FireEye (FEYE) Kevin R. Mandia on Q2 2016 Results - Earnings Call Transcript

| About: FireEye, Inc. (FEYE)

FireEye, Inc. (NASDAQ:FEYE)

Q2 2016 Earnings Call

August 04, 2016 5:00 pm ET

Executives

Kate Patterson - Vice President-Investor Relations

Kevin R. Mandia - Chief Executive Officer and Board Director

Michael J. Berry - Chief Financial Officer and Chief Operating Officer

Analysts

Karl E. Keirstead - Deutsche Bank Securities, Inc.

Gur Talpaz - Stifel, Nicolaus & Co., Inc.

Melissa A. Gorham - Morgan Stanley & Co. LLC

Jonathan F. Ho - William Blair & Co. LLC

John A. Lucia - JMP Securities LLC

Walter H. Pritchard - Citigroup Global Markets, Inc. (Broker)

Chelsea Jurman - Goldman Sachs & Co.

Ken Talanian - Evercore Group LLC

Brent Thill - UBS Securities LLC

Operator

Good day, everyone, and welcome to the FireEye Second Quarter 2016 Earnings Results Conference Call. This call is being recorded.

With us today from the company is Chief Executive Officer, Kevin Mandia; Chief Financial Officer and Chief Operating Officer, Mike Berry; and Vice President of Investor Relations, Kate Patterson.

At this time, I would like to turn the call over to Kate Patterson. Please go ahead.

Kate Patterson - Vice President-Investor Relations

Thank you, Candice. Good afternoon, everyone, and thank you for joining us on today's conference call to discuss FireEye's financial results for the second quarter of 2016. This call is being broadcast live over the Internet and can be accessed on the Investor Relations section of FireEye's website at investors.fireeye.com.

With me on today's call are Kevin Mandia, FireEye's Chief Executive Officer; and Mike Berry, Executive Vice President, Chief Financial Officer, and Chief Operating Officer of FireEye. After the market closed, FireEye issued a press release announcing the results for the second quarter of 2016.

Before we begin, let me remind you that FireEye's management will make forward-looking statements during the course of this call, including statements relating to FireEye's guidance and expectations for the third quarter of 2016 and the full year 2016, changes in the threat landscape, the security industry and customer buying preferences; FireEye's priorities, initiatives, plans and investments; FireEye's path to profitability; expectations regarding FireEye's restructuring plan and reduction in workforce, the size of the cost reduction and the amount and timing of the related restructuring charges; impact of FireEye's restructuring and changes in sales leadership; the expansion of FireEye's platform and the capabilities and availability of new and enhanced offerings, growth drivers, market opportunities, and opportunities with partners; customer demand for and adoption of FireEye's offerings; and FireEye's competitive position in the market.

These forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. These forward-looking statements apply as of today, and you should not rely on them as representing our views in the future. And we undertake no obligation to update these statements after the call. For a detailed description of the risks and uncertainties, please refer to our SEC filings, as well as our earnings release posted a moments ago to our website. Copies of these documents may be obtained from the SEC or by visiting the Investor Relations section of our website.

Additionally, certain non-GAAP financial measures will be discussed on this call. We've provided reconciliations of these non-GAAP financial measures for the most directly comparable GAAP financial measures in the Investor Relations section of the website, as well as in the earnings release. Finally, the slides and historical financials are posted to our Investor Relations site as well.

With that, I'll turn the call over to Kevin.

Kevin R. Mandia - Chief Executive Officer and Board Director

Thank you, Kate. And thank you to everyone for joining us on my first call as CEO today. In my remarks, I will provide a brief commentary on our second quarter performance, and then turn to a discussion of our plans to reinvigorate growth. Mike will then provide the details on our financial results, updated 2016 guidance and discuss ongoing efforts to align our cost structure with FireEye path to profitability.

For the second quarter, billings came in at $196.4 million up 10% from Q2 of 2015, but below our guidance range of $200 million to $215 million. Revenue was up – our revenue was $175 million up 19% year-over-year, but also below our guidance range of $178 million to $185 million. Our continued focus on cost optimization generated $17 million sequential decline in our total non-GAAP cost and allowed us to deliver earnings per share that was $0.06 better than the midpoint of our guidance range.

Although our billings and revenue were below our expectations, we continue to dwell on – with our core enterprise customers and we showed fundamental strength in several areas in Q2. HX Endpoint billings were up more than 65% year-over-year. We have strong renewal rates resulting in year-over-year growth in NX platform billings, which include both the appliance and related subscription billings. We added 308 new customers including several high-profile global 2,000 companies in many different verticals.

Finally, we closed 40 transactions greater than $1 million, up from 37 figure transactions in Q2 of 2015. Now, I believe there are three primary reasons why our Q2 top line performance fell below our expectations. The first two reasons are related to changes in the threat environment. While our services personnel are responding to more attacks this year than prior years, the scope and scale of these attacks is simply different. The average duration and size of each incident response engagement was smaller than in years past. And as a result, we saw lower services growth than expected, and the change in incident response engagement also lessened the amount of pull through of new FireEye subscriptions and products.

The third landscape is also impacting the sales of our other products and subscriptions. As the current threat environment shifts to smaller scoped breaches, some organizations may be opting for good enough over best-of-breed detection. However, I believe the threat landscape still presents significant risks, that are as, if not more severe than in the past. The biggest difference with the incidents we are responding to, and I think FireEye had a big influence in this factor, is the scale and scope went from hundreds of compromised machines by attackers who wanted to maintain and keep access to more of the ransomware type attacks and extortion attack that are simply easier to remediate at times. The final reason was sales execution, which we are addressing in a number of ways. Now, that was a quick summary of what happened in Q2. So, let's turn to what we're going to reinvigorate our growth.

I believe that going forward, we will address a larger market by offering solutions in multiple form factors that allow our customers to protect their assets wherever they are, whether they're on-premise, in the cloud or both. We'll also address a large market as we drive towards Security as a Service, allowing customers to benefit from our technology, expertise, and intelligence seamlessly and on-demand. This has been our strategy all along. And we are currently focusing on three key product development initiatives; first I am excited that we've expanded FireEye as a Service to encompass alerts from third-party security vendors.

We've capabilities available today to apply our threat intelligence and analytics to all alerts, so our customers are better protected. This allows customers to leverage our platform and expertise as well as their other security investments, providing greater value and opening new markets. Until now, FaaS has been tightly coupled with the FireEye technology stack and focused primarily on advanced attacks. Now we can address a broader range of threats, all leveraging the FireEye platform and scaling our expertise and knowledge to automation. The strengths of FaaS are significant, and we have seen tremendous growth over the last two years. We believe that the reason growth slowed after we became $100 million business was because we did not expand the threat coverage. We are now doing that in a big way.

FireEye as a Service can now manage the entire detect-to-fix process. We can process all of our customers' alerts, prioritize them, provide the context, and then work on the fix.

Next, we will deliver new cloud-based and hybrid security products that leverage our MVX detection engine. This is the MVX separation we discussed at Analyst Day that extends our core business from on-premise app appliances to a versatile form factor. The private cloud on-premise version is currently in beta and should be released on schedule later this month in August.

