Q4 2020 FireEye Inc Earnings Call
Ladies and gentlemen, thank you for standing by and welcome to the Fireeye I queue for 'twenty and 'twenty financial results Conference call. At this time, all participants are in a listen only line.
So to speak of presentation, there would be of question and answer session. I ask a question. During this session you will need to press star one on your telephone.
For a quiet any further assistance. Please press star Zero I would now like to turn the conference of your speaker of today, Kate Patterson with Fireeye I Investor Relations. Please go ahead ma'am.
Thank you good afternoon, and thanks to everyone on the call for joining us today to discuss Fireeye its financial results for the fourth quarter of 2020 and the full year 2020. This call is being broadcast live over the Internet and can be accessed on the Investor Relations section of Fireeye website at investors that Fireeye Dot Com with me on today's call are Kevin Mandy.
Fireeye as Chief Executive Officer, and frankly out of kind of executive Vice President Chief Financial Officer, and Chief Accounting Officer of Fireeye.
After the market close today Fireeye issued a press release announcing the results for the fourth quarter of 2020 and the full year 2020 before we begin let me remind you that fireeye as management will make forward looking statements. During the course of this call, including statements relating to fireeye guidance and expectations for certain financial results and metrics Fireeye as priorities.
Initiatives plans and investments drivers and expectations for growth and business transformation, the expansion of Fireeye product subscriptions and services and expectations benefits capabilities and availability of new and enhanced offerings market opportunities and go to market strategy.
Forward looking statements involve a number of risks and uncertainties some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. These forward looking statements of Phi as of today and you should not rely on them as representing our views in the future and we undertake no obligation to update these statements after the call for a detailed.
<unk> net of the risks and uncertainties. Please refer to our SEC filings as well as our earnings release posted an hour ago copies of these documents may be obtained from the SEC or by visiting the Investor Relations section of our website.
Additionally, we provide certain non-GAAP financial measures that will be discussed on this call. We have provided reconciliations on these non-GAAP financial measures for the most directly comparable GAAP financial measures in the Investor Relations section of the website as well as in the earnings release finally, I'd like to point out that we've posted supplemental tables and slides in the Investor Relations Sir.
On the website with that I'll turn the call over to Kevin.
Thank you Kate and thank you to all of the investors employees customers and partners joining us on this call. We appreciate your continued interest and support.
The last few months, who are of pivotal time in the cyber security industry. During the fourth quarter Fireeye discovered of supply chain compromised by detecting of malicious back door and the solar ones platform.
Further investigation showed that of threat actor had successfully implanted a backdoor, which we labeled sunburst and over 18000 companies and organizations. These 18000 victims included several government agencies in the original implant was delivered as far back as March of 'twenty 'twenty no.
No security product their security team detected it until Fireeye didn't December exposing of cyber espionage campaign of significant scale and impact once we discovered the Solomons implant we quickly built the capability to detect it with their products, thereby protecting customers and demonstrating the power of our innovation cycle.
We also shared all the details of the <unk> implant and the attacker techniques publicly providing the security community knowledge required top of our collective game.
This incident demonstrates the strategic importance of our mandaean incident responders, who routinely identify how attackers are waiting security safeguards, providing fireeye knowledge about the attacker behavior before other organizations are even aware of the threats I'm proud of the Fireeye team on the mandate of investigators who found the sunburst backdoor.
Not only for what this meant to our company, but for the impact. This had on the security community now, let me turn to financial and business highlights.
We posted record revenue record annualized recurring revenue record non-GAAP operating income and record cash flow for both the fourth quarter and the full year of 2020.
We returned to billings growth in the fourth quarter exiting the year with double digit billings growth for the first time in over a year more importantly, approximately two thirds of our billings are now in our higher growth areas, we reduced operating expenses as a percentage of revenues, while accelerating our investments in strategic solutions.
Operating expenses were over 100% as a percentage of revenues when I became Fireeye CEO in 2016 today, our operating expense for 2020 was 63% of revenues spending $74 million less in operating expenses in 2020, and generating 234 million more dollar.
And revenue compared to 2016.
We had very strong results in Mandan threat intelligence and security validation two areas. We believe are essential differentiators for growth and we continued to post record results in our Mandaean services business as we expanded our proactive offerings, while responding to more security breaches and ever we closed 60 for trans.
Actions greater than $1 million in the fourth quarter, and 158 transactions greater than 1 million for the year.
85% of these million dollar transactions included three or more products for solutions.
And last but perhaps most importantly, we continued our positive mix shift to our cloud platform managed services and professional services categories are our for our cloud category is 53% of our total E. R and grew 20% year over year revenues for our cloud category and our services category combined.
<unk> represented 55 per cent of our revenues in 2020, the faster growing areas of our company now comprise two thirds of our billings and more than half of our earned revenues, creating more of a tailwind for our performance in 2021.
I believe these results illustrate the work we have done to transform our company from an E. P. T detection of appliance vendor two of security as a service vendor.
2020, we accelerated our investments into growth areas of our business, while improving our overall financial performance and reorganized into two functional areas. Our fireeye products. The control technologies to best protect our customers from cyber attacks and Mandeans solutions product agnostic offerings that can and.
Table and empower all security technologies to best leverage our frontline intelligence and security expertise I believe this organizational alignment was critical to our success in the past year and I will take you through the highlights of our progress in each area.
First I'd like to discuss the progress we have made with our Mandaean solutions. In addition to our consulting practice. This organization include several subscription offerings threat intelligence security validation managed defense and now respond software, we're bringing all of these subscription offerings together as a SaaS platform for.
