verticals that continue to be besieged cyber attacks on.
I'm wondering if you can kind of talk us through how the onboarding of additional capacity is going to play out over the course of a year and to what extent are you having to backlog engagements because the billable hours and doble rates are at capacity and then have a follow up for Frank.
Yeah. So so we feel like we're we're operating full bore so the onboarding I think to answer your questions reverse order now let me answer them the right order when it comes to working remotely we started designing our endpoint in 2005 to do exactly this sand expertise in second and as you adopt our endpoint if anything happens, we always want to be that.
Unbiased third party that can reach in an investigator sorted out for you. So we've always had the ability to do critical services from remote locations.
So that's not new so when we had to go remote and reality, we've already been doing it that way we can put people on Boeing 737th every time, there's a breach imply menu on the time to do that you can't travel there softer can travel there in 30 minutes or less get installed and we're executing.
Our expertise remotely in regards to Onboarding I know my way of doing it.
They show up we train them, a little bit, but theres no better job than on the job training. So the reality is people that we hire we've always gotten them busy fast I mean, that's just what you do and consulting we do have training we do have.
Mentor ship, but the Onboarding of consultants really means you get repetitions, you get repetitions as soon as you hit the ground and for team and just to add to that we had been.
Gross growing the the global consulting or for the last couple of years and so we've had plenty of folks that have come aboard and remote locations that have gone through our remote training program. So that really wasn't that much of a challenge to get those folks up to speed.
Yes.
Have you.
Go ahead, sorry go ahead Kevin.
And Oh.
It's Frank Sir.
[laughter], Okay. France's I have you just digging into the outlook assumptions.
Both from a revenue in Opex perspective, So Oh no revenue Frank.
Are you expecting any changes from a renewal standpoint or rate of decline in appliances, and then on the cost Frank.
You know given the restructuring Im wondering where the magnitude of change here. It's so much darker than the revenue being rebased slower and that's it for me. Thank you so much.
Yes, so from a revenue perspective.
Obviously, we brought down the revenue number for the full year and we've expanded the range.
We've done that across all categories, assuming that business would see an impact across various areas to date, we haven't seen much of an impact obviously.
We delivered on our Q1 numbers, but.
Yeah. The Q2 guidance shows that we are expecting or we have or at least taking.
Conservative view on what could happen in the quarter and so we are accounting for less appliance sales. We are accounting for assuming that there are going to be some service offerings that folks will want on site and may delay until we get to a point, where we can deliver that on site. So we've taken that into consideration from an opex stamp.
Point.
Most of the restructuring actions have happened towards the tail.
Ill hand and of the quarters and so yes, there will be.
Most of the positive impact to that will happen in the back half of the year.
Obviously, depending on what travels like for the remainder of the here, Yes, we may actually have additional savings there if we wind up in sheltered in place for a longer period of time.
Very helpful. Thank you.
Our next question comes from Sterling Auty with Jpmorgan. Your line is open.
Hi, guys. This is Matt on for Sterling, Thanks for and thanks for taking the question. Yeah. I know you guys talked about this quarter kind of some of the segments that benefited.
Or not benefited but had some increased interest from the current situation going forwards, which parts of your business. Do you think are gonna be negatively impacted from the current situation and which ones. You think are going to have more of a positive impact. Thanks.
Yeah, Matt I.
Obviously, we're not that far into this process. So it's very difficult to see.
Forecasts exactly which products are going to do better our early signs is.
Renewal rates seem to be doing a little bit better.
Yes, appliance sales, probably little bit worse, and then from a service offerings, we've been able because we've had a lot of backlog and because we've got.
A lot of demand there, we've been able to keep utilization and chargeability up high but at some point if things don't change we would expect some impact there.
Well.
Gotcha, great that obviously aren't mild products, probably are positioned better or kind of remote install remote work environments, our cloud endpoint cloud email.
Understood. Thanks, and then one quick follow up in terms of the Mandiant services component is there any type of I know you're talking about the implementation, but is there any type of situation that you wouldn't be able to perform in the current and the current environment.
Yeah. This is Kevin speak I mean, Theres always times, where it's better to be in a room you know whenever there is an incident right. When we started doing the remote work you often wondered for many companies you started war room, everybody crowds into warn you get to read verbal and non verbal communication.
