Q1 2021 FireEye Inc Earnings Call
Ladies and gentlemen, and thank you for standing by and welcome to the Fireeye as of Q1 2021 financial results Conference call. At this time all participants are in a listen only mode. After the speaker presentation there'll be a question and answer session to ask a question during the session you'll need the press star one on your telephone please be advised the today's conference maybe Rick.
If you require any further assistance. Please press star zero and I would now like to hand, the conference over to your speaker today, Kate Patterson and Investor Relations for Fireeye.
Thank you good afternoon, and thanks to everyone on the call for joining us today to discuss Fireeye financial results for the first quarter of 2020 one.
Call is being broadcast live over the Internet and can be accessed on the Investor Relations section of Fireeye website at investors got Fireeye Dot com.
With me on today's call are Kevin Mandy at Fireeye is Chief Executive Officer, and Frank There to kind of executive Vice President and Chief Financial Officer, and Chief Accounting Officer of Fireeye. After the market close today Fireeye issued a press release announcing the results for the first quarter of 'twenty 'twenty. One before we begin let me remind you that fireeye as management will make forward.
Looking statements during the course of this call, including statements relating to Fireeye as guidance and expectations for certain financial results and metrics <unk> priorities initiatives plans and investments drivers and expectations for growth and business transformation, the expansion of Fireeye product subscriptions and services and expectations for benefits.
Abilities, and availability of new and enhanced offerings market opportunities and go to market strategies. These forward looking statements involve a number of risks and uncertainties some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. These forward looking statements apply as of today and you should not rely.
The on them as representing our views and the future and we undertake no obligation to update these statements. After the call for a detailed description of the risks and uncertainties. Please refer to our SEC filings as well as our earnings release posted an hour ago copies of these documents may be obtained from the SEC or by visiting the Investor Relations section of our website.
Additionally, certain non-GAAP financial measures will be discussed on this call. We have provided reconciliations of these non-GAAP financial measures for the most directly comparable GAAP financial measures and the Investor Relations section of the website as well as and the earnings release.
And finally I'd like to point out that we have posted supplemental slides and financial statements on the Investor Relations section with that I'll turn the call over to Kevin. Thank you Kate and thank you to all of the investors employees customers and partners joining us on this call I hope all of you are doing well and I appreciate your interest and support and Fireeye.
We executed well against our plan and exceeded our guidance ranges for all key financial metrics during the first quarter.
During the quarter two themes emerged to me first Fireeye has made the turn in our transformation and second the need for our frontline expertise.
And intelligence is accelerating let.
Let me speak briefly about these two themes for I turn the to the first quarter highlights and how we are innovating to meet the vast opportunities that are in front of US first in regards to making the turn and we are seeing and ongoing mix shift in billings and revenue and they are to the faster growing more strategic areas of our business and 2000 and <unk>.
16, approximately 61% of the Fireeye business was tied to our on premise sandbox technology reported as product and product related subscriptions and this category was seeing billings decline and double digits by the first quarter of 2016.
And the first quarter of 'twenty, 'twenty, one and our strategic platform cloud subscription and managed services category combined with our professional services to grow 46% year over year and billings and represented 69% of our total billings and this is evidence of the turn we have made with our <unk>.
Portfolio.
And second our technology threat intelligence and expertise has never been and more demand during the first quarter organizations face the complex and hostile threat environment implants, and the supply chain zero day exploits impacting popular products and an onslaught of ransomware and extortion occurred as the threat environment escalates.
Conventional safeguards are not affect of that reducing risk however, coupled with our expertise and intelligence, commonly use safeguards can adapt faster to the threats and protect customers far more effectively therefore, we continued innovating and speed to embed our threat intelligence and expertise into fireeye products as well.
All of us the Mandy and advantaged platform now let me discuss some first quarter highlights team.
<unk> Fireeye delivered a strong first quarter. In addition to our financial performance. We continued to transform our business are a mix of the platform cloud subscription and managed services category combined with our professional services grew from 56% of our total billings and the first quarter of 2022, 69% of our total billings.
And the first quarter of 2020 one.
The substantial mix shift is a testament to the efforts and progress we have made.
With our transformation. We also saw this trend and mix shift with respect to revenue and they are our mix of revenues and our platform cloud subscription and managed services category combined with professional services grew from 53% of our revenues and the first quarter of 2020% to 61% and the first.
Quarter of 2021, and our mix of AOR grew from 49% to 55% respectively. In short I believe our mixes moving and the right direction.
Demand for Mandy and expertise remained strong this quarter, resulting in 25% year over year revenue growth. This was the 12th consecutive record quarter for managed services as we continued to scale, our capacity and expand our offerings to address emerging market needs such as zero Trust ransomware.