Security operations that we call Mandeans advantage.
In the wake of the soul of the ones incident, now more than ever our customers wants situational awareness rather than just an ever expanding aggregate of alerts and data. We are providing this awareness with many of the advantage. We believe the combination of our proprietary intelligence data on expertise gives us a unique advantage to train machine.
Learning models used to automate security operations to this end in October we launched our first mandaean advantaged platform module threat intelligence. This mannaean advantage release enables customers to rapidly operationalize of threat intelligence as well as open source of intelligence into our customers' security operations.
Flow, we are nearly complete and migrating all of our existing intelligence customers demanding of advantage and we have built a strong pipeline of new customers through our free offering that we believe will drive strong growth in 2021.
Over the course of 'twenty 'twenty, one we will also integrate our validation offering into mandate advantage of validation module will allow our customers to pivot from learning about of threat do testing their resilience to a threat.
It is clear that customers need a solution that will measure and report on security effectiveness. So they can both refine their security infrastructure to ensure they are protected from attacks and prioritize their security spending I believe that has wide validation was the fastest growing solution in our portfolio in 2020.
The third module that will be added to the mandaean advantaged platform comes from our acquisition of the respond Xdr software responds artificial intelligence and machine learning capabilities will allow organizations to leverage our Intel on expertise to respond to security alerts at machine speed. This allows security teams to address the two big.
The challenges facing organizations today, the critical lack of cyber security talent and the growing volume of data generated by digital transformation.
Where customers lack the scale of their teams and resources. We will offer managed versions of all of these capabilities and of channel friendly offering and.
And as I alluded earlier demand for our Mandaean services continued to increase for primarily two reasons first to address the escalation of cyber attacks and second because we introduced new strategic services, including New security assessments focused on remote workforce cloud security and ransomware.
As a result, our mandaean services organization had another record quarter in the fourth quarter, the 11th record quarter in a row and another record year revenue was up 20% in 2020 and exceeded 200 million for the first time and as we enter 2021, we have more than $1 million and services deferred revenue.
100 million excuse me and services deferred revenue representing future work, we will deliver in 2021.
While our mandate solutions, our controls agnostic they work hand in hand, with Fireeye products to relentlessly protect our customers our innovation cycle ensures our products are updated with the latest intelligence from the front lines.
The trends, we have seen in fireeye products of the past few quarters continued in the fourth quarter, our cloud endpoint and helix posted continued strong results in the fourth quarter and our network security product also had a strong quarter.
We continue to offer best of breed detection and drive integration and innovation across our entire product portfolio.
This was validated by two first place awards in the Naval Information Warfare Systems Command Challenge in March for our endpoint security solution and in December for network security with Smart vision.
Entering 2021 organizations are facing an ever increasing barrage of cyber attacks that threaten our operations every day, our position on the Frontlines of security and the quality of our intelligence represent of sustainable advantage for Fireeye. We are leveraging this advantage in our security control products to deliver best of breed.
<unk>.
But we are focused on going beyond our controls technology and addressing the challenges of today's security operations by providing the mandaean advantaged platform first.
Make it easy to operationalize of threatens telegent.
To enable alert triage at machine speed through AI and machine learning technologies. So 100% of alerts are processed and high risk indicators are prioritized for human analysis third to empower customers to measure manage and communicate their security effectiveness and proactive.
We test their resilience against the latest attacks and lastly, just scale or expertise through technology, making it available on demand as a managed service or through professional services engagements, depending on our customers' needs.
To support our growth initiatives I am pleased to announce that Bryan Palmer has joined Fireeye to lead our Fireeye products organization.
Brian is an industry veteran who has led multiple software transformation towards SaaS and recurring revenue.
I'm looking forward to partnering with Brian to accelerate our product innovation.
Bill Robbins, who has managed our fireeye products for the past year, we will continue to lead our go to market organization, including sales and marketing programs.
We are also aligning our mandaean advantaged platform under the leadership of our COO Peter Bailey to ensure we have the appropriate focus and execution on this priority.
I am confident 2021 will be a year of Fireeye continues to differentiate by showing our customers. The Fireeye line of defense is the best line of defense.
Now I'd like to thank our Fireeye employees for a tremendous fourth quarter I'm very proud of our Fireeye mandaean teams. How it came together to investigate the solar wind cyber espionage incident identify the source of the attack and update our products with countermeasures.
Of sat through hundreds if not thousands of investigate of briefings and I was never more impressed than during our own teams briefing of the details of the sunburst implants, I believe we and the global security community are stronger today than before and Fireeye will continue to do its part to ensure we are all informed of protected.
Again similar of emerging threats.
With that I'll turn the call over to Frank for more details on our financial performance.
And our outlook for 2021, Frank Thanks, Kevin and Hello to everyone on the call. Thank you for joining US today before we move on to the details of our Q4 and full year 2020 results and our guidance for Q1 and full year 2021.
Let me remind you that I'll be referring to non-GAAP metrics, except for revenue and operating cash flow.
Our non-GAAP measures exclude stock based compensation amortization of intangibles non.
Noncash interest expense on our convertible debt and convertible preferred equity restructuring charges and other nonrecurring items.
Consistent with the strength, we have seen building throughout the year, we had a great finish to 2020.
Our results were especially strong in the strategic platform cloud subscription and managed services category, which had Q for year over year billings growth of 36%.
We see this momentum carrying forward into 2021, which is reflected in our revenue guidance with a midpoint of $1 billion, which is a milestone very few companies ever reach.
