Transcripts

FireEye (FEYE) Q2 2018 Results - Earnings Call Transcript

Aug. 01, 2018 10:06 PM ETAlphabet Inc. (GOOG)

SA Transcripts

137.99K Followers

FireEye, Inc. (FEYE) Q2 2018 Earnings Call August 1, 2018 5:00 PM ET

Executives

Kate Patterson - FireEye, Inc.

Kevin R. Mandia - FireEye, Inc.

William T. Robbins - FireEye, Inc.

Frank E. Verdecanna - FireEye, Inc.

Analysts

Andrew James Nowinski - Piper Jaffray & Co.

Anne M. Meisner - Susquehanna Financial Group LLLP

Gur Yehudah Talpaz - Stifel, Nicolaus & Co., Inc.

Melissa Franchi - Morgan Stanley & Co. LLC

Eric Heath - Raymond James & Associates, Inc.

Gregg Moskowitz - Cowen and Company

Saket Kalia - Barclays Capital, Inc.

Walter H. Pritchard - Citigroup Global Markets, Inc.

Gabriela Borges - Goldman Sachs & Co. LLC

Operator

Good day, everyone, and welcome to the FireEye Second Quarter 2018 Earning Results Conference Call. At this time, all participants are in a listen-only mode.

Later, we will conduct a question-and-answer session and instructions will follow at that time. Also, this call is being recorded.

With us today from the company is Chief Executive Officer, Kevin Mandia; Bill Robbins, Executive Vice President, Worldwide Sales; Chief Financial Officer and Chief Accounting Officer, Frank Verdecanna; and Vice-President of Investor Relations, Kate Patterson.

At this time, I would like to turn the call over to Kate Patterson. Please go ahead.

Kate Patterson - FireEye, Inc.

Thank you, Sandra, and thank you all for joining us this afternoon on the call to discuss FireEye's financial results for the second quarter of 2018. This call is being broadcast live over the Internet and can be accessed on the Investor Relations section of FireEye's website at investors.fireeye.com.

With me on today's call are Kevin Mandia, Bill Robbins, and Frank Verdecanna. After the market closed today, we issued a press release announcing the results for the second quarter of 2018.

Before we begin, let me remind you that FireEye's management will make forward-looking statements during the course of this call including statements relating to FireEye's guidance and expectation for certain financial results and metrics; FireEye's priorities, initiatives, plans, and investments; drivers, and expectations for growth; the expansion of FireEye's platform and the benefits, capabilities, and the availability of new and enhanced offerings; competitive position, market opportunities and go-to-market strategies.

These forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control which could cause actual results to differ materially from those anticipated by these statements. These forward-looking statements apply as of today, and you should not rely on them as representing our views in the future. And we undertake no obligation to update these statements after the call.

For a detailed description of the risks and uncertainties, please refer to our SEC filings as well as our earnings release posted an hour ago. Copies of these documents may be obtained from the SEC or by visiting the Investor Relations section of the website.

Additionally, certain non-GAAP financial measures will be discussed on this call. We've provided reconciliations on these non-GAAP financial measures for the most directly comparable GAAP financial measures in the Investor Relations section of the website and in the earnings release. We'd also like to remind you that the results included in the call and the earnings release are using the ASC 606, the newly adopted revenue standard. Finally, I'd like to point out that we have posted the supplemental slides and financial statements on the Investor Relations section of the website.

With that, I'll turn the call over to Kevin.

Kevin R. Mandia - FireEye, Inc.

Thank you, Kate, and thank you to everyone joining us on this call today. We appreciate your continued interest and support.

We did what we said we would do in the second quarter: meeting or exceeding our guidance ranges for billings, revenue, operating income, operating cash flow, and earnings per share. I'm proud of the progress we have made over the last two years.

We have over 3,000 people at FireEye focused on a common mission, vision, and roadmap. We continue to innovate our Email Security, Network Security, and Endpoint Security solutions and we are laying the foundation for how customers will purchase and deploy security in the future with our Helix platform.

With the introduction of virtual and cloud versions of our products, we have transitioned from an appliance-centric product offering to a model based primarily on recurring subscription and support. We have progressed from our origins as a network security spoke vendor to a comprehensive security company.

And finally, we executed with intentionality to go from losing more than $120 million in the first half of 2016 to near breakeven and generating positive cash flow in the first half of 2018. We have made tremendous strides improving productivity and efficiency of FireEye. And I believe we are on a path to sustainable growth and increased profitability and cash flow.

Now, in my remarks today, I want to focus on three topics. First, I want to provide a few highlights of our second quarter performance. Then I want to discuss some examples of our unique innovation at work, and last, I want to point out several recent innovations across our portfolio. Following that, Bill Robbins, our Executive Vice President and FireEye's leader of Worldwide Sales, will provide an update on how our simplified go-to-market strategy is driving growth. And then Frank will take you through the details of our financial results and our guidance for the rest of the year.

So let's first discuss highlights from the quarter. We exceeded our billings guidance with 13% year-over-year growth. We did this by posting year-over-year growth in every single geography and every product family. We added 274 new customers, which is a growth rate of nearly 24% over the second quarter of 2017. We added over 75 new customers to our Helix platform. We saw a record quarter for our Mandiant services revenue, in part because we made great progress internationalizing our Mandiant services business. In the second quarter, over one-third of our services business was from international sources.

In the second quarter, we also continued to train security experts. In fact, we are on track to perform over 40% more training classes in 2018 than last year, and these classes are not just product training but more than 20 different instructor-led courses covering infinite response and forensics, malware analysis from beginner to expert, and cyber threat intelligence analysis. We train intelligence officers, law enforcement personnel, and security practitioners from around the world. We believe training the experts is good business as it leads to more entrenched relationships with the security practitioners that are shaping our industry.

Our threat intelligence team continued to provide high quality intelligence products and services. In the second quarter, our customers leveraged over 6,600 threat intelligence reports during the quarter, providing critical insights into threat activity around the world. We also did 37 deals greater than $1 million in the quarter. 95% of these deals included more than one product, and approximately half included four or more product families from FireEye. I believe these customers are recognizing the value of our integrated security platform.

And finally, we achieved non-GAAP positive operating and net income for the first time other than in a fourth quarter. We also achieved non-GAAP positive operating and free cash flow on a rolling four quarter basis.

In addition to focusing on efficiently running our business and executing against our growth objectives, FireEye has been and is laser-focused on innovating. FireEye's competitive advantage is our innovation cycle. It is how our work on the frontlines collecting threat intelligence and responding to cyber attacks around the world improves our products. We are the investigators called in when the processes, people, and technology fail to prevent a security breach or incident. During these investigations, we pore through all the data to determine what happened and how to address the issues. We find the gaps in the security fabric and we find the needle in the haystack. This is why law enforcement agencies, intelligence organizations, government agencies, and some of the most mature security organizations in the world have our analysts side by side in their security operation centers. This is a powerful endorsement of our expertise and our threat intelligence.