This on-premise capability is powerful and I believe, it's essential for organizations that do not intend to rely on the public cloud based on regulations, privacy concerns or risk profile. To properly defend your network, you need to inspect documents, PDFs, other types of documents that contain sensitive information and many industries and organizations do not want to send that private data to a public cloud.

MVX detection in the cloud, which will allow us to reach smaller more price-sensitive customers is on track for general availability in Q4. We believe that these solutions will open new markets as we have greater price flexibility and multiple deployment options.

And finally, we will continue to extend our Endpoint product by adding real-time threat detection. Our HX Endpoint already offers rapid search, exploit detection and correlated threat intelligence with our NX and email solution. With a new release is expected in the first half of 2017, we will take the next major steps to replacing traditional AV solutions and we are moving aggressively here.

By focusing on these three initiatives, we can address large markets that are right for disruption. Just as importantly, we will be able to extend our capabilities to provide investment protection for our more than 5,000 customers, as we evolve our platform.

These initiatives can also help our channel partners and we believe that by broadening our threat coverage and offering competitively priced cloud-based solutions that our products become better suited to distribution through our reseller channels and our channel partners can play an important role introducing our new solutions and expanding our customer base.

And finally, we were bringing on a new head of worldwide sales and a new leader in EMEA. We recognize that these new offerings and leadership teams alone will not be enough to achieve our goals, as we transition to balanced growth and profitability as an organization. We must simplify our business and operate more efficiently. I believe the restructuring and workforce reduction that we announced today is absolutely necessary to balance growth and profitability.

We're a business on a mission to protect our customers from the impact and consequences of the cyber attacks. We've been on this mission for a long time, and in order to best protect our customers from threats today and in the future, we need an intelligence led approach. I am utterly convinced that the cyber security channels cannot be stopped by technology alone. The solution requires a combination of technology, knowledge and expertise that we have here at FireEye, and I believe we have a more effective cyber intelligence capability than any company in our industry and it's even more effective than many governments.

Our cyber intelligence is derived from our network of millions of virtual machines deployed around the world, as well as our global network of threat analysts, researchers, malware analysts and incident responders responding to dozens of incidents every quarter, and that number keeps going up. I believe we know more about what bad guys are doing on the Internet than any other security company, and this knowledge is very important. It enables FireEye to develop products and services to our customers that adapt as the threat environment adapts. It drives our innovation, and it is leveraged by our service, and as a service offerings to better do their jobs. I believe no competitor is positioned to counter our intelligence-led security strategy.

Now, I have been doing security since the early 1990s, when I was in the military, and I've responded to many of the most severe cyber security breaches, and have seen firsthand the impact these breaches have on real people.

Now, I'm committed along with the FireEye team to protecting our customers from cyber attacks. I would like to thank all the hardworking and exceptional employees at FireEye dedicated to our mission. I also want to thank all our customers who entrust us to protect them. We are honored, and I feel privileged to have our solutions as core component to the security of many of the world's largest organizations and governments. And we strive to offer the most effective defense, at the lowest cost of ownership to protect all organizations, both large and small.

Now, I will now turn the call over to Mike to discuss the details of our financial performance and walk you through our revised guidance for the rest of the year. Mike?

Michael J. Berry - Chief Financial Officer and Chief Operating Officer

Great. Thank you, Kevin. Welcome aboard. So, very good afternoon to everybody on the call. On today's call, I will provide some additional color on our second quarter 2016 financial results, including revenue, gross margin, operating expenses and cash flow. I will also provide some high level commentary on our path to profitability, and I will spend quite a bit more time on our assumptions for the second half of 2016 and our revised guidance.

Before jumping into the results, I want to summarize the key themes of my remarks to set the stage for our discussion. As Kevin just discussed, we are focused on leveraging our core competencies in threat detection, intelligence and security operations to enhance our products, reduce our customers' overall total cost of ownership and help them operationalize security.

Within our current platform, we are expanding our threat coverage, introducing new form factors, and adding features that will reduce customers' reliance on legacy solutions. We are targeting market segments with large TAMs, Endpoint, cloud-based detection, and Security as a Service, which Gartner has defined as the managed, detection, and response market.

Historically, FireEye has done well with large enterprises, and this continued to be true in the second quarter, as exhibited by the year-over-year increase in the number of deals greater than $1 million, consistent multi-product attach rates and a strong first half in our core product renewal business. As we execute on our strategy throughout 2016 and into 2017, we expect to continue to do well with large enterprise customers through new sales, cross sell and renewal activity. We also expect that our increased threat coverage, new cloud and hybrid form factors, and expanded FireEye as a Service offering will appeal to a broader range of customers and this to drive new customer acquisition and top line growth.

Looking at the second quarter at a high level, continued adoption of the FireEye advanced threat management platform by enterprise class customers drove growth in revenue and billings. Some highlights included strong growth in our Endpoint platform with Q2 year-over-year growth in HX platform billing of greater than 65%, and first half HX platform billings growth greater than 75%.

We also had a stronger quarter than expected with our NX or network product as strong renewals plus incremental purchases by both new and existing customers resulted in year-over-year growth in NX platform billings. The total number of transactions was up 18% from the second quarter of 2015 with approximately one in three purchasing multiple products and over 90% of our greater than $1 million deals included multiple products.

Our trailing 12-month renewal rate remained above 90%, again in the second quarter of 2016. We had a very strong quarter in terms of progress on our path to profitability, as our non-GAAP operating margin exceeded expectations, and our non-GAAP loss per share came in at $0.33 versus our guidance range of $0.38 to $0.40. However, we did have a few challenges that ultimately resulted in us coming in below the billing and revenue ranges we provided in May.

As Kevin mentioned, the threat landscape continues to evolve, and the impact can be seen in our results in several areas, including lower average transaction sizes in our consulting and consulting-related product revenue that came in well below expectations. We certainly understand that we need to continue to respond to the changing landscape, and hopefully you heard our plans to reinvigorate growth during Kevin's prepared remarks.

Okay, let's look at our second quarter financial results. As Kevin said, billings came in just over $196 million for a year-over-year growth rate of 10%. We completed 40 transactions greater than $1 million, up from 30 transactions in the same period of 2015. We did not complete any transactions greater than $10 million in the second quarter of 2016, and as a result, the average transaction size of the $1 million dollar plus deals was 13% lower in the second quarter of 2016 compared to the same quarter 2015.

We have discussed the grow over effect of large deals in the first half of 2015 on previous conference calls, and I think the best way to illustrate the impact of the smaller transaction size is to say that if we had the same average transaction size from last year across our greater than $1 million deals this year, our total billings growth would have been approximately 15% versus the 10% growth experienced in the second quarter.

Year-over-year transaction growth was approximately 18% in the second quarter 2016, and we saw particular strength in not only the greater than $1 million deals, but also saw transactions between $500,000 and $1 million grow by greater than 35%. We continued to see strong multi-family sales as our customers adopt our platform, and 15 of the top 20 transactions in the quarter included more than one product.

Overall while the percentage of customers with just one product family remains at about 50% of the installed base, the number of customers with three or more product families increased by more than 50% from Q2 of 2015. The addition of iSIGHT threat intelligence subscriptions, as well as strong renewals contributed to the continued shift in the mix of billings to recurring subscription.