Turning to our Q4 results, we overachieve on almost all financial and operating metrics.
We delivered record revenue of $248 million, well above our guidance range of $237 million to $241 million.
We generated record non-GAAP operating income of more than $30 million.
We also generated more than 71 million in operating cash flow and 67 million of free cash flow.
And total annualized recurring revenue increased 4% sequentially and 8% year over year as growth in platform cloud subscription and managed services or our accelerated in <unk> for a mature on premise solutions stabilized.
We remain focused on annualized recurring revenue and revenue is the most important indicators of our top line performance.
The AAR metric provides insight into the expansion of our installed base on the recurring subscriptions without regard to changes in average contract length, the timing of early renewals or hardware refresh cycles.
As we've seen any one or all of these factors can cause volatility in the year over year growth rates for billings, especially within the breakout categories.
We know many of you still look at billings of the leading indicator and I'm pleased to report that we achieved the highest billings quarter ever and the strongest quarterly billings growth we've had in more than a year.
Total billings grew 12% year over year led.
Led by 36% year over year growth on the platform cloud subscription and managed services category.
The weighted average contract length for recurring subscription was about 25 months, which is in the same range of 23 of 27 months, we have seen over the past three years.
Our <unk> and revenue performance clearly show the underlying momentum driving our strategic mandate solutions forward.
<unk> for the platform cloud subscription and managed services category, Inc.
<unk> increased 20% from a year ago, and 8% sequentially to $340 million.
This category now represents 53% of total <unk> up from 48% in Q4 of 19 and 39% in Q4 of <unk>.
Within this category Viridin cloud endpoint and threat intelligence all of that standout performances.
The AOR for managed defense also expanded on strong new customer and follow on bookings and expanded managed service offerings.
Revenue growth for platform cloud subscription of managed services category mirrored AOR growth at 20% year over year.
Professional services also posted a very strong quarter with revenues up 15% year over year to a record $58 million.
Very little of our Q4 services revenue was related to the sunburst incident as we were already operating near capacity when we discovered the breach.
We did see an increase in customer demand for our expertise of details of the incident unfolded.
This was a contributor to the growth of our current deferred revenue for services, which increased $21 million sequentially to $110 million.
The services represented by this increase in deferred revenue include strategic security assessments security transformation projects incident response, retainers red teaming and expertise on demand most of which will be delivered in 2021.
Turning to a more mature product and related subscription business, we continued to see stabilization in the fourth quarter.
There are for product and related subscription category, which represent subscriptions to our dynamic threat intelligence feeds as well as maintenance and support for our on premise solutions was flat sequentially and declined 3% year over year.
The year over year decline in our on premise of ore was more than offset by the growth in the cloud based product IRR.
Best of the cloud based endpoint.
Of course across all form factors product <unk> increase year over year and sequentially.
Revenue for the product and related subscription and support declined 8% year over year, reflecting lower current deferred revenue balances as appliances sold in prior years are fully amortized under 606.
Appliance sales from 2015, and 2016 are now fully amortized and we should see this headwind begin to moderate in 2021.
Our strong revenue performance resulted in a gross profit margin of 72%.
<unk> to the top end of our guidance at 71%.
Gross margin was down slightly from a year ago, primarily due to a higher mix of services 23 per cent of revenue this year versus 21 per cent of revenue a year ago.
While services carry a lower gross margin they require less sales and marketing expense.
The strong growth in services in Q4 and throughout 2020 was a positive factor in driving the increase in operating profit this year.
Overall operating expenses declined about $8 million from the fourth quarter of 2019, reflecting the cost reductions from the transformation work. We did in the first half of 2020 on lower <unk> and facilities costs.
The cost reductions achieved through transformation and lower expenses from Covid were partially offset by higher commissions on higher sales. The addition of the response.
Operating expenses and investments in the strategic growth areas of the business.
The combination of higher than expected revenue and reduced operating expense levels.
Resulted in a record operating margin of 12% above our guidance range of 10% to 11%.
Earnings per share was <unk> 12 also above our guidance range.
The weighted average fully diluted share count includes $4 2 million shares issued to respond stockholders weighted for the time they were outstanding.
Turning to the cash flow on balance sheet with billings growth in the double digits and a record low dsos of 46 days, we generated record cash flow from operations of $71 million.
For the year, we generated $95 million on operating cash flow.
With most of our facilities still close worldwide as well as the purchase of fewer demo of appliances as we continue to shift towards cloud based solutions. Our capital expenditures were $4 1 million, resulting in a record free cash flow in the fourth quarter of $67 million.
Our balance sheet remains very healthy and we ended the year with cash cash equivalents and short term investments of $1 3 billion.
The increase reflects our strong cash flow performance in the fourth quarter, and the Blackstone and clear Sky investment of approximately 400 million per.
Partially offset by the cash paid for the respond acquisition.
Now, let's turn to our current outlook for the first quarter and full year 2021.
For Q1, we currently expect revenue in the range of $235 million to $238 million.
This is down at the midpoint from Q4 of 'twenty and reflects our typical seasonal revenue pattern.
For the product and related and platform cloud subscription of managed services categories. We expect year over year revenue growth growth rates consistent with Q4 for.
For services, we expect revenue to be approximately equal to services revenue in Q4.
On the capacity increases related to hiring are offset by fewer billable days in Q1 compared to Q4.
We expect gross margin of between 70% and 71% consists.
Consistent with Q1 of 'twenty.
We expect operating margin of between six five and seven 5%, implying a sequential increase in operating expenses of about $6 million at the midpoint.