So you got to do business, a little bit definitely but our folks are very used to remote collection of information remote forensics remote analysis remote counseling and discussion on remedial steps.
But what you lose is that.
Customers, sometimes one in the war room, and and by the way the customer doesn't have that with their own people now. So it's just a different environment. So you lose a little bit of the connectedness.
When you had some incidents that earn a sprint in regards to.
The security assessments.
Theres, probably you know, we're probably communicating at a 90% effectiveness rate not 100% just because we're all remote and doing things in different way, sometimes it's easier to get onsite meet the 20 to 50 folks that you need me and go through here is all the things that would make your security program more effective so that's a long winded way of saying that.
Communications are different today than what they used to be and that for some folks.
They map the changer communication start to be more effective than Mount we have seen people leverage our intel offering at our expertise on demand a little bit more as well. So I'd say I do think people are are utilizing our internal expertise to augment their internal teams.
Great. Thank you so much guys that's very helpful.
Thank you. Our next question comes from Rob Owens with Piper Sandler Your line is open.
Yes. Good afternoon, guys. The building amount for Sterling's question earlier around managing curious just about billable hours.
How the bill rate seven how it changes on Prem two remotes and you've got this large portfolio of pneumonia and services you talked about so you should have leverage then I guess so is there a near term when you move kind of two remote work for these guys, but you hope to make that up from the just on the simple standpoint, they might be able to protect.
Compete more offer more services to an end customer yeah. So couple of thoughts there. Let me just piece of a so I've read some of the analysis from folks, saying Oh services has been hit and it's been hit negatively our rates haven't changed one bed.
Five years ago. When there was an incident, we did exactly what we're doing today, then which we'd send software beyond the phone, we'd we'd start communicating with the customer and we'd start sending our expertise and responding from a remote location. So for US. This is almost business as usual, we where we're actually almost too busy to send people in.
In travel hours, that's how busy we are so no change in the rates right now Rob we haven't even seen compression in them at all or even a debate about it.
So I feel comfortable there and then for US I think that the the customer or prospects behavior has changed because they will work for US now that's remote and their security forces remote.
But I think we're doing a lot of business as usual for us quite so I don't feel like it's changed too much.
Great and then second if I may just an update on the guarding acquisition the rebranding kind of how the acceptances and buy in customers and it's yes proving to be a tip into spear for Fireeyes solutions or is it more of that different consulting validation of pre existing infrastructure sale yeah. So.
It came down to working with Chris key the founder varied and where he believed and probably rightfully. So fireeye as a controls business. When you think about endpoint network email in the cloud Sim Mandiant was always seemed a little more agnostic controls agnostic when you do validation as a business you want to have.
You want to be the honest broker in the Mandiant brand was seen as more the honest broker in regards that a non controls business brand.
And if you look at varied and does it measures security effectiveness, we want to be honest broker not game. It when you run varied and you get unvarnished truth, whether you stop or detect attacks and the Mandiant brand has kinda survive.
For whatever reason, it's still here, it's still with us and its and its more agnostic to just what are the right damn answers right now to secure your network and so it's more fitting and go to market for a validation story. So so varied and is now mandiant validation.
Alright, thank you.
Thank you. Our next question comes from parents teachers with JP Morgan JMP. Your line is okay.
Yes, thanks for taking the question.
First off.
Can you talk a little bit about vertical markets.
Are you pretty well insulated from some of the key markets that have been hit like hospitality or or travel.
And then could you talk a little bit about.
[noise], whether your products seed into remote access infrastructure, you, particularly securing remote access at all or are these these products largely separate from the build out of lot of remote access infrastructure. This last quarter.
Got it so I got so that's two questions Kevin speaking I'm regards to the different verticals to leave or not we did business is basically every single vertical last quarter to include some that are significantly impacted like the airline industry. So I think at that point.
It's more about the payment terms, where you'll see the industries that are more impacted or probably.
Good and tried to negotiate different payment terms than those that are less impact and Frank can probably speak to that in regards to most remote access infrastructure. We have an assessment that our consultants do on remote access where we task People's remote access does everybody really need two factor authentication does it is it actually in practice.