Recurring subscriptions and support accounted for 64% of total billings, up from 58% a year ago. Our total contract length finished at 27 months (19:03) down from 31 months in the first quarter of 2016, but consistent with the second quarter 2015. The sequential decrease was driven mainly by a higher mix of renewal billings in the quarter as renewals have historically averaged a lower contract length than new business. Also, please recall that we had a large five-year transaction with the government agency in the first quarter of 2016.

We have talked in previous sessions that we expect our renewals to create a sustainable base of recurring revenue, as our renewal business grows and becomes more predictable during 2016 and beyond. On a year-to-date basis through the second quarter of 2016, renewals as a percentage of total sales were in the low-20% range, nearly twice the percentage mix from the same period of 2015.

Within platform billing, which is a combination of product and product subscription, end point network, threat intelligence and cloud e-mail posted the strongest performance on a year-over-year basis. The anticipated decline in EX platform billings in the second quarter was mostly offset by an increase in our cloud e-mail solution or ETP. On a year-to-date basis, ETP billings growth is significantly larger than the decline in EX billing. Customers have now purchased our e-mail solutions to protect more than 30 million mailboxes.

Endpoint billings were up more than 65% in Q2 and 75% year-to-date, as customers embrace our platform approach to security. About one-third of the greater than $1 million deals included our Endpoint solution. FireEye as a service continue to demonstrate billings growth in the second quarter, but had a lower rate than we expected.

As Kevin discussed, we believe our ability to deliver our technology, intelligence and expertise as a service is an important differentiator for us. And we believe that the expansion of coverage to alerts from non-FireEye appliances will drive broader adoption of FireEye as a service.

The $800,000 sequential decline in professional services billings was due mainly to smaller incident response engagements compared to a year ago. We believe this is mainly due to the current threat environment and the changing landscape of cyber breaches. The total number of IR engagements continues to increase nicely, but the size and scope of each engagements is much smaller today than it was a year ago. These changes in the size and nature of our incident response projects also result in less appliance-based technology during these engagements, which reduces our tech fee. While these are related to the service engagements, these tech fees are recorded in product billings and revenue.

Turning to revenue, we posted total revenue of $175 million or 19% year-over-year growth. Excluding the revenue from iSIGHT, organic revenue growth was 11% in the second quarter. Product revenue declined year-over-year by 18% consistent with the decline in product billings. The largest year-over-year variance in our product revenue as measured by dollars is the lower tech fee revenue that I just discussed. Another large driver is the continued and expected reduction in appliance-based email in favor of our cloud e-mail solution ETP.

Product subscription revenue increased 57% from Q2 2015, reflecting a strong growth in ETP and renewal. It also included approximately $11 million in revenue from iSIGHT threat intelligence subscription. Excluding iSIGHT, product revenue – product subscription revenue grew year-over-year by 34%. Combining product and product subscription, total platform revenue was up 19% to $117 million. On the support and services side, support revenue benefited from consistently strong renewals and was up 38% from the second quarter of 2015 about as expected. Recurring subscription and support revenue now accounts for more than 60% of our total revenue.

Revenue from professional services increased just 2% from a year ago, down from the 40% growth rate in the first quarter of 2016. This category had tougher comparison metric due to strong growth in the second quarter of 2015, but the deceleration in growth was more than we expected, and was driven mainly by the shorter duration of engagements, which resulted in lower billability, especially in the U.S.

Very quickly on iSIGHT, we have included the revenue contribution for the first two quarters of 2016 on our call. I wanted to make sure and highlight that we have started to combine the iSIGHT offerings with core FireEye intelligence offerings, and going forward it will be very difficult to segregate this revenue or report on it separately, thus we will not be reporting iSIGHT revenue as a standalone number going forward.

I do want to comment that for billings iSIGHT is slightly before our expectations on a year-to-date basis, but we expect them to achieve our original expectation by the end of 2016.

Looking at revenue by region, the U.S. accounted for 69% of total revenue and international regions contributed 31%. All regions increased sequentially except EMEA, where we saw lower results in the quarter compared to the first quarter of 2016.

We have talked a lot about our commitment to the path of profitability and sizing our expense structure to the current growth profile and revenue run rate. We began our cost optimization process at the end of 2015, and the results are starting to show as we successfully reduced non-GAAP cost by more than $17 million sequentially. I do want to note that we had a $2 million one-time credit for G&A expenses and we do not expect this to recur in future quarters.

On a year-over-year basis, operating expenses increased just 5% from the second quarter of 2015. The increase largely reflects higher head count associated with the addition of the iSIGHT and Invotas team. This spending discipline coupled with a rebound in product gross margins to just under 70% result in an operating margins of negative 28%, the best level since Q3 of 2012 when they were negative 27%. Our better-than-expected performance on cost was offset by lower than expected billing, resulting in operating cash flow that came in about as expected and negative $13 million.

We ended the second quarter with approximately $970 million in total cash and equivalents, down by about $4 million from March 31. Total deferred revenue increased year-over-year by 43% to finish at $587 million and DSOs measured against billings were better than expected at 58 days. That's a quick summary of Q2.

Now let's swing back to the topic of our path to profitability. To meet our stated goal of non-GAAP profitability by Q4 2017, we will need to take additional steps to align our cost structure with our current growth profile. When we began the process of rigorous cost optimization in the first quarter of 2016, we took steps to reduce our annual cost by approximately $35 million as we discussed at our Analyst Day in March. While we had a plan to reduce the cost structure by a larger amount, we opted not to take these actions as we did not want to impair our expected growth targets.

Given the result from the second quarter and our revised growth projections for the remainder of 2016, we are moving forward with incremental expense reductions, intended to reduce our annualized non-GAAP cost by at least $80 million. This represents approximately 9% of our combined trailing 12-month non-GAAP support, subscription and operating cost.

While we expect to realize a portion of these cost savings in our third quarter cost, we do expect to realize the large majority of these savings in the fourth quarter of 2016. We expect some of these savings will occur naturally as we narrow our focus on the three key areas Kevin outlined. The remainder will be the result of additional facilities closures, head count reductions in areas where we have built redundant organization and an increased focus on discretionary spending.

Since we are still finalizing the details, I won't go into further details today. For your modeling purposes, we would expect to book our restructuring charge of between $15 million and $20 million in Q3 related to this action. While this charge will be excluded from our non-GAAP results, it will impact operating cash flow and I will discuss that later in my remarks.

Before going into the specific guidance amounts for the second half of 2016, let me walk you through what has changed, since we gave guidance on our first quarter 2016 earnings call in May. At that time, we were expecting an acceleration of our growth rate in the second half of 2016 with annual linearity consistent with prior year. This was driven by several factors, including easy or relative year-over-year comparisons and assumption of improved sales productivity, the continued ramping of new sales head count, continued strong performance from high-growth products including FireEye as a Service, TAP, HX and ETP, and some incremental billings contribution from the introduction of new products, including new products resulting from the MVX separation and the general availability of FaaS 2.0.

Based on several factors and the changes we saw during the second quarter, we are lowering our billings and revenue expectations for the second half to account for the new growth outlook. While much of this is interrelated, I will hit on the key changes to our outlook. First, we are not banking on a ship in the threat landscape, and assume that what we have seen for the first half of 2016 is the new reality in terms of the breach environment. This has an impact across many of our offerings, especially professional services and the related tech fees.