The increase reflects the normal increase in employee related costs in Q1 as of.
And as well as a full quarter of respond operating expenses.
Using a fully diluted weighted average share count of $238 million, we expect fully diluted earnings share per share of between five and seven.
For 'twenty and 'twenty, one we expect revenue of approximately $1 billion at the midpoint representing growth of approximately 6% for the year.
We expect that revenue growth rate will increase by about one point each quarter as the momentum momentum we see in the sales of our platform cloud subscription and managed services category increases deferred revenue.
<unk>.
We expect gross margin of between 75% and 71, 5% because.
Constant with our results throughout 2020.
We expect operating margin of 9% to 10%.
These range as a result on a non-GAAP earnings per share of 35% to 37 based on a weighted average shares outstanding of $240 million to $245 million on a diluted basis.
Embedded within our guidance are several assumptions.
Our revenue growth rate assumes billings of approximately $1 billion 1 billion following a seasonal pattern consistent with our historical results and our average contract length of approximately 24 months for subscriptions.
Our annual revenue growth rate also assumes revenue from product and related subscription and support to decline by about 10% to 11%.
Revenue growth of $20 to 25% for our platform cloud subscriptions and managed services.
We expect the growth rate for this category to increase through the year of deferred revenue balances increase consistent with a subscription model.
And we expect growth of 15% to 20% for <unk> services.
Please note that while we are talking about annual growth rates for each of these categories.
The year over year growth rates for both billings and billings and revenue can vary.
Our operating margin range assumes gradual improvement throughout the year more heavily weighted to the second half of the year.
We have assumed an increase in facilities and <unk> expenses in the second half, but at a lower overall expense level as compared to pre pandemic levels.
This offsets the reduced payroll taxes that has historically cause of opex to trend down in absolute dollars in the second half of the year.
Finally at these expense levels, we expect net operating cash flow margin of about 10% for the year.
Given the great collections performance in Q4, we entered Q1 with a lower receivables balance than we did a year ago and given the impact of Q1 seasonality on Q2 collections. We expect almost all of our operating cash flow to be generated in the second half of the year weighted to Q4.
I realize there's a lot of detail here, but to summarize we expect revenue at about 1 billion of major milestone in our evolution.
Revenue growth is increasing as the growth on a strategic platform cloud subscription and managed services category becomes a greater part of the overall mix.
We have proven our ability to execute on the topline growth, while managing our expenses and increasing operating leverage our operating margin outlook reflects a balance of investing in strategic growth initiatives.
On continued emphasis on operational efficiency.
We've made tremendous progress over the last for years.
Even with the challenges of 2020 of the cumulative effect of our competitive advantage our focus on investments and our operational discipline resulted in strong financial performance and growing momentum in our strategic growth areas of the business.
Our transfer nation is not yet complete but after a more than eight years at Fireeye I've never been more confident of the market opportunity, our competitive advantages and intelligence and expertise and on our ability to execute.
I will now turn the call back over to the operator for questions.
Thank you as a reminder to ask a question you will need to press star one on your telephone to withdraw your question press the pound key please standby, while we compile the Q&A roster.
Our first question comes from Sterling Auty with Jpmorgan. Your line is now open.
Yeah. Thanks, Hi, guys, Kevin actually just wanted to start with you to see you on the Fireeye team for finding the breach when you think about the impact of the government private companies and kind of our country as of holes.
Thank you for for.
For the whole team for finding it.
Shifting over to Ernie.
Shifting over to questions.
Can you give us a sense. So obviously you saw the big uptick in the services demand. It makes perfect sense, what have you seen in terms of any uptick in managed services.
Product follow on to two of that demand.
Yes, I can tell you our managed defense had a great quarter I can't say, it's in relation to the <unk> incident, because that happened. So late in the quarter. We went public on that December as I think we went public on the implant late on December 12.
And that was kind of late in the quarter to have any real direct impact on the quarter.
But managed defense had a great quarter and cloud endpoint is something where everybody is working from home they need to have a distributed endpoint protection I think that our services Sterling was acting at capacity prior to the Sullivan's incident and after the solar ones and so really it's hard to measure differ.
Sir when they are at capacity.
And we just continue to hire and continue to perform there.
Alright, it sounds good thank you.
Thank you.
Our next question comes from Gregg Moscowitz of Mizuho. Your line is now open.
Okay. Thank you very much for taking that question and I'd like to Echo Sterling.
Thank you.
A very heartfelt way so maybe just to double click on some first if I could Kevin a bit of a follow up to what Sterling was asking so prospectively what impact going forward do you expect to see as it relates to a your services business and then be your product business.
What I can tell you on the services side. This is the 11th straight record quarter, we mentioned that and I anticipate.
Almost every quarter, saying the same thing, but we think that services is strategically important to.
To build the mandate of advantaged platform and to make sure our products at the best detection in class. So.
What I've observed in the past is whenever we have a powerful services quarter, you do see of sea levels rise and the nice thing about services Theres not a bake off for services.
With the kind of work that we do a lot of people know us for incident response capability and they feel that's very tactical. The reality is is when you respond to breaches you don't just figure out what happened you also have to figure out what to do about it which is very strategic.
So we've done a lot of advanced work on creating strategic consulting practices, where we can take folks.
Without a breach and proactively sell taking their security programs from point, a to point B and we're seeing that grow well that when I look at the product. The one that I have is a top priority as mandate advantage, we have differentiated threat intelligence it absolutely matters.