<unk> cloud migration and security validation.
Our platform cloud subscription and managed services category had 45% year over year billings growth and 26 per cent year over year revenue growth, while we saw strength across all of the solutions in this category the acceleration and growth was driven by our threat intelligence security validation and cloud and point.
<unk>.
During the first quarter, we also closed 30 transactions greater than $1 million more than 70% of these transactions included three or more products or solutions and 60% of these 30 transactions included consulting services.
Fireeye continued to prove the value of our frontline expertise and intelligence and the first quarter. We recently published our annual and trends report, which contains our observations about threats and effect of remediation actions and it was gleaned from frontline mandate investigations performed around the globe and here of just a few of our findings.
Nearly half of the 294 distinct malware families, we observed and investigations last year, where new and never seen before.
More than 80% of these new malware families. We're not publicly available meaning they were privately developed and availability was restricted in some way.
And 70% of all of the malware families. We observed the only found in a single infusion set.
These observations and tell us that threat actors continue to innovate faster than the technologies customers are deploying to protect their networks and organizations are deploying to protect their networks. The attackers are learning new ways to circumvent conventional safeguards that cannot or do not learn from the front lines and a timely manner and as a result of the.
This organizations of reevaluating the effectiveness of their cyber security investments.
They are looking for strategies to implement zero trust to protect against ransomware to secure their cloud environments and they want and Knowhow.
Security processes with X D R and how machine learning and artificial intelligence can improve their security posture and lastly, they want to validate if they are protected from the latest attacks.
This list of topics and actions aligns well with Fireeye strength, we have performed thousands of investigations into security incidents and considered all of the various remediation activities to these incidents and we have learned how organizations can leverage our threat intelligence and expertise to make themselves more secure therefore, we continue.
To expand our solutions to meet this need and so first I'd like to discuss innovations with our Mandy and solutions.
And the first quarter, we expanded mandaean advantage, our SaaS platform for security operations by completing our integration with response software and that's the company, we acquired and the fourth quarter of 2020 as.
As of respond became another module and the Mandy and advantaged platform, we renamed it Mandy and automated defense and relaunched it and early April of 2021 the.
This capability automates, the discovery and investigation of alerts at machine speed the models and automated defense are trained and continuously updated with our threat intelligence and frontline expertise so using Mandy and automated defense is like having a team of Mandy and experts right there and your security operations Center.
Mandy and automated defense currently integrates with more than 70 products from other security vendors, so customers with multi vendor environments can leverage automated defense the better safeguard their networks. We also integrated automated defense with our Fireeye network email and endpoint security controls as well as with helix.
With the addition of respond.
And the mandate advantage now includes three modules our threat intelligence module, our security validation module and our automated defense module. Each of these modules are available as technology, whereas the managed service.
And we expanded managed security validation with the one time paid service to emulate and adversary and answered the question well.
What is our customers capability to defend itself against the particular threat.
We refer to this onetime offering as validation of on demand. So our customers can simply and safely test and what they need when they need it without and ongoing validation subscription.
In addition to the updates and Mandy and advantage, our managed defense offering integrated support for customers that use Microsoft defender for endpoint.
And this allows our experts to rely on and interact with Microsoft defender for endpoint to detect and respond to potential security incidents and so.
And also allows Microsoft defender customers, a way to benefit for mandates intelligence and expertise.
This is the first native third party and point of integration and managed defense and expands the addressable market for our managed defense capability to more than 1 billion Microsoft endpoints.
And the automated defense capability expands the potential for mandate managed defense to support over 70 different security controls.
As we deliver of controls agnostic Xdr service to the market, we expect to be able to rapidly support additional controls with our managed defense offering.
So stay tuned and now I'd like to turn to the innovations, we accomplished and our fireeye products.
Our Fireeye security suite continued delivering industry, leading detection and protection for our customers through our next generation Xdr platform with native endpoint network and email capabilities.
Our strategy of meeting customers, where they are continues to be as effective as we deploy our solutions on premise in the cloud and and the hybrid environments. Specifically, we saw above market growth for cloud endpoint High network security subscription renewal rates and a strong quarter for large email security deals.
As you May recall, we hired Brian Pom and the first quarter to lead our product team and he has been particularly focused on four areas first improving the user experience across our suite of products second increasing our detection efficacy by integrating our threat intelligence frontline expertise and updating our Ms.
<unk> learning algorithms third, enabling better cloud security and fourth extending helix functionality as a correlation engine for enterprise wide xdr.