Second, although our pipelines entering the third quarter are still solid and consistent with the pipeline entering the second quarter, we have not yet seen a traditional second half uplift in pipeline, especially related to our expansion into different market segments and products.

We continue to do well in our core enterprise market, which is reflected in the fundamental strength evident in the second quarter, and this is reflected in our revised guidance. Additionally, we now expect the year-over-year billings and revenue declines in our product or clients' business to continue as customers increasingly opt for cloud-based and cloud-ready security solutions. Since both product and professional services billings are primarily recognized in period, these factors have an immediate impact on both billings and revenue.

Third, we are taking a conservative view on the adoption of the new products associated with the MVX separation. The beta program for MVX separation are going well. And we've built a pipeline of large enterprise customers, but we need to finish these betas to make sure that these opportunities solidify as we go into the fourth quarter. I also believe that the new cloud product will be a significant opportunity for incremental growth in the midmarket. We recognized it will take time to climb the adoption curve with midmarket customers and have taken this into account in our guidance.

Finally, the changes we're making in our sales leadership, as well as the restructuring of our operations are likely to have an impact on morale and sales productivity. While there may be short-term challenges, I believe, these changes are absolutely necessary to reinvigorate our growth and keep us on the path to profitability. We are taking steps to energize the team and minimize the impact, but these changes will likely have an impact on our top line performance in the next couple of quarters. Mainly because of these factors, our revised guidance now assumes billings will be basically flat for the second half of 2015. Okay.

With that said, let's turn to our third quarter guidance and updated outlook for 2016. For the third quarter, we now expect billings of $200 million to $215 million for a midpoint of $207.5 million. We expect revenue of $180 million to $186 million. This guidance assumes a decline in product billings and product revenue of between 25% and 30% year-over-year and growth in professional services billings and revenue in the low single digit percentages.

We expect to realize some of the cost savings associated with the restructuring in the third quarter and are forecasting total operating expenses, excluding cost of goods sold between $176 million and $178 million. Assuming gross margins approximately flat with Q2 at 72%, this year with an operating margin between negative 25% and negative 27%.

For the full-year 2016, we are reducing our billings guidance to between $835 million and $855 million and our revenue guidance to between $716 million and $728 million. Gross margins are expected to be about 72%, and we expect operating margins between negative 26% and negative 28%, again for the full-year 2016.

Given our Q3 guidance, this implies a Q4 operating margin of between negative 12% and negative 15%, which we expect will keep us on our original path to profitability that we discussed at our Analyst Day. Before concluding, I'd like to spend a couple minutes on our cash flow expectations for the second half of 2016.

The reduction in our billings forecast in the second half of 2016 is expected to equate to a reduction in our previous collections forecast by approximately $100 million, depending mainly on the billings linearity and current in quarter cash collections, especially during the fourth quarter. This is partially offset by our reduced cost forecast for the second half of 2016, but the reductions in billings is a key driver to the lower cash flow forecast.

Given these revised billings, collections and cost expectations, we are now looking for operating cash flow in the second half of 2016 to be approximately breakeven, before subtracting the cash impact of the restructuring. Excluding the restructuring charge, we expect third quarter operating cash flow to be in the range of negative $15 million to negative $20 million, and the fourth quarter in the same range on the positive side, so positive $15 million to $20 million. We have included in the guidance section of our quarterly presentation a detailed reconciliation of the changes to our cash flow guidance. It also includes a detailed listing of one-time items we expect for 2016, which is very important as you model 2017 cash flow.

We still expect capital expenditures to be approximately $35 million for the full year. The revised cash flow outlook illustrates the importance for us to realign our expense base, to not only remain on our path to profitability but also to be able to be self-funding and generate sustainable cash flow in the future.

Before moving on to questions, I do want to reiterative a few points and also comment about our current views on the business going into 2017. We have adjusted our outlook for the second half to reflect a lower growth profile, but also to try and to take into account some of the uncertainty that inevitably comes with a larger restructuring and changes in sales management. Importantly, we firmly expect, we will be able to reinvigorate billings growth during 2017, as we get through this restructuring and focus on our product initiatives.

As I mentioned earlier, we are very excited about our new products. And as we get more focused on our growth engines, we believe this will help drive growth next year. And we are still targeting non-GAAP profitability by the end of 2017, and expect to generate positive free cash flow in 2017 as well.

While the revised billing and revenue outlook for 2016 is not what we were expecting when we started the year and updated on our call in May, we believe the steps we've taken to focus our investments and extend our platform will ultimately reinvigorate our growth and drive shareholder value. With a large market opportunity in front of us and core advantages in detection, intelligence, and security expertise, I believe we are well-positioned to lead our customers and our industry to a more effective model of security.

This concludes my prepared remarks. Candice, we are now ready for questions.

Question-and-Answer Session

Operator

Thank you. And our first question comes from Karl Keirstead of Deutsche Bank, your line is now open.

Karl E. Keirstead - Deutsche Bank Securities, Inc.

Thanks. First question is for Kevin. Kevin, I just wanted to get a little bit more on the root cause of this miss. You mentioned the smaller breaches, but other players in the security space, Check Point, Palo Alto, Fortinet, several have seen a product appliance rev slowdown, and the fortunes of those companies really aren't tied, I don't think, to breach size. So it feels like something else broader is going on in the enterprise security space, and I was hoping you could add your thoughts.

Kevin R. Mandia - Chief Executive Officer and Board Director

Sure.

Karl E. Keirstead - Deutsche Bank Securities, Inc.

And then my follow-up for Mike is, Mike, I know you don't want to give 2017 guide, but just given that the second half billings growth will be about flat to the prior year, revenue growth is probably going to be about 10%, should we be thinking of something in the order of 10% revenue growth for 2017? Thanks so much.

Kevin R. Mandia - Chief Executive Officer and Board Director

Yes, Karl, this is Kevin. Thank you for that question. When you look at, first Mandiant services is a critical component of our business. It's strategically important. And we want to respond to every breach, because that's how you learn what the bad guys are doing on the Internet, and that's also how you get that trusted advisor status with a lot of customers, when you help them through those tough times. And it does have an impact on our business when the scale and scope of those incidents goes down.

I can't speak for how that influences other organizations, but for us when we're responding to only five compromised machines and the type of breach, it doesn't require a full-court press for remediation, meaning the attackers don't need to reenter. Their breach was about money. They got what they needed. They don't need to maintain access to the victim networks. The remediation drills are simpler.

So for what we do in that arena when we see a smaller scale and scope of breaches, it does impact our tech-enabled services. We don't have to do forensics on thousands and thousands and thousands of machines. Suddenly, we're doing forensics and deep-diving four machines or five machines. We used to have the complexity of answering what happened and what should we do about it as a victim company. That complexity isn't that high in ransomware attacks where it's obvious how you scope it, and what you do about it is sometimes less complex than the tenacious attacks by state-level actors and folks who want to maintain access. So it does have an impact on our product pull-through, and it does have an impact on our services revenue and that impacts our services-led go-to-market motion.