You can speak 30, something languages, you have analysts in 'twenty something countries you respond over 1000 breaches a year you do over 500 red teams of year, we know more about how attackers break into networks and antibody and we need to get that in a scalable way to technologies. Besides just fireeye technology and that's what we're doing with.
<unk> advantage. So I think that's of great growth opportunity for US and then the cloud versions of endpoint and helix are doing very well as well so when I look at the growth drivers for 2021, its mandate advantage services will keep doing what it always does.
And we will have a great year for cloud endpoint, great year for managed defense.
And that mainly of advantage when you hear me say that think of it as our Intel and our validation combined with now the acquisition of response software because we're going to put all that together over the calendar year.
Terrific. That's very helpful. And then maybe just a quick follow up if I may.
Frank you mentioned that the 2015 and 2016 appliance lines have now been fully amortized. So do you think we're now at a position where you can perhaps grow.
Even if just very modestly the product and related <unk> from from this point of forward.
Yes, I think we've seen of stabilization on the product of related <unk> as far as growing that obviously that depends on kind of the customers' preferences for cloud versus on premise. So I think ultimately we're going to see a lot more growth on the platform cloud subscription side, but we are definitely encouraged by the fact that we have.
Had a couple of quarters of pretty strong stabilization on the product and related <unk> and so now that is not becoming a huge drag on IRR.
Alright terrific. Thank you.
Yes.
Thank you. Our next question comes from Brian Essex with Goldman Sachs. Your line is now open.
Great. Thank you. Thank you for taking the question and congratulations on the results.
Operationally and financially.
So I guess.
No.
Kevin can be brief break and break down a little bit in terms of the mandaean advantage on Indian solutions side of the platform as you rollout of incremental features and functionality like threat intelligence and response.
Alright.
How does that translate into adoption of <unk> spend by customers and is it are these are these.
The rollout is going to be.
Substantially meaningful or more kind of gradual over time and in terms of the way that the impact growth across the platform.
Well a couple of comments on this Brian first we have.
Theres different speeds of which an organization works out we have Chris key who was our Verde and CEO running the product development. There we're moving at speed, it's all cloud for the cloud and the number one requested I get when I talk to assist those is first and foremost we want to know what you guys know wouldn't it be great. If we had of mandaean expert looking at every single of alert.
We've got well you can do that with the mandate of advantage why not backstop your team weathered it experienced or inexperienced with the best threat intelligence on the planet. So that makes sense to me and then the second question, we get well how do we know if all of this stuff, we're doing works and Thats the validation component and we've lived our whole careers risk.
Bonding this year, we will do over a thousand investigations and these are firms that have bought the best technology you can buy they have great capability and great people. So why are there still breaches you have to test it with validation, putting Intel which we've already got into platform, that's done and thats modernized or Intel on.
For ing and giving people the form factor they want they know what we know virtually in real time, we use it ourselves. So we're responding to a breach right now everything we're seeing is going into the mandate advantage. So if theres anything new now our customers are aware of it at the same moment that we are and we're getting that done combining that with <unk>.
Validation, we can answer the question how good as my security and Thats. The number one metric that works in the boardroom you get unvarnished truth by doing validation. So it's it's a real integration, it's all going to be true you know login with one account all cloud based and then what I really liked about it and we tested this with the ransomware actor known as Mace we did.
Whats caught on demand validation and we got a tremendous response to that because folks who had never used our validation before in under 30 minutes can download an agent run the maze.
Attack methodologies against there.
Infrastructure and learn whether they could stop the attack or detect it or neither of those which would be a bad outcome and thats in under 30 minutes from deciding to use on demand validation to getting real value. So.
Tremendous value prop those two things will be together within the next few months and then putting respond in is fantastic because we bought them because we want software that thinks and learns and we've been on a 17 year quest. They take the mandaean analyst and automate that person through technology, We do believe and you can on.
<unk> made a lot of other things that we do when we're hired to figure out what happened and what to do about it. So we want to automate not just of detection aspect of what we do but the respond aspect of it and I believe we can do that so we bought respond and with our managed defense capability and thousands of customers we.
And the 550, many consultants we have I just think we can train it better we can feed it better security relevant data and we can automate so many of the tests that we're doing so I know that's a long winded answer Brian and probably didn't answer your question other than bringing Intel validation in the mandaean experts thinking process.
S to software is a powerful proposition that we're going to do in 2021.
Alright.
Super helpful on anything of sneaking a quick follow up any any shift in your.
M&A pipeline, given the strategic investment by Blackstone of clear Sky.
Last quarter.
We did that to get absolute conviction to our strategy. We have a portfolio of that's pretty darn broad and we're making bets on portions of that portfolio and Blackstone. It just gave us.
<unk> to the plan and really endorsed of what our strategy is here.
With demand and advantage in what we're doing so pretty.
Pretty pleased with that partnership.
Brian we're staying very close to a lot of other technologies out there always looking for something that would benefit the platform, but at this point I don't think theres any big holes that we feel like we need to fill in the near term.
Okay helpful color. Thank you very much.
Okay.
Thank you. Our next question comes from Fatima <unk> with UBS. Your line is now open.
Good afternoon, and thank you for taking our questions Kevin.
Kevin maybe I'll start with you on.
Have been incredibly candid about your experience in Triaging This incident internally.
Incredibly Frank about the details of that emerged in your own process and one of the things I think you mentioned in some of your own blogging and literature to the security community is some of the Red team tools that you have to burn debt burn as a result of.
Some of the aftermath of of what has happened. So I'm curious how much of that has translated into.