And our innovation cycle contributes to how FireEye detects what other security solutions miss. During the second quarter, FireEye's Email Security detected over 6 million spear phishing attacks and FireEye's Network Security products alerted over 29 million times, specifically defending over 1 million unique endpoints from advanced attacks.

And let me make one point very clear. Nearly every one of our products is deployed behind another vendor's firewall or security email gateway or endpoint antivirus, which means virtually everything we catch has evaded and bypassed these other defenses. I believe this matters to security-conscious organizations that are most aware of the impact and consequences that accompany a security breach. This fact is why I believe FireEye provides a vital layer of defense that is indispensable to security-conscious organizations.

And our innovation cycle also helps FireEye advance our cloud security capabilities. Many of our incident investigations include resources hosted in cloud environments, so we continue to add features to Helix that provide out-of-the box integration with leading cloud infrastructure as a service, platform as a service, and software as a service platforms such as AWS, Azure, Office 365, Dropbox, and Salesforce.

As an example, earlier this year, we responded to a breach where the CEO's email credentials had been stolen and his Office 365 account was compromised by an unauthorized intruder. Using expertise and threat intelligence embedded in our solutions, we were able to determine how the breach occurred and what the intruder did once he gained access. Office 365 is rapidly becoming a new attack surface for cyber crime, and the capability to detect unauthorized attempts to access cloud-based email is built into Helix.

I would like to now discuss some recent innovations in our Email, Endpoint, and Helix production or products. In Email, we are simply catching way too many spear-phishing emails to back-off our continued investment in our Email Security business.

As many of our customers migrate from on-premise email to cloud providers, we have developed a very fitting and effective way to manage the risks. As an example, we have done a lot of work to make sure our Email Security products work seamlessly with Microsoft's Office 365. With this interoperability sitting in line with the Office 365, we can protect our customers' cloud email. Early indications are that we are very effective at augmenting Office 365 security, and I believe our work here further bolsters FireEye's position as an important line of defense.

In FireEye's Endpoint, FireEye has more than 15 million licensed Endpoint agents worldwide and over 1,100 Endpoint customers. Although FireEye's Endpoint Security was originally developed to investigate security incidents, today, our Endpoint includes antivirus prevention, exploit prevention, and now a powerful machine learning malware classification engine we call MalwareGuard which we announced yesterday.

So what makes our machine learning models different? Machine learning is only as good as the data set used to train the models. In addition to publicly available data, FireEye has developed our models with private data from our incident response efforts, our global network of thousands of sensors that detect new attacks and new malware and our threat intelligence capability. In short, we believe we have the best data to train the models and better data equates to more effective machine learning models. To date, the effectiveness of MalwareGuard's detection supports this premise.

With all these protection features in a single Endpoint agent as well as investigative and forensic features, our offering can be the only Endpoint Security agent our customers need to prevent, detect, and respond to security incidents.

In Helix, as good as our spoke products continue to get, they will be even better when deployed with Helix. Our vision is that Helix becomes the security operations platform in the future, embedding FireEye intelligence and expertise as well as the expertise of our customers and our partners. Therefore, we know that an open extensible FireEye platform centered around Helix is critical if we are going to lead the next generation Security Operations Center. And to this end, we are launching the FireEye Market as a single source for all the tools, apps, and add-ons we develop as well as those of our customers to augment security operations.

The first version of the FireEye Market will be available in the second half of 2018 featuring dozens of custom applications. Later in 2018, our orchestration playbooks will also become available through the Market, and we plan to open the Market to third-party content from partners and customers in early 2019.

And we also continue to make progress to offer our Expertise On-Demand program where our customers will be able to have instant access to experts whenever needed. In the future, this access will be a quick or a touch away in the Helix platform so we can augment our customers with malware analysis, or an intel briefing, or a forensic investigation, or security experts as they see fit at the time they need them.

To summarize before I turn the call over to Bill and Frank, I believe we have built a competitive advantage due to combination of our technology, threat intelligence, and frontline expertise, which drives a continuous cycle of innovation at FireEye. This keeps our products relevant and allows us to adapt rapidly in response to new threats. We have returned to growth, we have improved our execution, and we continue to innovate.

I would now like to turn the call over to Bill to update you on the progress we have made simplifying our portfolio, our messaging, and our pricing. Bill?

William T. Robbins - FireEye, Inc.

Thank you, Kevin, and good afternoon, everyone. It is my pleasure to be able to join the call today to give you an update on the progress we have made against the goals we outlined at Analyst Day.

As noted in our press release and in Kevin's comments, we delivered strong results across the board in Q2. This was the sixth consecutive quarter that we performed at or above our guidance ranges, and I'm pleased that this was, in part, driven by improved sales execution combined with a simplified go-to-market strategy, a revamped pricing model, and increased partner engagement.

I'm proud of the effort and commitment shown across the FireEye sales team as we've transformed our sales organization, and I am also very appreciative of the collaboration and commitment we've seen in our work with our valued channel partners across the globe. By focusing on the fundamentals, meeting commitments, improving productivity, building trusted advisor relationships with our customers, we have transformed our sales team into a high-performing organization with a winning mindset.

The results are reflected in our strong Q2 metrics. To note, all five revenue regions: Americas, EMEA, APAC, Japan, and U.S. public sector, delivered strong year-over-year billings growth and met or exceeded our forecast. Furthermore, performance was equally strong one layer down where almost all sub-regions also met or exceeded our expectations. New customer adds accelerated for the first time in more than two years, and we are well on our way to exceeding our stated goal of adding more than 1,000 new customers in 2018.

We also saw transaction velocity continue to increase and our partner-led business was an at all-time high, achieving our target mix of one-third or 33% of our non-services business. At Analyst Day, I informed you that I had challenged our sales team to exceed the billings guidance range Frank gave. We achieved that in both Q1 and Q2 and we've already raised the full year bar twice. I am very proud of the accomplishments of this team.

Looking back over the past year and a half, I believe that there have been three critical go-to-market initiatives that combined with the innovations we've introduced into our products and services are driving our success. First, we needed the right structure and the right people. So we streamlined our structure, we strengthened our leadership team in every region, and we worked with a leading sales enablement organization to create formal sales training and processes. As I mentioned at Analyst Day, we now have fully tenured leaders across all five revenue regions, who have built strong teams that are coming together very nicely. The result has been lower attrition, higher productivity, stronger partner alignment and deeper customer relationships.

We committed to becoming more productive and we have done that. We've gone from spending more than 60% of revenue on sales and marketing in 2016, which was one of the highest percentages in our industry, to an estimated 38% to 40% in 2018, which is better than the industry average. The team is now generating more than $2.50 in billings for every $1 invested in sales and marketing, achieving double-digit productivity increases annually. And at the same time, we've seen a significant increase in cross-sell and multi-product adoption in our Enterprise products, which is consistent with our objectives. In fact, over 70% of our Q2 billings were multi-product deals.