Michael J. Berry - Chief Financial Officer and Chief Operating Officer

Hey, Karl. It's Mike. On your question, yes, you're right, I don't want to guide for 2017, but here is what I would give you for things to think about as you look at your model. So to your point, yes, second half revenue growth rate, right around 8%, and I did talk about that we firmly expect to be able to reinvigorate growth. Couple things to think about there as well. As our revenue becomes more ratable, and a bigger percentage of it is recognized over time, I think that will also help with the consistency and the growth. The big wildcard there, quite frankly, is the product revenue side of it, and at this point, we're guiding call it somewhere around mid-25% drop this year versus last year. Hopefully that will modulate next year, and I do think that the on-prem portion of MVX separation will help. So those are things I give you to think about as you take a look at the model.

Karl E. Keirstead - Deutsche Bank Securities, Inc.

Awesome. Thank you, both.

Kevin R. Mandia - Chief Executive Officer and Board Director

Hey, and, Karl, I was just passed a piece of paper that said I may have misunderstood your question. I think you were asking about the industry-wide slowing in appliance sales. It will be, in my opinion, one of the biggest things as you see that Infrastructure as a Service proliferating and people going to the cloud and having hybrid structures, I think that will have an impact.

Karl E. Keirstead - Deutsche Bank Securities, Inc.

Okay. Thank you, Kevin.

Kevin R. Mandia - Chief Executive Officer and Board Director

Sure.

Kate Patterson - Vice President-Investor Relations

Next question.

Operator

Thank you. And our next question comes from Gur Talpaz of Stifel. Your line is now open.

Gur Talpaz - Stifel, Nicolaus & Co., Inc.

Great. Thank you. So with the EX headwind effectively lifting here after Q2, how should we think about the product billings and the appliance billings going forward here? In the past you talked about maybe improving sequentially from Q2 into Q3. Kind of sounds like they may be getting a little bit worse. So you did talk about NX improving. So, Mike and Kevin, how should we think about the pace of appliance going forward here?

Michael J. Berry - Chief Financial Officer and Chief Operating Officer

Yes. So, Gur, it's Mike. I'll take this and Kevin can jump in. So a couple things on product revenue, and I know this was something new that we added. What we saw in Q2 from a dollar perspective is the largest drop on a year-over-year basis was actually related to the tech fees from the services engagement. So assuming that that stays relatively consistent and that's baked into guidance, for the second half that's going to continue to be a drag.

NX actually had a good quarter in terms of platform billings, so we're excited about that. Endpoint continues to do well, and I think as you look at it, EX we continue to actually sell new EX, absolutely, and the renewals are very important. So, as you look at product revenue, I think you'll see in the second half, we've actually thought – guiding for it to be about 25% or 30%, and that really adds in now the trends we've seen in tech fees. That's the largest contributor to that change. We expect Endpoint to continue to do well; PX, which is our forensics offering, as well; and candidly I think going into next year MVX separation, hopefully, will help because keep in mind the on-prem portion of that does have appliances. And I think the big driver there Gur is going to be how fast does our cloud solution get adopted and do we sell more of that versus appliances and that goes to Kevin's earlier answer in terms of the movement of the industry.

Kevin R. Mandia - Chief Executive Officer and Board Director

But the key there as to give optionality to the customer, so that if they need on-prem, we can deliver it; if they need cloud, we can deliver it; if they need a hybrid form factor, we can cover both situations. And we're working to do that.

Gur Talpaz - Stifel, Nicolaus & Co., Inc.

That's helpful.

Michael J. Berry - Chief Financial Officer and Chief Operating Officer

Thanks.

Gur Talpaz - Stifel, Nicolaus & Co., Inc.

If you look at subscription billings, product subscription billings, they were actually down sequentially here quarter-on-quarter, not a lot, a small amount. Is that primarily a function of the decline in durations? Is it FireEye as a Service? Can you talk about what's happening there and what gives you confidence that starts to improve a little bit going forward?

Michael J. Berry - Chief Financial Officer and Chief Operating Officer

Yes, absolutely. So, Gur, there's two big drivers to that. So FireEye as a Service, as we talked about, continues to grow; didn't grow as nicely as we wanted to in Q2. So on a sequential basis that was part of it. The biggest driver, though, there was ETP. We had a very large transaction in Q1 that was largely ETP and that really helped drive that product subscription. So you're going to see that jump around a little bit. On the 27-month contract length, it was relatively consistent with last year. Yes, it was down from Q1, but that was really due to that large transaction that I just referred to. We do expect that growth to reinvigorate, if I could use that phrase, as we go into the second half because of FaaS. We do think that the movement to cloud continues, but you're going to get some of that big deal impact, which really drove that sequential drop that you refer to.

Gur Talpaz - Stifel, Nicolaus & Co., Inc.

Okay. Thanks, guys.

Michael J. Berry - Chief Financial Officer and Chief Operating Officer

Thank you.

Operator

Thank you. And our next question comes from Melissa Gorham of Morgan Stanley. Your line is now open.

Melissa A. Gorham - Morgan Stanley & Co. LLC

Great. Thanks for taking my question. I just want to put maybe a finer point on what happened in the quarter. So I'm just wondering if you can maybe talk about exactly what's changed since we last talked three months ago. I know you noted there was maybe a lower level of breach activity driving lower level of incident response, but was there something else like a macro-driven weakness that potentially impacted the quarter or did execution maybe get worse this quarter than what you saw in Q1?

Michael J. Berry - Chief Financial Officer and Chief Operating Officer

Hey, Melissa. It's Mike. So, yes, as we looked at Q2, from an execution perspective, we felt good going into the quarter in terms of where the pipeline was across the different regions. As it turned out, we did have some challenges in some of the groups as we talked about. We expected some really nice growth in FaaS. We still expect that for the full year, but Q2 was a little bit lighter than we had expected. The appliance/product business largely was what we expected. We were very close to that. And really the big impact was as the threat environment changed related to a lot of the breach and incident response. That brought down services revenue significantly and it affected tech fees. That was probably the largest impact.

From a geographical perspective, the U.S. was pretty much what we thought, federal did a little bit better, APJ was pretty much what we thought, EMEA was a little bit lighter than we had expected in the quarter.

Melissa A. Gorham - Morgan Stanley & Co. LLC

Okay. That's helpful. And then if I could just follow up with what you're seeing in terms of a refresh activity. So when the appliances are up for refresh, what are you seeing from your customers? Are they purchasing like the same level of boxes that they had before on the appliance side? Are they upgrading it or potentially downgrading it? And what does that, like, refresh pipeline look like for the rest of the year?

Michael J. Berry - Chief Financial Officer and Chief Operating Officer

Okay. So on refreshes, so we're a little bit different than the other folks, and it's actually an interesting conversation. So when those come up for a refresh, we typically will see them add additional box, as we talked about the cross-sell, upsell opportunity, and the tremendous number of multi-family products that we have. And that typically occurs, Melissa, during the life of that agreement.

Keep in mind that we have a lot of multiyear contracts and those have started to come up. That's why we're really excited about the MVX separation and the ability to expand the usage of the sensors. But we don't really have that – I hate to even use this phrase – that firewall refresh process. When they have those appliances, they're still fine. They will upgrade if they need more capacity, more throughput, they'll typically buy a bigger box. But it's not a big driver of growth. The bigger driver of growth is us adding subscriptions and intelligence and services on top of those implementations.

Melissa A. Gorham - Morgan Stanley & Co. LLC

Okay. Got it. Thank you.

Operator

Thank you. And our next question comes from Jonathan Ho of William Blair. Your line is now open.