And will mentioned just a few of recent milestones that we've achieved with our product team over the last quarter.
First we bolstered our endpoint extensible framework by adding three additional modules, bringing the total available fireeye endpoint modules to 12 and these modules are available for download on the Fireeye marketplace and incidentally, we're responsible for identifying <unk> 35 per cent of the threat actions and the recent mitre attack test.
Later this year, we plan to unleash the full power of the endpoint extensible framework by land customers partners, and our consultants and other consultants to leverage our Apis to develop real time modules for combating threats and the wild.
Second we launched our asking expert capability across our endpoint platform and this provides customers instant access demanding experts when they need immediate help.
And last we extended our industry, leading network detection capabilities to our cloud native detection on demand solution detection on demand can detect malicious files of malicious urls across CRM, social media messaging and storage applications. We recently added this capability across the leading collaborative collaboration tools.
Such as Microsoft Onedrive, Slack sales force G suite and box applications.
And now I'd like to wrap up my prepared remarks.
With the recent breach headlines as a catalyst.
We are seeing customers reevaluate the security programs and look to us for solutions that deliver better security outcomes.
I believe our position of trust derived from nearly two decades of respond the security incidents that matter puts us at the forefront of the changes required to combat the current threat environment.
I am confident 2021 will be a year and which fireeye continues to demonstrate to our customers that we provide the best line of defense. We are off to a great start with our first quarter and I want to thank all of the Fireeye employees for their hard work and bringing us to this point and I would like to thank our customers our partners and our investors for their continued support.
With that I'll turn the call over to Frank for more details on our financial performance, Frank Thanks, Kevin and Hello to everyone on the call. Thank you for joining us today.
To summarize last quarter, we predicted that the momentum from the second half of 2020 would carry forward into 2021 and this was clearly true.
It's worth repeating the Q1 2021 was our best first quarter performance and the Companys history and it followed an equally strong Q4 of 2020.
Our billings revenue and the air our year over year growth rates accelerated from Q4 to Q1 on continued strength and our strategic platform cloud subscription and services categories.
The strength of our topline and metrics translate into over achievement on our operating metrics and allowed us to raise our outlook for revenue for the year for revenue gross margin operating margin and EPS for the remainder of 2021.
Before we move on to the detail of our Q1 results and our guidance for Q2 and the updated guidance for the full year 2021.
Let me remind you that I'll be referring to non-GAAP metrics, except for revenue and operating cash flow.
Turning to the Q1 details we delivered revenue of $246 million 8 million above the high end of our guidance range and our second hardwood highest quarterly revenue ever.
Revenue growth of approximately 10% was the highest quarterly quarterly year over year revenue growth and rate and more than three years.
Our performance was driven by the the growing adoption of our cloud products and controls agnostic Mandy and solutions.
Reflecting the market evolution and Kevin discussed.
And the ongoing mix shift towards the higher growth areas of our business.
Revenue and the platform cloud subscription and managed service category increased 26%.
Reflecting the steady build and deferred revenue over the past two years. This category now accounts for 47% of non services revenue.
Compared with just 39% of year ago.
Note that both the growth and the mix shift our organic and reflected strength in cloud endpoint threat intelligence and validation.
Services revenue growth accelerated to 25% and reflected a combination of increased capacity from 2020 hires at a higher mix of incident response, compared with Q1 of 2020.
Okay.
Product and related subscription support revenue declined 8% year over year, reflecting lower deferred revenue balances at the beginning of the quarter of higher appliance sales and previous years continued to amortize out of deferred revenue.
I expect that the long tail of this trend will continue as hardware sales gradually decline over time, but that the impact on our total revenue and growth rates will diminish.
Total annualized recurring revenue increased 1% sequentially and 9% year over year.
Growth and platform cloud subscription and managed services <unk> accelerated to 22% year over year and accounted for 55% of total <unk> at quarter end.
This compares with 49% and Q1 of 'twenty.
And the reserve.
The strong performance and cloud endpoint threat intelligence and validation.
Product and related subscription and support <unk> declined slightly both year over year and sequentially as we continue to see stabilization and this area of the business.
The shift and mix to our higher growth categories offset the typical seasonality, we see in the Q1 metrics.
We remained focus on annualized recurring revenue and revenue is the most important indicators of our top line performance and market adoption.
The <unk> metric provides insight into the expansion of our installed base of recurring subscriptions without regard to changes and average contract length renewals of large contracts or hardware refresh cycles.
As we've seen any or all of these factors can cause volatility and the quarterly billings growth rates, especially within the breakout categories.
However, trended billings, especially when evaluated in conjunction with our performance can be useful as the leading indicator for revenue and the underlying business momentum.