Second, we renewed our focus and commitment to our channel partners. We maintained consistent rules of engagement, invested in training and enablement, and we simplified processes and pricing to help partners build a profitable business with FireEye. The results are showing up in the feedback you hear in your channel checks and, more importantly, in our metrics.

As I mentioned earlier, we achieved our target mix of one-third of new sales from partner-led transactions in Q2. We also saw a 33% year-over-year increase in the number of deals registered by partners, representing significant forward pipeline growth. This increase is even more meaningful when you consider that we have worked with our partners to tighten the requirements for deal registration.

The third key initiative driving our success is our simplified go-to-market strategy and revamped pricing model. The changes we introduced in early Q2 are making it easier for customers to expand their deployments of FireEye technology and also make it easier for channel partners to do business with us.

As we outlined at Analyst Day, we simplified our product names from a confusing array of X-named appliances, add-on subscriptions, stand-alone subscriptions and different managed and professional services. We consolidated all of this under descriptive names like Network Security, Email Security, and Endpoint Security, and we've created a hub and spoke model with Helix at the center.

At the same time, we rolled out a new subscription-based pricing model based on capacity. Network Security is priced by throughput capacity, Email Security is priced per mailbox and Endpoint Security is priced per agent. Under this model, customers pay a single subscription price for virtual or cloud-based deployments and appliance hardware is optional.

In addition, for customers with up to 2,000 users, we also rolled out the FireEye Security Suite, which includes all three spokes in a single bundled offering. Now, the simplicity of this model makes it easier for our sales teams to explain our offerings and it makes it possible for partners to handle the entire transaction on their own, something that was difficult before. And it gives customers the flexibility to add capacity as needed and deploy on-premise, in the cloud, or a hybrid of the two.

We officially launched the new modeled RSA three months ago, but already the customer response has exceeded our expectations. The initial feedback from partners has been very positive because it allows them to achieve greater transaction velocity and the pricing is competitive for mid-market customers. Partners can now offer FireEye's best-of-breed detection and protection to their clients on a pure subscription basis, something that they have been asking us for.

Even some of our traditional Enterprise accounts are migrating to the new subscription pricing for incremental capacity. Since the subscription pricing model has been available, we've seen the number of deals in the pipeline grow in double-digits and the dollar volume also increase by double digits. The majority of these transactions are channel-sourced, mid-market deals for customers who have never purchased FireEye products. The new pricing and simplified go-to-market was an important driver of our channel business and new customer adds in Q2, and the growth in channel pipeline of registered deals suggest this trend will continue.

In summary, we've meaningfully transformed the company over the last two years: product, go-to-market, sales structure, leadership and more. It has taken hard work by the FireEye team, but our focus on the fundamentals, on meeting commitments and on building long-term relationships is absolutely paying off.

This, combined with FireEye having a differentiated set of products and services that are resonating with our customers, has allowed us to execute extremely well. We entered the second half of 2018 with a strong pipeline of new business, which gives us confidence to raise our guidance. And by design, we're more diversified in terms of customer size, geography and product offering than ever before.

I am incredibly proud of our sales and marketing organizations, and we're starting to see real leverage and momentum with our customers and partners. And all of this further increases my confidence that we will continue to execute well and meet our commitments in the future.

With that, I'll turn it over to Frank.

Frank E. Verdecanna - FireEye, Inc.

Thanks, Bill. On our last quarterly call, I said that I believe that with our best-in-class products, simplified pricing and packaging, and an energized team, we were on the path to sustain growth and leverage in our financial model. The positive trends of the past few quarters continued in Q2, reinforcing my confidence in the future of FireEye.

At a high level, I saw three key takeaways in our Q2 result. The momentum we are seeing is broad-based as both Bill and Kevin mentioned. From a CFO standpoint, this is exactly what you want to see.

Our mix continues to shift to recurring subscriptions and support, and this has positive long-term implications for our financial model, including increased visibility, potentially higher gross margins, lower customer acquisition costs, and higher customer lifetime value. We continue to see leverage in our operating model as we become more efficient in our operations. I believe our current cost envelope is sufficient to support our billings growth through at least 2018.

Before I review the detailed metrics, let me remind you that I'll be referring to non-GAAP metrics except for revenue. Our non-GAAP measures exclude stock-based compensation, amortization of intangibles, non-cash interest expense on our convertible debt, and other non-recurring items. Also note that our historical financial results and guidance ranges reflect the adoption of ASC 606 as of January 1, 2018.

Total billings of $196 million were above the high end of our guidance range of $180 million to $195 million and up 13% year-over-year. I want to focus first on the growth in the recurring portion of our billings which increased 28% year-over-year and accounted for 82% of our non-services billings.

The shift away from physical appliances to our virtual and cloud-based products was an important driver of this growth. While renewals of subscriptions and support attached to the physical appliances continue to increase, as you would expect, given the expanding pool of customers and a high customer retention raise, we are seeing a growing number of new and renewal customers adopt cloud and virtual appliances as we continue to innovate, especially with our Network and Email Security products.

Our new pricing model makes it easy for customers to deploy our technology in any combination of cloud, virtual, and physical appliances and purchase additional capacity as needed. We've also seen a growing number of customers convert their integrated on-premise appliances to sensors and Cloud MVX, with pricing based on our new subscription model. Although we have relatively small number of data points, the early evidence shows that the ACV increased on the renewal transactions priced under the new model compared to that of the straight renewal of attached subscriptions and support.

The growth in our ARR metric reflects the shift to our subscription-based cloud and virtual appliance solutions. We ended the quarter with approximately $522 million in annual recurring revenue, an increase of $55 million or 12% year-over-year and an increase of $13 million or 3% sequentially.

Demand for our spokes products is increasing as you can see from the growth in our product and related subscription and support billings, which increased 12% year-over-year. The increase reflected new logo customers as well as strong renewals in the company by cross-sell and upsell.

Network Security grew year-over-year for the second consecutive quarter, and on-premise Email also experienced double-digit growth. The new pricing model makes it easy to migrate from on-premise to the cloud and the feedback from our sales team is that this is a key selling point.

Cloud subscriptions and managed services billings increased 26% year-over-year, driven by growth in intel, cloud Email, cloud Endpoint, and Helix. The sequential of decline in cloud subscriptions and managed services was primarily due to seasonality in iSIGHT Threat Intelligence renewals and slightly lower cloud Email billings compared to Q1 as we saw a few large customers expand their on-premise deployment.

I want to emphasize that Email overall had a very strong quarter, but in Q2, the mix shifted in favor of on-premise appliances instead of the cloud. The important point is that we offer customers the flexibility to adopt our technology any way they want. Mandiant services billings also had a very strong quarter, up $12 million sequentially, as we saw a strong demand across all geos.

Overall, we booked 37 transactions greater than $1 million compared to 27 in Q2 of 2017. As we mentioned in last quarter's call, we did close one transaction in Q2 for slightly over $10 million and this was included in our forecast when we guided Q2 billings. By comparison, we had no transactions greater than $10 million in Q2 of 2017 but we did book $10 million-plus transactions in both Q4 2017 and Q1 2018.