Jonathan F. Ho - William Blair & Co. LLC

Good afternoon. Just wanted to start out with some of the changes in sales management that you guys are implementing and maybe where you see opportunity for the sales management to have an impact on results.

Kevin R. Mandia - Chief Executive Officer and Board Director

This is Kevin speaking. I think first off, we've got a lot of new products coming to market. It was a good time for me to make a change. I believe FaaS is coming to market now. We've got to get our muscle memory around how to move that into the market better, grow the pipe better. MVX separation is entering the market in the very near term. I want to see the same expected execution and results. Endpoint is changing. We're adding features and expanding that platform rapidly. So I feel I want a team that is ready to get this go-to-market simplified, and I want to operate more efficiently.

I actually believe, with some of the recalibration that we have in front of us, there's a lot of positives for the sales force that we have there. We should see more efficiency. We will see an expansion of account ownership by our unique account reps on the front line. This provides them an opportunity to grow our business as they get from maybe 40 accounts to 45 accounts or from 20 accounts to 27 accounts. So these are the changes I want to do as I am focused on balanced growth and profitability.

Jonathan F. Ho - William Blair & Co. LLC

Got it. And then just talking a little bit about the guidance that you gave. What gives you the confidence that you've now set the guidance conservatively enough. And what are some of the puts and takes that could maybe cause results to be better or worse than your expectations?

Kevin R. Mandia - Chief Executive Officer and Board Director

Hey, Jonathan. It's Mike. So let me just back up for a second in this – for everybody on the call just to level set where we are. When we entered the year, we were we grew billings in Q4 at about 21%. We expected about 20% organic growth in billing plus iSIGHT. We grew at 23% in Q1. We felt good going into Q2 and 90 days made a big difference and we grew billings about 10%.

As we looked at the second half, we spent a lot of time looking at our pipeline, where it was in different stages, talking with our sales management team, our product teams, our data analytics team, which does tremendous work for us, to try to model what we thought the second half looked like. Candidly, we're coming out with about 10% growth on Q2. We tried to be prudent and estimate what we thought the impact of the restructuring and change of sales management would be. And we also did, call it, decrease the product revenue or increase that percentage drop, because as we look at the second half, Q3 is a big Fed quarter and those are big deals.

We didn't want to take a big risk on those. Q4 is typically a nice product quarter, so we tried to be a little bit conservative there. So that's everything that kind of baked into the guidance. Again, we're going to set it to be more prudent, try to estimate the distraction factor, but at the end of the day, this is where we feel the best in terms of setting the level of growth. And again, we think it's a temporary growth in terms of being flat, and we do expect to reinvigorate that as we roll into 2017.

Jonathan F. Ho - William Blair & Co. LLC

Great. Thank you.

Kevin R. Mandia - Chief Executive Officer and Board Director

Thank you.

Operator

Thank you. And our next question comes from John Lucia of JMP Securities. Your line is now open.

John A. Lucia - JMP Securities LLC

Hey, guys. Thanks for taking my questions. Kevin, you said customers are opting for good enough versus best-of-breed because of the scale and scope of breaches has reduced. Does that suggest there is an opportunity for vendors with good enough lower-price solutions to take share from best-of-breed or – just want to get some color there? And then how long do you expect the threat landscape to be at these levels?

Kevin R. Mandia - Chief Executive Officer and Board Director

So, threat landscape, we're always going to be on top of that one with our iSIGHT capability and that asset with, I call that, the human intelligence gathering aspect of our business in response, but I cannot predict that. And then my exact comment is some folks are actually looking at instead of best-of-breed, what I'd call, good enough. And the bottom line is if you want great protection and you're security-conscious, you do the right things for what your risk profile is. And I may have missed part of your question, John. I felt like there was a third thing there.

Kate Patterson - Vice President-Investor Relations

Taking share (53:03) opportunity for good enough...

Kevin R. Mandia - Chief Executive Officer and Board Director

Absolutely. That's why we're doing MVX separation. We feel that we can take, what I think, is the best threat detection and we can bring it to customers. When we do the MVX separation, we can bring it down to, call it, the customers that have more of a price sensitivity. So we want to meet that head on and we're doing that. That's why we're going to open up that market.

John A. Lucia - JMP Securities LLC

Are you seeing a different pricing environment than you've seen in the past?

Kevin R. Mandia - Chief Executive Officer and Board Director

What's your thoughts on that, Mike?

Michael J. Berry - Chief Financial Officer and Chief Operating Officer

I think in the enterprise market, John, we really haven't seen much of a change. When you're dealing with larger enterprises, that's what you deal with and then you get to talk to purchasing, and we need CFOs like myself and that has not changed. So I think that pricing pressure in that has been relatively consistent.

To Kevin's point, again, we think that that kind of just good enough is something you see in that mid-market. We're excited about being able to offer those solutions and be able to really disrupt that as well as we go into next year.

John A. Lucia - JMP Securities LLC

Okay. And then are you guys seeing a shift in terms of the types of security technologies that are gaining wallet share due to this changing threat landscape? Maybe a year ago you were seeing good demand for APT security and things like sandboxing. But now are you seeing more demand for other types of security technologies like next-gen Endpoint and cloud solutions like CASB, I would just be curious to get your thoughts on how budgets are shifting between the different types of technologies.

Kevin R. Mandia - Chief Executive Officer and Board Director

Yes, this is Kevin speaking. Yes, I think that there's always trends in security, first off, right. And those trends change over time and evolve. I think that there's a trend on the Endpoint. I think there's a need to detect what antivirus misses. The signature-based legacy technologies of the past haven't been sufficient. Everybody knows that, including the AV companies, it seems. And so people are looking for new Endpoint protection. So I think that's one. And I think, obviously, with the CASB market, it's important as people migrate to the cloud that there's security built into those migrations. We've assisted and advised companies that are doing those sort of things. And sometimes, it's pretty complex, depending on your infrastructure, your industry, your risk profile, to migrate from on-prem to the cloud. So you can see CASB.

And I've always felt, when I look at the industry as well, identity. You look at identity on-prem, identity off-prem, how do you track employees, what they're accessing, when they're accessing it. And then I think there'll always be a need for what we do. This threat detection and response. You can see that as something where – the bigger difference there is people don't know what alerts matter. And even when they know an alert matters, they don't know what to do about it. Is it the guys in St. Petersburg hacking me and they're after credit card data? Is it somebody from a nation-state? And you don't know how to sign your resources.

And I think another whitespace is, I call it the orchestration space. I think that there's a whole generation of software that came out that said, 'We'll help you manage your alerts and your security operations. We'll help you go from 4 billion events a day down to here's a couple of hundred based on analytics and correlation rules and all of these things.' But what's next? You've got to fix the problem. And that's what I think is the orchestration thing where you can take the alerts that matter and build an infrastructure where you can go from an alert that matters to orchestrating a countermeasure, perhaps, even without human intervention, and defend your network at network speed. So those are just some of my thoughts on. When I talk to CISOs, and I get to meet a lot of them, that's sort of the things they're thinking.

John A. Lucia - JMP Securities LLC

Okay. Thank you.

Kevin R. Mandia - Chief Executive Officer and Board Director

Thank you, John.

Operator

Thank you. And our next question comes from Shaul Eyal of Oppenheimer. Your line is now open.