With that in mind and I'm pleased to report that billings grew 18% year over year, the highest billings growth rate and three years and the second quarter and a row of double digit growth.
Growth was broadly based across geographies and vertical markets and customer size.
The weighted average contract length for recurring subscriptions was approximately 22 months compared to 25 months and Q1 of 2020.
Looking at our billings performance by category platform cloud subscription and managed services billings increased 45% year over year to $76 million.
This was the second consecutive quarter of above above market growth and it was achieved even though the average contract length declined by two months and that category.
The respond acquisition did not contribute materially in the quarter. So the acceleration in Q1 reflects true momentum for our cloud based products and controls agnostic Mandy and solutions.
Services billings grew by 47% year over year, although we emphasize revenue is the best performance metric for services. The billings growth Inc. Q1, clearly demonstrates the sustained high level of demand for our expertise.
Billings for on premise product and related subscriptions and support declined by 17% year over year.
This reflects continued year over year declines and appliance hardware sales and a four month decline and average contract length for recurring subscriptions and support.
Adjusting for the shorter ACL the category would've declines of 6% year over year better than our initial assumptions of approximately 10% to 11%.
I believe our billings and revenue and our performance in Q1 demonstrate the underlying strength of our business and the growing momentum for our strategic solutions and services.
Before we return to margins I would like to make a quick comment about the decline in average contract length, and Q1 and our assumptions going forward.
Recall that we have been expecting the ACL to the client for quite a while as we increased our emphasis on <unk> over a multiyear contracts.
The trend is healthy for our business and consistent with industry trends and the higher mix of SaaS billings as well as the higher mix of renewals and the product and related category.
ACL is difficult to forecast with provision on a quarter by quarter basis, but our assumptions for the remainder of the year is of that remains and the range of 22% to 24 months.
Turning to margins our strong revenue performance resulted in the operating margin of 9% above our guidance range of six five to seven 5%.
Profit margin was 73% compared to the top end of our guidance at 71%.
And more than two points above Q1, 2020 gross margin.
The increase reflects the strong services gross margin due to a high mix of incident response and higher margins for our cloud hosted product as we continue to achieve efficiencies and economies of scale.
Overall operating expenses declined about $4 million from the first quarter of 2020 and.
And increased about six of about $11 million sequentially.
The sequential increase and reflects the seasonal impact of ploy related expenses as payroll taxes and other expenses kick in at the beginning of the year plus a full quarter, but respond the operating expenses and higher commissions associated with higher sales.
And incremental marketing programs to drive awareness and growth for our strategic solutions.
Earnings per share was <unk> eight of.
Both of our guidance range of five to seven.
The weighted average fully diluted share count of 244 million reflected a full quarter of shares issued for the respond acquisition as well as higher average share price during the quarter.
Turning to the cash flow and the balance sheet with the acceleration of and billings growth and Dsos below 50 days for the second consecutive quarter, we generated cash flow from operations of $21 million.
Capital expenditures of $10 million were above our guidance range of approximately 6 million the increase and Capex is primarily due to an increase and internally developed software as we ramp our investment and the modules of Mandy and advantaged platform cloud endpoint and other strategic growth areas of the business.
Our balance sheet remains very healthy and we ended the quarter with cash cash equivalents and short term and investments of $1 3 billion.
We ended the quarter with accounts receivable of 109 million the lowest level of accounts receivable since Q1 of 2018.
Total deferred revenue at quarter end was 911 million of which 65% was current.
Now, let's turn to our outlook for the second quarter and our updated outlook for the full year 2021.
For Q2, we currently expect revenue and the range of $246 million to $250 million.
For the product and related subscription and support and platform cloud subscription and managed services categories, we expect year over year growth rates of approximately consistent with Q1.
We expect the services year over year growth rates to be slightly less and the 25% we delivered in Q1.
But still towards the high end of our 15 and 20% target range.
This implies relatively flat services revenue with Q1, which assumes the mix of incident response versus the other strategic consulting is closer to historical levels instead of the higher mix we saw in Q1.
We expect gross margin of between 70% and 73%.
We expect services margins to decline slightly from Q1, assuming a lower mix of IR and returned to the 52% to 54% range.
We also expect product subscription and support gross margin to remain in the mid seventies.
We expect operating margin of between 9% and 10%.
This implies operating expenses are approximately flat with the first quarter on the dollar basis.
Using a fully diluted share count of 247 million shares we expect fully diluted earnings per share of between eight and nine.
For 2021, we are raising our revenue guidance range by $20 million at the midpoint representing growth of approximately 8% for the year.