The weighted average contract length decreased by one month in Q2 to 27 months from 28 months in Q2 of 2017. The decline is primarily the result of the shift in billings mix to recurring subscriptions and support, which are recognized over the contract term compared to 48 months for appliances.

Our renewal performance continued to be strong, with customer retention at approximately 90%. Our yield on the dollars up for renewal, including upsell, remained above 100%, consistent with historical trends. Revenue in the quarter was $203 million, an increase of 6% year-over-year and at the high end of our guidance range. While every category experienced year-over-year growth, cloud subscriptions and managed services revenue led the way, increasing 6% – 16% year-over-year. This reflected the billings and deferred revenue growth of this category over the past six quarters.

Product and related subscriptions and support increased 3% year over year, and Mandiant professional services revenue increased 5%. Approximately 91% of our non-services revenue was recognized from deferred revenue associated with prior quarter billings.

Our strong performance on the top line was accompanied by continued discipline on the cost and expense lines. On a year-over-year basis, gross margin increased by approximately 1%. As expected, operating expenses declined slightly from Q1. The sequential decline in operating expenses on an absolute dollar basis combined with higher revenue allowed us to achieve positive non-GAAP operating income of $3.5 million or 2% of revenue this quarter. We ended the quarter with 3,060 employees, up slightly from the end of Q1. The increase was driven by increases in a few areas including the Mandiant services business, which continues to operate near capacity.

Turning to the balance sheet and cash flow statement. We continue to maintain a very healthy balance sheet. We ended the quarter with just over $1 billion dollars in cash, reflecting the $600 million convertible note offering we completed in Q2, partially offset by the repurchase of $340 million in principal amount of the 1% notes we issued in 2015.

Overall, this was a great transaction for us. We were able to take advantage of favorable market conditions and replace the bulk of the 1% note with longer term notes at a lower rate of interest. We were also able to offset potential dilution up to a stock price of $34 through a separate capped call transaction.

Under the accounting rules related to the repurchase and retirement of notes, we booked a non-cash GAAP loss on the repurchase even though we were able to buy the notes at a discount. Additionally, you will see a $43.6 million line item in our operating cash flow statement for what is deemed the repayment of previously accreted debt discount which was expensed as non-cash interest in the GAAP financials. This entry had no impact on our actual cash balances or cash flow.

Excluding this item, operating cash flow was negative $700,000, at the better end of our guidance range of negative $15 million to breakeven. If you exclude this non-cash item, we generated approximately $55 million in operating cash flow and positive free cash flow on a rolling four quarter basis. This was the first time in our history we have generated positive free cash flow over a four quarter period, which is an important milestone on our journey.

Just a couple other highlights from the balance sheet. We ended the quarter with receivables of $121 million and DSOs calculated on billings of 56 days, at the low end of our target range of 55 days to 65 days. Ending deferred revenue was approximately $880 million, split 60/40 between current and long-term.

Moving on to our Q3 and updated 2018 guidance. Our strong Q2 performance and our continued confidence in our ability to carry the momentum forward through the second half of the year is reflected in our billings and cash flow guidance for 2018. We are raising our 2018 guidance range for billings by $10 million to $825 million to $845 million, implying roughly 10% year-over-year growth at the midpoint of $835 million.

Our guidance for non-GAAP operating cash flow, which excludes the non-cash items associated with the repurchase and retirement of the 1% convertible notes, increases by $5 million to $55 million to $65 million. We are also increasing our expectations for CapEx by $5 million to $40 million to $45 million. The increase in CapEx reflects an acceleration in our plans to consolidate facilities in several locations which will save us money over the long-term but will result in some CapEx for leasehold improvements in the near term. With the increase in non-GAAP operating cash flow offset by the increase in expected CapEx, the implied free cash flow for 2018 remains unchanged.

In a ratable revenue model like ours, billings performance is spread over a longer period and revenue growth lags billings growth. For revenue, our guidance range remains at $820 million to $830 million, implying growth of 6% at the midpoint. For our operating margin, our guidance range is unchanged at 1% to 2% of revenue.

For the third quarter of 2018, we expect billings in the range of $210 million to $220 million, implying 6% of year-over-year growth at the midpoint. Although we expect a seasonally strong federal quarter, we do not see any greater than $10 million transactions in the pipeline. It is worth noting that the fed business tends to be on-premise, implying a strong quarter for product and related subscriptions and support billings.

We expect revenue in the range of $206 million to $210 million, implying 5% year-over-year growth at the midpoint. Given this revenue range, we expect operating margin between 2.5% and 3.5% and earnings per share of between $0.01 and $0.03 based on fully diluted weighted average share count of approximately 201 million shares.

Our earnings per share guidance reflects cash interest expense of approximately $3.5 million and tax expense of between $1 million and $1.5 million. Given the above billings and cash expenses, we expect to generate operating cash of between $10 million and $20 million. Before I turn the call back over to the operator for your questions, I wanted to make a brief comment on the implied billings growth rate for the second half of the year compared to the first half.

The reported billings growth rate in the first half of 2018 was 17%, implying a second half growth rate of 5% on the midpoint of our 2018 range. After normalizing for timing adjustments made to 2017 billings as a result of ASC 606 and the eight-figure transactions we closed in Q4 2017, Q1 2018, and Q2 2018, billings grew approximately 7% in the first half of the year and the implied growth rate exiting 2018 accelerates to approximately 8% at the midpoint of our guidance range. Since a picture is worth a thousand words, we created a slide in the Appendix section that illustrates the math.

With that final comment, we'll take your questions now. Operator?

Question-and-Answer Session

Operator

And our first question comes from the line of Andrew Nowinski with Piper Jaffray. Your line is now open.

Andrew James Nowinski - Piper Jaffray & Co.

Great. Thanks and congrats on the nice quarter.

Kevin R. Mandia - FireEye, Inc.

Thank you, Andrew.

Andrew James Nowinski - Piper Jaffray & Co.

Question for Kevin. You said your products are still deployed as a secondary solution or as a helper product, yet your growth in new customer increased nicely. Do you think the new go-to-market changes that you made will enable FireEye to start displacing incumbent vendors and become the primary provider?

And then as it relates to that, are you seeing a change in customer behavior where they're starting to understand that they actually need a helper product and that a single solution is not good enough?

Kevin R. Mandia - FireEye, Inc.

Couple things. So you asked a lot there, Andrew. I've always looked at this business as you have multiple layers in security, and security-conscious organizations or as I call them the big do have multiple layers. You used a phrase, helper product. That's because the first layer of defense needed help. And so we were there for that, and that's how FireEye had its meteoric rise in IPO detecting what firewalls missed and detecting what email gateways missed. And we're still doing that. But what we've learned is to go down market to the small and mediums where they don't have a cadre of 75 security professionals. They want it simple. And you have to have a layer one and layer two product, and that's why we're taking Endpoint and moving in at layer one with Endpoint prevention and that's important for Endpoint.