So we do that and then in regards to our solutions, we have a a partnership with a company called eyeballs, which is a cloud SaaS network security.
Really it's you know you download their endpoint in all of your traffic would be going through our detection capabilities. So that's a powerful partnership that.
To me is how you get.
Really shields up on a remote workforce is a nice I boss plus fireeye detection.
[music].
Kind of combination there and then a third way as endpoint endpoints guard endpoints. So bottom line as yes on the remote access and what this is a word about we've been doing those test for years.
And then and then let me ask one last one.
Just on the shift to towards Stuart remote workforce.
How long do you think we have to.
To benefit from the effort to secure that change we still very early in terms of where csos are from the way they're looking at this shift to build out their remote workforce.
I think it'll come in waves and I think for one enterprises and assessed as I know there already well into it already you're not ever done that's a funny thing about security people think we did three things wash. Your hand done you have to do a lot of rinse repeat and test, but I think that it's happening fast it needs to happen fast and it.
Will be the new normal by the ended the year.
Either they are folks that.
Whatever reason nobody knows what's going to happen after the pandemic might flatten a curve as they say and I'm no expert, but behaviors are going to change for a long time right now and the question is does that mean, one third of the workforce stays remote two thirds three quarters nobody knows.
But the change happened so abruptly.
In cyber security so important I think it's I think the Matt vast majority of this is going to happen this year.
Very good thank you.
Thank you. Our next question comes from like our topic, that's with Stifel. Your line is open.
Hi, This is actually Christy Roes on for Gore for Kevin.
Given finalize unique viewpoint into the threat landscape how is it that environment evolves. Since covance are you seeing and any sort of uptick in nation state sponsored activity.
Oh, I can tell you and I kind of mentioned that.
We're seeing a lot of incidents right now were exceptionally busy and I'll tell you calls are coming in daily to help companies deal with it but I don't know if I can tie it to co bid or just tie it to you know things such as I'll give you. One example, that's created a problem when I was responding to breaches and someone Hampton Inn extorted you the.
Person that hacked, you and extorted you as the exact same person and they were probably graded hacking you, but not very good at extorting you. So you'd pay $5000 problem solved somewhere in 2018 2019, we started seeing the separation of duty, where you have folks that break and because that's what they're good at and lender handing their access and breaking.
To practice.
Thanks folks that are criminals that connects store. So we're just seeing more ransomware cases, those things are very disruptive the business and you combine the separation of duty between hacking and extorting with anonymous digital currency and you've got a hell of a perfect storm to monetize breaches far easier than the olden days of steel.
When credit card data and fraudulent any buying things.
So we're just seeing an uptick because you can make more money breaking in now than ever before the nation state stuffs. Your here to stay clandestine operations espionage, it's done on mine now.
So that that's just kinda always have a steady escalating hom, but the amount of money folks are making now.
I I just feel like the financial crimes are escalating as well.
That makes a ton of sense and one more for Kevin If I may how should we think about the current appetite for security validation and how has it been impacted by totally driven disruption across the enterprise yeah.
Yeah My read on the first quarter is in 90 days like you know I can't tell I feel like we're still tracking for the year, but it's early on but there's two different audiences for validation. There's the technologist and then there's this says so and above and my angle on it is it matters more to CEO and Cisco can the attack summary.
Adding about work on my network do we have an infrastructure of technology and processes and people that are are ready yet to withstand the attacks that are most relevant organization. So you're going to see us do tweaks or I think we're going to pivot our go to market more towards the senior staff not the junior staff and I think in the past.
People saw varied and as a technical fight it out at Baird and as part of Fireeye and they're working side by side with Mandiant expertise I believe we need to bring it to market in a managed way similar to rapidseven similar to qualify <unk>.
<unk> I don't want to run a damn vulnerability scanner every day, but I would like to get the output from somebody else from time to time in and I think that varied and gives us a great platform for that so stay tuned we're pivoting that it's a technology combined wanting enterprises will and they'll run it themselves it will put their own Intel in it and I will share indicators.
And now they'll do those sorts of things in addition to that though we want to be able to.
Ron validation and I think the to value into validation is twofold. It's not just binary yes. These attacks worker know they don't.