We expect gross margin of between 72 and 73%.
We are raising our operating margin guidance range to 10% to 11%.
These range as a result, and the non-GAAP earnings per share of 39% of 41.
Based on a weighted average shares outstanding of approximately $250 million on a fully diluted basis.
Embedded within our annual guidance are several assumptions.
Our annual growth rate assumes revenue from product and related subscription and support to decline by 10% to 11% for the year.
Revenue growth towards the higher end of 20% to 25% for our platform and cloud subscription and managed services.
And we expect growth for Mandy and services to continue to grow at around 20% year over year for the rest of the year.
Please note that we are talking about annual growth rates for each of these categories and quarterly year over year growth rates for revenue can vary.
Our operating margin range assumes gradual improvement throughout the year more heavily weighted to the second half of the year.
We've assumed an increase and facilities and travel and entertainment expense and the second half.
Out of lower overall expense level as compared to pre pandemic facilities and <unk> levels.
We also expect to increase investments and marketing to increase awareness for the mandate and advantaged solutions.
Finally at these expense levels, we expect and operating cash flow margin of about 10% for the full year.
Given the low level of receivables as we enter Q2, we expect to see slightly negative operating cash flow and the second quarter.
Let me conclude by repeating that the Q1 was a great quarter and are updating outlook referred sort of reflects our continued confidence and our future.
I will now turn the call over to the operator for questions.
Thank you and I as a reminder of the ask a question you'll need the crestar 100 of telephone.
Good question first of all Keith.
Please standby, while we compile the Q&A roster.
Our first question comes from Sterling Auty with Jpmorgan you May proceed with your question.
Alright, thanks for taking our questions. This is Jackson ader on for Sterling Tonight.
A couple of questions actually on Mandy and how.
How quickly do you think you can.
Scale up the head count that you need in order to kind of support that continued 20% growth through the rest of the year.
That would be of approximately 100 heads. This year, we did similar number last year, and we anticipate being able to do it and we continue to be tracking to that it's been very consistent kind of ramping of heads and so we've been able to continue to deliver on that and you've seen kind of 12 months record quarters of services growth there.
And frankly, I think you mentioned the.
That's part of the strength and you were seeing capacity expansion for some of those heads that you added in 2020, but just curious where where utilization rates are at the.
And then and where.
Whether things are running a little bit of hot relative to what you expected and this first quarter.
Yes, I think it's been pretty pretty much consistent with our expectations, but it has been run and hot really for the last couple of years I think the threat environment and obviously it continues to be very elevated and that has driven.
The various areas of our consulting to be the.
The balance chargeable and it can be has the team.
Okay, great. Thank you.
And thank you.
Yeah.
Thank you and your next question comes from the team of <unk> with UBS. You May proceed with your question.
Good afternoon, and thank you for taking my questions, Kevin and I will start with you.
Really quantified for us how much of the business has transformed.
Every single one of your Kpis.
Clearly you've sort of cross the chasm on the transition.
And I'm wondering what's sort of the remaining.
30% of the business that is still.
The non recurring category, what sort of programs and incentives or mandates do you have in place to Shepherd the rest of the customer base over to some of your newer solutions, but more importantly, the newer form factors of some of your existing solutions just the strategy behind that and then of a follow up for strength.
Please.
Yes, I think we could probably spend the rest of the call on the strategy. There. We got numerous strategies I think youre, referring to our Fireeye products correct for the team and what is their strategy as that continues at least on the on Prem side to decelerate first and foremost the exact integrator yeah first integrate I mean, I can tell you of five.
Years ago. The person is get the IP out of the Black box and I think it was literally of black box by the way the appliance. So we've done that and so its focus on cloud focus on integration of these product. So you can get a suite that works together focused on helix being a true xdr platform. So that you can bundle.
The male security endpoint security network security and went on the bundling and the value you can get from that because the folks that do and.
Use fireeye products rave about the detection efficacy. So now we just got to get that UI and usability.
And that's something that everybody and software is always try and do so quickly again clarify it.
And we've done that so you can subscribe to all of our software now and in the cloud version for every single thing integrated and always keep working the integration and say a better coordination between the products make sure of helix as the nucleus of that xdr platform that we can bundle. So it's all integrated nicely and make sure the user experience continue.
To improve those for things.
I appreciate that Frank maybe for more too, but I think those of work.
That's helpful and I appreciate it for the long tail of especially for all of the support attached to your on premise product suite.
Frank maybe the question for you on Monday and advantage I can appreciate that you have.
Only had sort of threat intelligence out as the.
Modular curious if you can share some adoption statistics or ESP statistics, and what do you expect in terms of contribution from.