Kevin R. Mandia - Chief Executive Officer and Board Director

Hey, Shaul, are you there?

Kate Patterson - Vice President-Investor Relations

Next question?

Operator

And our next question comes from Walter Pritchard of Citi. Your line is now open.

Walter H. Pritchard - Citigroup Global Markets, Inc. (Broker)

Hi. Thanks. So, Kevin, I think you talked quite a bit some of the product things that make you optimistic. You can sell into the guys in mid-market with MVX separation...

Kevin R. Mandia - Chief Executive Officer and Board Director

Right.

Walter H. Pritchard - Citigroup Global Markets, Inc. (Broker)

...and with FireEye as a Service. Can you talk about from a sales and go-to-market perspective, how do you feel about your channel strategy, your sales organization and some of the things on that end that will enable you to get into that part of the market?

Kevin R. Mandia - Chief Executive Officer and Board Director

Yes, I think the products and the price points are going to help the most, Walter. I think that when you look at MVX separation and it's cost to us, we can offer our great threat prevention and threat detection, at that point, at a price point that I think will open that market for us. So we've got to make sure we do the appropriate training, and we've got to make sure that our channel and resellers are framed to move that to that cloud version where we have the MVX sensor separated, means we can get the sensor out to people and have the brains via subscription in the cloud. I think that is a powerful model, and I think that helps. So it's that price sensitivity and the ease of deployment. It just gets easier to deploy it. So I'm very bullish on that helping us in the channel.

I also think Endpoint. If we get that real-time threat detection. Now we have some realtime threat detection capability now, but we have improvements to make there, and we're working hard at them. But I think Endpoint, with the market right now, that's also a very channel-friendly type of product. And FaaS, we're making real changes to FireEye as a Service that are available today that I think open up new markets. And particularly, I think it's a big deal that we've opened it up to third-party alerts. We can now apply our threat intelligence and knowledge not just to our high-fidelity alerts that come in to FireEye as a Service, but we can look at the alerts from other devices and other vendors and help our customers prioritize which ones matter and help them go through the process of going from alert to fix. I think that opens up markets we have not been in, in the past as well.

Walter H. Pritchard - Citigroup Global Markets, Inc. (Broker)

And then, Mike, just on your end, I think you were pretty clear on the guidance for Q3. As we look at the $80 million run rate, is there a head count number associated with that? And as we think about 2017, does part of that $80 million start to come back in terms of hiring? Or should we think of $80 million as actually potentially a net reduction in OpEx as maybe anniversary those or, I guess, before you anniversary those cuts in restructuring?

Michael J. Berry - Chief Financial Officer and Chief Operating Officer

Yes, Walter, great question. So on that, we'll certainly look at all infrastructure cost, we'll look at all of discretionary expenses, but unfortunately we do expect this to probably affect 300 employees to 400 employees. As I talked about, it's a reduction of about 9% of our, call it, controllable costs. We will try to go after as much as we can non-head count, but, yes, we do expect it to probably be about that level.

And then as we go into next year, here's what I would tell you is I expect to bank all of that savings. If you look at your 2017 model, it's important for us to be able to have that savings as we go into the end of the year, not only for profitability, but very importantly for cash. So if the growth is higher than we expect, then some of that will come back. If the growth isn't, then it won't, quite simply.

Walter H. Pritchard - Citigroup Global Markets, Inc. (Broker)

Okay, great. Thank you. That's clear.

Michael J. Berry - Chief Financial Officer and Chief Operating Officer

Thank you.

Kevin R. Mandia - Chief Executive Officer and Board Director

Thank you.

Operator

Thank you. And our next question comes from Michael Turits of Raymond James. Your line is now open.

Michael J. Berry - Chief Financial Officer and Chief Operating Officer

Hey, Michael, are you there?

Operator

Michael, please check your mute button.

Kate Patterson - Vice President-Investor Relations

Next please.

Operator

And our next question comes from Gabriela Borges of Goldman Sachs. Your line is now open.

Chelsea Jurman - Goldman Sachs & Co.

Hi. This is Chelsea on for Gabriela. Thanks for taking the question. You talked a bunch about restructuring, and can you just give a little more detail about what are the different buckets that you expect to be taking out of and what are some of the redundant areas where you think you can find the costs or head count reduction?

Michael J. Berry - Chief Financial Officer and Chief Operating Officer

Sure. So Chelsea, this is Mike. So in the prepared script, I did talk about we're still working through it. So I don't want to go into too much detail until we finalize. But in general, I will rewind back to what we talked about at Analyst Day and as we look at our cost structure. For all the right reasons, we as a company, we're growing very quickly. We invested to support that growth, and that investment happened in our geographical expansion, our expansion in sales, marketing, G&A, R&D, everywhere. We have a lot of products that we need to support. And as we look at the future, we want to become more focused. We'll look candidly at all of our costs, but I don't want to go into details now until we finalize it, other than to say as a management team, everybody is fully onboard. We're very engaged, feel very good about being able to get the $80 million, and I'll update you, Chelsea, on the Q3 call in terms of where that comes out specifically.

Chelsea Jurman - Goldman Sachs & Co.

Got it. And then, as a follow-up, you mentioned that FireEye as a Service is coming in a little bit weaker than you'd been expecting. And so can you give a little more detail about which customers are taking these or if you have any insight into why it has come in weaker?

Kevin R. Mandia - Chief Executive Officer and Board Director

Yes. This is Kevin speaking. I think that we had about four or five renewals in Q2 that we didn't get that based on what I would call the legacy Mandiant managed defense, and I think that one of the biggest factors was, and what I've heard from our customers, buyers and people in the marketplace, is that they wanted us to take third-party alerts into FireEye as a Service, and we just started doing that. I think that with the addition of that feature and capability, it was very important and it increases our relevance. So I think that we listened, we heard what the market wants. They've spoken, and we've adapted. So we have the capability that they were asking for now.

Chelsea Jurman - Goldman Sachs & Co.

Great. Thank you.

Michael J. Berry - Chief Financial Officer and Chief Operating Officer

Thank you.

Operator

Thank you. And our next question comes from Ken Talanian of Evercore. Your line is now open.

Ken Talanian - Evercore Group LLC

Hi, guys. Thanks for taking my question, and apologies if you already addressed this in the call. I've been hopping between calls. I guess this question is for Mike. Mike, you've had a focus on cost since you arrived, and on a few occasions you've mentioned the parts of FireEye are operating in silos. When you think about where you are with cost, the introduction of a restructuring program, where do you think you are in regards to building out really the cost-sensitive processes and changing the culture within the organization to think with that in mind?

Michael J. Berry - Chief Financial Officer and Chief Operating Officer

Ken. So that's a great question. So my answer to that would be that one of the things that really impressed me when I came to FireEye, and still does today, is all of our employees are very conscious of how we perform and in terms of how the investors in turn respond to that performance, and they understand we need to be a profitable company and generate cash flow. So as we look at it, I think from that I think the awareness is very high. It obviously entails some tough decisions, which all of us look at it. It's not easy personally.

So I think from a culture perspective, we're making great progress. I think as we look at our cost structure, as we go through 2017, you're going to see us continue to focus on areas where we can really combine what we have done in the past, and this is really from an acquisition. So, for instance, iSIGHT, Mandiant, FaaS, there's a lot of common back-office processes and departments within that group.