When I look at our Email product, we primarily sit behind email gateways. But we did some inorganic growth there at the end of last year, I believe, and we've got a roadmap to get to the layer one on Email as well. So that's coming because we recognize every company starts niche and you move into adjacencies.

A lot of our adjacencies are white space in layer two, detecting what everybody else misses. But I do believe we open up opportunities for our channel and we open up other markets by moving into layer one. To those buyers, you can only make one purchase on Endpoint or one purchase for Email and we want to get into that space as well.

And regards to changing buying patterns, to me, the impact of a security breach, the liabilities just keep going up and to the right. We have a privileged position here at FireEye that we meet the CEOs of these victim companies. We get in the boardrooms and talk to these companies as they're handling disclosure issues and dealing with these breaches. And I just don't see the liabilities going backwards. And because of those, we are, in my opinion, I said it in my prepared statements, Andrew, I just think we're a vital line of defense. When you detect 6 million spear-phishing emails more behind a gateway, the majority, vast majority of our customers, we're detecting what the other products are missing, and it only takes one arrow to get through to create the problem. So I think we're indispensable to the bigs, and what we have to do to get down to the less-resourced organizations is get in layer one with our product.

Andrew James Nowinski - Piper Jaffray & Co.

Great. Thanks, Kevin. And then just one quick follow-up. You had 75 Helix customers this quarter, which is up nicely from last. Do you think Helix growth will accelerate once you integrate the X15 technology into the product in the back half of the year? Thanks.

Kevin R. Mandia - FireEye, Inc.

Yeah. I like what we're doing there. And I could tell you, I look at it more from a technology standpoint, so you're not going to like my answer. I'm looking at what we've got to do to make it great and we're doing those things. X15 was key to that. We have the security chops. We wanted to add big data chops to the platform, and that's what we're doing. We intend to have a release in Q3 that combines our security expertise with the big data capabilities of X15. And I think from there, what it'll really do is speed up the innovation we can deliver to our customers.

So, bottom line, I just look at it from a technology standpoint. I didn't see we had any alternatives regardless of what our model showed. I wanted to build the tech right and we're doing that.

Andrew James Nowinski - Piper Jaffray & Co.

Thank you.

Operator

Thank you. And our next question comes from the line of Anne Meisner with SIG. Your line is now open.

Anne M. Meisner - Susquehanna Financial Group LLLP

Hi. Thanks for taking my question. First question is for Frank. With the short-term deferred coming in just a bit light of expectations, I wanted to make sure I understood what you said on the subscription billings. I think you mentioned that you saw a shift in buying behavior for the Email product back to appliance. But if you could also clarify what you're seeing on the threat intelligence renewals that I believe you also called out?

Frank E. Verdecanna - FireEye, Inc.

Sure. Just seasonally, in Q1, we had a lot more iSIGHT Intelligence renewals up for renewal in Q1. So we did have a sequential decline there, which did impact the cloud subscriptions and managed services line. But I think if you look at, in general, what we are seeing, the cloud and virtual's adopted more across the overall business, but I think in any one quarter, the large deals could definitely drive the line items one way or the other. And this quarter, we did have some pretty significant greater than $1 million deals that happen to be expansions or on-premise deployments.

Anne M. Meisner - Susquehanna Financial Group LLLP

Okay. Thanks. And then a quick question for Kevin. The FireEye Security Suite for the mid-market, it sounds like you're seeing good early demand there. I'm just curious to know who you might be seeing competitively in that segment of the market as you move down market a bit. And then, when would you expect to see that segment become a more meaningful contributor to the business?

Kevin R. Mandia - FireEye, Inc.

Anne, I'll look to Bill for some standpoint as well. But when I look at the FireEye Suite, there's very few companies, only a handful of companies that have all the components to meet what the Suite can provide. We have an Email Security component, Endpoint Security component, Network Security component. I do believe that it's vital that the best security company in the world needs to bring all that to bear to solve customers' problems, and then you got to bring it all together into a brain or a hub so that you can make sense out of all this.

And then, the question becomes, do you have to hire to it or not hire to it. I look at it as the competitors there, depending on geography, and there's different competitors in different geographies, but you have to have comprehensive product portfolio to compete with us there, so it will be some of the more – bigger companies.

Turning to Bill for some of the color on – there you go – what we're seeing there.

William T. Robbins - FireEye, Inc.

Sure. Well, in that space what we're seeing are primarily the point flares spoke. So if you look at Email, it might be a Mimecast. Certainly in Endpoint, there's a whole cadre of legacy vendors from Symantec, McAfee, Sophos, Kaspersky. You might run into some of the newer ones as well more from an EDR perspective. And in the Network, it's kind of the firewall as you might imagine.

That said, where we saw a nice uptick in interest as we rolled this out was nobody can offer that full bundle and nobody can offer the vision of, if you invest with FireEye even on a point product, you have the opportunity to get a full solution over time, if that's kind of what meets your IT and security needs and your budget and your ability to digest our solution.

So the thing that's really been encouraging, from the customers that we've talked to, as well as from the partners that are giving us feedback, is it gives a differentiated way of going into those customers and solving the solution kind of in a one-stop shop that no one else is really capable of doing.

We saw, as was noted, a nice uptick in new logo growth. And that was driven really from three primarily entry points. One, of course, is services. We'll always have that as an advantage to get new logos through our various services, whether it's IR or it's a more Proactive, Tabletop Exercise, Red Team-ing, that type of thing.

The other one, of course, was HX, and we had talked about our Endpoint solution. We had talked about the investment we've made and the go-to-market changes with our partner community to take that solution down into the commercial space.

The third one, and this is really encouraging for me, is around NX. We saw a significant number of new customers where they leveraged NX as the initiating entry point into a FireEye relationship. And what that tells me is while we're executing extremely well on the refresh opportunity, we're also driving new business and expanding our customer base with NX as well.

Put all those things together and it gives me a lot of encouragement for the second half.

Anne M. Meisner - Susquehanna Financial Group LLLP

That's great color. Thank you very much.

Kevin R. Mandia - FireEye, Inc.

Thank you, Anne.

Operator

Thank you. And our next question comes from the line of Gur Talpaz with Stifel. Your line is now open.

Gur Yehudah Talpaz - Stifel, Nicolaus & Co., Inc.

Great. Thanks for taking my question. So one thing that stood out to me here from a metric standpoint is the quarter-on-quarter growth in ARR, which was about $13 million. If you look at that and if you had to kind of break down what drove that growth, how much of that do you think is sort of better upsell on refresh, that 100%-plus renewal rate you talked about versus new product adoption, more Endpoint, more Email, as you kind of alluded to in the call?

Frank E. Verdecanna - FireEye, Inc.