The new modules that have been now added to the family and now available at the full slate how should we think about that as it relates to the contribution.
2021, and that's it for me thank you.
The team.
And so we've seen it's obviously very early days of Mandy and advantage, but all of our Intel offering right now is sold through many and advantage and we had another really strong quarter.
Through Mandy and advantage for Intel and that and that caps off of really strong year or two and 2020. So I would say the new modules, we've added to it or.
Ramping and going to do really well and obviously if you look at the Mandy and advantage umbrella, you've got validation and there you've got threat Intel and <unk> got our new automated defense with the respond acquisition and then we will be launching managed defense module and there those are all high growth areas for the business and so we're pulling it all together and tying it all.
Together with Mandy and advantage. So that's going to be one of the primary growth drivers of the platform cloud bucket.
Fair enough thanks for that.
Thank you for the team of.
Thank you. Our next question comes from Brian Essex with Goldman Sachs. You May proceed with your question.
Great. Good afternoon, and thank you for taking the question Kevin I was wondering if maybe you can.
The circle back on Mandy and advantage now that you have like the three main products of that.
Modules within that platform.
With regard to go to market.
And where you've seen the most competition of these competitive displacements or the greenfield opportunities and and how much is driven by kind of of the.
Halo effect, if you will of the.
And so the way to attack and what you've been able to do on the back of that.
Yes, so so I'm going to Peel that backwards, Brian I think the halo from us being on the Frontlines.
It wasn't just solar wins, but we find more zero days that I'm aware of than any other security companies and so and we find them by being on the front lines of responding to breaches and as we do our investigations and reach a point, where we just don't know how the attacker broke in and so you start peeling back software like in December of of solar wind and we found the NIM plan this year, there's others.
I don't want the name every single customer we found a zero day at but at the end of the day.
That's what creates the halo effect of the knowledge itself not the event and we just happen to be on the front row seat for it. So that does provide a tailwind for intelligence getting commanding advantage what I see there is it's greenfield I don't believe its ever existed where you can plug of technology and and it's like adding 1000, the experts to your net.
Work.
You have to have to make many of advantage work here is the moat for Brian you have to have a global Intel capability and we have that were and over 20 countries. You speak over 30 languages, you have to own the front lines and we have that we did over 1000 investigations last year and a lot of people think Oh investigations of tactical Theyre absolutely strategic.
It's how you get a front row seat to all of the threats that are circumventing the safeguards of today. So we can with Mandy and advantaged with our international intelligence team and our breach and intelligence that we're getting every single day.
And we can feed it to products that just don't learn and don't think can adapt to static which is the majority of security products today.
Because they simply don't have the knowledge and the intelligence that we have as we clean up the masses left behind from a lot of these products. So bottom line I think those that whole business has a tailwind, but I've been in the incident response business for 20 years. It was not a market 20 years ago. It was not a market 15 years ago. It was not a market 10 years ago, it's becoming popular.
Now because people are starting to see the strategic value and having that knowledge, but we've been invested and that for 20 years almost so many of the vantage the greenfield opportunity is to automate that expertise and that Intel and bring it to you at machine speed and then it's naturally related Brian to validate.
And the ability that the safely passenger securities safely and simply do that you can't if you're going to test. The security you got to do with real threats and real knowledge you can't just be hey, I've made software that can stimulate of threat, where do you get the content for you and.
We got the content and so I just love the Intel marries up perfectly with.
The validation story that we have so finally got it all together and then the automated defense component of many of the advantage. We continue to learn with it we continue to train it and really I'd say.
It's our way of automating finding a needle in the haystack, which we spend a lot of time doing every single day, so that the long winded answer, but bottomline mandate advantage provides a lot of greenfield opportunities for us I don't think anything like this has existed in the past because note companies done the work to have the Intel.
The international collections capability frontline and expertise and then the AI and machine learning.
Got it that's super helpful and maybe just a follow up on sales and marketing maybe maybe Frank where are you where are you investing now and how much is channel versus direct and how mature is that sales force at this point.
So I think the sales and distribution is very mature, but we're investing quite a bit now and areas of.
And brand awareness on the mandate solutions side on the many and abandon side. The other thing we're doing is <unk>.
Investing more on inside sales because of lot of.
A lot of the conversions and a lot of the pipeline and build on many of the advantage can be handled by and inside sales for us. So I think we're seeing more leverage there and a lot of the work that Brian has been working with the team on on the product side is really to help usability, helping the product easily demo and easily deploy which.
Will ultimately help our channel leverage.
Got it. Thank you very much guys I appreciate it.
Thanks, Brian.