I think the more important aspect of it is tracking the remedial steps that organizations will take and that to me will require our expertise working with customers expertise. So I see it as a I'm excited about what I'm, calling validation as a service.
We have created packages to do that.
And then I think I'd rather have.
If you buy the technology, that's great and you can have people running it at your company you get people in putting stuff.
It's also great is the folks that responding to over 700 incidents a year in putting a bunch of data into that system as well so.
Bottom line, that's a long winded way of saying I feel we're on track I'm excited about the validation space I think when define it and we're going to grow.
Great. Thanks, guys.
Okay.
Thank you. Our next question comes from Melissa Frank Morgan Stanley. Your line is open.
Hey, guys, some hamzah and for Melissa. Thank you for taking my question just a couple of quick ones from me. So I know, it's early days, but as you look at sort of the path by the six weeks or so what are you seeing in terms of buying behavior as it relates to existing customer expansion and new.
Customer adds and as you look out the rest of the year in your guidance.
What is the assumption around.
Net retention.
Yeah, I'll just as first and then Frank will probably say exactly what I say because on almost every day or two I'm like Frank what are we seeing what are the patterns and right now it's almost like theres not a pattern other than.
Well sell less on Prem gear, and we feel that there might be a rise in renewal rates, meaning people that have already spent for something are more inclined to renew it and that may mean that theres less inclination in buying patterns to buy something new so.
That being said, we added more customers this year than last year, and we add more of an uptick on net new logos and their spend this year than last year. So I.
I asked Frank everyday what are we seeing and we're not seeing a pattern other than that what I, just said renewals seem to be going up and rate and on Prem gears, probably going to go down yeah, and I think as we get through the second quarter. Obviously, we'll we'll have a lot better visibility into that by product and but as we look throughout the.
The remainder of the year, we've taken a very conservative approach to assuming that renewal rates are much more closer to historic norms rather than go up. We've also assume that appliance sales would go down more than we expected because of covert 19 and that we'd also see more challenges on.
On some of the newer products and some of the services.
Hopefully none of that stuff will come to fruition and we'll be in a much better spot, but you know given the uncertainty we weren't can take chances on our guidance on any of those items.
That's really helpful. Just one more quick one are you seeing any supply chain constraint constraints around that the appliance business at all.
We're not you know we did if you've looked at our balance sheet, we did increase our inventory a little bit over the year over year and that was really just to make sure that if there was any challenges going forward that we'd have a little bit more supply, but so far our contract manufacturer is operating at full capacity.
In a component parts are we have multiple suppliers there and so we haven't really seen any challenges there.
Thank you very much.
Thank you. Our next question comes from Keith Bachman with Bank of Montreal. Your line is open.
Hi, Thank you my question relates to.
This one.
Wondering if you could just talk about your views on product revenues and what I mean by that the context as at the analyst day. He had laid out scenario whereby product revenues were be expect expected to flatten out overtime.
Obviously, the coal would buyer it has disrupted that but is there any camteks you could give a about what you think product grabs impact maybe this year and then be more importantly.
As we come out of coal, but is it you're still your expectation that product revenues flat now.
Or do you think investors should assume.
Some ongoing declines with product revenues and that's it for me. Thank you.
I think what we talked about previously at Analyst day was the fact that the the year over year decline in the amortization of product revenue was going to.
That rate of decline was going to flatten out as we got into late 2020.
Yeah, we still expect that you know, it's going to be more focused on.
Yeah, the adding new appliance sales to the waterfall schedule your expectation right now will be there will be probably less appliance sales than we originally expected.
So, we'll see a little bit of bigger impact on the product revenues due to co bid, but longer term, we've talked about we expect more and more business to move to virtual and cloud and so the pure appliance product revenue continue to decline over time.
Over time, we just think the rate of decline will flatten out a little bit.
Okay Thats it from me thank you.
Thank you. Our next question comes from Gregg Moskowitz with Mizuho. Your line is open.
Okay. Thank you very much good afternoon, guys. Just a couple of from me, Kevin you alluded to more flexible pricing and if I think back you had already introduced subscription based pricing across network endpoint, an email quite some time ago set up.
Other than introducing shorter duration options like you have format is and I would just wondering if there was something else here that is actually.