Hey, Gur. This is Frank. I think what really is driving that is really the new product adoption. The renewal and refresh opportunity has been a contributor, but overall, appliances are still down year over year. What's really driving the growth there is just the addition of the cross-selling and upselling. And one of the key metrics that I think we talked about in the prepared remarks were the – of the 37 greater than $1 million dollar deals, 95% of those purchased more than one product. And even more important, approximately half of those 37 customers purchased four or more products. So I think what you're seeing from a customer standpoint is customers are really latching on to the full platform and buying a lot of the spokes at once and rather than just buying one or two products.

Gur Yehudah Talpaz - Stifel, Nicolaus & Co., Inc.

That's helpful. And then, Kevin, you talked a lot about Office 365 during the call. How do you feel about the broader SaaS security opportunity? And could you see yourself pushing more perhaps into CASB like functionality down the road? It's something you alluded to a fair amount on the call, so I was just curious to get your take there.

Kevin R. Mandia - FireEye, Inc.

So I think we're solving a problem at a time here. When I look at the cloud adoption, people want visibility, what do I have. And then, I think, at least the security operators that I talked to and the folks sitting in the Security Operations Center, they wouldn't mind having one platform that has security events from the cloud and security events from all their offices whether it's on-prem or not in one place. So we're looking to address that. When I look at our Helix platform and our Threat Analytics Platform, we already tie into a lot of the AWS threads and Office 365 logging so that we can answer the questions people have to answer all the time. And as information, data, and apps go to the cloud, we have to as well, the vision being one dashboard and you can stare at it and say, hey, my security program is at this state, and you're not thinking it's my security program off-prem or on-prem. It's the whole darn thing. So we're building to that and we're building using the capabilities that a lot of the infrastructures that service and cloud providers are letting us build into with their APIs.

Gur Yehudah Talpaz - Stifel, Nicolaus & Co., Inc.

That's good color. Thanks, Kevin. Congrats on the quarter.

Kevin R. Mandia - FireEye, Inc.

Thank you.

Operator

Thank you. And our next question comes from the line of Melissa Franchi with Morgan Stanley. Your line is now open.

Melissa Franchi - Morgan Stanley & Co. LLC

Okay. Thanks for taking my question. Frank, I just wanted to dig into the billings guide a little bit. You raised the full year by about $10 million, a little bit ahead of what you beat in Q2. And then if you look at the growth rates on a normalized basis, they're expected to stay relatively stable although the comparables get more difficult. So I'm just wondering if you can maybe talk about a few of the factors that give you confidence in growth sustaining, maybe like the top three key drivers of growth staying at the high single-digit level.

Frank E. Verdecanna - FireEye, Inc.

Sure, Melissa. I think if you look at how the year plays out, one, is we have continued to build strong pipeline for the back half of the year. And so as we sit here today and we look at the pipeline, we generate a lot of significant pipeline. Part of that is driven by the new channel – new enhanced channel engagement that we have. Part of that is the new products and then the new pricing has really helped elevate some sizes of deals because we've actually been able expand capacity and being able to cover a lot more people's network with the new pricing because it's now more cost-efficient for them to actually expand under the subscription-based pricing. So I think the driver is a couple different things. But I think probably the primary driver is just our visibility into the pipeline.

Melissa Franchi - Morgan Stanley & Co. LLC

Okay. Thanks. And then one for you, Kevin. You mentioned in your remarks about an upcoming FireEye application store, I think it was it was called.

Kevin R. Mandia - FireEye, Inc.

Yeah.

Melissa Franchi - Morgan Stanley & Co. LLC

Wondering if you could maybe talk a little bit more about what that opportunity is and then how do you plan on monetizing it? Are you going to charge separately for the customized apps or is it a way to make the whole platform just more sticky?

Kevin R. Mandia - FireEye, Inc.

Yeah. At some point, there will be apps in there that we may charge for, but right now, we've already got – last time I heard and to the best of my recollection, we had over 40 of these things and we're building them internally. We need them. When you build a system like Helix and you have the data open to be analyzed by many different people in different ways for different purposes, I think we have to do this. We may have apps on user behavior analytics, we may have apps on how to go through peak app data faster, whatever it is. And I don't want to nerd out on you too much, but this is just – we know we want to have a community defense. That's been a goal at FireEye for several years now, that in general, if one company is attacked and they're a financial service, for the most part, other financial services are dealing with the same types of issues. And we want those teams to be able to work together, not just in going through data and collecting and responding, but we want to get our app store to get people to work on the platform. And we also want to be able to build some of the comm channels right into the technology over time. People need to be able to share through technology, get expertise and advice through technology, and this is just the beginning of it in the marketplace.

And remember, I've been that guy staring at log files for hours a day and man, would you love to just be able to right-click into tech and say, hey, someone else look at this thing. I could read the manual that's 500 pages long or I can hand this off to a team of experts maybe at another company that have done it. And the marketplace is key to bridging the experts, not just the communication channel and the tech, but the marketplace itself.

And we have customers, by the way, that have already built some things and we're like how do we get this out to our set of customers, the whole broad base of them? So we just want to provide value to everybody. We want to be an open company. We want to have a better interoperability and that marketplace is just a big part of it.

Melissa Franchi - Morgan Stanley & Co. LLC

Got it. Thank you very much.

Operator

Thank you. And our next question comes from the line of Michael Turits with Raymond James. Your line is now open.

Eric Heath - Raymond James & Associates, Inc.

Hi, guys. This is Eric Heath on for Michael. Thanks for taking my question.

Kevin R. Mandia - FireEye, Inc.

Hi, Eric.

Eric Heath - Raymond James & Associates, Inc.

Hey. Now, that we're about three quarters in with the AV feature of Endpoint, could you help frame how much of a driver Endpoint was in the quarter and then what do competitive win rates look like both within Enterprise and then commercial? And then one housekeeping item to follow-up.

Kevin R. Mandia - FireEye, Inc.

Yeah, Frank, you have -

Frank E. Verdecanna - FireEye, Inc.

Yes. Well, Endpoint, one of the things we talked about was really the growth in the quarter was really across all our products. And I think Endpoint was definitely a driver of that. So I do believe adding the Endpoint protection did have an impact. We started seeing that in Q4. We released it basically at the very end of Q3 and we saw an immediate impact in Q4 and that's carried on through 2018. Bill, do you want to -

Eric Heath - Raymond James & Associates, Inc.

Great. And then, you mentioned – how many customers did you mention for the quarter? And then, how has that trended from where it was a year ago? And I heard you mention Endpoint is now $15 million, sounds like it's up from $14 million prior.

Frank E. Verdecanna - FireEye, Inc.

Yeah. Your new customers in total or just Endpoint?

Eric Heath - Raymond James & Associates, Inc.

Endpoint.

Frank E. Verdecanna - FireEye, Inc.

So I think we mentioned 1,100 Endpoint customers in the prepared remarks.

Eric Heath - Raymond James & Associates, Inc.

And a year ago?

Kevin R. Mandia - FireEye, Inc.

Yeah. I don't know.

Frank E. Verdecanna - FireEye, Inc.