Thank you. Our next question comes from Erik <unk> with JMP Securities. You May proceed with your question.
Yeah. Thanks for taking the question.
On the mandates advantage can you talk a little bit about.
Ways that you're using that into the customer base and we looked at using the premium model.
How quickly is that the.
The easily integrated into the customers' environment.
Right now there is a premium model that we have out there and.
And the folks have.
Taken advantage of that and at the same timeframe all of our current threat intelligence customers have been moved onto mandate advantage. We only just added the validation.
And the automated defense so that now with the single credential our customers can see.
The unity and the true integration between all three of these modules and the platform.
But that's how we've done it to date converted our hundreds of threat intelligence customers to it and then we have a freemium model and obviously, our enterprise sales folks and we just had our second sales kickoff. This year is actually last week.
It's cloud based software we updated the heck of lot faster couple of updates every single week.
Even more than that some times. So we have to do more sales kickoff. So we just continue to enable the team.
On the on more than a quarterly basis. So.
Thank you and add to that no I mean, it's definitely a focus area for US. It's also something that we've spent more marketing dollars on because we are seeing a really nice pipeline build and and.
And really starting to see a nice conversion.
And and as that service lend itself more to a channel sales.
Yes, I think one of the things that we really when we were creating Manny and advantage that was really focused on making it something that can easily be deployed easily be demo and easily be purchased and purchased modules within Mandy and advantage. So.
We've really worked on kind of that usability and the ease of use and the ease of kind of purchasing.
And I think that fits the channel really well.
Very good thank you.
Thank you Sir thank you.
Thank you for our next question comes from Hamzah Ottawa.
Morgan Stanley and then proceed with your question.
Hey, guys. Good evening and thank you for taking my question just two questions on.
Mandate and vantage and now autumn and defense I'm curious for starters.
And how do you see that.
Potentially perhaps cannibalized and kind of of what was built initially.
And I like our helix customers, you think over time going to be converted towards the automated defense I think the a lot of the use case the team somewhat similar deal it's going to be more of a more of a data lake that's going to underlie and you guys out of your I'm just curious on the yes, yes.
Yes, there'll be an evolution there because helix is the same at the ton of correlation rules and analytics. So over what Youll see is theres humans that maintain that we do that though when you get helix you get our rules you get our analytics you get our expertise there. The difference is actually and how we provide the minimization of trillions of alerts down to actionable alerts and events.
Is that were using models and Mandy and advantage with automated defense. So to some extent there is overlap. If you have great correlation rules you of a mature sake of 15 people maintaining your Sam you may get the same outcome.
And that you might get from of train system, but we do believe over time mandate advantage with models and it and the fact that we're trading software that can think and learn that that.
And is going to overtake the human skills required to maintain those systems. So that's one of the big differences just how we go about minimizing all of the alert and volumes of alert data down say, here's the threats that you got to pay attention to and then the second thing is helix has the data repository and you nailed it stores the data it is.
Got common event format rules and it is ATM, whereas mandate advantage is the sidecar to Sim and it has to work with many Sam's, but it's applying the IP that is our expertise and our intelligence, but it's doing it and a different way than house helix does and so there will be.
And depending on the customer of customer may buy helix get everything we shipped with it and be happy with that but they will have to maintain some of their own correlation rules or they can plug is the sidecar.
And the mandate of advantage to get the the rules and the minimization automated overtime.
Got it and.
And then just some of the automated response front.
Just for me.
As far as the market stands today and sort of these xdr solutions, how much do you think like.
Can actually be automated software.
Software and I mean, I think like you are all of our own security of Tds and outlook and sort of do sort of a one click type of automation and so I'm curious.
When you think about that and kind of where mandaean comes out of them.
The services side, Yeah, I'll start with this first nobody cares how you provide the outcome of zone you provided right. So I would say a lot of people that I talk to you one of them. They wish they had mandy and expert sitting and their stock and staring at every alert we can't offer that that doesn't and scale, but one thing. We can do is create a system that learns of thanks and it can do the minimization.
And as if it was us.
Can it do it as well as the human probably not kind of do a lot faster absolutely and in some used cases, it'll do it better than humans, right, but I like and it kind of at this stage and security.
And of pilots are still on the plan, even though the plane can take off and land itself to some extent I see us go into market with automated defense, but I like the idea and we do this today by the way and all of our products, whether you of our network product, our endpoint product or email security product or automated defense. We've got a team of experts are advanced practices folks mine.
All of that data all the time to see did we Miss anything is there anything there and we're going through all of the meta data that we collect and make sure of our customers are safeguarded and thank you for giving me an opportunity to market that because we never actually talk about it but we have some of the smartest security professionals on the planet constantly safeguarding our customers that have bought our products.