Our revenue implications or implications for your mandate franchise in terms of the tools, you're Mandy and personality use to assess yeah.
Victimized customers and then I have a follow up yes.
So first there was no evidence of a team of our red teams tools that were stolen from us during a breach in.
The fourth quarter.
There is no evidence they've been used by any third party just US second there is no impact.
What we do for living and respond to breaches. So all of the R&D for our Red team almost all of it is done by the adversaries that we respond to so what we've always done is repurpose the things that we see out in the wild we will observe.
Some malware and say Wow for threat actor day, this and that it might have been harder to detect or more effect of so our red teams R&D is augmented by cyber espionage campaigns from Russia, China, Iran, North Korea, and other locations and by cyber criminals and Youre always advancing it anyway. So as we respond to all of <unk>.
These breaches, we keep up upping the assessment capabilities that we have with our red teams and I anticipate first we'll still be able to use the tools that we had in the past because theres always a big tail from.
From the moment, we foresee a method used by an attacker to the security community's ability to defend against it so.
No real impact at all and we're already off to using and stimulating more recent attacks.
I appreciate that clarification. Thank you Kevin.
Frank maybe for you.
$110 million in what is.
Mandy and services backlog, that's sitting in your deferred revenue now can you give us a sense of how that has compared to prior periods and even prior fourth quarter period still give a sense of how much larger of the magnitude is.
Sunburst.
Yes.
It's an absolute record. So we ask we ended the fourth quarter of $110 million a year ago, we were at $95 million, but did also increase $21 million sequentially and so some.
<unk>, probably had a little bit of an impact because we did have a lot of demand for our expertise from that incident, but.
Like Kevin mentioned during the prepared remarks that it really didn't have a lot of impact on our Q4 revenue results because of that team was completely operating at capacity already but it did give us somewhat of a boost to the current deferred revenue on professional services side, but we've been building that area for quite some time because of.
Of new offerings like expertise on demand.
Have a nice impact to current deferred as well.
Very helpful. Thank you so much for them.
Thank you. Our next question comes from Keith Bachman with BMO. Your line is now open.
Hi, Thank you very much I wanted to ask two first for you.
Kevin is there any comments you wanted to make on our for 'twenty. One I know you mentioned that products.
Could flatten out here without any direction, but any other kind of puts and takes or parameters for growth do you want to provide for <unk> for 'twenty one.
Hi, Keith This is Frank I think for 'twenty, one we're not guiding to a specific IRR number, but I think what we would expect to see throughout the year and ending the year is really stabilization on the product and related but accelerated growth on the platform cloud subscription IRR.
Think about the investments, we're making in the business and the areas that we're really excited about from a growth opportunity perspective, it's all driving that platform cloud subscription and managed services.
Okay, and then they are growth shouldn't I mean, just putting those two together you our growth should improve.
In 'twenty, one versus 20 of them.
Correct, Okay, Okay, just turning back to services for a second.
Youre guiding 21% to 15% to 20% kind of services growth.
I was just wondering if you could help frame that a little bit in terms of.
On the constrained variable because I would've thought that growth would have been candidly higher than that and it may well end up being higher debt, but as the key just capacity and that it's linear growth and you just can't find enough people because it would seem like.
Given all of the incidents that happened towards the end of the year that you would breach 'twenty and of that growth would be higher.
During this current fiscal year than last year, but maybe just flush that out of a little bit of course, thank you Keith.
Keith first and foremost our intent is could.
Could we grow services faster yes.
But right now Theres also what we've always had and Ive been doing this for 17 years, there does come of growth rate, where we first and foremost we're about quality and capability.
We can probably grow it faster, but at the same time frame, we're trying to take a lot of that capability and I don't think youll ever completely replace humans and security, but we do want to have a platform that makes it easier for even our own services folks to scale. So I do believe we can deliver more today.
And yesterday in regards of services and to put that in perspective, when I was responding to breaches I only could respond to one out of time, we've got folks now Mandy responding to seven to eight different computer intrusions of one time. So we can already scaled to technology is my hope that we meet the demand by being more technology enabled we could go.
Out and double the hiring rate right now a Frank would tell me he doesn't like the expenses, that's adding but it also it gives our frontline consultants of job and a half for a while so there's a long winded way and I can talk to you offline on the call back when you assimilate new consultants, we got to teach them. The mandaean way that takes time and I just like.
15% to 20% growth rate in that find when you go to 25 wheels on the basket wildly from a quality standpoint, so we like it where it's at.
Fair enough then just wanted to compliment you on the slide deck you guys have been doing this for a while on just I think it's very helpful. So much appreciate it. Thank you.
Thank you.
Thank you. Our next question comes from Walter Pritchard with Citi. Your line is now open.
Hi, Thanks.
Kevin just wondering on the services and attach of of more recurring revenue type of offerings on the services side.
What are you seeing in the pipeline with this recent round of services engagements and how does that compare of differently. It also of what you've seen.
Historically, there just given the nature of the attack and the engagements.
I can tell you I don't know if it's related to the attacks are dealt with but I see a stronger relationship between doing services and our managed defense lead behind her mandate advantage leave behind and I anticipate that to continue to grow I think theres always been.
The strong relationship between those things because when our services folks show up whether it's a strategic consulting engagement.
Or it's a <unk> incident response with incident response of logical lead behind us lead behind our xdr capability with our folks running it.
And that immediately ups the security profile of our customers from point, a to point b with shields up pretty quickly, but ever since we bought validation as well.
Does take a while for our folks to get depending on the software and get more technology enabled because we had years of doing red teaming our own way with their own platforms and then we bought verde in but the relationships are getting stronger so in short.