Yeah, I think over time, you know and this is something you know I've done with our product marketing folks you you look out three to five years.
We really nice to download software running when you need it pay for as much as you need at that time the consumption based pricing, we're not there yet we don't need to do it now frankly, probably cringing as I talk to you about this but I've always defined six qualities to security as a service in one of them was always just consumption based pricing elastic.
Pricing.
You see a ws doing it you see cloud based companies sort of doing it and I just want to be ready for that I want to have a back office, where folks may need to do shields up you years ago. There was a specific event and you think of a major sporting event or you think of a major.
Entertainment event, where people just want to do shields up and I'd love to be able to tell the CEO have your tech guy to grab this upload it and will charge for you as you go.
Per user pricing is something we have now, but I want consumption based true Hsas and one day.
So we'll have it and we'll have the at least the means to do it should we choose to do it.
And that's what I mean by that at the right now we built a back office that has a skew for everything it's an appliance shipping back office.
And that's how we transact and I think we can do better than that we can transact.
In a way that is more flexible for our customers, where we can provision.
Ed faster, we can have a licensing scheme, that's not an appliance based licensing scheme.
And we can get people up and running in minutes from when they purchase from us. So that's what I mean by that and I won't boy, what the besides that I routinely show internal and Fireeye and I'll be showing them again tomorrow at our all hands on here's the six criteria to be genuine SAS, we got a lot of it but we got a few more steps to do.
[music].
Okay. That's really helpful. It makes a lot of fans and then just as a follow up.
Frank you talked about a $10 million to $15 million negative feelings that impacting Q1 from cover 19.
Kevin I think you said the only delays that that hit your desk, we're training related and so I wanted to clarify that you're not saying the 10 to 15 million dollar impact is mostly or entirely tied to lower training that it would seem to be really high I would've thought there probably would have been a component or two on the on the product yeah, yeah yeah.
Yeah and to be clear I was talking about delays for deals are already closed were in relation to services.
All close deals most of it moved forward, but on training I knew that there were delays, where we had to cancel classes move mouth, because we weren't sure Howard performance. So yeah, Greg that was really more of an impact on revenue but.
Because of the amount of backlog, we had and the demand we didnt see much of an impact on revenue on the 10 to 15 million in dollar impact on billings I think those are just feels that we would have normally got through the normal gauntlett, but because customers purchasing departments. Yes. It was all of a sudden or in a remote spot we.
Definitely saw some delays we saw some countries that we actually could not even ship too because the co bid and so there were some deals that just kind of pushed out a couple of weeks.
Kim in into April already but did have impact on things that we would have seen the last week at March.
And frankly that your view that all of these as far as you can tell our delays were deferrals as opposed to anything that would be a cancellation.
Yeah, and none of those were lost deals there were strictly they just didnt get through the customers procurement cycle in time for us to ship.
And deliver by 331.
Okay perfect. Thank you.
Lets time for one more question please.
Our last question is from Saket Kalia with Barclays. Your line is open.
Hey, guys. Thanks for taking my question here I'll keep it to one.
Maybe maybe for you Kevin if it's really high level, one, but I guess as you spend time with your sales leaders. What are you hearing about the growth in sort of quality of the pipeline.
Well you know.
The reason I'm pausing on that is mostly the time when I look at pipeline I'm not looking at all of that I'm looking at very specific things and how it's doing because I'm trying to shift this more to cloud shift this more to.
The services that are relevant.
And that pipeline is growing I inspected the a validation pipeline yesterday.
And I like what I see so.
Yeah, I can't speak of the pipe in its entirety.
But in regards validation in emerging products I feel very good about it.
Yes, overall pipe socket year over year, Yes, I was very strong I think.
As Kevin mentioned, it's more of a difference in mix, although like I said, though the appliance component, obviously is lower year over year, but the cloud stuff and the validation is up.
Makes sense thanks, guys.
Thank you and now let's turn the call back over to Kevin Mandia for closing remarks.
I want to thank everybody for joining us today. Thank you for your interest in fire I look forward to speaking to all of you in 90 days until then stay safe and healthy. Thank you very much.
Ladies and gentlemen, this concludes today's conference call. Thank you for participating you may now disconnect.
[music].