And they don't even know when they purchased our products that there is human intelligence behind it as well as a backstop. So I see over the next few years when you're training systems it'll be just like the airline industry I think I want our experts to make sure and cash.
Instantly test and training to make sure we know the efficacy and boundaries of our software and we've learned a lot of lessons along the way, but that's what I would want to bias the outcome of saying if I've got Mandy and automated defense, regardless of how we deliver it even the weather, we delivered 99% tech or 92% tech, but it'll be a lot of attack.
I was just wanted the outcome that feels safe and Thats why we want to provide.
That's super helpful. Thank you.
Thanks, Paul.
Thank you and as a reminder to ask the question you will need the press star one on your telephone. Our next question comes from the kit.
Barclays U and proceed with your question.
Great Hey, guys. Thanks for taking my questions here.
So Kevin maybe maybe for you.
Yes.
For those threat Intel customers that have now moved to mandate advantage.
So the additional sales opportunity from your perspective for.
Those customers to maybe cross sell them, something like security validation or or.
Once they move to managing the advantage is it is it that they can receive additional flavors of threat Intel to kind of segment that the price point.
Does that makes sense in terms of kind of that opportunity with the threat Intel base.
Yes, there is probably not one size fits all of it here. So on the security Guy first and foremost why do I want Intel either the stop something from happening or see if it could happen those two things and that's how it gets into my operations and.
And so it's either and the third would be the anticipate right. So I think with <unk> and advantage.
If I'm sitting in a sock and I've got our Intel being applied to our data right of way and again. It gives the heads up display so when im looking at alerts and my Sim with Mandy and advantage and the plug in that we've got with it.
Getting like a cockpit display like we got and the Air Force for fighter pilots literally get the situational awareness displayed right in front of the face we do that here's what we know based on that IP address the 75 additional.
Additional data you can drill down on and we want to make sure you don't want the Google when you were responding to and alert. It's all of it just presented to you not just our Intel but open source Intel as well. So that's what we provide but a great pivot would be youre going through your log files as an operator do I currently have the problem and my currently compromised yes.
For Noah's question number one you want to answer with Intel when Youre done with that lets say youre not compromising all of a fire to put out theres no smoke on your network I would pivot to could I be how well does this work and Chris and the team has delivered that within the last week, we actually <unk> and we have the ability now that just go straight from.
Oh, thank god it on of that problem, but you know what could I, let's run a couple of Paas and see how we're doing so that's of great logical and Thats and up sell right and the software itself.
Our account managers I'm sure, we're going to mention it and we've trained everybody to see the relationships between it but if you want to have and Intel driven sock again, you drive you want and tell the stop things from happening to detect of Something's happened and then test if it's possible with because of it even happens and the first place and.
And that's we're linking all of those decision points into the software.
Got it that makes a ton of sense, Frank maybe for a quick follow up for you.
And for some of that product and related AOR I mean, just for the earlier point made I mean, we've certainly seen the the transformation.
As you think about that product and related <unk>.
And the call it the three to five year kind of.
I'm, sorry of 3% to 5% kind of year on year decline the.
Question is how much of that is from sort of natural churn that you would expect versus customers opting for.
A cloud form factor and Thats in that platform line does that does that makes sense.
Yes, it's the mix of both saw the.
Especially on the email.
And the endpoint side, you do have customers migrating from on Prem to cloud on the network side.
We don't have as much of that migration.
And so on the network side for <unk> going down and it's related to kind of the smaller customer churn.
That's there, but it is the mix of both I would say the migration is in.
Right now of huge factor to it.
But going forward, obviously that could accelerate.
And again, we'd get the upside on the platform cloud bucket of that did happen.
Got it got it guys. Thanks, a lot for squeezing me in here. Thank.
Thank you I appreciate it.
Thank you and I'm not showing any further questions. At this time I would now like to turn the call back over to Kevin <unk> for any further remarks.
I'd like to thank everybody for attending I want to congratulate the fireeye team for a great first quarter, we've never been more relevant or more needed and cyber security and so I want to thank the teams that have been on the front lines, finding the zero days and protecting our customers as well as org.
Organizations that R&R customers, so with that I want to thank everybody I look forward to speaking to you in 90 days with another update take care now.
Thank you ladies and gentlemen. This concludes today's conference call. Thank you for participating you may now disconnect.
[music].
And.
And so.
Of course.
Thanks.
And of course.
And the team.
And.
And <unk>.
And any day.
Yes.
Yes.
This product.
And the commission expense.