There will be a stronger correlation between services and leave behind managed defense or a lead behind mandaean advantage that whether we manage that capability or not for our customers.
Got it and then just you mentioned on the million dollar deals the high percentage of of those debt include three or more products could you help us.
Maybe lay out what are the three most common products or sort of sets of products that you see when it is three or more of that or.
The other asking why they hadn't ranked.
Yes, we do review of them every quarter and go ahead.
Kevin talked about.
For the year, but for the fourth quarter basically 50% of the greater than $1 billion transaction. So of the 60 for 50% of them actually included services and 72% of them included for more product. So what we're seeing.
And most of it is there's a services component and then there's a product component and it might be network E Mail endpoint and then of managed defense for a threat intelligence.
As well so.
Each deal is a little bit different depending on the customers need but I think the thing that we're really happy about is we're seeing a lot of these platform deals where our detection products on our platform are part of it as well as some of the solution. So it's really taking advantage of our intelligence and expertise and our best in class detection product.
Yes.
Great. Thank you.
Thank you. Thank you. Our next question comes on except with JMP Securities. Your line is now open.
Yeah. Thanks for taking the question.
Can you remind us how much of your professional services is coming from forensics and incident response.
It varies it can be anywhere from about 30% upwards of about 50.
But.
Jumps up and down what I can tell you is we're almost always at the same utilization regardless of the mix.
There's always something there for folks if theyre doing forensics that's great.
If theyre not doing that most of those folks can always be repurposed to strategic consulting.
Or training in the other services and Eric in 2020, obviously was a great year on the IR side, but if you looked across all of the services, we had really strong growth across proactive strategic and.
And investigative so.
Is it just the IR that had a record year was really strategic and proactive as well.
Okay now it sounds as though you operate of capacity pretty much most all the time and it doesn't sound like youre changing the rate of hiring in light of some burst.
You've talked a little bit about how this has helped out.
Mandy <unk> advantage and things like that but can you discuss maybe which revenue streams get most effected by an incident like like sunburst is there another area of product that is particularly reactive to opportunities arising from that.
Yes, I think one of the things that if you look at what.
During the incident will really validated just how important our intelligence and expertise. The fact that Fireeye was the only company out of of 18000 companies that was able to discover this breach after being out in the wild for for almost nine months and a lot of companies.
Really did validate the the intelligent and expertise that we bring to the table and so the fact that we have that innovation cycle and that our products are updated with that level of intelligence and expertise. It really does have a positive impact across our portfolio. So obviously intelligence expertise is going to have.
Really strong tailwind because of that but also our products because of our products are getting smarter every day because of the intelligence and expertise.
And can you remind us what contribution you get from the intelligence.
So the intelligence is a really significant component of Mandy and advantage and it's probably the one area of we'd expect the most growth in 2021.
Great. Thank you very much there's the <unk>.
Direct results of Intel and then Theres the indirect it's literally of product without an innovation cycle product without learning capability is not that valuable. So the fact that we have something new every few minutes to go look for is very powerful so Intel is kind of pervades every.
Single product that we have.
Contribute to all of them very much.
Thank you. Our next question comes from Shaul Eyal with Oppenheimer. Your line is now open.
Thank you good afternoon, everybody congrats on the healthy performance kudos again on the transparency back in December <unk>.
Regarding the fund growth path.
My question actually is on potential GDP or implications.
Obviously at the front line you guys are talking to so many of your customers.
Have any of them.
Began discussing with you some potential I don't know what implications find as it could be of so.
He added with the sunburst hack at this stage or is it preliminary.
Right now.
Yes, I am unaware of any.
Risk in that area at this juncture and I'd be shocked and astonished.
That would occur.
Got it.
Thank you so much for that I appreciate it.
Thank you.
Thank you. Our next question comes from homes outside of Waller with Morgan Stanley. Your line is now open.
Hey, guys. Thank you for taking my question and all sorts.
To Echo my my gratitude for your transparency.
I'm wondering if you can talk a little bit about.
The growing sort of priority and demand for security even prior to some of US right. I mean, you obviously have had.
Sort of expanding.
Attack surface area of post Covid a lot more complexity.
Come about as well.
So can you just can you speak to that.
It relates to your pipeline and then more specifically.
Any any sort of thoughts early thoughts you have around security architectures, perhaps.
Changing overall.
Posts on birth or Covid, so just sort of sort of the general commentary on both for the Opex.
Yeah, clearly post COVID-19 or ever.
Everybody's working remotely remote work force protection and things that come from remote work Force protection is better identity, better authentication and movement to the cloud. So that's definitely everybody knew about those trends they got accelerated by the pandemic in regards of something like of solar winds.
Whenever you have an attack that everybody's missed.
And every single quarter that goes by every organization depends more on their infrastructure their it infrastructure.
It gets everybody to think what is the effectiveness of our security programs and how would we fare and how would we detect these sort of things. So I think theres going to be a couple of.
Outcomes from this especially from the big companies, where their risk profile is such that Hey, we've got to secure our supply chain. We've got to make sure. We don't have to deal with sophisticated attacks or if we do we'll have on awareness.
That's why we bought validation is I think it's going to be very important. It gives you unvarnished truth you stimulate attack how did you do so that's something that on Kris Theres. No question supply chain security is something that everybody is going to consider and then obviously all software companies are looking into how did they develop code.
Where their engineers, how their engineers check code in and how do you audit that so that none of us.