Yeah, I don't have that metric. It's been growing nicely, especially if you consider a lot of the work we've done with the channel and the mid-market has been on the Endpoint or Email side.

Kevin R. Mandia - FireEye, Inc.

Yeah, and Eric, I can speak anecdotally. It feels like we've added more of a customer count this quarter than a year ago. I think that getting into Endpoint prevention is becoming table stakes. We have the forensic capability, that's what we originally built our agent for. We still have the Forensic agent that we use to respond hundreds of times behind everybody else's endpoint when it just fails to detect something.

We had to get into Endpoint prevention. We did that first with signature based, but I think MalwareGuard's even better. To not have signatures and have great detection rates is just using modern technology, next-gen technology, over the first generation of Endpoint.

So we still want to be the best in the world at Endpoint Forensics, but certainly, by expanding the capability of our Endpoint into prevention matters for this organization. And we have done it now. We have multiple ways on the Endpoint to detect bad stuff, signature-based from September of last year, which I think did help us a bit. But I think MalwareGuard and machine learning models puts us squarely into even better prevention.

Eric Heath - Raymond James & Associates, Inc.

Great. Thank you.

Operator

Thank you. And our next question comes from the line of Gregg Moskowitz with Cowen and Company. Your line is now open.

Gregg Moskowitz - Cowen and Company

Okay. Thank you very much and good afternoon, guys. I wanted to ask about Mandiant because I think last quarter, you had expected professional services billings to rebound following a decline in Q1, and it did, although it was only up slightly on a year-over-year basis and the commentary around Mandiant was very positive. So, Kevin, I just wanted to get a sense of how you're thinking about services billings over the back half of the year.

Kevin R. Mandia - FireEye, Inc.

So, Gregg, I'll advise you, when you're looking at services companies, don't think billings, think revenue. At the end of the day, there's a lot of things that we do where the billings will trail the delivery of what we're doing, if that makes sense, so – and the mix changes. So I, anyway, look at the revenue and Mandiant's doing well. I mean, they're very busy. We're still at the forefront doing what we want to be the best in the world at. And the billings, to me, moves, but the revenue does, and we went up and to the right in revenue. We had our best quarter ever for Mandiant revenue in Q2. And that's what I watch. So...

Frank E. Verdecanna - FireEye, Inc.

And, Gregg, one of the things on the Mandiant services side, which is newer this year, is we are seeing a lot more of that contribution coming internationally. So we've been investing quite a bit over the last couple of years internationally on the Mandiant side and that's really paying off now.

Kevin R. Mandia - FireEye, Inc.

Some of the biggest service engagements we do, Gregg, we can't bill for them up-front. We got to deliver the work first.

Gregg Moskowitz - Cowen and Company

Right. Okay. Very helpful color. Thanks for that, guys. And then, with respect to GDPR, I know we're still somewhat early in the game.

Kevin R. Mandia - FireEye, Inc.

Yeah.

Gregg Moskowitz - Cowen and Company

Just curious if it's had any discernible impact on activity levels as of yet. Thanks.

Kevin R. Mandia - FireEye, Inc.

Well, our experts just gave us the thumbs up and said all good, so I have to translate that. I don't think I've seen much impact there. We prepped for it. We did a whole bunch of work as a company. I think we've seen one or two inquiries on it. We are thought leaders in it. But I just haven't seen its impact on business other than – meaning, I shouldn't say that. I haven't seen its impact on sales. I've seen its impact on the dialogue we have. Are we, as a company, prepared for it? Yes, we are. Have we done things differently because it came out? Yes, we do. But right now, I just don't think it's impacting sales.

William T. Robbins - FireEye, Inc.

Yes. I think what I could add to that, Kevin, is what we saw, especially for obvious reasons in Europe, but we also saw some of it in other geos that had European operations, but it became a part of the dialogue. And given our kind of thought leadership and expertise around breaches, about how you respond, what the risk profile is, it just simply became a part of every discussion we were having.

It moved us up in terms of who we are talking to. We may have been talking to a C-sell. (00:56:07) We then get brought in to a CFO or to a risk officer. Had a number of board presentations in Europe in Q2 that I don't think we would have had perhaps without the thought of GDPR being on their minds. So while it's very early days, to me, that's a great leading indicator of how our privileged position, in terms of breach response, is ultimately going to pay dividends in terms of the business that we do, both services and product with these customers.

Gregg Moskowitz - Cowen and Company

Very helpful perspective. Thanks very much.

Kevin R. Mandia - FireEye, Inc.

Thank you, Gregg.

Frank E. Verdecanna - FireEye, Inc.

Thanks, Gregg.

Operator

Thank you. And our next question comes from the line of Saket Kalia with Barclays. Your line is now open.

Saket Kalia - Barclays Capital, Inc.

Hi, guys. Thanks for taking my questions here. Maybe for you, Frank. I think you alluded to this in your ACV comments on the call, but just to flesh it out just a little bit more. Could you maybe compare the new pricing model to – I don't want to call it the old one, but the prior one, in terms of how the average deal size looks pound for pound in kind of new versus old, if that makes sense.

Frank E. Verdecanna - FireEye, Inc.

Yes. Saket, we obviously dissected every new deal that we had under the new pricing in the last quarter. And what we've seen so far, but, again, it's still early days and very few data points, but the new pricing has expanded the deal size. And I think the reason for that really is more it gives folks the option to expand deployment in their environment. And so, typical customers that came up for renewal, the ACV went up because of them adding additional capacity.

Saket Kalia - Barclays Capital, Inc.

Got it. Got it. And then maybe for my follow-up for you, Bill, if I may. We mentioned that in the quarter we maybe saw a form factor change. I guess the question for you is, how do you manage the sales force when you have sort of multiple ways to deliver the solution, either from a commission or quota perspective? And I mean, qualitatively, of course. But I guess the different form factors maybe could change, I guess, how you manage a particular sales person. So just curious how you kind of go about it.

William T. Robbins - FireEye, Inc.

Sure. So, first of all, I think it's a distinct advantage for us to be able to offer that flexibility to our customers. Inherent in that, and I think where you're leading to, is that can create an element of complexity, right? It's not just a, hey, here's one choice and here's the price. So you have multiple moving parts.

And what we've been doing, and I talked earlier about how we put a lot of discipline and process and training and enablement into the sales force, one of those things has been around exactly this of really having the discussion with the customer to understand their business objectives, right, to understand some customers had an absolute predilection to embrace the cloud. Others are scared to death of it. Some are somewhere in between, right? Understanding what that customer wants to accomplish, how they're thinking about running their operations, and then understanding again that you can have some differences in how you structure deals, what are their CapEx requirements versus OpEx requirements, being able to have that knowledgeable discussion with that customer early and up-front is actually, I think, improving our win rates. And I talk about kind of the pipeline going up and our ability to execute better and do what we said we were going to do. We're understanding earlier in the sales cycle what it is a customer needs and we're being more of an advisor versus just an order taker.