Within R&D, we have what we call virtual business units. There's a lot of the same processes and infrastructure build. Wonderful people, doing all the right things, but when we're chasing growth, it was absolutely the way to do it. So, as we go forward and as we really focus, I think that's where you're going to see it, and I think that the efficiencies are going to be our ability to leverage growth more than continue to cut, so that as we grow, we don't need to invest like we did in the past. Did that answer your question?

Ken Talanian - Evercore Group LLC

That does. And if I may follow up. When we think about the productivity levels for FireEye as a Service, I think when you first talked about that service, you said that you could maybe service 25 customers with one threat analyst or something along those lines. What do those productivity levels look like today and where do you think you can go with that?

Michael J. Berry - Chief Financial Officer and Chief Operating Officer

Yes, so let me answer that question. I'm not going to go to the 1-to-25, but let me talk at a little bit of higher level. As we have introduced FaaS 2.0, especially going to market with TAP, which is our SIM, and we've been able to model out the cost structure. The original things that we talked about in terms of our efficiency when we were at Analyst Day, we feel even better about today for a couple reasons: one is, the team is really using automation much more effectively. Between TAP and orchestration, it enables us really to, as you said, the 1-to-25 to have that be even more.

In addition, the amount of time it takes for us to hunt and search and work with them has come down significantly and will in the future, as we use better technology. So, I would tell you that I'm even more excited now about FaaS being able to drive the gross margin line, as we grow that business. And I'll say it bluntly, I think we can be much more cost effective now because of the efficiencies that team has driven as we go forward in the future.

Ken Talanian - Evercore Group LLC

Great. Thanks very much.

Michael J. Berry - Chief Financial Officer and Chief Operating Officer

You bet.

Kate Patterson - Vice President-Investor Relations

I think we have time for one more question please.

Operator

Thank you. And our final question comes from the line of Brent Thill of UBS. Your line is now open.

Brent Thill - UBS Securities LLC

Thanks, Kevin. Just on the sales leadership changes, I'm just curious if you could further go down that road and talk through with what you'd like to do here with what needs to be done, how long it's going to take to settle those changes in?

Kevin R. Mandia - Chief Executive Officer and Board Director

Well, I've got candidates in mind, I've got people I'm going to talk to and we're going to vet hard to do that. We've got a transition plan. We're going to stay focused on as we forward. But I'm very homed in to make sure we simplify our go-to-market plan.

Brent Thill - UBS Securities LLC

Okay.

Kevin R. Mandia - Chief Executive Officer and Board Director

Yeah. And then I could expound – go ahead next.

Brent Thill - UBS Securities LLC

No, I didn't want to – please continue.

Kevin R. Mandia - Chief Executive Officer and Board Director

That's all right.

Brent Thill - UBS Securities LLC

And just secondarily on EMEA, you were, I believe, flat sequentially. Is that more go-to-market related or is there something competitively that's going on?

Michael J. Berry - Chief Financial Officer and Chief Operating Officer

Hey, Brent, it's Mike. A couple of things too, I would add to the wholesale thing. So, Travis Reese, the new name, President as well. He's really jumping and he is really a big part of that integration plan with Kevin or that transition plan on sales, so we feel good about that piece. And then looking at EMEA, I mean, candidly they had a pretty tough grow over, they did some big – bit larger transactions last year in Q2. I don't think it's so much of a marketplace issue, as us just being able to make sure that we're getting those leads, we're inspecting them, and we're bringing them to closure. From a pipeline perspective, we felt good going into Q2 and we got to the end and didn't perform quite as well as we would like, that happens but we are not worried about EMEA geographically or on a macro.

Brent Thill - UBS Securities LLC

Okay. Thank you.

Michael J. Berry - Chief Financial Officer and Chief Operating Officer

Thank you.

Kate Patterson - Vice President-Investor Relations

I think that's it. Thank you very much. We'll turn back to Kevin.

Kevin R. Mandia - Chief Executive Officer and Board Director

Yeah, I have some closing remarks I'd like to say. I've met over the years hundreds of customers since joining FireEye, and I've heard over-and-over again that they depend and rely on our ability to detect the advanced threats and to provide context about the motivation and technical capability of the attackers at a level that I don't think any other security provider can do. We are a trusted advisor to the strongest brands in the world and this is not a role that we take lightly.

We're committed to leveraging our advantages, and I have the right three new initiatives. I've spent the last 20 years in security. I've gotten on the front lines. I've met the (1:10:12), I've met the buyers, I've walked through security operation centers. And with the initiatives we have, with FaaS looking at all alerts now, and applying our analytics and our intelligence to it, that is a great offering.

With MVX separation with Endpoint, I'm very confident that these initiatives are the right ones and we're delivering the next-generation capabilities in these services over the next few quarters, so it's coming now. I want to say that we will always protect our existing customers, while expanding our technology to a much broader base. We want to open up additional addressable markets and that's our focus. And I'll end with the two things that I'm focused on as CEO here. One of the business themes is I'm really focused on balanced and profitable growth. We had said at an analyst meeting before, you have to build the platform, then you expand the platform, and then you focus on balanced and profitable growth, and I want to do that.

And I'll end with my vision theme that this company will provide on-premise, hybrid and cloud-based security platforms that defends our customers from attacks with the best threat intelligence in the world. That's what we set out to do. I'm very thankful for the great employees of FireEye that help me on this mission. Thank you everyone.

Michael J. Berry - Chief Financial Officer and Chief Operating Officer

Thank you.

Operator

Ladies and gentlemen, thank you for participating in today's conference. This does conclude the program, and you may all disconnect. Have a great day, everyone.

Copyright policy: All transcripts on this site are the copyright of Seeking Alpha. However, we view them as an important resource for bloggers and journalists, and are excited to contribute to the democratization of financial information on the Internet. (Until now investors have had to pay thousands of dollars in subscription fees for transcripts.) So our reproduction policy is as follows: You may quote up to 400 words of any transcript on the condition that you attribute the transcript to Seeking Alpha and either link to the original transcript or to www.SeekingAlpha.com. All other use is prohibited.

THE INFORMATION CONTAINED HERE IS A TEXTUAL REPRESENTATION OF THE APPLICABLE COMPANY'S CONFERENCE CALL, CONFERENCE PRESENTATION OR OTHER AUDIO PRESENTATION, AND WHILE EFFORTS ARE MADE TO PROVIDE AN ACCURATE TRANSCRIPTION, THERE MAY BE MATERIAL ERRORS, OMISSIONS, OR INACCURACIES IN THE REPORTING OF THE SUBSTANCE OF THE AUDIO PRESENTATIONS. IN NO WAY DOES SEEKING ALPHA ASSUME ANY RESPONSIBILITY FOR ANY INVESTMENT OR OTHER DECISIONS MADE BASED UPON THE INFORMATION PROVIDED ON THIS WEB SITE OR IN ANY TRANSCRIPT. USERS ARE ADVISED TO REVIEW THE APPLICABLE COMPANY'S AUDIO PRESENTATION ITSELF AND THE APPLICABLE COMPANY'S SEC FILINGS BEFORE MAKING ANY INVESTMENT OR OTHER DECISIONS.

If you have any additional questions about our online transcripts, please contact us at: transcripts@seekingalpha.com. Thank you!