Our supply chain risks to the folks that we serve so that's just a quick answer is probably a 45 minute discussion, but this breach got everybody to recognize there is a way to compromise some of the most secure organizations on the planet.
And of therapist, this way and that of alarm people and with that alarm comes on awareness and a desire for it to not happen again.
Right Alright.
Maybe just one quick follow up.
<unk>.
Cyber security is obviously a top priority now for.
The by the administration, obviously fireeye.
Has that has a pretty large footprint in the federal vertical I'm wondering to what degree.
<unk>.
Is the company being involved in sort of.
On advising federal government around sort of best practices and taking of roll in and.
And sort of improving for national debt and that's it for me.
Well I appreciate that question I think one of the biggest things at any administration would face as you have to impose risks and repercussions set of folks that attack of American companies and that's something that I think is not a device of issue for our government and they'll look into doing that starts with doctrine.
What do we stand for and what are the behaviors, we expect in cyber space and then after the doctrine of what.
Do the best you can to define the Red line for cyber the second thing is to make sure those risks of repercussions for those of violate those rules.
And those things are going to come to bear I think over the next few years.
Thank you very much.
Thank you.
Next question. Please. Thank you. Our next question comes from Tal <unk> with Bank of America.
Yes, hi.
Hey, Tom.
Your services in India is doing great.
Sure.
Legacy of the product as of today.
It's less bad but it continues to decline.
Is there any consideration in the company to focus more on the services part and just not competing areas, where you're struggling or exit some of the areas that are related to product in terms of the company into a complete service service company I'm trying to understand.
Those three of our mind when you think about the loan growth strategy.
Yeah, absolutely tell I can tell you.
First off we know what our Differentiators are of the world's best threat intelligence and incredible frontline expertise for Mandy and we want to leverage those and prioritize our portfolio to take the most of advantage over that and I think one of the ways. We do that is in fact with demanding advantage and we move fast we have of cloud based brain that thinks that learns.
That brings to market, our Intel our ability to not just share with you what we know, but automate all of the analytic skills that we have and at the same timeframe automate our validation, let's put it this way tell who wouldn't want of mandaean expert looking at every single alert coming into their company, we can bring that to bear through.
Software and that's always been our goal. So we're going to focus on doing that and Thats, a long winded way of saying we have prioritized our portfolio.
We're prioritizing it based on what were the best in the world at and where most differentiate it at and Tal. If you look at where we're putting the investment dollars, where that's the area. We're investing in the strategic growth areas on the solutions side, but if you look at the product side.
Cloud growth of pure products exceeded the decline on the on premise solution. So we actually did see growth in the third and fourth quarters on on the product side, but also one really important point.
Is the more mature area of the business is generating significant cash flow and net cash flow has been put back and invested in the company in the high growth areas. So I think you can see that transformation happening as we speak in the fourth quarter two thirds of our billings came from the high growth areas of platform cloud subscription and managed services and <unk>.
So I think we're making that transformation the more mature areas of helping fund that.
Got it great great answer thank you.
Thank you. Our next question comes from Zachary <unk> with Barclays. Your line is now open.
Hey, guys. Thanks for fitting me in here.
Hey, Frank maybe just maybe just first one for you kind of housekeeping.
Can you can you just remind us.
How big respond was from an AUR perspective, and I realize it closed intra quarter. So there probably wasn't a ton of revenue but.
I would imagine we're acquiring a book of.
Our book of business from an AUR perspective, so any guardrails you could give us on how much that might have contributed to platform AOR in the quarter.
Yes.
It added a little less than $5 million of air or it did.
It didn't have much contribution from a bookings billings perspective in the fourth quarter of revenue because they were actually of January end of January fiscal year end. So a lot of the deals that we are in their fourth quarter actually we closed in January of 2021, so it wouldn't be part of our Q4 results.
Got it that's helpful. And then and then the quick follow up here is for.
For you, Kevin obviously, a lot of focus on the Indian advantage threat.
Threat, Intel as sort of the starting point there.
Fireeye has had a great threat Intel offerings for years and years now mandated.
<unk> advantage of sort of.
That's a step up.
I mean, any broad brushes that you could talk about from a from a pricing premium perspective right. When it comes to mandaean advantage threat Intel versus sort of Fireeye threat Intel before.
Yeah.
So with respect to the addition of so mandaean advantage. It's basically now the only way to consume that threat intelligence feed them. We've converted most of our existing threat intelligence customers too many of the advantaged platform.
We will really see the benefit is when we have multiple modules all connected through mandate advantage. So you can think through when we add in validation and we add in the xdr capabilities from respond the synergies of having that all in one dashboard and on one place.
It will really come to bear.
Got it thanks again for the time guys.
Thanks I appreciate it.
Thank you I'm not showing any further questions at this time I would now like to turn the call back over to Kevin mandate for closing remarks.
I'd like to thank all of you for joining US today, we've done a great job on our transformation in 2020, the portions of our business that are faster growing or now the larger half of our business, which is very important we enter 2021 with tailwind to that portfolio that has higher growth.
And we are more relevant than ever when you look at the cyber espionage campaigns that we've responded to in the last month or two.
Everybody has cyber security top of mind. So we're very excited about 2021 and I look forward to updating you at the end of the first quarter on our progress. Thank you to all of you.
Yes.
Ladies and gentlemen, this concludes today's conference call. Thank you for participating you may now disconnect.
Okay.
Okay.
[music].
Sure.
Okay.
[music].
Yes.
[music] accounts.
Hum.
Okay.
<unk>.
[music].
Sure.
Sure.