Now, how that impacts in terms of commissions and that can be a much longer discussion, but we have tried to keep – I mean, the general thought process has been try to keep it as simple as possible for the sales team. I don't want them to have to pull out their HP 12C if they happen to have one and try to figure out how they're going to get paid on any one transaction. I want them first to do what's right by the customer and we built these programs in such a way is that FireEye is going to benefit. Frank just talked about it. We're going to benefit regardless of how that customer transacts with us.

So focus is still on billings. I think we made that clear back at Analyst Day. That's the primary driver in terms of compensation for the rep. But also having it fairly simple so that there aren't a lot of deviations between a cloud form factor, an on-prem form factor. At this stage of our maturity, but that may change over the next year or two as we continue to evolve, but at this stage of our maturity and what we're trying to accomplish, having that level of clarity and simplicity so our sales force knows what they need to do, how they serve the customer first and foremost, and how they get compensated, we have that very well-aligned and very straight forward for all of them. I don't think there is any confusion in the field for how they get paid.

Saket Kalia - Barclays Capital, Inc.

Very helpful. Thanks very much.

Operator

Thank you...

Kate Patterson - FireEye, Inc.

We've time for a couple more questions, please.

Operator

Thank you. And our next question comes from the line of Walter Pritchard with Citi. Your line is now open.

Walter H. Pritchard - Citigroup Global Markets, Inc.

Thanks. I guess for Kevin, on the NX refresh, can you talk about where you are in terms of that process? I know it sort of started last year and has kicked up this year. How long you expect the sort of heightened activity around NX refresh to last?

And then for Frank, I'm wondering you've done a good job this year of seeing some modest growth on relatively flat expenses, relatively flat OpEx. I'm wondering as we think about pace of investment going forward, do you feel like you've reached the level on the top line where things are stable enough that you might uptick your level of spending growth as we look forward beyond obviously you've given the guide for the year? Just curious philosophically how you're thinking about that going forward

Frank E. Verdecanna - FireEye, Inc.

Sure, Walter. The first question, and I'll take it and then Kevin...

Kevin R. Mandia - FireEye, Inc.

Sure.

Frank E. Verdecanna - FireEye, Inc.

...can expand on it. On the refresh opportunity, 2018, it was the larger refresh opportunity than 2017. And as we look forward into 2019, that opportunity only increases. One, we're expanding the network customer base, but two, if you look at just the tenure of some of those appliances, they become a little bit more dated next year and then a little bit more dated the year after. So we think that's going to be a nice tailwind for us over the next few years.

But I think, more importantly, is when you look at these refresh opportunities, is that we're able to add additional products to those refreshes and renewals. And that is really key for us because we continue to get further and further penetrated within those customers. Anything you want to say on that before I talk about the expenses, Kevin?

Kevin R. Mandia - FireEye, Inc.

Yeah. So, Walter, I just – when you first answered, I'm like, well, we're never going to be done with the process. I mean, every time we go into an NX customer, we want to talk about how we've improved NX. It's not in maintenance mode. We keep innovating, too. We keep adding more features. We have a lot of cool ideas for what's coming out next. From NX, hey, if they renew that, maybe they need it in different form factors. What about our Email Security? What about our Endpoint Security? How do we get all this into Helix so you can go from alert to fix seamlessly automating what you can automate and maybe you need Managed Defense behind that so that we're triaging the alerts.

So I just think that, to me, the refresh was always bigger than, hey, let's just go into the NX customers and sell more NX. It was, in reality, NX refresh to me I look at it the same way I'd look at a services customer or an Endpoint customer. We have six ways into a customer: Threat Intel, Endpoint, Email, Network, the whole enchilada, or services. And each one of them allows us to do upsell motions. So the refresh, to me, is really morphing into just good salesmanship with each customer, helping them understand our portfolio and the opportunities that they have to simplify their security spend.

Frank E. Verdecanna - FireEye, Inc.

And Walter, with respect to 2019, our current cost envelope will definitely take us throughout the remainder of the year. I think in 2019, our expectation would be we see some level in increasing costs as billings go up, so does commission. But I think overall, expectation would be that our revenue growth rate in 2019 will outpace our expense growth rate and so we'll see increased leverage and increased profitability.

Walter H. Pritchard - Citigroup Global Markets, Inc.

Great. Thank you.

Operator

Thank you. And our next question comes from the line of Gabriela Borges with Goldman Sachs. Your line is now open.

Gabriela Borges - Goldman Sachs & Co. LLC

Good afternoon. Thanks for taking my question. Either for Kevin or Bill, could you just compare and contrast for us on your Helix conversations with customers, how often is ROI coming up in the discussion, how often is that driving deal closures, and how does that compare to a year ago or three quarters ago, I guess? Thank you.

William T. Robbins - FireEye, Inc.

I'll give my thoughts...

Kevin R. Mandia - FireEye, Inc.

Yeah, go ahead. Sure.

William T. Robbins - FireEye, Inc.

...and Kevin, please add. It comes up frequently in discussion. However, it is ROI in isolation would still be the kind of a secondary topic to risk mitigation and being able to better protect their operations. That's still going to be first and foremost, right? How do I quickly go from alert to fix? How do I make sure that I'm focused on those risks that have the highest potential impact to my organization versus all the noise of all the other risks that might be out there? So risk mitigation, risk management, is still kind of the first tier of the discussion.

ROI becomes a second tier of that discussion, particularly once you get into the procurement cycle and you move maybe from business owners to finance/procurement. Then the ability to say, hey, in addition to the fact that we're able to better protect you by leveraging all the capabilities within Helix, we can also do it in a way that makes your operations more effective and efficient that may reduce the amount of head count that you have to have in your operating center, that reduces the need for you to back fill and hire specialized skills. That discussion then resonates and I've always found in selling, when you can combine business value with financial value, you have a winning solution. And that's where we are with Helix.

Gabriela Borges - Goldman Sachs & Co. LLC

That's great. Thank you. And follow-up for Frank, if I could. It's a quick one. The attach rates of customers on the Helix platform versus those that aren't, do you have that number? Or how are they different?

Frank E. Verdecanna - FireEye, Inc.

We still are seeing the Helix deals incorporate more and more products than non-Helix deals. And so I think that, again, just speaks to the platform and the value people see in being able to tie it all together.

Gabriela Borges - Goldman Sachs & Co. LLC

Thank you.

Frank E. Verdecanna - FireEye, Inc.

Thanks, Gabriela.

Operator

Thank you. And that does conclude today's Q&A session and I'd like to return the call to Mr. Kevin Mandia for any closing remarks.

Kevin R. Mandia - FireEye, Inc.

And I just want to thank everybody for their interest in FireEye. We have returned to growth. We have improved our execution and we continue to innovate. And I look forward to reporting back to you in 90 days. Thank you.

Operator

Ladies and gentlemen, thank you for participating in today's conference. This does conclude the program and you may all disconnect. Everyone, have a great day.

Read more current GOOG analysis and news
View all earnings call transcripts

Recommended For You